Create a basic implementation of local builds

[falahat]

This is based off of Joanna's Draft PR: #9506

Also see #9193 for an earlier partial implementation of local builds.

Description

This uses the new effective API fields. Also, this code keeps the source deploy path (existing feature, different from local builds) unaffected.

We create tar.gz files instead of zip files.

Scenarios Tested

TODO: Verify local builds works (basic, no env vars)
TODO: Verify that source deploy is unaffected and still works as expected

Sample Commands

TODO: Local build command
TODO: Source deploy command

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request introduces the initial framework for supporting local builds within App Hosting. It enables the system to process and deploy applications that have been built locally, using .tar.gz archives instead of .zip files for these specific deployments. The changes include new utility functions for creating tar archives, conditional logic to use these archives when a local build experiment flag is enabled, and updates to the API definitions to accommodate the new 'locally built' source type. Existing source deployments remain unaffected, ensuring backward compatibility.

Highlights

• Introduction of Local Builds: A foundational implementation for local builds in App Hosting has been added, allowing for the processing and deployment of pre-built application artifacts.
• Tar Archive Support: The system now supports creating and deploying .tar.gz archives for local builds, moving away from .zip files for this specific use case, and utilizing a new createTarArchive utility.
• Experiment Flag Integration: The new local build functionality is gated behind an apphostinglocalbuilds experiment flag, ensuring that the feature can be rolled out and tested incrementally without affecting existing deployments.
• New API Fields for Locally Built Sources: New API fields, specifically LocallyBuiltSource and RunConfig, have been introduced in the apphosting.ts interface to support the new local build deployment model, allowing for specification of pre-built artifacts.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Changelog

• src/deploy/apphosting/deploy.spec.ts
  • Imported experiments module for experiment flag checks.
  • Added stubs for createTarArchive and isEnabled to facilitate testing of local build logic.
  • Introduced a new test case to verify that createTarArchive is used for local builds when the apphostinglocalbuilds experiment is enabled.
• src/deploy/apphosting/deploy.ts
  • Imported createTarArchive utility and isEnabled from the experiments module.
  • Modified the archiving logic to conditionally use createTarArchive for local builds when the apphostinglocalbuilds experiment is active, otherwise defaulting to createArchive.
  • Updated log messages to reflect the change from 'Zipped' to 'Archived' for broader applicability.
• src/deploy/apphosting/release.spec.ts
  • Imported backend and experiments modules.
  • Added stubs for isEnabled and getBackend for testing purposes.
  • Included new test cases to confirm that standard source deployments use the archive build input.
  • Added test cases to verify that local builds use the locallyBuilt build input when the experiment is enabled.
  • Implemented a test case to ensure local builds are skipped when the experiment is disabled.
• src/deploy/apphosting/release.ts
  • Imported isEnabled from the experiments module.
  • Adjusted the filtering of localBuildBackends to consider the apphostinglocalbuilds experiment flag.
  • Updated the orchestrateRollout call to dynamically set the buildInput.source based on whether it's a local build with the experiment enabled, using locallyBuilt or archive accordingly.
• src/deploy/apphosting/util.ts
  • Added a new asynchronous function createTarArchive to create gzipped tar archives from source directories, including .gitignore parsing and deterministic metadata.
• src/gcp/apphosting.ts
  • Defined new interfaces LocallyBuiltSource and RunConfig to support local build configurations.
  • Extended the BuildSource interface to include locallyBuilt as an optional property.
  • Deprecated the locallyBuiltSource field within ArchiveSource, advising to use Build.source.locallyBuilt instead.

Activity

• No activity recorded in the provided context.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces a basic implementation for local builds in App Hosting, differentiating between local builds (using .tar.gz archives) and standard source deploys (using .zip). However, a high-severity path traversal vulnerability was identified in the createTarArchive function, which could lead to the exfiltration of sensitive files due to unvalidated user-supplied directory paths. Additionally, the implementation could benefit from improved type safety by removing any types and enhanced maintainability by addressing code duplication.

[gemini-code-assist]

Using as any is an escape hatch that goes against the repository's style guide. Please try to use a more specific type or a mock object that conforms to the fs.ReadStream interface.

References

1. Line 38: Never use any or unknown as an escape hatch. Define proper interfaces/types or use type guards. ^(link)

[gemini-code-assist]

Using as any is an escape hatch that goes against the repository's style guide. The getBackend function is expected to return a Backend object. Please provide a mock that conforms to the Backend interface from ../../gcp/apphosting, even if it's a partial mock with the necessary properties for the test.

References

1. Line 38: Never use any or unknown as an escape hatch. Define proper interfaces/types or use type guards. ^(link)

[falahat]

/gemini review

[gemini-code-assist]

Warning

You have reached your daily quota limit. Please wait up to 24 hours and I will start processing your requests again!