fix: Update make command and point contributing docs at ADC. (#1530)

Update make command and docs so that you no longer need to supply a
service account credential to run the API server locally.

Add mention of NodeJS and version.

CONTRIBUTING.md

@@ -40,6 +40,7 @@ You must install:
 1.  [Google Cloud SDK](https://cloud.google.com/sdk)
 1.  [Hugo](https://gohugo.io/installation/)
 1.  [Terraform](https://developer.hashicorp.com/terraform/downloads)
+1.  [Node JS](https://nodejs.org/) >= 18.17.x
 
 Then you can set up the development environment by cloning the OSV repo and
 installing the Pipfile dependencies.
@@ -101,16 +102,13 @@ $ make run-appengine
 
 #### API
 
-Running a local instance of the API server requires service account credentials.
-
-You will need to download a service account key for
-`esp-test@oss-vdb.iam.gserviceaccount.com` from
-<https://cloud.google.com/console/iam-admin/serviceaccounts?project=oss-vdb>.
-Keep this safe.
+Running a local instance of the API server requires the path to application
+default credentials. The is required so that the ESP container has credentials 
+to download API configuration.
 
 ```shell
 $ gcloud auth login --update-adc
-$ make SERVICE_ACCOUNT=/path/to/service_account.json run-api-server
+$ make run-api-server
 ```
 
 ## Contributing data

Makefile

@@ -41,8 +41,9 @@ run-appengine-staging:
 	cd gcp/appengine && pipenv sync && GOOGLE_CLOUD_PROJECT=oss-vdb-test pipenv run python main.py
 
 run-api-server:
-	test $(SERVICE_ACCOUNT) || (echo "SERVICE_ACCOUNT variable not set"; exit 1)
-	cd gcp/api && pipenv sync && GOOGLE_CLOUD_PROJECT=oss-vdb pipenv run python test_server.py $(SERVICE_ACCOUNT)
+	test $(HOME)/.config/gcloud/application_default_credentials.json || (echo "GCP Application Default Credentials not set."; exit 1)
+	cd gcp/api && docker build -f Dockerfile.esp -t osv/esp:latest .
+	cd gcp/api && pipenv sync && GOOGLE_CLOUD_PROJECT=oss-vdb pipenv run python test_server.py $(HOME)/.config/gcloud/application_default_credentials.json
 
 # TODO: API integration tests.
 all-tests: lib-tests worker-tests importer-tests appengine-tests vulnfeed-tests

gcp/api/Dockerfile.esp

@@ -0,0 +1,24 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+FROM gcr.io/endpoints-release/endpoints-runtime:2
+
+USER root
+
+# Context: https://github.com/mhart/alpine-node/issues/48#issuecomment-370171836
+# The UID needs to be set to 1000 in order to map files without permission issues.
+RUN addgroup -g 1000 -S osv && \
+    adduser --no-create-home -u 1000 -S osv -G osv
+
+USER osv

gcp/api/test_server.py

@@ -92,9 +92,11 @@ def start_esp(port, backend_port, service_account_path, log_path):
   if os.getenv('CLOUDBUILD'):
     network = '--network=cloudbuild'
     host = get_ip()
+    docker_image = 'gcr.io/endpoints-release/endpoints-runtime:2'
   else:
     network = '--network=host'
     host = 'localhost'
+    docker_image = 'osv/esp:latest'
 
   # Stop existing osv-esp processes that weren't killed properly.
   subprocess.run(['docker', 'stop', 'osv-esp'], check=False)
@@ -107,9 +109,9 @@ def start_esp(port, backend_port, service_account_path, log_path):
       network,
       '--rm',
       '-v',
-      f'{service_account_dir}:/esp',
+      f'{service_account_dir}:/esp:ro',
       f'--publish={port}',
-      'gcr.io/endpoints-release/endpoints-runtime:2',
+      f'{docker_image}',
       '--disable_tracing',
       '--service=api-test.osv.dev',
       '--rollout_strategy=managed',