add bot deploy

terraform/bot.tf

@@ -0,0 +1,92 @@
+locals {
+  botTag    = var.bot_tag == "" ? ":main" : var.bot_tag
+  botRegion = var.gcp_region
+}
+
+data "google_compute_zones" "gcp_zones" {
+  region = local.botRegion
+  status = "UP"
+}
+
+resource "random_integer" "zone_index" {
+  min = 0
+  max = length(data.google_compute_zones.gcp_zones.names) - 1
+  keepers = {
+    region = local.botRegion
+    envtag = var.environment_tag
+  }
+}
+
+data "google_compute_subnetwork" "default_subnet" {
+  name   = "default"
+  region = local.botRegion
+}
+
+module "gce_container" {
+  source         = "github.com/terraform-google-modules/terraform-google-container-vm?ref=v2.0.0"
+  restart_policy = "Always"
+}
+
+locals {
+  container = {
+    image          = "ghcr.io/roleypoly/bot${local.botTag}"
+    restart_policy = "Always"
+    env = [
+      {
+        name  = "BOT_TOKEN",
+        value = var.bot_token
+      },
+      {
+        name  = "BOT_CLIENT_ID",
+        value = var.bot_client_id
+      },
+      {
+        name  = "UI_PUBLIC_URI",
+        value = var.ui_public_uri
+      }
+    ]
+  }
+
+  // generate container spec due to secret passing issues with terraform
+  specWithSecrets = {
+    spec = {
+      containers = [local.container]
+    }
+  }
+
+  containerMetadataWithSecrets = yamlencode(local.specWithSecrets)
+
+  vmName = "roleypoly-bot-${var.environment_tag}-${substr(md5(local.containerMetadataWithSecrets), 0, 8)}"
+}
+
+resource "google_compute_instance" "bot" {
+  count = var.deploy_bot == true ? 1 : 0
+
+  name         = local.vmName
+  machine_type = var.bot_instance_size
+  zone         = data.google_compute_zones.gcp_zones.names[random_integer.zone_index.result]
+
+  boot_disk {
+    initialize_params {
+      image = module.gce_container.source_image
+    }
+  }
+
+  network_interface {
+    subnetwork = data.google_compute_subnetwork.default_subnet.self_link
+    access_config {
+      network_tier = "STANDARD"
+    }
+  }
+
+  metadata = {
+    gce-container-declaration = local.containerMetadataWithSecrets
+    image                     = local.container.image
+    environment               = var.environment_tag
+    google-logging-enabled    = "true"
+  }
+
+  labels = {
+    container-vm = module.gce_container.vm_container_label
+  }
+}

terraform/variables.tf

@@ -15,7 +15,7 @@ variable "ui_regions" {
 
 variable "ui_tag" {
   type        = string
-  description = "Specific tag to deploy"
+  description = ":tag or @sha265: of *-docker.pkg.dev/roleypoly/roleypoly/ui"
   default     = ""
 }
 
@@ -30,6 +30,12 @@ variable "bot_client_secret" {
   sensitive   = true
 }
 
+variable "bot_token" {
+  type        = string
+  description = "Bot Client Secret"
+  sensitive   = true
+}
+
 variable "ui_public_uri" {
   type        = string
   description = "UI Public Base Path"
@@ -50,3 +56,21 @@ variable "root_users" {
   type        = list(string)
   description = "Root users to use for role elevation calculations"
 }
+
+variable "deploy_bot" {
+  type        = bool
+  default     = false
+  description = "Bot is an optional piece of the system. It's only typically deployed in prod."
+}
+
+variable "bot_instance_size" {
+  type        = string
+  default     = "f1-micro"
+  description = "Google Compute Engine VM size"
+}
+
+variable "bot_tag" {
+  type    = string
+  default = ""
+  description = ":tag or @sha265: of ghcr.io/roleypoly/bot"
+}

terraform/variables/prod.tfvars

@@ -8,4 +8,6 @@ ui_regions = [
   "australia-southeast1",
   "asia-northeast1",
   "asia-southeast1"
-]
+]
+deploy_bot        = true
+bot_instance_size = "e2-micro"

terraform/variables/stage.tfvars

@@ -1,4 +1,6 @@
 environment_tag = "stage"
 ui_regions = [
   "us-east4"
-]
+]
+deploy_bot        = true
+bot_instance_size = "f1-micro"