Use secrets-packer (#53)

.github/workflows/build-firebase.yaml

@@ -11,7 +11,8 @@ jobs:
 
       - uses: ./.github/workflows/build-setup
         with:
-          SECRET_VALUES: ${{ secrets.SECRET_VALUES }}
+          SECRET_PACKED: ${{ secrets.SECRET_PACKED }}
+          SECRET_PACKED_SIGN: ${{ secrets.SECRET_PACKED_SIGN }}
         id: build_setup
 
       - run: npm run - firebase.deploy

.github/workflows/build-setup/action.yaml

@@ -1,5 +1,7 @@
 inputs:
-  SECRET_VALUES:
+  SECRET_PACKED:
+    required: true
+  SECRET_PACKED_SIGN:
     required: true
 
 outputs:
@@ -31,7 +33,8 @@ runs:
     - run: npm run - secrets.unpack
       shell: bash
       env:
-        SECRET_VALUES: ${{ inputs.SECRET_VALUES }}
+        SECRET_PACKED: ${{ inputs.SECRET_PACKED }}
+        SECRET_PACKED_SIGN: ${{ inputs.SECRET_PACKED_SIGN }}
       id: unpack_secrets
 
     - run: npm run - secrets.copy

.gitignore

@@ -29,7 +29,8 @@ AppleDistribution.p12
 
 release.keystore
 
-SECRET_VALUES.txt
+.secrets-sign.json
+PACKED.txt
 
 
 /firebase/*.log

package.json

@@ -51,6 +51,7 @@
     "@stencil/core": "2.9.0",
     "@stencil/sass": "1.5.2",
     "@stencil/store": "1.5.0",
+    "@suzulabo/secrets-packer": "0.0.1",
     "ajv": "8.8.1",
     "ajv-formats": "2.1.1",
     "autolinker": "3.14.3",

scripts/index.ts

@@ -1,9 +1,7 @@
 import { Cmd, main, RunP, RunS, ScriptEntries } from '@suzulabo/ttscripts';
 import { startDevProxy } from './dev-proxy/dev-proxy';
 import { buildFunctions, buildFunctionsWatch } from './functions/build';
-import { copySecrets } from './secrets/copy';
-import { packSecrets } from './secrets/pack';
-import { unpackSecrets } from './secrets/unpack';
+import { secrets } from './secrets';
 import { checkUnusedExports } from './unused-exports/check';
 
 const entries: ScriptEntries = [
@@ -75,9 +73,9 @@ const entries: ScriptEntries = [
   ['client.cap.dev.update', RunS(['client.cap.build.dev', 'client.cap.copy'])],
 
   // secrets
-  ['secrets.copy', copySecrets],
-  ['secrets.pack', packSecrets],
-  ['secrets.unpack', unpackSecrets],
+  ['secrets.copy', secrets.copy],
+  ['secrets.pack', secrets.pack],
+  ['secrets.unpack', secrets.unpack],
 
   // dev-proxy
   ['dev-proxy.start', startDevProxy],

scripts/secrets/index.ts

@@ -0,0 +1,39 @@
+import { copySecrets, packSecrets, SecretsConfig, unpackSecrets } from '@suzulabo/secrets-packer';
+
+const config: SecretsConfig = {
+  files: [
+    ['App.entitlements', 'capacitor/client/ios/App/App'],
+    ['GoogleService-Info.plist', 'capacitor/client/ios/App/App'],
+    ['google-services.json', 'capacitor/client/android/app'],
+    ['.firebaserc', 'firebase'],
+    ['docs-vars.json', 'firebase/docs'],
+    ['appenv.env.ts'],
+    ['android.custom.properties'],
+    ['apple-app-site-association'],
+    ['assetlinks.json'],
+
+    ['AppleDistribution.p12'],
+    ['Ad_Hoc.mobileprovision'],
+    ['Release.mobileprovision'],
+
+    ['release.keystore'],
+  ],
+  secretsJSONKeys: [
+    'APPSTORE_API_KEY',
+    'APPSTORE_API_ISSUER',
+    'FIREBASE_APP_ID_IOS',
+    'FIREBASE_APP_ID_ANDROID',
+  ],
+};
+
+export const secrets = {
+  pack: () => {
+    return packSecrets(config);
+  },
+  unpack: () => {
+    return unpackSecrets(config);
+  },
+  copy: () => {
+    return copySecrets(config);
+  },
+};