Backend Development & Deployment Guide

Vertical & MSRP Backend Development

Setup the local development environment

• We use Intellij
• Fork the code
• Download your Google App Engine Service Account and set the path for GOOGLE_APPLICATION_CREDENTIALS.see

Development Process

• We use Github Flow.
  • Always fork from the latest develop branch
  • Rebase and merge your PR branch into develop. This will also trigger the deployment to STABLE
  • Merge --no-ff from develop into master
  • Tag nightly-xxx to deploy to Nightly
  • Tag prod-xxx to deploy to Production.
• Commit message format: <Purpose of your commit. (#issue_number)>

Setup the GCP environment

We only need to do it once to set up the GCP environment. If you already set up the GCP environment or already had one, you can stop reading.

Create a Firebase Project

This is also a Google Cloud Platform Project

Enable Google Cloud Platform API & Service

Google App Engine,

• standard
• java
• create billing account
• Install gcloud SDK
• If required, switch to the other account using gcloud auth login
• If required, switch to the other project [project-id] using gcloud config set project [project-id]
• Clone the Backend repo. The main code for MSRP backend is here
• To deploy, go to project root folder (This repo root) and run ./gradlew clean appengineDeploy -Pmode=prod (Could be stable, nightly, prod)

Firebase Cloud Firestore

• Enable Database by https://console.firebase.google.com/u/0/project/[project id]/database
• Security rules for Realtime Database: Start in locked mode
• Drop down to Cloud Firestore and start in locked mode
• setup security rule and click publish

rules_version = '2';
service cloud.firestore {
  match /databases/{database}/documents {
    match /{pathSegment}/{document=**} {
      allow write: false;
      allow read: false;
    }
  }
}

• Create collections(needs automation):

1. publish_admin: create a document. Use your Mozilla email account

email : your_email@mozilla.com

2. important_mission
3. settings: Please create a document(any doc id) and set the value

fxa_api_profile : https://stable.dev.lcip.org/profile/v1/profile
fxa_api_token : https://oauth-stable.dev.lcip.org/v1/token
fxa_client_id : YOUR_CLIENT_ID_HERE......
fxa_client_secret : YOUR_SECRET_HERE.....

4. Create 3 composit index

• publish - category Ascending / locale Ascending / publish_timestamp Descending
• mission_daily_progress - mid Ascending / uid Ascending / timestamp Descending
• user_activity - status Ascending / userDocId Ascending / updated_timestamp Ascending

5. Create 1 single-field index

• users/uid / Collection + Collection Group scope for ascending

Setup API & Service Credential & Permission

• In registered client App(Android), find the API key and set the Fingerprint: Cloud Console -> API & Services -> Credentials -> find the Android Key that the target app uses -> Application restrictions -> Android Apps -> Restrict usage to your Android apps -> Add Item with package name & SHA-1 cetertificate fingerprint ( You can find it in Play Store/Release)

• Enable Identity and Access Management Service: Cloud Console -> API & Services -> Library -> Search for Identity and Access Management (IAM) API

• For Google App Engine service accounts(@appspot.gserviceaccount.com) to access Google APIs, it needs below permissions Service Account Token Creator(iam.serviceAccounts.signBlob): Used to create a custom token,See the document.