A Telegram bot to help me parse my shared receipts and put the totals on https://www.splitwise.com/.
- Install the the
jq
CLI for JSON manipulation (sudo apt-get install jq
). - Install the Google Cloud SDK (the
gcloud
CLI). - Run
gcloud auth login
to authenticate on a Google Cloud account. - Create a Google Cloud project (see
gcloud projects create --help
). - Set the new project as default:
gcloud config set project PROJECT_ID
. - Run
scripts/create-terraform-service-account.sh
to create a service account and a JSON key file for Terraform Cloud atterraform-service-account-key.json
. - Create an organization and workspace in Terraform Cloud.
- Configure the Terraform Cloud workspace with a VCS workflow connecting to your (fork) git repository.
- Add a secret environment variable
GOOGLE_CREDENTIALS
with the minified JSON of the generated key file to the Terraform Cloud workspace. - Create all the manually-managed secrets in Google Cloud (the ones accessed in Terraform via the
google_secret_manager_secret_version
data source). - Run
scripts/enable-googleapis.sh
to enable the necessary Google Cloud APIs. - Open a pull request setting the new project ID, region and other options in
main.tf
. - Check out the Speculative Plan triggered by Terraform Cloud, the URL should be posted as a status in the pull request.
- Merge and check out the Terraform Plan and Apply triggered by Terraform Cloud.
- After the Terraform Apply finishes, go check the full IDs of all the secrets with a rotation policy in the Google Cloud Console (
projects/*/secrets/*
) and trigger theRotateSecret
function with the JSON{"attributes":{"secretId":"<full-secret-id>","eventType":"SECRET_ROTATE"}}
in the "Testing" tab of the Google Cloud Functions Console. - Verify that all the functions are working by checking out Google Cloud monitoring and testing tools in the console.
- Test the full bot interaction. Trigger
StartBot
via an HTTP GET (lookup the URL in the Google Cloud Functions Console), type in the password, submit and check the hello Telegram message from the bot.
The production deployment also creates development service accounts for each function so they can be tested locally under cmd/<function>/
by running go run .
.
- Run
scripts/create-development-service-account-keys.sh
to create JSON key files for each function. - Craft the configuration file at
cmd/<function>/config.yml
for each function that needs one. - Run
cd cmd/<function>/
andgo run .
to test a function.
If you need to rotate one of the secrets that is baked into a function configuration secret during Terraform Apply, trigger a Terraform Plan and Apply after making all the necessary rotations to update the configuration of the functions.