feat: generate multiple config file by env

devlille · Jan 26, 2024 · 5cac276 · 5cac276
1 parent 881e44e
commit 5cac276
Show file tree

Hide file tree

Showing 7 changed files with 139 additions and 7 deletions.
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -15,12 +15,13 @@ jobs:
             function: "functions:cms4devfestgdg"
             target: "default"
             front: "production"
+            config: "firebase.cloudnord.json"
           - org: Cloud Nord
             secret: CLOUDNORD_FIREBASE_TOKEN
             function: "functions:cms4devfestcloudnord"
             target: "cloudnord"
             front: "production,cloudnord"
-
+            config: "firebase.devfest.json"
     steps:
       - name: Checkout Repo
         uses: actions/checkout@master
@@ -36,9 +37,9 @@ jobs:
       - name: Deploy to Firebase for ${{ matrix.org }}
         run: |
           npm --prefix public run build -- --configuration ${{ matrix.front }}
-          npx firebase-tools deploy -P ${{ matrix.target }} --only hosting
-          npx firebase-tools deploy -P ${{ matrix.target }} --only firestore:rules
-          npx firebase-tools deploy -P ${{ matrix.target }} --only functions:cms
-          npx firebase-tools deploy -P ${{ matrix.target }} --only ${{ matrix.function }}
+          npx firebase-tools deploy -c ${{matrix.config}} -P ${{ matrix.target }} --only hosting
+          npx firebase-tools deploy -c ${{matrix.config}} -P ${{ matrix.target }} --only firestore:rules
+          npx firebase-tools deploy -c ${{matrix.config}} -P ${{ matrix.target }} --only functions:cms
+          npx firebase-tools deploy -c ${{matrix.config}} -P ${{ matrix.target }} --only ${{ matrix.function }}
         env:
           FIREBASE_TOKEN: ${{ secrets[matrix.secret] }}
diff --git a/firebase.cloudnord.json b/firebase.cloudnord.json
@@ -0,0 +1,45 @@
+{
+  "storage": {
+    "rules": "./storage.cloudnord.rules"
+  },
+  "firestore": {
+    "rules": "firestore.cloudnord.rules",
+    "indexes": "firestore.indexes.json"
+  },
+  "functions": [
+    {
+      "source": "functions",
+      "codebase": "default",
+      "ignore": ["node_modules", ".git", "firebase-debug.log", "firebase-debug.*.log"],
+      "predeploy": ["npm --prefix \"$RESOURCE_DIR\" run build"]
+    }
+  ],
+  "hosting": {
+    "public": "public/dist/front/browser",
+    "ignore": ["firebase.json", "**/.*", "**/node_modules/**"],
+    "rewrites": [
+      {
+        "source": "**",
+        "destination": "/index.html"
+      }
+    ]
+  },
+  "emulators": {
+    "auth": {
+      "port": 9099
+    },
+    "functions": {
+      "port": 5001
+    },
+    "firestore": {
+      "port": 8080
+    },
+    "hosting": {
+      "port": 5000
+    },
+    "ui": {
+      "enabled": true
+    },
+    "singleProjectMode": true
+  }
+}
diff --git a/firebase.json → firebase.devfest.json b/firebase.json → firebase.devfest.json
@@ -1,9 +1,9 @@
 {
   "storage": {
-    "rules": "storage.rules"
+    "rules": "storage.devfest.rules"
   },
   "firestore": {
-    "rules": "firestore.rules",
+    "rules": "firestore.devfest.rules",
     "indexes": "firestore.indexes.json"
   },
   "functions": [

diff --git a/firestore.rules → firestore.cloudnord.rules b/firestore.rules → firestore.cloudnord.rules
diff --git a/firestore.devfest.rules b/firestore.devfest.rules
@@ -0,0 +1,32 @@
+rules_version = '2';
+service cloud.firestore {
+  match /databases/{database}/documents {
+    match /companies-2023/{companyId} {
+      allow list, update: if isGdgLille() || notUpdating('name');
+      allow create, get: if true;
+    }
+    match /companies-2024/{companyId} {
+      allow list, update: if isGdgLille() || notUpdating('name');
+      allow create, get: if true;
+    }
+    match /workflows/{workflowId} {
+      allow list: if true;
+      allow get: if true;
+    }
+    match /configuration/{configurationId} {
+      allow get: if true;
+      allow update: if isGdgLille();
+    }
+  }
+}
+
+function notUpdating(field) {
+ return !(field in request.resource.data)
+  || resource.data[field] == request.resource.data[field]
+}
+function isOwner(companyId) {
+    return request.auth.token.email in resource.data.email;
+}
+function isGdgLille() {
+    return request.auth.token.email.matches(".*@gdglille.org")
+}
diff --git a/storage.rules → storage.cloudnord.rules b/storage.rules → storage.cloudnord.rules
diff --git a/storage.devfest.rules b/storage.devfest.rules
@@ -0,0 +1,54 @@
+rules_version = '2';
+service firebase.storage {
+  match /b/{bucket}/o {
+  		match /logo {
+     		match /{allPaths=**} {
+      		allow read: if true;
+    		}
+    		match /{imageId} {
+       		allow write: if request.resource.size < 5 * 1024 * 1024
+                    && request.resource.contentType.matches('image/.*');
+     		}
+  		}
+      match /facture {
+     		match /{allPaths=**} {
+        	allow read: if true;
+      		allow write: if isGdgLille();
+    		}
+  		}
+      match /flyers {
+     		match /{allPaths=**} {
+        	allow read: if true;
+      		allow write: if isGdgLille();
+    		}
+  		}
+      match /devis {
+     		match /{allPaths=**} {
+      		allow read: if true;
+      		allow write: if isGdgLille();
+    		}
+  		}
+      match /conventionSigned {
+     		match /{allPaths=**} {
+        	allow read: if true;
+      		allow write: if true;
+    		}
+  		}
+      match /signed {
+     		match /{allPaths=**} {
+        	allow read: if true;
+      		allow write: if true;
+    		}
+  		}
+      match /convention {
+     		match /{allPaths=**} {
+        	allow read: if true;
+      		allow write: if isGdgLille();
+    		}
+  		}
+
+  }
+}
+function isGdgLille() {
+    return request.auth.token.email.matches(".*@gdglille.org")
+}