Skip to content

Add CI/CD pipeline: build and deploy to Firebase Hosting #2

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
schoedel-learn merged 2 commits into from
Apr 11, 2026
Merged

Add CI/CD pipeline: build and deploy to Firebase Hosting #2

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
7f5e4b6
Initial plan
Copilot Apr 11, 2026
aa93607
Add Firebase Hosting config and GitHub Actions build/deploy workflow
Copilot Apr 11, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions .firebaserc
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
{
"projects": {
"default": "gen-lang-client-0879285190"
}
}
52 changes: 52 additions & 0 deletions .github/workflows/deploy.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
name: Build and Deploy to Firebase Hosting

on:
push:
branches:
- main
pull_request:
branches:
- main

jobs:
build_and_deploy:
name: Build and Deploy
runs-on: ubuntu-latest
permissions:
contents: read
pull-requests: write

steps:
- name: Checkout repository
uses: actions/checkout@v4

- name: Set up Node.js
uses: actions/setup-node@v4
with:
node-version: '20'
cache: 'npm'

- name: Install dependencies
run: npm ci

- name: Build application
run: npm run build
env:
OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
Comment on lines +34 to +35
Copy link

Copilot AI Apr 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Setting OPENAI_API_KEY as an env var for npm run build likely doesn’t do what the PR description claims: the build script is just ng build, and this repo appears to only pass OPENAI_API_KEY into Angular via --define (see the dev script), not via process env. If the intent is to actually inject the secret into the browser bundle, that would also publish the key to all clients (the app uses OpenAI in the browser with dangerouslyAllowBrowser: true). Consider removing this env var from the build, and instead route OpenAI calls through a server-side component where the key can remain secret (and if you truly need build-time defines, pass them explicitly and only for non-secret values).

Suggested change
env:
OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}

Copilot uses AI. Check for mistakes.

- name: Deploy to Firebase Hosting (Preview)
if: github.event_name == 'pull_request'
uses: FirebaseExtended/action-hosting-deploy@v0
with:
repoToken: ${{ secrets.GITHUB_TOKEN }}
firebaseServiceAccount: ${{ secrets.FIREBASE_SERVICE_ACCOUNT }}
projectId: gen-lang-client-0879285190

Comment on lines +37 to +44
Copy link

Copilot AI Apr 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The preview deploy runs on every pull_request event, but FIREBASE_SERVICE_ACCOUNT (and other secrets) are not provided to workflows triggered from forked PRs, which will cause this job to fail for external contributors. Consider guarding the preview deploy step to only run for same-repo PRs (or otherwise handling forks explicitly) so CI stays green.

Copilot uses AI. Check for mistakes.
- name: Deploy to Firebase Hosting (Live)
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
uses: FirebaseExtended/action-hosting-deploy@v0
with:
repoToken: ${{ secrets.GITHUB_TOKEN }}
firebaseServiceAccount: ${{ secrets.FIREBASE_SERVICE_ACCOUNT }}
projectId: gen-lang-client-0879285190
channelId: live
27 changes: 27 additions & 0 deletions firebase.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
{
"hosting": {
"public": "dist/app/browser",
"ignore": [
"firebase.json",
"**/.*",
"**/node_modules/**"
],
"rewrites": [
{
"source": "**",
"destination": "/index.html"
}
Comment on lines +9 to +13
Copy link

Copilot AI Apr 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This Hosting config rewrites all requests to /index.html, which effectively deploys the app as a pure SPA. Since the app is configured for SSR (outputMode: "server" with an SSR entry in angular.json), this deployment will not run the server renderer (no rewrite to a Cloud Function/Cloud Run endpoint), so SSR won’t actually be used in production. Consider either (a) changing the Firebase rewrites to route all requests to an SSR backend (Functions/Run) or (b) switching the Angular build/deploy to a purely static build if SSR is not intended.

Copilot uses AI. Check for mistakes.
],
"headers": [
{
"source": "**/*.@(js|css|mjs)",
"headers": [
{
"key": "Cache-Control",
"value": "max-age=31536000"
Copy link

Copilot AI Apr 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cache-Control: max-age=31536000 is missing public (and typically immutable) for long-lived hashed assets. Without public, shared caches/CDNs may not cache as expected, reducing the benefit of the 1-year TTL. Consider setting the value to include public (and immutable if all these assets are content-hashed).

Suggested change
"value": "max-age=31536000"
"value": "public, max-age=31536000, immutable"

Copilot uses AI. Check for mistakes.
}
]
}
]
}
}