Compare commits

..

4 Commits

1 changed files with 62 additions and 56 deletions

118
Makefile
View File

@ -6,7 +6,9 @@ MAIN_TF := $(wildcard infra/main/*.tf)
ENVIRONMENT := production ENVIRONMENT := production
REGION := sfo3 REGION := sfo3
ROOT_DIR := $(shell pwd) ROOT_DIR := $(shell pwd)
OUT_DIGEST := out/tools-image.digest # TODO: automatically determine
TERRAFORM := $(ROOT_DIR)/out/tofu.linux-x86_64
SOPS := $(ROOT_DIR)/out/sops.linux-x86_64
KEYS := \ KEYS := \
6B61ECD76088748C70590D55E90A401336C8AAA9 \ 6B61ECD76088748C70590D55E90A401336C8AAA9 \
88823A75ECAA786B0FF38B148E401478A3FBEF72 \ 88823A75ECAA786B0FF38B148E401478A3FBEF72 \
@ -67,64 +69,68 @@ $(CACHE_DIR)/website/index.html: \
&& cp -R _site/* /home/build/out/website/ \ && cp -R _site/* /home/build/out/website/ \
") ")
infra/backend/.terraform: out/tools-image.digest $(BACKEND_TF) infra/backend/.terraform: \
$(call run-container, \ $(TERRAFORM) \
-v $(PWD)/secrets:/secrets \ $(BACKEND_TF)
-v $(PWD)/infra:/infra, \ $(SOPS) exec-env secrets/$(ENVIRONMENT).enc.env '\
$(shell cat out/tools-image.digest), \ env -C infra/backend $(TERRAFORM) init -upgrade \
sops exec-env /secrets/$(ENVIRONMENT).enc.env -- '\ '
tofu -chdir=/infra/backend init -upgrade && \ $(SOPS) exec-env secrets/$(ENVIRONMENT).enc.env '\
tofu -chdir=/infra/backend refresh \ env -C infra/backend $(TERRAFORM) refresh \
-var environment=$(ENVIRONMENT) \ -var environment=$(ENVIRONMENT) \
-var namespace=$(ENVIRONMENT) \ -var namespace=$(ENVIRONMENT) \
-var region=$(REGION) \ -var region=$(REGION) \
-state $(ENVIRONMENT).tfstate' \ -state $(ENVIRONMENT).tfstate \
) '
infra/main/.terraform: out/tools-image.digest \ infra/main/.terraform: | \
config/$(ENVIRONMENT).tfbackend \ $(TERRAFORM) \
$(MAIN_TF) config/$(ENVIRONMENT).tfbackend \
$(call run-container, \ $(MAIN_TF)
-v $(PWD)/secrets:/secrets \ $(SOPS) exec-env secrets/$(ENVIRONMENT).enc.env '\
-v $(PWD)/infra:/infra, \ env -C infra/main $(TERRAFORM) init -upgrade \
$(shell cat out/tools-image.digest), \ -backend-config="../../config/$(ENVIRONMENT).tfbackend" \
sops exec-env /secrets/$(ENVIRONMENT).enc.env -- '\ '
tofu -chdir=/infra/main init -upgrade \ $(SOPS) exec-env secrets/$(ENVIRONMENT).enc.env '\
-backend-config="../../config/$(ENVIRONMENT).tfbackend" && \ env -C infra/main $(TERRAFORM) refresh \
tofu -chdir=/infra/main refresh \ -var environment=$(ENVIRONMENT) \
-var environment=$(ENVIRONMENT) \ -var namespace=$(ENVIRONMENT) \
-var namespace=$(ENVIRONMENT) \ -var region=$(REGION) \
-var region=$(REGION) \ -state $(ENVIRONMENT).tfstate \
-state $(ENVIRONMENT).tfstate' \ '
)
infra/backend/$(ENVIRONMENT).tfstate: out/tools-image.digest infra/backend/.terraform infra/backend/$(ENVIRONMENT).tfstate: \
$(call run-container, \ $(TERRAFORM) \
-v $(PWD)/secrets:/secrets \ $(SOPS) \
-v $(PWD)/infra:/infra, \ infra/backend/.terraform
$(shell cat out/tools-image.digest), \ $(SOPS) exec-env secrets/$(ENVIRONMENT).enc.env '\
sops exec-env /secrets/$(ENVIRONMENT).enc.env -- '\ env -C infra/backend \
tofu -chdir=/infra/backend apply \ $(TERRAFORM) apply \
-var environment=$(ENVIRONMENT) \ -var environment=$(ENVIRONMENT) \
-var namespace=$(ENVIRONMENT) \ -var namespace=$(ENVIRONMENT) \
-var region=$(REGION) \ -var region=$(REGION) \
-state $(ENVIRONMENT).tfstate' \ -state $@ \
) '
config/$(ENVIRONMENT).tfbackend: $(OUT_DIGEST) infra/backend/$(ENVIRONMENT).tfstate config/$(ENVIRONMENT).tfbackend: | \
$(call run-container, \ $(TERRAFORM) \
-v $(PWD)/secrets:/secrets \ $(SOPS) \
-v $(PWD)/infra:/infra, \ # File is not committed and this has no shared state
$(shell cat $(OUT_DIGEST)), \ $(MAKE) infra/backend/$(ENVIRONMENT).tfstate
sops exec-env /secrets/$(ENVIRONMENT).enc.env -- '\ $(SOPS) exec-env secrets/$(ENVIRONMENT).enc.env '\
tofu -chdir=/infra/backend output \ env -C infra/backend \
-state $(ENVIRONMENT).tfstate > $@ && \ $(TERRAFORM) \
tofu -chdir=/infra/backend refresh \ output -state $(ENVIRONMENT).tfstate \
-var environment=$(ENVIRONMENT) \ > $@ \
-var namespace=$(ENVIRONMENT) \ '
-var region=$(REGION) \ $(SOPS) exec-env secrets/$(ENVIRONMENT).enc.env '\
-state $(ENVIRONMENT).tfstate' \ env -C infra/backend \
) $(TERRAFORM) refresh \
-var environment=$(ENVIRONMENT) \
-var namespace=$(ENVIRONMENT) \
-var region=$(REGION) \
-state $(ENVIRONMENT).tfstate \
'
out/tools-image.digest: Containerfile.tools | out out/tools-image.digest: Containerfile.tools | out
docker build -f Containerfile.tools -q . > $@ docker build -f Containerfile.tools -q . > $@