Ref: https://firebase.google.com/docs/rules/manage-deploy#release_deploy_a_ruleset

Alright, after a bunch of trial and error and attempting the setup on a new project I got this to update properly. I think I created and destroyed my infra way too many times with way too many errors for it to have worked on my first GCP project - was getting 400s in the end and couldn't destroy the stack anymore 😅 Here's the final setup I've got for the resources:

firestoreRuleset:
    type: gcp:firebaserules:Ruleset
    properties:
      source:
        files:
          - name: "firestore.rules"
            content: "service cloud.firestore {match /databases/{database}/documents { match /{document=**} { allow read, write: if true; } } }"
  firestoreRulesRelease:
    type: gcp:firebaserules:Release
    properties:
      name: "cloud.firestore"
      rulesetName: "projects/pulumitest2-409018/rulesets/${firestoreRuleset.name}"
    options:
      dependsOn:
        - ${firestoreRuleset}

The Terraform docs also helped, especially around understanding what the arguments should be.

Specifically this

Firestore Rules Releases will always have the name 'cloud.firestore'

which I was messing with and clearly broke somehow