docs(ops/buildkite): Add documentation about this config

Change-Id: Ia61b15127c67cdd9dddcab9f3540f1aee949cd6b
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5839
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
This commit is contained in:
Vincent Ambo 2022-06-03 23:08:51 +00:00 committed by tazjin
parent c58cc1e690
commit b29b6a092c
2 changed files with 25 additions and 1 deletions

24
ops/buildkite/README.md Normal file
View file

@ -0,0 +1,24 @@
Buildkite configuration
=======================
This contains Terraform configuration for setting up our Buildkite
pipelines.
Each pipeline (such as the one for depot itself, or exported subsets
of the depot) needs some static configuration stored in Buildkite.
Through `//tools/depot-deps` a `tf-buildkite` binary is made available
which contains a Terraform binary pre-configured with the correct
providers. This is automatically on your `$PATH` through `direnv`.
However, secrets still need to be loaded to access the Terraform state
and speak to the Buildkite API. These are available to certain users
through `//ops/secrets`.
This can be done with separate direnv configuration, for example:
```
# //ops/buildkite/.envrc
source_up
eval $(age --decrypt -i ~/.ssh/id_ed25519 $(git rev-parse --show-toplevel)/ops/secrets/tf-buildkite.age)
```

View file

@ -12,7 +12,7 @@ credentials.
An example `direnv` configuration used by tazjin is this: An example `direnv` configuration used by tazjin is this:
``` ```
# //ops/secrets/.envrc # //ops/keycloak/.envrc
source_up source_up
eval $(age --decrypt -i ~/.ssh/id_ed25519 $(git rev-parse --show-toplevel)/ops/secrets/tf-keycloak.age) eval $(age --decrypt -i ~/.ssh/id_ed25519 $(git rev-parse --show-toplevel)/ops/secrets/tf-keycloak.age)
``` ```