When using KEY_FILE option, service account key file includes project_id, but firebase-deploy doesn't seem to use it. So we have to specify PROJECT_ID independently.
@MasaGon actually you may not specify the project. It is good practise to specify the project you want to deploy to in .firebaserc file and this option is also available in firebase-deploy pipe.
Regarding key file, it is used for authentication and just confirms that you can deploy to the exact project.
.filebaserc may have multiple projects like this. So, detecting project with KEY_FILE is the most reasonable way when using KEY_FILE, I think.
{
"projects": {
"default": "some-project1",
"development": "some-project2",
"staging": "some-project3",
"production": "some-project4"
}
}
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
@MasaGon yes, KEY_FILE is used to authenticate as well as FIREBASE_TOKEN, and need to be generated on gcp site as key for service role with appropriate permissions, you can also specify there which project may be accessed.
Explain if you have another format for this authentication and want to use key file for specific project id, so if you specify another project, it will fail with 403 forbidden error?
Or do you have another need for your pipeline?
Best regards, Galyna
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
KEY_FILE format is like this. You can see project_id is included. So I don't understand why you have to specify PROJECT_ID separately. We use multiple project for each production, staging and development environment. On some case, deployment is failed without PROJECT_ID. I think PROJECT_ID is unnecessary when KEY_FILE is specified.
{
"type": "service_account",
"project_id": "******************",
"private_key_id": "******************",
"private_key": "-----BEGIN PRIVATE KEY-----*****************-----END PRIVATE KEY-----\n",
"client_email": "***************",
"client_id": "***************",
"auth_uri": "https://accounts.google.com/o/oauth2/auth",
"token_uri": "https://oauth2.googleapis.com/token",
"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
"client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/*******************"
}
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.