History

Florian Klink 5119cae360 fix(ops/buildkite): fix terraform state config The same fix from cl/11021 also needs to be applied to other states. Change-Id: I205b03aab49130639c79702f4bf16f0bf28d89ab Reviewed-on: https://cl.tvl.fyi/c/depot/+/12410 Tested-by: BuildkiteCI Reviewed-by: tazjin <tazjin@tvl.su> Autosubmit: flokli <flokli@flokli.de>		2024-09-01 13:18:14 +00:00
..
.gitignore	feat(ops/buildkite): Bootstrap Buildkite Terraform configuration	2022-06-06 11:05:12 +00:00
default.nix	refactor(ops/buildkite): Use tools.checks.validateTerraform	2022-06-07 09:32:13 +00:00
README.md	docs(ops/buildkite): Add documentation about this config	2022-06-06 11:05:12 +00:00
steps-depot.yml	feat(ops/buildkite): Import main depot pipeline	2022-06-06 11:05:12 +00:00
steps-tvix.yml	feat(ops/buildkite): add tvix pipeline	2023-02-01 17:11:50 +00:00
steps-tvl-kit.yml	feat(ops/buildkite): Import tvl-kit pipeline	2022-06-06 11:05:12 +00:00
tvl.tf	fix(ops/buildkite): fix terraform state config	2024-09-01 13:18:14 +00:00

README.md

Buildkite configuration

This contains Terraform configuration for setting up our Buildkite pipelines.

Each pipeline (such as the one for depot itself, or exported subsets of the depot) needs some static configuration stored in Buildkite.

Through //tools/depot-deps a tf-buildkite binary is made available which contains a Terraform binary pre-configured with the correct providers. This is automatically on your $PATH through direnv.

However, secrets still need to be loaded to access the Terraform state and speak to the Buildkite API. These are available to certain users through //ops/secrets.

This can be done with separate direnv configuration, for example:

# //ops/buildkite/.envrc
source_up
eval $(age --decrypt -i ~/.ssh/id_ed25519 $(git rev-parse --show-toplevel)/ops/secrets/tf-buildkite.age)