Skip to content

Google Cloud Source Repositories source

This event source receives messages from a Google Cloud Source Repository over a Google Cloud Pub/Sub topic.

With tmctl:

Work in progress

This component is not yet available with tmctl.

On Kubernetes:

apiVersion: sources.triggermesh.io/v1alpha1
kind: GoogleCloudSourceRepositoriesSource
metadata:
  name: sample
spec:
  repository: projects/my-project/repos/my-repo

  publishServiceAccount: pubsub-publisher@my-project.iam.gserviceaccount.com

  serviceAccountKey:
    value: >-
      {
        "type": "service_account",
        "project_id": "my-project",
        "private_key_id": "0000000000000000000000000000000000000000",
        "private_key": "-----BEGIN PRIVATE KEY-----\nMIIE...\n-----END PRIVATE KEY-----\n",
        "client_email": "triggermesh-repositories-source@my-project.iam.gserviceaccount.com",
        "client_id": "000000000000000000000",
        "auth_uri": "https://accounts.google.com/o/oauth2/auth",
        "token_uri": "https://oauth2.googleapis.com/token",
        "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
        "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/triggermesh-repositories-source%40my-project.iam.gserviceaccount.com"
      }
  sink:
    ref:
      apiVersion: eventing.knative.dev/v1
      kind: Broker
      name: default

Events produced have the following attributes:

  • type com.google.cloud.repositories.notification

See the Kubernetes object reference for more details.

Prerequisite(s)

  • Service account
  • Repository
  • Pub/Sub Topic (optional)

Service Account

A Service Account is required to authenticate the event source and allow it to interact with Google Cloud Repositories.

The service account must be granted an IAM Role with at least the following permissions:

  • source.repos.updateRepoConfig
  • iam.serviceAccounts.actAs

The following set of permissions is also required to allow this source to manage the Pub/Sub topic and subscription:

  • pubsub.subscriptions.create
  • pubsub.subscriptions.delete

The predefined roles/source.admin, roles/iam.serviceAccountUser and roles/pubsub.editor roles are an example of roles that are suitable for use with the TriggerMesh event source for Google Cloud Repositories.

Create a key for this service account and save it. This key must be in JSON format. It is required to be able to run an instance of the Google Cloud Repositories event source.

Repository

Full resource name of the Repository. For example, projects/my-project/repos/my-repo.

Pub/Sub Topic (optional)

Full resource name of the Pub/Sub topic where change notifications originating from the configured repo are sent to. If not supplied, a topic is created on behalf of the user, in the GCP project referenced by the 'project' attribute. The expected format is described at https://cloud.google.com/pubsub/docs/admin#resource_names