[Github Actions] SyntaxError: Unexpected end of JSON input

[GuilhE]

[REQUIRED] Environment info

firebase-tools: 13.9.0

Platform: ubuntu-latest

[REQUIRED] Test case

I'm trying firebase appdistribution:distribute using Github Actions:

     - name: Install Firebase CLI
        run:  npm install -g firebase-tools --verbose

     - name: Distribute APK to Firebase App Distribution
        run: |
          echo "$FIREBASE_SERVICE_ACCOUNT" > service_credentials_content.json
          export GOOGLE_APPLICATION_CREDENTIALS=service_credentials_content.json
          firebase --version
          firebase appdistribution:distribute "$APK_PATH"/androidApp-release.apk --app "$FIREBASE_APP_ID" --debug
        env:
          FIREBASE_SERVICE_ACCOUNT: ${{ secrets.FIREBASE_SERVICE_ACCOUNT }}
          FIREBASE_APP_ID: ${{ secrets.FIREBASE_APP_ID }}
          APK_PATH: ${{ env.APK_PATH }}

[REQUIRED] Steps to reproduce

• Create a Firebase project;
• Download the .json file from the service account with admin permission
• Create an action with the steps above

[REQUIRED] Expected behavior

Successful distribution

[REQUIRED] Actual behavior

Always fails with:

[2024-05-21T09:37:34.948Z] > command requires scopes: ["email","openid","https://www.googleapis.com/auth/cloudplatformprojects.readonly","https://www.googleapis.com/auth/firebase","https://www.googleapis.com/auth/cloud-platform"]
[2024-05-21T09:37:34.972Z] SyntaxError: Unexpected end of JSON input
    at JSON.parse (<anonymous>)
    at ReadStream.<anonymous> (/usr/local/lib/node_modules/firebase-tools/node_modules/google-auth-library/build/src/auth/googleauth.js:503:43)
    at ReadStream.emit (node:events:517:28)
    at ReadStream.emit (node:domain:489:12)
    at endReadableNT (node:internal/streams/readable:1400:12)
    at process.processTicksAndRejections (node:internal/process/task_queues:82:21)

Error: Failed to authenticate, have you run firebase login?
[2024-05-21T09:37:35.059Z] <<< [apiv2][status] GET https://firebase-public.firebaseio.com/cli.json 200
[2024-05-21T09:37:35.059Z] <<< [apiv2][body] GET https://firebase-public.firebaseio.com/cli.json {"cloudBuildErrorAfter":1594252800000,"cloudBuildWarnAfter":1590019200000,"defaultNode10After":1594252800000,"minVersion":"3.0.5","node8DeploysDisabledAfter":1613390400000,"node8RuntimeDisabledAfter":1615809600000,"node8WarnAfter":1600128000000}
Error: Process completed with exit code 1.

I've validated and the .json file is valid.

[aalej]

Hey @GuilhE, thanks for filing a detailed report. I’m currently trying to replicate this, but I’m unable to reproduce the error you mentioned. I created a GitHub Action similar to your example, but no errors were raised and the application was uploaded to App Distribution.

Based on just the error message, my best guess is that the contents of service_credentials_content.json is empty. Could you try adding cat service_credentials_content.json to verify? Something like:

     - name: Distribute APK to Firebase App Distribution
       run: |
         echo "$FIREBASE_SERVICE_ACCOUNT" > service_credentials_content.json
         export GOOGLE_APPLICATION_CREDENTIALS=service_credentials_content.json
         echo "service_credentials_content.json contents"
         cat service_credentials_content.json
         firebase --version
         firebase appdistribution:distribute ./app/build/outputs/apk/debug/app-debug.apk --app "$FIREBASE_APP_ID" --debug
       env:
         FIREBASE_SERVICE_ACCOUNT: ${{ secrets.FIREBASE_SERVICE_ACCOUNT }}
         FIREBASE_APP_ID: ${{ secrets.FIREBASE_APP_ID }}

If the contents of service_credentials_content.json is the same as your Service Account key JSON file, GitHub Actions should automatically mask the output of cat service_credentials_content.json.

[GuilhE]

Hello, I'm also suspecting that, I've tried using a base64 encoded secret to decode in that step but it also fails. I'm using the same approach with the keystore and it works. Regarding cat if I try to print the service_credentials_content contents the output is empty. I believe github actions is hiding the result as a default safety measure? I've tried to cat the keystore base64 and nothing is printed also.

[GuilhE]

Damn it, I was using the wrong environment (not repository level) where the secrets were configured 🤦🏼