I successfully implemented Google's sign-in feature which is running quite nicely on my local machine (Mac, PHP, MySQL) following these instructions. I posted how I implemented this here.

I have recently uploaded the work-in-progress site to a container in a Google Cloud Run environment but this sign-in feature is no longer working. The error log shows: PHP Fatal error: Uncaught Error: Failed opening required '/var/www/html/vendor/autoload.php' (include_path='.:/usr/local/lib/php') in /var/www/html/includes/oauth.php:5.

I've take this to mean that the /vendor/... dependencies are either in a different location, or not there at all (I exclude these files from the deployment, though I do include the composer.json file which requires the google/apiclient) and I can't figure out if there is a simple configuration I need to perform to tell the Cloud Run service about the dependency.

I'm getting very lost in the Google documentation. One track suggests that I should abandon this method and move to Google Identity Services Library which would be quite frustrating as I spent quite some effort getting the current method working correctly.

The javascript components work well and produce a pop-up to allow the user to select their Google ID and log in. The callback function works too as the oauth.php file is executed on the server and it outputs to the console the sessionId. It's just the require_once line that's causing the failure.

// oauth.php
<?php
session_start();
error_log("oauth.php SessionId: " . session_id(), 0);
include 'connect.php';
require_once __DIR__ . '/vendor/autoload.php';
$jwt = new \Firebase\JWT\JWT; //Allow for discrepancies between server and auth times
$jwt::$leeway = 100;

$CLIENT_ID = "XXX";
$client = new Google_Client(['client_id' => $CLIENT_ID]);  // Specify the CLIENT_ID of the app that accesses the backend
$client->setRedirectUri('postmessage');
$client->addScope("email");
$client->addScope("profile");

if (isset($_POST['idtoken'])){
    $id_token = $_POST['idtoken'];
// Code continues to validate and process the user data
}

Has anyone experienced this challenge and found a resource to help with migrating a google sign-in service from a standalone apache-based deployment to Google Cloud Run?

My Dockerfile (which doesn't contain any information about composer. I'm now reading that I need to perform a composer install either within this Dockerfile or within docker-compose):

# Use the official PHP image.
# https://hub.docker.com/_/php
FROM php:8.0-apache

# Configure PHP for Cloud Run.
# Precompile PHP code with opcache.
RUN docker-php-ext-install -j "$(nproc)" opcache
RUN docker-php-ext-install -j "$(nproc)" mysqli
RUN set -ex; \
  { \
    echo "; Cloud Run enforces memory & timeouts"; \
    echo "memory_limit = -1"; \
    echo "max_execution_time = 0"; \
    echo "; File upload at Cloud Run network limit"; \
    echo "upload_max_filesize = 32M"; \
    echo "post_max_size = 32M"; \
    echo "; Configure Opcache for Containers"; \
    echo "opcache.enable = On"; \
    echo "opcache.validate_timestamps = Off"; \
    echo "; Configure Opcache Memory (Application-specific)"; \
    echo "opcache.memory_consumption = 32"; \
  } > "$PHP_INI_DIR/conf.d/cloud-run.ini"

# Copy in custom code from the host machine.
WORKDIR /var/www/html
COPY . ./

# Use the PORT environment variable in Apache configuration files.
# https://cloud.google.com/run/docs/reference/container-contract#port
RUN sed -i 's/80/${PORT}/g' /etc/apache2/sites-available/000-default.conf /etc/apache2/ports.conf

# Configure PHP for development.
# Switch to the production php.ini for production operations.
# RUN mv "$PHP_INI_DIR/php.ini-production" "$PHP_INI_DIR/php.ini"
# https://github.com/docker-library/docs/blob/master/php/README.md#configuration
RUN mv "$PHP_INI_DIR/php.ini-development" "$PHP_INI_DIR/php.ini"

composer.json:

{
    "require": {
        "google/apiclient": "^2.11"
    }
}

I added the following to the end of my Dockerfile. I added the USER line as I was getting a "An error was encountered loading IAM roles associated with the service acount[sic]." error. This user has the following roles: Cloud Run Admin, Secret Manager, Service Accounts, Cloud Build. I'm still getting build failures, probably because I'm not using the user correctly. I read that composer wants to install as root which causes problems during a cloud build:

FROM composer as builder
WORKDIR /app/
USER XXX@cloudbuild.gserviceaccount.com
COPY composer.* ./
RUN composer install
COPY --from=builder /app/vendor /var/www/html/vendor