From f86d8e927a6ecb94847ac2fd50c480cb5b19a180 Mon Sep 17 00:00:00 2001 From: Google APIs Date: Mon, 14 Aug 2017 08:03:38 -0700 Subject: [PATCH] Synchronize new proto changes. --- .../devtools/cloudbuild/v1/cloudbuild.proto | 48 +++++++++++++++++++ 1 file changed, 48 insertions(+) diff --git a/google/devtools/cloudbuild/v1/cloudbuild.proto b/google/devtools/cloudbuild/v1/cloudbuild.proto index 7974e625..4d9f2961 100644 --- a/google/devtools/cloudbuild/v1/cloudbuild.proto +++ b/google/devtools/cloudbuild/v1/cloudbuild.proto @@ -223,6 +223,36 @@ message BuildStep { // Optional entrypoint to be used instead of the build step image's default // If unset, the image's default will be used. string entrypoint = 7; + + // A list of environment variables which are encrypted using a Cloud KMS + // crypto key. These values must be specified in the build's secrets. + repeated string secret_env = 8; + + // List of volumes to mount into the build step. + // + // Each volume will be created as an empty volume prior to execution of the + // build step. Upon completion of the build, volumes and their contents will + // be discarded. + // + // Using a named volume in only one step is not valid as it is indicative + // of a mis-configured build request. + repeated Volume volumes = 9; +} + +// Volume describes a Docker container volume which is mounted into build steps +// in order to persist files across build step execution. +message Volume { + // Name of the volume to mount. + // + // Volume names must be unique per build step and must be valid names for + // Docker volumes. Each named volume must be used by at least two build steps. + string name = 1; + + // Path at which to mount the volume. + // + // Paths must be absolute and cannot conflict with other volume paths on the + // same build step or with certain reserved volume paths. + string path = 2; } // Results describes the artifacts created by the build pipeline. @@ -364,6 +394,9 @@ message Build { // Tags for annotation of a Build. These are not docker tags. repeated string tags = 31; + + // Secrets to decrypt using Cloud KMS. + repeated Secret secrets = 32; } // Metadata for build operations. @@ -421,6 +454,21 @@ message Hash { bytes value = 2; } +// Secret pairs a set of secret environment variables containing encrypted +// values with the Cloud KMS key to use to decrypt the value. +message Secret { + // Cloud KMS key name to use to decrypt these envs. + string kms_key_name = 1; + + // Map of environment variable name to its encrypted value. + // + // Secret environment variables must be unique across all of a build's + // secrets, and must be used by at least one build step. Values can be at most + // 1 KB in size. There can be at most ten secret values across all of a + // build's secrets. + map secret_env = 3; +} + // Request to create a new build. message CreateBuildRequest { // ID of the project.