From 5aa4fc8d51cc2fdf05c7a5f325c785b1fdfe34ea Mon Sep 17 00:00:00 2001
From: sergiov8 <sergiovillani@google.com>
Date: Wed, 29 Apr 2026 03:39:48 +0000
Subject: [PATCH 1/2] docs: update Cloud Run deployment guide for compute
 service account to have permission to use Cloud Build.

---
 docs/deploy/cloud-run.md | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/docs/deploy/cloud-run.md b/docs/deploy/cloud-run.md
index 27e48d6947..4ac878b655 100644
--- a/docs/deploy/cloud-run.md
+++ b/docs/deploy/cloud-run.md
@@ -83,6 +83,18 @@ export GOOGLE_API_KEY=your-api-key
 
 Please make sure you have created a secret which can be read by your service account.
 
+
+### Cloud Build Permissions
+
+Because `adk deploy` uses Google Cloud Build to automate the build process, the default compute service account must have permission to use Cloud Build.
+
+Run the following command to grant the necessary permission:
+
+```bash
+gcloud projects add-iam-policy-binding [PROJECT_ID] \
+    --member="serviceAccount:[PROJECT_NUMBER]-compute@developer.gserviceaccount.com" \
+    --role="roles/cloudbuild.builds.builder"
+
 ### Entry for GOOGLE_API_KEY secret
 
 You can create your secret manually or use CLI:

From 590b4b022b993c9adbd2076d0d16e9f07eda92ba Mon Sep 17 00:00:00 2001
From: Joe Fernandez <joefernandez@users.noreply.github.com>
Date: Mon, 4 May 2026 14:46:56 -0700
Subject: [PATCH 2/2] Update cloud-run.md

---
 docs/deploy/cloud-run.md | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/docs/deploy/cloud-run.md b/docs/deploy/cloud-run.md
index 4ac878b655..4d77f239f4 100644
--- a/docs/deploy/cloud-run.md
+++ b/docs/deploy/cloud-run.md
@@ -86,9 +86,8 @@ Please make sure you have created a secret which can be read by your service acc
 
 ### Cloud Build Permissions
 
-Because `adk deploy` uses Google Cloud Build to automate the build process, the default compute service account must have permission to use Cloud Build.
-
-Run the following command to grant the necessary permission:
+Since the `adk deploy` command uses Google Cloud Build to automate the build process, you must set your default compute service account to have permission to use Cloud Build.
+The following command example shows how to grant this permission:
 
 ```bash
 gcloud projects add-iam-policy-binding [PROJECT_ID] \