IssueTracker

*****Issue Summary: *****
The Customer got an error while he was using Cloud Build triggers  linked to a host connection with bit-bucket repository. The root cause of error discovered was a different checksum of the tokens stored in secrets due a error while being created, after the solution provided to avoid this issue occurs again, the customer requested to give a better detailed log when encountering issues related to incorrect tokens or problems with secrets in order to determine easily what what's the root cause of issues.


****Problem you have encountered:****
 > starting build "205dc86e-b097-4b9f-a431-a0fb8b9796c5"

What you expected to happen:

***Error expected: ***
A detailed log that identifies the nature of the token or secret problem. For example, "INVALID_TOKEN" or "SECRET_NOT_FOUND". Details about the specific token or secret that caused the issue. This could include the name of the secret manager or the type of token


***Steps to reproduce:***

# enable all the apis needed

gcloud services enable cloudbuild.googleapis.com

gcloud services enable secretmanager.googleapis.com


# add the bitbucket keys (passwords) to gcp secrete manager

cat gcp_cloud_build_bitbucket_all_access_token | gcloud secrets create
gcp_cloud_build_admin_access_token --data-file=-

cat gcp_cloud_build_bitbucket_all_access_token | gcloud secrets create
gcp_cloud_build_read_access_token --data-file=-

cat gcp_webhook_bitbucket_api_key | gcloud secrets create
gcp_webhook_bitbucket_api_key --data-file=-


# allow the cloud build service agent the ability to use these secrets

PN=$(gcloud projects describe $PROJECT --format="value(projectNumber)")

CLOUD_BUILD_SERVICE_ACCOUNT="service-${PN}@gcp-sa-cloudbuild.iam.gserviceaccount.com"

echo $CLOUD_BUILD_SERVICE_ACCOUNT

gcloud secrets add-iam-policy-binding
gcp_cloud_build_admin_access_token --member="serviceAccount:${CLOUD_BUILD_SERVICE_ACCOUNT}" --role="roles/secretmanager.secretAccessor"

gcloud secrets add-iam-policy-binding
gcp_cloud_build_read_access_token --member="serviceAccount:${CLOUD_BUILD_SERVICE_ACCOUNT}" --role="roles/secretmanager.secretAccessor"

gcloud secrets add-iam-policy-binding
gcp_webhook_bitbucket_api_key --member="serviceAccount:${CLOUD_BUILD_SERVICE_ACCOUNT}" --role="roles/secretmanager.secretAccessor"


# create a connection from gcp cloud build to bitbucket cloud

gcloud builds connections create bitbucket-cloud
bitbucket_bnb_repo --workspace=solutionsrx --project=$PROJECT --region=us-central1 --authorizer-token-secret-version=projects/$PROJECT/secrets/gcp_cloud_build_admin_access_token/versions/latest --read-authorizer-token-secret-version=projects/$PROJECT/secrets/gcp_cloud_build_read_access_token/versions/latest --webhook-secret-secret-version=projects/$PROJECT/secrets/gcp_webhook_bitbucket_api_key/versions/1



# link the specific bitbucket repo we need to cloud build

gcloud builds repositories create bitbucket_bnb \

--remote-uri=https://bitbucket.org/solutionsrx/bnb.git \

--connection=bitbucket_bnb_repo --region=us-central1 --project=$PROJECT




Then, after this, I manually created a manual run trigger with an inline
build.yaml that builds the ubuntu hello world docker example. The build
fails within 4 seconds, showing the same errors as before:

2024-06-10 15:58:34.618 EDT
hint: git branch -m <name>
2024-06-10 15:58:34.619 EDT

Initialized empty Git repository in /workspace/.git/
2024-06-10 15:58:34.626 EDT
/bin/sh: 4: "; };f: not found
2024-06-10 15:58:35.778 EDT
Reinitialized existing Git repository in /workspace/.git/
2024-06-10 15:58:35.778 EDT
/bin/sh: 4: "; };f: not found
2024-06-10 15:58:37.037 EDT
Reinitialized existing Git repository in /workspace/.git/
2024-06-10 15:58:37.038 EDT
/bin/sh: 4: "; };f: not found
2024-06-10 15:58:37.238 EDT
ERROR
2024-06-10 15:58:37.238 EDT

ERROR: error fetching git source: generic::unknown: retry budget exhausted
(3 attempts): fetching git source: fetching git source: source fetch
container exited with non-zero status: 127

Other information (workarounds you have tried, documentation consulted, etc):