public
/
stack
5
0
Fork 0
Code Issues 4 Pull Requests 2 Packages Projects Releases Wiki Activity

ryansquared/use-stagex-bins #10

Open
anton wants to merge 9 commits from ryansquared/use-stagex-bins into main
pull from: ryansquared/use-stagex-bins
merge into: public:main
Conversation 0 Commits 9 Files Changed 5 +57 -63
1 changed files with 57 additions and 63 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit b278a3e072 - Show all commits

120
Makefile
View File

@ -6,9 +6,7 @@ MAIN_TF := $(wildcard infra/main/*.tf)
ENVIRONMENT := production ENVIRONMENT := production
REGION := sfo3 REGION := sfo3
ROOT_DIR := $(shell pwd) ROOT_DIR := $(shell pwd)
# TODO: automatically determine OUT_DIGEST := out/tools-image.digest
TERRAFORM := $(ROOT_DIR)/out/tofu.linux-x86_64
SOPS := $(ROOT_DIR)/out/sops.linux-x86_64
KEYS := \ KEYS := \
6B61ECD76088748C70590D55E90A401336C8AAA9 \ 6B61ECD76088748C70590D55E90A401336C8AAA9 \
88823A75ECAA786B0FF38B148E401478A3FBEF72 \ 88823A75ECAA786B0FF38B148E401478A3FBEF72 \
@ -33,7 +31,7 @@ update-tools:
./src/make/update.sh ./src/make/update.sh
.PHONY: shell .PHONY: shell
shell: out/tools-image.digest shell: $(OUT_DIGEST)
$(call run-container, -v ./secrets:/secrets, $(shell cat $<), bin/sh) $(call run-container, -v ./secrets:/secrets, $(shell cat $<), bin/sh)
.PHONY: credentials .PHONY: credentials
@ -67,68 +65,64 @@ $(CACHE_DIR)/website/index.html: \
&& cp -R _site/* /home/build/out/website/ \ && cp -R _site/* /home/build/out/website/ \
") ")
infra/backend/.terraform: \ infra/backend/.terraform: out/tools-image.digest $(BACKEND_TF)
$(TERRAFORM) \ $(call run-container, \
$(BACKEND_TF) -v $(PWD)/secrets:/secrets \
$(SOPS) exec-env secrets/$(ENVIRONMENT).enc.env '\ -v $(PWD)/infra:/infra, \
env -C infra/backend $(TERRAFORM) init -upgrade \ $(shell cat out/tools-image.digest), \
' sops exec-env /secrets/$(ENVIRONMENT).enc.env -- '\
$(SOPS) exec-env secrets/$(ENVIRONMENT).enc.env '\ tofu -chdir=/infra/backend init -upgrade && \
env -C infra/backend $(TERRAFORM) refresh \ tofu -chdir=/infra/backend refresh \
-var environment=$(ENVIRONMENT) \ -var environment=$(ENVIRONMENT) \
-var namespace=$(ENVIRONMENT) \ -var namespace=$(ENVIRONMENT) \
-var region=$(REGION) \ -var region=$(REGION) \
-state $(ENVIRONMENT).tfstate \ -state $(ENVIRONMENT).tfstate' \
' )
infra/main/.terraform: | \ infra/main/.terraform: out/tools-image.digest \
$(TERRAFORM) \ config/$(ENVIRONMENT).tfbackend \
config/$(ENVIRONMENT).tfbackend \ $(MAIN_TF)
$(MAIN_TF) $(call run-container, \
$(SOPS) exec-env secrets/$(ENVIRONMENT).enc.env '\ -v $(PWD)/secrets:/secrets \
env -C infra/main $(TERRAFORM) init -upgrade \ -v $(PWD)/infra:/infra, \
-backend-config="../../config/$(ENVIRONMENT).tfbackend" \ $(shell cat out/tools-image.digest), \
' sops exec-env /secrets/$(ENVIRONMENT).enc.env -- '\
$(SOPS) exec-env secrets/$(ENVIRONMENT).enc.env '\ tofu -chdir=/infra/main init -upgrade \
env -C infra/main $(TERRAFORM) refresh \ -backend-config="../../config/$(ENVIRONMENT).tfbackend" && \
-var environment=$(ENVIRONMENT) \ tofu -chdir=/infra/main refresh \
-var namespace=$(ENVIRONMENT) \ -var environment=$(ENVIRONMENT) \
-var region=$(REGION) \ -var namespace=$(ENVIRONMENT) \
-state $(ENVIRONMENT).tfstate \ -var region=$(REGION) \
' -state $(ENVIRONMENT).tfstate' \
)
infra/backend/$(ENVIRONMENT).tfstate: \ infra/backend/$(ENVIRONMENT).tfstate: out/tools-image.digest infra/backend/.terraform
$(TERRAFORM) \ $(call run-container, \
$(SOPS) \ -v $(PWD)/secrets:/secrets \
infra/backend/.terraform -v $(PWD)/infra:/infra, \
$(SOPS) exec-env secrets/$(ENVIRONMENT).enc.env '\ $(shell cat out/tools-image.digest), \
env -C infra/backend \ sops exec-env /secrets/$(ENVIRONMENT).enc.env -- '\
$(TERRAFORM) apply \ tofu -chdir=/infra/backend apply \
-var environment=$(ENVIRONMENT) \ -var environment=$(ENVIRONMENT) \
-var namespace=$(ENVIRONMENT) \ -var namespace=$(ENVIRONMENT) \
-var region=$(REGION) \ -var region=$(REGION) \
-state $@ \ -state $(ENVIRONMENT).tfstate' \
' )
config/$(ENVIRONMENT).tfbackend: | \ config/$(ENVIRONMENT).tfbackend: $(OUT_DIGEST) infra/backend/$(ENVIRONMENT).tfstate
$(TERRAFORM) \ $(call run-container, \
$(SOPS) \ -v $(PWD)/secrets:/secrets \
# File is not committed and this has no shared state -v $(PWD)/infra:/infra, \
$(MAKE) infra/backend/$(ENVIRONMENT).tfstate $(shell cat $(OUT_DIGEST)), \
$(SOPS) exec-env secrets/$(ENVIRONMENT).enc.env '\ sops exec-env /secrets/$(ENVIRONMENT).enc.env -- '\
env -C infra/backend \ tofu -chdir=/infra/backend output \
$(TERRAFORM) \ -state $(ENVIRONMENT).tfstate > $@ && \
output -state $(ENVIRONMENT).tfstate \ tofu -chdir=/infra/backend refresh \
> $@ \ -var environment=$(ENVIRONMENT) \
' -var namespace=$(ENVIRONMENT) \
$(SOPS) exec-env secrets/$(ENVIRONMENT).enc.env '\ -var region=$(REGION) \
env -C infra/backend \ -state $(ENVIRONMENT).tfstate' \
$(TERRAFORM) refresh \ )
-var environment=$(ENVIRONMENT) \
-var namespace=$(ENVIRONMENT) \
-var region=$(REGION) \
-state $(ENVIRONMENT).tfstate \
'
out/tools-image.digest: Containerfile.tools | out out/tools-image.digest: Containerfile.tools | out
docker build -f Containerfile.tools -q . > $@ docker build -f Containerfile.tools -q . > $@