upgrade container vm module and surrounding info

terraform/.terraform.lock.hcl

@@ -24,21 +24,21 @@ provider "registry.terraform.io/cloudflare/cloudflare" {
 }
 
 provider "registry.terraform.io/hashicorp/google" {
-  version     = "4.8.0"
+  version     = "4.9.0"
   constraints = ">= 3.74.0"
   hashes = [
-    "h1:2EwEiinufTyL/mQ4eQHu+UOwKaHUQfhhU//aA+CopwQ=",
-    "zh:08d1fbdaee6f9d615e09ab6244d5f8f1b76fd079fc4193822a9f5ac4344b3738",
-    "zh:27afa2e26921ca5b96e804b781792296e9a9d4ac533d6f87c3855ae68e28ef80",
-    "zh:2d1fe33d3c6daa85a9ba6608b99d9710c7fcd61199d249e353e82d5bf1a18280",
-    "zh:31b2c41dbe458d8b75068069bb05864027bd1b4a3f4c8e8b7cd7b9d1fe47be7b",
-    "zh:4001c5237a4fb383014b685077c12a0b9cdbac28dce0c707a9a4622d62ef06c9",
-    "zh:82c9ef3f72fa6a8fba163cff94b0f7fd0572724e991af5c7f389feaaf83298d8",
-    "zh:9524a6dc9d8b2cbcef53ca2c04e121899bb1947ff8d4f9569c3b01b1cb9f736a",
-    "zh:a33dcd5d8efef4dafaa331918c79b793be036420fc56c40bb3fb313fdb56db0d",
-    "zh:aa36241871cb5376c7ba8cb8b2ddbfc488c4231e5c0d10b2f421ffaa14c0b462",
-    "zh:cd2c1ffbab0c6e154ed2472edc2788bc2cb9db93848325e389a7157ebbb540de",
-    "zh:f350242dabb33035e2b49cd3e925c88c6bf4b73becfaff298d503e4c64e46271",
+    "h1:7NS3UTI4ItiaxTW5cEWlFMqezqwRgpKzElaHUnO32EA=",
+    "zh:10887917815293d6ad26cc3784c766de4dfa2fa6b2c8b994de4f4b7b3bc31653",
+    "zh:343037e5ec514ac02bfacc200acb648861b04ee9024bed5bf72d13583d10783d",
+    "zh:40eaf3e06e44e2278ba64fc161e96b1bd05508f599ce12e1f094a924839d34a6",
+    "zh:5178f1043fa24a38602833aed72db5023f4183833e1fdb78bb1584a05ff53030",
+    "zh:616889b78ee00ee69d749f7848d63246de200f17efeebfaaf28dbe3f49ec6362",
+    "zh:695f6de8659d17f65a3317b9810cdc1c12738648b1b87dcf7eca90ebc019d889",
+    "zh:6e98efe69bff66120cfd0911eea4d20f7b17c62eed909e12098e46efb8f86e5a",
+    "zh:78f6615113f8fd0fb28f7b58102c55db42e7251463650e0410ec2d6f8877141c",
+    "zh:8a2f45c2f7e4c4077b720d6b98d5ee26347e97b6d2ee12489cca14d42fef2f36",
+    "zh:db1a462b72047342d5b35587953a3db30a4af248100e1db9eddc0ebb4b7c9a07",
+    "zh:fa64449c0efa1340077c860003059762e735b4d2a376d9ece90c174ad8d238c0",
   ]
 }
 

terraform/bot.tf

@@ -22,15 +22,31 @@ data "google_compute_subnetwork" "default_subnet" {
   region = local.botRegion
 }
 
-module "gce_container" {
-  source         = "github.com/terraform-google-modules/terraform-google-container-vm?ref=v2.0.0"
-  restart_policy = "Always"
+data "google_compute_default_service_account" "default_service_account" {
+}
+
+resource "random_pet" "name" {
+  keepers = {
+    region  = local.botRegion
+    envtag  = var.environment_tag
+    version = local.botTag
+  }
 }
 
 locals {
+  instance_name = "roleypoly-bot-${var.environment_tag}-${random_pet.name.id}"
+}
+
+module "gce_container" {
+  source  = "terraform-google-modules/container-vm/google"
+  version = ">=3.0.0"
+
+  // https://cloud.google.com/container-optimized-os/docs/release-notes/m93#cos-93-16623-102-5
+  cos_image_name = "cos-93-16623-102-5"
+
   container = {
     image = "ghcr.io/roleypoly/bot${local.botTag}"
-    restart_policy = "Always"
+
     env = [
       {
         name  = "BOT_TOKEN",
@@ -47,25 +63,16 @@ locals {
     ]
   }
 
-  // generate container spec due to secret passing issues with terraform
-  specWithSecrets = {
-    spec = {
-      containers = [local.container]
-    }
+  restart_policy = "Always"
 }
 
-  containerMetadataWithSecrets = yamlencode(local.specWithSecrets)
+resource "google_compute_instance" "vm" {
+  count = var.deploy_bot ? 1 : 0
 
-  vmName = "roleypoly-bot-${var.environment_tag}-${substr(md5(local.containerMetadataWithSecrets), 0, 8)}"
-}
-
-resource "google_compute_instance" "bot" {
-  count = var.deploy_bot == true ? 1 : 0
-
-  name                      = local.vmName
+  project      = var.gcp_project
+  name         = local.instance_name
   machine_type = var.bot_instance_size
   zone         = data.google_compute_zones.gcp_zones.names[random_integer.zone_index.result]
-  allow_stopping_for_update = true
 
   boot_disk {
     initialize_params {
@@ -81,12 +88,22 @@ resource "google_compute_instance" "bot" {
   }
 
   metadata = {
-    gce-container-declaration = local.containerMetadataWithSecrets
-    image                     = local.container.image
-    environment               = var.environment_tag
+    gce-container-declaration = module.gce_container.metadata_value
+    google-logging-enabled    = "true"
+    google-monitoring-enabled = "true"
   }
 
   labels = {
     container-vm = module.gce_container.vm_container_label
   }
+
+  service_account {
+    email = data.google_compute_default_service_account.default_service_account.email
+    scopes = [
+      "https://www.googleapis.com/auth/cloud-platform",
+      "https://www.googleapis.com/auth/logging.write",
+      "https://www.googleapis.com/auth/monitoring.write",
+      "https://www.googleapis.com/auth/trace.append",
+    ]
+  }
 }

terraform/providers.tf

@@ -80,7 +80,7 @@ variable "gcp_project" {
 
 variable "gcp_region" {
   type    = string
-  default = "us-east4"
+  default = "us-central1" // low CO2 yeet
 }
 
 provider "google" {

terraform/variables/prod.tfvars

@@ -4,3 +4,4 @@ bot_instance_size      = "e2-micro"
 ui_public_uri          = "https://roleypoly.com"
 api_public_uri         = "https://api-prod.roleypoly.com"
 allowed_callback_hosts = "https://roleypoly.com,https://next.roleypoly.com"
+gcp_region             = "us-central1"

terraform/variables/stage.tfvars

@@ -4,3 +4,4 @@ bot_instance_size      = "e2-micro"
 ui_public_uri          = "https://stage.roleypoly.com"
 api_public_uri         = "https://api-stage.roleypoly.com"
 allowed_callback_hosts = "https://roleypoly.com,https://stage.roleypoly.com,https://*.roleypoly.pages.dev"
+gcp_region             = "us-central1"