No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

<@U02R9BXEPNW> this indicates the service account or other credentials you're using in the CI pipeline don't have permission to create an IAM policy. update your service account

its the one that have the key associated right? i put all the roles
Cloud Run Service Agent
Cloud Run Service Agent
Editor
Security Admin
Security Reviewer
Service Account Admin
Service Account User

 and still get the error...
have any way to check the key roles?

yes, but the error is coming because you need to add IAM modify permissions, not just for cloud run
this support is outside the scope of Pulumi. the 403 error definitely indicates you don't have the correct permissions, if it works locally, I would engage with Google Cloud support