Service Account Privileges for Firebase Functions

[lukaiser]

I followed your documentation and provider the following roles to the service account:

• Cloud Functions Developer
• Cloud Scheduler Admin
• Service Account User

However, when I am deploying with the flag --only functions, I get a 403:
Error: HTTP Error: 403, The caller does not have permission.

Do you have any ideas what I am missing?
My Google search turned up many suggestions, but noting helped yet...

Thanks for the Help!

[remiebelingmerifond]

Same here!

[remiebelingmerifond]

Found a solution.

It turned out that my Problem occured because i was doing functions:config:set but my service account did not have the Firebase Develop Admin role.

https://stackoverflow.com/a/69817228

[lukaiser]

@remiebelingmerifond
Perfect, it was the same for me.
Thx for the help.

[McLeanAdam]

Anyone still trying to figure out why your firebase functions aren't deploying correctly.
Firebase Docs state to deploy you need
Owner
or
Cloud Functions Admin role & Service Account User role

I had the issue I was able to run my build through GitHub Actions which seemed to complete but never updated the functions the issue was the permissions above were needed.

[felipemeettulip]

By adding Firebase Develop Admin worked for me as well. Let me share the YAML file:

name: Deploy to Firebase

on:
  push:
    branches:
      - main
jobs:
  build-and-deploy:
    runs-on: ubuntu-latest
    steps:
    - name: Checkout Repo
      uses: actions/checkout@v4

    - name: create env file
      run: |
        cd functions
        touch .env
        echo "${{ secrets.ENV_VARS }}" >> .env

    - name: Install Dependencies
      run: |
        cd functions
        npm install

    - name: Deploy to Firebase
      uses: w9jds/firebase-action@master
      with:
        args: deploy --only functions
      env:
        GCP_SA_KEY: ${{ secrets.FIREBASE_SERVICE_ACCOUNT_IN_BASE_64 }}