开发运维 (DevOps)

Have ever experienced one of the following situations? You just released your app, but somehow your users’ data started to disappear. Or, you deployed your app without writing any Firestore rules, and some malicious users got access to it and deleted every document.

曾经遇到以下情况之一？ 您刚刚发布了应用程序，但是以某种方式您的用户数据开始消失。 或者，您部署应用程序时没有编写任何Firestore 规则，一些恶意用户可以访问它并删除每个文档。

Cloud Firestore by itself does not create any backups of your data for you to ask them to roll back the database. To prevent this from happening, first and foremost, you need to write strong security rules, making sure to only allow access to the data that users need. And second, you should create backups of your Cloud Firestore data.

Cloud Firestore本身不会创建任何数据备份，让您要求它们回滚数据库。 为了防止这种情况的发生，首先，您需要编写严格的安全规则，确保只允许访问用户所需的数据。 其次，您应该创建Cloud Firestore的备份 数据。

In case you encounter any problems, there is a troubleshooting section at the end of this article.

如果遇到任何问题，本文结尾处将提供一个疑难解答部分。

Firestore is part of Google Cloud Platform (GCP for short). We will use GCP to make the backups (I will also teach you how to roll back the data), and GitHub actions to trigger the backup (in our case I want it to happen every two days).

消防处 是Google Cloud Platform(简称GCP)的一部分。 我们将使用GCP进行备份(我还将教您如何回滚数据)，以及GitHub 触发备份的操作(在我们的情况下，我希望每两天进行一次备份)。

First, you need a GitHub repo with your project — in case you are already using it, great! Otherwise, consider switching to GitHub, it has a ton of free features, but you can achieve this with other services using their pipelines, or tools like Jenkins. However, in this post, we will focus on the GitHub way.

首先，您需要一个GitHub 与您的项目一起回购-如果您已经在使用它，那就太好了！ 否则，考虑切换到GitHub，它具有大量免费功能，但是您可以使用其他服务使用其管道或Jenkins之类的工具来实现此目的。 但是，在本文中，我们将重点介绍GitHub 方式。

You might have seen a .github folder in some projects, this is where our actions will live. Inside another folder called workflows, we will create a firestore.yml for our backups config. Create this structure in the root of your project: .github/workflows/firestore.yml

您可能已经在某些项目中看到一个.github文件夹，这是我们的操作将在其中进行的地方。 在另一个名为workflows文件夹中，我们将为备份配置创建一个firestore.yml 。 在项目的根目录中创建以下结构： .github/workflows/firestore.yml

This is what the fields mean:

这是字段的含义：

• name: The name of your GitHub action

  name ：您的GitHub操作的名称

• on: This is what triggers GitHub to do the backup

  on ：这是触发GitHub进行备份的原因

• workflow_dispatch: This is to create a button on the GitHub actions which will allow us to run the backup by clicking. In case you’re about to do something important and don’t want the data to be lost, note that you can altogether remove this block if you wish

  working_dispatch ：这是在GitHub操作上创建一个按钮，该按钮使我们可以通过单击来运行备份。 如果您打算做一些重要的事情并且不想丢失数据，请注意，如果您愿意，可以完全删除此块

• schedule: This is where we provide GitHub with a cronjob of how often theAction should trigger. In my case, every two days. Here is a tool if you want to set yours, replace the string in the cron value.

  schedule ：这是我们向GitHub提供有关Action触发频率的时间表。 就我而言，每两天一次。 如果您想设置自己的工具，请使用此工具 ，将其替换为cron值。

• jobs: This is what GitHub triggers when any on block meets the condition, there are two things you should change inside this, replace yourappid and yourbucket. You can use the Firebase Storage bucket, or create a new one on GCP.

  jobs ：这是GitHub在任何on块满足条件时触发的内容，您应该在其中进行两件事更改，替换yourappid 还有你的yourbucket 。 您可以使用Firebase存储分区，也可以在GCP上创建一个新的分区。

If you read the YAML file, there is a part where it says secrets.GCP_SA_KEY

如果您阅读了YAML文件，则该文件的secrets.GCP_SA_KEY部分会显示secrets.GCP_SA_KEY

This is the GCP ServiceAccount Key for your project. To get this key, go to this link.

这是您项目的GCP ServiceAccount密钥 。 牛逼 Ø得到这个关键， 去这个链接 。

Select your project and then click edit on the one named firebase-adminsdk.

选择您的项目，然后单击一个名为firebase-adminsdk.

Then click Create new key under the Add Key section, Select the JSON key type and click Create.

然后点击创建加载项下新的关键 部分，选择JSON 密钥类型，然后单击创建 。

You will get a JSON file, but we need to convert this JSON into a Base64 string to use it inside GitHub, you can go to the command-line (If you are on windows use GitBash). Navigate to the directory where your JSON file is, and run openssl base64 -in yourfile.json -out output.txt, now you can run code output.txt to open the output file inside VSCode.

您将获得一个JSON 文件，但我们需要将此JSON转换为Base64字符串才能在GitHub中使用它，您可以转到命令行(如果在Windows上，请使用GitBash )。 导航到JSON文件所在的目录，然后运行openssl base64 -in yourfile.json -out output.txt ，现在您可以运行code output.txt来打开VSCode中的输出文件。

Go to your GitHub project > Settings, Secrets, New secret. The name is GCP_SA_KEY and paste the Base64 from your output file.

转到您的GitHub项目>设置，秘密，新秘密。 名称为GCP_SA_KEY然后从输出文件中粘贴Base64。

Your project is now ready for backups. Go to the Actions tab of your repo, select the name of your action and run it manually by tapping the button we created.

现在，您的项目已准备好进行备份。 转到存储库的“操作”选项卡，选择操作的名称，然后通过点击我们创建的按钮手动运行它。

To see the output of our Action, click All Workflows at the tabs on the left, and you should see an item of our task running. To see the output of the console, click it and then select the bottom tab on the left.

要查看“操作”的输出，请单击左侧选项卡上的“ 所有工作流 ”，您应该会看到任务正在运行。 要查看控制台的输出，请单击它，然后选择左侧的底部选项卡。

故障排除 (Troubleshooting)

There are two errors that I encountered.

我遇到了两个错误。

开票 (Billing)

You will get a PERMISSION_DENIED error if your Firebase project doesn’t have the Blaze plan. You’ll need to upgrade — it’s free anyway if your project is small.

如果您的Firebase项目没有Blaze计划，则会收到PERMISSION_DENIED错误。 您将需要升级-如果您的项目很小，它是免费的。

权限 (Permissions)

Your service account doesn’t have enough permissions.

您的服务帐户没有足够的权限。

Go to the IAM Admin and select the one named firebase-adminsdk . Click the pencil, then click Add Another Role and add the following permission:

转到IAM管理员 然后选择一个名为firebase-adminsdk 。 单击铅笔，然后单击添加其他角色 并添加以下权限：

If this doesn’t work, try with the permission of Owner under Project > Owner

如果这不起作用，请尝试在“ 项目”>“所有者”下获得“ 所有者”的许可

If this still doesn’t work, you have to make sure that you used the correct project ids, and made all of the configs on the right project.

如果仍然无法解决问题，则必须确保使用了正确的项目ID，并在正确的项目上进行了所有配置。

Now you should see a green checkmark on the left of the task.

现在，您应该在任务左侧看到一个绿色的选中标记。

To see your backups you can go to your firebase console and go to the storage tab.

要查看备份，您可以转到Firebase控制台并转到“存储”选项卡。

回滚数据 (Rolling Back your Data)

To restore your backup, you will need the GCP Terminal

要还原备份，您将需要GCP终端

Select your project with gcloud config set project yourprojectid

使用gcloud config set project yourprojectid选择项目， gcloud config set project yourprojectid

Then run gcloud firestore import gs://yourprojectid/backupid/ replacing yourprojectid, and backupid with the name of the backup that you can see on the picture above in your Cloud Storage bucket.

然后运行gcloud firestore import gs://yourprojectid/backupid/替换yourprojectid和backupid ，您可以在上图中在Cloud Storage存储桶中看到的备份名称。

You can also import specific collections, as explained in the documentation.

您还可以按照文档中的说明导入特定的集合。

结论 (Conclusion)

Now you have your data being backed up automatically to Cloud Storage. If you ever need it, you can roll it back. Please make sure you write strong security rules for your Firestore and storage. It will be useful if you save the backups into a folder and add a security rule setting write to false for the backups folder.

现在，您已将数据自动备份到Cloud Storage。 如果需要，可以将其回滚。 请确保您为Firestore编写了严格的安全规则 和存储。 这将是，如果你保存备份有用到一个文件夹，并添加一个安全规则设置写入false的backups文件夹。

Thanks for reading, I hope you found this information useful, Good-Bye 👌😎

感谢您的阅读，我希望您发现此信息有用，再见👌😎

资源资源 (Resources)