feat: add Docker support and update Terraform configurations for Cloud Run deployment

max-ostapenko · max-ostapenko · commit 8160c25434f3 · 2025-12-13T00:06:35.000+01:00
diff --git a/src/.dockerignore b/src/.dockerignore
@@ -0,0 +1,11 @@
+node_modules/
+npm-debug.log
+.git
+.gitignore
+.env
+.nyc_output
+*.md
+.DS_Store
+cloudbuild.yaml
+__tests__/
+coverage/
diff --git a/src/Dockerfile b/src/Dockerfile
@@ -0,0 +1,19 @@
+FROM node:22-slim
+
+# Set the working directory
+WORKDIR /app
+
+# Copy package files first for better layer caching
+COPY package*.json ./
+
+# Install dependencies (this layer will be cached unless package files change)
+RUN npm ci --only=production --quiet --no-fund --no-audit && npm cache clean --force
+
+# Copy source code
+COPY . .
+
+# Cloud Run expects the container to listen on PORT (default 8080)
+ENV PORT=8080
+
+# Use Functions Framework to serve the app
+CMD ["npx", "functions-framework", "--target=app"]
diff --git a/terraform/dev/main.tf b/terraform/dev/main.tf
@@ -3,6 +3,15 @@ terraform {
     bucket = "tfstate-httparchive"
     prefix = "tech-report-apis/dev"
   }
+  required_providers {
+    docker = {
+      source  = "kreuzwerker/docker"
+      version = "3.6.2"
+    }
+    google = {
+      source = "hashicorp/google"
+    }
+  }
 }
 
 provider "google" {
@@ -12,14 +21,14 @@ provider "google" {
 }
 
 module "endpoints" {
-  source                      = "./../modules/run-service"
-  entry_point                 = "app"
-  project                     = var.project
-  environment                 = var.environment
-  source_directory            = "../../src"
-  function_name               = "tech-report-api"
-  region                      = var.region
-  min_instances               = var.min_instances
+  source           = "./../modules/run-service"
+  entry_point      = "app"
+  project          = var.project
+  environment      = var.environment
+  source_directory = "../../src"
+  function_name    = "tech-report-api"
+  region           = var.region
+  min_instances    = var.min_instances
   environment_variables = {
     "PROJECT"  = var.project
     "DATABASE" = var.project_database
diff --git a/terraform/modules/run-service/main.tf b/terraform/modules/run-service/main.tf
@@ -1,18 +1,49 @@
+terraform {
+  required_providers {
+    docker = {
+      source  = "kreuzwerker/docker"
+      version = "3.6.2"
+    }
+    google = {
+      source = "hashicorp/google"
+    }
+    archive = {
+      source = "hashicorp/archive"
+    }
+  }
+}
+
+# Get access token for Artifact Registry authentication
+data "google_client_config" "default" {}
+
+# Configure Docker provider with GCP Artifact Registry authentication
+provider "docker" {
+  registry_auth {
+    address  = "${var.region}-docker.pkg.dev"
+    username = "oauth2accesstoken"
+    password = data.google_client_config.default.access_token
+  }
+}
+
 locals {
   bucketName = "gcf-v2-uploads-226352634162-us-central1"
 }
+
 data "archive_file" "source" {
+  count       = var.environment != "dev" ? 1 : 0
   type        = "zip"
   source_dir  = var.source_directory
   output_path = "/tmp/${var.function_name}.zip"
 }
 resource "google_storage_bucket_object" "zip" {
-  name   = "${var.environment}-${var.function_name}-${data.archive_file.source.output_sha}"
+  count  = var.environment != "dev" ? 1 : 0
+  name   = "${var.environment}-${var.function_name}-${data.archive_file.source[0].output_sha}"
   bucket = local.bucketName
-  source = data.archive_file.source.output_path
+  source = data.archive_file.source[0].output_path
 }
 
 resource "google_cloudfunctions2_function" "function" {
+  count    = var.environment != "dev" ? 1 : 0
   name     = "${var.function_name}-${var.environment}"
   location = var.region
 
@@ -23,28 +54,28 @@ resource "google_cloudfunctions2_function" "function" {
     source {
       storage_source {
         bucket = local.bucketName
-        object = google_storage_bucket_object.zip.name
+        object = google_storage_bucket_object.zip[0].name
       }
     }
   }
 
   service_config {
     all_traffic_on_latest_revision = true
-    available_memory               = var.available_memory_mb
+    available_memory               = var.available_memory
     available_cpu                  = var.available_cpu
     ingress_settings               = var.ingress_settings
 
     environment_variables = var.environment_variables
 
     min_instance_count               = var.min_instances
     max_instance_count               = var.max_instances
-    timeout_seconds                  = var.timeout
+    timeout_seconds                  = 60
     max_instance_request_concurrency = var.max_instance_request_concurrency
     service_account_email            = var.service_account_email
   }
 
   labels = {
-    owner       = "tech_report_api"
+    owner       = var.service_name
     environment = var.environment
   }
 
@@ -54,15 +85,92 @@ resource "google_cloudfunctions2_function" "function" {
 }
 
 data "google_cloud_run_service" "run-service" {
-  name       = google_cloudfunctions2_function.function.name
+  count      = var.environment != "dev" ? 1 : 0
+  name       = google_cloudfunctions2_function.function[0].name
   location   = var.region
   depends_on = [google_cloudfunctions2_function.function]
 }
 
+
 resource "google_cloud_run_v2_service_iam_member" "allow_unauthenticated" {
+  count    = var.environment != "dev" ? 1 : 0
+  project  = var.project
+  location = var.region
+  name     = data.google_cloud_run_service.run-service[0].name
+  role     = "roles/run.invoker"
+  member   = "allUsers"
+}
+
+# Native run service
+
+
+# Calculate hash of source files to determine if rebuild is needed
+locals {
+  source_files = fileset(path.root, "${var.source_directory}/*")
+  source_hash  = substr(sha1(join("", [for f in local.source_files : filesha1(f)])), 0, 8)
+}
+
+# Build Docker image
+resource "docker_image" "function_image" {
+  name = "${var.region}-docker.pkg.dev/${var.project}/report-api/${var.service_name}:${local.source_hash}"
+
+  build {
+    context    = var.source_directory
+    dockerfile = "Dockerfile"
+    platform   = "linux/amd64"
+  }
+}
+
+resource "docker_registry_image" "registry_image" {
+  name = docker_image.function_image.name
+}
+
+resource "google_cloud_run_v2_service" "service" {
+  name     = "${var.service_name}-${var.environment}"
+  location = var.region
+
+  deletion_protection = false
+  ingress             = "INGRESS_TRAFFIC_INTERNAL_LOAD_BALANCER"
+
+  template {
+    service_account = var.service_account_email
+
+    containers {
+      image = docker_registry_image.registry_image.name
+      resources {
+        limits = {
+          cpu    = var.available_cpu
+          memory = var.available_memory
+        }
+      }
+      dynamic "env" {
+        for_each = var.environment_variables
+        content {
+          name  = env.key
+          value = env.value
+        }
+      }
+    }
+    timeout                          = var.timeout
+    max_instance_request_concurrency = var.max_instance_request_concurrency
+  }
+  scaling {
+    min_instance_count = var.min_instances
+  }
+  traffic {
+    type    = "TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST"
+    percent = 100
+  }
+  labels = {
+    owner       = var.service_name
+    environment = var.environment
+  }
+}
+
+resource "google_cloud_run_v2_service_iam_member" "allow_unauthenticated_report_api" {
   project  = var.project
   location = var.region
-  name     = data.google_cloud_run_service.run-service.name
+  name     = google_cloud_run_v2_service.service.name
   role     = "roles/run.invoker"
   member   = "allUsers"
 }
diff --git a/terraform/modules/run-service/outputs.tf b/terraform/modules/run-service/outputs.tf
@@ -1,5 +1,5 @@
 
 output "name" {
-  description = "Name of the Cloud Function"
-  value       = google_cloudfunctions2_function.function.name
+  description = "Name of the Cloud Run service"
+  value       = google_cloud_run_v2_service.service.name
 }
diff --git a/terraform/modules/run-service/variables.tf b/terraform/modules/run-service/variables.tf
@@ -5,6 +5,11 @@ variable "region" {
   default = "us-central1"
   type    = string
 }
+variable "service_name" {
+  description = "Optional: Can be used to create more than function from the same package"
+  type        = string
+  default     = "report-api"
+}
 variable "environment" {
   description = "The 'Environment' that is being created/deployed. Applied as a suffix to many resources."
   type        = string
@@ -21,7 +26,7 @@ variable "entry_point" {
   description = "The entry point; This is either what is registered with 'http' or exported from the code as a handler!"
   type        = string
 }
-variable "available_memory_mb" {
+variable "available_memory" {
   default     = "1Gi"
   type        = string
   description = "The amount of memory for the Cloud Function"
@@ -46,8 +51,8 @@ variable "project" {
   type        = string
 }
 variable "timeout" {
-  default     = 60
-  type        = number
+  default     = "60s"
+  type        = string
   description = "Timeout (in seconds) for the function. Default value is 60 seconds. Cannot be more than 540 seconds."
 }
 variable "service_account_email" {
diff --git a/terraform/prod/main.tf b/terraform/prod/main.tf
@@ -3,6 +3,15 @@ terraform {
     bucket = "tfstate-httparchive"
     prefix = "tech-report-apis/prod"
   }
+  required_providers {
+    docker = {
+      source  = "kreuzwerker/docker"
+      version = "3.6.2"
+    }
+    google = {
+      source = "hashicorp/google"
+    }
+  }
 }
 
 provider "google" {

Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,5 @@`
`1`	`1`
`2`	`2`	`output "name" {`
`3`		`- description = "Name of the Cloud Function"`
`4`		`- value = google_cloudfunctions2_function.function.name`
	`3`	`+ description = "Name of the Cloud Run service"`
	`4`	`+ value = google_cloud_run_v2_service.service.name`
`5`	`5`	`}`