firebase-tools 13.5.1 → 13.6.0

package/lib/gcp/firestore.js

@@ -9,12 +9,12 @@ const error_1 = require("../error");
 const prodOnlyClient = new apiv2_1.Client({
     auth: true,
     apiVersion: "v1",
-    urlPrefix: api_1.firestoreOrigin,
+    urlPrefix: (0, api_1.firestoreOrigin)(),
 });
 const emuOrProdClient = new apiv2_1.Client({
     auth: true,
     apiVersion: "v1",
-    urlPrefix: api_1.firestoreOriginOrEmulator,
+    urlPrefix: (0, api_1.firestoreOriginOrEmulator)(),
 });
 var DayOfWeek;
 (function (DayOfWeek) {

package/lib/gcp/iam.js

@@ -4,7 +4,7 @@ exports.testIamPermissions = exports.testResourceIamPermissions = exports.getRol
 const api_1 = require("../api");
 const logger_1 = require("../logger");
 const apiv2_1 = require("../apiv2");
-const apiClient = new apiv2_1.Client({ urlPrefix: api_1.iamOrigin, apiVersion: "v1" });
+const apiClient = new apiv2_1.Client({ urlPrefix: (0, api_1.iamOrigin)(), apiVersion: "v1" });
 async function createServiceAccount(projectId, accountId, description, displayName) {
     const response = await apiClient.post(`/projects/${projectId}/serviceAccounts`, {
         accountId,
@@ -71,6 +71,6 @@ async function testResourceIamPermissions(origin, apiVersion, resourceName, perm
 }
 exports.testResourceIamPermissions = testResourceIamPermissions;
 async function testIamPermissions(projectId, permissions) {
-    return testResourceIamPermissions(api_1.resourceManagerOrigin, "v1", `projects/${projectId}`, permissions, `projects/${projectId}`);
+    return testResourceIamPermissions((0, api_1.resourceManagerOrigin)(), "v1", `projects/${projectId}`, permissions, `projects/${projectId}`);
 }
 exports.testIamPermissions = testIamPermissions;

package/lib/gcp/identityPlatform.js

@@ -6,7 +6,7 @@ const api_1 = require("../api");
 const apiv2_1 = require("../apiv2");
 const API_VERSION = "v2";
 const adminApiClient = new apiv2_1.Client({
-    urlPrefix: api_1.identityOrigin + "/admin",
+    urlPrefix: (0, api_1.identityOrigin)() + "/admin",
     apiVersion: API_VERSION,
 });
 async function getBlockingFunctionsConfig(project) {

package/lib/gcp/pubsub.js

@@ -6,7 +6,7 @@ const api_1 = require("../api");
 const proto = require("./proto");
 const API_VERSION = "v1";
 const client = new apiv2_1.Client({
-    urlPrefix: api_1.pubsubOrigin,
+    urlPrefix: (0, api_1.pubsubOrigin)(),
     auth: true,
     apiVersion: API_VERSION,
 });

package/lib/gcp/resourceManager.js

@@ -6,13 +6,14 @@ const api_1 = require("../api");
 const apiv2_1 = require("../apiv2");
 const iam_1 = require("./iam");
 const API_VERSION = "v1";
-const apiClient = new apiv2_1.Client({ urlPrefix: api_1.resourceManagerOrigin, apiVersion: API_VERSION });
+const apiClient = new apiv2_1.Client({ urlPrefix: (0, api_1.resourceManagerOrigin)(), apiVersion: API_VERSION });
 exports.firebaseRoles = {
     apiKeysViewer: "roles/serviceusage.apiKeysViewer",
     authAdmin: "roles/firebaseauth.admin",
     functionsDeveloper: "roles/cloudfunctions.developer",
     hostingAdmin: "roles/firebasehosting.admin",
     runViewer: "roles/run.viewer",
+    serviceUsageConsumer: "roles/serviceusage.serviceUsageConsumer",
 };
 async function getIamPolicy(projectIdOrNumber) {
     const response = await apiClient.post(`/projects/${projectIdOrNumber}:getIamPolicy`);

package/lib/gcp/rules.js

@@ -6,7 +6,7 @@ const apiv2_1 = require("../apiv2");
 const logger_1 = require("../logger");
 const utils = require("../utils");
 const API_VERSION = "v1";
-const apiClient = new apiv2_1.Client({ urlPrefix: api_1.rulesOrigin, apiVersion: API_VERSION });
+const apiClient = new apiv2_1.Client({ urlPrefix: (0, api_1.rulesOrigin)(), apiVersion: API_VERSION });
 function _handleErrorResponse(response) {
     if (response.body && response.body.error) {
         return utils.reject(response.body.error, { code: 2 });

package/lib/gcp/run.js

@@ -9,7 +9,7 @@ const throttler_1 = require("../throttler/throttler");
 const logger_1 = require("../logger");
 const API_VERSION = "v1";
 const client = new apiv2_1.Client({
-    urlPrefix: api_1.runOrigin,
+    urlPrefix: (0, api_1.runOrigin)(),
     auth: true,
     apiVersion: API_VERSION,
 });

package/lib/gcp/runtimeconfig.js

@@ -6,7 +6,7 @@ const api_1 = require("../api");
 const apiv2_1 = require("../apiv2");
 const logger_1 = require("../logger");
 const API_VERSION = "v1beta1";
-const apiClient = new apiv2_1.Client({ urlPrefix: api_1.runtimeconfigOrigin, apiVersion: API_VERSION });
+const apiClient = new apiv2_1.Client({ urlPrefix: (0, api_1.runtimeconfigOrigin)(), apiVersion: API_VERSION });
 function listConfigs(projectId) {
     return apiClient
         .get(`/projects/${projectId}/configs`, {

package/lib/gcp/secretManager.js

@@ -13,7 +13,7 @@ const SECRET_VERSION_NAME_REGEX = new RegExp(SECRET_NAME_REGEX.source + "\\/vers
 const secretManagerConsoleUri = (projectId) => `https://console.cloud.google.com/security/secret-manager?project=${projectId}`;
 exports.secretManagerConsoleUri = secretManagerConsoleUri;
 const API_VERSION = "v1";
-const client = new apiv2_1.Client({ urlPrefix: api_1.secretManagerOrigin, apiVersion: API_VERSION });
+const client = new apiv2_1.Client({ urlPrefix: (0, api_1.secretManagerOrigin)(), apiVersion: API_VERSION });
 async function getSecret(projectId, name) {
     var _a;
     const getRes = await client.get(`projects/${projectId}/secrets/${name}`);

package/lib/gcp/serviceusage.js

@@ -7,7 +7,7 @@ const apiv2_1 = require("../apiv2");
 const error_1 = require("../error");
 const utils = require("../utils");
 const apiClient = new apiv2_1.Client({
-    urlPrefix: api_1.serviceUsageOrigin,
+    urlPrefix: (0, api_1.serviceUsageOrigin)(),
     apiVersion: "v1beta1",
 });
 async function generateServiceIdentity(projectNumber, service, prefix) {

package/lib/gcp/storage.js

@@ -10,9 +10,12 @@ const logger_1 = require("../logger");
 const ensureApiEnabled_1 = require("../ensureApiEnabled");
 async function getDefaultBucket(projectId) {
     var _a;
-    await (0, ensureApiEnabled_1.ensure)(projectId, api_1.firebaseStorageOrigin, "storage", false);
+    await (0, ensureApiEnabled_1.ensure)(projectId, (0, api_1.firebaseStorageOrigin)(), "storage", false);
     try {
-        const localAPIClient = new apiv2_1.Client({ urlPrefix: api_1.firebaseStorageOrigin, apiVersion: "v1alpha" });
+        const localAPIClient = new apiv2_1.Client({
+            urlPrefix: (0, api_1.firebaseStorageOrigin)(),
+            apiVersion: "v1alpha",
+        });
         const response = await localAPIClient.get(`/projects/${projectId}/defaultBucket`);
         if (!((_a = response.body) === null || _a === void 0 ? void 0 : _a.bucket.name)) {
             logger_1.logger.debug("Default storage bucket is undefined.");
@@ -29,7 +32,7 @@ async function getDefaultBucket(projectId) {
     }
 }
 exports.getDefaultBucket = getDefaultBucket;
-async function upload(source, uploadUrl, extraHeaders) {
+async function upload(source, uploadUrl, extraHeaders, ignoreQuotaProject) {
     const url = new URL(uploadUrl);
     const localAPIClient = new apiv2_1.Client({ urlPrefix: url.origin, auth: false });
     const res = await localAPIClient.request({
@@ -40,6 +43,7 @@ async function upload(source, uploadUrl, extraHeaders) {
         headers: Object.assign({ "content-type": "application/zip" }, extraHeaders),
         body: source.stream,
         skipLog: { resBody: true },
+        ignoreQuotaProject,
     });
     return {
         generation: res.response.headers.get("x-goog-generation"),
@@ -50,7 +54,7 @@ async function uploadObject(source, bucketName) {
     if (path.extname(source.file) !== ".zip") {
         throw new error_1.FirebaseError(`Expected a file name ending in .zip, got ${source.file}`);
     }
-    const localAPIClient = new apiv2_1.Client({ urlPrefix: api_1.storageOrigin });
+    const localAPIClient = new apiv2_1.Client({ urlPrefix: (0, api_1.storageOrigin)() });
     const location = `/${bucketName}/${path.basename(source.file)}`;
     const res = await localAPIClient.request({
         method: "PUT",
@@ -69,13 +73,13 @@ async function uploadObject(source, bucketName) {
 }
 exports.uploadObject = uploadObject;
 function deleteObject(location) {
-    const localAPIClient = new apiv2_1.Client({ urlPrefix: api_1.storageOrigin });
+    const localAPIClient = new apiv2_1.Client({ urlPrefix: (0, api_1.storageOrigin)() });
     return localAPIClient.delete(location);
 }
 exports.deleteObject = deleteObject;
 async function getBucket(bucketName) {
     try {
-        const localAPIClient = new apiv2_1.Client({ urlPrefix: api_1.storageOrigin });
+        const localAPIClient = new apiv2_1.Client({ urlPrefix: (0, api_1.storageOrigin)() });
         const result = await localAPIClient.get(`/storage/v1/b/${bucketName}`);
         return result.body;
     }
@@ -89,7 +93,7 @@ async function getBucket(bucketName) {
 exports.getBucket = getBucket;
 async function listBuckets(projectId) {
     try {
-        const localAPIClient = new apiv2_1.Client({ urlPrefix: api_1.storageOrigin });
+        const localAPIClient = new apiv2_1.Client({ urlPrefix: (0, api_1.storageOrigin)() });
         const result = await localAPIClient.get(`/storage/v1/b?project=${projectId}`);
         return result.body.items.map((bucket) => bucket.name);
     }
@@ -103,7 +107,7 @@ async function listBuckets(projectId) {
 exports.listBuckets = listBuckets;
 async function getServiceAccount(projectId) {
     try {
-        const localAPIClient = new apiv2_1.Client({ urlPrefix: api_1.storageOrigin });
+        const localAPIClient = new apiv2_1.Client({ urlPrefix: (0, api_1.storageOrigin)() });
         const response = await localAPIClient.get(`/storage/v1/projects/${projectId}/serviceAccount`);
         return response.body;
     }

package/lib/hosting/api.js

@@ -28,7 +28,7 @@ function normalizeName(s) {
 }
 exports.normalizeName = normalizeName;
 const apiClient = new apiv2_1.Client({
-    urlPrefix: api_1.hostingApiOrigin,
+    urlPrefix: (0, api_1.hostingApiOrigin)(),
     apiVersion: "v1beta1",
     auth: true,
 });
@@ -122,7 +122,7 @@ async function cloneVersion(site, versionName, finalize = false) {
     });
     const { name: operationName } = res.body;
     const pollRes = await operationPoller.pollOperation({
-        apiOrigin: api_1.hostingApiOrigin,
+        apiOrigin: (0, api_1.hostingApiOrigin)(),
         apiVersion: "v1beta1",
         operationResourceName: operationName,
         masterTimeout: 600000,

package/lib/hosting/cloudRunProxy.js

@@ -7,7 +7,7 @@ const error_1 = require("../error");
 const logger_1 = require("../logger");
 const projectUtils_1 = require("../projectUtils");
 const cloudRunCache = {};
-const apiClient = new apiv2_1.Client({ urlPrefix: api_1.cloudRunApiOrigin, apiVersion: "v1" });
+const apiClient = new apiv2_1.Client({ urlPrefix: (0, api_1.cloudRunApiOrigin)(), apiVersion: "v1" });
 async function getCloudRunUrl(rewrite, projectId) {
     var _a;
     const alreadyFetched = cloudRunCache[`${rewrite.run.region}/${rewrite.run.serviceId}`];

package/lib/init/features/apphosting/index.js

@@ -17,17 +17,17 @@ const ensureApiEnabled_1 = require("../../../ensureApiEnabled");
 const deploymentTool = require("../../../deploymentTool");
 const DEFAULT_COMPUTE_SERVICE_ACCOUNT_NAME = "firebase-app-hosting-compute";
 const apphostingPollerOptions = {
-    apiOrigin: api_1.apphostingOrigin,
+    apiOrigin: (0, api_1.apphostingOrigin)(),
     apiVersion: apphosting_1.API_VERSION,
     masterTimeout: 25 * 60 * 1000,
     maxBackoff: 10000,
 };
 async function doSetup(projectId, location, serviceAccount) {
     await Promise.all([
-        (0, ensureApiEnabled_1.ensure)(projectId, api_1.cloudbuildOrigin, "apphosting", true),
-        (0, ensureApiEnabled_1.ensure)(projectId, api_1.secretManagerOrigin, "apphosting", true),
-        (0, ensureApiEnabled_1.ensure)(projectId, api_1.cloudRunApiOrigin, "apphosting", true),
-        (0, ensureApiEnabled_1.ensure)(projectId, api_1.artifactRegistryDomain, "apphosting", true),
+        (0, ensureApiEnabled_1.ensure)(projectId, (0, api_1.cloudbuildOrigin)(), "apphosting", true),
+        (0, ensureApiEnabled_1.ensure)(projectId, (0, api_1.secretManagerOrigin)(), "apphosting", true),
+        (0, ensureApiEnabled_1.ensure)(projectId, (0, api_1.cloudRunApiOrigin)(), "apphosting", true),
+        (0, ensureApiEnabled_1.ensure)(projectId, (0, api_1.artifactRegistryDomain)(), "apphosting", true),
     ]);
     const allowedLocations = (await apphosting.listLocations(projectId)).map((loc) => loc.locationId);
     if (location) {
@@ -172,9 +172,31 @@ async function orchestrateRollout(projectId, location, backendId, buildInput) {
     (0, utils_1.logBullet)("Starting a new rollout... this may take a few minutes.");
     const buildId = await apphosting.getNextRolloutId(projectId, location, backendId, 1);
     const buildOp = await apphosting.createBuild(projectId, location, backendId, buildId, buildInput);
-    const rolloutOp = await apphosting.createRollout(projectId, location, backendId, buildId, {
+    const rolloutBody = {
         build: `projects/${projectId}/locations/${location}/backends/${backendId}/builds/${buildId}`,
-    });
+    };
+    let tries = 0;
+    let done = false;
+    while (!done) {
+        tries++;
+        try {
+            const validateOnly = true;
+            await apphosting.createRollout(projectId, location, backendId, buildId, rolloutBody, validateOnly);
+            done = true;
+        }
+        catch (err) {
+            if (err instanceof error_1.FirebaseError && err.status === 400) {
+                if (tries >= 5) {
+                    throw err;
+                }
+                await new Promise((resolve) => setTimeout(resolve, 1000));
+            }
+            else {
+                throw err;
+            }
+        }
+    }
+    const rolloutOp = await apphosting.createRollout(projectId, location, backendId, buildId, rolloutBody);
     const rolloutPoll = poller.pollOperation(Object.assign(Object.assign({}, apphostingPollerOptions), { pollerName: `create-${projectId}-${location}-backend-${backendId}-rollout-${buildId}`, operationResourceName: rolloutOp.name }));
     const buildPoll = poller.pollOperation(Object.assign(Object.assign({}, apphostingPollerOptions), { pollerName: `create-${projectId}-${location}-backend-${backendId}-build-${buildId}`, operationResourceName: buildOp.name }));
     const [rollout, build] = await Promise.all([rolloutPoll, buildPoll]);

package/lib/init/features/apphosting/repo.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.fetchAllRepositories = exports.listAppHostingConnections = exports.getOrCreateRepository = exports.getOrCreateConnection = exports.createConnection = exports.linkGitHubRepository = exports.parseConnectionName = void 0;
+exports.fetchAllRepositories = exports.listAppHostingConnections = exports.getOrCreateRepository = exports.getOrCreateConnection = exports.createConnection = exports.getOrCreateOauthConnection = exports.linkGitHubRepository = exports.parseConnectionName = void 0;
 const clc = require("colorette");
 const gcb = require("../../../gcp/cloudbuild");
 const rm = require("../../../gcp/resourceManager");
@@ -29,7 +29,7 @@ function parseConnectionName(name) {
 }
 exports.parseConnectionName = parseConnectionName;
 const gcbPollerOptions = {
-    apiOrigin: api_1.cloudbuildOrigin,
+    apiOrigin: (0, api_1.cloudbuildOrigin)(),
     apiVersion: "v2",
     masterTimeout: 25 * 60 * 1000,
     maxBackoff: 10000,
@@ -49,107 +49,119 @@ function generateConnectionId() {
     const randomHash = Math.random().toString(36).slice(6);
     return `apphosting-github-conn-${randomHash}`;
 }
-const ADD_REPO_CHOICE = "@ADD_REPO";
 const ADD_CONN_CHOICE = "@ADD_CONN";
-const CONFIGURE_REMOTE_URI_CHOICES = [ADD_REPO_CHOICE, ADD_CONN_CHOICE];
 async function linkGitHubRepository(projectId, location) {
-    var _a, _b, _c, _d;
+    var _a, _b;
     utils.logBullet(clc.bold(`${clc.yellow("===")} Set up a GitHub connection`));
-    let oauthConn = await getOrCreateConnection(projectId, location, APPHOSTING_OAUTH_CONN_NAME);
-    while (oauthConn.installationState.stage === "PENDING_USER_OAUTH") {
-        oauthConn = await promptConnectionAuth(oauthConn);
-    }
+    const oauthConn = await getOrCreateOauthConnection(projectId, location);
     const existingConns = await listAppHostingConnections(projectId);
-    if (existingConns.length < 1) {
-        const grantSuccess = await promptSecretManagerAdminGrant(projectId);
-        if (!grantSuccess) {
-            throw new error_1.FirebaseError("Insufficient IAM permissions to create a new connection to GitHub");
-        }
-        const connectionId = generateConnectionId();
-        const conn = await createConnection(projectId, location, connectionId, {
-            authorizerCredential: (_a = oauthConn.githubConfig) === null || _a === void 0 ? void 0 : _a.authorizerCredential,
-        });
-        let refreshedConn = conn;
-        while (refreshedConn.installationState.stage !== "COMPLETE") {
-            refreshedConn = await promptAppInstall(conn);
-        }
-        existingConns.push(refreshedConn);
+    if (existingConns.length === 0) {
+        existingConns.push(await createFullyInstalledConnection(projectId, location, generateConnectionId(), oauthConn));
     }
-    let { remoteUri, connection } = await promptRepositoryUri(projectId, existingConns);
-    while (CONFIGURE_REMOTE_URI_CHOICES.includes(remoteUri)) {
-        if (remoteUri === ADD_REPO_CHOICE) {
-            await utils.openInBrowser("https://github.com/apps/google-cloud-build/installations/new");
-            await (0, prompt_1.promptOnce)({
-                type: "input",
-                message: "Press ENTER once you have provided the GitHub app installation with access to your desired repository.",
-            });
-        }
-        else if (remoteUri === ADD_CONN_CHOICE) {
-            const connectionId = generateConnectionId();
-            const conn = await createConnection(projectId, location, connectionId, {
-                authorizerCredential: (_b = oauthConn.githubConfig) === null || _b === void 0 ? void 0 : _b.authorizerCredential,
-            });
-            let refreshedConn = conn;
-            while (refreshedConn.installationState.stage !== "COMPLETE") {
-                refreshedConn = await promptAppInstall(conn);
-            }
-            existingConns.push(refreshedConn);
+    let repoRemoteUri;
+    let connection;
+    do {
+        if (repoRemoteUri === ADD_CONN_CHOICE) {
+            existingConns.push(await createFullyInstalledConnection(projectId, location, generateConnectionId(), oauthConn));
         }
         const selection = await promptRepositoryUri(projectId, existingConns);
-        remoteUri = selection.remoteUri;
+        repoRemoteUri = selection.remoteUri;
         connection = selection.connection;
-    }
+    } while (repoRemoteUri === ADD_CONN_CHOICE);
     const { id: connectionId } = parseConnectionName(connection.name);
     await getOrCreateConnection(projectId, location, connectionId, {
-        authorizerCredential: (_c = connection.githubConfig) === null || _c === void 0 ? void 0 : _c.authorizerCredential,
-        appInstallationId: (_d = connection.githubConfig) === null || _d === void 0 ? void 0 : _d.appInstallationId,
+        authorizerCredential: (_a = connection.githubConfig) === null || _a === void 0 ? void 0 : _a.authorizerCredential,
+        appInstallationId: (_b = connection.githubConfig) === null || _b === void 0 ? void 0 : _b.appInstallationId,
     });
-    const repo = await getOrCreateRepository(projectId, location, connectionId, remoteUri);
+    const repo = await getOrCreateRepository(projectId, location, connectionId, repoRemoteUri);
     utils.logSuccess(`Successfully linked GitHub repository at remote URI`);
-    utils.logSuccess(`\t${remoteUri}`);
+    utils.logSuccess(`\t${repoRemoteUri}`);
     return repo;
 }
 exports.linkGitHubRepository = linkGitHubRepository;
+async function createFullyInstalledConnection(projectId, location, connectionId, oauthConn) {
+    var _a;
+    let conn = await createConnection(projectId, location, connectionId, {
+        authorizerCredential: (_a = oauthConn.githubConfig) === null || _a === void 0 ? void 0 : _a.authorizerCredential,
+    });
+    while (conn.installationState.stage !== "COMPLETE") {
+        utils.logBullet("Install the Cloud Build GitHub app to enable access to GitHub repositories");
+        const targetUri = conn.installationState.actionUri.replace("install_v2", "direct_install_v2");
+        utils.logBullet(targetUri);
+        await utils.openInBrowser(targetUri);
+        await (0, prompt_1.promptOnce)({
+            type: "input",
+            message: "Press Enter once you have installed or configured the Cloud Build GitHub app to access your GitHub repo.",
+        });
+        conn = await gcb.getConnection(projectId, location, connectionId);
+    }
+    return conn;
+}
+async function getOrCreateOauthConnection(projectId, location) {
+    let conn;
+    try {
+        conn = await gcb.getConnection(projectId, location, APPHOSTING_OAUTH_CONN_NAME);
+    }
+    catch (err) {
+        if (err.status === 404) {
+            await ensureSecretManagerAdminGrant(projectId);
+            conn = await createConnection(projectId, location, APPHOSTING_OAUTH_CONN_NAME);
+        }
+        else {
+            throw err;
+        }
+    }
+    while (conn.installationState.stage === "PENDING_USER_OAUTH") {
+        utils.logBullet("You must authorize the Cloud Build GitHub app.");
+        utils.logBullet("Sign in to GitHub and authorize Cloud Build GitHub app:");
+        const { url, cleanup } = await utils.openInBrowserPopup(conn.installationState.actionUri, "Authorize the GitHub app");
+        utils.logBullet(`\t${url}`);
+        await (0, prompt_1.promptOnce)({
+            type: "input",
+            message: "Press Enter once you have authorized the app",
+        });
+        cleanup();
+        const { projectId, location, id } = parseConnectionName(conn.name);
+        conn = await gcb.getConnection(projectId, location, id);
+    }
+    return conn;
+}
+exports.getOrCreateOauthConnection = getOrCreateOauthConnection;
 async function promptRepositoryUri(projectId, connections) {
     const { repos, remoteUriToConnection } = await fetchAllRepositories(projectId, connections);
-    const searchRepos = (repos) => async (_, input = "") => {
-        return [
-            new inquirer.Separator(),
-            {
-                name: "Missing a repo? Select this option to configure your installation's access settings",
-                value: ADD_REPO_CHOICE,
-            },
-            {
-                name: "Missing an account or org? Select this option to create a new connection",
-                value: ADD_CONN_CHOICE,
-            },
-            new inquirer.Separator(),
-            ...fuzzy
-                .filter(input, repos, {
-                extract: (repo) => extractRepoSlugFromUri(repo.remoteUri) || "",
-            })
-                .map((result) => {
-                return {
-                    name: extractRepoSlugFromUri(result.original.remoteUri) || "",
-                    value: result.original.remoteUri,
-                };
-            }),
-        ];
-    };
     const remoteUri = await (0, prompt_1.promptOnce)({
         type: "autocomplete",
         name: "remoteUri",
         message: "Which of the following repositories would you like to deploy?",
-        source: searchRepos(repos),
+        source: (_, input = "") => {
+            return new Promise((resolve) => resolve([
+                new inquirer.Separator(),
+                {
+                    name: "Missing a repo? Select this option to configure your GitHub connection settings",
+                    value: ADD_CONN_CHOICE,
+                },
+                new inquirer.Separator(),
+                ...fuzzy
+                    .filter(input, repos, {
+                    extract: (repo) => extractRepoSlugFromUri(repo.remoteUri) || "",
+                })
+                    .map((result) => {
+                    return {
+                        name: extractRepoSlugFromUri(result.original.remoteUri) || "",
+                        value: result.original.remoteUri,
+                    };
+                }),
+            ]));
+        },
     });
     return { remoteUri, connection: remoteUriToConnection[remoteUri] };
 }
-async function promptSecretManagerAdminGrant(projectId) {
+async function ensureSecretManagerAdminGrant(projectId) {
     const projectNumber = await (0, getProjectNumber_1.getProjectNumber)({ projectId });
     const cbsaEmail = gcb.serviceAgentEmail(projectNumber);
     const alreadyGranted = await rm.serviceAccountHasRoles(projectId, cbsaEmail, ["roles/secretmanager.admin"], true);
     if (alreadyGranted) {
-        return true;
+        return;
     }
     utils.logBullet("To create a new GitHub connection, Secret Manager Admin role (roles/secretmanager.admin) is required on the Cloud Build Service Agent.");
     const grant = await (0, prompt_1.promptOnce)({
@@ -162,36 +174,10 @@ async function promptSecretManagerAdminGrant(projectId) {
             `\tgcloud projects add-iam-policy-binding ${projectId} \\\n` +
             `\t  --member="serviceAccount:${cbsaEmail} \\\n` +
             `\t  --role="roles/secretmanager.admin\n`);
-        return false;
+        throw new error_1.FirebaseError("Insufficient IAM permissions to create a new connection to GitHub");
     }
     await rm.addServiceAccountToRoles(projectId, cbsaEmail, ["roles/secretmanager.admin"], true);
     utils.logSuccess("Successfully granted the required role to the Cloud Build Service Agent!");
-    return true;
-}
-async function promptConnectionAuth(conn) {
-    utils.logBullet("You must authorize the Cloud Build GitHub app.");
-    utils.logBullet("Sign in to GitHub and authorize Cloud Build GitHub app:");
-    const { url, cleanup } = await utils.openInBrowserPopup(conn.installationState.actionUri, "Authorize the GitHub app");
-    utils.logBullet(`\t${url}`);
-    await (0, prompt_1.promptOnce)({
-        type: "input",
-        message: "Press Enter once you have authorized the app",
-    });
-    cleanup();
-    const { projectId, location, id } = parseConnectionName(conn.name);
-    return await gcb.getConnection(projectId, location, id);
-}
-async function promptAppInstall(conn) {
-    utils.logBullet("Install the Cloud Build GitHub app to enable access to GitHub repositories");
-    const targetUri = conn.installationState.actionUri.replace("install_v2", "direct_install_v2");
-    utils.logBullet(targetUri);
-    await utils.openInBrowser(targetUri);
-    await (0, prompt_1.promptOnce)({
-        type: "input",
-        message: "Press Enter once you have installed or configured the Cloud Build GitHub app to access your GitHub repo.",
-    });
-    const { projectId, location, id } = parseConnectionName(conn.name);
-    return await gcb.getConnection(projectId, location, id);
 }
 async function createConnection(projectId, location, connectionId, githubConfig) {
     const op = await gcb.createConnection(projectId, location, connectionId, githubConfig);

package/lib/init/features/database.js

@@ -71,7 +71,7 @@ async function doSetup(setup, config) {
     setup.config = setup.config || {};
     let instanceDetails;
     if (setup.projectId) {
-        await (0, ensureApiEnabled_1.ensure)(setup.projectId, api_1.rtdbManagementOrigin, "database", false);
+        await (0, ensureApiEnabled_1.ensure)(setup.projectId, (0, api_1.rtdbManagementOrigin)(), "database", false);
         logger_1.logger.info();
         setup.instance =
             setup.instance || (await (0, getDefaultDatabaseInstance_1.getDefaultDatabaseInstance)({ project: setup.projectId }));

package/lib/init/features/extensions/index.js

@@ -10,7 +10,7 @@ async function doSetup(setup, config, options) {
     const projectId = (_b = (_a = setup === null || setup === void 0 ? void 0 : setup.rcfile) === null || _a === void 0 ? void 0 : _a.projects) === null || _b === void 0 ? void 0 : _b.default;
     if (projectId) {
         await (0, requirePermissions_1.requirePermissions)(Object.assign(Object.assign({}, options), { project: projectId }));
-        await Promise.all([(0, ensureApiEnabled_1.ensure)(projectId, api_1.extensionsOrigin, "unused", true)]);
+        await Promise.all([(0, ensureApiEnabled_1.ensure)(projectId, (0, api_1.extensionsOrigin)(), "unused", true)]);
     }
     return manifest.writeEmptyManifest(config, options);
 }

package/lib/init/features/functions/index.js

@@ -16,8 +16,8 @@ async function doSetup(setup, config, options) {
     if (projectId) {
         await (0, requirePermissions_1.requirePermissions)(Object.assign(Object.assign({}, options), { project: projectId }));
         await Promise.all([
-            (0, ensureApiEnabled_1.ensure)(projectId, api_1.functionsOrigin, "unused", true),
-            (0, ensureApiEnabled_1.ensure)(projectId, api_1.runtimeconfigOrigin, "unused", true),
+            (0, ensureApiEnabled_1.ensure)(projectId, (0, api_1.functionsOrigin)(), "unused", true),
+            (0, ensureApiEnabled_1.ensure)(projectId, (0, api_1.runtimeconfigOrigin)(), "unused", true),
         ]);
     }
     setup.functions = {};

package/lib/init/features/hosting/github.js

@@ -28,7 +28,7 @@ const YML_MERGE_FILENAME = "firebase-hosting-merge.yml";
 const CHECKOUT_GITHUB_ACTION_NAME = "actions/checkout@v4";
 const HOSTING_GITHUB_ACTION_NAME = "FirebaseExtended/action-hosting-deploy@v0";
 const SERVICE_ACCOUNT_MAX_KEY_NUMBER = 10;
-const githubApiClient = new apiv2_1.Client({ urlPrefix: api_1.githubApiOrigin, auth: false });
+const githubApiClient = new apiv2_1.Client({ urlPrefix: (0, api_1.githubApiOrigin)(), auth: false });
 async function initGitHub(setup) {
     if (!setup.projectId) {
         return (0, utils_1.reject)("Could not determine Project ID, can't set up GitHub workflow.", { exit: 1 });
@@ -109,7 +109,7 @@ async function initGitHub(setup) {
     }
     logger_1.logger.info();
     (0, utils_1.logLabeledBullet)("Action required", `Visit this URL to revoke authorization for the Firebase CLI GitHub OAuth App:`);
-    logger_1.logger.info((0, colorette_1.bold)((0, colorette_1.underline)(`https://github.com/settings/connections/applications/${api_1.githubClientId}`)));
+    logger_1.logger.info((0, colorette_1.bold)((0, colorette_1.underline)(`https://github.com/settings/connections/applications/${(0, api_1.githubClientId)()}`)));
     (0, utils_1.logLabeledBullet)("Action required", `Push any new workflow file(s) to your repo`);
 }
 exports.initGitHub = initGitHub;
@@ -260,7 +260,7 @@ async function promptForRepo(options, ghAccessToken) {
                         (0, utils_1.logWarning)("The provided authorization cannot be used with this repository. If this repository is in an organization, did you remember to grant access?", "error");
                         logger_1.logger.info();
                         (0, utils_1.logLabeledBullet)("Action required", `Visit this URL to ensure access has been granted to the appropriate organization(s) for the Firebase CLI GitHub OAuth App:`);
-                        logger_1.logger.info((0, colorette_1.bold)((0, colorette_1.underline)(`https://github.com/settings/connections/applications/${api_1.githubClientId}`)));
+                        logger_1.logger.info((0, colorette_1.bold)((0, colorette_1.underline)(`https://github.com/settings/connections/applications/${(0, api_1.githubClientId)()}`)));
                         logger_1.logger.info();
                     }
                     return false;
@@ -378,6 +378,7 @@ async function createServiceAccountAndKey(options, repo, accountId) {
     }
     const requiredRoles = [
         resourceManager_1.firebaseRoles.authAdmin,
+        resourceManager_1.firebaseRoles.serviceUsageConsumer,
         resourceManager_1.firebaseRoles.apiKeysViewer,
         resourceManager_1.firebaseRoles.hostingAdmin,
         resourceManager_1.firebaseRoles.runViewer,

package/lib/management/apps.js

@@ -40,7 +40,7 @@ function getAppPlatform(platform) {
     }
 }
 exports.getAppPlatform = getAppPlatform;
-const apiClient = new apiv2_1.Client({ urlPrefix: api_1.firebaseApiOrigin, apiVersion: "v1beta1" });
+const apiClient = new apiv2_1.Client({ urlPrefix: (0, api_1.firebaseApiOrigin)(), apiVersion: "v1beta1" });
 async function createIosApp(projectId, options) {
     try {
         const response = await apiClient.request({
@@ -51,7 +51,7 @@ async function createIosApp(projectId, options) {
         });
         const appData = await (0, operation_poller_1.pollOperation)({
             pollerName: "Create iOS app Poller",
-            apiOrigin: api_1.firebaseApiOrigin,
+            apiOrigin: (0, api_1.firebaseApiOrigin)(),
             apiVersion: "v1beta1",
             operationResourceName: response.body.name,
         });
@@ -73,7 +73,7 @@ async function createAndroidApp(projectId, options) {
         });
         const appData = await (0, operation_poller_1.pollOperation)({
             pollerName: "Create Android app Poller",
-            apiOrigin: api_1.firebaseApiOrigin,
+            apiOrigin: (0, api_1.firebaseApiOrigin)(),
             apiVersion: "v1beta1",
             operationResourceName: response.body.name,
         });
@@ -98,7 +98,7 @@ async function createWebApp(projectId, options) {
         });
         const appData = await (0, operation_poller_1.pollOperation)({
             pollerName: "Create Web app Poller",
-            apiOrigin: api_1.firebaseApiOrigin,
+            apiOrigin: (0, api_1.firebaseApiOrigin)(),
             apiVersion: "v1beta1",
             operationResourceName: response.body.name,
         });

package/lib/management/database.js

@@ -31,7 +31,7 @@ var DatabaseLocation;
     DatabaseLocation["ASIA_SOUTHEAST1"] = "asia-southeast1";
     DatabaseLocation["ANY"] = "-";
 })(DatabaseLocation = exports.DatabaseLocation || (exports.DatabaseLocation = {}));
-const apiClient = new apiv2_1.Client({ urlPrefix: api_1.rtdbManagementOrigin, apiVersion: exports.MGMT_API_VERSION });
+const apiClient = new apiv2_1.Client({ urlPrefix: (0, api_1.rtdbManagementOrigin)(), apiVersion: exports.MGMT_API_VERSION });
 async function populateInstanceDetails(options) {
     options.instanceDetails = await getDatabaseInstanceDetails(options.project, options.instance);
     return Promise.resolve();