lanterno/beats - Change 7UXZYCGIA4ZKZOQQQXAFUL4OR2XAPV4MDGJ5U3U3BCRY55GV63YAC

moves terraform to dedicated repo

Created by Ahmed Elghareeb on November 1, 2025

7UXZYCGIA4ZKZOQQQXAFUL4OR2XAPV4MDGJ5U3U3BCRY55GV63YAC

Dependencies

In channels

main

Change contents

File deletion: terraform
BF:BFD[4.2] → [5.3:23]
BF:BFD[5.23] → [5.2:2]

File deletion: .gitignore

BF:BFD[5.2] → [5.10425:10459]

BF:BFD[5.10459] → [5.10039:10039]

B:BD[5.10039] → [5.10040:10424]

# Terraform state files
.terraform/
*.tfstate
*.tfstate.*
*.tfstate.backup
# Terraform variables with sensitive data
terraform.tfvars
*.auto.tfvars
# Crash log files
crash.log
crash.*.log
# CLI configuration files
.terraformrc
terraform.rc
# Provider cache
.terraform.lock.hcl
# Override files
override.tf
override.tf.json
*_override.tf
*_override.tf.json
# Plan files
*.tfplan

File deletion: main.tf

BF:BFD[5.2] → [5.5128:5159]

BF:BFD[5.5159] → [5.3823:3823]

B:BD[5.3823] → [5.3824:3893]

∅:D[6.4215] → [5.3971:3984]

B:BD[5.3971] → [5.3971:3984]

∅:D[6.4286] → [5.4069:4072]

B:BD[5.4069] → [5.4069:4072]

∅:D[7.128] → [5.4242:4245]

∅:D[6.4323] → [5.4242:4245]

B:BD[5.4242] → [5.4242:4245]

∅:D[6.5856] → [5.4476:4486]

B:BD[5.4476] → [5.4476:4486]

B:BD[5.4486] → [8.6:7]

∅:D[6.7016] → [5.4659:4665]

B:BD[5.4659] → [5.4659:4665]

∅:D[6.7213] → [5.4717:4727]

B:BD[5.4717] → [5.4717:4727]

∅:D[9.38] → [5.4796:4799]

∅:D[2.387] → [5.4796:4799]

∅:D[6.7378] → [5.4796:4799]

B:BD[5.4796] → [5.4796:4799]

∅:D[2.765] → [6.7379:7977]

B:BD[5.4799] → [6.7379:7977]

B:BD[5.4799] → [2.388:765]

B:BD[5.4727] → [6.7214:7378]

B:BD[6.7378] → [2.190:387]

B:BD[5.4665] → [6.7017:7213]

B:BD[8.7] → [6.5857:5909]

∅:D[3.42] → [6.6015:6134]

∅:D[7.1096] → [6.6015:6134]

B:BD[6.6015] → [6.6015:6134]

∅:D[7.1190] → [6.6134:7016]

B:BD[6.6134] → [6.6134:7016]

B:BD[6.6134] → [7.1097:1190]

B:BD[6.5909] → [7.902:1096]

B:BD[7.1096] → [3.6:42]

∅:D[7.310] → [6.4420:4595]

B:BD[6.4420] → [6.4420:4595]

∅:D[7.503] → [6.4595:4885]

B:BD[6.4595] → [6.4595:4885]

B:BD[6.5081] → [6.5081:5412]

B:BD[7.507] → [7.507:901]

∅:D[7.901] → [6.5484:5856]

B:BD[6.5484] → [6.5484:5856]

B:BD[6.5412] → [10.6:206]

B:BD[10.206] → [11.6:81]

B:BD[11.81] → [2.126:189]

∅:D[2.189] → [11.81:221]

B:BD[11.81] → [11.81:221]

B:BD[11.221] → [12.6:81]

B:BD[6.4595] → [7.311:503]

B:BD[5.4245] → [7.129:310]

B:BD[5.4072] → [6.4287:4296]

∅:D[2.125] → [7.87:128]

B:BD[7.87] → [7.87:128]

B:BD[6.4296] → [2.6:125]

B:BD[5.3984] → [6.4216:4286]

B:BD[5.3893] → [6.4140:4215]

terraform {
  required_version = ">= 1.10"
  
  required_providers {
    }
  }
}
}
  
    }
  }
    }
    }
  }
}
# IAM policy to allow unauthenticated access (public)
resource "google_cloud_run_service_iam_member" "public_access" {
  count    = var.allow_unauthenticated ? 1 : 0
  service  = google_cloud_run_service.beats_api.name
  location = google_cloud_run_service.beats_api.location
  role     = "roles/run.invoker"
  member   = "allUsers"
}
# Custom domain mapping
resource "google_cloud_run_domain_mapping" "custom_domain" {
  name     = var.custom_domain
  location = var.region
  metadata {
    namespace = var.project_id
  }
  spec {
    route_name = google_cloud_run_service.beats_api.name
  }
}
resource "google_artifact_registry_repository_iam_member" "cloudrun_reader" {
  project    = var.project_id
  location   = local.artifact_registry_location
  repository = google_artifact_registry_repository.docker.name
  role       = "roles/artifactregistry.reader"
  member     = "serviceAccount:${data.google_project.project.number}-compute@developer.gserviceaccount.com"
}
  traffic {
    percent         = 100
    latest_revision = true
  }
  lifecycle {
    ignore_changes = [
      template[0].spec[0].containers[0].image
    ]
  }
}
# Grant Cloud Run default service account access to Artifact Registry
# Cloud Run uses the Compute Engine default service account
data "google_project" "project" {
  project_id = var.project_id
    
    metadata {
      annotations = {
        "autoscaling.knative.dev/minScale" = tostring(var.min_instances)
        "autoscaling.knative.dev/maxScale" = tostring(var.max_instances)
      }
  filename = "cloudbuild.yaml"
  substitutions = {
  }
  service_account = google_service_account.cloudbuild.id
  depends_on = [
    google_project_service.cloudbuild,
  ]
}
# Cloud Run service for the Beats FastAPI application
resource "google_cloud_run_service" "beats_api" {
  name     = var.service_name
  location = var.region
  template {
    spec {
      containers {
        image = "${local.built_image}:latest"
        
        ports {
          container_port = var.container_port
        }
        
        env {
          name  = "DB_DSN"
          value = var.db_dsn
        }
        
        env {
          name  = "DB_NAME"
          value = var.db_name
        }
        
        env {
          name  = "ACCESS_TOKEN"
          value = var.access_token
        }
        
        resources {
          limits = {
            cpu    = var.cpu_limit
            memory = var.memory_limit
          }
        }
      }
      
      container_concurrency = var.container_concurrency
      timeout_seconds      = var.timeout_seconds
    google_project_service.artifactregistry,
    google_artifact_registry_repository.docker,
    _REGISTRY_LOCATION = local.artifact_registry_location
    _REPO_NAME         = local.artifact_registry_repo
    _IMAGE_NAME        = var.service_name
    _PROJECT_ID        = var.project_id
    _REGION            = var.region
}
# Enable required APIs
resource "google_project_service" "cloudbuild" {
  service = "cloudbuild.googleapis.com"
  project = var.project_id
  disable_on_destroy = false
}
# Service account for Cloud Build
resource "google_service_account" "cloudbuild" {
  account_id   = "cloudbuild-${var.service_name}"
  display_name = "Cloud Build Service Account for ${var.service_name}"
  project      = var.project_id
}
# Grant permissions to Cloud Build service account
resource "google_project_iam_member" "cloudbuild_run" {
  project = var.project_id
  role    = "roles/run.admin"
  member  = "serviceAccount:${google_service_account.cloudbuild.email}"
}
resource "google_project_iam_member" "cloudbuild_service_account_user" {
  project = var.project_id
  role    = "roles/iam.serviceAccountUser"
# Artifact Registry repository for Docker images
resource "google_artifact_registry_repository" "docker" {
  location      = local.artifact_registry_location
  repository_id = local.artifact_registry_repo
  description   = "Docker repository for ${var.service_name}"
  format        = "DOCKER"
  project       = var.project_id
  depends_on = [
    google_project_service.artifactregistry,
  ]
}
# Cloud Build trigger for building Docker images
resource "google_cloudbuild_trigger" "docker_build" {
  name        = "${var.service_name}-build"
  description = "Build and push Docker image for ${var.service_name}"
  project     = var.project_id
  github {
    owner = var.github_owner
    name  = var.github_repo
    push {
      branch = "^${var.github_branch}$"
  member  = "serviceAccount:${google_service_account.cloudbuild.email}"
}
resource "google_project_iam_member" "cloudbuild_logging" {
  project = var.project_id
  role    = "roles/logging.logWriter"
  member  = "serviceAccount:${google_service_account.cloudbuild.email}"
}
# Artifact Registry permissions for Cloud Build to push images
resource "google_project_iam_member" "cloudbuild_artifactregistry" {
  project = var.project_id
  role    = "roles/artifactregistry.writer"
  member  = "serviceAccount:${google_service_account.cloudbuild.email}"
}
# Enable Artifact Registry API
resource "google_project_service" "artifactregistry" {
  service = "artifactregistry.googleapis.com"
  project = var.project_id
  disable_on_destroy = false
}
  # Build image URL for Artifact Registry
  built_image = "${local.artifact_registry_location}-docker.pkg.dev/${var.project_id}/${local.artifact_registry_repo}/${var.service_name}"
locals {
  artifact_registry_repo      = "docker"
  # Use europe-west1 for all resources (Artifact Registry and Cloud Run)
  artifact_registry_location = "europe-west1"
provider "google" {
  project = var.project_id
  region  = var.region
    google = {
      source  = "hashicorp/google"
      version = "~> 7.9"

File deletion: outputs.tf

BF:BFD[5.2] → [5.3787:3821]

BF:BFD[5.3821] → [5.3079:3079]

B:BD[5.3189] → [5.3189:3212]

∅:D[6.3278] → [5.3314:3341]

B:BD[5.3314] → [5.3314:3341]

∅:D[6.3392] → [5.3438:3441]

B:BD[5.3438] → [5.3438:3441]

∅:D[6.3536] → [5.3601:3604]

B:BD[5.3601] → [5.3601:3604]

∅:D[6.4020] → [5.3784:3786]

B:BD[5.3784] → [5.3784:3786]

B:BD[5.3786] → [6.4021:4138]

B:BD[5.3604] → [6.3537:4020]

B:BD[5.3441] → [6.3393:3536]

B:BD[5.3341] → [6.3279:3392]

B:BD[5.3212] → [6.3150:3278]

output "service_url" {
}
output "service_name" {
}
}
}
output "built_image_url" {
  description = "Built Docker image URL"
  value       = "${local.built_image}:latest"
}
output "dashboard_url" {
  description = "GCP Console URL to view the service"
  value       = "https://console.cloud.google.com/run/detail/${var.region}/${google_cloud_run_service.beats_api.name}?project=${var.project_id}"
}
output "custom_domain_url" {
  description = "Custom domain URL"
  value       = "https://${var.custom_domain}"
}
output "cloud_build_trigger_id" {
  description = "Cloud Build trigger ID"
  value       = google_cloudbuild_trigger.docker_build.trigger_id
output "service_location" {
  description = "Region where the service is deployed"
  value       = google_cloud_run_service.beats_api.location
  description = "Name of the deployed Cloud Run service"
  value       = google_cloud_run_service.beats_api.name
  description = "Public URL of the deployed Cloud Run service"
  value       = google_cloud_run_service.beats_api.status[0].url

File deletion: terraform.tfvars.example

BF:BFD[5.2] → [5.3029:3077]

BF:BFD[5.3077] → [5.1909:1909]

B:BD[5.1909] → [5.1910:2073]

∅:D[6.2281] → [5.2195:2196]

B:BD[5.2195] → [5.2195:2196]

∅:D[6.2333] → [5.2380:2381]

B:BD[5.2380] → [5.2380:2381]

∅:D[6.2681] → [5.2576:2577]

B:BD[5.2576] → [5.2576:2577]

∅:D[6.2770] → [5.2703:2983]

B:BD[5.2703] → [5.2703:2983]

B:BD[5.2983] → [6.2771:3148]

B:BD[5.2577] → [6.2682:2770]

B:BD[5.2381] → [6.2334:2681]

B:BD[5.2196] → [6.2282:2333]

B:BD[5.2073] → [6.2136:2281]

# Example Terraform variables file
# Copy this to terraform.tfvars and fill in your actual values
# WARNING: Never commit terraform.tfvars with real credentials!
# MongoDB connection string from MongoDB Atlas or other provider
db_dsn = "mongodb+srv://username:password@cluster.mongodb.net/?retryWrites=true&w=majority"
# Database name
db_name = "beats"
# API access token for authentication
access_token = "your-secure-random-token-here"
# Custom Domain
custom_domain = "beats.elghareeb.space"
# Cloud SQL Configuration (optional)
# Leave empty if not using Cloud SQL
# Format: PROJECT:REGION:INSTANCE
cloud_sql_instance = ""
# Cloud Build Configuration
github_owner  = "lanterno"  # Your GitHub username or org
github_repo   = "beats"  # Your repository name
github_branch = "main"  # Branch to trigger builds on
# Access Control
allow_unauthenticated = true  # Set to false to require authentication
# Container Configuration
container_port        = 8080  # Cloud Run sets PORT env var automatically
cpu_limit             = "1000m"  # 1 vCPU
memory_limit          = "512Mi"
container_concurrency = 80  # Requests per instance
timeout_seconds       = 300  # 5 minutes
min_instances         = 0  # Scale to zero when idle
max_instances         = 10
# Service Configuration
service_name = "beats-api"
# Google Cloud Configuration
project_id = "your-gcp-project-id"
region     = "us-central1"  # Options: us-central1, us-east1, europe-west1, etc.

File deletion: README.md

BF:BFD[5.2] → [7.3024:3057]

BF:BFD[7.3057] → [7.1192:1192]

B:BD[7.1192] → [7.1193:3023]

# Terraform Infrastructure for Beats API
## Rerunning Builds
While Terraform manages the Cloud Build trigger configuration, it doesn't directly rerun builds. Here are your options:
### Option 1: Manual Trigger via gcloud CLI (Recommended)
1. Get the trigger ID from Terraform outputs:
```bash
cd terraform
terraform output cloud_build_trigger_id
```
2. Trigger the build manually:
```bash
gcloud builds triggers run <TRIGGER_ID> \
  --project=beats-476914 \
  --branch=main
```
Or use the trigger name directly:
```bash
gcloud builds triggers run beats-api-build \
  --project=beats-476914 \
  --branch=main
```
### Option 2: Push to GitHub
The trigger is configured to automatically run on pushes to the `main` branch. Simply push any commit:
```bash
git push origin main
```
### Option 3: View Build History
Check recent builds:
```bash
gcloud builds list --project=beats-476914 --limit=10
```
Or use the Makefile:
```bash
make build-status
```
### Option 4: View Build Logs in Terminal
**View logs for the latest build:**
```bash
make build-logs
```
**Stream logs in real-time (follow mode):**
```bash
make build-logs-follow
```
**View logs for a specific build ID:**
```bash
make build-logs-id BUILD_ID=<build-id>
# Example:
make build-logs-id BUILD_ID=7b0567e9-b97c-402b-956d-e41fc0c5d9ee
```
**Using gcloud directly:**
```bash
# Get build ID from status
BUILD_ID=$(gcloud builds list --project=beats-476914 --limit=1 --format="value(id)")
# View logs
gcloud builds log $BUILD_ID --project=beats-476914
# Stream logs (real-time)
gcloud builds log $BUILD_ID --project=beats-476914 --stream
```
### Option 5: Trigger via Cloud Console
1. Go to [Cloud Build Triggers](https://console.cloud.google.com/cloud-build/triggers)
2. Find your trigger (`beats-api-build`)
3. Click "Run" → Select branch → "Run"

File deletion: variables.tf

BF:BFD[5.2] → [5.1871:1907]

BF:BFD[5.1907] → [5.25:25]

∅:D[6.89] → [5.133:156]

B:BD[5.133] → [5.133:156]

B:BD[5.177] → [5.177:180]

∅:D[6.186] → [5.262:285]

B:BD[5.262] → [5.262:285]

∅:D[6.217] → [5.306:359]

B:BD[5.306] → [5.306:359]

∅:D[6.266] → [5.408:461]

B:BD[5.408] → [5.408:461]

∅:D[6.268] → [5.461:462]

B:BD[5.461] → [5.461:462]

∅:D[6.510] → [5.563:586]

B:BD[5.563] → [5.563:586]

∅:D[6.545] → [5.609:612]

B:BD[5.609] → [5.609:612]

∅:D[6.626] → [5.677:700]

B:BD[5.677] → [5.677:700]

∅:D[6.810] → [5.725:728]

B:BD[5.725] → [5.725:728]

∅:D[6.1199] → [5.946:949]

B:BD[5.946] → [5.946:949]

∅:D[6.1339] → [5.1066:1523]

B:BD[5.1066] → [5.1066:1523]

∅:D[6.1517] → [5.1639:1642]

B:BD[5.1639] → [5.1639:1642]

∅:D[6.1711] → [5.1826:1870]

B:BD[5.1826] → [5.1826:1870]

B:BD[5.1870] → [6.1712:2134]

B:BD[5.1642] → [6.1518:1711]

B:BD[5.1523] → [6.1340:1517]

B:BD[5.949] → [6.1200:1339]

B:BD[5.728] → [6.811:1199]

B:BD[5.700] → [6.627:810]

B:BD[5.612] → [6.546:626]

B:BD[5.586] → [6.511:545]

B:BD[5.462] → [6.269:510]

B:BD[5.461] → [6.267:268]

B:BD[5.359] → [6.218:266]

B:BD[5.285] → [6.187:217]

B:BD[5.180] → [6.90:186]

B:BD[5.25] → [6.3:89]

  type        = string
}
  type        = string
}
# Service Configuration
variable "service_name" {
  type        = string
  default     = "beats-api"
}
  type        = string
}
  type        = string
}
}
}
# Database Configuration
variable "db_dsn" {
  description = "MongoDB connection string (e.g., mongodb+srv://user:pass@cluster.mongodb.net)"
  type        = string
  sensitive   = true
}
variable "db_name" {
  description = "MongoDB database name"
  type        = string
  default     = "beats"
}
# Application Configuration
variable "access_token" {
  description = "API access token for authentication"
  type        = string
  sensitive   = true
}
}
  type        = string
  default     = ""
}
# Cloud Build Configuration
variable "github_owner" {
  description = "GitHub repository owner (username or organization)"
  type        = string
  default     = "lanterno"
}
variable "github_repo" {
  description = "GitHub repository name"
  type        = string
  default     = "beats"
}
variable "github_branch" {
  description = "GitHub branch to trigger builds on"
  type        = string
  default     = "main"
}
# Cloud SQL Configuration (optional)
variable "cloud_sql_instance" {
  description = "Cloud SQL instance connection name (format: PROJECT:REGION:INSTANCE). Leave empty if not using Cloud SQL."
# Custom Domain Configuration
variable "custom_domain" {
  description = "Custom domain to attach to the Cloud Run service (e.g., beats.elghareeb.space)"
  type        = string
variable "allow_unauthenticated" {
  description = "Allow unauthenticated access to the service"
  type        = bool
  default     = true
variable "timeout_seconds" {
  description = "Request timeout in seconds"
  type        = number
  default     = 300
}
variable "min_instances" {
  description = "Minimum number of container instances to keep running"
  type        = number
  default     = 0
}
variable "max_instances" {
  description = "Maximum number of container instances"
  type        = number
  default     = 10
  default     = "512Mi"
}
variable "container_concurrency" {
  description = "Maximum number of concurrent requests per container instance"
  type        = number
  default     = 80
variable "memory_limit" {
  description = "Memory limit per container instance"
  default     = "1000m"  # 1 vCPU
variable "container_port" {
  description = "Port the container listens on (Cloud Run sets PORT env var automatically)"
  type        = number
  default     = 8080
}
variable "cpu_limit" {
  description = "CPU limit per container instance"
  description = "Name of the Cloud Run service"
  default     = "us-central1"
variable "region" {
  description = "GCP region to deploy to (e.g., us-central1, europe-west1)"
# Google Cloud Configuration
variable "project_id" {
  description = "GCP Project ID"