Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Migrate from Google Cloud Functions to Google Cloud Run #73

Open
evgenyy-google opened this issue Sep 12, 2024 · 0 comments
Open

Migrate from Google Cloud Functions to Google Cloud Run #73

evgenyy-google opened this issue Sep 12, 2024 · 0 comments

Comments

@evgenyy-google
Copy link

The current deployment process (including 2.7.0) still relies on Google Cloud Functions which upload zipped Jar files which are then built into containers. Our security reviews have identified that using Google Cloud Run is preferred as we can verifiably build containers for all software artefacts internally and use GCP's binary authorization features (aka BCID internally) to have stricter guarantees about what is run in our production environment.

Additionally, the JAR upload step slightly increases the deployment process (the need for managing GCS buckets and using internally inherited Google cloud build functionality) which could be simplified by simply releasing the cloud functions as containers. This is relevant for us since we have a strict separation between our build and deploy systems which isn't really the case with https://github.com/privacysandbox/aggregation-service/blob/main/docs/gcp-aggregation-service.md which builds and deploys, somewhat breaking some of our security recommendations.

Can you please migrate the use of Google CLoud Functions to Google Cloud Run directly so that we can address the points above?

Thanks

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant