0

When deploying flutter to firebase from local machine I do following and it works:

flutter build web
firebase deploy

When trying to deploy from GHA , my yaml file looks like this

test_deploy_to_dev:
    name: deploy
    needs:
      - label_check
    permissions:
      contents: read
      id-token: write

    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - id: auth
        name: 'Authenticate to Google Cloud'
        uses: 'google-github-actions/auth@v1'
        with:
          workload_identity_provider: 'projects/1111111/locations/global/workloadIdentityPools/abc/providers/xyz'
          service_account: 'firebase-deploy-flutter@project123.iam.gserviceaccount.com'

      - uses: subosito/flutter-action@v2
        with:
          channel: 'stable'
          cache: true
      - name: Run flutter pub get
        run: flutter pub get
      - name: Enable flutter web
        run: flutter config --enable-web
      - name: Build Web App
        run: flutter build web
      - name: deploy flutter to firestore
        run: |
          npm install -g firebase-tools
          firebase init
          firebase deploy

Google auth part works. In GHA, I get error - Failed to authenticate, have you run firebase login?

Aseem
  • 5,848
  • 7
  • 45
  • 69
  • Does this answer your question? [Firebase deploy in Github Actions gives Authorization failed error](https://stackoverflow.com/questions/60380374/firebase-deploy-in-github-actions-gives-authorization-failed-error) – Robert Sandberg Jun 15 '23 at 06:19
  • No. Method used for authentication in that link you provided is old and soon going to be deprecated – Aseem Jun 16 '23 at 02:48

1 Answers1

0

Error Failed to authenticate, have you run firebase login? happens because workload identity is not setup correctly.

Dont follow Official doc. It has a small error.

Instead follow Github doc. It shows how to create WIF through CLI and provides a working template to authorize GHA through WIF.

  • Enable "Firebase Management API" in your GCP project
  • Firebase project and gcp project are 2 different things. I was using sv_account from a gcp project to deploy into a different firebase project. Hence all those auth errors shown below.
  • sv_account needs following permissions:
    • Firebase Hosting Admin
    • Service Account User
  • In GHA template provided in Github doc link above: in workload_identity_provider key:
    • workload_identity_provider: 'projects/<gcp-project-id>/locations/global/workloadIdentityPools/<my-pool-id>/providers/<provider-id>'
    • use pool_id and provider_id. Dont use pool_name and provider_name
    • gcp_project_id (all int) is different from project_id.
Aseem
  • 5,848
  • 7
  • 45
  • 69