Github Actions can't find GOOGLE_APPLICATION_CREDENTIALS file
I have a github action that is meant to publish an npm package to a private google cloud artifact registry. I've setup a workload identity pool, service account, and provider for this purpose, and successfully authed via the google-github-actions/auth action: 
The steps underneath setting up gcloud all show the correct project, GOOGLE_APPLICATION_CREDENTIALS, etc, and I am able to run gcloud info and see accurate output. However, once I try to auth via npx google-artifactregistry-auth, I get an error that it can't find any credentials:
Here is my github action:
name: Publish package
on:
push:
branches: [ "main" ]
jobs:
publish:
runs-on: ubuntu-latest
permissions:
contents: "read"
id-token: "write"
steps:
- uses: actions/checkout@v3
- id: 'auth'
name: 'Authenticate to Google Cloud'
uses: 'google-github-actions/auth@v2'
with:
project_id: 'tandem-dnd'
workload_identity_provider: 'my-workload-pool'
service_account: 'my-service-account'
- name: 'Set up Cloud SDK'
uses: 'google-github-actions/setup-gcloud@v2'
- name: 'Install dependencies'
run: npm ci
- name: 'Gather gcloud cli info'
run: 'gcloud info'
- name: 'Publish package'
run: npm run artifactregistry-login && npm publish # this runs npx google-artifactregistry-auth
I've had actions just like this work for a different google cloud project, so I feel like I'm missing a step somewhere.
I tried explicitly exporting GOOGLE_APPLICATION_CREDENTIALS as part of that command. I also tried adding "echo GOOGLE_APPLICATION_CREDENTIALS" to the above command and it echoes the expected path to the json file.
You need to configure npm auth for Artifact Registry. Add this step before you publish:
- name: 'Configure npm for Artifact Registry'
run: gcloud artifacts print-settings npm --repository=<REPOSITORY_NAME> --location=<REGION> --project=tandem-dnd >> ~/.npmrc
- Google Cloud Platform: SSH to Google cloud instance will have "Permission denied (publickey)"
- Unable to assign iam.serviceAccounts.signBlob permission
- how to disable soft delete from a GCS bucket
- GCP load balancer 502 server error and "backend_connection_closed_before_data_sent_to_client" IIS 10
- Duplicate events in Eventarc triggered Google Cloud Run service
- Extract a string value from a JSON field in GCP log analytics
- GitLab LDAP Authentication Issues (SSL_connect, user auth)
- I got this error when i try to SignIN[GSI_LOGGER-TOKEN_CLIENT]: The OAuth token was not passed to gapi.client - Flutter,GoogleSignIn
- How to Setup Different Maintenance windows for Node Pools Within the Same GKE
- Understanding customer and service producer VPC networks in Private Service Access
- Why is BigQuery so slow on non-large data sizes?
- Is it possible to identify who triggered a GCB build?
- GCP - How do you create a URL Redirect path rule with gcloud url-maps?
- "Unsupported service account" errors from gcloud when deploying --gen2 functions with --build-service-account
- How to decode Google CloudEvent data?
- How to connect to GCP VM instance with password using SSH?
- testing google sheet editor addon fails with error 403
- Google Cloud SQL connection to flutter
- New Trace and Span Generated even after using TraceId and SpanID from Remote Context
- I can't get Future to complete with a value
- Connecting to Endpoint API on Android Client
- Post Count not updating in firebase react
- Previously successful Cloud Run Service & Job deploy process with resource level IAM grants not working anymore for certain projects
- "Deadline" error when embedding video with Google Vertex AI multimodal embedding modal
- Firebase function deployment timing out
- Deploying to GCP App Engine from terminal produces contradictory error messages
- Stripe Error: No signatures found matching the expected signature for payload
- Firestore .where + Filter.and queries not working
- How to use Google Cloud Firestore local emulator for python and for testing purpose
- How to serialize a ComputeRoutesResponse