Deploy Firebase Functions using GitHub Actions

Automate the CI/CD pipeline for your Firebase Functions with GitHub Actions and a Google Service Account.

This short article will walk through the configuration required to automate the deployment of your Firebase Functions using GitHub Actions.

Get Started With CI/CD Using GitHub Actions

Firebase helps you build and run apps, (web, iPhone, Android), with a backend infrastructure that is fully managed by Google.

There are many features made available, including databases, storage, and in the case of this article Firebase Functions. In the backend, these translate to being Google Cloud Functions.

This article assumes you’re already using Firebase. New to Firebase? Learn more by heading over to https://firebase.google.com/

Background

When setting up Firebase Hosting, the Firebase CLI will helpfully ask you if you want to set up automation. It will configure a pipeline in GitHub Actions for you and also configure necessary Service Account and download and save off the associated Secrets. There’s also the FirebaseExtended/action-hosting-deploy Action available that does the heavy lifting for you.

Sadly, the same is not true for Firebase Functions and you are left to work it out yourself — and the documentation doesn’t really offer too much advice around the minimum set of permissions/roles required (“least privilege”); however, the good part is that it’s not that complicated once you know what needs to be done.

tl;dr

1. Create a Google Service Account and download a key file (json format) — save this key as a Secret in your GitHub repository.
2. Give your new Service Account the Cloud Functions Admin, Artifact Registry Writer*, and Firebase Authentication Viewer roles, and grant it access to “run as” the “App Engine default Service Account” (you’ll find this listed as [PROJECT_ID]@appspot.gserviceaccount.com).