whekin/household-bot
1
0
Fork 0
mirror of https://github.com/whekin/household-bot.git synced 2026-03-31 12:04:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(infra): align bot runtime config with terraform

Browse Source
This commit is contained in:
whekin
2026-03-08 20:10:28 +04:00
parent 3675079a4c
commit 082d0f7dcc
6 changed files with 69 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
docs/runbooks/iac-terraform.md
View File

@@ -18,7 +18,7 @@ gcloud auth application-default login
```bash ```bash
cp infra/terraform/terraform.tfvars.example infra/terraform/terraform.tfvars cp infra/terraform/terraform.tfvars.example infra/terraform/terraform.tfvars
terraform -chdir=infra/terraform init terraform -chdir=infra/terraform init -backend-config="bucket=<terraform-state-bucket>"
terraform -chdir=infra/terraform plan terraform -chdir=infra/terraform plan
terraform -chdir=infra/terraform apply terraform -chdir=infra/terraform apply
``` ```
@@ -35,10 +35,21 @@ bun run infra:validate
After first apply, add secret versions: After first apply, add secret versions:
```bash ```bash
echo -n "<telegram-bot-token>" | gcloud secrets versions add telegram-bot-token --data-file=- --project <project_id>
echo -n "<telegram-webhook-secret>" | gcloud secrets versions add telegram-webhook-secret --data-file=- --project <project_id> echo -n "<telegram-webhook-secret>" | gcloud secrets versions add telegram-webhook-secret --data-file=- --project <project_id>
echo -n "<scheduler-shared-secret>" | gcloud secrets versions add scheduler-shared-secret --data-file=- --project <project_id> echo -n "<scheduler-shared-secret>" | gcloud secrets versions add scheduler-shared-secret --data-file=- --project <project_id>
``` ```
If you set optional secret IDs such as `database_url_secret_id` or
`openai_api_key_secret_id`, add versions for those secrets too.
Keep bot runtime config that is not secret in your `*.tfvars` file:
- `bot_household_id`
- `bot_household_chat_id`
- `bot_purchase_topic_id`
- optional `bot_parser_model`
## Environment strategy ## Environment strategy
- Keep separate states for `dev` and `prod`. - Keep separate states for `dev` and `prod`.

11
infra/terraform/README.md
View File

@@ -29,7 +29,7 @@ This directory contains baseline IaC for deploying the household bot platform on
1. Initialize: 1. Initialize:
```bash ```bash
terraform -chdir=infra/terraform init terraform -chdir=infra/terraform init -backend-config="bucket=<terraform-state-bucket>"
``` ```
2. Prepare variables: 2. Prepare variables:
@@ -53,10 +53,14 @@ terraform -chdir=infra/terraform apply
5. Add secret values (after apply): 5. Add secret values (after apply):
```bash ```bash
echo -n "<telegram-bot-token>" | gcloud secrets versions add telegram-bot-token --data-file=- --project <project_id>
echo -n "<value>" | gcloud secrets versions add telegram-webhook-secret --data-file=- --project <project_id> echo -n "<value>" | gcloud secrets versions add telegram-webhook-secret --data-file=- --project <project_id>
echo -n "<value>" | gcloud secrets versions add scheduler-shared-secret --data-file=- --project <project_id> echo -n "<value>" | gcloud secrets versions add scheduler-shared-secret --data-file=- --project <project_id>
``` ```
If you configure optional secret IDs such as `database_url_secret_id` or
`openai_api_key_secret_id`, add versions for those secrets as well.
## Environments ## Environments
Recommended approach: Recommended approach:
@@ -64,6 +68,11 @@ Recommended approach:
- Keep one state per environment (dev/prod) using separate backend configs or workspaces - Keep one state per environment (dev/prod) using separate backend configs or workspaces
- Use `terraform.tfvars` per environment (`dev.tfvars`, `prod.tfvars`) - Use `terraform.tfvars` per environment (`dev.tfvars`, `prod.tfvars`)
- Keep `project_id` separate for dev/prod when possible - Keep `project_id` separate for dev/prod when possible
- Keep non-secret bot config in `*.tfvars`:
- `bot_household_id`
- `bot_household_chat_id`
- `bot_purchase_topic_id`
- optional `bot_parser_model`
## CI validation ## CI validation

1
infra/terraform/locals.tf
View File

@@ -19,7 +19,6 @@ locals {
var.supabase_publishable_key_secret_id, var.supabase_publishable_key_secret_id,
var.database_url_secret_id, var.database_url_secret_id,
var.telegram_bot_token_secret_id, var.telegram_bot_token_secret_id,
var.telegram_bot_username_secret_id,
var.openai_api_key_secret_id var.openai_api_key_secret_id
])) ]))

23
infra/terraform/main.tf
View File

@@ -77,9 +77,23 @@ module "bot_api_service" {
max_instance_count = var.bot_max_instances max_instance_count = var.bot_max_instances
labels = local.common_labels labels = local.common_labels
env = { env = merge(
NODE_ENV = var.environment {
} NODE_ENV = var.environment
},
var.bot_household_id == null ? {} : {
HOUSEHOLD_ID = var.bot_household_id
},
var.bot_household_chat_id == null ? {} : {
TELEGRAM_HOUSEHOLD_CHAT_ID = var.bot_household_chat_id
},
var.bot_purchase_topic_id == null ? {} : {
TELEGRAM_PURCHASE_TOPIC_ID = tostring(var.bot_purchase_topic_id)
},
var.bot_parser_model == null ? {} : {
PARSER_MODEL = var.bot_parser_model
}
)
secret_env = merge( secret_env = merge(
{ {
@@ -98,9 +112,6 @@ module "bot_api_service" {
var.telegram_bot_token_secret_id == null ? {} : { var.telegram_bot_token_secret_id == null ? {} : {
TELEGRAM_BOT_TOKEN = var.telegram_bot_token_secret_id TELEGRAM_BOT_TOKEN = var.telegram_bot_token_secret_id
}, },
var.telegram_bot_username_secret_id == null ? {} : {
TELEGRAM_BOT_USERNAME = var.telegram_bot_username_secret_id
},
var.openai_api_key_secret_id == null ? {} : { var.openai_api_key_secret_id == null ? {} : {
OPENAI_API_KEY = var.openai_api_key_secret_id OPENAI_API_KEY = var.openai_api_key_secret_id
} }

9
infra/terraform/terraform.tfvars.example
View File

@@ -5,8 +5,13 @@ service_prefix = "household"
artifact_repository_id = "household-bot" artifact_repository_id = "household-bot"
bot_api_image = "europe-west1-docker.pkg.dev/my-gcp-project/household-bot/bot-api:latest" bot_api_image = "europe-west1-docker.pkg.dev/my-gcp-project/household-bot/bot:latest"
mini_app_image = "europe-west1-docker.pkg.dev/my-gcp-project/household-bot/mini-app:latest" mini_app_image = "europe-west1-docker.pkg.dev/my-gcp-project/household-bot/miniapp:latest"
bot_household_id = "11111111-1111-4111-8111-111111111111"
bot_household_chat_id = "-1001234567890"
bot_purchase_topic_id = 777
bot_parser_model = "gpt-4.1-mini"
scheduler_cron = "0 9 * * *" scheduler_cron = "0 9 * * *"
scheduler_timezone = "Asia/Tbilisi" scheduler_timezone = "Asia/Tbilisi"

26
infra/terraform/variables.tf
View File

@@ -78,14 +78,34 @@ variable "database_url_secret_id" {
} }
variable "telegram_bot_token_secret_id" { variable "telegram_bot_token_secret_id" {
description = "Optional Secret Manager ID for TELEGRAM_BOT_TOKEN" description = "Secret Manager ID for TELEGRAM_BOT_TOKEN"
type = string
default = "telegram-bot-token"
}
variable "bot_household_id" {
description = "Optional HOUSEHOLD_ID value for bot runtime"
type = string type = string
default = null default = null
nullable = true nullable = true
} }
variable "telegram_bot_username_secret_id" { variable "bot_household_chat_id" {
description = "Optional Secret Manager ID for TELEGRAM_BOT_USERNAME" description = "Optional TELEGRAM_HOUSEHOLD_CHAT_ID value for bot runtime"
type = string
default = null
nullable = true
}
variable "bot_purchase_topic_id" {
description = "Optional TELEGRAM_PURCHASE_TOPIC_ID value for bot runtime"
type = number
default = null
nullable = true
}
variable "bot_parser_model" {
description = "Optional PARSER_MODEL override for bot runtime"
type = string type = string
default = null default = null
nullable = true nullable = true