docs(ops/buildkite): Add documentation about this config
Change-Id: Ia61b15127c67cdd9dddcab9f3540f1aee949cd6b Reviewed-on: https://cl.tvl.fyi/c/depot/+/5839 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org>
This commit is contained in:
		
							parent
							
								
									c58cc1e690
								
							
						
					
					
						commit
						b29b6a092c
					
				
					 2 changed files with 25 additions and 1 deletions
				
			
		
							
								
								
									
										24
									
								
								ops/buildkite/README.md
									
										
									
									
									
										Normal file
									
								
							
							
						
						
									
										24
									
								
								ops/buildkite/README.md
									
										
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,24 @@ | |||
| Buildkite configuration | ||||
| ======================= | ||||
| 
 | ||||
| This contains Terraform configuration for setting up our Buildkite | ||||
| pipelines. | ||||
| 
 | ||||
| Each pipeline (such as the one for depot itself, or exported subsets | ||||
| of the depot) needs some static configuration stored in Buildkite. | ||||
| 
 | ||||
| Through `//tools/depot-deps` a `tf-buildkite` binary is made available | ||||
| which contains a Terraform binary pre-configured with the correct | ||||
| providers. This is automatically on your `$PATH` through `direnv`. | ||||
| 
 | ||||
| However, secrets still need to be loaded to access the Terraform state | ||||
| and speak to the Buildkite API. These are available to certain users | ||||
| through `//ops/secrets`. | ||||
| 
 | ||||
| This can be done with separate direnv configuration, for example: | ||||
| 
 | ||||
| ``` | ||||
| # //ops/buildkite/.envrc | ||||
| source_up | ||||
| eval $(age --decrypt -i ~/.ssh/id_ed25519 $(git rev-parse --show-toplevel)/ops/secrets/tf-buildkite.age) | ||||
| ``` | ||||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue