From ca7d58e9827d1ddb52759d7009f50732877e0882 Mon Sep 17 00:00:00 2001 From: djeebot Date: Mon, 23 Feb 2026 18:33:12 +0000 Subject: [PATCH 1/5] feat: add git commit SHA metadata to all Nomad jobs This change adds the git_commit_sha as metadata to all Nomad jobs deployed via Terraform. The commit SHA is passed from GitHub Actions workflows through Terraform variables down to the Nomad job specifications. Changes: - Updated deploy-infra.yml and deploy-job.yml workflows to export GIT_COMMIT_SHA - Added git_commit_sha to Makefile tf_vars - Added git_commit_sha variable to provider-gcp and nomad module variables - Added meta block with git_commit_sha to all Nomad job HCL files - Updated all module calls to pass git_commit_sha through This enables tracking which git commit is currently deployed for each Nomad job. --- .github/workflows/deploy-infra.yml | 3 ++ .github/workflows/deploy-job.yml | 1 + .../jobs/clickhouse-backup-restore.hcl | 3 ++ .../job-clickhouse/jobs/clickhouse-backup.hcl | 3 ++ .../jobs/clickhouse-migrator.hcl | 3 ++ .../job-clickhouse/jobs/clickhouse.hcl | 3 ++ iac/modules/job-clickhouse/main.tf | 5 ++- iac/modules/job-clickhouse/variables.tf | 6 +++ .../job-client-proxy/jobs/client-proxy.hcl | 3 ++ iac/modules/job-client-proxy/main.tf | 1 + iac/modules/job-client-proxy/variables.tf | 6 +++ iac/modules/job-ingress/jobs/ingress.hcl | 3 ++ iac/modules/job-ingress/main.tf | 3 +- iac/modules/job-ingress/variables.tf | 6 +++ .../jobs/logs-collector.hcl | 3 ++ iac/modules/job-logs-collector/main.tf | 1 + iac/modules/job-logs-collector/variables.tf | 6 +++ iac/modules/job-loki/jobs/loki.hcl | 3 ++ iac/modules/job-loki/main.tf | 1 + iac/modules/job-loki/variables.tf | 6 +++ .../job-orchestrator/jobs/orchestrator.hcl | 3 ++ iac/modules/job-orchestrator/main.tf | 7 ++-- iac/modules/job-orchestrator/variables.tf | 6 +++ .../jobs/otel-collector-nomad-server.hcl | 3 ++ .../job-otel-collector-nomad-server/main.tf | 7 ++++ .../jobs/otel-collector.hcl | 3 ++ iac/modules/job-otel-collector/main.tf | 9 ++++- iac/provider-gcp/Makefile | 1 + iac/provider-gcp/main.tf | 2 + iac/provider-gcp/nomad/jobs/api.hcl | 4 ++ .../nomad/jobs/clean-nfs-cache.hcl | 4 ++ .../nomad/jobs/docker-reverse-proxy.hcl | 4 ++ .../nomad/jobs/nomad-autoscaler.hcl | 4 ++ iac/provider-gcp/nomad/jobs/redis.hcl | 4 ++ .../nomad/jobs/template-manager.hcl | 4 ++ iac/provider-gcp/nomad/main.tf | 37 +++++++++++++++---- iac/provider-gcp/nomad/variables.tf | 6 +++ iac/provider-gcp/variables.tf | 6 +++ 38 files changed, 169 insertions(+), 14 deletions(-) diff --git a/.github/workflows/deploy-infra.yml b/.github/workflows/deploy-infra.yml index aad7ec6ed2..47fd32da99 100644 --- a/.github/workflows/deploy-infra.yml +++ b/.github/workflows/deploy-infra.yml @@ -56,6 +56,8 @@ jobs: make copy-public-builds - name: Plan infrastructure + env: + GIT_COMMIT_SHA: ${{ inputs.commit_sha }} run: | make plan-without-jobs @@ -63,5 +65,6 @@ jobs: if: inputs.plan_only == 'false' env: AUTO_CONFIRM_DEPLOY: true + GIT_COMMIT_SHA: ${{ inputs.commit_sha }} run: | make apply diff --git a/.github/workflows/deploy-job.yml b/.github/workflows/deploy-job.yml index 4ad5a721cc..de4ad53709 100644 --- a/.github/workflows/deploy-job.yml +++ b/.github/workflows/deploy-job.yml @@ -52,6 +52,7 @@ jobs: - name: Deploy jobs env: AUTO_CONFIRM_DEPLOY: true + GIT_COMMIT_SHA: ${{ inputs.commit_sha }} run: | # Parse semicolon-separated job names IFS=';' read -ra JOBS <<< "${{ inputs.job_names }}" diff --git a/iac/modules/job-clickhouse/jobs/clickhouse-backup-restore.hcl b/iac/modules/job-clickhouse/jobs/clickhouse-backup-restore.hcl index bf88f47227..a39eaa9d69 100644 --- a/iac/modules/job-clickhouse/jobs/clickhouse-backup-restore.hcl +++ b/iac/modules/job-clickhouse/jobs/clickhouse-backup-restore.hcl @@ -1,4 +1,7 @@ job "clickhouse-backup-restore" { + meta { + git_commit_sha = "${git_commit_sha}" + } type = "batch" node_pool = "${node_pool}" diff --git a/iac/modules/job-clickhouse/jobs/clickhouse-backup.hcl b/iac/modules/job-clickhouse/jobs/clickhouse-backup.hcl index da3fa355b4..01005ee1b7 100644 --- a/iac/modules/job-clickhouse/jobs/clickhouse-backup.hcl +++ b/iac/modules/job-clickhouse/jobs/clickhouse-backup.hcl @@ -1,4 +1,7 @@ job "clickhouse-backup" { + meta { + git_commit_sha = "${git_commit_sha}" + } type = "batch" node_pool = "${node_pool}" diff --git a/iac/modules/job-clickhouse/jobs/clickhouse-migrator.hcl b/iac/modules/job-clickhouse/jobs/clickhouse-migrator.hcl index 2aa353c27e..5241277fce 100644 --- a/iac/modules/job-clickhouse/jobs/clickhouse-migrator.hcl +++ b/iac/modules/job-clickhouse/jobs/clickhouse-migrator.hcl @@ -1,4 +1,7 @@ job "clickhouse-migrator" { + meta { + git_commit_sha = "${git_commit_sha}" + } type = "batch" node_pool = "${node_pool}" diff --git a/iac/modules/job-clickhouse/jobs/clickhouse.hcl b/iac/modules/job-clickhouse/jobs/clickhouse.hcl index ba9f29e8aa..8662530ba1 100644 --- a/iac/modules/job-clickhouse/jobs/clickhouse.hcl +++ b/iac/modules/job-clickhouse/jobs/clickhouse.hcl @@ -1,4 +1,7 @@ job "clickhouse" { + meta { + git_commit_sha = "${git_commit_sha}" + } type = "service" node_pool = "${node_pool}" diff --git a/iac/modules/job-clickhouse/main.tf b/iac/modules/job-clickhouse/main.tf index 09d86404dc..2f41a92941 100644 --- a/iac/modules/job-clickhouse/main.tf +++ b/iac/modules/job-clickhouse/main.tf @@ -22,6 +22,7 @@ locals { }) backup_vars = { + git_commit_sha = var.git_commit_sha clickhouse_backup_version = var.clickhouse_backup_version server_count = var.server_count @@ -43,6 +44,7 @@ resource "nomad_job" "clickhouse" { count = var.server_count > 0 ? 1 : 0 jobspec = templatefile("${path.module}/jobs/clickhouse.hcl", { + git_commit_sha = var.git_commit_sha server_secret = var.server_secret clickhouse_version = var.clickhouse_version @@ -79,7 +81,8 @@ resource "nomad_job" "clickhouse_migrator" { count = var.server_count > 0 ? 1 : 0 jobspec = templatefile("${path.module}/jobs/clickhouse-migrator.hcl", { - image = var.clickhouse_migrator_image + git_commit_sha = var.git_commit_sha + image = var.clickhouse_migrator_image server_count = var.server_count job_constraint_prefix = var.job_constraint_prefix diff --git a/iac/modules/job-clickhouse/variables.tf b/iac/modules/job-clickhouse/variables.tf index 9ca4d688d2..d26bf5f1f5 100644 --- a/iac/modules/job-clickhouse/variables.tf +++ b/iac/modules/job-clickhouse/variables.tf @@ -1,3 +1,9 @@ +variable "git_commit_sha" { + description = "Git commit SHA of the deployment" + type = string + default = "unknown" +} + variable "provider_name" { type = string description = "Cloud provider: gcp or aws" diff --git a/iac/modules/job-client-proxy/jobs/client-proxy.hcl b/iac/modules/job-client-proxy/jobs/client-proxy.hcl index ba754d2f40..da7549c604 100644 --- a/iac/modules/job-client-proxy/jobs/client-proxy.hcl +++ b/iac/modules/job-client-proxy/jobs/client-proxy.hcl @@ -1,4 +1,7 @@ job "client-proxy" { + meta { + git_commit_sha = "${git_commit_sha}" + } node_pool = "${node_pool}" priority = 80 diff --git a/iac/modules/job-client-proxy/main.tf b/iac/modules/job-client-proxy/main.tf index edcab2168b..1e5c4a5380 100644 --- a/iac/modules/job-client-proxy/main.tf +++ b/iac/modules/job-client-proxy/main.tf @@ -1,5 +1,6 @@ resource "nomad_job" "client_proxy" { jobspec = templatefile("${path.module}/jobs/client-proxy.hcl", { + git_commit_sha = var.git_commit_sha update_stanza = var.update_stanza count = var.client_proxy_count cpu_count = var.client_proxy_cpu_count diff --git a/iac/modules/job-client-proxy/variables.tf b/iac/modules/job-client-proxy/variables.tf index 89657dbfd9..e8113374f8 100644 --- a/iac/modules/job-client-proxy/variables.tf +++ b/iac/modules/job-client-proxy/variables.tf @@ -1,3 +1,9 @@ +variable "git_commit_sha" { + description = "Git commit SHA of the deployment" + type = string + default = "unknown" +} + variable "update_stanza" { type = bool } diff --git a/iac/modules/job-ingress/jobs/ingress.hcl b/iac/modules/job-ingress/jobs/ingress.hcl index c9bb6771da..ce65d9f442 100644 --- a/iac/modules/job-ingress/jobs/ingress.hcl +++ b/iac/modules/job-ingress/jobs/ingress.hcl @@ -1,4 +1,7 @@ job "ingress" { + meta { + git_commit_sha = "${git_commit_sha}" + } node_pool = "${node_pool}" priority = 90 diff --git a/iac/modules/job-ingress/main.tf b/iac/modules/job-ingress/main.tf index ca774a275c..1567181592 100644 --- a/iac/modules/job-ingress/main.tf +++ b/iac/modules/job-ingress/main.tf @@ -1,6 +1,7 @@ resource "nomad_job" "ingress" { jobspec = templatefile("${path.module}/jobs/ingress.hcl", { - count = var.ingress_count + git_commit_sha = var.git_commit_sha + count = var.ingress_count node_pool = var.node_pool update_stanza = var.update_stanza cpu_count = var.ingress_cpu_count diff --git a/iac/modules/job-ingress/variables.tf b/iac/modules/job-ingress/variables.tf index a9cdec69b4..f72cc71f7e 100644 --- a/iac/modules/job-ingress/variables.tf +++ b/iac/modules/job-ingress/variables.tf @@ -1,3 +1,9 @@ +variable "git_commit_sha" { + description = "Git commit SHA of the deployment" + type = string + default = "unknown" +} + variable "nomad_token" { type = string sensitive = true diff --git a/iac/modules/job-logs-collector/jobs/logs-collector.hcl b/iac/modules/job-logs-collector/jobs/logs-collector.hcl index b3a15dd0f2..3a1f97a286 100644 --- a/iac/modules/job-logs-collector/jobs/logs-collector.hcl +++ b/iac/modules/job-logs-collector/jobs/logs-collector.hcl @@ -1,4 +1,7 @@ job "logs-collector" { + meta { + git_commit_sha = "${git_commit_sha}" + } type = "system" node_pool = "all" diff --git a/iac/modules/job-logs-collector/main.tf b/iac/modules/job-logs-collector/main.tf index 9f8a0ea3f2..23f7c6c93a 100644 --- a/iac/modules/job-logs-collector/main.tf +++ b/iac/modules/job-logs-collector/main.tf @@ -18,6 +18,7 @@ locals { resource "nomad_job" "logs_collector" { jobspec = templatefile("${path.module}/jobs/logs-collector.hcl", { + git_commit_sha = var.git_commit_sha vector_api_port = var.vector_api_port vector_health_port = var.vector_health_port vector_config = local.vector_config diff --git a/iac/modules/job-logs-collector/variables.tf b/iac/modules/job-logs-collector/variables.tf index 7b37a62e34..d9906f07e8 100644 --- a/iac/modules/job-logs-collector/variables.tf +++ b/iac/modules/job-logs-collector/variables.tf @@ -1,3 +1,9 @@ +variable "git_commit_sha" { + description = "Git commit SHA of the deployment" + type = string + default = "unknown" +} + variable "vector_api_port" { type = number } diff --git a/iac/modules/job-loki/jobs/loki.hcl b/iac/modules/job-loki/jobs/loki.hcl index 2c758ab021..d925717ab3 100644 --- a/iac/modules/job-loki/jobs/loki.hcl +++ b/iac/modules/job-loki/jobs/loki.hcl @@ -1,4 +1,7 @@ job "loki" { + meta { + git_commit_sha = "${git_commit_sha}" + } type = "service" node_pool = "${node_pool}" priority = 75 diff --git a/iac/modules/job-loki/main.tf b/iac/modules/job-loki/main.tf index cfb906b715..01c9b1cb3b 100644 --- a/iac/modules/job-loki/main.tf +++ b/iac/modules/job-loki/main.tf @@ -15,6 +15,7 @@ locals { resource "nomad_job" "loki" { jobspec = templatefile("${path.module}/jobs/loki.hcl", { + git_commit_sha = var.git_commit_sha node_pool = var.node_pool prevent_colocation = var.prevent_colocation diff --git a/iac/modules/job-loki/variables.tf b/iac/modules/job-loki/variables.tf index be76d2b42c..6071439404 100644 --- a/iac/modules/job-loki/variables.tf +++ b/iac/modules/job-loki/variables.tf @@ -1,3 +1,9 @@ +variable "git_commit_sha" { + description = "Git commit SHA of the deployment" + type = string + default = "unknown" +} + variable "provider_name" { type = string diff --git a/iac/modules/job-orchestrator/jobs/orchestrator.hcl b/iac/modules/job-orchestrator/jobs/orchestrator.hcl index efa62f3602..5cca7b82bc 100644 --- a/iac/modules/job-orchestrator/jobs/orchestrator.hcl +++ b/iac/modules/job-orchestrator/jobs/orchestrator.hcl @@ -1,4 +1,7 @@ job "orchestrator-${latest_orchestrator_job_id}" { + meta { + git_commit_sha = "${git_commit_sha}" + } type = "system" node_pool = "${node_pool}" diff --git a/iac/modules/job-orchestrator/main.tf b/iac/modules/job-orchestrator/main.tf index 1e74364e5b..d588f28aed 100644 --- a/iac/modules/job-orchestrator/main.tf +++ b/iac/modules/job-orchestrator/main.tf @@ -1,8 +1,9 @@ locals { orchestrator_vars = { - node_pool = var.node_pool - port = var.port - proxy_port = var.proxy_port + git_commit_sha = var.git_commit_sha + node_pool = var.node_pool + port = var.port + proxy_port = var.proxy_port environment = var.environment logs_collector_address = var.logs_collector_address diff --git a/iac/modules/job-orchestrator/variables.tf b/iac/modules/job-orchestrator/variables.tf index 7489d9f510..0399227254 100644 --- a/iac/modules/job-orchestrator/variables.tf +++ b/iac/modules/job-orchestrator/variables.tf @@ -1,3 +1,9 @@ +variable "git_commit_sha" { + description = "Git commit SHA of the deployment" + type = string + default = "unknown" +} + variable "provider_name" { type = string description = "Cloud provider: gcp or aws" diff --git a/iac/modules/job-otel-collector-nomad-server/jobs/otel-collector-nomad-server.hcl b/iac/modules/job-otel-collector-nomad-server/jobs/otel-collector-nomad-server.hcl index 6f6cad44b2..bf03d35d36 100644 --- a/iac/modules/job-otel-collector-nomad-server/jobs/otel-collector-nomad-server.hcl +++ b/iac/modules/job-otel-collector-nomad-server/jobs/otel-collector-nomad-server.hcl @@ -1,4 +1,7 @@ job "otel-collector-nomad-server" { + meta { + git_commit_sha = "${git_commit_sha}" + } type = "service" node_pool = "${node_pool}" diff --git a/iac/modules/job-otel-collector-nomad-server/main.tf b/iac/modules/job-otel-collector-nomad-server/main.tf index ca1c065423..e98aa582e5 100644 --- a/iac/modules/job-otel-collector-nomad-server/main.tf +++ b/iac/modules/job-otel-collector-nomad-server/main.tf @@ -14,11 +14,18 @@ locals { resource "nomad_job" "otel_collector_nomad_server" { jobspec = templatefile("${path.module}/jobs/otel-collector-nomad-server.hcl", { + git_commit_sha = var.git_commit_sha node_pool = var.node_pool otel_collector_config = local.otel_collector_config }) } +variable "git_commit_sha" { + description = "Git commit SHA of the deployment" + type = string + default = "unknown" +} + variable "provider_name" { type = string description = "Cloud provider: gcp or aws" diff --git a/iac/modules/job-otel-collector/jobs/otel-collector.hcl b/iac/modules/job-otel-collector/jobs/otel-collector.hcl index 2bba43492e..7f93f472ff 100644 --- a/iac/modules/job-otel-collector/jobs/otel-collector.hcl +++ b/iac/modules/job-otel-collector/jobs/otel-collector.hcl @@ -1,4 +1,7 @@ job "otel-collector" { + meta { + git_commit_sha = "${git_commit_sha}" + } type = "system" node_pool = "all" diff --git a/iac/modules/job-otel-collector/main.tf b/iac/modules/job-otel-collector/main.tf index 51a35d2eca..282d7e9b06 100644 --- a/iac/modules/job-otel-collector/main.tf +++ b/iac/modules/job-otel-collector/main.tf @@ -21,7 +21,8 @@ locals { resource "nomad_job" "otel_collector" { jobspec = templatefile("${path.module}/jobs/otel-collector.hcl", { - memory_mb = var.memory_mb + git_commit_sha = var.git_commit_sha + memory_mb = var.memory_mb cpu_count = var.cpu_count otel_collector_grpc_port = var.otel_collector_grpc_port @@ -29,6 +30,12 @@ resource "nomad_job" "otel_collector" { }) } +variable "git_commit_sha" { + description = "Git commit SHA of the deployment" + type = string + default = "unknown" +} + variable "provider_name" { type = string description = "Cloud provider: gcp or aws" diff --git a/iac/provider-gcp/Makefile b/iac/provider-gcp/Makefile index abd715a4cb..2b0e70a854 100644 --- a/iac/provider-gcp/Makefile +++ b/iac/provider-gcp/Makefile @@ -18,6 +18,7 @@ endef tf_vars := \ TF_VAR_environment=$(TERRAFORM_ENVIRONMENT) \ + $(call tfvar, GIT_COMMIT_SHA) \ $(call tfvar, BUILD_CLUSTERS_CONFIG) \ $(call tfvar, CLIENT_CLUSTERS_CONFIG) \ $(call tfvar, API_MACHINE_TYPE) \ diff --git a/iac/provider-gcp/main.tf b/iac/provider-gcp/main.tf index 9a6b9bcddf..1f140fd427 100644 --- a/iac/provider-gcp/main.tf +++ b/iac/provider-gcp/main.tf @@ -138,6 +138,8 @@ module "cluster" { module "nomad" { source = "./nomad" + git_commit_sha = var.git_commit_sha + prefix = var.prefix gcp_project_id = var.gcp_project_id gcp_region = var.gcp_region diff --git a/iac/provider-gcp/nomad/jobs/api.hcl b/iac/provider-gcp/nomad/jobs/api.hcl index 6dd0e027d6..6ffde20942 100644 --- a/iac/provider-gcp/nomad/jobs/api.hcl +++ b/iac/provider-gcp/nomad/jobs/api.hcl @@ -3,6 +3,10 @@ job "api" { node_pool = "${node_pool}" priority = 90 + meta { + git_commit_sha = "${git_commit_sha}" + } + group "api-service" { // Try to restart the task indefinitely // Tries to restart every 5 seconds diff --git a/iac/provider-gcp/nomad/jobs/clean-nfs-cache.hcl b/iac/provider-gcp/nomad/jobs/clean-nfs-cache.hcl index f0155aa537..26dd61dfcd 100644 --- a/iac/provider-gcp/nomad/jobs/clean-nfs-cache.hcl +++ b/iac/provider-gcp/nomad/jobs/clean-nfs-cache.hcl @@ -1,6 +1,10 @@ job "filestore-cleanup" { type = "batch" node_pool = "${node_pool}" + meta { + git_commit_sha = "${git_commit_sha}" + } + datacenters = ["*"] diff --git a/iac/provider-gcp/nomad/jobs/docker-reverse-proxy.hcl b/iac/provider-gcp/nomad/jobs/docker-reverse-proxy.hcl index 781ee7cbdd..0a8399be1f 100644 --- a/iac/provider-gcp/nomad/jobs/docker-reverse-proxy.hcl +++ b/iac/provider-gcp/nomad/jobs/docker-reverse-proxy.hcl @@ -3,6 +3,10 @@ job "docker-reverse-proxy" { node_pool = "${node_pool}" type = "service" priority = 85 + meta { + git_commit_sha = "${git_commit_sha}" + } + group "reverse-proxy" { // Try to restart the task indefinitely diff --git a/iac/provider-gcp/nomad/jobs/nomad-autoscaler.hcl b/iac/provider-gcp/nomad/jobs/nomad-autoscaler.hcl index bb313b90e1..c18b584689 100644 --- a/iac/provider-gcp/nomad/jobs/nomad-autoscaler.hcl +++ b/iac/provider-gcp/nomad/jobs/nomad-autoscaler.hcl @@ -1,6 +1,10 @@ job "nomad-autoscaler" { type = "service" node_pool = "${node_pool}" + meta { + git_commit_sha = "${git_commit_sha}" + } + group "autoscaler" { count = 1 diff --git a/iac/provider-gcp/nomad/jobs/redis.hcl b/iac/provider-gcp/nomad/jobs/redis.hcl index 4ea4143fda..715904f9f8 100644 --- a/iac/provider-gcp/nomad/jobs/redis.hcl +++ b/iac/provider-gcp/nomad/jobs/redis.hcl @@ -3,6 +3,10 @@ job "redis" { node_pool = "${node_pool}" type = "service" priority = 95 + meta { + git_commit_sha = "${git_commit_sha}" + } + group "redis" { // Try to restart the task indefinitely diff --git a/iac/provider-gcp/nomad/jobs/template-manager.hcl b/iac/provider-gcp/nomad/jobs/template-manager.hcl index 87079a2cbb..44f73e478b 100644 --- a/iac/provider-gcp/nomad/jobs/template-manager.hcl +++ b/iac/provider-gcp/nomad/jobs/template-manager.hcl @@ -2,6 +2,10 @@ job "template-manager" { type = "service" node_pool = "${node_pool}" priority = 75 + meta { + git_commit_sha = "${git_commit_sha}" + } + group "template-manager" { # Count is fetched from current Nomad state to preserve autoscaler-managed value diff --git a/iac/provider-gcp/nomad/main.tf b/iac/provider-gcp/nomad/main.tf index 7d41d0e36f..10dab07484 100644 --- a/iac/provider-gcp/nomad/main.tf +++ b/iac/provider-gcp/nomad/main.tf @@ -52,6 +52,8 @@ data "google_secret_manager_secret_version" "redis_tls_ca_base64" { module "ingress" { source = "../../modules/job-ingress" + git_commit_sha = var.git_commit_sha + ingress_count = var.ingress_count ingress_proxy_port = var.ingress_port.port @@ -64,8 +66,9 @@ module "ingress" { resource "nomad_job" "api" { jobspec = templatefile("${path.module}/jobs/api.hcl", { - update_stanza = var.api_machine_count > 1 - node_pool = var.api_node_pool + git_commit_sha = var.git_commit_sha + update_stanza = var.api_machine_count > 1 + node_pool = var.api_node_pool // We use colocation 2 here to ensure that there are at least 2 nodes for API to do rolling updates. // It might be possible there could be problems if we are rolling updates for both API and Loki at the same time., so maybe increasing this to > 3 makes sense. prevent_colocation = var.api_machine_count > 2 @@ -107,10 +110,11 @@ resource "nomad_job" "redis" { jobspec = templatefile("${path.module}/jobs/redis.hcl", { - node_pool = var.api_node_pool - gcp_zone = var.gcp_zone - port_number = var.redis_port.port - port_name = var.redis_port.name + git_commit_sha = var.git_commit_sha + node_pool = var.api_node_pool + gcp_zone = var.gcp_zone + port_number = var.redis_port.port + port_name = var.redis_port.name } ) } @@ -118,6 +122,7 @@ resource "nomad_job" "redis" { resource "nomad_job" "docker_reverse_proxy" { jobspec = templatefile("${path.module}/jobs/docker-reverse-proxy.hcl", { + git_commit_sha = var.git_commit_sha gcp_zone = var.gcp_zone node_pool = var.api_node_pool image_name = data.google_artifact_registry_docker_image.docker_reverse_proxy_image.self_link @@ -137,6 +142,8 @@ resource "nomad_job" "docker_reverse_proxy" { module "client_proxy" { source = "../../modules/job-client-proxy" + git_commit_sha = var.git_commit_sha + update_stanza = var.api_machine_count > 1 client_proxy_count = var.client_proxy_count client_proxy_cpu_count = var.client_proxy_resources_cpu_count @@ -239,6 +246,8 @@ data "google_secret_manager_secret_version" "grafana_username" { module "otel_collector" { source = "../../modules/job-otel-collector" + git_commit_sha = var.git_commit_sha + provider_name = "gcp" memory_mb = var.otel_collector_resources_memory_mb @@ -260,6 +269,8 @@ module "otel_collector" { module "otel_collector_nomad_server" { source = "../../modules/job-otel-collector-nomad-server" + git_commit_sha = var.git_commit_sha + provider_name = "gcp" node_pool = var.api_node_pool @@ -343,6 +354,8 @@ data "google_secret_manager_secret_version" "grafana_logs_collector_api_token" { module "logs_collector" { source = "../../modules/job-logs-collector" + git_commit_sha = var.git_commit_sha + loki_endpoint = "http://loki.service.consul:${var.loki_service_port.port}" vector_health_port = var.logs_health_proxy_port.port @@ -373,6 +386,8 @@ locals { module "orchestrator" { source = "../../modules/job-orchestrator" + git_commit_sha = var.git_commit_sha + provider_name = "gcp" node_pool = var.orchestrator_node_pool @@ -429,8 +444,9 @@ data "external" "template_manager_count" { resource "nomad_job" "template_manager" { jobspec = templatefile("${path.module}/jobs/template-manager.hcl", { - update_stanza = var.template_manages_clusters_size_gt_1 - node_pool = var.builder_node_pool + git_commit_sha = var.git_commit_sha + update_stanza = var.template_manages_clusters_size_gt_1 + node_pool = var.builder_node_pool current_count = tonumber(data.external.template_manager_count.result.count) gcp_project = var.gcp_project_id @@ -480,6 +496,7 @@ resource "nomad_job" "nomad_nodepool_apm" { count = var.template_manages_clusters_size_gt_1 ? 1 : 0 jobspec = templatefile("${path.module}/jobs/nomad-autoscaler.hcl", { + git_commit_sha = var.git_commit_sha node_pool = var.api_node_pool autoscaler_version = var.nomad_autoscaler_version bucket_name = var.fc_env_pipeline_bucket_name @@ -491,6 +508,8 @@ resource "nomad_job" "nomad_nodepool_apm" { module "loki" { source = "../../modules/job-loki" + git_commit_sha = var.git_commit_sha + provider_name = "gcp" node_pool = var.loki_machine_count > 0 ? var.loki_node_pool : var.api_node_pool @@ -568,6 +587,8 @@ resource "google_service_account_key" "clickhouse_service_account_key" { module "clickhouse" { source = "../../modules/job-clickhouse" + git_commit_sha = var.git_commit_sha + provider_name = "gcp" node_pool = var.clickhouse_node_pool diff --git a/iac/provider-gcp/nomad/variables.tf b/iac/provider-gcp/nomad/variables.tf index 42b26db3bd..0e63f17425 100644 --- a/iac/provider-gcp/nomad/variables.tf +++ b/iac/provider-gcp/nomad/variables.tf @@ -1,3 +1,9 @@ +variable "git_commit_sha" { + description = "Git commit SHA of the deployment, used for tracking in Nomad job metadata" + type = string + default = "unknown" +} + variable "envd_timeout" { type = string } diff --git a/iac/provider-gcp/variables.tf b/iac/provider-gcp/variables.tf index 3f92d85d4f..05d7f16bd2 100644 --- a/iac/provider-gcp/variables.tf +++ b/iac/provider-gcp/variables.tf @@ -1,3 +1,9 @@ +variable "git_commit_sha" { + description = "Git commit SHA of the deployment, used for tracking in Nomad job metadata" + type = string + default = "unknown" +} + variable "gcp_project_id" { description = "The project to deploy the cluster in" type = string From 822bd4a2a025ee6548d90d72569f9a12d3ab81f0 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Wed, 25 Feb 2026 16:03:45 +0000 Subject: [PATCH 2/5] chore: auto-commit generated changes --- iac/modules/job-ingress/main.tf | 8 ++++---- iac/modules/job-otel-collector/main.tf | 2 +- iac/provider-gcp/nomad/main.tf | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/iac/modules/job-ingress/main.tf b/iac/modules/job-ingress/main.tf index 1567181592..03e2d47cf6 100644 --- a/iac/modules/job-ingress/main.tf +++ b/iac/modules/job-ingress/main.tf @@ -2,10 +2,10 @@ resource "nomad_job" "ingress" { jobspec = templatefile("${path.module}/jobs/ingress.hcl", { git_commit_sha = var.git_commit_sha count = var.ingress_count - node_pool = var.node_pool - update_stanza = var.update_stanza - cpu_count = var.ingress_cpu_count - memory_mb = var.ingress_memory_mb + node_pool = var.node_pool + update_stanza = var.update_stanza + cpu_count = var.ingress_cpu_count + memory_mb = var.ingress_memory_mb ingress_port = var.ingress_proxy_port control_port = var.ingress_control_port diff --git a/iac/modules/job-otel-collector/main.tf b/iac/modules/job-otel-collector/main.tf index 282d7e9b06..61a508024e 100644 --- a/iac/modules/job-otel-collector/main.tf +++ b/iac/modules/job-otel-collector/main.tf @@ -23,7 +23,7 @@ resource "nomad_job" "otel_collector" { jobspec = templatefile("${path.module}/jobs/otel-collector.hcl", { git_commit_sha = var.git_commit_sha memory_mb = var.memory_mb - cpu_count = var.cpu_count + cpu_count = var.cpu_count otel_collector_grpc_port = var.otel_collector_grpc_port otel_collector_config = local.otel_collector_config diff --git a/iac/provider-gcp/nomad/main.tf b/iac/provider-gcp/nomad/main.tf index 10dab07484..2ddc0227db 100644 --- a/iac/provider-gcp/nomad/main.tf +++ b/iac/provider-gcp/nomad/main.tf @@ -447,7 +447,7 @@ resource "nomad_job" "template_manager" { git_commit_sha = var.git_commit_sha update_stanza = var.template_manages_clusters_size_gt_1 node_pool = var.builder_node_pool - current_count = tonumber(data.external.template_manager_count.result.count) + current_count = tonumber(data.external.template_manager_count.result.count) gcp_project = var.gcp_project_id gcp_region = var.gcp_region From 559a3813d61c199b7bfb4e6125e34dc6d6a51c0e Mon Sep 17 00:00:00 2001 From: djeebot Date: Wed, 25 Feb 2026 16:15:19 +0000 Subject: [PATCH 3/5] fix: add git_commit_sha to clean-nfs-cache templatefile --- iac/provider-gcp/nomad/clean-nfs-cache.tf | 1 + 1 file changed, 1 insertion(+) diff --git a/iac/provider-gcp/nomad/clean-nfs-cache.tf b/iac/provider-gcp/nomad/clean-nfs-cache.tf index fb7e26ee5f..61da646f32 100644 --- a/iac/provider-gcp/nomad/clean-nfs-cache.tf +++ b/iac/provider-gcp/nomad/clean-nfs-cache.tf @@ -15,6 +15,7 @@ resource "nomad_job" "clean_nfs_cache" { count = var.shared_chunk_cache_path != "" ? 1 : 0 jobspec = templatefile("${path.module}/jobs/clean-nfs-cache.hcl", { + git_commit_sha = var.git_commit_sha node_pool = var.builder_node_pool bucket_name = var.fc_env_pipeline_bucket_name environment = var.environment From ccb2f05ce37c40471f650be08410df5633572767 Mon Sep 17 00:00:00 2001 From: djeebot Date: Wed, 25 Feb 2026 16:48:19 +0000 Subject: [PATCH 4/5] fix: remove default values from git_commit_sha in job modules Make git_commit_sha required in all job modules to catch missing pass-throughs at plan time. The root provider-gcp/variables.tf still has a default for when the env var isn't set during local development. --- iac/modules/job-clickhouse/variables.tf | 1 - iac/modules/job-client-proxy/variables.tf | 1 - iac/modules/job-ingress/variables.tf | 1 - iac/modules/job-logs-collector/variables.tf | 1 - iac/modules/job-loki/variables.tf | 1 - iac/modules/job-orchestrator/variables.tf | 1 - iac/modules/job-otel-collector-nomad-server/main.tf | 1 - iac/modules/job-otel-collector/main.tf | 1 - iac/provider-gcp/nomad/variables.tf | 1 - 9 files changed, 9 deletions(-) diff --git a/iac/modules/job-clickhouse/variables.tf b/iac/modules/job-clickhouse/variables.tf index d26bf5f1f5..6f94160a0c 100644 --- a/iac/modules/job-clickhouse/variables.tf +++ b/iac/modules/job-clickhouse/variables.tf @@ -1,7 +1,6 @@ variable "git_commit_sha" { description = "Git commit SHA of the deployment" type = string - default = "unknown" } variable "provider_name" { diff --git a/iac/modules/job-client-proxy/variables.tf b/iac/modules/job-client-proxy/variables.tf index e8113374f8..6f96d184d0 100644 --- a/iac/modules/job-client-proxy/variables.tf +++ b/iac/modules/job-client-proxy/variables.tf @@ -1,7 +1,6 @@ variable "git_commit_sha" { description = "Git commit SHA of the deployment" type = string - default = "unknown" } variable "update_stanza" { diff --git a/iac/modules/job-ingress/variables.tf b/iac/modules/job-ingress/variables.tf index f72cc71f7e..93a9efde34 100644 --- a/iac/modules/job-ingress/variables.tf +++ b/iac/modules/job-ingress/variables.tf @@ -1,7 +1,6 @@ variable "git_commit_sha" { description = "Git commit SHA of the deployment" type = string - default = "unknown" } variable "nomad_token" { diff --git a/iac/modules/job-logs-collector/variables.tf b/iac/modules/job-logs-collector/variables.tf index d9906f07e8..d9cfc3362d 100644 --- a/iac/modules/job-logs-collector/variables.tf +++ b/iac/modules/job-logs-collector/variables.tf @@ -1,7 +1,6 @@ variable "git_commit_sha" { description = "Git commit SHA of the deployment" type = string - default = "unknown" } variable "vector_api_port" { diff --git a/iac/modules/job-loki/variables.tf b/iac/modules/job-loki/variables.tf index 6071439404..f9fd1985b4 100644 --- a/iac/modules/job-loki/variables.tf +++ b/iac/modules/job-loki/variables.tf @@ -1,7 +1,6 @@ variable "git_commit_sha" { description = "Git commit SHA of the deployment" type = string - default = "unknown" } diff --git a/iac/modules/job-orchestrator/variables.tf b/iac/modules/job-orchestrator/variables.tf index 0399227254..3409008b99 100644 --- a/iac/modules/job-orchestrator/variables.tf +++ b/iac/modules/job-orchestrator/variables.tf @@ -1,7 +1,6 @@ variable "git_commit_sha" { description = "Git commit SHA of the deployment" type = string - default = "unknown" } variable "provider_name" { diff --git a/iac/modules/job-otel-collector-nomad-server/main.tf b/iac/modules/job-otel-collector-nomad-server/main.tf index e98aa582e5..1fadde76b4 100644 --- a/iac/modules/job-otel-collector-nomad-server/main.tf +++ b/iac/modules/job-otel-collector-nomad-server/main.tf @@ -23,7 +23,6 @@ resource "nomad_job" "otel_collector_nomad_server" { variable "git_commit_sha" { description = "Git commit SHA of the deployment" type = string - default = "unknown" } variable "provider_name" { diff --git a/iac/modules/job-otel-collector/main.tf b/iac/modules/job-otel-collector/main.tf index 61a508024e..cc0e21aaa4 100644 --- a/iac/modules/job-otel-collector/main.tf +++ b/iac/modules/job-otel-collector/main.tf @@ -33,7 +33,6 @@ resource "nomad_job" "otel_collector" { variable "git_commit_sha" { description = "Git commit SHA of the deployment" type = string - default = "unknown" } variable "provider_name" { diff --git a/iac/provider-gcp/nomad/variables.tf b/iac/provider-gcp/nomad/variables.tf index 0e63f17425..d11886dd6f 100644 --- a/iac/provider-gcp/nomad/variables.tf +++ b/iac/provider-gcp/nomad/variables.tf @@ -1,7 +1,6 @@ variable "git_commit_sha" { description = "Git commit SHA of the deployment, used for tracking in Nomad job metadata" type = string - default = "unknown" } variable "envd_timeout" { From 89c0c86423c2337d0e3defe95a5a51441557ee7a Mon Sep 17 00:00:00 2001 From: djeebot Date: Wed, 25 Feb 2026 20:04:42 +0000 Subject: [PATCH 5/5] feat: auto-detect git commit SHA from HEAD when running make plan Uses `git rev-parse --short HEAD` as the default value for GIT_COMMIT_SHA if not explicitly set via environment variable. Falls back to 'unknown' if not in a git repository. --- iac/provider-gcp/Makefile | 3 +++ 1 file changed, 3 insertions(+) diff --git a/iac/provider-gcp/Makefile b/iac/provider-gcp/Makefile index 2b0e70a854..9c3da6f60c 100644 --- a/iac/provider-gcp/Makefile +++ b/iac/provider-gcp/Makefile @@ -3,6 +3,9 @@ ENV_FILE := ../../.env.${ENV} -include ${ENV_FILE} +# Default to current git commit SHA if not set via environment +GIT_COMMIT_SHA ?= $(shell git rev-parse --short HEAD 2>/dev/null || echo "unknown") + TF := $(shell which terraform) TF_VAR_FILE := ./.terraform.${ENV}.tfvars TF_VAR_FILE_ARG := $(if $(wildcard $(TF_VAR_FILE)),-var-file=$(TF_VAR_FILE))