feat(infra): update terraform state backend and add missing runtime secrets

2026-03-31 10:24:02 +00:00 · 2026-03-05 14:21:19 +04:00
parent 0caab1e8e2
commit 6f6873f25d
4 changed files with 51 additions and 1 deletions
--- a/infra/terraform/locals.tf
+++ b/infra/terraform/locals.tf
@@ -16,7 +16,11 @@ locals {
    var.telegram_webhook_secret_id,
    var.scheduler_shared_secret_id,
    var.supabase_url_secret_id,
-    var.supabase_publishable_key_secret_id
+    var.supabase_publishable_key_secret_id,
+    var.database_url_secret_id,
+    var.telegram_bot_token_secret_id,
+    var.telegram_bot_username_secret_id,
+    var.openai_api_key_secret_id
  ]))

  api_services = toset([
--- a/infra/terraform/main.tf
+++ b/infra/terraform/main.tf
@@ -91,6 +91,18 @@ module "bot_api_service" {
    },
    var.supabase_publishable_key_secret_id == null ? {} : {
      SUPABASE_PUBLISHABLE_KEY = var.supabase_publishable_key_secret_id
+    },
+    var.database_url_secret_id == null ? {} : {
+      DATABASE_URL = var.database_url_secret_id
+    },
+    var.telegram_bot_token_secret_id == null ? {} : {
+      TELEGRAM_BOT_TOKEN = var.telegram_bot_token_secret_id
+    },
+    var.telegram_bot_username_secret_id == null ? {} : {
+      TELEGRAM_BOT_USERNAME = var.telegram_bot_username_secret_id
+    },
+    var.openai_api_key_secret_id == null ? {} : {
+      OPENAI_API_KEY = var.openai_api_key_secret_id
    }
  )

--- a/infra/terraform/variables.tf
+++ b/infra/terraform/variables.tf
@@ -70,6 +70,35 @@ variable "supabase_publishable_key_secret_id" {
  nullable    = true
 }

+variable "database_url_secret_id" {
+  description = "Optional Secret Manager ID for DATABASE_URL"
+  type        = string
+  default     = null
+  nullable    = true
+}
+
+variable "telegram_bot_token_secret_id" {
+  description = "Optional Secret Manager ID for TELEGRAM_BOT_TOKEN"
+  type        = string
+  default     = null
+  nullable    = true
+}
+
+variable "telegram_bot_username_secret_id" {
+  description = "Optional Secret Manager ID for TELEGRAM_BOT_USERNAME"
+  type        = string
+  default     = null
+  nullable    = true
+}
+
+variable "openai_api_key_secret_id" {
+  description = "Optional Secret Manager ID for OPENAI_API_KEY"
+  type        = string
+  default     = null
+  nullable    = true
+}
+
+
 variable "scheduler_path" {
  description = "Reminder endpoint path on bot API"
  type        = string
--- a/infra/terraform/versions.tf
+++ b/infra/terraform/versions.tf
@@ -1,6 +1,11 @@
 terraform {
  required_version = ">= 1.8.0"

+  backend "gcs" {
+    # The bucket will need to be configured via `terraform init -backend-config="bucket=<YOUR_BUCKET>"`
+    # or you can hardcode the bucket name here. Since it's a generic module, we leave it to be configured via init args.
+  }
+
  required_providers {
    google = {
      source  = "hashicorp/google"