Add GOOGLE_APPLICATION_CREDENTIALS to deploy functions for Firebase un Github Actions CI/CD pipeline

Question

After reading all of the forums on the topic I still haven't found an answer to my question. I want to deploy Firebase functions via a GitHub actions workflow.

For this I cannot use firebase login, I must use Google Service Account Credentials. I have downloaded the json and copied it to a secret variable called SERVICE_ACCOUNT_STAGING in the GitHub actions secrets.

Here is my code:

name: Deploy to Firebase Hosting project XXX when pushed on other branches than main (for example, staging)

on:
  push:

env:

  SERVICE_ACCOUNT_STAGING: ${{secrets.SERVICE_ACCOUNT_STAGING}}

jobs:

  deploy_cloud_functions_staging:
    name: deploy cloud functions to staging
    runs-on: ubuntu-latest
    defaults:
      run:
        working-directory: ./functions
    if: github.ref != 'refs/heads/main'
    steps:
      - uses: actions/checkout@v4
      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version: 20
          cache: 'npm'
      - run: npm ci --ignore-scripts
      - run: npm run build

      - name: Write secrets to JSON file
        run: |
          echo "${{ secrets.SERVICE_ACCOUNT_STAGING }}" > credentials.json
          

      - name: Install firebase
        run: npm i -g firebase-tools@latest

      - name: deploy function
        env:
          PROJECT_ID: "XXX"
        run: |
          echo "Current Directory Location: $(pwd)"
          echo "List of Files:"
          ls -1
          cat credentials.json
          export GOOGLE_APPLICATION_CREDENTIALS="/home/runner/work/XXX/XXX/functions/credentials.json"
          echo "GOOGLE_APPLICATION_CREDENTIALS=$GOOGLE_APPLICATION_CREDENTIALS"

          firebase use xxx-station-staging 
          firebase deploy --only functions --non-interactive --debug

But my pipeline fail as it asks me if I ran firebase login. It means the script cannot find the Service account credentials. At this point, I have no theories as to my this is not working. What can I try next?

I have tried storing the credentials as string and as base64 in the GitHub action secret. I am expecting the firebase-tools to pick up automatically the GOOGLE_APPLICATION_CREDENTIALS variable and not ask me to do firebase login.

Answer 1

I'am using the workflow: jsdaniell/create-json@v1to "convert in json.

Here is an example:

      - name: Generate Google Application Credentials
        id: create-json
        uses: jsdaniell/create-json@v1
        with:
          name: "credentials.json"
          json: "${{ secrets.FIREBASE_TOKEN }}"

      - name: Use Google Application Credentials
        run: echo "GOOGLE_APPLICATION_CREDENTIALS=$(readlink -f credentials.json)" >> $GITHUB_ENV