SHELL := /usr/bin/env bash .DEFAULT_GOAL := help VERGABE_RELEASE ?= vergabe-teilnahme VERGABE_NAMESPACE ?= vergabe-teilnahme VERGABE_CHART ?= charts/vergabe-teilnahme VERGABE_VALUES ?= helm/vergabe-teilnahme-values.yaml VERGABE_INGRESS ?= manifests/vergabe-teilnahme-ingress.yaml VERGABE_DB_SECRET ?= vergabe-app-credentials VERGABE_ENV_SECRET ?= vergabe-teilnahme-env VERGABE_DB_USER ?= vergabe VERGABE_DB_HOST ?= apps-pg-rw.databases VERGABE_DB_PORT ?= 5432 VERGABE_DB_NAME ?= vergabe_db SOPS_SENTINEL ?= DRY_RUN_CREATE_NAMESPACES ?= false ##@ Operator checks check-tools: ## Check required operator tools and warn about optional diagnostics tools/check-tools.sh check-sops: ## Verify the local SOPS age key can decrypt SOPS_SENTINEL SOPS_SENTINEL="$(SOPS_SENTINEL)" tools/check-sops.sh k8s-server-dry-run: ## Server-side dry-run rendered Helm and committed manifests DRY_RUN_CREATE_NAMESPACES=$(DRY_RUN_CREATE_NAMESPACES) tools/k8s-server-dry-run.sh apps-pg-status: ## Check the shared apps-pg cnpg cluster @if kubectl cnpg status apps-pg -n databases >/dev/null 2>&1; then \ kubectl cnpg status apps-pg -n databases; \ else \ echo "kubectl cnpg plugin not available; falling back to cnpg resources"; \ kubectl get cluster apps-pg -n databases; \ kubectl get pods -n databases -l cnpg.io/cluster=apps-pg; \ fi ##@ Vergabe Teilnahme vergabe-dry-run: ## helm template render (no apply) for inspection helm template $(VERGABE_RELEASE) $(VERGABE_CHART) \ --namespace $(VERGABE_NAMESPACE) \ -f $(VERGABE_VALUES) vergabe-deploy: ## Deploy / upgrade vergabe-teilnahme Helm release helm upgrade --install $(VERGABE_RELEASE) $(VERGABE_CHART) \ --namespace $(VERGABE_NAMESPACE) --create-namespace \ -f $(VERGABE_VALUES) --wait --timeout 3m vergabe-ingress-deploy: ## Apply the vergabe-teilnahme ingress (whywhynot.de) kubectl apply -f $(VERGABE_INGRESS) vergabe-status: ## Show vergabe-teilnahme pod / svc / ingress / cert state kubectl get pods,svc,ingress,certificate -n $(VERGABE_NAMESPACE) -l app.kubernetes.io/instance=$(VERGABE_RELEASE) --ignore-not-found vergabe-migrate: ## Run Django migrations against the live deployment kubectl exec -n $(VERGABE_NAMESPACE) deploy/$(VERGABE_RELEASE) -- python manage.py migrate --noinput vergabe-seed: ## Run the idempotent seed command kubectl exec -n $(VERGABE_NAMESPACE) deploy/$(VERGABE_RELEASE) -- python manage.py seed_dev vergabe-superuser: ## Open an interactive shell for createsuperuser kubectl exec -it -n $(VERGABE_NAMESPACE) deploy/$(VERGABE_RELEASE) -- python manage.py createsuperuser vergabe-logs: ## Tail vergabe-teilnahme app logs kubectl logs -n $(VERGABE_NAMESPACE) -l app.kubernetes.io/instance=$(VERGABE_RELEASE) -f --tail=50 vergabe-db-url-secret: ## Rebuild DATABASE_URL with a URL-encoded cnpg password APP_NAMESPACE=$(VERGABE_NAMESPACE) \ APP_ENV_SECRET=$(VERGABE_ENV_SECRET) \ APP_DB_SECRET=$(VERGABE_DB_SECRET) \ APP_DB_USER=$(VERGABE_DB_USER) \ APP_DB_HOST=$(VERGABE_DB_HOST) \ APP_DB_PORT=$(VERGABE_DB_PORT) \ APP_DB_NAME=$(VERGABE_DB_NAME) \ tools/build-database-url-secret.sh ##@ Help help: ## Show this help @awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n make \033[36m\033[0m\n"} \ /^[a-zA-Z0-9_-]+:.*?##/ { printf " \033[36m%-20s\033[0m %s\n", $$1, $$2 } \ /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) }' $(MAKEFILE_LIST) .PHONY: check-tools check-sops k8s-server-dry-run apps-pg-status vergabe-dry-run vergabe-deploy vergabe-ingress-deploy vergabe-status vergabe-migrate vergabe-seed vergabe-superuser vergabe-logs vergabe-db-url-secret help