Use .npmrc as source for authentication to private NPM registry on Google Cloud

[alenmeister]

Howdy!

We create short-lived NPM tokens for authentication to a private NPM registry, which is then applied to our .npmrc file:
//us-central1-npm.pkg.dev/omny-artifacts/omnysec/:_authToken=

When pass in the --secret id=npmrc,src=$GITHUB_WORKSPACE/.npmrc option to the docker build command. This secret is also mounted in the Dockerfile.

How can I recreate this behaviour?

I was hoping to do something like this:

- uses: docker/build-push-action@v6
  with:
    file: Dockerfile
    push: true
    tags: ${{ vars.DOCKER_REPOSITORY }}:${{ github.sha }}
    cache-from: type=gha
    cache-to: type=gha,mode=max
    secrets: id=npmrc,src=$GITHUB_WORKSPACE/.npmrc

But this obviously doesn't work as I'm not too familiar with this action

[alenmeister]

The answer lies here:
#293