Cloud Build Failed to trigger build: generic::permission_denied: Permission denied

Question

I'm trying to use a use cloud build for my cloud run project. I have this cloudbuild.json:

{
  "steps": [
    {
      "name": "gcr.io/cloud-builders/docker",
      "args": ["build", "-t", "eu.gcr.io/$PROJECT_ID/keysafe", "."]
    },
    {
      "name": "gcr.io/cloud-builders/docker",
      "args": [
        "push",
        "us-central1-docker.pkg.dev/${PROJECT_ID}/my-docker-repo/myimage"
      ]
    }
  ],
  "options": {
    "logging": "CLOUD_LOGGING_ONLY"
  }
}

And I keep getting a permission denied error. I've tried running it without a service account and using my permissions (I'm the owner), and with a service account even with the owner role.

It was originally working but since my project transitioned from Container registry to Artifact repository, I was getting an error

generic::invalid_argument: generic::invalid_argument: if 'build.service_account' is specified, the build must either (a) specify 'build.logs_bucket' (b) use the CLOUD_LOGGING_ONLY logging option, or (c) use the NONE logging option

That error persisted through both my account and the service account, which is why I switched to building from a cloudbuild.json file, not just my Dockerfile alone.

All the other Stack Overflow articles I've found suggest permissions to assign, but the service account and I have owner permissions and even adding the suggested permissions on top of Owner did not help.

Here are the permissions of the service account:

Here is the trigger configuration:

Answer 1

If anyone ends up in my position this is how I fixed it.

I ended up deleting the Cloud Run and Build and then recreated them. This gave me a pre-made cloudbuild.yaml which I added the option logging: CLOUD_LOGGING_ONLY, still using the same service account. I'm not sure why this fixed it but it does seem to be working.