Makefile: sync with infra-template repo

Author: jakubgs

.envrc

@@ -2,5 +2,6 @@ if ! has nix_direnv_version || ! nix_direnv_version 3.0.6; then
   source_url "https://raw.githubusercontent.com/nix-community/nix-direnv/3.0.6/direnvrc" "sha256-RYcUJaRMf8oF5LznDrlCXbkOQrywm0HDv1VjYGaJGdM="
 fi
 
+source .envrc.fixes
 source .envrc.secrets
 use flake

.envrc.fixes

@@ -0,0 +1,4 @@
+# Fixing macOS issue:
+# objc[33642]: +[__NSPlaceholderDate initialize] may have been in progress in another thread when fork() was called.
+# See: https://github.com/ansible/ansible/issues/49207
+export OBJC_DISABLE_INITIALIZE_FORK_SAFETY=YES

.envrc.secrets

@@ -3,3 +3,7 @@ export VAULT_CLIENT_CERT=./ansible/files/vault-client-user.crt
 export VAULT_CLIENT_KEY=./ansible/files/vault-client-user.key
 export VAULT_ADDR=https://vault-api.infra.status.im:8200
 export CONSUL_HTTP_TOKEN=$(pass services/consul/tokens/terraform)
+# Provide a script in your PATH matching this name to load the token.
+if command -v vault_token_provider >/dev/null; then
+    export VAULT_TOKEN=$(vault_token_provider)
+fi

Makefile

@@ -1,32 +1,40 @@
-OS = $(strip $(shell uname -s))
+# Colors
+YLW = \033[1;33m
+RED = \033[0;31m
+GRN = \033[0;32m
+BLU = \033[0;34m
+BLD = \033[1m
+RST = \033[0m
 
-ifeq ($(OS),Darwin)
-ARCH = darwin_amd64
+OS = $(shell uname -s | tr A-Z a-z)
+ARCH = "${OS}-$(shell uname -m)"
+
+ifeq ($(OS),darwin)
 PROVISIONER_SHA1 = bd688a503f526beedaf6ef5d2dba1128051573b6
 else
-ARCH = linux_amd64
-PROVISIONER_SHA1 = da9cdf019d8f860a6e417257d81b1b21aceba7b7
+PROVISIONER_SHA1 = 1cbdf2bafe9e968a039264a6d3e6b58a2d2576eb
 endif
 
 TF_PLUGINS_DIR = $(HOME)/.terraform.d/plugins
 
 PROVISIONER_NAME = terraform-provisioner-ansible
-PROVISIONER_VERSION = v2.5.0
-PROVISIONER_ARCHIVE = $(PROVISIONER_NAME)-$(subst _,-,$(ARCH))_$(PROVISIONER_VERSION)
-PROVISIONER_URL = https://github.com/radekg/terraform-provisioner-ansible/releases/download/$(PROVISIONER_VERSION)/$(PROVISIONER_ARCHIVE)
-PROVISIONER_PATH = $(TF_PLUGINS_DIR)/$(ARCH)/$(PROVISIONER_NAME)_$(PROVISIONER_VERSION)
+PROVISIONER_VERSION = v2.5.1
+PROVISIONER_ARCHIVE = $(PROVISIONER_NAME)-$(ARCH)-$(PROVISIONER_VERSION)
+PROVISIONER_URL = https://github.com/status-im/terraform-provisioner-ansible/releases/download/$(PROVISIONER_VERSION)/$(PROVISIONER_ARCHIVE)
+PROVISIONER_PATH = $(TF_PLUGINS_DIR)/$(PROVISIONER_NAME)
 
-all: roles-install install-provisioner secrets init-terraform
+all: roles-install install-provisioner secrets init-terraform checks
 	@echo "Success!"
 
 roles-install:
-	ansible/roles.py --install
+	@ansible/roles.py --install
 
 roles-check:
-	ansible/roles.py --check
+	@ansible/roles.py --check || \
+		echo -e '\n$(YLW)WARNING: Local role versions appear to be incorrect.$(RST)' >&2
 
 roles-update:
-	ansible/roles.py --update
+	@ansible/roles.py --update
 
 roles: roles-install roles-check
 
@@ -47,13 +55,30 @@ secrets:
 	pass services/vault/certs/client-user/cert > ansible/files/vault-client-user.crt
 	pass services/vault/certs/client-user/privkey > ansible/files/vault-client-user.key
 
-consul-token-check:
-ifndef CONSUL_HTTP_TOKEN
-	$(error No CONSUL_HTTP_TOKEN env variable set!)
-endif
-
-init-terraform: consul-token-check
+init-terraform: consul-check
 	terraform init -upgrade=true
 
 cleanup:
 	rm -r $(TF_PLUGINS_DIR)/$(ARCHIVE)
+
+consul-check:
+ifndef CONSUL_HTTP_TOKEN
+	@echo -e "$(RED)$(BLD)ERROR: No CONSUL_HTTP_TOKEN env variable set!$(RST)"; exit 1
+endif
+
+vault-check:
+ifndef VAULT_TOKEN
+	@echo -e "$(RED)$(BLD)ERROR: No VAULT_TOKEN env variable set!$(RST)"; exit 1
+endif
+
+DIRENV_LOADED ?= $(shell direnv status --json | jq .state.loadedRC.allowed)
+direnv-check:
+	@if [[ "$(DIRENV_LOADED)" -ne 0 ]] && [[ -z "$${DIRENV_IN_ENVRC}" ]]; then \
+		echo -e "$(YLW)WARNING: This repo assumes use of Direnv:$(RST)" \
+				"$(BLD)"'eval "$$(direnv hook zsh)"; direnv allow'"$(RST)"; \
+	fi
+
+checks: roles-check direnv-check consul-check vault-check
+	@echo -e "\n$(GRN)$(BLD)WELCOME BACK, COMMANDER$(RST)"
+
+.PHONY = checks roles-check direnv-check consul-check vault-check

flake.lock

@@ -1,7 +1,11 @@
 {
   description = "infra-shell";
 
-  inputs.nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
+  # bitwarden-cli has a build issue on macOS since 2024.8.0:
+  # this commit fixes nixpkgs right before switching to 2024.8.0
+  # https://github.com/NixOS/nixpkgs/issues/339576
+  inputs.nixpkgs.url = "github:nixos/nixpkgs/c374d94f1536013ca8e92341b540eba4c22f9c62";
+  #inputs.nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
 
   outputs = { self, nixpkgs }:
     let
@@ -15,8 +19,8 @@
         pkgs = pkgsFor.${system};
       in {
         default = let
-          pythonPkgs = pkgs.python311.withPackages (
-            _: with (pkgs.python311Packages); [
+          pythonPkgs = pkgs.python3.withPackages (
+            _: with (pkgs.python3Packages); [
               ipython pyyaml jinja2 PyGithub
               pyopenssl cryptography
               hvac
@@ -38,8 +42,7 @@
           ];
 
           shellHook = ''
-            ./ansible/roles.py --check || \
-              echo -e '\nWARNING: Your role versions appear to be incorrect!' >&2
+            make checks
           '';
         };
       });