[Auth] Extend MFA login flow to email/password page #9542
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Copyright 2020 Google LLC | |
# | |
# Licensed under the Apache License, Version 2.0 (the "License"); | |
# you may not use this file except in compliance with the License. | |
# You may obtain a copy of the License at | |
# | |
# http://www.apache.org/licenses/LICENSE-2.0 | |
# | |
# Unless required by applicable law or agreed to in writing, software | |
# distributed under the License is distributed on an "AS IS" BASIS, | |
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
# See the License for the specific language governing permissions and | |
# limitations under the License. | |
name: firestore | |
on: | |
pull_request: | |
schedule: | |
# Run every day at 12am (PST) - cron uses UTC times | |
- cron: '0 8 * * *' | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.head_ref || github.ref }} | |
cancel-in-progress: true | |
jobs: | |
changes: | |
runs-on: macos-14 | |
# Only when this is not a scheduled run | |
if: github.event_name != 'schedule' | |
outputs: | |
changed: ${{ steps.changes.outputs.changed }} | |
steps: | |
- uses: dorny/paths-filter@v2 | |
id: changes | |
with: | |
filters: | | |
changed: | |
# Firestore sources | |
- 'Firestore/**' | |
# Interop headers | |
- 'FirebaseAuth/Interop/*.h' | |
# FirebaseCore header change | |
- 'FirebaseCore/Internal' | |
- 'FirebaseCore/Sources/Public' | |
# Podspec | |
- 'FirebaseFirestoreInternal.podspec' | |
- 'FirebaseFirestore.podspec' | |
# CMake | |
- '**CMakeLists.txt' | |
- 'cmake/**' | |
# Build scripts to which Firestore is sensitive | |
# | |
# Note that this doesn't include check scripts because changing those will | |
# already trigger the check workflow. | |
- 'scripts/binary_to_array.py' | |
- 'scripts/build.sh' | |
- 'scripts/install_prereqs.sh' | |
- 'scripts/localize_podfile.swift' | |
- 'scripts/pod_lib_lint.rb' | |
- 'scripts/run_firestore_emulator.sh' | |
- 'scripts/setup_*' | |
- 'scripts/sync_project.rb' | |
- 'scripts/test_quickstart.sh' | |
- 'scripts/xcresult_logs.py' | |
# This workflow | |
- '.github/workflows/firestore.yml' | |
# Rebuild on Ruby infrastructure changes. | |
- 'Gemfile*' | |
check: | |
needs: changes | |
# Either a scheduled run from public repo, or a pull request with firestore changes. | |
if: | | |
(github.repository == 'Firebase/firebase-ios-sdk' && github.event_name == 'schedule') || | |
(github.event_name == 'pull_request' && needs.changes.outputs.changed == 'true') | |
runs-on: macos-14 | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-python@v5 | |
with: | |
python-version: 3.11 | |
- name: Setup check | |
run: scripts/setup_check.sh | |
- name: Run check | |
run: scripts/check.sh --test-only | |
cmake: | |
needs: check | |
# Either a scheduled run from public repo, or a pull request with firestore changes. | |
if: | | |
(github.repository == 'Firebase/firebase-ios-sdk' && github.event_name == 'schedule') || | |
(github.event_name == 'pull_request' && needs.changes.outputs.changed == 'true') | |
strategy: | |
matrix: | |
os: [macos-14, ubuntu-latest] | |
env: | |
MINT_PATH: ${{ github.workspace }}/mint | |
runs-on: ${{ matrix.os }} | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Prepare ccache | |
uses: actions/cache@v4 | |
with: | |
path: ${{ runner.temp }}/ccache | |
key: firestore-ccache-${{ runner.os }}-${{ github.sha }} | |
restore-keys: | | |
firestore-ccache-${{ runner.os }}- | |
- name: Cache Mint packages | |
uses: actions/cache@v4 | |
with: | |
path: ${{ env.MINT_PATH }} | |
key: ${{ runner.os }}-mint-${{ hashFiles('**/Mintfile') }} | |
restore-keys: ${{ runner.os }}-mint- | |
- uses: actions/setup-python@v5 | |
with: | |
python-version: '3.10' | |
- name: Setup build | |
run: scripts/install_prereqs.sh Firestore ${{ runner.os }} cmake | |
- name: Build and test | |
run: | | |
export EXPERIMENTAL_MODE=true | |
export CCACHE_DIR=${{ runner.temp }}/ccache | |
scripts/third_party/travis/retry.sh scripts/build.sh Firestore ${{ runner.os }} cmake | |
cmake-prod-db: | |
needs: check | |
# Either a scheduled run from public repo, or a pull request with firestore changes. | |
if: | | |
(github.repository == 'Firebase/firebase-ios-sdk' && github.event_name == 'schedule') || | |
(github.event_name == 'pull_request' && needs.changes.outputs.changed == 'true') | |
strategy: | |
matrix: | |
os: [macos-14] | |
databaseId: [(default), test-db] | |
env: | |
plist_secret: ${{ secrets.GHASecretsGPGPassphrase1 }} | |
MINT_PATH: ${{ github.workspace }}/mint | |
TARGET_DATABASE_ID: ${{ matrix.databaseId }} | |
runs-on: ${{ matrix.os }} | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Prepare ccache | |
uses: actions/cache@v4 | |
with: | |
path: ${{ runner.temp }}/ccache | |
key: firestore-ccache-${{ matrix.databaseId }}-${{ runner.os }}-${{ github.sha }} | |
restore-keys: | | |
firestore-ccache-${{ matrix.databaseId }}-${{ runner.os }}- | |
- name: Cache Mint packages | |
uses: actions/cache@v4 | |
with: | |
path: ${{ env.MINT_PATH }} | |
key: ${{ runner.os }}-mint-${{ hashFiles('**/Mintfile') }} | |
restore-keys: ${{ runner.os }}-mint- | |
- uses: actions/setup-python@v5 | |
with: | |
python-version: '3.10' | |
- name: Install Secret GoogleService-Info.plist | |
run: scripts/decrypt_gha_secret.sh scripts/gha-encrypted/firestore.plist.gpg \ | |
Firestore/Example/App/GoogleService-Info.plist "$plist_secret" | |
- name: Install Google Service Account key | |
run: | | |
scripts/decrypt_gha_secret.sh scripts/gha-encrypted/firestore-integration.json.gpg \ | |
google-service-account.json "$plist_secret" | |
# create composite indexes with Terraform | |
- name: Set up Google Cloud SDK | |
uses: google-github-actions/setup-gcloud@v1 | |
- name: Setup Terraform | |
uses: hashicorp/setup-terraform@v2 | |
- name: Terraform Init | |
run: | | |
cd Firestore | |
terraform init | |
- name: Terraform Apply | |
run: | | |
cd Firestore | |
# Define a temporary file, redirect both stdout and stderr to it | |
output_file=$(mktemp) | |
if ! terraform apply -var-file=../google-service-account.json -auto-approve > "$output_file" 2>&1 ; then | |
cat "$output_file" | |
if cat "$output_file" | grep -q "index already exists"; then | |
echo "===================================================================================" | |
echo "Terraform apply failed due to index already exists; We can safely ignore this error." | |
echo "===================================================================================" | |
fi | |
exit 1 | |
fi | |
rm -f "$output_file" | |
env: | |
GOOGLE_APPLICATION_CREDENTIALS: ../google-service-account.json | |
continue-on-error: true | |
- name: Setup build | |
run: scripts/install_prereqs.sh Firestore ${{ runner.os }} cmake | |
- name: Build and test | |
run: | | |
export CCACHE_DIR=${{ runner.temp }}/ccache | |
scripts/third_party/travis/retry.sh scripts/build.sh Firestore ${{ runner.os }} cmake | |
sanitizers-mac: | |
needs: check | |
# Either a scheduled run from public repo, or a pull request with firestore changes. | |
if: | | |
(github.repository == 'Firebase/firebase-ios-sdk' && github.event_name == 'schedule') || | |
(github.event_name == 'pull_request' && needs.changes.outputs.changed == 'true') | |
strategy: | |
matrix: | |
os: [macos-14] | |
sanitizer: [asan, tsan] | |
runs-on: ${{ matrix.os }} | |
env: | |
SANITIZERS: ${{ matrix.sanitizer }} | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Prepare ccache | |
uses: actions/cache@v4 | |
with: | |
path: ${{ runner.temp }}/ccache | |
key: ${{ matrix.sanitizer }}-firestore-ccache-${{ runner.os }}-${{ github.sha }} | |
restore-keys: | | |
${{ matrix.sanitizer }}-firestore-ccache-${{ runner.os }}- | |
- uses: actions/setup-python@v5 | |
with: | |
python-version: '3.10' | |
- name: Setup build | |
run: scripts/install_prereqs.sh Firestore ${{ runner.os }} cmake | |
- name: Build and test | |
run: | | |
export EXPERIMENTAL_MODE=true | |
export CCACHE_DIR=${{ runner.temp }}/ccache | |
scripts/third_party/travis/retry.sh scripts/build.sh Firestore ${{ runner.os }} cmake | |
sanitizers-ubuntu: | |
needs: check | |
# Either a scheduled run from public repo, or a pull request with firestore changes. | |
if: | | |
(github.repository == 'Firebase/firebase-ios-sdk' && github.event_name == 'schedule') || | |
(github.event_name == 'pull_request' && needs.changes.outputs.changed == 'true') | |
strategy: | |
matrix: | |
os: [ubuntu-latest] | |
# Excluding TSAN on ubuntu because of the warnings it generates around schedule.cc. | |
# This could be due to Apple Clang provide additional support for synchronization | |
# on Apple platforms, which is what we primarily care about. | |
sanitizer: [asan] | |
runs-on: ${{ matrix.os }} | |
env: | |
SANITIZERS: ${{ matrix.sanitizer }} | |
ASAN_OPTIONS: detect_leaks=0 | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Prepare ccache | |
uses: actions/cache@v4 | |
with: | |
path: ${{ runner.temp }}/ccache | |
key: ${{ matrix.sanitizer }}-firestore-ccache-${{ runner.os }}-${{ github.sha }} | |
restore-keys: | | |
${{ matrix.sanitizer }}-firestore-ccache-${{ runner.os }}- | |
- uses: actions/setup-python@v5 | |
with: | |
python-version: '3.7' | |
- name: Setup build | |
run: scripts/install_prereqs.sh Firestore ${{ runner.os }} cmake | |
- name: Build and test | |
run: | | |
export EXPERIMENTAL_MODE=true | |
export CCACHE_DIR=${{ runner.temp }}/ccache | |
scripts/third_party/travis/retry.sh scripts/build.sh Firestore ${{ runner.os }} cmake | |
xcodebuild: | |
needs: check | |
# Either a scheduled run from public repo, or a pull request with firestore changes. | |
if: | | |
(github.repository == 'Firebase/firebase-ios-sdk' && github.event_name == 'schedule') || | |
(github.event_name == 'pull_request') | |
runs-on: macos-14 | |
strategy: | |
matrix: | |
target: [iOS, macOS, tvOS] | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: mikehardy/buildcache-action@c87cea0ccd718971d6cc39e672c4f26815b6c126 | |
with: | |
cache_key: ${{ matrix.target }} | |
- uses: ruby/setup-ruby@v1 | |
- name: Setup build | |
run: scripts/install_prereqs.sh Firestore ${{ matrix.target }} xcodebuild | |
- name: Build and test | |
run: | | |
export EXPERIMENTAL_MODE=true | |
scripts/third_party/travis/retry.sh scripts/build.sh Firestore ${{ matrix.target }} xcodebuild | |
pod-lib-lint: | |
needs: check | |
# Either a scheduled run from public repo, or a pull request with firestore changes. | |
if: | | |
(github.repository == 'Firebase/firebase-ios-sdk' && github.event_name == 'schedule') || | |
(github.event_name == 'pull_request') | |
runs-on: macos-14 | |
strategy: | |
matrix: | |
podspec: [ | |
'FirebaseFirestoreInternal.podspec', | |
'FirebaseFirestore.podspec', | |
] | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: ruby/setup-ruby@v1 | |
- name: Setup Bundler | |
run: ./scripts/setup_bundler.sh | |
- name: Xcode | |
run: sudo xcode-select -s /Applications/Xcode_15.2.app/Contents/Developer | |
- name: Pod lib lint | |
# TODO(#9565, b/227461966): Remove --no-analyze when absl is fixed. | |
run: | | |
scripts/third_party/travis/retry.sh scripts/pod_lib_lint.rb ${{ matrix.podspec }} \ | |
--platforms=ios \ | |
--allow-warnings \ | |
--no-analyze | |
# `pod lib lint` takes a long time so only run the other platforms and static frameworks build in the cron. | |
pod-lib-lint-cron: | |
needs: check | |
if: github.event_name == 'schedule' && github.repository == 'Firebase/firebase-ios-sdk' | |
strategy: | |
matrix: | |
podspec: [ | |
'FirebaseFirestoreInternal.podspec', | |
'FirebaseFirestore.podspec', | |
] | |
platforms: [ | |
'macos', | |
'tvos', | |
'ios', | |
] | |
flags: [ | |
'--use-static-frameworks', | |
'', | |
] | |
os: [macos-14, macos-13] | |
# TODO: grpc and its dependencies don't build on Xcode 15 for macos because their minimum macos is lower than 10.11. | |
exclude: | |
- os: macos-13 | |
platforms: 'macos' | |
# Skip matrix cells covered by pod-lib-lint job. | |
- os: macos-13 | |
platforms: 'ios' | |
include: | |
- os: macos-15 | |
xcode: Xcode_16 | |
- os: macos-13 | |
xcode: Xcode_15.2 | |
runs-on: ${{ matrix.os }} | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: ruby/setup-ruby@v1 | |
- name: Setup Bundler | |
run: ./scripts/setup_bundler.sh | |
- name: Xcode | |
run: sudo xcode-select -s /Applications/${{ matrix.xcode }}.app/Contents/Developer | |
- name: Pod lib lint | |
# TODO(#9565, b/227461966): Remove --no-analyze when absl is fixed. | |
run: | | |
scripts/third_party/travis/retry.sh scripts/pod_lib_lint.rb ${{ matrix.podspec }}\ | |
${{ matrix.flags }} \ | |
--platforms=${{ matrix.platforms }} \ | |
--allow-warnings \ | |
--no-analyze | |
spm-package-resolved: | |
runs-on: macos-14 | |
env: | |
FIREBASECI_USE_LATEST_GOOGLEAPPMEASUREMENT: 1 | |
FIREBASE_SOURCE_FIRESTORE: 1 | |
outputs: | |
cache_key: ${{ steps.generate_cache_key.outputs.cache_key }} | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Generate Swift Package.resolved | |
id: swift_package_resolve | |
run: | | |
swift package resolve | |
- name: Generate cache key | |
id: generate_cache_key | |
run: | | |
cache_key="${{ runner.os }}-spm-${{ hashFiles('**/Package.resolved') }}" | |
echo "cache_key=${cache_key}" >> "$GITHUB_OUTPUT" | |
- uses: actions/cache/save@v4 | |
id: cache | |
with: | |
path: .build | |
key: ${{ steps.generate_cache_key.outputs.cache_key }} | |
spm-source: | |
needs: [check, spm-package-resolved] | |
# Either a scheduled run from public repo, or a pull request with firestore changes. | |
if: | | |
(github.repository == 'Firebase/firebase-ios-sdk' && github.event_name == 'schedule') || | |
(github.event_name == 'pull_request') | |
strategy: | |
matrix: | |
include: | |
- os: macos-13 | |
xcode: Xcode_15.2 | |
target: iOS | |
- os: macos-14 | |
xcode: Xcode_15.4 | |
target: iOS | |
- os: macos-15 | |
xcode: Xcode_16 | |
target: iOS | |
- os: macos-15 | |
xcode: Xcode_16 | |
target: tvOS | |
- os: macos-15 | |
xcode: Xcode_16 | |
target: macOS | |
- os: macos-15 | |
xcode: Xcode_16 | |
target: catalyst | |
- os: macos-15 | |
xcode: Xcode_16 | |
target: visionOS | |
runs-on: ${{ matrix.os }} | |
env: | |
FIREBASE_SOURCE_FIRESTORE: 1 | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: mikehardy/buildcache-action@c87cea0ccd718971d6cc39e672c4f26815b6c126 | |
with: | |
cache_key: spm${{ matrix.os }}-${{ matrix.xcode }}-${{ matrix.target }} | |
- name: Xcode | |
run: sudo xcode-select -s /Applications/${{ matrix.xcode }}.app/Contents/Developer | |
- name: Initialize xcodebuild | |
run: scripts/setup_spm_tests.sh | |
- name: iOS Build Test | |
run: scripts/third_party/travis/retry.sh ./scripts/build.sh FirebaseFirestore ${{ matrix.target }} spmbuildonly | |
spm-binary: | |
needs: check | |
# Either a scheduled run from public repo, or a pull request with firestore changes. | |
if: | | |
(github.repository == 'Firebase/firebase-ios-sdk' && github.event_name == 'schedule') || | |
(github.event_name == 'pull_request' && needs.changes.outputs.changed == 'true') | |
runs-on: macos-14 | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: mikehardy/buildcache-action@c87cea0ccd718971d6cc39e672c4f26815b6c126 | |
with: | |
cache_key: spm-binary | |
- name: Initialize xcodebuild | |
run: scripts/setup_spm_tests.sh | |
- name: iOS Build Test | |
run: scripts/third_party/travis/retry.sh ./scripts/build.sh FirebaseFirestore iOS spmbuildonly | |
check-firestore-internal-public-headers: | |
needs: check | |
# Either a scheduled run from public repo, or a pull request with firestore changes. | |
if: | | |
(github.repository == 'Firebase/firebase-ios-sdk' && github.event_name == 'schedule') || | |
(github.event_name == 'pull_request' && needs.changes.outputs.changed == 'true') | |
runs-on: macos-14 | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Assert that Firestore and FirestoreInternal have identically named headers. | |
run: | | |
fst_dir=Firestore/Source/Public/FirebaseFirestore/ | |
fst_internal_dir=FirebaseFirestoreInternal/FirebaseFirestore/ | |
comparison=$(comm -3 <(ls $fst_dir | sort) <(ls $fst_internal_dir | sort)) | |
if [[ -z "$comparison" ]]; then | |
echo "Success: Directories '$fst_dir' and '$fst_internal_dir' match." | |
else | |
echo "Error: Directories '$fst_dir' and '$fst_internal_dir' differ:" | |
echo "Files only in '$fst_dir':" | |
# Files in this set do not start with whitespace. Grep for them and a | |
# dashed prefix for nicer formatting. | |
echo "$comparison" | grep -v '^\s' | sed 's/^/- /' | |
echo "Files only in '$fst_internal_dir':" | |
# Files in this set start with whitespace. Grep for them and a dashed | |
# prefix for nicer formatting. | |
echo "$comparison" | grep '^\s' | sed 's/^ /- /' | |
exit 1 | |
fi | |
# TODO: Re-enable either in or after #11706. | |
# spm-source-cron: | |
# # Don't run on private repo. | |
# if: github.event_name == 'schedule' && github.repository == 'Firebase/firebase-ios-sdk' | |
# runs-on: macos-14 | |
# strategy: | |
# matrix: | |
# target: [tvOS, macOS, catalyst] | |
# env: | |
# FIREBASE_SOURCE_FIRESTORE: 1 | |
# steps: | |
# - uses: actions/checkout@v4 | |
# - uses: mikehardy/buildcache-action@c87cea0ccd718971d6cc39e672c4f26815b6c126 | |
# with: | |
# cache_key: ${{ matrix.os }} | |
# - name: Initialize xcodebuild | |
# run: scripts/setup_spm_tests.sh | |
# - name: Build Test - Binary | |
# run: scripts/third_party/travis/retry.sh ./scripts/build.sh FirebaseFirestore ${{ matrix.target }} spmbuildonly | |
spm-binary-cron: | |
# Don't run on private repo. | |
if: github.event_name == 'schedule' && github.repository == 'Firebase/firebase-ios-sdk' | |
runs-on: macos-14 | |
strategy: | |
matrix: | |
target: [tvOS, macOS, catalyst] | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: mikehardy/buildcache-action@c87cea0ccd718971d6cc39e672c4f26815b6c126 | |
with: | |
cache_key: ${{ matrix.target }} | |
- name: Initialize xcodebuild | |
run: scripts/setup_spm_tests.sh | |
- name: Build Test - Binary | |
run: scripts/third_party/travis/retry.sh ./scripts/build.sh FirebaseFirestore ${{ matrix.target }} spmbuildonly | |
# A job that fails if any required job in the test matrix fails, | |
# to be used as a required check for merging. | |
check-required-tests: | |
runs-on: ubuntu-latest | |
name: Check all required Firestore tests results | |
needs: [cmake, cmake-prod-db, xcodebuild, spm-source, spm-binary] | |
steps: | |
- name: Check test matrix | |
if: needs.*.result == 'failure' | |
run: exit 1 | |
# Disable until FirebaseUI is updated to accept Firebase 9 and quickstart is updated to accept | |
# Firebase UI 12 | |
# quickstart: | |
# # Don't run on private repo unless it is a PR. | |
# if: (github.repository == 'Firebase/firebase-ios-sdk' && github.event_name == 'schedule') || github.event_name == 'pull_request' | |
# env: | |
# plist_secret: ${{ secrets.GHASecretsGPGPassphrase1 }} | |
# signin_secret: ${{ secrets.GHASecretsGPGPassphrase1 }} | |
# runs-on: macos-14 | |
# needs: check | |
# steps: | |
# - uses: actions/checkout@v4 | |
# - name: Setup quickstart | |
# run: scripts/setup_quickstart.sh firestore | |
# - name: Install Secret GoogleService-Info.plist | |
# run: scripts/decrypt_gha_secret.sh scripts/gha-encrypted/qs-firestore.plist.gpg \ | |
# quickstart-ios/firestore/GoogleService-Info.plist "$plist_secret" | |
# - name: Test swift quickstart | |
# run: ([ -z $plist_secret ] || | |
# scripts/third_party/travis/retry.sh scripts/test_quickstart.sh Firestore false) |