2020-07-27 14:02:36 +00:00
BIN = grype
2020-05-26 14:37:28 +00:00
TEMPDIR = ./.tmp
2020-07-06 10:59:55 +00:00
RESULTSDIR = $( TEMPDIR) /results
COVER_REPORT = $( RESULTSDIR) /cover.report
COVER_TOTAL = $( RESULTSDIR) /cover.total
2020-07-13 17:42:21 +00:00
LICENSES_REPORT = $( RESULTSDIR) /licenses.json
2022-01-12 18:47:27 +00:00
LINTCMD = $( TEMPDIR) /golangci-lint run --tests= false --timeout 5m --config .golangci.yaml
2022-03-03 19:50:24 +00:00
GOIMPORTS_CMD = $( TEMPDIR) /gosimports -local github.com/anchore
2022-02-11 19:24:25 +00:00
RELEASE_CMD = $( TEMPDIR) /goreleaser release --rm-dist
SNAPSHOT_CMD = $( RELEASE_CMD) --skip-publish --snapshot
VERSION = $( shell git describe --dirty --always --tags)
# formatting variables
2020-06-15 18:55:00 +00:00
BOLD := $( shell tput -T linux bold)
PURPLE := $( shell tput -T linux setaf 5)
GREEN := $( shell tput -T linux setaf 2)
2020-07-06 10:59:55 +00:00
CYAN := $( shell tput -T linux setaf 6)
RED := $( shell tput -T linux setaf 1)
2020-06-15 18:55:00 +00:00
RESET := $( shell tput -T linux sgr0)
2020-05-26 14:37:28 +00:00
TITLE := $( BOLD) $( PURPLE)
SUCCESS := $( BOLD) $( GREEN)
2022-02-11 19:24:25 +00:00
2020-07-06 10:59:55 +00:00
# the quality gate lower threshold for unit test total % coverage (by function statements)
2021-04-14 15:32:30 +00:00
COVERAGE_THRESHOLD := 47
2022-02-11 19:24:25 +00:00
# CI cache busting values; change these if you want CI to not use previous stored cache
2021-03-23 10:37:06 +00:00
BOOTSTRAP_CACHE = "c7afb99ad"
2022-08-03 20:34:27 +00:00
INTEGRATION_CACHE_BUSTER = "904d8ca"
2022-02-10 21:43:12 +00:00
2020-07-24 01:26:03 +00:00
## Build variables
DISTDIR = ./dist
SNAPSHOTDIR = ./snapshot
2022-02-11 19:24:25 +00:00
OS = $( shell uname | tr '[:upper:]' '[:lower:]' )
SYFT_VERSION = $( shell go list -m all | grep github.com/anchore/syft | awk '{print $$2}' )
2022-07-28 18:55:14 +00:00
SNAPSHOT_BIN = $( shell realpath $( shell pwd ) /$( SNAPSHOTDIR) /$( OS) -build_$( OS) _amd64_v1/$( BIN) )
2020-07-24 01:26:03 +00:00
## Variable assertions
2020-05-26 14:37:28 +00:00
i f n d e f T E M P D I R
2020-07-24 01:26:03 +00:00
$( error TEMPDIR is not set )
e n d i f
i f n d e f R E S U L T S D I R
$( error RESULTSDIR is not set )
e n d i f
i f n d e f D I S T D I R
$( error DISTDIR is not set )
e n d i f
i f n d e f S N A P S H O T D I R
$( error SNAPSHOTDIR is not set )
2020-05-26 14:37:28 +00:00
e n d i f
2022-02-11 19:24:25 +00:00
i f n d e f V E R S I O N
$( error VERSION is not set )
e n d i f
2020-07-06 10:59:55 +00:00
d e f i n e t i t l e
@printf '$(TITLE)$(1)$(RESET)\n'
e n d e f
2020-05-26 14:37:28 +00:00
2022-02-11 19:24:25 +00:00
d e f i n e s a f e _ r m _ r f
bash -c 'test -z "$(1)" && false || rm -rf $(1)'
e n d e f
d e f i n e s a f e _ r m _ r f _ c h i l d r e n
bash -c 'test -z "$(1)" && false || rm -rf $(1)/*'
e n d e f
2020-07-25 20:41:59 +00:00
.PHONY : all
all : clean static -analysis test ## Run all checks (linting, license check, unit, integration, and linux acceptance tests tests)
2020-05-26 14:37:28 +00:00
@printf '$(SUCCESS)All checks pass!$(RESET)\n'
2020-07-24 01:26:03 +00:00
.PHONY : test
2022-04-28 16:49:12 +00:00
test : unit validate -cyclonedx -schema validate -cyclonedx -vex -schema integration cli ## Run all tests (unit, integration, linux acceptance, and CLI tests)
2020-07-06 10:59:55 +00:00
help :
@grep -E '^[a-zA-Z_-]+:.*?## .*$$' $( MAKEFILE_LIST) | sort | awk 'BEGIN {FS = ":.*?## "}; {printf "$(BOLD)$(CYAN)%-25s$(RESET)%s\n", $$1, $$2}'
2021-11-30 18:10:07 +00:00
.PHONY : ci -bootstrap
ci-bootstrap :
2020-09-16 14:50:57 +00:00
DEBIAN_FRONTEND = noninteractive sudo apt update && sudo -E apt install -y bc jq libxml2-utils
2020-07-06 10:59:55 +00:00
2021-11-30 18:10:07 +00:00
$(RESULTSDIR) :
2020-07-06 10:59:55 +00:00
mkdir -p $( RESULTSDIR)
2021-07-01 16:28:49 +00:00
2021-11-30 18:10:07 +00:00
$(TEMPDIR) :
mkdir -p $( TEMPDIR)
2021-07-01 16:28:49 +00:00
2021-11-30 18:10:07 +00:00
.PHONY : bootstrap -tools
bootstrap-tools : $( TEMPDIR )
2022-07-28 18:55:14 +00:00
curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $( TEMPDIR) / v1.47.2
2022-07-29 15:56:13 +00:00
curl -sSfL https://raw.githubusercontent.com/wagoodman/go-bouncer/master/bouncer.sh | sh -s -- -b $( TEMPDIR) / v0.4.0
2021-11-30 18:10:07 +00:00
curl -sSfL https://raw.githubusercontent.com/anchore/chronicle/main/install.sh | sh -s -- -b $( TEMPDIR) / v0.3.0
2022-03-03 19:50:24 +00:00
# the only difference between goimports and gosimports is that gosimports removes extra whitespace between import blocks (see https://github.com/golang/go/issues/20818)
GOBIN = " $( shell realpath $( TEMPDIR) ) " go install github.com/rinchsan/gosimports/cmd/gosimports@v0.1.5
2022-04-28 16:49:12 +00:00
GOBIN = " $( shell realpath $( TEMPDIR) ) " go install github.com/neilpa/yajsv@v1.4.0
2022-07-28 18:55:14 +00:00
.github/scripts/goreleaser-install.sh -b $( TEMPDIR) / v1.10.3
2021-11-30 18:10:07 +00:00
.PHONY : bootstrap -go
bootstrap-go :
go mod download
.PHONY : bootstrap
bootstrap : $( RESULTSDIR ) bootstrap -go bootstrap -tools ## Download and install all go dependencies (+ prep tooling in the ./tmp dir)
$( call title,Bootstrapping dependencies)
2020-07-24 01:26:03 +00:00
2020-07-25 20:41:59 +00:00
.PHONY : static -analysis
2022-03-22 19:02:14 +00:00
static-analysis : lint check -go -mod -tidy check -licenses validate -grype -db -schema
2020-07-25 20:41:59 +00:00
2020-07-24 01:26:03 +00:00
.PHONY : lint
2020-07-06 10:59:55 +00:00
lint : ## Run gofmt + golangci lint checks
$( call title,Running linters)
2020-07-24 01:26:03 +00:00
# ensure there are no go fmt differences
2020-07-06 10:59:55 +00:00
@printf " files with gofmt issues: [ $( shell gofmt -l -s .) ]\n "
@test -z " $( shell gofmt -l -s .) "
2020-07-24 01:26:03 +00:00
# run all golangci-lint rules
2020-05-26 14:37:28 +00:00
$( LINTCMD)
2022-03-03 19:50:24 +00:00
@[ -z " $( shell $( GOIMPORTS_CMD) -d .) " ] || ( echo "goimports needs to be fixed" && false )
2020-05-26 14:37:28 +00:00
2020-07-24 01:26:03 +00:00
# go tooling does not play well with certain filename characters, ensure the common cases don't result in future "go get" failures
$( eval MALFORMED_FILENAMES := $( shell find . | grep -e ':' ) )
@bash -c " [[ ' $( MALFORMED_FILENAMES) ' == '' ]] || (printf '\nfound unsupported filename characters:\n $( MALFORMED_FILENAMES) \n\n' && false) "
2022-02-11 19:24:25 +00:00
.PHONY : lint -fix
lint-fix : ## Auto-format all source code + run golangci lint fixers
$( call title,Running lint fixers)
gofmt -w -s .
2022-03-03 19:50:24 +00:00
$( GOIMPORTS_CMD) -w .
2022-02-11 19:24:25 +00:00
$( LINTCMD) --fix
go mod tidy
.PHONY : check -licenses
check-licenses :
$( TEMPDIR) /bouncer check
2021-05-25 17:43:53 +00:00
check-go-mod-tidy :
2021-05-26 12:54:18 +00:00
@ .github/scripts/go-mod-tidy-check.sh && echo "go.mod and go.sum are tidy!"
2021-05-25 17:43:53 +00:00
2020-09-16 14:50:57 +00:00
.PHONY : validate -cyclonedx -schema
validate-cyclonedx-schema :
cd schema/cyclonedx && make
2021-07-12 12:06:10 +00:00
2022-04-28 16:49:12 +00:00
.PHONY : validate -cyclonedx -vex -schema
validate-cyclonedx-vex-schema :
cd schema/cyclonedxvex && make
2021-07-12 12:06:10 +00:00
.PHONY : validate -grype -db -schema
validate-grype-db-schema :
# ensure the codebase is only referencing a single grype-db schema version, multiple is not allowed
python test/validate-grype-db-schema.py
2020-08-10 15:03:48 +00:00
.PHONY : unit
2020-07-06 10:59:55 +00:00
unit : ## Run unit tests (with coverage)
$( call title,Running unit tests)
2020-07-15 17:27:48 +00:00
mkdir -p $( RESULTSDIR)
2020-10-19 12:02:13 +00:00
go test -coverprofile $( COVER_REPORT) $( shell go list ./... | grep -v anchore/grype/test)
2020-07-06 10:59:55 +00:00
@go tool cover -func $( COVER_REPORT) | grep total | awk '{print substr($$3, 1, length($$3)-1)}' > $( COVER_TOTAL)
@echo " Coverage: $$ (cat $( COVER_TOTAL) ) "
@if [ $$ ( echo " $$ (cat $( COVER_TOTAL) ) >= $( COVERAGE_THRESHOLD) " | bc -l) -ne 1 ] ; then echo " $( RED) $( BOLD) Failed coverage quality gate (> $( COVERAGE_THRESHOLD) %) $( RESET) " && false; fi
2020-05-26 14:37:28 +00:00
2022-02-11 19:24:25 +00:00
# note: this is used by CI to determine if the install test fixture cache (docker image tars) should be busted
install-fingerprint :
cd test/install && \
make cache.fingerprint
install-test : $( SNAPSHOTDIR )
cd test/install && \
make
install-test-cache-save : $( SNAPSHOTDIR )
cd test/install && \
make save
install-test-cache-load : $( SNAPSHOTDIR )
cd test/install && \
make load
install-test-ci-mac : $( SNAPSHOTDIR )
cd test/install && \
make ci-test-mac
2020-08-10 15:03:48 +00:00
.PHONY : integration
2020-07-21 16:34:39 +00:00
integration : ## Run integration tests
$( call title,Running integration tests)
2020-10-19 12:02:13 +00:00
go test -v ./test/integration
2020-07-21 16:34:39 +00:00
2020-08-10 15:03:48 +00:00
# note: this is used by CI to determine if the integration test fixture cache (docker image tars) should be busted
.PHONY : integration -fingerprint
integration-fingerprint :
2022-02-10 21:43:12 +00:00
find test/integration/*.go test/integration/test-fixtures/image-* -type f -exec md5sum { } + | awk '{print $1}' | sort | tee /dev/stderr | md5sum | tee test/integration/test-fixtures/cache.fingerprint && echo " $( INTEGRATION_CACHE_BUSTER) " >> test/integration/test-fixtures/cache.fingerprint
2020-06-19 14:12:29 +00:00
2021-10-29 14:51:58 +00:00
# note: this is used by CI to determine if the cli test fixture cache (docker image tars) should be busted
.PHONY : cli -fingerprint
cli-fingerprint :
find test/cli/*.go test/cli/test-fixtures/image-* -type f -exec md5sum { } + | awk '{print $1}' | sort | md5sum | tee test/cli/test-fixtures/cache.fingerprint
2021-04-13 20:13:11 +00:00
.PHONY : cli
cli : $( SNAPSHOTDIR ) ## Run CLI tests
2022-02-11 19:24:25 +00:00
chmod 755 " $( SNAPSHOT_BIN) "
GRYPE_BINARY_LOCATION = '$(SNAPSHOT_BIN)' \
2021-02-23 02:13:49 +00:00
go test -count= 1 -v ./test/cli
2020-07-24 01:26:03 +00:00
.PHONY : build
build : $( SNAPSHOTDIR ) ## Build release snapshot binaries and packages
$(SNAPSHOTDIR) : ## Build snapshot release binaries and packages
$( call title,Building snapshot artifacts)
2022-02-11 19:24:25 +00:00
# create a config with the dist dir overridden
echo " dist: $( SNAPSHOTDIR) " > $( TEMPDIR) /goreleaser.yaml
cat .goreleaser.yaml >> $( TEMPDIR) /goreleaser.yaml
# build release snapshots
bash -c " \
SKIP_SIGNING = true \
SYFT_VERSION = $( SYFT_VERSION) \
$( SNAPSHOT_CMD) --skip-sign --config $( TEMPDIR) /goreleaser.yaml"
.PHONY : snapshot -with -signing
snapshot-with-signing : ## Build snapshot release binaries and packages (with dummy signing)
$( call title,Building snapshot artifacts ( + signing) )
2020-07-24 01:26:03 +00:00
# create a config with the dist dir overridden
echo " dist: $( SNAPSHOTDIR) " > $( TEMPDIR) /goreleaser.yaml
cat .goreleaser.yaml >> $( TEMPDIR) /goreleaser.yaml
2022-02-11 19:24:25 +00:00
rm -f .github/scripts/apple-signing/log/*.txt
2020-07-24 01:26:03 +00:00
# build release snapshots
2022-02-11 19:24:25 +00:00
bash -c " \
SYFT_VERSION = $( SYFT_VERSION) \
$( SNAPSHOT_CMD) --config $( TEMPDIR) /goreleaser.yaml || ( cat .github/scripts/apple-signing/log/*.txt && false ) "
# remove the keychain with the trusted self-signed cert automatically
.github/scripts/apple-signing/cleanup.sh
2020-08-10 15:03:48 +00:00
2021-11-14 02:56:47 +00:00
.PHONY : changelog
changelog : clean -changelog CHANGELOG .md
2020-09-25 20:59:00 +00:00
@docker run -it --rm \
-v $( shell pwd ) /CHANGELOG.md:/CHANGELOG.md \
rawkode/mdv \
2021-10-21 20:30:24 +00:00
-t 748.5989 \
2020-09-25 20:59:00 +00:00
/CHANGELOG.md
2021-11-14 02:56:47 +00:00
CHANGELOG.md :
$( TEMPDIR) /chronicle -vv > CHANGELOG.md
2021-05-26 13:56:54 +00:00
.PHONY : validate -grype -test -config
validate-grype-test-config :
2021-05-25 21:04:41 +00:00
# ensure the update URL is not overridden (not pointing to staging)
2021-06-02 01:14:29 +00:00
@bash -c ' \
grep -q "update-url" test/grype-test-config.yaml; \
if [ $$ ? -eq 0 ] ; then \
echo "Found \"update-url\" in CLI testing config. Cannot release if previous CLI testing did not use production (default) values" ; \
fi '
2021-05-25 21:04:41 +00:00
2021-11-30 18:10:07 +00:00
.PHONY : validate -syft -release -version
validate-syft-release-version :
@./.github/scripts/syft-released-version-check.sh
2020-07-24 01:26:03 +00:00
.PHONY : release
2022-02-11 19:24:25 +00:00
release : clean -dist CHANGELOG .md ## Build and publish final binaries and packages. Intended to be run only on macOS.
2020-07-24 01:26:03 +00:00
$( call title,Publishing release artifacts)
2020-11-05 13:50:58 +00:00
2020-07-24 01:26:03 +00:00
# create a config with the dist dir overridden
echo " dist: $( DISTDIR) " > $( TEMPDIR) /goreleaser.yaml
cat .goreleaser.yaml >> $( TEMPDIR) /goreleaser.yaml
2022-02-11 19:24:25 +00:00
rm -f .github/scripts/apple-signing/log/*.txt
# note: notarization cannot be done in parallel, thus --parallelism 1
2020-11-11 22:30:50 +00:00
bash -c " \
2022-02-11 19:24:25 +00:00
SYFT_VERSION = $( SYFT_VERSION) \
$( RELEASE_CMD) \
--config $( TEMPDIR) /goreleaser.yaml \
--parallelism 1 \
--release-notes <( cat CHANGELOG.md) \
|| ( cat .github/scripts/apple-signing/log/*.txt && false ) "
2020-07-24 01:26:03 +00:00
2022-02-11 19:24:25 +00:00
cat .github/scripts/apple-signing/log/*.txt
# TODO: turn this into a post-release hook
2020-07-30 16:37:49 +00:00
# upload the version file that supports the application version update check (excluding pre-releases)
.github/scripts/update-version-file.sh " $( DISTDIR) " " $( VERSION) "
2020-07-24 01:26:03 +00:00
2022-08-03 13:10:40 +00:00
.PHONY : release -docker -assets
release-docker-assets :
$( call title,Publishing docker release assets)
# create a config with the dist dir overridden
echo " dist: $( DISTDIR) " > $( TEMPDIR) /goreleaser.yaml
cat .goreleaser_docker.yaml >> $( TEMPDIR) /goreleaser.yaml
bash -c " \
2022-08-03 16:54:29 +00:00
SYFT_VERSION = $( SYFT_VERSION) \
2022-08-03 13:10:40 +00:00
$( RELEASE_CMD) \
--config $( TEMPDIR) /goreleaser.yaml \
--parallelism 1"
snapshot-docker-assets : # Build snapshot images of docker images that will be published on release
$( call title,Building snapshot docker release assets)
# create a config with the dist dir overridden
echo " dist: $( DISTDIR) " > $( TEMPDIR) /goreleaser.yaml
cat .goreleaser_docker.yaml >> $( TEMPDIR) /goreleaser.yaml
bash -c " \
2022-08-03 16:54:29 +00:00
SYFT_VERSION = $( SYFT_VERSION) \
2022-08-03 13:10:40 +00:00
$( SNAPSHOT_CMD) \
--config $( TEMPDIR) /goreleaser.yaml \
--parallelism 1"
2020-07-24 01:26:03 +00:00
.PHONY : clean
2020-07-25 15:05:10 +00:00
clean : clean -dist clean -snapshot ## Remove previous builds and result reports
2022-02-11 19:24:25 +00:00
$( call safe_rm_rf_children,$( RESULTSDIR) )
2020-07-24 01:26:03 +00:00
2020-07-25 15:05:10 +00:00
.PHONY : clean -snapshot
clean-snapshot :
2022-02-11 19:24:25 +00:00
$( call safe_rm_rf,$( SNAPSHOTDIR) )
rm -f $( TEMPDIR) /goreleaser.yaml
2020-07-24 01:26:03 +00:00
.PHONY : clean -dist
2021-11-14 02:56:47 +00:00
clean-dist : clean -changelog
2022-02-11 19:24:25 +00:00
$( call safe_rm_rf,$( DISTDIR) )
rm -f $( TEMPDIR) /goreleaser.yaml
2021-11-14 02:56:47 +00:00
.PHONY : clean -changelog
clean-changelog :
rm -f CHANGELOG.md
2022-02-11 19:24:25 +00:00
.PHONY : clean -test -cache
clean-test-cache : ## Delete all test cache (built docker image tars)
find . -type f -wholename "**/test-fixtures/cache/*.tar" -delete