Two Consoles โ€” Same Platform

ConsoleURLBest For
Google Cloud Consoleconsole.cloud.google.comIAM permissions, Secret Manager, Cloud Build logs, advanced settings
Firebase Consoleconsole.firebase.google.comHosting releases/rollback, Firestore data, simplified view

Login email for both: samson.sam@excelcaregroup.com.au

Projects

Project NameProject IDEnvironmentLive URL
webapp-devwebapp-dev-496513Development / Testingwebapp-dev-496513.web.app
webapp-prodwebapp-prod-496513Production (live public site)webapp-prod-496513.web.app

1. Firebase Hosting โ€” View Deployments & Roll Back

  1. Go to console.firebase.google.com and select your project.
  2. In the left sidebar, click Hosting.
  3. You'll see a table of all releases with timestamps, status, and the deploy tag name.
  4. To roll back: find the last good release, click the โ‹ฎ (three dots) menu โ†’ Rollback. Confirm when prompted.
โœ…
Rollback happens instantly โ€” the previous version of the website is restored within seconds for all visitors.

2. Firestore โ€” View Contact Form Submissions

Every time someone fills out the contact form on the website, their submission is stored in Firestore. You can read these submissions here:

  1. In Firebase Console, select the project.
  2. Click Firestore Database in the left sidebar.
  3. Click on the contactSubmissions collection.
  4. Each document is one form submission. Click a document to see the fields (name, email, message, timestamp).
โ„น๏ธ
Contact form submissions are also emailed to admin@excelcaregroup.com.au automatically. Firestore is a backup record.

3. Secret Manager โ€” Update Secrets

Secrets are sensitive values (like API keys) that are stored securely in Google Cloud and injected into the Cloud Function at runtime. They are never stored in the code.

Secrets in this project

Secret NameWhat It IsWhich Project(s)
RESEND_API_KEYAPI key for Resend email serviceBoth dev and prod
FORM_API_KEYKey for form submission verificationBoth dev and prod

How to update a secret

  1. Go to console.cloud.google.com and select the project (webapp-prod-496513 or webapp-dev-496513).
  2. In the left menu, scroll to Security โ†’ Secret Manager.
  3. Click the name of the secret you want to update (e.g. RESEND_API_KEY).
  4. Click + New Version at the top.
  5. Paste the new value in the "Secret value" field.
  6. Click Add new version.
  7. The new value is now active. Repeat for the other project (dev and prod have separate secrets).
โš ๏ธ
After updating a secret, the Cloud Function will pick up the new value on its next invocation (no redeployment needed for secrets).

4. Cloud Functions โ€” View Logs & Debug Emails

The Cloud Function handles sending emails when someone submits the contact form. If emails aren't being received, check the logs here.

  1. Go to console.cloud.google.com and select the project.
  2. In the left menu, click Cloud Functions.
  3. Click sendContactEmail.
  4. Click the Logs tab.
  5. You'll see a log entry for each contact form submission. Look for any lines that say ERROR in red.

Common function log messages

Log MessageWhat It Means
Email sent successfullyโœ… Everything worked โ€” the email was delivered.
Resend API error: 401The Resend API key is invalid or expired. Update RESEND_API_KEY in Secret Manager.
Missing required fieldThe form submission was incomplete. Not an infrastructure issue.
Function timed outThe email service didn't respond in time. Usually a temporary issue โ€” try submitting the form again.

5. GitHub Actions Secrets โ€” What's Stored

The GitHub deployment pipeline needs credentials to authenticate with Google Cloud. These are stored as GitHub Secrets (not the same as GCP Secret Manager).

To view these secrets: go to GitHub โ†’ Settings โ†’ Secrets and variables โ†’ Actions.

Secret NameEnvironmentWhat It Is
WIF_PROVIDERRepository-level (dev) + production envWorkload Identity Federation provider path โ€” allows GitHub Actions to authenticate with Google Cloud without a password
WIF_SERVICE_ACCOUNT_EMAILBoth environmentsThe GCP service account email used for deployment (firebase-deployer@webapp-xxx.iam.gserviceaccount.com)
VITE_ANALYTICS_ENDPOINTRepository-levelAnalytics service URL
VITE_ANALYTICS_WEBSITE_IDRepository-levelAnalytics site identifier
SENDER_EMAILRepository-levelThe "from" address for contact form emails
โ„น๏ธ
You should rarely need to change these GitHub secrets. They were set up during the initial infrastructure configuration. Only change them if you're migrating to a new GCP project or rotating WIF credentials.

6. Cloud Build โ€” Debug Failed Function Deployments

When a Cloud Function fails to deploy, the detailed error is in Cloud Build:

  1. Go to console.cloud.google.com and select the project.
  2. Left menu โ†’ Cloud Build โ†’ History.
  3. Find the failed build (red X).
  4. Click the build ID to open it.
  5. Click Build logs to see the full error output.

7. IAM โ€” Grant Access to a New Team Member

If a new developer needs access to the project:

  1. Log in to console.cloud.google.com with the project owner account (samson.sam@excelcaregroup.com.au).
  2. Select the project.
  3. Left menu โ†’ IAM & Admin โ†’ IAM.
  4. Click + Grant Access.
  5. Enter the new person's Google email address.
  6. Assign the role: for read-only access, use Viewer. For deployment access, the developer will set up WIF (contact the current developer for help).
  7. Click Save.

8. Monthly Cost Overview

This project runs on Google Cloud's free/low-cost tier. Approximate monthly costs:

ServiceFree TierEstimated Cost
Firebase Hosting10 GB storage, 360 MB/day transferUsually $0
Cloud Functions2M invocations/month freeUsually $0 (contact form is low-volume)
Firestore1 GB storage, 50k reads/day freeUsually $0
Cloud Build120 build-minutes/day freeUsually $0
Artifact Registry0.5 GB freeSmall cost if not cleaned up (cleanup policy is set)

To check actual costs: console.cloud.google.com/billing (requires project owner login).