This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

GCP CloudBuild -> Failed to trigger build: Couldn't read commit

Posted on 01-10-2023 02:03 AM
asuninsth
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

I have had Cloudbuild triggers working flawlessly until Dec 2022. I have two triggers, one runs another trigger. One trigger (called `src`) reads `cloudbuild.yaml` from a GitHub repository. The file has a step that will attempt to run another trigger (called `dest`):

 

  - name: gcr.io/cloud-builders/gcloud
    id: Trigger application image build
    args:
      - beta
      - builds
      - triggers
      - run
      - dest
      - --branch=^dev$

 

Each trigger has a dedicated service account. `src` trigger has `roles/cloudbuild.editor` role assigned to it as well as `ServiceAccountUser` for `dest` SA. In other words, the settings that have worked prior to Dec 2022 had not changed. But for some reason I am receiving `(gcloud.beta.builds.triggers.run) FAILED_PRECONDITION: Couldn't read commit` error message when `src` trigger is attempting to run `dest` trigger and I can't figure out what has changed. I receive the same error message if I run the same command from the terminal.

Solved Solved
0 5 6,373
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
asuninsth
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

for anyone who comes across this - my issue was that I was trying to run a trigger by pointing the trigger to a branch that has had RegEx in its name:

- name: gcr.io/cloud-builders/gcloud
    id: Trigger application image build
    args:
      - beta
      - builds
      - triggers
      - run
      - th-cb-test-dest
      - --branch=^dev$

this needed to be:

- name: gcr.io/cloud-builders/gcloud
    id: Trigger application image build
    args:
      - beta
      - builds
      - triggers
      - run
      - th-cb-test-dest
      - --branch=dev

Note:

- --branch=dev

 

 

 

View solution in original post

Jump to Solution
0 Likes
5 REPLIES 5

Posted on --/--/---- --:-- AM
christianpaula
Staff
Reply posted on --/--/---- --:-- AM

Hi @asuninsth,

Welcome to Google Cloud Community!

The error message Couldn't read commit suggests that the src trigger is unable to read the commit information from the GitHub repository. This can happen if there is a problem with the authentication or authorization of the service account that is being used by the src trigger to access the repository.

One thing to check is that the service account that is associated with the src trigger has the necessary permissions to read the repository. In your case, you've mentioned the account has the `roles/cloudbuild.editor`, which gives the account the ability to create, update, and delete Cloud Build triggers, but it is not sufficient to read commits from a git repository. You can check for the access to the repository by giving the role of `StorageObjectViewer` of google cloud storage or source. read on GitHub.

Another thing to check is that the service account has the correct credentials (e.g., a key file) associated with it. Make sure that the key file has not been rotated or deleted and that it is being passed to the gcloud command correctly.

Additionally, it could be possible that there is something wrong with the `cloudbuild.yaml` file that is being used by the src trigger. Verify that the file has the correct syntax and that all of the steps are specified correctly.

It is also a good idea to check the Cloud Build logs for more information on what specifically is causing the error to occur. This can help you pinpoint the exact cause of the problem.

Thank you

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
asuninsth
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hi @christianpaula , thank you for your reply.

Could you please clarify on this: "You can check for the access to the repository by giving the role of `StorageObjectViewer` of google cloud storage or source. read on GitHub." If I understand correctly, I will need `StorageObjectViewer` if I use GCP Cloud Source. How do I set source. read on GitHub? Also, is the requirement for setting up `source.read` on GitHub recent as we never had to set up this permissions until now?

"Another thing to check is that the service account has the correct credentials (e.g., a key file) associated with it. Make sure that the key file has not been rotated or deleted and that it is being passed to the gcloud command correctly." - the service account as well as the cloudbuild trigger are being deployed using Terraform and we do not create the keys manually or alter the service account manually.

"Additionally, it could be possible that there is something wrong with the `cloudbuild.yaml` file that is being used by the src trigger. Verify that the file has the correct syntax and that all of the steps are specified correctly." - please see below the `cloudbuild.yaml`.

steps:
  - id: Prep Dockerfile 
    name: gcr.io/cloud-builders/docker
    entrypoint: bash
    args:
      - -c
      - echo "Source repo triggered"
  - name: gcr.io/cloud-builders/gcloud
    id: Trigger application image build
    args:
      - beta
      - builds
      - triggers
      - run
      - th-cb-test-dest
      - --branch=^dev$
options:
  logging: CLOUD_LOGGING_ONLY

"It is also a good idea to check the Cloud Build logs for more information on what specifically is causing the error to occur. This can help you pinpoint the exact cause of the problem." - the only logs I can review are the logs in Stackdriver which is an exact copy of the console messages from CloudBuild. Where can I find any additional CloudBuild logs?

 

Regards,

Alex

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
asuninsth
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Also, I should have mentioned that the repositories are private. However, we have not had any issues creating the triggers for these repositories, reading the repository commits or running another trigger using `gcloud`. I have connected all the repositories using my GitHub account that has Admin level of privileges.

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
asuninsth
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

one more thing - the error message does not include the commit name

"Step #1 - "Trigger application image build": ERROR: (gcloud.beta.builds.triggers.run) FAILED_PRECONDITION: Couldn't read commit "

as you can see there is a whitespace after the word `commit`.
My next question would be - which repository is it failing to read the commit from? Is it `src` repository or the repository that is linked to the destination trigger?

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
asuninsth
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

for anyone who comes across this - my issue was that I was trying to run a trigger by pointing the trigger to a branch that has had RegEx in its name:

- name: gcr.io/cloud-builders/gcloud
    id: Trigger application image build
    args:
      - beta
      - builds
      - triggers
      - run
      - th-cb-test-dest
      - --branch=^dev$

this needed to be:

- name: gcr.io/cloud-builders/gcloud
    id: Trigger application image build
    args:
      - beta
      - builds
      - triggers
      - run
      - th-cb-test-dest
      - --branch=dev

Note:

- --branch=dev

 

 

 

Jump to Solution
0 Likes
Top Solution Authors
View all