From b71f711b3fff63ddd5c77c6cf93a349fe3acaac8 Mon Sep 17 00:00:00 2001 From: Anton Livaja Date: Mon, 12 May 2025 10:26:21 -0700 Subject: [PATCH] feat: use digest to keep track of state of tools image --- Makefile | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/Makefile b/Makefile index 6eaf557..0f4daba 100644 --- a/Makefile +++ b/Makefile @@ -1,3 +1,6 @@ +# If using QubesOS, the smart card must be connected directly to the qube, +# rather than using a 'vault' qube. + BACKEND_TF := $(wildcard infra/backend/*.tf) MAIN_TF := $(wildcard infra/main/*.tf) ENVIRONMENT := production @@ -29,16 +32,14 @@ clean: update-tools: ./src/make/update.sh +.PHONY: shell +shell: out/tools-image.digest + $(call run-container, -v ./secrets:/secrets, $(shell cat $<)) + .PHONY: credentials credentials: \ $(CACHE_DIR)/secrets/credentials.tfvars -# If using QubesOS, the smart card must be connected directly to the qube, -# rather than using a 'vault' qube. -.PHONY: -shell: build-container - $(call run-container, -v ./secrets:/secrets) - $(KEY_DIR)/%.asc: $(call fetch_pgp_key,$(basename $(notdir $@))) @@ -129,9 +130,8 @@ config/$(ENVIRONMENT).tfbackend: | \ -state $(ENVIRONMENT).tfstate \ ' -.PHONY: build-container -build-container: - docker build -t git.distrust.co/public/stack-tools -f Containerfile.tools . +out/tools-image.digest: Containerfile.tools | out + docker build -f Containerfile.tools -q . > $@ GPG_TTY ?= $(shell tty) @@ -140,11 +140,11 @@ define run-container -e GPG_TTY="$(GPG_TTY)" \ -v $(shell gpgconf --list-dirs agent-socket):/root/.gnupg/S.gpg-agent:ro \ -v $(shell gpgconf --list-dirs homedir):/root/.gnupg:rw \ - git.distrust.co/public/stack-tools + $(2) endef .PHONY: new-apply -new-apply: build-container +new-apply: out/tools-image.digest $(call run-container,'\ echo $$GPG_AGENT_INFO; \ ls -l /S.gpg-agent; \