I am trying to add a custom package to a cloud function on GCP, I have the the right permission, and can import packages when I follow this tutorial in the same GCP project.
I cannot add artifact from an external GCP project, even if I give manually the role: Artifact Registry Reader to the service account deploying the cloud function.
I also posted an issue on the google cloud platform issue tracker
I updated the Google issue tracker with my findings while investigating and answering this question
I'll put a short summary from that answer below, but see my answer there for more details.
So, to summarize, the first authentication to the repo is done with whatever SA you use.
Stupidly enough, the download itself is done with the inbuilt SA for Cloud Build from the project you are deploying the Cloud Function to. IMHO this should be done by the same SA as the first.
Note that the format for the inbuilt SA for Cloud Build is <PROJECT-NUMBER>@cloudbuild.gserviceaccount.com