Gcb allow build step failure (#7866) (#14498)

* Add allowFailure and allowExitCodes to CloudBuild Trigger

* Add examples

* fix typo

* Update tests

Signed-off-by: Modular Magician <[email protected]>

Author: modular-magician

.changelog/7866.txt

@@ -0,0 +1,3 @@
+```release-note:enhancement
+cloudbuild: Added `allow_failure` and `allow_exit_codes` to `build.step` in `google_cloudbuild_trigger` resource
+```

google/resource_cloudbuild_trigger.go

@@ -233,6 +233,27 @@ you attempt to use them.
 If you built an image in a previous build step, it will be stored in the
 host's Docker daemon's cache and is available to use as the name for a
 later build step.`,
+									},
+									"allow_exit_codes": {
+										Type:     schema.TypeList,
+										Optional: true,
+										Description: `Allow this build step to fail without failing the entire build if and
+only if the exit code is one of the specified codes.
+
+If 'allowFailure' is also specified, this field will take precedence.`,
+										Elem: &schema.Schema{
+											Type: schema.TypeInt,
+										},
+									},
+									"allow_failure": {
+										Type:     schema.TypeBool,
+										Optional: true,
+										Description: `Allow this build step to fail without failing the entire build.
+If false, the entire build will fail if this step fails. Otherwise, the
+build will succeed, but this step will still have a failure status.
+Error information will be reported in the 'failureDetail' field.
+
+'allowExitCodes' takes precedence over this field.`,
 									},
 									"args": {
 										Type:     schema.TypeList,
@@ -2394,18 +2415,20 @@ func flattenCloudBuildTriggerBuildStep(v interface{}, d *schema.ResourceData, co
 			continue
 		}
 		transformed = append(transformed, map[string]interface{}{
-			"name":       flattenCloudBuildTriggerBuildStepName(original["name"], d, config),
-			"args":       flattenCloudBuildTriggerBuildStepArgs(original["args"], d, config),
-			"env":        flattenCloudBuildTriggerBuildStepEnv(original["env"], d, config),
-			"id":         flattenCloudBuildTriggerBuildStepId(original["id"], d, config),
-			"entrypoint": flattenCloudBuildTriggerBuildStepEntrypoint(original["entrypoint"], d, config),
-			"dir":        flattenCloudBuildTriggerBuildStepDir(original["dir"], d, config),
-			"secret_env": flattenCloudBuildTriggerBuildStepSecretEnv(original["secretEnv"], d, config),
-			"timeout":    flattenCloudBuildTriggerBuildStepTimeout(original["timeout"], d, config),
-			"timing":     flattenCloudBuildTriggerBuildStepTiming(original["timing"], d, config),
-			"volumes":    flattenCloudBuildTriggerBuildStepVolumes(original["volumes"], d, config),
-			"wait_for":   flattenCloudBuildTriggerBuildStepWaitFor(original["waitFor"], d, config),
-			"script":     flattenCloudBuildTriggerBuildStepScript(original["script"], d, config),
+			"name":             flattenCloudBuildTriggerBuildStepName(original["name"], d, config),
+			"args":             flattenCloudBuildTriggerBuildStepArgs(original["args"], d, config),
+			"env":              flattenCloudBuildTriggerBuildStepEnv(original["env"], d, config),
+			"id":               flattenCloudBuildTriggerBuildStepId(original["id"], d, config),
+			"entrypoint":       flattenCloudBuildTriggerBuildStepEntrypoint(original["entrypoint"], d, config),
+			"dir":              flattenCloudBuildTriggerBuildStepDir(original["dir"], d, config),
+			"secret_env":       flattenCloudBuildTriggerBuildStepSecretEnv(original["secretEnv"], d, config),
+			"timeout":          flattenCloudBuildTriggerBuildStepTimeout(original["timeout"], d, config),
+			"timing":           flattenCloudBuildTriggerBuildStepTiming(original["timing"], d, config),
+			"volumes":          flattenCloudBuildTriggerBuildStepVolumes(original["volumes"], d, config),
+			"wait_for":         flattenCloudBuildTriggerBuildStepWaitFor(original["waitFor"], d, config),
+			"script":           flattenCloudBuildTriggerBuildStepScript(original["script"], d, config),
+			"allow_failure":    flattenCloudBuildTriggerBuildStepAllowFailure(original["allowFailure"], d, config),
+			"allow_exit_codes": flattenCloudBuildTriggerBuildStepAllowExitCodes(original["allowExitCodes"], d, config),
 		})
 	}
 	return transformed
@@ -2481,6 +2504,14 @@ func flattenCloudBuildTriggerBuildStepScript(v interface{}, d *schema.ResourceDa
 	return v
 }
 
+func flattenCloudBuildTriggerBuildStepAllowFailure(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+	return v
+}
+
+func flattenCloudBuildTriggerBuildStepAllowExitCodes(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+	return v
+}
+
 func flattenCloudBuildTriggerBuildArtifacts(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
 	if v == nil {
 		return nil
@@ -3840,6 +3871,20 @@ func expandCloudBuildTriggerBuildStep(v interface{}, d TerraformResourceData, co
 			transformed["script"] = transformedScript
 		}
 
+		transformedAllowFailure, err := expandCloudBuildTriggerBuildStepAllowFailure(original["allow_failure"], d, config)
+		if err != nil {
+			return nil, err
+		} else if val := reflect.ValueOf(transformedAllowFailure); val.IsValid() && !isEmptyValue(val) {
+			transformed["allowFailure"] = transformedAllowFailure
+		}
+
+		transformedAllowExitCodes, err := expandCloudBuildTriggerBuildStepAllowExitCodes(original["allow_exit_codes"], d, config)
+		if err != nil {
+			return nil, err
+		} else if val := reflect.ValueOf(transformedAllowExitCodes); val.IsValid() && !isEmptyValue(val) {
+			transformed["allowExitCodes"] = transformedAllowExitCodes
+		}
+
 		req = append(req, transformed)
 	}
 	return req, nil
@@ -3926,6 +3971,14 @@ func expandCloudBuildTriggerBuildStepScript(v interface{}, d TerraformResourceDa
 	return v, nil
 }
 
+func expandCloudBuildTriggerBuildStepAllowFailure(v interface{}, d TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+	return v, nil
+}
+
+func expandCloudBuildTriggerBuildStepAllowExitCodes(v interface{}, d TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+	return v, nil
+}
+
 func expandCloudBuildTriggerBuildArtifacts(v interface{}, d TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
 	l := v.([]interface{})
 	if len(l) == 0 || l[0] == nil {

google/resource_cloudbuild_trigger_generated_test.go

@@ -534,6 +534,198 @@ resource "google_cloudbuild_trigger" "bbs-pull-request-trigger" {
 `, context)
 }
 
+func TestAccCloudBuildTrigger_cloudbuildTriggerAllowFailureExample(t *testing.T) {
+	t.Parallel()
+
+	context := map[string]interface{}{
+		"random_suffix": RandString(t, 10),
+	}
+
+	VcrTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.AccTestPreCheck(t) },
+		ProtoV5ProviderFactories: ProtoV5ProviderFactories(t),
+		CheckDestroy:             testAccCheckCloudBuildTriggerDestroyProducer(t),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccCloudBuildTrigger_cloudbuildTriggerAllowFailureExample(context),
+			},
+			{
+				ResourceName:            "google_cloudbuild_trigger.allow-failure-trigger",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"location"},
+			},
+		},
+	})
+}
+
+func testAccCloudBuildTrigger_cloudbuildTriggerAllowFailureExample(context map[string]interface{}) string {
+	return Nprintf(`
+resource "google_cloudbuild_trigger" "allow-failure-trigger" {
+  location = "global"
+
+  trigger_template {
+    branch_name = "main"
+    repo_name   = "my-repo"
+  }
+
+  build {
+    step {
+      name = "ubuntu"
+      args = ["-c", "exit 1"]
+      allow_failure = true
+    }
+
+    source {
+      storage_source {
+        bucket = "mybucket"
+        object = "source_code.tar.gz"
+      }
+    }
+    tags = ["build", "newFeature"]
+    substitutions = {
+      _FOO = "bar"
+      _BAZ = "qux"
+    }
+    queue_ttl = "20s"
+    logs_bucket = "gs://mybucket/logs"
+    secret {
+      kms_key_name = "projects/myProject/locations/global/keyRings/keyring-name/cryptoKeys/key-name"
+      secret_env = {
+        PASSWORD = "ZW5jcnlwdGVkLXBhc3N3b3JkCg=="
+      }
+    }
+    available_secrets {
+      secret_manager {
+        env          = "MY_SECRET"
+        version_name = "projects/myProject/secrets/mySecret/versions/latest"
+      }
+    }
+    artifacts {
+      images = ["gcr.io/$PROJECT_ID/$REPO_NAME:$COMMIT_SHA"]
+      objects {
+        location = "gs://bucket/path/to/somewhere/"
+        paths = ["path"]
+      }
+    }
+    options {
+      source_provenance_hash = ["MD5"]
+      requested_verify_option = "VERIFIED"
+      machine_type = "N1_HIGHCPU_8"
+      disk_size_gb = 100
+      substitution_option = "ALLOW_LOOSE"
+      dynamic_substitutions = true
+      log_streaming_option = "STREAM_OFF"
+      worker_pool = "pool"
+      logging = "LEGACY"
+      env = ["ekey = evalue"]
+      secret_env = ["secretenv = svalue"]
+      volumes {
+        name = "v1"
+        path = "v1"
+      }
+    }
+  }
+}
+`, context)
+}
+
+func TestAccCloudBuildTrigger_cloudbuildTriggerAllowExitCodesExample(t *testing.T) {
+	t.Parallel()
+
+	context := map[string]interface{}{
+		"random_suffix": RandString(t, 10),
+	}
+
+	VcrTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.AccTestPreCheck(t) },
+		ProtoV5ProviderFactories: ProtoV5ProviderFactories(t),
+		CheckDestroy:             testAccCheckCloudBuildTriggerDestroyProducer(t),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccCloudBuildTrigger_cloudbuildTriggerAllowExitCodesExample(context),
+			},
+			{
+				ResourceName:            "google_cloudbuild_trigger.allow-exit-codes-trigger",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"location"},
+			},
+		},
+	})
+}
+
+func testAccCloudBuildTrigger_cloudbuildTriggerAllowExitCodesExample(context map[string]interface{}) string {
+	return Nprintf(`
+resource "google_cloudbuild_trigger" "allow-exit-codes-trigger" {
+  location = "global"
+
+  trigger_template {
+    branch_name = "main"
+    repo_name   = "my-repo"
+  }
+
+  build {
+    step {
+      name = "ubuntu"
+      args = ["-c", "exit 1"]
+      allow_exit_codes = [1,3]
+    }
+
+    source {
+      storage_source {
+        bucket = "mybucket"
+        object = "source_code.tar.gz"
+      }
+    }
+    tags = ["build", "newFeature"]
+    substitutions = {
+      _FOO = "bar"
+      _BAZ = "qux"
+    }
+    queue_ttl = "20s"
+    logs_bucket = "gs://mybucket/logs"
+    secret {
+      kms_key_name = "projects/myProject/locations/global/keyRings/keyring-name/cryptoKeys/key-name"
+      secret_env = {
+        PASSWORD = "ZW5jcnlwdGVkLXBhc3N3b3JkCg=="
+      }
+    }
+    available_secrets {
+      secret_manager {
+        env          = "MY_SECRET"
+        version_name = "projects/myProject/secrets/mySecret/versions/latest"
+      }
+    }
+    artifacts {
+      images = ["gcr.io/$PROJECT_ID/$REPO_NAME:$COMMIT_SHA"]
+      objects {
+        location = "gs://bucket/path/to/somewhere/"
+        paths = ["path"]
+      }
+    }
+    options {
+      source_provenance_hash = ["MD5"]
+      requested_verify_option = "VERIFIED"
+      machine_type = "N1_HIGHCPU_8"
+      disk_size_gb = 100
+      substitution_option = "ALLOW_LOOSE"
+      dynamic_substitutions = true
+      log_streaming_option = "STREAM_OFF"
+      worker_pool = "pool"
+      logging = "LEGACY"
+      env = ["ekey = evalue"]
+      secret_env = ["secretenv = svalue"]
+      volumes {
+        name = "v1"
+        path = "v1"
+      }
+    }
+  }
+}
+`, context)
+}
+
 func testAccCheckCloudBuildTriggerDestroyProducer(t *testing.T) func(s *terraform.State) error {
 	return func(s *terraform.State) error {
 		for name, rs := range s.RootModule().Resources {