Nest Engineering Docs
Platform

Terraform infrastructure

How infrastructure is defined and organized

Terraform is the source of truth for infrastructure. Config lives under infra/ and is organized by environment and reusable modules.

Layout

  • infra/envs/dev and infra/envs/prod: environment-level configs.
  • infra/modules: reusable modules (Spanner, Pub/Sub, Dataflow).
  • infra/org/projects: org-level project setup or adoption.
  • infra/versions.tf: provider versions for the workspace.

Environment structure

Each environment folder includes:

  • cloud_build.tf: Cloud Build connections and triggers.
  • cloud_deploy.tf: Cloud Deploy pipelines/targets + deploy parameters.
  • spanner.tf, pubsub.tf, dataflow.tf, storage.tf, bigquery.tf.
  • iam_exec.tf: IAM bindings for runtime and deploy execution.
  • providers.tf, variables.tf.

Cloud Deploy parameters

cloud_deploy.tf defines the set of services and jobs and injects deploy parameters (for example: Sentry environment, task queues, runtime service accounts). These values map to from-param placeholders in the Cloud Run manifests under services/*/deploy/ and jobs/*/deploy/.

Cloud Build triggers

cloud_build.tf wires GitHub connections and build triggers for components. Each trigger points to a build config in ci/cloudbuild/ and scopes the included files for that component.

Typical workflow

cd infra/envs/dev
terraform init
terraform plan
terraform apply

Use the appropriate environment folder for production changes.

Last updated on

Architecture overview

System boundaries and high-level design

CI/CD and deployments

GitHub Actions, Cloud Build, Cloud Deploy, and Skaffold