diff --git a/.github/workflows/firebase-deploy.yml b/.github/workflows/firebase-deploy.yml index 6cc9abb..7efd14b 100644 --- a/.github/workflows/firebase-deploy.yml +++ b/.github/workflows/firebase-deploy.yml @@ -9,19 +9,6 @@ on: jobs: deploy: runs-on: ubuntu-latest - # permissions: - # actions: write - # checks: write - # contents: write - # deployments: write - # id-token: write # This is required for requesting the JWT - # issues: write - # packages: write - # pages: write - # pull-requests: write - # repository-projects: write - # security-events: write - # statuses: write steps: - uses: actions/checkout@v4 - name: Use Node.js @@ -30,8 +17,6 @@ jobs: node-version: 20 - name: Set correct firebase project based on git branch. run: echo "FIREBASE_PROJECT=$(if [ ${{ github.ref }} == 'refs/heads/main' ]; then echo 'prod'; else echo 'dev'; fi)" >> $GITHUB_ENV - # - name: Set correct GCP project - # run: echo "GCP_PROJECT_FOR_BRANCH=$(if [ ${{ github.ref }} == 'refs/heads/main' ]; then echo 'weatherkids-f85f4'; else echo 'weatherkids-dev-67016'; fi)" >> $GITHUB_ENV - name: Install dependencies. run: npm ci - name: Set env vars @@ -39,12 +24,15 @@ jobs: if [ ${{ github.ref }} == 'refs/heads/main' ]; then DB=${{ secrets.WEATHERKIDS_DB_URL_PROD }} FILE='.env.prod' + JWTSECRET=${{ secrets.WEATHERKIDS_JWT_SECRET_PROD }} else DB=${{ secrets.WEATHERKIDS_DB_URL_DEV }} FILE='.env.dev' + JWTSECRET=secret fi echo "DB_FOR_BRANCH=$DB" >> $GITHUB_ENV echo "FILE_FOR_BRANCH=$FILE" >> $GITHUB_ENV + echo "SECRET_FOR_BRANCH=$JWTSECRET" >> $GITHUB_ENV - name: Make envfile uses: SpicyPizza/create-envfile@v2.0 with: @@ -52,7 +40,7 @@ jobs: envkey_MOBILE_CLIENT_ID: ${{ secrets.MOBILE_CLIENT_ID }} envkey_WEATHERCOM_CLIENT_ID: ${{ secrets.WEATHERCOM_CLIENT_ID }} envkey_MONGO_URL: ${{ env.DB_FOR_BRANCH }} - envkey_JWT_SECRET: secret + envkey_JWT_SECRET: ${{ env.SECRET_FOR_BRANCH }} - name: Deploy to firebase cloud functions. uses: w9jds/firebase-action@v13.6.0 with: