firebase-tools
firebase-tools copied to clipboard
firebase
Add command `firestore:rules:compile`
Description
I introduced a new command firebase firestore:rules:compile so that developers can check firestore.rules before deploying to Firebase.
Also, they can use it for lint. For example, they embed this command into CI, and then they can check for problems with firestore.rules in a pull request.
Review note
I was torn between naming the command firestore:rules:compile or firestore:rules:lint.
If you have any good ideas, please let me know.
Scenarios Tested
- Manually execute
firebase firestore:rules:compile
Sample Commands
- Usage:
$ firebase firestore:rules:compile
- Example results:
$ firebase firestore:rules:compile
i cloud.firestore: checking firestore.rules for compilation errors...
✔ cloud.firestore: rules file firestore.rules compiled successfully
$ firebase firestore:rules:compile
i cloud.firestore: checking firestore.rules for compilation errors...
Error: Compilation error in firestore.rules:
[E] 22:11 - Unexpected '}'.
Thanks for your pull request. It looks like this may be your first contribution to a Google open source project (if not, look below for help). Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).
:memo: Please visit https://cla.developers.google.com/ to sign.
Once you've signed (or fixed any issues), please reply here with @googlebot I signed it! and we'll verify it.
What to do if you already signed the CLA
Individual signers
- It's possible we don't have your GitHub username or you're using a different email address on your commit. Check your existing CLA data and verify that your email is set on your git commits.
Corporate signers
- Your company has a Point of Contact who decides which employees are authorized to participate. Ask your POC to be added to the group of authorized contributors. If you don't know who your Point of Contact is, direct the Google project maintainer to go/cla#troubleshoot (Public version).
- The email used to register you as an authorized contributor must be the email used for the Git commit. Check your existing CLA data and verify that your email is set on your git commits.
- The email used to register you as an authorized contributor must also be attached to your GitHub account.
ℹ️ Googlers: Go here for more info.
![google-cla[bot] avatar](https://avatars.githubusercontent.com/in/42202?v=4 "Published by a pub.dev verified publisher"){kind=small}
@sgr-ksmt thank you for submitting this! Seems like a cool feature.
As you may know, new commands have to go through an API review which means:
- I'll need to find a Firebaser who wants to "sponsor" your change through the internal process
- It will take ~2 weeks once we have a sponsor to get the API approved for implementation
I'll get started on (1) now.
Thanks for the proposal! While this may be useful, we're more interested in supporting a unified firebase deploy --dry-run or --validate API that covers not only rules but also index definitions, etc. It should also work with --only, e.g. firebase deploy --only firestore:rules --dry-run. As you can see, this scales better than one dedicated command per item and allows you to validate multiple things (and the whole app) at once.
With that being said, in the short term, we think the best way for developers to 'compile' their rules is to write a unit test. With that, you can make sure your rules compile, AND on top of that you can optionally validate that your rules do the right thing. We'd love to hear your thoughts about this!
@yuchenshi
Thank you for your reply.
With that being said, in the short term, we think the best way for developers to 'compile' their rules is to write a unit test. With that, you can make sure your rules compile, AND on top of that you can optionally validate that your rules do the right thing.
I think so, too. But more easily than that, I wanted to know if the syntax of the rule itself is correct, so I added a new command this time.
But if you're (Firebase is) thinking of adding a -dry-run option in the future, I think it's best than adding a compile command.
If so, I think I'll close this PR and wait for the -dry-run option. 👍🏻
@sgr-ksmt thanks for understanding! And this PR definitely helped kick off the discussion about --dry-run again, and now @mbleigh is going to look into it. So even though we won't be adding rules:compile for now your contribution is going to lead to improvements!
Hey @samtstern is there any update on this? I would've expected Firebase to expose a tool to validate the rules. If the rules are managed in code there needs to be a way to syntax-check them in CI without having to deploy to Firestore.
