Using Firebase service account in CI systems when using Firebase hosting

Using firebase service account with Github actions

When using firebase with CI, Firebase documentation recommends using `login:ci` with `--token` flag to specify CI token while building

However, it also throws a warning to use Firebase service account instead as the long term alternative

Steps to follow to use firebase service account instead of CI token:

- Install firebase cli as mentioned here - here

- Use this link to create workflows Link - Firebase docs

(during this process you would see the name of the service account thats retrieved or generated, keep this handy, you would need this later)

Sample github actions file

github-gist

If you've followed all above steps so far, you'll be stuck on one thing in your CI env. IAM role.

Key thing is to make sure service account used in this process has `roles.iamServiceAccountUser` added in its roles. Way to achieve this is:

- First check the name of the service account being used. This would be the same name you noted in above step

- Go to Google Cloud console and go to IAM section

- Check the service accounts present and check the roles present on the service account in step above

- It should have Service Account User role missing, click on Add Role and select Service Account User role (should be under service account)

- Add this role and update IAM policy. Restart CI job.

No further errors. Congrats thats how you move from CI token to a more permanent service account in CI approach.

CI/CDFirebase