Repository Mapping Does Not Exist when creating Google Cloudbuild Trigger for GitHub repo

Compy · February 12, 2022, 3:30pm

Hello all!

I’m running Terraform v1.1.4 and I’m running into an issue that has been raised previously, but always required a manual workaround.

Take the following simple cloudbuild trigger:

resource "google_cloudbuild_trigger" "build-trigger" {
    filename = "${var.cloudbuild_file}"
    description = local.trigger_description
    project = "${var.project}"
    name = "${var.repo}-master"

    github {
        owner = "${var.github_org}"
        name = "${var.repo}"
        push {
            branch = "^master$"
        }
    }
}

When running a Terraform Apply, I get the following:

google_cloudbuild_trigger.build-trigger: Creating...
╷
│ Error: Error creating Trigger: googleapi: Error 400: Repository mapping does not exist. Please visit https://console.cloud.google.com/cloud-build/triggers/connect?project=<blah> to connect a repository to your project

The terraform plan does reveal that the repository is named correctly, but the issue is that you have to open the Cloud Build UI and “connect the repository” between GitHub and Cloud Build before the Terraform call can succeed.

While this works for deploying existing applications to different places, this somewhat defeats the purpose for being able to seamlessly deploy new/arbitrary github apps, and we have to tell developers to log into cloud build and link the repo first.

Has anyone found a way around this?
Thanks!

braveokafor · March 13, 2022, 3:56pm

Hi,

You have to link your GitHub repo to your GCP project, this requires GitHub authentication.

elmcrest · April 16, 2022, 2:28pm

Hey Compy,

any updates/success on this? just ran also into it and I’m wondering what a proper solution could be …
on SO there is the suggestion to somehow have a persisten project which is connected but that’s kind of sad

greetings

Compy · April 17, 2022, 3:17am

Heya,

Nah, no progress on that front. I think its a side effect of the jankiness in how Google Cloud Build authenticates via interactive OAuth with GitHub.

odashi · May 2, 2022, 8:28pm

Hi all,

I ran into a similar problem. In my case, the repository mapping was configured only on a specific region (us-central1), but the Terraform requested to create a build trigger onto the global resion, resulting in “repository mapping does not exist” error.

Since there is no region parameter in the google_cloudbuild_trigger resource, I turned my repository mapping into global for a quick workaround. But I also guess the resource should support explicit region parameter too.

ramiresdallago · September 2, 2022, 6:24pm

I have the same issue here. Any news?

varvay · September 6, 2022, 7:27am

works for me, thanks

luctrate · October 30, 2022, 5:09pm

If you dont care about the fancy github-gcloud integration features and just want IaC all-the-way you can combine webhook-trigger and build template with custom steps to achieve what you want.

https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/cloudbuild_trigger#example-usage---cloudbuild-trigger-webhook-config

build {
    step {
      name = "gcr.io/cloud-builders/gsutil"
      entrypoint "/bin/bash"     
      args = ["cp", "gs://mybucket/remotefile.zip", "localfile.zip"]
      timeout = "120s"
      secret_env = ["MY_SECRET"]
    }

lmayorga1980 · April 4, 2023, 11:36am

The following worked out for me but now having an issue with the global trigger and a repository

Error: Error creating Trigger: googleapi: Error 400: triggers with repository resources cannot be created in the “global” region

resource "google_cloudbuildv2_repository" "my-repository" {
  provider = google-beta
  name = "my-repo"
  parent_connection = google_cloudbuildv2_connection.my-connection.id
  remote_uri = var.github_source
}

resource "google_cloudbuild_trigger" "repo-trigger" {
  provider = google-beta
  #location = "global"

  repository_event_config {
    repository = google_cloudbuildv2_repository.my-repository.id
    push {
      branch = "master"
    }
  }

  filename = "./cloudbuild.yaml"
}

resource "google_secret_manager_secret" "github-token-secret" {
  provider  = google-beta
  secret_id = "github-token-secret"

  replication {
    automatic = true
  }
}

resource "google_secret_manager_secret_version" "github-token-secret-version" {
  provider    = google-beta
  secret      = google_secret_manager_secret.github-token-secret.id
  secret_data = var.github_token
}

data "google_iam_policy" "p4sa-secretAccessor" {
  provider = google-beta
  binding {
    role = "roles/secretmanager.secretAccessor"
    // Here, 123456789 is the Google Cloud project number for my-project-name.
    members = ["serviceAccount:service-<ID>@gcp-sa-cloudbuild.iam.gserviceaccount.com"]
  }
}

resource "google_secret_manager_secret_iam_policy" "policy" {
  provider    = google-beta
  secret_id   = google_secret_manager_secret.github-token-secret.secret_id
  policy_data = data.google_iam_policy.p4sa-secretAccessor.policy_data
}

resource "google_cloudbuildv2_connection" "my-connection" {
  provider = google-beta
  location = var.region
  name     = "github-connection"

  github_config {
    app_installation_id = var.github_app_id
    authorizer_credential {
      oauth_token_secret_version = google_secret_manager_secret_version.github-token-secret-version.id
    }
  }
}