DEV Community

Cover image for How to setup AppCenter with GitLab Without Pushing Secret Files
Adam Goldschmidt
Adam Goldschmidt

Posted on

How to setup AppCenter with GitLab Without Pushing Secret Files

We can all agree that having a tool to automate app builds, distributions and even analytics can be quite nice. Well, this is exactly what AppCenter does. And more.

I want that

However...

For those of us who use GitLab as their main Git server, it can be quite frustrating setting up GitLab to work with AppCenter. We also don’t want to push our app secrets to our Git server, whether it’s our Firebase JSON or the AppCenter secrets.

BitBucket Mirroring

Screen Shot 2019-03-07 at 18.04.30

In order to make AppCenter work "with" GitLab, we first have to mirror our repository to BitBucket. So go ahead and create a repository in BitBucket, then go to your user's Settings (not repo settings, and we're still in BitBucket), create a new app password under App passwords with all available permissions, and copy the password you are given for later.

Screen Shot 2019-03-07 at 18.13.21

Then go to GitLab, Settings -> Repository, and under Mirroring Repositories, enter your BitBucket clone URL, choose Push under Mirror Direction, Password as auth method, and paste in the password you've been given in BitBucket. Click Mirror Repository and you should see a new row in the table below. Click the refresh button on the right to start syncing.

Setup AppCenter

That was the easy part. We still need to configure our builds and hide some secrets 😎

Go to AppCenter, and create a user if you don't already have one. Create your apps (For me it was one for Android and one for iOS) and complete the steps to add App Center’s SDK. Now go to Build, and select BitBucket under Select a Service. Select your newly created repo, and then you should see all of your branches.

Build Scripts

Screen Shot 2019-03-07 at 18.04.00
Now in order for AppCenter to build your application, it needs the app's AppCenter secret (which you are given in settings, shown above), and if you use Firebase like me, it also needs the google-services.json file (for Android) and GoogleService-Info.plist for iOS. So what we need to do is to inject them before the build…. Let's write some code!

Our file will be called appcenter-pre-build.sh(so AppCenter can recognise and run it before building):

echo "Injecting secrets..."
echo "Updating Google JSON"
echo $GOOGLE_SERVICES_JSON | base64 --decode > "$APPCENTER_SOURCE_DIRECTORY/android/app/google-services.json"
echo "Updating Google plist"
echo $GOOGLE_SERVICES_PLIST | base64 --decode > "$APPCENTER_SOURCE_DIRECTORY/ios/GoogleService-Info.plist"
echo "Updating android secret"
echo $ANDROID_SECRET > "$APPCENTER_SOURCE_DIRECTORY/android/app/src/main/assets/appcenter-config.json"
echo "Updating iOS secret"
echo $IOS_SECRET > "$APPCENTER_SOURCE_DIRECTORY/ios/Glitz/AppCenter-Config.plist"
echo "Finished injecting secrets."
Enter fullscreen mode Exit fullscreen mode

This code is for both platforms, you can edit it how you like.

Now the last thing there is to do is to insert the environment variables!

Environment Variables

As our code shows, we have 4 environment variables. Let's go to the build configuration again, expand Environment Variables, and add our 4 variables:

GOOGLE_SERVICES_JSON, GOOGLE_SERVICES_PLIST, ANDROID_SECRET, IOS_SECRET.

Make sure to base64 encode the JSON values before entering them!

(You can use this site)

Now your build should run, and it should show Injecting secrets… somewhere in the middle :)
Easy

Top comments (1)

Collapse
 
dpaine20 profile image
David Paine20

Thank you, Sir, for taking the time to share the knowledge. Your way of explaining the topic is quite simple and understanding. your mentioned link for base64 encoding is good. But I would suggest you, have a look at that link url-decode.com/tool/base64-encode. The addition of that link in your article will help the users in multiple ways. You also check it out.