I am currently using GitHub Actions to automate deploys to production, however, developers also have access to deploy code directly from their machines to production. I am wondering how to avoid this situation and only allow new updates to our hosting instance when it comes from an automated PR approval on GitHub.
The current workflow for developers is:
Create a new dev branch based on an assigned issue on GitHub
Develop code changes and test it on localhost via Firebase Emulators
Commit code changes to GitHub and creates a PR
GitHub Actions kicks in to deploy code changes in a preview channel for approval
After code review, PR is approved and code changes get deployed automatically to production
Since developers are required to provide firebase production credentials to initializeApp({...}) - there is no way to avoid a team member from deploying code directly from their machines to production.
Firebase client SDK for Javascript does not allow an app to be initialized withou real project credentials, which means there is no way to initialize an app "only for emulation".
Any thoughts on how to fix this?
Create a new Google account that is only used to deploy and change the developer permissions to only have read access to the production apps.
Related
As per the Firebase documentation, the contents of google-services.json are considered public. These can be easily retrieved by decompiling the apk.
If so, is there a way to prevent apps from registering with my Firebase project?
I understand that the registration works on the basis of package name. While it's not possible to publish an app with a duplicate package name, for development it is very much possible.
I created a dummy app, and my dummy app successfully registered with my production project. So, looking for a way to prevent that from happening.
You should be connecting your app to Firebase Emulator for local development.
You can go to Firebase console -> Authentication tab -> Sign-in Method tab, and remove localhost from Authorized domain, that way your app will never connect to production DB.
One can select a project to deploy their app to, using firebase use PROJECT_ID.
I've an interesting pattern - I've multiple firebase hosted applications (projects) on the different branches of a git repo, and I often need to switch between them. When I issue firebase deploy, often it picks the wrong project and deploy there.
Is there a way to configure the projectId for firebase hosting within my code, so that when changing branches, the right project is automatically selected for deployment?
Thank you.
We are bringing in a new developer for our Firebase web app project, who will start out by just learning the code in his local environment.
Since the new developer will be running Firebase CLI in the local env., is there a way to set up his initial role on the project such that he is [not able] to run firebase deploy commands?
~~~~~~~~~~~~~~~~~~~~~~~~~
I did find this doc from Google:
https://cloud.google.com/iam/docs/understanding-roles?_ga=2.49153190.-1888993.1468450573#curated_roles
It discusses deploy access in section: App Engine Roles .. not sure if that is for Firebase as well.
If so, are there any additional references for how to go about applying these kinds of roles to a Firebase project?
Anyone who has the "editor" or "owner" role for a project will be able to deploy (and generally make any other changes to the project). If you don't want an account to be able to deploy, don't give either of those roles.
For logging purposes I´d like to print to console or even display the current deploy ID (or message) of my firebase web app that is being accessed by the browser.
Firebase Hosting recently released a new REST API. You can use sites.releases.list to see what version is currently deployed.
Old answer:
Firebase deploy IDs don't appear to be available anywhere via programmatic access. The CLI doesn't support listing current or previous deploys.
My recommendation would be to go in the other direction. Have your source code in a vcs like git. When you build and deploy a new version set the vcs hash or version in the deployed code and as the message for firebase deploy. You can then log the log the source version in your code and you can manually associate that back to a release in the Firebase UI.
After following the Meteorjs instructions and successfully creating an app, the deployment step failed. I am familiar with the developer account and the normal procedure. The Error being provided is stating that I have unauthorized access to Galaxy and that I am attempting to deploy on it (this is the paid cloud service of Meteor released recently and not the testing cloud service of Meteor.com for developers). I am not understanding why this redirection is occurring. It would be helpful to point out the issue. The name of the app being deployed follows the format appname.meteor.com. Please also note that
The developer-account dependency was installed
The app was created through the Meteorjs dashboard
I was also logged in from the console prior to deploying
Thanks in advance
I would like some clarity on the process you're attempting, however meteor killed free hosting in March of 2016 (three months ago at the time of this post).
This post explains the details of MDG cancelling that service.
This means there is no longer a testing cloud service, which seems like what you're attempting to deploy to (can't tell as you've given no specifics on your process), there is only Galaxy.