Continual error Authenticating from Azure Container App to Container Registry

[CCBrenner]

I'm using a user-assigned managed identity for the authentication. I can give more details if needed, but I wanted to start with the approach to ensure I am doing this correctly. Currently it seems like something is wrong but this is also my first time doing this so I very well could be wrong.

I get the following error no matter what I do to try and setup authentication between Azure Container App to Container Registry. This is part of a GH Workflow to create a Docker image, push it to ACR, then update the existing Azure Container App.

I checked to make sure the Container App expects that type of token; it does. I also ensured I set up the user-assigned managed identity in both the app and the registry; it is. I also ensured the user-assigned managed identity has the Azure role "AcrPull" assigned to it; it does.

I'm authenticating from GH Actions to Azure using a service principle but the App authenticates to the Registry using the user-assigned managed identity. This seemed like a potential snag point, but my research says it should not be due to authentication contexts being distinct and separate.

I don't know what else is preventing me from authenticating correctly. Can someone give some insight?

[SilverPreeceSOF]

I just had to debug something similar when using the action to build and deploy a container. What helped me out was running debug mode and checking the output of the preceding azure/login action. In my case, I saw a warning from that action and investigated - it turned out that I had accidentally included the .azurecr.io suffix in my ACR name. The action then tried to add it again during its own login step, and failed out completely, even though the preceding login step had succeeded. Can you add the output of a login step, and any YAML config you can provide from the workflow itself?