.PHONY: init plan apply format VAULT_AUTH_METHOD ?= approle VAULT_K8S_ROLE ?= woodpecker_terraform_git VAULT_K8S_MOUNT ?= auth/k8s/au/syd1 VAULT_K8S_JWT_PATH ?= /var/run/secrets/kubernetes.io/serviceaccount/token define vault_env @export VAULT_ADDR="https://vault.service.consul:8200" && \ if [ "$(VAULT_AUTH_METHOD)" = "kubernetes" ]; then \ export VAULT_TOKEN=$$(vault write -field=token $(VAULT_K8S_MOUNT)/login role=$(VAULT_K8S_ROLE) jwt=$$(cat $(VAULT_K8S_JWT_PATH))); \ else \ export VAULT_TOKEN=$$(vault write -field=token auth/approle/login role_id=$$VAULT_ROLEID); \ fi && \ export CONSUL_HTTP_TOKEN=$$(vault read -field=token consul_root/au/syd1/creds/terraform-git) && \ export GITEA_TOKEN=$$(vault kv get -field=token kv/service/gitea/gitadmin/tokens/terraform-git) && \ export WOODPECKER_TOKEN=$$(vault kv get -field=token kv/service/woodpecker/tokens/gitadmin) endef init: @$(call vault_env) && \ terragrunt run --all --non-interactive init -- -upgrade plan: init @$(call vault_env) && \ terragrunt run --all --parallelism 4 --non-interactive plan apply: init @$(call vault_env) && \ terragrunt run --all --parallelism 2 --non-interactive apply format: @echo "Formatting OpenTofu files..." @tofu fmt -recursive . @echo "Formatting Terragrunt files..." @terragrunt hcl fmt