@googleapis/containeranalysis

// Copyright 2020 Google LLC // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. /* eslint-disable @typescript-eslint/no-explicit-any */ /* eslint-disable @typescript-eslint/no-unused-vars */ /* eslint-disable @typescript-eslint/no-empty-interface */ /* eslint-disable @typescript-eslint/no-namespace */ /* eslint-disable no-irregular-whitespace */ import { OAuth2Client, JWT, Compute, UserRefreshClient, BaseExternalAccountClient, GaxiosResponseWithHTTP2, GoogleConfigurable, createAPIRequest, MethodOptions, StreamMethodOptions, GlobalOptions, GoogleAuth, BodyResponseCallback, APIRequestContext, } from 'googleapis-common'; import {Readable} from 'stream'; export namespace containeranalysis_v1beta1 { export interface Options extends GlobalOptions { version: 'v1beta1'; } interface StandardParameters { /** * Auth client or API Key for the request */ auth?: | string | OAuth2Client | JWT | Compute | UserRefreshClient | BaseExternalAccountClient | GoogleAuth; /** * V1 error format. */ '$.xgafv'?: string; /** * OAuth access token. */ access_token?: string; /** * Data format for response. */ alt?: string; /** * JSONP */ callback?: string; /** * Selector specifying which fields to include in a partial response. */ fields?: string; /** * API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. */ key?: string; /** * OAuth 2.0 token for the current user. */ oauth_token?: string; /** * Returns response with indentations and line breaks. */ prettyPrint?: boolean; /** * Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. */ quotaUser?: string; /** * Legacy upload protocol for media (e.g. "media", "multipart"). */ uploadType?: string; /** * Upload protocol for media (e.g. "raw", "multipart"). */ upload_protocol?: string; } /** * Container Analysis API * * This API is a prerequisite for leveraging Artifact Analysis scanning capabilities in Artifact Registry. In addition, the Container Analysis API is an implementation of the Grafeas API, which enables storing, querying, and retrieval of critical metadata about all of your software artifacts. * * @example * ```js * const {google} = require('googleapis'); * const containeranalysis = google.containeranalysis('v1beta1'); * ``` */ export class Containeranalysis { context: APIRequestContext; projects: Resource$Projects; constructor(options: GlobalOptions, google?: GoogleConfigurable) { this.context = { _options: options || {}, google, }; this.projects = new Resource$Projects(this.context); } } /** * An alias to a repo revision. */ export interface Schema$AliasContext { /** * The alias kind. */ kind?: string | null; /** * The alias name. */ name?: string | null; } /** * Indicates which analysis completed successfully. Multiple types of analysis can be performed on a single resource. */ export interface Schema$AnalysisCompleted { analysisType?: string[] | null; } /** * Artifact describes a build product. */ export interface Schema$Artifact { /** * Hash or checksum value of a binary, or Docker Registry 2.0 digest of a container. */ checksum?: string | null; /** * Artifact ID, if any; for container images, this will be a URL by digest like `gcr.io/projectID/imagename@sha256:123456`. */ id?: string | null; /** * Related artifact names. This may be the path to a binary or jar file, or in the case of a container build, the name used to push the container image to Google Container Registry, as presented to `docker push`. Note that a single Artifact ID can have multiple names, for example if two tags are applied to one image. */ names?: string[] | null; } /** * Defines a hash object for use in Materials and Products. */ export interface Schema$ArtifactHashes { sha256?: string | null; } /** * Defines an object to declare an in-toto artifact rule */ export interface Schema$ArtifactRule { artifactRule?: string[] | null; } /** * Assessment provides all information that is related to a single vulnerability for this product. */ export interface Schema$Assessment { /** * Holds the MITRE standard Common Vulnerabilities and Exposures (CVE) tracking number for the vulnerability. Deprecated: Use vulnerability_id instead to denote CVEs. */ cve?: string | null; /** * Contains information about the impact of this vulnerability, this will change with time. */ impacts?: string[] | null; /** * Justification provides the justification when the state of the assessment if NOT_AFFECTED. */ justification?: Schema$Justification; /** * A detailed description of this Vex. */ longDescription?: string | null; /** * Holds a list of references associated with this vulnerability item and assessment. These uris have additional information about the vulnerability and the assessment itself. E.g. Link to a document which details how this assessment concluded the state of this vulnerability. */ relatedUris?: Schema$RelatedUrl[]; /** * Specifies details on how to handle (and presumably, fix) a vulnerability. */ remediations?: Schema$Remediation[]; /** * A one sentence description of this Vex. */ shortDescription?: string | null; /** * Provides the state of this Vulnerability assessment. */ state?: string | null; /** * The vulnerability identifier for this Assessment. Will hold one of common identifiers e.g. CVE, GHSA etc. */ vulnerabilityId?: string | null; } /** * Occurrence that represents a single "attestation". The authenticity of an attestation can be verified using the attached signature. If the verifier trusts the public key of the signer, then verifying the signature is sufficient to establish trust. In this circumstance, the authority to which this attestation is attached is primarily useful for look-up (how to find this attestation if you already know the authority and artifact to be verified) and intent (which authority was this attestation intended to sign for). */ export interface Schema$Attestation { genericSignedAttestation?: Schema$GenericSignedAttestation; /** * A PGP signed attestation. */ pgpSignedAttestation?: Schema$PgpSignedAttestation; } /** * Note kind that represents a logical attestation "role" or "authority". For example, an organization might have one `Authority` for "QA" and one for "build". This note is intended to act strictly as a grouping mechanism for the attached occurrences (Attestations). This grouping mechanism also provides a security boundary, since IAM ACLs gate the ability for a principle to attach an occurrence to a given note. It also provides a single point of lookup to find all attached attestation occurrences, even if they don't all live in the same project. */ export interface Schema$Authority { /** * Hint hints at the purpose of the attestation authority. */ hint?: Schema$Hint; } /** * Basis describes the base image portion (Note) of the DockerImage relationship. Linked occurrences are derived from this or an equivalent image via: FROM Or an equivalent reference, e.g. a tag of the resource_url. */ export interface Schema$Basis { /** * Required. Immutable. The fingerprint of the base image. */ fingerprint?: Schema$Fingerprint; /** * Required. Immutable. The resource_url for the resource representing the basis of associated occurrence images. */ resourceUrl?: string | null; } /** * Request to create notes in batch. */ export interface Schema$BatchCreateNotesRequest { /** * Required. The notes to create, the key is expected to be the note ID. Max allowed length is 1000. */ notes?: {[key: string]: Schema$Note} | null; } /** * Response for creating notes in batch. */ export interface Schema$BatchCreateNotesResponse { /** * The notes that were created. */ notes?: Schema$Note[]; } /** * Request to create occurrences in batch. */ export interface Schema$BatchCreateOccurrencesRequest { /** * Required. The occurrences to create. Max allowed length is 1000. */ occurrences?: Schema$Occurrence[]; } /** * Response for creating occurrences in batch. */ export interface Schema$BatchCreateOccurrencesResponse { /** * The occurrences that were created. */ occurrences?: Schema$Occurrence[]; } /** * Associates `members`, or principals, with a `role`. */ export interface Schema$Binding { /** * The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). */ condition?: Schema$Expr; /** * Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid\}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid\}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid\}.svc.id.goog[{namespace\}/{kubernetes-sa\}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid\}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain\}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `principal://iam.googleapis.com/locations/global/workforcePools/{pool_id\}/subject/{subject_attribute_value\}`: A single identity in a workforce identity pool. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id\}/group/{group_id\}`: All workforce identities in a group. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id\}/attribute.{attribute_name\}/{attribute_value\}`: All workforce identities with a specific attribute value. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id\}/x`: All identities in a workforce identity pool. * `principal://iam.googleapis.com/projects/{project_number\}/locations/global/workloadIdentityPools/{pool_id\}/subject/{subject_attribute_value\}`: A single identity in a workload identity pool. * `principalSet://iam.googleapis.com/projects/{project_number\}/locations/global/workloadIdentityPools/{pool_id\}/group/{group_id\}`: A workload identity pool group. * `principalSet://iam.googleapis.com/projects/{project_number\}/locations/global/workloadIdentityPools/{pool_id\}/attribute.{attribute_name\}/{attribute_value\}`: All identities in a workload identity pool with a certain attribute. * `principalSet://iam.googleapis.com/projects/{project_number\}/locations/global/workloadIdentityPools/{pool_id\}/x`: All identities in a workload identity pool. * `deleted:user:{emailid\}?uid={uniqueid\}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid\}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid\}?uid={uniqueid\}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid\}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid\}?uid={uniqueid\}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid\}` and the recovered group retains the role in the binding. * `deleted:principal://iam.googleapis.com/locations/global/workforcePools/{pool_id\}/subject/{subject_attribute_value\}`: Deleted single identity in a workforce identity pool. For example, `deleted:principal://iam.googleapis.com/locations/global/workforcePools/my-pool-id/subject/my-subject-attribute-value`. */ members?: string[] | null; /** * Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`. For an overview of the IAM roles and permissions, see the [IAM documentation](https://cloud.google.com/iam/docs/roles-overview). For a list of the available pre-defined roles, see [here](https://cloud.google.com/iam/docs/understanding-roles). */ role?: string | null; } /** * Note holding the version of the provider's builder and the signature of the provenance message in the build details occurrence. */ export interface Schema$Build { /** * Required. Immutable. Version of the builder which produced this build. */ builderVersion?: string | null; /** * Signature of the build in occurrences pointing to this build note containing build details. */ signature?: Schema$BuildSignature; } export interface Schema$BuildDefinition { buildType?: string | null; externalParameters?: {[key: string]: any} | null; internalParameters?: {[key: string]: any} | null; resolvedDependencies?: Schema$ResourceDescriptor[]; } export interface Schema$BuildMetadata { finishedOn?: string | null; invocationId?: string | null; startedOn?: string | null; } /** * Provenance of a build. Contains all information needed to verify the full details about the build from source to completion. */ export interface Schema$BuildProvenance { /** * Version string of the builder at the time this build was executed. */ builderVersion?: string | null; /** * Special options applied to this build. This is a catch-all field where build providers can enter any desired additional details. */ buildOptions?: {[key: string]: string} | null; /** * Output of the build. */ builtArtifacts?: Schema$Artifact[]; /** * Commands requested by the build. */ commands?: Schema$Command[]; /** * Time at which the build was created. */ createTime?: string | null; /** * E-mail address of the user who initiated this build. Note that this was the user's e-mail address at the time the build was initiated; this address may not represent the same end-user for all time. */ creator?: string | null; /** * Time at which execution of the build was finished. */ endTime?: string | null; /** * Required. Unique identifier of the build. */ id?: string | null; /** * URI where any logs for this provenance were written. */ logsUri?: string | null; /** * ID of the project. */ projectId?: string | null; /** * Details of the Source input to the build. */ sourceProvenance?: Schema$Source; /** * Time at which execution of the build was started. */ startTime?: string | null; /** * Trigger identifier if the build was triggered automatically; empty if not. */ triggerId?: string | null; } /** * Message encapsulating the signature of the verified build. */ export interface Schema$BuildSignature { /** * An ID for the key used to sign. This could be either an ID for the key stored in `public_key` (such as the ID or fingerprint for a PGP key, or the CN for a cert), or a reference to an external key (such as a reference to a key in Cloud Key Management Service). */ keyId?: string | null; /** * The type of the key, either stored in `public_key` or referenced in `key_id`. */ keyType?: string | null; /** * Public key of the builder which can be used to verify that the related findings are valid and unchanged. If `key_type` is empty, this defaults to PEM encoded public keys. This field may be empty if `key_id` references an external key. For Cloud Build based signatures, this is a PEM encoded public key. To verify the Cloud Build signature, place the contents of this field into a file (public.pem). The signature field is base64-decoded into its binary representation in signature.bin, and the provenance bytes from `BuildDetails` are base64-decoded into a binary representation in signed.bin. OpenSSL can then verify the signature: `openssl sha256 -verify public.pem -signature signature.bin signed.bin` */ publicKey?: string | null; /** * Required. Signature of the related `BuildProvenance`. In JSON, this is base-64 encoded. */ signature?: string | null; } /** * A step in the build pipeline. Next ID: 23 */ export interface Schema$BuildStep { /** * Allow this build step to fail without failing the entire build if and only if the exit code is one of the specified codes. If allow_failure is also specified, this field will take precedence. */ allowExitCodes?: number[] | null; /** * Allow this build step to fail without failing the entire build. If false, the entire build will fail if this step fails. Otherwise, the build will succeed, but this step will still have a failure status. Error information will be reported in the failure_detail field. */ allowFailure?: boolean | null; /** * A list of arguments that will be presented to the step when it is started. If the image used to run the step's container has an entrypoint, the `args` are used as arguments to that entrypoint. If the image does not define an entrypoint, the first element in args is used as the entrypoint, and the remainder will be used as arguments. */ args?: string[] | null; /** * Option to include built-in and custom substitutions as env variables for this build step. This option will override the global option in BuildOption. */ automapSubstitutions?: boolean | null; /** * Working directory to use when running this step's container. If this value is a relative path, it is relative to the build's working directory. If this value is absolute, it may be outside the build's working directory, in which case the contents of the path may not be persisted across build step executions, unless a `volume` for that path is specified. If the build specifies a `RepoSource` with `dir` and a step with a `dir`, which specifies an absolute path, the `RepoSource` `dir` is ignored for the step's execution. */ dir?: string | null; /** * Entrypoint to be used instead of the build step image's default entrypoint. If unset, the image's default entrypoint is used. */ entrypoint?: string | null; /** * A list of environment variable definitions to be used when running a step. The elements are of the form "KEY=VALUE" for the environment variable "KEY" being given the value "VALUE". */ env?: string[] | null; /** * Output only. Return code from running the step. */ exitCode?: number | null; /** * Unique identifier for this build step, used in `wait_for` to reference this build step as a dependency. */ id?: string | null; /** * Required. The name of the container image that will run this particular build step. If the image is available in the host's Docker daemon's cache, it will be run directly. If not, the host will attempt to pull the image first, using the builder service account's credentials if necessary. The Docker daemon's cache will already have the latest versions of all of the officially supported build steps ([https://github.com/GoogleCloudPlatform/cloud-builders](https://github.com/GoogleCloudPlatform/cloud-builders)). The Docker daemon will also have cached many of the layers for some popular images, like "ubuntu", "debian", but they will be refreshed at the time you attempt to use them. If you built an image in a previous build step, it will be stored in the host's Docker daemon's cache and is available to use as the name for a later build step. */ name?: string | null; /** * Output only. Stores timing information for pulling this build step's builder image only. */ pullTiming?: Schema$TimeSpan; /** * Remote configuration for the build step. */ remoteConfig?: string | null; results?: Schema$StepResult[]; /** * A shell script to be executed in the step. When script is provided, the user cannot specify the entrypoint or args. */ script?: string | null; /** * A list of environment variables which are encrypted using a Cloud Key Management Service crypto key. These values must be specified in the build's `Secret`. */ secretEnv?: string[] | null; /** * Output only. Status of the build step. At this time, build step status is only updated on build completion; step status is not updated in real-time as the build progresses. */ status?: string | null; /** * Time limit for executing this build step. If not defined, the step has no time limit and will be allowed to continue to run until either it completes or the build itself times out. */ timeout?: string | null; /** * Output only. Stores timing information for executing this build step. */ timing?: Schema$TimeSpan; /** * List of volumes to mount into the build step. Each volume is created as an empty volume prior to execution of the build step. Upon completion of the build, volumes and their contents are discarded. Using a named volume in only one step is not valid as it is indicative of a build request with an incorrect configuration. */ volumes?: Schema$Volume[]; /** * The ID(s) of the step(s) that this build step depends on. This build step will not start until all the build steps in `wait_for` have completed successfully. If `wait_for` is empty, this build step will start when all previous build steps in the `Build.Steps` list have completed successfully. */ waitFor?: string[] | null; } /** * Defines an object for the byproducts field in in-toto links. The suggested fields are "stderr", "stdout", and "return-value". */ export interface Schema$ByProducts { customValues?: {[key: string]: string} | null; } /** * A CloudRepoSourceContext denotes a particular revision in a Google Cloud Source Repo. */ export interface Schema$CloudRepoSourceContext { /** * An alias, which may be a branch or tag. */ aliasContext?: Schema$AliasContext; /** * The ID of the repo. */ repoId?: Schema$RepoId; /** * A revision ID. */ revisionId?: string | null; } /** * Command describes a step performed as part of the build pipeline. */ export interface Schema$Command { /** * Command-line arguments used when executing this command. */ args?: string[] | null; /** * Working directory (relative to project source root) used when running this command. */ dir?: string | null; /** * Environment variables set before running this command. */ env?: string[] | null; /** * Optional unique identifier for this command, used in wait_for to reference this command as a dependency. */ id?: string | null; /** * Required. Name of the command, as presented on the command line, or if the command is packaged as a Docker container, as presented to `docker pull`. */ name?: string | null; /** * The ID(s) of the command(s) that this command depends on. */ waitFor?: string[] | null; } /** * ApprovalConfig describes configuration for manual approval of a build. */ export interface Schema$ContaineranalysisGoogleDevtoolsCloudbuildV1ApprovalConfig { /** * Whether or not approval is needed. If this is set on a build, it will become pending when created, and will need to be explicitly approved to start. */ approvalRequired?: boolean | null; } /** * ApprovalResult describes the decision and associated metadata of a manual approval of a build. */ export interface Schema$ContaineranalysisGoogleDevtoolsCloudbuildV1ApprovalResult { /** * Output only. The time when the approval decision was made. */ approvalTime?: string | null; /** * Output only. Email of the user that called the ApproveBuild API to approve or reject a build at the time that the API was called. */ approverAccount?: string | null; /** * Optional. An optional comment for this manual approval result. */ comment?: string | null; /** * Required. The decision of this manual approval. */ decision?: string | null; /** * Optional. An optional URL tied to this manual approval result. This field is essentially the same as comment, except that it will be rendered by the UI differently. An example use case is a link to an external job that approved this Build. */ url?: string | null; } /** * Artifacts produced by a build that should be uploaded upon successful completion of all build steps. */ export interface Schema$ContaineranalysisGoogleDevtoolsCloudbuildV1Artifacts { /** * Optional. A list of Go modules to be uploaded to Artifact Registry upon successful completion of all build steps. If any objects fail to be pushed, the build is marked FAILURE. */ goModules?: Schema$ContaineranalysisGoogleDevtoolsCloudbuildV1ArtifactsGoModule[]; /** * A list of images to be pushed upon the successful completion of all build steps. The images will be pushed using the builder service account's credentials. The digests of the pushed images will be stored in the Build resource's results field. If any of the images fail to be pushed, the build is marked FAILURE. */ images?: string[] | null; /** * A list of Maven artifacts to be uploaded to Artifact Registry upon successful completion of all build steps. Artifacts in the workspace matching specified paths globs will be uploaded to the specified Artifact Registry repository using the builder service account's credentials. If any artifacts fail to be pushed, the build is marked FAILURE. */ mavenArtifacts?: Schema$ContaineranalysisGoogleDevtoolsCloudbuildV1ArtifactsMavenArtifact[]; /** * A list of npm packages to be uploaded to Artifact Registry upon successful completion of all build steps. Npm packages in the specified paths will be uploaded to the specified Artifact Registry repository using the builder service account's credentials. If any packages fail to be pushed, the build is marked FAILURE. */ npmPackages?: Schema$ContaineranalysisGoogleDevtoolsCloudbuildV1ArtifactsNpmPackage[]; /** * A list of objects to be uploaded to Cloud Storage upon successful completion of all build steps. Files in the workspace matching specified paths globs will be uploaded to the specified Cloud Storage location using the builder service account's credentials. The location and generation of the uploaded objects will be stored in the Build resource's results field. If any objects fail to be pushed, the build is marked FAILURE. */ objects?: Schema$ContaineranalysisGoogleDevtoolsCloudbuildV1ArtifactsArtifactObjects; /** * A list of Python packages to be uploaded to Artifact Registry upon successful completion of all build steps. The build service account credentials will be used to perform the upload. If any objects fail to be pushed, the build is marked FAILURE. */ pythonPackages?: Schema$ContaineranalysisGoogleDevtoolsCloudbuildV1ArtifactsPythonPackage[]; } /** * Files in the workspace to upload to Cloud Storage upon successful completion of all build steps. */ export interface Schema$ContaineranalysisGoogleDevtoolsCloudbuildV1ArtifactsArtifactObjects { /** * Cloud Storage bucket and optional object path, in the form "gs://bucket/path/to/somewhere/". (see [Bucket Name Requirements](https://cloud.google.com/storage/docs/bucket-naming#requirements)). Files in the workspace matching any path pattern will be uploaded to Cloud Storage with this location as a prefix. */ location?: string | null; /** * Path globs used to match files in the build's workspace. */ paths?: string[] | null; /** * Output only. Stores timing information for pushing all artifact objects. */ timing?: Schema$ContaineranalysisGoogleDevtoolsCloudbuildV1TimeSpan; } /** * Go module to upload to Artifact Registry upon successful completion of all build steps. A module refers to all dependencies in a go.mod file. */ export interface Schema$ContaineranalysisGoogleDevtoolsCloudbuildV1ArtifactsGoModule { /** * Optional. The Go module's "module path". e.g. example.com/foo/v2 */ modulePath?: string | null; /** * Optional. The Go module's semantic version in the form vX.Y.Z. e.g. v0.1.1 Pre-release identifiers can also be added by appending a dash and dot separated ASCII alphanumeric characters and hyphens. e.g. v0.2.3-alpha.x.12m.5 */ moduleVersion?: string | null; /** * Optional. Location of the Artifact Registry repository. i.e. us-east1 Defaults to the build’s location. */ repositoryLocation?: string | null; /** * Optional. Artifact Registry repository name. Specified Go modules will be zipped and uploaded to Artifact Registry with this location as a prefix. e.g. my-go-repo */ repositoryName?: string | null; /** * Optional. Project ID of the Artifact Registry repository. Defaults to the build project. */ repositoryProjectId?: string | null; /** * Optional. Source path of the go.mod file in the build's workspace. If not specified, this will default to the current directory. e.g. ~/code/go/mypackage */ sourcePath?: string | null; } /** * A Maven artifact to upload to Artifact Registry upon successful completion of all build steps. */ export interface Schema$ContaineranalysisGoogleDevtoolsCloudbuildV1ArtifactsMavenArtifact { /** * Maven `artifactId` value used when uploading the artifact to Artifact Registry. */ artifactId?: string | null; /** * Maven `groupId` value used when uploading the artifact to Artifact Registry. */ groupId?: string | null; /** * Optional. Path to an artifact in the build's workspace to be uploaded to Artifact Registry. This can be either an absolute path, e.g. /workspace/my-app/target/my-app-1.0.SNAPSHOT.jar or a relative path from /workspace, e.g. my-app/target/my-app-1.0.SNAPSHOT.jar. */ path?: string | null; /** * Artifact Registry repository, in the form "https://$REGION-maven.pkg.dev/$PROJECT/$REPOSITORY" Artifact in the workspace specified by path will be uploaded to Artifact Registry with this location as a prefix. */ repository?: string | null; /** * Maven `version` value used when uploading the artifact to Artifact Registry. */ version?: string | null; } /** * Npm package to upload to Artifact Registry upon successful completion of all build steps. */ export interface Schema$ContaineranalysisGoogleDevtoolsCloudbuildV1ArtifactsNpmPackage { /** * Path to the package.json. e.g. workspace/path/to/package */ packagePath?: string | null; /** * Artifact Registry repository, in the form "https://$REGION-npm.pkg.dev/$PROJECT/$REPOSITORY" Npm package in the workspace specified by path will be zipped and uploaded to Artifact Registry with this location as a prefix. */ repository?: string | null; } /** * Python package to upload to Artifact Registry upon successful completion of all build steps. A package can encapsulate multiple objects to be uploaded to a single repository. */ export interface Schema$ContaineranalysisGoogleDevtoolsCloudbuildV1ArtifactsPythonPackage { /** * Path globs used to match files in the build's workspace. For Python/ Twine, this is usually `dist/x`, and sometimes additionally an `.asc` file. */ paths?: string[] | null; /** * Artifact Registry repository, in the form "https://$REGION-python.pkg.dev/$PROJECT/$REPOSITORY" Files in the workspace matching any path pattern will be uploaded to Artifact Registry with this location as a prefix. */ repository?: string | null; } /** * A build resource in the Cloud Build API. At a high level, a `Build` describes where to find source code, how to build it (for example, the builder image to run on the source), and where to store the built artifacts. Fields can include the following variables, which will be expanded when the build is created: - $PROJECT_ID: the project ID of the build. - $PROJECT_NUMBER: the project number of the build. - $LOCATION: the location/region of the build. - $BUILD_ID: the autogenerated ID of the build. - $REPO_NAME: the source repository name specified by RepoSource. - $BRANCH_NAME: the branch name specified by RepoSource. - $TAG_NAME: the tag name specified by RepoSource. - $REVISION_ID or $COMMIT_SHA: the commit SHA specified by RepoSource or resolved from the specified branch or tag. - $SHORT_SHA: first 7 characters of $REVISION_ID or $COMMIT_SHA. */ export interface Schema$ContaineranalysisGoogleDevtoolsCloudbuildV1Build { /** * Output only. Describes this build's approval configuration, status, and result. */ approval?: Schema$ContaineranalysisGoogleDevtoolsCloudbuildV1BuildApproval; /** * Artifacts produced by the build that should be uploaded upon successful completion of all build steps. */ artifacts?: Schema$ContaineranalysisGoogleDevtoolsCloudbuildV1Artifacts; /** * Secrets and secret environment variables. */ availableSecrets?: Schema$ContaineranalysisGoogleDevtoolsCloudbuildV1Secrets; /** * Output only. The ID of the `BuildTrigger` that triggered this build, if it was triggered automatically. */ buildTriggerId?: string | null; /** * Output only. Time at which the request to create the build was received. */ createTime?: string | null; /** * Optional. Dependencies that the Cloud Build worker will fetch before executing user steps. */ dependencies?: Schema$ContaineranalysisGoogleDevtoolsCloudbuildV1Dependency[]; /** * Output only. Contains information about the build when status=FAILURE. */ failureInfo?: Schema$ContaineranalysisGoogleDevtoolsCloudbuildV1BuildFailureInfo; /** * Output only. Time at which execution of the build was finished. The difference between finish_time and start_time is the duration of the build's execution. */ finishTime?: string | null; /** * Optional. Configuration for git operations. */ gitConfig?: Schema$ContaineranalysisGoogleDevtoolsCloudbuildV1GitConfig; /** * Output only. Unique identifier of the build. */ id?: string | null; /** * A list of images to be pushed upon the successful completion of all build steps. The images are pushed using the builder service account's credentials. The digests of the pushed images will be stored in the `Build` resource's results field. If any of the images fail to be pushed, the build status is marked `FAILURE`. */ images?: string[] | null; /** * Cloud Storage bucket where logs should be written (see [Bucket Name Requirements](https://cloud.google.com/storage/docs/bucket-naming#requirements)). Logs file names will be of the format `${logs_bucket\}/log-${build_id\}.txt`. */ logsBucket?: string | null; /** * Output only. URL to logs for this build in Google Cloud Console. */ logUrl?: string | null; /** * Output only. The 'Build' name with format: `projects/{project\}/locations/{location\}/builds/{build\}`, where {build\} is a unique identifier generated by the service. */ name?: string | null; /** * Special options for this build. */ options?: Schema$ContaineranalysisGoogleDevtoolsCloudbuildV1BuildOptions; /** * Output only. ID of the project. */ projectId?: string | null; /** * TTL in queue for this build. If provided and the build is enqueued longer than this value, the build will expire and the build status will be `EXPIRED`. The TTL starts ticking from create_time. */ queueTtl?: string | null; /** * Output only. Results of the build. */ results?: Schema$ContaineranalysisGoogleDevtoolsCloudbuildV1Results; /** * Secrets to decrypt using Cloud Key Management Service. Note: Secret Manager is the recommended technique for managing sensitive data with Cloud Build. Use `available_secrets` to configure builds to access secrets from Secret Manager. For instructions, see: https://cloud.google.com/cloud-build/docs/securing-builds/use-secrets */ secrets?: Schema$ContaineranalysisGoogleDevtoolsCloudbuildV1Secret[]; /** * IAM service account whose credentials will be used at build runtime. Must be of the format `projects/{PROJECT_ID\}/serviceAccounts/{ACCOUNT\}`. ACCOUNT can be email address or uniqueId of the service account. */ serviceAccount?: string | null; /** * Optional. The location of the source files to build. */ source?: Schema$ContaineranalysisGoogleDevtoolsCloudbuildV1Source; /** * Output only. A permanent fixed identifier for source. */ sourceProvenance?: Schema$ContaineranalysisGoogleDevtoolsCloudbuildV1SourceProvenance; /** * Output only. Time at which execution of the build was started. */ startTime?: string | null; /** * Output only. Status of the build. */ status?: string | null; /** * Output only. Customer-readable message about the current status. */ statusDetail?: string | null; /** * Required. The operations to be performed on the workspace. */ steps?: Schema$ContaineranalysisGoogleDevtoolsCloudbuildV1BuildStep[]; /** * Substitutions data for `Build` resource. */ substitutions?: {[key: string]: string} | null; /** * Tags for annotation of a `Build`. These are not docker tags. */ tags?: string[] | null; /** * Amount of time that this build should be allowed to run, to second granularity. If this amount of time elapses, work on the build will cease and the build status will be `TIMEOUT`. `timeout` starts ticking from `startTime`. Default time is 60 minutes. */ timeout?: string | null; /** * Output only. Stores timing information for phases of the build. Valid keys are: * BUILD: time to execute all build steps. * PUSH: time to push all artifacts including docker images and non docker artifacts. * FETCHSOURCE: time to fetch source. * SETUPBUILD: time to set up build. If the build does not specify source or images, these keys will not be included. */ timing?: { [key: string]: Schema$ContaineranalysisGoogleDevtoolsCloudbuildV1TimeSpan; } | null; /** * Output only. Non-fatal problems encountered during the execution of the build. */ warnings?: Schema$ContaineranalysisGoogleDevtoolsCloudbuildV1BuildWarning[]; } /** * BuildApproval describes a build's approval configuration, state, and result. */ export interface Schema$ContaineranalysisGoogleDevtoolsCloudbuildV1BuildApproval { /** * Output only. Configuration for manual approval of this build. */ config?: Schema$ContaineranalysisGoogleDevtoolsCloudbuildV1ApprovalConfig; /** * Output only. Result of manual approval for this Build. */ result?: Schema$ContaineranalysisGoogleDevtoolsCloudbuildV1ApprovalResult; /** * Output only. The state of this build's approval. */ state?: string | null; } /** * A fatal problem encountered during the execution of the build. */ export interface Schema$ContaineranalysisGoogleDevtoolsCloudbuildV1BuildFailureInfo { /** * Explains the failure issue in more detail using hard-coded text. */ detail?: string | null; /** * The name of the failure. */ type?: string | null; } /** * Optional arguments to enable specific features of builds. */ export interface Schema$ContaineranalysisGoogleDevtoolsCloudbuildV1BuildOptions { /** * Option to include built-in and custom substitutions as env variables for all build steps. */ automapSubstitutions?: boolean | null; /** * Optional. Option to specify how default logs buckets are setup. */ defaultLogsBucketBehavior?: string | null; /** * Requested disk size for the VM that runs the build. Note that this is *NOT* "disk free"; some of the space will be used by the operating system and build utilities. Also note that this is the minimum disk size that will be allocated for the build -- the build may run with a larger disk than requested. At present, the maximum disk size is 4000GB; builds that request more than the maximum are rejected with an error. */ diskSizeGb?: string | null; /** * Option to specify whether or not to apply bash style string operations to the substitutions. NOTE: this is always enabled for triggered builds and cannot be overridden in the build configuration file. */ dynamicSubstitutions?: boolean | null; /** * Optional. Option to specify whether structured logging is enabled. If true, JSON-formatted logs are parsed as structured logs. */ enableStructuredLogging?: boolean | null; /** * A list of global environment variable definitions that will exist for all build steps in this build. If a variable is defined in both globally and in a build step, the variable will use the build step value. The elements are of the form "KEY=VALUE" for the environment variable "KEY" being given the value "VALUE". */ env?: string[] | null; /** * Option to specify the logging mode, which determines if and where build logs are stored. */ logging?: string | null; /** * Option to define build log streaming behavior to Cloud Storage. */ logStreamingOption?: string | null; /** * Compute Engine machine type on which to run the build. */ machineType?: string | null; /** * Optional. Specification for execution on a `WorkerPool`. See [running builds in a private pool](https://cloud.google.com/build/docs/private-pools/run-builds-in-private-pool) for more information. */ pool?: Schema$ContaineranalysisGoogleDevtoolsCloudbuildV1BuildOptionsPoolOption; /** * Optional. Option to specify the Pub/Sub topic to receive build status updates. */ pubsubTopic?: string | null; /** * Requested verifiability options. */ requestedVerifyOption?: string | null; /** * A list of global environment variables, which are encrypted using a Cloud Key Management Service crypto key. These values must be specified in the build's `Secret`. These variables will be available to all build steps in this build. */ secretEnv?: string[] | null; /** * Requested hash for SourceProvenance. */ sourceProvenanceHash?: string[] | null; /** * Option to specify behavior when there is an error in the substitution checks. NOTE: this is always set to ALLOW_LOOSE for triggered builds and cannot be overridden in the build configuration file. */ substitutionOption?: string | null; /** * Global list of volumes to mount for ALL build steps Each volume is created as an empty volume prior to starting the build process. Upon completion of the build, volumes and their contents are discarded. Global volume names and paths cannot conflict with the volumes defined a build step. Using a global volume in a build with only one step is not valid as it is indicative of a build request with an incorrect configuration. */ volumes?: Schema$ContaineranalysisGoogleDevtoolsCloudbuildV1Volume[]; /** * This field deprecated; please use `pool.name` instead. */ workerPool?: string | null; } /** * Details about how a build should be executed on a `WorkerPool`. See [running builds in a private pool](https://cloud.google.com/build/docs/private-pools/run-builds-in-private-pool) for more information. */ export interface Schema$ContaineranalysisGoogleDevtoolsCloudbuildV1BuildOptionsPoolOption { /** * The `WorkerPool` resource to execute the build on. You must have `cloudbuild.workerpools.use` on the project hosting the WorkerPool. Format projects/{project\}/locations/{location\}/workerPools/{workerPoolId\} */ name?: string | null; } /** * A step in the build pipeline. */ export interface Schema$ContaineranalysisGoogleDevtoolsCloudbuildV1BuildStep { /** * Allow this build step to fail without failing the entire build if and only if the exit code is one of the specified codes. If allow_failure is also specified, this field will take precedence. */ allowExitCodes?: number[] | null; /** * Allow this build step to fail without failing the entire build. If false, the entire build will fail if this step fails. Otherwise, the build will succeed, but this step will still have a failure status. Error information will be reported in the failure_detail field. */ allowFailure?: boolean | null; /** * A list of arguments that will be presented to the step when it is started. If the image used to run the step's container has an entrypoint, the `args` are used as arguments to that entrypoint. If the image does not define an entrypoint, the first element in args is used as the entrypoint, and the remainder will be used as arguments. */ args?: string[] | null; /** * Option to include built-in and custom substitutions as env variables for this build step. This option will override the global option in BuildOption. */ automapSubstitutions?: boolean | null; /** * Working directory to use when running this step's container. If this value is a relative path, it is relative to the build's working directory. If this value is absolute, it may be outside the build's working directory, in which case the contents of the path may not be persisted across build step executions, unless a `volume` for that path is specified. If the build specifies a `RepoSource` with `dir` and a step with a `dir`, which specifies an absolute path, the `RepoSource` `dir` is ignored for the step's execution. */ dir?: string | null; /** * Entrypoint to be used instead of the build step image's default entrypoint. If unset, the image's default entrypoint is used. */ entrypoint?: string | null; /** * A list of environment variable definitions to be used when running a step. The elements are of the form "KEY=VALUE" for the environment variable "KEY" being given the value "VALUE". */ env?: string[] | null; /** * Output only. Return code from running the step. */ exitCode?: number | null; /** * Unique identifier for this build step, used in `wait_for` to reference this build step as a dependency. */ id?: string | null; /** * Required. The name of the container image that will run this particular build step. If the image is available in the host's Docker daemon's cache, it will be run directly. If not, the host will attempt to pull the image first, using the builder service account's credentials if necessary. The Docker daemon's cache will already have the latest versions of all of the officially supported build steps ([https://github.com/GoogleCloudPlatform/cloud-builders](https://github