From 5aa4e5f67614c1ceaa68bda825046770401cb11b Mon Sep 17 00:00:00 2001 From: charlie mangano Date: Sat, 9 Nov 2024 12:41:30 +0100 Subject: [PATCH] chore: use Secrets Gradle Plugin to provide the secrets securely to the project The [Secrets Gradle Plugin](https://github.com/google/secrets-gradle-plugin#configuration-options) reads the secrets from `apikeys.properties` (not checked into VCS) and exposes them to the `BuildConfig` via an intermediate `apikeys.defaults.properties` file. This file is checked into VCS and acts as a template for the CI to fill with the secrets. --- apikeys.defaults.properties | 7 +++++++ app/build.gradle.kts | 3 +++ build.gradle.kts | 12 +++++++----- gradle/libs.versions.toml | 2 ++ 4 files changed, 19 insertions(+), 5 deletions(-) create mode 100644 apikeys.defaults.properties diff --git a/apikeys.defaults.properties b/apikeys.defaults.properties new file mode 100644 index 000000000..b2e3a4275 --- /dev/null +++ b/apikeys.defaults.properties @@ -0,0 +1,7 @@ +# This file serves as a template for the apikeys.properties file. +# It should be checked into Version Control Systems to provide a structure for the required API keys and client URLs. +# The actual values should be filled in by the CI pipeline using the secrets Gradle plugin and GitHub Secrets. +POWERSYNC_URL= +SUPABASE_KEY= +SERVICE_KEY= +SUPABASE_URL= \ No newline at end of file diff --git a/app/build.gradle.kts b/app/build.gradle.kts index 07ee6a2e9..0ca39034c 100644 --- a/app/build.gradle.kts +++ b/app/build.gradle.kts @@ -13,8 +13,11 @@ plugins { id("jacoco") id("org.sonarqube") version "5.1.0.4882" + id("com.google.android.libraries.mapsplatform.secrets-gradle-plugin") } +secrets { defaultPropertiesFileName = "apikeys.defaults.properties" } + android { namespace = "com.android.periodpals" compileSdk = 34 diff --git a/build.gradle.kts b/build.gradle.kts index 2aa71de65..1462cebba 100644 --- a/build.gradle.kts +++ b/build.gradle.kts @@ -1,8 +1,10 @@ // Top-level build file where you can add configuration options common to all sub-projects/modules. plugins { - alias(libs.plugins.androidApplication) apply false - alias(libs.plugins.jetbrainsKotlinAndroid) apply false - alias(libs.plugins.ktfmt) apply false - kotlin("plugin.serialization") version "2.0.0-RC1" apply false - alias(libs.plugins.compose.compiler) apply false + alias(libs.plugins.androidApplication) apply false + alias(libs.plugins.jetbrainsKotlinAndroid) apply false + alias(libs.plugins.ktfmt) apply false + kotlin("plugin.serialization") version "2.0.0-RC1" apply false + alias(libs.plugins.compose.compiler) apply false } + +buildscript { dependencies { classpath(libs.secrets.gradle.plugin) } } diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml index 1bc07b910..7a60ec553 100644 --- a/gradle/libs.versions.toml +++ b/gradle/libs.versions.toml @@ -24,6 +24,7 @@ mockkVersion = "1.12.0" mockitoMockitoCore = "5.4.0" navigationComposeVersion = "2.8.2" runner = "1.6.2" +secretsGradlePlugin = "2.0.1" ui = "1.6.8" uiTestJunit4 = "1.6.8" uiTestJunit4Version = "1.0.5" @@ -131,6 +132,7 @@ mockk-android = { module = "io.mockk:mockk-android", version.ref = "mockkAndroid mockk-v1120 = { module = "io.mockk:mockk", version.ref = "mockkVersion" } okhttp = { module = "com.squareup.okhttp3:okhttp", version.ref = "okhttp" } robolectric = { module = "org.robolectric:robolectric", version.ref = "robolectric" } +secrets-gradle-plugin = { module = "com.google.android.libraries.mapsplatform.secrets-gradle-plugin:secrets-gradle-plugin", version.ref = "secretsGradlePlugin" } test-core-ktx = { group = "androidx.test", name = "core-ktx", version.ref = "androidxCoreKtx" } androidx-junit-ktx = { group = "androidx.test.ext", name = "junit-ktx", version.ref = "junitKtx" } androidx-ui-test-junit4-android = { group = "androidx.compose.ui", name = "ui-test-junit4-android", version.ref = "uiTestJunit4Android" }