GCP & Firebase Console
Managing secrets, viewing logs, monitoring the live website, and understanding the cloud infrastructure.
Two Consoles โ Same Platform
| Console | URL | Best For |
|---|---|---|
| Google Cloud Console | console.cloud.google.com | IAM permissions, Secret Manager, Cloud Build logs, advanced settings |
| Firebase Console | console.firebase.google.com | Hosting releases/rollback, Firestore data, simplified view |
Login email for both: samson.sam@excelcaregroup.com.au
Projects
| Project Name | Project ID | Environment | Live URL |
|---|---|---|---|
| webapp-dev | webapp-dev-496513 | Development / Testing | webapp-dev-496513.web.app |
| webapp-prod | webapp-prod-496513 | Production (live public site) | webapp-prod-496513.web.app |
1. Firebase Hosting โ View Deployments & Roll Back
- Go to console.firebase.google.com and select your project.
- In the left sidebar, click Hosting.
- You'll see a table of all releases with timestamps, status, and the deploy tag name.
- To roll back: find the last good release, click the โฎ (three dots) menu โ Rollback. Confirm when prompted.
2. Firestore โ View Contact Form Submissions
Every time someone fills out the contact form on the website, their submission is stored in Firestore. You can read these submissions here:
- In Firebase Console, select the project.
- Click Firestore Database in the left sidebar.
- Click on the contactSubmissions collection.
- Each document is one form submission. Click a document to see the fields (name, email, message, timestamp).
admin@excelcaregroup.com.au automatically. Firestore is a backup record.3. Secret Manager โ Update Secrets
Secrets are sensitive values (like API keys) that are stored securely in Google Cloud and injected into the Cloud Function at runtime. They are never stored in the code.
Secrets in this project
| Secret Name | What It Is | Which Project(s) |
|---|---|---|
RESEND_API_KEY | API key for Resend email service | Both dev and prod |
FORM_API_KEY | Key for form submission verification | Both dev and prod |
How to update a secret
- In the left menu, scroll to Security โ Secret Manager.
- Click the name of the secret you want to update (e.g.
RESEND_API_KEY). - Click + New Version at the top.
- Paste the new value in the "Secret value" field.
- Click Add new version.
- The new value is now active. Repeat for the other project (dev and prod have separate secrets).
4. Cloud Functions โ View Logs & Debug Emails
The Cloud Function handles sending emails when someone submits the contact form. If emails aren't being received, check the logs here.
- Go to console.cloud.google.com and select the project.
- In the left menu, click Cloud Functions.
- Click sendContactEmail.
- Click the Logs tab.
- You'll see a log entry for each contact form submission. Look for any lines that say
ERRORin red.
Common function log messages
| Log Message | What It Means |
|---|---|
Email sent successfully | โ Everything worked โ the email was delivered. |
Resend API error: 401 | The Resend API key is invalid or expired. Update RESEND_API_KEY in Secret Manager. |
Missing required field | The form submission was incomplete. Not an infrastructure issue. |
Function timed out | The email service didn't respond in time. Usually a temporary issue โ try submitting the form again. |
5. GitHub Actions Secrets โ What's Stored
The GitHub deployment pipeline needs credentials to authenticate with Google Cloud. These are stored as GitHub Secrets (not the same as GCP Secret Manager).
To view these secrets: go to GitHub โ Settings โ Secrets and variables โ Actions.
| Secret Name | Environment | What It Is |
|---|---|---|
WIF_PROVIDER | Repository-level (dev) + production env | Workload Identity Federation provider path โ allows GitHub Actions to authenticate with Google Cloud without a password |
WIF_SERVICE_ACCOUNT_EMAIL | Both environments | The GCP service account email used for deployment (firebase-deployer@webapp-xxx.iam.gserviceaccount.com) |
VITE_ANALYTICS_ENDPOINT | Repository-level | Analytics service URL |
VITE_ANALYTICS_WEBSITE_ID | Repository-level | Analytics site identifier |
SENDER_EMAIL | Repository-level | The "from" address for contact form emails |
6. Cloud Build โ Debug Failed Function Deployments
When a Cloud Function fails to deploy, the detailed error is in Cloud Build:
- Go to console.cloud.google.com and select the project.
- Left menu โ Cloud Build โ History.
- Find the failed build (red X).
- Click the build ID to open it.
- Click Build logs to see the full error output.
7. IAM โ Grant Access to a New Team Member
If a new developer needs access to the project:
- Log in to console.cloud.google.com with the project owner account (
samson.sam@excelcaregroup.com.au). - Select the project.
- Left menu โ IAM & Admin โ IAM.
- Click + Grant Access.
- Enter the new person's Google email address.
- Assign the role: for read-only access, use Viewer. For deployment access, the developer will set up WIF (contact the current developer for help).
- Click Save.
8. Monthly Cost Overview
This project runs on Google Cloud's free/low-cost tier. Approximate monthly costs:
| Service | Free Tier | Estimated Cost |
|---|---|---|
| Firebase Hosting | 10 GB storage, 360 MB/day transfer | Usually $0 |
| Cloud Functions | 2M invocations/month free | Usually $0 (contact form is low-volume) |
| Firestore | 1 GB storage, 50k reads/day free | Usually $0 |
| Cloud Build | 120 build-minutes/day free | Usually $0 |
| Artifact Registry | 0.5 GB free | Small cost if not cleaned up (cleanup policy is set) |
To check actual costs: console.cloud.google.com/billing (requires project owner login).