about summary refs log tree commit diff
path: root/ops (follow)
Commit message (Collapse)AuthorAgeFilesLines
* ref(tools/govanity): moved back to its own repositoryFranck Cuny2022-10-081-0/+14
| | | | It's back at https://github.com/fcuny/govanity
* feat(ops/github): add notes.fcuny.net and containerd-to-vmFranck Cuny2022-10-042-0/+28
|
* feat(ops/github): add repository for fcuny.netFranck Cuny2022-10-041-0/+14
|
* ops(terraform): individual actions for init/plan/applyFranck Cuny2022-10-044-5/+43
| | | | | Don't do all of these actions together, instead provide helpers for both init, plan, and apply.
* feat(ops/github): new repository: gh-ssh-keysFranck Cuny2022-10-021-0/+14
|
* ops(github): terraform configuration to manage GitHubFranck Cuny2022-09-305-0/+354
| | | | | | Import current GitHub repositories into terraform. This should be the main way (going forward) to interact with GitHub to create / manage the repositories and ensuring I'm consistent in the ways I want to use it.
* fix(shellcheck): apply recommendations from shellcheckFranck Cuny2022-08-151-3/+3
| | | | | | | Change-Id: Id11ad998c30d6e863ab3b43552b9fe248a0d6c7f Reviewed-on: https://cl.fcuny.net/c/world/+/716 Tested-by: CI Reviewed-by: Franck Cuny <franck@fcuny.net>
* feat(ops/gcp-backups): add terraform configuration for GCP bucketsFranck Cuny2022-08-155-0/+193
| | | | | | | | | | | | | This terraform configuration is to create the buckets that I'm using for various buckets. Doing this through the UI is difficult, as there are too many options, it's easy to have different buckets with different settings when I need them to be identical, no way to review what the change is going to look like, etc. Change-Id: I8ee15939559e7632e2df9d17cfaec75d756930b6 Reviewed-on: https://cl.fcuny.net/c/world/+/713 Tested-by: CI Reviewed-by: Franck Cuny <franck@fcuny.net>
* fix(ops/tf): remove commentsFranck Cuny2022-08-101-8/+0
| | | | | | | Change-Id: Ifb970bc6835fbc0de1943349739524331b6dba76 Reviewed-on: https://cl.fcuny.net/c/world/+/712 Reviewed-by: Franck Cuny <franck@fcuny.net> Tested-by: CI
* feat(ops/tf): script to create GCP service accounts and set rolesFranck Cuny2022-08-101-0/+113
| | | | | | | | | | | | | | | Since I'm using terraform for a few things, I want to store the state in a GCP bucket. This script takes care of creating the bucket, creating the service account for terraform, setting the roles, and enabling impersonation. The script is (or at least is intended) to be idempotent. If a new project is created, running will update only what is needed. Change-Id: Ie92703be6d17749dc76dabcf9e73e7b274e8d2ac Reviewed-on: https://cl.fcuny.net/c/world/+/711 Reviewed-by: Franck Cuny <franck@fcuny.net> Tested-by: CI
* ref(ops/buildkite): use service account impersonation for GCPFranck Cuny2022-08-103-8/+30
| | | | | | | | | | | | | | | Instead of using a key for the terraform service account, use delegation. This simplifies a bit the setup: - no need to have a local key - principle of least privilege - no need to setup some environment variables Update the documentation in case something goes wrong in the future. Change-Id: I430bdf6816419da35ae8a36cec55ce56491b985c Reviewed-on: https://cl.fcuny.net/c/world/+/710 Tested-by: CI Reviewed-by: Franck Cuny <franck@fcuny.net>
* feat(ops/buildkite): use terraform to manage buildkiteFranck Cuny2022-08-076-0/+73
| | | | | | | Change-Id: I63fc8fd81679457f7dbeafc2bd10c0eded0de991 Reviewed-on: https://cl.fcuny.net/c/world/+/707 Tested-by: CI Reviewed-by: Franck Cuny <franck@fcuny.net>
* ci(pipeline): the pipeline to be executed with a new buildFranck Cuny2022-08-073-3/+28
| | | | | | | | | | | This is the pipeline that is executed when a new build starts. It wait for all the steps to be completed, and if one of them fail, the build is marked as failed. Change-Id: I1eb22b27749944de78d44e49586a1db1fe07b460 Reviewed-on: https://cl.fcuny.net/c/world/+/706 Tested-by: CI Reviewed-by: Franck Cuny <franck@fcuny.net>
* ref(ci): delete custom scripts for formattingFranck Cuny2022-08-063-55/+1
| | | | | | | | | | Since I have configured the pre-commit hooks, I can use them instead of my custom scripts: less things to maintain and easier to read output. Change-Id: Ic833ec88ed9fbcbe52b1b1680f978da3a5a08b31 Reviewed-on: https://cl.fcuny.net/c/world/+/681 Tested-by: CI Reviewed-by: Franck Cuny <franck@fcuny.net>
* ci(default): add `apps.ci.shellcheck` to flake.nixFranck Cuny2022-06-101-0/+6
| | | | | | | | | | | | I can now run `nix run .#ci.shellcheck` to validate the shell scripts with shellcheck in the repository. The pipeline in buildKite will need to be updated. Change-Id: Ia52ede86adfa58c9615b0f9e290ef5d5b8adb303 Reviewed-on: https://cl.fcuny.net/c/world/+/409 Tested-by: CI Reviewed-by: Franck Cuny <franck@fcuny.net>
* ci(shellcheck): add a script to check shell scriptsFranck Cuny2022-06-101-0/+24
| | | | | | | | | | | | The script uses shellcheck to validates that the shell scripts are correct. This is not used by anything yet. Change-Id: Ia96b132143fa0824eaf23420a72e5b518d618250 Reviewed-on: https://cl.fcuny.net/c/world/+/407 Tested-by: CI Reviewed-by: Franck Cuny <franck@fcuny.net>
* ci(fmt): add a script to check the formattingFranck Cuny2022-06-101-0/+27
Add a script for CI to check that all the files are formatted correctly. This is done by using `treefmt' with a configuration for go and nix files (for now). Running `nix run .#ci.fmt' in the repository will check all the files, and fail if there's any problems. It will not modify any files. The pipeline in builKite needs to be updated to run that command. Change-Id: Iec91163f1ab56ceb0cfff6db8f8ce93367ebeefe Reviewed-on: https://cl.fcuny.net/c/world/+/403 Tested-by: CI Reviewed-by: Franck Cuny <franck@fcuny.net>