Setup gcloud failed after successful authentication

[omer-niv-cc]

TL;DR

gcloud setup action failed after successful authentication with google-github-actions/auth@v0 action.

google-github-actions/setup-gcloud failed with: The process '/opt/hostedtoolcache/gcloud/371.0.0/x64/bin/gcloud' failed with exit code 1

Expected behavior

Should be able to setup gcloud after auth action.

Observed behavior

Setup gcloud action failed during installation.

Action YAML

name: test
on: 
  push:
    paths:
      - ".github/workflows/test.yaml"

jobs:
  job_id:
    # ...
    runs-on: ubuntu-latest
    # Add "id-token" with the intended permissions.
    permissions:
      contents: 'read'
      id-token: 'write'

    steps:
    - uses: 'actions/checkout@v2'

    # Configure Workload Identity Federation via a credentials file.
    - id: 'auth'
      name: 'Authenticate to Google Cloud'
      uses: 'google-github-actions/auth@v0'
      with:
        workload_identity_provider: "<redacted>"
        service_account: "<redacted>"

    # Install gcloud, `setup-gcloud` automatically picks up authentication from `auth`.
    - name: 'Set up Cloud SDK'
      uses: 'google-github-actions/setup-gcloud@v0'

    # Now you can run gcloud commands authenticated as the impersonated service account.
    - id: 'gcloud'
      name: 'gcloud'
      run: |-
        gcloud secrets versions access "latest" --secret "my-secret"

Log output

Run google-github-actions/setup-gcloud@v0
  with:
    version: latest
    export_default_credentials: false
    cleanup_credentials: true
  env:
    CLOUDSDK_AUTH_CREDENTIAL_FILE_OVERRIDE: /home/runner/work/gruffalo-mirror/gruffalo-mirror/754e55846bfbfab3698599f8
    GOOGLE_APPLICATION_CREDENTIALS: /home/runner/work/gruffalo-mirror/gruffalo-mirror/754e55846bfbfab3698599f8
    GOOGLE_GHA_CREDS_PATH: /home/runner/work/gruffalo-mirror/gruffalo-mirror/754e55846bfbfab3698599f8
    CLOUDSDK_PROJECT: <redacted>
    CLOUDSDK_CORE_PROJECT: <redacted>
    GCP_PROJECT: <redacted>
    GCLOUD_PROJECT: <redacted>
    GOOGLE_CLOUD_PROJECT: <redacted>
/usr/bin/tar xz --warning=no-unknown-keyword --overwrite -C /home/runner/work/_temp/51f8b71f-b0f3-4043-9cfa-9f4fff5bee67 -f /home/runner/work/_temp/5d398a48-c1c2-46c6-8f78-78a9c1900bc5
Error: google-github-actions/setup-gcloud failed with: The process '/opt/hostedtoolcache/gcloud/371.0.0/x64/bin/gcloud' failed with exit code 1

Additional information

I followed the Readme instructions to create Workload Identity Federation.

[bharathkkb]

Thanks for the report @omer-niv-cc Nothing jumps out to me so requesting a few details

• Could you post debug logs
• Try adding a token_format: 'access_token' to auth. This will make the auth action generate an access token. This could help diagnose if its a WIF misconfiguration issue.

[sethvargo]

Hey @bharathkkb - I actually think the issue is in the setup-cloud-sdk package. I think we might be unintentionally swallowing output on some of the gcloud commands, including initial setup. I've created https://github.com/google-github-actions/setup-cloud-sdk/pull/77 to clean that up, but we'll need to do a full release + update of setup-gcloud.

[bharathkkb]

@sethvargo yeah that should help. I was thinking the error maybe here stemming from a WIF misconfig and the error got swallowed.

[omer-niv-cc]

@bharathkkb @sethvargo In did it was an issue with WIF misconfiguration (I pointed to Workload Identity Pool instead of the provider) so all good now.. thanks guys!