Pulling Private GoLang Packages from Google Cloud Artifact Registry when Building Cloud Functions (Gen 2)

Question

Long time listener, glad to be here today.

I have a golang module that rests in Google Cloud Artifact Registry

I have a cloud function that utilizes this package

package main

import (
    "encoding/json"
    "fmt"
    "html"
    "net/http"

    "example.com/boomer"
    "github.com/GoogleCloudPlatform/functions-framework-go/functions"
)

func helloHTTP(w http.ResponseWriter, r *http.Request) {
    fmt.Fprint(w, boomer.Bang())
    var d struct {
        Name string `json:"name"`
    }
    if err := json.NewDecoder(r.Body).Decode(&d); err != nil {
        fmt.Fprint(w, "Hello, World!")
        return
    }
    if d.Name == "" {
        fmt.Fprint(w, "Hello, World!")
        return
    }
    fmt.Fprintf(w, "Hello, %s!", html.EscapeString(d.Name))
}

func main() {
    functions.HTTP("HelloHTTP", helloHTTP)
}

// helloHTTP is an HTTP Cloud Function with a request parameter.

My problem is that no matter how I go about deploying this cloud function, I can't get it to pull the Artifact Registry private image in during the build process. My Cloudbuild YAML is:

steps:
  - name: golang
    entrypoint: go
    args: [ 'run', 'github.com/GoogleCloudPlatform/artifact-registry-go-tools/cmd/[email protected]', 'add-locations', '--locations=${_LOCATION}' ]
    env:
      # Set GOPROXY to the public proxy to pull the credential helper tool
      - 'GOPROXY=proxy.golang.org'

  - name: golang
    entrypoint: go
    args: [ 'run', 'github.com/GoogleCloudPlatform/artifact-registry-go-tools/cmd/[email protected]', 'refresh' ]
    env:
      - 'GOPROXY=proxy.golang.org'
      - 'GONOPROXY=github.com/GoogleCloudPlatform/artifact-registry-go-tools'



  - name: golang
    entrypoint: go
    args: [ 'run', '.' ]
    env:
      - 'GONOPROXY=github.com/GoogleCloudPlatform/artifact-registry-go-tools'
      - 'GONOSUMDB=*.${_MODULE_PATH}'
      - 'GOPRIVATE=*.${_MODULE_PATH}'

# Deploy

  - name: gcr.io/google.com/cloudsdktool/cloud-sdk
    args:
      - gcloud
      - functions
      - deploy
      - hello-go
      - --allow-unauthenticated
      - --region=us-central1
      - --source=.
      - --trigger-http
      - --runtime=go121
      - --entry-point=HelloHTTP
      - --set-build-env-vars=^;^GONOSUMDB="${_MODULE_PATH}";GOPRIVATE="${_MODULE_PATH}";GONOPROXY="github.com/GoogleCloudPlatform/artifact-registry-go-tools";GOPROXY="${_LOCATION}-go.pkg.dev/${_PROJECT_ID}/${_REPOSITORY},https://proxy.golang.org,direct"

options:
  env:    # Disable GO sumdb checks for private modules.
    - 'GONOPROXY=github.com/GoogleCloudPlatform/artifact-registry-go-tools'
    - 'GOPROXY=${_LOCATION}-go.pkg.dev/${_PROJECT_ID}/${_REPOSITORY},https://proxy.golang.org,direct'
    - 'GONOSUMDB=${_MODULE_PATH}'
    - 'GOPRIVATE=${_MODULE_PATH}'

All the steps are fine in the build process, except for the final deployment step where it should be deploying to Cloud Functions. I keep getting the same error, which I would expect if it was trying to directly proxy to example.com/boomer. I've adjusted the Proxy to come from my private registry first.

The meaningful part of the error in the cloud build logs that are output when step 3 of the above kickas off the Cloud Build Process:

severity: "INFO"
textPayload: "Step #2 - "build":    github.com/pkg/errors: example.com/[email protected]: unrecognized import path "example.com/boomer": reading https://example.com/boomer?go-get=1: 404 Not Found"
timestamp: "2023-12-15T22:00:53.973146065Z"

Not sure what I need to adjust here, any sights would be helpful.

I was expecting the function to successfully deploy, however I don't think the Cloud Build login and deployment of the github artifact registry tool carry over to the build process kicked off by the cloud-sdk running the deploy gcloud CLI command.

Possibly private build pools? But that seems like a little much.