#!/usr/bin/env bash # Reproducible foundation deploy. Master passphrase = the single external secret. set -euo pipefail DIR="$(cd "$(dirname "$0")" && pwd)" export PULUMI_CONFIG_PASSPHRASE="$(pass olsitec-foundation/PULUMI_CONFIG_PASSPHRASE)" # Test/initial deploy uses the dedicated VM key on port 222 (config carries host+port). export SSH_PRIVATE_KEY_PATH="${SSH_PRIVATE_KEY_PATH:-${HOME}/.ssh/foundation-test_ed25519}" pulumi login "file://${DIR}/state" >/dev/null ( cd "$DIR" && (pulumi stack select foundation 2>/dev/null || pulumi stack init foundation) && pulumi "$@" )