Thank you all,
The root cause is not clarifying enough to set SA to triggers.

From Official documents, how you use update SA (or other metadata)
It indicates to use like below.

For example,
When my service account is [email protected] , and it exist at specific projects like star .

gcloud beta builds triggers update cloud-source-repositories \
  {SA Hash} \
  --region={REGION} \
  --service-account={SA_ACCOUNT}

• My fault is that I directly put service account as parameter without clarifying which project.

Wrong version:

gcloud beta builds triggers update cloud-source-repositories \
  {SA Hash} \
--region={REGION} \
[email protected]

Right version:

gcloud beta builds triggers update cloud-source-repositories \
  {SA Hash} \
--region={REGION} \
--service-account=projects/star/serviceAccounts/[email protected]

You can see that it's clear that which project's SA account will be assigned.

----

Also I found other way to update SA account, which using yaml file from export command.

• First, get hash-id of trigger (ex.name: foo-trigger / hash: hash-hash-bang-bang)

• Get yaml file from hash

  • gcloud beta builds triggers export hash-hash-bang-bang \
      --project={Project} \
      --region={Region} \
      --destination={MyDIR}/foo-trigger.yaml
    

• Add serviceAcoount: projects/star/serviceAccounts/[email protected] to last line.

• Import yaml with edit version

  • gcloud beta builds triggers import \
      --project=star \
      --region=europe-west2 \
      --source={MyDIR}/foo-trigger.yaml
    

Both works fine with me, If you need to change tons of triggers you might want to create script for automation.

Thank you