发表新帖
发表新帖

Google cloud built not substituting environment variable for firebase token

前端 未结
关注
1 904
深忆病人
深忆病人 2020-12-07 06:21

I have a cloud build trigger that attempts to push my application to firebase hosting. To do that I have an encrypted .env.enc file that contains the firebase token needed t

相关标签:
1条回答
  • 别跟我提以往
    2020-12-07 07:03

    Build firebase Docker image.

    See:

    • https://github.com/GoogleCloudPlatform/cloud-builders-community
    $ git clone https://github.com/GoogleCloudPlatform/cloud-builders-community
$ cd firebase
$ gcloud builds submit --config cloudbuild.yaml .

    Encrypt ci token

    $ firebase login:ci
$ gcloud kms keyrings create cloudbuilder --location global
$ gcloud kms keys create firebase-token --location global --keyring cloudbuilder --purpose encryption
$ echo -n <ciToken> | gcloud kms encrypt \
  --plaintext-file=- \
  --ciphertext-file=- \
  --location=global \
  --keyring=cloudbuilder \
  --key=firebase-token | base64

    Set encrypted ci token in cloudbuild.yaml

    See:

    • https://cloud.google.com/cloud-build/docs/securing-builds/use-encrypted-secrets-credentials?hl=ja#example_build_request_using_an_encrypted_variable
    • https://github.com/GoogleCloudPlatform/cloud-builders-community/blob/master/firebase/firebase.bash#L5
    • https://github.com/firebase/firebase-tools#user-content-using-with-ci-systems
    secrets:
- kmsKeyName: projects/<projectName>/locations/global/keyRings/cloudbuilder/cryptoKeys/firebase-token
  secretEnv:
    FIREBASE_TOKEN: <EncryptedCiToken>
steps:
- id: 'npm install'
  name: 'gcr.io/cloud-builders/npm'
  args: ['install']

- id: 'functions npm install'
  name: 'gcr.io/cloud-builders/npm'
  args: ['install']
  dir: 'functions'

- id: "deploy firebase"
  name: 'gcr.io/$PROJECT_ID/firebase'
  args: ['deploy', '--project=<projectName>']

# Deploy specific Firebase services
# (If you only want to deploy specific Firebase services or features)
#
# - id: "deploy firebase"
#   name: 'gcr.io/$PROJECT_ID/firebase'
#   args: ['deploy', '--only', 'functions', '--project=<projectName>']
# 
# - id: "deploy firebase storage"
#   name: 'gcr.io/$PROJECT_ID/firebase'
#   args: ['deploy', '--only', 'storage', '--project=<projectName>']
#   secretEnv: ['FIREBASE_TOKEN']
# 
# - id: "deploy firebase firestore"
#   name: 'gcr.io/$PROJECT_ID/firebase'
#   args: ['deploy', '--only', 'firestore', '--project=<projectName>']
#   secretEnv: ['FIREBASE_TOKEN']
# 
# - id: "deploy firebase hosting"
#   name: 'gcr.io/$PROJECT_ID/firebase'
#   args: ['deploy', '--only', 'hosting', '--project=<projectName>']

    More information

    • https://github.com/zkohi/firebase-sub-guides/blob/master/content/docs/ja/cd/index.md
    0 讨论(0)
 看不清?
提交回复
热议问题