# Derived secrets — generated from source secrets before kustomize build JUICEFS_METAURL := k8s/juicefs/metaurl.secret TRANQUIL_DB_URL := k8s/pds/tranquil-database-url.secret TRANQUIL_VALKEY_URL := k8s/pds/tranquil-valkey-url.secret OPAKE_STAGING_DB_URL := k8s/opake-staging/database-url.secret .PHONY: secrets clean-secrets build secrets: $(JUICEFS_METAURL) $(TRANQUIL_DB_URL) $(TRANQUIL_VALKEY_URL) $(OPAKE_STAGING_DB_URL) $(JUICEFS_METAURL): k8s/juicefs/redis-password.secret @pw=$$(cat $< | tr -d '\n') && \ printf 'redis://:%s@redis.juicefs.svc.cluster.local:6379/0' "$$pw" > $@ $(TRANQUIL_DB_URL): k8s/postgres/postgres-password.secret @pw=$$(cat $< | tr -d '\n' | python3 -c 'import sys,urllib.parse; print(urllib.parse.quote(sys.stdin.read(),safe=""),end="")') && \ printf 'postgres://tranquil:%s@postgres.postgres.svc.cluster.local:5432/pds' "$$pw" > $@ build: secrets kustomize build k8s/ $(TRANQUIL_VALKEY_URL): k8s/juicefs/redis-password.secret @pw=$$(cat $< | tr -d '\n') && \ printf 'redis://:%s@redis.juicefs.svc.cluster.local:6379/1' "$$pw" > $@ $(OPAKE_STAGING_DB_URL): k8s/postgres/opake-staging-password.secret @pw=$$(cat $< | tr -d '\n' | python3 -c 'import sys,urllib.parse; print(urllib.parse.quote(sys.stdin.read(),safe=""),end="")') && \ printf 'ecto://opake_staging:%s@postgres.postgres.svc.cluster.local:5432/opake_staging' "$$pw" > $@ clean-secrets: rm -f $(JUICEFS_METAURL) $(TRANQUIL_DB_URL) $(TRANQUIL_VALKEY_URL) $(OPAKE_STAGING_DB_URL) # Tranquil PDS TRANQUIL_REPO ?= /tmp/tranquil-pds .PHONY: build-tranquil push-tranquil build-tranquil-frontend push-tranquil-frontend build-tranquil: @test -d "$(TRANQUIL_REPO)" || { echo "error: tranquil-pds repo not found at $(TRANQUIL_REPO)"; exit 1; } docker buildx build --platform linux/arm64 -t zot.sans-self.org/infra/tranquil-pds:latest "$(TRANQUIL_REPO)" push-tranquil: docker push zot.sans-self.org/infra/tranquil-pds:latest build-tranquil-frontend: @test -d "$(TRANQUIL_REPO)" || { echo "error: tranquil-pds repo not found at $(TRANQUIL_REPO)"; exit 1; } docker buildx build --platform linux/arm64 -t zot.sans-self.org/infra/tranquil-frontend:latest "$(TRANQUIL_REPO)/frontend" push-tranquil-frontend: docker push zot.sans-self.org/infra/tranquil-frontend:latest # Jetstream (self-hosted, ARM64) JETSTREAM_REPO ?= /tmp/jetstream .PHONY: build-jetstream push-jetstream build-jetstream: @test -d "$(JETSTREAM_REPO)" || { echo "error: jetstream repo not found at $(JETSTREAM_REPO)"; exit 1; } docker buildx build --platform linux/arm64 -t zot.sans-self.org/infra/jetstream:latest -f dockerfiles/jetstream.Dockerfile "$(JETSTREAM_REPO)" push-jetstream: docker push zot.sans-self.org/infra/jetstream:latest # CI validate image .PHONY: build-ci-validate push-ci-validate build-ci-validate: docker buildx build --platform linux/arm64 -t zot.sans-self.org/infra/ci-validate:latest -f dockerfiles/ci-validate.Dockerfile . push-ci-validate: docker push zot.sans-self.org/infra/ci-validate:latest # CI opake image (buildah + bash for Loom) .PHONY: build-ci-opake push-ci-opake build-ci-opake: docker buildx build --platform linux/arm64 -t zot.sans-self.org/infra/ci-opake:latest -f dockerfiles/ci-opake.Dockerfile . push-ci-opake: docker push zot.sans-self.org/infra/ci-opake:latest # JuiceFS mount image (v1.3.1 + btrfs inode cache fix from juicedata/juicefs#6675) .PHONY: build-juicefs-mount push-juicefs-mount build-juicefs-mount: docker buildx build --platform linux/arm64 -t sansself/juicefs:v1.3.1-btrfs-fix -f dockerfiles/juicefs-mount.Dockerfile . push-juicefs-mount: docker push sansself/juicefs:v1.3.1-btrfs-fix # Rust + wasm-pack base image (used in Containerfile.web wasm-builder stage) .PHONY: build-rust-wasm push-rust-wasm build-rust-wasm: docker buildx build --platform linux/arm64 -t zot.sans-self.org/infra/rust-wasm:latest -f dockerfiles/rust-wasm.Dockerfile . push-rust-wasm: docker push zot.sans-self.org/infra/rust-wasm:latest