I am creating a public android project and I am using Google Sign-In service. I am doing it according to this tutorial. As it says, I have got the google-services.json file.
The general answer is yes, the google-services. json is safe to check in to your repo and is something that should be shared among engineers on your team. The JSON file does not contain any super-sensitive information (like a server API key).
The google-services. json file is generally placed in the app/ directory (at the root of the Android Studio app module).
from the dashboard, add app android. Type android package name and name of the application then download google-service. json file in second setup. add app for ios, type IOS bundler id and name.
You can create a new build variant and store a template google-services.json
to be used for your build on your CI platform in your app build.gradle
.
Use a different google-services.json
for the new dev
build variant (see this post). Add the following google-services.json
template to app/src/dev
folder :
{ "project_info": { "project_number": "", "project_id": "" }, "client": [ { "client_info": { "mobilesdk_app_id": "1:123456789012:android:1234567890123456", "android_client_info": { "package_name": "com.your.package" } }, "oauth_client": [ { "client_id": "", "client_type": 3 }, { "client_id": "", "client_type": 1, "android_info": { "package_name": "com.your.package", "certificate_hash": "" } } ], "api_key": [ { "current_key": "" } ], "services": { "analytics_service": { "status": 2, "analytics_property": { "tracking_id": "" } }, "appinvite_service": { "status": 1, "other_platform_oauth_client": [] }, "ads_service": { "status": 1 } } } ], "configuration_version": "1" }
Note that I have extended this google-services in case you also use Google Analytics or GCM service.
You would have the following configuration :
app/ ├── src/ │ ├── main/ │ └── dev/ │ └── google-services.json ├── google-services.json └── build.gradle
You can use either :
Add the following build type:
buildTypes { dev { minifyEnabled true proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro' } }
We don't need to build this "dev" build variant in regular build, so you can exclude this variant if a parameter is not specified. Add the following to your app build.gradle
:
def build_param = "${build}"; if (build_param != "dev") { //exclude production build android.variantFilter { variant -> if (variant.buildType.name.equals('dev')) { variant.setIgnore(true); } } } else { //exclude all except production build android.variantFilter { variant -> if (!variant.buildType.name.equals('dev')) { variant.setIgnore(true); } } }
Add the dev
product flavor to existing ones :
productFlavors { full { } dev { } }
To remove this dev
product flavor from the regular build :
def build_param = "${build}"; if (build_param != "dev") { //exclude dev android.variantFilter { variant -> if (variant.getFlavors().get(0).name.equals('dev')) { variant.setIgnore(true); } } } else { //exclude all but dev android.variantFilter { variant -> if (!variant.getFlavors().get(0).name.equals('dev')) { variant.setIgnore(true); } } }
Eventually, add your app module google-services.json
to .gitignore
:
app/google-services.json
We have previously ensured that this dev
variant will only be used when parameter build=dev
is specified
Edit .travis.yml
to modify the build config :
script: - ./gradlew clean build -Pbuild=dev
-Pbuild=dev
will only build dev build variant using google-services.json
located in app/src/dev/google-services.json
Take a look at this sample project which is using google-services Google project
In Travis log, you can see that the JSON file being parsed is the one for the dev
build variant :
Parsing json file: /home/travis/build/bertrandmartel/android-googlesignin/app/src/dev/google-services.json
Note that this method is not limited to CI and can be extended for your production build when you require a production google-services.json
or a different AndroidManifest.xml
(with some specific properties like fabric.io key)
Check this method to prevent commitment of fabric keys embedded in AndroidManifest.xml (and can't be imported from gradle) that is using a different build variant and using a parameter to enable the production build.
You can use travis encrypt-file google-services.json
Documentation
You can do it by:
installed the Travis CI Command Line Client by running $ gem install travis
.
logged in to Travis CI using $ travis login
or $ travis login --pro
$ travis encrypt-file super_secret.txt encrypting super_secret.txt for rkh/travis-encrypt-file-example storing result as super_secret.txt.enc storing secure env variables for decryption
Then it will print on the console this:
openssl aes-256-cbc -K $encrypted_0a6446eb3ae3_key -iv $encrypted_0a6446eb3ae3_iv -in super_secret.txt.enc -out super_secret.txt -d
You can copy it to your .travis.yml
file as I did here
Do not forget to put your .enc
file on your GitHub repository.
If you have multiple files, you could zip them and then you unzip the decrypted file on the Travis ci.
For instance, you can do like this:
$ tar cvf secrets.tar foo bar $ travis encrypt-file secrets.tar $ vi .travis.yml $ git add secrets.tar.enc .travis.yml $ git commit -m 'use secret archive' $ git push
I did it.
In my case, I had two files to use on the build of my app. So, I used this due to travis does not support multiple encrypted files. Therefore, you zip then on one file and encrypt this file.
You can have a look at my travis script here
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With