deemanone/beanflows
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c5a218490e47a3bdc119cdd06dad565b716edbf6
beanflows/Makefile
Deeman 54dbb296dd fix(secrets): add secrets-updatekeys-prod target, use --input-type dotenv 
sops updatekeys doesn't inherit --input-type from context, so calling it bare
on .env.prod.sops causes "Error unmarshalling input json" (guesses JSON from
the .sops extension). Explicit --input-type dotenv fixes it.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-02-27 07:40:03 +01:00

73 lines
3.1 KiB
Makefile
Raw Blame History

TAILWIND_VERSION := v4.1.18
TAILWIND := web/bin/tailwindcss
SOPS_DOTENV := sops --input-type dotenv --output-type dotenv
.PHONY: help dev css-build css-watch \
secrets-decrypt-dev secrets-decrypt-prod \
secrets-edit-dev secrets-edit-prod \
secrets-encrypt-dev secrets-encrypt-prod \
secrets-updatekeys-prod
help:
@echo "Available targets:"
@echo " dev Start full dev environment (migrate, seed, app + worker + CSS watcher)"
@echo " css-build Build + minify Tailwind CSS"
@echo " css-watch Watch + rebuild Tailwind CSS"
@echo " secrets-decrypt-dev Decrypt .env.dev.sops → .env"
@echo " secrets-decrypt-prod Decrypt .env.prod.sops → .env"
@echo " secrets-edit-dev Edit .env.dev.sops in \$$EDITOR"
@echo " secrets-edit-prod Edit .env.prod.sops in \$$EDITOR"
@echo " secrets-encrypt-dev Encrypt .env (plaintext) → .env.dev.sops"
@echo " secrets-encrypt-prod Encrypt .env (plaintext) → .env.prod.sops"
@echo " secrets-updatekeys-prod Re-encrypt .env.prod.sops for all keys in .sops.yaml"
# ── Dev environment ───────────────────────────────────────────────────────────
dev:
@./web/scripts/dev_run.sh
# ── CSS ───────────────────────────────────────────────────────────────────────
web/bin/tailwindcss:
@mkdir -p web/bin
curl -sLo web/bin/tailwindcss https://github.com/tailwindlabs/tailwindcss/releases/download/$(TAILWIND_VERSION)/tailwindcss-linux-x64
chmod +x web/bin/tailwindcss
css-build: web/bin/tailwindcss
$(TAILWIND) -i web/src/beanflows/static/css/input.css -o web/src/beanflows/static/css/output.css --minify
css-watch: web/bin/tailwindcss
$(TAILWIND) -i web/src/beanflows/static/css/input.css -o web/src/beanflows/static/css/output.css --watch
# ── Secrets (SOPS + age) ─────────────────────────────────────────────────────
# Requires: sops (https://github.com/getsops/sops) + age (https://github.com/FiloSottile/age)
# Keys config: .sops.yaml
# .env.*.sops files use dotenv format but sops can't infer from the extension,
# so we pass --input-type / --output-type explicitly.
# Encrypted files are safe to commit to git.
secrets-decrypt-dev:
$(SOPS_DOTENV) --decrypt .env.dev.sops > .env
@echo "Decrypted .env.dev.sops → .env"
secrets-decrypt-prod:
$(SOPS_DOTENV) --decrypt .env.prod.sops > .env
@echo "Decrypted .env.prod.sops → .env"
secrets-edit-dev:
$(SOPS_DOTENV) .env.dev.sops
secrets-edit-prod:
$(SOPS_DOTENV) .env.prod.sops
secrets-encrypt-dev:
$(SOPS_DOTENV) --encrypt --in-place .env.dev.sops
@echo "Encrypted .env.dev.sops (commit this file)"
secrets-encrypt-prod:
$(SOPS_DOTENV) --encrypt --in-place .env.prod.sops
@echo "Encrypted .env.prod.sops (commit this file)"
secrets-updatekeys-prod:
sops updatekeys --input-type dotenv .env.prod.sops
Reference in New Issue View Git Blame Copy Permalink