Skip to content

Re-introduce the firestore.rules CI auto-deploy workflow

Goal

Bring back the GitHub Actions workflow that auto-deploys firestore.*.rules on push, so the strict Rules authored in T-022 actually ship without manual firebase deploy.

Context (SA agent, 2026-06-13)

  • Scaffolding is ALREADY in place: SA firebase-rules-deployer@ (role firebaserules.admin only) + GH Actions repo secrets FIREBASE_DEPLOY_KEY + FIREBASE_ADMIN_PROJECT_ID.
  • The workflow FILE was reverted at commit 93e64a2 on branch claude/audit-user-access-control-cch7t. The user-access-control session was meant to re-introduce it β†’ coordinate there, NOT with the SA agent.
  • firebase.json already maps per-DB rule files (firestore.tebs-erl.rules, tebs-mel, tebs-epl, aote-system) β€” the workflow likely needs a glob over firestore.*.rules.

Log

  • 2026-06-13 created (split out of T-022). Blocked on cross-session coordination.