feat: add tf file for GCP

Author: RMCampos

.gitignore

@@ -36,3 +36,17 @@ yarn-error.log*
 
 # Schema Spy
 schemaspy/output/
+
+# Terraform
+.terraform/
+*.tfstate
+*.tfstate.backup
+*.tfvars
+*.tfvars.json
+override.tf
+override.tf.json
+_override.tf
+_override.tf.json
+.terraformrc
+terraform.rc
+

terraform-gcp/.terraform.lock.hcl

@@ -0,0 +1,117 @@
+resource "google_cloud_run_v2_service" "backend" {
+  name     = "tasknote-api"
+  location = var.region
+  ingress  = "INGRESS_TRAFFIC_ALL"
+
+  depends_on = [google_project_service.run]
+
+  template {
+    service_account = google_service_account.cloudrun_sa.email
+    vpc_access {
+      connector = google_vpc_access_connector.connector.id
+      egress    = "ALL_TRAFFIC"
+    }
+
+    containers {
+      image = var.backend_image
+      ports {
+        container_port = 8585
+      }
+      env {
+        name  = "POSTGRES_DB"
+        value = var.db_name
+      }
+      env {
+        name  = "POSTGRES_HOST"
+        value = google_sql_database_instance.instance.private_ip_address
+      }
+      env {
+        name  = "POSTGRES_USER"
+        value = var.db_user
+      }
+      env {
+        name  = "POSTGRES_PASSWORD"
+        value = var.db_password
+      }
+      env {
+        name  = "POSTGRES_PORT"
+        value = "5432"
+      }
+      env {
+        name  = "CORS_ALLOWED_ORIGINS"
+        value = var.cors_allowed_origins
+      }
+      env {
+        name = "SERVER_SERVLET_CONTEXT_PATH"
+        value = "/"
+      }
+      env {
+        name  = "TARGET_ENV"
+        value = "production"
+      }
+      env {
+        name = "SECURITY_KEY"
+        value_source {
+          secret_key_ref {
+            secret  = google_secret_manager_secret.security_key.secret_id
+            version = "latest"
+          }
+        }
+      }
+      env {
+        name = "MAILGUN_APIKEY"
+        value_source {
+          secret_key_ref {
+            secret  = google_secret_manager_secret.mailgun_apikey.secret_id
+            version = "latest"
+          }
+        }
+      }
+    }
+  }
+}
+
+resource "google_cloud_run_v2_service" "frontend" {
+  name     = "tasknote-app"
+  location = var.region
+  ingress  = "INGRESS_TRAFFIC_ALL"
+
+  depends_on = [google_project_service.run]
+
+  template {
+    service_account = google_service_account.cloudrun_sa.email
+
+    containers {
+      image = var.frontend_image
+      ports {
+        container_port = 5000
+      }
+      env {
+        name  = "VITE_BACKEND_SERVER"
+        value = google_cloud_run_v2_service.backend.uri
+      }
+    }
+  }
+}
+
+# Allow unauthenticated access to both services
+resource "google_cloud_run_service_iam_member" "backend_public" {
+  location = google_cloud_run_v2_service.backend.location
+  service  = google_cloud_run_v2_service.backend.name
+  role     = "roles/run.invoker"
+  member   = "allUsers"
+}
+
+resource "google_cloud_run_service_iam_member" "frontend_public" {
+  location = google_cloud_run_v2_service.frontend.location
+  service  = google_cloud_run_v2_service.frontend.name
+  role     = "roles/run.invoker"
+  member   = "allUsers"
+}
+
+# Grant Cloud SQL Client role to the service account
+resource "google_project_iam_member" "cloudsql_client" {
+  project = var.project_id
+  role    = "roles/cloudsql.client"
+  member  = "serviceAccount:${google_service_account.cloudrun_sa.email}"
+}

terraform-gcp/cloudrun.tf

@@ -0,0 +1,32 @@
+resource "google_sql_database_instance" "instance" {
+  name             = "tasknote-db-instance"
+  region           = var.region
+  database_version = "POSTGRES_15"
+
+  depends_on = [
+    google_service_networking_connection.private_vpc_connection,
+    google_project_service.sqladmin,
+    google_project_service.servicenetworking
+  ]
+
+  settings {
+    tier = "db-f1-micro" # Smallest tier for dev/small app
+    ip_configuration {
+      ipv4_enabled    = false
+      private_network = google_compute_network.vpc_network.id
+    }
+  }
+
+  deletion_protection = false # Set to true for production
+}
+
+resource "google_sql_database" "database" {
+  name     = var.db_name
+  instance = google_sql_database_instance.instance.name
+}
+
+resource "google_sql_user" "users" {
+  name     = var.db_user
+  instance = google_sql_database_instance.instance.name
+  password = var.db_password
+}

terraform-gcp/database.tf

@@ -0,0 +1,35 @@
+resource "google_compute_network" "vpc_network" {
+  name                    = "tasknote-vpc"
+  auto_create_subnetworks = false
+}
+
+resource "google_compute_subnetwork" "subnet" {
+  name          = "tasknote-subnet"
+  ip_cidr_range = "10.0.0.0/24"
+  region        = var.region
+  network       = google_compute_network.vpc_network.id
+}
+
+# Private IP for Cloud SQL
+resource "google_compute_global_address" "private_ip_address" {
+  name          = "tasknote-private-ip"
+  purpose       = "VPC_PEERING"
+  address_type  = "INTERNAL"
+  prefix_length = 16
+  network       = google_compute_network.vpc_network.id
+}
+
+resource "google_service_networking_connection" "private_vpc_connection" {
+  network                 = google_compute_network.vpc_network.id
+  service                 = "servicenetworking.googleapis.com"
+  reserved_peering_ranges = [google_compute_global_address.private_ip_address.name]
+}
+
+# Serverless VPC Access Connector
+resource "google_vpc_access_connector" "connector" {
+  name          = "tasknote-vpc-connector"
+  region        = var.region
+  ip_cidr_range = "10.8.0.0/28"
+  network       = google_compute_network.vpc_network.name
+  depends_on    = [google_project_service.vpcaccess, google_project_service.compute]
+}

terraform-gcp/network.tf

@@ -0,0 +1,15 @@
+output "backend_url" {
+  value = google_cloud_run_v2_service.backend.uri
+}
+
+output "frontend_url" {
+  value = google_cloud_run_v2_service.frontend.uri
+}
+
+output "cloud_sql_instance_ip" {
+  value = google_sql_database_instance.instance.private_ip_address
+}
+
+output "artifact_registry_repo" {
+  value = google_artifact_registry_repository.repo.name
+}

terraform-gcp/outputs.tf

@@ -0,0 +1,25 @@
+terraform {
+  required_providers {
+    google = {
+      source  = "hashicorp/google"
+      version = "~> 5.0"
+    }
+  }
+
+  backend "s3" {
+    bucket                      = "tasknote"
+    key                         = "gcp/terraform.tfstate"
+    region                      = "auto"
+    endpoints                   = { s3 = "https://d17eb09b6bce2f90e16e800bb2a6baf9.r2.cloudflarestorage.com" }
+    skip_credentials_validation = true
+    skip_region_validation      = true
+    skip_requesting_account_id  = true
+    skip_metadata_api_check     = true
+    skip_s3_checksum            = true
+  }
+}
+
+provider "google" {
+  project = var.project_id
+  region  = var.region
+}

terraform-gcp/providers.tf

@@ -0,0 +1,7 @@
+resource "google_artifact_registry_repository" "repo" {
+  location      = var.region
+  repository_id = "tasknote-repo"
+  description   = "Docker repository for TaskNote images"
+  format        = "DOCKER"
+  depends_on    = [google_project_service.artifactregistry]
+}

terraform-gcp/registry.tf

@@ -0,0 +1,49 @@
+resource "google_service_account" "cloudrun_sa" {
+  account_id   = "tasknote-cloudrun-sa"
+  display_name = "TaskNote Cloud Run Service Account"
+}
+
+resource "google_secret_manager_secret" "security_key" {
+  secret_id = "security-key"
+  replication {
+    user_managed {
+      replicas {
+        location = var.region
+      }
+    }
+  }
+}
+
+resource "google_secret_manager_secret_version" "security_key_version" {
+  secret      = google_secret_manager_secret.security_key.id
+  secret_data = var.security_key
+}
+
+resource "google_secret_manager_secret" "mailgun_apikey" {
+  secret_id = "mailgun-apikey"
+  replication {
+    user_managed {
+      replicas {
+        location = var.region
+      }
+    }
+  }
+  depends_on = [google_project_service.secretmanager]
+}
+
+resource "google_secret_manager_secret_version" "mailgun_apikey_version" {
+  secret      = google_secret_manager_secret.mailgun_apikey.id
+  secret_data = var.mailgun_apikey
+}
+
+resource "google_secret_manager_secret_iam_member" "security_key_access" {
+  secret_id = google_secret_manager_secret.security_key.id
+  role      = "roles/secretmanager.secretAccessor"
+  member    = "serviceAccount:${google_service_account.cloudrun_sa.email}"
+}
+
+resource "google_secret_manager_secret_iam_member" "mailgun_apikey_access" {
+  secret_id = google_secret_manager_secret.mailgun_apikey.id
+  role      = "roles/secretmanager.secretAccessor"
+  member    = "serviceAccount:${google_service_account.cloudrun_sa.email}"
+}

terraform-gcp/secrets.tf

@@ -0,0 +1,34 @@
+resource "google_project_service" "compute" {
+  service            = "compute.googleapis.com"
+  disable_on_destroy = false
+}
+
+resource "google_project_service" "sqladmin" {
+  service            = "sqladmin.googleapis.com"
+  disable_on_destroy = false
+}
+
+resource "google_project_service" "run" {
+  service            = "run.googleapis.com"
+  disable_on_destroy = false
+}
+
+resource "google_project_service" "secretmanager" {
+  service            = "secretmanager.googleapis.com"
+  disable_on_destroy = false
+}
+
+resource "google_project_service" "vpcaccess" {
+  service            = "vpcaccess.googleapis.com"
+  disable_on_destroy = false
+}
+
+resource "google_project_service" "artifactregistry" {
+  service            = "artifactregistry.googleapis.com"
+  disable_on_destroy = false
+}
+
+resource "google_project_service" "servicenetworking" {
+  service            = "servicenetworking.googleapis.com"
+  disable_on_destroy = false
+}