Service account email for Play store is not valid

When the Android client’s APK is deployed through CI, the CI detects that the service account that is used to publish the app to the Play store is not valid - see this tagged build error. We think that a new service account should be created, following the tutorial in the gradle-play-publisher plugin. Only persons that have access to the Play store account can do this. The service account must have these permissions:

After that, the person in charge should have a json file, which can then be sent to me privately so that I can encrypt it and put the encrypted version in the Travis CI.

Any questions are welcome :slight_smile: . cc @raff @cintiadr @dkayiwa

This issue is a blocker as we cannot upload new versions to the Play store.

@f4ww4z, can we check if the JSON file is the latest one or not ? The credentials may have been expired. If that’s the case, then we may not need a new account.

1 Like

I’ll see what I can do in around 12h.

Can you do me a favour? If I don’t come back here in 24h, that means I forgot about it. Then please raise an ITSM ticket.

1 Like

@deepak140596 Do you mean that we can renew the existing account? Any info on how to that?

Yes. We can add existing project to the play console to get/create the service account. You can find the tutorial here.

Or if you are logged into the Play Console, directly head to this link.

Yes @deepak140596 , I’m raising this issue as I don’t have access to the Play console :slight_smile: . I also don’t think I should have rights to access it - just the generated json file should be enough to publish the app through CI.

1 Like

Yes exactly. Anyone having the access to the Playstore can generate the JSON file and then we can use it. :smiley:

Based on the code generating the “JSON credentials cannot specify a service account email.” error, it appears that it just expects a service account not to have an email address. I’m assuming the current play store json file specifies an email address and simply removing it could solve the problem. I’d try it myself, but I don’t have the KEYSTORE_GPG_PASSPHRASE needed to decrypt the json file.

@f4ww4z, could you try taking the email address out of the current json file and see if that works?


Thank you @burke , based on this, I found that AC is currently inputting a service account email, and the email should only be given if we’re using a PKCS12 key instead (we’re using the standard json way). I will remove the line and see if it publishes to the play store.