I am attempting to push a Docker image from Azure Pipelines to an Artifact registry.

When I try to setup a service connection in Azure Pipelines to https://us-west2-docker.pkg.dev/bustling-nomad-434602-q3/gcloud-docker-artifact  the fails with an authentication error.

I can push the image using https://gcr.io/bustling-nomad-434602-q3 which then creates a gcr.io repository in my project.  
Here are my steps:

1. Create a project (using the free trial)
2.  Set gcloud config: gcloud config set project [project name]
3.  Enable APIs:
   

gcloud services enable containerregistry.googleapis.com
gcloud services enable artifactregistry.googleapis.com

• create service account: gcloud iam service-accounts create azure-pipelines-publisher --display-name "Azure Pipelines Publisher"
  
• Assign the IAM roles, storage admin, artifact registry writer, artifact registry reader to the service account
• Create a service account key: 
  

gcloud iam service-accounts keys create \
azure-pipelines-publisher.json --iam-account $AZURE_PIPELINES_PUBLISHER
tr -d '\n' < azure-pipelines-publisher.json > azure-pipelines-publisher-oneline.json

• Create an Artifact registry in the project (the IAM roles for the service account are inherited from the project)
• In Azure pipelines, create a service connection:
  1. Docker Registry: https://[LOCATION]/[PROJECT-ID]/[REGISTRY].
  2. Docker ID: _json_key
  3. Docker Password: Paste the contents of azure-pipelines-publisher-oneline.json
  4. Service connection name: gcrServiceConnection
• In the YAML pipeline the repository is '[PROJECT-ID]/[REGISTRY]`
• The pipeline task builds the image and attempts to push it to the Artifact registry.  Which fails with an authentication error, unless I use https://gcr.io/[PROJECT-ID] for the service connection.