Error publishing source code from cloud build to a bucket using triggers

Question

I´m trying to publish the html code from one cloud source repository to a public storage bucket in gcp through a cloud build trigger . However , I get the following error in the build each time I push to the master branch.

generic::invalid_argument: generic::invalid_argument: if 'build.service_account' is specified, the build must either (a) specify 'build.logs_bucket' (b) use the CLOUD_LOGGING_ONLY logging option, or (c) use the NONE logging option

I am using the following cloudbuild.yaml

steps:
  - name: gcr.io/cloud-builders/gsutil
    args: ["-m", "rsync", "-r", "-c", "-d", ".", "gs://somedomain.com"]

I think this is related with the service account associated with the cloud build .

The tutorial I´m following for this solution is here : https://cloud.google.com/community/tutorials/automated-publishing-cloud-build

Answer 1

The error was solved adding the logs specification at the end of the cloudbuild.yaml and enabling the IAM API . The bucket and the cloud build configuration where in the same project so I didn´t have the need to grant additional roles to the cloud build service account .

straight under the steps put:

options:
  logging: CLOUD_LOGGING_ONLY

Answer 2

Seems that Cloud Build is starting with a specific service account, and that account does not have permissions to store build logs in Logging.

Grant the Logging Admin (roles/logging.admin) role to the service account you specified in the YAML file.

This document has more information about Configuring user-specified service accounts

Answer 3

The Cloud Build documentation covers all available logging options.

And the (meanwhile) correct role would be roles/storage.admin.