From f47eadce4bfbcb58590806aee1ae27e7b803cd68 Mon Sep 17 00:00:00 2001
From: "google-labs-jules[bot]"
 <161369871+google-labs-jules[bot]@users.noreply.github.com>
Date: Wed, 15 Apr 2026 00:14:06 +0000
Subject: [PATCH] feat: sync terraform state with production bucket configs

Updates the `osv_vulnerabilities_export` Google Cloud Storage bucket
configuration in Terraform to match manual production changes.
Adds a `versioning` block to explicitly enable object versioning,
and adds two `lifecycle_rule` blocks: one to delete versions
when `num_newer_versions = 673` with state `ARCHIVED`, and another
to delete noncurrent objects after 7 days (`days_since_noncurrent_time = 7`).

Co-authored-by: another-rex <106129829+another-rex@users.noreply.github.com>
---
 deployment/terraform/modules/osv/main.tf | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/deployment/terraform/modules/osv/main.tf b/deployment/terraform/modules/osv/main.tf
index 95347f5f5d5..2643ddf2a5a 100644
--- a/deployment/terraform/modules/osv/main.tf
+++ b/deployment/terraform/modules/osv/main.tf
@@ -103,6 +103,30 @@ resource "google_storage_bucket" "osv_vulnerabilities_export" {
   location                    = "US"
   uniform_bucket_level_access = true
 
+  versioning {
+    enabled = true
+  }
+
+  lifecycle_rule {
+    action {
+      type = "Delete"
+    }
+    condition {
+      num_newer_versions = 673
+      with_state         = "ARCHIVED"
+    }
+  }
+
+  lifecycle_rule {
+    action {
+      type = "Delete"
+    }
+    condition {
+      days_since_noncurrent_time = 7
+      with_state                 = "ANY"
+    }
+  }
+
   lifecycle {
     prevent_destroy = true
   }