Merge pull request #30 from jackdbd/canary

Merge `canary` into `main`
jackdbd · Sep 12, 2022 · 421bb0c · 421bb0c
2 parents 4e446f0 + 25ca883
commit 421bb0c
Show file tree

Hide file tree

Showing 32 changed files with 2,074 additions and 131 deletions.
diff --git a/.github/workflows/release-to-npmjs.yaml b/.github/workflows/release-to-npmjs.yaml
@@ -28,7 +28,8 @@ jobs:
         run: npm version
 
       - name: ⬇️ Install dependencies from npmjs
-        run: npm install --legacy-peer-deps
+        run: npm install
+        # run: npm install --legacy-peer-deps
 
       - name: 🛡️ Audit dependencies (audit-level high)
         # https://docs.npmjs.com/cli/v8/commands/npm-audit#audit-level

diff --git a/assets/bigquery-schemas/weather_data_table.json b/assets/bigquery-schemas/weather_data_table.json
@@ -0,0 +1,49 @@
+[
+  {
+    "name": "sensorId",
+    "type": "STRING",
+    "mode": "NULLABLE"
+  },
+  {
+    "name": "timecollected",
+    "description": "UTC date string of when the sensor reading was collected",
+    "type": "TIMESTAMP",
+    "mode": "NULLABLE"
+  },
+  {
+    "name": "zipcode",
+    "type": "INTEGER",
+    "mode": "NULLABLE"
+  },
+  {
+    "name": "latitude",
+    "type": "FLOAT",
+    "mode": "NULLABLE"
+  },
+  {
+    "name": "longitude",
+    "type": "FLOAT",
+    "mode": "NULLABLE"
+  },
+  {
+    "name": "temperature",
+    "description": "temperature in Farhenheit",
+    "type": "FLOAT",
+    "mode": "NULLABLE"
+  },
+  {
+    "name": "humidity",
+    "type": "FLOAT",
+    "mode": "NULLABLE"
+  },
+  {
+    "name": "dewpoint",
+    "type": "FLOAT",
+    "mode": "NULLABLE"
+  },
+  {
+    "name": "pressure",
+    "type": "FLOAT",
+    "mode": "NULLABLE"
+  }
+]
diff --git a/assets/templates/application/package.json b/assets/templates/application/package.json
@@ -35,7 +35,7 @@
     "container:start:test": "docker run -it -p 8080:8080 --env \"SA_JSON_KEY=$(cat ../../secrets/sa-webperf-PACKAGE_NAME.json)\" --env NODE_ENV=test --env DEBUG=utils/*,PACKAGE_NAME/* PACKAGE_NAME:latest",
     "predeploy": "run-s clean format lint build auth-artifact-registry",
     "deploy": "gcloud beta builds submit ./dist --config cloudbuild.yaml --project $GCP_PROJECT_ID --async",
-    "format": "prettier --config ../../config/prettier.cjs --write {__tests__,src}/**/*.{js,mjs,ts}",
+    "format": "../../scripts/format.mjs",
     "lint": "eslint --config ../../config/eslint.cjs",
     "nuke": "npm run clean && rimraf node_modules 'package-lock.json'",
     "precommit": "lint-staged --config ../../config/lint-staged.cjs",

diff --git a/config/api-extractor.json b/config/api-extractor.json
@@ -33,7 +33,7 @@
 
   /**
    * Configures how the doc model file (*.api.json) will be generated.
-
+   *
    * I think the generated JSON file SHOULD NOT be tracked by Git.
    * https://api-extractor.com/pages/configs/api-extractor_json/#doc-model-section
    */

diff --git a/docs/secret-manager.md b/docs/secret-manager.md
@@ -50,6 +50,17 @@ gcloud secrets create SENDGRID \
   --labels customer=$CUSTOMER,environment=$ENVIRONMENT,resource=secret
 ```
 
+```sh
+gcloud secrets create STRIPE_API_KEY_TEST \
+  --labels customer=$CUSTOMER,environment=$ENVIRONMENT,resource=secret
+```
+
+```sh
+gcloud secrets create STRIPE_WEBHOOKS_TEST \
+  --data-file './secrets/stripe-webhooks-test.json' \
+  --labels customer=$CUSTOMER,environment=$ENVIRONMENT,resource=secret
+```
+
 ```sh
 gcloud secrets create TELEGRAM \
   --labels customer=$CUSTOMER,environment=$ENVIRONMENT,resource=secret

diff --git a/docs/service-accounts.md b/docs/service-accounts.md
@@ -33,6 +33,15 @@ gcloud iam service-accounts create sa-dash-earthquakes \
   --display-name "dash-earthquakes SA"
 ```
 
+### sa-dataflow-worker
+
+Create a service account to run [Dataflow](https://cloud.google.com/dataflow/docs) jobs:
+
+```sh
+gcloud iam service-accounts create sa-dataflow-worker \
+  --display-name "SA Dataflow worker"
+```
+
 ### sa-firestore-user-test
 
 Service account that I use in [firestore-utils](../packages/firestore-utils/README.md) tests.

diff --git a/iam-policies/project.yaml b/iam-policies/project.yaml
@@ -7,6 +7,9 @@ bindings:
 - members:
   - serviceAccount:sa-artifact-registry-writer@prj-kitchen-sink.iam.gserviceaccount.com
   role: roles/artifactregistry.writer
+- members:
+  - serviceAccount:[email protected]
+  role: roles/bigquery.dataEditor
 - members:
   - serviceAccount:service-1051247446620@gcp-sa-bigquerydatatransfer.iam.gserviceaccount.com
   role: roles/bigquerydatatransfer.serviceAgent
@@ -23,7 +26,7 @@ bindings:
 - members:
   - serviceAccount:[email protected]
   - serviceAccount:[email protected]
-  - serviceAccount:[email protected] 
+  - serviceAccount:[email protected]
   role: roles/clouddebugger.agent
 - members:
   - serviceAccount:[email protected]
@@ -66,30 +69,46 @@ bindings:
 - members:
   - serviceAccount:[email protected]
   role: roles/containerregistry.ServiceAgent
+- members:
+  - serviceAccount:service-1051247446620@dataflow-service-producer-prod.iam.gserviceaccount.com
+  role: roles/dataflow.serviceAgent
+- members:
+  - serviceAccount:[email protected]
+  role: roles/dataflow.worker
+- members:
+  - serviceAccount:service-1051247446620@gcp-sa-datapipelines.iam.gserviceaccount.com
+  role: roles/datapipelines.serviceAgent
 - members:
   - serviceAccount:[email protected]
   role: roles/datastore.user
 - members:
   - serviceAccount:sa-firestore-viewer-test@prj-kitchen-sink.iam.gserviceaccount.com
   role: roles/datastore.viewer
+- members:
+  - serviceAccount:[email protected]
+  role: roles/editor
 - members:
   - serviceAccount:[email protected]
   - serviceAccount:[email protected]
   - serviceAccount:[email protected]
   - serviceAccount:[email protected]
   role: roles/errorreporting.writer
+- members:
+  - serviceAccount:[email protected]
+  role: roles/eventarc.serviceAgent
 - members:
   - serviceAccount:[email protected]
   role: roles/firestore.serviceAgent
 - members:
-  - serviceAccount:sa-artifact-registry-writer@prj-kitchen-sink.iam.gserviceaccount.com
   - group:[email protected]
+  - serviceAccount:sa-artifact-registry-writer@prj-kitchen-sink.iam.gserviceaccount.com
+  - serviceAccount:[email protected]
   role: roles/iam.serviceAccountTokenCreator
 - members:
+  - group:[email protected]
   - serviceAccount:[email protected]
   - serviceAccount:[email protected]
   - serviceAccount:[email protected]
-  - group:[email protected]
   role: roles/iam.serviceAccountUser
 - members:
   - serviceAccount:[email protected]
@@ -127,9 +146,9 @@ bindings:
   - serviceAccount:[email protected]
   - serviceAccount:[email protected]
   - serviceAccount:[email protected]
-  - serviceAccount:[email protected] 
+  - serviceAccount:[email protected]
   - serviceAccount:[email protected]
-  - serviceAccount:[email protected] 
+  - serviceAccount:[email protected]
   - serviceAccount:[email protected]
   role: roles/secretmanager.secretAccessor
 - members:
@@ -138,7 +157,7 @@ bindings:
   role: roles/storage.admin
 - members:
   - serviceAccount:[email protected]
-  role: roles/storage.objectCreator
+  role: roles/storage.objectAdmin
 - members:
   - serviceAccount:[email protected]
   role: roles/storage.objectViewer
@@ -156,5 +175,5 @@ bindings:
 - members:
   - serviceAccount:[email protected]
   role: roles/workflows.viewer
-etag: BwXm9qe8mgc=
+etag: BwXoe2STVgM=
 version: 1
-Original file line number
+Diff line change
@@ Expand Up / @@ -33,7 +33,7 @@ @@
       /**
        * Configures how the doc model file (*.api.json) will be generated.
+       *
        * I think the generated JSON file SHOULD NOT be tracked by Git.
        * https://api-extractor.com/pages/configs/api-extractor_json/#doc-model-section
        */
@@ Expand Down @@