From b29b6a092c1c80e91145782923437fbce08b9c9a Mon Sep 17 00:00:00 2001 From: Vincent Ambo Date: Fri, 3 Jun 2022 23:08:51 +0000 Subject: [PATCH] docs(ops/buildkite): Add documentation about this config Change-Id: Ia61b15127c67cdd9dddcab9f3540f1aee949cd6b Reviewed-on: https://cl.tvl.fyi/c/depot/+/5839 Tested-by: BuildkiteCI Reviewed-by: sterni --- ops/buildkite/README.md | 24 ++++++++++++++++++++++++ ops/keycloak/README.md | 2 +- 2 files changed, 25 insertions(+), 1 deletion(-) create mode 100644 ops/buildkite/README.md diff --git a/ops/buildkite/README.md b/ops/buildkite/README.md new file mode 100644 index 000000000..9d31a53fd --- /dev/null +++ b/ops/buildkite/README.md @@ -0,0 +1,24 @@ +Buildkite configuration +======================= + +This contains Terraform configuration for setting up our Buildkite +pipelines. + +Each pipeline (such as the one for depot itself, or exported subsets +of the depot) needs some static configuration stored in Buildkite. + +Through `//tools/depot-deps` a `tf-buildkite` binary is made available +which contains a Terraform binary pre-configured with the correct +providers. This is automatically on your `$PATH` through `direnv`. + +However, secrets still need to be loaded to access the Terraform state +and speak to the Buildkite API. These are available to certain users +through `//ops/secrets`. + +This can be done with separate direnv configuration, for example: + +``` +# //ops/buildkite/.envrc +source_up +eval $(age --decrypt -i ~/.ssh/id_ed25519 $(git rev-parse --show-toplevel)/ops/secrets/tf-buildkite.age) +``` diff --git a/ops/keycloak/README.md b/ops/keycloak/README.md index e8ffd700b..fd72daa87 100644 --- a/ops/keycloak/README.md +++ b/ops/keycloak/README.md @@ -12,7 +12,7 @@ credentials. An example `direnv` configuration used by tazjin is this: ``` -# //ops/secrets/.envrc +# //ops/keycloak/.envrc source_up eval $(age --decrypt -i ~/.ssh/id_ed25519 $(git rev-parse --show-toplevel)/ops/secrets/tf-keycloak.age) ```