diff options
Diffstat (limited to 'ops/buildkite')
| -rw-r--r-- | ops/buildkite/.gitignore | 3 | ||||
| -rw-r--r-- | ops/buildkite/README.org | 7 | ||||
| -rw-r--r-- | ops/buildkite/buildkite.tf | 51 | ||||
| -rw-r--r-- | ops/buildkite/default.nix | 23 | ||||
| -rw-r--r-- | ops/buildkite/steps.yml | 6 |
5 files changed, 0 insertions, 90 deletions
diff --git a/ops/buildkite/.gitignore b/ops/buildkite/.gitignore deleted file mode 100644 index 112bb96..0000000 --- a/ops/buildkite/.gitignore +++ /dev/null @@ -1,3 +0,0 @@ -# ignore the various terraform files that are generate. The state is -# stored in a GCS bucket. -.terraform* diff --git a/ops/buildkite/README.org b/ops/buildkite/README.org deleted file mode 100644 index c28acbd..0000000 --- a/ops/buildkite/README.org +++ /dev/null @@ -1,7 +0,0 @@ -This is to configure the pipelines in buildkite. - -To upload them, run =nix run .#ops.buildkite.upload=. - -The state is stored in a GCS bucket (and it needs to be created before we run this). - -The service account =terraform= needs to exist first, running =gcloud iam service-accounts list= will list them and we can verify it is defined. I might need to run =gcloud auth application-default login= in order to authenticate first. diff --git a/ops/buildkite/buildkite.tf b/ops/buildkite/buildkite.tf deleted file mode 100644 index cd74785..0000000 --- a/ops/buildkite/buildkite.tf +++ /dev/null @@ -1,51 +0,0 @@ -locals { - terraform_service_account = "terraform@fcuny-homelab.iam.gserviceaccount.com" -} - -provider "google" { - alias = "impersonation" - scopes = [ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/userinfo.email", - ] -} - -data "google_service_account_access_token" "default" { - provider = google.impersonation - target_service_account = local.terraform_service_account - scopes = ["userinfo-email", "cloud-platform"] - lifetime = "1200s" -} - -provider "google" { - project = "fcuny-homelab" - region = "us-west1" - zone = "us-west1-c" - access_token = data.google_service_account_access_token.default.access_token - request_timeout = "60s" -} - -terraform { - required_providers { - buildkite = { - source = "buildkite/buildkite" - } - } - - backend "gcs" { - bucket = "world-tf-state" - prefix = "buildkite/state" - impersonate_service_account = "terraform@fcuny-homelab.iam.gserviceaccount.com" - } -} - -provider "buildkite" { - organization = "fcuny-dot-xyz" -} - -resource "buildkite_pipeline" "world" { - name = "world" - description = "CI pipeline for the world repository." - repository = "https://cl.fcuny.net/world" - steps = file("./steps.yml") -} diff --git a/ops/buildkite/default.nix b/ops/buildkite/default.nix deleted file mode 100644 index 8e7c05c..0000000 --- a/ops/buildkite/default.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ pkgs }: -let - terraform = pkgs.terraform.withPlugins (p: [ - p.buildkite - p.google - ]); -in -pkgs.stdenv.mkDerivation rec { - name = "tf-buildkite"; - src = ./.; - - upload = pkgs.writeShellScriptBin "tf-buildkite-upload" '' - set -ueo pipefail - - cd $(git rev-parse --show-toplevel)/ops/buildkite - - export BUILDKITE_API_TOKEN=$(pass api/buildkite-terraform-token) - - ${terraform}/bin/terraform init - ${terraform}/bin/terraform plan - ${terraform}/bin/terraform apply - ''; -} diff --git a/ops/buildkite/steps.yml b/ops/buildkite/steps.yml deleted file mode 100644 index 9f30b8a..0000000 --- a/ops/buildkite/steps.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -steps: - - label: ":buildkite:" - key: ":init:" - command: | - buildkite-agent pipeline upload ops/ci/pipeline.yml |