Compare commits
4 Commits
bd9d304209
...
7d3edceaf6
Author | SHA1 | Date |
---|---|---|
|
7d3edceaf6 | |
|
cc5ad334e7 | |
|
3175f2c96d | |
|
6c19aed9aa |
118
Makefile
118
Makefile
|
@ -6,7 +6,9 @@ MAIN_TF := $(wildcard infra/main/*.tf)
|
||||||
ENVIRONMENT := production
|
ENVIRONMENT := production
|
||||||
REGION := sfo3
|
REGION := sfo3
|
||||||
ROOT_DIR := $(shell pwd)
|
ROOT_DIR := $(shell pwd)
|
||||||
OUT_DIGEST := out/tools-image.digest
|
# TODO: automatically determine
|
||||||
|
TERRAFORM := $(ROOT_DIR)/out/tofu.linux-x86_64
|
||||||
|
SOPS := $(ROOT_DIR)/out/sops.linux-x86_64
|
||||||
KEYS := \
|
KEYS := \
|
||||||
6B61ECD76088748C70590D55E90A401336C8AAA9 \
|
6B61ECD76088748C70590D55E90A401336C8AAA9 \
|
||||||
88823A75ECAA786B0FF38B148E401478A3FBEF72 \
|
88823A75ECAA786B0FF38B148E401478A3FBEF72 \
|
||||||
|
@ -67,64 +69,68 @@ $(CACHE_DIR)/website/index.html: \
|
||||||
&& cp -R _site/* /home/build/out/website/ \
|
&& cp -R _site/* /home/build/out/website/ \
|
||||||
")
|
")
|
||||||
|
|
||||||
infra/backend/.terraform: out/tools-image.digest $(BACKEND_TF)
|
infra/backend/.terraform: \
|
||||||
$(call run-container, \
|
$(TERRAFORM) \
|
||||||
-v $(PWD)/secrets:/secrets \
|
$(BACKEND_TF)
|
||||||
-v $(PWD)/infra:/infra, \
|
$(SOPS) exec-env secrets/$(ENVIRONMENT).enc.env '\
|
||||||
$(shell cat out/tools-image.digest), \
|
env -C infra/backend $(TERRAFORM) init -upgrade \
|
||||||
sops exec-env /secrets/$(ENVIRONMENT).enc.env -- '\
|
'
|
||||||
tofu -chdir=/infra/backend init -upgrade && \
|
$(SOPS) exec-env secrets/$(ENVIRONMENT).enc.env '\
|
||||||
tofu -chdir=/infra/backend refresh \
|
env -C infra/backend $(TERRAFORM) refresh \
|
||||||
-var environment=$(ENVIRONMENT) \
|
-var environment=$(ENVIRONMENT) \
|
||||||
-var namespace=$(ENVIRONMENT) \
|
-var namespace=$(ENVIRONMENT) \
|
||||||
-var region=$(REGION) \
|
-var region=$(REGION) \
|
||||||
-state $(ENVIRONMENT).tfstate' \
|
-state $(ENVIRONMENT).tfstate \
|
||||||
)
|
'
|
||||||
|
|
||||||
infra/main/.terraform: out/tools-image.digest \
|
infra/main/.terraform: | \
|
||||||
config/$(ENVIRONMENT).tfbackend \
|
$(TERRAFORM) \
|
||||||
$(MAIN_TF)
|
config/$(ENVIRONMENT).tfbackend \
|
||||||
$(call run-container, \
|
$(MAIN_TF)
|
||||||
-v $(PWD)/secrets:/secrets \
|
$(SOPS) exec-env secrets/$(ENVIRONMENT).enc.env '\
|
||||||
-v $(PWD)/infra:/infra, \
|
env -C infra/main $(TERRAFORM) init -upgrade \
|
||||||
$(shell cat out/tools-image.digest), \
|
-backend-config="../../config/$(ENVIRONMENT).tfbackend" \
|
||||||
sops exec-env /secrets/$(ENVIRONMENT).enc.env -- '\
|
'
|
||||||
tofu -chdir=/infra/main init -upgrade \
|
$(SOPS) exec-env secrets/$(ENVIRONMENT).enc.env '\
|
||||||
-backend-config="../../config/$(ENVIRONMENT).tfbackend" && \
|
env -C infra/main $(TERRAFORM) refresh \
|
||||||
tofu -chdir=/infra/main refresh \
|
-var environment=$(ENVIRONMENT) \
|
||||||
-var environment=$(ENVIRONMENT) \
|
-var namespace=$(ENVIRONMENT) \
|
||||||
-var namespace=$(ENVIRONMENT) \
|
-var region=$(REGION) \
|
||||||
-var region=$(REGION) \
|
-state $(ENVIRONMENT).tfstate \
|
||||||
-state $(ENVIRONMENT).tfstate' \
|
'
|
||||||
)
|
|
||||||
|
|
||||||
infra/backend/$(ENVIRONMENT).tfstate: out/tools-image.digest infra/backend/.terraform
|
infra/backend/$(ENVIRONMENT).tfstate: \
|
||||||
$(call run-container, \
|
$(TERRAFORM) \
|
||||||
-v $(PWD)/secrets:/secrets \
|
$(SOPS) \
|
||||||
-v $(PWD)/infra:/infra, \
|
infra/backend/.terraform
|
||||||
$(shell cat out/tools-image.digest), \
|
$(SOPS) exec-env secrets/$(ENVIRONMENT).enc.env '\
|
||||||
sops exec-env /secrets/$(ENVIRONMENT).enc.env -- '\
|
env -C infra/backend \
|
||||||
tofu -chdir=/infra/backend apply \
|
$(TERRAFORM) apply \
|
||||||
-var environment=$(ENVIRONMENT) \
|
-var environment=$(ENVIRONMENT) \
|
||||||
-var namespace=$(ENVIRONMENT) \
|
-var namespace=$(ENVIRONMENT) \
|
||||||
-var region=$(REGION) \
|
-var region=$(REGION) \
|
||||||
-state $(ENVIRONMENT).tfstate' \
|
-state $@ \
|
||||||
)
|
'
|
||||||
|
|
||||||
config/$(ENVIRONMENT).tfbackend: $(OUT_DIGEST) infra/backend/$(ENVIRONMENT).tfstate
|
config/$(ENVIRONMENT).tfbackend: | \
|
||||||
$(call run-container, \
|
$(TERRAFORM) \
|
||||||
-v $(PWD)/secrets:/secrets \
|
$(SOPS) \
|
||||||
-v $(PWD)/infra:/infra, \
|
# File is not committed and this has no shared state
|
||||||
$(shell cat $(OUT_DIGEST)), \
|
$(MAKE) infra/backend/$(ENVIRONMENT).tfstate
|
||||||
sops exec-env /secrets/$(ENVIRONMENT).enc.env -- '\
|
$(SOPS) exec-env secrets/$(ENVIRONMENT).enc.env '\
|
||||||
tofu -chdir=/infra/backend output \
|
env -C infra/backend \
|
||||||
-state $(ENVIRONMENT).tfstate > $@ && \
|
$(TERRAFORM) \
|
||||||
tofu -chdir=/infra/backend refresh \
|
output -state $(ENVIRONMENT).tfstate \
|
||||||
-var environment=$(ENVIRONMENT) \
|
> $@ \
|
||||||
-var namespace=$(ENVIRONMENT) \
|
'
|
||||||
-var region=$(REGION) \
|
$(SOPS) exec-env secrets/$(ENVIRONMENT).enc.env '\
|
||||||
-state $(ENVIRONMENT).tfstate' \
|
env -C infra/backend \
|
||||||
)
|
$(TERRAFORM) refresh \
|
||||||
|
-var environment=$(ENVIRONMENT) \
|
||||||
|
-var namespace=$(ENVIRONMENT) \
|
||||||
|
-var region=$(REGION) \
|
||||||
|
-state $(ENVIRONMENT).tfstate \
|
||||||
|
'
|
||||||
|
|
||||||
out/tools-image.digest: Containerfile.tools | out
|
out/tools-image.digest: Containerfile.tools | out
|
||||||
docker build -f Containerfile.tools -q . > $@
|
docker build -f Containerfile.tools -q . > $@
|
||||||
|
|
Loading…
Reference in New Issue