Built-in Environment Variables

About 2941 wordsAbout 10 min

Cloud Native Build includes some built-in default environment variables. These variables are read-only and cannot be overwritten, even if you try to override them during the build.

The following merge-related events include:

pull_request
pull_request.update
pull_request.target
pull_request.approved
pull_request.changes_requested
pull_request.mergeable
pull_request.merged
pull_request.comment

Learn more about trigger events.

Basic Variables

Variable Overview

Variable Name	Description
CI	CI identifier, value is `true`
CNB	CNB identifier, value is `true`
CNB_WEB_PROTOCOL	Protocol used by Web
CNB_WEB_HOST	HOST used by Web
CNB_WEB_ENDPOINT	Complete Web address
CNB_API_ENDPOINT	Complete API address
CNB_GROUP_SLUG	Repository parent organization path
CNB_GROUP_SLUG_LOWERCASE	Parent organization path in lowercase
CNB_GROUP_ID	Repository parent organization ID
CNB_ROOT_SLUG	Repository root organization path
CNB_ROOT_SLUG_LOWERCASE	Root organization path in lowercase
CNB_ROOT_ID	Repository root organization ID
CNB_EVENT	Event name that triggered the build
CNB_EVENT_URL	Event-related link
CNB_BRANCH	Branch name or Tag name
CNB_BRANCH_SHA	SHA of the latest commit on the branch
CNB_DEFAULT_BRANCH	Repository default branch
CNB_TOKEN_USER_NAME	Username corresponding to the temporary token
CNB_TOKEN	Temporary token used during pipeline execution
TWINE_USERNAME	PyPI artifact repository username
TWINE_PASSWORD	PyPI artifact repository password
CNB_IS_CRONEVENT	Whether the event is a scheduled task
CNB_DOCKER_REGISTRY	Artifact repository Docker registry address
CNB_DOCKER_MODEL_REGISTRY	Artifact repository Docker Model registry address
CNB_HELM_REGISTRY	Artifact repository Helm registry address
CNB_HAS_LFS_FILES	Whether LFS files exist

CI

Value is true, used to identify the current environment as a CI environment.

CNB

Value is true, used to identify the current environment as a CNB build environment.

CNB_WEB_PROTOCOL

Current protocol used by Web, value is http or https.

CNB_WEB_ENDPOINT

Complete Web address including protocol, HOST, and path (if any).

CNB_API_ENDPOINT

Complete API address including protocol, HOST, and path (if any).

Can be used with CNB_TOKEN to call API interfaces in CI.

CNB_GROUP_SLUG_LOWERCASE

Lowercase format of the repository parent organization path.

CNB_ROOT_SLUG_LOWERCASE

Lowercase format of the repository root organization path.

CNB_EVENT

Value is the event name that triggered the build.

See events for event types.

CNB_EVENT_URL

Event-related link, value rules are as follows:

Trigger Event	Variable Value
Merge-related events	PR link
Issue-related events	Issue link
Other events	CNB_COMMIT link

CNB_BRANCH

Branch name or Tag name, value rules are as follows:

Trigger Event	Variable Value
Merge-related events	Target branch name
Tag-related events	Tag name
Other events	Corresponding branch name

CNB_BRANCH_SHA

SHA of the latest commit on the branch, value rules are as follows:

Trigger Event	Variable Value
`branch.delete`	No value
Other events	SHA of the latest commit on `CNB_BRANCH`

CNB_TOKEN_USER_NAME

Username corresponding to the user temporary token, fixed as cnb.

Temporary token used by users during pipeline execution. It is automatically destroyed after the pipeline completes. This token can be used for pulling and pushing code and artifacts, as well as for API calls.

Permission Assignment

Permission assignment depends on the type of event that triggers the pipeline and can be broadly divided into the following three categories:

NPC events with work mode enabled
NPC events without work mode enabled, or other untrusted events (see Untrusted Events)
Other trusted events

NPC Events with Work Mode Enabled:

Permission Item	Description
`repo-code:rw`	Code read and write
`repo-pr:rw`	PR read and write
`repo-issue:rw`	Issue read and write
`repo-notes:rw`	Comments read and write
`repo-contents:rw`	Contents read and write
`repo-basic-info:r`	Basic info read-only
`account-profile:r`	User info read-only
`account-engage:r`	User followed repositories and followers read-only
`registry-package:rw`	Artifact read and write
`repo-cnb-trigger:rw`	Trigger read and write
`repo-cnb-history:r`	Build history read-only
`repo-cnb-detail:r`	Build details read-only

NPC Events without Work Mode Enabled or Other Untrusted Events:

Permission Item	Description
`repo-code:r`	Code read-only
`repo-pr:r`	PR read-only
`repo-issue:r`	Issue read-only
`repo-notes:rw`	Comments read and write
`repo-contents:r`	Contents read-only
`repo-basic-info:r`	Basic info read-only
`registry-package:r`	Artifact repository read-only
`account-profile:r`	User info read-only

Other Trusted Events:

Permission Item	Description
`repo-code:rw`	Code read and write
`repo-pr:rw`	PR read and write
`repo-issue:rw`	Issue read and write
`repo-notes:rw`	Comments read and write
`repo-contents:rw`	Contents read and write
`registry-package:rw`	Artifact repository read and write
`repo-cnb-trigger:rw`	Trigger read and write
`repo-cnb-history:r`	Build history read-only
`repo-cnb-detail:r`	Build details read-only
`repo-basic-info:r`	Basic info, read-only
`repo-manage:r`	Repository management read-only
`account-profile:r`	User info read-only
`account-engage:r`	User followed repositories and followers read-only
`group-resource:r`	Organization resources read-only

Permission Description

For specific permission meanings, refer to the Access Tokens section on the Personal Settings page.

Security Restrictions

For pipelines in public repositories, this token is restricted to public repositories/artifact repositories only.
For pipelines in forked repositories, this token is restricted to the current repository.
For NPC events outside cross-repository PR scenarios, this token is restricted to the current repository.

TWINE_USERNAME

PyPI artifact repository username, same as CNB_TOKEN_USER_NAME.

TWINE_PASSWORD

PyPI artifact repository password, same as CNB_TOKEN.

CNB_IS_CRONEVENT

Whether the event is a scheduled task.

CNB_DOCKER_REGISTRY

Artifact repository Docker registry address.

CNB_DOCKER_MODEL_REGISTRY

Artifact repository Docker model registry address.

CNB_HELM_REGISTRY

Artifact repository Helm registry address.

CNB_HAS_LFS_FILES

Whether there are LFS files.

Tips

If the repository has removed all LFS files, this variable may still be true until Git GC runs.

Commit Variables

Commit Variable Overview

Variable Name	Description
CNB_BEFORE_SHA	SHA of the latest commit before branch push
CNB_COMMIT	Code SHA corresponding to the build
CNB_COMMIT_SHORT	First 8 characters of CNB_COMMIT
CNB_COMMIT_MESSAGE	Commit message
CNB_COMMIT_MESSAGE_TITLE	Commit message title
CNB_COMMITTER	Committer
CNB_COMMITTER_EMAIL	Committer email
CNB_NEW_COMMITS_COUNT	Number of new commits
CNB_IS_TAG	Whether it's a Tag build
CNB_TAG_MESSAGE	Tag message
CNB_TAG_RELEASE_TITLE	Release title
CNB_TAG_RELEASE_DESC	Release description
CNB_TAG_IS_RELEASE	Whether Tag has corresponding Release
CNB_TAG_IS_PRE_RELEASE	Whether it's a pre-release Release
CNB_IS_NEW_BRANCH	Whether it's a newly created branch
CNB_IS_NEW_BRANCH_WITH_UPDATE	Whether it's a new branch with new commits

CNB_BEFORE_SHA

SHA of the latest commit on that branch in the remote repository before the branch was pushed.

Value Rules:

Trigger Event	Variable Value
`push`, `commit.add`	SHA of the latest commit before branch push
New branch creation	`0000000000000000000000000000000000000000`
`branch.create`	`0000000000000000000000000000000000000000`

CNB_COMMIT

Code SHA corresponding to the build.

SHA value and Workspace version Rules:

event	SHA	workspace
`push`	latest commit	target branch
`commit.add`	latest commit	target branch
`tag_push`	SHA of the latest commit on that Tag	target TAG
`tag_deploy.*`	SHA of the latest commit on that Tag	target TAG
`auto_tag`	SHA of the latest commit on default branch	default branch
`branch.create`	SHA of the latest commit on the new branch	new branch
`branch.delete`	SHA of the latest commit on default branch	default branch
`issue.*`	SHA of the latest commit on default branch	default branch
`issue.comment@npc`	SHA of the latest commit on default branch	default branch
`pull_request`	SHA of the latest commit on source branch	pre-merge
`pull_request.merged`	merged SHA	target branch
`pull_request.target`	SHA of the latest commit on target branch	target branch
`pull_request.mergeable`	SHA of the latest commit on target branch	pre-merge
`pull_request.approved`	SHA of the latest commit on source branch	pre-merge
`pull_request.changes_requested`	SHA of the latest commit on source branch	pre-merge
`pull_request.comment`	SHA of the latest commit on source branch	pre-merge
`pull_request.comment@npc`	SHA of the latest commit on default branch	source branch
`vscode`	SHA of the latest commit on specified branch	target branch
`web_trigger.*`	SHA of the latest commit on specified branch	target branch

CNB_COMMIT_SHORT

Abbreviation of CNB_COMMIT, taking its first 8 characters.

CNB_COMMIT_MESSAGE

Commit message corresponding to CNB_COMMIT.

CNB_COMMIT_MESSAGE_TITLE

The title part of CNB_COMMIT_MESSAGE, i.e., the first line.

CNB_COMMITTER

Committer corresponding to CNB_COMMIT.

CNB_COMMITTER_EMAIL

Email corresponding to CNB_COMMITTER.

CNB_NEW_COMMITS_COUNT

For builds triggered by commit.add, the value is the number of new Commits.

Can be combined with git log -n to view the new Commits.

CNB_IS_TAG

For builds where the branch is a Tag, the value is true.

CNB_TAG_MESSAGE

Tag message.

CNB_TAG_RELEASE_TITLE

Release title.

CNB_TAG_RELEASE_DESC

Release description.

CNB_TAG_IS_RELEASE

Whether the Tag has a corresponding Release.

Value Rules:

Condition	Variable Value
Branch is Tag and has corresponding Release	`true`
Other cases	`false`

CNB_TAG_IS_PRE_RELEASE

Whether it's a pre-release Release.

Value Rules:

Condition	Variable Value
Branch is Tag, has corresponding Release, and is pre-release	`true`
Other cases	`false`

CNB_IS_NEW_BRANCH

Whether the current branch belongs to a newly created branch, default is false.

CNB_IS_NEW_BRANCH_WITH_UPDATE

Whether the current branch belongs to a newly created branch and has new commits, default is false.

Repository Variables

Repository Variable Overview

Variable Name	Description
CNB_REPO_SLUG	Repository path
CNB_REPO_SLUG_LOWERCASE	Repository path in lowercase format
CNB_REPO_NAME	Repository name
CNB_REPO_NAME_LOWERCASE	Repository name in lowercase format
CNB_REPO_ID	Repository ID
CNB_REPO_URL_HTTPS	Repository HTTPS address

CNB_REPO_SLUG

Target repository path in format group_slug/repo_name or group_slug/sub_group_slug/.../repo_name.

CNB_REPO_SLUG_LOWERCASE

Lowercase format of the target repository path.

CNB_REPO_NAME

Target repository name.

CNB_REPO_NAME_LOWERCASE

Lowercase format of the target repository name.

CNB_REPO_ID

Target repository ID.

CNB_REPO_URL_HTTPS

HTTPS address of the target repository.

CNB_FORK_FROM_REPO_SLUG

Path to the source repository of the forked repository.

Build Variables

Build Variable Overview

Variable Name	Description
CNB_BUILD_ID	Build serial number
CNB_BUILD_WEB_URL	Build log address
CNB_BUILD_START_TIME	Build start time
CNB_BUILD_USER	Trigger username
CNB_BUILD_USER_NICKNAME	Trigger nickname
CNB_BUILD_USER_EMAIL	Trigger email
CNB_BUILD_USER_ID	Trigger ID
CNB_BUILD_USER_NPC_SLUG	NPC repository path
CNB_BUILD_USER_NPC_NAME	NPC role name
CNB_BUILD_STAGE_NAME	Stage name
CNB_BUILD_JOB_NAME	Job name
CNB_BUILD_JOB_KEY	Job Key
CNB_BUILD_WORKSPACE	Workspace root directory
CNB_BUILD_FAILED_MSG	Build failure error message
CNB_BUILD_FAILED_STAGE_NAME	Failed Stage name
CNB_PIPELINE_NAME	Pipeline name
CNB_PIPELINE_KEY	Pipeline Key
CNB_PIPELINE_ID	Pipeline ID
CNB_PIPELINE_DOCKER_IMAGE	Pipeline Docker image
CNB_PIPELINE_STATUS	Pipeline build status
CNB_PIPELINE_MAX_RUN_TIME	Pipeline maximum run time
CNB_RUNNER_IP	Runner IP
CNB_CPUS	Available CPU cores
CNB_MEMORY	Available memory size
CNB_IS_RETRY	Whether triggered by rebuild
HUSKY_SKIP_INSTALL	Husky compatibility identifier

CNB_BUILD_ID

Current build serial number, globally unique.

CNB_BUILD_WEB_URL

Current build log address.

CNB_BUILD_START_TIME

Current build start time in UTC format, example 2025-08-21T09:13:45.803Z.

CNB_BUILD_USER

Current build trigger username.

CNB_BUILD_USER_NICKNAME

Current build trigger nickname.

CNB_BUILD_USER_EMAIL

Current build trigger email.

CNB_BUILD_USER_ID

Current build trigger ID.

CNB_BUILD_USER_NPC_SLUG

If the current build is triggered by an NPC, this is the repository path to which the NPC belongs.

CNB_BUILD_USER_NPC_NAME

If the current build is triggered by an NPC, this is the NPC role name.

CNB_BUILD_STAGE_NAME

Current build Stage name.

CNB_BUILD_JOB_NAME

Current build Job name.

CNB_BUILD_JOB_KEY

Current build Job Key, unique within the same Stage.

CNB_BUILD_WORKSPACE

Custom Shell script execution workspace root directory.

CNB_BUILD_FAILED_MSG

Pipeline build failure error message, can be used in failStages.

CNB_BUILD_FAILED_STAGE_NAME

Pipeline build failure Stage name, can be used in failStages.

CNB_PIPELINE_NAME

Current Pipeline name, empty if not declared.

CNB_PIPELINE_KEY

Current Pipeline index Key, e.g., pipeline-0.

CNB_PIPELINE_ID

Current Pipeline ID, globally unique string.

CNB_PIPELINE_DOCKER_IMAGE

Docker image used by the current Pipeline, e.g., alpine:latest.

CNB_PIPELINE_STATUS

Current pipeline build status, can be viewed in endStages.

Possible Values:

Status Value	Description
`success`	Pipeline build completed successfully
`error`	Error occurred during pipeline build
`cancel`	Pipeline build was canceled

CNB_PIPELINE_MAX_RUN_TIME

Pipeline maximum run time in milliseconds.

CNB_RUNNER_IP

IP of the Runner where the current Pipeline is located.

CNB_CPUS

Maximum CPU cores available for the current build pipeline.

CNB_MEMORY

Maximum memory size available for the current build pipeline, in GiB.

CNB_IS_RETRY

Whether the current build was triggered by rebuild.

HUSKY_SKIP_INSTALL

Husky compatibility in CI environment.

Variable Name	Description
CNB_PULL_REQUEST	Whether triggered by PR
CNB_PULL_REQUEST_LIKE	Whether triggered by merge-related events
CNB_PULL_REQUEST_PROPOSER	PR proposer
CNB_PULL_REQUEST_TITLE	PR title
CNB_PULL_REQUEST_DESCRIPTION	PR description
CNB_PULL_REQUEST_BRANCH	PR source branch name
CNB_PULL_REQUEST_SHA	PR source branch latest SHA
CNB_PULL_REQUEST_TARGET_SHA	PR target branch latest SHA
CNB_PULL_REQUEST_MERGE_SHA	PR merged SHA
CNB_PULL_REQUEST_SLUG	Source repository Slug
CNB_PULL_REQUEST_ACTION	PR operation type
CNB_PULL_REQUEST_ID	PR globally unique ID
CNB_PULL_REQUEST_IID	PR repository number
CNB_PULL_REQUEST_REVIEWERS	Reviewer list
CNB_PULL_REQUEST_REVIEW_STATE	Review status
CNB_REVIEW_REVIEWED_BY	Approved reviewer list
CNB_REVIEW_LAST_REVIEWED_BY	Last approved reviewer
CNB_PULL_REQUEST_IS_WIP	Whether PR is WIP

CNB_PULL_REQUEST

Whether triggered by PR.

Value Rules:

Trigger Event	Variable Value
`pull_request`, `pull_request.update`, `pull_request.target`	`true`
Other events	`false`

CNB_PULL_REQUEST_LIKE

Whether triggered by merge-related events.

Value Rules:

Trigger Event	Variable Value
Merge-related events	`true`
Other events	`false`

CNB_PULL_REQUEST_PROPOSER

PR proposer name.

CNB_PULL_REQUEST_TITLE

PR title.

CNB_PULL_REQUEST_DESCRIPTION

PR description.

CNB_PULL_REQUEST_BRANCH

PR source branch name.

CNB_PULL_REQUEST_SHA

SHA of the latest commit on the PR source branch.

CNB_PULL_REQUEST_TARGET_SHA

SHA of the latest commit on the PR target branch.

CNB_PULL_REQUEST_MERGE_SHA

SHA after PR merge.

Value Rules:

Trigger Event	Variable Value
`pull_request.merged`	SHA after PR merge
`pull_request`, `pull_request.update`, `pull_request.target`, `pull_request.mergeable`, `pull_request.comment`	SHA after PR pre-merge
Other events	No value

CNB_PULL_REQUEST_SLUG

Source repository path for merge-related events, in format group_slug/repo_name or group_slug/sub_group_slug/.../repo_name.

CNB_PULL_REQUEST_ACTION

PR operation type.

Possible Values:

Value	Description
`opened`	New PR created
`edited`	PR edited
`synchronize`	Source branch push
`submitted`	Review submitted
`ready_for_merge`	PR becomes mergeable when review approved or CI status changes

CNB_PULL_REQUEST_ID

PR globally unique ID.

CNB_PULL_REQUEST_IID

PR number IID in the repository.

CNB_PULL_REQUEST_REVIEWERS

Reviewer list, multiple separated by ,.

CNB_PULL_REQUEST_REVIEW_STATE

Review status.

Value Rules:

Condition	Variable Value
Has reviewers and someone approved	`approve`
Has reviewers but no one approved	`unapprove`
Other cases	No value

CNB_REVIEW_REVIEWED_BY

List of approved reviewers, multiple separated by ,.

CNB_REVIEW_LAST_REVIEWED_BY

Last approved reviewer.

CNB_PULL_REQUEST_IS_WIP

Whether the PR is set to WIP.

Value Rules:

Trigger Event	Variable Value
Merge-related events	`true` or `false`
Other events	No value

Workspaces Variables

Workspaces Variable Overview

Variable Name	Description
CNB_VSCODE_WEB_URL	Workspaces address
CNB_VSCODE_MAX_RUN_TIME	Workspaces maximum run time

CNB_VSCODE_WEB_URL

Workspaces address, only exists when services: vscode is declared.

CNB_VSCODE_MAX_RUN_TIME

Workspaces environment maximum run time in milliseconds, only exists when services: vscode is declared.

Issue Variables

Issue Variable Overview

Variable Name	Description
CNB_ISSUE_ID	Issue globally unique ID
CNB_ISSUE_IID	Issue repository number
CNB_ISSUE_TITLE	Issue title
CNB_ISSUE_DESCRIPTION	Issue description
CNB_ISSUE_OWNER	Issue author
CNB_ISSUE_STATE	Issue status
CNB_ISSUE_IS_RESOLVED	Whether Issue is resolved
CNB_ISSUE_ASSIGNEES	Issue assignee list
CNB_ISSUE_LABELS	Issue label list
CNB_ISSUE_PRIORITY	Issue priority

CNB_ISSUE_ID

Issue globally unique ID.

CNB_ISSUE_IID

Issue number IID in the repository.

CNB_ISSUE_TITLE

Issue title.

CNB_ISSUE_DESCRIPTION

Issue description.

CNB_ISSUE_OWNER

Issue author username.

CNB_ISSUE_STATE

Issue status.

Value Rules:

Trigger Event	Variable Value
`issue.*`	`open` or `closed`
Other events	Empty string

CNB_ISSUE_IS_RESOLVED

Whether the Issue is resolved.

Value Rules:

Trigger Event	Variable Value
`issue.*`	`true` or `false`
Other events	Empty string

CNB_ISSUE_ASSIGNEES

Issue assignee username list, multiple separated by ,.

CNB_ISSUE_LABELS

Issue label list, multiple separated by ,.

CNB_ISSUE_PRIORITY

Issue priority.

Comment Variables

Comment Variable Overview

Variable Name	Description
CNB_COMMENT_ID	Comment globally unique ID
CNB_COMMENT_BODY	Comment content
CNB_COMMENT_TYPE	Comment type
CNB_COMMENT_FILE_PATH	Comment file
CNB_COMMENT_RANGE	Comment code line
CNB_REVIEW_ID	Review ID
CNB_REVIEW_DESCRIPTION	Review description

CNB_COMMENT_ID

Comment globally unique ID.

CNB_COMMENT_BODY

Comment content.

CNB_COMMENT_TYPE

Comment type.

Value Rules:

Comment Type	Variable Value
PR code review comment	`diff_note`
PR non-code review comment and Issue comment	`note`
Other cases	No value

CNB_COMMENT_FILE_PATH

PR code review, file where the comment is located.

CNB_COMMENT_RANGE

PR code review, code line where the comment is located, e.g., L12 (single line) or L13-L16 (multiple lines).

CNB_REVIEW_ID

PR code review ID.

CNB_REVIEW_DESCRIPTION

PR code review description.

NPC Variables

NPC Variable Overview

Variable Name	Description
CNB_NPC_SLUG	NPC repository path
CNB_NPC_SLUG_LOWERCASE	NPC repository path in lowercase format
CNB_NPC_NAME	NPC role name
CNB_NPC_SHA	NPC repository default branch latest SHA
CNB_NPC_PROMPT	NPC role Prompt
CNB_NPC_SLOGAN	NPC role slogan
CNB_NPC_AVATAR	NPC role avatar
CNB_NPC_ENABLE_THINKING	Whether NPC has thinking enabled
CNB_NPC_ENABLE_WORKMODE	Whether NPC has work mode enabled
CNB_NPC_TRIGGER_CONTENT	Content that triggered the NPC

Trigger Scenario	Equivalent Environment Variable
Issue description when creating an Issue	CNB_ISSUE_DESCRIPTION
Issue comment	CNB_COMMENT_BODY
PR description when creating a PR	CNB_PULL_REQUEST_DESCRIPTION
PR review	CNB_REVIEW_DESCRIPTION
PR comment	CNB_COMMENT_BODY
PR review comment	CNB_COMMENT_BODY