如何连接 Terraform 以创建从 GCP 中的私有 bitbucket 回购中提取的云构建触发器

Question

I am setting up a terraform plan in order to create a cloud build trigger in the google cloud provider. However the steps outlined in the terraform documentation are for public git repositories. When I tried hooking up a private bitbucket repository I got a "repo not found" error.

resource "google_cloudbuild_trigger" "cloudbuild-trigger" {
  trigger_template {
    branch_name = "staging"
    repo_name = "BITBUCKET_TEAM_NAME/repo_name"
    dir = "site_dir"
  }

  filename = "cloudbuild.yml"
}

Answer 1

To provide access for a private repository — BitBucket provides an App Password .

After creating such password with “Repository Read” permission you can form a URI with your App Password to the provide access for your repository.

For example: https://YOUR_USERNAME:YOUR_APP_PASSWORD@bitbucket.org/YOUR-TEAM/YOUR-REPO.git and that URI will provide access for reading your repository without asking password. Of course, you must understand the consequences of credentials exposure.

Answer 2

repo_name expects the name of the Cloud Source Repository not the bitbucket repo. Initially from the UI, we can connect cloud build to our bitbucket repo(private).

In the setup, we can opt to mirror our repo in Cloud Source. We can then provide the Cloud Source repo name ti terraform. In this case, We don't have to pass any bitbucket credentials to terraform.

Answer 3

Fully featured Cloud Build triggers for BitBucket which react to events and show their results in BitBucket like you can create them in the UI or via REST API are not yet supported by the GCP Terraform provider.

For external BitBucket servers there is an open GitHub issue to add this functionality.