Commiting google-services.json to GitHub
You can create a new build variant and store a template google-services.json
to be used for your build on your CI platform in your app build.gradle
.
Use a different google-services.json
for the new dev
build variant (see this post). Add the following google-services.json
template to app/src/dev
folder :
{ "project_info": { "project_number": "", "project_id": "" }, "client": [ { "client_info": { "mobilesdk_app_id": "1:123456789012:android:1234567890123456", "android_client_info": { "package_name": "com.your.package" } }, "oauth_client": [ { "client_id": "", "client_type": 3 }, { "client_id": "", "client_type": 1, "android_info": { "package_name": "com.your.package", "certificate_hash": "" } } ], "api_key": [ { "current_key": "" } ], "services": { "analytics_service": { "status": 2, "analytics_property": { "tracking_id": "" } }, "appinvite_service": { "status": 1, "other_platform_oauth_client": [] }, "ads_service": { "status": 1 } } } ], "configuration_version": "1"}
Note that I have extended this google-services in case you also use Google Analytics or GCM service.
You would have the following configuration :
app/├── src/│ ├── main/│ └── dev/│ └── google-services.json├── google-services.json└── build.gradle
You can use either :
- a new build type
- a new product flavor (if you already have existing ones)
Build Type
Add the following build type:
buildTypes { dev { minifyEnabled true proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro' }}
We don't need to build this "dev" build variant in regular build, so you can exclude this variant if a parameter is not specified. Add the following to your app build.gradle
:
def build_param = "${build}";if (build_param != "dev") { //exclude production build android.variantFilter { variant -> if (variant.buildType.name.equals('dev')) { variant.setIgnore(true); } }} else { //exclude all except production build android.variantFilter { variant -> if (!variant.buildType.name.equals('dev')) { variant.setIgnore(true); } }}
Product flavor
Add the dev
product flavor to existing ones :
productFlavors { full { } dev { }}
To remove this dev
product flavor from the regular build :
def build_param = "${build}";if (build_param != "dev") { //exclude dev android.variantFilter { variant -> if (variant.getFlavors().get(0).name.equals('dev')) { variant.setIgnore(true); } }} else { //exclude all but dev android.variantFilter { variant -> if (!variant.getFlavors().get(0).name.equals('dev')) { variant.setIgnore(true); } }}
Eventually, add your app module google-services.json
to .gitignore
:
app/google-services.json
We have previously ensured that this dev
variant will only be used when parameter build=dev
is specified
Edit .travis.yml
to modify the build config :
script: - ./gradlew clean build -Pbuild=dev
-Pbuild=dev
will only build dev build variant using google-services.json
located in app/src/dev/google-services.json
Take a look at this sample project which is using google-services Google project
In Travis log, you can see that the JSON file being parsed is the one for the dev
build variant :
Parsing json file: /home/travis/build/bertrandmartel/android-googlesignin/app/src/dev/google-services.json
Extra Note
Note that this method is not limited to CI and can be extended for your production build when you require a production google-services.json
or a different AndroidManifest.xml
(with some specific properties like fabric.io key)
Check this method to prevent commitment of fabric keys embedded in AndroidManifest.xml (and can't be imported from gradle) that is using a different build variant and using a parameter to enable the production build.
You can use travis encrypt-file google-services.json
You can do it by:
installed the Travis CI Command Line Client by running
$ gem install travis
.logged in to Travis CI using
$ travis login
or$ travis login --pro
$ travis encrypt-file super_secret.txtencrypting super_secret.txt for rkh/travis-encrypt-file-examplestoring result as super_secret.txt.encstoring secure env variables for decryption
Then it will print on the console this:
openssl aes-256-cbc -K $encrypted_0a6446eb3ae3_key -iv $encrypted_0a6446eb3ae3_iv -in super_secret.txt.enc -out super_secret.txt -d
You can copy it to your .travis.yml
file as I did here
Do not forget to put your .enc
file on your GitHub repository.
If you have multiple files, you could zip them and then you unzip the decrypted file on the Travis ci.
For instance, you can do like this:
$ tar cvf secrets.tar foo bar$ travis encrypt-file secrets.tar$ vi .travis.yml$ git add secrets.tar.enc .travis.yml$ git commit -m 'use secret archive'$ git push
I did it.
In my case, I had two files to use on the build of my app. So, I used this due to travis does not support multiple encrypted files. Therefore, you zip then on one file and encrypt this file.
You can have a look at my travis script here
Firebase documentation seems to imply that there is no problem in committing the file to GitHub.
Here is an extract from the docs
The Firebase config file contains unique, but non-secret identifiers for your project. To learn more about this config file, visit Understand Firebase Projects.