Search code examples
google-cloud-build

GCP Cloud Build FETCHSOURCE is failing when using Bitbucket Cloud repo integration and push triggers

The FETCHSOURCE step fails without pulling down the source.

Build Logs:

> starting build "205dc86e-b097-4b9f-a431-a0fb8b9796c5"
> 
> FETCHSOURCE
> hint: Using 'master' as the name for the initial branch. This default branch name
> hint: is subject to change. To configure the initial branch name to use in all
> hint: of your new repositories, which will suppress this warning, call:
> hint: 
> hint:     git config --global init.defaultBranch <name>
> hint: 
> hint: Names commonly chosen instead of 'master' are 'main', 'trunk' and
> hint: 'development'. The just-created branch can be renamed via this command:
> hint: 
> hint:     git branch -m <name>
> Initialized empty Git repository in /workspace/.git/
> /bin/sh: 4: "; };f: not found
> Reinitialized existing Git repository in /workspace/.git/
> /bin/sh: 4: "; };f: not found
> Reinitialized existing Git repository in /workspace/.git/
> /bin/sh: 4: "; };f: not found
> ERROR
> ERROR: error fetching git source: generic::unknown: retry budget exhausted (3 attempts): fetching git source: fetching git source: source fetch container exited with non-zero status: 127

Using a private repo on bitbucket cloud (repository access token; not premium account) and a push trigger.
The trigger is fired properly when I push to my branch. The build fails within seconds, logs above.

My cloudbuild.yaml is clearly being read from the new push, because it shows my proper step (gcr.io/cloud-builders/docker) and params (build --network cloudbuild -t gcr.io/project/images/blah .). I can, of course, change these params and repush and the params on this step will change.

This build works if I build manually from the command line using gcloud (bypassing bitbucket fetch):

gcloud builds submit --region=us-central1 --config cloudbuild.yaml .

My expectation is that, at a minimum, my branch's code would be fetched and then the next (first) build step would run from the cloudbuild.yaml.

Solution

  • The issue turned out to be a bad secret in secrets manager. If you are getting this error and are using secrets manager, try to create the secret and/or repository integration manually using the console. I was adding the secrets using the gcloud cli and I was not stripping off any line feeds at the end of the secret that was stored in a file. If you are piping your secret into the gcloud cli to be added to secrets manager, be sure to look in the secrets manager console at the checksum and ensure that your secret was actually imported byte for byte as you intended.

    For example:

    cat gcp_cloud_build_bitbucket_all_access_token | tr -d '\n' | gcloud secrets create good_token --data-file=-