Closed UriKatsirPrivate closed 2 years ago
Hi there @UriKatsirPrivate :wave:!
Thank you for opening an issue. Our team will triage this as soon as we can. Please take a moment to review the troubleshooting steps which lists common error messages and their resolution steps.
One more piece of information: The service account used for auth has permissions to execute the command.
I found my issue. step #8 in the Setting up Workload Identity Federation setup must be repeated for each repo on github.
TL;DR
When using the auth action with a gcloud command, the gcloud command fails.
Expected behavior
gcloud command running successfully
Observed behavior
Run gcloud builds submit /floor/ --tag europe-west4-docker.pkg.dev/landing-zone-demo-341118/cloud-run-source-deploy/feature-environment:latest gcloud builds submit /floor/ --tag europe-west4-docker.pkg.dev/landing-zone-demo-341118/cloud-run-source-deploy/feature-environment:latest
shell: /usr/bin/bash -e {0} env: PROJECT_ID: landing-zone-demo-341118 SERVICE: floor REGION: europe-west4 CLOUDSDK_AUTH_CREDENTIAL_FILE_OVERRIDE: /home/runner/work/Feature-Environment/Feature-Environment/gha-creds-67a4cbb79684a778.json GOOGLE_APPLICATION_CREDENTIALS: /home/runner/work/Feature-Environment/Feature-Environment/gha-creds-67a4cbb79684a778.json GOOGLE_GHA_CREDS_PATH: /home/runner/work/Feature-Environment/Feature-Environment/gha-creds-67a4cbb79684a778.json CLOUDSDK_CORE_PROJECT: landing-zone-demo-341118 CLOUDSDK_PROJECT: landing-zone-demo-341118 GCLOUD_PROJECT: landing-zone-demo-341118 GCP_PROJECT: landing-zone-demo-341118 GOOGLE_CLOUD_PROJECT: landing-zone-demo-341118 CLOUDSDK_METRICS_ENVIRONMENT: github-actions-setup-gcloud ERROR: (gcloud.builds.submit) There was a problem refreshing your current auth tokens: ('Unable to acquire impersonated credentials: No access token or invalid expiration in response.', '{\n "error": {\n "code": 403,\n "message": "The caller does not have permission",\n "status": "PERMISSION_DENIED"\n }\n}\n') Please run:
$ gcloud auth login
to obtain new credentials.
If you have already logged in with a different account:
to select an already authenticated account to use. Error: Process completed with exit code 1.
Action YAML
Log output
Additional information
Please note that the "Set up Cloud SDK" step succeeds. Only the step that runs a gcloud command is failing.
Thank you,
Uri
PS: I can be reached internally using my ldap: ukatsir@