From f2f5f6db75ed231f7d386773c70d02be7c63f18b Mon Sep 17 00:00:00 2001
From: hiranya911 <hiranya911@gmail.com>
Date: Thu, 6 Feb 2020 16:08:53 -0800
Subject: [PATCH 1/4] chore: Running integration tests in release workflow

---
 .../resources/integ-service-account.json.gpg  | Bin 0 -> 1733 bytes
 .github/scripts/run_integration_tests.sh      |  11 +++++++++
 .github/workflows/ci.yml                      |   2 +-
 .github/workflows/release.yml                 |  22 ++++++++++--------
 integration/test_db.py                        |   2 +-
 5 files changed, 25 insertions(+), 12 deletions(-)
 create mode 100644 .github/resources/integ-service-account.json.gpg
 create mode 100755 .github/scripts/run_integration_tests.sh

diff --git a/.github/resources/integ-service-account.json.gpg b/.github/resources/integ-service-account.json.gpg
new file mode 100644
index 0000000000000000000000000000000000000000..e8cc3e2a2a970b6760faceb0ff7dfc3e4b02c60a
GIT binary patch
literal 1733
zcmV;$20HnS4Fm}T0&*P1GU?%eegD$x0rvxBAXZGDSEYyg&@r!tuJO!^@&2Mg0RD-w
z6$6e;;`CFWj*fn+wYp+93`zD7be^H9^(f2dArxBMIsVqnH^uk`NBpM}j)R?=LOWsA
z{+*+Is!_mH0&L^@gva$WU4tSy{!^+>46sf3l~2(yGHLCQJ|AD}OSS4|w)W)bIhUCB
ztLZxR_T>Ox?nQ%n2SuXok1L6Q?jrQ##qw?ASK7)@vt_ihr{>UJqi+)ws0`vx6lVaz
zYoMV^widvCLEMCOzE9r4f`M#Cz#4ukZW(RbYSG4zyaS7o#kYgzHU2SEPW}TDgOeO$
zl8#OV2K4iNZ(_%sDt3-8G?e{}9)Xa63cE<5Tw~PUBhHb%f%Wp+7@Dii4KH~>ThXnc
zJU+i2l19mPJ*o^DiA1mU<d_4JSj%$sd?Yvdl!*z0S`N`R7$?b;EZeGzkE~>bL4eB>
zbfqZwFA9iW9)@X5^Jg;FmKH1LyrWqA*+tn$T-+S{Q!Ba4sb3{w26;5ycQyh=djxuG
zE6Ef&YBF(<QFW9H#2O_v7B?RMgQ*nW)|J`8Z>Bdd_s{<tgVg!jKJUqv>DEg>abVPH
z6sfGhfLXxrTgj3Towx+c#p!H^NDd+(me+3C^t?B9kvUgNYxtM|xwc~5A3rV?MQ&Eb
zRJ)mm($0#cd@i+T7wA;@d~q4WBv2zt(~SwCC&t<(Qzk>wvIas=r{SY@FlV!7<N1=q
z_OHf~hgsy8fKI4mRcxq~i!<6$SH>%Y4X|e=JDOGfN84Xw7mlf9b{Z_{P(a;fJd&Ex
zP<q8erT-dhL}i)c(VcW27X+2cu8=QjkO}lKcE_(gQxWpsd>E;unRrc%Lt6Yl#y!I`
zW#bH&1CfNm3=Yxg&2XrnR$`$>mqEN6koziF5@98L^u}ja`*?#L9DqbkUsSVDO%mCg
zyP&~Gf!nBhwHZTdZJZ=?(OfE%qT3Og6Pj0p(`{TM5&%c%Sp%Ly^p!vvKI|2`DN^t$
z+dont3_<4G_ds{)3CY0N32M6o8Nw=bodIN2N}2j6Kx>s<tB_lUwpvSXZ`?uc2@Dte
zanSCl#bl6!deDojpls0#Z{f_b3$$ey+&0^*65s<31rsl8f7k~)eVO9e^~>0I%&=ci
z8<<<h=47XNVU;9qTCF`k4hG6yRynAN4>`m=?L9(VxxCHhes%Ur<tW88zQH+ba#sc2
z)^##|A`}8`w~j61j#&&cmzUe7b4d2C$>PSTNQG&?qWdm{1;3a=Fl<Q9DZAoL#n&5L
zN6L;J8^Uy^qPl}6-ae+jPwD~F@6OwiITd}(ms1+4EqH-jk3AFAeSWje_fp#+vwilH
z`O`*0p}zH4>A-^@>_1LqL4PsLKUIJ|lW}}ll^Rmr+`u^00-Zu3=0MK{X7=wW1xG9v
zb>+uzSLWHC`%$|q#}_OwBP?rUGXCC>US#9h1-dE_KdPv%`8PBHTXX2${J{nG-7ZR7
z)j;WYkbTKBD-I^zOeBUw_AQ~!0`Ql&jp&}z(t&1V;13U#S4w>I<t;|9=5=zj)~Q7k
zV|1kZ`D}|@Y4oVA`v|rtQ+bq~WmUD0LSkU+x65UzzKg{wE&K9lhbs3nKR2&-zenox
zZ;e{T7ORu3iZ_p9y%Vk~Fe2-mjaONO+qUFXO5<&JU*0)F6+-r~FpeST?a(y&V%RIo
z!<k?uNA=+VO!g>C{WpQqf+-0w%_krosfryd7nMa+kp*`jl7_Q}9BY)T)sl`80~A!l
zY=Kfl2&-TmHbwDIP%GrpRKMWoYs<j`t=gJ%IomgX%S=p5!j%BCp_f;}C$d}oI5<>K
z6~5b^5HMXvSl{rRG8_Inn<bS1=oDm2nth;DS|keVExqw^nOkzC##oU29GWX=cm<1R
zV_yqZsLJB;9)B}Z2=vcuesU$YrA1T`Se(@hF!SvQ5Z|20p^QEt3LCD|Et8$7rd;L7
zzB9FZ<s5&(k0VnA>c{l2^8=++T>ul8K#~j(O_2?|&4mMfRkS+zMy2vVS}Cb;C8Qbj
zh_XDiovWpqGvdj(vC6e_XKoj<`4>%Sm#lPtm?g(B1X|F~Ecq?+-dLoI<(r(K|0;(F
z-GjL5-xIv&u}KCiyG&3X*caBWCC>sfo`m7udmy%Fq=do+s!GWP52a-~I()x-5i@;$
zKiD+X_ujNViv(}lsF<NKy)7cF5e1b(3p=E%1+(ObW;g|wqq?OUf{3F2^<h9Fvxa6l
bU!;vjTY9U=^0zp>Tk0pW{G7J$y)Z-62(VZ^

literal 0
HcmV?d00001

diff --git a/.github/scripts/run_integration_tests.sh b/.github/scripts/run_integration_tests.sh
new file mode 100755
index 000000000..060c5ba9f
--- /dev/null
+++ b/.github/scripts/run_integration_tests.sh
@@ -0,0 +1,11 @@
+#!/bin/bash
+
+set -e
+set -u
+
+gpg --quiet --batch --yes --decrypt --passphrase="${FIREBASE_SERVICE_ACCT_KEY}" \
+  --output integ-service-account.json .github/resources/integ-service-account.json.gpg
+
+echo "${FIREBASE_API_KEY}" > integ-api-key.txt
+
+pytest integration/ --cert integ-service-account.json --apikey integ-api-key.txt
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 976767d64..5a952418c 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -1,6 +1,6 @@
 name: Continuous Integration
 
-on: [push, pull_request]
+on: push
 
 jobs:
   build:
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 6111dd7f1..df6183952 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -15,11 +15,10 @@
 name: Release
 
 on:
-  # Only run the workflow when a PR is closed, or when a developer explicitly requests
+  # Only run the workflow when a PR is updated or when a developer explicitly requests
   # a build by sending a 'firebase_build' event.
   pull_request:
-    types:
-      - closed
+    types: [opened, synchronize, closed]
 
   repository_dispatch:
     types:
@@ -27,10 +26,9 @@ on:
 
 jobs:
   stage_release:
-    # If triggered by a PR it must be merged and contain the label 'release:build'.
+    # If triggered by a PR it must contain the label 'release:build'.
     if: github.event.action == 'firebase_build' ||
-      (github.event.pull_request.merged &&
-      contains(github.event.pull_request.labels.*.name, 'release:build'))
+      contains(github.event.pull_request.labels.*.name, 'release:build')
 
     runs-on: ubuntu-latest
 
@@ -53,10 +51,14 @@ jobs:
         pip install -r requirements.txt
         pip install wheel
 
-    - name: Run tests
-      run: |
-        pytest
-        echo "Running integration tests"
+    - name: Run unit tests
+      run: pytest
+
+    - name: Run integration tests
+      run: ./.github/scripts/run_integration_tests.sh
+      env:
+        FIREBASE_SERVICE_ACCT_KEY: ${{ secrets.FIREBASE_SERVICE_ACCT_KEY }}
+        FIREBASE_API_KEY: ${{ secrets.FIREBASE_API_KEY }}
 
     - name: Package release artifacts
       run: python setup.py bdist_wheel bdist_egg
diff --git a/integration/test_db.py b/integration/test_db.py
index 7a73ea3ad..c448436d6 100644
--- a/integration/test_db.py
+++ b/integration/test_db.py
@@ -55,7 +55,7 @@ def update_rules(app):
     with open(testutils.resource_filename('dinosaurs_index.json')) as rules_file:
         new_rules = json.load(rules_file)
     client = db.reference('', app)._client
-    rules = client.body('get', '/.settings/rules.json')
+    rules = client.body('get', '/.settings/rules.json', params='format=strict')
     existing = rules.get('rules')
     if existing != new_rules:
         rules['rules'] = new_rules

From 97945d86da6c980bca09bb00ca7126c4582e39d9 Mon Sep 17 00:00:00 2001
From: hiranya911 <hiranya911@gmail.com>
Date: Fri, 7 Feb 2020 13:56:26 -0800
Subject: [PATCH 2/4] chore: Making the separation between staging and
 publishing explicit

---
 .github/scripts/publish_preflight_check.sh | 35 ++++++++++++++++++
 .github/workflows/release.yml              | 43 +++++++++++++++++-----
 2 files changed, 69 insertions(+), 9 deletions(-)

diff --git a/.github/scripts/publish_preflight_check.sh b/.github/scripts/publish_preflight_check.sh
index 38b0be20c..eaf0270f8 100755
--- a/.github/scripts/publish_preflight_check.sh
+++ b/.github/scripts/publish_preflight_check.sh
@@ -60,6 +60,41 @@ echo_info "Extracted release version: ${RELEASE_VERSION}"
 echo "::set-output name=version::v${RELEASE_VERSION}"
 
 
+echo_info ""
+echo_info "--------------------------------------------"
+echo_info "Check release artifacts"
+echo_info "--------------------------------------------"
+echo_info ""
+
+if [[ ! -d dist ]]; then
+  echo_warn "dist directory does not exist."
+  terminate
+fi
+
+readonly BIN_DIST="dist/firebase_admin-${RELEASE_VERSION}-py3-none-any.whl"
+if [[ -f "${BIN_DIST}" ]]; then
+  echo_info "Found binary distribution (bdist_wheel): ${BIN_DIST}"
+else
+  echo_warn "Binary distribution ${BIN_DIST} not found."
+  terminate
+fi
+
+readonly SRC_DIST="dist/firebase_admin-${RELEASE_VERSION}.tar.gz"
+if [[ -f "${SRC_DIST}" ]]; then
+  echo_info "Found source distribution (sdist): ${SRC_DIST}"
+else
+  echo_warn "Source distribution ${SRC_DIST} not found."
+  terminate
+fi
+
+readonly ARTIFACT_COUNT=`ls dist/ | wc -l`
+if [[ $ARTIFACT_COUNT -ne 2 ]]; then
+  echo_warn "Unexpected artifacts in the distribution directory."
+  ls -l dist
+  terminate
+fi
+
+
 echo_info ""
 echo_info "--------------------------------------------"
 echo_info "Checking previous releases"
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index df6183952..caac482dd 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -12,7 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-name: Release
+name: Release Candidate
 
 on:
   # Only run the workflow when a PR is updated or when a developer explicitly requests
@@ -49,7 +49,7 @@ jobs:
       run: |
         python -m pip install --upgrade pip
         pip install -r requirements.txt
-        pip install wheel
+        pip install setuptools wheel
 
     - name: Run unit tests
       run: pytest
@@ -60,8 +60,9 @@ jobs:
         FIREBASE_SERVICE_ACCT_KEY: ${{ secrets.FIREBASE_SERVICE_ACCT_KEY }}
         FIREBASE_API_KEY: ${{ secrets.FIREBASE_API_KEY }}
 
+    # Build the Python Wheel and the source distribution.
     - name: Package release artifacts
-      run: python setup.py bdist_wheel bdist_egg
+      run: python setup.py bdist_wheel sdist
 
     # Attach the packaged artifacts to the workflow output. These can be manually
     # downloaded for later inspection if necessary.
@@ -71,24 +72,49 @@ jobs:
         name: dist
         path: dist
 
+  publish_release:
+    needs: stage_release
+
     # Check whether the release should be published. We publish only when the trigger PR is
     #   1. merged
     #   2. to the master branch
     #   3. with the title prefix '[chore] Release '.
-    - name: Publish preflight check
-      if: success() && github.event.pull_request.merged &&
+    if: github.event.pull_request.merged &&
         github.ref == 'master' &&
         startsWith(github.event.pull_request.title, '[chore] Release ')
+
+    runs-on: ubuntu-latest
+
+    # Download the artifacts created by the stage_release job.
+    steps:
+    - name: Download release candidates
+      uses: actions/download-artifact@v1
+      with:
+        name: dist
+
+    steps:
+    - name: Checkout source for tagging
+      uses: actions/checkout@v2
+
+    - name: Set up Python
+      uses: actions/setup-python@v1
+      with:
+        python-version: 3.6
+
+    - name: Install dependencies
+      run: |
+        python -m pip install --upgrade pip
+        pip install twine
+
+    - name: Publish preflight check
       id: preflight
       run: |
         ./.github/scripts/publish_preflight_check.sh
-        echo ::set-env name=FIREBASE_PUBLISH::true
 
     # Tag the release if not executing in the dryrun mode. We pull this action froma
     # custom fork of a contributor until https://github.com/actions/create-release/pull/32
     # is merged. Also note that v1 of this action does not support the "body" parameter.
     - name: Create release tag
-      if: success() && env.FIREBASE_PUBLISH
       uses: fleskesvor/create-release@1a72e235c178bf2ae6c51a8ae36febc24568c5fe
       env:
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -100,12 +126,11 @@ jobs:
         prerelease: false
 
     - name: Publish to Pypi
-      if: success() && env.FIREBASE_PUBLISH
       run: echo Publishing to Pypi
 
     # Post to Twitter if explicitly opted-in by adding the label 'release:tweet'.
     - name: Post to Twitter
-      if: success() && env.FIREBASE_PUBLISH &&
+      if: success() &&
         contains(github.event.pull_request.labels.*.name, 'release:tweet')
       run: echo Posting Tweet
       continue-on-error: true

From b3e454217a5767430869723e6c57511493982868 Mon Sep 17 00:00:00 2001
From: hiranya911 <hiranya911@gmail.com>
Date: Fri, 7 Feb 2020 14:11:17 -0800
Subject: [PATCH 3/4] Fixing a syntax error

---
 .github/workflows/release.yml | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index caac482dd..f3c75d77b 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -85,17 +85,17 @@ jobs:
 
     runs-on: ubuntu-latest
 
-    # Download the artifacts created by the stage_release job.
     steps:
+    - name: Checkout source for publish
+      uses: actions/checkout@v2
+
+    # Download the artifacts created by the stage_release job.
     - name: Download release candidates
       uses: actions/download-artifact@v1
       with:
         name: dist
 
-    steps:
-    - name: Checkout source for tagging
-      uses: actions/checkout@v2
-
+    # Python is needed to run Twine and some of the preflight checks.
     - name: Set up Python
       uses: actions/setup-python@v1
       with:
@@ -111,9 +111,9 @@ jobs:
       run: |
         ./.github/scripts/publish_preflight_check.sh
 
-    # Tag the release if not executing in the dryrun mode. We pull this action froma
-    # custom fork of a contributor until https://github.com/actions/create-release/pull/32
-    # is merged. Also note that v1 of this action does not support the "body" parameter.
+    # We pull this action froma custom fork of a contributor until
+    # https://github.com/actions/create-release/pull/32 is merged. Also note that v1 of
+    # this action does not support the "body" parameter.
     - name: Create release tag
       uses: fleskesvor/create-release@1a72e235c178bf2ae6c51a8ae36febc24568c5fe
       env:

From 89be56ce082318a4aa1ee5e2aacb073d457a21e9 Mon Sep 17 00:00:00 2001
From: hiranya911 <hiranya911@gmail.com>
Date: Fri, 7 Feb 2020 14:44:16 -0800
Subject: [PATCH 4/4] Minor clean up of yml

---
 .github/workflows/release.yml | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index f3c75d77b..b51ace956 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -80,8 +80,8 @@ jobs:
     #   2. to the master branch
     #   3. with the title prefix '[chore] Release '.
     if: github.event.pull_request.merged &&
-        github.ref == 'master' &&
-        startsWith(github.event.pull_request.title, '[chore] Release ')
+      github.ref == 'master' &&
+      startsWith(github.event.pull_request.title, '[chore] Release ')
 
     runs-on: ubuntu-latest
 
@@ -108,10 +108,9 @@ jobs:
 
     - name: Publish preflight check
       id: preflight
-      run: |
-        ./.github/scripts/publish_preflight_check.sh
+      run: ./.github/scripts/publish_preflight_check.sh
 
-    # We pull this action froma custom fork of a contributor until
+    # We pull this action from a custom fork of a contributor until
     # https://github.com/actions/create-release/pull/32 is merged. Also note that v1 of
     # this action does not support the "body" parameter.
     - name: Create release tag