Skip to content

Check for secrets #8289

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 6 commits into
base: main
Choose a base branch
from
Open

Check for secrets #8289

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
e34d4d7
Check for token
jsoref May 30, 2024
2241063
Check for secrets.* before running jobs
jsoref May 30, 2024
fdacc3b
Check for secrets.* before running jobs
jsoref May 30, 2024
455b9d5
Check for secrets.* before running jobs
jsoref May 30, 2024
a1a0a76
Check for secrets.* before running jobs
jsoref May 30, 2024
cbc6a2d
Check for secrets.* before running jobs
jsoref May 30, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .github/workflows/deploy-config.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,7 @@ jobs:
- name: Yarn install
run: yarn
- name: Deploy project config if needed
if: env.FIREBASE_CLI_TOKEN != ''
run: yarn ts-node scripts/ci-test/deploy-if-needed.ts
env:
FIREBASE_CLI_TOKEN: ${{secrets.FIREBASE_CLI_TOKEN}}
25 changes: 25 additions & 0 deletions .github/workflows/e2e-test.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,8 +24,33 @@ env:
NODE_OPTIONS: "--max_old_space_size=4096"

jobs:
has-secrets:
name: Check for Service Account Key
runs-on: ubuntu-latest
outputs:
has-secrets: ${{ steps.check-secrets.outputs.has-secrets }}
steps:
- name: Check for Service Account Key
id: check-secrets
env:
HAS_SECRETS: ${{
secrets.TEST_PROJECT_CONFIG != '' &&
secrets.TEST_ACCOUNT != '' &&
secrets.FIREBASE_CLI_TOKEN != '' &&
secrets.APP_CHECK_DEBUG_TOKEN != '' &&
secrets.JSCORE_CHAT_WEBHOOK_URL != '' &&
secrets.RELEASE_TRACKER_URL != '' &&
1 ||
''
}}
if: env.HAS_SECRETS
run: |
echo "has-secrets=1" >> $GITHUB_OUTPUTS

test:
needs: has-secrets
name: Run E2E Smoke Tests
if: needs.has-secrets.outputs.has-secrets
runs-on: ubuntu-latest

defaults:
Expand Down
20 changes: 18 additions & 2 deletions .github/workflows/health-metrics-pull-request.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,9 +33,24 @@ env:
NODE_OPTIONS: "--max-old-space-size=4096"

jobs:
has-sa-key:
name: Check for Service Account Key
runs-on: ubuntu-latest
outputs:
has-sa-key: ${{ steps.check-key.outputs.has-sa-key }}
steps:
- name: Check for Service Account Key
id: check-key
env:
HAS_SA_KEY: ${{ secrets.GCP_SA_KEY != '' && 1 || '' }}
if: env.HAS_SA_KEY
run: |
echo "has-sa-key=1" >> $GITHUB_OUTPUTS

binary-size:
needs: has-sa-key
name: Binary Size
if: (github.event_name == 'push' || !(github.event.pull_request.head.repo.fork)) && (github.actor != 'dependabot[bot]')
if: needs.has-sa-key.outputs.has-sa-key && (github.event_name == 'push' || !(github.event.pull_request.head.repo.fork)) && (github.actor != 'dependabot[bot]')
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
Expand All @@ -51,8 +66,9 @@ jobs:
- name: Run health-metrics/binary-size test
run: yarn size-report
modular-export-size:
needs: has-sa-key
name: Binary Size For Modular Exports
if: (github.event_name == 'push' || !(github.event.pull_request.head.repo.fork)) && (github.actor != 'dependabot[bot]')
if: needs.has-sa-key.outputs.has-sa-key && (github.event_name == 'push' || !(github.event.pull_request.head.repo.fork)) && (github.actor != 'dependabot[bot]')
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
Expand Down
16 changes: 16 additions & 0 deletions .github/workflows/health-metrics-release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,8 +19,24 @@ on:
tags: ['**']

jobs:
has-sa-key:
name: Check for Service Account Key
runs-on: ubuntu-latest
outputs:
has-sa-key: ${{ steps.check-key.outputs.has-sa-key }}
steps:
- name: Check for Service Account Key
id: check-key
env:
HAS_SA_KEY: ${{ secrets.GCP_SA_KEY != '' && 1 || '' }}
if: env.HAS_SA_KEY
run: |
echo "has-sa-key=1" >> $GITHUB_OUTPUTS

release-diffing:
needs: has-sa-key
name: Release Diffing
if: needs.has-sa-key.outputs.has-sa-key
runs-on: ubuntu-latest
steps:
- uses: 'google-github-actions/auth@v0'
Expand Down
72 changes: 72 additions & 0 deletions .github/workflows/release-prod.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,8 +24,80 @@ on:
required: true

jobs:
has-secrets:
name: Check for secrets
runs-on: ubuntu-latest
outputs:
has-secrets: ${{ steps.check-secrets.outputs.has-secrets }}
steps:
- name: Check for secrets
id: check-secrets
env:
HAS_SECRETS: ${{
secrets.NPM_TOKEN_ANALYTICS != '' &&
secrets.NPM_TOKEN_ANALYTICS_COMPAT != '' &&
secrets.NPM_TOKEN_ANALYTICS_INTEROP_TYPES != '' &&
secrets.NPM_TOKEN_ANALYTICS_TYPES != '' &&
secrets.NPM_TOKEN_API_DOCUMENTER != '' &&
secrets.NPM_TOKEN_APP != '' &&
secrets.NPM_TOKEN_APP_CHECK != '' &&
secrets.NPM_TOKEN_APP_CHECK_COMPAT != '' &&
secrets.NPM_TOKEN_APP_CHECK_INTEROP_TYPES != '' &&
secrets.NPM_TOKEN_APP_CHECK_TYPES != '' &&
secrets.NPM_TOKEN_APP_COMPAT != '' &&
secrets.NPM_TOKEN_APP_TYPES != '' &&
secrets.NPM_TOKEN_AUTH != '' &&
secrets.NPM_TOKEN_AUTH_COMPAT != '' &&
secrets.NPM_TOKEN_AUTH_INTEROP_TYPES != '' &&
secrets.NPM_TOKEN_AUTH_TYPES != '' &&
secrets.NPM_TOKEN_COMPONENT != '' &&
secrets.NPM_TOKEN_DATABASE != '' &&
secrets.NPM_TOKEN_DATABASE_COMPAT != '' &&
secrets.NPM_TOKEN_DATABASE_TYPES != '' &&
secrets.NPM_TOKEN_FIREBASE != '' &&
secrets.NPM_TOKEN_FIRESTORE != '' &&
secrets.NPM_TOKEN_FIRESTORE_COMPAT != '' &&
secrets.NPM_TOKEN_FIRESTORE_TYPES != '' &&
secrets.NPM_TOKEN_FUNCTIONS != '' &&
secrets.NPM_TOKEN_FUNCTIONS_COMPAT != '' &&
secrets.NPM_TOKEN_FUNCTIONS_TYPES != '' &&
secrets.NPM_TOKEN_INSTALLATIONS != '' &&
secrets.NPM_TOKEN_INSTALLATIONS_COMPAT != '' &&
secrets.NPM_TOKEN_INSTALLATIONS_TYPES != '' &&
secrets.NPM_TOKEN_LOGGER != '' &&
secrets.NPM_TOKEN_MESSAGING != '' &&
secrets.NPM_TOKEN_MESSAGING_COMPAT != '' &&
secrets.NPM_TOKEN_MESSAGING_INTEROP_TYPES != '' &&
secrets.NPM_TOKEN_MESSAGING_TYPES != '' &&
secrets.NPM_TOKEN_PERFORMANCE != '' &&
secrets.NPM_TOKEN_PERFORMANCE_COMPAT != '' &&
secrets.NPM_TOKEN_PERFORMANCE_TYPES != '' &&
secrets.NPM_TOKEN_POLYFILL != '' &&
secrets.NPM_TOKEN_REMOTE_CONFIG != '' &&
secrets.NPM_TOKEN_REMOTE_CONFIG_COMPAT != '' &&
secrets.NPM_TOKEN_REMOTE_CONFIG_TYPES != '' &&
secrets.NPM_TOKEN_RULES_UNIT_TESTING != '' &&
secrets.NPM_TOKEN_STORAGE != '' &&
secrets.NPM_TOKEN_STORAGE_COMPAT != '' &&
secrets.NPM_TOKEN_STORAGE_TYPES != '' &&
secrets.NPM_TOKEN_TESTING != '' &&
secrets.NPM_TOKEN_UTIL != '' &&
secrets.NPM_TOKEN_VERTEXAI != '' &&
secrets.NPM_TOKEN_VERTEXAI_PREVIEW != '' &&
secrets.NPM_TOKEN_WEBCHANNEL_WRAPPER != '' &&
secrets.OSS_BOT_GITHUB_TOKEN != '' &&
secrets.RELEASE_TRACKER_URL != '' &&
1 ||
''
}}
if: env.HAS_SECRETS
run: |
echo "has-secrets=1" >> $GITHUB_OUTPUTS

deploy:
needs: has-secrets
name: Production Release
if: needs.has-secrets.outputs.has-secrets
runs-on: ubuntu-latest
# Allow GITHUB_TOKEN to have write permissions
permissions:
Expand Down
74 changes: 73 additions & 1 deletion .github/workflows/release-staging.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,11 +40,83 @@ env:
NODE_OPTIONS: "--max_old_space_size=4096"

jobs:
has-secrets:
name: Check for secrets
runs-on: ubuntu-latest
outputs:
has-secrets: ${{ steps.check-secrets.outputs.has-secrets }}
steps:
- name: Check for secrets
id: check-secrets
env:
HAS_SECRETS: ${{
secrets.NPM_TOKEN_ANALYTICS != '' &&
secrets.NPM_TOKEN_ANALYTICS_COMPAT != '' &&
secrets.NPM_TOKEN_ANALYTICS_INTEROP_TYPES != '' &&
secrets.NPM_TOKEN_ANALYTICS_TYPES != '' &&
secrets.NPM_TOKEN_API_DOCUMENTER != '' &&
secrets.NPM_TOKEN_APP != '' &&
secrets.NPM_TOKEN_APP_CHECK != '' &&
secrets.NPM_TOKEN_APP_CHECK_COMPAT != '' &&
secrets.NPM_TOKEN_APP_CHECK_INTEROP_TYPES != '' &&
secrets.NPM_TOKEN_APP_CHECK_TYPES != '' &&
secrets.NPM_TOKEN_APP_COMPAT != '' &&
secrets.NPM_TOKEN_APP_TYPES != '' &&
secrets.NPM_TOKEN_AUTH != '' &&
secrets.NPM_TOKEN_AUTH_COMPAT != '' &&
secrets.NPM_TOKEN_AUTH_INTEROP_TYPES != '' &&
secrets.NPM_TOKEN_AUTH_TYPES != '' &&
secrets.NPM_TOKEN_COMPONENT != '' &&
secrets.NPM_TOKEN_DATABASE != '' &&
secrets.NPM_TOKEN_DATABASE_COMPAT != '' &&
secrets.NPM_TOKEN_DATABASE_TYPES != '' &&
secrets.NPM_TOKEN_FIREBASE != '' &&
secrets.NPM_TOKEN_FIRESTORE != '' &&
secrets.NPM_TOKEN_FIRESTORE_COMPAT != '' &&
secrets.NPM_TOKEN_FIRESTORE_TYPES != '' &&
secrets.NPM_TOKEN_FUNCTIONS != '' &&
secrets.NPM_TOKEN_FUNCTIONS_COMPAT != '' &&
secrets.NPM_TOKEN_FUNCTIONS_TYPES != '' &&
secrets.NPM_TOKEN_INSTALLATIONS != '' &&
secrets.NPM_TOKEN_INSTALLATIONS_COMPAT != '' &&
secrets.NPM_TOKEN_INSTALLATIONS_TYPES != '' &&
secrets.NPM_TOKEN_LOGGER != '' &&
secrets.NPM_TOKEN_MESSAGING != '' &&
secrets.NPM_TOKEN_MESSAGING_COMPAT != '' &&
secrets.NPM_TOKEN_MESSAGING_INTEROP_TYPES != '' &&
secrets.NPM_TOKEN_MESSAGING_TYPES != '' &&
secrets.NPM_TOKEN_PERFORMANCE != '' &&
secrets.NPM_TOKEN_PERFORMANCE_COMPAT != '' &&
secrets.NPM_TOKEN_PERFORMANCE_TYPES != '' &&
secrets.NPM_TOKEN_POLYFILL != '' &&
secrets.NPM_TOKEN_REMOTE_CONFIG != '' &&
secrets.NPM_TOKEN_REMOTE_CONFIG_COMPAT != '' &&
secrets.NPM_TOKEN_REMOTE_CONFIG_TYPES != '' &&
secrets.NPM_TOKEN_RULES_UNIT_TESTING != '' &&
secrets.NPM_TOKEN_STORAGE != '' &&
secrets.NPM_TOKEN_STORAGE_COMPAT != '' &&
secrets.NPM_TOKEN_STORAGE_TYPES != '' &&
secrets.NPM_TOKEN_TESTING != '' &&
secrets.NPM_TOKEN_UTIL != '' &&
secrets.NPM_TOKEN_VERTEXAI != '' &&
secrets.NPM_TOKEN_VERTEXAI_PREVIEW != '' &&
secrets.NPM_TOKEN_WEBCHANNEL_WRAPPER != '' &&
secrets.OSS_BOT_GITHUB_TOKEN != '' &&
secrets.OSS_BOT_GITHUB_TOKEN != '' &&
secrets.RELEASE_TRACKER_URL != '' &&
1 ||
''
}}
if: env.HAS_SECRETS
run: |
echo "has-secrets=1" >> $GITHUB_OUTPUTS

deploy:
needs: has-secrets
name: Staging Release
runs-on: ubuntu-latest
# Block this workflow if run on a non-release branch.
if: github.event.inputs.release-branch == 'release' || endsWith(github.event.inputs.release-branch, '-releasebranch')
if: needs.has-secrets.outputs.has-secrets && (github.event.inputs.release-branch == 'release' || endsWith(github.event.inputs.release-branch, '-releasebranch'))
steps:
- name: Set up node (20)
uses: actions/setup-node@v3
Expand Down
8 changes: 8 additions & 0 deletions .github/workflows/release-tweet.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,14 @@ jobs:
FORCE_PUBLISH: ${{ github.event.inputs.force }}
- name: Post to Twitter
uses: firebase/firebase-admin-node/.github/actions/send-tweet@master
if: ${{
env.consumer-key != '' &&
env.consumer-secret != '' &&
env.access-token != '' &&
env.access-token-secret != '' &&
1 ||
''
}}
with:
status: >
v${{github.event.inputs.version}} of @Firebase JavaScript client for Web / Node.js is available.
Expand Down
16 changes: 16 additions & 0 deletions .github/workflows/test-changed-firestore-integration.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,8 +21,24 @@ env:
NODE_OPTIONS: "--max_old_space_size=4096"

jobs:
has-sa-key:
name: Check for Service Account Key
runs-on: ubuntu-latest
outputs:
has-sa-key: ${{ steps.check-key.outputs.has-sa-key }}
steps:
- name: Check for Service Account Key
id: check-key
env:
HAS_SA_KEY: ${{ secrets.JSSDK_ACTIONS_SA_KEY != '' && 1 || '' }}
if: env.HAS_SA_KEY
run: |
echo "has-sa-key=1" >> $GITHUB_OUTPUTS

test:
needs: has-sa-key
name: Test Firestore Integration If Changed
if: needs.has-sa-key.outputs.has-sa-key
runs-on: ubuntu-latest
env:
run_terraform_steps: ${{ secrets.JSSDK_ACTIONS_SA_KEY != '' }}
Expand Down
Loading