-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcommon.mk
263 lines (214 loc) · 9.99 KB
/
common.mk
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
# common.mk - common targets for Infra External repository
# SPDX-FileCopyrightText: (C) 2025 Intel Corporation
# SPDX-License-Identifier: Apache-2.0
# Makefile Style Guide:
# - Help will be generated from ## comments at end of any target line
# - Use smooth parens $() for variables over curly brackets ${} for consistency
# - Continuation lines (after an \ on previous line) should start with spaces
# not tabs - this will cause editor highlighting to point out editing mistakes
# - When creating targets that run a lint or similar testing tool, print the
# tool version first so that issues with versions in CI or other remote
# environments can be caught
# Optionally include tool version checks, not used in Docker builds
ifeq ($(TOOL_VERSION_CHECK), 1)
include ../version.mk
endif
# Shell config variable
SHELL := bash -eu -o pipefail
#### Go Targets ####
# GO variables
GOARCH := $(shell go env GOARCH)
GOCMD := go
#### Variables ####
# Defining the shell, users and groups
SHELL := bash -eu -o pipefail
GOARCH := $(shell go env GOARCH)
CURRENT_UID := $(shell id -u)
CURRENT_GID := $(shell id -g)
# Path variables
OUT_DIR := out
APIPKG_DIR := pkg/api
BIN_DIR := $(OUT_DIR)/bin
GOPATH := $(shell go env GOPATH)
RBAC := "$(OUT_DIR)/rego/authz.rego"
SRC := $(shell find . -type f -name '*.go' ! -name '*_test.go')
DEPS := go.mod go.sum
# Docker variables
DOCKER_ENV := DOCKER_BUILDKIT=1
OCI_REGISTRY ?= 080137407410.dkr.ecr.us-west-2.amazonaws.com
OCI_REPOSITORY ?= edge-orch
DOCKER_SECTION := infra
DOCKER_REGISTRY ?= $(OCI_REGISTRY)
DOCKER_REPOSITORY ?= $(OCI_REPOSITORY)
DOCKER_TAG := $(DOCKER_REGISTRY)/$(DOCKER_REPOSITORY)/$(DOCKER_SECTION)/$(DOCKER_IMG_NAME):$(VERSION)
DOCKER_TAG_BRANCH := $(DOCKER_REGISTRY)/$(DOCKER_REPOSITORY)/$(DOCKER_SECTION)/$(DOCKER_IMG_NAME):$(DOCKER_VERSION)
# Decides if we shall push image tagged with the branch name or not.
DOCKER_TAG_BRANCH_PUSH ?= true
LABEL_REPO_URL ?= $(shell git remote get-url $(shell git remote | head -n 1))
LABEL_VERSION ?= $(VERSION)
LABEL_REVISION ?= $(GIT_COMMIT)
LABEL_BUILD_DATE ?= $(shell date -u "+%Y-%m-%dT%H:%M:%SZ")
DB_CONTAINER_NAME := $(PROJECT_NAME)-db
# Docker networking flags for the database container.
# The problem is as follows: On a local MacOS machine we want to expose the port
# of the DB to the native host to enable smooth tooling and unit tests. During
# CI we're already inside a container, hence have to attach the DB container to
# the same network stack as the job. Because the port (-p) syntax cannot be used
# at the same time as the --network container:x flag, we need this variable.
ifeq ($(shell echo $${CI_CONTAINER:-false}), true)
DOCKER_NETWORKING_FLAGS = --network container:$$HOSTNAME
else
DOCKER_NETWORKING_FLAGS = -p 5432:5432
endif
#### Security Config ####
# Security config for Go Builds - see:
# https://readthedocs.intel.com/SecureCodingStandards/latest/compiler/golang/
# -trimpath: Remove all file system paths from the resulting executable.
# -gcflags="all=-m": Print optimizations applied by the compiler for review and verification against security requirements.
# -gcflags="all=-spectre=all" Enable all available Spectre mitigations
# -ldflags="all=-s -w" remove the symbol and debug info
# -ldflags="all=-X ..." Embed binary build stamping information
ifeq ($(GOARCH),arm64)
# Note that arm64 (Apple, similar) does not support any spectre mititations.
GOEXTRAFLAGS := -trimpath -gcflags="all=-spectre= -N -l" -asmflags="all=-spectre=" -ldflags="all=-s -w -X 'main.RepoURL=$(LABEL_REPO_URL)' -X 'main.Version=$(LABEL_VERSION)' -X 'main.Revision=$(LABEL_REVISION)' -X 'main.BuildDate=$(LABEL_BUILD_DATE)'"
else
GOEXTRAFLAGS := -trimpath -gcflags="all=-spectre=all -N -l" -asmflags="all=-spectre=all" -ldflags="all=-s -w -X 'main.RepoURL=$(LABEL_REPO_URL)' -X 'main.Version=$(LABEL_VERSION)' -X 'main.Revision=$(LABEL_REVISION)' -X 'main.BuildDate=$(LABEL_BUILD_DATE)'"
endif
# Postgres DB configuration and credentials for testing. This mimics the Aurora
# production environment.
export PGUSER=admin
export PGHOST=localhost
export PGDATABASE=postgres
export PGPORT=5432
export PGPASSWORD=pass
export PGSSLMODE=disable
# Yamllint variables
YAML_FILES := $(shell find . -type f \( -name '*.yaml' -o -name '*.yml' \) -print )
YAML_IGNORE ?= vendor, .github/workflows, $(VENV_NAME)
#### Build Targets ####
$(OUT_DIR): ## Create out directory
mkdir -p $(OUT_DIR)
build: go-build ## Build resource manager binary
go-build: $(OUT_DIR) $(OUT_DIR)/$(BINARY_NAME) ## Build resource manager binary
run: go-build ## Run the resource manager
$(OUT_DIR)/$(BINARY_NAME)
#### Docker Targets ####
docker-build: ## Build Docker image
$(GOCMD) mod vendor
cp ../common.mk ../version.mk .
docker build . -f Dockerfile \
-t $(DOCKER_IMG_NAME):$(VERSION) \
--build-arg http_proxy="$(http_proxy)" --build-arg HTTP_PROXY="$(HTTP_PROXY)" \
--build-arg https_proxy="$(https_proxy)" --build-arg HTTPS_PROXY="$(HTTPS_PROXY)" \
--build-arg no_proxy="$(no_proxy)" --build-arg NO_PROXY="$(NO_PROXY)" \
--build-arg REPO_URL="$(LABEL_REPO_URL)" \
--build-arg VERSION="$(LABEL_VERSION)" \
--build-arg REVISION="$(LABEL_REVISION)" \
--build-arg BUILD_DATE="$(LABEL_BUILD_DATE)"
@rm -rf vendor common.mk version.mk
docker-push: ## Tag and push Docker image
docker tag $(DOCKER_IMG_NAME):$(VERSION) $(DOCKER_TAG_BRANCH)
docker tag $(DOCKER_IMG_NAME):$(VERSION) $(DOCKER_TAG)
docker push $(DOCKER_TAG)
ifeq ($(DOCKER_TAG_BRANCH_PUSH), true)
docker push $(DOCKER_TAG_BRANCH)
endif
docker-list: ## Print name of docker container image
@echo " $(DOCKER_IMG_NAME):"
@echo " name: '$(DOCKER_TAG)'"
@echo " version: '$(VERSION)'"
@echo " gitTagPrefix: '$(GIT_TAG_PREFIX)'"
@echo " buildTarget: '$(PROJECT_NICKNAME)-docker-build'"
#### Python venv Target ####
VENV_NAME := venv_$(PROJECT_NAME)
$(VENV_NAME): requirements.txt ## Create Python venv
python3 -m venv $@ ;\
set +u; . ./$@/bin/activate; set -u ;\
python -m pip install --upgrade pip ;\
python -m pip install -r requirements.txt
#### Maintenance Targets ####
go-tidy: ## Run go mod tidy
$(GOCMD) mod tidy
go-lint-fix: ## Apply automated lint/formatting fixes to go files
golangci-lint --version
golangci-lint run --fix --config .golangci.yml
go-vendor: ## go mod vendor
$(GOCMD) mod vendor
dependency-check: go-dependency-check ## Check versions of installed tools against recommended versions
#### Test Targets ####
common-lint: license yamllint hadolint go-lint mdlint ## Run all common lint tools
# https://github.com/koalaman/shellcheck
SH_FILES := $(shell find . -type f \( -name '*.sh' \) -print )
shellcheck: ## lint shell scripts with shellcheck
shellcheck --version
shellcheck -x -S style $(SH_FILES)
# https://pypi.org/project/reuse/
license: $(VENV_NAME) ## Check licensing with the reuse tool
set +u; . ./$</bin/activate; set -u ;\
reuse --version ;\
reuse --root . lint
hadolint: ## Check Dockerfile with Hadolint
hadolint Dockerfile
checksec: go-build ## Check various security properties that are available for executable,like RELRO, STACK CANARY, NX,PIE etc
$(GOCMD) version -m $(OUT_DIR)/$(BINARY_NAME)
checksec --output=json --file=$(OUT_DIR)/$(BINARY_NAME)
checksec --fortify-file=$(OUT_DIR)/$(BINARY_NAME)
yamllint: $(VENV_NAME) ## Lint YAML files
. ./$</bin/activate; set -u ;\
yamllint --version ;\
yamllint -d '{extends: default, rules: {line-length: {max: 99}}, ignore: [$(YAML_IGNORE)]}' -s $(YAML_FILES)
go-lint: $(OUT_DIR) ## Run go lint
golangci-lint --version
golangci-lint run $(LINT_DIRS) --config .golangci.yml
mdlint: ## Lint MD files
markdownlint --version ;\
markdownlint "**/*.md" -c ../.markdownlint.yml
go-test: $(OUT_DIR) $(GO_TEST_DEPS) ## Run go test and calculate code coverage
ifeq ($(TEST_USE_DB), true)
$(MAKE) db-stop
$(MAKE) db-start
endif
$(GOCMD) test -race -v -p 1 -failfast \
-coverpkg=$(TEST_PKG) -run $(TEST_TARGET) \
-coverprofile=$(OUT_DIR)/coverage.out \
-covermode $(TEST_COVER) $(if $(TEST_ARGS),-args $(TEST_ARGS)) \
| tee >(go-junit-report -set-exit-code > $(OUT_DIR)/report.xml)
gocover-cobertura $(if $(TEST_IGNORE_FILES),-ignore-files $(TEST_IGNORE_FILES)) < $(OUT_DIR)/coverage.out > $(OUT_DIR)/coverage.xml
$(GOCMD) tool cover -html=$(OUT_DIR)/coverage.out -o $(OUT_DIR)/coverage.html
$(GOCMD) tool cover -func=$(OUT_DIR)/coverage.out -o $(OUT_DIR)/function_coverage.log
ifeq ($(TEST_USE_DB), true)
$(MAKE) db-stop
endif
#### Postgress DB Targets ####
db-start: ## Start the local postgres database. See: db-stop
if [ -z "`docker ps -aq -f name=^$(DB_CONTAINER_NAME)`" ]; then \
echo POSTGRES_PASSWORD=$$PGPASSWORD \
-e POSTGRES_DB=$$PGDATABASE -e POSTGRES_USER=$$PGUSER \
-d postgres:$(POSTGRES_VERSION); \
docker run --name $(DB_CONTAINER_NAME) --rm $(DOCKER_NETWORKING_FLAGS) \
-e POSTGRES_PASSWORD=$$PGPASSWORD \
-e POSTGRES_DB=$$PGDATABASE \
-e POSTGRES_USER=$$PGUSER \
-d postgres:$(POSTGRES_VERSION); \
fi
db-stop: ## Stop the local postgres database. See: db-start
@if [ -n "`docker ps -aq -f name=^$(DB_CONTAINER_NAME)`" ]; then \
docker container kill $(DB_CONTAINER_NAME); \
fi
db-shell: ## Run the postgres shell connected to a local database. See: db-start
docker run -it --network=host -e PGPASSWORD=$(PGPASSWORD) \
--name inv-shell --rm postgres:$(POSTGRES_VERSION) psql \-h $$PGHOST -U $$PGUSER -d $$PGDATABASE
#### Clean Targets ###
clean: ## Delete build and vendor directories
rm -rf $(OUT_DIR) vendor
clean-venv: ## Delete Python venv
rm -rf "$(VENV_NAME)"
clean-all: clean clean-venv ## Delete all built artifacts and downloaded tools
#### Help Target ####
help: ## Print help for each target
@echo $(PROJECT_NAME) make targets
@echo "Target Makefile:Line Description"
@echo "-------------------- ---------------- -----------------------------------------"
@grep -H -n '^[[:alnum:]_-]*:.* ##' $(MAKEFILE_LIST) \
| sort -t ":" -k 3 \
| awk 'BEGIN {FS=":"}; {sub(".* ## ", "", $$4)}; {printf "%-20s %-16s %s\n", $$3, $$1 ":" $$2, $$4};'