firebase-tools 10.7.2 → 10.9.1

package/lib/deploy/functions/checkIam.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.ensureServiceAgentRoles = exports.mergeBindings = exports.obtainDefaultComputeServiceAgentBindings = exports.obtainPubSubServiceAgentBindings = exports.obtainBinding = exports.checkHttpIam = exports.checkServiceAccountIam = exports.EVENTARC_EVENT_RECEIVER_ROLE = exports.RUN_INVOKER_ROLE = exports.SERVICE_ACCOUNT_TOKEN_CREATOR_ROLE = void 0;
+exports.ensureServiceAgentRoles = exports.mergeBindings = exports.obtainDefaultComputeServiceAgentBindings = exports.obtainPubSubServiceAgentBindings = exports.checkHttpIam = exports.checkServiceAccountIam = exports.EVENTARC_EVENT_RECEIVER_ROLE = exports.RUN_INVOKER_ROLE = exports.SERVICE_ACCOUNT_TOKEN_CREATOR_ROLE = void 0;
 const cli_color_1 = require("cli-color");
 const logger_1 = require("../../logger");
 const functionsDeployHelper_1 = require("./functionsDeployHelper");
@@ -67,6 +67,12 @@ async function checkHttpIam(context, options, payload) {
     logger_1.logger.debug("[functions] found setIamPolicy permission, proceeding with deploy");
 }
 exports.checkHttpIam = checkHttpIam;
+function getPubsubServiceAgent(projectNumber) {
+    return `serviceAccount:service-${projectNumber}@gcp-sa-pubsub.iam.gserviceaccount.com`;
+}
+function getDefaultComputeServiceAgent(projectNumber) {
+    return `serviceAccount:${projectNumber}-compute@developer.gserviceaccount.com`;
+}
 function reduceEventsToServices(services, endpoint) {
     const service = (0, services_1.serviceForEndpoint)(endpoint);
     if (service.requiredProjectBindings && !services.find((s) => s.name === service.name)) {
@@ -74,84 +80,97 @@ function reduceEventsToServices(services, endpoint) {
     }
     return services;
 }
-function obtainBinding(existingPolicy, serviceAccount, role) {
-    let binding = existingPolicy.bindings.find((b) => b.role === role);
-    if (!binding) {
-        binding = {
-            role,
-            members: [],
-        };
-    }
-    if (!binding.members.find((m) => m === serviceAccount)) {
-        binding.members.push(serviceAccount);
-    }
-    return binding;
-}
-exports.obtainBinding = obtainBinding;
-function obtainPubSubServiceAgentBindings(projectNumber, existingPolicy) {
-    const pubsubServiceAgent = `serviceAccount:service-${projectNumber}@gcp-sa-pubsub.iam.gserviceaccount.com`;
-    return [obtainBinding(existingPolicy, pubsubServiceAgent, exports.SERVICE_ACCOUNT_TOKEN_CREATOR_ROLE)];
+function obtainPubSubServiceAgentBindings(projectNumber) {
+    const serviceAccountTokenCreatorBinding = {
+        role: exports.SERVICE_ACCOUNT_TOKEN_CREATOR_ROLE,
+        members: [getPubsubServiceAgent(projectNumber)],
+    };
+    return [serviceAccountTokenCreatorBinding];
 }
 exports.obtainPubSubServiceAgentBindings = obtainPubSubServiceAgentBindings;
-function obtainDefaultComputeServiceAgentBindings(projectNumber, existingPolicy) {
-    const defaultComputeServiceAgent = `serviceAccount:${projectNumber}-compute@developer.gserviceaccount.com`;
-    const invokerBinding = obtainBinding(existingPolicy, defaultComputeServiceAgent, exports.RUN_INVOKER_ROLE);
-    const eventReceiverBinding = obtainBinding(existingPolicy, defaultComputeServiceAgent, exports.EVENTARC_EVENT_RECEIVER_ROLE);
-    return [invokerBinding, eventReceiverBinding];
+function obtainDefaultComputeServiceAgentBindings(projectNumber) {
+    const defaultComputeServiceAgent = getDefaultComputeServiceAgent(projectNumber);
+    const runInvokerBinding = {
+        role: exports.RUN_INVOKER_ROLE,
+        members: [defaultComputeServiceAgent],
+    };
+    const eventarcEventReceiverBinding = {
+        role: exports.EVENTARC_EVENT_RECEIVER_ROLE,
+        members: [defaultComputeServiceAgent],
+    };
+    return [runInvokerBinding, eventarcEventReceiverBinding];
 }
 exports.obtainDefaultComputeServiceAgentBindings = obtainDefaultComputeServiceAgentBindings;
-function mergeBindings(policy, allRequiredBindings) {
-    for (const requiredBindings of allRequiredBindings) {
-        if (requiredBindings.length === 0) {
+function mergeBindings(policy, requiredBindings) {
+    let updated = false;
+    for (const requiredBinding of requiredBindings) {
+        const match = policy.bindings.find((b) => b.role === requiredBinding.role);
+        if (!match) {
+            updated = true;
+            policy.bindings.push(requiredBinding);
             continue;
         }
-        for (const requiredBinding of requiredBindings) {
-            const ndx = policy.bindings.findIndex((policyBinding) => policyBinding.role === requiredBinding.role);
-            if (ndx === -1) {
-                policy.bindings.push(requiredBinding);
-                continue;
+        for (const requiredMember of requiredBinding.members) {
+            if (!match.members.find((m) => m === requiredMember)) {
+                updated = true;
+                match.members.push(requiredMember);
             }
-            requiredBinding.members.forEach((updatedMember) => {
-                if (!policy.bindings[ndx].members.find((member) => member === updatedMember)) {
-                    policy.bindings[ndx].members.push(updatedMember);
-                }
-            });
         }
     }
+    return updated;
 }
 exports.mergeBindings = mergeBindings;
-async function ensureServiceAgentRoles(projectNumber, want, have) {
+function printManualIamConfig(requiredBindings, projectId) {
+    utils.logLabeledBullet("functions", "Failed to verify the project has the correct IAM bindings for a successful deployment.", "warn");
+    utils.logLabeledBullet("functions", "You can either re-run `firebase deploy` as a project owner or manually run the following set of `gcloud` commands:", "warn");
+    for (const binding of requiredBindings) {
+        for (const member of binding.members) {
+            utils.logLabeledBullet("functions", `\`gcloud projects add-iam-policy-binding ${projectId} ` +
+                `--member=${member} ` +
+                `--role=${binding.role}\``, "warn");
+        }
+    }
+}
+async function ensureServiceAgentRoles(projectId, projectNumber, want, have) {
     const wantServices = backend.allEndpoints(want).reduce(reduceEventsToServices, []);
     const haveServices = backend.allEndpoints(have).reduce(reduceEventsToServices, []);
     const newServices = wantServices.filter((wantS) => !haveServices.find((haveS) => wantS.name === haveS.name));
     if (newServices.length === 0) {
         return;
     }
+    const requiredBindingsPromises = [];
+    for (const service of newServices) {
+        requiredBindingsPromises.push(service.requiredProjectBindings(projectNumber));
+    }
+    const nestedRequiredBindings = await Promise.all(requiredBindingsPromises);
+    const requiredBindings = [...(0, functional_1.flattenArray)(nestedRequiredBindings)];
+    if (haveServices.length === 0) {
+        requiredBindings.push(...obtainPubSubServiceAgentBindings(projectNumber));
+        requiredBindings.push(...obtainDefaultComputeServiceAgentBindings(projectNumber));
+    }
+    if (requiredBindings.length === 0) {
+        return;
+    }
     let policy;
     try {
         policy = await (0, resourceManager_1.getIamPolicy)(projectNumber);
     }
     catch (err) {
+        printManualIamConfig(requiredBindings, projectId);
         utils.logLabeledBullet("functions", "Could not verify the necessary IAM configuration for the following newly-integrated services: " +
             `${newServices.map((service) => service.api).join(", ")}` +
             ". Deployment may fail.", "warn");
         return;
     }
-    const findRequiredBindings = [];
-    newServices.forEach((service) => findRequiredBindings.push(service.requiredProjectBindings(projectNumber, policy)));
-    const allRequiredBindings = await Promise.all(findRequiredBindings);
-    if (haveServices.length === 0) {
-        allRequiredBindings.push(obtainPubSubServiceAgentBindings(projectNumber, policy));
-        allRequiredBindings.push(obtainDefaultComputeServiceAgentBindings(projectNumber, policy));
-    }
-    if (!allRequiredBindings.find((bindings) => bindings.length > 0)) {
+    const hasUpdatedBindings = mergeBindings(policy, requiredBindings);
+    if (!hasUpdatedBindings) {
         return;
     }
-    mergeBindings(policy, allRequiredBindings);
     try {
         await (0, resourceManager_1.setIamPolicy)(projectNumber, policy, "bindings");
     }
     catch (err) {
+        printManualIamConfig(requiredBindings, projectId);
         throw new error_1.FirebaseError("We failed to modify the IAM policy for the project. The functions " +
             "deployment requires specific roles to be granted to service agents," +
             " otherwise the deployment will fail.", { original: err });

package/lib/deploy/functions/functionsDeployHelper.js

@@ -70,7 +70,7 @@ exports.getEndpointFilters = getEndpointFilters;
 function getFunctionLabel(fn) {
     let id = `${fn.id}(${fn.region})`;
     if (fn.codebase && fn.codebase !== projectConfig_1.DEFAULT_CODEBASE) {
-        id = `[${fn.codebase}]${id}`;
+        id = `${fn.codebase}:${id}`;
     }
     return id;
 }

package/lib/deploy/functions/prepare.js

@@ -1,8 +1,9 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.inferBlockingDetails = exports.inferDetailsFromExisting = exports.prepare = void 0;
+exports.resolveCpu = exports.inferBlockingDetails = exports.inferDetailsFromExisting = exports.prepare = void 0;
 const clc = require("cli-color");
 const backend = require("./backend");
+const build = require("./build");
 const ensureApiEnabled = require("../../ensureApiEnabled");
 const functionsConfig = require("../../functionsConfig");
 const functionsEnv = require("../../functions/env");
@@ -22,6 +23,7 @@ const error_1 = require("../../error");
 const projectConfig_1 = require("../../functions/projectConfig");
 const previews_1 = require("../../previews");
 const v1_1 = require("../../functions/events/v1");
+const serviceusage_1 = require("../../gcp/serviceusage");
 function hasUserConfig(config) {
     return Object.keys(config).length > 1;
 }
@@ -76,9 +78,17 @@ async function prepare(context, options, payload) {
             projectAlias: options.projectAlias,
         };
         const userEnvs = functionsEnv.loadUserEnvs(userEnvOpt);
-        logger_1.logger.debug(`Analyzing ${runtimeDelegate.name} backend spec`);
-        const wantBackend = await runtimeDelegate.discoverSpec(runtimeConfig, firebaseEnvs);
-        wantBackend.environmentVariables = Object.assign(Object.assign({}, userEnvs), firebaseEnvs);
+        const envs = Object.assign(Object.assign({}, userEnvs), firebaseEnvs);
+        let wantBackend;
+        if (previews_1.previews.functionsparams) {
+            const wantBuild = await runtimeDelegate.discoverBuild(runtimeConfig, firebaseEnvs);
+            wantBackend = build.resolveBackend(wantBuild, userEnvs);
+        }
+        else {
+            logger_1.logger.debug(`Analyzing ${runtimeDelegate.name} backend spec`);
+            wantBackend = await runtimeDelegate.discoverSpec(runtimeConfig, firebaseEnvs);
+        }
+        wantBackend.environmentVariables = envs;
         for (const endpoint of backend.allEndpoints(wantBackend)) {
             endpoint.environmentVariables = wantBackend.environmentVariables;
             endpoint.codebase = codebase;
@@ -98,15 +108,6 @@ async function prepare(context, options, payload) {
             (0, utils_1.logLabeledBullet)("functions", `preparing ${clc.bold(sourceDirName)} directory for uploading...`);
         }
         if (backend.someEndpoint(wantBackend, (e) => e.platform === "gcfv2")) {
-            if (!previews_1.previews.functionsv2) {
-                throw new error_1.FirebaseError("This version of firebase-tools does not support Google Cloud " +
-                    "Functions gen 2\n" +
-                    "If Cloud Functions for Firebase gen 2 is still in alpha, sign up " +
-                    "for the alpha program at " +
-                    "https://services.google.com/fb/forms/firebasealphaprogram/\n" +
-                    "If Cloud Functions for Firebase gen 2 is in beta, get the latest " +
-                    "version of Firebse Tools with `npm i -g firebase-tools@latest`");
-            }
             source.functionsSourceV2 = await (0, prepareFunctionsUpload_1.prepareFunctionsUpload)(sourceDir, config);
         }
         if (backend.someEndpoint(wantBackend, (e) => e.platform === "gcfv1")) {
@@ -117,12 +118,13 @@ async function prepare(context, options, payload) {
     payload.functions = {};
     const haveBackends = (0, functionsDeployHelper_1.groupEndpointsByCodebase)(wantBackends, backend.allEndpoints(await backend.existingBackend(context)));
     for (const [codebase, wantBackend] of Object.entries(wantBackends)) {
-        const haveBackend = haveBackends[codebase] || Object.assign({}, backend.empty());
+        const haveBackend = haveBackends[codebase] || backend.empty();
         payload.functions[codebase] = { wantBackend, haveBackend };
     }
     for (const [codebase, { wantBackend, haveBackend }] of Object.entries(payload.functions)) {
         inferDetailsFromExisting(wantBackend, haveBackend, codebaseUsesEnvs.includes(codebase));
         await (0, triggerRegionHelper_1.ensureTriggerRegions)(wantBackend);
+        resolveCpu(wantBackend);
         validate.endpointsAreValid(wantBackend);
         inferBlockingDetails(wantBackend);
     }
@@ -153,6 +155,11 @@ async function prepare(context, options, payload) {
             return ensureApiEnabled.ensure(context.projectId, api, "functions");
         });
         await Promise.all(enablements);
+        const services = ["pubsub.googleapis.com", "eventarc.googleapis.com"];
+        const generateServiceAccounts = services.map((service) => {
+            return (0, serviceusage_1.generateServiceIdentity)(projectNumber, service, "functions");
+        });
+        await Promise.all(generateServiceAccounts);
     }
     const matchingBackend = backend.matchingBackend(wantBackend, (endpoint) => {
         return (0, functionsDeployHelper_1.endpointMatchesAnyFilter)(endpoint, context.filters);
@@ -160,7 +167,7 @@ async function prepare(context, options, payload) {
     await (0, prompts_1.promptForFailurePolicies)(options, matchingBackend, haveBackend);
     await (0, prompts_1.promptForMinInstances)(options, matchingBackend, haveBackend);
     await backend.checkAvailability(context, matchingBackend);
-    await (0, checkIam_1.ensureServiceAgentRoles)(projectNumber, matchingBackend, haveBackend);
+    await (0, checkIam_1.ensureServiceAgentRoles)(projectId, projectNumber, matchingBackend, haveBackend);
     await validate.secretsAreValid(projectId, matchingBackend);
     await ensure.secretAccess(projectId, matchingBackend, haveBackend);
 }
@@ -178,6 +185,12 @@ function inferDetailsFromExisting(want, have, usedDotenv) {
         if (!wantE.availableMemoryMb && haveE.availableMemoryMb) {
             wantE.availableMemoryMb = haveE.availableMemoryMb;
         }
+        if (!wantE.concurrency && haveE.concurrency) {
+            wantE.concurrency = haveE.concurrency;
+        }
+        if (!wantE.cpu && haveE.cpu) {
+            wantE.cpu = haveE.cpu;
+        }
         wantE.securityLevel = haveE.securityLevel ? haveE.securityLevel : "SECURE_ALWAYS";
         maybeCopyTriggerRegion(wantE, haveE);
     }
@@ -223,3 +236,17 @@ function inferBlockingDetails(want) {
     }
 }
 exports.inferBlockingDetails = inferBlockingDetails;
+function resolveCpu(want) {
+    for (const e of backend.allEndpoints(want)) {
+        if (e.platform === "gcfv1") {
+            continue;
+        }
+        if (e.cpu === "gcf_gen1") {
+            e.cpu = backend.memoryToGen1Cpu(e.availableMemoryMb || backend.DEFAULT_MEMORY);
+        }
+        else if (!e.cpu) {
+            e.cpu = backend.memoryToGen2Cpu(e.availableMemoryMb || backend.DEFAULT_MEMORY);
+        }
+    }
+}
+exports.resolveCpu = resolveCpu;

package/lib/deploy/functions/pricing.js

@@ -145,12 +145,12 @@ function monthlyMinInstanceCost(endpoints) {
                 usage["gcfv1"][tier].cpu + cpu * SECONDS_PER_MONTH * endpoint.minInstances;
         }
         else {
-            const cpu = 1;
             const tier = V2_REGION_TO_TIER[endpoint.region];
             usage["gcfv2"][tier].ram =
                 usage["gcfv2"][tier].ram + ramGb * SECONDS_PER_MONTH * endpoint.minInstances;
             usage["gcfv2"][tier].cpu =
-                usage["gcfv2"][tier].cpu + cpu * SECONDS_PER_MONTH * endpoint.minInstances;
+                usage["gcfv2"][tier].cpu +
+                    endpoint.cpu * SECONDS_PER_MONTH * endpoint.minInstances;
         }
     }
     let v1MemoryBill = usage["gcfv1"][1].ram * exports.V1_RATES.memoryGb[1] + usage["gcfv1"][2].ram * exports.V1_RATES.memoryGb[2];

package/lib/deploy/functions/release/fabricator.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.Fabricator = void 0;
+exports.serviceIsResolved = exports.Fabricator = void 0;
 const clc = require("cli-color");
 const error_1 = require("../../../error");
 const sourceTokenScraper_1 = require("./sourceTokenScraper");
@@ -23,6 +23,7 @@ const scheduler = require("../../../gcp/cloudscheduler");
 const utils = require("../../../utils");
 const services = require("../services");
 const v1_1 = require("../../../functions/events/v1");
+const throttler_1 = require("../../../throttler/throttler");
 const gcfV1PollerOptions = {
     apiOrigin: api_1.functionsOrigin,
     apiVersion: gcf.API_VERSION,
@@ -271,8 +272,16 @@ class Fabricator {
                 .catch(rethrowAs(endpoint, "set invoker"));
         }
         const mem = endpoint.availableMemoryMb || backend.DEFAULT_MEMORY;
-        if (mem >= backend.MIN_MEMORY_FOR_CONCURRENCY && endpoint.concurrency !== 1) {
-            await this.setConcurrency(endpoint, serviceName, endpoint.concurrency || DEFAULT_GCFV2_CONCURRENCY);
+        const hasCustomCPU = endpoint.cpu !== backend.memoryToGen1Cpu(mem);
+        if (!endpoint.concurrency) {
+            endpoint.concurrency =
+                endpoint.cpu >= backend.MIN_CPU_FOR_CONCURRENCY
+                    ? backend.DEFAULT_CONCURRENCY
+                    : 1;
+        }
+        const hasConcurrency = endpoint.concurrency !== 1;
+        if (hasCustomCPU || hasConcurrency) {
+            await this.setRunTraits(serviceName, endpoint);
         }
     }
     async updateV1Function(endpoint, scraper) {
@@ -343,8 +352,17 @@ class Fabricator {
                 .run(() => run.setInvokerUpdate(endpoint.project, serviceName, invoker))
                 .catch(rethrowAs(endpoint, "set invoker"));
         }
-        if (endpoint.concurrency) {
-            await this.setConcurrency(endpoint, serviceName, endpoint.concurrency);
+        const hasCustomCPU = endpoint.cpu !==
+            backend.memoryToGen1Cpu(endpoint.availableMemoryMb || backend.DEFAULT_MEMORY);
+        const explicitConcurrency = endpoint.concurrency !== undefined;
+        if (hasCustomCPU || explicitConcurrency) {
+            if (endpoint.concurrency === undefined) {
+                endpoint.concurrency =
+                    endpoint.cpu < backend.MIN_CPU_FOR_CONCURRENCY
+                        ? 1
+                        : backend.DEFAULT_CONCURRENCY;
+            }
+            await this.setRunTraits(serviceName, endpoint);
         }
     }
     async deleteV1Function(endpoint) {
@@ -367,18 +385,32 @@ class Fabricator {
         })
             .catch(rethrowAs(endpoint, "delete"));
     }
-    async setConcurrency(endpoint, serviceName, concurrency) {
+    async setRunTraits(serviceName, endpoint) {
         await this.functionExecutor
             .run(async () => {
-            const service = await run.getService(serviceName);
-            if (service.spec.template.spec.containerConcurrency === concurrency) {
-                logger_1.logger.debug("Skipping setConcurrency on", serviceName, " because it already matches");
+            let service = await run.getService(serviceName);
+            let changed = false;
+            if (service.spec.template.spec.containerConcurrency !== endpoint.concurrency) {
+                service.spec.template.spec.containerConcurrency = endpoint.concurrency;
+                changed = true;
+            }
+            if (+service.spec.template.spec.containers[0].resources.limits.cpu !== endpoint.cpu) {
+                service.spec.template.spec.containers[0].resources.limits.cpu = `${endpoint.cpu}`;
+                changed = true;
+            }
+            if (!changed) {
+                logger_1.logger.debug("Skipping setRunTraits on", serviceName, " because it already matches");
                 return;
             }
             delete service.status;
             delete service.spec.template.metadata.name;
-            service.spec.template.spec.containerConcurrency = concurrency;
-            await run.replaceService(serviceName, service);
+            service = await run.replaceService(serviceName, service);
+            let retry = 0;
+            while (!exports.serviceIsResolved(service)) {
+                await (0, throttler_1.backoff)(retry, 2, 30);
+                retry = retry + 1;
+                service = await run.getService(serviceName);
+            }
         })
             .catch(rethrowAs(endpoint, "set concurrency"));
     }
@@ -482,3 +514,26 @@ class Fabricator {
     }
 }
 exports.Fabricator = Fabricator;
+function serviceIsResolved(service) {
+    var _a, _b, _c, _d, _e;
+    if (((_a = service.status) === null || _a === void 0 ? void 0 : _a.observedGeneration) !== service.metadata.generation) {
+        logger_1.logger.debug(`Service ${service.metadata.name} is not resolved because` +
+            `observed generation ${(_b = service.status) === null || _b === void 0 ? void 0 : _b.observedGeneration} does not ` +
+            `match spec generation ${service.metadata.generation}`);
+        return false;
+    }
+    const readyCondition = (_d = (_c = service.status) === null || _c === void 0 ? void 0 : _c.conditions) === null || _d === void 0 ? void 0 : _d.find((condition) => {
+        return condition.type === "Ready";
+    });
+    if ((readyCondition === null || readyCondition === void 0 ? void 0 : readyCondition.status) === "Unknown") {
+        logger_1.logger.debug(`Waiting for service ${service.metadata.name} to be ready. ` +
+            `Status is ${JSON.stringify((_e = service.status) === null || _e === void 0 ? void 0 : _e.conditions)}`);
+        return false;
+    }
+    else if ((readyCondition === null || readyCondition === void 0 ? void 0 : readyCondition.status) === "True") {
+        return true;
+    }
+    logger_1.logger.debug(`Service ${service.metadata.name} has unexpected ready status ${JSON.stringify(readyCondition)}. It may have failed rollout.`);
+    throw new error_1.FirebaseError(`Unexpected Status ${readyCondition === null || readyCondition === void 0 ? void 0 : readyCondition.status} for service ${service.metadata.name}`);
+}
+exports.serviceIsResolved = serviceIsResolved;

package/lib/deploy/functions/release/index.js

@@ -11,12 +11,9 @@ const fabricator = require("./fabricator");
 const reporter = require("./reporter");
 const executor = require("./executor");
 const prompts = require("../prompts");
-const secrets = require("../../../functions/secrets");
 const functionsConfig_1 = require("../../../functionsConfig");
 const functionsDeployHelper_1 = require("../functionsDeployHelper");
 const error_1 = require("../../../error");
-const projectUtils_1 = require("../../../projectUtils");
-const utils_1 = require("../../../utils");
 async function release(context, options, payload) {
     if (!context.config) {
         return;
@@ -76,24 +73,6 @@ async function release(context, options, payload) {
         const opts = allErrors.length === 1 ? { original: allErrors[0] } : { children: allErrors };
         throw new error_1.FirebaseError("There was an error deploying functions", Object.assign(Object.assign({}, opts), { exit: 2 }));
     }
-    else {
-        if (secrets.of(haveEndpoints).length > 0) {
-            const projectId = (0, projectUtils_1.needProjectId)(options);
-            const projectNumber = await (0, projectUtils_1.needProjectNumber)(options);
-            const reloadedBackend = await backend.existingBackend({ projectId });
-            const prunedResult = await secrets.pruneAndDestroySecrets({ projectId, projectNumber }, backend.allEndpoints(reloadedBackend));
-            if (prunedResult.destroyed.length > 0) {
-                (0, utils_1.logLabeledBullet)("functions", `Destroyed unused secret versions: ${prunedResult.destroyed
-                    .map((s) => `${s.secret}@${s.version}`)
-                    .join(", ")}`);
-            }
-            if (prunedResult.erred.length > 0) {
-                (0, utils_1.logLabeledWarning)("functions", `Failed to destroy unused secret versions:\n\t${prunedResult.erred
-                    .map((err) => err.message)
-                    .join("\n\t")}`);
-            }
-        }
-    }
 }
 exports.release = release;
 function printTriggerUrls(results) {

package/lib/deploy/functions/runtimes/discovery/index.js

@@ -71,7 +71,8 @@ async function detectFromPort(port, project, runtime, timeout = 30000) {
         parsed = yaml.load(text);
     }
     catch (err) {
-        throw new error_1.FirebaseError("Failed to parse backend specification", { children: [err] });
+        logger_1.logger.debug("Failed to parse functions.yaml", err);
+        throw new error_1.FirebaseError(`Failed to load function definition from source: ${text}`);
     }
     return yamlToBackend(parsed, project, api.functionsDefaultRegion, runtime);
 }

package/lib/deploy/functions/runtimes/discovery/v1alpha1.js

@@ -187,7 +187,19 @@ function parseEndpoints(manifest, id, project, defaultRegion, runtime) {
             region,
             project,
             runtime, entryPoint: ep.entryPoint }, triggered);
-        (0, proto_1.copyIfPresent)(parsed, ep, "availableMemoryMb", "maxInstances", "minInstances", "concurrency", "serviceAccountEmail", "timeoutSeconds", "vpc", "labels", "ingressSettings", "environmentVariables");
+        (0, proto_1.copyIfPresent)(parsed, ep, "availableMemoryMb", "maxInstances", "minInstances", "concurrency", "serviceAccountEmail", "timeoutSeconds", "vpc", "labels", "ingressSettings", "environmentVariables", "cpu");
+        (0, proto_1.renameIfPresent)(parsed, ep, "secretEnvironmentVariables", "secretEnvironmentVariables", (senvs) => {
+            if (senvs && senvs.length > 0) {
+                ep.secretEnvironmentVariables = [];
+                for (const { key, secret } of senvs) {
+                    ep.secretEnvironmentVariables.push({
+                        key,
+                        secret: secret || key,
+                        projectId: project,
+                    });
+                }
+            }
+        });
         allParsed.push(parsed);
     }
     return allParsed;

package/lib/deploy/functions/runtimes/node/index.js

@@ -11,7 +11,6 @@ const node_fetch_1 = require("node-fetch");
 const error_1 = require("../../../../error");
 const parseRuntimeAndValidateSDK_1 = require("./parseRuntimeAndValidateSDK");
 const logger_1 = require("../../../../logger");
-const previews_1 = require("../../../../previews");
 const utils_1 = require("../../../../utils");
 const discovery = require("../discovery");
 const validate = require("./validate");
@@ -58,10 +57,14 @@ class Delegate {
     watch() {
         return Promise.resolve(() => Promise.resolve());
     }
-    serve(port, envs) {
+    serve(port, config, envs) {
         var _a;
+        const env = Object.assign(Object.assign({}, envs), { PORT: port.toString(), FUNCTIONS_CONTROL_API: "true", HOME: process.env.HOME, PATH: process.env.PATH });
+        if (Object.keys(config || {}).length) {
+            env.CLOUD_RUNTIME_CONFIG = JSON.stringify(config);
+        }
         const childProcess = spawn("./node_modules/.bin/firebase-functions", [this.sourceDir], {
-            env: Object.assign(Object.assign({}, envs), { PORT: port.toString(), FUNCTIONS_CONTROL_API: "true", HOME: process.env.HOME, PATH: process.env.PATH }),
+            env,
             cwd: this.sourceDir,
             stdio: ["ignore", "pipe", "inherit"],
         });
@@ -83,32 +86,29 @@ class Delegate {
         });
     }
     async discoverSpec(config, env) {
-        if (previews_1.previews.functionsv2) {
-            if (!semver.valid(this.sdkVersion)) {
-                logger_1.logger.debug(`Could not parse firebase-functions version '${this.sdkVersion}' into semver. Falling back to parseTriggers.`);
-                return parseTriggers.discoverBackend(this.projectId, this.sourceDir, this.runtime, config, env);
-            }
-            if (semver.lt(this.sdkVersion, MIN_FUNCTIONS_SDK_VERSION)) {
-                (0, utils_1.logLabeledWarning)("functions", `You are using an old version of firebase-functions SDK (${this.sdkVersion}). ` +
-                    `Please update firebase-functions SDK to >=${MIN_FUNCTIONS_SDK_VERSION}`);
-                return parseTriggers.discoverBackend(this.projectId, this.sourceDir, this.runtime, config, env);
+        if (!semver.valid(this.sdkVersion)) {
+            logger_1.logger.debug(`Could not parse firebase-functions version '${this.sdkVersion}' into semver. Falling back to parseTriggers.`);
+            return parseTriggers.discoverBackend(this.projectId, this.sourceDir, this.runtime, config, env);
+        }
+        if (semver.lt(this.sdkVersion, MIN_FUNCTIONS_SDK_VERSION)) {
+            (0, utils_1.logLabeledWarning)("functions", `You are using an old version of firebase-functions SDK (${this.sdkVersion}). ` +
+                `Please update firebase-functions SDK to >=${MIN_FUNCTIONS_SDK_VERSION}`);
+            return parseTriggers.discoverBackend(this.projectId, this.sourceDir, this.runtime, config, env);
+        }
+        let discovered = await discovery.detectFromYaml(this.sourceDir, this.projectId, this.runtime);
+        if (!discovered) {
+            const getPort = (0, util_1.promisify)(portfinder.getPort);
+            const port = await getPort();
+            const kill = await this.serve(port, config, env);
+            try {
+                discovered = await discovery.detectFromPort(port, this.projectId, this.runtime);
             }
-            let discovered = await discovery.detectFromYaml(this.sourceDir, this.projectId, this.runtime);
-            if (!discovered) {
-                const getPort = (0, util_1.promisify)(portfinder.getPort);
-                const port = await getPort();
-                const kill = await this.serve(port, env);
-                try {
-                    discovered = await discovery.detectFromPort(port, this.projectId, this.runtime);
-                }
-                finally {
-                    await kill();
-                }
+            finally {
+                await kill();
             }
-            discovered.environmentVariables = env;
-            return discovered;
         }
-        return parseTriggers.discoverBackend(this.projectId, this.sourceDir, this.runtime, config, env);
+        discovered.environmentVariables = env;
+        return discovered;
     }
     async discoverBuild(config, env) {
         return parseTriggers.discoverBuild(this.projectId, this.sourceDir, this.runtime, config, env);

package/lib/deploy/functions/services/storage.js

@@ -6,20 +6,14 @@ const logger_1 = require("../../../logger");
 const error_1 = require("../../../error");
 const location_1 = require("../../../gcp/location");
 const PUBSUB_PUBLISHER_ROLE = "roles/pubsub.publisher";
-async function obtainStorageBindings(projectNumber, existingPolicy) {
+async function obtainStorageBindings(projectNumber) {
     const storageResponse = await storage.getServiceAccount(projectNumber);
     const storageServiceAgent = `serviceAccount:${storageResponse.email_address}`;
-    let pubsubBinding = existingPolicy.bindings.find((b) => b.role === PUBSUB_PUBLISHER_ROLE);
-    if (!pubsubBinding) {
-        pubsubBinding = {
-            role: PUBSUB_PUBLISHER_ROLE,
-            members: [],
-        };
-    }
-    if (!pubsubBinding.members.find((m) => m === storageServiceAgent)) {
-        pubsubBinding.members.push(storageServiceAgent);
-    }
-    return [pubsubBinding];
+    const pubsubPublisherBinding = {
+        role: PUBSUB_PUBLISHER_ROLE,
+        members: [storageServiceAgent],
+    };
+    return [pubsubPublisherBinding];
 }
 exports.obtainStorageBindings = obtainStorageBindings;
 async function ensureStorageTriggerRegion(endpoint) {