# Terraform Configuration for Sereact

This directory contains Terraform configurations to provision the required Google Cloud resources for Sereact:

- Google Cloud Run service
- Google Container Registry (GCR)
- Firestore database
- Cloud Storage bucket

## Prerequisites

1. Install [Terraform](https://www.terraform.io/downloads) (v1.0.0+)
2. Install [Google Cloud SDK](https://cloud.google.com/sdk/docs/install)
3. Authenticate with Google Cloud:
   ```bash
   gcloud auth login
   gcloud auth application-default login
   ```
4. Create or select a Google Cloud project:
   ```bash
   gcloud projects create PROJECT_ID --name="Sereact Project" # optional
   gcloud config set project PROJECT_ID
   ```

## Setup and Usage

1. Copy the example variables file and edit it with your values:
   ```bash
   cp terraform.tfvars.example terraform.tfvars
   # Edit terraform.tfvars with your project-specific values
   ```

2. Initialize Terraform:
   ```bash
   terraform init
   ```

3. Preview the changes:
   ```bash
   terraform plan
   ```

4. Apply the configuration:
   ```bash
   terraform apply
   ```

5. After provisioning, you'll see outputs including:
   - Cloud Run service URL
   - Storage bucket name
   - Firestore database ID
   - Container Registry URL

## Managing Secrets

Secrets for environment variables (DATABASE_URI, API_KEY_SECRET, etc.) should be managed separately using Google Secret Manager:

```bash
# Create secrets
gcloud secrets create sereact-db-uri --replication-policy="automatic"
gcloud secrets create sereact-api-key-secret --replication-policy="automatic"
gcloud secrets create sereact-vector-db-key --replication-policy="automatic"

# Add secret versions
echo -n "your-secret-value" | gcloud secrets versions add sereact-db-uri --data-file=-
echo -n "your-secret-value" | gcloud secrets versions add sereact-api-key-secret --data-file=-
echo -n "your-secret-value" | gcloud secrets versions add sereact-vector-db-key --data-file=-

# Update Cloud Run service to use secrets
gcloud run services update sereact \
  --update-secrets=DATABASE_URI=sereact-db-uri:latest,API_KEY_SECRET=sereact-api-key-secret:latest,VECTOR_DB_API_KEY=sereact-vector-db-key:latest
```

## CI/CD Integration

To integrate this with CI/CD, store the `terraform.tfvars` securely in your CI/CD system and run Terraform as part of your deployment pipeline:

```yaml
# Example GitHub Actions step
- name: Terraform Apply
  run: |
    cd deployment/terraform
    terraform init
    terraform apply -auto-approve
  env:
    GOOGLE_APPLICATION_CREDENTIALS: ${{ secrets.GCP_SA_KEY }}
```

## Destroying Resources

To destroy all provisioned resources:

```bash
terraform destroy
```