create-svc 0.1.0

package/templates/root/README.md

@@ -0,0 +1,69 @@
+# {{SERVICE_NAME}}
+
+Cloud Run API scaffold generated by `create-service`.
+
+## What it includes
+
+- Chi HTTP routes
+- ConnectRPC handlers
+- real Cloud Run service manifest in [service.yaml](service.yaml)
+- Bun-based Cloud Run deploy config in [scripts/cloudrun/config.ts](scripts/cloudrun/config.ts)
+- Vault-backed Cloudflare DNS CRUD example
+- script-first deployment via Bun
+
+## Prerequisites
+
+- Bun
+- Go 1.25+
+- `gcloud`
+- `gh`
+- `buf`
+- `protoc`
+- `protoc-gen-go`
+- `protoc-gen-connect-go`
+
+Install the Go protobuf plugins:
+
+```bash
+go install google.golang.org/protobuf/cmd/protoc-gen-go@v1.36.10
+go install connectrpc.com/connect/cmd/protoc-gen-connect-go@v1.19.1
+```
+
+## Commands
+
+```bash
+bun dev
+bun gen
+bun lint
+bun test
+bun deploy
+```
+
+`bun test` uses Bun's test runner to invoke `go test ./...` so the command surface stays Bun-first.
+
+## First deploy
+
+The runtime reads Vault AppRole credentials from Secret Manager. On the first deploy, seed those two secret values locally:
+
+```bash
+export BOOTSTRAP_VAULT_ROLE_ID=...
+export BOOTSTRAP_VAULT_SECRET_ID=...
+bun deploy
+```
+
+`bun deploy` will:
+
+1. enable required GCP services
+2. create runtime and deployer service accounts
+3. create the Secret Manager secrets if missing
+4. wire GitHub OIDC for `main` deploys
+5. build the image and apply the Cloud Run manifest through the Bun deploy helper
+
+## Local fallback
+
+For local development, you can skip Vault and provide the Cloudflare token directly:
+
+```bash
+export CLOUDFLARE_API_TOKEN=...
+bun dev
+```

package/templates/root/buf.gen.yaml

@@ -0,0 +1,10 @@
+version: v2
+plugins:
+  - local: protoc-gen-go
+    out: gen
+    opt:
+      - paths=source_relative
+  - local: protoc-gen-connect-go
+    out: gen
+    opt:
+      - paths=source_relative

package/templates/root/buf.yaml

@@ -0,0 +1,9 @@
+version: v2
+modules:
+  - path: protos
+lint:
+  use:
+    - STANDARD
+breaking:
+  use:
+    - FILE

package/templates/root/cmd/server/main.go

@@ -0,0 +1,44 @@
+package main
+
+import (
+	"log"
+	"net/http"
+	"time"
+
+	"github.com/go-chi/chi/v5"
+	"golang.org/x/net/http2"
+	"golang.org/x/net/http2/h2c"
+
+	"{{MODULE_PATH}}/internal/app"
+	"{{MODULE_PATH}}/internal/config"
+	"{{MODULE_PATH}}/internal/connectapi"
+	"{{MODULE_PATH}}/internal/httpapi"
+	"{{MODULE_PATH}}/internal/vault"
+)
+
+func main() {
+	cfg, err := config.Load()
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	httpClient := &http.Client{Timeout: 15 * time.Second}
+	vaultClient := vault.NewAppRoleClient(cfg.VaultAddr, cfg.VaultRoleIDFile, cfg.VaultSecretIDFile, httpClient)
+	tokenSource := app.NewCloudflareTokenSource(vaultClient, cfg.VaultSecretPath, cfg.VaultSecretKey)
+	service := app.NewDNSService(cfg.CloudflareZoneID, cfg.CloudflareAPIBaseURL, tokenSource)
+
+	router := chi.NewRouter()
+	httpapi.RegisterRoutes(router, service)
+
+	connectPath, connectHandler := connectapi.NewHandler(service)
+	router.Mount(connectPath, connectHandler)
+
+	server := &http.Server{
+		Addr:              ":" + cfg.Port,
+		ReadHeaderTimeout: 10 * time.Second,
+		Handler:           h2c.NewHandler(router, &http2.Server{}),
+	}
+
+	log.Printf("listening on %s", server.Addr)
+	log.Fatal(server.ListenAndServe())
+}