firebase-tools 15.20.0 → 15.22.0

package/lib/appdistribution/yaml_helper.js

@@ -32,7 +32,7 @@ function toYamlTestCases(testCases) {
     }));
 }
 function toYaml(testCases) {
-    return jsYaml.safeDump({ tests: toYamlTestCases(testCases) });
+    return jsYaml.dump({ tests: toYamlTestCases(testCases) });
 }
 function castExists(it, thing) {
     if (it == null) {
@@ -77,7 +77,7 @@ function fromYamlTestCases(appName, yamlTestCases) {
 function fromYaml(appName, yaml) {
     let parsedYaml;
     try {
-        parsedYaml = jsYaml.safeLoad(yaml);
+        parsedYaml = jsYaml.load(yaml);
     }
     catch (err) {
         throw new error_1.FirebaseError(`Failed to parse YAML: ${(0, error_1.getErrMsg)(err)}`);

package/lib/apphosting/constants.js

@@ -1,7 +1,8 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.LOCAL_BUILD_DIR_NAME = exports.ALLOWED_DEPLOY_METHODS = exports.DEFAULT_DEPLOY_METHOD = exports.DEFAULT_LOCATION = void 0;
+exports.CLOUD_RUN_SIZE_LIMIT_BYTES = exports.LOCAL_BUILD_DIR_NAME = exports.ALLOWED_DEPLOY_METHODS = exports.DEFAULT_DEPLOY_METHOD = exports.DEFAULT_LOCATION = void 0;
 exports.DEFAULT_LOCATION = "us-east4";
 exports.DEFAULT_DEPLOY_METHOD = "github";
 exports.ALLOWED_DEPLOY_METHODS = [{ name: "Deploy using github", value: "github" }];
 exports.LOCAL_BUILD_DIR_NAME = ".local_build";
+exports.CLOUD_RUN_SIZE_LIMIT_BYTES = 250 * 1024 * 1024;

package/lib/apphosting/localbuilds.js

@@ -31,11 +31,13 @@ function executeUniversalMakerBinary(universalMakerBinary, projectRoot, addedEnv
             },
             stdio: "pipe",
         });
+        const failed = !!res.error || res.status !== 0;
+        const log = (msg) => (failed ? logger_1.logger.info(msg) : logger_1.logger.debug(msg));
         if (res.stdout) {
-            logger_1.logger.debug("[Universal Maker stdout]:\n" + res.stdout.toString());
+            log("[Universal Maker stdout]:\n" + res.stdout.toString());
         }
         if (res.stderr) {
-            logger_1.logger.debug("[Universal Maker stderr]:\n" + res.stderr.toString());
+            log("[Universal Maker stderr]:\n" + res.stderr.toString());
         }
         if (res.error) {
             throw res.error;

package/lib/apphosting/secrets/index.js

@@ -4,6 +4,8 @@ exports.toMulti = toMulti;
 exports.serviceAccountsForBackend = serviceAccountsForBackend;
 exports.grantSecretAccess = grantSecretAccess;
 exports.grantEmailsSecretAccess = grantEmailsSecretAccess;
+exports.revokeSecretAccess = revokeSecretAccess;
+exports.revokeEmailsSecretAccess = revokeEmailsSecretAccess;
 exports.upsertSecret = upsertSecret;
 exports.loadSecret = loadSecret;
 exports.fetchSecrets = fetchSecrets;
@@ -117,6 +119,81 @@ async function grantEmailsSecretAccess(projectId, secretNames, emails) {
         utils.logSuccess(`Successfully set IAM bindings on secret ${secretName}.\n`);
     }
 }
+async function revokeSecretAccess(projectId, secretName, accounts) {
+    const bindingsToRevoke = [
+        {
+            role: "roles/secretmanager.secretAccessor",
+            members: [...accounts.buildServiceAccounts, ...accounts.runServiceAccounts].map((sa) => `serviceAccount:${sa}`),
+        },
+        {
+            role: "roles/secretmanager.viewer",
+            members: accounts.buildServiceAccounts.map((sa) => `serviceAccount:${sa}`),
+        },
+    ];
+    await revokeSecretBindings(projectId, secretName, bindingsToRevoke);
+}
+async function revokeEmailsSecretAccess(projectId, secretNames, emails) {
+    const bindingsToRevoke = [
+        {
+            role: "roles/secretmanager.secretAccessor",
+            members: emails.flatMap((email) => [`user:${email}`, `group:${email}`]),
+        },
+    ];
+    for (const secretName of secretNames) {
+        await revokeSecretBindings(projectId, secretName, bindingsToRevoke);
+    }
+}
+async function revokeSecretBindings(projectId, secretName, bindingsToRevoke) {
+    let existingBindings;
+    try {
+        existingBindings = (await gcsm.getIamPolicy({ projectId, name: secretName })).bindings || [];
+    }
+    catch (err) {
+        throw new error_1.FirebaseError(`Failed to get IAM bindings on secret: ${secretName}. Ensure you have the permissions to do so and try again.`, { original: (0, error_1.getError)(err) });
+    }
+    const removalsByRole = new Map();
+    for (const binding of bindingsToRevoke) {
+        let members = removalsByRole.get(binding.role);
+        if (!members) {
+            members = new Set();
+            removalsByRole.set(binding.role, members);
+        }
+        for (const member of binding.members) {
+            members.add(member);
+        }
+    }
+    let updated = false;
+    const bindings = [];
+    for (const binding of existingBindings) {
+        const removals = removalsByRole.get(binding.role);
+        if (!removals || binding.condition) {
+            bindings.push(binding);
+            continue;
+        }
+        const members = binding.members.filter((member) => !removals.has(member));
+        if (members.length !== binding.members.length) {
+            updated = true;
+        }
+        if (members.length) {
+            bindings.push({ ...binding, members });
+        }
+        else {
+            updated = true;
+        }
+    }
+    if (!updated) {
+        utils.logSuccess(`No matching IAM bindings found on secret ${secretName}.\n`);
+        return;
+    }
+    try {
+        await gcsm.setIamPolicy({ projectId, name: secretName }, bindings);
+    }
+    catch (err) {
+        throw new error_1.FirebaseError(`Failed to revoke IAM bindings ${JSON.stringify(bindingsToRevoke)} on secret: ${secretName}. Ensure you have the permissions to do so and try again. ` +
+            "For more information visit https://cloud.google.com/secret-manager/docs/manage-access-to-secrets#required-roles", { original: (0, error_1.getError)(err) });
+    }
+    utils.logSuccess(`Successfully revoked IAM bindings on secret ${secretName}.\n`);
+}
 async function upsertSecret(project, secret, location) {
     let existing;
     try {

package/lib/archiveDirectory.js

@@ -2,7 +2,7 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.archiveDirectory = archiveDirectory;
 const archiver = require("archiver");
-const filesize = require("filesize");
+const utils_1 = require("./utils");
 const fs = require("fs");
 const path = require("path");
 const tmp = require("tmp");
@@ -21,7 +21,7 @@ async function archiveDirectory(sourceDirectory, options = {}) {
     const makeArchive = zipDirectory(sourceDirectory, tempFile, options);
     try {
         const archive = await makeArchive;
-        logger_1.logger.debug(`Archived ${filesize(archive.size)} in ${sourceDirectory}.`);
+        logger_1.logger.debug(`Archived ${(0, utils_1.formatFilesize)(archive.size)} in ${sourceDirectory}.`);
         return archive;
     }
     catch (err) {

package/lib/auth.js

@@ -37,7 +37,6 @@ const logger_1 = require("./logger");
 const prompt_1 = require("./prompt");
 const scopes = require("./scopes");
 const defaultCredentials_1 = require("./defaultCredentials");
-const uuid_1 = require("uuid");
 const crypto_1 = require("crypto");
 const track_1 = require("./track");
 const api_1 = require("./api");
@@ -308,7 +307,7 @@ async function loginPrototyper() {
         urlPrefix: (0, api_1.authProxyOrigin)(),
         auth: false,
     });
-    const sessionId = (0, uuid_1.v4)();
+    const sessionId = (0, crypto_1.randomUUID)();
     const codeVerifier = (0, crypto_1.randomBytes)(32).toString("hex");
     const codeChallenge = urlsafeBase64((0, crypto_1.createHash)("sha256").update(codeVerifier).digest("base64"));
     const attestToken = (await authProxyClient.post("/attest", {
@@ -341,7 +340,7 @@ async function loginRemotely() {
         urlPrefix: (0, api_1.authProxyOrigin)(),
         auth: false,
     });
-    const sessionId = (0, uuid_1.v4)();
+    const sessionId = (0, crypto_1.randomUUID)();
     const codeVerifier = (0, crypto_1.randomBytes)(32).toString("hex");
     const codeChallenge = urlsafeBase64((0, crypto_1.createHash)("sha256").update(codeVerifier).digest("base64"));
     const attestToken = (await authProxyClient.post("/attest", {

package/lib/bin/cli.js

@@ -1,5 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
+exports.loadAllCommands = loadAllCommands;
 exports.cli = cli;
 const updateNotifierPkg = require("update-notifier-cjs");
 const clc = require("colorette");
@@ -17,6 +18,29 @@ const fsutils = require("../fsutils");
 const utils = require("../utils");
 const fetchMOTD_1 = require("../fetchMOTD");
 const command_1 = require("../command");
+const env_1 = require("../env");
+function loadAllCommands(client) {
+    const seen = new Set();
+    const loadAll = (obj) => {
+        if (seen.has(obj))
+            return;
+        seen.add(obj);
+        for (const [key, value] of Object.entries(obj)) {
+            if (key === "cli") {
+                continue;
+            }
+            if ((0, command_1.isCommandModule)(value)) {
+                value.load();
+            }
+            if ((typeof value === "object" || typeof value === "function") &&
+                value !== null &&
+                !Array.isArray(value)) {
+                loadAll(value);
+            }
+        }
+    };
+    loadAll(client);
+}
 function cli(pkg) {
     const updateNotifier = updateNotifierPkg({ pkg });
     const args = process.argv.slice(2);
@@ -31,6 +55,7 @@ function cli(pkg) {
     logger_1.logger.debug("CLI Version:  ", pkg.version);
     logger_1.logger.debug("Platform:     ", process.platform);
     logger_1.logger.debug("Node Version: ", process.version);
+    logger_1.logger.debug("Detected Agent:", (0, env_1.detectAIAgent)());
     logger_1.logger.debug("Time:         ", new Date().toString());
     if (utils.envOverrides.length) {
         logger_1.logger.debug("Env Overrides:", utils.envOverrides.join(", "));
@@ -97,24 +122,7 @@ function cli(pkg) {
         client.getCommand(commandName);
     }
     if (isHelp) {
-        const seen = new Set();
-        const loadAll = (obj) => {
-            if (seen.has(obj))
-                return;
-            seen.add(obj);
-            for (const [key, value] of Object.entries(obj)) {
-                if ((0, command_1.isCommandModule)(value)) {
-                    value.load();
-                }
-                else if (typeof value === "object" &&
-                    value !== null &&
-                    !Array.isArray(value) &&
-                    key !== "cli") {
-                    loadAll(value);
-                }
-            }
-        };
-        loadAll(client);
+        loadAllCommands(client);
     }
     if (!args.length) {
         client.cli.help();

package/lib/commands/apphosting-secrets-revokeaccess.js

@@ -0,0 +1,56 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.command = void 0;
+const command_1 = require("../command");
+const projectUtils_1 = require("../projectUtils");
+const error_1 = require("../error");
+const requireAuth_1 = require("../requireAuth");
+const secretManager = require("../gcp/secretManager");
+const requirePermissions_1 = require("../requirePermissions");
+const apphosting = require("../gcp/apphosting");
+const secrets = require("../apphosting/secrets");
+const backend_1 = require("../apphosting/backend");
+exports.command = new command_1.Command("apphosting:secrets:revokeaccess <secretNames>")
+    .description("Revoke service accounts, users, or groups permissions from the provided secret(s). Can pass one or more secrets, separated by a comma")
+    .option("-l, --location <location>", "the location of the backend to revoke secret access from. Cannot be combined with --emails", "-")
+    .option("-b, --backend <backend>", "the name of the backend to revoke secret access from. Cannot be combined with --emails")
+    .option("-e, --emails <emails>", "comma delimited list of user or group emails to revoke secret access from. Cannot be combined with --backend")
+    .before(requireAuth_1.requireAuth)
+    .before(secretManager.ensureApi)
+    .before(apphosting.ensureApiEnabled)
+    .before(requirePermissions_1.requirePermissions, [
+    "secretmanager.secrets.get",
+    "secretmanager.secrets.getIamPolicy",
+    "secretmanager.secrets.setIamPolicy",
+])
+    .action(async (secretNames, options) => {
+    const projectId = (0, projectUtils_1.needProjectId)(options);
+    if (!options.backend && !options.emails) {
+        throw new error_1.FirebaseError("Missing required flag --backend or --emails. See firebase apphosting:secrets:revokeaccess --help for more info");
+    }
+    if (options.backend && options.emails) {
+        throw new error_1.FirebaseError("Cannot specify both --backend and --emails. See firebase apphosting:secrets:revokeaccess --help for more info");
+    }
+    const secretList = secretNames.split(",");
+    for (const secretName of secretList) {
+        const exists = await secretManager.secretExists(projectId, secretName);
+        if (!exists) {
+            throw new error_1.FirebaseError(`Cannot find secret ${secretName}`);
+        }
+    }
+    if (options.emails) {
+        return await secrets.revokeEmailsSecretAccess(projectId, secretList, String(options.emails).split(","));
+    }
+    const projectNumber = await (0, projectUtils_1.needProjectNumber)(options);
+    const backendId = options.backend;
+    const location = options.location;
+    let backend;
+    if (location === "" || location === "-") {
+        backend = await (0, backend_1.getBackendForAmbiguousLocation)(projectId, backendId, "Please select the location of your backend:");
+    }
+    else {
+        backend = await apphosting.getBackend(projectId, location, backendId);
+    }
+    const accounts = secrets.toMulti(await secrets.serviceAccountsForBackend(projectNumber, backend));
+    await Promise.all(secretList.map((secretName) => secrets.revokeSecretAccess(projectId, secretName, accounts)));
+});

package/lib/commands/apptesting.js

@@ -30,6 +30,9 @@ exports.command = new command_1.Command("apptesting:execute [release-binary-file
     .option("--test-devices-file <string>", "Path to file containing a list of semicolon- or newline-separated devices to run automated tests on, in the format 'model=<model-id>,version=<os-version-id>,locale=<locale>,orientation=<orientation>'. Run 'gcloud firebase test android|ios models list' to see available devices. Note: This feature is in beta.")
     .option("--test-non-blocking", "Run automated tests without waiting for them to complete. Visit the Firebase console for the test results.")
     .option("--results-bucket <bucket>", "The name of a Google Cloud Storage bucket where raw test results will be stored. If this flag is not set, Firebase creates a default bucket for you. Note that the bucket must be owned by a billing-enabled project, and that using a non-default bucket will result in billing charges for the storage used.")
+    .option("--test-username <string>", "username for automatic login")
+    .option("--test-password <string>", "password for automatic login. If using a real password, use --test-password-file instead to avoid putting sensitive info in history and logs.")
+    .option("--test-password-file <string>", "path to file containing password for automatic login")
     .before(requireAuth_1.requireAuth)
     .action(async (target, options) => {
     const appName = (0, options_parser_util_1.getAppName)(options);
@@ -40,6 +43,11 @@ exports.command = new command_1.Command("apptesting:execute [release-binary-file
     }
     const tests = await (0, parseTestFiles_1.parseTestFiles)(testDir, undefined, options.testFilePattern, options.testNamePattern);
     const testDevices = (0, options_parser_util_1.parseTestDevices)(options.testDevices, options.testDevicesFile);
+    const loginCredential = (0, options_parser_util_1.getLoginCredential)({
+        username: options.testUsername,
+        password: options.testPassword,
+        passwordFile: options.testPasswordFile,
+    });
     if (!tests.length) {
         throw new error_1.FirebaseError(`No tests found under test directory ${testDir}`);
     }
@@ -62,7 +70,7 @@ exports.command = new command_1.Command("apptesting:execute [release-binary-file
             utils.logBullet(`Using release ${release.displayVersion} created at ${release.createTime}`);
         }
         invokeSpinner.start();
-        releaseTests = await invokeTests(client, release.name, tests, !testDevices.length ? defaultDevices : testDevices, resultsBucket);
+        releaseTests = await invokeTests(client, release.name, tests, !testDevices.length ? defaultDevices : testDevices, resultsBucket, loginCredential);
         invokeSpinner.text = `${(0, parseTestFiles_1.pluralizeTests)(releaseTests.length)} started successfully!`;
         invokeSpinner.succeed();
     }
@@ -78,7 +86,7 @@ exports.command = new command_1.Command("apptesting:execute [release-binary-file
         utils.logBullet(`View detailed results in the Firebase Console:\n${release.firebaseConsoleUri}`);
     }
 });
-async function invokeTests(client, releaseName, testDefs, devices, resultsBucket) {
+async function invokeTests(client, releaseName, testDefs, devices, resultsBucket, loginCredential) {
     try {
         const releaseTests = [];
         for (const testDef of testDefs) {
@@ -89,6 +97,7 @@ async function invokeTests(client, releaseName, testDefs, devices, resultsBucket
                 aiInstructions,
                 displayName: testDef.testCase.displayName,
                 resultsBucket,
+                loginCredential,
             }));
         }
         return releaseTests;

package/lib/commands/crashlytics-symbols-upload.js

@@ -3,7 +3,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.command = void 0;
 const os = require("os");
 const path = require("path");
-const uuid = require("uuid");
+const crypto_1 = require("crypto");
 const command_1 = require("../command");
 const error_1 = require("../error");
 const utils = require("../utils");
@@ -28,7 +28,7 @@ exports.command = new command_1.Command("crashlytics:symbols:upload <symbolFiles
     const jarOptions = {
         app,
         generator,
-        cachePath: path.join(SYMBOL_CACHE_ROOT_DIR, `crashlytics-${uuid.v4()}`, "nativeSymbols", app.replace(/:/g, "-"), generator),
+        cachePath: path.join(SYMBOL_CACHE_ROOT_DIR, `crashlytics-${(0, crypto_1.randomUUID)()}`, "nativeSymbols", app.replace(/:/g, "-"), generator),
         symbolFile: "",
         generate: true,
     };

package/lib/commands/index.js

@@ -195,6 +195,7 @@ function load(client) {
         client.apphosting.backends.delete = loadCommand("apphosting-backends-delete");
         client.apphosting.secrets = {};
         client.apphosting.secrets.set = loadCommand("apphosting-secrets-set");
+        client.apphosting.secrets.revokeaccess = loadCommand("apphosting-secrets-revokeaccess");
         client.apphosting.secrets.grantaccess = loadCommand("apphosting-secrets-grantaccess");
         client.apphosting.secrets.describe = loadCommand("apphosting-secrets-describe");
         client.apphosting.secrets.access = loadCommand("apphosting-secrets-access");

package/lib/crashlytics/sourcemap.js

@@ -15,7 +15,6 @@ exports.registerSourceMap = registerSourceMap;
 const fs = require("fs");
 const path = require("path");
 const node_child_process_1 = require("node:child_process");
-const pLimit = require("p-limit");
 const apiv2_1 = require("../apiv2");
 const error_1 = require("../error");
 const logger_1 = require("../logger");
@@ -104,7 +103,7 @@ async function findSourceMapMappings(files, rootDir) {
     const mappings = [];
     const mapFilePathsSet = new Set(mapFiles.map((f) => f.name));
     const mapFilesLinkedInJsComment = new Set();
-    const limit = pLimit(exports.CONCURRENCY);
+    const limit = (0, utils_1.pLimit)(exports.CONCURRENCY);
     const results = await Promise.all(jsFiles.map((jsFile) => limit(async () => {
         const mapFilePath = await getLinkedSourceMapPath(jsFile.name);
         return { jsFile, mapFilePath };
@@ -164,7 +163,7 @@ async function getLinkedSourceMapPath(jsFilePath) {
 }
 async function uploadSourceMaps(mappings, request) {
     const { projectId, bucketName, appVersion, options } = request;
-    const limit = pLimit(exports.CONCURRENCY);
+    const limit = (0, utils_1.pLimit)(exports.CONCURRENCY);
     const results = await Promise.all(mappings.map((mapping) => limit(async () => {
         const uploadRequest = {
             projectId,

package/lib/database/import.js

@@ -8,7 +8,7 @@ const StreamObject = require("stream-json/streamers/StreamObject");
 const apiv2_1 = require("../apiv2");
 const node_fetch_1 = require("node-fetch");
 const error_1 = require("../error");
-const pLimit = require("p-limit");
+const utils_1 = require("../utils");
 class BatchChunks extends stream.Transform {
     constructor(maxSize, opts) {
         super({ ...opts, objectMode: true });
@@ -92,7 +92,7 @@ class DatabaseImporter {
         this.payloadSize = payloadSize;
         this.nonFatalRetryTimeout = 1000;
         this.client = new apiv2_1.Client({ urlPrefix: dbUrl.origin, auth: true });
-        this.limit = pLimit(concurrency);
+        this.limit = (0, utils_1.pLimit)(concurrency);
     }
     async execute() {
         await this.checkLocationIsEmpty();

package/lib/dataconnect/build.js

@@ -36,9 +36,9 @@ async function build(options, configDir, deployStats) {
 async function handleBuildErrors(errors, nonInteractive, force, dryRun) {
     const fatalDeploys = errors.filter((w) => w.extensions?.warningLevel === "ALWAYS_REQUIRED");
     if (fatalDeploys.length) {
-        utils.logLabeledError("dataconnect", `There are deployment requirements that are always required and cannot be bypassed:\n` +
+        utils.logLabeledError("dataconnect", `There are requirements that are always required and cannot be bypassed:\n` +
             (0, graphqlError_1.prettifyTable)(fatalDeploys));
-        throw new error_1.FirebaseError("Deployment failed due to unbypassable requirements.");
+        throw new error_1.FirebaseError("Failed due to unbypassable requirements.");
     }
     if (errors.filter((w) => !w.extensions?.warningLevel).length) {
         throw new error_1.FirebaseError(`There are errors in your schema and connector files:\n${errors.map(graphqlError_1.prettify).join("\n")}`);
@@ -47,7 +47,7 @@ async function handleBuildErrors(errors, nonInteractive, force, dryRun) {
     if (requiredForces.length && !force) {
         utils.logLabeledError("dataconnect", `There are changes in your schema or connectors that will result in broken behavior:\n` +
             (0, graphqlError_1.prettifyTable)(requiredForces));
-        throw new error_1.FirebaseError("Rerun this command with --force to deploy these changes.");
+        throw new error_1.FirebaseError("Rerun this command with --force to proceed with these changes.");
     }
     const interactiveAcks = errors.filter((w) => w.extensions?.warningLevel === "INTERACTIVE_ACK");
     const requiredAcks = errors.filter((w) => w.extensions?.warningLevel === "REQUIRE_ACK");
@@ -59,7 +59,7 @@ async function handleBuildErrors(errors, nonInteractive, force, dryRun) {
         utils.logLabeledWarning("dataconnect", `There are changes in your schema or connectors that may break your existing applications or introduce operations that are insecure. These changes require explicit acknowledgement to proceed. You may either reject the changes and update your sources with the suggested workaround(s), if any, or acknowledge these changes and proceed with the deployment:\n` +
             (0, graphqlError_1.prettifyTable)(requiredAcks));
         if (nonInteractive && !force) {
-            throw new error_1.FirebaseError("Explicit acknowledgement required for breaking schema or connector changes and new insecure operations. Rerun this command with --force to deploy these changes.");
+            throw new error_1.FirebaseError("Explicit acknowledgement required for breaking schema or connector changes and new insecure operations. Rerun this command with --force to proceed with these changes.");
         }
         else if (!nonInteractive && !force && !dryRun) {
             const result = await (0, prompt_1.select)({
@@ -68,7 +68,7 @@ async function handleBuildErrors(errors, nonInteractive, force, dryRun) {
                 default: "abort",
             });
             if (result === "abort") {
-                throw new error_1.FirebaseError(`Deployment aborted.`);
+                throw new error_1.FirebaseError("Aborted.");
             }
         }
     }
@@ -82,7 +82,7 @@ async function handleBuildErrors(errors, nonInteractive, force, dryRun) {
                 default: "proceed",
             });
             if (result === "abort") {
-                throw new error_1.FirebaseError(`Deployment aborted.`);
+                throw new error_1.FirebaseError("Aborted.");
             }
         }
     }

package/lib/deploy/apphosting/util.js

@@ -9,9 +9,11 @@ const path = require("path");
 const tar = require("tar");
 const tmp = require("tmp");
 const error_1 = require("../../error");
+const logger_1 = require("../../logger");
 const fsAsync = require("../../fsAsync");
 const utils_1 = require("../../utils");
-async function createLocalBuildTarArchive(config, rootDir, outputFiles) {
+const constants_1 = require("../../apphosting/constants");
+async function createLocalBuildTarArchive(config, rootDir, outputFiles, sizeLimitBytes = constants_1.CLOUD_RUN_SIZE_LIMIT_BYTES) {
     const tmpFile = tmp.fileSync({ prefix: `${config.backendId}-`, postfix: ".tar.gz" }).name;
     const filesToPackage = outputFiles.length > 0 ? outputFiles : ["."];
     const allFiles = [];
@@ -52,6 +54,12 @@ async function createLocalBuildTarArchive(config, rootDir, outputFiles) {
         cwd: rootDir,
         portable: true,
     }, allFiles);
+    const stats = fs.statSync(tmpFile);
+    if (config.localBuild && stats.size > sizeLimitBytes) {
+        const sizeInMB = stats.size / (1024 * 1024);
+        const limitInMB = sizeLimitBytes / (1024 * 1024);
+        logger_1.logger.warn(`The final build artifact is larger than ${limitInMB.toFixed(0)}MB (current size: ${sizeInMB.toFixed(2)}MB). Please reduce the size of your build artifacts.`);
+    }
     return tmpFile;
 }
 async function createSourceDeployArchive(config, rootDir, targetSubDir) {

package/lib/deploy/functions/prepare.js

@@ -208,7 +208,7 @@ async function prepare(context, options, payload) {
     }
     const wantBackend = backend.merge(...Object.values(wantBackends));
     const haveBackend = backend.merge(...Object.values(haveBackends));
-    await ensureAllRequiredAPIsEnabled(projectNumber, wantBackend);
+    await ensureAllRequiredAPIsEnabled(projectNumber, wantBackend, options);
     await warnIfNewGenkitFunctionIsMissingSecrets(wantBackend, haveBackend, options);
     warnIfDartBackendHasUnsupportedTriggers(wantBackend);
     const matchingBackend = backend.matchingBackend(wantBackend, (endpoint) => {
@@ -435,8 +435,44 @@ async function warnIfNewGenkitFunctionIsMissingSecrets(have, want, options) {
         }
     }
 }
-async function ensureAllRequiredAPIsEnabled(projectNumber, wantBackend) {
-    await Promise.all(Object.values(wantBackend.requiredAPIs).map(({ api }) => {
+const STANDARD_APIS = [
+    "cloudfunctions.googleapis.com",
+    "runtimeconfig.googleapis.com",
+    "cloudbuild.googleapis.com",
+    "artifactregistry.googleapis.com",
+    "run.googleapis.com",
+    "eventarc.googleapis.com",
+    "pubsub.googleapis.com",
+    "storage.googleapis.com",
+    "secretmanager.googleapis.com",
+    "cloudscheduler.googleapis.com",
+    "cloudtasks.googleapis.com",
+];
+async function ensureAllRequiredAPIsEnabled(projectNumber, wantBackend = backend.empty(), options = {}) {
+    const requiredApis = Object.values(wantBackend?.requiredAPIs ?? {});
+    const [standardApis, additionalApis] = (0, functional_1.partition)(requiredApis, ({ api }) => STANDARD_APIS.includes(api));
+    if (additionalApis.length > 0) {
+        const checks = await Promise.all(additionalApis.map(({ api }) => ensureApiEnabled.check(projectNumber, api, "functions", true)));
+        const missingApis = additionalApis.filter((_, i) => !checks[i]);
+        if (missingApis.length > 0) {
+            const apiList = missingApis
+                .map(({ api, reason }) => ` - ${api}${reason ? `: ${reason}` : ""}`)
+                .join("\n");
+            const confirm = await prompt.confirm({
+                message: `This codebase depends on the following additional API(s) which are currently disabled:\n${apiList}\nWould you like to enable them?`,
+                default: false,
+                force: options.force,
+                nonInteractive: options.nonInteractive,
+            });
+            if (!confirm) {
+                throw new error_1.FirebaseError("Must enable required APIs to deploy.");
+            }
+            await Promise.all(missingApis.map(({ api }) => {
+                return ensureApiEnabled.ensure(projectNumber, api, "functions", false);
+            }));
+        }
+    }
+    await Promise.all(standardApis.map(({ api }) => {
         return ensureApiEnabled.ensure(projectNumber, api, "functions", false);
     }));
     if (backend.someEndpoint(wantBackend, (e) => e.platform === "gcfv2")) {

package/lib/deploy/functions/prepareFunctionsUpload.js

@@ -6,7 +6,6 @@ exports.prepareFunctionsUpload = prepareFunctionsUpload;
 exports.convertToSortedKeyValueArray = convertToSortedKeyValueArray;
 const archiver = require("archiver");
 const clc = require("colorette");
-const filesize = require("filesize");
 const fs = require("fs");
 const path = require("path");
 const tmp = require("tmp");
@@ -120,7 +119,7 @@ async function packageSource(projectDir, sourceDir, config, additionalSources, r
         " packaged " +
         clc.bold(sourceDir) +
         " (" +
-        filesize(archive.pointer()) +
+        utils.formatFilesize(archive.pointer()) +
         ") for uploading");
     const sourceHash = crypto.createHash("sha1").update(hashes.sort().join("")).digest("hex");
     const hash = configHash ? `${sourceHash}.${configHash}` : sourceHash;

package/lib/deploy/functions/release/index.js

@@ -18,7 +18,6 @@ const error_1 = require("../../../error");
 const getProjectNumber_1 = require("../../../getProjectNumber");
 const extensions_1 = require("../../extensions");
 const artifacts = require("../../../functions/artifacts");
-const supported_1 = require("../runtimes/supported");
 async function release(context, options, payload) {
     if (context.extensions && payload.extensions) {
         await (0, extensions_1.release)(context.extensions, options, payload.extensions);
@@ -89,10 +88,6 @@ async function release(context, options, payload) {
     reporter.printErrors(summary);
     const wantBackend = backend.merge(...Object.values(payload.functions).map((p) => p.wantBackend));
     printTriggerUrls(wantBackend, projectNumber);
-    if (backend.someEndpoint(wantBackend, (endpoint) => (0, supported_1.runtimeIsLanguage)(endpoint.runtime, "dart"))) {
-        utils.logLabeledBullet("functions", "Dart functions may not yet be visible in the Firebase Console. " +
-            `View them in the Cloud Console at https://console.cloud.google.com/run/services?project=${context.projectId}`);
-    }
     await setupArtifactCleanupPolicies(options, options.projectId, Object.keys(wantBackend.endpoints));
     const allErrors = summary.results.filter((r) => r.error).map((r) => r.error);
     if (allErrors.length) {