Github Actions can't find GOOGLE_APPLICATION_CREDENTIALS file
I have a github action that is meant to publish an npm package to a private google cloud artifact registry. I've setup a workload identity pool, service account, and provider for this purpose, and successfully authed via the google-github-actions/auth action: 
The steps underneath setting up gcloud all show the correct project, GOOGLE_APPLICATION_CREDENTIALS, etc, and I am able to run gcloud info and see accurate output. However, once I try to auth via npx google-artifactregistry-auth, I get an error that it can't find any credentials:
Here is my github action:
name: Publish package
on:
push:
branches: [ "main" ]
jobs:
publish:
runs-on: ubuntu-latest
permissions:
contents: "read"
id-token: "write"
steps:
- uses: actions/checkout@v3
- id: 'auth'
name: 'Authenticate to Google Cloud'
uses: 'google-github-actions/auth@v2'
with:
project_id: 'tandem-dnd'
workload_identity_provider: 'my-workload-pool'
service_account: 'my-service-account'
- name: 'Set up Cloud SDK'
uses: 'google-github-actions/setup-gcloud@v2'
- name: 'Install dependencies'
run: npm ci
- name: 'Gather gcloud cli info'
run: 'gcloud info'
- name: 'Publish package'
run: npm run artifactregistry-login && npm publish # this runs npx google-artifactregistry-auth
I've had actions just like this work for a different google cloud project, so I feel like I'm missing a step somewhere.
I tried explicitly exporting GOOGLE_APPLICATION_CREDENTIALS as part of that command. I also tried adding "echo GOOGLE_APPLICATION_CREDENTIALS" to the above command and it echoes the expected path to the json file.
You need to configure npm auth for Artifact Registry. Add this step before you publish:
- name: 'Configure npm for Artifact Registry'
run: gcloud artifacts print-settings npm --repository=<REPOSITORY_NAME> --location=<REGION> --project=tandem-dnd >> ~/.npmrc
- pg.Pool is not a constructor
- Could not load the default credentials? (Node.js Google Compute Engine tutorial)
- How to apply conditional permissions for GCP Cloud Build
- Downloading a public file from Google Cloud to Google colaboratory
- Why is Firestore not mapping a field of type private?
- Alternatives for using PNPM in a cloudbuild CI pipeline
- What is the ackDeadline property on Subscription and ackDeadline on Subscriber in GCP Pub/Sub?
- What's the difference between BigQuery and Bigtable?
- The program does not recognize the function oneTapClient.beginSignIn()
- Hiding my API key from being accessed directly
- Issue when trying to register an app for consent screen in google oauth
- Extracting JSON with nested `$` keys
- Cannot deploy public api on Cloud Run using Terraform
- Running aGoogle Workspace Add - ons over local HTTP endpoint
- Creating first admin in SFTPGo using VM instance startup script?
- How can I delete all my payment methods in Google Cloud without providing another primary payment method?
- Google Cloud CLI upgrade shows SyntaxWarning: invalid escape sequence
- Is it GCP really free after the free-trial period?
- Service Account key showing up in CLI but not in GCP Console
- How to upload token.pickle to Google cloud run function via .zip file?
- Terraform big query data transfer Error: Missing parameter: connector.endpoint.host. Config name
- Comparison of loading from different file formats in BigQuery
- Skaffold error using VSCode and Google Cloud SDK on Windows 11
- How do you sign a HIPAA BAA for Google Cloud platform?
- (Terraform, GCP) Error 403: Permission denied to list services for consumer container [projects/335478934851]
- Update Strategy When Using Auto Scaling with MIG on GCP
- ALS (Alternating Least Square) algorithm in multiple rankings for a user
- Unable to setup GKE workload identity invalid argument
- 403 iam.serviceAccounts.actAs permission error trying to attach a service account to a resource in another project
- Beam Dataflow Reshuffle Failing