change to curl-based script upload for worker script due to terraform provider limitations

2025-04-24 19:39:11 +00:00 · 2022-01-31 19:03:39 -05:00 · 2022-01-31 19:03:39 -05:00 · 41fd581e6d
commit 41fd581e6d
parent 8de34cedd8
4 changed files with 122 additions and 54 deletions
--- a/terraform/.gitignore
+++ b/terraform/.gitignore
@ -32,4 +32,8 @@ override.tf.json
 .terraformrc
 terraform.rc

-worker-dist
+# CI outputs to this directory
+worker-dist
+
+# generated by terraform, has secrets.
+bindings.json
--- a/terraform/.terraform.lock.hcl
+++ b/terraform/.terraform.lock.hcl
@ -42,6 +42,25 @@ provider "registry.terraform.io/hashicorp/google" {
  ]
 }

+provider "registry.terraform.io/hashicorp/local" {
+  version     = "2.1.0"
+  constraints = ">= 2.1.0"
+  hashes = [
+    "h1:EYZdckuGU3n6APs97nS2LxZm3dDtGqyM4qaIvsmac8o=",
+    "zh:0f1ec65101fa35050978d483d6e8916664b7556800348456ff3d09454ac1eae2",
+    "zh:36e42ac19f5d68467aacf07e6adcf83c7486f2e5b5f4339e9671f68525fc87ab",
+    "zh:6db9db2a1819e77b1642ec3b5e95042b202aee8151a0256d289f2e141bf3ceb3",
+    "zh:719dfd97bb9ddce99f7d741260b8ece2682b363735c764cac83303f02386075a",
+    "zh:7598bb86e0378fd97eaa04638c1a4c75f960f62f69d3662e6d80ffa5a89847fe",
+    "zh:ad0a188b52517fec9eca393f1e2c9daea362b33ae2eb38a857b6b09949a727c1",
+    "zh:c46846c8df66a13fee6eff7dc5d528a7f868ae0dcf92d79deaac73cc297ed20c",
+    "zh:dc1a20a2eec12095d04bf6da5321f535351a594a636912361db20eb2a707ccc4",
+    "zh:e57ab4771a9d999401f6badd8b018558357d3cbdf3d33cc0c4f83e818ca8e94b",
+    "zh:ebdcde208072b4b0f8d305ebf2bfdc62c926e0717599dcf8ec2fd8c5845031c3",
+    "zh:ef34c52b68933bedd0868a13ccfd59ff1c820f299760b3c02e008dc95e2ece91",
+  ]
+}
+
 provider "registry.terraform.io/hashicorp/null" {
  version     = "3.1.0"
  constraints = ">= 3.1.0"
--- a/terraform/api.tf
+++ b/terraform/api.tf
@ -1,3 +1,7 @@
+locals {
+  name = "roleypoly-backend-${var.environment_tag}"
+}
+
 resource "cloudflare_workers_kv_namespace" "sessions" {
  title = "roleypoly-sessions-${var.environment_tag}"
 }
@ -10,64 +14,97 @@ resource "cloudflare_workers_kv_namespace" "guild_data" {
  title = "roleypoly-guild_data-${var.environment_tag}"
 }

-resource "cloudflare_worker_script" "backend" {
-  name    = "roleypoly-backend-${var.environment_tag}"
-  content = file("${path.module}/${var.path_to_worker}")
+// Alternate method of uploading workers based on modules.
+resource "null_resource" "cloudflare_workers_script_backend" {
+  depends_on = [
+    cloudflare_workers_kv_namespace.sessions,
+    cloudflare_workers_kv_namespace.guilds,
+    cloudflare_workers_kv_namespace.guild_data,
+  ]

-  kv_namespace_binding {
-    name         = "KV_SESSIONS"
-    namespace_id = cloudflare_workers_kv_namespace.sessions.id
+  triggers = {
+    script     = data.local_file.script.content,
+    bindings   = local_file.bindings.sensitive_content,
+    name       = local.name,
+    account_id = var.cloudflare_account_id,
  }

-  kv_namespace_binding {
-    name         = "KV_GUILDS"
-    namespace_id = cloudflare_workers_kv_namespace.guilds.id
+  provisioner "local-exec" {
+    command = <<EOF
+      curl -X PUT "https://api.cloudflare.com/client/v4/accounts/${var.cloudflare_account_id}/workers/scripts/${local.name}" \
+        -H "Authorization: Bearer ${var.cloudflare_api_token}" \
+        -F "script=@${data.local_file.script.filename};filename=${basename(data.local_file.script.filename)};type=application/javascript+module" \
+        -F "metadata=@${local_file.bindings.filename}"
+EOF
  }
+}

-  kv_namespace_binding {
-    name         = "KV_GUILD_DATA"
-    namespace_id = cloudflare_workers_kv_namespace.guild_data.id
-  }
+resource "local_file" "bindings" {
+  filename = "${path.module}/bindings.json"
+  sensitive_content = jsonencode({
+    main_module = basename(var.path_to_worker)
+    bindings = [
+      {
+        name = "BOT_CLIENT_ID"
+        text = var.bot_client_id
+        type = "plain_text"
+      },
+      {
+        name = "BOT_CLIENT_SECRET"
+        text = var.bot_client_secret
+        type = "secret_text"
+      },
+      {
+        name = "BOT_TOKEN"
+        text = var.bot_token
+        type = "secret_text"
+      },
+      {
+        name = "BOT_IMPORT_TOKEN"
+        text = var.bot_import_token
+        type = "secret_text"
+      },
+      {
+        name = "UI_PUBLIC_URI"
+        text = var.ui_public_uri
+        type = "plain_text"
+      },
+      {
+        name = "API_PUBLIC_URI"
+        text = var.api_public_uri
+        type = "plain_text"
+      },
+      {
+        name = "ALLOWED_CALLBACK_HOSTS"
+        text = var.allowed_callback_hosts
+        type = "plain_text"
+      },
+      {
+        name = "ROOT_USERS"
+        text = join(",", var.root_users)
+        type = "plain_text"
+      },
+      {
+        name         = "KV_SESSIONS"
+        namespace_id = cloudflare_workers_kv_namespace.sessions.id
+        type         = "kv_namespace"
+      },
+      {
+        name         = "KV_GUILDS"
+        namespace_id = cloudflare_workers_kv_namespace.guilds.id
+        type         = "kv_namespace"
+      },
+      {
+        name         = "KV_GUILD_DATA"
+        namespace_id = cloudflare_workers_kv_namespace.guild_data.id
+        type         = "kv_namespace"
+      }
+    ]
+  })
+}

-  plain_text_binding {
-    name = "BOT_CLIENT_ID"
-    text = var.bot_client_id
-  }
-
-  secret_text_binding {
-    name = "BOT_CLIENT_SECRET"
-    text = var.bot_client_secret
-  }
-
-  secret_text_binding {
-    name = "BOT_TOKEN"
-    text = var.bot_token
-  }
-
-  secret_text_binding {
-    name = "BOT_IMPORT_TOKEN"
-    text = var.bot_import_token
-  }
-
-  plain_text_binding {
-    name = "UI_PUBLIC_URI"
-    text = var.ui_public_uri
-  }
-
-  plain_text_binding {
-    name = "API_PUBLIC_URI"
-    text = var.api_public_uri
-  }
-
-  plain_text_binding {
-    name = "ALLOWED_CALLBACK_HOSTS"
-    text = var.allowed_callback_hosts
-  }
-
-  plain_text_binding {
-    name = "ROOT_USERS"
-    text = join(",", var.root_users)
-  }
+data "local_file" "script" {
+  filename = "${path.module}/${var.path_to_worker}"
 }

 resource "cloudflare_record" "api" {
@ -81,5 +118,8 @@ resource "cloudflare_record" "api" {
 resource "cloudflare_worker_route" "backend" {
  zone_id     = var.cloudflare_zone_id
  pattern     = "api-${var.environment_tag}.roleypoly.com/*"
-  script_name = cloudflare_worker_script.backend.name
+  script_name = local.name
+  depends_on = [
+    null_resource.cloudflare_workers_script_backend,
+  ]
 }
--- a/terraform/providers.tf
+++ b/terraform/providers.tf
@ -26,6 +26,11 @@ terraform {
      source  = "hashicorp/null"
    }

+    local = {
+      version = ">=2.1.0"
+      source  = "hashicorp/local"
+    }
+
    tls = {
      version = ">=3.1.0"
      source  = "hashicorp/tls"