firebase-tools 13.35.1 → 14.0.0

package/lib/deploy/functions/release/index.js

@@ -4,19 +4,19 @@ exports.printTriggerUrls = exports.release = void 0;
 const clc = require("colorette");
 const logger_1 = require("../../../logger");
 const functional_1 = require("../../../functional");
+const utils = require("../../../utils");
 const backend = require("../backend");
-const containerCleaner = require("../containerCleaner");
 const planner = require("./planner");
 const fabricator = require("./fabricator");
 const reporter = require("./reporter");
 const executor = require("./executor");
 const prompts = require("../prompts");
-const experiments = require("../../../experiments");
 const functionsConfig_1 = require("../../../functionsConfig");
 const functionsDeployHelper_1 = require("../functionsDeployHelper");
 const error_1 = require("../../../error");
 const getProjectNumber_1 = require("../../../getProjectNumber");
 const extensions_1 = require("../../extensions");
+const artifacts = require("../../../functions/artifacts");
 async function release(context, options, payload) {
     if (context.extensions && payload.extensions) {
         await (0, extensions_1.release)(context.extensions, options, payload.extensions);
@@ -78,13 +78,7 @@ async function release(context, options, payload) {
     reporter.printErrors(summary);
     const wantBackend = backend.merge(...Object.values(payload.functions).map((p) => p.wantBackend));
     printTriggerUrls(wantBackend);
-    const haveEndpoints = backend.allEndpoints(wantBackend);
-    const deletedEndpoints = Object.values(plan)
-        .map((r) => r.endpointsToDelete)
-        .reduce(functional_1.reduceFlat, []);
-    if (experiments.isEnabled("automaticallydeletegcfartifacts")) {
-        await containerCleaner.cleanupBuildImages(haveEndpoints, deletedEndpoints);
-    }
+    await setupArtifactCleanupPolicies(options, options.projectId, Object.keys(wantBackend.endpoints));
     const allErrors = summary.results.filter((r) => r.error).map((r) => r.error);
     if (allErrors.length) {
         const opts = allErrors.length === 1 ? { original: allErrors[0] } : { children: allErrors };
@@ -110,3 +104,27 @@ function printTriggerUrls(results) {
     }
 }
 exports.printTriggerUrls = printTriggerUrls;
+async function setupArtifactCleanupPolicies(options, projectId, locations) {
+    if (locations.length === 0) {
+        return;
+    }
+    const { locationsToSetup, locationsWithErrors: locationsWithCheckErrors } = await artifacts.checkCleanupPolicy(projectId, locations);
+    if (locationsToSetup.length === 0) {
+        return;
+    }
+    const daysToKeep = await prompts.promptForCleanupPolicyDays(options, locationsToSetup);
+    utils.logLabeledBullet("functions", `Configuring cleanup policy for ${locationsToSetup.length > 1 ? "repositories" : "repository"} in ${locationsToSetup.join(", ")}. ` +
+        `Images older than ${daysToKeep} days will be automatically deleted.`);
+    const { locationsWithPolicy, locationsWithErrors: locationsWithSetupErrors } = await artifacts.setCleanupPolicies(projectId, locationsToSetup, daysToKeep);
+    utils.logLabeledBullet("functions", `Configured cleanup policy for ${locationsWithPolicy.length > 1 ? "repositories" : "repository"} in ${locationsToSetup.join(", ")}.`);
+    const locationsWithErrors = [...locationsWithCheckErrors, ...locationsWithSetupErrors];
+    if (locationsWithErrors.length > 0) {
+        utils.logLabeledWarning("functions", `Failed to set up cleanup policy for repositories in ${locationsWithErrors.length > 1 ? "regions" : "region"} ` +
+            `${locationsWithErrors.join(", ")}.` +
+            "This could result in a small monthly bill as container images accumulate over time.");
+        throw new error_1.FirebaseError(`Functions successfully deployed but could not set up cleanup policy in ` +
+            `${locationsWithErrors.length > 1 ? "regions" : "region"} ${locationsWithErrors.join(", ")}.` +
+            `Pass the --force option to automatically set up a cleanup policy or` +
+            "run 'firebase functions:artifacts:setpolicy' to set up a cleanup policy to automatically delete old images.");
+    }
+}

package/lib/deploy/functions/runtimes/discovery/v1alpha1.js

@@ -67,8 +67,8 @@ function assertBuildEndpoint(ep, id) {
         maxInstances: "Field<number>?",
         minInstances: "Field<number>?",
         concurrency: "Field<number>?",
-        serviceAccount: "string?",
-        serviceAccountEmail: "string?",
+        serviceAccount: "Field<string>?",
+        serviceAccountEmail: "Field<string>?",
         timeoutSeconds: "Field<number>?",
         vpc: "object?",
         labels: "object?",
@@ -123,8 +123,8 @@ function assertBuildEndpoint(ep, id) {
             eventType: "string",
             retry: "Field<boolean>",
             region: "Field<string>",
-            serviceAccount: "string?",
-            serviceAccountEmail: "string?",
+            serviceAccount: "Field<string>?",
+            serviceAccountEmail: "Field<string>?",
             channel: "string",
         });
     }

package/lib/emulator/apphosting/config.js

@@ -6,22 +6,23 @@ const config_1 = require("../../apphosting/config");
 const yaml_1 = require("../../apphosting/yaml");
 async function getLocalAppHostingConfiguration(backendDir) {
     const appHostingConfigPaths = (0, config_1.listAppHostingFilesInPath)(backendDir);
-    const fileNameToPathMap = new Map();
-    for (const path of appHostingConfigPaths) {
-        const fileName = (0, path_1.basename)(path);
-        fileNameToPathMap.set(fileName, path);
+    const fileNameToPathMap = Object.fromEntries(appHostingConfigPaths.map((path) => [(0, path_1.basename)(path), path]));
+    const output = yaml_1.AppHostingYamlConfig.empty();
+    const baseFilePath = fileNameToPathMap[config_1.APPHOSTING_BASE_YAML_FILE];
+    const emulatorsFilePath = fileNameToPathMap[config_1.APPHOSTING_EMULATORS_YAML_FILE];
+    const localFilePath = fileNameToPathMap[config_1.APPHOSTING_LOCAL_YAML_FILE];
+    if (baseFilePath) {
+        const baseFile = await yaml_1.AppHostingYamlConfig.loadFromFile(baseFilePath);
+        output.merge(baseFile, false);
     }
-    const baseFilePath = fileNameToPathMap.get(config_1.APPHOSTING_BASE_YAML_FILE);
-    const localFilePath = fileNameToPathMap.get(config_1.APPHOSTING_LOCAL_YAML_FILE);
-    if (!baseFilePath && !localFilePath) {
-        return yaml_1.AppHostingYamlConfig.empty();
+    if (emulatorsFilePath) {
+        const emulatorsConfig = await yaml_1.AppHostingYamlConfig.loadFromFile(emulatorsFilePath);
+        output.merge(emulatorsConfig, false);
     }
-    if (!baseFilePath || !localFilePath) {
-        return await yaml_1.AppHostingYamlConfig.loadFromFile((baseFilePath || localFilePath));
+    if (localFilePath) {
+        const localYamlConfig = await yaml_1.AppHostingYamlConfig.loadFromFile(localFilePath);
+        output.merge(localYamlConfig, true);
     }
-    const localYamlConfig = await yaml_1.AppHostingYamlConfig.loadFromFile(localFilePath);
-    const baseConfig = await yaml_1.AppHostingYamlConfig.loadFromFile(baseFilePath);
-    baseConfig.merge(localYamlConfig);
-    return baseConfig;
+    return output;
 }
 exports.getLocalAppHostingConfiguration = getLocalAppHostingConfiguration;

package/lib/emulator/auth/operations.js

@@ -216,7 +216,8 @@ function lookup(state, reqBody, ctx) {
             tryAddUser(state.getUserByLocalId(localId));
         }
         for (const email of (_c = reqBody.email) !== null && _c !== void 0 ? _c : []) {
-            tryAddUser(state.getUserByEmail(email));
+            const canonicalizedEmail = (0, utils_1.canonicalizeEmailAddress)(email);
+            tryAddUser(state.getUserByEmail(canonicalizedEmail));
         }
         for (const phoneNumber of (_d = reqBody.phoneNumber) !== null && _d !== void 0 ? _d : []) {
             tryAddUser(state.getUserByPhoneNumber(phoneNumber));

package/lib/emulator/constants.js

@@ -103,7 +103,7 @@ Constants.FIREBASE_ENABLED_EXPERIMENTS = "FIREBASE_ENABLED_EXPERIMENTS";
 Constants.FIRESTORE_EMULATOR_HOST = "FIRESTORE_EMULATOR_HOST";
 Constants.FIRESTORE_EMULATOR_ENV_ALT = "FIREBASE_FIRESTORE_EMULATOR_ADDRESS";
 Constants.FIREBASE_DATABASE_EMULATOR_HOST = "FIREBASE_DATABASE_EMULATOR_HOST";
-Constants.FIREBASE_DATACONNECT_EMULATOR_HOST = "FIREBASE_DATACONNECT_EMULATOR_HOST";
+Constants.FIREBASE_DATACONNECT_EMULATOR_HOST = "FIREBASE_DATA_CONNECT_EMULATOR_HOST";
 Constants.FIREBASE_AUTH_EMULATOR_HOST = "FIREBASE_AUTH_EMULATOR_HOST";
 Constants.FIREBASE_STORAGE_EMULATOR_HOST = "FIREBASE_STORAGE_EMULATOR_HOST";
 Constants.CLOUD_STORAGE_EMULATOR_HOST = "STORAGE_EMULATOR_HOST";

package/lib/emulator/dataconnect/pgliteServer.js

@@ -124,7 +124,8 @@ class PostgresServer {
                 const db = await pglite_1.PGlite.create(pgliteArgs);
                 return db;
             }
-            throw err;
+            logger_1.logger.debug(`Error from pglite: ${err}`);
+            throw new error_1.FirebaseError("Unexpected error starting up Postgres.");
         }
     }
     async stop() {

package/lib/emulator/dataconnectEmulator.js

@@ -21,6 +21,7 @@ const pgliteServer_1 = require("./dataconnect/pgliteServer");
 const controller_1 = require("./controller");
 const utils_1 = require("../utils");
 const env_1 = require("./env");
+const ensureApiEnabled_1 = require("../ensureApiEnabled");
 exports.dataConnectEmulatorEvents = new events_1.EventEmitter();
 class DataConnectEmulator {
     constructor(args) {
@@ -43,6 +44,7 @@ class DataConnectEmulator {
                     this.logger.logLabeled("WARN", "dataconnect", "Detected a 'demo-' project, but vector embeddings require a real project. Operations that use vector_embed will fail.");
                 }
                 else {
+                    await (0, ensureApiEnabled_1.ensure)(this.args.projectId, (0, api_1.vertexAIOrigin)(), "dataconnect", true);
                     this.logger.logLabeled("WARN", "dataconnect", "Operations that use vector_embed will make calls to production Vertex AI");
                 }
             }

package/lib/emulator/downloadableEmulators.js

@@ -48,20 +48,20 @@ const EMULATOR_UPDATE_DETAILS = {
     },
     dataconnect: process.platform === "darwin"
         ? {
-            version: "1.9.2",
-            expectedSize: 26403584,
-            expectedChecksum: "a0a957bb5d564059ed883fee9e9fd67a",
+            version: "2.0.0",
+            expectedSize: 26440448,
+            expectedChecksum: "64fd9ad182e59a46b9462757db6d5aac",
         }
         : process.platform === "win32"
             ? {
-                version: "1.9.2",
-                expectedSize: 26846208,
-                expectedChecksum: "80f49b574aa69ef76fb49e2e96c8a699",
+                version: "2.0.0",
+                expectedSize: 26884096,
+                expectedChecksum: "92d654dfbb07fee4e1db2328ba6e00a7",
             }
             : {
-                version: "1.9.2",
-                expectedSize: 26316952,
-                expectedChecksum: "cc3c0318e453d9ddf098b582ee0f2b77",
+                version: "2.0.0",
+                expectedSize: 26353816,
+                expectedChecksum: "29c7a57a00cb11f44f9b0ffb4710bbd2",
             },
 };
 exports.DownloadDetails = {

package/lib/emulator/env.js

@@ -36,7 +36,8 @@ function setEnvVarsForEmulators(env, emulators) {
                 env[constants_1.Constants.CLOUD_TASKS_EMULATOR_HOST] = host;
                 break;
             case types_1.Emulators.DATACONNECT:
-                env[constants_1.Constants.FIREBASE_DATACONNECT_EMULATOR_HOST] = host;
+                env[constants_1.Constants.FIREBASE_DATACONNECT_EMULATOR_HOST] = `http://${host}`;
+                env["FIREBASE_DATACONNECT_EMULATOR_HOST"] = host;
         }
     }
 }

package/lib/emulator/initEmulators.js

@@ -1,6 +1,7 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.AdditionalInitFns = void 0;
+const clc = require("colorette");
 const path_1 = require("path");
 const prompt_1 = require("../prompt");
 const developmentServer_1 = require("./apphosting/developmentServer");
@@ -8,9 +9,11 @@ const emulatorLogger_1 = require("./emulatorLogger");
 const types_1 = require("./types");
 const config_1 = require("../apphosting/config");
 const detectProjectRoot_1 = require("../detectProjectRoot");
+const projectUtils_1 = require("../projectUtils");
+const secrets_1 = require("../apphosting/secrets");
 exports.AdditionalInitFns = {
-    [types_1.Emulators.APPHOSTING]: async () => {
-        var _a;
+    [types_1.Emulators.APPHOSTING]: async (config) => {
+        var _a, _b;
         const cwd = process.cwd();
         const additionalConfigs = new Map();
         const logger = emulatorLogger_1.EmulatorLogger.forEmulator(types_1.Emulators.APPHOSTING);
@@ -30,13 +33,35 @@ exports.AdditionalInitFns = {
         catch (e) {
             logger.log("WARN", "Failed to auto-detect your project's start command. Consider manually setting the start command by setting `firebase.json#emulators.apphosting.startCommand`");
         }
+        const projectId = (0, projectUtils_1.getProjectId)(config.options);
+        let env = [];
         try {
-            const projectRoot = (_a = (0, detectProjectRoot_1.detectProjectRoot)({})) !== null && _a !== void 0 ? _a : backendRoot;
-            await (0, config_1.exportConfig)(cwd, projectRoot, backendRoot);
+            const projectRoot = (_a = (0, detectProjectRoot_1.detectProjectRoot)({ cwd: config.options.cwd })) !== null && _a !== void 0 ? _a : backendRoot;
+            env = await (0, config_1.maybeGenerateEmulatorYaml)(projectId, projectRoot);
         }
         catch (e) {
             logger.log("WARN", "failed to export app hosting configs");
         }
+        const secretIds = (_b = env === null || env === void 0 ? void 0 : env.filter((e) => "secret" in e)) === null || _b === void 0 ? void 0 : _b.map((e) => e.secret);
+        if (secretIds === null || secretIds === void 0 ? void 0 : secretIds.length) {
+            if (!projectId) {
+                logger.log("WARN", "Cannot grant developers access to secrets for local development without knowing what project the secret is in. " +
+                    `Run ${clc.bold(`firebase apphosting:secrets:grantaccess ${secretIds.join(",")} --project [project] --emails [email list]`)}`);
+            }
+            else {
+                const users = await (0, prompt_1.promptOnce)({
+                    type: "input",
+                    message: "Your config has secret values. Please provide a comma-separated list of users or groups who should have access to secrets for local development:",
+                });
+                if (users.length) {
+                    await (0, secrets_1.grantEmailsSecretAccess)(projectId, secretIds, users.split(",").map((u) => u.trim()));
+                }
+                else {
+                    logger.log("INFO", "Skipping granting developers access to secrets for local development. To grant access in the future, run " +
+                        `Run ${clc.bold(`firebase apphosting:secrets:grantaccess ${secretIds.join(",")} --emails [email list]`)}`);
+                }
+            }
+        }
         return mapToObject(additionalConfigs);
     },
     [types_1.Emulators.DATACONNECT]: async (config) => {

package/lib/experiments.js

@@ -41,18 +41,6 @@ exports.ALL_EXPERIMENTS = experiments({
             "of how that image was created.",
         public: true,
     },
-    automaticallydeletegcfartifacts: {
-        shortDescription: "Control whether functions cleans up images after deploys",
-        fullDescription: "To control costs, Firebase defaults to automatically deleting containers " +
-            "created during the build process. This has the side-effect of preventing " +
-            "users from rolling back to previous revisions using the Run API. To change " +
-            `this behavior, call ${(0, colorette_1.bold)("experiments:disable deletegcfartifactsondeploy")} ` +
-            `consider also calling ${(0, colorette_1.bold)("experiments:enable deletegcfartifacts")} ` +
-            `to enable the new command ${(0, colorette_1.bold)("functions:deletegcfartifacts")} which` +
-            "lets you clean up images manually",
-        public: true,
-        default: true,
-    },
     emulatoruisnapshot: {
         shortDescription: "Load pre-release versions of the emulator UI",
     },
@@ -115,7 +103,7 @@ exports.ALL_EXPERIMENTS = experiments({
     fdcconnectorevolution: {
         shortDescription: "Enable Data Connect connector evolution warnings.",
         fullDescription: "Enable Data Connect connector evolution warnings.",
-        default: false,
+        default: true,
         public: false,
     },
 });

package/lib/functions/artifacts.js

@@ -1,7 +1,8 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.hasCleanupOptOut = exports.hasSameCleanupPolicy = exports.setCleanupPolicy = exports.optOutRepository = exports.updateRepository = exports.generateCleanupPolicy = exports.parseDaysFromPolicy = exports.daysToSeconds = exports.findExistingPolicy = exports.makeRepoPath = exports.DEFAULT_CLEANUP_DAYS = exports.OPT_OUT_LABEL_KEY = exports.CLEANUP_POLICY_ID = exports.GCF_REPO_ID = void 0;
+exports.setCleanupPolicies = exports.checkCleanupPolicy = exports.hasCleanupOptOut = exports.hasSameCleanupPolicy = exports.setCleanupPolicy = exports.optOutRepository = exports.updateRepository = exports.generateCleanupPolicy = exports.parseDaysFromPolicy = exports.daysToSeconds = exports.findExistingPolicy = exports.getRepo = exports.getRepoCache = exports.makeRepoPath = exports.DEFAULT_CLEANUP_DAYS = exports.OPT_OUT_LABEL_KEY = exports.CLEANUP_POLICY_ID = exports.GCF_REPO_ID = void 0;
 const artifactregistry = require("../gcp/artifactregistry");
+const logger_1 = require("../logger");
 const error_1 = require("../error");
 exports.GCF_REPO_ID = "gcf-artifacts";
 exports.CLEANUP_POLICY_ID = "firebase-functions-cleanup";
@@ -12,6 +13,17 @@ function makeRepoPath(projectId, location, repoName = exports.GCF_REPO_ID) {
     return `projects/${projectId}/locations/${location}/repositories/${repoName}`;
 }
 exports.makeRepoPath = makeRepoPath;
+exports.getRepoCache = new Map();
+async function getRepo(projectId, location, forceRefresh = false, repoName = exports.GCF_REPO_ID) {
+    const repoPath = makeRepoPath(projectId, location, repoName);
+    if (!forceRefresh && exports.getRepoCache.has(repoPath)) {
+        return exports.getRepoCache.get(repoPath);
+    }
+    const repo = await artifactregistry.getRepository(repoPath);
+    exports.getRepoCache.set(repoPath, repo);
+    return repo;
+}
+exports.getRepo = getRepo;
 function findExistingPolicy(repository) {
     var _a;
     return (_a = repository === null || repository === void 0 ? void 0 : repository.cleanupPolicies) === null || _a === void 0 ? void 0 : _a[exports.CLEANUP_POLICY_ID];
@@ -103,3 +115,78 @@ function hasCleanupOptOut(repo) {
     return !!(repo.labels && repo.labels[exports.OPT_OUT_LABEL_KEY] === "true");
 }
 exports.hasCleanupOptOut = hasCleanupOptOut;
+async function checkCleanupPolicy(projectId, locations) {
+    if (locations.length === 0) {
+        return { locationsToSetup: [], locationsWithErrors: [] };
+    }
+    const checkRepos = await Promise.allSettled(locations.map(async (location) => {
+        try {
+            const repository = await exports.getRepo(projectId, location);
+            const hasPolicy = !!findExistingPolicy(repository);
+            const hasOptOut = hasCleanupOptOut(repository);
+            const hasOtherPolicies = repository.cleanupPolicies &&
+                Object.keys(repository.cleanupPolicies).some((key) => key !== exports.CLEANUP_POLICY_ID);
+            return {
+                location,
+                repository,
+                hasPolicy,
+                hasOptOut,
+                hasOtherPolicies,
+            };
+        }
+        catch (err) {
+            logger_1.logger.debug(`Failed to check artifact cleanup policy for region ${location}:`, err);
+            throw err;
+        }
+    }));
+    const locationsToSetup = [];
+    const locationsWithErrors = [];
+    for (let i = 0; i < checkRepos.length; i++) {
+        const result = checkRepos[i];
+        if (result.status === "fulfilled") {
+            if (!(result.value.hasPolicy || result.value.hasOptOut || result.value.hasOtherPolicies)) {
+                locationsToSetup.push(result.value.location);
+            }
+        }
+        else {
+            locationsWithErrors.push(locations[i]);
+        }
+    }
+    return { locationsToSetup, locationsWithErrors };
+}
+exports.checkCleanupPolicy = checkCleanupPolicy;
+async function setCleanupPolicies(projectId, locations, daysToKeep) {
+    if (locations.length === 0)
+        return { locationsWithPolicy: [], locationsWithErrors: [] };
+    const locationsWithPolicy = [];
+    const locationsWithErrors = [];
+    const setupRepos = await Promise.allSettled(locations.map(async (location) => {
+        try {
+            logger_1.logger.debug(`Setting up artifact cleanup policy for region ${location}`);
+            const repo = await exports.getRepo(projectId, location);
+            await exports.setCleanupPolicy(repo, daysToKeep);
+            return location;
+        }
+        catch (err) {
+            throw new error_1.FirebaseError("Failed to set up artifact cleanup policy", {
+                original: err,
+            });
+        }
+    }));
+    for (let i = 0; i < locations.length; i++) {
+        const location = locations[i];
+        const result = setupRepos[i];
+        if (result.status === "rejected") {
+            logger_1.logger.debug(`Failed to set up artifact cleanup policy for region ${location}:`, result.reason);
+            locationsWithErrors.push(location);
+        }
+        else {
+            locationsWithPolicy.push(location);
+        }
+    }
+    return {
+        locationsWithPolicy,
+        locationsWithErrors,
+    };
+}
+exports.setCleanupPolicies = setCleanupPolicies;

package/lib/gcp/cloudfunctions.js

@@ -340,7 +340,7 @@ function functionFromEndpoint(endpoint, sourceUploadUrl) {
         }
     }
     proto.copyIfPresent(gcfFunction, endpoint, "minInstances", "maxInstances", "ingressSettings", "environmentVariables", "secretEnvironmentVariables");
-    proto.renameIfPresent(gcfFunction, endpoint, "serviceAccountEmail", "serviceAccount");
+    proto.convertIfPresent(gcfFunction, endpoint, "serviceAccountEmail", "serviceAccount", (from) => proto.formatServiceAccount(from, endpoint.project, true));
     proto.convertIfPresent(gcfFunction, endpoint, "availableMemoryMb", (mem) => mem);
     proto.convertIfPresent(gcfFunction, endpoint, "timeout", "timeoutSeconds", (sec) => sec ? proto.durationFromSeconds(sec) : null);
     if (endpoint.vpc) {

package/lib/gcp/cloudfunctionsv2.js

@@ -193,7 +193,7 @@ function functionFromEndpoint(endpoint) {
     };
     proto.copyIfPresent(gcfFunction, endpoint, "labels");
     proto.copyIfPresent(gcfFunction.serviceConfig, endpoint, "environmentVariables", "secretEnvironmentVariables", "ingressSettings", "timeoutSeconds");
-    proto.renameIfPresent(gcfFunction.serviceConfig, endpoint, "serviceAccountEmail", "serviceAccount");
+    proto.convertIfPresent(gcfFunction.serviceConfig, endpoint, "serviceAccountEmail", "serviceAccount", (from) => proto.formatServiceAccount(from, endpoint.project, true));
     const mem = endpoint.availableMemoryMb || backend.DEFAULT_MEMORY;
     gcfFunction.serviceConfig.availableMemory = mem > 1024 ? `${mem / 1024}Gi` : `${mem}Mi`;
     proto.renameIfPresent(gcfFunction.serviceConfig, endpoint, "minInstanceCount", "minInstances");
@@ -215,8 +215,8 @@ function functionFromEndpoint(endpoint) {
             eventType: endpoint.eventTrigger.eventType,
             retryPolicy: "RETRY_POLICY_UNSPECIFIED",
         };
-        if (endpoint.serviceAccount) {
-            gcfFunction.eventTrigger.serviceAccountEmail = endpoint.serviceAccount;
+        if (gcfFunction.serviceConfig.serviceAccountEmail) {
+            gcfFunction.eventTrigger.serviceAccountEmail = gcfFunction.serviceConfig.serviceAccountEmail;
         }
         if (gcfFunction.eventTrigger.eventType === v2_1.PUBSUB_PUBLISH_EVENT) {
             if (!((_b = endpoint.eventTrigger.eventFilters) === null || _b === void 0 ? void 0 : _b.topic)) {

package/lib/gcp/cloudsql/permissions.js

@@ -1,8 +1,9 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.defaultPermissions = exports.readerRolePermissions = exports.writerRolePermissions = exports.ownerRolePermissions = exports.firebasewriter = exports.firebasereader = exports.firebaseowner = exports.FIREBASE_SUPER_USER = exports.DEFAULT_SCHEMA = void 0;
+exports.defaultPermissions = exports.readerRolePermissions = exports.writerRolePermissions = exports.ownerRolePermissions = exports.firebasewriter = exports.firebasereader = exports.firebaseowner = exports.CLOUDSQL_SUPER_USER = exports.FIREBASE_SUPER_USER = exports.DEFAULT_SCHEMA = void 0;
 exports.DEFAULT_SCHEMA = "public";
 exports.FIREBASE_SUPER_USER = "firebasesuperuser";
+exports.CLOUDSQL_SUPER_USER = "cloudsqlsuperuser";
 function firebaseowner(databaseId, schema = exports.DEFAULT_SCHEMA) {
     return `firebaseowner_${databaseId}_${schema}`;
 }

package/lib/gcp/cloudsql/permissions_setup.js

@@ -173,14 +173,17 @@ async function getSchemaMetadata(instanceId, databaseId, schema, options) {
     };
 }
 exports.getSchemaMetadata = getSchemaMetadata;
+function filterTableOwners(schemaInfo, databaseId) {
+    return [...new Set(schemaInfo.tables.map((t) => t.owner))].filter((owner) => owner !== permissions_1.CLOUDSQL_SUPER_USER && owner !== (0, permissions_1.firebaseowner)(databaseId, schemaInfo.name));
+}
 async function setupBrownfieldAsGreenfield(instanceId, databaseId, schemaInfo, options, silent = false) {
     const schema = schemaInfo.name;
     const firebaseOwnerRole = (0, permissions_1.firebaseowner)(databaseId, schema);
-    const nonFirebasetablesOwners = [...new Set(schemaInfo.tables.map((t) => t.owner))].filter((owner) => owner !== firebaseOwnerRole);
-    const grantOwnersToSuperuserCmds = nonFirebasetablesOwners.map((owner) => `GRANT "${owner}" TO "${permissions_1.FIREBASE_SUPER_USER}"`);
-    const revokeOwnersFromSuperuserCmds = nonFirebasetablesOwners.map((owner) => `REVOKE "${owner}" FROM "${permissions_1.FIREBASE_SUPER_USER}"`);
+    const uniqueTablesOwners = filterTableOwners(schemaInfo, databaseId);
+    const grantOwnersToSuperuserCmds = uniqueTablesOwners.map((owner) => `GRANT "${owner}" TO "${permissions_1.FIREBASE_SUPER_USER}"`);
+    const revokeOwnersFromSuperuserCmds = uniqueTablesOwners.map((owner) => `REVOKE "${owner}" FROM "${permissions_1.FIREBASE_SUPER_USER}"`);
     const greenfieldSetupCmds = await greenFieldSchemaSetup(instanceId, databaseId, schema, options);
-    const grantCmds = nonFirebasetablesOwners.map((owner) => `GRANT "${(0, permissions_1.firebasewriter)(databaseId, schema)}" TO "${owner}"`);
+    const grantCmds = uniqueTablesOwners.map((owner) => `GRANT "${(0, permissions_1.firebasewriter)(databaseId, schema)}" TO "${owner}"`);
     const alterTableCmds = schemaInfo.tables.map((table) => `ALTER TABLE "${schema}"."${table.name}" OWNER TO "${firebaseOwnerRole}";`);
     const setupCmds = [
         ...grantOwnersToSuperuserCmds,
@@ -194,7 +197,7 @@ async function setupBrownfieldAsGreenfield(instanceId, databaseId, schemaInfo, o
 exports.setupBrownfieldAsGreenfield = setupBrownfieldAsGreenfield;
 async function brownfieldSqlSetup(instanceId, databaseId, schemaInfo, options, silent = false) {
     const schema = schemaInfo.name;
-    const uniqueTablesOwners = [...new Set(schemaInfo.tables.map((t) => t.owner))];
+    const uniqueTablesOwners = filterTableOwners(schemaInfo, databaseId);
     const grantOwnersToFirebasesuperuser = uniqueTablesOwners.map((owner) => `GRANT "${owner}" TO "${permissions_1.FIREBASE_SUPER_USER}"`);
     const revokeOwnersFromFirebasesuperuser = uniqueTablesOwners.map((owner) => `REVOKE "${owner}" FROM "${permissions_1.FIREBASE_SUPER_USER}"`);
     const iamUser = (await (0, connect_2.getIAMUser)(options)).user;

package/lib/gcp/proto.js

@@ -91,18 +91,19 @@ function getInvokerMembers(invoker, projectId) {
     return invoker.map((inv) => formatServiceAccount(inv, projectId));
 }
 exports.getInvokerMembers = getInvokerMembers;
-function formatServiceAccount(serviceAccount, projectId) {
+function formatServiceAccount(serviceAccount, projectId, removeTypePrefix = false) {
     if (serviceAccount.length === 0) {
         throw new error_1.FirebaseError("Service account cannot be an empty string");
     }
     if (!serviceAccount.includes("@")) {
         throw new error_1.FirebaseError("Service account must be of the form 'service-account@' or 'service-account@{project-id}.iam.gserviceaccount.com'");
     }
+    const prefix = removeTypePrefix ? "" : "serviceAccount:";
     if (serviceAccount.endsWith("@")) {
         const suffix = `${projectId}.iam.gserviceaccount.com`;
-        return `serviceAccount:${serviceAccount}${suffix}`;
+        return `${prefix}${serviceAccount}${suffix}`;
     }
-    return `serviceAccount:${serviceAccount}`;
+    return `${prefix}${serviceAccount}`;
 }
 exports.formatServiceAccount = formatServiceAccount;
 function pruneUndefiends(obj) {

package/lib/init/features/dataconnect/sdk.js

@@ -2,7 +2,6 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.actuate = exports.generateSdkYaml = exports.doSetup = exports.FDC_APP_FOLDER = void 0;
 const yaml = require("yaml");
-const fs = require("fs");
 const clc = require("colorette");
 const path = require("path");
 const fsutils_1 = require("../../../fsutils");
@@ -18,7 +17,7 @@ const auth_1 = require("../../../auth");
 exports.FDC_APP_FOLDER = "_FDC_APP_FOLDER";
 async function doSetup(setup, config) {
     const sdkInfo = await askQuestions(setup, config);
-    await actuate(sdkInfo);
+    await actuate(sdkInfo, config);
     (0, utils_1.logSuccess)(`If you'd like to add more generated SDKs to your app your later, run ${clc.bold("firebase init dataconnect:sdk")} again`);
 }
 exports.doSetup = doSetup;
@@ -157,11 +156,11 @@ async function generateSdkYaml(targetPlatform, connectorYaml, connectorDir, appD
     return connectorYaml;
 }
 exports.generateSdkYaml = generateSdkYaml;
-async function actuate(sdkInfo) {
+async function actuate(sdkInfo, config) {
     var _a, _b;
     const connectorYamlPath = `${sdkInfo.connectorInfo.directory}/connector.yaml`;
-    fs.writeFileSync(connectorYamlPath, sdkInfo.connectorYamlContents, "utf8");
-    (0, utils_1.logBullet)(`Wrote new config to ${connectorYamlPath}`);
+    (0, utils_1.logBullet)(`Writing your new SDK configuration to ${connectorYamlPath}`);
+    await config.askWriteProjectFile(path.relative(config.projectDir, connectorYamlPath), sdkInfo.connectorYamlContents);
     const account = (0, auth_1.getGlobalDefaultAccount)();
     await dataconnectEmulator_1.DataConnectEmulator.generate({
         configDir: sdkInfo.connectorInfo.directory,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "firebase-tools",
-  "version": "13.35.1",
+  "version": "14.0.0",
   "description": "Command-Line Interface for Firebase",
   "main": "./lib/index.js",
   "bin": {
@@ -29,7 +29,7 @@
   ],
   "preferGlobal": true,
   "engines": {
-    "node": ">=18.0.0 || >=20.0.0 || >=22.0.0"
+    "node": ">=20.0.0 || >=22.0.0"
   },
   "author": "Firebase (https://firebase.google.com/)",
   "license": "MIT",

package/standalone/package.json

@@ -30,7 +30,7 @@
     ]
   },
   "devDependencies": {
-    "pkg": "^5.7.0",
+    "@yao-pkg/pkg": "^6.3.0",
     "prettier": "^1.15.3"
   }
 }

package/templates/init/dataconnect/dataconnect.yaml

@@ -1,4 +1,4 @@
-specVersion: "v1beta"
+specVersion: "v1"
 serviceId: __serviceId__
 location: __location__
 schema:

package/lib/commands/apphosting-config-export.js

@@ -1,29 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.command = void 0;
-const command_1 = require("../command");
-const projectUtils_1 = require("../projectUtils");
-const requireAuth_1 = require("../requireAuth");
-const secretManager = require("../gcp/secretManager");
-const requirePermissions_1 = require("../requirePermissions");
-const config_1 = require("../apphosting/config");
-const error_1 = require("../error");
-const detectProjectRoot_1 = require("../detectProjectRoot");
-exports.command = new command_1.Command("apphosting:config:export")
-    .description("Export App Hosting configurations such as secrets into an apphosting.local.yaml file")
-    .option("-s, --secrets <apphosting.yaml or apphosting.<environment>.yaml file to export secrets from>", "This command combines the base apphosting.yaml with the specified environment-specific file (e.g., apphosting.staging.yaml). If keys conflict, the environment-specific file takes precedence.")
-    .before(requireAuth_1.requireAuth)
-    .before(secretManager.ensureApi)
-    .before(requirePermissions_1.requirePermissions, ["secretmanager.versions.access"])
-    .action(async (options) => {
-    var _a;
-    const projectId = (0, projectUtils_1.needProjectId)(options);
-    const environmentConfigFile = options.secrets;
-    const cwd = process.cwd();
-    const backendRoot = (0, config_1.discoverBackendRoot)(cwd);
-    if (!backendRoot) {
-        throw new error_1.FirebaseError("Missing apphosting.yaml: This command requires an apphosting.yaml configuration file. Please run 'firebase init apphosting' and try again.");
-    }
-    const projectRoot = (_a = (0, detectProjectRoot_1.detectProjectRoot)({})) !== null && _a !== void 0 ? _a : backendRoot;
-    await (0, config_1.exportConfig)(cwd, projectRoot, backendRoot, projectId, environmentConfigFile);
-});

package/lib/commands/experimental-functions-shell.js

@@ -1,13 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.command = void 0;
-const functionsShellCommandAction_1 = require("../functionsShellCommandAction");
-const command_1 = require("../command");
-const requireConfig_1 = require("../requireConfig");
-const requirePermissions_1 = require("../requirePermissions");
-exports.command = new command_1.Command("experimental:functions:shell")
-    .description("launch full Node shell with emulated functions. (Alias for `firebase functions:shell.)")
-    .option("-p, --port <port>", "the port on which to emulate functions (default: 5000)", 5000)
-    .before(requireConfig_1.requireConfig)
-    .before(requirePermissions_1.requirePermissions)
-    .action(functionsShellCommandAction_1.actionFunction);