github actions google cloud artifact registry Unauthenticated requests do not have permission "artifactregistry.repositories.uploadArtifacts"
ERROR: (gcloud.auth.docker-helper) There was a problem refreshing your current auth tokens: ('Unable to acquire impersonated credentials', '{\n "error": {\n "code": 403,\n "message": "Permission 'iam.serviceAccounts.getAccessToken' denied on resource (or it may not exist).",\n "status": "PERMISSION_DENIED",\n "details": [\n {\n "@type": "type.googleapis.com/google.rpc.ErrorInfo",\n "reason": "IAM_PERMISSION_DENIED",\n "domain": "iam.googleapis.com",\n "metadata": {\n "permission": "iam.serviceAccounts.getAccessToken"\n }\n }\n ]\n }\n}\n') Please run:
$ gcloud auth login
to obtain new credentials.
If you have already logged in with a different account, run:
$ gcloud config set account ACCOUNT
to select an already authenticated account to use. The push refers to repository [***/front-end] 2bb4a2be8519: Preparing d26381110329: Preparing e81429117070: Preparing 7bf3eb1a80e4: Preparing 43adef21ed65: Preparing f7df5efb2c99: Preparing 5b316f9079a1: Preparing 5e19cd5b03d0: Preparing 678ea5c52c14: Preparing 8d853c8add5d: Preparing f7df5efb2c99: Waiting 5b316f9079a1: Waiting 5e19cd5b03d0: Waiting 678ea5c52c14: Waiting 8d853c8add5d: Waiting denied: Unauthenticated request. Unauthenticated requests do not have permission "artifactregistry.repositories.uploadArtifacts" on resource
i trying to create CD job with github actions and google cloud. but i got a problem with permission.
you have to create a service account first create a service account
then grant a new permisstion enter image description here
principalSet://iam.googleapis.com/${WORKLOAD_IDENTITY_POOL_ID}/attribute.repository/my-org/my-repo enter image description here