Github Action treats a succesful ` gcloud build ` as a failure
I have a very small project where I'm setting up GH Actions to build using Google Cloud Build, with Buildpacks, and deploying with Google Cloud Run.
In my workflow I have this step:
# Build and push image to Google Container Registry
- name: Build Image
working-directory: ./backend
run: |-
gcloud builds submit --pack image=${{ vars.SERVER_IMAGE }}
When the action is run I get these logs:
##[debug]Evaluating condition for step: 'Build Image'
##[debug]Evaluating: success()
##[debug]Evaluating success:
##[debug]=> true
##[debug]Result: true
##[debug]Starting: Build Image
##[debug]Loading inputs
##[debug]Evaluating: format('gcloud builds submit --pack image=***0***', vars.SERVER_IMAGE)
##[debug]Evaluating format:
##[debug]..Evaluating String:
##[debug]..=> 'gcloud builds submit --pack image=***0***'
##[debug]..Evaluating Index:
##[debug]....Evaluating vars:
##[debug]....=> Object
##[debug]....Evaluating String:
##[debug]....=> 'SERVER_IMAGE'
##[debug]..=> 'europe-north1-docker.pkg.dev/**Redacted**'
##[debug]=> 'gcloud builds submit --pack image=**Redacted**r'
##[debug]Result: 'gcloud builds submit --pack image=**Redacted**'
##[debug]Loading env
Run gcloud builds submit --pack image=europe-north1-docker.pkg.dev/**Redacted**
gcloud builds submit --pack image=europe-north1-docker.pkg.dev/**Redacted**
shell: /usr/bin/bash -e ***0***
env: **Redacted**
##[debug]/usr/bin/bash -e /home/runner/work/_temp/66386e53-d7d1-4e54-be36-0461c8fdc0be.sh
Creating temporary tarball archive of 177 file(s) totalling 48.9 MiB before compression.
Uploading tarball of [.] to [gs://**Redacted**_cloudbuild/source/1678965338.099448-94b89c848a0b4dc9b[2](https://github.com/davidals/**Redacted**/actions/runs/4435738713/jobs/7784789787#step:6:2)e6b[3](https://github.com/davidals/**Redacted**/actions/runs/4435738713/jobs/7784789787#step:6:3)da[4](https://github.com/davidals/**Redacted**/actions/runs/4435738713/jobs/7784789787#step:6:4)2d0330f.tgz]
Created [https://cloudbuild.googleapis.com/v1/projects/**Redacted**/locations/global/builds/9[5](https://github.com/davidals/**Redacted**/actions/runs/4435738713/jobs/7784789787#step:6:5)cbf910-2439-4a97-b[6](https://github.com/davidals/**Redacted**/actions/runs/4435738713/jobs/7784789787#step:6:6)01-90e9b38ee0af].
Logs are available at [ https://console.cloud.google.com/cloud-build/builds/95cbf910-2439-4a9[7](https://github.com/davidals/**Redacted**/actions/runs/4435738713/jobs/7784789787#step:6:7)-b601-90e9b3[8](https://github.com/davidals/**Redacted**/actions/runs/4435738713/jobs/7784789787#step:6:8)ee0af?project=[9](https://github.com/davidals/**Redacted**/actions/runs/4435738713/jobs/7784789787#step:6:9)9[15](https://github.com/davidals/**Redacted**/actions/runs/4435738713/jobs/7784789787#step:6:15)[34](https://github.com/davidals/**Redacted**/actions/runs/4435738713/jobs/7784789787#step:6:34)9594[36](https://github.com/davidals/**Redacted**/actions/runs/4435738713/jobs/7784789787#step:6:36) ].
ERROR: (gcloud.builds.submit)
The build is running, and logs are being written to the default logs bucket.
This tool can only stream logs if you are Viewer/Owner of the project and, if applicable, allowed by your VPC-SC security policy.
The default logs bucket is always outside any VPC-SC security perimeter.
If you want your logs saved inside your VPC-SC perimeter, use your own bucket.
See https://cloud.google.com/build/docs/securing-builds/store-manage-build-logs.
Error: Process completed with exit code 1.
##[debug]Finishing: Build Image
But if I go to the logs on Cloud build side of things, it shows that the build was succesful:
And the image was created and uploaded as expected.
But the action completed as a failure and the following steps did not run. Did I miss anything?
Solution
Looks like you don't have enough permissions to stream logs from Cloud Build to Github Actions, what you can do is to suppress logs. You can add this to your cloudbuild.yaml to store build logs in both Logging and Cloud Storage:
options:
logging: CLOUD_LOGGING_ONLY
Or, you can pass --suppress-logs parameter to your gcloud command:
# Build and push image to Google Container Registry
- name: Build Image
working-directory: ./backend
run: |-
gcloud builds submit --pack image=${{ vars.SERVER_IMAGE }} --suppress-logs
- Generate GCP auth identity-token in JAVA
- Are GCP default firewall-rules a security-concern?
- Permissions error fetching application - Gcloud app deploy
- google cloud pub sub multiple subscriber for the same message with the same subscription
- CloudFlare 400 Error When Calling OpenAI Completions API on CloudRun
- Deploy a container to Cloud Run after pushing to Artifact Registry automaticlly
- Creating a cloudsql instance in the VPC network of my Project
- Google Cloud platform performance: how many users
- Bash Indirect expansion doesn't seem to work in cloud build bash scripts?
- Some scopres missing from Google Gmail API oAuth Consent Flow
- How do I list all the top-level folders in given GCS bucket?
- Trigger Google Cloud Build with Google Cloud Scheduler periodically
- How can I prevent certain HTML tags from being stored to Firestore with firestore.rules?
- Google Cloud Functions - ImportError: cannot import name 'InvalidKeyError' from 'jwt.exceptions'
- GCP - User ... does not have permission to access projects instance
- curl failing in Google Cloud Build when using a secret
- Google Cloud Compute Engine refusing connections despite firewall rule
- How to I return JSON from a Google Cloud Function
- Making Exact Copy of Server Google Cloud
- How to drop multiple tables in Big query using Wildcards TABLE_DATE_RANGE()?
- firebase, linkWithCredential to add new auth provider to an Account
- .NET Core Blazor Server cannot access to Cloud SQL in Cloud Run
- Google Compute Engine and ADC Application Default Credentials
- Is there a way to connect cloud firestore to realtime database using Cloud functions?
- Pyspark on GCP Dataproc - Partial reading of data for gzip encoded Cloud Storage files
- How to use GitHub immutable values (IDs) in Attribute Conditions?
- Cannot find the id using Firebase Firestore Database - Android kotlin
- _CHANGE_TYPE not working when streaming Google Big Query rows from Pub/Sub
- Realtime database `onValueWritten` event does not trigger in emulator
- Error 400: invalid_scope with Postman and Google OAuth2