Login/Register
Google services json file for github actions?
Asked Answered
Solved androidlinuxfirebasegithub-actionsgithub-cli
A

3

10

I am currently working on a android project and I use github action to test the project. But whenever it build it ends up with an error for not finding the google-services.json file.

The error generated is as follows

File google-services.json is missing. The Google Services Plugin cannot function without it.

Now, I don't want to commit or upload the google-services.json file on the github. So, Is there any other way to solve this?

Ara answered 3/1, 2022 at 16:23 Comment(3)
Never ever upload secrets to your repositories. You can define secure CI variables for that purpose.Floating
Although it's not so risky if anyone reverse engineer the app and sees them, you should not commit them to Github as mentioned by Firebase in the documentation. Also checkout: Is google-services.json safe from hackers?Substantiate
@Floating Yeah actually it helped but doesn't give the proper way to do for github. But now I have figured out the solution : )Ara
A
13

Well... I have found the solution but in case if anyone needs I am explaining here.

We can store the content of google-sevices.json in Environment variable (aka Secrets in github). Actually github uses linux based cli so we have to execute some command on the cli using github actions.

There will be two steps ...

  • Firstly create the google-services.json file in base64
- name: Create file
  run: cat /home/runner/work/<Project-Name>/<Project-Name>/app/google-services.json | base64
  • Then put data in the file (basically this fetch data from github secrets and put the data in json file before building the application)
- name: Putting data
  env:
    DATA: ${{ secrets.GOOGLE_SERVICES_JSON }}
  run: echo $DATA > /home/runner/work/<Project-Name>/<Project-Name>/app/google-services.json
  • Then define the content of google-services.json file in the github secrets via: Setting > Secrets > New Repository Secret using name GOOGLE_SERVICES_JSON

Both of these commands should be placed before the gradle build command in gradle.yml

By doing this your google-services.json file will be created and has data also so the app will build successfully.

Ara answered 7/1, 2022 at 6:18 Comment(6)
What's the point of converting it to base64? Why not just store it as JSON?Tiberias
prob just so that the data is preserved through different systems, no special chars, escapes etc things like that. @TimMalseedSculpsit
Does this actually store the data as base64? It looks like it's piping the result of the cat command into base64 which shouldn't do anything. This is working on my repository with google-services.json stored as a secret in base64: touch ./app/google-services.json && echo $GOOGLE_SERVICES_JSON | base64 -d > ./app/google-services.jsonChauffer
but i am facing below error while creating file An error occurred trying to start process '/usr/bin/bash' with working directory '/home/runner/work/***-clone/***-clone/tmp'. No such file or directory & path saying that i am not in project directory path ls -la shell: /usr/bin/bash -e {0}Thulium
Doesn't work on macOS CI though because path starts with /Users Result of pwd is /Users/runner/work/<Project>/<Project>Ripp
If you have the No such file or directory error, just beware of a possible typo on the path lacking the android folder. It should be /home/runner/work/<Project-Name>/<Project-Name>/android/app/google-services.json, so /<Project-Name>/android/app instead of /<Project-Name>/app.Saccharoid
M
10

Adding any sort of credentials to your GitHub repo is dangerous and ill-advised. Even if the repo is private and you are the only one using it right now, maybe you'll invite other people later and unless you change the git history, your credentials will always be accessible even if you delete them via a new commit.

Instead, put your credentials (in this case, google-services.json) in a GitHub Action secret and read that secret from the CI file. GitHub secrets are a great place to store this information because only the actions you run can read them and not other members of the repository.

  1. Encode your file as base64 on your local computer so that it may be easily stored in environment variables: base64 google-services.json
    To have it as a single line, you can use base64 -w 0

  2. Copy the output and store it in a new GitHub Action secret (can be found in the Settings tab of your repository) named GOOGLE_SERVICES_JSON

  3. In your GitHub Action yml, right before you build, add this step, which adds your encoded file to an environment variable, then decodes it and adds it into the Action's worker directory:

- name: Create Google Services JSON File
  env:
    GOOGLE_SERVICES_JSON: ${{ secrets.GOOGLE_SERVICES_JSON }}
  run: echo $GOOGLE_SERVICES_JSON | base64 -di > ./<folder>/google-services.json

<folder> is whatever folder you need for your build. In my Action, I was trying to build an android APK, so my path was ./android/app/google-services.json. Also, depending on your path, you may need to create the directory first: run: mkdir <folder> && echo $GOOGLE_SERVICES_JSON | base64 -di > ./<folder>/google-services.json

base64 -di decodes the encoded file and also gets rid of "garbage" characters, like newlines that were probably brought over when you copied the original encoded file into the Action secret.

Maunder answered 15/1, 2023 at 19:36 Comment(0)
W
1

If you are making any public repo or any sample app, you should not commit the google-services.json file to the Github repo.

While you are working on private repo it depends on how collaborators are managing the firebase credentials. google-services.json file will have access key and fingerprints of firebase projects.

Conclusion: Don't share the google-services.json file over any SVN or Git repo. User can add their own google-services.json file to the project and run it on the testing environment.

Woodring answered 3/1, 2022 at 19:9 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.