diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 950b0db..b5da3ba 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -15,12 +15,13 @@ jobs: function: "functions:cms4devfestgdg" target: "default" front: "production" + config: "firebase.cloudnord.json" - org: Cloud Nord secret: CLOUDNORD_FIREBASE_TOKEN function: "functions:cms4devfestcloudnord" target: "cloudnord" front: "production,cloudnord" - + config: "firebase.devfest.json" steps: - name: Checkout Repo uses: actions/checkout@master @@ -36,9 +37,9 @@ jobs: - name: Deploy to Firebase for ${{ matrix.org }} run: | npm --prefix public run build -- --configuration ${{ matrix.front }} - npx firebase-tools deploy -P ${{ matrix.target }} --only hosting - npx firebase-tools deploy -P ${{ matrix.target }} --only firestore:rules - npx firebase-tools deploy -P ${{ matrix.target }} --only functions:cms - npx firebase-tools deploy -P ${{ matrix.target }} --only ${{ matrix.function }} + npx firebase-tools deploy -c ${{matrix.config}} -P ${{ matrix.target }} --only hosting + npx firebase-tools deploy -c ${{matrix.config}} -P ${{ matrix.target }} --only firestore:rules + npx firebase-tools deploy -c ${{matrix.config}} -P ${{ matrix.target }} --only functions:cms + npx firebase-tools deploy -c ${{matrix.config}} -P ${{ matrix.target }} --only ${{ matrix.function }} env: FIREBASE_TOKEN: ${{ secrets[matrix.secret] }} diff --git a/firebase.cloudnord.json b/firebase.cloudnord.json new file mode 100644 index 0000000..bdff41b --- /dev/null +++ b/firebase.cloudnord.json @@ -0,0 +1,45 @@ +{ + "storage": { + "rules": "./storage.cloudnord.rules" + }, + "firestore": { + "rules": "firestore.cloudnord.rules", + "indexes": "firestore.indexes.json" + }, + "functions": [ + { + "source": "functions", + "codebase": "default", + "ignore": ["node_modules", ".git", "firebase-debug.log", "firebase-debug.*.log"], + "predeploy": ["npm --prefix \"$RESOURCE_DIR\" run build"] + } + ], + "hosting": { + "public": "public/dist/front/browser", + "ignore": ["firebase.json", "**/.*", "**/node_modules/**"], + "rewrites": [ + { + "source": "**", + "destination": "/index.html" + } + ] + }, + "emulators": { + "auth": { + "port": 9099 + }, + "functions": { + "port": 5001 + }, + "firestore": { + "port": 8080 + }, + "hosting": { + "port": 5000 + }, + "ui": { + "enabled": true + }, + "singleProjectMode": true + } +} diff --git a/firebase.json b/firebase.devfest.json similarity index 91% rename from firebase.json rename to firebase.devfest.json index 9e9e7d0..da47167 100644 --- a/firebase.json +++ b/firebase.devfest.json @@ -1,9 +1,9 @@ { "storage": { - "rules": "storage.rules" + "rules": "storage.devfest.rules" }, "firestore": { - "rules": "firestore.rules", + "rules": "firestore.devfest.rules", "indexes": "firestore.indexes.json" }, "functions": [ diff --git a/firestore.rules b/firestore.cloudnord.rules similarity index 100% rename from firestore.rules rename to firestore.cloudnord.rules diff --git a/firestore.devfest.rules b/firestore.devfest.rules new file mode 100644 index 0000000..2ae17ef --- /dev/null +++ b/firestore.devfest.rules @@ -0,0 +1,32 @@ +rules_version = '2'; +service cloud.firestore { + match /databases/{database}/documents { + match /companies-2023/{companyId} { + allow list, update: if isGdgLille() || notUpdating('name'); + allow create, get: if true; + } + match /companies-2024/{companyId} { + allow list, update: if isGdgLille() || notUpdating('name'); + allow create, get: if true; + } + match /workflows/{workflowId} { + allow list: if true; + allow get: if true; + } + match /configuration/{configurationId} { + allow get: if true; + allow update: if isGdgLille(); + } + } +} + +function notUpdating(field) { + return !(field in request.resource.data) + || resource.data[field] == request.resource.data[field] +} +function isOwner(companyId) { + return request.auth.token.email in resource.data.email; +} +function isGdgLille() { + return request.auth.token.email.matches(".*@gdglille.org") +} \ No newline at end of file diff --git a/storage.rules b/storage.cloudnord.rules similarity index 100% rename from storage.rules rename to storage.cloudnord.rules diff --git a/storage.devfest.rules b/storage.devfest.rules new file mode 100644 index 0000000..78bc98b --- /dev/null +++ b/storage.devfest.rules @@ -0,0 +1,54 @@ +rules_version = '2'; +service firebase.storage { + match /b/{bucket}/o { + match /logo { + match /{allPaths=**} { + allow read: if true; + } + match /{imageId} { + allow write: if request.resource.size < 5 * 1024 * 1024 + && request.resource.contentType.matches('image/.*'); + } + } + match /facture { + match /{allPaths=**} { + allow read: if true; + allow write: if isGdgLille(); + } + } + match /flyers { + match /{allPaths=**} { + allow read: if true; + allow write: if isGdgLille(); + } + } + match /devis { + match /{allPaths=**} { + allow read: if true; + allow write: if isGdgLille(); + } + } + match /conventionSigned { + match /{allPaths=**} { + allow read: if true; + allow write: if true; + } + } + match /signed { + match /{allPaths=**} { + allow read: if true; + allow write: if true; + } + } + match /convention { + match /{allPaths=**} { + allow read: if true; + allow write: if isGdgLille(); + } + } + + } +} +function isGdgLille() { + return request.auth.token.email.matches(".*@gdglille.org") +}