Switch to gen2 API

google-github-actions · May 19, 2024 · 33e0ca5 · 33e0ca5
1 parent 6282b54
commit 33e0ca5
Show file tree

Hide file tree

Showing 15 changed files with 1,298 additions and 875 deletions.
diff --git a/.github/workflows/cleanup.yml b/.github/workflows/cleanup.yml
@@ -14,25 +14,25 @@ jobs:
     runs-on: 'ubuntu-latest'
 
     steps:
-    - uses: 'actions/checkout@v4'
-
-    - uses: 'google-github-actions/auth@v2'
-      with:
-        workload_identity_provider: '${{ vars.WIF_PROVIDER_NAME }}'
-        service_account: '${{ vars.SERVICE_ACCOUNT_EMAIL }}'
-
-    - uses: 'google-github-actions/setup-gcloud@v2'
-
-    - name: Delete services
-      run: |-
-        gcloud config set core/project "${{ vars.PROJECT_ID }}"
-        gcloud config set functions/region "us-central1"
-
-        # List and delete all functions that were deployed 30 minutes ago or
-        # earlier. The date math here is a little weird, but we're looking for
-        # deployments "earlier than" 30 minutes ago, so it's less than since
-        # time increases.
-        (IFS=$'\n'; for NAME in $(gcloud functions list --format="value(name)" --filter="updateTime < '-pt30m'"); do
-          echo "Deleting ${NAME}..."
-          gcloud functions delete ${NAME} --quiet
-        done)
+      - uses: 'actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b' # ratchet:actions/checkout@v4
+
+      - uses: 'google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c' # ratchet:google-github-actions/auth@v2
+        with:
+          workload_identity_provider: '${{ vars.WIF_PROVIDER_NAME }}'
+          service_account: '${{ vars.SERVICE_ACCOUNT_EMAIL }}'
+
+      - uses: 'google-github-actions/setup-gcloud@98ddc00a17442e89a24bbf282954a3b65ce6d200' # ratchet:google-github-actions/setup-gcloud@v2
+
+      - name: Delete services
+        run: |-
+          gcloud config set core/project "${{ vars.PROJECT_ID }}"
+          gcloud config set functions/region "us-central1"
+
+          # List and delete all functions that were deployed 30 minutes ago or
+          # earlier. The date math here is a little weird, but we're looking for
+          # deployments "earlier than" 30 minutes ago, so it's less than since
+          # time increases.
+          (IFS=$'\n'; for NAME in $(gcloud functions list --format="value(name)" --filter="updateTime < '-pt30m'"); do
+            echo "Deleting ${NAME}..."
+            gcloud functions delete ${NAME} --quiet
+          done)
diff --git a/.github/workflows/draft-release.yml b/.github/workflows/draft-release.yml
@@ -16,9 +16,9 @@ on:
 jobs:
   draft-release:
     name: 'Draft release'
-    uses: 'google-github-actions/.github/.github/workflows/draft-release.yml@v0'
+    uses: 'google-github-actions/.github/.github/workflows/draft-release.yml@8cd22c145f2e80541e0b757ccd4b4ded9710715f' # ratchet:google-github-actions/.github/.github/workflows/draft-release.yml@v0
     with:
       version_strategy: '${{ github.event.inputs.version_strategy }}'
     # secrets must be explicitly passed to reusable workflows https://docs.github.com/en/enterprise-cloud@latest/actions/using-workflows/reusing-workflows#using-inputs-and-secrets-in-a-reusable-workflow
     secrets:
-      ACTIONS_BOT_TOKEN: '${{ secrets.ACTIONS_BOT_TOKEN }}'
+      ACTIONS_BOT_TOKEN: '${{ secrets.ACTIONS_BOT_TOKEN }}'
diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml
@@ -23,28 +23,28 @@ jobs:
       id-token: 'write'
     runs-on: 'ubuntu-latest'
     steps:
-    - uses: 'actions/checkout@v4'
+      - uses: 'actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b' # ratchet:actions/checkout@v4
 
-    - uses: 'actions/setup-node@v4'
-      with:
-        node-version: '20.x'
+      - uses: 'actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8' # ratchet:actions/setup-node@v4
+        with:
+          node-version: '20.x'
 
-    - name: 'npm build'
-      run: 'npm ci && npm run build'
+      - name: 'npm build'
+        run: 'npm ci && npm run build'
 
-    - uses: 'google-github-actions/auth@v2'
-      with:
-        workload_identity_provider: '${{ vars.WIF_PROVIDER_NAME }}'
-        service_account: '${{ vars.SERVICE_ACCOUNT_EMAIL }}'
+      - uses: 'google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c' # ratchet:google-github-actions/auth@v2
+        with:
+          workload_identity_provider: '${{ vars.WIF_PROVIDER_NAME }}'
+          service_account: '${{ vars.SERVICE_ACCOUNT_EMAIL }}'
 
-    - id: 'deploy'
-      uses: './'
-      with:
-        name: 'https-trigger-${{ github.run_number }}'
-        runtime: 'nodejs16'
-        entry_point: 'helloWorld'
-        source_dir: './tests/test-node-func/'
-        https_trigger_security_level: 'secure_always'
+      - id: 'deploy'
+        uses: './'
+        with:
+          name: 'https-trigger-${{ github.run_number }}'
+          runtime: 'nodejs22'
+          entry_point: 'helloWorld'
+          source_dir: './tests/test-node-func/'
+          https_trigger_security_level: 'secure_always'
 
   event_trigger:
     if: ${{ github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name && github.actor != 'dependabot[bot]' }}
@@ -53,38 +53,38 @@ jobs:
       id-token: 'write'
     runs-on: 'ubuntu-latest'
     steps:
-    - uses: 'actions/checkout@v4'
+      - uses: 'actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b' # ratchet:actions/checkout@v4
 
-    - uses: 'actions/setup-node@v4'
-      with:
-        node-version: '20.x'
+      - uses: 'actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8' # ratchet:actions/setup-node@v4
+        with:
+          node-version: '20.x'
 
-    - name: 'npm build'
-      run: 'npm ci && npm run build'
+      - name: 'npm build'
+        run: 'npm ci && npm run build'
 
-    - uses: 'google-github-actions/auth@v2'
-      with:
-        workload_identity_provider: '${{ vars.WIF_PROVIDER_NAME }}'
-        service_account: '${{ vars.SERVICE_ACCOUNT_EMAIL }}'
+      - uses: 'google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c' # ratchet:google-github-actions/auth@v2
+        with:
+          workload_identity_provider: '${{ vars.WIF_PROVIDER_NAME }}'
+          service_account: '${{ vars.SERVICE_ACCOUNT_EMAIL }}'
 
-    - id: 'deploy'
-      uses: './'
-      with:
-        name: 'event-trigger-${{ github.run_number }}'
-        runtime: 'nodejs16'
-        entry_point: 'helloWorld'
-        source_dir: './tests/test-node-func/'
-        event_trigger_type: 'providers/cloud.pubsub/eventTypes/topic.publish'
-        event_trigger_resource: '${{ vars.PUBSUB_TOPIC_NAME }}'
-        event_trigger_retry: true
-        env_vars_file: './tests/env-var-files/test.good.yaml'
-        build_environment_variables: 'FOO=bar, ZIP=zap'
-        build_environment_variables_file: './tests/env-var-files/test.good.yaml'
-        secret_environment_variables: |-
-          FOO=${{ vars.SECRET_VERSION_NAME }}
-          BAR=${{ vars.SECRET_NAME }}
-        secret_volumes: '/etc/secrets/foo=${{ vars.SECRET_VERSION_NAME }}'
-        service_account_email: '${{ vars.SERVICE_ACCOUNT_EMAIL }}'
-        min_instances: 2
-        max_instances: 5
-        timeout: 300
+      - id: 'deploy'
+        uses: './'
+        with:
+          name: 'event-trigger-${{ github.run_number }}'
+          runtime: 'nodejs22'
+          entry_point: 'helloWorld'
+          source_dir: './tests/test-node-func/'
+          event_trigger_type: 'providers/cloud.pubsub/eventTypes/topic.publish'
+          event_trigger_resource: '${{ vars.PUBSUB_TOPIC_NAME }}'
+          event_trigger_retry: true
+          env_vars_file: './tests/env-var-files/test.good.yaml'
+          build_environment_variables: 'FOO=bar, ZIP=zap'
+          build_environment_variables_file: './tests/env-var-files/test.good.yaml'
+          secret_environment_variables: |-
+            FOO=${{ vars.SECRET_VERSION_NAME }}
+            BAR=${{ vars.SECRET_NAME }}
+          secret_volumes: '/etc/secrets/foo=${{ vars.SECRET_VERSION_NAME }}'
+          service_account_email: '${{ vars.SERVICE_ACCOUNT_EMAIL }}'
+          min_instances: 2
+          max_instances: 5
+          timeout: 300
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -10,4 +10,4 @@ jobs:
   release:
     if: "startsWith(github.event.head_commit.message, 'Release: v')"
     name: 'Release'
-    uses: 'google-github-actions/.github/.github/workflows/release.yml@v0'
+    uses: 'google-github-actions/.github/.github/workflows/release.yml@8cd22c145f2e80541e0b757ccd4b4ded9710715f' # ratchet:google-github-actions/.github/.github/workflows/release.yml@v0
diff --git a/.github/workflows/unit.yml b/.github/workflows/unit.yml
@@ -25,36 +25,36 @@ jobs:
       fail-fast: false
       matrix:
         os:
-        - 'ubuntu-latest'
-        - 'windows-latest'
-        - 'macos-latest'
+          - 'ubuntu-latest'
+          - 'windows-latest'
+          - 'macos-latest'
     runs-on: '${{ matrix.os }}'
 
     steps:
-    - uses: 'actions/checkout@v4'
-
-    - uses: 'actions/setup-node@v4'
-      with:
-        node-version: '20.x'
-
-    - name: 'npm build'
-      run: 'npm ci && npm run build'
-
-    - name: 'npm lint'
-      # There's no need to run the linter for each operating system, since it
-      # will find the same thing 3x and clog up the PR review.
-      if: ${{ matrix.os == 'ubuntu-latest' }}
-      run: 'npm run lint'
-
-    - uses: 'google-github-actions/auth@v2'
-      if: ${{ github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name && github.actor != 'dependabot[bot]' }}
-      with:
-        workload_identity_provider: '${{ vars.WIF_PROVIDER_NAME }}'
-        service_account: '${{ vars.SERVICE_ACCOUNT_EMAIL }}'
-
-    - name: 'npm test'
-      env:
-        TEST_PROJECT_ID: '${{ vars.PROJECT_ID }}'
-        TEST_SERVICE_ACCOUNT_EMAIL: '${{ vars.SERVICE_ACCOUNT_EMAIL }}'
-        TEST_SECRET_VERSION_NAME: '${{ vars.SECRET_VERSION_NAME }}'
-      run: 'npm run test'
+      - uses: 'actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b' # ratchet:actions/checkout@v4
+
+      - uses: 'actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8' # ratchet:actions/setup-node@v4
+        with:
+          node-version: '20.x'
+
+      - name: 'npm build'
+        run: 'npm ci && npm run build'
+
+      - name: 'npm lint'
+        # There's no need to run the linter for each operating system, since it
+        # will find the same thing 3x and clog up the PR review.
+        if: ${{ matrix.os == 'ubuntu-latest' }}
+        run: 'npm run lint'
+
+      - uses: 'google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c' # ratchet:google-github-actions/auth@v2
+        if: ${{ github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name && github.actor != 'dependabot[bot]' }}
+        with:
+          workload_identity_provider: '${{ vars.WIF_PROVIDER_NAME }}'
+          service_account: '${{ vars.SERVICE_ACCOUNT_EMAIL }}'
+
+      - name: 'npm test'
+        env:
+          TEST_PROJECT_ID: '${{ vars.PROJECT_ID }}'
+          TEST_SERVICE_ACCOUNT_EMAIL: '${{ vars.SERVICE_ACCOUNT_EMAIL }}'
+          TEST_SECRET_VERSION_NAME: '${{ vars.SECRET_VERSION_NAME }}'
+        run: 'npm run test'
diff --git a/README.md b/README.md
@@ -67,6 +67,8 @@ jobs:
 
 - `region`: (Optional) [Region](https://cloud.google.com/functions/docs/locations) in which the function should be deployed. Defaults to `us-central1`.
 
+- `environment`: (Optional) Runtime environment (generation) for the Cloud Functions. Valid values are `GEN_1` and `GEN_2`. Defaults to unspecified (server value).
+
 - `env_vars`: (Optional) List of comma-seperated key-value pairs to set as environment variables in the format: `KEY1=VALUE1,KEY2=VALUE2`. All existing environment variables will be removed, even if this parameter is not passed. Keys or values that contain a separator must be escaped with a backslash (`\,`, `\\n`). All leading and trailing whitespace is trimmed.
 
 - `env_vars_file`: (Optional) Path to a local YAML file with definitions for all environment variables. An example env_vars_file can be found [here](tests/env-var-files/test.good.yaml). All existing environment variables will be removed, even if this parameter is not passed. If `env_vars` is also given, values in `env_vars` take precedence over these values.
@@ -178,6 +180,19 @@ jobs:
   provide an artifact registry repository using the `docker_repository` field
   that was created with the same key.
 
+-   `universe`: (Optional) The Google Cloud universe to use for constructing API
+    endpoints. The default universe is "googleapis.com", which corresponds to
+    https://cloud.google.com. Trusted Partner Cloud and Google Distributed
+    Hosted Cloud should set this to their universe address.
+
+    You can also override individual API endpoints by setting the environment variable `GHA_ENDPOINT_OVERRIDE_<endpoint>` where endpoint is the API endpoint to override. For example:
+
+    ```yaml
+    env:
+      GHA_ENDPOINT_OVERRIDE_oauth2: 'https://oauth2.myapi.endpoint/v1'
+    ```
+
+
 ### Allowing unauthenticated requests
 
 A Cloud Functions product recommendation is that CI/CD systems not set or change

diff --git a/action.yaml b/action.yaml
@@ -40,6 +40,13 @@ inputs:
     default: 'us-central1'
     required: false
 
+  environment:
+    description: |-
+      Runtime environment for the Cloud Function (1st Gen or 2nd Gen). Defaults
+      to unspecified (server value).
+    default: 'ENVIRONMENT_UNSPECIFIED'
+    required: false
+
   source_dir:
     description: |-
       Path to function deployment directory within the source repo.
@@ -126,7 +133,7 @@ inputs:
       account.
     required: false
 
-  timeout:
+  service_timeout:
     description: |-
       The function execution timeout.
     default: '60s'
@@ -149,7 +156,7 @@ inputs:
       "secure_optional", the function will be accessible over the http and https
       protocols. The default value is "security_level_unspecified", which uses
       the platform's default value.
-    default: "security_level_unspecified"
+    default: "SECURITY_LEVEL_UNSPECIFIED"
     required: false
 
   event_trigger_type:
@@ -175,8 +182,8 @@ inputs:
 
   deploy_timeout:
     description: |-
-      The function deployment timeout in seconds.
-    default: 300
+      The function deployment timeout.
+    default: '5m'
     required: false
 
   build_worker_pool:
@@ -201,8 +208,8 @@ inputs:
   docker_registry:
     description: |-
       Registry to use for storing Docker containers. This must be one of
-      "artifact-registry" or "container-registry".
-    default: "container-registry"
+      "ARTIFACT_REGISTRY" or "CONTAINER_REGISTRY".
+    default: "ARTIFACT_REGISTRY"
     required: false
 
   docker_repository:
@@ -218,6 +225,15 @@ inputs:
       with the same key.
     required: false
 
+  universe:
+    description: |-
+      The Google Cloud universe to use for constructing API endpoints. The
+      default universe is "googleapis.com", which corresponds to
+      https://cloud.google.com. Trusted Partner Cloud and Google Distributed
+      Hosted Cloud should set this to their universe address.
+    required: false
+    default: 'googleapis.com'
+
 outputs:
   url:
     description: The URL of your Cloud Function. Only available with HTTP Trigger.

diff --git a/dist/index.js b/dist/index.js