-
Notifications
You must be signed in to change notification settings - Fork 39
111 lines (97 loc) · 3.5 KB
/
configure_apphosting.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
name: Configure
on:
push:
branches:
- main
permissions:
actions: read
contents: read
jobs:
firebase_secrets_update:
name: Secrets
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
config:
- secret: tanamApiKey
variable: NEXT_PUBLIC_FIREBASE_API_KEY
- secret: tanamAuthDomain
variable: NEXT_PUBLIC_FIREBASE_AUTH_DOMAIN
- secret: tanamDatabaseUrl
variable: NEXT_PUBLIC_FIREBASE_DATABASE_URL
- secret: tanamProjectId
variable: NEXT_PUBLIC_FIREBASE_PROJECT_ID
- secret: tanamStorageBucket
variable: NEXT_PUBLIC_FIREBASE_STORAGE_BUCKET
- secret: tanamMessagingSenderId
variable: NEXT_PUBLIC_FIREBASE_MESSAGING_SENDER_ID
- secret: tanamAppId
variable: NEXT_PUBLIC_FIREBASE_APP_ID
- secret: tanamMeasurementId
variable: NEXT_PUBLIC_FIREBASE_MEASUREMENT_ID
- secret: tanamGenAiApiKey
variable: GEMINI_API_KEY
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: actions/setup-node@v4
with:
node-version: 20
cache: "npm"
- run: npm ci --legacy-peer-deps
- name: Load environment variable value
id: load_env
shell: bash
run: |
eval $(echo "${{ secrets.APP_CMS_DOT_ENV }}")
value=$(eval echo \$${{ matrix.config.variable }})
if [ -z "$value" ]; then
echo "Environment variable ${{ matrix.config.variable }} is missing in the .env file!"
exit 1
fi
echo "CONFIG_VALUE=${value}" >> $GITHUB_ENV
- name: Save current value to a file
uses: w9jds/firebase-action@master
continue-on-error: true
with:
args: apphosting:secrets:access ${{ matrix.config.secret }} > ${{ matrix.config.secret }}
env:
GCP_SA_KEY: ${{ secrets.FIREBASE_DEPLOY_SA }}
- name: Check if secret value has changed
id: check_secret
shell: bash
run: |
if [ -f "${{ matrix.config.secret }}" ]; then
current_value=$(cat ${{ matrix.config.secret }})
else
current_value=""
fi
if [ "$current_value" = "${{ env.CONFIG_VALUE }}" ]; then
echo "The value for ${{ matrix.config.secret }} has not changed."
echo "SKIP_UPDATE=true" >> $GITHUB_ENV
else
echo "The value for ${{ matrix.config.secret }} has changed or the secret does not exist."
echo ${{ env.CONFIG_VALUE }} | tr -d '[:space:]' > ${{ matrix.config.variable }}
echo "SKIP_UPDATE=false" >> $GITHUB_ENV
fi
- name: Set secret value in Firebase
if: env.SKIP_UPDATE == 'false'
uses: w9jds/firebase-action@master
with:
args: apphosting:secrets:set --force --data-file ${{ matrix.config.variable }} ${{ matrix.config.secret }}
env:
GCP_SA_KEY: ${{ secrets.FIREBASE_DEPLOY_SA }}
- name: Grant access to the secret
if: env.SKIP_UPDATE == 'false'
uses: w9jds/firebase-action@master
with:
args: apphosting:secrets:grantaccess --backend ${{ secrets.APP_HOSTING_BACKEND }} ${{ matrix.config.secret }}
env:
GCP_SA_KEY: ${{ secrets.FIREBASE_DEPLOY_SA }}
- name: Clean up
if: always()
run: |
rm -f ${{ matrix.config.variable }}
rm -f ${{ matrix.config.secret }}