firebase-tools 13.2.1 → 13.3.1

package/lib/auth.js

@@ -307,7 +307,7 @@ async function loginRemotely() {
         const tokens = await getTokensFromAuthorizationCode(code, `${api_1.authProxyOrigin}/complete`, codeVerifier);
         void (0, track_1.trackGA4)("login", { method: "google_remote" });
         return {
-            user: jwt.decode(tokens.id_token),
+            user: jwt.decode(tokens.id_token, { json: true }),
             tokens: tokens,
             scopes: SCOPES,
         };
@@ -323,7 +323,7 @@ async function loginWithLocalhostGoogle(port, userHint) {
     const tokens = await loginWithLocalhost(port, callbackUrl, authUrl, successTemplate, getTokensFromAuthorizationCode);
     void (0, track_1.trackGA4)("login", { method: "google_localhost" });
     return {
-        user: jwt.decode(tokens.id_token),
+        user: jwt.decode(tokens.id_token, { json: true }),
         tokens: tokens,
         scopes: tokens.scopes,
     };
@@ -477,6 +477,15 @@ async function refreshTokens(refreshToken, authScopes) {
             skipLog: { body: true, queryParams: true, resBody: true },
             resolveOnHTTPError: true,
         });
+        const forceReauthErrs = [
+            { error: "invalid_grant", error_subtype: "invalid_rapt" },
+        ];
+        const matches = (a, b) => {
+            return a.error === b.error && a.error_subtype === b.error_subtype;
+        };
+        if (forceReauthErrs.some((a) => matches(a, res.body))) {
+            throw invalidCredentialError();
+        }
         if (res.status === 401 || res.status === 400) {
             return { access_token: refreshToken };
         }

package/lib/commands/apphosting-backends-create.js

@@ -9,9 +9,12 @@ const apphosting_2 = require("../gcp/apphosting");
 exports.command = new command_1.Command("apphosting:backends:create")
     .description("Create a backend in a Firebase project")
     .option("-l, --location <location>", "Specify the region of the backend", "")
+    .option("-s, --service-account <serviceAccount>", "Specify the service account used to run the server", "")
     .before(apphosting_2.ensureApiEnabled)
     .before(requireInteractive_1.default)
     .action(async (options) => {
     const projectId = (0, projectUtils_1.needProjectId)(options);
-    await (0, apphosting_1.doSetup)(options, projectId);
+    const location = options.location;
+    const serviceAccount = options.serviceAccount;
+    await (0, apphosting_1.doSetup)(projectId, location, serviceAccount);
 });

package/lib/commands/apphosting-backends-delete.js

@@ -19,16 +19,14 @@ const TABLE_HEAD = [
     "Created Date",
     "Updated Date",
 ];
-exports.command = new command_1.Command("apphosting:backends:delete")
-    .description("Delete a backend from a Firebase project")
+exports.command = new command_1.Command("apphosting:backends:delete <backend>")
+    .description("delete a backend from a Firebase project")
     .option("-l, --location <location>", "App Backend location", "")
-    .option("-s, --backend <backend>", "Backend Id", "")
     .withForce()
     .before(apphosting.ensureApiEnabled)
-    .action(async (options) => {
+    .action(async (backendId, options) => {
     const projectId = (0, projectUtils_1.needProjectId)(options);
     let location = options.location;
-    const backendId = options.backend;
     if (!backendId) {
         throw new error_1.FirebaseError("Backend id can't be empty.");
     }

package/lib/commands/apphosting-backends-list.js

@@ -14,7 +14,7 @@ exports.command = new command_1.Command("apphosting:backends:list")
     .option("-l, --location <location>", "App Backend location", "-")
     .before(apphosting.ensureApiEnabled)
     .action(async (options) => {
-    var _a, _b, _c;
+    var _a, _b, _c, _d;
     const projectId = (0, projectUtils_1.needProjectId)(options);
     const location = options.location;
     const table = new Table({ head: TABLE_HEAD, style: { head: ["green"] } });
@@ -25,12 +25,12 @@ exports.command = new command_1.Command("apphosting:backends:list")
     catch (err) {
         throw new error_1.FirebaseError(`Unable to list backends present for project: ${projectId}. Please check the parameters you have provided.`, { original: err });
     }
-    const backends = backendRes === null || backendRes === void 0 ? void 0 : backendRes.backends;
+    const backends = (_a = backendRes.backends) !== null && _a !== void 0 ? _a : [];
     for (const backend of backends) {
         const [backendLocation, , backendId] = backend.name.split("/").slice(3, 6);
         table.push([
             backendId,
-            (_c = (_b = (_a = backend.codebase) === null || _a === void 0 ? void 0 : _a.repository) === null || _b === void 0 ? void 0 : _b.split("/").pop()) !== null && _c !== void 0 ? _c : "",
+            (_d = (_c = (_b = backend.codebase) === null || _b === void 0 ? void 0 : _b.repository) === null || _c === void 0 ? void 0 : _c.split("/").pop()) !== null && _d !== void 0 ? _d : "",
             backendLocation,
             backend.uri.startsWith("https:") ? backend.uri : "https://" + backend.uri,
             (0, utils_1.datetimeString)(new Date(backend.createTime)),

package/lib/commands/apphosting-builds-create.js

@@ -12,15 +12,16 @@ exports.command = new command_1.Command("apphosting:builds:create <backendId>")
     .option("-b, --branch <branch>", "Repository branch to deploy. Defaults to 'main'", "main")
     .before(apphosting.ensureApiEnabled)
     .action(async (backendId, options) => {
+    var _a;
     const projectId = (0, projectUtils_1.needProjectId)(options);
     const location = options.location;
     const buildId = options.buildId ||
         (await apphosting.getNextRolloutId(projectId, location, backendId));
-    const branch = options.branch;
+    const branch = (_a = options.branch) !== null && _a !== void 0 ? _a : "main";
     const op = await apphosting.createBuild(projectId, location, backendId, buildId, {
         source: {
             codebase: {
-                branch: "main",
+                branch,
             },
         },
     });

package/lib/commands/index.js

@@ -144,7 +144,7 @@ function load(client) {
         client.internaltesting.functions = {};
         client.internaltesting.functions.discover = loadCommand("internaltesting-functions-discover");
     }
-    if (experiments.isEnabled("internalframeworks")) {
+    if (experiments.isEnabled("apphosting")) {
         client.apphosting = {};
         client.apphosting.backends = {};
         client.apphosting.backends.list = loadCommand("apphosting-backends-list");

package/lib/commands/init.js

@@ -69,10 +69,10 @@ const choices = [
         checked: false,
     },
 ];
-if ((0, experiments_1.isEnabled)("internalframeworks")) {
+if ((0, experiments_1.isEnabled)("apphosting")) {
     choices.push({
-        value: "internalframeworks",
-        name: "Frameworks: Get started with Frameworks projects.",
+        value: "apphosting",
+        name: "App Hosting: Get started with App Hosting projects.",
         checked: false,
     });
 }

package/lib/deploy/functions/runtimes/index.js

@@ -14,6 +14,7 @@ const RUNTIMES = [
     "nodejs20",
     "python310",
     "python311",
+    "python312",
 ];
 const EXPERIMENTAL_RUNTIMES = [];
 const DEPRECATED_RUNTIMES = ["nodejs6", "nodejs8"];
@@ -36,6 +37,7 @@ const MESSAGE_FRIENDLY_RUNTIMES = {
     nodejs20: "Node.js 20",
     python310: "Python 3.10",
     python311: "Python 3.11",
+    python312: "Python 3.12",
 };
 function getHumanFriendlyRuntimeName(runtime) {
     return MESSAGE_FRIENDLY_RUNTIMES[runtime] || runtime;

package/lib/deploy/functions/runtimes/python/index.js

@@ -11,7 +11,7 @@ const discovery = require("../discovery");
 const logger_1 = require("../../../../logger");
 const python_1 = require("../../../../functions/python");
 const error_1 = require("../../../../error");
-exports.LATEST_VERSION = "python311";
+exports.LATEST_VERSION = "python312";
 async function tryCreateDelegate(context) {
     const requirementsTextPath = path.join(context.sourceDir, "requirements.txt");
     if (!(await (0, util_1.promisify)(fs.exists)(requirementsTextPath))) {
@@ -35,6 +35,9 @@ function getPythonBinary(runtime) {
     else if (runtime === "python311") {
         return "python3.11";
     }
+    else if (runtime === "python312") {
+        return "python3.12";
+    }
     return "python";
 }
 exports.getPythonBinary = getPythonBinary;

package/lib/deploy/functions/services/firestore.js

@@ -9,7 +9,7 @@ async function getDatabase(project, databaseId) {
     if (dbCache.has(key)) {
         return dbCache.get(key);
     }
-    const db = await firestore.getDatabase(project, databaseId);
+    const db = await firestore.getDatabase(project, databaseId, false);
     dbCache.set(key, db);
     return db;
 }

package/lib/emulator/downloadableEmulators.js

@@ -23,9 +23,9 @@ const EMULATOR_UPDATE_DETAILS = {
         expectedChecksum: "2fd771101c0e1f7898c04c9204f2ce63",
     },
     firestore: {
-        version: "1.18.2",
-        expectedSize: 63929486,
-        expectedChecksum: "7b066cd684baf9bcd4a56a258be344a5",
+        version: "1.19.1",
+        expectedSize: 67187672,
+        expectedChecksum: "859b1ac2a6040cccddd993c43586347c",
     },
     storage: {
         version: "1.1.3",

package/lib/emulator/storage/rules/runtime.js

@@ -331,7 +331,7 @@ function createAuthExpressionValue(opts) {
         return toExpressionValue(null);
     }
     else {
-        const tokenPayload = jwt.decode(opts.token);
+        const tokenPayload = jwt.decode(opts.token, { json: true });
         const jsonValue = {
             uid: tokenPayload.user_id,
             token: tokenPayload,

package/lib/experiments.js

@@ -72,9 +72,9 @@ exports.ALL_EXPERIMENTS = experiments({
             "These commands are not meant for public consumption and may break or disappear " +
             "without a notice.",
     },
-    internalframeworks: {
+    apphosting: {
         shortDescription: "Allow CLI option for Frameworks",
-        default: true,
+        default: false,
         public: false,
     },
 });

package/lib/firestore/delete.js

@@ -219,7 +219,7 @@ class FirestoreDelete {
             }
             numPendingDeletes++;
             firestore
-                .deleteDocuments(this.project, toDelete)
+                .deleteDocuments(this.project, toDelete, true)
                 .then((numDeleted) => {
                 FirestoreDelete.progressBar.tick(numDeleted);
                 numDocsDeleted += numDeleted;
@@ -280,7 +280,7 @@ class FirestoreDelete {
         let initialDelete;
         if (this.isDocumentPath) {
             const doc = { name: this.root + "/" + this.path };
-            initialDelete = firestore.deleteDocument(doc).catch((err) => {
+            initialDelete = firestore.deleteDocument(doc, true).catch((err) => {
                 logger_1.logger.debug("deletePath:initialDelete:error", err);
                 if (this.allDescendants) {
                     return Promise.resolve();
@@ -297,7 +297,7 @@ class FirestoreDelete {
     }
     deleteDatabase() {
         return firestore
-            .listCollectionIds(this.project)
+            .listCollectionIds(this.project, true)
             .catch((err) => {
             logger_1.logger.debug("deleteDatabase:listCollectionIds:error", err);
             return utils.reject("Unable to list collection IDs");

package/lib/gcp/apphosting.js

@@ -8,6 +8,7 @@ const api_1 = require("../api");
 const ensureApiEnabled_1 = require("../ensureApiEnabled");
 const deploymentTool = require("../deploymentTool");
 const error_1 = require("../error");
+const metaprogramming_1 = require("../metaprogramming");
 exports.API_HOST = new URL(api_1.apphostingOrigin).host;
 exports.API_VERSION = "v1alpha";
 exports.client = new apiv2_1.Client({
@@ -15,6 +16,10 @@ exports.client = new apiv2_1.Client({
     auth: true,
     apiVersion: exports.API_VERSION,
 });
+(0, metaprogramming_1.assertImplements)();
+(0, metaprogramming_1.assertImplements)();
+(0, metaprogramming_1.assertImplements)();
+(0, metaprogramming_1.assertImplements)();
 async function createBackend(projectId, location, backendReqBoby, backendId) {
     const res = await exports.client.post(`projects/${projectId}/locations/${location}/backends`, Object.assign(Object.assign({}, backendReqBoby), { labels: Object.assign(Object.assign({}, backendReqBoby.labels), deploymentTool.labels()) }), { queryParams: { backendId } });
     return res.body;
@@ -68,8 +73,8 @@ async function createBuild(projectId, location, backendId, buildId, buildInput)
     return res.body;
 }
 exports.createBuild = createBuild;
-async function createRollout(projectId, location, backendId, rolloutId, rollout) {
-    const res = await exports.client.post(`projects/${projectId}/locations/${location}/backends/${backendId}/rollouts`, Object.assign(Object.assign({}, rollout), { labels: Object.assign(Object.assign({}, rollout.labels), deploymentTool.labels()) }), { queryParams: { rolloutId } });
+async function createRollout(projectId, location, backendId, rolloutId, rollout, validateOnly = false) {
+    const res = await exports.client.post(`projects/${projectId}/locations/${location}/backends/${backendId}/rollouts`, Object.assign(Object.assign({}, rollout), { labels: Object.assign(Object.assign({}, rollout.labels), deploymentTool.labels()) }), { queryParams: { rolloutId, validateOnly: validateOnly ? "true" : "false" } });
     return res.body;
 }
 exports.createRollout = createRollout;
@@ -92,11 +97,7 @@ async function listRollouts(projectId, location, backendId) {
 }
 exports.listRollouts = listRollouts;
 async function updateTraffic(projectId, location, backendId, traffic) {
-    const trafficCopy = Object.assign({}, traffic);
-    if ("rolloutPolicy" in traffic) {
-        trafficCopy.rolloutPolicy = {};
-    }
-    const fieldMasks = proto.fieldMasks(trafficCopy);
+    const fieldMasks = proto.fieldMasks(traffic, "rolloutPolicy");
     const queryParams = {
         updateMask: fieldMasks.join(","),
     };
@@ -125,7 +126,7 @@ async function listLocations(projectId) {
 exports.listLocations = listLocations;
 async function ensureApiEnabled(options) {
     const projectId = (0, projectUtils_1.needProjectId)(options);
-    return await (0, ensureApiEnabled_1.ensure)(projectId, exports.API_HOST, "frameworks", true);
+    return await (0, ensureApiEnabled_1.ensure)(projectId, exports.API_HOST, "app hosting", true);
 }
 exports.ensureApiEnabled = ensureApiEnabled;
 async function getNextRolloutId(projectId, location, backendId, counter) {
@@ -133,7 +134,7 @@ async function getNextRolloutId(projectId, location, backendId, counter) {
     const date = new Date();
     const year = date.getUTCFullYear();
     const month = String(date.getUTCMonth() + 1).padStart(2, "0");
-    const day = String(date.getUTCDay()).padStart(2, "0");
+    const day = String(date.getUTCDate()).padStart(2, "0");
     if (counter) {
         return `build-${year}-${month}-${day}-${String(counter).padStart(3, "0")}`;
     }

package/lib/gcp/cloudbuild.js

@@ -46,9 +46,14 @@ async function deleteConnection(projectId, location, connectionId) {
     return res.body;
 }
 exports.deleteConnection = deleteConnection;
-async function fetchLinkableRepositories(projectId, location, connectionId) {
+async function fetchLinkableRepositories(projectId, location, connectionId, pageToken = "", pageSize = 1000) {
     const name = `projects/${projectId}/locations/${location}/connections/${connectionId}:fetchLinkableRepositories`;
-    const res = await client.get(name);
+    const res = await client.get(name, {
+        queryParams: {
+            pageSize,
+            pageToken,
+        },
+    });
     return res.body;
 }
 exports.fetchLinkableRepositories = fetchLinkableRepositories;

package/lib/gcp/firestore.js

@@ -4,12 +4,18 @@ exports.deleteDocuments = exports.deleteDocument = exports.listCollectionIds = e
 const api_1 = require("../api");
 const apiv2_1 = require("../apiv2");
 const logger_1 = require("../logger");
-const apiClient = new apiv2_1.Client({
+const prodOnlyClient = new apiv2_1.Client({
     auth: true,
     apiVersion: "v1",
     urlPrefix: api_1.firestoreOrigin,
 });
-async function getDatabase(project, database) {
+const emuOrProdClient = new apiv2_1.Client({
+    auth: true,
+    apiVersion: "v1",
+    urlPrefix: api_1.firestoreOriginOrEmulator,
+});
+async function getDatabase(project, database, allowEmulator = false) {
+    const apiClient = allowEmulator ? emuOrProdClient : prodOnlyClient;
     const url = `projects/${project}/databases/${database}`;
     try {
         const resp = await apiClient.get(url);
@@ -21,7 +27,8 @@ async function getDatabase(project, database) {
     }
 }
 exports.getDatabase = getDatabase;
-function listCollectionIds(project) {
+function listCollectionIds(project, allowEmulator = false) {
+    const apiClient = allowEmulator ? emuOrProdClient : prodOnlyClient;
     const url = "projects/" + project + "/databases/(default)/documents:listCollectionIds";
     const data = {
         pageSize: 2147483647,
@@ -31,11 +38,13 @@ function listCollectionIds(project) {
     });
 }
 exports.listCollectionIds = listCollectionIds;
-async function deleteDocument(doc) {
+async function deleteDocument(doc, allowEmulator = false) {
+    const apiClient = allowEmulator ? emuOrProdClient : prodOnlyClient;
     return apiClient.delete(doc.name);
 }
 exports.deleteDocument = deleteDocument;
-async function deleteDocuments(project, docs) {
+async function deleteDocuments(project, docs, allowEmulator = false) {
+    const apiClient = allowEmulator ? emuOrProdClient : prodOnlyClient;
     const url = "projects/" + project + "/databases/(default)/documents:commit";
     const writes = docs.map((doc) => {
         return { delete: doc.name };

package/lib/hosting/options.js

@@ -1,3 +1,4 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-const optionsAreHostingOptions = true;
+const metaprogramming_1 = require("../metaprogramming");
+(0, metaprogramming_1.assertImplements)();

package/lib/init/features/apphosting/index.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.onboardRollout = exports.createBackend = exports.onboardBackend = exports.doSetup = void 0;
+exports.orchestrateRollout = exports.setDefaultTrafficPolicy = exports.createBackend = exports.doSetup = void 0;
 const clc = require("colorette");
 const repo = require("./repo");
 const poller = require("../../../operation-poller");
@@ -8,18 +8,21 @@ const apphosting = require("../../../gcp/apphosting");
 const utils_1 = require("../../../utils");
 const api_1 = require("../../../api");
 const apphosting_1 = require("../../../gcp/apphosting");
+const resourceManager_1 = require("../../../gcp/resourceManager");
+const iam_1 = require("../../../gcp/iam");
 const error_1 = require("../../../error");
 const prompt_1 = require("../../../prompt");
 const constants_1 = require("./constants");
 const ensureApiEnabled_1 = require("../../../ensureApiEnabled");
 const deploymentTool = require("../../../deploymentTool");
+const DEFAULT_COMPUTE_SERVICE_ACCOUNT_NAME = "firebase-app-hosting-compute";
 const apphostingPollerOptions = {
     apiOrigin: api_1.apphostingOrigin,
     apiVersion: apphosting_1.API_VERSION,
     masterTimeout: 25 * 60 * 1000,
     maxBackoff: 10000,
 };
-async function doSetup(setup, projectId) {
+async function doSetup(projectId, location, serviceAccount) {
     await Promise.all([
         (0, ensureApiEnabled_1.ensure)(projectId, "cloudbuild.googleapis.com", "apphosting", true),
         (0, ensureApiEnabled_1.ensure)(projectId, "secretmanager.googleapis.com", "apphosting", true),
@@ -27,53 +30,38 @@ async function doSetup(setup, projectId) {
         (0, ensureApiEnabled_1.ensure)(projectId, "artifactregistry.googleapis.com", "apphosting", true),
     ]);
     const allowedLocations = (await apphosting.listLocations(projectId)).map((loc) => loc.locationId);
-    if (setup.location) {
-        if (!allowedLocations.includes(setup.location)) {
-            throw new error_1.FirebaseError(`Invalid location ${setup.location}. Valid choices are ${allowedLocations.join(", ")}`);
+    if (location) {
+        if (!allowedLocations.includes(location)) {
+            throw new error_1.FirebaseError(`Invalid location ${location}. Valid choices are ${allowedLocations.join(", ")}`);
         }
     }
     (0, utils_1.logBullet)("First we need a few details to create your backend.");
-    const location = setup.location || (await promptLocation(projectId, allowedLocations));
+    location =
+        location ||
+            (await (0, prompt_1.promptOnce)({
+                name: "region",
+                type: "list",
+                default: constants_1.DEFAULT_REGION,
+                message: "Please select a region " +
+                    `(${clc.yellow("info")}: Your region determines where your backend is located):\n`,
+                choices: allowedLocations.map((loc) => ({ value: loc })),
+            }));
     (0, utils_1.logSuccess)(`Region set to ${location}.\n`);
-    let backendId;
-    while (true) {
-        backendId = await (0, prompt_1.promptOnce)({
-            name: "backendId",
-            type: "input",
-            default: "my-web-app",
-            message: "Create a name for your backend [1-30 characters]",
-        });
-        try {
-            await apphosting.getBackend(projectId, location, backendId);
-        }
-        catch (err) {
-            if (err.status === 404) {
-                break;
-            }
-            throw new error_1.FirebaseError(`Failed to check if backend with id ${backendId} already exists in ${location}`, { original: err });
-        }
-        (0, utils_1.logWarning)(`Backend with id ${backendId} already exists in ${location}`);
-    }
-    const backend = await onboardBackend(projectId, location, backendId);
+    const backendId = await promptNewBackendId(projectId, location, {
+        name: "backendId",
+        type: "input",
+        default: "my-web-app",
+        message: "Create a name for your backend [1-30 characters]",
+    });
+    const cloudBuildConnRepo = await repo.linkGitHubRepository(projectId, location);
+    const backend = await createBackend(projectId, location, backendId, cloudBuildConnRepo, serviceAccount);
     const branch = await (0, prompt_1.promptOnce)({
         name: "branch",
         type: "input",
         default: "main",
         message: "Pick a branch for continuous deployment",
     });
-    const traffic = {
-        rolloutPolicy: {
-            codebaseBranch: branch,
-            stages: [
-                {
-                    progression: "IMMEDIATE",
-                    targetPercent: 100,
-                },
-            ],
-        },
-    };
-    const op = await apphosting.updateTraffic(projectId, location, backendId, traffic);
-    await poller.pollOperation(Object.assign(Object.assign({}, apphostingPollerOptions), { pollerName: `updateTraffic-${projectId}-${location}-${backendId}`, operationResourceName: op.name }));
+    await setDefaultTrafficPolicy(projectId, location, backendId, branch);
     const confirmRollout = await (0, prompt_1.promptOnce)({
         type: "confirm",
         name: "rollout",
@@ -85,68 +73,136 @@ async function doSetup(setup, projectId) {
         (0, utils_1.logSuccess)(`Your site will be deployed at:\n\thttps://${backend.uri}`);
         return;
     }
-    const { build } = await onboardRollout(projectId, location, backendId, {
+    await orchestrateRollout(projectId, location, backendId, {
         source: {
             codebase: {
                 branch,
             },
         },
     });
-    if (build.state !== "READY") {
-        if (!build.buildLogsUri) {
-            throw new error_1.FirebaseError("Failed to build your app, but failed to get build logs as well. " +
-                "This is an internal error and should be reported");
-        }
-        throw new error_1.FirebaseError(`Failed to build your app. Please inspect the build logs at ${build.buildLogsUri}.`, { children: [build.error] });
-    }
     (0, utils_1.logSuccess)(`Successfully created backend:\n\t${backend.name}`);
     (0, utils_1.logSuccess)(`Your site is now deployed at:\n\thttps://${backend.uri}`);
-    (0, utils_1.logSuccess)(`View the rollout status by running:\n\tfirebase apphosting:backends:get ${backendId} --project ${projectId}`);
 }
 exports.doSetup = doSetup;
-async function promptLocation(projectId, locations) {
-    return (await (0, prompt_1.promptOnce)({
-        name: "region",
-        type: "list",
-        default: constants_1.DEFAULT_REGION,
-        message: "Please select a region " +
-            `(${clc.yellow("info")}: Your region determines where your backend is located):\n`,
-        choices: locations.map((loc) => ({ value: loc })),
-    }));
+async function promptNewBackendId(projectId, location, prompt) {
+    while (true) {
+        const backendId = await (0, prompt_1.promptOnce)(prompt);
+        try {
+            await apphosting.getBackend(projectId, location, backendId);
+        }
+        catch (err) {
+            if (err.status === 404) {
+                return backendId;
+            }
+            throw new error_1.FirebaseError(`Failed to check if backend with id ${backendId} already exists in ${location}`, { original: err });
+        }
+        (0, utils_1.logWarning)(`Backend with id ${backendId} already exists in ${location}`);
+    }
+}
+function defaultComputeServiceAccountEmail(projectId) {
+    return `${DEFAULT_COMPUTE_SERVICE_ACCOUNT_NAME}@${projectId}.iam.gserviceaccount.com`;
 }
-function toBackend(cloudBuildConnRepo) {
-    return {
+async function createBackend(projectId, location, backendId, repository, serviceAccount) {
+    const defaultServiceAccount = defaultComputeServiceAccountEmail(projectId);
+    const backendReqBody = {
         servingLocality: "GLOBAL_ACCESS",
         codebase: {
-            repository: `${cloudBuildConnRepo.name}`,
+            repository: `${repository.name}`,
             rootDirectory: "/",
         },
         labels: deploymentTool.labels(),
+        computeServiceAccount: serviceAccount || defaultServiceAccount,
     };
+    delete backendReqBody.computeServiceAccount;
+    async function createBackendAndPoll() {
+        const op = await apphosting.createBackend(projectId, location, backendReqBody, backendId);
+        return await poller.pollOperation(Object.assign(Object.assign({}, apphostingPollerOptions), { pollerName: `create-${projectId}-${location}-${backendId}`, operationResourceName: op.name }));
+    }
+    try {
+        return await createBackendAndPoll();
+    }
+    catch (err) {
+        if (err.status === 403 && err.message.includes(defaultServiceAccount)) {
+            await provisionDefaultComputeServiceAccount(projectId);
+            return await createBackendAndPoll();
+        }
+        throw err;
+    }
 }
-async function onboardBackend(projectId, location, backendId) {
-    const cloudBuildConnRepo = await repo.linkGitHubRepository(projectId, location);
-    const backendDetails = toBackend(cloudBuildConnRepo);
-    return await createBackend(projectId, location, backendDetails, backendId);
+exports.createBackend = createBackend;
+async function provisionDefaultComputeServiceAccount(projectId) {
+    try {
+        await (0, iam_1.createServiceAccount)(projectId, DEFAULT_COMPUTE_SERVICE_ACCOUNT_NAME, "Firebase App Hosting compute service account", "Default service account used to run builds and deploys for Firebase App Hosting");
+    }
+    catch (err) {
+        if (err.status !== 409) {
+            throw err;
+        }
+    }
+    await (0, resourceManager_1.addServiceAccountToRoles)(projectId, defaultComputeServiceAccountEmail(projectId), [
+        "roles/firebaseapphosting.viewer",
+        "roles/artifactregistry.createOnPushWriter",
+        "roles/logging.logWriter",
+        "roles/storage.objectAdmin",
+        "roles/firebase.sdkAdminServiceAgent",
+    ], true);
 }
-exports.onboardBackend = onboardBackend;
-async function createBackend(projectId, location, backendReqBoby, backendId) {
-    const op = await apphosting.createBackend(projectId, location, backendReqBoby, backendId);
-    const backend = await poller.pollOperation(Object.assign(Object.assign({}, apphostingPollerOptions), { pollerName: `create-${projectId}-${location}-${backendId}`, operationResourceName: op.name }));
-    return backend;
+async function setDefaultTrafficPolicy(projectId, location, backendId, codebaseBranch) {
+    const traffic = {
+        rolloutPolicy: {
+            codebaseBranch: codebaseBranch,
+            stages: [
+                {
+                    progression: "IMMEDIATE",
+                    targetPercent: 100,
+                },
+            ],
+        },
+    };
+    const op = await apphosting.updateTraffic(projectId, location, backendId, traffic);
+    await poller.pollOperation(Object.assign(Object.assign({}, apphostingPollerOptions), { pollerName: `updateTraffic-${projectId}-${location}-${backendId}`, operationResourceName: op.name }));
 }
-exports.createBackend = createBackend;
-async function onboardRollout(projectId, location, backendId, buildInput) {
+exports.setDefaultTrafficPolicy = setDefaultTrafficPolicy;
+async function orchestrateRollout(projectId, location, backendId, buildInput) {
     (0, utils_1.logBullet)("Starting a new rollout... this may take a few minutes.");
     const buildId = await apphosting.getNextRolloutId(projectId, location, backendId, 1);
     const buildOp = await apphosting.createBuild(projectId, location, backendId, buildId, buildInput);
-    const rolloutOp = await apphosting.createRollout(projectId, location, backendId, buildId, {
+    const rolloutBody = {
         build: `projects/${projectId}/locations/${location}/backends/${backendId}/builds/${buildId}`,
-    });
+    };
+    let tries = 0;
+    let done = false;
+    while (!done) {
+        tries++;
+        try {
+            const validateOnly = true;
+            await apphosting.createRollout(projectId, location, backendId, buildId, rolloutBody, validateOnly);
+            done = true;
+        }
+        catch (err) {
+            if (err instanceof error_1.FirebaseError && err.status === 400) {
+                if (tries >= 5) {
+                    throw err;
+                }
+                await new Promise((resolve) => setTimeout(resolve, 1000));
+            }
+            else {
+                throw err;
+            }
+        }
+    }
+    const rolloutOp = await apphosting.createRollout(projectId, location, backendId, buildId, rolloutBody);
     const rolloutPoll = poller.pollOperation(Object.assign(Object.assign({}, apphostingPollerOptions), { pollerName: `create-${projectId}-${location}-backend-${backendId}-rollout-${buildId}`, operationResourceName: rolloutOp.name }));
     const buildPoll = poller.pollOperation(Object.assign(Object.assign({}, apphostingPollerOptions), { pollerName: `create-${projectId}-${location}-backend-${backendId}-build-${buildId}`, operationResourceName: buildOp.name }));
     const [rollout, build] = await Promise.all([rolloutPoll, buildPoll]);
     (0, utils_1.logSuccess)("Rollout completed.");
+    if (build.state !== "READY") {
+        if (!build.buildLogsUri) {
+            throw new error_1.FirebaseError("Failed to build your app, but failed to get build logs as well. " +
+                "This is an internal error and should be reported");
+        }
+        throw new error_1.FirebaseError(`Failed to build your app. Please inspect the build logs at ${build.buildLogsUri}.`, { children: [build.error] });
+    }
     return { rollout, build };
 }
-exports.onboardRollout = onboardRollout;
+exports.orchestrateRollout = orchestrateRollout;

package/lib/init/features/apphosting/repo.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.listAppHostingConnections = exports.getOrCreateRepository = exports.getOrCreateConnection = exports.createConnection = exports.linkGitHubRepository = exports.parseConnectionName = void 0;
+exports.fetchAllRepositories = exports.listAppHostingConnections = exports.getOrCreateRepository = exports.getOrCreateConnection = exports.createConnection = exports.linkGitHubRepository = exports.parseConnectionName = void 0;
 const clc = require("colorette");
 const gcb = require("../../../gcp/cloudbuild");
 const rm = require("../../../gcp/resourceManager");
@@ -10,11 +10,13 @@ const api_1 = require("../../../api");
 const error_1 = require("../../../error");
 const prompt_1 = require("../../../prompt");
 const getProjectNumber_1 = require("../../../getProjectNumber");
+const fuzzy = require("fuzzy");
+const inquirer = require("inquirer");
 const APPHOSTING_CONN_PATTERN = /.+\/apphosting-github-conn-.+$/;
 const APPHOSTING_OAUTH_CONN_NAME = "apphosting-github-oauth";
 const CONNECTION_NAME_REGEX = /^projects\/(?<projectId>[^\/]+)\/locations\/(?<location>[^\/]+)\/connections\/(?<id>[^\/]+)$/;
 function parseConnectionName(name) {
-    const match = name.match(CONNECTION_NAME_REGEX);
+    const match = CONNECTION_NAME_REGEX.exec(name);
     if (!match || typeof match.groups === undefined) {
         return;
     }
@@ -47,19 +49,22 @@ function generateConnectionId() {
     const randomHash = Math.random().toString(36).slice(6);
     return `apphosting-github-conn-${randomHash}`;
 }
+const ADD_REPO_CHOICE = "@ADD_REPO";
+const ADD_CONN_CHOICE = "@ADD_CONN";
+const CONFIGURE_REMOTE_URI_CHOICES = [ADD_REPO_CHOICE, ADD_CONN_CHOICE];
 async function linkGitHubRepository(projectId, location) {
-    var _a, _b, _c;
+    var _a, _b, _c, _d;
     utils.logBullet(clc.bold(`${clc.yellow("===")} Set up a GitHub connection`));
+    let oauthConn = await getOrCreateConnection(projectId, location, APPHOSTING_OAUTH_CONN_NAME);
+    while (oauthConn.installationState.stage === "PENDING_USER_OAUTH") {
+        oauthConn = await promptConnectionAuth(oauthConn);
+    }
     const existingConns = await listAppHostingConnections(projectId);
     if (existingConns.length < 1) {
         const grantSuccess = await promptSecretManagerAdminGrant(projectId);
         if (!grantSuccess) {
             throw new error_1.FirebaseError("Insufficient IAM permissions to create a new connection to GitHub");
         }
-        let oauthConn = await getOrCreateConnection(projectId, location, APPHOSTING_OAUTH_CONN_NAME);
-        while (oauthConn.installationState.stage === "PENDING_USER_OAUTH") {
-            oauthConn = await promptConnectionAuth(oauthConn);
-        }
         const connectionId = generateConnectionId();
         const conn = await createConnection(projectId, location, connectionId, {
             authorizerCredential: (_a = oauthConn.githubConfig) === null || _a === void 0 ? void 0 : _a.authorizerCredential,
@@ -71,20 +76,33 @@ async function linkGitHubRepository(projectId, location) {
         existingConns.push(refreshedConn);
     }
     let { remoteUri, connection } = await promptRepositoryUri(projectId, existingConns);
-    while (remoteUri === "") {
-        await utils.openInBrowser("https://github.com/apps/google-cloud-build/installations/new");
-        await (0, prompt_1.promptOnce)({
-            type: "input",
-            message: "Press ENTER once you have finished configuring your installation's access settings.",
-        });
+    while (CONFIGURE_REMOTE_URI_CHOICES.includes(remoteUri)) {
+        if (remoteUri === ADD_REPO_CHOICE) {
+            await utils.openInBrowser("https://github.com/apps/google-cloud-build/installations/new");
+            await (0, prompt_1.promptOnce)({
+                type: "input",
+                message: "Press ENTER once you have provided the GitHub app installation with access to your desired repository.",
+            });
+        }
+        else if (remoteUri === ADD_CONN_CHOICE) {
+            const connectionId = generateConnectionId();
+            const conn = await createConnection(projectId, location, connectionId, {
+                authorizerCredential: (_b = oauthConn.githubConfig) === null || _b === void 0 ? void 0 : _b.authorizerCredential,
+            });
+            let refreshedConn = conn;
+            while (refreshedConn.installationState.stage !== "COMPLETE") {
+                refreshedConn = await promptAppInstall(conn);
+            }
+            existingConns.push(refreshedConn);
+        }
         const selection = await promptRepositoryUri(projectId, existingConns);
         remoteUri = selection.remoteUri;
         connection = selection.connection;
     }
     const { id: connectionId } = parseConnectionName(connection.name);
     await getOrCreateConnection(projectId, location, connectionId, {
-        authorizerCredential: (_b = connection.githubConfig) === null || _b === void 0 ? void 0 : _b.authorizerCredential,
-        appInstallationId: (_c = connection.githubConfig) === null || _c === void 0 ? void 0 : _c.appInstallationId,
+        authorizerCredential: (_c = connection.githubConfig) === null || _c === void 0 ? void 0 : _c.authorizerCredential,
+        appInstallationId: (_d = connection.githubConfig) === null || _d === void 0 ? void 0 : _d.appInstallationId,
     });
     const repo = await getOrCreateRepository(projectId, location, connectionId, remoteUri);
     utils.logSuccess(`Successfully linked GitHub repository at remote URI`);
@@ -93,28 +111,36 @@ async function linkGitHubRepository(projectId, location) {
 }
 exports.linkGitHubRepository = linkGitHubRepository;
 async function promptRepositoryUri(projectId, connections) {
-    const remoteUriToConnection = {};
-    for (const conn of connections) {
-        const { location, id } = parseConnectionName(conn.name);
-        const resp = await gcb.fetchLinkableRepositories(projectId, location, id);
-        if (resp.repositories && resp.repositories.length > 0) {
-            for (const repo of resp.repositories) {
-                remoteUriToConnection[repo.remoteUri] = conn;
-            }
-        }
-    }
-    const choices = Object.keys(remoteUriToConnection).map((remoteUri) => ({
-        name: extractRepoSlugFromUri(remoteUri) || remoteUri,
-        value: remoteUri,
-    }));
-    choices.push({
-        name: "Missing a repo? Select this option to configure your installation's access settings",
-        value: "",
-    });
+    const { repos, remoteUriToConnection } = await fetchAllRepositories(projectId, connections);
+    const searchRepos = (repos) => async (_, input = "") => {
+        return [
+            new inquirer.Separator(),
+            {
+                name: "Missing a repo? Select this option to configure your installation's access settings",
+                value: ADD_REPO_CHOICE,
+            },
+            {
+                name: "Missing an account or org? Select this option to create a new connection",
+                value: ADD_CONN_CHOICE,
+            },
+            new inquirer.Separator(),
+            ...fuzzy
+                .filter(input, repos, {
+                extract: (repo) => extractRepoSlugFromUri(repo.remoteUri) || "",
+            })
+                .map((result) => {
+                return {
+                    name: extractRepoSlugFromUri(result.original.remoteUri) || "",
+                    value: result.original.remoteUri,
+                };
+            }),
+        ];
+    };
     const remoteUri = await (0, prompt_1.promptOnce)({
-        type: "list",
+        type: "autocomplete",
+        name: "remoteUri",
         message: "Which of the following repositories would you like to deploy?",
-        choices,
+        source: searchRepos(repos),
     });
     return { remoteUri, connection: remoteUriToConnection[remoteUri] };
 }
@@ -217,3 +243,25 @@ async function listAppHostingConnections(projectId) {
         !conn.disabled);
 }
 exports.listAppHostingConnections = listAppHostingConnections;
+async function fetchAllRepositories(projectId, connections) {
+    const repos = [];
+    const remoteUriToConnection = {};
+    const getNextPage = async (conn, pageToken = "") => {
+        const { location, id } = parseConnectionName(conn.name);
+        const resp = await gcb.fetchLinkableRepositories(projectId, location, id, pageToken);
+        if (resp.repositories && resp.repositories.length > 0) {
+            for (const repo of resp.repositories) {
+                repos.push(repo);
+                remoteUriToConnection[repo.remoteUri] = conn;
+            }
+        }
+        if (resp.nextPageToken) {
+            await getNextPage(conn, resp.nextPageToken);
+        }
+    };
+    for (const conn of connections) {
+        await getNextPage(conn);
+    }
+    return { repos, remoteUriToConnection };
+}
+exports.fetchAllRepositories = fetchAllRepositories;

package/lib/init/features/hosting/github.js

@@ -160,6 +160,11 @@ function writeChannelActionYMLFile(ymlPath, secretName, projectId, script) {
     const workflowConfig = {
         name: "Deploy to Firebase Hosting on PR",
         on: "pull_request",
+        permissions: {
+            checks: "write",
+            contents: "read",
+            "pull-requests": "write",
+        },
         jobs: {
             ["build_and_preview"]: {
                 if: "${{ github.event.pull_request.head.repo.full_name == github.repository }}",

package/lib/metaprogramming.js

@@ -1,2 +1,5 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
+exports.assertImplements = void 0;
+function assertImplements() { }
+exports.assertImplements = assertImplements;

package/lib/prompt.js

@@ -3,6 +3,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.confirm = exports.promptOnce = exports.prompt = void 0;
 const inquirer = require("inquirer");
 const error_1 = require("./error");
+inquirer.registerPrompt("autocomplete", require("inquirer-autocomplete-prompt"));
 async function prompt(options, questions) {
     const prompts = [];
     for (const question of questions) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "firebase-tools",
-  "version": "13.2.1",
+  "version": "13.3.1",
   "description": "Command-Line Interface for Firebase",
   "main": "./lib/index.js",
   "bin": {
@@ -80,9 +80,11 @@
     "filesize": "^6.1.0",
     "form-data": "^4.0.0",
     "fs-extra": "^10.1.0",
+    "fuzzy": "^0.1.3",
     "glob": "^7.1.2",
     "google-auth-library": "^7.11.0",
-    "inquirer": "^8.2.0",
+    "inquirer": "^8.2.6",
+    "inquirer-autocomplete-prompt": "^2.0.1",
     "js-yaml": "^3.13.1",
     "jsonwebtoken": "^9.0.0",
     "leven": "^3.1.0",