Switch to gen2 API (#409)

This PR moves everything to use the `v2` API and adopts the "GEN_2"
function type. This is a major breaking change that should be released
as v3. As per our support policy, we will support v2 and v3, with v2
receiving critical bug fixes. We will drop support for v1.

- Fixes
#304
- Closes
#384
(N/A in GEN_2)
- Fixes
#373
- Closes
#399
(Cloud Functions recommends against CI/CD systems controlling IAM
permissions)
- Closes
#9
(N/A)

.github/workflows/cleanup.yml

@@ -14,25 +14,25 @@ jobs:
     runs-on: 'ubuntu-latest'
 
     steps:
-    - uses: 'actions/checkout@v4'
-
-    - uses: 'google-github-actions/auth@v2'
-      with:
-        workload_identity_provider: '${{ vars.WIF_PROVIDER_NAME }}'
-        service_account: '${{ vars.SERVICE_ACCOUNT_EMAIL }}'
-
-    - uses: 'google-github-actions/setup-gcloud@v2'
-
-    - name: Delete services
-      run: |-
-        gcloud config set core/project "${{ vars.PROJECT_ID }}"
-        gcloud config set functions/region "us-central1"
-
-        # List and delete all functions that were deployed 30 minutes ago or
-        # earlier. The date math here is a little weird, but we're looking for
-        # deployments "earlier than" 30 minutes ago, so it's less than since
-        # time increases.
-        (IFS=$'\n'; for NAME in $(gcloud functions list --format="value(name)" --filter="updateTime < '-pt30m'"); do
-          echo "Deleting ${NAME}..."
-          gcloud functions delete ${NAME} --quiet
-        done)
+      - uses: 'actions/checkout@v4'
+
+      - uses: 'google-github-actions/auth@v2'
+        with:
+          workload_identity_provider: '${{ vars.WIF_PROVIDER_NAME }}'
+          service_account: '${{ vars.SERVICE_ACCOUNT_EMAIL }}'
+
+      - uses: 'google-github-actions/setup-gcloud@v2'
+
+      - name: Delete services
+        run: |-
+          gcloud config set core/project "${{ vars.PROJECT_ID }}"
+          gcloud config set functions/region "us-central1"
+
+          # List and delete all functions that were deployed 30 minutes ago or
+          # earlier. The date math here is a little weird, but we're looking for
+          # deployments "earlier than" 30 minutes ago, so it's less than since
+          # time increases.
+          (IFS=$'\n'; for NAME in $(gcloud functions list --format="value(name)" --filter="updateTime < '-pt30m'"); do
+            echo "Deleting ${NAME}..."
+            gcloud functions delete ${NAME} --quiet
+          done)

.github/workflows/draft-release.yml

@@ -21,4 +21,4 @@ jobs:
       version_strategy: '${{ github.event.inputs.version_strategy }}'
     # secrets must be explicitly passed to reusable workflows https://docs.github.com/en/enterprise-cloud@latest/actions/using-workflows/reusing-workflows#using-inputs-and-secrets-in-a-reusable-workflow
     secrets:
-      ACTIONS_BOT_TOKEN: '${{ secrets.ACTIONS_BOT_TOKEN }}'
+      ACTIONS_BOT_TOKEN: '${{ secrets.ACTIONS_BOT_TOKEN }}'

.github/workflows/integration.yml

@@ -17,74 +17,77 @@ concurrency:
 
 jobs:
   https_trigger:
-    if: ${{ github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name && github.actor != 'dependabot[bot]' }}
+    timeout-minutes: 10
     permissions:
       contents: 'read'
       id-token: 'write'
     runs-on: 'ubuntu-latest'
     steps:
-    - uses: 'actions/checkout@v4'
+      - uses: 'actions/checkout@v4'
 
-    - uses: 'actions/setup-node@v4'
-      with:
-        node-version: '20.x'
+      - uses: 'actions/setup-node@v4'
+        with:
+          node-version: '20.x'
 
-    - name: 'npm build'
-      run: 'npm ci && npm run build'
+      - name: 'npm build'
+        run: 'npm ci && npm run build'
 
-    - uses: 'google-github-actions/auth@v2'
-      with:
-        workload_identity_provider: '${{ vars.WIF_PROVIDER_NAME }}'
-        service_account: '${{ vars.SERVICE_ACCOUNT_EMAIL }}'
+      - uses: 'google-github-actions/auth@v2'
+        with:
+          project_id: '${{ vars.PROJECT_ID }}'
+          workload_identity_provider: '${{ vars.WIF_PROVIDER_NAME }}'
 
-    - id: 'deploy'
-      uses: './'
-      with:
-        name: 'https-trigger-${{ github.run_number }}'
-        runtime: 'nodejs16'
-        entry_point: 'helloWorld'
-        source_dir: './tests/test-node-func/'
-        https_trigger_security_level: 'secure_always'
+      - id: 'deploy'
+        uses: './'
+        with:
+          name: 'https-trigger-${{ github.run_number }}'
+          runtime: 'nodejs22'
+          entry_point: 'helloWorld'
+          source_dir: './tests/test-node-func/'
+          service_account: '${{ vars.SERVICE_ACCOUNT_EMAIL }}'
 
   event_trigger:
-    if: ${{ github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name && github.actor != 'dependabot[bot]' }}
+    timeout-minutes: 10
     permissions:
       contents: 'read'
       id-token: 'write'
     runs-on: 'ubuntu-latest'
     steps:
-    - uses: 'actions/checkout@v4'
+      - uses: 'actions/checkout@v4'
 
-    - uses: 'actions/setup-node@v4'
-      with:
-        node-version: '20.x'
+      - uses: 'actions/setup-node@v4'
+        with:
+          node-version: '20.x'
 
-    - name: 'npm build'
-      run: 'npm ci && npm run build'
+      - name: 'npm build'
+        run: 'npm ci && npm run build'
 
-    - uses: 'google-github-actions/auth@v2'
-      with:
-        workload_identity_provider: '${{ vars.WIF_PROVIDER_NAME }}'
-        service_account: '${{ vars.SERVICE_ACCOUNT_EMAIL }}'
+      - uses: 'google-github-actions/auth@v2'
+        with:
+          project_id: '${{ vars.PROJECT_ID }}'
+          workload_identity_provider: '${{ vars.WIF_PROVIDER_NAME }}'
 
-    - id: 'deploy'
-      uses: './'
-      with:
-        name: 'event-trigger-${{ github.run_number }}'
-        runtime: 'nodejs16'
-        entry_point: 'helloWorld'
-        source_dir: './tests/test-node-func/'
-        event_trigger_type: 'providers/cloud.pubsub/eventTypes/topic.publish'
-        event_trigger_resource: '${{ vars.PUBSUB_TOPIC_NAME }}'
-        event_trigger_retry: true
-        env_vars_file: './tests/env-var-files/test.good.yaml'
-        build_environment_variables: 'FOO=bar, ZIP=zap'
-        build_environment_variables_file: './tests/env-var-files/test.good.yaml'
-        secret_environment_variables: |-
-          FOO=${{ vars.SECRET_VERSION_NAME }}
-          BAR=${{ vars.SECRET_NAME }}
-        secret_volumes: '/etc/secrets/foo=${{ vars.SECRET_VERSION_NAME }}'
-        service_account_email: '${{ vars.SERVICE_ACCOUNT_EMAIL }}'
-        min_instances: 2
-        max_instances: 5
-        timeout: 300
+      - id: 'deploy'
+        uses: './'
+        with:
+          name: 'event-trigger-${{ github.run_number }}'
+          runtime: 'nodejs22'
+          entry_point: 'helloWorld'
+          source_dir: './tests/test-node-func/'
+          event_trigger_type: 'google.cloud.pubsub.topic.v1.messagePublished'
+          event_trigger_pubsub_topic: '${{ vars.PUBSUB_TOPIC_NAME }}'
+          event_trigger_retry: true
+          event_trigger_service_account: '${{ vars.SERVICE_ACCOUNT_EMAIL }}'
+          environment_variables: |-
+            FOO=bar
+            ZIP=zap
+          build_environment_variables: |-
+            FRUIT=apple
+            MEAT=bacon
+          secrets: |-
+            SECRET_FOO=${{ vars.SECRET_VERSION_NAME }}
+            SECRET_BAR=${{ vars.SECRET_NAME }}
+            /etc/secrets/foo=${{ vars.SECRET_VERSION_NAME }}
+          service_account: '${{ vars.SERVICE_ACCOUNT_EMAIL }}'
+          min_instance_count: 2
+          max_instance_count: 5

.github/workflows/unit.yml

@@ -25,36 +25,36 @@ jobs:
       fail-fast: false
       matrix:
         os:
-        - 'ubuntu-latest'
-        - 'windows-latest'
-        - 'macos-latest'
+          - 'ubuntu-latest'
+          - 'windows-latest'
+          - 'macos-latest'
     runs-on: '${{ matrix.os }}'
 
     steps:
-    - uses: 'actions/checkout@v4'
-
-    - uses: 'actions/setup-node@v4'
-      with:
-        node-version: '20.x'
-
-    - name: 'npm build'
-      run: 'npm ci && npm run build'
-
-    - name: 'npm lint'
-      # There's no need to run the linter for each operating system, since it
-      # will find the same thing 3x and clog up the PR review.
-      if: ${{ matrix.os == 'ubuntu-latest' }}
-      run: 'npm run lint'
-
-    - uses: 'google-github-actions/auth@v2'
-      if: ${{ github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name && github.actor != 'dependabot[bot]' }}
-      with:
-        workload_identity_provider: '${{ vars.WIF_PROVIDER_NAME }}'
-        service_account: '${{ vars.SERVICE_ACCOUNT_EMAIL }}'
-
-    - name: 'npm test'
-      env:
-        TEST_PROJECT_ID: '${{ vars.PROJECT_ID }}'
-        TEST_SERVICE_ACCOUNT_EMAIL: '${{ vars.SERVICE_ACCOUNT_EMAIL }}'
-        TEST_SECRET_VERSION_NAME: '${{ vars.SECRET_VERSION_NAME }}'
-      run: 'npm run test'
+      - uses: 'actions/checkout@v4'
+
+      - uses: 'actions/setup-node@v4'
+        with:
+          node-version: '20.x'
+
+      - name: 'npm build'
+        run: 'npm ci && npm run build'
+
+      - name: 'npm lint'
+        # There's no need to run the linter for each operating system, since it
+        # will find the same thing 3x and clog up the PR review.
+        if: ${{ matrix.os == 'ubuntu-latest' }}
+        run: 'npm run lint'
+
+      - uses: 'google-github-actions/auth@v2'
+        if: ${{ github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name && github.actor != 'dependabot[bot]' }}
+        with:
+          workload_identity_provider: '${{ vars.WIF_PROVIDER_NAME }}'
+          service_account: '${{ vars.SERVICE_ACCOUNT_EMAIL }}'
+
+      - name: 'npm test'
+        env:
+          TEST_PROJECT_ID: '${{ vars.PROJECT_ID }}'
+          TEST_SERVICE_ACCOUNT_EMAIL: '${{ vars.SERVICE_ACCOUNT_EMAIL }}'
+          TEST_SECRET_VERSION_NAME: '${{ vars.SECRET_VERSION_NAME }}'
+        run: 'npm run test'