From 016dc52f8e232a7d98cb2e8a85b5634eeb1e8432 Mon Sep 17 00:00:00 2001 From: "ryan-distrust.co" Date: Wed, 2 Apr 2025 16:59:29 -0400 Subject: [PATCH] begin transition to stagex --- .dockerignore | 1 + Containerfile.tools | 44 ++++++++++++++++++++++++++++++++++++++++++++ Makefile | 26 +++++++++++++++++++++++--- 3 files changed, 68 insertions(+), 3 deletions(-) create mode 100644 .dockerignore create mode 100644 Containerfile.tools diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000..72e8ffc --- /dev/null +++ b/.dockerignore @@ -0,0 +1 @@ +* diff --git a/Containerfile.tools b/Containerfile.tools new file mode 100644 index 0000000..27518d9 --- /dev/null +++ b/Containerfile.tools @@ -0,0 +1,44 @@ +# Tools used for managing the stagex stack + +FROM quay.io/stagex/core-busybox AS busybox +FROM quay.io/stagex/core-musl AS musl +FROM quay.io/stagex/core-ca-certificates AS ca-certificates +FROM quay.io/stagex/core-zlib AS zlib +FROM quay.io/stagex/user-gpg AS gpg +FROM quay.io/stagex/user-npth AS npth +FROM quay.io/stagex/user-libksba AS libksba +FROM quay.io/stagex/user-libgpg-error AS libgpg-error +FROM quay.io/stagex/user-libassuan AS libassuan +FROM quay.io/stagex/user-libgcrypt AS libgcrypt +FROM quay.io/stagex/user-tofu AS tofu +FROM quay.io/stagex/user-sops AS sops +FROM quay.io/stagex/user-talosctl AS talosctl +FROM quay.io/stagex/user-kubectl AS kubectl +FROM quay.io/stagex/user-kustomize AS kustomize +FROM quay.io/stagex/user-kustomize-sops AS kustomize-sops +FROM quay.io/stagex/user-helm AS helm + +FROM scratch +COPY --from=busybox . / +COPY --from=musl . / +COPY --from=ca-certificates . / +COPY --from=zlib . / +COPY --from=npth . / +COPY --from=libksba . / +COPY --from=libgpg-error . / +COPY --from=libassuan . / +COPY --from=libgcrypt . / +COPY --from=gpg . / +COPY --from=tofu . / +COPY --from=sops . / +COPY --from=talosctl . / +COPY --from=kubectl . / +COPY --from=kustomize . / +COPY --from=kustomize-sops . / +COPY --from=sops . / +COPY --from=helm . / + +RUN mkdir -p /root/.gnupg +RUN chmod 0700 /root/.gnupg + +ENTRYPOINT ["/bin/sh"] diff --git a/Makefile b/Makefile index 1407141..e38fc03 100644 --- a/Makefile +++ b/Makefile @@ -1,6 +1,3 @@ -include $(PWD)/src/toolchain/Makefile -include $(PWD)/src/make/tools.mk - BACKEND_TF := $(wildcard infra/backend/*.tf) MAIN_TF := $(wildcard infra/main/*.tf) ENVIRONMENT := production @@ -133,6 +130,29 @@ config/$(ENVIRONMENT).tfbackend: | \ -state $(ENVIRONMENT).tfstate \ ' +.PHONY: build-container +build-container: + docker build -t git.distrust.co/public/stack-tools -f Containerfile.tools . + +GPG_TTY ?= $(shell tty) + +define run-container + docker run -it \ + -e GPG_TTY=$(GPG_TTY) \ + -e GPG_AGENT_INFO=/S.gpg-agent:0:1 \ + -v $(shell gpgconf --list-dirs agent-socket):/root/.gnupg-w/S.gpg-agent \ + -v $(shell gpgconf --list-dirs homedir):/root/.gnupg:ro \ + git.distrust.co/public/stack-tools +endef + +.PHONY: new-apply +new-apply: build-container + $(call run-container,'\ + echo $$GPG_AGENT_INFO; \ + ls -l /S.gpg-agent; \ + gpg --verbose --list-keys \ + ') + .PHONY: apply: \ $(TERRAFORM) \