Re: Deploy React app using GitHub actions, Workloa...

SalomonGuttmann · 03-07-2025 05:47 AM

Hello everyone,
I hope someone can help

When I try to do a docker push to an Artifact Registry repository using GitHub Actions, I get this error:

Unauthenticated request. Unauthenticated requests do not have permission "artifact registry.repositories.upload Artifacts" on resource "projects/react-cloud-run-deploy-452614/locations/us/repositories/gcr.io" (or it may not exist)

This is the GitHub Actions YAML:

I add the following permissions in the service account gcp-github-actions@react-cloud-run-deploy-452614.iam.gserviceaccount.com:

I create also an identity pool and an identity provider

Thanks for any advice

greb

Hi @SalomonGuttmann,

Welcome to Google Cloud Community!

It looks like the error that you are encountering may come from the GitHub Action Workflow, it may not be properly authenticated to push some images to Artifact Registry. There are ways that you might resolve it:

Ensure Correct IAM Roles
Run these commands in Google Cloud SDK:

gcloud projects add-iam-policy-binding react-cloud-run-deploy-452614 \

    --member="serviceAccount:gcp-github-actions@react-cloud-run-deploy-452614.iam.gserviceaccount.com" \

    --role="roles/iam.workloadIdentityUser"



gcloud projects add-iam-policy-binding react-cloud-run-deploy-452614 \

    --member="serviceAccount:gcp-github-actions@react-cloud-run-deploy-452614.iam.gserviceaccount.com" \

    --role="roles/artifactregistry.writer"

Verify Workload Identity Federation Setup
In your GitHub Actions YAML, make sure authentication is configured correctly:

- name: 'Authenticate to Google Cloud'

  uses: 'google-github-actions/auth@v1'

  with:

    workload_identity_provider: 'projects/21489804540/locations/global/workloadIdentityPools/tutorial-github-pool/providers/tutorial-github-provider'

    service_account: 'gcp-github-actions@react-cloud-run-deploy-452614.iam.gserviceaccount.com'

Ensure Correct Artifact Registry URL
Use the correct format for pushing images:

- name: Build and Push Image

  run: |

    docker build -t europe-west6-docker.pkg.dev/react-cloud-run-deploy-452614/gcr-repo/${{ github.sha }} .

    docker push europe-west6-docker.pkg.dev/react-cloud-run-deploy-452614/gcr-repo/${{ github.sha }}

Try to re-run the workflows once the changes above have been made.

Was this helpful? If so, please accept this answer as “Solution”. If you need additional assistance, reply here within 2 business days and I’ll be happy to help.

SalomonGuttmann

Hi Google,

Thanks for Feedback

I used your recommendations, and unfortunately it didn't work.

The Commands in Google Cloud SDK according to GitHub Action Workflow, works:

[image: image.png]

But command docker push Still throw an error:

[image: image.png]

Du you have another suggestion?

Kind regards Salomon

SalomonGuttmann

Hello Google,
An hour before I send via mail one reply, please ignore this.
My Reply
I have implemented and tested your recommendations, but the error still occurs.

On the yaml File I add this:

And evaluates whether the principal currently has access to the specified resource:

And the repository react-gcp-deploy has those roles:

But the docker push command throw this error:

Do you have any other suggestions?

Kind regards Salomon

SalomonGuttmann

Hello everyone,
Is anyone working on my case?

Regards Salomon

Deploy React app using GitHub actions, Workload identity and Cloud Run