[pull] master from GoogleCloudPlatform:master

.github/workflows/ci.yml

@@ -4,10 +4,17 @@ jobs:
   cloudshell_open:
     runs-on: ubuntu-latest
     steps:
+    - name: Free disk space
+      run: |
+        docker system prune -a -f
+        sudo rm -rf /usr/local/lib/android
+        df /var/
+        df -h
     - uses: actions/checkout@master
-    - uses: actions/setup-go@v1
+    - uses: actions/setup-go@v5
       with:
-        go-version: 1.14
+        go-version: 1.21
+    - run: git config --global init.defaultBranch main # TODO remove later as git updates to a newer version
     - run: go mod download
     - name: Set up git
       run: |
@@ -21,13 +28,14 @@ jobs:
       working-directory: ./cmd/cloudshell_open
     - name: Build docker image
       run: docker build -t runbutton .
+
   redirector:
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@master
-    - uses: actions/setup-go@v1
+    - uses: actions/setup-go@v5
       with:
-        go-version: 1.14
+        go-version: 1.21
     - run: go mod download
       working-directory: ./cmd/redirector
     - name: Validate formatting with go fmt

CONTRIBUTING.md

@@ -2,7 +2,7 @@
 
 ## Test Cloud Run Button's Underlying Command Locally with Local Go
 
-1. Download Go 1.14.x
+1. Download Go 1.14 (see [`Dockerfile`](Dockerfile) for the exact version used)
 1. Run the tests:
     ```
     go test ./cmd/cloudshell_open
@@ -14,24 +14,31 @@
 1. To test the command:
     1. [Enable the cloudresourcemanager API](https://console.developers.google.com/apis/api/cloudresourcemanager.googleapis.com/overview)
     1. [Enable the billing API](https://console.developers.google.com/apis/api/cloudbilling.googleapis.com/overview)
-    1. Create a Service Account with the *Cloud Run Admin*, *ServiceEnabler*, *Service Account User*, and *Storage Admin* roles
-    1. Download the JSON key
+    1. Create a Service Account with the following roles:
+        * Cloud Run Admin (`roles/run.admin`), 
+        * Service Usage Admin (`roles/serviceusage.serviceUsageAdmin`), 
+        * Service Account User (`roles/iam.serviceAccountUser`), and
+        * Storage Admin (`roles/storage.admin`).
+    1. [Download the Service Account key as a JSON file](https://cloud.google.com/iam/docs/creating-managing-service-account-keys#creating)
     1. Authenticate gcloud as the service account:
         ```
         export GOOGLE_APPLICATION_CREDENTIALS=PATH_TO_YOUR_SERVICE_ACCOUNT_KEY_FILE
         gcloud auth activate-service-account --key-file=$GOOGLE_APPLICATION_CREDENTIALS
         export TRUSTED_ENVIRONMENT=true
+        export SKIP_CLONE_REPORTING=true
         ```
     1. Run the button:
         ```
-        (cd /tmp; ./cloudshell_open --repo_url=https://github.com/GoogleCloudPlatform/cloud-run-hello.git; rm -rf cloud-run-hello)
+        (cd /tmp; rm -rf cloud-run-hello; ./cloudshell_open --repo_url=https://github.com/GoogleCloudPlatform/cloud-run-hello.git; rm -rf cloud-run-hello)
         ```
         Other `cloudshell_open` flags: `--git_branch`, `--dir`, `--context`
 
-        Env vars you can set to avoid STDIN questions: `GOOGLE_CLOUD_PROJECT` `GOOGLE_CLOUD_REGION`
+        Optionally, you can set to `GOOGLE_CLOUD_PROJECT` `GOOGLE_CLOUD_REGION` to avoid being prompted for these.
 
 ## Test Cloud Run Button's Underlying Command Locally in a Container
 
+⚠️ This will download very large Docker images to your system.
+
 1. [Create a Service Account in a test account](https://console.cloud.google.com/iam-admin/serviceaccounts)
 1. Download the key json file for the new service account
 1. Build the Container
@@ -52,13 +59,21 @@
       -v $KEY_FILE:/root/user.json \
       -e GOOGLE_APPLICATION_CREDENTIALS=/root/user.json \
       -e TRUSTED_ENVIRONMENT=true \
+      -e SKIP_CLONE_REPORTING=true \
       --entrypoint=/bin/sh cloud-run-button -c \
       "gcloud auth activate-service-account --key-file=/root/user.json \
       --quiet && gcloud auth configure-docker --quiet && \
       /bin/cloudshell_open \
       --repo_url=https://github.com/GoogleCloudPlatform/cloud-run-hello.git"
     ```
 
+## Test Instrumentless
+
+Test getting a coupon from the instrumentless API:
+```
+go run ./cmd/instrumentless_test YOUR_EVENT $(gcloud auth print-access-token)
+```
+
 ## Contributor License Agreement
 
 Contributions to this project must be accompanied by a Contributor License

Dockerfile

@@ -1,4 +1,4 @@
-FROM golang:1.14-alpine AS build
+FROM golang:1.21-alpine AS build
 RUN apk add --no-cache git
 WORKDIR /src
 COPY go.mod go.sum ./

README.md

@@ -63,13 +63,20 @@ For example, a fully populated `app.json` file looks like this:
         },
         "APP_SECRET": {
             "generator": "secret"
+        },
+        "ORDERED_ENV": {
+            "description": "control the order env variables are prompted",
+            "order": 100
         }
     },
     "options": {
         "allow-unauthenticated": false,
         "memory": "512Mi",
         "cpu": "1",
-        "port": "80"
+        "port": 80,
+        "http2": false,
+        "concurrency": 80,
+        "max-instances": 10
     },
     "build": {
         "skip": false,
@@ -114,17 +121,23 @@ Reference:
   - `required`, _(optional, default: `true`)_ indicates if they user must provide
     a value for this variable.
   - `generator`, _(optional)_ use a generator for the value, currently only support `secret`
+  - `order`, _(optional)_ if specified, used to indicate the order in which the
+    variable is prompted to the user. If some variables specify this and some
+    don't, then the unspecified ones are prompted last.
 - `options`: _(optional)_ Options when deploying the service
   - `allow-unauthenticated`: _(optional, default: `true`)_ allow unauthenticated requests
   - `memory`: _(optional)_ memory for each instance
   - `cpu`: _(optional)_ cpu for each instance
   - `port`: _(optional)_ if your application doesn't respect the PORT environment
-    variable provided by Cloud Run, specify the port number it listens on.
+    variable provided by Cloud Run, specify the port number it listens on
+  - `http2`: _(optional)_ use http2 for the connection
+  - `concurrency`: _(optional)_ concurrent requests for each instance
+  - `max-instances`: _(optional)_ autoscaling limit (max 1000)
 - `build`: _(optional)_ Build configuration
   - `skip`: _(optional, default: `false`)_ skips the built-in build methods (`docker build`, `Maven Jib`, and
  `buildpacks`), but still allows for `prebuild` and `postbuild` hooks to be run in order to build the container image
  manually
-  - `buildpacks`: _(optional)_ buildpacks config
+  - `buildpacks`: _(optional)_ buildpacks config (Note: Additional Buildpack config can be specified using a `project.toml` file. [See the spec for details](https://buildpacks.io/docs/reference/config/project-descriptor/).)
     - `builder`: _(optional, default: `gcr.io/buildpacks/builder:v1`)_ overrides the buildpack builder image
 - `hooks`: _(optional)_ Run commands in separate bash shells with the environment variables configured for the
   application and environment variables `GOOGLE_CLOUD_PROJECT` (Google Cloud project), `GOOGLE_CLOUD_REGION`
@@ -138,7 +151,7 @@ Reference:
     - `commands`: _(array of strings)_ The list of commands to run
   - `precreate`: _(optional)_ Runs the specified commands before the service has been created
     - `commands`: _(array of strings)_ The list of commands to run
-  - `postcreate`: _(optional)_ Runs the specified commands after the service has been created
+  - `postcreate`: _(optional)_ Runs the specified commands after the service has been created; the `SERVICE_URL` environment variable provides the URL of the deployed Cloud Run service
     - `commands`: _(array of strings)_ The list of commands to run
 
 ### Notes

cloudbuild.yaml

@@ -1,12 +1,36 @@
+# Copyright 2019 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 # Default cloudbuild.yaml for Cloud Shell custom images.
 # This file is used by the Cloud Build trigger that builds this image.
 
 steps:
-- name: 'gcr.io/cloud-builders/docker'
-  args: ['build', '-t', 'gcr.io/$PROJECT_ID/button', '.']
-- name: 'gcr.io/cloudshell-images/custom-image-validation'
-  args: ['image_test.py', '--image', 'gcr.io/$PROJECT_ID/button']
-images: ['gcr.io/$PROJECT_ID/button']
-timeout: '3600s'
+  - name: "gcr.io/cloud-builders/docker"
+    args:
+      [
+        "build",
+        "-t",
+        "gcr.io/$PROJECT_ID/button",
+        "-t",
+        "gcr.io/$PROJECT_ID/button:public-image-${COMMIT_SHA}",
+        ".",
+      ]
+  - name: "gcr.io/cloudshell-images/custom-image-validation"
+    args: ["image_test.py", "--image", "gcr.io/$PROJECT_ID/button"]
+images:
+  - "gcr.io/$PROJECT_ID/button"
+  - "gcr.io/$PROJECT_ID/button:public-image-${COMMIT_SHA}"
+timeout: "3600s"
 options:
-  machineType: 'N1_HIGHCPU_8'
+  machineType: "N1_HIGHCPU_8"

cmd/cloudshell_open/api.go

@@ -27,10 +27,6 @@ func enableAPIs(project string, apis []string) error {
 		return fmt.Errorf("failed to create resource manager client: %w", err)
 	}
 
-	// TODO(ahmetb) specify this explicitly, otherwise for some reason this becomes serviceusage.mtls.googleapis.com (and 404s)
-	// while querying the Operation. investigate later with the client library teams.
-	client.BasePath = "https://serviceusage.googleapis.com/"
-
 	enabled, err := enabledAPIs(client, project)
 	if err != nil {
 		return err

cmd/cloudshell_open/appfile.go

@@ -22,6 +22,7 @@ import (
 	"io"
 	"os"
 	"path/filepath"
+	"sort"
 
 	"github.com/fatih/color"
 
@@ -33,13 +34,17 @@ type env struct {
 	Value       string `json:"value"`
 	Required    *bool  `json:"required"`
 	Generator   string `json:"generator"`
+	Order       *int   `json:"order"`
 }
 
 type options struct {
 	AllowUnauthenticated *bool  `json:"allow-unauthenticated"`
 	Memory               string `json:"memory"`
 	CPU                  string `json:"cpu"`
 	Port                 int    `json:"port"`
+	HTTP2                *bool  `json:"http2"`
+	Concurrency          int    `json:"concurrency"`
+	MaxInstances         int    `json:"max-instances"`
 }
 
 type hook struct {
@@ -190,7 +195,6 @@ func promptOrGenerateEnvs(list map[string]env) ([]string, error) {
 }
 
 func generateEnvs(keys []string) ([]string, error) {
-
 	for i, key := range keys {
 		resp, err := rand64String()
 		if err != nil {
@@ -202,15 +206,50 @@ func generateEnvs(keys []string) ([]string, error) {
 	return keys, nil
 }
 
-func promptEnv(list map[string]env) ([]string, error) {
-	// TODO(ahmetb): remove these defers and make customizations at the
-	// individual prompt-level once survey lib allows non-global settings.
+type envKeyValuePair struct {
+	k string
+	v env
+}
+
+type envKeyValuePairs []envKeyValuePair
+
+func (e envKeyValuePairs) Len() int { return len(e) }
+
+func (e envKeyValuePairs) Swap(i, j int) {
+	e[i], e[j] = e[j], e[i]
+}
+
+func (e envKeyValuePairs) Less(i, j int) bool {
+	// if env.Order is unspecified, it should appear less.
+	// otherwise, less values show earlier.
+	if e[i].v.Order == nil {
+		return false
+	}
+	if e[j].v.Order == nil {
+		return true
+	}
+	return *e[i].v.Order < *e[j].v.Order
+}
 
+func sortedEnvs(envs map[string]env) []string {
+	var v envKeyValuePairs
+	for key, value := range envs {
+		v = append(v, envKeyValuePair{key, value})
+	}
+	sort.Sort(v)
+	var keys []string
+	for _, vv := range v {
+		keys = append(keys, vv.k)
+	}
+	return keys
+}
+
+func promptEnv(list map[string]env) ([]string, error) {
 	var out []string
-	// TODO(ahmetb): we should ideally use an ordered map structure for Env
-	// field and prompt the questions as they appear in the app.json file as
-	// opposed to random order we do here.
-	for k, e := range list {
+	sortedKeys := sortedEnvs(list)
+
+	for _, k := range sortedKeys {
+		e := list[k]
 		var resp string
 
 		if err := survey.AskOne(&survey.Input{

cmd/cloudshell_open/appfile_test.go

@@ -233,3 +233,25 @@ func TestGetAppFile(t *testing.T) {
 		t.Fatalf("wrong parsed value: got=%#v, expected=%#v", v, expected)
 	}
 }
+
+func Test_sortedEnvs(t *testing.T) {
+	envs := map[string]env{
+		"NIL_ORDER": {},
+		"ORDER_100": {Order: mkInt(100)},
+		"ORDER_0":   {Order: mkInt(0)},
+		"ORDER_-10": {Order: mkInt(-10)},
+		"ORDER_50":  {Order: mkInt(50)},
+	}
+	got := sortedEnvs(envs)
+	expected := []string{
+		"ORDER_-10", "ORDER_0", "ORDER_50", "ORDER_100", "NIL_ORDER",
+	}
+
+	if !reflect.DeepEqual(got, expected) {
+		t.Fatalf("sorted envs in wrong order: expected:%v\ngot=%v", expected, got)
+	}
+}
+
+func mkInt(i int) *int {
+	return &i
+}