chore: use Secrets Gradle Plugin to provide the secrets securely to t…

…he project The [Secrets Gradle Plugin](https://github.com/google/secrets-gradle-plugin#configuration-options) reads the secrets from `apikeys.properties` (not checked into VCS) and exposes them to the `BuildConfig` via an intermediate `apikeys.defaults.properties` file. This file is checked into VCS and acts as a template for the CI to fill with the secrets.
PeriodPals · Nov 9, 2024 · 5aa4e5f · 5aa4e5f
1 parent 87f6c52
commit 5aa4e5f
Show file tree

Hide file tree

Showing 4 changed files with 19 additions and 5 deletions.
diff --git a/apikeys.defaults.properties b/apikeys.defaults.properties
@@ -0,0 +1,7 @@
+# This file serves as a template for the apikeys.properties file.
+# It should be checked into Version Control Systems to provide a structure for the required API keys and client URLs.
+# The actual values should be filled in by the CI pipeline using the secrets Gradle plugin and GitHub Secrets.
+POWERSYNC_URL=
+SUPABASE_KEY=
+SERVICE_KEY=
+SUPABASE_URL=
diff --git a/app/build.gradle.kts b/app/build.gradle.kts
@@ -13,8 +13,11 @@ plugins {
   id("jacoco")
 
   id("org.sonarqube") version "5.1.0.4882"
+  id("com.google.android.libraries.mapsplatform.secrets-gradle-plugin")
 }
 
+secrets { defaultPropertiesFileName = "apikeys.defaults.properties" }
+
 android {
   namespace = "com.android.periodpals"
   compileSdk = 34

diff --git a/build.gradle.kts b/build.gradle.kts
@@ -1,8 +1,10 @@
 // Top-level build file where you can add configuration options common to all sub-projects/modules.
 plugins {
-    alias(libs.plugins.androidApplication) apply false
-    alias(libs.plugins.jetbrainsKotlinAndroid) apply false
-    alias(libs.plugins.ktfmt) apply false
-    kotlin("plugin.serialization") version "2.0.0-RC1" apply false
-    alias(libs.plugins.compose.compiler) apply false
+  alias(libs.plugins.androidApplication) apply false
+  alias(libs.plugins.jetbrainsKotlinAndroid) apply false
+  alias(libs.plugins.ktfmt) apply false
+  kotlin("plugin.serialization") version "2.0.0-RC1" apply false
+  alias(libs.plugins.compose.compiler) apply false
 }
+
+buildscript { dependencies { classpath(libs.secrets.gradle.plugin) } }
diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml
@@ -24,6 +24,7 @@ mockkVersion = "1.12.0"
 mockitoMockitoCore = "5.4.0"
 navigationComposeVersion = "2.8.2"
 runner = "1.6.2"
+secretsGradlePlugin = "2.0.1"
 ui = "1.6.8"
 uiTestJunit4 = "1.6.8"
 uiTestJunit4Version = "1.0.5"
@@ -131,6 +132,7 @@ mockk-android = { module = "io.mockk:mockk-android", version.ref = "mockkAndroid
 mockk-v1120 = { module = "io.mockk:mockk", version.ref = "mockkVersion" }
 okhttp = { module = "com.squareup.okhttp3:okhttp", version.ref = "okhttp" }
 robolectric = { module = "org.robolectric:robolectric", version.ref = "robolectric" }
+secrets-gradle-plugin = { module = "com.google.android.libraries.mapsplatform.secrets-gradle-plugin:secrets-gradle-plugin", version.ref = "secretsGradlePlugin" }
 test-core-ktx = { group = "androidx.test", name = "core-ktx", version.ref = "androidxCoreKtx" }
 androidx-junit-ktx = { group = "androidx.test.ext", name = "junit-ktx", version.ref = "junitKtx" }
 androidx-ui-test-junit4-android = { group = "androidx.compose.ui", name = "ui-test-junit4-android", version.ref = "uiTestJunit4Android" }