about summary refs log tree commit diff
path: root/ops/buildkite/README.md
diff options
context:
space:
mode:
Diffstat (limited to 'ops/buildkite/README.md')
-rw-r--r--ops/buildkite/README.md24
1 files changed, 24 insertions, 0 deletions
diff --git a/ops/buildkite/README.md b/ops/buildkite/README.md
new file mode 100644
index 0000000000..9d31a53fd3
--- /dev/null
+++ b/ops/buildkite/README.md
@@ -0,0 +1,24 @@
+Buildkite configuration
+=======================
+
+This contains Terraform configuration for setting up our Buildkite
+pipelines.
+
+Each pipeline (such as the one for depot itself, or exported subsets
+of the depot) needs some static configuration stored in Buildkite.
+
+Through `//tools/depot-deps` a `tf-buildkite` binary is made available
+which contains a Terraform binary pre-configured with the correct
+providers. This is automatically on your `$PATH` through `direnv`.
+
+However, secrets still need to be loaded to access the Terraform state
+and speak to the Buildkite API. These are available to certain users
+through `//ops/secrets`.
+
+This can be done with separate direnv configuration, for example:
+
+```
+# //ops/buildkite/.envrc
+source_up
+eval $(age --decrypt -i ~/.ssh/id_ed25519 $(git rev-parse --show-toplevel)/ops/secrets/tf-buildkite.age)
+```
generated by cgit-pink 1.4.1 (git 2.44.0) at 2024-04-20T13ยท51+0000