From fa8b0d7d2647d9b941cfe3b16da8120ac5fbe8ca Mon Sep 17 00:00:00 2001 From: Bliss Pisit Wetcha Date: Mon, 9 Oct 2023 14:38:04 +0700 Subject: [PATCH 1/2] [#522] Use FIREBASE_SERVICE_ACCOUNT instead of FIREBASE_TOKEN --- .../project_workflows/deploy_production_firebase.yml | 11 +++++++++-- .github/project_workflows/deploy_staging_firebase.yml | 11 +++++++++-- .github/wiki/CodeMagic.md | 4 ++-- .github/wiki/Github-Actions.md | 4 ++-- .github/workflows/test_upload_build_to_firebase.yml | 11 +++++++++-- codemagic.yaml | 2 ++ fastlane/Constants/Secret.swift | 2 -- 7 files changed, 33 insertions(+), 12 deletions(-) diff --git a/.github/project_workflows/deploy_production_firebase.yml b/.github/project_workflows/deploy_production_firebase.yml index ad71aed9..23f71113 100644 --- a/.github/project_workflows/deploy_production_firebase.yml +++ b/.github/project_workflows/deploy_production_firebase.yml @@ -3,7 +3,7 @@ name: Deploy Production Build To Firebase # SECRETS needed: ### SSH_PRIVATE_KEY for Match Repo ### MATCH_PASS -### FIREBASE_TOKEN +### FIREBASE_GOOGLE_APPLICATION_CREDENTIALS_BASE64 on: push: @@ -50,6 +50,13 @@ jobs: touch .env echo $ENV | base64 --decode > .env + - name: Read Google Service Account + id: firebase_service_account + uses: timheuer/base64-to-file@v1.2 + with: + fileName: 'firebase_service_account.json' + encodedString: ${{ secrets.FIREBASE_GOOGLE_APPLICATION_CREDENTIALS_BASE64 }} + - name: Bundle install run: bundle install @@ -80,7 +87,7 @@ jobs: - name: Build Production App and Distribute to Firebase run: bundle exec fastlane buildProductionAndUploadToFirebase env: - FIREBASE_TOKEN: ${{ secrets.FIREBASE_TOKEN }} + GOOGLE_APPLICATION_CREDENTIALS: ${{ steps.firebase_service_account.outputs.filePath }} - name: Upload Artifacts uses: actions/upload-artifact@v3 diff --git a/.github/project_workflows/deploy_staging_firebase.yml b/.github/project_workflows/deploy_staging_firebase.yml index fff0630a..ee517172 100644 --- a/.github/project_workflows/deploy_staging_firebase.yml +++ b/.github/project_workflows/deploy_staging_firebase.yml @@ -3,7 +3,7 @@ name: Deploy Staging Build To Firebase # SECRETS needed: ### SSH_PRIVATE_KEY for Match Repo ### MATCH_PASS -### FIREBASE_TOKEN +### FIREBASE_GOOGLE_APPLICATION_CREDENTIALS_BASE64 on: push: @@ -55,6 +55,13 @@ jobs: touch .env echo $ENV | base64 --decode > .env + - name: Read Google Service Account + id: firebase_service_account + uses: timheuer/base64-to-file@v1.2 + with: + fileName: 'firebase_service_account.json' + encodedString: ${{ secrets.FIREBASE_GOOGLE_APPLICATION_CREDENTIALS_BASE64 }} + - name: Bundle install # if: steps.bundleCache.outputs.cache-hit != 'true' run: bundle install @@ -86,7 +93,7 @@ jobs: - name: Build App and Distribute to Firebase run: bundle exec fastlane buildStagingAndUploadToFirebase env: - FIREBASE_TOKEN: ${{ secrets.FIREBASE_TOKEN }} + GOOGLE_APPLICATION_CREDENTIALS: ${{ steps.firebase_service_account.outputs.filePath }} - name: Upload Artifacts uses: actions/upload-artifact@v3 diff --git a/.github/wiki/CodeMagic.md b/.github/wiki/CodeMagic.md index f12bc0c6..420988f4 100644 --- a/.github/wiki/CodeMagic.md +++ b/.github/wiki/CodeMagic.md @@ -33,7 +33,7 @@ Out of the box, the CodeMagic Template has the following workflows and steps: | MATCH_PASSWORD | The password is used to encrypt/decrypt the Match repository to store the distribution certificates and provisioning profiles. | | MATCH_SSH_KEY | The SSH private key is used for cloning the Match repository that contains your distribution certificates and provisioning. | | KEYCHAIN_PASSWORD | The password to access the keychain. | -| FIREBASE_CLI_TOKEN | [Firebase token](https://firebase.google.com/docs/cli#cli-ci-systems) for uploading build to Firebase Distributions and Analytics. | +| FIREBASE_SERVICE_ACCOUNT | [Google Service Firebase Account](https://firebase.google.com/docs/app-distribution/ios/distribute-fastlane#service-acc-fastlane) for uploading build to Firebase Distributions and Analytics. | | APPSTORE_CONNECT_API_KEY | [App Store Connect API](https://docs.fastlane.tools/actions/app_store_connect_api_key/) for uploading build to TestFlight or App Store. It should be `base64` encoded. | | API_KEY_ID | The key identifier of your App Store Connect API key. | | ISSUER_ID | The issuer of your App Store Connect API key. | @@ -57,4 +57,4 @@ ROOT ├──... ``` -4. Push changes to SCM. \ No newline at end of file +4. Push changes to SCM. diff --git a/.github/wiki/Github-Actions.md b/.github/wiki/Github-Actions.md index 07693092..e96e33ad 100644 --- a/.github/wiki/Github-Actions.md +++ b/.github/wiki/Github-Actions.md @@ -53,7 +53,7 @@ Make sure the following secrets are set up. |SSH_PRIVATE_KEY |SSH key connected to a user with access to the match repo for check out the match repo. |- |✅ |✅ |✅ | |MATCH_PASS |Fastlane Match Passphrase for decrypting a match repository. |- |✅ |✅ |✅ | |APPSTORE_CONNECT_API_KEY|App Store Connect API https://docs.fastlane.tools/actions/app_store_connect_api_key/ for uploading build to TestFlight or App Store. Should be `base64` encoded.|- |- |- |✅ | -|FIREBASE_TOKEN |Firebase token https://firebase.google.com/docs/cli#cli-ci-systems for uploading build to Firebase Distributions and Analytics. |- |✅ |✅ |✅ For uploading dSYM to Crashlytics| +|FIREBASE_GOOGLE_APPLICATION_CREDENTIALS_BASE64|Google Service Firebase Account https://firebase.google.com/docs/app-distribution/ios/distribute-fastlane#service-acc-fastlane for uploading build to Firebase Distributions and Analytics. Should be `base64` encoded.|- |✅ |✅ |✅ For uploading dSYM to Crashlytics| ## Installation @@ -63,4 +63,4 @@ Make sure the following secrets are set up. - fastlane/Constants/Constants.rb 3. Get APPSTORE_CONNECT_API_KEY base64 from AuthKey file (.p8) with `cat AuthKey_ABCDEFGH.p8 | base64`. 4. Provide SECRETS noted in `yml` file in [Github Project's Setting](https://docs.github.com/en/actions/reference/encrypted-secrets) -4. Push changes to Github \ No newline at end of file +4. Push changes to Github diff --git a/.github/workflows/test_upload_build_to_firebase.yml b/.github/workflows/test_upload_build_to_firebase.yml index 8b0becfc..8aff8251 100644 --- a/.github/workflows/test_upload_build_to_firebase.yml +++ b/.github/workflows/test_upload_build_to_firebase.yml @@ -3,7 +3,7 @@ name: Test Upload Build to Firebase # SECRETS needed: ### SSH_PRIVATE_KEY for Match Repo ### MATCH_PASS -### FIREBASE_TOKEN +### FIREBASE_GOOGLE_APPLICATION_CREDENTIALS_BASE64 ### STAGING_FIREBASE_APP_ID ### TEAM_ID @@ -34,6 +34,13 @@ jobs: yarn global add firebase-tools echo "$(yarn global bin)" >> $GITHUB_PATH + - name: Read Google Service Account + id: firebase_service_account + uses: timheuer/base64-to-file@v1.2 + with: + fileName: 'firebase_service_account.json' + encodedString: ${{ secrets.FIREBASE_GOOGLE_APPLICATION_CREDENTIALS_BASE64 }} + - name: Bundle install run: bundle install @@ -67,7 +74,7 @@ jobs: - name: Build App and Distribute to Firebase run: bundle exec fastlane buildStagingAndUploadToFirebase env: - FIREBASE_TOKEN: ${{ secrets.FIREBASE_TOKEN }} + GOOGLE_APPLICATION_CREDENTIALS: ${{ steps.firebase_service_account.outputs.filePath }} - name: Upload Artifacts uses: actions/upload-artifact@v3 diff --git a/codemagic.yaml b/codemagic.yaml index 58272b88..a38fd69f 100644 --- a/codemagic.yaml +++ b/codemagic.yaml @@ -7,6 +7,7 @@ workflows: - fastlane xcode: latest cocoapods: default + firebase_service_account: $FIREBASE_SERVICE_ACCOUNT cache: cache_paths: - $HOME/Library/Caches/CocoaPods @@ -71,6 +72,7 @@ workflows: - fastlane xcode: latest cocoapods: default + firebase_service_account: $FIREBASE_SERVICE_ACCOUNT cache: cache_paths: - $HOME/Library/Caches/CocoaPods diff --git a/fastlane/Constants/Secret.swift b/fastlane/Constants/Secret.swift index 9385dd07..12f37911 100644 --- a/fastlane/Constants/Secret.swift +++ b/fastlane/Constants/Secret.swift @@ -11,8 +11,6 @@ enum Secret { static let keychainPassword = EnvironmentParser.string(key: "KEYCHAIN_PASSWORD") - static let firebaseCLIToken = EnvironmentParser.string(key: "FIREBASE_TOKEN") - static let appstoreConnectAPIKey = EnvironmentParser.string(key: "APPSTORE_CONNECT_API_KEY") static let appStoreKeyIdKey = EnvironmentParser.string(key: "API_KEY_ID") From ce963cad2ea1f50e430d471019313abd5cdba461 Mon Sep 17 00:00:00 2001 From: Bliss Pisit Wetcha Date: Mon, 9 Oct 2023 15:44:28 +0700 Subject: [PATCH 2/2] [#522] Use FIREBASE_SERVICE_ACCOUNT instead of FIREBASE_TOKEN --- fastlane/Helpers/Distribution.swift | 1 - 1 file changed, 1 deletion(-) diff --git a/fastlane/Helpers/Distribution.swift b/fastlane/Helpers/Distribution.swift index 9361dd4c..24548781 100644 --- a/fastlane/Helpers/Distribution.swift +++ b/fastlane/Helpers/Distribution.swift @@ -21,7 +21,6 @@ enum Distribution { app: .userDefined(environment.firebaseAppId), groups: .userDefined(groups), releaseNotes: .userDefined(releaseNotes), - firebaseCliToken: .userDefined(Secret.firebaseCLIToken), debug: .userDefined(true) ) }