@digilogiclabs/create-saas-app 2.0.0 → 2.2.0

package/src/templates/infrastructure/terraform/aws/template/variables.tf

@@ -0,0 +1,110 @@
+# {{titleCaseName}} - Terraform Variables
+
+# ============================================
+# General
+# ============================================
+
+variable "environment" {
+  description = "Environment name (staging, production)"
+  type        = string
+  default     = "staging"
+}
+
+variable "aws_region" {
+  description = "AWS region"
+  type        = string
+  default     = "us-east-1"
+}
+
+# ============================================
+# Vercel
+# ============================================
+
+variable "vercel_api_token" {
+  description = "Vercel API token"
+  type        = string
+  sensitive   = true
+}
+
+variable "vercel_team_id" {
+  description = "Vercel team ID (optional)"
+  type        = string
+  default     = null
+}
+
+variable "github_repo" {
+  description = "GitHub repository (org/repo format)"
+  type        = string
+}
+
+variable "domain" {
+  description = "Production domain"
+  type        = string
+}
+
+# ============================================
+# Supabase
+# ============================================
+
+variable "supabase_url" {
+  description = "Supabase project URL"
+  type        = string
+}
+
+variable "supabase_anon_key" {
+  description = "Supabase anonymous key"
+  type        = string
+  sensitive   = true
+}
+
+variable "supabase_service_role_key" {
+  description = "Supabase service role key"
+  type        = string
+  sensitive   = true
+}
+
+# ============================================
+# Stripe (Optional)
+# ============================================
+
+variable "stripe_secret_key" {
+  description = "Stripe secret key"
+  type        = string
+  default     = ""
+  sensitive   = true
+}
+
+variable "stripe_webhook_secret" {
+  description = "Stripe webhook secret"
+  type        = string
+  default     = ""
+  sensitive   = true
+}
+
+# ============================================
+# AI (Optional)
+# ============================================
+
+variable "openai_api_key" {
+  description = "OpenAI API key"
+  type        = string
+  default     = ""
+  sensitive   = true
+}
+
+variable "anthropic_api_key" {
+  description = "Anthropic API key"
+  type        = string
+  default     = ""
+  sensitive   = true
+}
+
+# ============================================
+# Monitoring
+# ============================================
+
+variable "alert_email" {
+  description = "Email address for alerts"
+  type        = string
+  default     = ""
+}

package/src/templates/infrastructure/terraform/gcp/template/README.md

@@ -0,0 +1,165 @@
+# {{titleCaseName}} - GCP Infrastructure
+
+Terraform configuration for deploying {{titleCaseName}} to Google Cloud Platform with Vercel frontend.
+
+## Architecture
+
+```
+┌─────────────────────────────────────────────────────────────┐
+│                         Internet                            │
+└─────────────────────────────────────────────────────────────┘
+                              │
+              ┌───────────────┼───────────────┐
+              ▼               ▼               ▼
+        ┌──────────┐   ┌───────────┐   ┌───────────┐
+        │  Vercel  │   │ Cloud CDN │   │  Supabase │
+        │ (App)    │   │           │   │ (Auth/DB) │
+        └──────────┘   └───────────┘   └───────────┘
+                              │
+                              ▼
+                    ┌─────────────────┐
+                    │  Cloud Storage  │
+                    │   (Buckets)     │
+                    └─────────────────┘
+
+        ┌───────────┐   ┌───────────┐   ┌───────────┐
+        │Cloud Tasks│   │  Pub/Sub  │   │  Secret   │
+        │ (Queue)   │   │ (Events)  │   │  Manager  │
+        └───────────┘   └───────────┘   └───────────┘
+```
+
+## Prerequisites
+
+1. **GCP Project** with billing enabled
+2. **Vercel Account** with API token
+3. **Supabase Project** created
+4. **Terraform** >= 1.0 installed
+5. **gcloud CLI** configured
+
+## Quick Start
+
+1. **Enable required APIs:**
+   ```bash
+   gcloud services enable \
+     storage.googleapis.com \
+     compute.googleapis.com \
+     cloudtasks.googleapis.com \
+     pubsub.googleapis.com \
+     secretmanager.googleapis.com \
+     logging.googleapis.com \
+     monitoring.googleapis.com
+   ```
+
+2. **Initialize Terraform:**
+   ```bash
+   terraform init
+   ```
+
+3. **Create variables file:**
+   ```bash
+   cp terraform.tfvars.example terraform.tfvars
+   ```
+
+4. **Update variables:**
+   Edit `terraform.tfvars` with your values.
+
+5. **Plan changes:**
+   ```bash
+   terraform plan
+   ```
+
+6. **Apply changes:**
+   ```bash
+   terraform apply
+   ```
+
+## Resources Created
+
+| Resource | Purpose |
+|----------|---------|
+| Vercel Project | Frontend hosting with automatic deployments |
+| Cloud Storage | File storage with versioning |
+| Cloud CDN | Global CDN for storage content |
+| Cloud Tasks | Background job queue with retries |
+| Pub/Sub | Event-driven messaging |
+| Secret Manager | Secure storage for API keys |
+| Service Account | IAM identity for application |
+| Cloud Logging | Centralized log storage |
+| Cloud Monitoring | Alerting for errors |
+
+## Environments
+
+### Staging
+```bash
+terraform workspace new staging
+terraform apply -var="environment=staging"
+```
+
+### Production
+```bash
+terraform workspace new production
+terraform apply -var="environment=production"
+```
+
+## Remote State (Recommended for Teams)
+
+1. Create GCS bucket:
+   ```bash
+   gsutil mb -l us-central1 gs://{{projectName}}-terraform-state
+   gsutil versioning set on gs://{{projectName}}-terraform-state
+   ```
+
+2. Uncomment backend configuration in `main.tf`
+
+3. Re-initialize:
+   ```bash
+   terraform init -migrate-state
+   ```
+
+## Security Notes
+
+- Uniform bucket-level access enabled
+- Encryption at rest (Google-managed)
+- Secrets stored in Secret Manager
+- Service account follows least-privilege
+- Cloud CDN uses HTTPS only
+
+## Cost Estimation
+
+| Resource | Estimated Monthly Cost |
+|----------|----------------------|
+| Vercel | Free - $20 (Hobby/Pro) |
+| Cloud Storage | ~$5 (50GB storage) |
+| Cloud CDN | ~$8 (100GB egress) |
+| Cloud Tasks | ~$0.40 (1M tasks) |
+| Pub/Sub | ~$1 (1M messages) |
+| Secret Manager | ~$0.06 (4 secrets) |
+| Cloud Logging | ~$5 (10GB logs) |
+| **Total** | **~$20-40/month** |
+
+## Cleanup
+
+```bash
+terraform destroy
+```
+
+## Troubleshooting
+
+### GCP Authentication
+```bash
+gcloud auth application-default login
+# Or use service account
+export GOOGLE_APPLICATION_CREDENTIALS="/path/to/key.json"
+```
+
+### Vercel API Token
+Generate at: https://vercel.com/account/tokens
+
+### State Lock Issues
+```bash
+terraform force-unlock LOCK_ID
+```
+
+## License
+
+MIT - Built with DLL Platform

package/src/templates/infrastructure/terraform/gcp/template/main.tf

@@ -0,0 +1,397 @@
+# {{titleCaseName}} - GCP Infrastructure
+# Terraform configuration for deploying to Google Cloud with Vercel frontend
+
+terraform {
+  required_version = ">= 1.0"
+
+  required_providers {
+    google = {
+      source  = "hashicorp/google"
+      version = "~> 5.0"
+    }
+    vercel = {
+      source  = "vercel/vercel"
+      version = "~> 1.0"
+    }
+  }
+
+  # Uncomment for remote state storage
+  # backend "gcs" {
+  #   bucket  = "{{projectName}}-terraform-state"
+  #   prefix  = "terraform/state"
+  # }
+}
+
+provider "google" {
+  project = var.gcp_project_id
+  region  = var.gcp_region
+}
+
+provider "vercel" {
+  api_token = var.vercel_api_token
+  team      = var.vercel_team_id
+}
+
+# ============================================
+# Vercel Project
+# ============================================
+
+resource "vercel_project" "app" {
+  name      = "{{projectName}}-${var.environment}"
+  framework = "nextjs"
+
+  git_repository = {
+    type = "github"
+    repo = var.github_repo
+  }
+
+  environment = [
+    {
+      key    = "NEXT_PUBLIC_SUPABASE_URL"
+      value  = var.supabase_url
+      target = ["production", "preview", "development"]
+    },
+    {
+      key    = "NEXT_PUBLIC_SUPABASE_ANON_KEY"
+      value  = var.supabase_anon_key
+      target = ["production", "preview", "development"]
+    },
+    {
+      key    = "SUPABASE_SERVICE_ROLE_KEY"
+      value  = var.supabase_service_role_key
+      target = ["production"]
+    },
+    {
+      key    = "NEXT_PUBLIC_APP_URL"
+      value  = "https://${var.domain}"
+      target = ["production"]
+    }
+  ]
+}
+
+resource "vercel_project_domain" "app" {
+  project_id = vercel_project.app.id
+  domain     = var.domain
+}
+
+# ============================================
+# Cloud Storage Bucket
+# ============================================
+
+resource "google_storage_bucket" "storage" {
+  name          = "{{projectName}}-${var.environment}-storage"
+  location      = var.gcp_region
+  storage_class = "STANDARD"
+
+  uniform_bucket_level_access = true
+
+  versioning {
+    enabled = true
+  }
+
+  lifecycle_rule {
+    action {
+      type = "Delete"
+    }
+    condition {
+      age = 365
+    }
+  }
+
+  cors {
+    origin          = ["https://${var.domain}"]
+    method          = ["GET", "PUT", "POST", "DELETE", "HEAD"]
+    response_header = ["*"]
+    max_age_seconds = 3600
+  }
+
+  labels = {
+    project     = "{{projectName}}"
+    environment = var.environment
+    managed-by  = "terraform"
+  }
+}
+
+# ============================================
+# Cloud CDN for Storage
+# ============================================
+
+resource "google_compute_backend_bucket" "storage_cdn" {
+  name        = "{{projectName}}-${var.environment}-cdn"
+  bucket_name = google_storage_bucket.storage.name
+  enable_cdn  = true
+
+  cdn_policy {
+    cache_mode        = "CACHE_ALL_STATIC"
+    default_ttl       = 3600
+    max_ttl           = 86400
+    client_ttl        = 3600
+    negative_caching  = true
+  }
+}
+
+resource "google_compute_url_map" "storage_cdn" {
+  name            = "{{projectName}}-${var.environment}-url-map"
+  default_service = google_compute_backend_bucket.storage_cdn.id
+}
+
+resource "google_compute_global_address" "storage_cdn" {
+  name = "{{projectName}}-${var.environment}-cdn-ip"
+}
+
+resource "google_compute_global_forwarding_rule" "storage_cdn_https" {
+  name                  = "{{projectName}}-${var.environment}-cdn-https"
+  ip_address            = google_compute_global_address.storage_cdn.address
+  ip_protocol           = "TCP"
+  load_balancing_scheme = "EXTERNAL"
+  port_range            = "443"
+  target                = google_compute_target_https_proxy.storage_cdn.id
+}
+
+resource "google_compute_managed_ssl_certificate" "storage_cdn" {
+  name = "{{projectName}}-${var.environment}-cdn-cert"
+
+  managed {
+    domains = ["cdn.${var.domain}"]
+  }
+}
+
+resource "google_compute_target_https_proxy" "storage_cdn" {
+  name             = "{{projectName}}-${var.environment}-cdn-proxy"
+  url_map          = google_compute_url_map.storage_cdn.id
+  ssl_certificates = [google_compute_managed_ssl_certificate.storage_cdn.id]
+}
+
+# ============================================
+# Cloud Tasks (Job Queue)
+# ============================================
+
+resource "google_cloud_tasks_queue" "jobs" {
+  name     = "{{projectName}}-${var.environment}-jobs"
+  location = var.gcp_region
+
+  rate_limits {
+    max_concurrent_dispatches = 10
+    max_dispatches_per_second = 100
+  }
+
+  retry_config {
+    max_attempts       = 5
+    max_retry_duration = "3600s"
+    min_backoff        = "1s"
+    max_backoff        = "3600s"
+    max_doublings      = 16
+  }
+}
+
+# ============================================
+# Pub/Sub (Event Bus)
+# ============================================
+
+resource "google_pubsub_topic" "events" {
+  name = "{{projectName}}-${var.environment}-events"
+
+  labels = {
+    project     = "{{projectName}}"
+    environment = var.environment
+  }
+}
+
+resource "google_pubsub_subscription" "events" {
+  name  = "{{projectName}}-${var.environment}-events-sub"
+  topic = google_pubsub_topic.events.name
+
+  ack_deadline_seconds = 60
+
+  retry_policy {
+    minimum_backoff = "10s"
+    maximum_backoff = "600s"
+  }
+
+  dead_letter_policy {
+    dead_letter_topic     = google_pubsub_topic.events_dlq.id
+    max_delivery_attempts = 5
+  }
+}
+
+resource "google_pubsub_topic" "events_dlq" {
+  name = "{{projectName}}-${var.environment}-events-dlq"
+}
+
+# ============================================
+# Secret Manager
+# ============================================
+
+resource "google_secret_manager_secret" "stripe_secret_key" {
+  secret_id = "{{projectName}}-${var.environment}-stripe-secret-key"
+
+  replication {
+    auto {}
+  }
+
+  labels = {
+    project     = "{{projectName}}"
+    environment = var.environment
+  }
+}
+
+resource "google_secret_manager_secret_version" "stripe_secret_key" {
+  count       = var.stripe_secret_key != "" ? 1 : 0
+  secret      = google_secret_manager_secret.stripe_secret_key.id
+  secret_data = var.stripe_secret_key
+}
+
+resource "google_secret_manager_secret" "stripe_webhook_secret" {
+  secret_id = "{{projectName}}-${var.environment}-stripe-webhook-secret"
+
+  replication {
+    auto {}
+  }
+
+  labels = {
+    project     = "{{projectName}}"
+    environment = var.environment
+  }
+}
+
+resource "google_secret_manager_secret_version" "stripe_webhook_secret" {
+  count       = var.stripe_webhook_secret != "" ? 1 : 0
+  secret      = google_secret_manager_secret.stripe_webhook_secret.id
+  secret_data = var.stripe_webhook_secret
+}
+
+resource "google_secret_manager_secret" "openai_api_key" {
+  secret_id = "{{projectName}}-${var.environment}-openai-api-key"
+
+  replication {
+    auto {}
+  }
+
+  labels = {
+    project     = "{{projectName}}"
+    environment = var.environment
+  }
+}
+
+resource "google_secret_manager_secret_version" "openai_api_key" {
+  count       = var.openai_api_key != "" ? 1 : 0
+  secret      = google_secret_manager_secret.openai_api_key.id
+  secret_data = var.openai_api_key
+}
+
+# ============================================
+# Service Account
+# ============================================
+
+resource "google_service_account" "app" {
+  account_id   = "{{projectName}}-${var.environment}"
+  display_name = "{{titleCaseName}} ${var.environment} Service Account"
+}
+
+resource "google_project_iam_member" "app_storage" {
+  project = var.gcp_project_id
+  role    = "roles/storage.objectAdmin"
+  member  = "serviceAccount:${google_service_account.app.email}"
+}
+
+resource "google_project_iam_member" "app_tasks" {
+  project = var.gcp_project_id
+  role    = "roles/cloudtasks.enqueuer"
+  member  = "serviceAccount:${google_service_account.app.email}"
+}
+
+resource "google_project_iam_member" "app_pubsub" {
+  project = var.gcp_project_id
+  role    = "roles/pubsub.publisher"
+  member  = "serviceAccount:${google_service_account.app.email}"
+}
+
+resource "google_project_iam_member" "app_secrets" {
+  project = var.gcp_project_id
+  role    = "roles/secretmanager.secretAccessor"
+  member  = "serviceAccount:${google_service_account.app.email}"
+}
+
+resource "google_project_iam_member" "app_logging" {
+  project = var.gcp_project_id
+  role    = "roles/logging.logWriter"
+  member  = "serviceAccount:${google_service_account.app.email}"
+}
+
+# ============================================
+# Cloud Logging
+# ============================================
+
+resource "google_logging_project_sink" "app_logs" {
+  name        = "{{projectName}}-${var.environment}-logs"
+  destination = "storage.googleapis.com/${google_storage_bucket.logs.name}"
+  filter      = "resource.labels.project_id=\"${var.gcp_project_id}\" AND labels.project=\"{{projectName}}\""
+
+  unique_writer_identity = true
+}
+
+resource "google_storage_bucket" "logs" {
+  name          = "{{projectName}}-${var.environment}-logs"
+  location      = var.gcp_region
+  storage_class = "STANDARD"
+
+  lifecycle_rule {
+    action {
+      type = "Delete"
+    }
+    condition {
+      age = 90
+    }
+  }
+
+  labels = {
+    project     = "{{projectName}}"
+    environment = var.environment
+  }
+}
+
+resource "google_storage_bucket_iam_member" "logs_writer" {
+  bucket = google_storage_bucket.logs.name
+  role   = "roles/storage.objectCreator"
+  member = google_logging_project_sink.app_logs.writer_identity
+}
+
+# ============================================
+# Cloud Monitoring Alerts
+# ============================================
+
+resource "google_monitoring_notification_channel" "email" {
+  count        = var.alert_email != "" ? 1 : 0
+  display_name = "{{titleCaseName}} Alerts"
+  type         = "email"
+
+  labels = {
+    email_address = var.alert_email
+  }
+}
+
+resource "google_monitoring_alert_policy" "high_error_rate" {
+  count        = var.alert_email != "" ? 1 : 0
+  display_name = "{{titleCaseName}} High Error Rate"
+  combiner     = "OR"
+
+  conditions {
+    display_name = "Error rate > 5%"
+    condition_threshold {
+      filter          = "resource.type=\"cloud_run_revision\" AND metric.type=\"run.googleapis.com/request_count\" AND metric.labels.response_code_class=\"5xx\""
+      duration        = "300s"
+      comparison      = "COMPARISON_GT"
+      threshold_value = 0.05
+      aggregations {
+        alignment_period   = "60s"
+        per_series_aligner = "ALIGN_RATE"
+      }
+    }
+  }
+
+  notification_channels = [google_monitoring_notification_channel.email[0].id]
+
+  alert_strategy {
+    auto_close = "86400s"
+  }
+}