I am creating a public android project and I am using Google Sign-In service. I am doing it according to this tutorial. As it says, I have got the google-services.json file.
You can create a new build variant and store a template google-services.json to be used for your build on your CI platform in your app build.gradle.
Use a different google-services.json for the new dev build variant (see this post). Add the following google-services.json template to app/src/dev folder :
{
"project_info": {
"project_number": "",
"project_id": ""
},
"client": [
{
"client_info": {
"mobilesdk_app_id": "1:123456789012:android:1234567890123456",
"android_client_info": {
"package_name": "com.your.package"
}
},
"oauth_client": [
{
"client_id": "",
"client_type": 3
},
{
"client_id": "",
"client_type": 1,
"android_info": {
"package_name": "com.your.package",
"certificate_hash": ""
}
}
],
"api_key": [
{
"current_key": ""
}
],
"services": {
"analytics_service": {
"status": 2,
"analytics_property": {
"tracking_id": ""
}
},
"appinvite_service": {
"status": 1,
"other_platform_oauth_client": []
},
"ads_service": {
"status": 1
}
}
}
],
"configuration_version": "1"
}
Note that I have extended this google-services in case you also use Google Analytics or GCM service.
You would have the following configuration :
app/
├── src/
│ ├── main/
│ └── dev/
│ └── google-services.json
├── google-services.json
└── build.gradle
You can use either :
Add the following build type:
buildTypes {
dev {
minifyEnabled true
proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'
}
}
We don't need to build this "dev" build variant in regular build, so you can exclude this variant if a parameter is not specified. Add the following to your app build.gradle :
def build_param = "${build}";
if (build_param != "dev") {
//exclude production build
android.variantFilter { variant ->
if (variant.buildType.name.equals('dev')) {
variant.setIgnore(true);
}
}
} else {
//exclude all except production build
android.variantFilter { variant ->
if (!variant.buildType.name.equals('dev')) {
variant.setIgnore(true);
}
}
}
Add the dev product flavor to existing ones :
productFlavors {
full {
}
dev {
}
}
To remove this dev product flavor from the regular build :
def build_param = "${build}";
if (build_param != "dev") {
//exclude dev
android.variantFilter { variant ->
if (variant.getFlavors().get(0).name.equals('dev')) {
variant.setIgnore(true);
}
}
} else {
//exclude all but dev
android.variantFilter { variant ->
if (!variant.getFlavors().get(0).name.equals('dev')) {
variant.setIgnore(true);
}
}
}
Eventually, add your app module google-services.json to .gitignore :
app/google-services.json
We have previously ensured that this dev variant will only be used when parameter build=dev is specified
Edit .travis.yml to modify the build config :
script:
- ./gradlew clean build -Pbuild=dev
-Pbuild=dev will only build dev build variant using google-services.json located in app/src/dev/google-services.json
Take a look at this sample project which is using google-services Google project
In Travis log, you can see that the JSON file being parsed is the one for the dev build variant :
Parsing json file: /home/travis/build/bertrandmartel/android-googlesignin/app/src/dev/google-services.json
Note that this method is not limited to CI and can be extended for your production build when you require a production google-services.json or a different AndroidManifest.xml (with some specific properties like fabric.io key)
Check this method to prevent commitment of fabric keys embedded in AndroidManifest.xml (and can't be imported from gradle) that is using a different build variant and using a parameter to enable the production build.
You can use travis encrypt-file google-services.json
You can do it by:
installed the Travis CI Command Line Client by running $ gem install travis.
logged in to Travis CI using $ travis login or $ travis login --pro
$ travis encrypt-file super_secret.txt
encrypting super_secret.txt for rkh/travis-encrypt-file-example
storing result as super_secret.txt.enc
storing secure env variables for decryption
Then it will print on the console this:
openssl aes-256-cbc -K $encrypted_0a6446eb3ae3_key -iv $encrypted_0a6446eb3ae3_iv -in super_secret.txt.enc -out super_secret.txt -d
You can copy it to your .travis.yml file as I did here
Do not forget to put your .enc file on your GitHub repository.
If you have multiple files, you could zip them and then you unzip the decrypted file on the Travis ci.
For instance, you can do like this:
$ tar cvf secrets.tar foo bar
$ travis encrypt-file secrets.tar
$ vi .travis.yml
$ git add secrets.tar.enc .travis.yml
$ git commit -m 'use secret archive'
$ git push
I did it.
In my case, I had two files to use on the build of my app. So, I used this due to travis does not support multiple encrypted files. Therefore, you zip then on one file and encrypt this file.
You can have a look at my travis script here
Firebase Documentation says:
"For open source projects, we generally do not recommend including the app's Firebase config file or object in source control because, in most cases, your users should create their own Firebase projects and point their apps to their own Firebase resources (via their own Firebase config file or object)."
https://firebase.google.com/docs/projects/learn-more?authuser=0#config-files-objects
Firebase documentation seems to imply that there is no problem in committing the file to GitHub.
Here is an extract from the docs
The Firebase config file contains unique, but non-secret identifiers for your project. To learn more about this config file, visit Understand Firebase Projects.
