Github actions replacing firebase json in flutter project - firebase

I'm running a Github action that automatically builds and releases a flutter project. But we use a dev and a production Firebase environment. so before the build I'd like to switch out the google-services.json from the dev to the production version. But I can't seem to find an easy way to do this. Or is there a better way to work with dev and production versions of Firebase inside flutter?
probably not very useful but here's the action in it's current state
on:
push:
branches: [ stable ]
name: Build and Release
jobs:
build:
name: Build
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#master
with:
fetch-depth: '0'
- name: Bump version and push tag
id: tag
uses: anothrNick/github-tag-action#1.17.2
env:
GITHUB_TOKEN: ${{ secrets.TOKEN }}
WITH_V: true
RELEASE_BRANCHES: stable
- uses: actions/checkout#v1
- uses: actions/setup-java#v1
with:
java-version: '12.x'
- uses: subosito/flutter-action#v1
with:
flutter-version: '1.17.3'
- run: flutter pub get
- run: flutter build appbundle
- name: Create a Release APK
uses: ncipollo/release-action#v1
with:
artifacts: "build/app/outputs/bundle/release/*.aab"
tag: ${{ steps.tag.outputs.tag }}
token: ${{ secrets.TOKEN }}
I'm very, very new to github actions and CI in general. any constructive feedback is always welcome!

Not sure that's the most optimised solution but it's what I found being the easiest to update and maintain.
Step 1 : Store the google-services.json files in the secrets of your Github repository (that way you won't have to commit this file in your repo, that's a bonus) with names like FIREBASE_CONFIG_DEV and FIREBASE_CONFIG_PROD.
Step 2 : Create two workflows : one for the dev, triggered every pull-request for example, and the other one for the release, triggered by a commit on a specific branch like your did
Step 3 : Provide the google-service.json to your project
steps:
- uses: actions/checkout#v1
- name: Provide Firebase Android
env:
FIREBASE_CONFIG_DEV: ${{ secrets.FIREBASE_CONFIG_DEV }}
run: echo $FIREBASE_CONFIG_DEV > ./android/app/google-services.json
Your Dev workflow should look like this
Just edit this snippet to add the creation of the google-services.json to your iOS project and you should be good to go

Related

How to deploy other firebase project assets ( like firestore rule) with github actions

I have one GitHub project that needs to deploy to different firebase projects based on branches ( development, Production and Staging). I added three firebase projects and three GCP accounts for it. I managed to deploy hosting with w9jds/firebase-action. Still, when I tried to use this action to deploy Firestore rules and storage, it kept giving me the error "FirebaseError: HTTP Error: 403, The caller does not have permission". I could not find the document on what permission I needed to deploy those assets or the detailed error log. Any help would be appreciated.
Here is my yml for you to check
name: Deploy firestore on dev Merge
on:
push:
branches:
- dev
jobs:
build:
name: Build
runs-on: ubuntu-latest
steps:
- name: Checkout Repo
uses: actions/checkout#v3
- name: Build
run: npm install && npm run build
- name: Archive Production Artifact
uses: actions/upload-artifact#master
with:
name: dist
path: dist
deploy:
name: Deploy
runs-on: ubuntu-latest
needs: [build]
steps:
- name: Checkout Repo
uses: actions/checkout#v3
- name: Download Artifact
uses: actions/download-artifact#v3
with:
name: dist
path: dist
- name: Deploy to Firebase
uses: docker://w9jds/firebase-action:master
with:
args: deploy --only firestore --project development
env:
GCP_SA_KEY: service_account_key

GitHub Actions Trigger Publish Job Only When Releasing a Package

I have a Scala based multi module project for which I'm having a GitHub Actions pipeline which contains two jobs, one for test and the other for publishing to GitHub packages. Here is my file:
name: Build my projects
on:
push:
paths-ignore:
- 'images/**'
- README.md
branches:
- master
tags:
- 'v*.*.*'
pull_request:
branches:
- master
release:
types: [ created ]
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
jobs:
test:
runs-on: ubuntu-latest
steps:
- name: Checkout
- uses: actions/checkout#v2
- name: Cache ivy2
uses: actions/cache#v1
with:
path: ~/.ivy2/cache
key: ${{ runner.os }}-sbt-ivy-cache-${{ hashFiles('**/*.sbt') }}-${{ hashFiles('project/build.properties') }}
- name: SBT Test
run: sbt clean test
publish:
needs: test
steps:
- name: Checkout
- uses: actions/checkout#v2
- name: SBT Publish
run: sbt publish
I would need the following:
Trigger the publish job only when I want to do a release, but how do I know that I want to do a release? Do I tag a release when I commit the changes? If I tag it, then how can I check if there is a tag so that I know that I have to run the publish job?
If you want to trigger a workflow "only when you want to do a release", one option is to manually launch the workflow.
This can be achieved with a specific workflow with following trigger workflow_dispatch:
on:
workflow_dispatch:
inputs:
releaseVersion:
description: 'Release version'
required: true
Here I add an input value that has to be entered manually when launching the workflow. This is not mandatory though if you don't need any input.
See also: https://github.blog/changelog/2020-07-06-github-actions-manual-triggers-with-workflow_dispatch/
Note that triggering the workflow when a tag is pushed is also a solution that makes sense. It's really up to you.
I just had to do this in the publish job:
publish:
runs-on: ubuntu-latest
needs: test
if: startsWith(github.ref, 'refs/tags/v')
So when there is a tag, the publish job knows that it has to run and publish the new package.

Github Actions - How can I make my env variable(stored in .env file) available in my workflow

I'll try to be as clear as possible. I have also asked about related issues but didn't receive a convincing response.
I'm using React and firebase for hosting.
Also, I'm storing my firebase web API key in my .env file.
I set up firebase hosting using Firebase CLI and chose to automatically deploy on merge or pull request.
After the setup finished a .github folder with .yml file was created in my working directory.
.github
- workflows
-firebase-hosting-merge.yml
-firebase-hosting-pull-request.yml
So now when I deploy my project(without pushing to GitHub) manually to firebase by running firebase deploy everything works fine and my app is up and running.
However when I make changes and push my changes to Github. Github actions are triggered and the automatic deployment to the firebase process starts. The build passes all the checks. However, when I visit the hosted URL there is an error I get in the console saying Your API key is invalid, please check you have copied it correctly.
I tried few workarounds like storing my firebase web API key into the Github secrets and accessing it in my .yml file.
# This file was auto-generated by the Firebase CLI
# https://github.com/firebase/firebase-tools
name: Deploy to Firebase Hosting on merge
'on':
push:
branches:
- master
jobs:
build_and_deploy:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v2
- run: npm ci && npm run build --prod
- uses: FirebaseExtended/action-hosting-deploy#v0
with:
repoToken: '${{ secrets.GITHUB_TOKEN }}'
firebaseServiceAccount: '${{ secrets.FIREBASE_SERVICE_ACCOUNT_EVENTS_EASY }}'
channelId: live
projectId: my-project
env:
REACT_APP_API_KEY: ${{secrets.REACT_APP_API_KEY}}
FIREBASE_CLI_PREVIEWS: hostingchannels
But I am still getting the error. I feel that the error is definitely due to the environment variables.
I have stored my firebase web API key in my .env.production file located in the root directory.
Somehow GitHub actions are not using my environment variables defined.
Please let me know how can I manage my env variables so that it can be accessed by my workflow.
The answer is put custom env vars in first level before jobs:
name: Deploy to Firebase Hosting on merge
'on':
push:
branches:
- master
env: # <--- here
REACT_APP_API_KEY: ${{secrets.REACT_APP_API_KEY}} # <--- here
jobs:
build_and_deploy:
...
And add this secrets in Github > Your project > Settings > Secrets
You can use Create Envfile Github Action to create a .env file in your workflow.
To add a key to the envfile, add a key/pair to the with: section. It must begin with envkey_.
steps:
- uses: actions/checkout#v2
- name: Use Node.js
uses: actions/setup-node#v1
- name: Make envfile
uses: SpicyPizza/create-envfile#v1
with:
envkey_REACT_APP_API_KEY: ${{secrets.REACT_APP_API_KEY}}
directory: './'
file_name: '.env'

Next.js - ERROR Build directory is not writeable on Google Cloud Build

I was trying to automate the deployment process of my Next.JS application to App Engine using Cloud Build but at the build phase it keeps on failing with:
Error: > Build directory is not writeable. https://err.sh/vercel/next.js/build-dir-not-writeable
I cant seem to figure out what to fix for this.
My current build file is and it keeps failing on step 2:
steps:
# install dependencies
- name: 'gcr.io/cloud-builders/npm'
args: ['install']
# build the container image
- name: 'gcr.io/cloud-builders/npm'
args: ['run', 'build']
# deploy to app engine
- name: "gcr.io/cloud-builders/gcloud"
args: ["app", "deploy"]
env:
- 'PORT=8080'
- 'NODE_ENV=production'
timeout: "1600s"
app.yaml:
runtime: nodejs12
handlers:
- url: /.*
secure: always
script: auto
env_variables:
PORT: 8080
NODE_ENV: 'production'
any help would be appreciated
Can reproduce the same behavior after upgrading to next version 9.3.3.
Cause
The issue is related to the npm dependency which is managed by google if you use gcr.io/cloud-builders/npm seems they are running your build inside of Google Cloud Build on an old node version.
Here you can find the currently supported version
https://console.cloud.google.com/gcr/images/cloud-builders/GLOBAL/npm?gcrImageListsize=30
As you can see Googles latest node version is 10.10. The newest next.js version requires at least node 10.13
Solution
Change gcr.io/cloud-builders/npm to
- name: node
entrypoint: npm
in order to use the official docker npm package which runs on node12.
After those changes your build will be successful again.
Sidenote
Switching to the official npm will increase the build duration (at least in my case). It takes around 2 minutes longer then the gcr npm.

How to configure .net core 3.1 appsettings to run tests on Github actions

I'm developing a web API using .Net core 3.1 trying to integrate it to Github Actions to run the integration tests when a pull request is created.
I'm using the secrets manager to store my API tokens and other sensitive data in development mode
secrets.json
{
"Firebase": {
"Login": "foo#bar.com",
"Password": "FooBar",
"Url": "foobar.firebaseapp.com "
},
}
And on GitHub I've tried to add Secrets(GitHub secrets = environment variables) with the same names I have on my secrets JSON but it hasn't worked.
The GitHub secrets that I've created are like
(KEY - VALUE)
LOGIN - foo#bar.com
PASSWORD - FooBar
And on my test class, I'm invoking the environment variables using the following configuration before the tests
public MyTestClass()
{
var builder = new ConfigurationBuilder()
.AddUserSecrets<MyTestClass>()
.AddEnvironmentVariables();
Configuration = builder.Build();
_settings = Configuration.Get<Settings>();
}
And my .yml looks like
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v2
- name: Setup .NET Core
uses: actions/setup-dotnet#v1
with:
dotnet-version: 3.1.300
- name: Nuget
run: dotnet restore
- name: Build
run: dotnet build --configuration Release --no-restore
- name: Test
run: dotnet test --no-restore --verbosity normal
env:
LOGIN: ${{ secrets.LOGIN }}
PASSWORD: ${{ secrets.PASSWORD}}
URL: ${{ secrets.URL}}
How can I load the Settings when executing inside GitHub Actions?
Not sure if i'm not stating the obvious (you didn't mention how you start test app), but GitHub secrets != environment variables. They can be, if user wants that, but it's not done automagically.
- run: program.exe
In this case, program won't know login/password, as there's no way it can access this data.
- run: program.exe
env:
LOGIN: ${{ secrets.LOGIN }}
PASSWORD: ${{ secrets.PASSWORD }}
In this case, program will know login/password, as secrets are "converted" to environment variables, which application can see.
- run: program.exe --login=${{ secrets.LOGIN }} --password=${{ secrets.PASSWORD }}
In this case, program will know login/password, as secrets are passed via command line arguments, which application can see. Environment variables remain unchanged in this case.
Another option is to keep encrypted secrets.json in repository, and decrypt it when workflow is running; see docs for details.

Resources