I want to use a github action to deploy my firebase hosting:
name: Build and Deploy
on:
workflow_dispatch:
inputs:
branch_name:
description: 'Branch to deploy'
required: true
default: 'automation/deploy-app-action-development'
target_project_id:
description: 'Google Cloud Project ID for deployment'
required: true
default: 'my-dev-envdev1-3b3e57'
jobs:
build-and-deploy:
runs-on: ubuntu-latest
permissions:
id-token: write
contents: read
steps:
- name: Check out the branch
uses: actions/checkout@v3
with:
ref: ${{ github.event.inputs.branch_name }}
- id: auth
name: Authenticate using WIF
uses: google-github-actions/auth@v1
with:
token_format: 'access_token'
access_token_scopes: 'email, openid, https://www.googleapis.com/auth/cloud-platform, https://www.googleapis.com/auth/firebase'
workload_identity_provider: "projects/${{ secrets.GCP_PROJECT_NUMBER }}/locations/global/workloadIdentityPools/${{ secrets.GCP_IDENTITY_POOL_NAME }}/providers/github-provider"
service_account: "github-workload-federation-sa@fecra-automation.iam.gserviceaccount.com"
create_credentials_file: true
- name: Set up Google Cloud SDK
uses: google-github-actions/setup-gcloud@v1
with:
project_id: "${{ inputs.target_project_id }}"
export_default_credentials: true
# Install Firebase CLI
- name: Install Firebase CLI
run: npm install -g firebase-tools
# Set up Flutter using the Flutter Action
- name: Set up Flutter
uses: subosito/flutter-action@v2
with:
flutter-version: '3.24.5'
# Configure environment for Flutter
- name: Set up Environment
run: |
git config --global --add safe.directory /home/runner/work/my-app
flutter config --no-analytics
# Install dependencies for the Flutter app
- name: Install dependencies
working-directory: my_app
run: flutter pub get
# Build Flutter web app
- name: Build Flutter App (Web)
working-directory: my_app
run: flutter build web --release
- run: |
echo "SERVICE_ACCOUNT_KEY=$(cat "${{ steps.auth.outputs.credentials_file_path }}" | tr -d 'n')" >> $GITHUB_ENV
- name: Deploy to Firebase Hosting
uses: FirebaseExtended/action-hosting-deploy@v0
with:
projectId: "${{ inputs.target_project_id }}"
firebaseServiceAccount: "${{ env.SERVICE_ACCOUNT_KEY }}"
entryPoint: "my_app"
channelId: 'live'
- name: Cleanup temporary directory
if: always()
run: rm -rf tmp_build
The manual deployment in the cloud shell works if I impersonate my service account…
But on GitHub, the action fails with (the API is definitely enabled (I can see it when I click on the link). I think this error is misleading):
Error Context: {
"body": {
"error": {
"code": 403,
"message": "Firebase Hosting API has not been used in project *** before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/firebasehosting.googleapis.com/overview?project=*** then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry.",
"status": "PERMISSION_DENIED",
"details": [
{
"@type": "type.googleapis.com/google.rpc.Help",
"links": [
{
"description": "Google developers console API activation",
"url": "https://console.developers.google.com/apis/api/firebasehosting.googleapis.com/overview?project=***"
}
]
},
{
"@type": "type.googleapis.com/google.rpc.ErrorInfo",
"reason": "SERVICE_DISABLED",
"domain": "googleapis.com",
"metadata": {
"service": "firebasehosting.googleapis.com",
"consumer": "projects/***"
}
}
]
}
},
"response": {
"statusCode": 403
}
}
That the action deploys the app like with the manual deployment.