build: update dependency firebase-functions to v6 (#2304)

Closes #2302 as a pr takeover

PR Close #2304

apps/BUILD.bazel

@@ -46,6 +46,9 @@ nodejs_binary(
         # Firebase function files
         "//apps/functions:functions_compiled",
         "//apps/functions:functions_files",
+
+        # Firebase hosted application files
+        "//apps/code-of-conduct:application_files",
     ],
     entry_point = "@npm//:node_modules/firebase-tools/lib/bin/firebase.js",
     templated_args = [

apps/functions/code-of-conduct/blockUser.ts

@@ -9,11 +9,12 @@ import {
 import {RequestError} from '@octokit/request-error';
 
 /** Blocks the requested user from Github for the prescribed amount of time. */
-export const blockUser = functions
-  .runWith({
+export const blockUser = functions.https.onCall<BlockUserParams>(
+  {
     secrets: ['ANGULAR_ROBOT_APP_PRIVATE_KEY', 'ANGULAR_ROBOT_APP_ID'],
-  })
-  .https.onCall(async ({comments, blockUntil, context, username}: BlockUserParams, request) => {
+  },
+  async (request) => {
+    const {comments, blockUntil, context, username} = request.data;
     // Ensure that the request was authenticated.
     checkAuthenticationAndAccess(request);
 
@@ -46,4 +47,5 @@ export const blockUser = functions
       blockedOn: new Date(),
       blockUntil: new Date(blockUntil),
     });
-  });
+  },
+);

apps/functions/code-of-conduct/shared.ts

@@ -50,13 +50,13 @@ export interface BlockedUser extends admin.firestore.DocumentData {
 }
 
 /** A CallableContext which is confirmed to already have an authorized user. */
-interface AuthenticatedCallableContext extends functions.https.CallableContext {
-  auth: NonNullable<functions.https.CallableContext['auth']>;
+interface AuthenticatedCallableContext extends functions.https.CallableRequest {
+  auth: NonNullable<functions.https.CallableRequest['auth']>;
 }
 
 /** Verify that the incoming request is authenticated and authorized for access. */
 export function checkAuthenticationAndAccess(
-  context: functions.https.CallableContext,
+  context: functions.https.CallableRequest,
 ): asserts context is AuthenticatedCallableContext {
   // Authentication is managed by firebase as this occurs within the Firebase functions context.
   // If the user is unauthenticted, the authorization object will be undefined.

apps/functions/code-of-conduct/syncUsers.ts

@@ -6,23 +6,25 @@ import {
 import * as functions from 'firebase-functions';
 
 /** Runs the synchronization of blocked users from Github to the blocked users once per day. */
-export const dailySync = functions
-  .runWith({
+export const dailySync = functions.scheduler.onSchedule(
+  {
     secrets: ['ANGULAR_ROBOT_APP_PRIVATE_KEY', 'ANGULAR_ROBOT_APP_ID'],
-  })
-  .pubsub.schedule('every day 08:00')
-  .timeZone('America/Los_Angeles')
-  .onRun(syncUsers);
+    schedule: 'every day 08:00',
+    timeZone: 'America/Los_Angeles',
+  },
+  syncUsers,
+);
 
 /** Runs the synchronization of blocked users from Github to the blocked users list on demand. */
-export const syncUsersFromGithub = functions
-  .runWith({
+export const syncUsersFromGithub = functions.https.onCall(
+  {
     secrets: ['ANGULAR_ROBOT_APP_PRIVATE_KEY', 'ANGULAR_ROBOT_APP_ID'],
-  })
-  .https.onCall(async (_: void, context) => {
-    await checkAuthenticationAndAccess(context);
+  },
+  async (request) => {
+    await checkAuthenticationAndAccess(request);
     await syncUsers();
-  });
+  },
+);
 
 async function syncUsers() {
   /** The authenticated Github client for performing actions. */

apps/functions/code-of-conduct/unblockUser.ts

@@ -10,28 +10,30 @@ import * as admin from 'firebase-admin';
 import * as functions from 'firebase-functions';
 
 /** Unblocks the provided user from Github, clearing their records from our listing. */
-export const unblockUser = functions
-  .runWith({
+export const unblockUser = functions.https.onCall<UnblockUserParams>(
+  {
     secrets: ['ANGULAR_ROBOT_APP_PRIVATE_KEY', 'ANGULAR_ROBOT_APP_ID'],
-  })
-  .https.onCall(async ({username}: UnblockUserParams, request) => {
+  },
+  async (request) => {
+    const {username} = request.data;
     await checkAuthenticationAndAccess(request);
     /** The authenticated Github client for performing actions. */
     const github = await getAuthenticatedGithubClient();
     /** The Firestore record of the user to be unblocked */
     const doc = await blockedUsersCollection().doc(username).get();
 
     await performUnblock(github, doc);
-  });
+  },
+);
 
 /** Unblocks the all listed users who's block has expired, runs daily. */
-export const dailyUnblock = functions
-  .runWith({
+export const dailyUnblock = functions.scheduler.onSchedule(
+  {
+    schedule: 'every day 08:00',
     secrets: ['ANGULAR_ROBOT_APP_PRIVATE_KEY', 'ANGULAR_ROBOT_APP_ID'],
-  })
-  .pubsub.schedule('every day 08:00')
-  .timeZone('America/Los_Angeles')
-  .onRun(async () => {
+    timeZone: 'America/Los_Angeles',
+  },
+  async () => {
     /** The authenticated Github client for performing actions. */
     const github = await getAuthenticatedGithubClient();
     /** The Firestore records for all users who's block has expired. */
@@ -40,7 +42,8 @@ export const dailyUnblock = functions
       .get();
 
     await Promise.all(usersToUnblock.docs.map(async (user) => performUnblock(github, user)));
-  });
+  },
+);
 
 async function performUnblock(github: Octokit, doc: admin.firestore.DocumentSnapshot<BlockedUser>) {
   await github.orgs

apps/functions/dns-redirecting/index.ts

@@ -1,13 +1,13 @@
 import * as functions from 'firebase-functions';
 
-export const dnsRedirecting = functions
-  .runWith({
+export const dnsRedirecting = functions.https.onRequest(
+  {
     invoker: 'public',
     timeoutSeconds: 5,
     minInstances: 1,
     maxInstances: 2,
-  })
-  .https.onRequest(async (request, response) => {
+  },
+  async (request, response) => {
     /** The type of redirect to use, defaulting to a 301 permanent redirect. */
     let redirectType = 301;
     /** The hostname that was used for the request. */
@@ -49,4 +49,5 @@ export const dnsRedirecting = functions
     response.send(
       `No redirect defined for ${request.protocol}://${request.hostname}${request.originalUrl}`,
     );
-  });
+  },
+);

apps/functions/githubWebhook/index.ts

@@ -9,9 +9,9 @@ import {handleLabelEvent} from './label.js';
  * webhook to ensure it is a valid request from Github, and then delegates processing of a payload
  * to one of the other githubWebhook functions.
  */
-export const githubWebhook = functions
-  .runWith({invoker: 'public', timeoutSeconds: 30, minInstances: 1})
-  .https.onRequest(async (request, response) => {
+export const githubWebhook = functions.https.onRequest(
+  {invoker: 'public', timeoutSeconds: 30, minInstances: 1},
+  async (request, response) => {
     if (request.method !== 'POST') {
       response.status(405);
       response.send('Requests must be made using the POST method.');
@@ -51,4 +51,5 @@ export const githubWebhook = functions
     }
 
     response.end();
-  });
+  },
+);

apps/functions/ng-dev/ng-dev-token.ts

@@ -4,9 +4,10 @@ import * as admin from 'firebase-admin';
  * Request a short lived ng-dev token. If granted, we rely on session cookies as this token. The token
  * is to be used for all requests to the ng-dev service.
  */
-export const ngDevTokenRequest = functions.https.onCall(
-  async ({idToken}: {idToken: string}, context: functions.https.CallableContext) => {
-    if (!context.auth) {
+export const ngDevTokenRequest = functions.https.onCall<{idToken: string}>(
+  async (request: functions.https.CallableRequest) => {
+    const {idToken} = request.data;
+    if (!request.auth) {
       // Throwing an HttpsError so that the client gets the error details.
       throw new functions.https.HttpsError(
         'unauthenticated',
@@ -31,12 +32,15 @@ export const ngDevTokenRequest = functions.https.onCall(
 /**
  * Validate the provided token is still valid.
  */
-export const ngDevTokenValidate = functions.https.onCall(validateToken);
+export const ngDevTokenValidate = functions.https.onCall<{token: string}>(async (request) => {
+  return await validateToken(request.data);
+});
 
 /**
  * Revokes the all tokens for the user of the provided token.
  */
-export const ngDevRevokeToken = functions.https.onCall(async ({token}: {token: string}) => {
+export const ngDevRevokeToken = functions.https.onCall<{token: string}>(async (request) => {
+  const {token} = request.data;
   await admin
     .auth()
     .verifySessionCookie(token)

package.json

@@ -124,7 +124,7 @@
     "fast-glob": "^3.3.2",
     "firebase": "10.13.1",
     "firebase-admin": "12.4.0",
-    "firebase-functions": "^5.0.0",
+    "firebase-functions": "^6.0.0",
     "firebase-tools": "^13.0.0",
     "folder-hash": "^4.0.2",
     "font-color-contrast": "^11.1.0",

yarn.lock

@@ -324,7 +324,7 @@ __metadata:
     fast-glob: "npm:^3.3.2"
     firebase: "npm:10.13.1"
     firebase-admin: "npm:12.4.0"
-    firebase-functions: "npm:^5.0.0"
+    firebase-functions: "npm:^6.0.0"
     firebase-tools: "npm:^13.0.0"
     folder-hash: "npm:^4.0.2"
     font-color-contrast: "npm:^11.1.0"
@@ -7330,9 +7330,9 @@ __metadata:
   languageName: node
   linkType: hard
 
-"firebase-functions@npm:^5.0.0":
-  version: 5.1.1
-  resolution: "firebase-functions@npm:5.1.1"
+"firebase-functions@npm:^6.0.0":
+  version: 6.0.0
+  resolution: "firebase-functions@npm:6.0.0"
   dependencies:
     "@types/cors": "npm:^2.8.5"
     "@types/express": "npm:4.17.3"
@@ -7343,7 +7343,7 @@ __metadata:
     firebase-admin: ^11.10.0 || ^12.0.0
   bin:
     firebase-functions: lib/bin/firebase-functions.js
-  checksum: 10c0/7b2f9622ea034d5034311a4c5c142db9dd43526a21b6bc3947728bbc081c1378ad505c06e0954fb065bf419973ed513868888471eb63b1fa59c473e893075e44
+  checksum: 10c0/80e76db5c626fe60f7bd8f80177312785b38c24346dbec6021e7fec9277105a28e9817a4b5cfa34456f481a9b30426a7d71308e5e85bbc5d9eef4051a391b61a
   languageName: node
   linkType: hard