begin transition to stagex

This commit is contained in:
Ryan Heywood 2025-04-02 16:59:29 -04:00
parent 8bfad21bea
commit 016dc52f8e
Signed by: ryan
GPG Key ID: 8E401478A3FBEF72
3 changed files with 68 additions and 3 deletions

1
.dockerignore Normal file
View File

@ -0,0 +1 @@
*

44
Containerfile.tools Normal file
View File

@ -0,0 +1,44 @@
# Tools used for managing the stagex stack
FROM quay.io/stagex/core-busybox AS busybox
FROM quay.io/stagex/core-musl AS musl
FROM quay.io/stagex/core-ca-certificates AS ca-certificates
FROM quay.io/stagex/core-zlib AS zlib
FROM quay.io/stagex/user-gpg AS gpg
FROM quay.io/stagex/user-npth AS npth
FROM quay.io/stagex/user-libksba AS libksba
FROM quay.io/stagex/user-libgpg-error AS libgpg-error
FROM quay.io/stagex/user-libassuan AS libassuan
FROM quay.io/stagex/user-libgcrypt AS libgcrypt
FROM quay.io/stagex/user-tofu AS tofu
FROM quay.io/stagex/user-sops AS sops
FROM quay.io/stagex/user-talosctl AS talosctl
FROM quay.io/stagex/user-kubectl AS kubectl
FROM quay.io/stagex/user-kustomize AS kustomize
FROM quay.io/stagex/user-kustomize-sops AS kustomize-sops
FROM quay.io/stagex/user-helm AS helm
FROM scratch
COPY --from=busybox . /
COPY --from=musl . /
COPY --from=ca-certificates . /
COPY --from=zlib . /
COPY --from=npth . /
COPY --from=libksba . /
COPY --from=libgpg-error . /
COPY --from=libassuan . /
COPY --from=libgcrypt . /
COPY --from=gpg . /
COPY --from=tofu . /
COPY --from=sops . /
COPY --from=talosctl . /
COPY --from=kubectl . /
COPY --from=kustomize . /
COPY --from=kustomize-sops . /
COPY --from=sops . /
COPY --from=helm . /
RUN mkdir -p /root/.gnupg
RUN chmod 0700 /root/.gnupg
ENTRYPOINT ["/bin/sh"]

View File

@ -1,6 +1,3 @@
include $(PWD)/src/toolchain/Makefile
include $(PWD)/src/make/tools.mk
BACKEND_TF := $(wildcard infra/backend/*.tf)
MAIN_TF := $(wildcard infra/main/*.tf)
ENVIRONMENT := production
@ -133,6 +130,29 @@ config/$(ENVIRONMENT).tfbackend: | \
-state $(ENVIRONMENT).tfstate \
'
.PHONY: build-container
build-container:
docker build -t git.distrust.co/public/stack-tools -f Containerfile.tools .
GPG_TTY ?= $(shell tty)
define run-container
docker run -it \
-e GPG_TTY=$(GPG_TTY) \
-e GPG_AGENT_INFO=/S.gpg-agent:0:1 \
-v $(shell gpgconf --list-dirs agent-socket):/root/.gnupg-w/S.gpg-agent \
-v $(shell gpgconf --list-dirs homedir):/root/.gnupg:ro \
git.distrust.co/public/stack-tools
endef
.PHONY: new-apply
new-apply: build-container
$(call run-container,'\
echo $$GPG_AGENT_INFO; \
ls -l /S.gpg-agent; \
gpg --verbose --list-keys \
')
.PHONY:
apply: \
$(TERRAFORM) \