Shape the future of software delivery and make your voice heard by taking the 2021 State of DevOps survey.

Troubleshooting build errors

This page provides troubleshooting strategies as well as solutions for some common error messages that you might see when running a build.

Does your build pass locally?

When troubleshooting Cloud Build errors, your first step should always be to confirm that you can build locally. If your build doesn't work locally, the root cause of the problem is not coming from Cloud Build. You need to diagnose and fix the issue locally first.

Did you look at the build logs?

Use Logging or Cloud Storage build logs to get more information about the build error. Logs written to stdout or stderr appear automatically in the Cloud Console.

Manual builds fail due to user not having access to build logs

You see the following error when trying to run a build manually:

AccessDeniedAccess denied. [EMAIL_ADDRESS] does not have storage.objects.get access to the Google Cloud Storage object.

You see this error because Cloud Build requires that users running manual builds and using the default Cloud Storage logs bucket have the Project Viewer IAM role in addition to the Cloud Build Editor role. To address this error, you can do one of the following:

Builds fail due to missing service account permissions

Cloud Build uses a special service account to execute builds on your behalf. If the Cloud Build service account does not have the necessary permission to perform a task, you'll see the following error:

Missing necessary permission iam.serviceAccounts.actAs for [USER] on the service account [CLOUD_BUILD_SERVICE_ACCOUNT]@PROJECT.iam.gserviceaccount.com

To address this error, grant the required permission to the service account. Use the information in the following pages to determine the permission to grant to the Cloud Build service account:

Build failures due to missing permissions for service account commonly occur when trying to deploy using Cloud Build.

Error when deploying on Cloud Functions

You see the following error when trying to deploy on Cloud Functions:

Missing necessary permission iam.serviceAccounts.actAs for [USER] on the service account [CLOUD_BUILD_SERVICE_ACCOUNT]@PROJECT.iam.gserviceaccount.com

To address this error, grant the Cloud Functions Developer role to the Cloud Build service account.

Error when deploying on App Engine

You see the following error when trying to deploy on App Engine:

Missing necessary permission iam.serviceAccounts.actAs for [USER] on the service account [CLOUD_BUILD_SERVICE_ACCOUNT]@PROJECT.iam.gserviceaccount.com

To address this error, grant the App Engine Admin role to the Cloud Build service account.

Error when deploying on GKE

You see the following error when trying to deploy on GKE:

Missing necessary permission iam.serviceAccounts.actAs for [USER] on the service account [CLOUD_BUILD_SERVICE_ACCOUNT]@PROJECT.iam.gserviceaccount.com

To address this error, grant the GKE Developer role to the Cloud Build service account.

Error when deploying on Cloud Run

You see the following error when trying to deploy on Cloud Run:

Missing necessary permission iam.serviceAccounts.actAs for [USER] on the service account [CLOUD_BUILD_SERVICE_ACCOUNT]@PROJECT.iam.gserviceaccount.com

You see this error because the Cloud Build service account does not have the IAM permissions required to deploy on Cloud Run. For information on granting the necessary permissions, see Deploying on Cloud Run.

Error when storing images in Container Registry

You see the following error when your build is trying to store built images to Container Registry:

[EMAIL_ADDRESS] does not have storage.buckets.create access to project [PROJECT_NAME]

You see this error because the Cloud Build service account does not have the Storage Admin role that is needed to store container images in Container Registry.

Builds fail due to invalid ssh authorization

You see the following error when running a build:

Could not parse ssh: [default]: invalid empty ssh-agent socket, make sure SSH_AUTH_SOCK is set

This error indicates a problem with SSH authorization. A common example is SSH authorization error that happens when accessing private GitHub repositories with Cloud Build. For instructions on setting up SSH for GitHub, see Accessing private GitHub repositories.

I/O timeout error

You see the following error when running a build:

Timeout - last error: dial tcp IP_ADDRESS: i/o timeout

This error commonly occurs when your build attempts to access resources in a private network. Builds run via Cloud Build can access private resources in the public internet such as resources in a repository or a registry, however, builds cannot access resources in a private network.

4xx client errors

This group of errors indicates that the build request is not successful presumably by fault of the user sending the request. Some examples of 4xx client errors are:

  • **Error**: 404 : Requested entity was not found
  • **Error**: 404 : Trigger not found
  • **Error**: 400 : Failed Precondition

When you see a 4xx client error, look at your build logs to see if it contains more information about the reason for the error. Some common causes for client errors include:

  • The source location you specified does not have anything new to commit and the working tree is clean. In this case, check your source code location and try building again.
  • Your repository does not contain a build config file. If this is the case, upload a build config file to your repository and run the build again.
  • You've specified an incorrect trigger ID.
  • You have recently added a new repository after installing the Github app, and Cloud Build does not have permissions to access the new repo. If this is the case connect your new repository to Cloud Build.

What's next