Fix workflows for forks

.github/workflows/canary-deploy.yml

@@ -27,18 +27,72 @@ jobs:
 
     steps:
     - name: Checkout Repo
-      uses: actions/checkout@master
+      uses: actions/checkout@main
       with:
         # Canary release script requires git history and tags.
         fetch-depth: 0
     - name: Set up Node (20)
-      uses: actions/setup-node@v3
+      uses: actions/setup-node@v4
       with:
         node-version: 20.x
     - name: Yarn install
       run: yarn
     - name: Deploy canary
       run: yarn release canary
+      if: ${{
+        env.NPM_TOKEN_ANALYTICS != '' &&
+        env.NPM_TOKEN_ANALYTICS_INTEROP_TYPES != '' &&
+        env.NPM_TOKEN_ANALYTICS_TYPES != '' &&
+        env.NPM_TOKEN_APP != '' &&
+        env.NPM_TOKEN_APP_TYPES != '' &&
+        env.NPM_TOKEN_APP_CHECK != '' &&
+        env.NPM_TOKEN_APP_CHECK_INTEROP_TYPES != '' &&
+        env.NPM_TOKEN_APP_CHECK_TYPES != '' &&
+        env.NPM_TOKEN_AUTH != '' &&
+        env.NPM_TOKEN_AUTH_INTEROP_TYPES != '' &&
+        env.NPM_TOKEN_AUTH_TYPES != '' &&
+        env.NPM_TOKEN_COMPONENT != '' &&
+        env.NPM_TOKEN_DATABASE != '' &&
+        env.NPM_TOKEN_DATABASE_TYPES != '' &&
+        env.NPM_TOKEN_FIRESTORE != '' &&
+        env.NPM_TOKEN_FIRESTORE_TYPES != '' &&
+        env.NPM_TOKEN_FUNCTIONS != '' &&
+        env.NPM_TOKEN_FUNCTIONS_TYPES != '' &&
+        env.NPM_TOKEN_INSTALLATIONS != '' &&
+        env.NPM_TOKEN_INSTALLATIONS_TYPES != '' &&
+        env.NPM_TOKEN_LOGGER != '' &&
+        env.NPM_TOKEN_MESSAGING != '' &&
+        env.NPM_TOKEN_MESSAGING_TYPES != '' &&
+        env.NPM_TOKEN_PERFORMANCE != '' &&
+        env.NPM_TOKEN_PERFORMANCE_TYPES != '' &&
+        env.NPM_TOKEN_POLYFILL != '' &&
+        env.NPM_TOKEN_REMOTE_CONFIG != '' &&
+        env.NPM_TOKEN_REMOTE_CONFIG_TYPES != '' &&
+        env.NPM_TOKEN_RULES_UNIT_TESTING != '' &&
+        env.NPM_TOKEN_STORAGE != '' &&
+        env.NPM_TOKEN_STORAGE_TYPES != '' &&
+        env.NPM_TOKEN_TESTING != '' &&
+        env.NPM_TOKEN_UTIL != '' &&
+        env.NPM_TOKEN_VERTEXAI != '' &&
+        env.NPM_TOKEN_VERTEXAI_PREVIEW != '' &&
+        env.NPM_TOKEN_WEBCHANNEL_WRAPPER != '' &&
+        env.NPM_TOKEN_FIREBASE != '' &&
+        env.NPM_TOKEN_APP_COMPAT != '' &&
+        env.NPM_TOKEN_INSTALLATIONS_COMPAT != '' &&
+        env.NPM_TOKEN_ANALYTICS_COMPAT != '' &&
+        env.NPM_TOKEN_AUTH_COMPAT != '' &&
+        env.NPM_TOKEN_MESSAGING_INTEROP_TYPES != '' &&
+        env.NPM_TOKEN_FUNCTIONS_COMPAT != '' &&
+        env.NPM_TOKEN_MESSAGING_COMPAT != '' &&
+        env.NPM_TOKEN_PERFORMANCE_COMPAT != '' &&
+        env.NPM_TOKEN_REMOTE_CONFIG_COMPAT != '' &&
+        env.NPM_TOKEN_DATABASE_COMPAT != '' &&
+        env.NPM_TOKEN_FIRESTORE_COMPAT != '' &&
+        env.NPM_TOKEN_STORAGE_COMPAT != '' &&
+        env.NPM_TOKEN_APP_CHECK_COMPAT != '' &&
+        env.NPM_TOKEN_API_DOCUMENTER != '' &&
+        true
+        }}
       env:
         NPM_TOKEN_ANALYTICS: ${{secrets.NPM_TOKEN_ANALYTICS}}
         NPM_TOKEN_ANALYTICS_INTEROP_TYPES: ${{secrets.NPM_TOKEN_ANALYTICS_INTEROP_TYPES}}
@@ -94,13 +148,15 @@ jobs:
         CI: true
     - name: Launch E2E tests workflow
       # Trigger e2e-test.yml
+      env:
+        OSS_BOT_GITHUB_TOKEN: ${{ secrets.OSS_BOT_GITHUB_TOKEN }}
+      if: env.OSS_BOT_GITHUB_TOKEN != ''
       run: |
         VERSION_SCRIPT="const pkg = require('./packages/firebase/package.json'); console.log(pkg.version);"
         VERSION_OR_TAG=`node -e "${VERSION_SCRIPT}"`
-        OSS_BOT_GITHUB_TOKEN=${{ secrets.OSS_BOT_GITHUB_TOKEN }}
         curl -X POST \
         -H "Content-Type:application/json" \
         -H "Accept:application/vnd.github.v3+json" \
         -H "Authorization:Bearer $OSS_BOT_GITHUB_TOKEN" \
         -d "{\"event_type\":\"canary-tests\", \"client_payload\":{\"versionOrTag\":\"$VERSION_OR_TAG\"}}" \
-        https://api.github.com/repos/firebase/firebase-js-sdk/dispatches
+        https://api.github.com/repos/firebase/firebase-js-sdk/dispatches

.github/workflows/check-changeset.yml

@@ -30,12 +30,12 @@ jobs:
 
     steps:
     - name: Checkout Repo
-      uses: actions/checkout@master
+      uses: actions/checkout@main
       with:
         # This makes Actions fetch all Git history so check_changeset script can diff properly.
         fetch-depth: 0
     - name: Set up Node (20)
-      uses: actions/setup-node@v3
+      uses: actions/setup-node@v4
       with:
         node-version: 20.x
     - name: Yarn install
@@ -89,4 +89,4 @@ jobs:
     # Don't want it to throw before editing the comment.
     - name: Fail if checker script logged a blocking failure
       if: ${{steps.check-changeset.outputs.BLOCKING_FAILURE == 'true'}}
-      run: exit 1
+      run: exit 1

.github/workflows/check-docs.yml

@@ -23,12 +23,12 @@ jobs:
 
     steps:
     - name: Checkout Repo
-      uses: actions/checkout@master
+      uses: actions/checkout@main
       with:
         # get all history for the diff
         fetch-depth: 0
     - name: Set up Node (20)
-      uses: actions/setup-node@v3
+      uses: actions/setup-node@v4
       with:
         node-version: 20.x
     - name: Yarn install
@@ -39,4 +39,4 @@ jobs:
       run: git diff --exit-code docs-devsite
     - name: Reference documentation needs to be updated. See message below.
       if: ${{ failure() }}
-      run: echo "Changes in this PR affect the reference docs. Run \`yarn docgen devsite\` locally to regenerate docs and add them to this PR."
+      run: echo "Changes in this PR affect the reference docs. Run \`yarn docgen devsite\` locally to regenerate docs and add them to this PR."

.github/workflows/check-pkg-paths.yml

@@ -23,12 +23,12 @@ jobs:
 
     steps:
     - name: Checkout Repo
-      uses: actions/checkout@master
+      uses: actions/checkout@main
       with:
         # This makes Actions fetch all Git history so run-changed script can diff properly.
         fetch-depth: 0
     - name: Set up Node (20)
-      uses: actions/setup-node@v3
+      uses: actions/setup-node@v4
       with:
         node-version: 20.x
     - name: Yarn install
@@ -38,4 +38,4 @@ jobs:
     - name: Swap in public typings
       run: yarn release:prepare
     - name: Check paths
-      run: yarn ts-node scripts/ci-test/check-paths.ts
+      run: yarn ts-node scripts/ci-test/check-paths.ts

.github/workflows/deploy-config.yml

@@ -31,17 +31,18 @@ jobs:
 
     steps:
     - name: Checkout Repo
-      uses: actions/checkout@master
+      uses: actions/checkout@main
       with:
         # This makes Actions fetch all Git history so run-changed script can diff properly.
         fetch-depth: 0
     - name: Set up node (20)
-      uses: actions/setup-node@v3
+      uses: actions/setup-node@v4
       with:
         node-version: 20.x
     - name: Yarn install
       run: yarn
     - name: Deploy project config if needed
+      if: env.FIREBASE_CLI_TOKEN != ''
       run: yarn ts-node scripts/ci-test/deploy-if-needed.ts
       env:
         FIREBASE_CLI_TOKEN: ${{secrets.FIREBASE_CLI_TOKEN}}

.github/workflows/e2e-test.yml

@@ -24,8 +24,33 @@ env:
   NODE_OPTIONS: "--max_old_space_size=4096"
 
 jobs:
+  has-secrets:
+    name: Check for Service Account Key
+    runs-on: ubuntu-latest
+    outputs:
+      has-secrets: ${{ steps.check-secrets.outputs.has-secrets }}
+    steps:
+      - name: Check for Service Account Key
+        id: check-secrets
+        env:
+          HAS_SECRETS: ${{
+            secrets.TEST_PROJECT_CONFIG != '' &&
+            secrets.TEST_ACCOUNT != '' &&
+            secrets.FIREBASE_CLI_TOKEN != '' &&
+            secrets.APP_CHECK_DEBUG_TOKEN != '' &&
+            secrets.JSCORE_CHAT_WEBHOOK_URL != '' &&
+            secrets.RELEASE_TRACKER_URL != '' &&
+            1 ||
+            ''
+            }}
+        if: env.HAS_SECRETS
+        run: |
+          echo "has-secrets=1" >> $GITHUB_OUTPUTS
+
   test:
+    needs: has-secrets
     name: Run E2E Smoke Tests
+    if: needs.has-secrets.outputs.has-secrets
     runs-on: ubuntu-latest
 
     defaults:
@@ -35,9 +60,9 @@ jobs:
 
     steps:
       - name: Checkout Repo
-        uses: actions/checkout@master
+        uses: actions/checkout@main
       - name: Set up Node (20)
-        uses: actions/setup-node@master
+        uses: actions/setup-node@main
         with:
           node-version: 20.x
       - name: install Chrome stable

.github/workflows/format.yml

@@ -27,12 +27,12 @@ jobs:
 
     steps:
     - name: Checkout Repo
-      uses: actions/checkout@master
+      uses: actions/checkout@main
       with:
         # get all history for the diff
         fetch-depth: 0
     - name: Set up node (20)
-      uses: actions/setup-node@v3
+      uses: actions/setup-node@v4
       with:
         node-version: 20.x
     - name: Yarn install
@@ -43,4 +43,4 @@ jobs:
       run: git diff --exit-code
     - name: Formatting needs to be updated. See message below.
       if: ${{ failure() }}
-      run: echo "Something was changed by formatting. Run \`yarn format\` locally to do a prettier/license pass. Use \`yarn format --help\` to see options."
+      run: echo "Something was changed by formatting. Run \`yarn format\` locally to do a prettier/license pass. Use \`yarn format --help\` to see options."

.github/workflows/health-metrics-pull-request.yml

@@ -33,36 +33,52 @@ env:
   NODE_OPTIONS: "--max-old-space-size=4096"
 
 jobs:
+  has-sa-key:
+    name: Check for Service Account Key
+    runs-on: ubuntu-latest
+    outputs:
+      has-sa-key: ${{ steps.check-key.outputs.has-sa-key }}
+    steps:
+      - name: Check for Service Account Key
+        id: check-key
+        env:
+          HAS_SA_KEY: ${{ secrets.GCP_SA_KEY != '' && 1 || '' }}
+        if: env.HAS_SA_KEY
+        run: |
+          echo "has-sa-key=1" >> $GITHUB_OUTPUTS
+
   binary-size:
+    needs: has-sa-key
     name: Binary Size
-    if: (github.event_name == 'push' || !(github.event.pull_request.head.repo.fork)) && (github.actor != 'dependabot[bot]')
+    if: needs.has-sa-key.outputs.has-sa-key && (github.event_name == 'push' || !(github.event.pull_request.head.repo.fork)) && (github.actor != 'dependabot[bot]')
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
-      - uses: actions/setup-node@v3
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
         with:
           node-version: 20.x
-      - uses: 'google-github-actions/auth@v0'
+      - uses: 'google-github-actions/auth@v1'
         with:
           credentials_json: '${{ secrets.GCP_SA_KEY }}'
-      - uses: google-github-actions/setup-gcloud@v0
+      - uses: google-github-actions/setup-gcloud@v1
       - run: yarn install
       - run: yarn build
       - name: Run health-metrics/binary-size test
         run: yarn size-report
   modular-export-size:
+    needs: has-sa-key
     name: Binary Size For Modular Exports
-    if: (github.event_name == 'push' || !(github.event.pull_request.head.repo.fork)) && (github.actor != 'dependabot[bot]')
+    if: needs.has-sa-key.outputs.has-sa-key && (github.event_name == 'push' || !(github.event.pull_request.head.repo.fork)) && (github.actor != 'dependabot[bot]')
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
-      - uses: actions/setup-node@v3
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
         with:
           node-version: 20.x
-      - uses: 'google-github-actions/auth@v0'
+      - uses: google-github-actions/auth@v1
         with:
           credentials_json: '${{ secrets.GCP_SA_KEY }}'
-      - uses: google-github-actions/setup-gcloud@v0
+      - uses: google-github-actions/setup-gcloud@v1
       - run: yarn install
       - run: yarn build
       - name: Run health-metrics/modular-exports-binary-size test

.github/workflows/health-metrics-release.yml

@@ -19,14 +19,30 @@ on:
     tags: ['**']
 
 jobs:
+  has-sa-key:
+    name: Check for Service Account Key
+    runs-on: ubuntu-latest
+    outputs:
+      has-sa-key: ${{ steps.check-key.outputs.has-sa-key }}
+    steps:
+      - name: Check for Service Account Key
+        id: check-key
+        env:
+          HAS_SA_KEY: ${{ secrets.GCP_SA_KEY != '' && 1 || '' }}
+        if: env.HAS_SA_KEY
+        run: |
+          echo "has-sa-key=1" >> $GITHUB_OUTPUTS
+
   release-diffing:
+    needs: has-sa-key
     name: Release Diffing
+    if: needs.has-sa-key.outputs.has-sa-key
     runs-on: ubuntu-latest
     steps:
-      - uses: 'google-github-actions/auth@v0'
+      - uses: google-github-actions/auth@v1
         with:
           credentials_json: '${{ secrets.GCP_SA_KEY }}'
-      - uses: google-github-actions/setup-gcloud@v0
+      - uses: google-github-actions/setup-gcloud@v1
       - uses: FirebaseExtended/github-actions/health-metrics/release-diffing@master
         with:
           repo: ${{ github.repository }}

.github/workflows/lint.yml

@@ -22,9 +22,9 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
     - name: Set up node (20)
-      uses: actions/setup-node@v3
+      uses: actions/setup-node@v4
       with:
         node-version: 20.x
     - name: yarn install

.github/workflows/merge-release-branch.yml

@@ -24,7 +24,7 @@ jobs:
       contents: write
     steps:
       - name: Checkout Release Branch
-        uses: actions/checkout@master
+        uses: actions/checkout@main
         with:
           ref: release
       - name: Get release version
@@ -39,7 +39,7 @@ jobs:
       - name: Merge to master
         uses: actions/github-script@v6
         with:
-          github-token: ${{ secrets.GITHUB_TOKEN }}
+          github-token: ${{ github.token }}
           script: |
             github.rest.repos.merge({
               owner: context.repo.owner,