I’m congifuring my app so that I don’t commit any data to git that I don’t want (firebase json/plist files, SSO ID’s, etc.) and using eas secrets to provide them at build.
I’ve followed the instructions on Environment variables and secrets in EAS Build - Expo Documentation, however there are a few issues I’ve encountered.
My app.config.ts
file is as follows:
import { ExpoConfig, ConfigContext } from "expo/config"
import * as dotenv from "dotenv"
dotenv.config()
dotenv.config({ path: ".env.local", override: true })
export default ({ config }: ConfigContext): ExpoConfig => ({
...config,
ios: {
...config.ios,
googleServicesFile: process.env.GOOGLE_SERVICES_PLIST
},
android: {
...config.android,
googleServicesFile: process.env.GOOGLE_SERVICES_JSON
},
plugins: [
...config.plugins || [],
[
"react-native-fbsdk-next",
{
appID: process.env.SSO_FB_APPID,
clientToken: process.env.SSO_FB_CLIENT_TOKEN,
displayName: "my-app",
scheme: `fb${process.env.SSO_FB_APPID}`,
}
],
]
})
When running a build with eas, in the Read app config step I can see that it’s successfully parsed app.json
and app.config.ts
together: (output truncated)
Using app configuration
{
"name": "my-app"
...
"ios" {
...
"googleServicesFile": "/home/expo/workingdir/environment-secrets/8feexxxx-xxxx-xxxx-xxxx-xxxxxxxx6649" // Redaction made by me
},
"android":
...
"googleServicesFile": "/home/expo/workingdir/environment-secrets/b8b2xxxx-xxxx-xxxx-xxxx-xxxxxxxx6e77" // Redaction made by me
}
"plugins": [
...
[
"react-native-fbsdk-next",
{
"appID": "****************", // Redactions made by eas
"clientToken": "********************************",
"displayName": "my-app",
"scheme": "fb****************"
}
]
]
}
But I error at the Prebuild step:
[stderr] CommandError: missing appID in the plugin properties
Which is referring to the appID
property for the react-native-fbsdk-next
plugin.
I can also confirm that the secrets are available at build. In the Spin up build environment step, I see:
Environment secrets:
GOOGLE_SERVICES_JSON=/home/expo/workingdir/environment-secrets/b8b2xxxx-xxxx-xxxx-xxxx-xxxxxxxx6e77 // Redactions made by me
GOOGLE_SERVICES_PLIST=/home/expo/workingdir/environment-secrets/8feexxxx-xxxx-xxxx-xxxx-xxxxxxxx6649
SSO_FB_APPID=******** // Redactions made by eas
SSO_FB_CLIENT_TOKEN=********
I’ve seen some stuff placing environment variables in eas.json
, however I must be misinterpreting it as that defeats the whole point of secrets if you have to put them in in plaintext and commit them to my repository?
As you can see, I’m storing client secrets (SSO for FB and google services files), so they’re not exactly “secrets”, but it doesn’t feel right committing them into my repository, especially since the Expo documentation uses google service files as examples of things to not commit
Furthermore, if I run the build locally, and move my react-native-fbsdk-next
config into my app.json
file and hardcode the values, I then run into issues with the google services file:
[PREBUILD] Error: [android.dangerous]: withAndroidDangerousBaseMod: Path to google-services.json is not defined. Please specify the `expo.android.googleServicesFile` field in app.json.
…so the issue is just moving around to anything related to env vars, and it’s not specific to the plugin config.
Given that I’ve been able to confirm that my environment variables are indeed set, and that they are being transpired into the app.json
the build is using, I’m not sure where else to go from here.
Thanks for any help!