Add Google JSON Auth file in Azure DevOps Release Pipeline

What is Json Auth File?

To understand what Json Auth File is for we need to know what Google Service Accounts stands for. As it stands in the documentation “A service account is a special kind of account used by an application or a virtual machine (VM) instance, not a person. Applications use service accounts to make authorized API calls.” “Each service account is associated with two sets of public/private RSA key pairs that are used to authenticate to Google: Google – managed keys and user-managed keys.” And that is what Json Auth File stands for.

More on this can be read on:
Google Cloud – Service accounts
Google Cloud – Verifying credentials

If we try to explore the Json auth file we can see that it’s format looks like this:

{
  "type": "",
  "project_id": "",
  "private_key_id": "",
  "private_key": "",
  "client_id": "",
  "auth_uri": "",
  "token_uri": "",
  "auth_provider_x509_cert_url": "",
  "client_x509_cert_url": ""
}

We will use this file to Authenticate our Azure DevOps account with the Google console. That way we will be able to manage our deploys right from there.

How to use the Json Auth File.

Lets navigate to our project on Azure DevOps.

First, we need to securely store our Json Auth file. To make that possible, save the file under Pipelines->Library by adding new secure file on +Secure file button

The next thing to do is to edit the existing release pipeline for our app. Go into the tasks of the stage that deploys the app. Before “Google Play – Release Bundle” task add one more:

Download Secure File

  1. Download Secure File
    1. Add in the tasks “Download Secure File” task by Matt Labrum. Optionally you can use the other task by Microsoft Corporation.
    2. In Display name add a representative name for your task e.g. “Download Secure Json File”.
    3. In Secure file choose the json file that we previously added in the Library.
    4. In the Target path folder we set the folder to download where the file needs to be downloaded. Because this is a secure file we need to be sure that when the job completes whether it succeeds, fails, or is canceled, the secure file is deleted from its download location. That’s why we have to set the target folder as $(mySecureFile.secureFilePath) or $(Agent.TempDirectory)
    5. In Target file name choose a name that will represent the json file e.g. “ourappjsonfile.json”

Once we have that all set up our task will look something like this:

Download secure file task
steps:
- task: mattlabrum.build-task.custom-build-task.downloadsSecureFile@0
  displayName: 'Download Secure Json File'
  inputs:
    fileInput: ourappjsonfile.json
    targetPath: '$(Agent.TempDirectory)'
    targetName: ourappjsonfile.json

After the set up the job should look something like this:

Add changes to the Google play task

Navigate to the Google Play – Release Bundle task.

  1. In the Authentication method choose Json Auth File
  2. Once that is chosen new field will appear JSON key path. Put the Target path folder/Target file name from the Download secure task. It should look something like this: $(Agent.TempDirectory)/ourappjsonfile.json

Save & Queue.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s