eas build with .gitignored files.

zealmatch · February 9, 2021, 8:28am

Hello, Great tool! enjoying using it a lot.

At the moment I am having to commit my google-services.json & GoogleService-Info.plist files in order to allow the eas cloud-build to work properly but this seems a bit of a security risk?

Ideally, I’d have these files referenced in my .gitignore and ultimately never commit them.

Sat, 06 Feb 2021 17:16:45 GMT
[stderr] [17:16:45] Cannot copy google-services.json from /usr/local/lib/node_modules/@expo/eas-build-worker/workingdir/build/google-services-staging.json to /usr/local/lib/node_modules/@expo/eas-build-worker/workingdir/build/android/app/google-services.json. Please make sure the source and destination paths exist.
Sat, 06 Feb 2021 17:16:45 GMT
[stderr] [17:16:45] Error: Cannot copy google-services.json from /usr/local/lib/node_modules/@expo/eas-build-worker/workingdir/build/google-services-staging.json to /usr/local/lib/node_modules/@expo/eas-build-worker/workingdir/build/android/app/google-services.json. Please make sure the source and destination paths exist.
[stderr]     at setGoogleServicesFile (/usr/local/lib/node_modules/@expo/eas-build-worker/node_modules/@expo/config-plugins/src/android/GoogleServices.ts:79:11)
Sat, 06 Feb 2021 17:16:45 GMT
[stderr]     at runMicrotasks (<anonymous>)
Sat, 06 Feb 2021 17:16:45 GMT
[stderr]     at processTicksAndRejections (internal/process/task_queues.js:93:5)
Sat, 06 Feb 2021 17:16:45 GMT
[stderr]     at /usr/local/lib/node_modules/@expo/eas-build-worker/node_modules/@expo/config-plugins/src/android/GoogleServices.ts:53:7
Sat, 06 Feb 2021 17:16:45 GMT
[stderr]     at action (/usr/local/lib/node_modules/@expo/eas-build-worker/node_modules/@expo/config-plugins/src/plugins/core-plugins.ts:118:23)
Sat, 06 Feb 2021 17:16:45 GMT
[stderr]     at action (/usr/local/lib/node_modules/@expo/eas-build-worker/node_modules/@expo/config-plugins/src/plugins/compiler-plugins.ts:282:23)
Sat, 06 Feb 2021 17:16:45 GMT
[stderr]     at evalModsAsync (/usr/local/lib/node_modules/@expo/eas-build-worker/node_modules/@expo/config-plugins/src/plugins/mod-compiler.ts:75:25)
Sat, 06 Feb 2021 17:16:45 GMT
[stderr]     at compileModsAsync (/usr/local/lib/node_modules/@expo/eas-build-worker/node_modules/@expo/config-plugins/src/plugins/mod-compiler.ts:17:10)
Sat, 06 Feb 2021 17:16:45 GMT
[stderr]     at configureManagedProjectAsync (/usr/local/lib/node_modules/@expo/eas-build-worker/node_modules/expo-cli/src/commands/apply/configureProjectAsync.ts:115:12)
Sat, 06 Feb 2021 17:16:45 GMT
[stderr]     at prebuildAsync (/usr/local/lib/node_modules/@expo/eas-build-worker/node_modules/expo-cli/src/commands/eject/Eject.ts:146:25)
Sat, 06 Feb 2021 17:16:45 GMT
[stderr]     at Object.ejectAsync (/usr/local/lib/node_modules/@expo/eas-build-worker/node_modules/expo-cli/src/commands/eject/Eject.ts:78:19)
Sat, 06 Feb 2021 17:16:45 GMT
[stderr]     at actionAsync (/usr/local/lib/node_modules/@expo/eas-build-worker/node_modules/expo-cli/src/commands/eject.ts:46:5)
Sat, 06 Feb 2021 17:16:45 GMT
[stderr]     at Command.<anonymous> (/usr/local/lib/node_modules/@expo/eas-build-worker/node_modules/expo-cli/src/exp.ts:346:7)
Sat, 06 Feb 2021 17:16:45 GMT
Build failed: node exited with non-zero code: 1

Is there any workaround to this scenario/issue?

Thank you!

wkozyra · February 9, 2021, 10:33am

We plan to support env vars in the future so you could restore files using npm hooks, but for now, it needs to be committed into repo

this seems a bit of a security risk?

Not really, google-services.json is client-side credentials and by definition, there is no way to secure that because it’s on client devices anyway, anyone can unzip apk or ipa files or if they have rooted/jailbreak their device can access app files directly. Of course, it shouldn’t be placed in a public repo, but securing it further is not really necessary.

zealmatch · February 9, 2021, 10:35am

Thanks allot for your reply. It’s good to get some clarification on this subject. I’ll commit my configs as my repo is private.

Good to know envs are being supported down the line.

zealmatch · February 9, 2021, 10:37am

@wkozyra it may be worth mentioning that on the app.json documentation on the expo site the google service credentials for the android part of the table I think is a duplicate of the IOS implementation as it makes reference to a .plist file when it should be the google-services.json. just a heads up as that might confuse some Devs.

Topic		Replies	Views
EAS Build: how to include non-Git (private) files, eg google-services.json Expo Development Tools	2	586	September 8, 2021
GoogleServicesFile is not checked in to your repository Expo Application Services (EAS) filesystem , google	15	872	February 3, 2022
Prebuild Error Android Expo Application Services (EAS)	0	121	March 8, 2023
How to use secret in app.json.android.googleServicesFile? EAS build Expo Application Services (EAS)	6	366	November 17, 2021
Creating separate google-services.json files for Preview and Production environments in an Expo project and resolving eas build error Expo Application Services (EAS)	5	210	October 20, 2023

eas build with .gitignored files.

Related Topics