Add support for deploying local source to App Hosting

[blidd-google]

firebase deploy now deploys source code on the user's local machine to the corresponding backend on App Hosting. Guides the user through backend creation if the backend does not exist yet.

Note that firebase deploy relies on a new apphosting section in the firebase.json file, which can be initialized using the enhanced firebase init apphosting command (implemented here #8479).

[annajowang]

some changes from https://github.com/firebase/firebase-tools/pull/8479/files are showing up in this PR
could you separate these?

I'm happy to do a fast review of https://github.com/firebase/firebase-tools/pull/8479/files after comments have been resolved so you can merge and get those changes rebased into this PR

meanwhile will try an initial review using https://github.com/firebase/firebase-tools/compare/b5697e6209372606c2692bafe253c0fc9f9280dd..fdc6255ec928bac4a3871572793d856703674a06?diff=split&w

[annajowang]

initial review of just the first few files in https://github.com/firebase/firebase-tools/compare/b5697e6209372606c2692bafe253c0fc9f9280dd..fdc6255ec928bac4a3871572793d856703674a06?diff=split&w

I skimmed the others. Could you just pull out src/gcp/apphosting.ts, src/gcp/devConnect.ts, and src/gcp/storage.ts changes into other PRs, and I can take a quick look and then stamp, before continuing with this PR

[annajowang]

Can you add a comment in the code explaining why this new roles/storage.objectViewer stuff is necessary

[annajowang]

^ for better code comprehension e.g. letting reader know that deploy from source has the source code bundled in storage buckets so we need access to that bucket.

but also, now I see below that roles/storage.objectViewer is also added in provisionDefaultComputeServiceAccount() below, which is called in this ensureAppHostingComputeServiceAccount()

and I'm not sure why?

either there's a better way to do it to make things more clear natively or let's document what we're doing and explain any weird/confusing stuff.

[annajowang]

does apphosting require any permissions we need to check for?

[blidd-google]

added calls with ensureApiEnabled to check if App Hosting API is enabled. Double checking with team which specific IAM permissions are required

[annajowang]

reviewed up to src/deploy/apphosting/deploy.ts

[annajowang]

if context.backendLocations is empty, i would expect .values() to just return [], so we don't need the || [] ?

also nit: can we inline context.backendLocations.values() into the for loop as well?

[annajowang]

does the bucket location also need to match the apphosting location? or are we just creating a bucket for each apphosting location?

[blidd-google]

We're creating a bucket on demand for every location that has an deploy-from-source backend in it.

For example: the user is trying to deploy from source backend A in us-central1, but there's no bucket yet in us-central1 so we create it. There is also a backend B in asia-east1, but the user hasn't tried to deploy B from source yet, so we don't create that bucket.

[annajowang]

So should this line be:
location: loc
not:
location: "US-CENTRAL1"

[annajowang]

Can you pull this into some separate doSetupSourceDeploy() function that lives in https://github.com/firebase/firebase-tools/blob/master/src/apphosting/backend.ts

This has a too much repeat code from deSetup(): https://github.com/firebase/firebase-tools/blob/master/src/apphosting/backend.ts#L74

if we don't have time to refactor and reduce the duplicate code here, these should at least live near each other, so we're more likely to dedupe in the future and we're more likely to change things in both places and keep the UX behaviors consistent.

[annajowang]

Also it seems like the big block of code above

 await Promise.all([
    ensure(projectId, developerConnectOrigin(), "apphosting", true),
    ensure(projectId, cloudbuildOrigin(), "apphosting", true),
    ensure(projectId, secretManagerOrigin(), "apphosting", true),
    ensure(projectId, cloudRunApiOrigin(), "apphosting", true),
    ensure(projectId, artifactRegistryDomain(), "apphosting", true),
    ensure(projectId, iamOrigin(), "apphosting", true),
  ]);
  await ensureAppHostingComputeServiceAccount(
    projectId,
    /* serviceAccount= */ null,
    /* deployFromSource= */ true,
  );

should go into this new doSetupSourceDeploy(), since it's also in doSetup() and all these don't need to be made when the backend already exists?

[annajowang]

This is repeated below:

context.backendConfigs.set(cfg.backendId, cfg);
context.backendLocations.set(cfg.backendId, location);

can you move this to the bottom of the for loop

[blidd-google]

I see your point about having the create logic in the same module, I've refactored it into a doSetupSourceDeploy() function in https://github.com/firebase/firebase-tools/blob/master/src/apphosting/backend.ts. However, I think de-duping might be a bit premature; refactoring the duplicate logic into a helper function would require introducing new arguments to that helper (i.e. we would need an optional backendId arg since source deploys won't need to prompt for a backend ID, and same thing for webAppName), just to avoid repeating three function calls. So as of now, from a readability perspective I'm leaning on the side of keeping separate doSetup and doSetupSourceDeploy. But as the logic expands in the future, I'm open to revisiting the refactor option. WDYT?

[annajowang]

yeah keeping similar code close together, so anyone making changes in one is more likely to not miss making the same changes in the other is my main concern. agree deduping would be a big task right now that can be left for later given timeline.

[annajowang]

Should this be if (backendId.length > 0) ?

[annajowang]

feel like this could all be replaced by

filtered = backendConfigs.filter(cfg => backendIds.include(cfg.BackendId));

[annajowang]

nit: move this above defining the two constants, since you don't need them.
for readability, delay creating new variables until right before they're first needed.

[annajowang]

I don't think confirmDeploy could ever be falsey except within the if (!options.force) { if statement. So i think we can keep confirmDeploy and the logwarning all inside the if statement and get rid of this extra else

[annajowang]

i think just saying "Starting rollout(s) for backend(s) ...." is fine and does not degrade user experience.

[annajowang]

do we want to let the user known what directory is being used as their projectRoot?
I think it would be a big deal if the user accidentally deploys the wrong set of files, but I don't know if we're preventing / reducing chances of that happening at some point prior to this.

[blidd-google]

Added some log lines. Users can cancel the upload file stream if they realize they uploaded the wrong files.

[annajowang]

nit: would feel better if line was trimmed before checking if it starts with "#" as well.

[annajowang]

nit: move lines to inside promise?

[annajowang]

I'd really like us to not write code where we don't have to. but since we're on a time crunch:
could you leave a TODO to say that this could potentially be replaced by
https://www.npmjs.com/package/parse-gitignore

so whoever touches this next can consider doing it.

[annajowang]

actually, as bryan said somewhere else, this package essentially does
"fs.ReadFileSync("path").filter(startsWith("#"))"

I'm realizing it's not clear to me why we need 30+ lines of code instead of just

return fs.ReadFileSync(".gitinore").filter( (line) => line.trim().startsWith("#") || line.trim() === ""))

[blidd-google]

Fair enough. The event listening approach is kind of an old school way to do it. Made the changes