Setup fails with 'Invalid value for "audience"'

This issue has been tracked since 2022-04-12.

TL;DR

I use workload identity federation and after auth step finishes successfully the gcloud setup fails with Invalid value for "audience".

The output of the auth step is as follows:

Run google-github-actions/[email protected]
  with:
    workload_identity_provider: projects/1234567890/locations/global/workloadIdentityPools/github/attribute.repository/.../...
    service_account: ...
    create_credentials_file: true
    export_environment_variables: true
    cleanup_credentials: true
    access_token_lifetime: 600s
    access_token_scopes: https://www.googleapis.com/auth/cloud-platform
    id_token_include_email: false
Created credentials file at "/home/runner/work/.../.../gha-creds....json"

Expected behavior

GCloud SDK is set up correctly

Observed behavior

Setup step fails

Action YAML

...
jobs:
  setup:
    permissions:
      contents: "read"
      id-token: "write"
    name: Setup
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/[email protected]
        with:
          ref: ${{ github.ref }}

      - id: "auth"
        uses: "google-github-actions/[email protected]"
        with:
          workload_identity_provider: "projects/1234567890/locations/global/workloadIdentityPools/github/attribute.repository/<my-org>/<my-repo>"
          service_account: "<[email protected]>"
    
      - name: "Set up Cloud SDK"
        uses: "google-github-actions/[email protected]"

Log output

Error: google-github-actions/setup-gcloud failed with: failed to execute command `gcloud --quiet auth login --cred-file /home/runner/work/.../.../gha-creds-c258de8274a37813.json`: ERROR: gcloud crashed (OAuthError): ('Error code invalid_request: Invalid value for "audience". This value should be the full resource name of the Identity Provider. See https://cloud.google.com/iam/docs/reference/sts/rest/v1/TopLevel/token for the list of possible formats.', '{"error":"invalid_request","error_description":"Invalid value for \\"audience\\". This value should be the full resource name of the Identity Provider. See https://cloud.google.com/iam/docs/reference/sts/rest/v1/TopLevel/token for the list of possible formats."}')

Additional information

No response

Your Name

Your Comment

More Details About Repo

Owner Name	google-github-actions
Repo Name	setup-gcloud
Full Name	google-github-actions/setup-gcloud
Language	TypeScript
Created Date	2019-11-05
Updated Date	2023-03-23
Star Count	1505
Watcher Count	65
Fork Count	548
Issue Count	11

YOU MAY BE INTERESTED

Issue Title	Created Date	Updated Date