The current deployment process (including 2.7.0) still relies on Google Cloud Functions which upload zipped Jar files which are then built into containers. Our security reviews have identified that using Google Cloud Run is preferred as we can verifiably build containers for all software artefacts internally and use GCP's binary authorization features (aka BCID internally) to have stricter guarantees about what is run in our production environment.
Additionally, the JAR upload step slightly increases the deployment process (the need for managing GCS buckets and using internally inherited Google cloud build functionality) which could be simplified by simply releasing the cloud functions as containers. This is relevant for us since we have a strict separation between our build and deploy systems which isn't really the case with https://github.com/privacysandbox/aggregation-service/blob/main/docs/gcp-aggregation-service.md which builds and deploys, somewhat breaking some of our security recommendations.
Can you please migrate the use of Google CLoud Functions to Google Cloud Run directly so that we can address the points above?
The current deployment process (including 2.7.0) still relies on Google Cloud Functions which upload zipped Jar files which are then built into containers. Our security reviews have identified that using Google Cloud Run is preferred as we can verifiably build containers for all software artefacts internally and use GCP's binary authorization features (aka BCID internally) to have stricter guarantees about what is run in our production environment.
Additionally, the JAR upload step slightly increases the deployment process (the need for managing GCS buckets and using internally inherited Google cloud build functionality) which could be simplified by simply releasing the cloud functions as containers. This is relevant for us since we have a strict separation between our build and deploy systems which isn't really the case with https://github.com/privacysandbox/aggregation-service/blob/main/docs/gcp-aggregation-service.md which builds and deploys, somewhat breaking some of our security recommendations.
Can you please migrate the use of Google CLoud Functions to Google Cloud Run directly so that we can address the points above?
Thanks