grpc1.45.2/third_party/googleapis/google/devtools/cloudbuild/v1/cloudbuild.proto

// Copyright 2021 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

syntax = "proto3";

package google.devtools.cloudbuild.v1;

import "google/api/annotations.proto";
import "google/api/client.proto";
import "google/api/field_behavior.proto";
import "google/api/httpbody.proto";
import "google/api/resource.proto";
import "google/longrunning/operations.proto";
import "google/protobuf/duration.proto";
import "google/protobuf/empty.proto";
import "google/protobuf/field_mask.proto";
import "google/protobuf/timestamp.proto";

option csharp_namespace = "Google.Cloud.CloudBuild.V1";
option go_package = "google.golang.org/genproto/googleapis/devtools/cloudbuild/v1;cloudbuild";
option java_multiple_files = true;
option java_package = "com.google.cloudbuild.v1";
option objc_class_prefix = "GCB";
option ruby_package = "Google::Cloud::Build::V1";
option (google.api.resource_definition) = {
  type: "compute.googleapis.com/Network"
  pattern: "projects/{project}/global/networks/{network}"
};
option (google.api.resource_definition) = {
  type: "iam.googleapis.com/ServiceAccount"
  pattern: "projects/{project}/serviceAccounts/{service_account}"
};
option (google.api.resource_definition) = {
  type: "secretmanager.googleapis.com/Secret"
  pattern: "projects/{project}/secrets/{secret}"
};
option (google.api.resource_definition) = {
  type: "secretmanager.googleapis.com/SecretVersion"
  pattern: "projects/{project}/secrets/{secret}/versions/{version}"
};
option (google.api.resource_definition) = {
  type: "cloudkms.googleapis.com/CryptoKey"
  pattern: "projects/{project}/locations/{location}/keyRings/{keyring}/cryptoKeys/{key}"
};
option (google.api.resource_definition) = {
  type: "pubsub.googleapis.com/Subscription"
  pattern: "projects/{project}/subscriptions/{subscription}"
};
option (google.api.resource_definition) = {
  type: "pubsub.googleapis.com/Topic"
  pattern: "projects/{project}/topics/{topic}"
};

// Creates and manages builds on Google Cloud Platform.
//
// The main concept used by this API is a `Build`, which describes the location
// of the source to build, how to build the source, and where to store the
// built artifacts, if any.
//
// A user can list previously-requested builds or get builds by their ID to
// determine the status of the build.
service CloudBuild {
  option (google.api.default_host) = "cloudbuild.googleapis.com";
  option (google.api.oauth_scopes) =
      "https://www.googleapis.com/auth/cloud-platform";

  // Starts a build with the specified configuration.
  //
  // This method returns a long-running `Operation`, which includes the build
  // ID. Pass the build ID to `GetBuild` to determine the build status (such as
  // `SUCCESS` or `FAILURE`).
  rpc CreateBuild(CreateBuildRequest) returns (google.longrunning.Operation) {
    option (google.api.http) = {
      post: "/v1/projects/{project_id}/builds"
      body: "build"
      additional_bindings {
        post: "/v1/{parent=projects/*/locations/*}/builds"
        body: "build"
      }
    };
    option (google.api.method_signature) = "project_id,build";
    option (google.longrunning.operation_info) = {
      response_type: "Build"
      metadata_type: "BuildOperationMetadata"
    };
  }

  // Returns information about a previously requested build.
  //
  // The `Build` that is returned includes its status (such as `SUCCESS`,
  // `FAILURE`, or `WORKING`), and timing information.
  rpc GetBuild(GetBuildRequest) returns (Build) {
    option (google.api.http) = {
      get: "/v1/projects/{project_id}/builds/{id}"
      additional_bindings { get: "/v1/{name=projects/*/locations/*/builds/*}" }
    };
    option (google.api.method_signature) = "project_id,id";
  }

  // Lists previously requested builds.
  //
  // Previously requested builds may still be in-progress, or may have finished
  // successfully or unsuccessfully.
  rpc ListBuilds(ListBuildsRequest) returns (ListBuildsResponse) {
    option (google.api.http) = {
      get: "/v1/projects/{project_id}/builds"
      additional_bindings { get: "/v1/{parent=projects/*/locations/*}/builds" }
    };
    option (google.api.method_signature) = "project_id,filter";
  }

  // Cancels a build in progress.
  rpc CancelBuild(CancelBuildRequest) returns (Build) {
    option (google.api.http) = {
      post: "/v1/projects/{project_id}/builds/{id}:cancel"
      body: "*"
      additional_bindings {
        post: "/v1/{name=projects/*/locations/*/builds/*}:cancel"
        body: "*"
      }
    };
    option (google.api.method_signature) = "project_id,id";
  }

  // Creates a new build based on the specified build.
  //
  // This method creates a new build using the original build request, which may
  // or may not result in an identical build.
  //
  // For triggered builds:
  //
  // * Triggered builds resolve to a precise revision; therefore a retry of a
  // triggered build will result in a build that uses the same revision.
  //
  // For non-triggered builds that specify `RepoSource`:
  //
  // * If the original build built from the tip of a branch, the retried build
  // will build from the tip of that branch, which may not be the same revision
  // as the original build.
  // * If the original build specified a commit sha or revision ID, the retried
  // build will use the identical source.
  //
  // For builds that specify `StorageSource`:
  //
  // * If the original build pulled source from Google Cloud Storage without
  // specifying the generation of the object, the new build will use the current
  // object, which may be different from the original build source.
  // * If the original build pulled source from Cloud Storage and specified the
  // generation of the object, the new build will attempt to use the same
  // object, which may or may not be available depending on the bucket's
  // lifecycle management settings.
  rpc RetryBuild(RetryBuildRequest) returns (google.longrunning.Operation) {
    option (google.api.http) = {
      post: "/v1/projects/{project_id}/builds/{id}:retry"
      body: "*"
      additional_bindings {
        post: "/v1/{name=projects/*/locations/*/builds/*}:retry"
        body: "*"
      }
    };
    option (google.api.method_signature) = "project_id,id";
    option (google.longrunning.operation_info) = {
      response_type: "Build"
      metadata_type: "BuildOperationMetadata"
    };
  }

  // Creates a new `BuildTrigger`.
  //
  // This API is experimental.
  rpc CreateBuildTrigger(CreateBuildTriggerRequest) returns (BuildTrigger) {
    option (google.api.http) = {
      post: "/v1/projects/{project_id}/triggers"
      body: "trigger"
      additional_bindings {
        post: "/v1/{parent=projects/*/locations/*}/triggers"
        body: "trigger"
      }
    };
    option (google.api.method_signature) = "project_id,trigger";
  }

  // Returns information about a `BuildTrigger`.
  //
  // This API is experimental.
  rpc GetBuildTrigger(GetBuildTriggerRequest) returns (BuildTrigger) {
    option (google.api.http) = {
      get: "/v1/projects/{project_id}/triggers/{trigger_id}"
      additional_bindings {
        get: "/v1/{name=projects/*/locations/*/triggers/*}"
      }
    };
    option (google.api.method_signature) = "project_id,trigger_id";
  }

  // Lists existing `BuildTrigger`s.
  //
  // This API is experimental.
  rpc ListBuildTriggers(ListBuildTriggersRequest)
      returns (ListBuildTriggersResponse) {
    option (google.api.http) = {
      get: "/v1/projects/{project_id}/triggers"
      additional_bindings {
        get: "/v1/{parent=projects/*/locations/*}/triggers"
      }
    };
    option (google.api.method_signature) = "project_id";
  }

  // Deletes a `BuildTrigger` by its project ID and trigger ID.
  //
  // This API is experimental.
  rpc DeleteBuildTrigger(DeleteBuildTriggerRequest)
      returns (google.protobuf.Empty) {
    option (google.api.http) = {
      delete: "/v1/projects/{project_id}/triggers/{trigger_id}"
      additional_bindings {
        delete: "/v1/{name=projects/*/locations/*/triggers/*}"
      }
    };
    option (google.api.method_signature) = "project_id,trigger_id";
  }

  // Updates a `BuildTrigger` by its project ID and trigger ID.
  //
  // This API is experimental.
  rpc UpdateBuildTrigger(UpdateBuildTriggerRequest) returns (BuildTrigger) {
    option (google.api.http) = {
      patch: "/v1/projects/{project_id}/triggers/{trigger_id}"
      body: "trigger"
      additional_bindings {
        patch: "/v1/{trigger.resource_name=projects/*/locations/*/triggers/*}"
        body: "trigger"
      }
    };
    option (google.api.method_signature) = "project_id,trigger_id,trigger";
  }

  // Runs a `BuildTrigger` at a particular source revision.
  rpc RunBuildTrigger(RunBuildTriggerRequest)
      returns (google.longrunning.Operation) {
    option (google.api.http) = {
      post: "/v1/projects/{project_id}/triggers/{trigger_id}:run"
      body: "source"
      additional_bindings {
        post: "/v1/{name=projects/*/locations/*/triggers/*}:run"
        body: "*"
      }
    };
    option (google.api.method_signature) = "project_id,trigger_id,source";
    option (google.longrunning.operation_info) = {
      response_type: "Build"
      metadata_type: "BuildOperationMetadata"
    };
  }

  // ReceiveTriggerWebhook [Experimental] is called when the API receives a
  // webhook request targeted at a specific trigger.
  rpc ReceiveTriggerWebhook(ReceiveTriggerWebhookRequest)
      returns (ReceiveTriggerWebhookResponse) {
    option (google.api.http) = {
      post: "/v1/projects/{project_id}/triggers/{trigger}:webhook"
      body: "body"
      additional_bindings {
        post: "/v1/{name=projects/*/locations/*/triggers/*}:webhook"
        body: "body"
      }
    };
  }

  // Creates a `WorkerPool`.
  rpc CreateWorkerPool(CreateWorkerPoolRequest)
      returns (google.longrunning.Operation) {
    option (google.api.http) = {
      post: "/v1/{parent=projects/*/locations/*}/workerPools"
      body: "worker_pool"
    };
    option (google.api.method_signature) = "parent,worker_pool,worker_pool_id";
    option (google.longrunning.operation_info) = {
      response_type: "WorkerPool"
      metadata_type: "CreateWorkerPoolOperationMetadata"
    };
  }

  // Returns details of a `WorkerPool`.
  rpc GetWorkerPool(GetWorkerPoolRequest) returns (WorkerPool) {
    option (google.api.http) = {
      get: "/v1/{name=projects/*/locations/*/workerPools/*}"
    };
    option (google.api.method_signature) = "name";
  }

  // Deletes a `WorkerPool`.
  rpc DeleteWorkerPool(DeleteWorkerPoolRequest)
      returns (google.longrunning.Operation) {
    option (google.api.http) = {
      delete: "/v1/{name=projects/*/locations/*/workerPools/*}"
    };
    option (google.api.method_signature) = "name";
    option (google.longrunning.operation_info) = {
      response_type: "google.protobuf.Empty"
      metadata_type: "DeleteWorkerPoolOperationMetadata"
    };
  }

  // Updates a `WorkerPool`.
  rpc UpdateWorkerPool(UpdateWorkerPoolRequest)
      returns (google.longrunning.Operation) {
    option (google.api.http) = {
      patch: "/v1/{worker_pool.name=projects/*/locations/*/workerPools/*}"
      body: "worker_pool"
    };
    option (google.api.method_signature) = "worker_pool,update_mask";
    option (google.longrunning.operation_info) = {
      response_type: "WorkerPool"
      metadata_type: "UpdateWorkerPoolOperationMetadata"
    };
  }

  // Lists `WorkerPool`s.
  rpc ListWorkerPools(ListWorkerPoolsRequest)
      returns (ListWorkerPoolsResponse) {
    option (google.api.http) = {
      get: "/v1/{parent=projects/*/locations/*}/workerPools"
    };
    option (google.api.method_signature) = "parent";
  }
}

// Specifies a build to retry.
message RetryBuildRequest {
  // The name of the `Build` to retry.
  // Format: `projects/{project}/locations/{location}/builds/{build}`
  string name = 3 [(google.api.resource_reference) = {
    type: "cloudbuild.googleapis.com/Build"
  }];

  // Required. ID of the project.
  string project_id = 1 [(google.api.field_behavior) = REQUIRED];

  // Required. Build ID of the original build.
  string id = 2 [(google.api.field_behavior) = REQUIRED];
}

// Specifies a build trigger to run and the source to use.
message RunBuildTriggerRequest {
  // The name of the `Trigger` to run.
  // Format: `projects/{project}/locations/{location}/triggers/{trigger}`
  string name = 4 [(google.api.resource_reference) = {
    type: "cloudbuild.googleapis.com/BuildTrigger"
  }];

  // Required. ID of the project.
  string project_id = 1 [(google.api.field_behavior) = REQUIRED];

  // Required. ID of the trigger.
  string trigger_id = 2 [(google.api.field_behavior) = REQUIRED];

  // Source to build against this trigger.
  RepoSource source = 3;
}

// Location of the source in an archive file in Google Cloud Storage.
message StorageSource {
  // Google Cloud Storage bucket containing the source (see
  // [Bucket Name
  // Requirements](https://cloud.google.com/storage/docs/bucket-naming#requirements)).
  string bucket = 1;

  // Google Cloud Storage object containing the source.
  //
  // This object must be a gzipped archive file (`.tar.gz`) containing source to
  // build.
  string object = 2;

  // Google Cloud Storage generation for the object. If the generation is
  // omitted, the latest generation will be used.
  int64 generation = 3;
}

// Location of the source in a Google Cloud Source Repository.
message RepoSource {
  // ID of the project that owns the Cloud Source Repository. If omitted, the
  // project ID requesting the build is assumed.
  string project_id = 1;

  // Name of the Cloud Source Repository.
  string repo_name = 2;

  // A revision within the Cloud Source Repository must be specified in
  // one of these ways.
  oneof revision {
    // Regex matching branches to build.
    //
    // The syntax of the regular expressions accepted is the syntax accepted by
    // RE2 and described at https://github.com/google/re2/wiki/Syntax
    string branch_name = 3;

    // Regex matching tags to build.
    //
    // The syntax of the regular expressions accepted is the syntax accepted by
    // RE2 and described at https://github.com/google/re2/wiki/Syntax
    string tag_name = 4;

    // Explicit commit SHA to build.
    string commit_sha = 5;
  }

  // Directory, relative to the source root, in which to run the build.
  //
  // This must be a relative path. If a step's `dir` is specified and is an
  // absolute path, this value is ignored for that step's execution.
  string dir = 7;

  // Only trigger a build if the revision regex does NOT match the revision
  // regex.
  bool invert_regex = 8;

  // Substitutions to use in a triggered build.
  // Should only be used with RunBuildTrigger
  map<string, string> substitutions = 9;
}

// Location of the source manifest in Google Cloud Storage.
// This feature is in Preview; see description
// [here](https://github.com/GoogleCloudPlatform/cloud-builders/tree/master/gcs-fetcher).
message StorageSourceManifest {
  // Google Cloud Storage bucket containing the source manifest (see [Bucket
  // Name
  // Requirements](https://cloud.google.com/storage/docs/bucket-naming#requirements)).
  string bucket = 1;

  // Google Cloud Storage object containing the source manifest.
  //
  // This object must be a JSON file.
  string object = 2;

  // Google Cloud Storage generation for the object. If the generation is
  // omitted, the latest generation will be used.
  int64 generation = 3;
}

// Location of the source in a supported storage service.
message Source {
  // Location of source.
  oneof source {
    // If provided, get the source from this location in Google Cloud Storage.
    StorageSource storage_source = 2;

    // If provided, get the source from this location in a Cloud Source
    // Repository.
    RepoSource repo_source = 3;

    // If provided, get the source from this manifest in Google Cloud Storage.
    // This feature is in Preview; see description
    // [here](https://github.com/GoogleCloudPlatform/cloud-builders/tree/master/gcs-fetcher).
    StorageSourceManifest storage_source_manifest = 8;
  }
}

// An image built by the pipeline.
message BuiltImage {
  // Name used to push the container image to Google Container Registry, as
  // presented to `docker push`.
  string name = 1;

  // Docker Registry 2.0 digest.
  string digest = 3;

  // Output only. Stores timing information for pushing the specified image.
  TimeSpan push_timing = 4 [(google.api.field_behavior) = OUTPUT_ONLY];
}

// A step in the build pipeline.
message BuildStep {
  // Required. The name of the container image that will run this particular
  // build step.
  //
  // If the image is available in the host's Docker daemon's cache, it
  // will be run directly. If not, the host will attempt to pull the image
  // first, using the builder service account's credentials if necessary.
  //
  // The Docker daemon's cache will already have the latest versions of all of
  // the officially supported build steps
  // ([https://github.com/GoogleCloudPlatform/cloud-builders](https://github.com/GoogleCloudPlatform/cloud-builders)).
  // The Docker daemon will also have cached many of the layers for some popular
  // images, like "ubuntu", "debian", but they will be refreshed at the time you
  // attempt to use them.
  //
  // If you built an image in a previous build step, it will be stored in the
  // host's Docker daemon's cache and is available to use as the name for a
  // later build step.
  string name = 1;

  // A list of environment variable definitions to be used when running a step.
  //
  // The elements are of the form "KEY=VALUE" for the environment variable "KEY"
  // being given the value "VALUE".
  repeated string env = 2;

  // A list of arguments that will be presented to the step when it is started.
  //
  // If the image used to run the step's container has an entrypoint, the `args`
  // are used as arguments to that entrypoint. If the image does not define
  // an entrypoint, the first element in args is used as the entrypoint,
  // and the remainder will be used as arguments.
  repeated string args = 3;

  // Working directory to use when running this step's container.
  //
  // If this value is a relative path, it is relative to the build's working
  // directory. If this value is absolute, it may be outside the build's working
  // directory, in which case the contents of the path may not be persisted
  // across build step executions, unless a `volume` for that path is specified.
  //
  // If the build specifies a `RepoSource` with `dir` and a step with a `dir`,
  // which specifies an absolute path, the `RepoSource` `dir` is ignored for
  // the step's execution.
  string dir = 4;

  // Unique identifier for this build step, used in `wait_for` to
  // reference this build step as a dependency.
  string id = 5;

  // The ID(s) of the step(s) that this build step depends on.
  // This build step will not start until all the build steps in `wait_for`
  // have completed successfully. If `wait_for` is empty, this build step will
  // start when all previous build steps in the `Build.Steps` list have
  // completed successfully.
  repeated string wait_for = 6;

  // Entrypoint to be used instead of the build step image's default entrypoint.
  // If unset, the image's default entrypoint is used.
  string entrypoint = 7;

  // A list of environment variables which are encrypted using a Cloud Key
  // Management Service crypto key. These values must be specified in the
  // build's `Secret`.
  repeated string secret_env = 8;

  // List of volumes to mount into the build step.
  //
  // Each volume is created as an empty volume prior to execution of the
  // build step. Upon completion of the build, volumes and their contents are
  // discarded.
  //
  // Using a named volume in only one step is not valid as it is indicative
  // of a build request with an incorrect configuration.
  repeated Volume volumes = 9;

  // Output only. Stores timing information for executing this build step.
  TimeSpan timing = 10 [(google.api.field_behavior) = OUTPUT_ONLY];

  // Output only. Stores timing information for pulling this build step's
  // builder image only.
  TimeSpan pull_timing = 13 [(google.api.field_behavior) = OUTPUT_ONLY];

  // Time limit for executing this build step. If not defined, the step has no
  // time limit and will be allowed to continue to run until either it completes
  // or the build itself times out.
  google.protobuf.Duration timeout = 11;

  // Output only. Status of the build step. At this time, build step status is
  // only updated on build completion; step status is not updated in real-time
  // as the build progresses.
  Build.Status status = 12 [(google.api.field_behavior) = OUTPUT_ONLY];
}

// Volume describes a Docker container volume which is mounted into build steps
// in order to persist files across build step execution.
message Volume {
  // Name of the volume to mount.
  //
  // Volume names must be unique per build step and must be valid names for
  // Docker volumes. Each named volume must be used by at least two build steps.
  string name = 1;

  // Path at which to mount the volume.
  //
  // Paths must be absolute and cannot conflict with other volume paths on the
  // same build step or with certain reserved volume paths.
  string path = 2;
}

// Artifacts created by the build pipeline.
message Results {
  // Container images that were built as a part of the build.
  repeated BuiltImage images = 2;

  // List of build step digests, in the order corresponding to build step
  // indices.
  repeated string build_step_images = 3;

  // Path to the artifact manifest. Only populated when artifacts are uploaded.
  string artifact_manifest = 4;

  // Number of artifacts uploaded. Only populated when artifacts are uploaded.
  int64 num_artifacts = 5;

  // List of build step outputs, produced by builder images, in the order
  // corresponding to build step indices.
  //
  // [Cloud Builders](https://cloud.google.com/cloud-build/docs/cloud-builders)
  // can produce this output by writing to `$BUILDER_OUTPUT/output`.
  // Only the first 4KB of data is stored.
  repeated bytes build_step_outputs = 6;

  // Time to push all non-container artifacts.
  TimeSpan artifact_timing = 7;
}

// An artifact that was uploaded during a build. This
// is a single record in the artifact manifest JSON file.
message ArtifactResult {
  // The path of an artifact in a Google Cloud Storage bucket, with the
  // generation number. For example,
  // `gs://mybucket/path/to/output.jar#generation`.
  string location = 1;

  // The file hash of the artifact.
  repeated FileHashes file_hash = 2;
}

// A build resource in the Cloud Build API.
//
// At a high level, a `Build` describes where to find source code, how to build
// it (for example, the builder image to run on the source), and where to store
// the built artifacts.
//
// Fields can include the following variables, which will be expanded when the
// build is created:
//
// - $PROJECT_ID: the project ID of the build.
// - $PROJECT_NUMBER: the project number of the build.
// - $BUILD_ID: the autogenerated ID of the build.
// - $REPO_NAME: the source repository name specified by RepoSource.
// - $BRANCH_NAME: the branch name specified by RepoSource.
// - $TAG_NAME: the tag name specified by RepoSource.
// - $REVISION_ID or $COMMIT_SHA: the commit SHA specified by RepoSource or
//   resolved from the specified branch or tag.
// - $SHORT_SHA: first 7 characters of $REVISION_ID or $COMMIT_SHA.
message Build {
  option (google.api.resource) = {
    type: "cloudbuild.googleapis.com/Build"
    pattern: "projects/{project}/builds/{build}"
    pattern: "projects/{project}/locations/{location}/builds/{build}"
  };

  // A non-fatal problem encountered during the execution of the build.
  message Warning {
    // The relative importance of this warning.
    enum Priority {
      // Should not be used.
      PRIORITY_UNSPECIFIED = 0;

      // e.g. deprecation warnings and alternative feature highlights.
      INFO = 1;

      // e.g. automated detection of possible issues with the build.
      WARNING = 2;

      // e.g. alerts that a feature used in the build is pending removal
      ALERT = 3;
    }

    // Explanation of the warning generated.
    string text = 1;

    // The priority for this warning.
    Priority priority = 2;
  }

  // A fatal problem encountered during the execution of the build.
  message FailureInfo {
    // The name of a fatal problem encountered during the execution of the
    // build.
    enum FailureType {
      // Type unspecified
      FAILURE_TYPE_UNSPECIFIED = 0;

      // Unable to push the image to the repository.
      PUSH_FAILED = 1;

      // Final image not found.
      PUSH_IMAGE_NOT_FOUND = 2;

      // Unauthorized push of the final image.
      PUSH_NOT_AUTHORIZED = 3;

      // Backend logging failures. Should retry.
      LOGGING_FAILURE = 4;

      // A build step has failed.
      USER_BUILD_STEP = 5;

      // The source fetching has failed.
      FETCH_SOURCE_FAILED = 6;
    }

    // The name of the failure.
    FailureType type = 1;

    // Explains the failure issue in more detail using hard-coded text.
    string detail = 2;
  }

  // Possible status of a build or build step.
  enum Status {
    // Status of the build is unknown.
    STATUS_UNKNOWN = 0;

    // Build or step is queued; work has not yet begun.
    QUEUED = 1;

    // Build or step is being executed.
    WORKING = 2;

    // Build or step finished successfully.
    SUCCESS = 3;

    // Build or step failed to complete successfully.
    FAILURE = 4;

    // Build or step failed due to an internal cause.
    INTERNAL_ERROR = 5;

    // Build or step took longer than was allowed.
    TIMEOUT = 6;

    // Build or step was canceled by a user.
    CANCELLED = 7;

    // Build was enqueued for longer than the value of `queue_ttl`.
    EXPIRED = 9;
  }

  // Output only. The 'Build' name with format:
  // `projects/{project}/locations/{location}/builds/{build}`, where {build}
  // is a unique identifier generated by the service.
  string name = 45 [(google.api.field_behavior) = OUTPUT_ONLY];

  // Output only. Unique identifier of the build.
  string id = 1 [(google.api.field_behavior) = OUTPUT_ONLY];

  // Output only. ID of the project.
  string project_id = 16 [(google.api.field_behavior) = OUTPUT_ONLY];

  // Output only. Status of the build.
  Status status = 2 [(google.api.field_behavior) = OUTPUT_ONLY];

  // Output only. Customer-readable message about the current status.
  string status_detail = 24 [(google.api.field_behavior) = OUTPUT_ONLY];

  // The location of the source files to build.
  Source source = 3;

  // Required. The operations to be performed on the workspace.
  repeated BuildStep steps = 11;

  // Output only. Results of the build.
  Results results = 10 [(google.api.field_behavior) = OUTPUT_ONLY];

  // Output only. Time at which the request to create the build was received.
  google.protobuf.Timestamp create_time = 6
      [(google.api.field_behavior) = OUTPUT_ONLY];

  // Output only. Time at which execution of the build was started.
  google.protobuf.Timestamp start_time = 7
      [(google.api.field_behavior) = OUTPUT_ONLY];

  // Output only. Time at which execution of the build was finished.
  //
  // The difference between finish_time and start_time is the duration of the
  // build's execution.
  google.protobuf.Timestamp finish_time = 8
      [(google.api.field_behavior) = OUTPUT_ONLY];

  // Amount of time that this build should be allowed to run, to second
  // granularity. If this amount of time elapses, work on the build will cease
  // and the build status will be `TIMEOUT`.
  //
  // `timeout` starts ticking from `startTime`.
  //
  // Default time is ten minutes.
  google.protobuf.Duration timeout = 12;

  // A list of images to be pushed upon the successful completion of all build
  // steps.
  //
  // The images are pushed using the builder service account's credentials.
  //
  // The digests of the pushed images will be stored in the `Build` resource's
  // results field.
  //
  // If any of the images fail to be pushed, the build status is marked
  // `FAILURE`.
  repeated string images = 13;

  // TTL in queue for this build. If provided and the build is enqueued longer
  // than this value, the build will expire and the build status will be
  // `EXPIRED`.
  //
  // The TTL starts ticking from create_time.
  google.protobuf.Duration queue_ttl = 40;

  // Artifacts produced by the build that should be uploaded upon
  // successful completion of all build steps.
  Artifacts artifacts = 37;

  // Google Cloud Storage bucket where logs should be written (see
  // [Bucket Name
  // Requirements](https://cloud.google.com/storage/docs/bucket-naming#requirements)).
  // Logs file names will be of the format `${logs_bucket}/log-${build_id}.txt`.
  string logs_bucket = 19;

  // Output only. A permanent fixed identifier for source.
  SourceProvenance source_provenance = 21
      [(google.api.field_behavior) = OUTPUT_ONLY];

  // Output only. The ID of the `BuildTrigger` that triggered this build, if it
  // was triggered automatically.
  string build_trigger_id = 22 [(google.api.field_behavior) = OUTPUT_ONLY];

  // Special options for this build.
  BuildOptions options = 23;

  // Output only. URL to logs for this build in Google Cloud Console.
  string log_url = 25 [(google.api.field_behavior) = OUTPUT_ONLY];

  // Substitutions data for `Build` resource.
  map<string, string> substitutions = 29;

  // Tags for annotation of a `Build`. These are not docker tags.
  repeated string tags = 31;

  // Secrets to decrypt using Cloud Key Management Service.
  // Note: Secret Manager is the recommended technique
  // for managing sensitive data with Cloud Build. Use `available_secrets` to
  // configure builds to access secrets from Secret Manager. For instructions,
  // see: https://cloud.google.com/cloud-build/docs/securing-builds/use-secrets
  repeated Secret secrets = 32;

  // Output only. Stores timing information for phases of the build. Valid keys
  // are:
  //
  // * BUILD: time to execute all build steps.
  // * PUSH: time to push all specified images.
  // * FETCHSOURCE: time to fetch source.
  // * SETUPBUILD: time to set up build.
  //
  // If the build does not specify source or images,
  // these keys will not be included.
  map<string, TimeSpan> timing = 33 [(google.api.field_behavior) = OUTPUT_ONLY];

  // IAM service account whose credentials will be used at build runtime.
  // Must be of the format `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.
  // ACCOUNT can be email address or uniqueId of the service account.
  //
  string service_account = 42 [(google.api.resource_reference) = {
    type: "iam.googleapis.com/ServiceAccount"
  }];

  // Secrets and secret environment variables.
  Secrets available_secrets = 47;

  // Output only. Non-fatal problems encountered during the execution of the
  // build.
  repeated Warning warnings = 49 [(google.api.field_behavior) = OUTPUT_ONLY];

  // Output only. Contains information about the build when status=FAILURE.
  FailureInfo failure_info = 51 [(google.api.field_behavior) = OUTPUT_ONLY];
}

// Artifacts produced by a build that should be uploaded upon
// successful completion of all build steps.
message Artifacts {
  // Files in the workspace to upload to Cloud Storage upon successful
  // completion of all build steps.
  message ArtifactObjects {
    // Cloud Storage bucket and optional object path, in the form
    // "gs://bucket/path/to/somewhere/". (see [Bucket Name
    // Requirements](https://cloud.google.com/storage/docs/bucket-naming#requirements)).
    //
    // Files in the workspace matching any path pattern will be uploaded to
    // Cloud Storage with this location as a prefix.
    string location = 1;

    // Path globs used to match files in the build's workspace.
    repeated string paths = 2;

    // Output only. Stores timing information for pushing all artifact objects.
    TimeSpan timing = 3 [(google.api.field_behavior) = OUTPUT_ONLY];
  }

  // A list of images to be pushed upon the successful completion of all build
  // steps.
  //
  // The images will be pushed using the builder service account's credentials.
  //
  // The digests of the pushed images will be stored in the Build resource's
  // results field.
  //
  // If any of the images fail to be pushed, the build is marked FAILURE.
  repeated string images = 1;

  // A list of objects to be uploaded to Cloud Storage upon successful
  // completion of all build steps.
  //
  // Files in the workspace matching specified paths globs will be uploaded to
  // the specified Cloud Storage location using the builder service account's
  // credentials.
  //
  // The location and generation of the uploaded objects will be stored in the
  // Build resource's results field.
  //
  // If any objects fail to be pushed, the build is marked FAILURE.
  ArtifactObjects objects = 2;
}

// Start and end times for a build execution phase.
message TimeSpan {
  // Start of time span.
  google.protobuf.Timestamp start_time = 1;

  // End of time span.
  google.protobuf.Timestamp end_time = 2;
}

// Metadata for build operations.
message BuildOperationMetadata {
  // The build that the operation is tracking.
  Build build = 1;
}

// Provenance of the source. Ways to find the original source, or verify that
// some source was used for this build.
message SourceProvenance {
  // A copy of the build's `source.storage_source`, if exists, with any
  // generations resolved.
  StorageSource resolved_storage_source = 3;

  // A copy of the build's `source.repo_source`, if exists, with any
  // revisions resolved.
  RepoSource resolved_repo_source = 6;

  // A copy of the build's `source.storage_source_manifest`, if exists, with any
  // revisions resolved.
  // This feature is in Preview.
  StorageSourceManifest resolved_storage_source_manifest = 9;

  // Output only. Hash(es) of the build source, which can be used to verify that
  // the original source integrity was maintained in the build. Note that
  // `FileHashes` will only be populated if `BuildOptions` has requested a
  // `SourceProvenanceHash`.
  //
  // The keys to this map are file paths used as build source and the values
  // contain the hash values for those files.
  //
  // If the build source came in a single package such as a gzipped tarfile
  // (`.tar.gz`), the `FileHash` will be for the single path to that file.
  map<string, FileHashes> file_hashes = 4
      [(google.api.field_behavior) = OUTPUT_ONLY];
}

// Container message for hashes of byte content of files, used in
// SourceProvenance messages to verify integrity of source input to the build.
message FileHashes {
  // Collection of file hashes.
  repeated Hash file_hash = 1;
}

// Container message for hash values.
message Hash {
  // Specifies the hash algorithm, if any.
  enum HashType {
    // No hash requested.
    NONE = 0;

    // Use a sha256 hash.
    SHA256 = 1;

    // Use a md5 hash.
    MD5 = 2;
  }

  // The type of hash that was performed.
  HashType type = 1;

  // The hash value.
  bytes value = 2;
}

// Secrets and secret environment variables.
message Secrets {
  // Secrets in Secret Manager and associated secret environment variable.
  repeated SecretManagerSecret secret_manager = 1;

  // Secrets encrypted with KMS key and the associated secret environment
  // variable.
  repeated InlineSecret inline = 2;
}

// Pairs a set of secret environment variables mapped to encrypted
// values with the Cloud KMS key to use to decrypt the value.
message InlineSecret {
  // Resource name of Cloud KMS crypto key to decrypt the encrypted value.
  // In format: projects/*/locations/*/keyRings/*/cryptoKeys/*
  string kms_key_name = 1 [(google.api.resource_reference) = {
    type: "cloudkms.googleapis.com/CryptoKey"
  }];

  // Map of environment variable name to its encrypted value.
  //
  // Secret environment variables must be unique across all of a build's
  // secrets, and must be used by at least one build step. Values can be at most
  // 64 KB in size. There can be at most 100 secret values across all of a
  // build's secrets.
  map<string, bytes> env_map = 2;
}

// Pairs a secret environment variable with a SecretVersion in Secret Manager.
message SecretManagerSecret {
  // Resource name of the SecretVersion. In format:
  // projects/*/secrets/*/versions/*
  string version_name = 1 [(google.api.resource_reference) = {
    type: "secretmanager.googleapis.com/SecretVersion"
  }];

  // Environment variable name to associate with the secret.
  // Secret environment variables must be unique across all of a build's
  // secrets, and must be used by at least one build step.
  string env = 2;
}

// Pairs a set of secret environment variables containing encrypted
// values with the Cloud KMS key to use to decrypt the value.
// Note: Use `kmsKeyName` with  `available_secrets` instead of using
// `kmsKeyName` with `secret`. For instructions see:
// https://cloud.google.com/cloud-build/docs/securing-builds/use-encrypted-credentials.
message Secret {
  // Cloud KMS key name to use to decrypt these envs.
  string kms_key_name = 1;

  // Map of environment variable name to its encrypted value.
  //
  // Secret environment variables must be unique across all of a build's
  // secrets, and must be used by at least one build step. Values can be at most
  // 64 KB in size. There can be at most 100 secret values across all of a
  // build's secrets.
  map<string, bytes> secret_env = 3;
}

// Request to create a new build.
message CreateBuildRequest {
  // The parent resource where this build will be created.
  // Format: `projects/{project}/locations/{location}`
  string parent = 4 [(google.api.resource_reference) = {
    child_type: "cloudbuild.googleapis.com/Build"
  }];

  // Required. ID of the project.
  string project_id = 1 [(google.api.field_behavior) = REQUIRED];

  // Required. Build resource to create.
  Build build = 2 [(google.api.field_behavior) = REQUIRED];
}

// Request to get a build.
message GetBuildRequest {
  // The name of the `Build` to retrieve.
  // Format: `projects/{project}/locations/{location}/builds/{build}`
  string name = 4 [(google.api.resource_reference) = {
    type: "cloudbuild.googleapis.com/Build"
  }];

  // Required. ID of the project.
  string project_id = 1 [(google.api.field_behavior) = REQUIRED];

  // Required. ID of the build.
  string id = 2 [(google.api.field_behavior) = REQUIRED];
}

// Request to list builds.
message ListBuildsRequest {
  // The parent of the collection of `Builds`.
  // Format: `projects/{project}/locations/location`
  string parent = 9 [(google.api.resource_reference) = {
    child_type: "cloudbuild.googleapis.com/Build"
  }];

  // Required. ID of the project.
  string project_id = 1 [(google.api.field_behavior) = REQUIRED];

  // Number of results to return in the list.
  int32 page_size = 2;

  // The page token for the next page of Builds.
  //
  // If unspecified, the first page of results is returned.
  //
  // If the token is rejected for any reason, INVALID_ARGUMENT will be thrown.
  // In this case, the token should be discarded, and pagination should be
  // restarted from the first page of results.
  //
  // See https://google.aip.dev/158 for more.
  string page_token = 3;

  // The raw filter text to constrain the results.
  string filter = 8;
}

// Response including listed builds.
message ListBuildsResponse {
  // Builds will be sorted by `create_time`, descending.
  repeated Build builds = 1;

  // Token to receive the next page of results.
  // This will be absent if the end of the response list has been reached.
  string next_page_token = 2;
}

// Request to cancel an ongoing build.
message CancelBuildRequest {
  // The name of the `Build` to cancel.
  // Format: `projects/{project}/locations/{location}/builds/{build}`
  string name = 4 [(google.api.resource_reference) = {
    type: "cloudbuild.googleapis.com/Build"
  }];

  // Required. ID of the project.
  string project_id = 1 [(google.api.field_behavior) = REQUIRED];

  // Required. ID of the build.
  string id = 2 [(google.api.field_behavior) = REQUIRED];
}

// Configuration for an automated build in response to source repository
// changes.
message BuildTrigger {
  option (google.api.resource) = {
    type: "cloudbuild.googleapis.com/BuildTrigger"
    plural: "triggers"
    singular: "trigger"
    pattern: "projects/{project}/triggers/{trigger}"
    pattern: "projects/{project}/locations/{location}/triggers/{trigger}"
  };

  // The `Trigger` name with format:
  // `projects/{project}/locations/{location}/triggers/{trigger}`, where
  // {trigger} is a unique identifier generated by the service.
  string resource_name = 34;

  // Output only. Unique identifier of the trigger.
  string id = 1 [(google.api.field_behavior) = OUTPUT_ONLY];

  // Human-readable description of this trigger.
  string description = 10;

  // User-assigned name of the trigger. Must be unique within the project.
  // Trigger names must meet the following requirements:
  //
  // + They must contain only alphanumeric characters and dashes.
  // + They can be 1-64 characters long.
  // + They must begin and end with an alphanumeric character.
  string name = 21;

  // Tags for annotation of a `BuildTrigger`
  repeated string tags = 19;

  // Template describing the types of source changes to trigger a build.
  //
  // Branch and tag names in trigger templates are interpreted as regular
  // expressions. Any branch or tag change that matches that regular expression
  // will trigger a build.
  //
  // Mutually exclusive with `github`.
  RepoSource trigger_template = 7;

  // GitHubEventsConfig describes the configuration of a trigger that creates
  // a build whenever a GitHub event is received.
  //
  // Mutually exclusive with `trigger_template`.
  GitHubEventsConfig github = 13;

  // PubsubConfig describes the configuration of a trigger that
  // creates a build whenever a Pub/Sub message is published.
  PubsubConfig pubsub_config = 29;

  // WebhookConfig describes the configuration of a trigger that
  // creates a build whenever a webhook is sent to a trigger's webhook URL.
  WebhookConfig webhook_config = 31;

  // Template describing the Build request to make when the trigger is matched.
  oneof build_template {
    // Autodetect build configuration.  The following precedence is used (case
    // insensitive):
    //
    // 1. cloudbuild.yaml
    // 2. cloudbuild.yml
    // 3. cloudbuild.json
    // 4. Dockerfile
    //
    // Currently only available for GitHub App Triggers.
    bool autodetect = 18;

    // Contents of the build template.
    Build build = 4;

    // Path, from the source root, to the build configuration file
    // (i.e. cloudbuild.yaml).
    string filename = 8;
  }

  // Output only. Time when the trigger was created.
  google.protobuf.Timestamp create_time = 5
      [(google.api.field_behavior) = OUTPUT_ONLY];

  // If true, the trigger will never automatically execute a build.
  bool disabled = 9;

  // Substitutions for Build resource. The keys must match the following
  // regular expression: `^_[A-Z0-9_]+$`.
  map<string, string> substitutions = 11;

  // ignored_files and included_files are file glob matches using
  // https://golang.org/pkg/path/filepath/#Match extended with support for "**".
  //
  // If ignored_files and changed files are both empty, then they are
  // not used to determine whether or not to trigger a build.
  //
  // If ignored_files is not empty, then we ignore any files that match
  // any of the ignored_file globs. If the change has no files that are
  // outside of the ignored_files globs, then we do not trigger a build.
  repeated string ignored_files = 15;

  // If any of the files altered in the commit pass the ignored_files
  // filter and included_files is empty, then as far as this filter is
  // concerned, we should trigger the build.
  //
  // If any of the files altered in the commit pass the ignored_files
  // filter and included_files is not empty, then we make sure that at
  // least one of those files matches a included_files glob. If not,
  // then we do not trigger a build.
  repeated string included_files = 16;

  // Optional. A Common Expression Language string.
  string filter = 30 [(google.api.field_behavior) = OPTIONAL];
}

// GitHubEventsConfig describes the configuration of a trigger that creates a
// build whenever a GitHub event is received.
//
// This message is experimental.
message GitHubEventsConfig {
  // The installationID that emits the GitHub event.
  int64 installation_id = 1 [deprecated = true];

  // Owner of the repository. For example: The owner for
  // https://github.com/googlecloudplatform/cloud-builders is
  // "googlecloudplatform".
  string owner = 6;

  // Name of the repository. For example: The name for
  // https://github.com/googlecloudplatform/cloud-builders is "cloud-builders".
  string name = 7;

  // Filter describing the types of events to trigger a build.
  // Currently supported event types: push, pull_request.
  oneof event {
    // filter to match changes in pull requests.
    PullRequestFilter pull_request = 4;

    // filter to match changes in refs like branches, tags.
    PushFilter push = 5;
  }
}

// PubsubConfig describes the configuration of a trigger that
// creates a build whenever a Pub/Sub message is published.
message PubsubConfig {
  // Enumerates potential issues with the underlying Pub/Sub subscription
  // configuration.
  enum State {
    // The subscription configuration has not been checked.
    STATE_UNSPECIFIED = 0;

    // The Pub/Sub subscription is properly configured.
    OK = 1;

    // The subscription has been deleted.
    SUBSCRIPTION_DELETED = 2;

    // The topic has been deleted.
    TOPIC_DELETED = 3;

    // Some of the subscription's field are misconfigured.
    SUBSCRIPTION_MISCONFIGURED = 4;
  }

  // Output only. Name of the subscription. Format is
  // `projects/{project}/subscriptions/{subscription}`.
  string subscription = 1 [
    (google.api.field_behavior) = OUTPUT_ONLY,
    (google.api.resource_reference) = {
      type: "pubsub.googleapis.com/Subscription"
    }
  ];

  // The name of the topic from which this subscription is receiving messages.
  // Format is `projects/{project}/topics/{topic}`.
  string topic = 2 [
    (google.api.resource_reference) = { type: "pubsub.googleapis.com/Topic" }
  ];

  // Service account that will make the push request.
  string service_account_email = 3 [(google.api.resource_reference) = {
    type: "iam.googleapis.com/ServiceAccount"
  }];

  // Potential issues with the underlying Pub/Sub subscription configuration.
  // Only populated on get requests.
  State state = 4;
}

// WebhookConfig describes the configuration of a trigger that
// creates a build whenever a webhook is sent to a trigger's webhook URL.
message WebhookConfig {
  // Enumerates potential issues with the Secret Manager secret provided by the
  // user.
  enum State {
    // The webhook auth configuration not been checked.
    STATE_UNSPECIFIED = 0;

    // The auth configuration is properly setup.
    OK = 1;

    // The secret provided in auth_method has been deleted.
    SECRET_DELETED = 2;
  }

  // Auth method specifies how the webhook authenticates with GCP.
  oneof auth_method {
    // Required. Resource name for the secret required as a URL parameter.
    string secret = 3 [
      (google.api.field_behavior) = REQUIRED,
      (google.api.resource_reference) = {
        type: "secretmanager.googleapis.com/SecretVersion"
      }
    ];
  }

  // Potential issues with the underlying Pub/Sub subscription configuration.
  // Only populated on get requests.
  State state = 4;
}

// PullRequestFilter contains filter properties for matching GitHub Pull
// Requests.
message PullRequestFilter {
  // Controls behavior of Pull Request comments.
  enum CommentControl {
    // Do not require comments on Pull Requests before builds are triggered.
    COMMENTS_DISABLED = 0;

    // Enforce that repository owners or collaborators must comment on Pull
    // Requests before builds are triggered.
    COMMENTS_ENABLED = 1;

    // Enforce that repository owners or collaborators must comment on external
    // contributors' Pull Requests before builds are triggered.
    COMMENTS_ENABLED_FOR_EXTERNAL_CONTRIBUTORS_ONLY = 2;
  }

  // Target refs to match.
  // A target ref is the git reference where the pull request will be applied.
  oneof git_ref {
    // Regex of branches to match.
    //
    // The syntax of the regular expressions accepted is the syntax accepted by
    // RE2 and described at https://github.com/google/re2/wiki/Syntax
    string branch = 2;
  }

  // Configure builds to run whether a repository owner or collaborator need to
  // comment `/gcbrun`.
  CommentControl comment_control = 5;

  // If true, branches that do NOT match the git_ref will trigger a build.
  bool invert_regex = 6;
}

// Push contains filter properties for matching GitHub git pushes.
message PushFilter {
  // Modified refs to match.
  // A modified refs are the refs modified by a git push operation.
  oneof git_ref {
    // Regexes matching branches to build.
    //
    // The syntax of the regular expressions accepted is the syntax accepted by
    // RE2 and described at https://github.com/google/re2/wiki/Syntax
    string branch = 2;

    // Regexes matching tags to build.
    //
    // The syntax of the regular expressions accepted is the syntax accepted by
    // RE2 and described at https://github.com/google/re2/wiki/Syntax
    string tag = 3;
  }

  // When true, only trigger a build if the revision regex does NOT match the
  // git_ref regex.
  bool invert_regex = 4;
}

// Request to create a new `BuildTrigger`.
message CreateBuildTriggerRequest {
  // The parent resource where this trigger will be created.
  // Format: `projects/{project}/locations/{location}`
  string parent = 3 [(google.api.resource_reference) = {
    child_type: "cloudbuild.googleapis.com/BuildTrigger"
  }];

  // Required. ID of the project for which to configure automatic builds.
  string project_id = 1 [(google.api.field_behavior) = REQUIRED];

  // Required. `BuildTrigger` to create.
  BuildTrigger trigger = 2 [(google.api.field_behavior) = REQUIRED];
}

// Returns the `BuildTrigger` with the specified ID.
message GetBuildTriggerRequest {
  // The name of the `Trigger` to retrieve.
  // Format: `projects/{project}/locations/{location}/triggers/{trigger}`
  string name = 3 [(google.api.resource_reference) = {
    type: "cloudbuild.googleapis.com/BuildTrigger"
  }];

  // Required. ID of the project that owns the trigger.
  string project_id = 1 [(google.api.field_behavior) = REQUIRED];

  // Required. Identifier (`id` or `name`) of the `BuildTrigger` to get.
  string trigger_id = 2 [(google.api.field_behavior) = REQUIRED];
}

// Request to list existing `BuildTriggers`.
message ListBuildTriggersRequest {
  // The parent of the collection of `Triggers`.
  // Format: `projects/{project}/locations/{location}`
  string parent = 4 [(google.api.resource_reference) = {
    child_type: "cloudbuild.googleapis.com/BuildTrigger"
  }];

  // Required. ID of the project for which to list BuildTriggers.
  string project_id = 1 [(google.api.field_behavior) = REQUIRED];

  // Number of results to return in the list.
  int32 page_size = 2;

  // Token to provide to skip to a particular spot in the list.
  string page_token = 3;
}

// Response containing existing `BuildTriggers`.
message ListBuildTriggersResponse {
  // `BuildTriggers` for the project, sorted by `create_time` descending.
  repeated BuildTrigger triggers = 1;

  // Token to receive the next page of results.
  string next_page_token = 2;
}

// Request to delete a `BuildTrigger`.
message DeleteBuildTriggerRequest {
  // The name of the `Trigger` to delete.
  // Format: `projects/{project}/locations/{location}/triggers/{trigger}`
  string name = 3 [(google.api.resource_reference) = {
    type: "cloudbuild.googleapis.com/BuildTrigger"
  }];

  // Required. ID of the project that owns the trigger.
  string project_id = 1 [(google.api.field_behavior) = REQUIRED];

  // Required. ID of the `BuildTrigger` to delete.
  string trigger_id = 2 [(google.api.field_behavior) = REQUIRED];
}

// Request to update an existing `BuildTrigger`.
message UpdateBuildTriggerRequest {
  // Required. ID of the project that owns the trigger.
  string project_id = 1 [(google.api.field_behavior) = REQUIRED];

  // Required. ID of the `BuildTrigger` to update.
  string trigger_id = 2 [(google.api.field_behavior) = REQUIRED];

  // Required. `BuildTrigger` to update.
  BuildTrigger trigger = 3 [(google.api.field_behavior) = REQUIRED];
}

// Optional arguments to enable specific features of builds.
message BuildOptions {
  // Details about how a build should be executed on a `WorkerPool`.
  //
  // See [running builds in a private
  // pool](https://cloud.google.com/build/docs/private-pools/run-builds-in-private-pool)
  // for more information.
  message PoolOption {
    // The `WorkerPool` resource to execute the build on.
    // You must have `cloudbuild.workerpools.use` on the project hosting the
    // WorkerPool.
    //
    // Format projects/{project}/locations/{location}/workerPools/{workerPoolId}
    string name = 1 [(google.api.resource_reference) = {
      type: "cloudbuild.googleapis.com/WorkerPool"
    }];
  }

  // Specifies the manner in which the build should be verified, if at all.
  enum VerifyOption {
    // Not a verifiable build. (default)
    NOT_VERIFIED = 0;

    // Verified build.
    VERIFIED = 1;
  }

  // Supported Compute Engine machine types.
  // For more information, see [Machine
  // types](https://cloud.google.com/compute/docs/machine-types).
  enum MachineType {
    // Standard machine type.
    UNSPECIFIED = 0;

    // Highcpu machine with 8 CPUs.
    N1_HIGHCPU_8 = 1;

    // Highcpu machine with 32 CPUs.
    N1_HIGHCPU_32 = 2;

    // Highcpu e2 machine with 8 CPUs.
    E2_HIGHCPU_8 = 5;

    // Highcpu e2 machine with 32 CPUs.
    E2_HIGHCPU_32 = 6;
  }

  // Specifies the behavior when there is an error in the substitution checks.
  enum SubstitutionOption {
    // Fails the build if error in substitutions checks, like missing
    // a substitution in the template or in the map.
    MUST_MATCH = 0;

    // Do not fail the build if error in substitutions checks.
    ALLOW_LOOSE = 1;
  }

  // Specifies the behavior when writing build logs to Google Cloud Storage.
  enum LogStreamingOption {
    // Service may automatically determine build log streaming behavior.
    STREAM_DEFAULT = 0;

    // Build logs should be streamed to Google Cloud Storage.
    STREAM_ON = 1;

    // Build logs should not be streamed to Google Cloud Storage; they will be
    // written when the build is completed.
    STREAM_OFF = 2;
  }

  // Specifies the logging mode.
  enum LoggingMode {
    // The service determines the logging mode. The default is `LEGACY`. Do not
    // rely on the default logging behavior as it may change in the future.
    LOGGING_UNSPECIFIED = 0;

    // Cloud Logging and Cloud Storage logging are enabled.
    LEGACY = 1;

    // Only Cloud Storage logging is enabled.
    GCS_ONLY = 2;

    // This option is the same as CLOUD_LOGGING_ONLY.
    STACKDRIVER_ONLY = 3 [deprecated = true];

    // Only Cloud Logging is enabled. Note that logs for both the Cloud Console
    // UI and Cloud SDK are based on Cloud Storage logs, so neither will provide
    // logs if this option is chosen.
    CLOUD_LOGGING_ONLY = 5;

    // Turn off all logging. No build logs will be captured.
    NONE = 4;
  }

  // Requested hash for SourceProvenance.
  repeated Hash.HashType source_provenance_hash = 1;

  // Requested verifiability options.
  VerifyOption requested_verify_option = 2;

  // Compute Engine machine type on which to run the build.
  MachineType machine_type = 3;

  // Requested disk size for the VM that runs the build. Note that this is *NOT*
  // "disk free"; some of the space will be used by the operating system and
  // build utilities. Also note that this is the minimum disk size that will be
  // allocated for the build -- the build may run with a larger disk than
  // requested. At present, the maximum disk size is 1000GB; builds that request
  // more than the maximum are rejected with an error.
  int64 disk_size_gb = 6;

  // Option to specify behavior when there is an error in the substitution
  // checks.
  //
  // NOTE: this is always set to ALLOW_LOOSE for triggered builds and cannot
  // be overridden in the build configuration file.
  SubstitutionOption substitution_option = 4;

  // Option to specify whether or not to apply bash style string
  // operations to the substitutions.
  //
  // NOTE: this is always enabled for triggered builds and cannot be
  // overridden in the build configuration file.
  bool dynamic_substitutions = 17;

  // Option to define build log streaming behavior to Google Cloud
  // Storage.
  LogStreamingOption log_streaming_option = 5;

  // This field deprecated; please use `pool.name` instead.
  string worker_pool = 7 [deprecated = true];

  // Optional. Specification for execution on a `WorkerPool`.
  //
  // See [running builds in a private
  // pool](https://cloud.google.com/build/docs/private-pools/run-builds-in-private-pool)
  // for more information.
  PoolOption pool = 19 [(google.api.field_behavior) = OPTIONAL];

  // Option to specify the logging mode, which determines if and where build
  // logs are stored.
  LoggingMode logging = 11;

  // A list of global environment variable definitions that will exist for all
  // build steps in this build. If a variable is defined in both globally and in
  // a build step, the variable will use the build step value.
  //
  // The elements are of the form "KEY=VALUE" for the environment variable "KEY"
  // being given the value "VALUE".
  repeated string env = 12;

  // A list of global environment variables, which are encrypted using a Cloud
  // Key Management Service crypto key. These values must be specified in the
  // build's `Secret`. These variables will be available to all build steps
  // in this build.
  repeated string secret_env = 13;

  // Global list of volumes to mount for ALL build steps
  //
  // Each volume is created as an empty volume prior to starting the build
  // process. Upon completion of the build, volumes and their contents are
  // discarded. Global volume names and paths cannot conflict with the volumes
  // defined a build step.
  //
  // Using a global volume in a build with only one step is not valid as
  // it is indicative of a build request with an incorrect configuration.
  repeated Volume volumes = 14;
}

// ReceiveTriggerWebhookRequest [Experimental] is the request object accepted by
// the ReceiveTriggerWebhook method.
message ReceiveTriggerWebhookRequest {
  // The name of the `ReceiveTriggerWebhook` to retrieve.
  // Format: `projects/{project}/locations/{location}/triggers/{trigger}`
  string name = 5;

  // HTTP request body.
  google.api.HttpBody body = 1;

  // Project in which the specified trigger lives
  string project_id = 2;

  // Name of the trigger to run the payload against
  string trigger = 3;

  // Secret token used for authorization if an OAuth token isn't provided.
  string secret = 4;
}

// ReceiveTriggerWebhookResponse [Experimental] is the response object for the
// ReceiveTriggerWebhook method.
message ReceiveTriggerWebhookResponse {}

// Configuration for a `WorkerPool`.
//
// Cloud Build owns and maintains a pool of workers for general use and have no
// access to a project's private network. By default, builds submitted to
// Cloud Build will use a worker from this pool.
//
// If your build needs access to resources on a private network,
// create and use a `WorkerPool` to run your builds. Private `WorkerPool`s give
// your builds access to any single VPC network that you
// administer, including any on-prem resources connected to that VPC
// network. For an overview of private pools, see
// [Private pools
// overview](https://cloud.google.com/build/docs/private-pools/private-pools-overview).
message WorkerPool {
  option (google.api.resource) = {
    type: "cloudbuild.googleapis.com/WorkerPool"
    pattern: "projects/{project}/locations/{location}/workerPools/{worker_pool}"
    plural: "workerPools"
    singular: "workerPool"
    style: DECLARATIVE_FRIENDLY
  };

  // State of the `WorkerPool`.
  enum State {
    // State of the `WorkerPool` is unknown.
    STATE_UNSPECIFIED = 0;

    // `WorkerPool` is being created.
    CREATING = 1;

    // `WorkerPool` is running.
    RUNNING = 2;

    // `WorkerPool` is being deleted: cancelling builds and draining workers.
    DELETING = 3;

    // `WorkerPool` is deleted.
    DELETED = 4;
  }

  // Output only. The resource name of the `WorkerPool`, with format
  // `projects/{project}/locations/{location}/workerPools/{worker_pool}`.
  // The value of `{worker_pool}` is provided by `worker_pool_id` in
  // `CreateWorkerPool` request and the value of `{location}` is determined by
  // the endpoint accessed.
  string name = 1 [(google.api.field_behavior) = OUTPUT_ONLY];

  // A user-specified, human-readable name for the `WorkerPool`. If provided,
  // this value must be 1-63 characters.
  string display_name = 2;

  // Output only. A unique identifier for the `WorkerPool`.
  string uid = 3 [(google.api.field_behavior) = OUTPUT_ONLY];

  // User specified annotations. See https://google.aip.dev/128#annotations
  // for more details such as format and size limitations.
  map<string, string> annotations = 4;

  // Output only. Time at which the request to create the `WorkerPool` was
  // received.
  google.protobuf.Timestamp create_time = 5
      [(google.api.field_behavior) = OUTPUT_ONLY];

  // Output only. Time at which the request to update the `WorkerPool` was
  // received.
  google.protobuf.Timestamp update_time = 6
      [(google.api.field_behavior) = OUTPUT_ONLY];

  // Output only. Time at which the request to delete the `WorkerPool` was
  // received.
  google.protobuf.Timestamp delete_time = 7
      [(google.api.field_behavior) = OUTPUT_ONLY];

  // Output only. `WorkerPool` state.
  State state = 8 [(google.api.field_behavior) = OUTPUT_ONLY];

  // Private Pool configuration for the `WorkerPool`.
  oneof config {
    // Private Pool using a v1 configuration.
    PrivatePoolV1Config private_pool_v1_config = 12;
  }

  // Output only. Checksum computed by the server. May be sent on update and
  // delete requests to ensure that the client has an up-to-date value before
  // proceeding.
  string etag = 11 [(google.api.field_behavior) = OUTPUT_ONLY];
}

// Configuration for a V1 `PrivatePool`.
message PrivatePoolV1Config {
  // Defines the configuration to be used for creating workers in
  // the pool.
  message WorkerConfig {
    // Machine type of a worker, such as `e2-medium`.
    // See [Worker pool config
    // file](https://cloud.google.com/build/docs/private-pools/worker-pool-config-file-schema).
    // If left blank, Cloud Build will use a sensible default.
    string machine_type = 1;

    // Size of the disk attached to the worker, in GB.
    // See [Worker pool config
    // file](https://cloud.google.com/build/docs/private-pools/worker-pool-config-file-schema).
    // Specify a value of up to 1000. If `0` is specified, Cloud Build will use
    // a standard disk size.
    int64 disk_size_gb = 2;
  }

  // Defines the network configuration for the pool.
  message NetworkConfig {
    // Defines the egress option for the pool.
    enum EgressOption {
      // If set, defaults to PUBLIC_EGRESS.
      EGRESS_OPTION_UNSPECIFIED = 0;

      // If set, workers are created without any public address, which prevents
      // network egress to public IPs unless a network proxy is configured.
      NO_PUBLIC_EGRESS = 1;

      // If set, workers are created with a public address which allows for
      // public internet egress.
      PUBLIC_EGRESS = 2;
    }

    // Required. Immutable. The network definition that the workers are peered
    // to. If this section is left empty, the workers will be peered to
    // `WorkerPool.project_id` on the service producer network. Must be in the
    // format `projects/{project}/global/networks/{network}`, where `{project}`
    // is a project number, such as `12345`, and `{network}` is the name of a
    // VPC network in the project. See
    // [Understanding network configuration
    // options](https://cloud.google.com/build/docs/private-pools/set-up-private-pool-environment)
    string peered_network = 1 [
      (google.api.field_behavior) = IMMUTABLE,
      (google.api.field_behavior) = REQUIRED,
      (google.api.resource_reference) = {
        type: "compute.googleapis.com/Network"
      }
    ];

    // Option to configure network egress for the workers.
    EgressOption egress_option = 2;
  }

  // Machine configuration for the workers in the pool.
  WorkerConfig worker_config = 1;

  // Network configuration for the pool.
  NetworkConfig network_config = 2;
}

// Request to create a new `WorkerPool`.
message CreateWorkerPoolRequest {
  // Required. The parent resource where this worker pool will be created.
  // Format: `projects/{project}/locations/{location}`.
  string parent = 1 [
    (google.api.field_behavior) = REQUIRED,
    (google.api.resource_reference) = {
      type: "locations.googleapis.com/Location"
    }
  ];

  // Required. `WorkerPool` resource to create.
  WorkerPool worker_pool = 2 [(google.api.field_behavior) = REQUIRED];

  // Required. Immutable. The ID to use for the `WorkerPool`, which will become
  // the final component of the resource name.
  //
  // This value should be 1-63 characters, and valid characters
  // are /[a-z][0-9]-/.
  string worker_pool_id = 3 [
    (google.api.field_behavior) = IMMUTABLE,
    (google.api.field_behavior) = REQUIRED
  ];

  // If set, validate the request and preview the response, but do not actually
  // post it.
  bool validate_only = 4;
}

// Request to get a `WorkerPool` with the specified name.
message GetWorkerPoolRequest {
  // Required. The name of the `WorkerPool` to retrieve.
  // Format: `projects/{project}/locations/{location}/workerPools/{workerPool}`.
  string name = 1 [
    (google.api.field_behavior) = REQUIRED,
    (google.api.resource_reference) = {
      type: "cloudbuild.googleapis.com/WorkerPool"
    }
  ];
}

// Request to delete a `WorkerPool`.
message DeleteWorkerPoolRequest {
  // Required. The name of the `WorkerPool` to delete.
  // Format:
  // `projects/{project}/locations/{workerPool}/workerPools/{workerPool}`.
  string name = 1 [
    (google.api.field_behavior) = REQUIRED,
    (google.api.resource_reference) = {
      type: "cloudbuild.googleapis.com/WorkerPool"
    }
  ];

  // Optional. If this is provided, it must match the server's etag on the
  // workerpool for the request to be processed.
  string etag = 2;

  // If set to true, and the `WorkerPool` is not found, the request will succeed
  // but no action will be taken on the server.
  bool allow_missing = 3;

  // If set, validate the request and preview the response, but do not actually
  // post it.
  bool validate_only = 4;
}

// Request to update a `WorkerPool`.
message UpdateWorkerPoolRequest {
  // Required. The `WorkerPool` to update.
  //
  // The `name` field is used to identify the `WorkerPool` to update.
  // Format: `projects/{project}/locations/{location}/workerPools/{workerPool}`.
  WorkerPool worker_pool = 1 [(google.api.field_behavior) = REQUIRED];

  // A mask specifying which fields in `worker_pool` to update.
  google.protobuf.FieldMask update_mask = 2;

  // If set, validate the request and preview the response, but do not actually
  // post it.
  bool validate_only = 4;
}

// Request to list `WorkerPool`s.
message ListWorkerPoolsRequest {
  // Required. The parent of the collection of `WorkerPools`.
  // Format: `projects/{project}/locations/{location}`.
  string parent = 1 [
    (google.api.field_behavior) = REQUIRED,
    (google.api.resource_reference) = {
      type: "locations.googleapis.com/Location"
    }
  ];

  // The maximum number of `WorkerPool`s to return. The service may return
  // fewer than this value. If omitted, the server will use a sensible default.
  int32 page_size = 2;

  // A page token, received from a previous `ListWorkerPools` call. Provide this
  // to retrieve the subsequent page.
  string page_token = 3;
}

// Response containing existing `WorkerPools`.
message ListWorkerPoolsResponse {
  // `WorkerPools` for the specified project.
  repeated WorkerPool worker_pools = 1;

  // Continuation token used to page through large result sets. Provide this
  // value in a subsequent ListWorkerPoolsRequest to return the next page of
  // results.
  string next_page_token = 2;
}

// Metadata for the `CreateWorkerPool` operation.
message CreateWorkerPoolOperationMetadata {
  // The resource name of the `WorkerPool` to create.
  // Format:
  // `projects/{project}/locations/{location}/workerPools/{worker_pool}`.
  string worker_pool = 1 [(google.api.resource_reference) = {
    type: "cloudbuild.googleapis.com/WorkerPool"
  }];

  // Time the operation was created.
  google.protobuf.Timestamp create_time = 2;

  // Time the operation was completed.
  google.protobuf.Timestamp complete_time = 3;
}

// Metadata for the `UpdateWorkerPool` operation.
message UpdateWorkerPoolOperationMetadata {
  // The resource name of the `WorkerPool` being updated.
  // Format:
  // `projects/{project}/locations/{location}/workerPools/{worker_pool}`.
  string worker_pool = 1 [(google.api.resource_reference) = {
    type: "cloudbuild.googleapis.com/WorkerPool"
  }];

  // Time the operation was created.
  google.protobuf.Timestamp create_time = 2;

  // Time the operation was completed.
  google.protobuf.Timestamp complete_time = 3;
}

// Metadata for the `DeleteWorkerPool` operation.
message DeleteWorkerPoolOperationMetadata {
  // The resource name of the `WorkerPool` being deleted.
  // Format:
  // `projects/{project}/locations/{location}/workerPools/{worker_pool}`.
  string worker_pool = 1 [(google.api.resource_reference) = {
    type: "cloudbuild.googleapis.com/WorkerPool"
  }];

  // Time the operation was created.
  google.protobuf.Timestamp create_time = 2;

  // Time the operation was completed.
  google.protobuf.Timestamp complete_time = 3;
}