How to Fix Permission artifactregistry.repositories.uploa…

スポンサーリンク

Permission artifactregistry.repositories.uploadArtifacts denied on resource using GitHub Actions

Error Overview

The error message “Permission artifactregistry.repositories.uploadArtifacts denied on resource using GitHub Actions” typically indicates that the GitHub Actions workflow is attempting to upload artifacts to Google Cloud’s Artifact Registry, but it lacks the necessary permissions. This issue arises when the authentication process for the service account is incorrectly configured, or the required permissions are not granted.

Common Causes

The following are common causes for this error:

  1. Service Account Misconfiguration: The service account that GitHub Actions is using might not have the appropriate permissions to upload artifacts to the Artifact Registry.
  2. Missing IAM Roles: The service account may not have been assigned the necessary IAM roles, such as artifactregistry.repositories.uploadArtifacts.
  3. Workload Identity Pool Issues: If using Workload Identity, the configuration may not be set up correctly to allow GitHub Actions to authenticate properly.
  4. Repository Permissions: The repository in Google Artifact Registry may not allow the service account to upload artifacts due to its permission settings.
  5. Authentication Token Issues: If there are issues with the authentication token being used, it may not provide the required access.

Solution Methods

To resolve the error “Permission artifactregistry.repositories.uploadArtifacts denied on resource using GitHub Actions,” follow the methods outlined below.

Method 1: Create a Service Account

Creating a service account and granting the necessary permissions is often the first step in resolving this issue. Follow these steps:

  1. Go to the Google Cloud Console.
  2. Navigate to IAM & Admin > Service Accounts.
  3. Click on Create Service Account.
  4. Enter a name and description for your service account.
  5. Click Create.
  6. Assign the role of Artifact Registry Writer or artifactregistry.repositories.uploadArtifacts.
  7. Click Done to finish creating the service account.

Method 2: Configure IAM Permissions

After creating the service account, you must ensure it has the correct permissions to upload artifacts:

  1. In the IAM & Admin section of the Google Cloud Console, locate the service account created in Method 1.
  2. Click on the service account to view its details.
  3. Under the Permissions tab, click Add Principal.
  4. Enter the principal in the following format:
    “`
    principalSet://iam.googleapis.com/$

コメント

タイトルとURLをコピーしました