firebase-tools 13.7.2 → 13.7.3

package/lib/apphosting/app.js

@@ -0,0 +1,92 @@
+"use strict";
+const fuzzy = require("fuzzy");
+const inquirer = require("inquirer");
+const apps_1 = require("../management/apps");
+const prompt_1 = require("../prompt");
+const error_1 = require("../error");
+const CREATE_NEW_FIREBASE_WEB_APP = "CREATE_NEW_WEB_APP";
+const CONTINUE_WITHOUT_SELECTING_FIREBASE_WEB_APP = "CONTINUE_WITHOUT_SELECTING_FIREBASE_WEB_APP";
+const webApps = {
+    CREATE_NEW_FIREBASE_WEB_APP,
+    CONTINUE_WITHOUT_SELECTING_FIREBASE_WEB_APP,
+    getOrCreateWebApp,
+    promptFirebaseWebApp,
+};
+async function getOrCreateWebApp(projectId, firebaseWebAppName, backendId) {
+    const webAppsInProject = await (0, apps_1.listFirebaseApps)(projectId, apps_1.AppPlatform.WEB);
+    if (webAppsInProject.length === 0) {
+        const { displayName, appId } = await createFirebaseWebApp(projectId, {
+            displayName: backendId,
+        });
+        return { name: displayName, id: appId };
+    }
+    const existingUserProjectWebApps = new Map(webAppsInProject.map((obj) => {
+        var _a;
+        return [
+            (_a = obj.displayName) !== null && _a !== void 0 ? _a : obj.appId,
+            obj.appId,
+        ];
+    }));
+    if (firebaseWebAppName) {
+        if (existingUserProjectWebApps.get(firebaseWebAppName) === undefined) {
+            throw new error_1.FirebaseError(`The web app '${firebaseWebAppName}' does not exist in project ${projectId}`);
+        }
+        return { name: firebaseWebAppName, id: existingUserProjectWebApps.get(firebaseWebAppName) };
+    }
+    return await webApps.promptFirebaseWebApp(projectId, backendId, existingUserProjectWebApps);
+}
+async function promptFirebaseWebApp(projectId, backendId, existingUserProjectWebApps) {
+    const existingWebAppKeys = Array.from(existingUserProjectWebApps.keys());
+    const firebaseWebAppName = await (0, prompt_1.promptOnce)({
+        type: "autocomplete",
+        name: "app",
+        message: "Which of the following Firebase web apps would you like to associate your backend with?",
+        source: (_, input = "") => {
+            return new Promise((resolve) => resolve([
+                new inquirer.Separator(),
+                {
+                    name: "Create a new Firebase web app.",
+                    value: CREATE_NEW_FIREBASE_WEB_APP,
+                },
+                {
+                    name: "Continue without a Firebase web app.",
+                    value: CONTINUE_WITHOUT_SELECTING_FIREBASE_WEB_APP,
+                },
+                new inquirer.Separator(),
+                ...fuzzy.filter(input, existingWebAppKeys).map((result) => {
+                    return result.original;
+                }),
+            ]));
+        },
+    });
+    if (firebaseWebAppName === CREATE_NEW_FIREBASE_WEB_APP) {
+        const newFirebaseWebApp = await createFirebaseWebApp(projectId, { displayName: backendId });
+        return { name: newFirebaseWebApp.displayName, id: newFirebaseWebApp.appId };
+    }
+    else if (firebaseWebAppName === CONTINUE_WITHOUT_SELECTING_FIREBASE_WEB_APP) {
+        return;
+    }
+    return { name: firebaseWebAppName, id: existingUserProjectWebApps.get(firebaseWebAppName) };
+}
+async function createFirebaseWebApp(projectId, options) {
+    try {
+        return await (0, apps_1.createWebApp)(projectId, options);
+    }
+    catch (e) {
+        if (isQuotaError(e)) {
+            throw new error_1.FirebaseError("Unable to create a new web app, the project has reached the quota for Firebase apps. Navigate to your Firebase console to manage or delete a Firebase app to continue. ", { original: e instanceof Error ? e : undefined });
+        }
+        throw new error_1.FirebaseError("Unable to create a Firebase web app", {
+            original: e instanceof Error ? e : undefined,
+        });
+    }
+}
+function isQuotaError(error) {
+    var _a, _b, _c, _d, _e;
+    const original = error.original;
+    const code = (original === null || original === void 0 ? void 0 : original.status) ||
+        ((_b = (_a = original === null || original === void 0 ? void 0 : original.context) === null || _a === void 0 ? void 0 : _a.response) === null || _b === void 0 ? void 0 : _b.statusCode) ||
+        ((_e = (_d = (_c = original === null || original === void 0 ? void 0 : original.context) === null || _c === void 0 ? void 0 : _c.body) === null || _d === void 0 ? void 0 : _d.error) === null || _e === void 0 ? void 0 : _e.code);
+    return code === 429;
+}
+module.exports = webApps;

package/lib/apphosting/config.js

@@ -1,31 +1,97 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.store = exports.load = exports.yamlPath = void 0;
-const path = require("path");
+exports.maybeAddSecretToYaml = exports.upsertEnv = exports.findEnv = exports.store = exports.load = exports.yamlPath = void 0;
+const path_1 = require("path");
 const fs_1 = require("fs");
-const yaml = require("js-yaml");
+const yaml = require("yaml");
 const fs = require("../fsutils");
+const prompt = require("../prompt");
+const dialogs = require("./secrets/dialogs");
 function yamlPath(cwd) {
     let dir = cwd;
-    while (!fs.fileExistsSync(path.resolve(dir, "apphosting.yaml"))) {
-        if (fs.fileExistsSync(path.resolve(dir, "firebase.json"))) {
+    while (!fs.fileExistsSync((0, path_1.resolve)(dir, "apphosting.yaml"))) {
+        if (fs.fileExistsSync((0, path_1.resolve)(dir, "firebase.json"))) {
             return null;
         }
-        const parent = path.dirname(dir);
+        const parent = (0, path_1.dirname)(dir);
         if (parent === dir) {
             return null;
         }
         dir = parent;
     }
-    return path.resolve(dir, "apphosting.yaml");
+    return (0, path_1.resolve)(dir, "apphosting.yaml");
 }
 exports.yamlPath = yamlPath;
 function load(yamlPath) {
     const raw = fs.readFile(yamlPath);
-    return yaml.load(raw, yaml.DEFAULT_FULL_SCHEMA);
+    return yaml.parseDocument(raw);
 }
 exports.load = load;
-function store(yamlPath, config) {
-    (0, fs_1.writeFileSync)(yamlPath, yaml.dump(config));
+function store(yamlPath, document) {
+    (0, fs_1.writeFileSync)(yamlPath, document.toString());
 }
 exports.store = store;
+function findEnv(document, variable) {
+    if (!document.has("env")) {
+        return undefined;
+    }
+    const envs = document.get("env");
+    for (const env of envs.items) {
+        if (env.get("variable") === variable) {
+            return env.toJSON();
+        }
+    }
+    return undefined;
+}
+exports.findEnv = findEnv;
+function upsertEnv(document, env) {
+    if (!document.has("env")) {
+        document.set("env", document.createNode([env]));
+        return;
+    }
+    const envs = document.get("env");
+    const envYaml = document.createNode(env);
+    for (let i = 0; i < envs.items.length; i++) {
+        if (envs.items[i].get("variable") === env.variable) {
+            envs.set(i, envYaml);
+            return;
+        }
+    }
+    envs.add(envYaml);
+}
+exports.upsertEnv = upsertEnv;
+async function maybeAddSecretToYaml(secretName) {
+    const dynamicDispatch = exports;
+    let path = dynamicDispatch.yamlPath(process.cwd());
+    let projectYaml;
+    if (path) {
+        projectYaml = dynamicDispatch.load(path);
+    }
+    else {
+        projectYaml = new yaml.Document();
+    }
+    if (dynamicDispatch.findEnv(projectYaml, secretName)) {
+        return;
+    }
+    const addToYaml = await prompt.confirm({
+        message: "Would you like to add this secret to apphosting.yaml?",
+        default: true,
+    });
+    if (!addToYaml) {
+        return;
+    }
+    if (!path) {
+        path = await prompt.promptOnce({
+            message: "It looks like you don't have an apphosting.yaml yet. Where would you like to store it?",
+            default: process.cwd(),
+        });
+        path = (0, path_1.join)(path, "apphosting.yaml");
+    }
+    const envName = await dialogs.envVarForSecret(secretName);
+    dynamicDispatch.upsertEnv(projectYaml, {
+        variable: envName,
+        secret: secretName,
+    });
+    dynamicDispatch.store(path, projectYaml);
+}
+exports.maybeAddSecretToYaml = maybeAddSecretToYaml;

package/lib/apphosting/githubConnections.js

@@ -135,7 +135,7 @@ async function promptCloneUri(projectId, connections) {
     const cloneUri = await (0, prompt_1.promptOnce)({
         type: "autocomplete",
         name: "cloneUri",
-        message: "Which of the following repositories would you like to deploy?",
+        message: "Which repository would you like to deploy?",
         source: (_, input = "") => {
             return new Promise((resolve) => resolve([
                 new inquirer.Separator(),

package/lib/apphosting/index.js

@@ -1,7 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.orchestrateRollout = exports.setDefaultTrafficPolicy = exports.createBackend = exports.doSetup = void 0;
-const clc = require("colorette");
+exports.deleteBackendAndPoll = exports.orchestrateRollout = exports.setDefaultTrafficPolicy = exports.createBackend = exports.doSetup = void 0;
 const repo = require("./repo");
 const poller = require("../operation-poller");
 const apphosting = require("../gcp/apphosting");
@@ -16,6 +15,7 @@ const prompt_1 = require("../prompt");
 const constants_1 = require("./constants");
 const ensureApiEnabled_1 = require("../ensureApiEnabled");
 const deploymentTool = require("../deploymentTool");
+const apps = require("./app");
 const DEFAULT_COMPUTE_SERVICE_ACCOUNT_NAME = "firebase-app-hosting-compute";
 const apphostingPollerOptions = {
     apiOrigin: (0, api_1.apphostingOrigin)(),
@@ -23,7 +23,7 @@ const apphostingPollerOptions = {
     masterTimeout: 25 * 60 * 1000,
     maxBackoff: 10000,
 };
-async function doSetup(projectId, location, serviceAccount, withDevConnect) {
+async function doSetup(projectId, webAppName, location, serviceAccount, withDevConnect) {
     await Promise.all([
         ...(withDevConnect ? [(0, ensureApiEnabled_1.ensure)(projectId, (0, api_1.developerConnectOrigin)(), "apphosting", true)] : []),
         (0, ensureApiEnabled_1.ensure)(projectId, (0, api_1.cloudbuildOrigin)(), "apphosting", true),
@@ -37,15 +37,14 @@ async function doSetup(projectId, location, serviceAccount, withDevConnect) {
             throw new error_1.FirebaseError(`Invalid location ${location}. Valid choices are ${allowedLocations.join(", ")}`);
         }
     }
-    (0, utils_1.logBullet)("First we need a few details to create your backend.");
+    (0, utils_1.logBullet)("First we need a few details to create your backend.\n");
     location =
         location ||
             (await (0, prompt_1.promptOnce)({
                 name: "region",
                 type: "list",
                 default: constants_1.DEFAULT_REGION,
-                message: "Please select a region " +
-                    `(${clc.yellow("info")}: Your region determines where your backend is located):\n`,
+                message: "Select a region to host your backend:\n",
                 choices: allowedLocations.map((loc) => ({ value: loc })),
             }));
     (0, utils_1.logSuccess)(`Region set to ${location}.\n`);
@@ -55,6 +54,13 @@ async function doSetup(projectId, location, serviceAccount, withDevConnect) {
         default: "my-web-app",
         message: "Create a name for your backend [1-30 characters]",
     });
+    const webApp = await apps.getOrCreateWebApp(projectId, webAppName, backendId);
+    if (webApp) {
+        (0, utils_1.logSuccess)(`Firebase web app set to ${webApp.name}.\n`);
+    }
+    else {
+        (0, utils_1.logWarning)(`Firebase web app not set`);
+    }
     const gitRepositoryConnection = withDevConnect
         ? await githubConnections.linkGitHubRepository(projectId, location)
         : await repo.linkGitHubRepository(projectId, location);
@@ -62,9 +68,9 @@ async function doSetup(projectId, location, serviceAccount, withDevConnect) {
         name: "rootDir",
         type: "input",
         default: "/",
-        message: "Specify the path to the root of the app you would like to deploy (relative to the repo root)",
+        message: "Specify your app's root directory relative to your repository",
     });
-    const backend = await createBackend(projectId, location, backendId, gitRepositoryConnection, serviceAccount, rootDir);
+    const backend = await createBackend(projectId, location, backendId, gitRepositoryConnection, serviceAccount, webApp === null || webApp === void 0 ? void 0 : webApp.id, rootDir);
     const branch = await (0, prompt_1.promptOnce)({
         name: "branch",
         type: "input",
@@ -80,7 +86,7 @@ async function doSetup(projectId, location, serviceAccount, withDevConnect) {
     });
     if (!confirmRollout) {
         (0, utils_1.logSuccess)(`Successfully created backend:\n\t${backend.name}`);
-        (0, utils_1.logSuccess)(`Your site will be deployed at:\n\thttps://${backend.uri}`);
+        (0, utils_1.logSuccess)(`Your backend will be deployed at:\n\thttps://${backend.uri}`);
         return;
     }
     await orchestrateRollout(projectId, location, backendId, {
@@ -91,7 +97,7 @@ async function doSetup(projectId, location, serviceAccount, withDevConnect) {
         },
     });
     (0, utils_1.logSuccess)(`Successfully created backend:\n\t${backend.name}`);
-    (0, utils_1.logSuccess)(`Your site is now deployed at:\n\thttps://${backend.uri}`);
+    (0, utils_1.logSuccess)(`Your backend is now deployed at:\n\thttps://${backend.uri}`);
 }
 exports.doSetup = doSetup;
 async function promptNewBackendId(projectId, location, prompt) {
@@ -112,7 +118,7 @@ async function promptNewBackendId(projectId, location, prompt) {
 function defaultComputeServiceAccountEmail(projectId) {
     return `${DEFAULT_COMPUTE_SERVICE_ACCOUNT_NAME}@${projectId}.iam.gserviceaccount.com`;
 }
-async function createBackend(projectId, location, backendId, repository, serviceAccount, rootDir = "/") {
+async function createBackend(projectId, location, backendId, repository, serviceAccount, webAppId, rootDir = "/") {
     const defaultServiceAccount = defaultComputeServiceAccountEmail(projectId);
     const backendReqBody = {
         servingLocality: "GLOBAL_ACCESS",
@@ -122,6 +128,7 @@ async function createBackend(projectId, location, backendId, repository, service
         },
         labels: deploymentTool.labels(),
         serviceAccount: serviceAccount || defaultServiceAccount,
+        appId: webAppId,
     };
     delete backendReqBody.serviceAccount;
     async function createBackendAndPoll() {
@@ -221,3 +228,8 @@ async function orchestrateRollout(projectId, location, backendId, buildInput) {
     return { rollout, build };
 }
 exports.orchestrateRollout = orchestrateRollout;
+async function deleteBackendAndPoll(projectId, location, backendId) {
+    const op = await apphosting.deleteBackend(projectId, location, backendId);
+    await poller.pollOperation(Object.assign(Object.assign({}, apphostingPollerOptions), { pollerName: `delete-${projectId}-${location}-${backendId}`, operationResourceName: op.name }));
+}
+exports.deleteBackendAndPoll = deleteBackendAndPoll;

package/lib/apphosting/repo.js

@@ -132,7 +132,7 @@ async function promptRepositoryUri(projectId, connections) {
     const remoteUri = await (0, prompt_1.promptOnce)({
         type: "autocomplete",
         name: "remoteUri",
-        message: "Which of the following repositories would you like to deploy?",
+        message: "Which repository would you like to deploy?",
         source: (_, input = "") => {
             return new Promise((resolve) => resolve([
                 new inquirer.Separator(),

package/lib/apphosting/secrets/dialogs.js

@@ -65,42 +65,43 @@ function selectFromMetadata(input, selected) {
     };
 }
 exports.selectFromMetadata = selectFromMetadata;
-exports.WARN_NO_BACKENDS = "To use this secret, your backend's service account must have secret accessor permission. " +
+exports.WARN_NO_BACKENDS = "To use this secret, your backend's service account must be granted access." +
     "It does not look like you have a backend yet. After creating a backend, grant access with " +
-    clc.bold("firebase apphosting:secrets:grantAccess");
+    clc.bold("firebase apphosting:secrets:grantaccess");
 exports.GRANT_ACCESS_IN_FUTURE = `To grant access in the future, run ${clc.bold("firebase apphosting:secrets:grantaccess")}`;
 async function selectBackendServiceAccounts(projectNumber, projectId, options) {
     const listBackends = await apphosting.listBackends(projectId, "-");
     if (listBackends.unreachable.length) {
-        utils.logLabeledWarning("apphosting", `Could not reach location(s) ${listBackends.unreachable.join(", ")}. You may need to run ` +
-            `${clc.bold("firebase apphosting:secrets:grantAccess")} at a later time if you have backends in these locations`);
+        utils.logWarning(`Could not reach location(s) ${listBackends.unreachable.join(", ")}. You may need to run ` +
+            `${clc.bold("firebase apphosting:secrets:grantaccess")} at a later time if you have backends in these locations`);
     }
     if (!listBackends.backends.length) {
-        utils.logLabeledWarning("apphosting", exports.WARN_NO_BACKENDS);
+        utils.logWarning(exports.WARN_NO_BACKENDS);
         return { buildServiceAccounts: [], runServiceAccounts: [] };
     }
     if (listBackends.backends.length === 1) {
         const grant = await prompt.confirm({
             nonInteractive: options.nonInteractive,
             default: true,
-            message: "To use this secret, your backend's service account must have secret accessor permission. Would you like to grant it now?",
+            message: "To use this secret, your backend's service account must be granted access. Would you like to grant access now?",
         });
         if (grant) {
             return (0, _1.toMulti)((0, _1.serviceAccountsForBackend)(projectNumber, listBackends.backends[0]));
         }
-        utils.logLabeledBullet("apphosting", exports.GRANT_ACCESS_IN_FUTURE);
+        utils.logBullet(exports.GRANT_ACCESS_IN_FUTURE);
         return { buildServiceAccounts: [], runServiceAccounts: [] };
     }
     const metadata = toMetadata(projectNumber, listBackends.backends);
     if (metadata.every(matchesServiceAccounts(metadata[0]))) {
-        utils.logLabeledBullet("apphosting", "To use this secret, your backend's service account must have secret accessor permission. All of your backends use " +
-            (sameServiceAccount(metadata[0]) ? "service account " : "service accounts ") +
+        utils.logBullet("To use this secret, your backend's service account must be granted access.");
+        utils.logBullet("All of your backends share the following " +
+            (sameServiceAccount(metadata[0]) ? "service account: " : "service accounts: ") +
             serviceAccountDisplay(metadata[0]) +
-            ". Granting access to one backend will grant access to all backends.");
+            ".\nGranting access to one backend will grant access to all backends.");
         const grant = await prompt.confirm({
             nonInteractive: options.nonInteractive,
             default: true,
-            message: "Would you like to grant it now?",
+            message: "Would you like to grant access to all backends now?",
         });
         if (grant) {
             return selectFromMetadata(metadata, [
@@ -108,10 +109,10 @@ async function selectBackendServiceAccounts(projectNumber, projectId, options) {
                 metadata[0].runServiceAccount,
             ]);
         }
-        utils.logLabeledBullet("apphosting", exports.GRANT_ACCESS_IN_FUTURE);
+        utils.logBullet(exports.GRANT_ACCESS_IN_FUTURE);
         return { buildServiceAccounts: [], runServiceAccounts: [] };
     }
-    utils.logLabeledBullet("apphosting", "To use this secret, your backend's service account must have secret accessor permission. Your backends use the following service accounts:");
+    utils.logBullet("To use this secret, your backend's service account must be granted access. Your backends use the following service accounts:");
     const tableData = tableForBackends(metadata);
     const table = new Table({
         head: tableData[0],
@@ -131,7 +132,7 @@ async function selectBackendServiceAccounts(projectNumber, projectId, options) {
         choices: [...allAccounts.values()].sort(),
     });
     if (!chosen.length) {
-        utils.logLabeledBullet("apphosting", exports.GRANT_ACCESS_IN_FUTURE);
+        utils.logBullet(exports.GRANT_ACCESS_IN_FUTURE);
     }
     return selectFromMetadata(metadata, chosen);
 }

package/lib/commands/apphosting-backends-create.js

@@ -7,7 +7,8 @@ const requireInteractive_1 = require("../requireInteractive");
 const apphosting_1 = require("../apphosting");
 const apphosting_2 = require("../gcp/apphosting");
 exports.command = new command_1.Command("apphosting:backends:create")
-    .description("create a backend in a Firebase project")
+    .description("create a Firebase App Hosting backend")
+    .option("-a, --app <webApp>", "specify an existing Firebase web app to associate your App Hosting backend with")
     .option("-l, --location <location>", "specify the region of the backend", "")
     .option("-s, --service-account <serviceAccount>", "specify the service account used to run the server", "")
     .option("-w, --with-dev-connect", "use the Developer Connect flow insetad of Cloud Build Repositories (testing)", false)
@@ -15,8 +16,9 @@ exports.command = new command_1.Command("apphosting:backends:create")
     .before(requireInteractive_1.default)
     .action(async (options) => {
     const projectId = (0, projectUtils_1.needProjectId)(options);
+    const webApp = options.app;
     const location = options.location;
     const serviceAccount = options.serviceAccount;
     const withDevConnect = options.withDevConnect;
-    await (0, apphosting_1.doSetup)(projectId, location, serviceAccount, withDevConnect);
+    await (0, apphosting_1.doSetup)(projectId, webApp, location, serviceAccount, withDevConnect);
 });

package/lib/commands/apphosting-backends-delete.js

@@ -9,9 +9,10 @@ const constants_1 = require("../apphosting/constants");
 const utils = require("../utils");
 const apphosting = require("../gcp/apphosting");
 const apphosting_backends_list_1 = require("./apphosting-backends-list");
+const apphosting_1 = require("../apphosting");
 exports.command = new command_1.Command("apphosting:backends:delete <backend>")
-    .description("delete a backend from a Firebase project")
-    .option("-l, --location <location>", "App Backend location", "")
+    .description("delete a Firebase App Hosting backend")
+    .option("-l, --location <location>", "specify the region of the backend", "")
     .withForce()
     .before(apphosting.ensureApiEnabled)
     .action(async (backendId, options) => {
@@ -52,7 +53,7 @@ exports.command = new command_1.Command("apphosting:backends:delete <backend>")
         throw new error_1.FirebaseError("Deletion Aborted");
     }
     try {
-        await apphosting.deleteBackend(projectId, location, backendId);
+        await (0, apphosting_1.deleteBackendAndPoll)(projectId, location, backendId);
         utils.logSuccess(`Successfully deleted the backend: ${backendId}`);
     }
     catch (err) {

package/lib/commands/apphosting-backends-get.js

@@ -7,30 +7,30 @@ const error_1 = require("../error");
 const utils_1 = require("../utils");
 const apphosting = require("../gcp/apphosting");
 const apphosting_backends_list_1 = require("./apphosting-backends-list");
-exports.command = new command_1.Command("apphosting:backends:get <backendId>")
-    .description("get backend details of a Firebase project")
-    .option("-l, --location <location>", "app backend location", "-")
+exports.command = new command_1.Command("apphosting:backends:get <backend>")
+    .description("print info about a Firebase App Hosting backend")
+    .option("-l, --location <location>", "backend location", "-")
     .before(apphosting.ensureApiEnabled)
-    .action(async (backendId, options) => {
+    .action(async (backend, options) => {
     const projectId = (0, projectUtils_1.needProjectId)(options);
     const location = options.location;
     let backendsList = [];
     try {
         if (location !== "-") {
-            const backendInRegion = await apphosting.getBackend(projectId, location, backendId);
+            const backendInRegion = await apphosting.getBackend(projectId, location, backend);
             backendsList.push(backendInRegion);
         }
         else {
             const resp = await apphosting.listBackends(projectId, "-");
             const allBackends = resp.backends || [];
-            backendsList = allBackends.filter((bkd) => bkd.name.split("/").pop() === backendId);
+            backendsList = allBackends.filter((bkd) => bkd.name.split("/").pop() === backend);
         }
     }
     catch (err) {
-        throw new error_1.FirebaseError(`Failed to get backend: ${backendId}. Please check the parameters you have provided.`, { original: err });
+        throw new error_1.FirebaseError(`Failed to get backend: ${backend}. Please check the parameters you have provided.`, { original: err });
     }
     if (backendsList.length === 0) {
-        (0, utils_1.logWarning)(`Found no backend with id: ${backendId}`);
+        (0, utils_1.logWarning)(`Backend "${backend}" not found`);
         return;
     }
     (0, apphosting_backends_list_1.printBackendsTable)(backendsList);

package/lib/commands/apphosting-backends-list.js

@@ -10,8 +10,8 @@ const apphosting = require("../gcp/apphosting");
 const Table = require("cli-table");
 const TABLE_HEAD = ["Backend ID", "Repository", "Location", "URL", "Created Date", "Updated Date"];
 exports.command = new command_1.Command("apphosting:backends:list")
-    .description("list backends of a Firebase project")
-    .option("-l, --location <location>", "app Backend location", "-")
+    .description("list Firebase App Hosting backends")
+    .option("-l, --location <location>", "list backends in the specified location", "-")
     .before(apphosting.ensureApiEnabled)
     .action(async (options) => {
     var _a;

package/lib/commands/apphosting-builds-create.js

@@ -0,0 +1,32 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.command = void 0;
+const apphosting = require("../gcp/apphosting");
+const logger_1 = require("../logger");
+const command_1 = require("../command");
+const projectUtils_1 = require("../projectUtils");
+exports.command = new command_1.Command("apphosting:builds:create <backendId>")
+    .description("create a build for an App Hosting backend")
+    .option("-l, --location <location>", "specify the region of the backend", "us-central1")
+    .option("-i, --id <buildId>", "id of the build (defaults to autogenerating a random id)", "")
+    .option("-b, --branch <branch>", "repository branch to deploy (defaults to 'main')", "main")
+    .before(apphosting.ensureApiEnabled)
+    .action(async (backendId, options) => {
+    var _a;
+    const projectId = (0, projectUtils_1.needProjectId)(options);
+    const location = options.location;
+    const buildId = options.buildId ||
+        (await apphosting.getNextRolloutId(projectId, location, backendId));
+    const branch = (_a = options.branch) !== null && _a !== void 0 ? _a : "main";
+    const op = await apphosting.createBuild(projectId, location, backendId, buildId, {
+        source: {
+            codebase: {
+                branch,
+            },
+        },
+    });
+    logger_1.logger.info(`Started a build for backend ${backendId} on branch ${branch}.`);
+    logger_1.logger.info("Check status by running:");
+    logger_1.logger.info(`\tfirebase apphosting:builds:get ${backendId} ${buildId} --location ${location}`);
+    return op;
+});

package/lib/commands/apphosting-builds-get.js

@@ -0,0 +1,18 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.command = void 0;
+const apphosting = require("../gcp/apphosting");
+const logger_1 = require("../logger");
+const command_1 = require("../command");
+const projectUtils_1 = require("../projectUtils");
+exports.command = new command_1.Command("apphosting:builds:get <backendId> <buildId>")
+    .description("get a build for an App Hosting backend")
+    .option("-l, --location <location>", "specify the region of the backend", "us-central1")
+    .before(apphosting.ensureApiEnabled)
+    .action(async (backendId, buildId, options) => {
+    const projectId = (0, projectUtils_1.needProjectId)(options);
+    const location = options.location;
+    const build = await apphosting.getBuild(projectId, location, backendId, buildId);
+    logger_1.logger.info(JSON.stringify(build, null, 2));
+    return build;
+});

package/lib/commands/apphosting-rollouts-create.js

@@ -0,0 +1,26 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.command = void 0;
+const apphosting = require("../gcp/apphosting");
+const logger_1 = require("../logger");
+const command_1 = require("../command");
+const projectUtils_1 = require("../projectUtils");
+exports.command = new command_1.Command("apphosting:rollouts:create <backendId> <buildId>")
+    .description("create a rollout using a build for an App Hosting backend")
+    .option("-l, --location <location>", "specify the region of the backend", "us-central1")
+    .option("-i, --id <rolloutId>", "id of the rollout (defaults to autogenerating a random id)", "")
+    .before(apphosting.ensureApiEnabled)
+    .action(async (backendId, buildId, options) => {
+    const projectId = (0, projectUtils_1.needProjectId)(options);
+    const location = options.location;
+    const rolloutId = options.buildId ||
+        (await apphosting.getNextRolloutId(projectId, location, backendId));
+    const build = `projects/${projectId}/backends/${backendId}/builds/${buildId}`;
+    const op = await apphosting.createRollout(projectId, location, backendId, rolloutId, {
+        build,
+    });
+    logger_1.logger.info(`Started a rollout for backend ${backendId} with build ${buildId}.`);
+    logger_1.logger.info("Check status by running:");
+    logger_1.logger.info(`\tfirebase apphosting:rollouts:list --location ${location}`);
+    return op;
+});

package/lib/commands/apphosting-rollouts-list.js

@@ -0,0 +1,21 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.command = void 0;
+const apphosting = require("../gcp/apphosting");
+const logger_1 = require("../logger");
+const command_1 = require("../command");
+const projectUtils_1 = require("../projectUtils");
+exports.command = new command_1.Command("apphosting:rollouts:list <backendId>")
+    .description("list rollouts of an App Hosting backend")
+    .option("-l, --location <location>", "region of the rollouts (defaults to listing rollouts from all regions)", "-")
+    .before(apphosting.ensureApiEnabled)
+    .action(async (backendId, options) => {
+    const projectId = (0, projectUtils_1.needProjectId)(options);
+    const location = options.location;
+    const rollouts = await apphosting.listRollouts(projectId, location, backendId);
+    if (rollouts.unreachable) {
+        logger_1.logger.error(`WARNING: the following locations were unreachable: ${rollouts.unreachable.join(", ")}`);
+    }
+    logger_1.logger.info(JSON.stringify(rollouts.rollouts, null, 2));
+    return rollouts;
+});

package/lib/commands/apphosting-secrets-grantaccess.js

@@ -11,8 +11,8 @@ const apphosting = require("../gcp/apphosting");
 const secrets = require("../apphosting/secrets");
 exports.command = new command_1.Command("apphosting:secrets:grantaccess <secretName>")
     .description("grant service accounts permissions to the provided secret")
-    .option("-l, --location <location>", "app backend location")
-    .option("-b, --backend <backend>", "app backend name")
+    .option("-l, --location <location>", "backend location")
+    .option("-b, --backend <backend>", "backend name")
     .before(requireAuth_1.requireAuth)
     .before(secretManager.ensureApi)
     .before(apphosting.ensureApiEnabled)

package/lib/commands/apphosting-secrets-set.js

@@ -1,23 +1,19 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.command = void 0;
-const tty = require("tty");
 const clc = require("colorette");
-const path_1 = require("path");
 const command_1 = require("../command");
 const projectUtils_1 = require("../projectUtils");
 const requireAuth_1 = require("../requireAuth");
-const fs = require("fs");
 const gcsm = require("../gcp/secretManager");
 const apphosting = require("../gcp/apphosting");
 const requirePermissions_1 = require("../requirePermissions");
-const prompt_1 = require("../prompt");
 const secrets = require("../apphosting/secrets");
 const dialogs = require("../apphosting/secrets/dialogs");
 const config = require("../apphosting/config");
-const utils_1 = require("../utils");
+const utils = require("../utils");
 exports.command = new command_1.Command("apphosting:secrets:set <secretName>")
-    .description("grant service accounts permissions to the provided secret")
+    .description("create or update a secret for use in Firebase App Hosting")
     .option("-l, --location <location>", "optional location to retrict secret replication")
     .withForce("Automatically create a secret, grant permissions, and add to YAML.")
     .before(requireAuth_1.requireAuth)
@@ -33,73 +29,28 @@ exports.command = new command_1.Command("apphosting:secrets:set <secretName>")
 ])
     .option("--data-file <dataFile>", 'File path from which to read secret data. Set to "-" to read the secret data from stdin.')
     .action(async (secretName, options) => {
-    var _a;
-    const howToAccess = `You can access the contents of the secret's latest value with ${clc.bold(`firebase apphosting:secrets:access ${secretName}`)}`;
-    const grantAccess = `To use this secret in your backend, you must grant access. You can do so in the future with ${clc.bold("firebase apphosting:secrets:grantAccess")}`;
     const projectId = (0, projectUtils_1.needProjectId)(options);
     const projectNumber = await (0, projectUtils_1.needProjectNumber)(options);
     const created = await secrets.upsertSecret(projectId, secretName, options.location);
     if (created === null) {
         return;
     }
-    let secretValue;
-    if ((!options.dataFile || options.dataFile === "-") && tty.isatty(0)) {
-        secretValue = await (0, prompt_1.promptOnce)({
-            type: "password",
-            message: `Enter a value for ${secretName}`,
-        });
-    }
-    else {
-        let dataFile = 0;
-        if (options.dataFile && options.dataFile !== "-") {
-            dataFile = options.dataFile;
-        }
-        secretValue = fs.readFileSync(dataFile, "utf-8");
-    }
-    if (created) {
-        (0, utils_1.logSuccess)(`Created new secret projects/${projectId}/secrets/${secretName}`);
+    else if (created) {
+        utils.logSuccess(`Created new secret projects/${projectId}/secrets/${secretName}`);
     }
+    const secretValue = await utils.readSecretValue(`Enter a value for ${secretName}`, options.dataFile);
     const version = await gcsm.addVersion(projectId, secretName, secretValue);
-    (0, utils_1.logSuccess)(`Created new secret version ${gcsm.toSecretVersionResourceName(version)}`);
-    (0, utils_1.logSuccess)(howToAccess);
+    utils.logSuccess(`Created new secret version ${gcsm.toSecretVersionResourceName(version)}`);
+    utils.logBullet(`You can access the contents of the secret's latest value with ${clc.bold(`firebase apphosting:secrets:access ${secretName}\n`)}`);
     if (!created) {
-        (0, utils_1.logWarning)(grantAccess);
         return;
     }
     const accounts = await dialogs.selectBackendServiceAccounts(projectNumber, projectId, options);
     if (!accounts.buildServiceAccounts.length && !accounts.runServiceAccounts.length) {
-        (0, utils_1.logWarning)(grantAccess);
+        utils.logWarning(`To use this secret in your backend, you must grant access. You can do so in the future with ${clc.bold("firebase apphosting:secrets:grantaccess")}`);
     }
     else {
         await secrets.grantSecretAccess(projectId, secretName, accounts);
     }
-    let path = config.yamlPath(process.cwd());
-    let yaml = {};
-    if (path) {
-        yaml = config.load(path);
-        if ((_a = yaml.env) === null || _a === void 0 ? void 0 : _a.find((env) => env.variable === secretName)) {
-            return;
-        }
-    }
-    const addToYaml = await (0, prompt_1.confirm)({
-        message: "Would you like to add this secret to apphosting.yaml?",
-        default: true,
-    });
-    if (!addToYaml) {
-        return;
-    }
-    if (!path) {
-        path = await (0, prompt_1.promptOnce)({
-            message: "It looks like you don't have an apphosting.yaml yet. Where would you like to store it?",
-            default: process.cwd(),
-        });
-        path = (0, path_1.join)(path, "apphosting.yaml");
-    }
-    const envName = await dialogs.envVarForSecret(secretName);
-    yaml.env = yaml.env || [];
-    yaml.env.push({
-        variable: envName,
-        secret: secretName,
-    });
-    config.store(path, yaml);
+    await config.maybeAddSecretToYaml(secretName);
 });

package/lib/commands/functions-secrets-set.js

@@ -1,8 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.command = void 0;
-const tty = require("tty");
-const fs = require("fs");
 const clc = require("colorette");
 const logger_1 = require("../logger");
 const secrets_1 = require("../functions/secrets");
@@ -33,21 +31,7 @@ exports.command = new command_1.Command("functions:secrets:set <KEY>")
     const projectNumber = await (0, projectUtils_1.needProjectNumber)(options);
     const key = await (0, secrets_1.ensureValidKey)(unvalidatedKey, options);
     const secret = await (0, secrets_1.ensureSecret)(projectId, key, options);
-    let secretValue;
-    if ((!options.dataFile || options.dataFile === "-") && tty.isatty(0)) {
-        secretValue = await (0, prompt_1.promptOnce)({
-            name: key,
-            type: "password",
-            message: `Enter a value for ${key}`,
-        });
-    }
-    else {
-        let dataFile = 0;
-        if (options.dataFile && options.dataFile !== "-") {
-            dataFile = options.dataFile;
-        }
-        secretValue = fs.readFileSync(dataFile, "utf-8");
-    }
+    const secretValue = await (0, utils_1.readSecretValue)(`Enter a value for ${key}`, options.dataFile);
     const secretVersion = await (0, secretManager_1.addVersion)(projectId, key, secretValue);
     (0, utils_1.logSuccess)(`Created a new secret version ${(0, secretManager_1.toSecretVersionResourceName)(secretVersion)}`);
     if (!(0, secretManager_1.isFunctionsManaged)(secret)) {

package/lib/commands/index.js

@@ -167,6 +167,14 @@ function load(client) {
         client.apphosting.secrets.grantaccess = loadCommand("apphosting-secrets-grantaccess");
         client.apphosting.secrets.describe = loadCommand("apphosting-secrets-describe");
         client.apphosting.secrets.access = loadCommand("apphosting-secrets-access");
+        if (experiments.isEnabled("internaltesting")) {
+            client.apphosting.builds = {};
+            client.apphosting.builds.get = loadCommand("apphosting-builds-get");
+            client.apphosting.builds.create = loadCommand("apphosting-builds-create");
+            client.apphosting.rollouts = {};
+            client.apphosting.rollouts.create = loadCommand("apphosting-rollouts-create");
+            client.apphosting.rollouts.list = loadCommand("apphosting-rollouts-list");
+        }
     }
     client.login = loadCommand("login");
     client.login.add = loadCommand("login-add");

package/lib/deploy/functions/runtimes/discovery/index.js

@@ -4,7 +4,7 @@ exports.detectFromPort = exports.detectFromYaml = exports.yamlToBuild = exports.
 const node_fetch_1 = require("node-fetch");
 const fs = require("fs");
 const path = require("path");
-const yaml = require("js-yaml");
+const yaml = require("yaml");
 const util_1 = require("util");
 const logger_1 = require("../../../../logger");
 const api = require("../../.../../../../api");
@@ -41,7 +41,7 @@ async function detectFromYaml(directory, project, runtime) {
         return;
     }
     logger_1.logger.debug("Found functions.yaml. Got spec:", text);
-    const parsed = yaml.load(text);
+    const parsed = yaml.parse(text);
     return yamlToBuild(parsed, project, api.functionsDefaultRegion(), runtime);
 }
 exports.detectFromYaml = detectFromYaml;
@@ -74,7 +74,7 @@ async function detectFromPort(port, project, runtime, timeout = 10000) {
     logger_1.logger.debug("Got response from /__/functions.yaml", text);
     let parsed;
     try {
-        parsed = yaml.load(text);
+        parsed = yaml.parse(text);
     }
     catch (err) {
         logger_1.logger.debug("Failed to parse functions.yaml", err);

package/lib/deploy/functions/runtimes/{supported.js → supported/index.js}

@@ -1,88 +1,33 @@
 "use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.guardVersionSupport = exports.isDecommissioned = exports.latest = exports.runtimeIsLanguage = exports.isRuntime = exports.RUNTIMES = void 0;
-const error_1 = require("../../../error");
-const utils = require("../../../utils");
-function runtimes(r) {
-    return r;
-}
-exports.RUNTIMES = runtimes({
-    nodejs6: {
-        friendly: "Node.js 6",
-        status: "decommissioned",
-        deprecationDate: "2019-04-17",
-        decommissionDate: "2020-08-01",
-    },
-    nodejs8: {
-        friendly: "Node.js 8",
-        status: "decommissioned",
-        deprecationDate: "2020-06-05",
-        decommissionDate: "2021-02-01",
-    },
-    nodejs10: {
-        friendly: "Node.js 10",
-        status: "GA",
-        deprecationDate: "2024-01-30",
-        decommissionDate: "2025-01-30",
-    },
-    nodejs12: {
-        friendly: "Node.js 12",
-        status: "GA",
-        deprecationDate: "2024-01-30",
-        decommissionDate: "2025-01-30",
-    },
-    nodejs14: {
-        friendly: "Node.js 14",
-        status: "GA",
-        deprecationDate: "2024-01-30",
-        decommissionDate: "2025-01-30",
-    },
-    nodejs16: {
-        friendly: "Node.js 16",
-        status: "GA",
-        deprecationDate: "2024-01-30",
-        decommissionDate: "2025-01-30",
-    },
-    nodejs18: {
-        friendly: "Node.js 18",
-        status: "GA",
-        deprecationDate: "2025-04-30",
-        decommissionDate: "2025-10-31",
-    },
-    nodejs20: {
-        friendly: "Node.js 20",
-        status: "GA",
-        deprecationDate: "2026-04-30",
-        decommissionDate: "2026-10-31",
-    },
-    python310: {
-        friendly: "Python 3.10",
-        status: "GA",
-        deprecationDate: "2026-10-04",
-        decommissionDate: "2027-04-30",
-    },
-    python311: {
-        friendly: "Python 3.11",
-        status: "GA",
-        deprecationDate: "2027-10-24",
-        decommissionDate: "2028-04-30",
-    },
-    python312: {
-        friendly: "Python 3.12",
-        status: "GA",
-        deprecationDate: "2028-10-02",
-        decommissionDate: "2029-04-30",
-    },
-});
+exports.guardVersionSupport = exports.isDecommissioned = exports.latest = exports.runtimeIsLanguage = exports.isRuntime = void 0;
+const error_1 = require("../../../../error");
+const utils = require("../../../../utils");
+const types_1 = require("./types");
+__exportStar(require("./types"), exports);
 function isRuntime(maybe) {
-    return maybe in exports.RUNTIMES;
+    return maybe in types_1.RUNTIMES;
 }
 exports.isRuntime = isRuntime;
 function runtimeIsLanguage(runtime, language) {
     return runtime.startsWith(language);
 }
 exports.runtimeIsLanguage = runtimeIsLanguage;
-function latest(language, runtimes = Object.keys(exports.RUNTIMES)) {
+function latest(language, runtimes = Object.keys(types_1.RUNTIMES)) {
     const sorted = runtimes
         .filter((s) => runtimeIsLanguage(s, language))
         .sort((left, right) => {
@@ -103,20 +48,20 @@ function latest(language, runtimes = Object.keys(exports.RUNTIMES)) {
 }
 exports.latest = latest;
 function isDecommissioned(runtime, now = new Date()) {
-    const cutoff = new Date(exports.RUNTIMES[runtime].decommissionDate);
+    const cutoff = new Date(types_1.RUNTIMES[runtime].decommissionDate);
     return cutoff < now;
 }
 exports.isDecommissioned = isDecommissioned;
 function guardVersionSupport(runtime, now = new Date()) {
-    const { deprecationDate, decommissionDate } = exports.RUNTIMES[runtime];
+    const { deprecationDate, decommissionDate } = types_1.RUNTIMES[runtime];
     const decommission = new Date(decommissionDate);
     if (now >= decommission) {
-        throw new error_1.FirebaseError(`Runtime ${exports.RUNTIMES[runtime].friendly} was decommissioned on ${decommissionDate}. To deploy ` +
+        throw new error_1.FirebaseError(`Runtime ${types_1.RUNTIMES[runtime].friendly} was decommissioned on ${decommissionDate}. To deploy ` +
             "you must first upgrade your runtime version.", { exit: 1 });
     }
     const deprecation = new Date(deprecationDate);
     if (now >= deprecation) {
-        utils.logLabeledWarning("functions", `Runtime ${exports.RUNTIMES[runtime].friendly} was deprecated on ${deprecationDate} and will be ` +
+        utils.logLabeledWarning("functions", `Runtime ${types_1.RUNTIMES[runtime].friendly} was deprecated on ${deprecationDate} and will be ` +
             `decommissioned on ${decommissionDate}, after which you will not be able ` +
             "to deploy without upgrading. Consider upgrading now to avoid disruption. See " +
             "https://cloud.google.com/functions/docs/runtime-support for full " +
@@ -125,7 +70,7 @@ function guardVersionSupport(runtime, now = new Date()) {
     }
     const warning = new Date(deprecation.getTime() - 90 * 24 * 60 * 60 * 1000);
     if (now >= warning) {
-        utils.logLabeledWarning("functions", `Runtime ${exports.RUNTIMES[runtime].friendly} will be deprecated on ${deprecationDate} and will be ` +
+        utils.logLabeledWarning("functions", `Runtime ${types_1.RUNTIMES[runtime].friendly} will be deprecated on ${deprecationDate} and will be ` +
             `decommissioned on ${decommissionDate}, after which you will not be able ` +
             "to deploy without upgrading. Consider upgrading now to avoid disruption. See " +
             "https://cloud.google.com/functions/docs/runtime-support for full " +

package/lib/deploy/functions/runtimes/supported/types.js

@@ -0,0 +1,74 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.RUNTIMES = void 0;
+function runtimes(r) {
+    return r;
+}
+exports.RUNTIMES = runtimes({
+    nodejs6: {
+        friendly: "Node.js 6",
+        status: "decommissioned",
+        deprecationDate: "2019-04-17",
+        decommissionDate: "2020-08-01",
+    },
+    nodejs8: {
+        friendly: "Node.js 8",
+        status: "decommissioned",
+        deprecationDate: "2020-06-05",
+        decommissionDate: "2021-02-01",
+    },
+    nodejs10: {
+        friendly: "Node.js 10",
+        status: "GA",
+        deprecationDate: "2024-01-30",
+        decommissionDate: "2025-01-30",
+    },
+    nodejs12: {
+        friendly: "Node.js 12",
+        status: "GA",
+        deprecationDate: "2024-01-30",
+        decommissionDate: "2025-01-30",
+    },
+    nodejs14: {
+        friendly: "Node.js 14",
+        status: "GA",
+        deprecationDate: "2024-01-30",
+        decommissionDate: "2025-01-30",
+    },
+    nodejs16: {
+        friendly: "Node.js 16",
+        status: "GA",
+        deprecationDate: "2024-01-30",
+        decommissionDate: "2025-01-30",
+    },
+    nodejs18: {
+        friendly: "Node.js 18",
+        status: "GA",
+        deprecationDate: "2025-04-30",
+        decommissionDate: "2025-10-31",
+    },
+    nodejs20: {
+        friendly: "Node.js 20",
+        status: "GA",
+        deprecationDate: "2026-04-30",
+        decommissionDate: "2026-10-31",
+    },
+    python310: {
+        friendly: "Python 3.10",
+        status: "GA",
+        deprecationDate: "2026-10-04",
+        decommissionDate: "2027-04-30",
+    },
+    python311: {
+        friendly: "Python 3.11",
+        status: "GA",
+        deprecationDate: "2027-10-24",
+        decommissionDate: "2028-04-30",
+    },
+    python312: {
+        friendly: "Python 3.12",
+        status: "GA",
+        deprecationDate: "2028-10-02",
+        decommissionDate: "2029-04-30",
+    },
+});

package/lib/extensions/emulator/specHelper.js

@@ -1,7 +1,7 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.getRuntime = exports.DEFAULT_RUNTIME = exports.getFunctionProperties = exports.getFunctionResourcesWithParamSubstitution = exports.readFileFromDirectory = exports.readPostinstall = exports.readExtensionYaml = void 0;
-const yaml = require("js-yaml");
+const yaml = require("yaml");
 const path = require("path");
 const fs = require("fs-extra");
 const supported = require("../../deploy/functions/runtimes/supported");
@@ -17,10 +17,10 @@ const validFunctionTypes = [
 ];
 function wrappedSafeLoad(source) {
     try {
-        return yaml.safeLoad(source);
+        return yaml.parse(source);
     }
     catch (err) {
-        if (err instanceof yaml.YAMLException) {
+        if (err instanceof yaml.YAMLParseError) {
             throw new error_1.FirebaseError(`YAML Error: ${err.message}`, { original: err });
         }
         throw err;

package/lib/extensions/extensionsApi.js

@@ -1,7 +1,7 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.refNotFoundError = exports.getExtension = exports.listExtensionVersions = exports.listExtensions = exports.getExtensionVersion = exports.getSource = exports.createSource = exports.populateSpec = exports.updateInstanceFromRegistry = exports.updateInstance = exports.configureInstance = exports.listInstances = exports.getInstance = exports.deleteInstance = exports.createInstance = void 0;
-const yaml = require("js-yaml");
+const yaml = require("yaml");
 const clc = require("colorette");
 const apiv2_1 = require("../apiv2");
 const api_1 = require("../api");
@@ -230,7 +230,7 @@ function populateSpec(spec) {
         for (const r of spec.resources) {
             try {
                 if (r.propertiesYaml) {
-                    r.properties = yaml.safeLoad(r.propertiesYaml);
+                    r.properties = yaml.parse(r.propertiesYaml);
                 }
             }
             catch (err) {

package/lib/extensions/localHelper.js

@@ -3,7 +3,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.isLocalExtension = exports.readFile = exports.findExtensionYaml = exports.getLocalExtensionSpec = exports.EXTENSIONS_SPEC_FILE = void 0;
 const fs = require("fs-extra");
 const path = require("path");
-const yaml = require("js-yaml");
+const yaml = require("yaml");
 const fsutils_1 = require("../fsutils");
 const error_1 = require("../error");
 const logger_1 = require("../logger");
@@ -56,10 +56,10 @@ function isLocalExtension(extensionName) {
 exports.isLocalExtension = isLocalExtension;
 function parseYAML(source) {
     try {
-        return yaml.safeLoad(source);
+        return yaml.parse(source);
     }
     catch (err) {
-        if (err instanceof yaml.YAMLException) {
+        if (err instanceof yaml.YAMLParseError) {
             throw new error_1.FirebaseError(`YAML Error: ${err.message}`, { original: err });
         }
         throw new error_1.FirebaseError(err.message);

package/lib/frameworks/flutter/index.js

@@ -4,7 +4,7 @@ exports.ɵcodegenPublicDirectory = exports.build = exports.init = exports.discov
 const cross_spawn_1 = require("cross-spawn");
 const fs_extra_1 = require("fs-extra");
 const path_1 = require("path");
-const js_yaml_1 = require("js-yaml");
+const yaml = require("yaml");
 const promises_1 = require("fs/promises");
 const error_1 = require("../../error");
 const utils_1 = require("./utils");
@@ -19,7 +19,7 @@ async function discover(dir) {
     if (!(await (0, fs_extra_1.pathExists)((0, path_1.join)(dir, "web"))))
         return;
     const pubSpecBuffer = await (0, promises_1.readFile)((0, path_1.join)(dir, "pubspec.yaml"));
-    const pubSpec = (0, js_yaml_1.load)(pubSpecBuffer.toString());
+    const pubSpec = yaml.parse(pubSpecBuffer.toString());
     const usingFlutter = (_a = pubSpec.dependencies) === null || _a === void 0 ? void 0 : _a.flutter;
     if (!usingFlutter)
         return;

package/lib/init/features/hosting/github.js

@@ -3,8 +3,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.isRunningInGithubAction = exports.initGitHub = void 0;
 const colorette_1 = require("colorette");
 const fs = require("fs");
-const yaml = require("js-yaml");
-const js_yaml_1 = require("js-yaml");
+const yaml = require("yaml");
 const ora = require("ora");
 const path = require("path");
 const libsodium = require("libsodium-wrappers");
@@ -149,7 +148,7 @@ function loadYMLDeploy() {
     }
 }
 function loadYML(ymlPath) {
-    return (0, js_yaml_1.safeLoad)(fs.readFileSync(ymlPath, "utf8"));
+    return yaml.parse(fs.readFileSync(ymlPath, "utf8"));
 }
 function mkdirNotExists(dir) {
     if (!(0, fsutils_1.dirExistsSync)(dir)) {
@@ -189,7 +188,7 @@ function writeChannelActionYMLFile(ymlPath, secretName, projectId, script) {
     const ymlContents = `# This file was auto-generated by the Firebase CLI
 # https://github.com/firebase/firebase-tools
 
-${yaml.safeDump(workflowConfig)}`;
+${yaml.stringify(workflowConfig)}`;
     mkdirNotExists(GITHUB_DIR);
     mkdirNotExists(WORKFLOW_DIR);
     fs.writeFileSync(ymlPath, ymlContents, "utf8");
@@ -222,7 +221,7 @@ function writeDeployToProdActionYMLFile(ymlPath, branch, secretName, projectId,
     const ymlContents = `# This file was auto-generated by the Firebase CLI
 # https://github.com/firebase/firebase-tools
 
-${yaml.safeDump(workflowConfig)}`;
+${yaml.stringify(workflowConfig)}`;
     mkdirNotExists(GITHUB_DIR);
     mkdirNotExists(WORKFLOW_DIR);
     fs.writeFileSync(ymlPath, ymlContents, "utf8");

package/lib/utils.js

@@ -1,7 +1,9 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.getHostnameFromUrl = exports.openInBrowserPopup = exports.openInBrowser = exports.connectableHostname = exports.randomInt = exports.debounce = exports.last = exports.cloneDeep = exports.groupBy = exports.assertIsStringOrUndefined = exports.assertIsNumber = exports.assertIsString = exports.thirtyDaysFromNow = exports.isRunningInWSL = exports.isVSCodeExtension = exports.isCloudEnvironment = exports.datetimeString = exports.createDestroyer = exports.promiseWithSpinner = exports.setupLoggers = exports.tryParse = exports.tryStringify = exports.promiseProps = exports.withTimeout = exports.promiseWhile = exports.promiseAllSettled = exports.getFunctionsEventProvider = exports.endpoint = exports.makeActiveProject = exports.streamToString = exports.stringToStream = exports.explainStdin = exports.allSettled = exports.reject = exports.logLabeledError = exports.logLabeledWarning = exports.logWarning = exports.logLabeledBullet = exports.logBullet = exports.logLabeledSuccess = exports.logSuccess = exports.addSubdomain = exports.addDatabaseNamespace = exports.getDatabaseViewDataUrl = exports.getDatabaseUrl = exports.envOverride = exports.getInheritedOption = exports.consoleUrl = exports.envOverrides = exports.IS_WINDOWS = void 0;
+exports.readSecretValue = void 0;
 const fs = require("node:fs");
+const tty = require("tty");
 const path = require("node:path");
 const _ = require("lodash");
 const url = require("url");
@@ -19,6 +21,7 @@ const portfinder_1 = require("portfinder");
 const configstore_1 = require("./configstore");
 const error_1 = require("./error");
 const logger_1 = require("./logger");
+const prompt_1 = require("./prompt");
 exports.IS_WINDOWS = process.platform === "win32";
 const SUCCESS_CHAR = exports.IS_WINDOWS ? "+" : "✔";
 const WARNING_CHAR = exports.IS_WINDOWS ? "!" : "⚠";
@@ -524,3 +527,17 @@ function getHostnameFromUrl(url) {
     }
 }
 exports.getHostnameFromUrl = getHostnameFromUrl;
+function readSecretValue(prompt, dataFile) {
+    if ((!dataFile || dataFile === "-") && tty.isatty(0)) {
+        return (0, prompt_1.promptOnce)({
+            type: "password",
+            message: prompt,
+        });
+    }
+    let input = 0;
+    if (dataFile && dataFile !== "-") {
+        input = dataFile;
+    }
+    return Promise.resolve(fs.readFileSync(input, "utf-8"));
+}
+exports.readSecretValue = readSecretValue;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "firebase-tools",
-  "version": "13.7.2",
+  "version": "13.7.3",
   "description": "Command-Line Interface for Firebase",
   "main": "./lib/index.js",
   "bin": {
@@ -86,7 +86,6 @@
     "google-auth-library": "^7.11.0",
     "inquirer": "^8.2.6",
     "inquirer-autocomplete-prompt": "^2.0.1",
-    "js-yaml": "^3.13.1",
     "jsonwebtoken": "^9.0.0",
     "leven": "^3.1.0",
     "libsodium-wrappers": "^0.7.10",
@@ -119,6 +118,7 @@
     "uuid": "^8.3.2",
     "winston": "^3.0.0",
     "winston-transport": "^4.4.0",
-    "ws": "^7.2.3"
+    "ws": "^7.2.3",
+    "yaml": "^2.4.1"
   }
 }

package/templates/init/functions/typescript/_eslintrc

@@ -19,6 +19,7 @@ module.exports = {
   },
   ignorePatterns: [
     "/lib/**/*", // Ignore built files.
+    "/generated/**/*", // Ignore generated files.
   ],
   plugins: [
     "@typescript-eslint",