From d194aea5464e6f13c13c486b99608be45f105006 Mon Sep 17 00:00:00 2001
From: cloudneutral <haitaopanhq@gmail.com>
Date: Tue, 9 Dec 2025 09:01:41 +0800
Subject: [PATCH] Refine GCP bootstrap naming for GCS locking

---
 ...ard-iac-pipeline-gcp-global-bootstrap.yaml | 15 ++-----
 .../gcp-cloud/README.md                       |  3 +-
 .../gcp-cloud/bootstrap-dynamodb/main.tf      | 42 -------------------
 .../{bootstrap-s3 => bootstrap-gcs}/main.tf   |  0
 .../gcp-cloud/config/accounts/bootstrap.yaml  |  1 -
 5 files changed, 5 insertions(+), 56 deletions(-)
 delete mode 100644 iac-template/terraform-hcl-standard/gcp-cloud/bootstrap-dynamodb/main.tf
 rename iac-template/terraform-hcl-standard/gcp-cloud/{bootstrap-s3 => bootstrap-gcs}/main.tf (100%)

diff --git a/.github/workflows/terraform-standard-iac-pipeline-gcp-global-bootstrap.yaml b/.github/workflows/terraform-standard-iac-pipeline-gcp-global-bootstrap.yaml
index 30b28f36..6b85fc20 100644
--- a/.github/workflows/terraform-standard-iac-pipeline-gcp-global-bootstrap.yaml
+++ b/.github/workflows/terraform-standard-iac-pipeline-gcp-global-bootstrap.yaml
@@ -7,9 +7,8 @@ concurrency:
 on:
   push:
     paths:
-      - 'iac-template/terraform-hcl-standard/gcp-cloud/bootstrap-s3/**'
+      - 'iac-template/terraform-hcl-standard/gcp-cloud/bootstrap-gcs/**'
       - 'iac-template/terraform-hcl-standard/gcp-cloud/bootstrap-iam/**'
-      - 'iac-template/terraform-hcl-standard/gcp-cloud/bootstrap-dynamodb/**'
       - '.github/workflows/terraform-standard-iac-pipeline-gcp-global-bootstrap.yaml'
   pull_request:
   workflow_dispatch:
@@ -30,7 +29,7 @@ jobs:
 
     strategy:
       matrix:
-        target: [bootstrap-dynamodb, bootstrap-s3, bootstrap-iam]
+        target: [bootstrap-gcs, bootstrap-iam]
 
     steps:
       - uses: actions/checkout@v4
@@ -39,8 +38,7 @@ jobs:
         run: |
           cat <<'SUMMARY' >> "$GITHUB_STEP_SUMMARY"
           ## Bootstrap scope (GCP)
-          - Cloud Storage: create remote state bucket (versioned + uniform access)
-          - Firestore: enable Datastore mode database for state locking and metadata
+          - Cloud Storage: create remote state bucket (versioned + uniform access + generation-based locking)
           - IAM: create Terraform bootstrap service account and bind elevated roles
 
           Resource names and locations follow iac-template/terraform-hcl-standard/gcp-cloud/config/accounts/bootstrap.yaml.
@@ -76,7 +74,6 @@ jobs:
               + f"BOOTSTRAP_PROJECT_ID={cfg['project_id']}\n"
               + f"BOOTSTRAP_BUCKET_NAME={cfg['state']['bucket_name']}\n"
               + f"BOOTSTRAP_BUCKET_LOCATION={cfg['state'].get('bucket_location', 'US')}\n"
-              + f"BOOTSTRAP_FIRESTORE_LOCATION={cfg['state'].get('firestore_location', 'us-central')}\n"
               + f"BOOTSTRAP_SA_ID={cfg['iam'].get('service_account_id', 'terraform-bootstrap')}\n"
               + f"BOOTSTRAP_SA_ROLES={json.dumps(cfg['iam'].get('service_account_roles', []))}\n"
           )
@@ -102,15 +99,11 @@ jobs:
           project_id = "${BOOTSTRAP_PROJECT_ID}"
           EOF
 
-          if [ "${{ matrix.target }}" = "bootstrap-s3" ]; then
+          if [ "${{ matrix.target }}" = "bootstrap-gcs" ]; then
             cat >> bootstrap.auto.tfvars <<EOF
           bucket_name = "${BOOTSTRAP_BUCKET_NAME}"
           location    = "${BOOTSTRAP_BUCKET_LOCATION}"
           EOF
-          elif [ "${{ matrix.target }}" = "bootstrap-dynamodb" ]; then
-            cat >> bootstrap.auto.tfvars <<EOF
-          location = "${BOOTSTRAP_FIRESTORE_LOCATION}"
-          EOF
           elif [ "${{ matrix.target }}" = "bootstrap-iam" ]; then
             cat >> bootstrap.auto.tfvars <<EOF
           service_account_id    = "${BOOTSTRAP_SA_ID}"
diff --git a/iac-template/terraform-hcl-standard/gcp-cloud/README.md b/iac-template/terraform-hcl-standard/gcp-cloud/README.md
index d8315374..ca1af470 100644
--- a/iac-template/terraform-hcl-standard/gcp-cloud/README.md
+++ b/iac-template/terraform-hcl-standard/gcp-cloud/README.md
@@ -3,9 +3,8 @@
 该目录提供与 `aws-cloud` 模板一一对应的 GCP 版本，用于在 GCP 上快速引导基础设施。结构与 AWS 目录保持一致，包括引导阶段 (bootstrap)、环境示例 (envs) 与模块库 (modules)。
 
 ## 模板映射
-- **bootstrap-dynamodb → Firestore**：使用 Firestore（Datastore 模式）作为无服务器键值存储。
 - **bootstrap-iam → IAM**：创建基础服务账号与自定义角色，替代 AWS IAM 角色与策略。
-- **bootstrap-s3 → Cloud Storage**：创建 GCS 存储桶并启用版本化，对应 AWS S3。
+- **bootstrap-gcs → Cloud Storage**：创建启用版本化和 generation-based locking 的 GCS 存储桶，对应 AWS S3 + DynamoDB 锁表。
 - **modules**：保留原始模块命名（alb、nlb、vpc 等），内部实现改为 GCP 资源：
   - `alb`/`nlb`：使用 Google HTTP(S) / TCP 负载均衡。
   - `ec2`：映射到 Compute Engine 实例或 MIG。
diff --git a/iac-template/terraform-hcl-standard/gcp-cloud/bootstrap-dynamodb/main.tf b/iac-template/terraform-hcl-standard/gcp-cloud/bootstrap-dynamodb/main.tf
deleted file mode 100644
index 2bdd975d..00000000
--- a/iac-template/terraform-hcl-standard/gcp-cloud/bootstrap-dynamodb/main.tf
+++ /dev/null
@@ -1,42 +0,0 @@
-terraform {
-  required_providers {
-    google = {
-      source  = "hashicorp/google"
-      version = ">= 5.0"
-    }
-  }
-}
-
-variable "project_id" {
-  description = "GCP project id where Firestore will be enabled"
-  type        = string
-}
-
-variable "location" {
-  description = "Firestore location"
-  type        = string
-  default     = "us-central"
-}
-
-resource "google_project_service" "firestore" {
-  service = "firestore.googleapis.com"
-  project = var.project_id
-}
-
-resource "google_project_service" "cloudresourcemanager" {
-  service = "cloudresourcemanager.googleapis.com"
-  project = var.project_id
-}
-
-resource "google_firestore_database" "default" {
-  name        = "(default)"
-  location_id = var.location
-  project     = var.project_id
-  type        = "DATASTORE_MODE"
-  depends_on  = [google_project_service.firestore, google_project_service.cloudresourcemanager]
-}
-
-output "firestore_database" {
-  description = "Firestore database ID"
-  value       = google_firestore_database.default.name
-}
diff --git a/iac-template/terraform-hcl-standard/gcp-cloud/bootstrap-s3/main.tf b/iac-template/terraform-hcl-standard/gcp-cloud/bootstrap-gcs/main.tf
similarity index 100%
rename from iac-template/terraform-hcl-standard/gcp-cloud/bootstrap-s3/main.tf
rename to iac-template/terraform-hcl-standard/gcp-cloud/bootstrap-gcs/main.tf
diff --git a/iac-template/terraform-hcl-standard/gcp-cloud/config/accounts/bootstrap.yaml b/iac-template/terraform-hcl-standard/gcp-cloud/config/accounts/bootstrap.yaml
index 9893ca67..670e0633 100644
--- a/iac-template/terraform-hcl-standard/gcp-cloud/config/accounts/bootstrap.yaml
+++ b/iac-template/terraform-hcl-standard/gcp-cloud/config/accounts/bootstrap.yaml
@@ -4,7 +4,6 @@ environment: bootstrap
 state:
   bucket_name: svc-plus-iac-state
   bucket_location: US
-  firestore_location: us-central
 
 iam:
   service_account_id: terraform-bootstrap