英文:
How to deploy flutter to firebase through github actions using workload identity federation
问题
在本地机器上部署Flutter到Firebase时,我执行以下步骤并且它有效:
flutter build web
firebase deploy
当尝试从GitHub Actions部署时,我的YAML文件如下:
test_deploy_to_dev:
name: deploy
needs:
- label_check
permissions:
contents: read
id-token: write
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- id: auth
name: 'Authenticate to Google Cloud'
uses: 'google-github-actions/auth@v1'
with:
workload_identity_provider: 'projects/1111111/locations/global/workloadIdentityPools/abc/providers/xyz'
service_account: 'firebase-deploy-flutter@project123.iam.gserviceaccount.com'
- uses: subosito/flutter-action@v2
with:
channel: 'stable'
cache: true
- name: Run flutter pub get
run: flutter pub get
- name: Enable flutter web
run: flutter config --enable-web
- name: Build Web App
run: flutter build web
- name: deploy flutter to firestore
run: |
npm install -g firebase-tools
firebase init
firebase deploy
Google身份验证部分有效。在GitHub Actions中,我收到错误消息 - Failed to authenticate, have you run firebase login?
英文:
When deploying flutter to firebase from local machine I do following and it works:
flutter build web
firebase deploy
When trying to deploy from GHA , my yaml file looks like this
test_deploy_to_dev:
name: deploy
needs:
- label_check
permissions:
contents: read
id-token: write
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- id: auth
name: 'Authenticate to Google Cloud'
uses: 'google-github-actions/auth@v1'
with:
workload_identity_provider: 'projects/1111111/locations/global/workloadIdentityPools/abc/providers/xyz'
service_account: 'firebase-deploy-flutter@project123.iam.gserviceaccount.com'
- uses: subosito/flutter-action@v2
with:
channel: 'stable'
cache: true
- name: Run flutter pub get
run: flutter pub get
- name: Enable flutter web
run: flutter config --enable-web
- name: Build Web App
run: flutter build web
- name: deploy flutter to firestore
run: |
npm install -g firebase-tools
firebase init
firebase deploy
Google auth part works.
In GHA, I get error - Failed to authenticate, have you run firebase login?
答案1
得分: 0
错误消息“Failed to authenticate, have you run firebase login?”是因为工作负载身份验证没有正确设置。
不要按照官方文档。它有一个小错误。
而是按照Github文档。它显示如何通过CLI创建WIF并提供一个用于授权GHA的工作模板。
- 在您的GCP项目中启用“Firebase管理API”
- Firebase项目和GCP项目是两个不同的东西。我正在使用来自GCP项目的sv_account部署到不同的Firebase项目。因此,下面显示的所有授权错误。
- sv_account需要以下权限:
- Firebase Hosting管理员
- 服务帐户用户
- 在上述Github文档链接中提供的GHA模板中,在workload_identity_provider键中:
workload_identity_provider: 'projects/<gcp-project-id>/locations/global/workloadIdentityPools/<my-pool-id>/providers/<provider-id>'
- 使用pool_id和provider_id。不要使用pool_name和provider_name
- gcp_project_id(全部为整数)与project_id不同。
英文:
Error Failed to authenticate, have you run firebase login?
happens because workload identity is not setup correctly.
Dont follow Official doc. It has a small error.
Instead follow Github doc. It shows how to create WIF through CLI and provides a working template to authorize GHA through WIF.
- Enable "Firebase Management API" in your GCP project
- Firebase project and gcp project are 2 different things. I was using sv_account from a gcp project to deploy into a different firebase project. Hence all those auth errors shown below.
- sv_account needs following permissions:
- Firebase Hosting Admin
- Service Account User
- In GHA template provided in Github doc link above: in workload_identity_provider key:
workload_identity_provider: 'projects/<gcp-project-id>/locations/global/workloadIdentityPools/<my-pool-id>/providers/<provider-id>'
- use pool_id and provider_id. Dont use pool_name and provider_name
- gcp_project_id (all int) is different from project_id.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论