Reputation: 449
How to avoid deploying firebase hosting from developers machines?
I am currently using GitHub Actions to automate deploys to production, however, developers also have access to deploy code directly from their machines to production. I am wondering how to avoid this situation and only allow new updates to our hosting instance when it comes from an automated PR approval on GitHub.
The current workflow for developers is:
- Create a new dev branch based on an assigned issue on GitHub
- Develop code changes and test it on localhost via Firebase Emulators
- Commit code changes to GitHub and creates a PR
- GitHub Actions kicks in to deploy code changes in a preview channel for approval
- After code review, PR is approved and code changes get deployed automatically to production
Since developers are required to provide firebase production credentials to initializeApp({...}) - there is no way to avoid a team member from deploying code directly from their machines to production.
Firebase client SDK for Javascript does not allow an app to be initialized withou real project credentials, which means there is no way to initialize an app "only for emulation".
Any thoughts on how to fix this?
Upvotes: 0
Views: 118
Answers (1)
Reputation: 47833
Create a new Google account that is only used to deploy and change the developer permissions to only have read access to the production apps.
Upvotes: 1
Related Questions
- using "firebase deploy" to deploy to hosting - how does firebase know if it is deploying to hosting and not cloud functions?
- Firebase hosting deploy to other site
- How to freely deploy project using firebase hosting
- Disable Firebase hosting github deploy
- Deploy hosting only to custom domain?
- Firebase deployed to wrong hosting when multiple projects used
- Firebase deploy firebase.json only
- How to deploy ONLY Cloud Functions without affecting Hosting?
- Deploying web apps that use firebase
- Firebase deploy without login