include $(PWD)/src/toolchain/Makefile BACKEND_TF := $(wildcard infra/backend/*.tf) MAIN_TF := $(wildcard infra/main/*.tf) ENVIRONMENT := production REGION := sfo3 ROOT_DIR := $(shell pwd) TERRAFORM := $(ROOT_DIR)/out/terraform KEYS := \ 6B61ECD76088748C70590D55E90A401336C8AAA9 \ 88823A75ECAA786B0FF38B148E401478A3FBEF72 \ 3D7C8D39E8C4DF771583D3F0A8A091FD346001CA SKIP_SECRETS= ifeq ("$(wildcard $(CACHE_DIR)/secrets/$(ENVIRONMENT).env)$(SKIP_SECRETS)","") noop=$(shell \ $(MAKE) SKIP_SECRETS=1 $(CACHE_DIR)/secrets/$(ENVIRONMENT).env \ ) endif include $(CACHE_DIR)/secrets/$(ENVIRONMENT).env export $(shell sed 's/=.*//' $(CACHE_DIR)/secrets/$(ENVIRONMENT).env 2>/dev/null) .DEFAULT_GOAL := .PHONY: default default: \ toolchain \ $(patsubst %,$(KEY_DIR)/%.asc,$(KEYS)) \ $(OUT_DIR)/website/.well-known/openpgpkey \ apply .PHONY: clean: rm -rf $(CACHE_DIR) .PHONY: credentials: \ $(CACHE_DIR)/secrets/credentials.tfvars $(KEY_DIR)/%.asc: $(call fetch_pgp_key,$(basename $(notdir $@))) $(OUT_DIR)/website/.well-known/openpgpkey: $(call toolchain," \ sq wkd \ generate $(OUT_DIR)/website distrust.co \ <(cat $(patsubst %,$(KEY_DIR)/%.asc,$(KEYS))) \ ") $(OUT_DIR)/website/index.html: $(call toolchain," \ cd $(SRC_DIR)/website \ && jekyll build \ && cp -R _site/* /home/build/out/website/ \ ") infra/backend/.terraform: \ $(OUT_DIR)/terraform \ $(BACKEND_TF) env -C infra/backend $(TERRAFORM) init infra/main/.terraform: | \ $(OUT_DIR)/terraform \ config/$(ENVIRONMENT).tfbackend \ $(MAIN_TF) env -C infra/main $(TERRAFORM) init \ -backend-config="../../config/$(ENVIRONMENT).tfbackend" infra/backend/$(ENVIRONMENT).tfstate: \ $(OUT_DIR)/terraform \ infra/backend/.terraform env -C infra/backend $(TERRAFORM) apply \ -var environment=$(ENVIRONMENT) \ -var namespace=$(ENVIRONMENT) \ -var region=$(REGION) \ -state ../../$@ config/$(ENVIRONMENT).tfbackend: | \ $(OUT_DIR)/terraform # File is not committed and this has no shared state $(MAKE) infra/backend/$(ENVIRONMENT).tfstate env -C infra/backend $(TERRAFORM) \ output -state ../../$< \ > $@ .PHONY: apply: \ $(OUT_DIR)/terraform \ infra/main/.terraform env -C infra/main $(TERRAFORM) apply \ -var environment=$(ENVIRONMENT) \ -var namespace=$(ENVIRONMENT) \ -var region=$(REGION) $(CACHE_DIR)/secrets: mkdir -p $@ $(CACHE_DIR)/secrets/%.env: secrets/%.env.gpg $(CACHE_DIR)/secrets @echo "Decrypting $@" gpg --decrypt $< 2>/dev/null > $@ $(FETCH_DIR)/terraform: $(call git_clone,$@,$(TERRAFORM_REPO),$(TERRAFORM_REF)) $(OUT_DIR)/terraform: $(FETCH_DIR)/terraform $(call toolchain," \ cd $(FETCH_DIR)/terraform && \ export SSL_CERT_DIR=/etc/ssl/certs && \ export CGO_ENABLED=0 && \ export GOCACHE=/home/build/$(CACHE_DIR) && \ export GOPATH=/home/build/$(CACHE_DIR) && \ go build \ -v \ -trimpath \ -ldflags='-w -extldflags=-static' \ -o /home/build/$@ \ ")