alpine-zdt-images/Makefile

OVERLAY := $(shell pwd)/overlay
ONLY :=
SKIP :=
FILTER := --only $(ONLY) --skip aarch64 $(SKIP)
STEP := publish

all: build

build:
	cd alpine-cloud-images && ./build $(STEP) --clean --pad-uefi-bin-arch '' --revise $(FILTER) --custom $(OVERLAY)/zdt --vars $(OVERLAY)/zdt/zdt.hcl

clean:
	rm -rf alpine-cloud-images/work

# Adds all tracked encrypted files to .gitignore as safety net
age-add-gitignore:
	@touch .gitignore; for f in $$(yq eval .paths[] .age.yml); do grep -qxF $$f .gitignore || echo $$f >> .gitignore; done

# Decrypts all secrets and deletes encrypted .age
age-unseal:
	@for f in $$(yq eval .paths[] .age.yml); do \
		age --decrypt -i ~/.ssh/git.age -o $$f $$f.age && rm $$f.age; \
	done

# Compares all unencrypted files against last encrypted versions
# If there are no diffs, just restore the .age file from the index and delete the unaltered local unencrypted file
# otherwise re-encrypt and remove clear text
age-seal:
	@keys=$$(yq eval .keys[] .age.yml | sed -e 's/^/-r /' ); \
	for f in $$(yq eval .paths[] .age.yml); do \
		[ -f $$f ] || continue; \
		git restore $${f}.age 2>/dev/null && \
		age --decrypt -i ~/.ssh/git.age $$f.age | diff -q - $$f 2>/dev/null 1>&2 && \
		rm -f $$f || ( rm -f $$f.age; age --encrypt $$keys -o $$f.age $$f && rm -f $$f; ); done

# Just a reference how it could work, requires root though
scan-image:
	doas ./scan_image.sh alpine-cloud-images/work/images/aws/*/image.qcow2

pull-upstream: ## pull latest shared alpine-cloud-images
	git stash && git subtree pull --prefix alpine-cloud-images git@gitlab.alpinelinux.org:alpine/cloud/alpine-cloud-images.git main --squash && git stash pop
feat: first working KubeZero images, alpha agebox support 2022-04-14 13:35:10 +00:00			`OVERLAY := $(shell pwd)/overlay`
fix: various tweaks and cleanups for 1.22 2022-05-03 16:39:12 +00:00			`ONLY :=`
feat: latest 3.18 release, first working bare-metal-nocloud image 2024-03-11 13:32:20 +00:00			`SKIP :=`
feat: KubeZero v1.28 2024-04-08 13:01:20 +00:00			`FILTER := --only $(ONLY) --skip aarch64 $(SKIP)`
feat: first working KubeZero images, alpha agebox support 2022-04-14 13:35:10 +00:00			`STEP := publish`

			`all: build`

			`build:`
Kubezero v1.25, Alpine 3.17 2023-04-27 07:34:14 +00:00			`cd alpine-cloud-images && ./build $(STEP) --clean --pad-uefi-bin-arch '' --revise $(FILTER) --custom $(OVERLAY)/zdt --vars $(OVERLAY)/zdt/zdt.hcl`
feat: first working KubeZero images, alpha agebox support 2022-04-14 13:35:10 +00:00
			`clean:`
			`rm -rf alpine-cloud-images/work`
Implement agebox flow in Makefile 2022-04-14 15:25:41 +00:00
			`# Adds all tracked encrypted files to .gitignore as safety net`
			`age-add-gitignore:`
fix: remove agebox 2022-04-17 16:30:48 +00:00			`@touch .gitignore; for f in $$(yq eval .paths[] .age.yml); do grep -qxF $$f .gitignore \|\| echo $$f >> .gitignore; done`
Implement agebox flow in Makefile 2022-04-14 15:25:41 +00:00
Update access 2022-04-19 08:49:26 +00:00			`# Decrypts all secrets and deletes encrypted .age`
Implement agebox flow in Makefile 2022-04-14 15:25:41 +00:00			`age-unseal:`
fix: remove agebox 2022-04-17 16:30:48 +00:00			`@for f in $$(yq eval .paths[] .age.yml); do \`
			`age --decrypt -i ~/.ssh/git.age -o $$f $$f.age && rm $$f.age; \`
			`done`
Implement agebox flow in Makefile 2022-04-14 15:25:41 +00:00
Update access 2022-04-19 08:49:26 +00:00			`# Compares all unencrypted files against last encrypted versions`
fix: remove agebox 2022-04-17 16:30:48 +00:00			`# If there are no diffs, just restore the .age file from the index and delete the unaltered local unencrypted file`
Update access 2022-04-19 08:49:26 +00:00			`# otherwise re-encrypt and remove clear text`
Implement agebox flow in Makefile 2022-04-14 15:25:41 +00:00			`age-seal:`
fix: remove agebox 2022-04-17 16:30:48 +00:00			`@keys=$$(yq eval .keys[] .age.yml \| sed -e 's/^/-r /' ); \`
			`for f in $$(yq eval .paths[] .age.yml); do \`
fix: make age-seal safe to call multiple times 2022-04-14 19:18:28 +00:00			`[ -f $$f ] \|\| continue; \`
Update access 2022-04-19 08:49:26 +00:00			`git restore $${f}.age 2>/dev/null && \`
			`age --decrypt -i ~/.ssh/git.age $$f.age \| diff -q - $$f 2>/dev/null 1>&2 && \`
fix: remove agebox 2022-04-17 16:30:48 +00:00			`rm -f $$f \|\| ( rm -f $$f.age; age --encrypt $$keys -o $$f.age $$f && rm -f $$f; ); done`
fix: syslog-ng logrotate, add filter for kube, update access.conf 2022-05-23 14:12:09 +00:00
			`# Just a reference how it could work, requires root though`
			`scan-image:`
feat: KubeZero v1.28 2024-04-08 13:01:20 +00:00			`doas ./scan_image.sh alpine-cloud-images/work/images/aws/*/image.qcow2`
Pull latest alpine-cloud-iamges, first metal tests 2022-11-04 14:10:49 +00:00
			`pull-upstream: ## pull latest shared alpine-cloud-images`
			`git stash && git subtree pull --prefix alpine-cloud-images git@gitlab.alpinelinux.org:alpine/cloud/alpine-cloud-images.git main --squash && git stash pop`