118 lines
2.9 KiB
Makefile
118 lines
2.9 KiB
Makefile
include $(PWD)/src/toolchain/Makefile
|
|
|
|
BACKEND_TF := $(wildcard infra/backend/*.tf)
|
|
MAIN_TF := $(wildcard infra/main/*.tf)
|
|
ENVIRONMENT := production
|
|
REGION := sfo3
|
|
ROOT_DIR := $(shell pwd)
|
|
TERRAFORM := $(ROOT_DIR)/out/terraform
|
|
KEYS := \
|
|
6B61ECD76088748C70590D55E90A401336C8AAA9 \
|
|
88823A75ECAA786B0FF38B148E401478A3FBEF72 \
|
|
3D7C8D39E8C4DF771583D3F0A8A091FD346001CA
|
|
|
|
SKIP_SECRETS=
|
|
ifeq ("$(wildcard $(CACHE_DIR)/secrets/$(ENVIRONMENT).env)$(SKIP_SECRETS)","")
|
|
noop=$(shell \
|
|
$(MAKE) SKIP_SECRETS=1 $(CACHE_DIR)/secrets/$(ENVIRONMENT).env \
|
|
)
|
|
endif
|
|
|
|
include $(CACHE_DIR)/secrets/$(ENVIRONMENT).env
|
|
export $(shell sed 's/=.*//' $(CACHE_DIR)/secrets/$(ENVIRONMENT).env 2>/dev/null)
|
|
|
|
.DEFAULT_GOAL :=
|
|
.PHONY: default
|
|
default: \
|
|
toolchain \
|
|
$(patsubst %,$(KEY_DIR)/%.asc,$(KEYS)) \
|
|
$(OUT_DIR)/website/.well-known/openpgpkey \
|
|
apply
|
|
|
|
.PHONY:
|
|
clean:
|
|
rm -rf $(CACHE_DIR)
|
|
|
|
.PHONY:
|
|
credentials: \
|
|
$(CACHE_DIR)/secrets/credentials.tfvars
|
|
|
|
$(KEY_DIR)/%.asc:
|
|
$(call fetch_pgp_key,$(basename $(notdir $@)))
|
|
|
|
$(OUT_DIR)/website/.well-known/openpgpkey:
|
|
$(call toolchain," \
|
|
sq wkd \
|
|
generate $(OUT_DIR)/website distrust.co \
|
|
<(cat $(patsubst %,$(KEY_DIR)/%.asc,$(KEYS))) \
|
|
")
|
|
|
|
$(OUT_DIR)/website/index.html:
|
|
$(call toolchain," \
|
|
cd $(SRC_DIR)/website \
|
|
&& jekyll build \
|
|
&& cp -R _site/* /home/build/out/website/ \
|
|
")
|
|
|
|
infra/backend/.terraform: \
|
|
$(OUT_DIR)/terraform \
|
|
$(BACKEND_TF)
|
|
env -C infra/backend $(TERRAFORM) init
|
|
|
|
infra/main/.terraform: | \
|
|
$(OUT_DIR)/terraform \
|
|
config/$(ENVIRONMENT).tfbackend \
|
|
$(MAIN_TF)
|
|
env -C infra/main $(TERRAFORM) init \
|
|
-backend-config="../../config/$(ENVIRONMENT).tfbackend"
|
|
|
|
infra/backend/$(ENVIRONMENT).tfstate: \
|
|
$(OUT_DIR)/terraform \
|
|
infra/backend/.terraform
|
|
env -C infra/backend $(TERRAFORM) apply \
|
|
-var environment=$(ENVIRONMENT) \
|
|
-var namespace=$(ENVIRONMENT) \
|
|
-var region=$(REGION) \
|
|
-state ../../$@
|
|
|
|
config/$(ENVIRONMENT).tfbackend: | \
|
|
$(OUT_DIR)/terraform
|
|
# File is not committed and this has no shared state
|
|
$(MAKE) infra/backend/$(ENVIRONMENT).tfstate
|
|
env -C infra/backend $(TERRAFORM) \
|
|
output -state ../../$< \
|
|
> $@
|
|
|
|
.PHONY:
|
|
apply: \
|
|
$(OUT_DIR)/terraform \
|
|
infra/main/.terraform
|
|
env -C infra/main $(TERRAFORM) apply \
|
|
-var environment=$(ENVIRONMENT) \
|
|
-var namespace=$(ENVIRONMENT) \
|
|
-var region=$(REGION)
|
|
|
|
$(CACHE_DIR)/secrets:
|
|
mkdir -p $@
|
|
|
|
$(CACHE_DIR)/secrets/%.env: secrets/%.env.gpg $(CACHE_DIR)/secrets
|
|
@echo "Decrypting $@"
|
|
gpg --decrypt $< 2>/dev/null > $@
|
|
|
|
$(FETCH_DIR)/terraform:
|
|
$(call git_clone,$@,$(TERRAFORM_REPO),$(TERRAFORM_REF))
|
|
|
|
$(OUT_DIR)/terraform: $(FETCH_DIR)/terraform
|
|
$(call toolchain," \
|
|
cd $(FETCH_DIR)/terraform && \
|
|
export SSL_CERT_DIR=/etc/ssl/certs && \
|
|
export CGO_ENABLED=0 && \
|
|
export GOCACHE=/home/build/$(CACHE_DIR) && \
|
|
export GOPATH=/home/build/$(CACHE_DIR) && \
|
|
go build \
|
|
-v \
|
|
-trimpath \
|
|
-ldflags='-w -extldflags=-static' \
|
|
-o /home/build/$@ \
|
|
")
|