Makefile: use sops only when needed

This commit is contained in:
RyanSquared 2023-05-06 16:35:46 -04:00
parent 64d3385291
commit 6fb97a7b8e
Signed by untrusted user who does not match committer: ryan
GPG Key ID: 8E401478A3FBEF72
1 changed files with 19 additions and 6 deletions

View File

@ -6,6 +6,7 @@ ENVIRONMENT := production
REGION := sfo3 REGION := sfo3
ROOT_DIR := $(shell pwd) ROOT_DIR := $(shell pwd)
TERRAFORM := $(ROOT_DIR)/out/terraform TERRAFORM := $(ROOT_DIR)/out/terraform
SOPS := $(ROOT_DIR)/out/sops
KEYS := \ KEYS := \
6B61ECD76088748C70590D55E90A401336C8AAA9 \ 6B61ECD76088748C70590D55E90A401336C8AAA9 \
88823A75ECAA786B0FF38B148E401478A3FBEF72 \ 88823A75ECAA786B0FF38B148E401478A3FBEF72 \
@ -59,29 +60,41 @@ infra/main/.terraform: | \
infra/backend/$(ENVIRONMENT).tfstate: \ infra/backend/$(ENVIRONMENT).tfstate: \
$(OUT_DIR)/terraform \ $(OUT_DIR)/terraform \
$(OUT_DIR)/sops \
infra/backend/.terraform infra/backend/.terraform
env -C infra/backend $(TERRAFORM) apply \ $(SOPS) exec-env secrets/production.enc.env '\
env -C infra/backend \
$(TERRAFORM) apply \
-var environment=$(ENVIRONMENT) \ -var environment=$(ENVIRONMENT) \
-var namespace=$(ENVIRONMENT) \ -var namespace=$(ENVIRONMENT) \
-var region=$(REGION) \ -var region=$(REGION) \
-state ../../$@ -state ../../$@ \
'
config/$(ENVIRONMENT).tfbackend: | \ config/$(ENVIRONMENT).tfbackend: | \
$(OUT_DIR)/terraform $(OUT_DIR)/terraform
$(OUT_DIR)/sops \
# File is not committed and this has no shared state # File is not committed and this has no shared state
$(MAKE) infra/backend/$(ENVIRONMENT).tfstate $(MAKE) infra/backend/$(ENVIRONMENT).tfstate
env -C infra/backend $(TERRAFORM) \ $(SOPS) exec-env secrets/production.enc.env '\
env -C infra/backend \
$(TERRAFORM) \
output -state ../../$< \ output -state ../../$< \
> $@ > $@ \
'
.PHONY: .PHONY:
apply: \ apply: \
$(OUT_DIR)/terraform \ $(OUT_DIR)/terraform \
$(OUT_DIR)/sops \
infra/main/.terraform infra/main/.terraform
env -C infra/main $(TERRAFORM) apply \ $(SOPS) exec-env secrets/production.enc.env '\
env -C infra/main \
$(TERRAFORM) apply \
-var environment=$(ENVIRONMENT) \ -var environment=$(ENVIRONMENT) \
-var namespace=$(ENVIRONMENT) \ -var namespace=$(ENVIRONMENT) \
-var region=$(REGION) -var region=$(REGION) \
'
$(CACHE_DIR)/secrets: $(CACHE_DIR)/secrets:
mkdir -p $@ mkdir -p $@