whekin/household-bot
1
0
Fork 0
mirror of https://github.com/whekin/household-bot.git synced 2026-03-31 10:24:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat(WHE-28): add terraform baseline for cloud run and scheduler

Browse Source
This commit is contained in:
whekin
2026-03-05 03:36:54 +04:00
parent 18168a8dab
commit d393c08263
19 changed files with 914 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
docs/runbooks/dev-setup.md
View File

@@ -4,6 +4,7 @@
- Bun 1.3+
- Node.js 22+
- Terraform 1.8+ (for IaC checks/plans)
## First-time setup
@@ -21,6 +22,8 @@ bun run format:check
bun run typecheck
bun run test
bun run build
bun run infra:fmt:check
bun run infra:validate
```
## App commands
@@ -47,8 +50,13 @@ bun run review:coderabbit
- CI runs in parallel matrix jobs on push/PR to `main`:
- `format:check`, `lint`, `typecheck`, `test`, `build`
- `terraform fmt -check`, `terraform validate`
- CD deploys on successful `main` CI completion (or manual dispatch).
- CD is enabled when GitHub secrets are configured:
- `GCP_PROJECT_ID`
- `GCP_WORKLOAD_IDENTITY_PROVIDER`
- `GCP_SERVICE_ACCOUNT`
## IaC Runbook
- See `docs/runbooks/iac-terraform.md` for provisioning flow.

55
docs/runbooks/iac-terraform.md Normal file
View File

@@ -0,0 +1,55 @@
# Terraform IaC Runbook
## Purpose
Provision and maintain GCP infrastructure for bot API, mini app, scheduler, and runtime secrets.
## Prerequisites
- Terraform `>= 1.8`
- GCP project with billing enabled
- Local auth:
```bash
gcloud auth application-default login
```
## Bootstrap
```bash
cp infra/terraform/terraform.tfvars.example infra/terraform/terraform.tfvars
terraform -chdir=infra/terraform init
terraform -chdir=infra/terraform plan
terraform -chdir=infra/terraform apply
```
## Quality checks
```bash
bun run infra:fmt:check
bun run infra:validate
```
## Add secret values
After first apply, add secret versions:
```bash
echo -n "<telegram-webhook-secret>" | gcloud secrets versions add telegram-webhook-secret --data-file=- --project <project_id>
echo -n "<scheduler-shared-secret>" | gcloud secrets versions add scheduler-shared-secret --data-file=- --project <project_id>
```
## Environment strategy
- Keep separate states for `dev` and `prod`.
- Prefer separate GCP projects for stronger isolation.
- Keep environment-specific variables in dedicated `*.tfvars` files.
## Destructive operations
Review plan output before apply/destroy:
```bash
terraform -chdir=infra/terraform plan -destroy
terraform -chdir=infra/terraform destroy
```