-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathMakefile
87 lines (69 loc) · 2.1 KB
/
Makefile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
# Makefile
# this is used for the ci
# Set the shell to bash.
SHELL = /bin/bash
# Age identity.
AGE_IDENTITY ?= keys/$(shell whoami).key
AGE_IDENTITY_EXPANDED = -i $(AGE_IDENTITY)
# Age recipients.
AGE_RECIPIENTS ?= keys/*.key.pub
AGE_RECIPIENTS_EXPANDED = $(shell ./scripts/gen_recipients.sh $(AGE_RECIPIENTS))
# Age encrypt command.
AGE_ENCRYPT = age --armor $(AGE_RECIPIENTS_EXPANDED)
# Age decrypt command.
AGE_DECRYPT = age --decrypt $(AGE_IDENTITY_EXPANDED)
# Files that contain sensitive information and should be encrypted / decrypted
# on demand.
SECRETS ?= main_override.tf backend.tfvars env/v1.tfvars env/default.tfvars
SECRETS_ENCRYPT = $(shell for file in $(SECRETS); do printf "%s" "$${file}.age($${file}) "; done)
SECRETS_DECRYPT = $(shell for file in $(SECRETS); do printf "%s" "$${file}($${file}.age) "; done)
# Workspace.
WORKSPACE ?= v1
# Whether to auto-approve runs or not.
AUTO_APPROVE ?= 1
AUTO_APPROVE_EXPANDED = $(shell if [[ "$(AUTO_APPROVE)" != 0 ]]; then printf "%s" "--auto-approve "; fi)
# Encrypt all files by default.
all: encrypt
# Encrypt all files that need to be encrypted.
encrypt: $(SECRETS_ENCRYPT)
# Decrypt all encrypted files.
decrypt: $(SECRETS_DECRYPT)
$(SECRETS_ENCRYPT):
$(AGE_ENCRYPT) -o $@ $%
.PHONY: $(SECRETS_ENCRYPT)
$(SECRETS_DECRYPT):
$(AGE_DECRYPT) -o $@ $%
.PHONY: $(SECRETS_DECRYPT)
# Flag for enabling output to stdout.
STDOUT ?= 0
# Command for writing the output of terraform.
OUTPUT = tee \
"$(shell date +%Y_%m_%d-%H_%M_%S ).log" \
$(shell if [[ "$(STDOUT)" == "0" ]]; then printf "%s" ">/dev/null"; fi)
# Initialize terraform.
init:
terraform init \
-backend-config=backend.tfvars
.PHONY: init
# Create & update resources.
apply:
terraform workspace select $(WORKSPACE)
terraform apply \
$(AUTO_APPROVE_EXPANDED) \
-input=false \
--var-file=env/$(WORKSPACE).tfvars \
-no-color \
2>&1 \
| $(OUTPUT)
.PHONY: apply
destroy:
terraform workspace select $(WORKSPACE)
terraform apply \
-destroy \
$(AUTO_APPROVE_EXPANDED) \
-input=false \
--var-file=env/$(WORKSPACE).tfvars \
-no-color \
2>&1 \
| $(OUTPUT)
.PHONY: destroy