google-cloud-platformgithub-actions

Github Action treats a succesful ` gcloud build ` as a failure


I have a very small project where I'm setting up GH Actions to build using Google Cloud Build, with Buildpacks, and deploying with Google Cloud Run.

In my workflow I have this step:

      # Build and push image to Google Container Registry
      - name: Build Image
        working-directory: ./backend
        run: |-
          gcloud builds submit --pack image=${{ vars.SERVER_IMAGE }}

When the action is run I get these logs:

##[debug]Evaluating condition for step: 'Build Image'
##[debug]Evaluating: success()
##[debug]Evaluating success:
##[debug]=> true
##[debug]Result: true
##[debug]Starting: Build Image
##[debug]Loading inputs
##[debug]Evaluating: format('gcloud builds submit --pack image=***0***', vars.SERVER_IMAGE)
##[debug]Evaluating format:
##[debug]..Evaluating String:
##[debug]..=> 'gcloud builds submit --pack image=***0***'
##[debug]..Evaluating Index:
##[debug]....Evaluating vars:
##[debug]....=> Object
##[debug]....Evaluating String:
##[debug]....=> 'SERVER_IMAGE'
##[debug]..=> 'europe-north1-docker.pkg.dev/**Redacted**'
##[debug]=> 'gcloud builds submit --pack image=**Redacted**r'
##[debug]Result: 'gcloud builds submit --pack image=**Redacted**'
##[debug]Loading env
Run gcloud builds submit --pack image=europe-north1-docker.pkg.dev/**Redacted**
 gcloud builds submit --pack image=europe-north1-docker.pkg.dev/**Redacted**
 shell: /usr/bin/bash -e ***0***
 env: **Redacted**

##[debug]/usr/bin/bash -e /home/runner/work/_temp/66386e53-d7d1-4e54-be36-0461c8fdc0be.sh
Creating temporary tarball archive of 177 file(s) totalling 48.9 MiB before compression.
Uploading tarball of [.] to [gs://**Redacted**_cloudbuild/source/1678965338.099448-94b89c848a0b4dc9b[2](https://github.com/davidals/**Redacted**/actions/runs/4435738713/jobs/7784789787#step:6:2)e6b[3](https://github.com/davidals/**Redacted**/actions/runs/4435738713/jobs/7784789787#step:6:3)da[4](https://github.com/davidals/**Redacted**/actions/runs/4435738713/jobs/7784789787#step:6:4)2d0330f.tgz]
Created [https://cloudbuild.googleapis.com/v1/projects/**Redacted**/locations/global/builds/9[5](https://github.com/davidals/**Redacted**/actions/runs/4435738713/jobs/7784789787#step:6:5)cbf910-2439-4a97-b[6](https://github.com/davidals/**Redacted**/actions/runs/4435738713/jobs/7784789787#step:6:6)01-90e9b38ee0af].
Logs are available at [ https://console.cloud.google.com/cloud-build/builds/95cbf910-2439-4a9[7](https://github.com/davidals/**Redacted**/actions/runs/4435738713/jobs/7784789787#step:6:7)-b601-90e9b3[8](https://github.com/davidals/**Redacted**/actions/runs/4435738713/jobs/7784789787#step:6:8)ee0af?project=[9](https://github.com/davidals/**Redacted**/actions/runs/4435738713/jobs/7784789787#step:6:9)9[15](https://github.com/davidals/**Redacted**/actions/runs/4435738713/jobs/7784789787#step:6:15)[34](https://github.com/davidals/**Redacted**/actions/runs/4435738713/jobs/7784789787#step:6:34)9594[36](https://github.com/davidals/**Redacted**/actions/runs/4435738713/jobs/7784789787#step:6:36) ].
ERROR: (gcloud.builds.submit) 
The build is running, and logs are being written to the default logs bucket.
This tool can only stream logs if you are Viewer/Owner of the project and, if applicable, allowed by your VPC-SC security policy.

The default logs bucket is always outside any VPC-SC security perimeter.
If you want your logs saved inside your VPC-SC perimeter, use your own bucket.
See https://cloud.google.com/build/docs/securing-builds/store-manage-build-logs.

Error: Process completed with exit code 1.
##[debug]Finishing: Build Image

But if I go to the logs on Cloud build side of things, it shows that the build was succesful:

image

And the image was created and uploaded as expected.

But the action completed as a failure and the following steps did not run. Did I miss anything?


Solution

  • Looks like you don't have enough permissions to stream logs from Cloud Build to Github Actions, what you can do is to suppress logs. You can add this to your cloudbuild.yaml to store build logs in both Logging and Cloud Storage:

    options:
      logging: CLOUD_LOGGING_ONLY
    

    Or, you can pass --suppress-logs parameter to your gcloud command:

      # Build and push image to Google Container Registry
      - name: Build Image
        working-directory: ./backend
        run: |-
          gcloud builds submit --pack image=${{ vars.SERVER_IMAGE }} --suppress-logs