Add Cloud Run + Terraform deployment (alongside Firebase)#90
Closed
pstaylor-patrick wants to merge 1 commit into
Closed
Add Cloud Run + Terraform deployment (alongside Firebase)#90pstaylor-patrick wants to merge 1 commit into
pstaylor-patrick wants to merge 1 commit into
Conversation
Migrate region-pages off Firebase App Hosting onto vanilla GCP Cloud Run, defined as Terraform IaC in the repo. Runs alongside the existing Firebase App Hosting backend during the migration; makes no DNS change. - next.config.ts: emit standalone output for the container - Dockerfile/.dockerignore: multi-stage build; build-time DB secrets via BuildKit so generateStaticParams can prerender region pages - infra/terraform/cloud-run: Artifact Registry, runtime SA (+cloudsql.client), 9 secret-backed env vars (recreated as -tf secrets), public Cloud Run service, and an optional external HTTPS load balancer (serverless NEG + managed cert) for the custom domain — avoids Search Console domain verification Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Collaborator
Author
|
Closing as superseded by F3-Nation/f3-nation#302, which brings region-pages into the monorepo and already carries this Cloud Run + Terraform infra under |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Migrates region-pages off Firebase App Hosting onto vanilla GCP Cloud Run, defined as Terraform infrastructure-as-code in this repo. This is the first step toward eventually folding region-pages into the F3 Nation monorepo.
The new stack is already deployed and verified in the
region-pagesGCP project and runs alongside the existing Firebase App Hosting backend. No production DNS change is made —regions.f3nation.comcontinues to serve via Firebase until cutover.https://f3-region-pages-mx5ollfbiq-uc.a.run.appChanges
next.config.ts—output: 'standalone'for a slim container image.Dockerfile/.dockerignore— multi-stage build (Node 20, pnpm 9).POSTGRES_URL+F3_DATA_WAREHOUSE_URLare mounted as BuildKit secrets sogenerateStaticParamscan prerender ~530 region pages at build time (never baked into a layer).infra/terraform/cloud-run/— Artifact Registry repo, runtime service account (+roles/cloudsql.clientfor the warehouse connector), the 9 runtime secrets, the public Cloud Run service (port 8080, scale 0→4), and an optional external HTTPS load balancer (static IP + serverless NEG + Google-managed cert + HTTP→HTTPS redirect) for the custom domain. Remote state ings://region-pages-tfstate.Custom domain / DNS
The custom domain is fronted by an external HTTPS load balancer rather than a Cloud Run domain mapping — this avoids Search Console / Webmaster domain verification. The managed cert validates automatically once DNS resolves to the LB IP, so the hand-off is a single A record:
To be coordinated with the F3 Nation dev team (Tackle), who own the DNS zone.
Migration debt (the "messy middle")
*-tfSecret Manager secrets, coexisting with the Firebase-managed originals. Once Cloud Run is the production path and Firebase is decommissioned, delete the un-suffixed originals./api/ingest) is unchanged.Verification
terraform validateclean; full stack applied successfully./→ 200,/abilene→ 200 (warehouse-backed SSG),POST /api/ingest→ 401 withoutCRON_SECRET, unknown slug → 404.🤖 Generated with Claude Code