如何通过 GitHub Actions 使用工作负载标识联合将 Flutter 部署到 Firebase

huangapple go评论66阅读模式
英文:

How to deploy flutter to firebase through github actions using workload identity federation

问题

在本地机器上部署Flutter到Firebase时,我执行以下步骤并且它有效:

flutter build web
firebase deploy

当尝试从GitHub Actions部署时,我的YAML文件如下:

test_deploy_to_dev:
    name: deploy
    needs:
      - label_check
    permissions:
      contents: read
      id-token: write

    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - id: auth
        name: 'Authenticate to Google Cloud'
        uses: 'google-github-actions/auth@v1'
        with:
          workload_identity_provider: 'projects/1111111/locations/global/workloadIdentityPools/abc/providers/xyz'
          service_account: 'firebase-deploy-flutter@project123.iam.gserviceaccount.com'

      - uses: subosito/flutter-action@v2
        with:
          channel: 'stable'
          cache: true
      - name: Run flutter pub get
        run: flutter pub get
      - name: Enable flutter web
        run: flutter config --enable-web
      - name: Build Web App
        run: flutter build web
      - name: deploy flutter to firestore
        run: |
          npm install -g firebase-tools
          firebase init
          firebase deploy          

Google身份验证部分有效。在GitHub Actions中,我收到错误消息 - Failed to authenticate, have you run firebase login?

英文:

When deploying flutter to firebase from local machine I do following and it works:

flutter build web
firebase deploy

When trying to deploy from GHA , my yaml file looks like this

test_deploy_to_dev:
    name: deploy
    needs:
      - label_check
    permissions:
      contents: read
      id-token: write

    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - id: auth
        name: 'Authenticate to Google Cloud'
        uses: 'google-github-actions/auth@v1'
        with:
          workload_identity_provider: 'projects/1111111/locations/global/workloadIdentityPools/abc/providers/xyz'
          service_account: 'firebase-deploy-flutter@project123.iam.gserviceaccount.com'

      - uses: subosito/flutter-action@v2
        with:
          channel: 'stable'
          cache: true
      - name: Run flutter pub get
        run: flutter pub get
      - name: Enable flutter web
        run: flutter config --enable-web
      - name: Build Web App
        run: flutter build web
      - name: deploy flutter to firestore
        run: |
          npm install -g firebase-tools
          firebase init
          firebase deploy

Google auth part works.
In GHA, I get error - Failed to authenticate, have you run firebase login?

答案1

得分: 0

错误消息“Failed to authenticate, have you run firebase login?”是因为工作负载身份验证没有正确设置。

不要按照官方文档。它有一个小错误。

而是按照Github文档。它显示如何通过CLI创建WIF并提供一个用于授权GHA的工作模板。

  • 在您的GCP项目中启用“Firebase管理API”
  • Firebase项目和GCP项目是两个不同的东西。我正在使用来自GCP项目的sv_account部署到不同的Firebase项目。因此,下面显示的所有授权错误。
  • sv_account需要以下权限:
    • Firebase Hosting管理员
    • 服务帐户用户
  • 在上述Github文档链接中提供的GHA模板中,在workload_identity_provider键中:
    • workload_identity_provider: 'projects/<gcp-project-id>/locations/global/workloadIdentityPools/<my-pool-id>/providers/<provider-id>'
    • 使用pool_id和provider_id。不要使用pool_name和provider_name
    • gcp_project_id(全部为整数)与project_id不同。
英文:

Error Failed to authenticate, have you run firebase login? happens because workload identity is not setup correctly.

Dont follow Official doc. It has a small error.

Instead follow Github doc. It shows how to create WIF through CLI and provides a working template to authorize GHA through WIF.

  • Enable "Firebase Management API" in your GCP project
  • Firebase project and gcp project are 2 different things. I was using sv_account from a gcp project to deploy into a different firebase project. Hence all those auth errors shown below.
  • sv_account needs following permissions:
    • Firebase Hosting Admin
    • Service Account User
  • In GHA template provided in Github doc link above: in workload_identity_provider key:
    • workload_identity_provider: &#39;projects/&lt;gcp-project-id&gt;/locations/global/workloadIdentityPools/&lt;my-pool-id&gt;/providers/&lt;provider-id&gt;&#39;
    • use pool_id and provider_id. Dont use pool_name and provider_name
    • gcp_project_id (all int) is different from project_id.

huangapple
  • 本文由 发表于 2023年6月15日 09:17:55
  • 转载请务必保留本文链接:https://go.coder-hub.com/76478485.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定