The first time someone (with appropriate permissions) does a manual run of Cloud Build from the gcloud CLI, the CLI creates a new bucket. This happens because CLI-based builds work by uploading a .tgz file with the source.
The bucket name is [PROJECT_ID]_cloudbuild, the prefix for uploads is source, and files are named with something that looks like a timestamp plus a hash, with a .tgz extension. It doesn't look like there are any special permissions on the bucket; Cloud Build has access to the bucket through the "Cloud Build Service Account" role.
This bucket should be managed in Terraform. That'll let us do a few things:
• Auto-delete files after 18 months (365.25 * 1.5 days, which we'll round to 548 days).
• Move to Coldline after 32 days.
• Set write permissions to store some build artifacts (like package lists).
And it also lets me keep track of the bucket, in case we want to do anything else.
The first time someone (with appropriate permissions) does a manual run of Cloud Build from the
gcloud
CLI, the CLI creates a new bucket. This happens because CLI-based builds work by uploading a .tgz file with the source.The bucket name is
[PROJECT_ID]_cloudbuild
, the prefix for uploads issource
, and files are named with something that looks like a timestamp plus a hash, with a.tgz
extension. It doesn't look like there are any special permissions on the bucket; Cloud Build has access to the bucket through the "Cloud Build Service Account" role.This bucket should be managed in Terraform. That'll let us do a few things:
• Auto-delete files after 18 months (365.25 * 1.5 days, which we'll round to 548 days).
• Move to Coldline after 32 days.
• Set write permissions to store some build artifacts (like package lists).
And it also lets me keep track of the bucket, in case we want to do anything else.