Search code examples
github-actionsfirebase-hostingcicd

How to deploy preview to Firebase Hosting using a GitHub action on a PR in an organization's private repository?

I've set up Firebase Hosting for a private repository on GitHub, and deployed to the live channel using the FirebaseExtended/action-hosting-deploy action template. This was an easy task to accomplish, just letting Firebase and a service worker reach my organization is enough to set it up.

This initial set up automatically created the FIREBASE_SERVICE_ACCOUNT_(project name) action secret, so no problems here. The issue is when we try to automatically deploy to a preview channel, both action files are relatively the same, they use the same action template. The sheer difference is when and where from it's called. After reading through GitHub Docs, I guessed the issue was in the privileges Firebase service worker has.

Solution

  • Here's a checklist:

    • Make sure that the action uses 'on': pull_request_target. Also, this may allow malicious 3rd parties to access resources/execute code so please read this blog post
    • Set "Workflow permissions" to "Read and write permissions" under Organization settings > Actions > General.

    Hopefully you'll get the automatic deployments up and running after this.

    Resources

    1. Github action to firebase hosting cd preview
    2. Deploy to Firebase Hosting on PR faild in github actions
    3. https://github.blog/changelog/2021-02-19-github-actions-workflows-triggered-by-dependabot-prs-will-run-with-read-only-permissions/