*Deploy Mega to GCP using Cloud Run (backend mono + UI) with private networking

README.md

@@ -1,56 +1,52 @@
 ## Install Terraform
 
-If you use a package manager to install software on your macOS, Windows, or Linux system, you can use it to install Terraform.
+If you use a package manager on macOS, Windows, or Linux, you can use it to install Terraform.
 
-First, install the HashiCorp tap, which is Hashicorp's official repository of all our Homebrew packages.
+First, install the HashiCorp tap (official Homebrew repository):
 
 ```bash
 brew tap hashicorp/tap
 ```
 
-Now, install Terraform from hashicorp/tap/terraform.
+Install Terraform:
 
 ```bash
 brew install hashicorp/tap/terraform
 ```
 
-You can check your current Terraform version by running the terraform -version command.
+Check your Terraform version:
 
 ```bash
 terraform -version
 ```
 
 ## Write configuration
 
-Terraform configuration files are plain text files in HashiCorp's configuration language, HCL, with file names ending with `.tf`. When you perform operations with the Terraform CLI, Terraform loads all of the configuration files in the current working directory and automatically resolves dependencies within your configuration. This allows you to organize your configuration into multiple files and in any order you choose.
+Terraform configuration files are plain text files written in HashiCorp Configuration Language (HCL) and end with `.tf`.
 
-We recommend using consistent formatting to ensure readability. The terraform fmt command automatically reformats all configuration files in the current directory according to HashiCorp's recommended style.
-
-In your terminal, use Terraform to format your configuration files.
+We recommend using consistent formatting. Run:
 
 ```bash
 terraform fmt
 ```
 
 ## Initialize your workspace
 
-Before you can apply your configuration, you must initialize your Terraform workspace with the terraform init command. As part of initialization, Terraform downloads and installs the providers defined in your configuration in your current working directory.
-
-Initialize your Terraform workspace.
+Before applying, initialize the working directory so Terraform can download and install providers:
 
 ```bash
 terraform init
 ```
 
-Make sure your configuration is syntactically valid and internally consistent by using the terraform validate command.
+Validate your configuration:
 
 ```bash
 terraform validate
 ```
 
-## Create infrastructure
+## Apply infrastructure
 
-Terraform makes changes to your infrastructure in two steps.
+Terraform applies changes in two steps: create an execution plan, then apply it.
 
 Terraform creates an execution plan for the changes it will make. Review this plan to ensure that Terraform will make the changes you expect.
 
@@ -59,17 +55,15 @@ Once you approve the execution plan, Terraform applies those changes using your
 This workflow ensures that you can detect and resolve any unexpected problems with your configuration before Terraform makes changes to your infrastructure.
 
 ```bash
-cd envs/dev
-
-terraform apply
+cd deployment/envs/gcp/prod
+terraform plan -out tf.plan
+terraform apply tf.plan
 ```
 
 ## GCP Deployment (dev / staging / prod)
 
-This repository contains Terraform configurations for deploying Mega to GCP under:
+Terraform configurations for deploying Mega to GCP are under:
 
-- `deployment/envs/gcp/dev`
-- `deployment/envs/gcp/staging`
 - `deployment/envs/gcp/prod`
 
 Each environment directory contains:
@@ -82,14 +76,14 @@ Each environment directory contains:
 
 ### Prerequisites
 
-- Install `gcloud` and authenticate
-- Ensure you have permissions to create: VPC, GKE, Cloud SQL, Memorystore, Filestore, Artifact Registry, Cloud Logging/Monitoring
+- Install `gcloud` and authenticate to the target project.
+- Ensure you have permissions to create: VPC, Cloud Run, Cloud SQL, Memorystore (Redis), Filestore, GCS, IAM, Cloud Logging/Monitoring.
 
 Recommended API enablement:
 
 ```bash
 gcloud services enable \
-  container.googleapis.com \
+  run.googleapis.com \
   artifactregistry.googleapis.com \
   sqladmin.googleapis.com \
   servicenetworking.googleapis.com \
@@ -101,10 +95,10 @@ gcloud services enable \
 
 ### Configure variables
 
-Copy the example file and edit values.
+Copy the example file and edit values:
 
 ```bash
-cd deployment/envs/gcp/dev
+cd deployment/envs/gcp/prod
 cp terraform.tfvars.example terraform.tfvars
 ```
 
@@ -124,32 +118,30 @@ terraform plan
 terraform apply
 ```
 
-### Get GKE credentials
+### Outputs
 
-After the cluster is created:
+Example outputs after deployment:
 
-```bash
-gcloud container clusters get-credentials mega-gke --region us-central1 --project YOUR_PROJECT_ID
-```
+- `app_cloud_run_url` – Cloud Run backend (mono) URL
+- `ui_cloud_run_url` – Cloud Run UI (Next.js SSR) URL
+- `cloud_sql_connection_name` – Cloud SQL connection name for the application
 
-### Verify logging & monitoring
+### Images (ECR Public -> Cloud Run)
 
-- GKE cluster is configured with Cloud Logging and Cloud Monitoring.
-- You can validate by checking Cloud Console:
-  - Logging: Logs Explorer (resource type `k8s_container`)
-  - Monitoring: Kubernetes Engine dashboards
+- backend (mono): `public.ecr.aws/m8q5m4u3/mega:mono-0.1.0-pre-release`
+- UI (Next.js): `public.ecr.aws/m8q5m4u3/mega:mega-ui-<env>-0.1.0-pre-release` (e.g. `staging`, `demo`, `openatom`, `gitmono`)
 
-### E2E validation (GKE / Orion Worker)
+Notes:
 
-See `deployment/gcp/e2e/README.e2e.md`.
+- Pulling images from ECR Public does not require additional Terraform resources; just set `app_image` / `ui_image` in `terraform.tfvars`.
+- If you need more stable pulls and better in-region performance, you can mirror images into GCP Artifact Registry and switch `app_image` / `ui_image` to Artifact Registry URLs.
 
-Example:
+### Verify logging & monitoring
 
-```bash
-kubectl apply -f deployment/gcp/e2e/connectivity-check-job.yaml
-kubectl -n orion-worker wait --for=condition=complete job/orion-worker-connectivity-check --timeout=120s
-kubectl -n orion-worker logs job/orion-worker-connectivity-check
-```
+Cloud Run stdout/stderr is exported to Cloud Logging by default. You can verify in Cloud Console:
+
+- Logging: Logs Explorer (resource type `cloud_run_revision`)
+- Monitoring: Cloud Run dashboards
 
 ### Destroy / rollback
 
@@ -159,35 +151,16 @@ terraform destroy
 
 ## Inspect state
 
-When you applied your configuration, Terraform wrote data about your infrastructure into a file called `terraform.tfstate`. Terraform stores data about your infrastructure in its state file, which it uses to manage resources over their lifecycle.
+Terraform stores infrastructure state in `terraform.tfstate`.
 
-List the resources and data sources in your Terraform workspace's state with the `terraform state list` command.
+List tracked resources:
 
 ```bash
 terraform state list
 ```
 
-Even though the data source is not an actual resource, Terraform tracks it in your state file. Print out your workspace's entire state using the `terraform show` command.
+Print the full state:
 
 ```bash
 terraform show
 ```
-
-当ec2 创建成功时，使用ssh 命令登录ec2 并在 /mnt/efs 目录下手动添加config.toml 配置文件
-
-```bash
-ssh -i ../../modules/ec2/efs-editor-key.pem ec2-user@$(terraform output -raw ec2_ip)
-```
-
-在envs/dev 下创建 terraform.tfvars 并填入数据库用户名和密码字段
-
-```bash
-db_username = "gitmega"
-db_password = "password"
-```
-
-当创建完资源后，如果terraform 不再管理这些资源，需要删除state
-
-``` bash
-terraform state list | while read r; do terraform state rm "$r"; done
-```