2022-04-14 13:35:10 +00:00
|
|
|
OVERLAY := $(shell pwd)/overlay
|
|
|
|
# FILTER := --only 3.15 kubezero --skip aarch64
|
|
|
|
FILTER := --only 3.15 --skip aarch64
|
|
|
|
STEP := publish
|
|
|
|
|
|
|
|
all: build
|
|
|
|
|
|
|
|
build:
|
|
|
|
cd alpine-cloud-images && ./build $(STEP) --clean --revise $(FILTER) --custom $(OVERLAY)/zdt --vars $(OVERLAY)/zdt/zdt.hcl
|
|
|
|
|
|
|
|
clean:
|
|
|
|
rm -rf alpine-cloud-images/work
|
2022-04-14 15:25:41 +00:00
|
|
|
|
|
|
|
# Adds all tracked encrypted files to .gitignore as safety net
|
|
|
|
age-add-gitignore:
|
2022-04-17 16:30:48 +00:00
|
|
|
@touch .gitignore; for f in $$(yq eval .paths[] .age.yml); do grep -qxF $$f .gitignore || echo $$f >> .gitignore; done
|
2022-04-14 15:25:41 +00:00
|
|
|
|
2022-04-17 16:30:48 +00:00
|
|
|
# Decrypts all secrets and removes the .age file
|
2022-04-14 15:25:41 +00:00
|
|
|
age-unseal:
|
2022-04-17 16:30:48 +00:00
|
|
|
@for f in $$(yq eval .paths[] .age.yml); do \
|
|
|
|
age --decrypt -i ~/.ssh/git.age -o $$f $$f.age && rm $$f.age; \
|
|
|
|
done
|
2022-04-14 15:25:41 +00:00
|
|
|
|
|
|
|
# Encrypts all secrets, but compares the local unencrypted files with the decrypted content from the index first
|
2022-04-17 16:30:48 +00:00
|
|
|
# If there are no diffs, just restore the .age file from the index and delete the unaltered local unencrypted file
|
2022-04-14 15:25:41 +00:00
|
|
|
# If there are changes re-encrypt
|
|
|
|
age-seal:
|
2022-04-17 16:30:48 +00:00
|
|
|
@keys=$$(yq eval .keys[] .age.yml | sed -e 's/^/-r /' ); \
|
|
|
|
for f in $$(yq eval .paths[] .age.yml); do \
|
2022-04-14 19:18:28 +00:00
|
|
|
[ -f $$f ] || continue; \
|
2022-04-17 16:34:00 +00:00
|
|
|
git restore $${f}.age 2>/dev/null && age --decrypt -i ~/.ssh/git.age $$f.age | diff -q - $$f 2>/dev/null 1>&2 && \
|
2022-04-17 16:30:48 +00:00
|
|
|
rm -f $$f || ( rm -f $$f.age; age --encrypt $$keys -o $$f.age $$f && rm -f $$f; ); done
|