added secrets (#113)

# *added secrets* ## ♻️ Current situation & Problem file was not injected at build time ## ⚙️ Release Notes file gets written to folder at build time while working on this PR I noticed that this file should generally not be here in the account module. during the framework optimisations of the account module, I think we should move on to creating an interface, e.g. ServerClientIdProvider and use that to get the id in the module, so that you can provide the implementation from outside of the module or possibly think about further possible mechanisms ## 📝 Code of Conduct & Contributing Guidelines By submitting creating this pull request, you agree to follow our [Code of Conduct](https://github.com/StanfordSpezi/.github/blob/main/CODE_OF_CONDUCT.md) and [Contributing Guidelines](https://github.com/StanfordSpezi/.github/blob/main/CONTRIBUTING.md): - [x] I agree to follow the [Code of Conduct](https://github.com/StanfordSpezi/.github/blob/main/CODE_OF_CONDUCT.md) and [Contributing Guidelines](https://github.com/StanfordSpezi/.github/blob/main/CONTRIBUTING.md). --------- Signed-off-by: Basler182 <[email protected]> Co-authored-by: Paul Schmiedmayer <[email protected]>
StanfordSpezi · Oct 1, 2024 · 1bb3230 · 1bb3230
1 parent 19283a4
commit 1bb3230
Show file tree

Hide file tree

Showing 4 changed files with 33 additions and 6 deletions.
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -42,8 +42,12 @@ jobs:
           bundler-cache: true
       - name: Decode and Write Google Service JSON
         env:
-            GOOGLE_SERVICES_JSON: ${{ secrets.GOOGLE_SERVICES_JSON }}
+          GOOGLE_SERVICES_JSON: ${{ secrets.GOOGLE_SERVICES_JSON }}
         run: echo $GOOGLE_SERVICES_JSON | base64 --decode >./app/google-services.json
+      - name: Decode and Write Secrets
+        env:
+          SECRETS_XML: ${{ secrets. SECRETS_XML }}
+        run: echo $SECRETS_XML | base64 --decode >./modules/account/src/main/res/values/secrets.xml
       - name: Setup keystore file
         env:
           KEY_STORE: ${{ secrets.KEY_STORE }}

diff --git a/README.md b/README.md
@@ -22,16 +22,35 @@ Spezi is a collection of modules that can be used to build Android applications
   application. [Read More](./modules/onboarding/README.md)
 - **Contact**: Provides Contact screens. [Read More](./modules/contact/README.md)
 
-
-### Continous Integration and Delivery Setup
+### Continuous Integration and Delivery Setup
 
 #### Google Play Internal Deployment
 
 First, create a Google Cloud Services Account and corresponding JSON secrets key in accordance to the [fastlane supply](https://docs.fastlane.tools/actions/supply/) documentation. Store the JSON representation of the key in a `SERVICE_ACCOUNT_JSON_KEY` secret available to the GitHub action.
 
+Follow along
+the [Set up your Google APIs console](https://developer.android.com/identity/sign-in/credential-manager-siwg#set-google)
+documentation to create a OAuth client ID. Store secrets.xml representation of the key in
+a `SECRETS_XML` secret available to the GitHub action.
+
+This is the secrets.xml representation of the key:
+
+```xml
+<?xml version="1.0" encoding="utf-8"?>
+<resources>
+  <string name="serverClientId" translatable="false">replace-with-actual-id</string>
+</resources>
+```
+
+In Firebase, the provider Google must also be added in the project in the Authentication menu item
+in the Login method tab.
+
 It is recommended to sign your APK before uploading it to the Google Play store. Setup your signing setup as detailed in the [Sign your app](https://developer.android.com/studio/publish/app-signing.html) documentation.
 
-Createa a base64 representation of your keystore (`base64 -i ./filetokeystore/keystore.jks`) and save it in the `KEY_STORE` secret available to the GitHub action. Save the keystore password and key password in the `KEY_PASSWORD` secret and save the key alias in the `KEY_ALIAS` secret, both available to the GitHub action.
+Create a base64 representation of your keystore (`base64 -i ./filetokeystore/keystore.jks`) and save
+it in the `KEY_STORE` secret available to the GitHub action. Save the keystore password and key
+password in the `KEY_PASSWORD` secret and save the key alias in the `KEY_ALIAS` secret, both
+available to the GitHub action.
 
 
 ## Contributing

diff --git a/...ccount/src/main/kotlin/edu/stanford/spezi/module/account/manager/AuthenticationManager.kt b/...ccount/src/main/kotlin/edu/stanford/spezi/module/account/manager/AuthenticationManager.kt
@@ -14,6 +14,7 @@ import com.google.firebase.auth.UserProfileChangeRequest
 import com.google.firebase.firestore.FirebaseFirestore
 import dagger.hilt.android.qualifiers.ApplicationContext
 import edu.stanford.spezi.core.logging.speziLogger
+import edu.stanford.spezi.module.account.R
 import edu.stanford.spezi.module.account.register.GenderIdentity
 import kotlinx.coroutines.tasks.await
 import java.time.LocalDate
@@ -137,8 +138,7 @@ internal class AuthenticationManager @Inject constructor(
             val googleIdOption = GetGoogleIdOption.Builder()
                 .setFilterByAuthorizedAccounts(filterByAuthorizedAccounts)
                 .setAutoSelectEnabled(true)
-                // TODO: Uncomment once secrets xml has been added in CI secrets
-                // .setServerClientId(context.getString(R.string.serverClientId))
+                .setServerClientId(context.getString(R.string.serverClientId))
                 .build()
 
             val request = GetCredentialRequest.Builder()

diff --git a/modules/account/src/main/res/values/secrets.xml b/modules/account/src/main/res/values/secrets.xml
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="utf-8"?>
+<resources>
+    <string name="serverClientId" translatable="false">placeholder-id</string>
+</resources>