move hercules CI secrets to sops

2024-12-16 08:34:56 +10:00 · 2024-12-16 08:34:56 +10:00 · 36a9be1663
commit 36a9be1663
parent b260b29a85
11 changed files with 131 additions and 91 deletions
--- a/tasks.py
+++ b/tasks.py
@ -71,7 +71,9 @@ def update_sops_files(c: Any) -> None:
        print("# AUTOMATICALLY GENERATED WITH: $ inv update-sops-files", file=f)

    c.run(f"nix eval --json -f {ROOT}/sops.nix | yq e -P - >> {ROOT}/.sops.yaml")
-    c.run("shopt -s globstar && sops updatekeys --yes **/secrets.yaml")
+    c.run(
+        "shopt -s globstar && sops updatekeys --yes **/secrets.yaml modules/secrets/*.yaml"
+    )


@task