Storing and viewing build logs

When you run builds, Cloud Build collects and stores your build logs in a Google-created Cloud Storage bucket. However, you can choose to store the logs in your own Cloud Storage bucket. Depending on where the build logs are stored, users may require different Cloud IAM permissions to view the logs.

This page explains how to store build logs and grant appropriate permissions to users to view the build logs.

Storing build logs

Use the logsBucket field in your Cloud Build config file to specify a Cloud Storage bucket where you want the build logs to be stored. If you don't set this field, Cloud Build will use the default Cloud Storage bucket to store your build logs.

To specify a Cloud Storage bucket to store build logs:

  1. In your Cloud project, create a Cloud Storage bucket to store your build logs.

  2. [Optional, if your Cloud Storage bucket and Cloud Build are in different Cloud projects]. Grant the Storage Admin role to the Cloud Build service account:

    1. Open the Cloud IAM page:

      Open the Cloud IAM page

    2. Select the project in which you're running builds using Cloud Build.

    3. In the permissions table, locate the email address ending with @cloudbuild.gserviceaccount.com and note it down. This is your Cloud Build service account.

    4. Open the Cloud IAM page in the project where your Cloud Storage bucket is located:

      Open the Cloud IAM page

    5. Click Add.

    6. Enter the email address of the Cloud Build service account.

    7. Select Cloud Storage > Storage Admin.

    8. Click Save.

  3. In your Cloud Build config file, add a logsBucket field pointing to the Cloud Storage bucket that you created to store build logs. The following example build config file contains instructions to build a container image and store the build logs in a bucket named mylogsbucket:

    YAML

        steps:
        - name: 'gcr.io/cloud-builders/docker'
          args: [ 'build', '-t', 'gcr.io/myproject/myimage', '.' ]
        logsBucket: 'gs://mylogsbucket'
    

    JSON

        {
          "steps": [
           {
             "name": "gcr.io/cloud-builders/docker",
             "args": [
               "build",
               "-t",
               "gcr.io/myproject/myimage",
               "."
             ]
           }
           ],
           "logsBucket": "gs://mylogsbucket"
        }
    
  4. Use the build config file to manually start a build or to automate builds using triggers.

When the build completes, Cloud Build stores the logs in the Cloud Storage bucket you specified in the build config file.

Viewing build logs

The Cloud IAM permissions that you require to view build logs depend on whether your logs are in the default Cloud Storage bucket or in a user-specified bucket.

If your build logs are in the default Cloud Storage bucket, grant the Project Viewer role on the project where the build is configured to members who want to view build logs:

  1. Open the Cloud IAM page:

    Open the Cloud IAM page

  2. Select your project and click Open.

  3. In the permissions table, locate the email ID of the member and click on the pencil icon.

  4. Select Project > Viewer role.

  5. Click Save.

If your build logs are in a user-specified Cloud Storage bucket, grant the Storage Object Viewer role to to members who want to view build logs:

  1. Open the Cloud IAM page:

    Open the Cloud IAM page

  2. Select your project and click Open.

  3. In the permissions table, locate the email ID of the member and click on the pencil icon.

  4. Select Cloud Storage > Storage Object Viewer role.

  5. Click Save.

To view build logs:

Console

  1. Open the Cloud Build page in the Google Cloud Console.

    Open the Cloud Build page

  2. Select your project and click Open.

  3. In the Build history page, click on a particular build.

  4. In the Build details page, under Steps, click on Build summary to view build logs for your entire build or click on a build step to view build logs for that step.

    Screenshot of build logs in the Build details page

gcloud

Run the gcloud builds log command where build-id is the ID of the build for which you want to get build logs. The build ID is displayed at the end of the build submission process when you run gcloud builds submit, or in the ID column when you run gcloud builds list.

gcloud builds log build-id

What's next