search

Triple-T / gradle-play-publisher

GPP is Android's unofficial release automation Gradle Plugin. It can do anything from building, uploading, and then promoting your App Bundle or APK to publishing app listings and other metadata.
MIT License
4.1k stars 339 forks source link

Trouble with setting play store service account credentials #1071

Closed rohan-sca closed 1 year ago

rohan-sca commented 1 year ago

Setup : We wanted to create a github action to automate the process of publishing a release. It's insecure to put the credentials on the repository so i'v set the contents of the JSON into the repository secrets. That secret is then aliased to the github workflow's environment var ANDROID_PUBLISHER_CREDENTIALS. But it seems the plugin doesnt pick it up.

We have a github workflow with

env:
ANDROID_PUBLISHER_CREDENTIALS: ${{ secrets.ANDROID_PUBLISHER_CREDENTIALS }}

jobs:
  build: 
  steps:
 - name: step 1
 - name: step 2
 - name: step 3
 - name: publish
    run: ./gradlew publishReleaseBundle

I'v setup the github secret ANDROID_PUBLISHER_CREDENTIALS with contents of the JSON file. However the CI just always returns the error No credentials specified. Please read our docs for more details:

I'v followed the doc to my understanding and am unsure of what i missed.

Using com.github.triplet.gradle:play-publisher:3.7.0 and play block in build.gradle is pretty bare bones:

play {
    track.set("internal")
    defaultToAppBundles.set(true)
}
SUPERCILEX commented 1 year ago

Seems like you've done the right thing. Maybe the secret is empty somehow? Either way, what we're doing is super simple so something else is going on: https://github.com/Triple-T/gradle-play-publisher/blob/4631a74e8aba30c0b3c9b9792f867abe2e76dc09/play/plugin/src/main/kotlin/com/github/triplet/gradle/play/tasks/internal/PlayApiService.kt#L119-L120

rohan-sca commented 1 year ago

Thank you for the quick revert. If the setup sounds correct, then i can attempt replacing the secret with dummy strings and printing them to console to verify, but i'm pretty sure the secret is set and should be accessible to the workflow.

Any other ideas of what could be missing?

Edited original post to add more info: Using com.github.triplet.gradle:play-publisher:3.7.0 and play block in build.gradle is pretty bare bones: 

play {
    track.set("internal")
    defaultToAppBundles.set(true)
}
SUPERCILEX commented 1 year ago

Oh actually Gradle might have just broken stuff: https://docs.gradle.org/7.5.1/release-notes.html#:~:text=New%20ways%20to%20access%20environment%20without%20unnecessary%20invalidations%20of%20the%20configuration%20cache

Gradle 7.2 should be known good, so can you try that version?

rohan-sca commented 1 year ago

Oh actually Gradle might have just broken stuff: https://docs.gradle.org/7.5.1/release-notes.html#:~:text=New%20ways%20to%20access%20environment%20without%20unnecessary%20invalidations%20of%20the%20configuration%20cache

Gradle 7.2 should be known good, so can you try that version?

We're on 7.0.2 that's probably known to work, right?

rohan-sca commented 1 year ago

@SUPERCILEX update after attempting to print the value held in github repo secret. it only get's printed as ANDROID_PUBLISHER_CREDENTIALS: *** Not sure if this is just a github security mechanism to obscure the value held in secrets or if accessing the secret itself returns some encrypted data.

SUPERCILEX commented 1 year ago

Yeah 7.0.2 should work. And yeah I would guess the stars mean there's content. What if you try this run: ANDROID_PUBLISHER_CREDENTIALS=test ./gradlew publishReleaseBundle? If that works then it means the envvar isn't being passed in by GitHub actions correctly.

rohan-sca commented 1 year ago

Believe it or not it works now. All i did was change the name of the secret from ANDROID_PUBLISHER_CREDENTIALS to something else. Can't say why that would make it work. But it just happened with some trial and error.