Add support for docker_registry and kms_key_name (#211)

Author: sethvargo

README.md

@@ -102,6 +102,22 @@ steps:
 - `build_environment_variables_file`: (Optional) Path to a local YAML file
   containing variables. See 'env_vars_file' for syntax.
 
+- `docker_repository`: (Optional) User managed repository created in Artifact
+  Registry optionally with a customer managed encryption key. If specified,
+  deployments will use Artifact Registry and must be of the format
+  `projects/p/locations/l/repositories/r`. If unspecified and the deployment is
+  eligible to use Artifact Registry, GCF will create and use a repository named
+  'gcf-artifacts' for every deployed region. This is the repository to which the
+  function docker image will be pushed after it is built by Cloud Build. For
+  more information, please see [the
+  documentation](https://cloud.google.com/sdk/gcloud/reference/beta/functions/deploy#--docker-repository).
+
+- `kms_key_name`: (Optional) Resource name of a Google Cloud KMS crypto key used
+  to encrypt/decrypt function resources of the format
+  `projects/p/locations/l/keyRings/r/cryptoKeys/k`. If specified, you must also
+  provide an artifact registry repository using the `docker_repository` field
+  that was created with the same key.
+
 - `credentials`: (**Deprecated**) This input is deprecated. See [auth section](https://github.com/google-github-actions/deploy-cloud-functions#via-google-github-actionsauth) for more details.
   Service account key to use for authentication. This should be
   the JSON formatted private key which can be exported from the Cloud Console. The

action.yaml

@@ -147,6 +147,19 @@ inputs:
       syntax.
     required: false
 
+  docker_repository:
+    description: |-
+      User managed repository created in Artifact Registry.
+    required: false
+
+  kms_key_name:
+    description: |-
+      Resource name of a Google Cloud KMS crypto key used to encrypt/decrypt
+      function resources. If specified, you must also provide an artifact
+      registry repository using the 'docker_repository' field that was created
+      with the same key.
+    required: false
+
 outputs:
   url:
     description: The URL of your Cloud Function. Only available with HTTP Trigger.

dist/index.js

@@ -67,6 +67,9 @@ async function run(): Promise<void> {
       getInput('build_environment_variables_file'),
     );
 
+    const dockerRepository = presence(getInput('docker_repository'));
+    const kmsKeyName = presence(getInput('kms_key_name'));
+
     // Add warning if using credentials
     let credentialsJSON:
       | ServiceAccountKey
@@ -99,6 +102,20 @@ async function run(): Promise<void> {
       // from a docker repo.
       throw new Error(`Missing required value 'source_dir'`);
     }
+    if (dockerRepository || kmsKeyName) {
+      if (!dockerRepository) {
+        throw new Error(
+          `Missing required field 'docker_repository'. This is required when ` +
+            `'kms_key_name' is set.`,
+        );
+      }
+      if (!kmsKeyName) {
+        throw new Error(
+          `Missing required field 'kms_key_name'. This is required when ` +
+            `'docker_repository' is set.`,
+        );
+      }
+    }
 
     // Create Cloud Functions client
     const client = new CloudFunctionsClient({
@@ -121,11 +138,11 @@ async function run(): Promise<void> {
       availableMemoryMb: availableMemoryMb ? +availableMemoryMb : undefined,
       buildEnvironmentVariables: buildEnvironmentVariables,
       // buildWorkerPool: buildWorkerPool, // TODO: add support
-      // dockerRepository: dockerRepository, // TODO: add support
+      dockerRepository: dockerRepository,
       entryPoint: entryPoint,
       environmentVariables: environmentVariables,
       ingressSettings: ingressSettings,
-      // kmsKeyName: kmsKeyName, // TODO: add support
+      kmsKeyName: kmsKeyName,
       labels: labels,
       maxInstances: maxInstances ? +maxInstances : undefined,
       // minInstances: minInstances ? + minInstances : undefined, // TODO: add support