Your team stores Apache Beam pipelines in a GitHub repository. You need to trigger a Cloud Build job only when code is pushed to the main branch-ignoring all other branches and tags-and run the build only if at least one file in the dataflow/ directory (or its subfolders) has changed. The build must execute under a dedicated Cloud Build service account that has the minimum IAM roles required to launch Dataflow jobs and upload artifacts to Cloud Storage (roles/dataflow.admin and roles/storage.admin). Which trigger configuration meets all of these requirements?
Set up a GitHub App trigger for "push to tag" events matching v.*, without includedFiles filtering, and let the default Cloud Build service account run the build.
Create a Cloud Source Repositories trigger that fires on any push (branch regex ".*"), omit file-path filters, and allow the default Compute Engine default service account to execute the build.
Configure a GitHub App trigger that starts on pull_request events, rely on Cloud Build's default service account with the broader roles/editor role, and skip path filtering.
Define a GitHub App Cloud Build trigger that listens for the "push to branch" event, uses the branch regex ^main$, sets includedFiles to ["dataflow/**"], and runs under a custom Cloud Build service account granted only roles/dataflow.admin and roles/storage.admin.
A GitHub App-based Cloud Build trigger configured for the "Push to a branch" event with a branch-name regular-expression filter of ^main$ restricts execution to commits that land on the main branch. Adding an includedFiles filter set to ["dataflow/**"] ensures the build runs only when files under the dataflow/ path change. Finally, specifying a custom Cloud Build service account that holds only roles/dataflow.admin (to create Dataflow jobs) and roles/storage.admin (to write to Cloud Storage) limits its permissions to what the build actually needs, avoiding broader roles such as Editor or Owner. The alternative configurations either monitor the wrong event (pull_request or tag), lack file-path filtering, use a different repository type, or run with overly privileged default service accounts, so they do not fulfill all stated constraints.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a GitHub App Cloud Build trigger?
Open an interactive chat with Bash
What is the role of includedFiles in Cloud Build triggers?
Open an interactive chat with Bash
Why is it important to use a custom Cloud Build service account with minimal IAM roles?
Open an interactive chat with Bash
What is a GitHub App Cloud Build trigger?
Open an interactive chat with Bash
What is the importance of includedFiles filtering in Cloud Build triggers?
Open an interactive chat with Bash
Why use a custom Cloud Build service account with limited IAM roles?
Open an interactive chat with Bash
GCP Professional Data Engineer
Ingesting and processing the data
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .