0

I have a App Engine project I am deploying through Gitlab CI to Google Cloud App Engine. The project uses Firebase Admin. To authorize the application a secret file called private-key.json containing the credentials is required.

To handle this file I have stored it in a Gitlab CI file secret and copy it to the working directory during build. In the deployment step I deploy to App Engine with:

gcloud --quiet --project "$PROJECT_ID_PRODUCTION" app deploy app.yaml --version "$CI_COMMIT_SHORT_SHA"  --no-promote

When browsing the source on the App Engine version the file is missing. All other files are there.

I was not able to find any documented rule causing this behavior. What am I missing that causes the file not to be deployed?

Simon
  • 4,395
  • 8
  • 33
  • 50

1 Answers1

0

first: an app deployer to App Engine will automatically have the relevant Google credentials stored in its Env Variables to be able to authenticate with any Google Cloud Services on the same project. So firebase services will be authenticated and normally accessible by default.

Now, if you need to pass a private key to your instance, make sure that it is indeed stored in the repo being deployed (for example on Angular it would be the distin Next maybe build, etc...).

Also, make sure that your .cloudignore file does not contain your private key!

mikegross
  • 1,674
  • 2
  • 12
  • 27
  • Thanks. Ignore rules have been checked, all other files in the root dir are included. – Simon Jun 06 '22 at 06:50
  • The credentials are needed by the application, not the deployer. I don't know how to provide them else. – Simon Jun 06 '22 at 06:54
  • In your app engine instance, the google stores automatically credentials that will allow any firebase or google cloud service to start without you being forced to pass a set of credentials for the same project. Is that the case? – mikegross Jun 06 '22 at 06:55