add terraform documentation

Author: jamalc

terraform/README.md

@@ -0,0 +1,123 @@
+# Terraform Configuration for Student Success Tool
+
+This directory contains the Terraform configuration for the Student Success Tool. The configuration is organized into different environments, such as `dev`, `staging`, and `prod`.
+
+## Environments
+
+Each environment has its own directory under `environments/`. For example, the `dev` environment configuration is located in `environments/dev/`.
+
+## Initial Application of the Configuration
+
+To apply the Terraform configuration, navigate to the desired environment directory and run `terraform apply`. For example, to apply the configuration for the `dev` environment:
+
+```sh
+cd environments/dev/
+terraform apply
+```
+
+You can provide variable values using a `terraform.tfvars` file or by supplying them directly on the command line. For example, to use a `terraform.tfvars` file:
+
+```sh
+terraform apply -var-file="terraform.tfvars"
+```
+
+Or to supply variables on the command line:
+
+```sh
+terraform apply -var="project=my-project" -var="region=us-central1"
+```
+
+## Applying Updates
+
+After an environment has been applied for the first time, future updates may be applied via a Cloud Build trigger that can apply Terraform configurations. This allows for automated and continuous deployment of infrastructure changes.
+
+## Configuration Details
+
+### Backend Configuration
+
+The Terraform state is stored in a Google Cloud Storage (GCS) bucket. The backend configuration specifies the bucket name and the prefix for the state files.
+
+```hcl
+terraform {
+  backend "gcs" {
+    bucket = "sst-terraform-state"
+    prefix = "dev"
+  }
+}
+```
+
+### Providers
+
+The configuration uses the Google Cloud provider and the Random provider. The required versions are specified in the `required_providers` block.
+
+```hcl
+terraform {
+  required_providers {
+    google = {
+      source  = "hashicorp/google"
+      version = "6.8.0"
+    }
+    random = {
+      source  = "hashicorp/random"
+      version = "3.6.3"
+    }
+  }
+}
+```
+
+### Google Cloud Provider
+
+The Google Cloud provider is configured with the project ID, region, and zone.
+
+```hcl
+provider "google" {
+  project = var.project
+  region  = var.region
+  zone    = var.zone
+}
+```
+
+### Modules
+
+The configuration uses two modules: `deployment` and `cloudbuild`.
+
+#### Deployment Module
+
+The `deployment` module is responsible for deploying the application. It requires several variables, such as project ID, region, environment, database version, database name, domain, and Docker images for the web application and frontend.
+
+```hcl
+module "deployment" {
+  source = "../../modules/deployment"
+
+  project          = var.project
+  region           = var.region
+  environment      = var.environment
+  zone             = var.zone
+  database_version = var.database_version
+  database_name    = var.database_name
+  domain           = var.domain
+  webapp_image     = var.webapp_image
+  frontend_image   = var.frontend_image
+}
+```
+
+#### Cloud Build Module
+
+The `cloudbuild` module is responsible for configuring Cloud Build. It requires variables such as project ID, domain, environment, region, and Docker images. It also uses the service account ID from the `deployment` module.
+
+```hcl
+module "cloudbuild" {
+  source = "../../modules/cloudbuild"
+
+  project        = var.project
+  domain         = var.domain
+  environment    = var.environment
+  region         = var.region
+  webapp_image   = var.webapp_image
+  frontend_image = var.frontend_image
+
+  cloudbuild_service_account_id = module.deployment.iam.cloudbuild_service_account_id
+}
+```
+
+This module is only configured for the `dev` environment and sets up continuous deployment with cloudbuild triggers on code push. The triggers for `dev` can also deploy the other environments by changing the variable `_ENVIRONMENT` for a manual trigger run.

terraform/modules/cloudbuild/main.tf

@@ -1,34 +1,3 @@
-variable "project" {
-  description = "The project ID"
-}
-
-variable "environment" {
-  description = "The environment"
-}
-
-variable "region" {
-  description = "The region"
-}
-
-variable "cloudbuild_service_account_id" {
-  description = "The Cloud Build service account ID"
-  type        = string
-}
-
-variable "webapp_image" {
-  description = "The webapp Docker image"
-  type        = string
-}
-
-variable "frontend_image" {
-  description = "The frontend Docker image"
-  type        = string
-}
-
-variable "domain" {
-  type = string
-}
-
 resource "google_artifact_registry_repository" "student_success_tool" {
   location      = "us-central1"
   repository_id = "student-success-tool"

terraform/modules/cloudbuild/variables.tf

@@ -0,0 +1,30 @@
+variable "project" {
+  description = "The project ID"
+}
+
+variable "environment" {
+  description = "The environment"
+}
+
+variable "region" {
+  description = "The region"
+}
+
+variable "cloudbuild_service_account_id" {
+  description = "The Cloud Build service account ID"
+  type        = string
+}
+
+variable "webapp_image" {
+  description = "The webapp Docker image"
+  type        = string
+}
+
+variable "frontend_image" {
+  description = "The frontend Docker image"
+  type        = string
+}
+
+variable "domain" {
+  type = string
+}

terraform/modules/load_balancer/main.tf

@@ -1,23 +1,3 @@
-variable "project" {
-  description = "The GCP project ID"
-  type        = string
-}
-
-variable "domain" {
-  description = "The domain for the managed SSL certificate"
-  type        = string
-}
-
-variable "region" {
-  description = "The region where the Cloud Run service is deployed"
-  type        = string
-}
-
-variable "environment" {
-  description = "The environment name (e.g., dev, prod)"
-  type        = string
-}
-
 resource "google_compute_global_address" "lb_ip" {
   name         = "tf-cr-lb-1-address"
   address_type = "EXTERNAL"

terraform/modules/load_balancer/variables.tf

@@ -0,0 +1,19 @@
+variable "project" {
+  description = "The GCP project ID"
+  type        = string
+}
+
+variable "domain" {
+  description = "The domain for the managed SSL certificate"
+  type        = string
+}
+
+variable "region" {
+  description = "The region where the Cloud Run service is deployed"
+  type        = string
+}
+
+variable "environment" {
+  description = "The environment name (e.g., dev, prod)"
+  type        = string
+}

terraform/modules/migrate/main.tf

@@ -1,45 +1,3 @@
-variable "environment" {
-  type = string
-}
-
-variable "region" {
-  type = string
-}
-
-variable "image" {
-  type = string
-}
-
-variable "database_instance_connection_name" {
-  type = string
-}
-
-variable "database_instance_private_ip" {
-  type = string
-}
-
-variable "database_name" {
-  type = string
-}
-
-variable "database_password_secret_id" {
-  type      = string
-  sensitive = true
-}
-
-variable "network_id" {
-  type = string
-}
-
-variable "subnetwork_id" {
-  type = string
-}
-
-variable "cloudrun_service_account_email" {
-  type = string
-}
-
-
 resource "google_cloud_run_v2_job" "migrate" {
   location = var.region
   name     = "${var.environment}-migrate"

terraform/modules/migrate/variables.tf

@@ -0,0 +1,40 @@
+variable "environment" {
+  type = string
+}
+
+variable "region" {
+  type = string
+}
+
+variable "image" {
+  type = string
+}
+
+variable "database_instance_connection_name" {
+  type = string
+}
+
+variable "database_instance_private_ip" {
+  type = string
+}
+
+variable "database_name" {
+  type = string
+}
+
+variable "database_password_secret_id" {
+  type      = string
+  sensitive = true
+}
+
+variable "network_id" {
+  type = string
+}
+
+variable "subnetwork_id" {
+  type = string
+}
+
+variable "cloudrun_service_account_email" {
+  type = string
+}