From 9056ddf004319ff1edde8a2d8a1e8f6a6d9858f8 Mon Sep 17 00:00:00 2001 From: Vicente Olmedo Date: Mon, 9 Feb 2026 12:52:09 +0100 Subject: [PATCH 1/6] use custom storoku v0.5.1_co cost-optimization version --- deploy/app/main.tf | 2 +- deploy/shared/main.tf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/deploy/app/main.tf b/deploy/app/main.tf index d1023ab..5eba023 100644 --- a/deploy/app/main.tf +++ b/deploy/app/main.tf @@ -38,7 +38,7 @@ provider "aws" { } module "app" { - source = "github.com/storacha/storoku//app?ref=v0.5.1" + source = "github.com/storacha/storoku//app?ref=v0.5.1_co" private_key = var.private_key private_key_env_var = "ETRACKER_PRIVATE_KEY" httpport = 8080 diff --git a/deploy/shared/main.tf b/deploy/shared/main.tf index b3a67f1..193ffc8 100644 --- a/deploy/shared/main.tf +++ b/deploy/shared/main.tf @@ -49,7 +49,7 @@ provider "aws" { } module "shared" { - source = "github.com/storacha/storoku//shared?ref=v0.5.1" + source = "github.com/storacha/storoku//shared?ref=v0.5.1_co" providers = { aws = aws aws.dev = aws.dev From 591d25dc6b265ab37cb1e29c99523693fe14881e Mon Sep 17 00:00:00 2001 From: Vicente Olmedo Date: Mon, 9 Feb 2026 12:52:46 +0100 Subject: [PATCH 2/6] add test network --- .storoku.json | 3 ++- deploy/shared/main.tf | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.storoku.json b/.storoku.json index 1808f2f..a194238 100644 --- a/.storoku.json +++ b/.storoku.json @@ -101,7 +101,8 @@ ], "networks": [ "warm", - "forge" + "forge", + "test" ], "writeToContainer": false } \ No newline at end of file diff --git a/deploy/shared/main.tf b/deploy/shared/main.tf index 193ffc8..0afcc21 100644 --- a/deploy/shared/main.tf +++ b/deploy/shared/main.tf @@ -56,7 +56,7 @@ module "shared" { } create_db = false caches = [] - networks = ["warm","forge"] + networks = ["warm","forge", "test"] app = var.app create_shared_dev_resources = var.create_shared_dev_resources zone_id = var.cloudflare_zone_id From 5b45bfc4647628e3bee433e04570f0e2dfb16917 Mon Sep 17 00:00:00 2001 From: Vicente Olmedo Date: Mon, 9 Feb 2026 12:55:11 +0100 Subject: [PATCH 3/6] add references to test network services --- deploy/.env.production.local.tpl | 13 +++++++++++++ deploy/app/external.tf | 12 ++++++------ internal/presets/known_providers.go | 1 + internal/presets/principal_resolver.go | 3 +++ 4 files changed, 23 insertions(+), 6 deletions(-) diff --git a/deploy/.env.production.local.tpl b/deploy/.env.production.local.tpl index 900267a..eb3f82d 100644 --- a/deploy/.env.production.local.tpl +++ b/deploy/.env.production.local.tpl @@ -12,6 +12,19 @@ if [ "$TF_WORKSPACE" == "forge-prod" ]; then CONSUMER_CUSTOMER_INDEX_NAME="customer" TRUSTED_AUTHORITIES="did:web:up.forge.storacha.network" +elif [ "$TF_WORKSPACE" == "forge-test" ]; then + STORAGE_PROVIDER_TABLE_NAME="forge-test-upload-api-storage-provider" + STORAGE_PROVIDER_TABLE_REGION="us-west-2" + + CUSTOMER_TABLE_NAME="forge-test-upload-api-customer" + CUSTOMER_TABLE_REGION="us-west-2" + + CONSUMER_TABLE_NAME="forge-test-upload-api-consumer" + CONSUMER_TABLE_REGION="us-west-2" + CONSUMER_CONSUMER_INDEX_NAME="consumer" + CONSUMER_CUSTOMER_INDEX_NAME="customer" + + TRUSTED_AUTHORITIES="did:web:up.test.storacha.network" else STORAGE_PROVIDER_TABLE_NAME="staging-warm-upload-api-storage-provider" STORAGE_PROVIDER_TABLE_REGION="us-east-2" diff --git a/deploy/app/external.tf b/deploy/app/external.tf index 35c4bbb..f88868c 100644 --- a/deploy/app/external.tf +++ b/deploy/app/external.tf @@ -1,12 +1,12 @@ locals { - storage_provider_table_name = "${terraform.workspace == "forge-prod" ? "forge-prod-upload-api-storage-provider" : "staging-warm-upload-api-storage-provider"}" - storage_provider_table_region = "${terraform.workspace == "forge-prod" ? "us-west-2" : "us-east-2"}" + storage_provider_table_name = "${terraform.workspace == "forge-test" ? "forge-test-upload-api-storage-provider" : (terraform.workspace == "forge-prod" ? "forge-prod-upload-api-storage-provider" : "staging-warm-upload-api-storage-provider")}" + storage_provider_table_region = "${(terraform.workspace == "forge-prod" || terraform.workspace == "forge-test") ? "us-west-2" : "us-east-2"}" - customer_table_name = "${terraform.workspace == "forge-prod" ? "forge-prod-upload-api-customer" : "staging-warm-upload-api-customer"}" - customer_table_region = "${terraform.workspace == "forge-prod" ? "us-west-2" : "us-east-2"}" + customer_table_name = "${terraform.workspace == "forge-test" ? "forge-test-upload-api-customer" : (terraform.workspace == "forge-prod" ? "forge-prod-upload-api-customer" : "staging-warm-upload-api-customer")}" + customer_table_region = "${(terraform.workspace == "forge-test" || terraform.workspace == "forge-prod") ? "us-west-2" : "us-east-2"}" - consumer_table_name = "${terraform.workspace == "forge-prod" ? "forge-prod-upload-api-consumer" : "staging-warm-upload-api-consumer"}" - consumer_table_region = "${terraform.workspace == "forge-prod" ? "us-west-2" : "us-east-2"}" + consumer_table_name = "${terraform.workspace == "forge-test" ? "forge-test-upload-api-consumer" : (terraform.workspace == "forge-prod" ? "forge-prod-upload-api-consumer" : "staging-warm-upload-api-consumer")}" + consumer_table_region = "${(terraform.workspace == "forge-test" || terraform.workspace == "forge-prod") ? "us-west-2" : "us-east-2"}" } provider "aws" { diff --git a/internal/presets/known_providers.go b/internal/presets/known_providers.go index fda6bcc..7ed2115 100644 --- a/internal/presets/known_providers.go +++ b/internal/presets/known_providers.go @@ -3,4 +3,5 @@ package presets var KnownProviders = []string{ "did:web:staging.up.warm.storacha.network", "did:web:up.forge.storacha.network", + "did:web:up.test.storacha.network", } diff --git a/internal/presets/principal_resolver.go b/internal/presets/principal_resolver.go index 6e02315..70f262e 100644 --- a/internal/presets/principal_resolver.go +++ b/internal/presets/principal_resolver.go @@ -10,10 +10,13 @@ import ( var principalMapping = map[string]string{ "did:web:registrar.forge.storacha.network": "did:key:z6MkkfWep96Dphp35s9VqSCD7h7G4R9R1QCR3K9TxpbSRrKf", + "did:web:registrar.test.storacha.network": "did:key:z6MksH3BJWkC7VbdwJYDvSc5amGtzia37zcf3jVNwJbrm6tp", "did:web:staging.registrar.warm.storacha.network": "did:key:z6MkuQ8PfSMrzXCwZkbQv662nZC4FGGm1aucbH256HXXZyxo", "did:web:indexer.forge.storacha.network": "did:key:z6Mkj8WmJQRy5jEnFN97uuc2qsjFdsYCuD5wE384Z1AMCFN7", + "did:web:indexer.test.storacha.network": "did:key:z6Mkgq6MpoVxPdjyi6NSmvV933jdwAg1SkDL8RG9t9F9KZ4X", "did:web:staging.indexer.warm.storacha.network": "did:key:z6Mkr4QkdinnXQmJ9JdnzwhcEjR8nMnuVPEwREyh9jp2Pb7k", "did:web:up.forge.storacha.network": "did:key:z6MkgSttS3n3R56yGX2Eufvbwc58fphomhAsLoBCZpZJzQbr", + "did:web:up.test.storacha.network": "did:key:z6Mkpc2hW6sdhWNNx1BWHTmuCDP6wDBRVUiFnZt1SXMhUR24", "did:web:staging.up.warm.storacha.network": "did:key:z6MkpR58oZpK7L3cdZZciKT25ynGro7RZm6boFouWQ7AzF7v", } From c7908508d3b6498e76e0ad29b64de5a6c8c6392d Mon Sep 17 00:00:00 2001 From: Vicente Olmedo Date: Tue, 10 Feb 2026 10:46:39 +0100 Subject: [PATCH 4/6] forge-test upload-service has been deployed as w3infra --- deploy/.env.production.local.tpl | 6 +++--- deploy/app/external.tf | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/deploy/.env.production.local.tpl b/deploy/.env.production.local.tpl index eb3f82d..9285399 100644 --- a/deploy/.env.production.local.tpl +++ b/deploy/.env.production.local.tpl @@ -13,13 +13,13 @@ if [ "$TF_WORKSPACE" == "forge-prod" ]; then TRUSTED_AUTHORITIES="did:web:up.forge.storacha.network" elif [ "$TF_WORKSPACE" == "forge-test" ]; then - STORAGE_PROVIDER_TABLE_NAME="forge-test-upload-api-storage-provider" + STORAGE_PROVIDER_TABLE_NAME="forge-test-w3infra-storage-provider" STORAGE_PROVIDER_TABLE_REGION="us-west-2" - CUSTOMER_TABLE_NAME="forge-test-upload-api-customer" + CUSTOMER_TABLE_NAME="forge-test-w3infra-customer" CUSTOMER_TABLE_REGION="us-west-2" - CONSUMER_TABLE_NAME="forge-test-upload-api-consumer" + CONSUMER_TABLE_NAME="forge-test-w3infra-consumer" CONSUMER_TABLE_REGION="us-west-2" CONSUMER_CONSUMER_INDEX_NAME="consumer" CONSUMER_CUSTOMER_INDEX_NAME="customer" diff --git a/deploy/app/external.tf b/deploy/app/external.tf index f88868c..6fe2ff5 100644 --- a/deploy/app/external.tf +++ b/deploy/app/external.tf @@ -1,11 +1,11 @@ locals { - storage_provider_table_name = "${terraform.workspace == "forge-test" ? "forge-test-upload-api-storage-provider" : (terraform.workspace == "forge-prod" ? "forge-prod-upload-api-storage-provider" : "staging-warm-upload-api-storage-provider")}" + storage_provider_table_name = "${terraform.workspace == "forge-test" ? "forge-test-w3infra-storage-provider" : (terraform.workspace == "forge-prod" ? "forge-prod-upload-api-storage-provider" : "staging-warm-upload-api-storage-provider")}" storage_provider_table_region = "${(terraform.workspace == "forge-prod" || terraform.workspace == "forge-test") ? "us-west-2" : "us-east-2"}" - customer_table_name = "${terraform.workspace == "forge-test" ? "forge-test-upload-api-customer" : (terraform.workspace == "forge-prod" ? "forge-prod-upload-api-customer" : "staging-warm-upload-api-customer")}" + customer_table_name = "${terraform.workspace == "forge-test" ? "forge-test-w3infra-customer" : (terraform.workspace == "forge-prod" ? "forge-prod-upload-api-customer" : "staging-warm-upload-api-customer")}" customer_table_region = "${(terraform.workspace == "forge-test" || terraform.workspace == "forge-prod") ? "us-west-2" : "us-east-2"}" - consumer_table_name = "${terraform.workspace == "forge-test" ? "forge-test-upload-api-consumer" : (terraform.workspace == "forge-prod" ? "forge-prod-upload-api-consumer" : "staging-warm-upload-api-consumer")}" + consumer_table_name = "${terraform.workspace == "forge-test" ? "forge-test-w3infra-consumer" : (terraform.workspace == "forge-prod" ? "forge-prod-upload-api-consumer" : "staging-warm-upload-api-consumer")}" consumer_table_region = "${(terraform.workspace == "forge-test" || terraform.workspace == "forge-prod") ? "us-west-2" : "us-east-2"}" } From 9f6bd2471d64947133de27e46a1e395ee0fa97ae Mon Sep 17 00:00:00 2001 From: Vicente Olmedo Date: Thu, 12 Mar 2026 17:02:23 +0100 Subject: [PATCH 5/6] latest storoku --- .github/workflows/terraform.yml | 20 ++++--- .storoku.json | 9 ++- deploy/app/.terraform.lock.hcl | 76 +++++++++++++------------ deploy/app/main.tf | 16 ++---- deploy/shared/.terraform.lock.hcl | 93 ++++++++++++++++--------------- deploy/shared/main.tf | 4 +- 6 files changed, 114 insertions(+), 104 deletions(-) diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml index dd14424..c97bd92 100644 --- a/.github/workflows/terraform.yml +++ b/.github/workflows/terraform.yml @@ -86,9 +86,6 @@ jobs: aws-region: ${{ env.AWS_REGION }} role-to-assume: arn:aws:iam::${{ env.AWS_ACCOUNT_ID }}:role/terraform-ci - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - uses: opentofu/setup-opentofu@v1 - name: Tofu Init @@ -97,17 +94,24 @@ jobs: make init working-directory: deploy - - name: Build + Push Docker ECR - run: | - make docker-push - working-directory: deploy - + # just plan if !inputs.apply - name: Terraform Plan if: ${{ !inputs.apply }} run: | make plan working-directory: deploy + # build and push docker image and apply if inputs.apply + - name: Set up Docker Buildx + if: ${{ inputs.apply }} + uses: docker/setup-buildx-action@v3 + + - name: Build + Push Docker ECR + if: ${{ inputs.apply }} + run: | + make docker-push + working-directory: deploy + - name: Terraform Apply if: ${{ inputs.apply }} run: | diff --git a/.storoku.json b/.storoku.json index a194238..1a41048 100644 --- a/.storoku.json +++ b/.storoku.json @@ -14,15 +14,18 @@ "secrets": [ { "name": "ETRACKER_METRICS_AUTH_TOKEN", - "variable": true + "variable": true, + "external": false }, { "name": "ETRACKER_ADMIN_DASHBOARD_USER", - "variable": true + "variable": true, + "external": false }, { "name": "ETRACKER_ADMIN_DASHBOARD_PASSWORD", - "variable": true + "variable": true, + "external": false } ], "tables": [ diff --git a/deploy/app/.terraform.lock.hcl b/deploy/app/.terraform.lock.hcl index d84884a..a36fc3d 100644 --- a/deploy/app/.terraform.lock.hcl +++ b/deploy/app/.terraform.lock.hcl @@ -19,19 +19,25 @@ provider "registry.opentofu.org/hashicorp/archive" { } provider "registry.opentofu.org/hashicorp/aws" { - version = "6.9.0" - constraints = ">= 4.63.0, >= 5.86.0" + version = "6.36.0" + constraints = ">= 5.86.0, >= 6.0.0, >= 6.28.0" hashes = [ - "h1:4N65RShhsnXBALN/jwFFnz1+F831DpofxRGShghLSxE=", - "zh:0020ac28a739e28829e72c6c342118086a9b877acd75129b4f4f5762f25c04d7", - "zh:4b5c990ea183813466f4a827f621793ab0644b3832c730651dea407d5fdb82fb", - "zh:4c3b277cff442b9eae6314072ed77287a1b2a5620a9f95064b1105b5e6d0ad34", - "zh:53154edce4270aa0380448b138b03705ae46cab34c30ff3bd4b800de56c52543", - "zh:5c2e48de8721fb9bd74c84646d411c58591fd35600ac2d2a8b25ab2ed6febb1b", - "zh:775bec149c691fe03d87105249c229b1563b2cbeb781e444ebbf3672129b0eb8", - "zh:b5f4021bdd50cfee9f876ecf423de42863d9bbed9f27af89bb09697f69bd42ec", - "zh:ce4be208ec14315fd715fe2efb194bbc3ff2de3e05549d5dcbbc4aef1fd5a58d", - "zh:ea22bf90e5ad8396477ed7358bee21bce0648a4e92c1392523a000e0d23fa942", + "h1:TclpBCpiZqJw1ZLvcP+8BGUaWkLmrjQLfHOKM0+ZY+o=", + "zh:02e80f75a53a6cabaeb255e7d202e34398a43aaca932a565b6272168e75b0b60", + "zh:04115de3895e35e7ffae46066c7f20c1f4f7f5c5751c311a06dbfbc63399ffe6", + "zh:0a0c9a9703a8baf6b045dc68652221e410d8b03db39ff3d27d4106876e928878", + "zh:11e692429aecfaccdcf08f42ea81e64ae3b0580f0a6f803107db34cc4a636b26", + "zh:1b24f275b050018ac2b368e5c0d6445695198c1fc0e4798899be671cf0a0a2fd", + "zh:3c361e7e9d14d8c608963005d4cd9808a2499878e4805ca0807b502ce2854c5c", + "zh:58fe2213a56e8f87b23b4dfa987fc2f2ab915f79ee380eb5a4c9d561116c3dfe", + "zh:649cd4f0940bf6d360fd5c5544efc676b4a95fc42eecabc217e8ac8e040637d8", + "zh:7fc2fba30bd771569483faf8a16291ed80fc242f02a47c5ea9c0902829ee3156", + "zh:840daeef43b505ba6515f4cb37350e449d6d7811c34032bed8976e0e67d4e1a4", + "zh:85151acc8ae2c59361031806bf783566d931cf2f7623861a6620df297969bd79", + "zh:aa30aaf8194a6ece1594a757177c970d1ef30589c9b36ccb40b1314f029764b3", + "zh:b3cfecf0d2d70daef9564a2c8d6c5ab949134c131af17dfb0e40683f94ef7c47", + "zh:debdff8cfa9a6ccb25e24409e3c2936e41da124c0c897ce30a33e7639203bb3a", + "zh:f1567a7f575812711bd9eca2e038fe25b9d2602bc97ae13d0197c24a8a219361", ] } @@ -54,20 +60,19 @@ provider "registry.opentofu.org/hashicorp/external" { } provider "registry.opentofu.org/hashicorp/local" { - version = "2.5.3" + version = "2.7.0" constraints = ">= 1.0.0" hashes = [ - "h1:31Clmfoe7hzkcdgwuhUuGuPGfeG2Ksk+YWcJgzBTN7M=", - "zh:32e1d4b0595cea6cda4ca256195c162772ddff25594ab4008731a2ec7be230bf", - "zh:48c390af0c87df994ec9796f04ec2582bcac581fb81ed6bb58e0671da1c17991", - "zh:4be7289c969218a57b40902e2f359914f8d35a7f97b439140cb711aa21e494bd", - "zh:4cf958e631e99ed6c8b522c9b22e1f1b568c0bdadb01dd002ca7dffb1c927764", - "zh:7a0132c0faca4c4c96aa70808effd6817e28712bf5a39881666ac377b4250acf", - "zh:7d60de08fac427fb045e4590d1b921b6778498eee9eb16f78c64d4c577bde096", - "zh:91003bee5981e99ec3925ce2f452a5f743827f9d0e131a86613549c1464796f0", - "zh:9fe2fe75977c8149e2515fb30c6cc6cfd57b225d4ce592c570d81a3831d7ffa3", - "zh:e210e6be54933ce93e03d0994e520ba289aa01b2c1f70e77afb8f2ee796b0fe3", - "zh:e8793e5f9422f2b31a804e51806595f335b827c9a38db18766960464566f21d5", + "h1:y4Z2q/vw3DUN+0KOunHUsptXPnO/7rDs9zSLdIdtwMk=", + "zh:39e037a963356e583d90d509d82f6dc19914ef5c66970fb166db414f035468f4", + "zh:5292e51488d40d6c2b365daa9a406144c3fa3f769f1c03065adb4757d41c6ea0", + "zh:62db48adf8676e8c67f923352a4acb8e52470220ecaa0c9e21a660f359fd5446", + "zh:6d5f4555371edde0975b5c2ce5fb048be737ea5dc9aab75c8f9fe37f37bf7850", + "zh:790ab029516ee126a2b5a122ab0638c09585c71c109b91cefc794a4ecc2ba32e", + "zh:7b7410b923c17a3495e416b940dbef7ee6e2e82298ea2f5b7f9a0e4c2cad4b69", + "zh:8baa1caf36ba2b0b63e91cd00750e643d21f13535dce04ae824a1211537c6867", + "zh:aebc221a0da83e970c737c71e76701df731c6f8d70e56ead85bc1f83996f852d", + "zh:b3c3ee356591800b11d45fb0bb7d39c8eb3a2141c56dd87808b1fcdc9380816c", ] } @@ -90,18 +95,17 @@ provider "registry.opentofu.org/hashicorp/null" { } provider "registry.opentofu.org/hashicorp/random" { - version = "3.7.2" + version = "3.8.1" hashes = [ - "h1:cFGCdxTlsrteTiaOV/iOQdql7eJkD3F/vtJxenkj9IE=", - "zh:2ffeb1058bd7b21a9e15a5301abb863053a2d42dffa3f6cf654a1667e10f4727", - "zh:519319ed8f4312ed76519652ad6cd9f98bc75cf4ec7990a5684c072cf5dd0a5d", - "zh:7371c2cc28c94deb9dba62fbac2685f7dde47f93019273a758dd5a2794f72919", - "zh:9b0ac4c1d8e36a86b59ced94fa517ae9b015b1d044b3455465cc6f0eab70915d", - "zh:c6336d7196f1318e1cbb120b3de8426ce43d4cacd2c75f45dba2dbdba666ce00", - "zh:c71f18b0cb5d55a103ea81e346fb56db15b144459123f1be1b0209cffc1deb4e", - "zh:d2dc49a6cac2d156e91b0506d6d756809e36bf390844a187f305094336d3e8d8", - "zh:d5b5fc881ccc41b268f952dae303501d6ec9f9d24ee11fe2fa56eed7478e15d0", - "zh:db9723eaca26d58c930e13fde221d93501529a5cd036b1f167ef8cff6f1a03cc", - "zh:fe3359f733f3ab518c6f85f3a9cd89322a7143463263f30321de0973a52d4ad8", + "h1:LsYuJLZcYl1RiH7Hd3w90Ra5+k5cNqfdRUQXItkTI8Y=", + "zh:25c458c7c676f15705e872202dad7dcd0982e4a48e7ea1800afa5fc64e77f4c8", + "zh:2edeaf6f1b20435b2f81855ad98a2e70956d473be9e52a5fdf57ccd0098ba476", + "zh:44becb9d5f75d55e36dfed0c5beabaf4c92e0a2bc61a3814d698271c646d48e7", + "zh:7699032612c3b16cc69928add8973de47b10ce81b1141f30644a0e8a895b5cd3", + "zh:86d07aa98d17703de9fbf402c89590dc1e01dbe5671dd6bc5e487eb8fe87eee0", + "zh:8c411c77b8390a49a8a1bc9f176529e6b32369dd33a723606c8533e5ca4d68c1", + "zh:a5ecc8255a612652a56b28149994985e2c4dc046e5d34d416d47fa7767f5c28f", + "zh:aea3fe1a5669b932eda9c5c72e5f327db8da707fe514aaca0d0ef60cb24892f9", + "zh:f56e26e6977f755d7ae56fa6320af96ecf4bb09580d47cb481efbf27f1c5afff", ] } diff --git a/deploy/app/main.tf b/deploy/app/main.tf index 5eba023..e65a19f 100644 --- a/deploy/app/main.tf +++ b/deploy/app/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.86.0" + version = ">= 6.0.0" } archive = { source = "hashicorp/archive" @@ -31,14 +31,10 @@ provider "aws" { } } -# CloudFront is a global service. Certs must be created in us-east-1, where the core ACM infra lives -provider "aws" { - region = "us-east-1" - alias = "acm" -} + module "app" { - source = "github.com/storacha/storoku//app?ref=v0.5.1_co" + source = "github.com/storacha/storoku//app?ref=v0.6.2" private_key = var.private_key private_key_env_var = "ETRACKER_PRIVATE_KEY" httpport = 8080 @@ -72,6 +68,8 @@ module "app" { "ETRACKER_ADMIN_DASHBOARD_USER" = var.admin_dashboard_user "ETRACKER_ADMIN_DASHBOARD_PASSWORD" = var.admin_dashboard_password } + # enter external secrets (provisioned out-of-band) here + external_secrets = [] # enter any sqs queues you want to create here queues = [] caches = [] @@ -145,10 +143,6 @@ module "app" { ] buckets = [ ] - providers = { - aws = aws - aws.acm = aws.acm - } env_files = var.env_files domain_base = var.domain_base } diff --git a/deploy/shared/.terraform.lock.hcl b/deploy/shared/.terraform.lock.hcl index c1db9c9..57fe3e3 100644 --- a/deploy/shared/.terraform.lock.hcl +++ b/deploy/shared/.terraform.lock.hcl @@ -2,68 +2,73 @@ # Manual edits may be lost in future updates. provider "registry.opentofu.org/cloudflare/cloudflare" { - version = "5.8.4" + version = "5.18.0" constraints = "~> 5.0" hashes = [ - "h1:ihbA9kw+RRkVjCts0NLwt+eQhrJloCH4JDfXYYCkNlA=", - "zh:0e3ffc026d07699189406d7471f6a65e66a35065ee26b7cded6dfff0f5c22fba", - "zh:2819e632d8f5437ee8cafbd35a0b44b9ea685aabae95536da345f012b2cbd193", - "zh:3ec56bd9e5bcc8bb2012651fa3ad837934603aacdbbb06c2d579681398e993b2", - "zh:56f4acef08aee4ba0fca8830b341d46658c6b4f83e55a8badbf4324156d6edd7", - "zh:5a8481a1b1b756f5d13c44ae1c89fd04e24e00e85a1e182a80c593130e4061a5", - "zh:af2e89d30aed52d0f0477a782303605f58b9868ce6868449c0a2ee1cb1ff825b", - "zh:d2622f857b37386e9d58fe9bd8391f9ef5930e3bf78b6e8b1b2b888e3dcc7be2", - "zh:e8dd942e2252c52dc68aa75eaeac43053e2d04b768ac9ea191b8da79b9ec4472", + "h1:2FKT5YVLuHLmv7BnFxDC3UtipD3hSSrb0iJ9Ei2C/ks=", + "zh:47e7bdfd8eddd2685f383269c0b6936ef62edd6d8383c8d7757b0cce0a689737", + "zh:aa23eb6aa128667883cabc449ceca4072d0181f574cd727e08ebd6d69a4bfd48", + "zh:c3da673e05d3bd933c82e2b6ba0f85aa23c5e24fadd3932f7c066314feeb65a3", + "zh:c59f07c017fc78b79e80554a0737c9db2a2e681c3e46ff637942d28d1f1a3924", + "zh:d559074612835a37fa684d8d7d0cf68911487b71f4067acc59069cb00bb8baf0", + "zh:e12290a4eda757c183a4258230245dd170f0def389c37eb771db144ce3b382dd", + "zh:ed47e484432ba1bbbb4802061f395ebd253ae8e20be9b72552d3d830fd2ca268", + "zh:f35e08d468408697b3e7c4a7f548b874141ac8f8d395ab8edded322201cc7047", "zh:f809ab383cca0a5f83072981c64208cbd7fa67e986a86ee02dd2c82333221e32", ] } provider "registry.opentofu.org/hashicorp/aws" { - version = "6.9.0" - constraints = ">= 5.86.0" + version = "6.36.0" + constraints = ">= 5.86.0, >= 6.0.0" hashes = [ - "h1:4N65RShhsnXBALN/jwFFnz1+F831DpofxRGShghLSxE=", - "zh:0020ac28a739e28829e72c6c342118086a9b877acd75129b4f4f5762f25c04d7", - "zh:4b5c990ea183813466f4a827f621793ab0644b3832c730651dea407d5fdb82fb", - "zh:4c3b277cff442b9eae6314072ed77287a1b2a5620a9f95064b1105b5e6d0ad34", - "zh:53154edce4270aa0380448b138b03705ae46cab34c30ff3bd4b800de56c52543", - "zh:5c2e48de8721fb9bd74c84646d411c58591fd35600ac2d2a8b25ab2ed6febb1b", - "zh:775bec149c691fe03d87105249c229b1563b2cbeb781e444ebbf3672129b0eb8", - "zh:b5f4021bdd50cfee9f876ecf423de42863d9bbed9f27af89bb09697f69bd42ec", - "zh:ce4be208ec14315fd715fe2efb194bbc3ff2de3e05549d5dcbbc4aef1fd5a58d", - "zh:ea22bf90e5ad8396477ed7358bee21bce0648a4e92c1392523a000e0d23fa942", + "h1:TclpBCpiZqJw1ZLvcP+8BGUaWkLmrjQLfHOKM0+ZY+o=", + "zh:02e80f75a53a6cabaeb255e7d202e34398a43aaca932a565b6272168e75b0b60", + "zh:04115de3895e35e7ffae46066c7f20c1f4f7f5c5751c311a06dbfbc63399ffe6", + "zh:0a0c9a9703a8baf6b045dc68652221e410d8b03db39ff3d27d4106876e928878", + "zh:11e692429aecfaccdcf08f42ea81e64ae3b0580f0a6f803107db34cc4a636b26", + "zh:1b24f275b050018ac2b368e5c0d6445695198c1fc0e4798899be671cf0a0a2fd", + "zh:3c361e7e9d14d8c608963005d4cd9808a2499878e4805ca0807b502ce2854c5c", + "zh:58fe2213a56e8f87b23b4dfa987fc2f2ab915f79ee380eb5a4c9d561116c3dfe", + "zh:649cd4f0940bf6d360fd5c5544efc676b4a95fc42eecabc217e8ac8e040637d8", + "zh:7fc2fba30bd771569483faf8a16291ed80fc242f02a47c5ea9c0902829ee3156", + "zh:840daeef43b505ba6515f4cb37350e449d6d7811c34032bed8976e0e67d4e1a4", + "zh:85151acc8ae2c59361031806bf783566d931cf2f7623861a6620df297969bd79", + "zh:aa30aaf8194a6ece1594a757177c970d1ef30589c9b36ccb40b1314f029764b3", + "zh:b3cfecf0d2d70daef9564a2c8d6c5ab949134c131af17dfb0e40683f94ef7c47", + "zh:debdff8cfa9a6ccb25e24409e3c2936e41da124c0c897ce30a33e7639203bb3a", + "zh:f1567a7f575812711bd9eca2e038fe25b9d2602bc97ae13d0197c24a8a219361", ] } provider "registry.opentofu.org/hashicorp/cloudflare" { - version = "5.8.4" + version = "5.18.0" hashes = [ - "h1:ihbA9kw+RRkVjCts0NLwt+eQhrJloCH4JDfXYYCkNlA=", - "zh:0e3ffc026d07699189406d7471f6a65e66a35065ee26b7cded6dfff0f5c22fba", - "zh:2819e632d8f5437ee8cafbd35a0b44b9ea685aabae95536da345f012b2cbd193", - "zh:3ec56bd9e5bcc8bb2012651fa3ad837934603aacdbbb06c2d579681398e993b2", - "zh:56f4acef08aee4ba0fca8830b341d46658c6b4f83e55a8badbf4324156d6edd7", - "zh:5a8481a1b1b756f5d13c44ae1c89fd04e24e00e85a1e182a80c593130e4061a5", - "zh:af2e89d30aed52d0f0477a782303605f58b9868ce6868449c0a2ee1cb1ff825b", - "zh:d2622f857b37386e9d58fe9bd8391f9ef5930e3bf78b6e8b1b2b888e3dcc7be2", - "zh:e8dd942e2252c52dc68aa75eaeac43053e2d04b768ac9ea191b8da79b9ec4472", + "h1:2FKT5YVLuHLmv7BnFxDC3UtipD3hSSrb0iJ9Ei2C/ks=", + "zh:47e7bdfd8eddd2685f383269c0b6936ef62edd6d8383c8d7757b0cce0a689737", + "zh:aa23eb6aa128667883cabc449ceca4072d0181f574cd727e08ebd6d69a4bfd48", + "zh:c3da673e05d3bd933c82e2b6ba0f85aa23c5e24fadd3932f7c066314feeb65a3", + "zh:c59f07c017fc78b79e80554a0737c9db2a2e681c3e46ff637942d28d1f1a3924", + "zh:d559074612835a37fa684d8d7d0cf68911487b71f4067acc59069cb00bb8baf0", + "zh:e12290a4eda757c183a4258230245dd170f0def389c37eb771db144ce3b382dd", + "zh:ed47e484432ba1bbbb4802061f395ebd253ae8e20be9b72552d3d830fd2ca268", + "zh:f35e08d468408697b3e7c4a7f548b874141ac8f8d395ab8edded322201cc7047", "zh:f809ab383cca0a5f83072981c64208cbd7fa67e986a86ee02dd2c82333221e32", ] } provider "registry.opentofu.org/hashicorp/random" { - version = "3.7.2" + version = "3.8.1" hashes = [ - "h1:cFGCdxTlsrteTiaOV/iOQdql7eJkD3F/vtJxenkj9IE=", - "zh:2ffeb1058bd7b21a9e15a5301abb863053a2d42dffa3f6cf654a1667e10f4727", - "zh:519319ed8f4312ed76519652ad6cd9f98bc75cf4ec7990a5684c072cf5dd0a5d", - "zh:7371c2cc28c94deb9dba62fbac2685f7dde47f93019273a758dd5a2794f72919", - "zh:9b0ac4c1d8e36a86b59ced94fa517ae9b015b1d044b3455465cc6f0eab70915d", - "zh:c6336d7196f1318e1cbb120b3de8426ce43d4cacd2c75f45dba2dbdba666ce00", - "zh:c71f18b0cb5d55a103ea81e346fb56db15b144459123f1be1b0209cffc1deb4e", - "zh:d2dc49a6cac2d156e91b0506d6d756809e36bf390844a187f305094336d3e8d8", - "zh:d5b5fc881ccc41b268f952dae303501d6ec9f9d24ee11fe2fa56eed7478e15d0", - "zh:db9723eaca26d58c930e13fde221d93501529a5cd036b1f167ef8cff6f1a03cc", - "zh:fe3359f733f3ab518c6f85f3a9cd89322a7143463263f30321de0973a52d4ad8", + "h1:LsYuJLZcYl1RiH7Hd3w90Ra5+k5cNqfdRUQXItkTI8Y=", + "zh:25c458c7c676f15705e872202dad7dcd0982e4a48e7ea1800afa5fc64e77f4c8", + "zh:2edeaf6f1b20435b2f81855ad98a2e70956d473be9e52a5fdf57ccd0098ba476", + "zh:44becb9d5f75d55e36dfed0c5beabaf4c92e0a2bc61a3814d698271c646d48e7", + "zh:7699032612c3b16cc69928add8973de47b10ce81b1141f30644a0e8a895b5cd3", + "zh:86d07aa98d17703de9fbf402c89590dc1e01dbe5671dd6bc5e487eb8fe87eee0", + "zh:8c411c77b8390a49a8a1bc9f176529e6b32369dd33a723606c8533e5ca4d68c1", + "zh:a5ecc8255a612652a56b28149994985e2c4dc046e5d34d416d47fa7767f5c28f", + "zh:aea3fe1a5669b932eda9c5c72e5f327db8da707fe514aaca0d0ef60cb24892f9", + "zh:f56e26e6977f755d7ae56fa6320af96ecf4bb09580d47cb481efbf27f1c5afff", ] } diff --git a/deploy/shared/main.tf b/deploy/shared/main.tf index 0afcc21..c03f30e 100644 --- a/deploy/shared/main.tf +++ b/deploy/shared/main.tf @@ -49,14 +49,14 @@ provider "aws" { } module "shared" { - source = "github.com/storacha/storoku//shared?ref=v0.5.1_co" + source = "github.com/storacha/storoku//shared?ref=v0.6.2" providers = { aws = aws aws.dev = aws.dev } create_db = false caches = [] - networks = ["warm","forge", "test"] + networks = ["warm","forge","test"] app = var.app create_shared_dev_resources = var.create_shared_dev_resources zone_id = var.cloudflare_zone_id From a1f3c292ce97266c9ce0edc1677b60be28af9c9e Mon Sep 17 00:00:00 2001 From: Vicente Olmedo Date: Thu, 12 Mar 2026 17:18:21 +0100 Subject: [PATCH 6/6] deploy to forge-test on releases --- .github/workflows/deploy.yml | 24 +++++++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 32e69e0..568aae8 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -20,6 +20,7 @@ on: options: - warm-staging - forge-production + - forge-test permissions: id-token: write # This is required for requesting the JWT @@ -48,7 +49,7 @@ jobs: cloudflare-zone-id: ${{ secrets.WARM_STAGING_CLOUDFLARE_ZONE_ID }} cloudflare-api-token: ${{ secrets.WARM_STAGING_CLOUDFLARE_API_TOKEN }} - # apply prod on successful release, plan otherwise + # apply prod and test on successful release, plan otherwise forge-production: uses: ./.github/workflows/terraform.yml with: @@ -69,3 +70,24 @@ jobs: admin-dashboard-password: ${{ secrets.FORGE_PROD_ADMIN_DASHBOARD_PASSWORD }} cloudflare-zone-id: ${{ secrets.FORGE_PROD_CLOUDFLARE_ZONE_ID }} cloudflare-api-token: ${{ secrets.FORGE_PROD_CLOUDFLARE_API_TOKEN }} + + forge-test: + uses: ./.github/workflows/terraform.yml + with: + env: forge-test + workspace: forge-test + network: test + did: did:web:etracker.test.storacha.network + client-egress-usd-per-tib: ${{ vars.FORGE_TEST_CLIENT_EGRESS_USD_PER_TIB }} + provider-egress-usd-per-tib: ${{ vars.FORGE_TEST_PROVIDER_EGRESS_USD_PER_TIB }} + apply: ${{ (github.event_name == 'workflow_run' && github.event.workflow_run.conclusion == 'success') || (github.event_name == 'workflow_dispatch' && github.event.inputs.environment == 'forge-test') }} + secrets: + aws-account-id: ${{ secrets.FORGE_TEST_AWS_ACCOUNT_ID }} + aws-region: ${{ secrets.FORGE_TEST_AWS_REGION }} + region: ${{ secrets.FORGE_TEST_AWS_REGION }} + private-key: ${{ secrets.FORGE_TEST_PRIVATE_KEY }} + metrics-auth-token: ${{ secrets.FORGE_TEST_METRICS_AUTH_TOKEN }} + admin-dashboard-user: ${{ secrets.FORGE_TEST_ADMIN_DASHBOARD_USER }} + admin-dashboard-password: ${{ secrets.FORGE_TEST_ADMIN_DASHBOARD_PASSWORD }} + cloudflare-zone-id: ${{ secrets.FORGE_TEST_CLOUDFLARE_ZONE_ID }} + cloudflare-api-token: ${{ secrets.FORGE_TEST_CLOUDFLARE_API_TOKEN }}