As per the error seems to be you have given invalid json file of service account which is not parsed by the Git actions workflow. As per this official github :

1. (Optional) Create a Google Cloud Service Account. If you already have a Service Account, take note of the email address and skip this step :

    # TODO: replace ${PROJECT_ID} with your value below.             
    gcloud iam service-accounts create "my-service-account" \
      --project "${PROJECT_ID}"

2. Create a Service Account Key JSON for the Service Account.

# TODO: replace ${PROJECT_ID} with your value below.
gcloud iam service-accounts keys create "key.json" \
  --iam-account "my-service-account@${PROJECT_ID}.iam.gserviceaccount.com"

3. Upload the contents of this file as a GitHub Actions Secret. Use the name of the GitHub Actios secret as the credentials_json value in the GitHub Actions YAML:

 uses: 'google-github-actions/auth@v2'
  with:
      credentials_json: '${{ secrets.GOOGLE_CREDENTIALS }}' # Replace with the name of your GitHub Actions secret

Can you validate the above steps as per your yaml seems to be you need to give correct service account JSON file and also credentials json format need to be taken care.

---------- or else you can also achieve by using Workload Identity Federation through a Service Account by following this official github

Edit : Sinethemba Nontshintshi, achieved this by Changing the approach and used the Workload Identity Federation through a Service Account method to authenticate, by using this guide on how to set it up in GCP and in the YAML file it is passed as follows :

 - name: Authenticate Google Cloud             
   uses: google-github-actions/auth@v2             
   with: 
     service_account: 'your-service account'              
     workload_identity_provider: 'your-workload-identity-provider'

Issue with Google Drive API Authentication using GitHub Actions

I created my workload identity pool according to the Google GitHub Actions Auth documentation without any service account. Then I tried to connect to Google Drive, which requires an OAuth 2.0 access token. I used the following configuration:

- name: Authenticate with Google Cloud
    uses: 'google-github-actions/auth@v2'
    with:
        project_id: 'my-project'
        workload_identity_provider: 'projects/123456789/locations/global/workloadIdentityPools/my-pool/providers/my-provider'

- name: Upload files to Google Drive
    uses: 'Burak-Atak/drive-upload@master'
    with:
      google_credentials_file_path: ${{ env.GOOGLE_APPLICATION_CREDENTIALS }}
      files_to_create: "app.spec"
      drive_folder_id: "242fgdfg345345"
      files_to_update: "requirements.txt"
      file_ids_to_update: "asdas3534fdgg"

However, I got the following error with below code:

def authenticate_google(self):
    credentials, project_id = load_credentials_from_file(
        os.environ["GOOGLE_APPLICATION_CREDENTIALS"],
        scopes=[
            'https://www.googleapis.com/auth/drive.file',
            'https://www.googleapis.com/auth/drive',
            'https://www.googleapis.com/auth/drive.metadata'
        ]
    )

    return build("drive", "v3", credentials=credentials)

googleapiclient.errors.HttpError: <HttpError 401 when requesting https://www.googleapis.com/upload/drive/v3/files?fields=id&alt=json&uploadType=multipart returned "Request had invalid authentication credentials. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.". Details: "[{'message': 'Invalid Credentials', 'domain': 'global', 'reason': 'authError', 'location': 'Authorization', 'locationType': 'header'}]">

I realized I should use OAuth 2.0 for the Google Drive API. Then I changed my configuration to this:

- name: Authenticate with Google Cloud
  uses: google-github-actions/auth@v2
  with:
    workload_identity_provider: 'projects/123456789/locations/global/workloadIdentityPools/my-pool/providers/my-provider'
    project_id: '<PROJECT_ID>'
    service_account: '<PROJECT_ID>@<PROJECT_ID>.iam.gserviceaccount.com'
    token_format: 'access_token'
    access_token_lifetime: '60s'
    access_token_scopes: 'https://www.googleapis.com/auth/drive.file,https://www.googleapis.com/auth/drive,https://www.googleapis.com/auth/drive.metadata'

- name: Upload files to Google Drive
    uses: 'Burak-Atak/drive-upload@master'
    with:
      google_credentials_file_path: ${{ env.GOOGLE_APPLICATION_CREDENTIALS }}
      files_to_create: "app.spec"
      drive_folder_id: "242fgdfg345345"
      files_to_update: "requirements.txt"
      file_ids_to_update: "asdas3534fdgg"

After this change, I started to get the following error even though I have the Service Account Token Creator and Owner roles in my service account:

google-github-actions/auth failed with: failed to generate Google Cloud OAuth 2.0 Access Token for <PROJECT_ID>@<PROJECT_ID>.iam.gserviceaccount.com: {
  "error": {
    "code": 403,
    "message": "Permission 'iam.serviceAccounts.getAccessToken' denied on resource (or it may not exist).",
    "status": "PERMISSION_DENIED",
    "details": [
      {
        "@type": "type.googleapis.com/google.rpc.ErrorInfo",
        "reason": "IAM_PERMISSION_DENIED",
        "domain": "iam.googleapis.com",
        "metadata": {
          "permission": "iam.serviceAccounts.getAccessToken"
        }
      }
    ]
  }
}

Solution

I figured out that I should add a service account to my workload pool. Check the "Connected service accounts" part in the Google Cloud Console. If there is no connected service account, you should add one.

I needed to add:

jobs:
   my_job:
   # Need to add these 3 lines to add "id-token" with the intended permissions.
   permissions:
     contents: 'read'
     id-token: 'write'

This is documented here: https://github.com/google-github-actions/auth#usage