synchronize dev from main branch

.env

@@ -34,12 +34,12 @@ TRAVEL_DETAIL="Advertiser: EC travel site"
 # Adtech
 ## dsp
 DSP_HOST=privacy-sandbox-demos-dsp.dev
-DSP_TOKEN="Ar6MqtKFw6SUh5oefu/4F6omNKaC+NcxUOkgodGSKUNxqK9F/R1zrG9Psug9lWjdp4KhLN3kZk9Y95w0sCWOCwMAAABseyJvcmlnaW4iOiJodHRwczovL3ByaXZhY3ktc2FuZGJveC1kZW1vcy1kc3AuZGV2OjQ0MyIsImZlYXR1cmUiOiJQcml2YWN5U2FuZGJveEFkc0FQSXMiLCJleHBpcnkiOjE2OTUxNjc5OTl9"
+DSP_TOKEN="A+Fn9SHGiUYuoSfqU6TBYlRZXCXXSdU6dtU22qpmPhSm9a5fbgvg92HuT11AMsunaP+R/EBOLfI0z5PzCYYe3AMAAACTeyJvcmlnaW4iOiJodHRwczovL3ByaXZhY3ktc2FuZGJveC1kZW1vcy1kc3AuZGV2OjQ0MyIsImZlYXR1cmUiOiJQcml2YWN5U2FuZGJveEFkc0FQSXMiLCJleHBpcnkiOjE2OTUxNjc5OTksImlzU3ViZG9tYWluIjp0cnVlLCJpc1RoaXJkUGFydHkiOnRydWV9"
 DSP_DETAIL="Ad-Platform: DSP for advertiser"
 
 ## ssp
 SSP_HOST=privacy-sandbox-demos-ssp.dev
-SSP_TOKEN="ApaYz0jpASk+pCpujhNuZoN+I7rZY90hcS8cAbSZj7lm1vw2RozQ4SiawEEhuhujzL21G1Cucsiv+1/ASnpUiw4AAABseyJvcmlnaW4iOiJodHRwczovL3ByaXZhY3ktc2FuZGJveC1kZW1vcy1zc3AuZGV2OjQ0MyIsImZlYXR1cmUiOiJQcml2YWN5U2FuZGJveEFkc0FQSXMiLCJleHBpcnkiOjE2OTUxNjc5OTl9"
+SSP_TOKEN="Axzh4tbjLU4oFhabm10G5MXd5XggN+BBSrZOLhSRk39zGhItK2WlafFFhkN6xLDdpGuvwVQkuVFSWue7vNTBnQYAAACTeyJvcmlnaW4iOiJodHRwczovL3ByaXZhY3ktc2FuZGJveC1kZW1vcy1zc3AuZGV2OjQ0MyIsImZlYXR1cmUiOiJQcml2YWN5U2FuZGJveEFkc0FQSXMiLCJleHBpcnkiOjE2OTUxNjc5OTksImlzU3ViZG9tYWluIjp0cnVlLCJpc1RoaXJkUGFydHkiOnRydWV9"
 SSP_DETAIL="Ad-Platform: SSP for publisher"
 
 ## Collector for Aggregation Service

.gcloudignore

@@ -0,0 +1,12 @@
+# ref : https://cloud.google.com/sdk/gcloud/reference/topic/gcloudignore
+
+#!include:.gitignore
+
+.gcloudignore
+.git
+.gitignore
+services/home/.docusaurus
+services/shop/.next
+
+# include services/home/build/* files into `gcloud builds submit` command
+!services/home/build

.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,24 @@
+**Prior to creating a pull request, please follow all the steps in the [contributing guide](CONTRIBUTING.md).**
+
+# Description
+
+Please describe a summary of the changes.
+
+
+
+## Related Issue
+
+- Fixes #xxx
+
+
+## Affected services
+
+- [ ] Home
+- [ ] News
+- [ ] Shop
+- [ ] Travel
+- [ ] DSP
+- [ ] SSP
+- [ ] ALL
+
+Other:

README.md

@@ -44,3 +44,7 @@ These use cases are based on a set of demo apps and services that we have develo
 | DSP service (Demand Side Platform) | The demo DSP service will Add a user into an Interest Group with Protected Audience API. Register conversions with Attribution Reporting API                                                                                                                                        |
 
 We’re continuing our effort to deliver comprehensive documentation and demos, and we welcome your feedback on which use cases you would like to see in future releases. Share your ideas and feedback on our issue tracker.
+
+---
+
+[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/privacysandbox/privacy-sandbox-demos/badge)](https://securityscorecards.dev/viewer/?uri=github.com/privacysandbox/privacy-sandbox-demos)

cloudbuild.yaml

@@ -0,0 +1,88 @@
+steps:
+  # Build the container image
+  - name: "gcr.io/cloud-builders/docker"
+    args:
+      [
+        "build",
+        "-t",
+        "${_LOCATION}-docker.pkg.dev/$PROJECT_ID/${_REPOSITORY}/dsp",
+        "services/dsp",
+      ]
+  # # Push the container image to Container Registry
+  # - name: "gcr.io/cloud-builders/docker"
+  #   args:
+  #     [
+  #       "push",
+  #       "${_LOCATION}-docker.pkg.dev/$PROJECT_ID/${_REPOSITORY}/dsp:$SHORT_SHA",
+  #     ]
+  # # Deploy container image to Cloud Run
+  # - name: "gcr.io/cloud-builders/gcloud"
+  #   args:
+  #     [
+  #       "run",
+  #       "deploy",
+  #       "dsp",
+  #       "--image",
+  #       "${_LOCATION}-docker.pkg.dev/$PROJECT_ID/${_REPOSITORY}/dsp:$SHORT_SHA",
+  #       "--region",
+  #       "${_LOCATION}",
+  #       "--platform",
+  #       "managed",
+  #       "-memory",
+  #       " 2Gi",
+  #       "--min-instances",
+  #       "1",
+  #       "--allow-unauthenticated",
+  #     ]
+  # Build the container image
+  - name: "gcr.io/cloud-builders/docker"
+    args:
+      [
+        "build",
+        "-t",
+        "${_LOCATION}-docker.pkg.dev/$PROJECT_ID/${_REPOSITORY}/home",
+        "services/home",
+      ]
+  # Build the container image
+  - name: "gcr.io/cloud-builders/docker"
+    args:
+      [
+        "build",
+        "-t",
+        "${_LOCATION}-docker.pkg.dev/$PROJECT_ID/${_REPOSITORY}/news",
+        "services/news",
+      ]
+  # Build the container image
+  - name: "gcr.io/cloud-builders/docker"
+    args:
+      [
+        "build",
+        "-t",
+        "${_LOCATION}-docker.pkg.dev/$PROJECT_ID/${_REPOSITORY}/shop",
+        "services/shop",
+      ]
+  # Build the container image
+  - name: "gcr.io/cloud-builders/docker"
+    args:
+      [
+        "build",
+        "-t",
+        "${_LOCATION}-docker.pkg.dev/$PROJECT_ID/${_REPOSITORY}/ssp",
+        "services/ssp",
+      ]
+  # Build the container image
+  - name: "gcr.io/cloud-builders/docker"
+    args:
+      [
+        "build",
+        "-t",
+        "${_LOCATION}-docker.pkg.dev/$PROJECT_ID/${_REPOSITORY}/travel",
+        "services/travel",
+      ]
+images:
+  - "${_LOCATION}-docker.pkg.dev/$PROJECT_ID/${_REPOSITORY}/dsp"
+  - "${_LOCATION}-docker.pkg.dev/$PROJECT_ID/${_REPOSITORY}/home"
+  - "${_LOCATION}-docker.pkg.dev/$PROJECT_ID/${_REPOSITORY}/news"
+  - "${_LOCATION}-docker.pkg.dev/$PROJECT_ID/${_REPOSITORY}/shop"
+  - "${_LOCATION}-docker.pkg.dev/$PROJECT_ID/${_REPOSITORY}/ssp"
+  - "${_LOCATION}-docker.pkg.dev/$PROJECT_ID/${_REPOSITORY}/travel"

docs/deploy-to-gcp.md

@@ -155,17 +155,19 @@ https://firebase.corp.google.com/project/_privacy-sandbox-demos_/settings/integr
 
 Select all the sites you want to export logs from, click Save and Finish.
 
-## Install Google Cloud SDK & Enable the Google Cloud Run API
+## Serve dynamic content and host microservices with Cloud Run
 
 Next you will deploy containers to Cloud Run to run the content of the demo sites.
 
 For our architecture, we chose to deploy everything container based for portability and flexibility and to use Firebase hosting as a frontend solution for HTTPS request handling, domain name and ssl certificates.
 
+### Install Google Cloud SDK & Enable the Google Cloud Run API
+
 Install Google Cloud SDK : If Google Cloud SDK is not installed on the machine, follow instructions here : https://cloud.google.com/sdk/docs/install#linux
 
 Initialize Google Cloud SDK : https://cloud.google.com/sdk/docs/initializing
 
-```shell
+```sh
 # Run `gcloud init` to setup authentication and project
 gcloud init
 
@@ -175,19 +177,51 @@ gcloud config set project
 
 # Verify your configuration (account and project) with the command :
 gcloud config list
+```
+
+Resources : https://firebase.google.com/docs/hosting/cloud-run
 
-# Enable Cloud Run API
+### Enable the APIs
+Enable Cloud Run API & Cloud Build API & Artifact Registry
+
+```sh
 gcloud services enable run.googleapis.com cloudbuild.googleapis.com artifactregistry.googleapis.com
+```
 
-# Setup the default region for deployment
+Setup the default region for deployment
+
+```sh
 gcloud config set run/region us-central1
 ```
 
-Resources : https://firebase.google.com/docs/hosting/cloud-run
+### Setup Artifact Registry
+
+```sh
+# create docker repository in Cloud Artifact Registry
+gcloud artifacts repositories create docker-repo --repository-format=docker \
+--location=us-central1 --description="Privacy Sandbox Demos Docker repository"
+
+# set default repository
+gcloud config set artifacts/repository docker-repo
+
+# set default location
+gcloud config set artifacts/location us-central1
+
+```
+
+confirm repository exists with
+
+```sh
+gcloud artifacts repositories list
+```
+
+Resources :
+- https://cloud.google.com/artifact-registry/docs/enable-service
+- https://cloud.google.com/artifact-registry/docs/transition/setup-repo
 
 ## Deploy all Cloud Run services and Firebase Sites
 
-Once you have confirmed you can deploy a sample demo application on Cloud Run and access it from Firebase hosting site, you are ready to deploy all the services and hosting sites.
+You are ready to deploy all the services and hosting sites.
 
 Edit `services/.env` file to match the `${SERVICE}_HOST` parameter to your firebase hosting domain e.g. : `privacy-sandbox-demos-${SERVICE}.dev`
 

scripts/cicd_setup.sh

@@ -0,0 +1,36 @@
+#!/usr/bin/env zsh
+
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# evaluate .env file
+source .env.deploy
+
+# setup Google Cloud SDK project
+gcloud config set project $GCP_PROJECT_NAME
+gcloud config get-value project
+
+# Enable Cloud Run API
+gcloud services enable artifactregistry.googleapis.com
+
+# create docker repository in Cloud Artifact Registry
+gcloud artifacts repositories create docker-repo --repository-format=docker \
+--location=us-central1 --description="Privacy Sandbox Demos Docker repository"
+
+# set default repository
+gcloud config set artifacts/repository docker-repo
+
+
+# set default location
+gcloud config set artifacts/location us-central1

scripts/cloudrun_deploy.sh

@@ -29,19 +29,19 @@ gcloud config get-value project
 # make the default region us-central1
 gcloud config set run/region us-central1
 
+# Containerize all services with Cloud Build (config file) and upload it to Container Registry
+gcloud builds submit --config=cloudbuild.yaml --substitutions=_LOCATION="us-central1",_REPOSITORY="docker-repo" .
+
 # Cloud Build
 for service in $SERVICES; do
   echo deploy $GCP_PROJECT_NAME/${service}
 
-  ## push docker image
-  # docker push gcr.io/$GCP_PROJECT_NAME/${service}
-
-  # Containerize app  with Cloud Build and upload it to Container Registry
-  gcloud builds submit services/${service} --tag gcr.io/$GCP_PROJECT_NAME/${service}
+  # Containerize service with Cloud Build (Dockerfile) and upload it to Container Registry
+  # gcloud builds submit services/${service} --tag us-central1-docker.pkg.dev/$GCP_PROJECT_NAME/docker-repo/${service}
 
   # add "--min-instances 1" to have your service always on (cpu and memory billing will go up accordingly)
   gcloud run deploy ${service} \
-    --image gcr.io/$GCP_PROJECT_NAME/${service}:latest \
+    --image us-central1-docker.pkg.dev/$GCP_PROJECT_NAME/docker-repo/${service}:latest \
     --platform managed \
     --region us-central1 \
     --memory 2Gi \

services/dsp/src/public/dsp-tag.js

@@ -30,7 +30,4 @@
   $iframe.src = src
   $iframe.allow = "join-ad-interest-group"
   $script.parentElement.insertBefore($iframe, $script.nextSibling)
-
-  const topics = await document?.browsingTopics?.()
-  console.log({ topics })
 })()

services/dsp/src/public/js/join-ad-interest-group.js

@@ -25,6 +25,10 @@ async function getInterestGroup(advertiser, id) {
 }
 
 document.addEventListener("DOMContentLoaded", async (e) => {
+  if (navigator.joinAdInterestGroup === undefined) {
+    return console.log("Protected Audience API is not supported")
+  }
+
   // Protected Audience API
   const url = new URL(location.href)
   const advertiser = url.searchParams.get("advertiser")
@@ -36,7 +40,7 @@ document.addEventListener("DOMContentLoaded", async (e) => {
   const kSecsPerDay = 3600 * 24 * 30
   console.log(await navigator.joinAdInterestGroup(interestGroup, kSecsPerDay))
 
-  // Call Topics API for opt-in
-  const topics = await document.browsingTopics?.()
-  console.log({ topics })
+  // TODO: consider using Topics API for choosing Ads
+  // const topics = await document.browsingTopics?.()
+  // console.log({ topics })
 })

services/home/.gcloudignore

@@ -0,0 +1,11 @@
+
+# ref : https://cloud.google.com/sdk/gcloud/reference/topic/gcloudignore
+
+.gcloudignore
+.git
+.gitignore
+
+#!include:.gitignore
+
+# include build/* files into `gcloud builds submit` command
+!build

services/shop/Dockerfile

@@ -12,13 +12,13 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-FROM node:18-alpine3.17
+FROM node:20-alpine3.17
 
 WORKDIR /workspace
 
 COPY package*.json ./
 RUN npm install
 COPY . .
 
-CMD [ "npm", "start" ]
-# CMD ["npm", "run", "dev"]
+# CMD ["npm", "run", "dev"]
+CMD [ "npm", "start" ]

services/shop/pages/api/ads/[id].ts → services/shop/app/api/ads/[id]/route.ts

@@ -13,15 +13,16 @@
  See the License for the specific language governing permissions and
  limitations under the License.
  */
-import type { NextApiRequest, NextApiResponse } from "next"
+import { NextResponse } from "next/server"
 import { fileURLToPath } from "url"
 import { readFile } from "fs/promises"
 
-export default async function handler(req: NextApiRequest, res: NextApiResponse) {
-  const id = req.query.id as string
-  const img = `../../../public/image/svg/emoji_u${id}.svg`
+export async function GET(req: Request, { params }: { params: { id: string } }) {
+  const id = params.id
+  const img = `../../../../public/image/svg/emoji_u${id}.svg`
   const path = fileURLToPath(new URL(img, import.meta.url))
   const blob = await readFile(path)
-  res.setHeader("Content-Type", "image/svg+xml")
-  res.send(blob)
+  const res = new NextResponse(blob)
+  res.headers.set("Content-Type", "image/svg+xml")
+  return res
 }