about summary refs log tree commit diff
diff options
authorVincent Ambo <mail@tazj.in>2022-06-03T23·08+0000
committertazjin <tazjin@tvl.su>2022-06-06T11·05+0000
commitb29b6a092c1c80e91145782923437fbce08b9c9a (patch)
parentc58cc1e6901f5ed4103654404e3a1ae0902bcc13 (diff)
docs(ops/buildkite): Add documentation about this config r/4213
Change-Id: Ia61b15127c67cdd9dddcab9f3540f1aee949cd6b
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5839
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
2 files changed, 25 insertions, 1 deletions
diff --git a/ops/buildkite/README.md b/ops/buildkite/README.md
new file mode 100644
index 000000000..9d31a53fd
--- /dev/null
+++ b/ops/buildkite/README.md
@@ -0,0 +1,24 @@
+Buildkite configuration
+This contains Terraform configuration for setting up our Buildkite
+Each pipeline (such as the one for depot itself, or exported subsets
+of the depot) needs some static configuration stored in Buildkite.
+Through `//tools/depot-deps` a `tf-buildkite` binary is made available
+which contains a Terraform binary pre-configured with the correct
+providers. This is automatically on your `$PATH` through `direnv`.
+However, secrets still need to be loaded to access the Terraform state
+and speak to the Buildkite API. These are available to certain users
+through `//ops/secrets`.
+This can be done with separate direnv configuration, for example:
+# //ops/buildkite/.envrc
+eval $(age --decrypt -i ~/.ssh/id_ed25519 $(git rev-parse --show-toplevel)/ops/secrets/tf-buildkite.age)
diff --git a/ops/keycloak/README.md b/ops/keycloak/README.md
index e8ffd700b..fd72daa87 100644
--- a/ops/keycloak/README.md
+++ b/ops/keycloak/README.md
@@ -12,7 +12,7 @@ credentials.
 An example `direnv` configuration used by tazjin is this:
-# //ops/secrets/.envrc
+# //ops/keycloak/.envrc
 eval $(age --decrypt -i ~/.ssh/id_ed25519 $(git rev-parse --show-toplevel)/ops/secrets/tf-keycloak.age)