9d0e6843f4
- .sops.yaml: creation rules matching .env.{dev,prod}.sops (dotenv format)
- .env.dev.sops: encrypted dev defaults (blank API keys, local paths)
- .env.prod.sops: encrypted prod template (placeholder values to fill in)
- Makefile: root Makefile with secrets-decrypt-dev/prod, secrets-edit-dev/prod, css-build/watch
- .gitignore: add age-key.txt
Dev workflow: make secrets-decrypt-dev → .env (repo root) → web app picks it up.
Server: deploy.sh will auto-decrypt .env.prod.sops on each deploy.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
33 lines
1.0 KiB
Makefile
33 lines
1.0 KiB
Makefile
TAILWIND := web/bin/tailwindcss
|
|
|
|
web/bin/tailwindcss:
|
|
@mkdir -p web/bin
|
|
curl -sLo web/bin/tailwindcss https://github.com/tailwindlabs/tailwindcss/releases/latest/download/tailwindcss-linux-x64
|
|
chmod +x web/bin/tailwindcss
|
|
|
|
css-build: web/bin/tailwindcss
|
|
$(TAILWIND) -i web/src/beanflows/static/css/input.css -o web/src/beanflows/static/css/output.css --minify
|
|
|
|
css-watch: web/bin/tailwindcss
|
|
$(TAILWIND) -i web/src/beanflows/static/css/input.css -o web/src/beanflows/static/css/output.css --watch
|
|
|
|
# -- Secrets (SOPS + age) --
|
|
# .env.*.sops files use dotenv format but sops can't infer from the extension,
|
|
# so we pass --input-type / --output-type explicitly.
|
|
|
|
SOPS_DOTENV := sops --input-type dotenv --output-type dotenv
|
|
|
|
secrets-decrypt-dev:
|
|
$(SOPS_DOTENV) --decrypt .env.dev.sops > .env
|
|
|
|
secrets-decrypt-prod:
|
|
$(SOPS_DOTENV) --decrypt .env.prod.sops > .env
|
|
|
|
secrets-edit-dev:
|
|
$(SOPS_DOTENV) .env.dev.sops
|
|
|
|
secrets-edit-prod:
|
|
$(SOPS_DOTENV) .env.prod.sops
|
|
|
|
.PHONY: css-build css-watch secrets-decrypt-dev secrets-decrypt-prod secrets-edit-dev secrets-edit-prod
|