mirror of
https://github.com/whekin/household-bot.git
synced 2026-03-31 16:14:02 +00:00
56 lines
1.2 KiB
Markdown
56 lines
1.2 KiB
Markdown
# Terraform IaC Runbook
|
|
|
|
## Purpose
|
|
|
|
Provision and maintain GCP infrastructure for bot API, mini app, scheduler, and runtime secrets.
|
|
|
|
## Prerequisites
|
|
|
|
- Terraform `>= 1.8`
|
|
- GCP project with billing enabled
|
|
- Local auth:
|
|
|
|
```bash
|
|
gcloud auth application-default login
|
|
```
|
|
|
|
## Bootstrap
|
|
|
|
```bash
|
|
cp infra/terraform/terraform.tfvars.example infra/terraform/terraform.tfvars
|
|
terraform -chdir=infra/terraform init
|
|
terraform -chdir=infra/terraform plan
|
|
terraform -chdir=infra/terraform apply
|
|
```
|
|
|
|
## Quality checks
|
|
|
|
```bash
|
|
bun run infra:fmt:check
|
|
bun run infra:validate
|
|
```
|
|
|
|
## Add secret values
|
|
|
|
After first apply, add secret versions:
|
|
|
|
```bash
|
|
echo -n "<telegram-webhook-secret>" | gcloud secrets versions add telegram-webhook-secret --data-file=- --project <project_id>
|
|
echo -n "<scheduler-shared-secret>" | gcloud secrets versions add scheduler-shared-secret --data-file=- --project <project_id>
|
|
```
|
|
|
|
## Environment strategy
|
|
|
|
- Keep separate states for `dev` and `prod`.
|
|
- Prefer separate GCP projects for stronger isolation.
|
|
- Keep environment-specific variables in dedicated `*.tfvars` files.
|
|
|
|
## Destructive operations
|
|
|
|
Review plan output before apply/destroy:
|
|
|
|
```bash
|
|
terraform -chdir=infra/terraform plan -destroy
|
|
terraform -chdir=infra/terraform destroy
|
|
```
|