'Workaround for lack of wildcard auth options in Firebase?

We're using google Cloud Build to deploy pull-request specific versions of our app to GAE so we can share dev versions with stakeholders before launching them into the wild. On GAE, a url looks like http://[VERSION_ID]-dot-[YOUR_PROJECT_ID].appspot.com or https://my-pr-name-dot-projectname.appspot.com

We're want to allow for stakeholders to preview and to run E2E tests (including Firebase login) but because of what's essentially a wildcard subdomain, we'd have to manually whitelist each subdomain in the the Firebase control panel under "Authorized domains" after a deploy. Unfortunately, Firebase doesn't allow for wildcard style whitelisting (eg. *-dot-projectname.appspot.com).

We've reached out to Google support but they've confirmed that whitelisting can only be done manually.

firebasegoogle-app-enginegoogle-cloud-build


Solution 1:[1]

One possibility would be to use a separate, staging project for PR testing.

You'd use whitelisting for http://[YOUR_STAGING_PROJECT_ID].appspot.com or https://staging_projectname.appspot.com. And you'd manage your mapping from a specific PR to the staging project via traffic migrations, which can be done programmatically from your PR automation scripts.

The drawback would be that you'd effectively be verifying only one PR at a time. But that's not necessarily all bad: serializing PR verifications eliminates the risk of breakages due to conflicting changes that each pass in isolation.

There are also advantages of using a separate project for testing purposes you might find of interest, see Advantages of implementing CI/CD environments at GAE project/app level vs service/module level?

Solution 2:[2]

We encountered the same issue and decided on authorizing a constant number (say N) of "preview environments". We use GCP cloud run and our CI/CD is ran by github actions. The idea is to iterate through the number of environments such that every N PRs we'll use the same environment, this is done by calculating the modulo of the PR number to N.

Here's the main bash command in the github actions yaml:

run: echo "PREVIEW_ENV=$((${{github.event.number}} % ${{ env.N_PREVIEW_ENVS }}))" >> $GITHUB_ENV

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Dan Cornilescu
Solution 2 Eyal Shulman

Related Questions

gcloud promote a version

How do I ensure that using `gcloud app deploy` is using my build folder not my dev files?

Converting from HSV (HSB in Java) to RGB without using java.awt.Color (disallowed on Google App Engine)

Cloud Build env variables not passed to Django app on GAE

FTP to Google Storage

Laravel with App Engine Standard Class 'Facade\Ignition\IgnitionServiceProvider' not found

Google App Engine SSL error "DNS records could not be found" even though custom domain is working

Cloud Logging Advanced Log Filters: Find HTTP Requests >= Duration

What is Relationship between entities and buckets in Google App Engine

Getting started with GoogleCloudPlatform / Java - basic app fails

Deploy Node App to GAE: Cannot find module 'v8-compile-cache'

Google App engine Image transforming Issue from local tomcat server

Google Cloud functions Java 11 - How to Debug locally ? Avoid the need of re deploy with logs

Application size in appengine suddenly much bigger (go 1.14)

Google App Engine Latency skyrockets out of nowhere