Re: Cloud Build: Trigger uses default service acco...

ageorgioumlops · 01-31-2023 07:33 AM

Hi

We have a process that links a BitBucket repo to cloud build, it creates a trigger for waiting for a push to master. The Trigger is succeeds in being adding, and all connections (host/ repo) are fine. When setting up the trigger, a user service account is specified.

When something is pushed to master it does not behave as expected. Almost immediately a failed build appears (the build hasn't started):

"Your build failed to run: Couldn't read commit COMMIT_SHA"

This build was initiated using the default cloud build service account.

Sometimes, but not always, an additional build appears that us using the user services account specified when the trigger was set up. This build runs as expected.

I can't seem to identify the problem to solve it. Any help would be appreciated.

robertcarlos

Hi @ageorgioumlops

You need to check if the necessary permissions are enabled in your Cloud Build service account. For you to check if proper roles have been granted:

Open the IAM page in the Google Cloud console.
Select your project, and click Continue.
Click Grant access.
Enter the user's or service account's email address.
Select the desired role from the drop-down menu. Cloud Build roles are under Cloud Build. If you do not see the Cloud Build roles in the drop-down menu, you may need to enable the Cloud Build API.
Click Save.

Check if either cloudbuild.builds.viewerorcloudbuild.builds.editor permission is enabled.

You may also check this Cloud Community post wherein you need to point the trigger to a branch that has RegEx in the name.

ageorgioumlops

Thank you, unfortunately this didn't help. the issue remains the same.

VishalBulbule

@ageorgioumlops

It is failing and sometimes completing successful are for same repos? or different repos. ?

ageorgioumlops

The behaviour is the same across repos within the same bitbucket project.

Cloud Build: Trigger uses default service account when user service account is specified.