Github actions – Publish docker to Google Container Repository

I’m using these docs to set up a github workflow to automatically update some docker images upon creating a release:
https://docs.github.com/en/actions/guides/deploying-to-google-kubernetes-engine

Now I have a service account that I used many times to push to GCR from my laptop, and it has the required permissions (storage object admin). Yet, at the publish step, I get an error denied: Token exchange failed. This is strange, as the docker auth and the get-credentials are working fine. I’m not exactly sure how to debug this either, as I’m uncertain how google-github-actions/get-gke-crednetials manages the authentication.

name: Deploy
on:
  release:
    types: [created]
env:
  GKE_PROJECT: ${{ secrets.GKE_PROJECT }}
  GITHUB_VERSION: ${{ github.event.release.tag_name }}
  GKE_ZONE: ${{ secrets.GKE_ZONE }}
  GKE_CLUSTER: ${{ secrets.GKE_CLUSTER }}
jobs:
  deploy:
    name: Deploy
    runs-on: ubuntu-latest
    steps:
    - name: Checkout
      uses: actions/[email protected]
    - uses: google-github-actions/[email protected]
      with:
        service_account_key: ${{ secrets.GKE_SA_KEY }}
        project_id: ${{ secrets.GKE_PROJECT }}
    - run: |-
        gcloud --quiet auth configure-docker
    - uses: google-github-actions/[email protected]
      with:
        cluster_name: ${{ env.GKE_CLUSTER }}
        location: ${{ env.GKE_ZONE }}
        credentials: ${{ secrets.GKE_SA_KEY }}
    - name: Build
      run: |        
        docker build -t gcr.io/$GKE_PROJECT/frontend:$GITHUB_VERSION frontend
        docker build -t gcr.io/$GKE_PROJECT/backend:$GITHUB_VERSION backend
    - name: Publish
      run: |
        docker push gcr.io/$GKE_PROJECT/frontend:$GITHUB_VERSION
        docker push gcr.io/$GKE_PROJECT/backend:$GITHUB_VERSION
    - name: Deploy
      run: |
        kubectl set image deployment/backend backend=gcr.io/$GKE_PROJECT/backend:$GITHUB_VERSION
        kubectl set image deployment/frontend frontend=gcr.io/$GKE_PROJECT/frontend:$GITHUB_VERSION

Source: Docker Questions

LEAVE A COMMENT