Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Cannot deploy with Gitlab CI: No OAuth tokens found #7854

Open
thoriqadillah opened this issue Oct 21, 2024 · 4 comments
Open

Cannot deploy with Gitlab CI: No OAuth tokens found #7854

thoriqadillah opened this issue Oct 21, 2024 · 4 comments

Comments

@thoriqadillah
Copy link

thoriqadillah commented Oct 21, 2024

[REQUIRED] Environment info

firebase-tools: 13.8.3

Platform: Fedora 39

[REQUIRED] Test case

No tests

[REQUIRED] Steps to reproduce

Create astro project with SSR enabled
Configure firebase. In firebase init, i select the hosting and it was recognizing the astro project, but when the setting up the github action, i prompted no. This is my .firebaserc

{
  "projects": {
    "default": "my-project"
  },
  "targets": {
    "my-project": {
      "hosting": {
        "prd": [
          "production"
        ],
        "stg": [
          "staging"
        ]
      }
    }
  },
  "etags": {},
}

and this is my firebase.json

{
  "hosting": [
    {
      "target": "stg",
      "source": ".",
      "ignore": [
        "firebase.json",
        "**/.*",
        "**/node_modules/**"
      ],
      "frameworksBackend": {
        "region": "asia-east1"
      }
    },
    {
      "target": "prd",
      "source": ".",
      "ignore": [
        "firebase.json",
        "**/.*",
        "**/node_modules/**"
      ],
      "frameworksBackend": {
        "region": "asia-east1"
      }
    }
  ]
}

here is my ci

deploy-stg:
  stage: deploy
  rules:
    - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH && $CI_PIPELINE_SOURCE == "push"'
      changes:
        - '**/*.{astro,html,js,jsx,md,mdx,svelte,ts,tsx,vue}'
        - '.firebaserc'
        - firebase.json
        - .gitlab-ci.yml
  script:
    - touch credential.json && cp "$GCP_SERVICE_ACCOUNT" credential.json
    - gcloud auth activate-service-account --key-file=./credential.json
    - export GOOGLE_APPLICATION_CREDENTIALS=./credential.json
    - cp "$DOT_ENV_STAGING" .env
    - nvm use 20 && npm install --no-frozen-lockfile
    - npx firebase experiments:enable webframeworks
    - npx firebase deploy --only hosting:stg --debug
  tags:
    - gcp-shared

[REQUIRED] Expected behavior

The CI deployment should be working. I have tested the deployment in my local machine and it works

[REQUIRED] Actual behavior

I have the following error. I'm assuming the No OAuth tokens found is the issue, but i don't know what is the problem. Here is the log

[2024-10-21T08:50:57.760Z] > command requires scopes: ["email","openid","https://www.googleapis.com/auth/cloudplatformprojects.readonly","https://www.googleapis.com/auth/firebase","https://www.googleapis.com/auth/cloud-platform"]
[2024-10-21T08:50:57.906Z] [iam] checking project my-project for permissions ["firebase.projects.get","firebasehosting.sites.update"]
[2024-10-21T08:50:57.908Z] No OAuth tokens found
[2024-10-21T08:50:57.911Z] >>> [apiv2][query] POST https://cloudresourcemanager.googleapis.com/v1/projects/my-project:testIamPermissions [none]
[2024-10-21T08:50:57.911Z] >>> [apiv2][(partial)header] POST https://cloudresourcemanager.googleapis.com/v1/projects/my-project:testIamPermissions x-goog-quota-user=projects/my-project
[2024-10-21T08:50:57.912Z] >>> [apiv2][body] POST https://cloudresourcemanager.googleapis.com/v1/projects/my-project:testIamPermissions {"permissions":["firebase.projects.get","firebasehosting.sites.update"]}
[2024-10-21T08:50:57.978Z] <<< [apiv2][status] POST https://cloudresourcemanager.googleapis.com/v1/projects/my-project:testIamPermissions 200
[2024-10-21T08:50:57.978Z] <<< [apiv2][body] POST https://cloudresourcemanager.googleapis.com/v1/projects/my-project:testIamPermissions {"permissions":["firebase.projects.get","firebasehosting.sites.update"]}
[2024-10-21T08:50:57.980Z] No OAuth tokens found
[2024-10-21T08:50:57.981Z] >>> [apiv2][query] GET https://firebase.googleapis.com/v1beta1/projects/my-project [none]
[2024-10-21T08:50:58.191Z] <<< [apiv2][status] GET https://firebase.googleapis.com/v1beta1/projects/my-project 200
[2024-10-21T08:50:58.192Z] <<< [apiv2][body] GET https://firebase.googleapis.com/v1beta1/projects/my-project {"my-project":"my-project","projectNumber":"885544713240","displayName":"My Project","name":"projects/my-project","resources":{"hostingSite":"my-project","storageBucket":"my-project.appspot.com","locationId":"asia-southeast1"},"state":"ACTIVE","etag":"1_9e3865a8-3d58-4604-8afd-2bef41db3846"}
[2024-10-21T08:51:51.951Z] SyntaxError: Unexpected end of JSON input
    at JSON.parse (<anonymous>)
    at findDependency (/home/builds/7Wjzy3dMG/0/project-dir/node_modules/.pnpm/firebase-tools@13.22.1_encoding@0.1.13/node_modules/firebase-tools/lib/frameworks/utils.js:188:23)
    at getNuxtVersion (/home/builds/7Wjzy3dMG/0/project-dir/node_modules/.pnpm/firebase-tools@13.22.1_encoding@0.1.13/node_modules/firebase-tools/lib/frameworks/nuxt/utils.js:9:45)
    at discover (/home/builds/7Wjzy3dMG/0/project-dir/node_modules/.pnpm/firebase-tools@13.22.1_encoding@0.1.13/node_modules/firebase-tools/lib/frameworks/nuxt2/index.js:25:48)
    at async discover (/home/builds/7Wjzy3dMG/0/project-dir/node_modules/.pnpm/firebase-tools@13.22.1_encoding@0.1.13/node_modules/firebase-tools/lib/frameworks/index.js:47:32)
    at async prepareFrameworks (/home/builds/7Wjzy3dMG/0/project-dir/node_modules/.pnpm/firebase-tools@13.22.1_encoding@0.1.13/node_modules/firebase-tools/lib/frameworks/index.js:192:25)
    at async deploy (/home/builds/7Wjzy3dMG/0/project-dir/node_modules/.pnpm/firebase-tools@13.22.1_encoding@0.1.13/node_modules/firebase-tools/lib/deploy/index.js:58:13)
Error: An unexpected error has occurred.

UPDATE:
i edited my firebase.json with multiple target so that i can deploy stg to staging and prd to production, and apparently using npm instead of pnpm can solve the issue, so i also update the gitlab-ci to use npm. but i still got error. here is the log

[2024-10-21T10:44:43.028Z] > command requires scopes: ["email","openid","https://www.googleapis.com/auth/cloudplatformprojects.readonly","https://www.googleapis.com/auth/firebase","https://www.googleapis.com/auth/cloud-platform"]
[2024-10-21T10:44:43.151Z] [iam] checking project my-project for permissions ["firebase.projects.get","firebasehosting.sites.update"]
[2024-10-21T10:44:43.153Z] No OAuth tokens found
[2024-10-21T10:44:43.155Z] >>> [apiv2][query] POST https://cloudresourcemanager.googleapis.com/v1/projects/my-project:testIamPermissions [none]
[2024-10-21T10:44:43.156Z] >>> [apiv2][(partial)header] POST https://cloudresourcemanager.googleapis.com/v1/projects/my-project:testIamPermissions x-goog-quota-user=projects/my-project
[2024-10-21T10:44:43.156Z] >>> [apiv2][body] POST https://cloudresourcemanager.googleapis.com/v1/projects/my-project:testIamPermissions {"permissions":["firebase.projects.get","firebasehosting.sites.update"]}
[2024-10-21T10:44:43.219Z] <<< [apiv2][status] POST https://cloudresourcemanager.googleapis.com/v1/projects/my-project:testIamPermissions 200
[2024-10-21T10:44:43.220Z] <<< [apiv2][body] POST https://cloudresourcemanager.googleapis.com/v1/projects/my-project:testIamPermissions {"permissions":["firebase.projects.get","firebasehosting.sites.update"]}
[2024-10-21T10:44:43.221Z] No OAuth tokens found
[2024-10-21T10:44:43.222Z] >>> [apiv2][query] GET https://firebase.googleapis.com/v1beta1/projects/my-project [none]
[2024-10-21T10:44:43.324Z] <<< [apiv2][status] GET https://firebase.googleapis.com/v1beta1/projects/my-project 200
[2024-10-21T10:44:43.325Z] <<< [apiv2][body] GET https://firebase.googleapis.com/v1beta1/projects/my-project {"projectId":"my-project","projectNumber":"885544713240","displayName":"My Project","name":"projects/my-project","resources":{"hostingSite":"my-project","storageBucket":"my-project.appspot.com","locationId":"asia-southeast1"},"state":"ACTIVE","etag":"1_58efcee2-22d0-4f80-bd1c-1b0d24f0f8ec"}
   Thank you for trying our experimental support for Astro on Firebase Hosting.
   While this integration is maintained by Googlers it is not a supported Firebase product.
   Issues filed on GitHub will be addressed on a best-effort basis by maintainers and other community members.
   Documentation: https://firebase.google.com/docs/hosting/frameworks/frameworks-overview
   File a bug: https://github.com/firebase/firebase-tools/issues/new?template=bug_report.md
   Submit a feature request: https://github.com/firebase/firebase-tools/issues/new?template=feature_request.md
   We'd love to learn from you. Express your interest in helping us shape the future of Firebase Hosting: https://goo.gle/41enW5X
WARNING: Your package.json contains a custom build that is being ignored. Only the Astro default build script (e.g, "astro build") is respected. If you have a more advanced build process you should build a custom integration https://firebase.google.com/docs/hosting/express
10:45:19 [WARN] [config] The adapter @astrojs/node provides experimental support for "astro:env getSecret". You may experience issues or breaking changes until this feature is fully supported by the adapter.
10:45:20 [types] Generated 747ms
10:45:20 [build] output: "hybrid"
10:45:20 [build] directory: /home/builds/7Wjzy3dMG/0/project-dir/dist/
10:45:20 [build] adapter: @astrojs/node
10:45:20 [build] Collecting build info...
10:45:20 [build] ✓ Completed in 1.47s.
10:45:20 [build] Building hybrid entrypoints...
Source path: /home/builds/7Wjzy3dMG/0/project-dir/node_modules/@astrojs/tailwind/base.css
Setting up new context...
Finding changed files: 200.056ms
Reading changed files: 45.935ms
Sorting candidates: 1.259ms
Generate rules: 478.608ms
Build stylesheet: 3.771ms
Potential classes:  663
Active contexts:  1
JIT TOTAL: 4.780s
Source path: /home/builds/7Wjzy3dMG/0/project-dir/node_modules/@astrojs/tailwind/base.css
JIT TOTAL: 16.984ms
Source path: /home/builds/7Wjzy3dMG/0/project-dir/public/app.css
Setting up new context...
Finding changed files: 5.177ms
Reading changed files: 38.419ms
Sorting candidates: 1.024ms
Generate rules: 458.212ms
Build stylesheet: 1.26ms
Potential classes:  663
Active contexts:  2
JIT TOTAL: 2.756s
Source path: /home/builds/7Wjzy3dMG/0/project-dir/public/app.css
JIT TOTAL: 15.109ms
10:45:46 [vite] ✓ built in 26.27s
10:45:46 [build] ✓ Completed in 26.53s.
 building client (vite) 
10:45:46 [vite] transforming...
10:45:58 [vite] ✓ 168 modules transformed.
10:45:59 [vite] rendering chunks...
10:46:00 [vite] computing gzip size...
10:46:00 [vite] dist/client/_astro/index.DhYZZe0J.js        6.72 kB │ gzip:  2.68 kB
10:46:00 [vite] dist/client/_astro/client.BIGLHmRd.js     135.60 kB │ gzip: 43.81 kB
10:46:00 [vite] dist/client/_astro/blog-list.C9HXIH1x.js  145.92 kB │ gzip: 51.11 kB
10:46:00 [vite] ✓ built in 13.73s
 prerendering static routes 
10:46:01 ▶ src/pages/blogs/index.astro
10:46:01   └─ /blogs/index.html (+224ms)
10:46:01 ▶ src/pages/index.astro
10:46:01   └─ /index.html (+15ms)
10:46:01 ✓ Completed in 1.24s.
10:46:01 
 finalizing server assets 
10:46:01 [build] Rearranging server assets...
10:46:01 [build] Server built in 43.00s
10:46:01 [build] Complete!
[2024-10-21T10:46:12.117Z] SyntaxError: Unexpected end of JSON input
    at JSON.parse (<anonymous>)
    at findDependency (/home/builds/7Wjzy3dMG/0/project-dir/node_modules/firebase-tools/lib/frameworks/utils.js:188:23)
    at getAstroVersion (/home/builds/7Wjzy3dMG/0/project-dir/node_modules/firebase-tools/lib/frameworks/astro/utils.js:39:45)
    at getConfig (/home/builds/7Wjzy3dMG/0/project-dir/node_modules/firebase-tools/lib/frameworks/astro/utils.js:15:21)
    at ɵcodegenPublicDirectory (/home/builds/7Wjzy3dMG/0/project-dir/node_modules/firebase-tools/lib/frameworks/astro/index.js:43:60)
    at prepareFrameworks (/home/builds/7Wjzy3dMG/0/project-dir/node_modules/firebase-tools/lib/frameworks/index.js:241:19)
    at async deploy (/home/builds/7Wjzy3dMG/0/project-dir/node_modules/firebase-tools/lib/deploy/index.js:58:
Error: An unexpected error has occurred.
@joehan
Copy link
Contributor

joehan commented Oct 22, 2024

Hey @thoriqadillah - this No OAuth token found is a red herring - we can see from the other logs that the API calls are working just fine. The relevant error here is coming from https://github.com/firebase/firebase-tools/blob/master/src/frameworks/astro/utils.ts#L40 - during deploy, we use npm to discover the version of your deps (https://github.com/firebase/firebase-tools/blob/master/src/frameworks/utils.ts#L276). Seems like the real issue here is that web frameworks doesn't smoothly support pnpm.

I'll pass this along to the folks maintaining web frameworks to verify/take a closer look at.

@roxaneletourneau
Copy link

Hi,
I use Github action to deploy a Sveltkit project to Firebase Hosting. It has been working well in the last months, but this week, I also started seeing the No OAuth tokens found issue. There was also an Error: Permissions denied enabling firebaseextensions.googleapis.com. in the logs, so I enabled the Firebase Extensions API, but the deployment is still failing. Here are the logs:

[2024-10-30T13:45:53.248Z] > command requires scopes: ["email","openid","https://www.googleapis.com/auth/cloudplatformprojects.readonly","https://www.googleapis.com/auth/firebase","https://www.googleapis.com/auth/cloud-platform"]
  [2024-10-30T13:45:53.249Z] [iam] checking project *** for permissions ["cloudfunctions.functions.create","cloudfunctions.functions.delete","cloudfunctions.functions.get","cloudfunctions.functions.list","cloudfunctions.functions.update","cloudfunctions.operations.get","firebase.projects.get"]
  [2024-10-30T13:45:53.250Z] No OAuth tokens found
  [2024-10-30T13:45:53.251Z] >>> [apiv2][query] POST https://cloudresourcemanager.googleapis.com/v1/projects/***:testIamPermissions [none]
  [2024-10-30T13:45:53.252Z] >>> [apiv2][(partial)header] POST https://cloudresourcemanager.googleapis.com/v1/projects/***:testIamPermissions x-goog-quota-user=projects/***
  [2024-10-30T13:45:53.252Z] >>> [apiv2][body] POST https://cloudresourcemanager.googleapis.com/v1/projects/***:testIamPermissions ***"permissions":["cloudfunctions.functions.create","cloudfunctions.functions.delete","cloudfunctions.functions.get","cloudfunctions.functions.list","cloudfunctions.functions.update","cloudfunctions.operations.get","firebase.projects.get"]***
  [2024-10-30T13:45:53.328Z] <<< [apiv2][status] POST https://cloudresourcemanager.googleapis.com/v1/projects/***:testIamPermissions 200
  [2024-10-30T13:45:53.328Z] <<< [apiv2][body] POST https://cloudresourcemanager.googleapis.com/v1/projects/***:testIamPermissions ***"permissions":["cloudfunctions.functions.create","cloudfunctions.functions.delete","cloudfunctions.functions.get","cloudfunctions.functions.list","cloudfunctions.functions.update","cloudfunctions.operations.get","firebase.projects.get"]***
  [2024-10-30T13:45:53.329Z] No OAuth tokens found
  [2024-10-30T13:45:53.329Z] >>> [apiv2][query] GET https://cloudfunctions.googleapis.com/v1/projects/***/locations/-/functions [none]
  [2024-10-30T13:45:53.827Z] <<< [apiv2][status] GET https://cloudfunctions.googleapis.com/v1/projects/***/locations/-/functions 200
  [2024-10-30T13:45:53.827Z] <<< [apiv2][body] GET https://cloudfunctions.googleapis.com/v1/projects/***/locations/-/functions ***
  [2024-10-30T13:45:53.828Z] No OAuth tokens found
  [2024-10-30T13:45:53.828Z] >>> [apiv2][query] GET https://cloudfunctions.googleapis.com/v2/projects/***/locations/-/functions filter=environment%3D%22GEN_2%22
  [2024-10-30T13:45:54.263Z] <<< [apiv2][status] GET https://cloudfunctions.googleapis.com/v2/projects/***/locations/-/functions 200
  [2024-10-30T13:45:54.263Z] <<< [apiv2][body] GET https://cloudfunctions.googleapis.com/v2/projects/***/locations/-/functions ***"functions":[***"name":"projects/***/locations/us-central1/functions/ssrthimbleecadlabs","buildConfig":***"build":"projects/***/locations/us-central1/builds/9363c326-15c8-44fd-8a78-57fd84b68bcd","runtime":"nodejs20","entryPoint":"ssrthimbleecadlabs","source":***"storageSource":***"bucket":"gcf-v2-sources-***-us-central1","object":"ssrthimbleecadlabs/function-source.zip","generation":"1728676474001428"***,"environmentVariables":***"GOOGLE_NODE_RUN_SCRIPTS":""***,"dockerRepository":"projects/***/locations/us-central1/repositories/gcf-artifacts","sourceProvenance":***"resolvedStorageSource":***"bucket":"gcf-v2-sources-***-us-central1","object":"ssrthimbleecadlabs/function-source.zip","generation":"1728676474001428"***,"dockerRegistry":"ARTIFACT_REGISTRY"***,"serviceConfig":***"service":"projects/***/locations/us-central1/services/ssrthimbleecadlabs","timeoutSeconds":60,"environmentVariables":***"__FIREBASE_FRAMEWORKS_ENTRY__":"sveltekit","__FIREBASE_DEFAULTS__":"***\"config\":***\"projectId\":\"***\",\"appId\":\"***\",\"storageBucket\":\"***\",\"apiKey\":\"***\",\"authDomain\":\"***\",\"messagingSenderId\":\"***\",\"measurementId\":\"***\"***,\"_authTokenSyncURL\":\"/__session\"***","FIREBASE_CONFIG":"***\"projectId\":\"***\",\"storageBucket\":\"***\"***","GCLOUD_PROJECT":"***","EVENTARC_CLOUD_EVENT_SOURCE":"projects/***/locations/us-central1/services/ssrthimbleecadlabs","FUNCTION_TARGET":"ssrthimbleecadlabs","LOG_EXECUTION_ID":"true"***,"maxInstanceCount":100,"ingressSettings":"ALLOW_ALL","uri":"https://ssrthimbleecadlabs-l7x6uijv4q-uc.a.run.app","serviceAccountEmail":"***-compute@developer.gserviceaccount.com","availableMemory":"256Mi","allTrafficOnLatestRevision":true,"revision":"ssrthimbleecadlabs-00082-yir","maxInstanceRequestConcurrency":80,"availableCpu":"1"***,"state":"ACTIVE","updateTime":"2024-10-11T19:57:05.466105969Z","labels":***"firebase-functions-hash":"17892aff95[701](https://github.com/ecadlabs/thimble/actions/runs/11581545036/job/32280750240#step:4:704)33414655fa4d2f8161bdad4e14a","deployment-tool":"cli-firebase--action-hosting-deploy","firebase-functions-codebase":"firebase-frameworks-***"***,"environment":"GEN_2","url":"https://us-central1-***.cloudfunctions.net/ssrthimbleecadlabs","createTime":"2024-05-02T02:30:21.968611117Z"***]***
  i  hosting: The following function(s) are pinned to site *** and will be deployed as well: ssrthimbleecadlabs 
  
  === Deploying to '***'...
  
  i  deploying functions, hosting 
  [2024-10-30T13:45:54.267Z] No OAuth tokens found
  [2024-10-30T13:45:54.268Z] >>> [apiv2][query] GET https://firebase.googleapis.com/v1beta1/projects/*** [none]
  [2024-10-30T13:45:54.394Z] <<< [apiv2][status] GET https://firebase.googleapis.com/v1beta1/projects/*** 200
  [2024-10-30T13:45:54.394Z] <<< [apiv2][body] GET https://firebase.googleapis.com/v1beta1/projects/*** ***"projectId":"***","projectNumber":"***","displayName":"Thimble","name":"projects/***","resources":***"hostingSite":"***"***,"state":"ACTIVE","etag":"1_e78ffff8-ba2c-456f-b40f-0ee11bec2399"***
  i  functions: preparing codebase firebase-frameworks-*** for deployment 
  i  functions: ensuring required API cloudfunctions.googleapis.com is enabled... 
  [2024-10-30T13:45:54.396Z] No OAuth tokens found
  [2024-10-30T13:45:54.397Z] No OAuth tokens found
  i  functions: ensuring required API cloudbuild.googleapis.com is enabled... 
  [2024-10-30T13:45:54.397Z] No OAuth tokens found
  i  artifactregistry: ensuring required API artifactregistry.googleapis.com is enabled... 
  [2024-10-30T13:45:54.397Z] No OAuth tokens found
  [2024-10-30T13:45:54.398Z] >>> [apiv2][query] GET https://serviceusage.googleapis.com/v1/projects/***/services/cloudfunctions.googleapis.com [none]
  [2024-10-30T13:45:54.398Z] >>> [apiv2][(partial)header] GET https://serviceusage.googleapis.com/v1/projects/***/services/cloudfunctions.googleapis.com x-goog-quota-user=projects/***
  [2024-10-30T13:45:54.399Z] >>> [apiv2][query] GET https://serviceusage.googleapis.com/v1/projects/***/services/runtimeconfig.googleapis.com [none]
  [2024-10-30T13:45:54.400Z] >>> [apiv2][(partial)header] GET https://serviceusage.googleapis.com/v1/projects/***/services/runtimeconfig.googleapis.com x-goog-quota-user=projects/***
  [2024-10-30T13:45:54.402Z] >>> [apiv2][query] GET https://serviceusage.googleapis.com/v1/projects/***/services/cloudbuild.googleapis.com [none]
  [2024-10-30T13:45:54.402Z] >>> [apiv2][(partial)header] GET https://serviceusage.googleapis.com/v1/projects/***/services/cloudbuild.googleapis.com x-goog-quota-user=projects/***
  [2024-10-30T13:45:54.403Z] >>> [apiv2][query] GET https://serviceusage.googleapis.com/v1/projects/***/services/artifactregistry.googleapis.com [none]
  [2024-10-30T13:45:54.403Z] >>> [apiv2][(partial)header] GET https://serviceusage.googleapis.com/v1/projects/***/services/artifactregistry.googleapis.com x-goog-quota-user=projects/***
  [2024-10-30T13:45:54.657Z] <<< [apiv2][status] GET https://serviceusage.googleapis.com/v1/projects/***/services/cloudbuild.googleapis.com 200
  [2024-10-30T13:45:54.658Z] <<< [apiv2][body] GET https://serviceusage.googleapis.com/v1/projects/***/services/cloudbuild.googleapis.com [omitted]
  ✔  functions: required API cloudbuild.googleapis.com is enabled 
  [2024-10-30T13:45:54.722Z] <<< [apiv2][status] GET https://serviceusage.googleapis.com/v1/projects/***/services/runtimeconfig.googleapis.com 200
  [2024-10-30T13:45:54.722Z] <<< [apiv2][body] GET https://serviceusage.googleapis.com/v1/projects/***/services/runtimeconfig.googleapis.com [omitted]
  [2024-10-30T13:45:54.724Z] <<< [apiv2][status] GET https://serviceusage.googleapis.com/v1/projects/***/services/artifactregistry.googleapis.com 200
  [2024-10-30T13:45:54.724Z] <<< [apiv2][body] GET https://serviceusage.googleapis.com/v1/projects/***/services/artifactregistry.googleapis.com [omitted]
  ✔  artifactregistry: required API artifactregistry.googleapis.com is enabled 
  [2024-10-30T13:45:54.759Z] <<< [apiv2][status] GET https://serviceusage.googleapis.com/v1/projects/***/services/cloudfunctions.googleapis.com 200
  [2024-10-30T13:45:54.760Z] <<< [apiv2][body] GET https://serviceusage.googleapis.com/v1/projects/***/services/cloudfunctions.googleapis.com [omitted]
  ✔  functions: required API cloudfunctions.googleapis.com is enabled 
  [2024-10-30T13:45:54.760Z] No OAuth tokens found
  [2024-10-30T13:45:54.761Z] >>> [apiv2][query] GET https://firebase.googleapis.com/v1beta1/projects/***/adminSdkConfig [none]
  [2024-10-30T13:45:54.971Z] <<< [apiv2][status] GET https://firebase.googleapis.com/v1beta1/projects/***/adminSdkConfig 200
  [2024-10-30T13:45:54.971Z] <<< [apiv2][body] GET https://firebase.googleapis.com/v1beta1/projects/***/adminSdkConfig ***"projectId":"***","storageBucket":"***"***
  [2024-10-30T13:45:54.972Z] No OAuth tokens found
  [2024-10-30T13:45:54.972Z] >>> [apiv2][query] GET https://runtimeconfig.googleapis.com/v1beta1/projects/***/configs [none]
  [2024-10-30T13:45:55.160Z] <<< [apiv2][status] GET https://runtimeconfig.googleapis.com/v1beta1/projects/***/configs 403
  [2024-10-30T13:45:55.160Z] <<< [apiv2][body] GET https://runtimeconfig.googleapis.com/v1beta1/projects/***/configs ***"error":***"code":403,"message":"The caller does not have permission","status":"PERMISSION_DENIED"***
  Request to https://runtimeconfig.googleapis.com/v1beta1/projects/***/configs had HTTP Error: 403, The caller does not have permission
  [2024-10-30T13:45:55.163Z] Validating nodejs source
  [2024-10-30T13:45:55.625Z] > [functions] package.json contents: ***
    "name": "thimble-ui",
    "version": "0.0.1",
    "private": true,
    "description": "A web platform interacting with the Thimble backend services.",
    "repository": ***
      "type": "git",
      "url": "git+https://github.com/ecadlabs/thimble.git"
    ***,
    "license": "ISC",
    "bugs": ***
      "url": "https://github.com/ecadlabs/thimble/issues"
    ***,
    "homepage": "https://github.com/ecadlabs/thimble#readme",
    "type": "module",
    "dependencies": ***
      "@svelteuidev/composables": "^0.15.6",
      "@svelteuidev/core": "^0.15.6",
      "@testing-library/svelte": "^4.1.0",
      "email-validator": "^2.0.4",
      "firebase": "^10.8.0",
      "radix-icons-svelte": "^1.2.1",
      "svelte-forms-lib": "^2.0.1",
      "svelte-i18n": "^4.0.0",
      "svelte-jester": "^3.0.0",
      "ts-jest": "^29.1.2",
      "yup": "^1.4.0",
      "@sveltejs/kit": "^2.5.5",
      "firebase-frameworks": "^0.11.0",
      "firebase-functions": "^6.0.1",
      "firebase-admin": "^11.11.1"
    ***,
    "main": "server.js",
    "engines": ***
      "node": "18"
    ***
  ***
  [2024-10-30T13:45:55.625Z] Building nodejs source
  i  functions: Loading and analyzing source code for codebase firebase-frameworks-*** to determine what to deploy 
  [2024-10-30T13:45:55.626Z] Could not find functions.yaml. Must use http discovery
  [2024-10-30T13:45:55.631Z] Found firebase-functions binary at '/home/runner/work/thimble/thimble/thimble-ui/.firebase/***/functions/node_modules/.bin/firebase-functions'
  Serving at port 8006
  
  [2024-10-30T13:45:56.019Z] Got response from /__/functions.yaml ***"endpoints":***"ssrthimbleecadlabs":***"availableMemoryMb":null,"timeoutSeconds":null,"minInstances":null,"maxInstances":null,"ingressSettings":null,"concurrency":null,"serviceAccountEmail":null,"vpc":null,"platform":"gcfv2","region":["us-central1"],"labels":***,"httpsTrigger":***,"entryPoint":"ssrthimbleecadlabs"***,"specVersion":"v1alpha1","requiredAPIs":[],"extensions":***
  i  extensions: ensuring required API firebaseextensions.googleapis.com is enabled... 
  [2024-10-30T13:45:56.044Z] No OAuth tokens found
  [2024-10-30T13:45:56.044Z] >>> [apiv2][query] GET https://serviceusage.googleapis.com/v1/projects/***/services/firebaseextensions.googleapis.com [none]
  [2024-10-30T13:45:56.044Z] >>> [apiv2][(partial)header] GET https://serviceusage.googleapis.com/v1/projects/***/services/firebaseextensions.googleapis.com x-goog-quota-user=projects/***
  [2024-10-30T13:45:56.315Z] <<< [apiv2][status] GET https://serviceusage.googleapis.com/v1/projects/***/services/firebaseextensions.googleapis.com 200
  [2024-10-30T13:45:56.315Z] <<< [apiv2][body] GET https://serviceusage.googleapis.com/v1/projects/***/services/firebaseextensions.googleapis.com [omitted]
  ✔  extensions: required API firebaseextensions.googleapis.com is enabled 
  [2024-10-30T13:45:56.316Z] > command requires scopes: ["email","openid","https://www.googleapis.com/auth/cloudplatformprojects.readonly","https://www.googleapis.com/auth/firebase","https://www.googleapis.com/auth/cloud-platform"]
  [2024-10-30T13:45:56.316Z] [iam] checking project *** for permissions ["firebase.projects.get","firebaseextensions.instances.list"]
  [2024-10-30T13:45:56.316Z] No OAuth tokens found
  [2024-10-30T13:45:56.316Z] >>> [apiv2][query] POST https://cloudresourcemanager.googleapis.com/v1/projects/***:testIamPermissions [none]
  [2024-10-30T13:45:56.316Z] >>> [apiv2][(partial)header] POST https://cloudresourcemanager.googleapis.com/v1/projects/***:testIamPermissions x-goog-quota-user=projects/***
  [2024-10-30T13:45:56.316Z] >>> [apiv2][body] POST https://cloudresourcemanager.googleapis.com/v1/projects/***:testIamPermissions ***"permissions":["firebase.projects.get","firebaseextensions.instances.list"]***
  [2024-10-30T13:45:56.456Z] <<< [apiv2][status] POST https://cloudresourcemanager.googleapis.com/v1/projects/***:testIamPermissions 200
  [2024-10-30T13:45:56.457Z] <<< [apiv2][body] POST https://cloudresourcemanager.googleapis.com/v1/projects/***:testIamPermissions ***"permissions":["firebase.projects.get"]***
  [2024-10-30T13:45:56.457Z] [iam] error while checking permissions, command may fail: FirebaseError: Authorization failed. This account is missing the following required permissions on project ***:
  
    firebaseextensions.instances.list
  [2024-10-30T13:45:56.458Z] No OAuth tokens found
  [2024-10-30T13:45:56.458Z] >>> [apiv2][query] GET https://firebaseextensions.googleapis.com/v1beta/projects/***/instances pageSize=100&pageToken=
  [2024-10-30T13:45:56.728Z] <<< [apiv2][status] GET https://firebaseextensions.googleapis.com/v1beta/projects/***/instances 403
  [2024-10-30T13:45:56.728Z] <<< [apiv2][body] GET https://firebaseextensions.googleapis.com/v1beta/projects/***/instances ***"error":***"code":403,"message":"The caller does not have permission","status":"PERMISSION_DENIED"***
  
  Error: Request to https://firebaseextensions.googleapis.com/v1beta/projects/***/instances?pageSize=100&pageToken= had HTTP Error: 403, The caller does not have permission
  [2024-10-30T13:45:56.729Z] Error Context: ***
    "body": ***
      "error": ***
        "code": 403,
        "message": "The caller does not have permission",
        "status": "PERMISSION_DENIED"
      ***
    ***,
    "response": ***
      "statusCode": 403
    ***
  ***
  
  The process '/usr/local/bin/npx' failed with exit code 1
  Error: The process '/usr/local/bin/npx' failed with exit code 1
  ***
    conclusion: 'failure',
    output: ***
      title: 'Deploy preview failed',
      summary: "Error: The process '/usr/local/bin/npx' failed with exit code 1"
    ***
  ***

Wondering if the issues are related and how to solve it.

@Heifarabuval
Copy link

Hello,

I'm encountering the same issue with the The caller does not have permission (403) error when deploying via a GitHub Action for Firebase Hosting.

Context: I’m using a GitHub Action to deploy my app to Firebase Hosting, with a service account configured in my GitHub secrets.
Error encountered: The deployment fails, returning a 403 error indicating that the caller does not have permission.
If anyone has found a solution or workaround, I’d appreciate any insights.

firebase.json

{
  "firestore": {
    "rules": "firestore.rules",
    "indexes": "firestore.indexes.json"
  },
  "emulators": {
    "firestore": {
      "port": 8080
    },
    "ui": {
      "enabled": true,
      "port": 10001
    },
    "singleProjectMode": true,
    "auth": {
      "port": 9099
    }
  },
  "hosting": {
    "source": ".",
    "ignore": [
      "firebase.json",
      "**/.*",
      "**/node_modules/**"
    ],
    "frameworksBackend": {
      "region": "europe-west1",
      "maxInstances": 1,
      "memory": "1GiB"
    }
  },
  "storage": {
    "rules": "storage.rules"
  }
}

github-action.yaml

# This file was auto-generated by the Firebase CLI
# https://github.com/firebase/firebase-tools

name: Deploy to Firebase Hosting on PR
on: pull_request
permissions:
  checks: write
  contents: read
  pull-requests: write
jobs:
  build_and_preview:
    environment: production
    if: ${{ github.event.pull_request.head.repo.full_name == github.repository }}
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - run: npm ci && npm run build
      - uses: FirebaseExtended/action-hosting-deploy@v0
        with:
          repoToken: ${{ secrets.GITHUB_TOKEN }}
          firebaseServiceAccount: ${{ secrets.FIREBASE_SERVICE_ACCOUNT_ADFINITAS_POWERFORM }}
          projectId: adfinitas-powerform
    env:
      FIREBASE_CLI_EXPERIMENTS: webframeworks

Output error:

  [2024-11-12T10:27:34.032Z] Building nodejs source
  i  functions: Loading and analyzing source code for codebase firebase-frameworks-adfinitas-powerform to determine what to deploy 
  [2024-11-12T10:27:34.033Z] Could not find functions.yaml. Must use http discovery
  [2024-11-12T10:27:34.038Z] Found firebase-functions binary at '/home/runner/work/Powerform/Powerform/.firebase/adfinitas-powerform/functions/node_modules/.bin/firebase-functions'
  Serving at port 8290
  
  [2024-11-12T10:27:34.419Z] Got response from /__/functions.yaml ***"endpoints":***"ssradfinitaspowerform":***"availableMemoryMb":1024,"timeoutSeconds":null,"minInstances":null,"maxInstances":1,"ingressSettings":null,"concurrency":null,"serviceAccountEmail":null,"vpc":null,"platform":"gcfv2","region":["europe-west1"],"labels":***,"httpsTrigger":***,"entryPoint":"ssradfinitaspowerform"***,"specVersion":"v1alpha1","requiredAPIs":[],"extensions":***
  i  extensions: ensuring required API firebaseextensions.googleapis.com is enabled... 
  [2024-11-12T10:27:34.459Z] No OAuth tokens found
  [2024-11-12T10:27:34.459Z] >>> [apiv2][query] GET https://serviceusage.googleapis.com/v1/projects/adfinitas-powerform/services/firebaseextensions.googleapis.com [none]
  [2024-11-12T10:27:34.459Z] >>> [apiv2][(partial)header] GET https://serviceusage.googleapis.com/v1/projects/adfinitas-powerform/services/firebaseextensions.googleapis.com x-goog-quota-user=projects/adfinitas-powerform
  [2024-11-12T10:27:34.641Z] <<< [apiv2][status] GET https://serviceusage.googleapis.com/v1/projects/adfinitas-powerform/services/firebaseextensions.googleapis.com 200
  [2024-11-12T10:27:34.641Z] <<< [apiv2][body] GET https://serviceusage.googleapis.com/v1/projects/adfinitas-powerform/services/firebaseextensions.googleapis.com [omitted]
  ✔  extensions: required API firebaseextensions.googleapis.com is enabled 
  [2024-11-12T10:27:34.642Z] > command requires scopes: ["email","openid","https://www.googleapis.com/auth/cloudplatformprojects.readonly","https://www.googleapis.com/auth/firebase","https://www.googleapis.com/auth/cloud-platform"]
  [2024-11-12T10:27:34.642Z] [iam] checking project adfinitas-powerform for permissions ["firebase.projects.get","firebaseextensions.instances.list"]
  [2024-11-12T10:27:34.643Z] No OAuth tokens found
  [2024-11-12T10:27:34.643Z] >>> [apiv2][query] POST https://cloudresourcemanager.googleapis.com/v1/projects/adfinitas-powerform:testIamPermissions [none]
  [2024-11-12T10:27:34.643Z] >>> [apiv2][(partial)header] POST https://cloudresourcemanager.googleapis.com/v1/projects/adfinitas-powerform:testIamPermissions x-goog-quota-user=projects/adfinitas-powerform
  [2024-11-12T10:27:34.644Z] >>> [apiv2][body] POST https://cloudresourcemanager.googleapis.com/v1/projects/adfinitas-powerform:testIamPermissions ***"permissions":["firebase.projects.get","firebaseextensions.instances.list"]***
  [2024-11-12T10:27:34.944Z] <<< [apiv2][status] POST https://cloudresourcemanager.googleapis.com/v1/projects/adfinitas-powerform:testIamPermissions 200
  [2024-11-12T10:27:34.944Z] <<< [apiv2][body] POST https://cloudresourcemanager.googleapis.com/v1/projects/adfinitas-powerform:testIamPermissions ***"permissions":["firebase.projects.get"]***
  [2024-11-12T10:27:34.944Z] [iam] error while checking permissions, command may fail: FirebaseError: Authorization failed. This account is missing the following required permissions on project adfinitas-powerform:
  
    firebaseextensions.instances.list
  [2024-11-12T10:27:34.945Z] No OAuth tokens found
  [2024-11-12T10:27:34.945Z] >>> [apiv2][query] GET https://firebaseextensions.googleapis.com/v1beta/projects/adfinitas-powerform/instances pageSize=100&pageToken=
  [2024-11-12T10:27:35.346Z] <<< [apiv2][status] GET https://firebaseextensions.googleapis.com/v1beta/projects/adfinitas-powerform/instances 403
  [2024-11-12T10:27:35.346Z] <<< [apiv2][body] GET https://firebaseextensions.googleapis.com/v1beta/projects/adfinitas-powerform/instances ***"error":***"code":403,"message":"The caller does not have permission","status":"PERMISSION_DENIED"***
  
  Error: Request to https://firebaseextensions.googleapis.com/v1beta/projects/adfinitas-powerform/instances?pageSize=100&pageToken= had HTTP Error: 403, The caller does not have permission
  [2024-11-12T10:27:35.348Z] Error Context: ***
    "body": ***
      "error": ***
        "code": 403,
        "message": "The caller does not have permission",
        "status": "PERMISSION_DENIED"
      ***
    ***,
    "response": ***
      "statusCode": 403
    ***
  ***
  
  The process '/usr/local/bin/npx' failed with exit code 1
  Error: The process '/usr/local/bin/npx' failed with exit code 1

If there’s any additional information I should provide, or specific settings I might need to review, please let me know. Thank you in advance for your help!

@Heifarabuval
Copy link

Hello,

I'm encountering the same issue with the The caller does not have permission (403) error when deploying via a GitHub Action for Firebase Hosting.

Context: I’m using a GitHub Action to deploy my app to Firebase Hosting, with a service account configured in my GitHub secrets. Error encountered: The deployment fails, returning a 403 error indicating that the caller does not have permission. If anyone has found a solution or workaround, I’d appreciate any insights.

firebase.json

{
  "firestore": {
    "rules": "firestore.rules",
    "indexes": "firestore.indexes.json"
  },
  "emulators": {
    "firestore": {
      "port": 8080
    },
    "ui": {
      "enabled": true,
      "port": 10001
    },
    "singleProjectMode": true,
    "auth": {
      "port": 9099
    }
  },
  "hosting": {
    "source": ".",
    "ignore": [
      "firebase.json",
      "**/.*",
      "**/node_modules/**"
    ],
    "frameworksBackend": {
      "region": "europe-west1",
      "maxInstances": 1,
      "memory": "1GiB"
    }
  },
  "storage": {
    "rules": "storage.rules"
  }
}

github-action.yaml

# This file was auto-generated by the Firebase CLI
# https://github.com/firebase/firebase-tools

name: Deploy to Firebase Hosting on PR
on: pull_request
permissions:
  checks: write
  contents: read
  pull-requests: write
jobs:
  build_and_preview:
    environment: production
    if: ${{ github.event.pull_request.head.repo.full_name == github.repository }}
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - run: npm ci && npm run build
      - uses: FirebaseExtended/action-hosting-deploy@v0
        with:
          repoToken: ${{ secrets.GITHUB_TOKEN }}
          firebaseServiceAccount: ${{ secrets.FIREBASE_SERVICE_ACCOUNT_ADFINITAS_POWERFORM }}
          projectId: adfinitas-powerform
    env:
      FIREBASE_CLI_EXPERIMENTS: webframeworks

Output error:

  [2024-11-12T10:27:34.032Z] Building nodejs source
  i  functions: Loading and analyzing source code for codebase firebase-frameworks-adfinitas-powerform to determine what to deploy 
  [2024-11-12T10:27:34.033Z] Could not find functions.yaml. Must use http discovery
  [2024-11-12T10:27:34.038Z] Found firebase-functions binary at '/home/runner/work/Powerform/Powerform/.firebase/adfinitas-powerform/functions/node_modules/.bin/firebase-functions'
  Serving at port 8290
  
  [2024-11-12T10:27:34.419Z] Got response from /__/functions.yaml ***"endpoints":***"ssradfinitaspowerform":***"availableMemoryMb":1024,"timeoutSeconds":null,"minInstances":null,"maxInstances":1,"ingressSettings":null,"concurrency":null,"serviceAccountEmail":null,"vpc":null,"platform":"gcfv2","region":["europe-west1"],"labels":***,"httpsTrigger":***,"entryPoint":"ssradfinitaspowerform"***,"specVersion":"v1alpha1","requiredAPIs":[],"extensions":***
  i  extensions: ensuring required API firebaseextensions.googleapis.com is enabled... 
  [2024-11-12T10:27:34.459Z] No OAuth tokens found
  [2024-11-12T10:27:34.459Z] >>> [apiv2][query] GET https://serviceusage.googleapis.com/v1/projects/adfinitas-powerform/services/firebaseextensions.googleapis.com [none]
  [2024-11-12T10:27:34.459Z] >>> [apiv2][(partial)header] GET https://serviceusage.googleapis.com/v1/projects/adfinitas-powerform/services/firebaseextensions.googleapis.com x-goog-quota-user=projects/adfinitas-powerform
  [2024-11-12T10:27:34.641Z] <<< [apiv2][status] GET https://serviceusage.googleapis.com/v1/projects/adfinitas-powerform/services/firebaseextensions.googleapis.com 200
  [2024-11-12T10:27:34.641Z] <<< [apiv2][body] GET https://serviceusage.googleapis.com/v1/projects/adfinitas-powerform/services/firebaseextensions.googleapis.com [omitted]
  ✔  extensions: required API firebaseextensions.googleapis.com is enabled 
  [2024-11-12T10:27:34.642Z] > command requires scopes: ["email","openid","https://www.googleapis.com/auth/cloudplatformprojects.readonly","https://www.googleapis.com/auth/firebase","https://www.googleapis.com/auth/cloud-platform"]
  [2024-11-12T10:27:34.642Z] [iam] checking project adfinitas-powerform for permissions ["firebase.projects.get","firebaseextensions.instances.list"]
  [2024-11-12T10:27:34.643Z] No OAuth tokens found
  [2024-11-12T10:27:34.643Z] >>> [apiv2][query] POST https://cloudresourcemanager.googleapis.com/v1/projects/adfinitas-powerform:testIamPermissions [none]
  [2024-11-12T10:27:34.643Z] >>> [apiv2][(partial)header] POST https://cloudresourcemanager.googleapis.com/v1/projects/adfinitas-powerform:testIamPermissions x-goog-quota-user=projects/adfinitas-powerform
  [2024-11-12T10:27:34.644Z] >>> [apiv2][body] POST https://cloudresourcemanager.googleapis.com/v1/projects/adfinitas-powerform:testIamPermissions ***"permissions":["firebase.projects.get","firebaseextensions.instances.list"]***
  [2024-11-12T10:27:34.944Z] <<< [apiv2][status] POST https://cloudresourcemanager.googleapis.com/v1/projects/adfinitas-powerform:testIamPermissions 200
  [2024-11-12T10:27:34.944Z] <<< [apiv2][body] POST https://cloudresourcemanager.googleapis.com/v1/projects/adfinitas-powerform:testIamPermissions ***"permissions":["firebase.projects.get"]***
  [2024-11-12T10:27:34.944Z] [iam] error while checking permissions, command may fail: FirebaseError: Authorization failed. This account is missing the following required permissions on project adfinitas-powerform:
  
    firebaseextensions.instances.list
  [2024-11-12T10:27:34.945Z] No OAuth tokens found
  [2024-11-12T10:27:34.945Z] >>> [apiv2][query] GET https://firebaseextensions.googleapis.com/v1beta/projects/adfinitas-powerform/instances pageSize=100&pageToken=
  [2024-11-12T10:27:35.346Z] <<< [apiv2][status] GET https://firebaseextensions.googleapis.com/v1beta/projects/adfinitas-powerform/instances 403
  [2024-11-12T10:27:35.346Z] <<< [apiv2][body] GET https://firebaseextensions.googleapis.com/v1beta/projects/adfinitas-powerform/instances ***"error":***"code":403,"message":"The caller does not have permission","status":"PERMISSION_DENIED"***
  
  Error: Request to https://firebaseextensions.googleapis.com/v1beta/projects/adfinitas-powerform/instances?pageSize=100&pageToken= had HTTP Error: 403, The caller does not have permission
  [2024-11-12T10:27:35.348Z] Error Context: ***
    "body": ***
      "error": ***
        "code": 403,
        "message": "The caller does not have permission",
        "status": "PERMISSION_DENIED"
      ***
    ***,
    "response": ***
      "statusCode": 403
    ***
  ***
  
  The process '/usr/local/bin/npx' failed with exit code 1
  Error: The process '/usr/local/bin/npx' failed with exit code 1

If there’s any additional information I should provide, or specific settings I might need to review, please let me know. Thank you in advance for your help!

Solved: Adding the IAM role Firebase Extensions Viewer to the service account resolved the permission issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

5 participants