Google cloud registry authentication for pushing images

Hi,

As per https://support.atlassian.com/bitbucket-cloud/docs/use-docker-images-as-build-environments/#Private-images-hosted-by-Google-Container-Registry--GCR- I've configured my build to use a custom image to build my application. So basically, I've included this in my build:

image:
  name: [region].gcr.io/<project>/image:latest
  username: _json_key
  password: '$GCR_JSON_KEY'

The image is pulled correctly and the build runs.

As part of that pipeline, a resulting image is pushed to the same registry as the build image was pulled from. I.e.

docker push <region>.gcr.io/[project]/application-image:$BITBUCKET_COMMIT

I would've expected that the authentication to that host is reused from pulling the image, but that's not the case. Docker indicates that the request as unauthenticated.

Is this not possible, is this just a setting I'm missing? I can obviously work around this by redoing the auth, but seems a bit duplicate.

tnx