build/authentication/fix-ci-build-apk : Fix secrets not properly applied in CI build apk #171
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Added the [Secrets Gradle plugin](https://github.com/google/secrets-gradle-plugin) to the project. This plugin securely provides our secrets to our project, including during CI build.
This file is stored locally on everyone's computer and contains our API keys and client URLs and should never be checked to VCS
The `secrets.default.properties` provides a template for `secrets.properties` for the CI pipeline. The plugin will fill it with our secrets during build.
This is now handled by the plugin.
… workflow This fetches the secrets from GitHub Secrets and pastes them into the template file `secrets.defaults.properties`. This file is then copied over to a `secrets.properties` created in the CI. This ensures proper and secure secrets handling.
This fetches the secrets from GitHub Secrets and pastes them into the template file `secrets.defaults.properties`. This file is then copied over to a `secrets.properties` created in the CI. This ensures proper and secure secrets handling.
|
coaguila
approved these changes
Nov 12, 2024
francelu
requested review from
francelu
and removed request for
lazarinibruno
francelu
approved these changes
Nov 12, 2024
There was a problem hiding this comment.
Summary
Good work on addressing the issue from #161! Your research into the root cause and the detailed documentation of your findings makes it easy to follow your thought process. You’ve clearly put effort into understanding the changes and their impact.
Important
Code Quality
- The code is clean, well-organized, and adheres to the team's conventions.
- Good readability and consistent formatting throughout.
Functionality
- The changes appear correct and address the issue as expected.
- Edge cases seem well-handled.
Performance
- No performance concerns were observed in the changes made.
Security
- No security issues were introduced.
Testing
- Android download APK testing.
- I asked @lazarinibruno to test it for me as I don't have an Android. Bug is fixed !
Documentation
- Clear and detailed documentation of your research and findings. Great job keeping the process transparent.
Suggestions
- None !
Steps before PR approved
- No additional changes needed; this PR is good to go!
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fix secrets not properly applied in CI build apk
Description
This PR introduces a fix for issue #161. It uses the Secrets Gradle plugin to handle our app's secrets (API keys and client URLs). As explained in #161, does not fix the sync/double click issue.
Changes
I introduced the use of the Secrets Gradle plugin to handle our app's secrets.
How it works:
TL;DR: contact me to get the new
secrets.propertiesand updatedlocal.propertiesfiles (should not pushed to VCS!)The local
secrets.propertiescontains the necessary API keys and URLs, but it is not to be checked into our VCS (contact me to get it). Rather, its contents are also stored in GitHub Secrets. The new CI workflow ensures that these values are securely copied from that tab to construct asecrets.propertiesfrom a template (secrets.default.properties, checked into VCS), whose default values are replaced with the correct, securely stored ones by thesedcommand. The plugin then handles copying them intoBuildConfigwhen building, where they're available to our code.Files
Added
secrets.defaults.properties: created template forsecrets.propertieswith default, safe values for every fieldsecrets.properties: not checked into VCS, contains the API keys and client URLsModified
local.properties: not checked into VCS, removed the API keys and client URLs to conform to best practices mentioned in docs.gitignore: addedsecrets.propertiesbuild.gradle.kts,app/build.gradle.kts,gradle/libs.versions.toml: added Secrets Gradle plugin and initialised it.github/workflows/AndroidBuild.yml,.github/workflows/ci.yml: updated workflow to pipe the variables during CIRemoved
None
Dependencies Added
com.google.android.libraries.mapsplatform.secrets-gradle-pluginfor Secrets Gradle pluginTesting
Built using the CI pipeline and tested by hand the apk using
Logs: now works and fetches correct URLs and keys.To test for yourself: go to
Checks > AndroidBuild > Artifacts > dsTemplate.apk. This will download the apk (zipped). Extract it and install it on your android phone. Please take care to uninstall any previous version of the app that you might have installed!