@hasna/uptime 0.1.6 → 0.1.8

package/infra/aws/variables.tf

@@ -1,7 +1,7 @@
 variable "account_name" {
   description = "Human-readable AWS account/profile label."
   type        = string
-  default     = "hasna-xyz-infra"
+  default     = "aws-profile"
 }
 
 variable "region" {
@@ -25,19 +25,36 @@ variable "service_name" {
 variable "hostname" {
   description = "Public/internal hostname for Open Uptime."
   type        = string
-  default     = "uptime.hasna.xyz"
+  default     = "uptime.example.com"
 }
 
 variable "workspace_id" {
   description = "Hosted Open Uptime workspace id."
   type        = string
-  default     = "wks_2tyysw05cwap"
+  default     = "workspace-id"
 }
 
 variable "vpc_id" {
   description = "Existing VPC id."
   type        = string
-  default     = "vpc-04c7f7abc1d3c3f56"
+  default     = "vpc-xxxxxxxx"
+}
+
+variable "ecr_repository_name" {
+  description = "ECR repository name for the Open Uptime image."
+  type        = string
+  default     = "open-uptime"
+}
+
+variable "protected_access_mode" {
+  description = "Protected web access mode. cloudfront_default_domain uses the CloudFront HTTPS default domain and restricts ALB HTTP to CloudFront origin-facing ranges. alb_https_cert uses an ALB HTTPS listener with certificate_arn."
+  type        = string
+  default     = "cloudfront_default_domain"
+
+  validation {
+    condition     = contains(["cloudfront_default_domain", "alb_https_cert"], var.protected_access_mode)
+    error_message = "protected_access_mode must be cloudfront_default_domain or alb_https_cert."
+  }
 }
 
 variable "public_subnet_ids" {
@@ -46,7 +63,7 @@ variable "public_subnet_ids" {
 }
 
 variable "alb_ingress_cidr_blocks" {
-  description = "Approved HTTPS source CIDR blocks for the ALB. Keep empty until edge/source policy is approved."
+  description = "Approved HTTPS source CIDR blocks for ALB HTTPS mode. Keep empty until edge/source policy is approved."
   type        = list(string)
   default     = []
 }
@@ -56,11 +73,6 @@ variable "private_subnet_ids" {
   type        = list(string)
 }
 
-variable "rds_security_group_id" {
-  description = "Existing RDS security group id that should allow Open Uptime client access."
-  type        = string
-}
-
 variable "container_image" {
   description = "Immutable Open Uptime image URI, preferably with digest."
   type        = string
@@ -71,27 +83,39 @@ variable "container_image" {
   }
 }
 
-variable "certificate_arn" {
-  description = "ACM certificate ARN for HTTPS listener."
+variable "runtime_package_version" {
+  description = "Published @hasna/uptime package version that CodeBuild should build into the ECR image."
   type        = string
+  default     = "0.1.8"
+
+  validation {
+    condition     = can(regex("^[0-9]+\\.[0-9]+\\.[0-9]+(-[0-9A-Za-z.-]+)?$", var.runtime_package_version))
+    error_message = "runtime_package_version must be a semver version without the package name."
+  }
 }
 
-variable "hosted_zone_id" {
-  description = "Route53 hosted zone id. Leave null to skip DNS record creation."
+variable "certificate_arn" {
+  description = "ACM certificate ARN for ALB HTTPS mode. Leave null when protected_access_mode is cloudfront_default_domain."
   type        = string
   default     = null
-}
 
-variable "database_secret_arn" {
-  description = "Secrets Manager/SSM ARN containing DATABASE_URL."
-  type        = string
+  validation {
+    condition     = var.certificate_arn == null || can(regex("^arn:aws:acm:", var.certificate_arn))
+    error_message = "certificate_arn must be null or an ACM certificate ARN."
+  }
 
   validation {
-    condition     = can(regex("^arn:aws:(secretsmanager|ssm):", var.database_secret_arn))
-    error_message = "database_secret_arn must be a Secrets Manager or SSM ARN, not a plaintext database URL."
+    condition     = var.protected_access_mode != "alb_https_cert" || var.certificate_arn != null
+    error_message = "certificate_arn is required when protected_access_mode is alb_https_cert."
   }
 }
 
+variable "hosted_zone_id" {
+  description = "Route53 hosted zone id. Leave null to skip DNS record creation."
+  type        = string
+  default     = null
+}
+
 variable "app_env_secret_arn" {
   description = "Secrets Manager/SSM ARN containing hosted app environment refs."
   type        = string
@@ -154,8 +178,10 @@ variable "desired_counts" {
   }
 
   validation {
-    condition     = alltrue([for count in values(var.desired_counts) : count >= 0])
-    error_message = "desired_counts values must be non-negative."
+    condition = alltrue([for count in values(var.desired_counts) : count >= 0]) && lookup(var.desired_counts, "web", 0) <= 1 && alltrue([
+      for key in ["scheduler", "public-probe", "reporter", "migration"] : lookup(var.desired_counts, key, 0) == 0
+    ])
+    error_message = "EFS SQLite bridge requires web desired count 0 or 1 and scheduler/public-probe/reporter/migration desired counts 0."
   }
 }
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@hasna/uptime",
-  "version": "0.1.6",
+  "version": "0.1.8",
   "description": "Local-first uptime and downtime monitoring service with CLI, MCP, SDK, SQLite persistence, and a dashboard.",
   "license": "Apache-2.0",
   "type": "module",
@@ -24,6 +24,7 @@
     "dist",
     "README.md",
     "Dockerfile",
+    "Dockerfile.package",
     ".dockerignore",
     "infra/aws/README.md",
     "infra/aws/.terraform.lock.hcl",