Skip to content

Migrate from Google Cloud Functions to Google Cloud Run #73

Open
@evgenyy-google

Description

The current deployment process (including 2.7.0) still relies on Google Cloud Functions which upload zipped Jar files which are then built into containers. Our security reviews have identified that using Google Cloud Run is preferred as we can verifiably build containers for all software artefacts internally and use GCP's binary authorization features (aka BCID internally) to have stricter guarantees about what is run in our production environment.

Additionally, the JAR upload step slightly increases the deployment process (the need for managing GCS buckets and using internally inherited Google cloud build functionality) which could be simplified by simply releasing the cloud functions as containers. This is relevant for us since we have a strict separation between our build and deploy systems which isn't really the case with https://github.com/privacysandbox/aggregation-service/blob/main/docs/gcp-aggregation-service.md which builds and deploys, somewhat breaking some of our security recommendations.

Can you please migrate the use of Google CLoud Functions to Google Cloud Run directly so that we can address the points above?

Thanks

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions