Built-in Environment Variables
About 1643 wordsAbout 5 min
Cloud Native Build includes some default environment variables that are read-only. Attempting to override these variables during builds will not take effect.
The following merge-related events include:
pull_requestpull_request.updatepull_request.targetpull_request.approvedpull_request.changes_requestedpull_request.mergeablepull_request.mergedpull_request.comment
Learn more about trigger events.
Basic Variables
CI
true
CNB
true
CNB_WEB_PROTOCOL
Current web protocol: http | https
CNB_WEB_HOST
Current web address including protocol, HOST, and path (if any)
CNB_WEB_ENDPOINT
Current API endpoint including protocol, HOST, and path (if any)
Can be used with CNB_TOKEN to call API interfaces in CI
CNB_API_ENDPOINT
Current API endpoint including protocol, HOST, and path (if any)
Can be used with CNB_TOKEN to call API interfaces in CI
CNB_GROUP_SLUG
Repository organization path
CNB_GROUP_SLUG_LOWERCASE
Repository organization path (lowercase format)
CNB_EVENT
Name of the event that triggered the build
Event types see events
CNB_EVENT_URL
- For builds triggered by merge-related events, value is the
Pull Requestlink - For builds triggered by
push,branch.create,tag_push, value is the latestCommitlink - Otherwise empty string
CNB_BRANCH
- For builds triggered by
push,branch.create,branch.delete, value is current branch name - For builds triggered by
merge-related events, value is target branch name - For builds triggered by
tag_push, value istagname - For builds triggered by
custom events, value is corresponding branch name - For builds triggered by
crontab, value is corresponding branch name
CNB_BRANCH_SHA
- For builds triggered by
branch.delete, empty string - Otherwise latest commit
shaofCNB_BRANCH
CNB_DEFAULT_BRANCH
Repository default branch
CNB_TOKEN_USER_NAME
Temporary token username, fixed as cnb
CNB_TOKEN
User token for code submission, API calls, etc.
If the repository associated with the pipeline is a public repository, the scope of the token's usage will be restricted to public repositories/artifact repositories only.
For the pull_request, pull_request.update, pull_request.approved, and pull_request.changes_requested events, the permissions include:
repo-code:rrepo-pr:rrepo-issue:rrepo-notes:rwrepo-contents:rregistry-package:rrepo-commit-status:rwaccount-profile:r
For other events, the permissions include:
repo-code:rwrepo-pr:rwrepo-issue:rwrepo-notes:rwrepo-contents:rwregistry-package:rwrepo-commit-status:rwrepo-cnb-trigger:rwrepo-cnb-history:rrepo-cnb-detail:rrepo-basic-info:rrepo-manage:raccount-profile:rgroup-resource:r
Refer to permissions in Personal Settings > Access Tokens
CNB_TOKEN_FOR_AI
User token used by AI in merge-related events
Permissions:
- repo-notes:rw
Refer to permissions in Personal Settings > Access Tokens
CNB_IS_CRONEVENT
Whether it's a scheduled task event
CNB_DOCKER_REGISTRY
Artifact Docker registry address
CNB_HELM_REGISTRY
Artifact Helm registry address
Commit Variables
CNB_BEFORE_SHA
- For builds triggered by
pushorcommit.add, the value is theshaof the most recent commit in the remote repository for that branch before the push. If it is a newly created branch, the value is0000000000000000000000000000000000000000. - For builds triggered by
branch.create, the value is0000000000000000000000000000000000000000.
CNB_COMMIT
Commit sha corresponding to the build:
- For builds triggered by
push,commit.add,branch.create, it's the latest commitsha - For builds triggered by
tag_push,tag_deploy.*, it's the latest commitshaof thetag - For builds triggered by
auto_tag,branch.delete,issue.*, it's the latest commitshaof the main branch - For builds triggered by
pull_request.merged, it's the mergedsha - For builds triggered by
pull_request.target,pull_request.mergeable, it's the latest commitshaof the target branch - For builds triggered by
pull_request,pull_request.approved,pull_request.changes_requested,pull_request.comment, code hasn't been actually merged yet, takes the latest commitshaof the source branch, but the build will perform a pre-merge, meaning the merged content will be the final result - For builds triggered by
Workspaces,custom events, it's the latest commitshaof the specified branch
CNB_COMMIT_SHORT
Short version of CNB_COMMIT, taking the first 8 characters
CNB_COMMIT_MESSAGE
Commit message corresponding to CNB_COMMIT
CNB_COMMIT_MESSAGE_TITLE
The title part of CNB_COMMIT_MESSAGE, i.e., the first line
CNB_COMMITTER
Committer corresponding to CNB_COMMIT
CNB_COMMITTER_EMAIL
Email corresponding to CNB_COMMITTER
CNB_NEW_COMMITS_COUNT
For builds triggered by commit.add, the value represents the number of new Commits, with a maximum of 99.
You can use git log -n to inspect the newly added Commits.
CNB_IS_TAG
For builds where the branch is a Tag, value is true
CNB_TAG_MESSAGE
Tag message: For builds where the branch is aTag, this environment variable exists- Otherwise empty string
CNB_TAG_RELEASE_TITLE
Release title: For builds where the branch is aTag, ifReleasetitle is not empty, there will be a value- Otherwise empty string
CNB_TAG_RELEASE_DESC
Release description: For builds where the branch is aTag, andReleasedescription is not empty, there will be a value- Otherwise empty string
CNB_TAG_IS_RELEASE
Whether Tag has corresponding Release: For builds where the branch is a Tag, ifTaghas correspondingRelease, then true- Otherwise
false
CNB_TAG_IS_PRE_RELEASE
- For builds where the branch is a Tag, if corresponding
Releaseexists, andReleaseis pre-release, then value istrue - Otherwise false
CNB_IS_NEW_BRANCH
Whether current branch is newly created, default false
CNB_IS_NEW_BRANCH_WITH_UPDATE
Whether current branch is newly created and has new commits, default false
Repository Variables
CNB_REPO_SLUG
Target repository path in format group_slug/repo_name, group_slug/sub_gourp_slog/.../repo_name
CNB_REPO_SLUG_LOWERCASE
Target repository path in lowercase format
CNB_REPO_NAME
Target repository name
CNB_REPO_NAME_LOWERCASE
Target repository name in lowercase format
CNB_REPO_ID
Target repository id
CNB_REPO_URL_HTTPS
Target repository https address
Build Variables
CNB_BUILD_ID
Current build serial number, globally unique
CNB_BUILD_WEB_URL
Current build log address
CNB_BUILD_START_TIME
Current build start time in UTC format, example 2025-08-21T09:13:45.803Z
CNB_BUILD_USER
Current build triggerer name
CNB_BUILD_USER_ID
Current build triggerer id
CNB_BUILD_STAGE_NAME
Current build stage name
CNB_BUILD_JOB_NAME
Current build job name
CNB_BUILD_JOB_KEY
Current build job key, unique within same stage
CNB_BUILD_WORKSPACE
Custom shell script execution workspace root directory
CNB_BUILD_FAILED_MSG
Pipeline build failure error message, can be used in failStages
CNB_BUILD_FAILED_STAGE_NAME
Pipeline build failure stage name, can be used in failStages
CNB_PIPELINE_NAME
Current pipeline name, empty if not declared
CNB_PIPELINE_KEY
Current pipeline index key, e.g. pipeline-0
CNB_PIPELINE_ID
Current pipeline id, globally unique string
CNB_PIPELINE_DOCKER_IMAGE
Current pipeline used docker image, e.g.: alpine:latest
CNB_PIPELINE_STATUS
The current build status of the pipeline can be viewed in endStages, and its possible values include:
success: Indicates that the pipeline build has completed successfully.error: Indicates that an error occurred during the pipeline build process.cancel: Indicates that the pipeline build was canceled.
CNB_RUNNER_IP
Current pipeline Runner ip
CNB_CPUS
Maximum CPU cores available for current build pipeline
CNB_MEMORY
Maximum memory size available for current build pipeline, unit is GiB
CNB_IS_RETRY
Whether current build was triggered by rebuild
HUSKY_SKIP_INSTALL
Husky compatibility in ci environment
Merge-Related Variables
CNB_PULL_REQUEST
- For builds triggered by
pull_request,pull_request.update,pull_request.target, value istrue - Otherwise
false
CNB_PULL_REQUEST_LIKE
- For builds triggered by
merge-related events, value istrue - Otherwise
false
CNB_PULL_REQUEST_PROPOSER
- For builds triggered by
merge-related events, value is PR proposer name - Otherwise empty string
CNB_PULL_REQUEST_TITLE
- For builds triggered by
merge-related events, value is PR title - Otherwise empty string
CNB_PULL_REQUEST_BRANCH
- For builds triggered by
merge-related events, value is PR source branch name - Otherwise empty string
CNB_PULL_REQUEST_SHA
- For builds triggered by
merge-related events, value is latest commitshaof PR source branch - Otherwise empty string
CNB_PULL_REQUEST_TARGET_SHA
- For builds triggered by
merge-related events, value is latest commitshaof PR target branch - Otherwise empty string
CNB_PULL_REQUEST_MERGE_SHA
- For builds triggered by
pull_request.merged, value is mergedsha - For builds triggered by
pull_request,pull_request.update,pull_request.target,pull_request.mergeable,pull_request.comment, value is pre-mergedsha - Otherwise empty string
CNB_PULL_REQUEST_SLUG
- For builds triggered by
merge-related events, value is source repository slug, e.g.group_slug/repo_name,group_slug/sub_gourp_slog/.../repo_name - Otherwise empty string
CNB_PULL_REQUEST_ACTION
For builds triggered by merge-related events, possible values:
- created: New PR
- code_update: Source branch push
- status_update: When review approved or CI status changes
PRbecomes mergeable - Otherwise empty string
CNB_PULL_REQUEST_ID
- For builds triggered by
merge-related events, value is globally uniqueidof current or relatedPR - Otherwise empty string
CNB_PULL_REQUEST_IID
- For builds triggered by
merge-related events, value isiidnumber of current or relatedPRin repository - Otherwise empty string
CNB_PULL_REQUEST_REVIEWERS
- For builds triggered by
merge-related events, value is reviewer list, multiple separated by, - Otherwise empty string
CNB_PULL_REQUEST_REVIEW_STATE
For builds triggered by merge-related events:
- Has reviewers and someone approved, value is
approve - Has reviewers but no one approved, value is
unapprove - Otherwise empty string
CNB_REVIEW_REVIEWED_BY
- For builds triggered by
merge-related events, value is approved reviewer list, multiple separated by, - Otherwise empty string
CNB_REVIEW_LAST_REVIEWED_BY
- For builds triggered by
merge-related events, value is last approved reviewer - Otherwise empty string
CNB_PULL_REQUEST_IS_WIP
- For builds triggered by
merge-type events, the value istrueorfalse, indicating whether thePRhas been set to [WIP]. - Otherwise, the value is an empty string.
Workspaces Variables
CNB_VSCODE_WEB_URL
Workspaces address, only exists when services : vscode is declared
Issue Variables
CNB_ISSUE_ID
- For builds triggered by
issue.*, value isIssueglobally uniqueID - Otherwise empty string
CNB_ISSUE_IID
- For builds triggered by
issue.*, value isIssuenumberiidin repository - Otherwise empty string
CNB_ISSUE_TITLE
- For builds triggered by
issue.*, value isIssuetitle - Otherwise empty string
CNB_ISSUE_DESCRIPTION
- For builds triggered by
issue.*, value isIssuedescription - Otherwise empty string
CNB_ISSUE_OWNER
- For builds triggered by
issue.*, value isIssueauthor username - Otherwise empty string
CNB_ISSUE_STATE
- For builds triggered by
issue.*, value isIssuestate:open,closed - Otherwise empty string
CNB_ISSUE_IS_RESOLVED
- For builds triggered by
issue.*, indicates whetherIssueis resolved:true,false - Otherwise empty string
CNB_ISSUE_ASSIGNEES
- For builds triggered by
issue.*, the value is a comma-separated list of usernames of the assignees of theIssue - Otherwise empty string
CNB_ISSUE_LABELS
- For builds triggered by
issue.*, the value is a comma-separated list of labels of theIssue - Otherwise empty string
CNB_ISSUE_PRIORITY
- For builds triggered by
issue.*, the value is the priority of theIssue - Otherwise empty string
Comment Variables
CNB_COMMENT_ID
- For builds triggered by comment events, value is comment globally unique
ID - Otherwise empty string
CNB_COMMENT_BODY
- For builds triggered by comment events, value is comment content
- Otherwise empty string