wzieba/Firebase-Distribution-Github-Action

Error: failed to upload release. HTTP Error: 403, The caller does not have permission

sirkev opened this issue ยท 10 comments

a little help here please, I don't understand what I'm missing

4s
Run wzieba/Firebase-Distribution-Github-Action@v[1](https://github.com/sirkev/bookurtreat_demo/actions/runs/3846011045/jobs/6550817371#step:12:1)
/usr/bin/docker run --name e861696122c342f4884de05b23d7cb59_5751b7 --label 290506 --workdir /github/workspace --rm -e "JAVA_HOME" -e "JAVA_HOME_17_X64" -e "FLUTTER_ROOT" -e "PUB_CACHE" -e "INPUT_APPID" -e "INPUT_SERVICECREDENTIALSFILECONTENT" -e "INPUT_GROUPS" -e "INPUT_FILE" -e "INPUT_TOKEN" -e "INPUT_SERVICECREDENTIALSFILE" -e "INPUT_RELEASENOTES" -e "INPUT_RELEASENOTESFILE" -e "INPUT_DEBUG" -e "HOME" -e "GITHUB_JOB" -e "GITHUB_REF" -e "GITHUB_SHA" -e "GITHUB_REPOSITORY" -e "GITHUB_REPOSITORY_OWNER" -e "GITHUB_RUN_ID" -e "GITHUB_RUN_NUMBER" -e "GITHUB_RETENTION_DAYS" -e "GITHUB_RUN_ATTEMPT" -e "GITHUB_ACTOR" -e "GITHUB_TRIGGERING_ACTOR" -e "GITHUB_WORKFLOW" -e "GITHUB_HEAD_REF" -e "GITHUB_BASE_REF" -e "GITHUB_EVENT_NAME" -e "GITHUB_SERVER_URL" -e "GITHUB_API_URL" -e "GITHUB_GRAPHQL_URL" -e "GITHUB_REF_NAME" -e "GITHUB_REF_PROTECTED" -e "GITHUB_REF_TYPE" -e "GITHUB_WORKSPACE" -e "GITHUB_ACTION" -e "GITHUB_EVENT_PATH" -e "GITHUB_ACTION_REPOSITORY" -e "GITHUB_ACTION_REF" -e "GITHUB_PATH" -e "GITHUB_ENV" -e "GITHUB_STEP_SUMMARY" -e "GITHUB_STATE" -e "GITHUB_OUTPUT" -e "RUNNER_OS" -e "RUNNER_ARCH" -e "RUNNER_NAME" -e "RUNNER_TOOL_CACHE" -e "RUNNER_TEMP" -e "RUNNER_WORKSPACE" -e "ACTIONS_RUNTIME_URL" -e "ACTIONS_RUNTIME_TOKEN" -e "ACTIONS_CACHE_URL" -e GITHUB_ACTIONS=true -e CI=true -v "/var/run/docker.sock":"/var/run/docker.sock" -v "/home/runner/work/_temp/_github_home":"/github/home" -v "/home/runner/work/_temp/_github_workflow":"/github/workflow" -v "/home/runner/work/_temp/_runner_file_commands":"/github/file_commands" -v "/home/runner/work/bookurtreat_demo/bookurtreat_demo":"/github/workspace" 290506:e861696122c342f4884de05b23d7cb59
i  uploading binary...

Error: failed to upload release. HTTP Error: 403, The caller does not have permission`
```

Running into the same issue here, do we need to log into an account before we run the action?

- name: Install Firebase CLI run: npm install -g firebase-tools
- name: Authenticate with Firebase run: firebase login:anonymous

@sirkev @cjrollins-pison - it seems that there's an issue with authorization. It's out of scope of this action - I can only recommend going through the step-by-step guide and create a service account: https://github.com/wzieba/Firebase-Distribution-Github-Action/wiki/FIREBASE_TOKEN-migration

Running into the same issue here, do we need to log into an account before we run the action?

- name: Install Firebase CLI run: npm install -g firebase-tools - name: Authenticate with Firebase run: firebase login:anonymous

The error only occurs on my side when I use the service account option,
Using the depreciated option does not bring the error, I'm still looking into the service account option

I am also having the same issue. The deprecated token method works but the serviceCredentialsFileContent and serviceCredentialsFile does not work

UPDATE:
I mistakenly selected Firebase App Distribution Admin SDK Service Agent instead of Firebase App Distribution Admin

I updated the role and serviceCredentialsFileContent works now
Screenshot 2023-03-01 at 18 45 20

I deleted my service account and create a new one to be sure that I am using "Firebase App Distribution Admin" then I updated the secrets in Github, however, unfortunately, I still see the same "Error: failed to upload release. HTTP Error: 403, The caller does not have permission".

Well I spent more time in this than I would like to confess but I finally got my head around what was my issue. My projects on google cloud and in firebase were all a mess.

It is important to understand who's encharged of whom. In this case, Google Cloud creates a project and Firebase can add itself to it.

So the most important thing is to verify that the Firebase project is attached to the appropriate Google Cloud Project first.
Once this is verified, make sure to Create a new service account for this Google cloud project with Firebase App Distribution Admin rule (the one that gives full write/read access), download the json keys and copy all the file content (the whole json) to Github secrets.

The firebase app id is not the short version and can be found on the firebase project settings general tab. It looks more like:
1:0000000000000:android:xxxxxxxxxxxxxxxxxxx

I may be wrong but what I think is that wzieba github action uses the service account private key to login on firebase using firebase cli actions so if your credentials are clear from google cloud through firebase you should be good.

Has anyone found a solution for this issue? I have tried all the above steps and some more but I was unable to deploy.

It looks like I was in the wrong project as I have multiple accounts so if you go from Firebase website > Settings > Service Account > Manage Service Account you should be able to add it.

Finally i fixed HTTP Error: 403

First go to firebase -> select correct project -> project settings.

FireBase_screanShot

click on the hyper link next to google cloud icon.

This will direct you to appropriate google cloud console.

Now go to service account and check if you already have a service account for firebase app distribution.

Not (Firebase Admin SDK Service Agent).

If not create a new service for Firebase App Distribution Admin

or updated the role and serviceCredentialsFileContent it will work now.

Finally i fixed HTTP Error: 403

First go to firebase -> select correct project -> project settings.

FireBase_screanShot click on the `hyper link` next to google cloud icon.

This will direct you to appropriate google cloud console.

Now go to service account and check if you already have a service account for firebase app distribution.

Not (Firebase Admin SDK Service Agent).

If not create a new service for Firebase App Distribution Admin

or updated the role and serviceCredentialsFileContent it will work now.

This approach still does not work for me.
Should I download again the credentials file?
I also tried to start over again, without success :(