@hasna/uptime 0.1.5 → 0.1.7

package/infra/aws/outputs.tf

@@ -0,0 +1,34 @@
+output "ecr_repository_url" {
+  value = aws_ecr_repository.open_uptime.repository_url
+}
+
+output "image_builder_project_name" {
+  value = aws_codebuild_project.image_builder.name
+}
+
+output "ecs_cluster_name" {
+  value = aws_ecs_cluster.open_uptime.name
+}
+
+output "alb_dns_name" {
+  value = aws_lb.open_uptime.dns_name
+}
+
+output "evidence_bucket" {
+  value = aws_s3_bucket.evidence.bucket
+}
+
+output "efs_file_system_id" {
+  value = aws_efs_file_system.data.id
+}
+
+output "efs_access_point_id" {
+  value = aws_efs_access_point.uptime.id
+}
+
+output "service_names" {
+  value = concat(
+    [aws_ecs_service.web.name],
+    [for service in aws_ecs_service.worker : service.name],
+  )
+}

package/infra/aws/terraform.tfvars.example

@@ -0,0 +1,28 @@
+region                   = "us-east-1"
+stage                    = "prod"
+service_name             = "open-uptime"
+hostname                 = "uptime.example.com"
+workspace_id             = "workspace-id"
+vpc_id                   = "vpc-xxxxxxxx"
+ecr_repository_name      = "open-uptime"
+public_subnet_ids        = ["subnet-replace-public-a", "subnet-replace-public-b"]
+alb_ingress_cidr_blocks = []
+private_subnet_ids       = ["subnet-replace-private-a", "subnet-replace-private-b"]
+container_image          = "123456789012.dkr.ecr.us-east-1.amazonaws.com/open-uptime@sha256:aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+runtime_package_version  = "0.1.7"
+certificate_arn          = "arn:aws:acm:us-east-1:123456789012:certificate/replace"
+hosted_zone_id           = "ZREPLACE"
+app_env_secret_arn       = "arn:aws:secretsmanager:us-east-1:123456789012:secret:open-uptime/prod/app/env"
+hosted_token_secret_arn  = "arn:aws:secretsmanager:us-east-1:123456789012:secret:open-uptime/prod/hosted-token"
+public_probe_secret_arn  = "arn:aws:secretsmanager:us-east-1:123456789012:secret:open-uptime/prod/probe/public"
+reporting_secret_arn     = "arn:aws:secretsmanager:us-east-1:123456789012:secret:open-uptime/prod/reporting"
+kms_key_arn              = "arn:aws:kms:us-east-1:123456789012:key/00000000-0000-0000-0000-000000000000"
+alarm_actions            = []
+
+desired_counts = {
+  web            = 0
+  scheduler      = 0
+  "public-probe" = 0
+  reporter       = 0
+  migration      = 0
+}

package/infra/aws/variables.tf

@@ -0,0 +1,170 @@
+variable "account_name" {
+  description = "Human-readable AWS account/profile label."
+  type        = string
+  default     = "aws-profile"
+}
+
+variable "region" {
+  description = "AWS region."
+  type        = string
+  default     = "us-east-1"
+}
+
+variable "stage" {
+  description = "Deployment stage."
+  type        = string
+  default     = "prod"
+}
+
+variable "service_name" {
+  description = "Service name prefix."
+  type        = string
+  default     = "open-uptime"
+}
+
+variable "hostname" {
+  description = "Public/internal hostname for Open Uptime."
+  type        = string
+  default     = "uptime.example.com"
+}
+
+variable "workspace_id" {
+  description = "Hosted Open Uptime workspace id."
+  type        = string
+  default     = "workspace-id"
+}
+
+variable "vpc_id" {
+  description = "Existing VPC id."
+  type        = string
+  default     = "vpc-xxxxxxxx"
+}
+
+variable "ecr_repository_name" {
+  description = "ECR repository name for the Open Uptime image."
+  type        = string
+  default     = "open-uptime"
+}
+
+variable "public_subnet_ids" {
+  description = "Public subnets for the ALB."
+  type        = list(string)
+}
+
+variable "alb_ingress_cidr_blocks" {
+  description = "Approved HTTPS source CIDR blocks for the ALB. Keep empty until edge/source policy is approved."
+  type        = list(string)
+  default     = []
+}
+
+variable "private_subnet_ids" {
+  description = "Private application subnets for ECS tasks."
+  type        = list(string)
+}
+
+variable "container_image" {
+  description = "Immutable Open Uptime image URI, preferably with digest."
+  type        = string
+
+  validation {
+    condition     = can(regex("@sha256:[a-f0-9]{64}$", var.container_image))
+    error_message = "container_image must be an immutable image digest ending in @sha256:<64 hex chars>."
+  }
+}
+
+variable "runtime_package_version" {
+  description = "Published @hasna/uptime package version that CodeBuild should build into the ECR image."
+  type        = string
+  default     = "0.1.7"
+
+  validation {
+    condition     = can(regex("^[0-9]+\\.[0-9]+\\.[0-9]+(-[0-9A-Za-z.-]+)?$", var.runtime_package_version))
+    error_message = "runtime_package_version must be a semver version without the package name."
+  }
+}
+
+variable "certificate_arn" {
+  description = "ACM certificate ARN for HTTPS listener."
+  type        = string
+}
+
+variable "hosted_zone_id" {
+  description = "Route53 hosted zone id. Leave null to skip DNS record creation."
+  type        = string
+  default     = null
+}
+
+variable "app_env_secret_arn" {
+  description = "Secrets Manager/SSM ARN containing hosted app environment refs."
+  type        = string
+
+  validation {
+    condition     = can(regex("^arn:aws:(secretsmanager|ssm):", var.app_env_secret_arn))
+    error_message = "app_env_secret_arn must be a Secrets Manager or SSM ARN."
+  }
+}
+
+variable "hosted_token_secret_arn" {
+  description = "Secrets Manager/SSM ARN containing HASNA_UPTIME_HOSTED_TOKEN for hosted web auth bootstrap."
+  type        = string
+
+  validation {
+    condition     = can(regex("^arn:aws:(secretsmanager|ssm):", var.hosted_token_secret_arn))
+    error_message = "hosted_token_secret_arn must be a Secrets Manager or SSM ARN."
+  }
+}
+
+variable "public_probe_secret_arn" {
+  description = "Secrets Manager/SSM ARN containing public probe config refs."
+  type        = string
+
+  validation {
+    condition     = can(regex("^arn:aws:(secretsmanager|ssm):", var.public_probe_secret_arn))
+    error_message = "public_probe_secret_arn must be a Secrets Manager or SSM ARN."
+  }
+}
+
+variable "reporting_secret_arn" {
+  description = "Secrets Manager/SSM ARN containing Mailery/Telephony/Open Logs channel refs."
+  type        = string
+
+  validation {
+    condition     = can(regex("^arn:aws:(secretsmanager|ssm):", var.reporting_secret_arn))
+    error_message = "reporting_secret_arn must be a Secrets Manager or SSM ARN."
+  }
+}
+
+variable "kms_key_arn" {
+  description = "KMS key ARN for S3, logs, and secret-decrypt permissions."
+  type        = string
+
+  validation {
+    condition     = can(regex("^arn:aws:kms:", var.kms_key_arn))
+    error_message = "kms_key_arn must be a KMS key ARN."
+  }
+}
+
+variable "desired_counts" {
+  description = "Desired ECS service counts. Keep all at 0 until app/runtime blockers are closed."
+  type        = map(number)
+  default = {
+    web            = 0
+    scheduler      = 0
+    "public-probe" = 0
+    reporter       = 0
+    migration      = 0
+  }
+
+  validation {
+    condition = alltrue([for count in values(var.desired_counts) : count >= 0]) && lookup(var.desired_counts, "web", 0) <= 1 && alltrue([
+      for key in ["scheduler", "public-probe", "reporter", "migration"] : lookup(var.desired_counts, key, 0) == 0
+    ])
+    error_message = "EFS SQLite bridge requires web desired count 0 or 1 and scheduler/public-probe/reporter/migration desired counts 0."
+  }
+}
+
+variable "alarm_actions" {
+  description = "Optional SNS topic ARNs or other CloudWatch alarm action ARNs."
+  type        = list(string)
+  default     = []
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@hasna/uptime",
-  "version": "0.1.5",
+  "version": "0.1.7",
   "description": "Local-first uptime and downtime monitoring service with CLI, MCP, SDK, SQLite persistence, and a dashboard.",
   "license": "Apache-2.0",
   "type": "module",
@@ -23,6 +23,13 @@
   "files": [
     "dist",
     "README.md",
+    "Dockerfile",
+    "Dockerfile.package",
+    ".dockerignore",
+    "infra/aws/README.md",
+    "infra/aws/.terraform.lock.hcl",
+    "infra/aws/*.tf",
+    "infra/aws/terraform.tfvars.example",
     "docs/aws-deployment-runbook.md",
     "CHANGELOG.md",
     "LICENSE",