chore: stop tracking GoogleService-Info.plist#26
Merged
Conversation
The file was committed once on 2024-11-13 and has lived in the index ever
since, despite CLAUDE.md claiming it was gitignored. It now matches the
state of Config.plist: gitignored locally, generated as a placeholder in
CI.
The plist is not strictly a secret (Firebase iOS API keys are public —
they ship in every App Store binary, and protection comes from Firestore
Security Rules and App Check, not key secrecy). But while the repo is
private, hygiene-removing it stops env-specific config from drifting in
under the radar.
Three changes:
- git rm --cached Savely/GoogleService-Info.plist
File stays on disk locally so Xcode still reads it. .gitignore rule
(added in #22) now actually applies. Past commits still contain the
file — acceptable while the repo is private. If the repo ever goes
public, scrub history with git-filter-repo and rotate via App Check.
- .github/workflows/ci.yml
Renamed "Generate placeholder Config.plist" to "Generate placeholder
secrets" and added a structurally-valid GoogleService-Info.plist
alongside it. CI never calls FirebaseApp.configure() (it runs from
AppDelegate at app launch, and SavelyUITests is skipped), so a
placeholder with the right shape is sufficient. BUNDLE_ID matches
the app's PRODUCT_BUNDLE_IDENTIFIER so Firebase's parser would
accept it if it ever did run.
- .claude/knowledge/gotchas.yaml
Renamed the gotcha entry to ci-needs-placeholder-secrets and updated
the rationale to cover both plists.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Savely/GoogleService-Info.plistfrom the git index (file remains on disk).GoogleService-Info.plistalongsideConfig.plistso the build still finds its required input.Why
The file was tracked since 2024-11-13 despite
CLAUDE.mdclaiming it was gitignored. The.gitignorerule added in #22 now actually applies. While the repo is private, this is hygiene — Firebase iOS API keys are not true secrets (they ship in every App Store binary; protection comes from Firestore Security Rules and App Check). Past commits still contain the file, which is fine for now. If the repo ever goes public, scrub history withgit-filter-repoand ensure App Check is enforced before flipping visibility.Test plan
ls -la Savely/GoogleService-Info.plistconfirms the file is still on disk after the merge.Risks
configure(), and the AppDelegate only runs when the app launches — which CI never does (UI tests are skipped). If unit tests later import code that touches Firebase at module load time, this would surface as a test failure and we'd switch to a real config from a GitHub secret.Checklist
chore/)dev🤖 Generated with Claude Code