Permission to deploy Cloud Run

Bertoni · 10-23-2023 10:02 AM

Guys,

I'm trying to deploy a Google Cloud Run by github actions, using the action "google-github-actions/deploy-cloudrun@v1".

To do that, I created a new service account to use in the process of CI/CD.

I got to auth in the process using the action "google-github-actions/auth@v1", but when I try to deploy de cloud run, I got the message:
"ERROR: (gcloud.run.deploy) PERMISSION_DENIED: Permission 'run.services.get' denied on resource 'namespaces/***/services/***' (or resource may not exist)."

The point is that, going to the IAM, and trying to apply this permission to the service account, I can't find this on the permissions allowed to choose.

Has someone already had this problem?

robertcarlos

Hi @Bertoni,

Welcome to Google Cloud Community!

Permission run.services.get is under the following role(s):

roles/run.admin
roles/run.developer
roles/run.viewer

You need to at least have the viewer role in order for this permission to be added.

You may check this Cloud Run IAM roles for your reference.

You may also check this Google Cloud blog on deploying to Cloud Run with GitHub Actions.

Hope this helps.

Bertoni

Hey @robertcarlos ,
Thanks for the comment!

It's confusing because I have the following permissions (that I got through CLI "gcloud projects get-iam-policy MY_PROJECT"):

roles/owner
roles/resourcemanager.organizationAdmin

When I go to apply roles for me (for example), I see all roles available to use, but when I go to apply roles for any service account, the list of roles available it's very short, and any of those roles/run.* aren't on the list.

I don't know if I need to allow some configuration or if I need to have any more roles to get this feature.

I have other GCP accounts and never had that problem...