whekin/household-bot
1
0
Fork 0
mirror of https://github.com/whekin/household-bot.git synced 2026-03-31 22:34:03 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat(infra): implement multi-environment deployment strategy

Browse Source 
- Update CD workflow for branch-based environments (main -> Prod, dev -> Dev)
- Support Terraform workspaces for environment isolation
- Add manage_runtime_secrets flag to prevent accidental secret destruction
- Add infra management and secret setup utility scripts
- Prefix GitHub deployer identity with environment name
- Synchronize bot environment variables with latest runtime config
This commit is contained in:
whekin
2026-03-15 19:11:18 +04:00
parent 594c370677
commit f4fe4470f7
7 changed files with 211 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
scripts/ops/import-shared-resources.sh Executable file
View File

@@ -0,0 +1,44 @@
#!/bin/bash
# Configuration
PROJECT_ID="gen-lang-client-0200379851"
REGION="europe-west1"
WORKSPACE="${1:-prod}" # Takes first argument, defaults to 'prod'
# Change directory to terraform folder
cd infra/terraform || exit 1
echo "--- Shared Resource Import Utility ---"
echo "Target Project: $PROJECT_ID"
echo "Target Workspace: $WORKSPACE"
# 1. Ensure the workspace exists and is selected
terraform workspace select "$WORKSPACE" || terraform workspace new "$WORKSPACE"
# 2. Construct Resource IDs
echo -e "\nConstructing Resource IDs..."
REPO_ID="projects/$PROJECT_ID/locations/$REGION/repositories/household-bot"
POOL_ID="projects/$PROJECT_ID/locations/global/workloadIdentityPools/github-pool"
PROV_ID="projects/$PROJECT_ID/locations/global/workloadIdentityPools/github-pool/providers/github-provider"
echo "1. Repository Resource ID: $REPO_ID"
echo "2. Identity Pool Resource ID: $POOL_ID"
echo "3. Provider Resource ID: $PROV_ID"
# 3. Perform the Imports
echo -e "\nStarting Terraform Imports..."
# Import Repository
echo -e "\n--- Importing Artifact Registry ---"
terraform import -input=false -var-file="$WORKSPACE.tfvars" google_artifact_registry_repository.containers "$REPO_ID"
# Import Workload Identity Pool
echo -e "\n--- Importing Workload Identity Pool ---"
terraform import -input=false -var-file="$WORKSPACE.tfvars" 'google_iam_workload_identity_pool.github[0]' "$POOL_ID"
# Import Workload Identity Provider
echo -e "\n--- Importing Workload Identity Provider ---"
terraform import -input=false -var-file="$WORKSPACE.tfvars" 'google_iam_workload_identity_pool_provider.github[0]' "$PROV_ID"
echo -e "\n--- Import Complete for $WORKSPACE! ---"
echo "You can now run: bun run infra:apply:$WORKSPACE"