Storing and managing build logs

When you run builds, Cloud Build collects and stores your build logs. This page explains how to store, view, and delete build logs.

Choosing where to store build logs

You can configure Cloud Build to store build logs in Cloud Logging or in Cloud Storage by including the logging field in your Cloud Build configuration file. If you don't specify a logging field in your build config file, Cloud Build stores build logs in both Logging and Cloud Storage.

The following steps store build logs only in Logging:

  1. In your build config file, set the value of loggingMode to CLOUD_LOGGING_ONLY:

    YAML

    steps:
    - name: 'gcr.io/cloud-builders/docker'
      args: ['build', '-t', 'gcr.io/myproject/myimage', '.']
    options:
      logging: CLOUD_LOGGING_ONLY
    

    JSON

    {
      "steps": [
      {
        "name": "gcr.io/cloud-builders/docker",
        "args": [
          "build",
          "-t",
          "gcr.io/myproject/myimage",
          "."
        ]
      }
      ],
      "options": {
        "logging": "CLOUD_LOGGING_ONLY"
      }
    }
    
  2. Use the build config file to start a build using the command line, the API or triggers.

Storing build logs in the default Google-created bucket

By default, Cloud Build stores your build logs in a Google-created Cloud Storage bucket. You can view build logs stored in the Google-created Cloud Storage bucket, but you cannot make any other changes to it. If you require full control over your logs bucket, store the logs in a user-created Cloud Storage bucket.

Storing build logs in a user-created bucket

IAM permissions:

To store build logs in your own Cloud Storage bucket, you must first grant the necessary IAM permissions to the Cloud Build service account or the user-specified service account:

  • If your Cloud Storage bucket and Cloud Build are in the same Cloud project and you're using the Cloud Build service account, your Cloud Build service account has the necessary IAM permissions by default. You do not have to grant any additional permissions.

  • If your Cloud Storage bucket and Cloud Build are in the same Cloud project and you're using a user-specified service account, grant the Storage Admin role to the service account. For instructions on granting a role to a service account, see Granting roles on the project.

  • If your Cloud Storage bucket and Cloud Build are in different Cloud projects, grant the Storage Admin role to the Cloud Build service account:

    1. Open the IAM page:

      Open the IAM page

    2. Select the project in which you're running builds using Cloud Build.

    3. In the permissions table, locate the email address ending with @cloudbuild.gserviceaccount.com and note it down. This is your Cloud Build service account.

    4. Open the IAM page in the project where your Cloud Storage bucket is located:

      Open the IAM page

    5. Click Add.

    6. Enter the email address of the Cloud Build service account.

    7. Select Cloud Storage > Storage Admin.

    8. Click Save.

To specify a Cloud Storage bucket to store build logs:

  1. In your Cloud project, create a Cloud Storage bucket to store your build logs.

  2. In your build config file, add a logsBucket field pointing to the Cloud Storage bucket that you created to store build logs. The following example build config file contains instructions to build a container image and store the build logs in a bucket named mylogsbucket:

    YAML

        steps:
        - name: 'gcr.io/cloud-builders/docker'
          args: [ 'build', '-t', 'gcr.io/myproject/myimage', '.' ]
        logsBucket: 'gs://mylogsbucket'
        options:
          logging: GCS_ONLY
    

    JSON

        {
          "steps": [
           {
             "name": "gcr.io/cloud-builders/docker",
             "args": [
               "build",
               "-t",
               "gcr.io/myproject/myimage",
               "."
             ]
           }
           ],
           "logsBucket": "gs://mylogsbucket",
           "options": {
             "logging": "GCS_ONLY"
           }
        }
    
  3. Use the build config file to start a build using the command line, the API or triggers.

When the build completes, Cloud Build stores the logs in the Cloud Storage bucket you specified in the build config file.

Viewing build logs

IAM permissions:

  • If your build logs are in Logging, grant the Logs Viewer role on the project where the build is configured to principals who want to view build logs:

    1. Open the IAM page:

      Open the IAM page

    2. Select your project and click Open.

    3. In the permissions table, locate the email ID of the principal and click on the pencil icon.

    4. Select Logging > Logs Viewer role.

    5. Click Save.

  • If your build logs are in the default Google-created Cloud Storage bucket, grant the Project Viewer role on the project where the build is configured to principals who want to view build logs:

    1. Open the IAM page:

      Open the IAM page

    2. Select your project and click Open.

    3. In the permissions table, locate the email ID of the principal and click on the pencil icon.

    4. Select Project > Viewer role.

    5. Click Save.

    If your build logs are in a user-specified Cloud Storage bucket, grant the Storage Object Viewer role to principals who want to view build logs:

    1. Open the IAM page:

      Open the IAM page

    2. Select your project and click Open.

    3. In the permissions table, locate the email ID of the principal and click on the pencil icon.

    4. Select Cloud Storage > Storage Object Viewer role.

    5. Click Save.

To view build logs:

Console

  1. Open the Cloud Build page in the Google Cloud Console.

    Open the Cloud Build page

  2. Select your project and click Open.

  3. In the Build history page, click on a particular build.

  4. In the Build details page, under Steps, click on Build summary to view build logs for your entire build or click on a build step to view build logs for that step.

    Screenshot of build logs in the Build details page

  5. If your logs are stored in Logging, in the Build log panel, click the icon to view the logs in Logs Explorer.

    Screenshot of build logs in the Logs Explorer

gcloud

Run the gcloud builds log command where build-id is the ID of the build for which you want to get build logs. The build ID is displayed at the end of the build submission process when you run gcloud builds submit, or in the ID column when you run gcloud builds list.

gcloud builds log build-id

Deleting build logs

You cannot delete build logs in the Google-created logs bucket.

To delete build logs in a user-created logs bucket:

  1. Grant the Storage Object Admin role to the user or the service account deleting logs.

  2. Delete the build logs using the instructions to delete Cloud Storage objects in Deleting objects.

To delete the user-created logs bucket:

  1. Grant the Storage Admin role to the user or the service account deleting the logs bucket.

  2. Delete the logs bucket using the instructions to delete a bucket in Deleting buckets.

What's next