google cloud run Failed to trigger build: Permission 'cloudbuild.builds.create' denied

Question

I am trying to setup a trigger to deploy a repository (synced from Bitbucket), to Cloud Run when master branch is pushed.

The trigger is giving me the following warning:

Failed to trigger build: Permission 'cloudbuild.builds.create' denied on resource

After looking through GCP documentation I tried adding the Cloud Build Editor role to the service account that runs the trigger (https://cloud.google.com/build/docs/iam-roles-permissions), but I am still getting the same error.

Is there something aI am missing

Answer 1

In my case it was because I accidentally deleted the default service account, and I could not recreate it because of naming restrictions. And Cloud Build was being a piece of **** because even though I told it to instead use a new service account I had created with all the Admin permissions, it wanted the default one.

Solution - delete the entire project and start over. Which isn't a great solution at all if you had other important stuff in it already.

Answer 2

Build triggers use the Cloud Build service account to create a build. The error above indicates that the Cloud Build service account is missing the cloudbuild.builds.create IAM permission, which is required for the service account to run a build trigger.

According to GCP documentation:

You can resolve this error by granting the Cloud Build Service Account IAM role to your default Cloud Build service account (ex. [PROJECT_NUMBER]@cloudbuild.gserviceaccount.com).

This also applies if you specified your own service account. It must have the Cloud Build Service Account role.

For instructions on granting this role, see Configuring access for Cloud Build service account.