GKE Connect Gateway: get-gke-credentials auto-discovery fails for regional fleet memberships

[logogin]

TL;DR

use_connect_gateway: true fails with "expected one membership for . Found none" when the fleet membership is regional.

Root cause: discoverClusterMembership() in src/client.ts hardcodes locations/global when listing memberships

Expected behavior

GKE Autopilot clusters auto-register as regional memberships (e.g. locations/us-central1), which are not returned by the global query. Action should use location hint to discover regional clusters.

Observed behavior

No response

Action YAML

name: Deploy via Connect Gateway

on:
  workflow_dispatch:

permissions:
  contents: read
  id-token: write

jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
      - uses: google-github-actions/auth@v3
        with:
          workload_identity_provider: projects/PROJECT_NUMBER/locations/global/workloadIdentityPools/POOL/providers/PROVIDER
          service_account: deploy-sa@PROJECT_ID.iam.gserviceaccount.com

      - uses: google-github-actions/get-gke-credentials@v3
        with:
          cluster_name: my-autopilot-cluster
          location: us-central1
          project_id: my-project
          use_connect_gateway: 'true'

      - run: kubectl get pods

Log output

Error: google-github-actions/get-gke-credentials failed with: expected one membership
for my-autopilot-cluster in my-project. Found none. Verify membership by running
`gcloud container fleet memberships list --project my-project`

Additional information

No response

[stevenh]

Seeing this exact issue too.