CNB Docs

English

简体中文

English

简体中文

Appearance

Built-in Environment Variables

Copy page

About 2139 wordsAbout 7 min

Cloud Native Build includes some default environment variables that are read-only. Attempting to override these variables during builds will not take effect.

The following merge-related events include:

  • pull_request
  • pull_request.update
  • pull_request.target
  • pull_request.approved
  • pull_request.changes_requested
  • pull_request.mergeable
  • pull_request.merged
  • pull_request.comment

Learn more about trigger events.

Basic Variables

CI

true

CNB

true

CNB_WEB_PROTOCOL

Current web protocol: http | https

CNB_WEB_HOST

Current web address including protocol, HOST, and path (if any)

CNB_WEB_ENDPOINT

Current API endpoint including protocol, HOST, and path (if any)

Can be used with CNB_TOKEN to call API interfaces in CI

CNB_API_ENDPOINT

Current API endpoint including protocol, HOST, and path (if any)

Can be used with CNB_TOKEN to call API interfaces in CI

CNB_GROUP_SLUG

Repository organization path

CNB_GROUP_SLUG_LOWERCASE

Repository organization path (lowercase format)

CNB_EVENT

Name of the event that triggered the build

Event types see events

CNB_EVENT_URL

  • For builds triggered by merge-related events, value is the Pull Request link
  • For builds triggered by push, branch.create, tag_push, value is the latest Commit link
  • Otherwise empty string

CNB_BRANCH

  • For builds triggered by push, branch.create, branch.delete, value is current branch name
  • For builds triggered by merge-related events, value is target branch name
  • For builds triggered by tag_push, value is tag name
  • For builds triggered by custom events, value is corresponding branch name
  • For builds triggered by crontab, value is corresponding branch name

CNB_BRANCH_SHA

  • For builds triggered by branch.delete, empty string
  • Otherwise latest commit sha of CNB_BRANCH

CNB_DEFAULT_BRANCH

Repository default branch

CNB_TOKEN_USER_NAME

Temporary token username, fixed as cnb

CNB_TOKEN

Temporary user tokens (destroyed at the end of the pipeline) can be used for pulling, pushing code and artifacts, as well as making API calls.

If the repository associated with the pipeline is a public repository, the scope of the token's usage will be restricted to public repositories/artifact repositories only.

For untrusted events:

The permissions are:

  • repo-code:r
  • repo-pr:r
  • repo-issue:r
  • repo-notes:rw
  • repo-contents:r
  • registry-package:r
  • account-profile:r

For other events, the permissions include:

  • repo-code:rw
  • repo-pr:rw
  • repo-issue:rw
  • repo-notes:rw
  • repo-contents:rw
  • registry-package:rw
  • repo-commit-status:rw
  • repo-cnb-trigger:rw
  • repo-cnb-history:r
  • repo-cnb-detail:r
  • repo-basic-info:r
  • repo-manage:r
  • account-profile:r
  • group-resource:r

Refer to permissions in Personal Settings > Access Tokens.

TWINE_USERNAME

The username for the PyPI artifact repository, same as CNB_TOKEN_USER_NAME.

TWINE_PASSWORD

The password for the PyPI artifact repository, same as CNB_TOKEN.

CNB_TOKEN_FOR_AI

User tokens are only supported in pull_request eventsissue.openissue.closeai_issueai_review events, indicating that the caller's identity is AI.

Usage scenario example: For instance, when posting a comment generated by AI in a merge request, this token can be used to call the OpenAPI for posting comments. An AI marker will be added on the page to indicate that the comment is from AI.

Permissions:

  • repo-notes:rw
  • repo-pr:rw

Refer to permissions in Personal Settings > Access Tokens.

CNB_TOKEN_FOR_CODEBUDDY

A user token that identifies the caller as CodeBuddy. Its functionality is the same as CNB_TOKEN_FOR_AI.

CNB_IS_CRONEVENT

Whether it's a scheduled task event

CNB_DOCKER_REGISTRY

Artifact Docker registry address

CNB_DOCKER_MODEL_REGISTRY

Artifact Docker Model registry address

CNB_HELM_REGISTRY

Artifact Helm registry address

CNB_HAS_LFS_FILES

Whether there are LFS files

If the repository is emptied of LFS files, it will still be set to true before Git GC

Commit Variables

CNB_BEFORE_SHA

  • For builds triggered by push or commit.add, the value is the sha of the most recent commit in the remote repository for that branch before the push. If it is a newly created branch, the value is 0000000000000000000000000000000000000000.
  • For builds triggered by branch.create, the value is 0000000000000000000000000000000000000000.

CNB_COMMIT

Commit sha corresponding to the build:

  • For builds triggered by push,commit.add, branch.create, it's the latest commit sha
  • For builds triggered by tag_push, tag_deploy.*, it's the latest commit sha of the tag
  • For builds triggered by auto_tag, branch.delete, issue.*, it's the latest commit sha of the main branch
  • For builds triggered by pull_request.merged, it's the merged sha
  • For builds triggered by pull_request.target, pull_request.mergeable, it's the latest commit sha of the target branch
  • For builds triggered by pull_request, pull_request.approved, pull_request.changes_requested, pull_request.comment, code hasn't been actually merged yet, takes the latest commit sha of the source branch, but the build will perform a pre-merge, meaning the merged content will be the final result
  • For builds triggered by Workspaces, custom events, it's the latest commit sha of the specified branch

CNB_COMMIT_SHORT

Short version of CNB_COMMIT, taking the first 8 characters

CNB_COMMIT_MESSAGE

Commit message corresponding to CNB_COMMIT

CNB_COMMIT_MESSAGE_TITLE

The title part of CNB_COMMIT_MESSAGE, i.e., the first line

CNB_COMMITTER

Committer corresponding to CNB_COMMIT

CNB_COMMITTER_EMAIL

Email corresponding to CNB_COMMITTER

CNB_NEW_COMMITS_COUNT

For builds triggered by commit.add, the value represents the number of new Commits.

You can use git log -n to inspect the newly added Commits.

CNB_IS_TAG

For builds where the branch is a Tag, value is true

CNB_TAG_MESSAGE

  • Tag message: For builds where the branch is a Tag, this environment variable exists
  • Otherwise empty string

CNB_TAG_RELEASE_TITLE

  • Release title: For builds where the branch is a Tag, if Release title is not empty, there will be a value
  • Otherwise empty string

CNB_TAG_RELEASE_DESC

  • Release description: For builds where the branch is a Tag, and Release description is not empty, there will be a value
  • Otherwise empty string

CNB_TAG_IS_RELEASE

  • Whether Tag has corresponding Release: For builds where the branch is a Tag, if Tag has corresponding Release, then true
  • Otherwise false

CNB_TAG_IS_PRE_RELEASE

  • For builds where the branch is a Tag, if corresponding Release exists, and Release is pre-release, then value is true
  • Otherwise false

CNB_IS_NEW_BRANCH

Whether current branch is newly created, default false

CNB_IS_NEW_BRANCH_WITH_UPDATE

Whether current branch is newly created and has new commits, default false

Repository Variables

CNB_REPO_SLUG

Target repository path in format group_slug/repo_name, group_slug/sub_gourp_slog/.../repo_name

CNB_REPO_SLUG_LOWERCASE

Target repository path in lowercase format

CNB_REPO_NAME

Target repository name

CNB_REPO_NAME_LOWERCASE

Target repository name in lowercase format

CNB_REPO_ID

Target repository id

CNB_REPO_URL_HTTPS

Target repository https address

Build Variables

CNB_BUILD_ID

Current build serial number, globally unique

CNB_BUILD_WEB_URL

Current build log address

CNB_BUILD_START_TIME

Current build start time in UTC format, example 2025-08-21T09:13:45.803Z

CNB_BUILD_USER

Current build triggerer username.

CNB_BUILD_USER_NICKNAME

Current build triggerer nickname.

CNB_BUILD_USER_EMAIL

Current build triggerer email

CNB_BUILD_USER_ID

Current build triggerer id

CNB_BUILD_USER_NPC_SLUG

If the current build is triggered by an NPC, this is the repository path to which the NPC belongs.

CNB_BUILD_USER_NPC_NAME

If the current build is triggered by an NPC, this is the NPC name.

CNB_BUILD_STAGE_NAME

Current build stage name

CNB_BUILD_JOB_NAME

Current build job name

CNB_BUILD_JOB_KEY

Current build job key, unique within same stage

CNB_BUILD_WORKSPACE

Custom shell script execution workspace root directory

CNB_BUILD_FAILED_MSG

Pipeline build failure error message, can be used in failStages

CNB_BUILD_FAILED_STAGE_NAME

Pipeline build failure stage name, can be used in failStages

CNB_PIPELINE_NAME

Current pipeline name, empty if not declared

CNB_PIPELINE_KEY

Current pipeline index key, e.g. pipeline-0

CNB_PIPELINE_ID

Current pipeline id, globally unique string

CNB_PIPELINE_DOCKER_IMAGE

Current pipeline used docker image, e.g.: alpine:latest

CNB_PIPELINE_STATUS

The current build status of the pipeline can be viewed in endStages, and its possible values include:

  • success: Indicates that the pipeline build has completed successfully.
  • error: Indicates that an error occurred during the pipeline build process.
  • cancel: Indicates that the pipeline build was canceled.

CNB_PIPELINE_MAX_RUN_TIME

The maximum run time of the pipeline, in milliseconds.

CNB_RUNNER_IP

Current pipeline Runner ip

CNB_CPUS

Maximum CPU cores available for current build pipeline

CNB_MEMORY

Maximum memory size available for current build pipeline, unit is GiB

CNB_IS_RETRY

Whether current build was triggered by rebuild

HUSKY_SKIP_INSTALL

Husky compatibility in ci environment

CNB_PULL_REQUEST

  • For builds triggered by pull_request, pull_request.update, pull_request.target, value is true
  • Otherwise false

CNB_PULL_REQUEST_LIKE

  • For builds triggered by merge-related events, value is true
  • Otherwise false

CNB_PULL_REQUEST_PROPOSER

  • For builds triggered by merge-related events, value is PR proposer name
  • Otherwise empty string

CNB_PULL_REQUEST_TITLE

  • For builds triggered by merge-related events, value is PR title
  • Otherwise empty string

CNB_PULL_REQUEST_BRANCH

  • For builds triggered by merge-related events, value is PR source branch name
  • Otherwise empty string

CNB_PULL_REQUEST_SHA

  • For builds triggered by merge-related events, value is latest commit sha of PR source branch
  • Otherwise empty string

CNB_PULL_REQUEST_TARGET_SHA

  • For builds triggered by merge-related events, value is latest commit sha of PR target branch
  • Otherwise empty string

CNB_PULL_REQUEST_MERGE_SHA

  • For builds triggered by pull_request.merged, value is merged sha
  • For builds triggered by pull_request, pull_request.update, pull_request.target, pull_request.mergeable, pull_request.comment, value is pre-merged sha
  • Otherwise empty string

CNB_PULL_REQUEST_SLUG

  • For builds triggered by merge-related events, value is source repository slug, e.g. group_slug/repo_name, group_slug/sub_gourp_slog/.../repo_name
  • Otherwise empty string

CNB_PULL_REQUEST_ACTION

For builds triggered by merge-related events, possible values:

  • created: New PR
  • code_update: Source branch push
  • status_update: When review approved or CI status changes PR becomes mergeable
  • Otherwise empty string

CNB_PULL_REQUEST_ID

  • For builds triggered by merge-related events, value is globally unique id of current or related PR
  • Otherwise empty string

CNB_PULL_REQUEST_IID

  • For builds triggered by merge-related events, value is iid number of current or related PR in repository
  • Otherwise empty string

CNB_PULL_REQUEST_REVIEWERS

  • For builds triggered by merge-related events, value is reviewer list, multiple separated by ,
  • Otherwise empty string

CNB_PULL_REQUEST_REVIEW_STATE

For builds triggered by merge-related events:

  • Has reviewers and someone approved, value is approve
  • Has reviewers but no one approved, value is unapprove
  • Otherwise empty string

CNB_REVIEW_REVIEWED_BY

  • For builds triggered by merge-related events, value is approved reviewer list, multiple separated by ,
  • Otherwise empty string

CNB_REVIEW_LAST_REVIEWED_BY

  • For builds triggered by merge-related events, value is last approved reviewer
  • Otherwise empty string

CNB_PULL_REQUEST_IS_WIP

  • For builds triggered by merge-type events, the value is true or false, indicating whether the PR has been set to [WIP].
  • Otherwise, the value is an empty string.

Workspaces Variables

CNB_VSCODE_WEB_URL

Workspaces address, only exists when services : vscode is declared

CNB_VSCODE_MAX_RUN_TIME

Workspaces maximum running time, unit is milliseconds, only exists when services : vscode is declared

Issue Variables

CNB_ISSUE_ID

  • For builds triggered by issue.*, value is Issue globally unique ID
  • Otherwise empty string

CNB_ISSUE_IID

  • For builds triggered by issue.*, value is Issue number iid in repository
  • Otherwise empty string

CNB_ISSUE_TITLE

  • For builds triggered by issue.*, value is Issue title
  • Otherwise empty string

CNB_ISSUE_DESCRIPTION

  • For builds triggered by issue.*, value is Issue description
  • Otherwise empty string

CNB_ISSUE_OWNER

  • For builds triggered by issue.*, value is Issue author username
  • Otherwise empty string

CNB_ISSUE_STATE

  • For builds triggered by issue.*, value is Issue state: open, closed
  • Otherwise empty string

CNB_ISSUE_IS_RESOLVED

  • For builds triggered by issue.*, indicates whether Issue is resolved: true, false
  • Otherwise empty string

CNB_ISSUE_ASSIGNEES

  • For builds triggered by issue.*, the value is a comma-separated list of usernames of the assignees of the Issue
  • Otherwise empty string

CNB_ISSUE_LABELS

  • For builds triggered by issue.*, the value is a comma-separated list of labels of the Issue
  • Otherwise empty string

CNB_ISSUE_PRIORITY

  • For builds triggered by issue.*, the value is the priority of the Issue
  • Otherwise empty string

Comment Variables

CNB_COMMENT_ID

  • For builds triggered by comment events, value is comment globally unique ID
  • Otherwise empty string

CNB_COMMENT_BODY

  • For builds triggered by comment events, value is comment content
  • Otherwise empty string

CNB_COMMENT_TYPE

  • For PR code review comments, the value is diff_note.
  • For PR non-code review comments and Issue comments, the value is note.
  • Otherwise, the value is an empty string.

CNB_COMMENT_FILE_PATH

  • For PR code review comments, the value is the file where the comment is located.
  • Otherwise, the value is an empty string.

CNB_COMMENT_RANGE

  • For PR code review comments, the value is the line of code where the comment is located. For example, a single line is L12, and multiple lines are L13-L16.
  • Otherwise, the value is an empty string.

CNB_REVIEW_ID

  • For PR code reviews, the value is the review ID.
  • Otherwise, the value is an empty string.

NPC Class Variables

CNB_NPC_SLUG

  • For NPC events triggered by mentioning (@) a knowledge base role, the value is the repository path of the NPC.
  • Otherwise, the value is an empty string.

CNB_NPC_NAME

  • For builds triggered by NPC events, the value is the name of the NPC role.
  • Otherwise, the value is an empty string.

CNB_NPC_SHA

  • For NPC events triggered by mentioning (@) a knowledge base role, the value is the SHA of the latest commit on the default branch of the NPC's repository.
  • Otherwise, the value is an empty string.

CNB_NPC_PROMPT

  • For NPC events triggered by mentioning (@) a knowledge base role, the value is the prompt of the NPC role.
  • Otherwise, the value is an empty string.

CNB_NPC_AVATAR

  • For NPC events triggered by mentioning (@) a knowledge base role, the value is the avatar of the NPC role.
  • Otherwise, the value is an empty string.

CNB_NPC_ENABLE_THINKING

  • For builds triggered by @npc events, the value indicates whether the NPC role has thinking enabled.
  • Otherwise, the value is an empty string.

© 2026 cnb.cool