Authenticate GitHub actions to Google Artifact Registry

Outdated page

This page was set to be reviewed before 2023-10-22 by the page owner.

Contact the page Owner (opens default mail client) if you require this page to be updated

Why

When using GitHub Actions to build docker images and push them to GAR, you need to authenticate.

How

Pre-requisites

You need to have configured Authenticating to GCP using Workload identity Federation

Workflow File

name: GCP Auth Example to GAR

jobs:
  docker:
    runs-on: ubuntu-latest
    permissions:
      id-token: write
      contents: read

    steps:
      - name: Checkout code
        uses: actions/checkout@v3

      - id: 'auth'
        name: 'Authenticate to Google Cloud'
        uses: 'google-github-actions/auth@v1'
        with:
          token_format: 'access_token'
          workload_identity_provider: ${{vars.WORKLOAD_IDENTITY_PROVIDER}}
          service_account: ${{vars.SERVICE_ACCOUNT}}

      - uses: 'docker/login-action@v2'
        name: Log docker in to Google Container Store
        with:
          registry: 'europe-west2-docker.pkg.dev'
          username: 'oauth2accesstoken'
          password: '${{ steps.auth.outputs.access_token }}'

---

Want to make this site better? Open a PR or help fund hosting costs