Skip to content

feat: make firebaseServiceAccount input optional #398

New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom
Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

feat: make firebaseServiceAccount input optional #398

wants to merge 4 commits into from

Conversation

lucetre
Copy link

@lucetre lucetre commented Dec 6, 2024
edited
Loading

Key Changes:

  1. Optional firebaseServiceAccount Input:
    The firebaseServiceAccount input is no longer required. If not provided, the action defaults to using the Application Default Credentials (ADC) available in the GitHub Actions environment. This reduces the need for explicitly managing and passing a service account key JSON file.
jobs:
  demos:
    runs-on: ubuntu-latest
    permissions:
      contents: "read"
      id-token: "write"

    steps:
      - uses: actions/checkout@v4
      - uses: google-github-actions/auth@v2
        with:
          project_id: ${{ vars.PROJECT_ID }}
          workload_identity_provider: ${{ vars.WORKLOAD_IDENTITY_FEDERATION_PROVIDER_ID }}
          service_account: ${{ vars.SERVICE_ACCOUNT }}

      - uses: FirebaseExtended/action-hosting-deploy@main
        with:
          # firebaseServiceAccount: CAN_BE_OMITTED
          projectId: ${{ vars.PROJECT_ID }}
          channelId: live
          entryPoint: ./demo

Expected Outcomes

  1. Improved Security:
    By leveraging default credentials, this change minimizes the usage of static key JSON files, which can pose security risks if mishandled or exposed.
  2. Simplified Workflow Configuration:
    Users can now avoid creating and storing a firebaseServiceAccount secret unless explicitly needed, streamlining the setup process and reducing overhead.
  3. Backward Compatibility:
    Existing workflows that supply a firebaseServiceAccount key JSON will continue to function as before, with no changes required.

lucetre
lucetre commented Dec 6, 2024
View reviewed changes
lucetre
lucetre commented Dec 6, 2024
View reviewed changes
lucetre
lucetre commented Dec 6, 2024
View reviewed changes
@lucetre lucetre mentioned this pull request Dec 6, 2024
Merged
DevSusu
DevSusu approved these changes Dec 6, 2024
View reviewed changes
Copy link

@DevSusu DevSusu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@lucetre lucetre mentioned this pull request Dec 7, 2024
Open
1 task
lucetrez
lucetrez approved these changes Dec 7, 2024
View reviewed changes
Copy link

@lucetrez lucetrez left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

cychoi1z
cychoi1z approved these changes Dec 9, 2024
View reviewed changes
Copy link

@cychoi1z cychoi1z left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@christopherL91
Copy link

What happened to this? I would love to see this feature available

# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@DevSusu DevSusu DevSusu approved these changes

@cychoi1z cychoi1z cychoi1z approved these changes

@lucetrez lucetrez lucetrez approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@lucetre @christopherL91 @DevSusu @cychoi1z @lucetrez