Make sure you've:
- Some experiences in flutter
- Basic understanding of Git & GitHub
- Working knowledge of setting-up a flutter app with firebase
Before starting
Let's gather some idea about GitHub Actions. GitHub Actions is a CI/CD tool for automation to build, test & deploy your projects on any platform. The idea behind this scenario is you need to create some workflows & running it in a container or, in a virtual machine. Nowadays, flutter-action - a third party utility is mostly used to build & test flutter applications on GitHub actions.
Let's start 😎
You might have worked with google-services.json during the registration of your flutter application in firebase. In most cases, developers refer it into the .gitignore and avoid committing the google-services.json file in GitHub due to security purpose. Avoiding to commit the JSON file is also considered to be a good practice. But doing so raises some problems too. Before diving deep, let's understand the problem through a case study.
Case Study
Your project manager is "Mr. X" who is very strict in terms of testing. Each branches must pass the CI/CD before merging it into the master/main branch. Your team uses GitHub Actions & the workflows of your project runs all the tests whenever a pull request is created. At some point, your app needs to communicate with firebase. In this situation your project needs to deal with google-services.json both in the development environment & the environment of GitHub Actions to pass the tests on each pull requests. Moreover, you can't expose the JSON file in public.
Seems difficult? Let's deal with it 😎
Solution (Step-by-Step)
-
tar archive: Usually, the google-services.json is located at
android/app
directory. Next, we will be creating a tar archive of the JSON file using these options:- c – creates a new .tar archive file
- v – verbosely show the .tar file progress
- f – file name type of the archive file
-
Creating tar: We will be naming the tar file as
services.tar
. Run the command below in your project's working directory to create the archive file:tar cvf services.tar android/app/google-services.json
-
.gitignore services.tar: Add the
services.tar
file in .gitignore. Don't forget to do this !! -
Encryption: Before encryption, make sure you've gnupg installed in your system. Run the command below to encrypt the services.tar file. During encryption, it will ask for password which will be used to decrypt the encrypted file. After running the command, there will be a new file in your project's working directory named
services.tar.gpg
. The command is :-
gpg -c services.tar
-
-
Secrets in GitHub: Replace the required part with your project's repository link in the below URL & head over to it:
-
https://<YOUR_GITHUB_REPOSITORY_LINK>/settings/secrets/new
- Or, you can find this by navigating to Settings > Secrets > New Secret of your repository.
-
Create secrets: There will be two parameters required to create a secret. In the first field
name
, enter the valueFIREBASE_SECRET
& in the second fieldvalue
, enter the password you've previously used to encrypt the tar archive file.Workflow: In your project's working directory, create a directory named as
.github
. Inside, the .github directory, createworkflows
directory. Then in the workflows directory, create a fileci.yml
. Lastly, paste the code below in ci.yml. Assuming you have a test program test/widget_test.dart. Modify the test command at the end as your needs.
name: CI
on: [pull_request, push]
jobs:
build:
name: build and test
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions/checkout@v1
- uses: actions/setup-java@v1
with:
java-version: '12.x'
- uses: subosito/flutter-action@v1
with:
channel: 'beta'
- run: flutter pub get
- name: Build
run: |
mkdir $HOME/private
gpg --quiet --batch --yes --decrypt --passphrase="$FIREBASE_SECRET" \
--output $HOME/private/services.tar services.tar.gpg
tar xvf $HOME/private/services.tar
flutter build appbundle
env:
FIREBASE_SECRET: ${{ secrets.FIREBASE_SECRET }}
- name: Test
run: flutter test test/widget_test.dart
Understanding the ci.yml
-
on: [pull_request, push]
: This workflow will work whenever someone push or, make a pull request. - In the
steps
we are:- Using required utilities.
- Running
flutter pub get
command to install required packages defined inpubspec.yaml
. - Decrypting the
services.tar.gpg
by using the password we have stored in the secretsFIREBASE_SECRET
. - Building & running the tests of our application on GitHub actions.
References:
Last but not the least
To err is human. If you find any mistakes here or, any sentence/word/code-snippet which can be corrected or, improved then feel free to knock me on Twitter. If you find this helpful then share it to help others too.
Top comments (7)
Hey, this article was super helpful!
I'm glad it helped you !! 🎉 😄
Thank you for the solution. But still getting an error as "File google-services.json is missing. The Google Services Plugin cannot function without it." So anyway to move decrypted file into android/app? TIA.
how to do it android project which uses java.
If your goal is to decrypt the google-services.json file before building your Java/Kotlin application on GitHub actions then the process will still be the same. You just need to replace the flutter build commands with the suitable ones that helps building Java/Kotlin applications.
Thanks
Welcome. Have a good day !