From f1d1dd4a7dbe2baf70487911f259de07d3ce6637 Mon Sep 17 00:00:00 2001 From: kenji suzuki <41730006+suzulabo@users.noreply.github.com> Date: Fri, 31 Dec 2021 14:23:28 +0900 Subject: [PATCH] Use secrets-packer (#53) --- .github/workflows/build-firebase.yaml | 3 +- .github/workflows/build-setup/action.yaml | 7 ++-- .gitignore | 3 +- package-lock.json | 19 +++++++++++ package.json | 1 + scripts/index.ts | 10 +++--- scripts/secrets/index.ts | 39 +++++++++++++++++++++++ 7 files changed, 72 insertions(+), 10 deletions(-) create mode 100644 scripts/secrets/index.ts diff --git a/.github/workflows/build-firebase.yaml b/.github/workflows/build-firebase.yaml index 061f272..c5f1309 100644 --- a/.github/workflows/build-firebase.yaml +++ b/.github/workflows/build-firebase.yaml @@ -11,7 +11,8 @@ jobs: - uses: ./.github/workflows/build-setup with: - SECRET_VALUES: ${{ secrets.SECRET_VALUES }} + SECRET_PACKED: ${{ secrets.SECRET_PACKED }} + SECRET_PACKED_SIGN: ${{ secrets.SECRET_PACKED_SIGN }} id: build_setup - run: npm run - firebase.deploy diff --git a/.github/workflows/build-setup/action.yaml b/.github/workflows/build-setup/action.yaml index 7cc19f8..873e009 100644 --- a/.github/workflows/build-setup/action.yaml +++ b/.github/workflows/build-setup/action.yaml @@ -1,5 +1,7 @@ inputs: - SECRET_VALUES: + SECRET_PACKED: + required: true + SECRET_PACKED_SIGN: required: true outputs: @@ -31,7 +33,8 @@ runs: - run: npm run - secrets.unpack shell: bash env: - SECRET_VALUES: ${{ inputs.SECRET_VALUES }} + SECRET_PACKED: ${{ inputs.SECRET_PACKED }} + SECRET_PACKED_SIGN: ${{ inputs.SECRET_PACKED_SIGN }} id: unpack_secrets - run: npm run - secrets.copy diff --git a/.gitignore b/.gitignore index 9800055..dc2fd73 100644 --- a/.gitignore +++ b/.gitignore @@ -29,7 +29,8 @@ AppleDistribution.p12 release.keystore -SECRET_VALUES.txt +.secrets-sign.json +PACKED.txt /firebase/*.log diff --git a/package-lock.json b/package-lock.json index 8ad7b6e..d732a61 100644 --- a/package-lock.json +++ b/package-lock.json @@ -21,6 +21,7 @@ "@stencil/core": "2.9.0", "@stencil/sass": "1.5.2", "@stencil/store": "1.5.0", + "@suzulabo/secrets-packer": "0.0.1", "ajv": "8.8.1", "ajv-formats": "2.1.1", "autolinker": "3.14.3", @@ -3861,6 +3862,15 @@ "@stencil/core": ">=1.9.0" } }, + "node_modules/@suzulabo/secrets-packer": { + "version": "0.0.1", + "resolved": "https://registry.npmjs.org/@suzulabo/secrets-packer/-/secrets-packer-0.0.1.tgz", + "integrity": "sha512-DmqmqbuDphP28JimkSlbCIiZisfheJ6t6rWECYqd5HI1gIERa7hZ4fD45DIbDdONl8JCk3Kya2OVttlfrQ9QvQ==", + "dependencies": { + "jszip": "3.7.1", + "tweetnacl": "1.0.3" + } + }, "node_modules/@suzulabo/ttscripts": { "version": "0.0.3", "resolved": "https://registry.npmjs.org/@suzulabo/ttscripts/-/ttscripts-0.0.3.tgz", @@ -24858,6 +24868,15 @@ "integrity": "sha512-fe5fCF6dgVlDM1iLRkkJUyUh0Tfx305asVGgMAJjIs7Q+x/b1pGgTLROm9Ibr53PZuFwr5Kg+4h9p4FLbYqHgA==", "requires": {} }, + "@suzulabo/secrets-packer": { + "version": "0.0.1", + "resolved": "https://registry.npmjs.org/@suzulabo/secrets-packer/-/secrets-packer-0.0.1.tgz", + "integrity": "sha512-DmqmqbuDphP28JimkSlbCIiZisfheJ6t6rWECYqd5HI1gIERa7hZ4fD45DIbDdONl8JCk3Kya2OVttlfrQ9QvQ==", + "requires": { + "jszip": "3.7.1", + "tweetnacl": "1.0.3" + } + }, "@suzulabo/ttscripts": { "version": "0.0.3", "resolved": "https://registry.npmjs.org/@suzulabo/ttscripts/-/ttscripts-0.0.3.tgz", diff --git a/package.json b/package.json index ca57342..63f6767 100644 --- a/package.json +++ b/package.json @@ -51,6 +51,7 @@ "@stencil/core": "2.9.0", "@stencil/sass": "1.5.2", "@stencil/store": "1.5.0", + "@suzulabo/secrets-packer": "0.0.1", "ajv": "8.8.1", "ajv-formats": "2.1.1", "autolinker": "3.14.3", diff --git a/scripts/index.ts b/scripts/index.ts index b9664c7..b438c30 100644 --- a/scripts/index.ts +++ b/scripts/index.ts @@ -1,9 +1,7 @@ import { Cmd, main, RunP, RunS, ScriptEntries } from '@suzulabo/ttscripts'; import { startDevProxy } from './dev-proxy/dev-proxy'; import { buildFunctions, buildFunctionsWatch } from './functions/build'; -import { copySecrets } from './secrets/copy'; -import { packSecrets } from './secrets/pack'; -import { unpackSecrets } from './secrets/unpack'; +import { secrets } from './secrets'; import { checkUnusedExports } from './unused-exports/check'; const entries: ScriptEntries = [ @@ -75,9 +73,9 @@ const entries: ScriptEntries = [ ['client.cap.dev.update', RunS(['client.cap.build.dev', 'client.cap.copy'])], // secrets - ['secrets.copy', copySecrets], - ['secrets.pack', packSecrets], - ['secrets.unpack', unpackSecrets], + ['secrets.copy', secrets.copy], + ['secrets.pack', secrets.pack], + ['secrets.unpack', secrets.unpack], // dev-proxy ['dev-proxy.start', startDevProxy], diff --git a/scripts/secrets/index.ts b/scripts/secrets/index.ts new file mode 100644 index 0000000..6c24469 --- /dev/null +++ b/scripts/secrets/index.ts @@ -0,0 +1,39 @@ +import { copySecrets, packSecrets, SecretsConfig, unpackSecrets } from '@suzulabo/secrets-packer'; + +const config: SecretsConfig = { + files: [ + ['App.entitlements', 'capacitor/client/ios/App/App'], + ['GoogleService-Info.plist', 'capacitor/client/ios/App/App'], + ['google-services.json', 'capacitor/client/android/app'], + ['.firebaserc', 'firebase'], + ['docs-vars.json', 'firebase/docs'], + ['appenv.env.ts'], + ['android.custom.properties'], + ['apple-app-site-association'], + ['assetlinks.json'], + + ['AppleDistribution.p12'], + ['Ad_Hoc.mobileprovision'], + ['Release.mobileprovision'], + + ['release.keystore'], + ], + secretsJSONKeys: [ + 'APPSTORE_API_KEY', + 'APPSTORE_API_ISSUER', + 'FIREBASE_APP_ID_IOS', + 'FIREBASE_APP_ID_ANDROID', + ], +}; + +export const secrets = { + pack: () => { + return packSecrets(config); + }, + unpack: () => { + return unpackSecrets(config); + }, + copy: () => { + return copySecrets(config); + }, +};