Facing issue while pushing image to GCP artifact registry

[sachinmane1983]

Orb version:

---

version: 2.1

orbs:
gcp-gcr: circleci/[email protected]

What happened:

we are migrating from GCR to GCP artifact registry so modified the orb repo to use google artifact registry url
but its able to build the image but not able to push the image to artifact registry. its working fine with GCR

Expected behavior:

It should push the image to artifact registry

Additional Information:

here is ORB repo code we are using for artifact registry

`steps:

• checkout
• run:
  name: Authenticate gcloud CLI
  command: |
  echo $GCP_SERVICE_KEY | gcloud auth activate-service-account --key-file=-
  gcloud auth list
  gcloud --quiet config set project ${<<parameters.gcp-project-id>>}
  # check to see if cluster parameters are defined
  if [ ! -z ${<<parameters.gke-cluster-name>>} ]; then
  if [ $(gcloud container clusters list --format=json | jq ".[] |
  select(.name == "$<<parameters.gke-cluster-name>>") | .locations | length") -gt 1 ];
  then
  gcloud --quiet config set
  compute/region ${<<parameters.gke-cluster-compute-region>>}
  else
  gcloud --quiet config set
  compute/zone ${<<parameters.gke-cluster-compute-zone>>}
  fi
  fi
  gcloud auth configure-docker europe-docker.pkg.dev
• setup_remote_docker
• run:
  name: Set build variables from build.json
  command: |
  SERVICE_NAME=$(jq -r '.name' build.json)
  VERSION=$(jq -r '.version' build.json)
  DOCKER_TAG=$VERSION
  if [ "${<< parameters.docker-image-suffix >>}" != "" ]; then
  DOCKER_TAG=$DOCKER_TAG-${<< parameters.docker-image-suffix >>} >> $BASH_ENV
  fi
  if [ "$CIRCLE_BRANCH" = "develop" ] && [[ ! $VERSION == *"-develop" ]]; then
  DOCKER_TAG=$DOCKER_TAG-develop >> $BASH_ENV
  fi
  echo "Service name is $SERVICE_NAME, node package version is"
  "$VERSION and docker tag will be $DOCKER_TAG"
  TAG_COUNT=$(gcloud container images list-tags
  ${<<parameters.gcp-container-registry-url>>}/${SERVICE_NAME}
  --filter="tags=${DOCKER_TAG}" --format=json --quiet | jq ". | length")
  echo GCR image tag Count is $TAG_COUNT
  if [ $TAG_COUNT != 0 ]; then
  echo "ERROR: image tag exists. Found total of $TAG_COUNT image "
  "tags at: $<<parameters.gcp-container-registry-url>>"
  "/$SERVICE_NAME:$DOCKER_TAG"
  exit 1
  fi
  # Debug: Print Docker Tag and Image URL
  echo "Docker Tag: $DOCKER_TAG"
  echo "Image URL: $<<parameters.gcp-container-registry-url>>/$SERVICE_NAME/$SERVICE_NAME:$DOCKER_TAG"
  gcloud auth list
  # tag with generated unique tag and update latest
  docker build --build-arg NPM_TOKEN=${<<parameters.npm-token-var>>} -t
  $<<parameters.gcp-container-registry-url>>/$SERVICE_NAME/$SERVICE_NAME:$DOCKER_TAG
  -t $<<parameters.gcp-container-registry-url>>/$SERVICE_NAME/$SERVICE_NAME:latest
  <<parameters.path-to-dockerfile>>
  docker images
  # push all tags
  echo "Pushing Docker image: $<<parameters.gcp-container-registry-url>>/$SERVICE_NAME/$SERVICE_NAME:$DOCKER_TAG"
  docker push
  $<<parameters.gcp-container-registry-url>>/$SERVICE_NAME/$SERVICE_NAME:$DOCKER_TAG
  echo "Pushing latest Docker image: $<<parameters.gcp-container-registry-url>>/$SERVICE_NAME/$SERVICE_NAME:latest"
  docker push
  $<<parameters.gcp-container-registry-url>>/$SERVICE_NAME/$SERVICE_NAME:latest`

error we are getting

`Service name is lender-deployment, node package version is 1.1.23 and docker tag will be 1.1.23
GCR image tag Count is 0
Docker Tag: 1.1.23
Image URL: *******************************/lender-deployment/lender-deployment:1.1.23
Credentialed Accounts
ACTIVE ACCOUNT

•   circleci@************************.iam.gserviceaccount.com
  

To set the active account, run:
$ gcloud config set account ACCOUNT

[+] Building 28.6s (14/14) FINISHED
=> [internal] load build definition from Dockerfile 0.0s
=> => transferring dockerfile: 1.03kB 0.0s
=> [internal] load .dockerignore 0.0s
=> => transferring context: 2B 0.0s
=> [internal] load metadata for europe-docker.pkg.dev/koodoo-infra-share 2.9s
=> [auth] /python/python:pull token for europe-d 0.0s
=> [build 1/3] FROM europe-docker.pkg.dev//pytho 3.9s
=> => resolve europe-docker.pkg.dev/************************/python/pyth 0.0s
=> => sha256:b380bbd43752f83945df8b5d1074fef8dd044820e 27.14MB / 27.14MB 1.9s
=> => sha256:14063a2781d6ddd50c6afb4a9e22cccf2205cb04a72 2.77MB / 2.77MB 1.4s
=> => sha256:5a63271f8164c4a1fd42b70f29316cfe5ec83c34c 10.99MB / 10.99MB 1.5s
=> => sha256:3757de4f921083546ee8bd0a33d84c9784a6eafc7fc 1.78kB / 1.78kB 0.0s
=> => sha256:fffe3935e6ccd74861da2903369daf76f80b4ef7cad 9.11kB / 9.11kB 0.0s
=> => sha256:8bcf4fd3160ad38c522f2edcf11277e643a6ebc542bdbe7 233B / 233B 1.6s
=> => sha256:31aed500758ca862f26aba69e07486cab51a610c5e0 2.64MB / 2.64MB 2.6s
=> => sha256:3846e6476bca479e8a20450bf99c14249c4a8ef15570516 817B / 817B 2.2s
=> => extracting sha256:b380bbd43752f83945df8b5d1074fef8dd044820e7d3aef3 1.0s
=> => sha256:e5c71c2c4dae9f2458289f2d1f7a7074aba801418c7dcb3 513B / 513B 2.5s
=> => extracting sha256:14063a2781d6ddd50c6afb4a9e22cccf2205cb04a72caff0 0.1s
=> => extracting sha256:5a63271f8164c4a1fd42b70f29316cfe5ec83c34cb6de728 0.4s
=> => extracting sha256:8bcf4fd3160ad38c522f2edcf11277e643a6ebc542bdbe70 0.0s
=> => extracting sha256:31aed500758ca862f26aba69e07486cab51a610c5e03928d 0.2s
=> => extracting sha256:3846e6476bca479e8a20450bf99c14249c4a8ef155705161 0.0s
=> => extracting sha256:e5c71c2c4dae9f2458289f2d1f7a7074aba801418c7dcb38 0.0s
=> [internal] load build context 0.0s
=> => transferring context: 9.52kB 0.0s
=> [stage-1 2/6] WORKDIR /app 0.2s
=> [build 2/3] COPY requirements.txt . 0.2s
=> [stage-1 3/6] RUN addgroup --system user && adduser --system --no-cre 0.5s
=> [build 3/3] RUN pip install --user -r requirements.txt --no-warn-scr 18.2s
=> [stage-1 4/6] COPY ./src /app 0.0s
=> [stage-1 5/6] COPY ./config/config.json /app/config/config.json 0.0s
=> [stage-1 6/6] COPY --from=build --chown=user:user /root/.local /root/ 0.9s
=> exporting to image 1.5s
=> => exporting layers 1.5s
=> => writing image sha256:156220e0b5865bf506ef31f95753d718d9cdf85a594bd 0.0s
=> => naming to *******************************/lender-deployment/lender 0.0s
=> => naming to *******************************/lender-deployment/lender 0.0s
REPOSITORY TAG IMAGE ID CREATED SIZE
*******************************/lender-deployment/lender-deployment 1.1.23 156220e0b586 2 seconds ago 378MB
*******************************/lender-deployment/lender-deployment latest 156220e0b586 2 seconds ago 378MB

Pushing Docker image: /lender-deployment/lender-deployment:1.1.23
The push refers to repository [/lender-deployment/lender-deployment]
1afd1bc92435: Preparing
31cf4414da23: Preparing
c96bb6c6a8c3: Preparing
a8dc6f868f8a: Preparing
bbce02a022f3: Preparing
9d19eb5c7836: Waiting
e262df620e78: Waiting
a1771f126974: Waiting
19a51c156a1b: Waiting
401d40a3e0d6: Waiting
3ce18771576c: Waiting
e81bff2725db: Waiting
unauthorized: You don't have the needed permissions to perform this operation, and you may have invalid credentials. To authenticate your request, follow the steps in: https://cloud.google.com/container-registry/docs/advanced-authentication

Exited with code exit status 1`

same workflow earlier working for GCR so there is no permission issue.
Let me know if any other orb version need to update to fix the issue or any other modification in yaml file

[david-montano-circleci]

The latest version of this orb is compatible with both GCR and Artifact repository.
The way the url to push the image to is defined here.
You will need to specify the push-image following parameters:

• registry-url: registry main url/domain
• google-project-id: Google project id where the Artifact repository was created
• repository: name of Artifact repository
• image: actual image name

Thank you for reporting this! Let us know if you have any more questions, issues or suggestions!