Google cloud built not substituting environment variable for firebase token
Solution 1:
Build firebase Docker image.
See:
- https://github.com/GoogleCloudPlatform/cloud-builders-community
$ git clone https://github.com/GoogleCloudPlatform/cloud-builders-community
$ cd firebase
$ gcloud builds submit --config cloudbuild.yaml .
Encrypt ci token
$ firebase login:ci
$ gcloud kms keyrings create cloudbuilder --location global
$ gcloud kms keys create firebase-token --location global --keyring cloudbuilder --purpose encryption
$ echo -n <ciToken> | gcloud kms encrypt \
--plaintext-file=- \
--ciphertext-file=- \
--location=global \
--keyring=cloudbuilder \
--key=firebase-token | base64
Set encrypted ci token in cloudbuild.yaml
See:
- https://cloud.google.com/cloud-build/docs/securing-builds/use-encrypted-secrets-credentials?hl=ja#example_build_request_using_an_encrypted_variable
- https://github.com/GoogleCloudPlatform/cloud-builders-community/blob/master/firebase/firebase.bash#L5
- https://github.com/firebase/firebase-tools#user-content-using-with-ci-systems
secrets:
- kmsKeyName: projects/<projectName>/locations/global/keyRings/cloudbuilder/cryptoKeys/firebase-token
secretEnv:
FIREBASE_TOKEN: <EncryptedCiToken>
steps:
- id: 'npm install'
name: 'gcr.io/cloud-builders/npm'
args: ['install']
- id: 'functions npm install'
name: 'gcr.io/cloud-builders/npm'
args: ['install']
dir: 'functions'
- id: "deploy firebase"
name: 'gcr.io/$PROJECT_ID/firebase'
args: ['deploy', '--project=<projectName>']
# Deploy specific Firebase services
# (If you only want to deploy specific Firebase services or features)
#
# - id: "deploy firebase"
# name: 'gcr.io/$PROJECT_ID/firebase'
# args: ['deploy', '--only', 'functions', '--project=<projectName>']
#
# - id: "deploy firebase storage"
# name: 'gcr.io/$PROJECT_ID/firebase'
# args: ['deploy', '--only', 'storage', '--project=<projectName>']
# secretEnv: ['FIREBASE_TOKEN']
#
# - id: "deploy firebase firestore"
# name: 'gcr.io/$PROJECT_ID/firebase'
# args: ['deploy', '--only', 'firestore', '--project=<projectName>']
# secretEnv: ['FIREBASE_TOKEN']
#
# - id: "deploy firebase hosting"
# name: 'gcr.io/$PROJECT_ID/firebase'
# args: ['deploy', '--only', 'hosting', '--project=<projectName>']
More information
- https://github.com/zkohi/firebase-sub-guides/blob/master/content/docs/ja/cd/index.md