1

I get an error when trying to download private go dependencies from artifact registry via terraform:


│ Error: Error waiting to create function: Error waiting for Creating function: Error code 3, message: Build failed with status: FAILURE and message: go: downloading github.com/GoogleCloudPlatform/functions-framework-go v1.9.2
│ go: downloading cloud.google.com/go/firestore v1.20.0
│ go: downloading cloud.google.com/go v0.121.6
...
│ go: downloading golang.org/x/text v0.31.0
│ go: downloading golang.org/x/crypto v0.44.0
│ go: my.package/buildingupdate imports
│       europe-west1-go.pkg.dev/account-12345/go-lib/datatypes: unrecognized import path "europe-west1-go.pkg.dev/account-12345/go-lib": reading https://europe-west1-go.pkg.dev/account-12345/go-lib?go-get=1: 404 Not Found
│ go: my.package/buildingupdate/functions.local/app imports
│       github.com/cloudevents/sdk-go/v2: europe-west1-go.pkg.dev/account-12345/[email protected]: unrecognized import path "europe-west1-go.pkg.dev/account-12345/go-lib": reading https://europe-west1-go.pkg.dev/account-12345/go-lib?go-get=1: 404 Not Found

My terraform code looks the following:

  build_config {
    runtime     = "go125"
    entry_point = "Handler" 
    source {
      storage_source {
        bucket = google_storage_bucket.bucket.name
        object = google_storage_bucket_object.update_building_source.name
      }
    }

    environment_variables = {
      # Proxy all requests via proxy.golang.org, use direct as fallback
      GOPROXY = "https://proxy.golang.org,direct"
      # Exclude from go proxy and fetch directly
      GOPRIVATE = "europe-west1-go.pkg.dev/account-12345/go-lib"
      # Do not check hash from gosumdb
      GONOSUMDB = "europe-west1-go.pkg.dev/account-12345/go-lib"
    }
  }

I also tried setting the Artifact Registry as proxy but then other public dependencies fail to download:

export GOPROXY=https://europe-west1-go.pkg.dev/account-12345/go-lib,https://proxy.golang.org,direct
export GOPRIVATE=europe-west1-go.pkg.dev
export GONOSUMDB=europe-west1-go.pkg.dev

Some other things I verified:
go mod tidy works locally when authenticating via artifact-registry-go-tools .

The service account that is configured to build cloud run functions has the artifact registry read role.

The artifact is present and when downloading it I see the correct modules and the code is up to date.

How can I fix my terraform script to tell the Cloud Run Builder to download the repository from AR?

Improve this question

1 Answer 1

Reset to default
0

The issue is not Terraform itself.The Go toolchain used by the Cloud Function/ Cloud Run builder cannot resolve Artifact Registry module when GOPRIVATE is scoped to the full repository path. This causes Go to attempt ?go-get=1 discovery, which Artifact Registry doesnt support , resulting in 404.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.