Clubpetro-Lab/vanna-clubpetro
9
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(ci): seta quota_project pro gcloud builds submit não 500 em service usage
Some checks failed
CD / build (pull_request) Failing after 40s
Details

Browse Source 
`gcloud builds submit` faz uma chamada interna à Service Usage API antes
de uploadar o source pro bucket _cloudbuild. Quando autentica via SA key
(google-github-actions/auth), o credentials file não tem quota_project, e
gcloud cai num default que não é corepetro — a chamada à SU falha com
"serviceusage.services.use forbidden" mesmo com roles/serviceusage.serviceUsageConsumer
concedida no projeto.

Fix: setar billing/quota_project explícito antes do builds submit + env
var CLOUDSDK_BILLING_QUOTA_PROJECT como cinto-suspensório.
This commit is contained in:
Dalton Alvarenga 2026-05-07 10:57:50 -03:00
parent 1352edf289
commit 154d498699
1 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
.gitea/workflows/cd.yml
View File

@ -37,9 +37,18 @@ jobs:
project_id: ${{ secrets.GCP_PROJECT }}
- name: Build & push (Cloud Build, sem Docker local)
env:
# SA key auth não popula quota_project no credentials file → gcloud
# cai em "default" e a chamada à Service Usage API falha com
# "serviceusage.services.use forbidden" mesmo com a role concedida.
CLOUDSDK_BILLING_QUOTA_PROJECT: ${{ secrets.GCP_PROJECT }}
run: |
IMG="${IMAGE_BASE}/${{ gitea.event.repository.name }}:lab-${{ gitea.run_number }}"
gcloud builds submit --tag "$IMG" --project=${{ secrets.GCP_PROJECT }} --timeout=30m
gcloud config set billing/quota_project "${{ secrets.GCP_PROJECT }}"
gcloud builds submit \
--tag "$IMG" \
--project=${{ secrets.GCP_PROJECT }} \
--timeout=30m
echo "IMG=$IMG" >> $GITHUB_ENV
- name: Deploy hml2 (apenas em push pra master/main)