2020-07-27 14:02:36 +00:00
|
|
|
BIN = grype
|
2020-05-26 14:37:28 +00:00
|
|
|
TEMPDIR = ./.tmp
|
2020-07-06 10:59:55 +00:00
|
|
|
RESULTSDIR = $(TEMPDIR)/results
|
|
|
|
COVER_REPORT = $(RESULTSDIR)/cover.report
|
|
|
|
COVER_TOTAL = $(RESULTSDIR)/cover.total
|
2020-07-13 17:42:21 +00:00
|
|
|
LICENSES_REPORT = $(RESULTSDIR)/licenses.json
|
2022-01-12 18:47:27 +00:00
|
|
|
LINTCMD = $(TEMPDIR)/golangci-lint run --tests=false --timeout 5m --config .golangci.yaml
|
2020-06-15 18:55:00 +00:00
|
|
|
BOLD := $(shell tput -T linux bold)
|
|
|
|
PURPLE := $(shell tput -T linux setaf 5)
|
|
|
|
GREEN := $(shell tput -T linux setaf 2)
|
2020-07-06 10:59:55 +00:00
|
|
|
CYAN := $(shell tput -T linux setaf 6)
|
|
|
|
RED := $(shell tput -T linux setaf 1)
|
2020-06-15 18:55:00 +00:00
|
|
|
RESET := $(shell tput -T linux sgr0)
|
2020-05-26 14:37:28 +00:00
|
|
|
TITLE := $(BOLD)$(PURPLE)
|
|
|
|
SUCCESS := $(BOLD)$(GREEN)
|
2020-07-06 10:59:55 +00:00
|
|
|
# the quality gate lower threshold for unit test total % coverage (by function statements)
|
2021-04-14 15:32:30 +00:00
|
|
|
COVERAGE_THRESHOLD := 47
|
2021-03-23 10:37:06 +00:00
|
|
|
BOOTSTRAP_CACHE="c7afb99ad"
|
2022-02-10 21:43:12 +00:00
|
|
|
INTEGRATION_CACHE_BUSTER="894d8ca"
|
|
|
|
|
2020-07-24 01:26:03 +00:00
|
|
|
|
|
|
|
## Build variables
|
|
|
|
DISTDIR=./dist
|
|
|
|
SNAPSHOTDIR=./snapshot
|
|
|
|
GITTREESTATE=$(if $(shell git status --porcelain),dirty,clean)
|
2021-09-16 20:08:07 +00:00
|
|
|
SYFTVERSION=$(shell go list -m all | grep github.com/anchore/syft | awk '{print $$2}')
|
2021-04-13 20:13:11 +00:00
|
|
|
OS := $(shell uname)
|
|
|
|
|
|
|
|
ifeq ($(OS),Darwin)
|
|
|
|
SNAPSHOT_CMD=$(shell realpath $(shell pwd)/$(SNAPSHOTDIR)/$(BIN)-macos_darwin_amd64/$(BIN))
|
|
|
|
else
|
|
|
|
SNAPSHOT_CMD=$(shell realpath $(shell pwd)/$(SNAPSHOTDIR)/$(BIN)_linux_amd64/$(BIN))
|
|
|
|
endif
|
2020-07-24 01:26:03 +00:00
|
|
|
|
|
|
|
ifeq "$(strip $(VERSION))" ""
|
|
|
|
override VERSION = $(shell git describe --always --tags --dirty)
|
|
|
|
endif
|
|
|
|
|
|
|
|
## Variable assertions
|
2020-05-26 14:37:28 +00:00
|
|
|
|
|
|
|
ifndef TEMPDIR
|
2020-07-24 01:26:03 +00:00
|
|
|
$(error TEMPDIR is not set)
|
|
|
|
endif
|
|
|
|
|
|
|
|
ifndef RESULTSDIR
|
|
|
|
$(error RESULTSDIR is not set)
|
|
|
|
endif
|
|
|
|
|
|
|
|
ifndef DISTDIR
|
|
|
|
$(error DISTDIR is not set)
|
|
|
|
endif
|
|
|
|
|
|
|
|
ifndef SNAPSHOTDIR
|
|
|
|
$(error SNAPSHOTDIR is not set)
|
2020-05-26 14:37:28 +00:00
|
|
|
endif
|
|
|
|
|
2020-07-06 10:59:55 +00:00
|
|
|
define title
|
|
|
|
@printf '$(TITLE)$(1)$(RESET)\n'
|
|
|
|
endef
|
2020-05-26 14:37:28 +00:00
|
|
|
|
2020-07-25 20:41:59 +00:00
|
|
|
.PHONY: all
|
|
|
|
all: clean static-analysis test ## Run all checks (linting, license check, unit, integration, and linux acceptance tests tests)
|
2020-05-26 14:37:28 +00:00
|
|
|
@printf '$(SUCCESS)All checks pass!$(RESET)\n'
|
|
|
|
|
2020-07-24 01:26:03 +00:00
|
|
|
.PHONY: test
|
2021-04-13 20:13:11 +00:00
|
|
|
test: unit validate-cyclonedx-schema integration acceptance-linux cli ## Run all tests (unit, integration, linux acceptance, and CLI tests)
|
2020-07-06 10:59:55 +00:00
|
|
|
|
|
|
|
help:
|
|
|
|
@grep -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | sort | awk 'BEGIN {FS = ":.*?## "}; {printf "$(BOLD)$(CYAN)%-25s$(RESET)%s\n", $$1, $$2}'
|
|
|
|
|
2021-11-30 18:10:07 +00:00
|
|
|
.PHONY: ci-bootstrap
|
|
|
|
ci-bootstrap:
|
2020-09-16 14:50:57 +00:00
|
|
|
DEBIAN_FRONTEND=noninteractive sudo apt update && sudo -E apt install -y bc jq libxml2-utils
|
2020-07-06 10:59:55 +00:00
|
|
|
|
2021-11-30 18:10:07 +00:00
|
|
|
.PHONY:
|
|
|
|
ci-bootstrap-mac:
|
|
|
|
github_changelog_generator --version || sudo gem install github_changelog_generator
|
2021-07-01 16:28:49 +00:00
|
|
|
|
2021-11-30 18:10:07 +00:00
|
|
|
$(RESULTSDIR):
|
2020-07-06 10:59:55 +00:00
|
|
|
mkdir -p $(RESULTSDIR)
|
2021-07-01 16:28:49 +00:00
|
|
|
|
2021-11-30 18:10:07 +00:00
|
|
|
$(TEMPDIR):
|
|
|
|
mkdir -p $(TEMPDIR)
|
2021-07-01 16:28:49 +00:00
|
|
|
|
2021-11-30 18:10:07 +00:00
|
|
|
.PHONY: bootstrap-tools
|
|
|
|
bootstrap-tools: $(TEMPDIR)
|
2021-10-06 13:49:42 +00:00
|
|
|
curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(TEMPDIR)/ v1.42.1
|
2022-01-26 16:15:33 +00:00
|
|
|
curl -sSfL https://raw.githubusercontent.com/wagoodman/go-bouncer/master/bouncer.sh | sh -s -- -b $(TEMPDIR)/ v0.3.0
|
2021-11-30 18:10:07 +00:00
|
|
|
curl -sSfL https://raw.githubusercontent.com/anchore/chronicle/main/install.sh | sh -s -- -b $(TEMPDIR)/ v0.3.0
|
2021-10-21 20:30:24 +00:00
|
|
|
.github/scripts/goreleaser-install.sh -b $(TEMPDIR)/ v0.177.0
|
2021-11-30 18:10:07 +00:00
|
|
|
|
|
|
|
.PHONY: bootstrap-go
|
|
|
|
bootstrap-go:
|
|
|
|
go mod download
|
|
|
|
|
|
|
|
.PHONY: bootstrap
|
|
|
|
bootstrap: $(RESULTSDIR) bootstrap-go bootstrap-tools ## Download and install all go dependencies (+ prep tooling in the ./tmp dir)
|
|
|
|
$(call title,Bootstrapping dependencies)
|
2020-07-24 01:26:03 +00:00
|
|
|
|
2020-07-25 20:41:59 +00:00
|
|
|
.PHONY: static-analysis
|
2021-07-12 12:06:10 +00:00
|
|
|
static-analysis: lint check-go-mod-tidy check-licenses validate-grype-db-schema
|
2020-07-25 20:41:59 +00:00
|
|
|
|
2020-07-24 01:26:03 +00:00
|
|
|
.PHONY: lint
|
2020-07-06 10:59:55 +00:00
|
|
|
lint: ## Run gofmt + golangci lint checks
|
|
|
|
$(call title,Running linters)
|
2020-07-24 01:26:03 +00:00
|
|
|
# ensure there are no go fmt differences
|
2020-07-06 10:59:55 +00:00
|
|
|
@printf "files with gofmt issues: [$(shell gofmt -l -s .)]\n"
|
|
|
|
@test -z "$(shell gofmt -l -s .)"
|
2020-07-24 01:26:03 +00:00
|
|
|
|
|
|
|
# run all golangci-lint rules
|
2020-05-26 14:37:28 +00:00
|
|
|
$(LINTCMD)
|
|
|
|
|
2020-07-24 01:26:03 +00:00
|
|
|
# go tooling does not play well with certain filename characters, ensure the common cases don't result in future "go get" failures
|
|
|
|
$(eval MALFORMED_FILENAMES := $(shell find . | grep -e ':'))
|
|
|
|
@bash -c "[[ '$(MALFORMED_FILENAMES)' == '' ]] || (printf '\nfound unsupported filename characters:\n$(MALFORMED_FILENAMES)\n\n' && false)"
|
|
|
|
|
2021-05-25 17:43:53 +00:00
|
|
|
check-go-mod-tidy:
|
2021-05-26 12:54:18 +00:00
|
|
|
@ .github/scripts/go-mod-tidy-check.sh && echo "go.mod and go.sum are tidy!"
|
2021-05-25 17:43:53 +00:00
|
|
|
|
2020-09-16 14:50:57 +00:00
|
|
|
.PHONY: validate-cyclonedx-schema
|
|
|
|
validate-cyclonedx-schema:
|
|
|
|
cd schema/cyclonedx && make
|
2021-07-12 12:06:10 +00:00
|
|
|
|
|
|
|
.PHONY: validate-grype-db-schema
|
|
|
|
validate-grype-db-schema:
|
|
|
|
# ensure the codebase is only referencing a single grype-db schema version, multiple is not allowed
|
|
|
|
python test/validate-grype-db-schema.py
|
|
|
|
|
2020-08-10 15:03:48 +00:00
|
|
|
.PHONY: lint-fix
|
2020-07-06 10:59:55 +00:00
|
|
|
lint-fix: ## Auto-format all source code + run golangci lint fixers
|
|
|
|
$(call title,Running lint fixers)
|
2020-05-26 14:37:28 +00:00
|
|
|
gofmt -w -s .
|
|
|
|
$(LINTCMD) --fix
|
2021-05-25 17:43:53 +00:00
|
|
|
go mod tidy
|
2020-05-26 14:37:28 +00:00
|
|
|
|
2020-07-24 01:26:03 +00:00
|
|
|
.PHONY: check-licenses
|
|
|
|
check-licenses:
|
|
|
|
$(TEMPDIR)/bouncer check
|
|
|
|
|
2020-08-10 15:03:48 +00:00
|
|
|
.PHONY: unit
|
2020-07-06 10:59:55 +00:00
|
|
|
unit: ## Run unit tests (with coverage)
|
|
|
|
$(call title,Running unit tests)
|
2020-07-15 17:27:48 +00:00
|
|
|
mkdir -p $(RESULTSDIR)
|
2020-10-19 12:02:13 +00:00
|
|
|
go test -coverprofile $(COVER_REPORT) $(shell go list ./... | grep -v anchore/grype/test)
|
2020-07-06 10:59:55 +00:00
|
|
|
@go tool cover -func $(COVER_REPORT) | grep total | awk '{print substr($$3, 1, length($$3)-1)}' > $(COVER_TOTAL)
|
|
|
|
@echo "Coverage: $$(cat $(COVER_TOTAL))"
|
|
|
|
@if [ $$(echo "$$(cat $(COVER_TOTAL)) >= $(COVERAGE_THRESHOLD)" | bc -l) -ne 1 ]; then echo "$(RED)$(BOLD)Failed coverage quality gate (> $(COVERAGE_THRESHOLD)%)$(RESET)" && false; fi
|
2020-05-26 14:37:28 +00:00
|
|
|
|
2020-08-10 15:03:48 +00:00
|
|
|
.PHONY: integration
|
2020-07-21 16:34:39 +00:00
|
|
|
integration: ## Run integration tests
|
|
|
|
$(call title,Running integration tests)
|
2020-10-19 12:02:13 +00:00
|
|
|
go test -v ./test/integration
|
2020-07-21 16:34:39 +00:00
|
|
|
|
2020-08-10 15:03:48 +00:00
|
|
|
# note: this is used by CI to determine if the integration test fixture cache (docker image tars) should be busted
|
|
|
|
.PHONY: integration-fingerprint
|
|
|
|
integration-fingerprint:
|
2022-02-10 21:43:12 +00:00
|
|
|
find test/integration/*.go test/integration/test-fixtures/image-* -type f -exec md5sum {} + | awk '{print $1}' | sort | tee /dev/stderr | md5sum | tee test/integration/test-fixtures/cache.fingerprint && echo "$(INTEGRATION_CACHE_BUSTER)" >> test/integration/test-fixtures/cache.fingerprint
|
2020-06-19 14:12:29 +00:00
|
|
|
|
2021-10-29 14:51:58 +00:00
|
|
|
# note: this is used by CI to determine if the cli test fixture cache (docker image tars) should be busted
|
|
|
|
.PHONY: cli-fingerprint
|
|
|
|
cli-fingerprint:
|
|
|
|
find test/cli/*.go test/cli/test-fixtures/image-* -type f -exec md5sum {} + | awk '{print $1}' | sort | md5sum | tee test/cli/test-fixtures/cache.fingerprint
|
|
|
|
|
2021-04-13 20:13:11 +00:00
|
|
|
.PHONY: cli
|
|
|
|
cli: $(SNAPSHOTDIR) ## Run CLI tests
|
|
|
|
chmod 755 "$(SNAPSHOT_CMD)"
|
|
|
|
$(SNAPSHOT_CMD) version
|
|
|
|
GRYPE_BINARY_LOCATION='$(SNAPSHOT_CMD)' \
|
2021-02-23 02:13:49 +00:00
|
|
|
go test -count=1 -v ./test/cli
|
|
|
|
|
2020-08-10 15:03:48 +00:00
|
|
|
.PHONY: clear-test-cache
|
2020-07-06 10:59:55 +00:00
|
|
|
clear-test-cache: ## Delete all test cache (built docker image tars)
|
2020-09-25 18:18:03 +00:00
|
|
|
find . -type f -wholename "**/test-fixtures/cache/*.tar" -delete
|
2020-05-26 14:37:28 +00:00
|
|
|
|
2020-07-24 01:26:03 +00:00
|
|
|
.PHONY: build
|
|
|
|
build: $(SNAPSHOTDIR) ## Build release snapshot binaries and packages
|
|
|
|
|
|
|
|
$(SNAPSHOTDIR): ## Build snapshot release binaries and packages
|
|
|
|
$(call title,Building snapshot artifacts)
|
|
|
|
# create a config with the dist dir overridden
|
|
|
|
echo "dist: $(SNAPSHOTDIR)" > $(TEMPDIR)/goreleaser.yaml
|
|
|
|
cat .goreleaser.yaml >> $(TEMPDIR)/goreleaser.yaml
|
|
|
|
|
|
|
|
# build release snapshots
|
2021-10-26 14:04:38 +00:00
|
|
|
# DOCKER_CLI_EXPERIMENTAL needed to support multi architecture builds for goreleaser
|
|
|
|
# the release command protects us from image build regressions if QEMU fails or docker is changed
|
2020-07-24 01:26:03 +00:00
|
|
|
BUILD_GIT_TREE_STATE=$(GITTREESTATE) \
|
2021-10-26 14:04:38 +00:00
|
|
|
DOCKER_CLI_EXPERIMENTAL=enabled \
|
2021-09-16 20:08:07 +00:00
|
|
|
SYFT_VERSION=$(SYFTVERSION) \
|
2021-10-26 14:04:38 +00:00
|
|
|
$(TEMPDIR)/goreleaser release --skip-publish --skip-sign --rm-dist --snapshot --config $(TEMPDIR)/goreleaser.yaml
|
2020-07-24 01:26:03 +00:00
|
|
|
|
2020-07-25 15:05:10 +00:00
|
|
|
.PHONY: acceptance-linux
|
|
|
|
acceptance-linux: $(SNAPSHOTDIR) ## Run acceptance tests on build snapshot binaries and packages (Linux)
|
|
|
|
|
2020-08-10 15:03:48 +00:00
|
|
|
# note: this is used by CI to determine if the inline-scan report cache should be busted for the inline-compare tests
|
|
|
|
.PHONY: compare-fingerprint
|
|
|
|
compare-fingerprint: ## Compare a snapshot build run of grype against inline-scan
|
|
|
|
find test/inline-compare/* -type f -exec md5sum {} + | grep -v '\-reports' | grep -v 'fingerprint' | awk '{print $1}' | sort | md5sum | tee test/inline-compare/inline-compare.fingerprint
|
|
|
|
|
|
|
|
.PHONY: compare-snapshot
|
|
|
|
compare-snapshot: $(SNAPSHOTDIR) ## Compare a main branch build run of grype against inline-scan
|
|
|
|
chmod 755 $(SNAPSHOT_CMD)
|
|
|
|
@cd test/inline-compare && GRYPE_CMD=$(SNAPSHOT_CMD) make
|
|
|
|
|
|
|
|
.PHONY: compare
|
|
|
|
compare:
|
|
|
|
@cd test/inline-compare && make
|
|
|
|
|
2021-11-14 02:56:47 +00:00
|
|
|
.PHONY: changelog
|
|
|
|
changelog: clean-changelog CHANGELOG.md
|
2020-09-25 20:59:00 +00:00
|
|
|
@docker run -it --rm \
|
|
|
|
-v $(shell pwd)/CHANGELOG.md:/CHANGELOG.md \
|
|
|
|
rawkode/mdv \
|
2021-10-21 20:30:24 +00:00
|
|
|
-t 748.5989 \
|
2020-09-25 20:59:00 +00:00
|
|
|
/CHANGELOG.md
|
|
|
|
|
2021-11-14 02:56:47 +00:00
|
|
|
CHANGELOG.md:
|
|
|
|
$(TEMPDIR)/chronicle -vv > CHANGELOG.md
|
|
|
|
|
2021-05-26 13:56:54 +00:00
|
|
|
.PHONY: validate-grype-test-config
|
|
|
|
validate-grype-test-config:
|
2021-05-25 21:04:41 +00:00
|
|
|
# ensure the update URL is not overridden (not pointing to staging)
|
2021-06-02 01:14:29 +00:00
|
|
|
@bash -c '\
|
|
|
|
grep -q "update-url" test/grype-test-config.yaml; \
|
|
|
|
if [ $$? -eq 0 ]; then \
|
|
|
|
echo "Found \"update-url\" in CLI testing config. Cannot release if previous CLI testing did not use production (default) values"; \
|
|
|
|
fi'
|
2021-05-25 21:04:41 +00:00
|
|
|
|
2021-11-30 18:10:07 +00:00
|
|
|
.PHONY: validate-syft-release-version
|
|
|
|
validate-syft-release-version:
|
|
|
|
@./.github/scripts/syft-released-version-check.sh
|
|
|
|
|
2020-07-24 01:26:03 +00:00
|
|
|
.PHONY: release
|
2021-11-14 02:56:47 +00:00
|
|
|
release: clean-dist validate-grype-test-config CHANGELOG.md ## Build and publish final binaries and packages. Intended to be run only on macOS.
|
2020-07-24 01:26:03 +00:00
|
|
|
$(call title,Publishing release artifacts)
|
2020-11-05 13:50:58 +00:00
|
|
|
|
|
|
|
# Prepare for macOS-specific signing process
|
|
|
|
.github/scripts/mac-prepare-for-signing.sh
|
|
|
|
|
2021-03-25 20:44:23 +00:00
|
|
|
# login to docker
|
2021-03-26 14:11:59 +00:00
|
|
|
# note: the previous step creates a new keychain, so it is important to reauth into docker.io
|
2021-03-25 20:44:23 +00:00
|
|
|
@echo $${DOCKER_PASSWORD} | docker login docker.io -u $${DOCKER_USERNAME} --password-stdin
|
|
|
|
|
2020-07-24 01:26:03 +00:00
|
|
|
# create a config with the dist dir overridden
|
|
|
|
echo "dist: $(DISTDIR)" > $(TEMPDIR)/goreleaser.yaml
|
|
|
|
cat .goreleaser.yaml >> $(TEMPDIR)/goreleaser.yaml
|
|
|
|
|
2020-11-11 22:30:50 +00:00
|
|
|
# release (note the version transformation from v0.7.0 --> 0.7.0)
|
2021-10-26 14:04:38 +00:00
|
|
|
# DOCKER_CLI_EXPERIMENTAL needed to support multi architecture builds for goreleaser
|
2020-11-11 22:30:50 +00:00
|
|
|
bash -c "\
|
|
|
|
BUILD_GIT_TREE_STATE=$(GITTREESTATE) \
|
2021-10-26 14:04:38 +00:00
|
|
|
DOCKER_CLI_EXPERIMENTAL=enabled \
|
2021-09-16 20:08:07 +00:00
|
|
|
SYFT_VERSION=$(SYFTVERSION) \
|
2020-11-11 22:30:50 +00:00
|
|
|
VERSION=$(VERSION:v%=%) \
|
|
|
|
$(TEMPDIR)/goreleaser \
|
|
|
|
--rm-dist \
|
|
|
|
--config $(TEMPDIR)/goreleaser.yaml \
|
|
|
|
--release-notes <(cat CHANGELOG.md)"
|
2020-07-25 15:05:10 +00:00
|
|
|
|
|
|
|
# verify checksum signatures
|
|
|
|
.github/scripts/verify-signature.sh "$(DISTDIR)"
|
2020-07-24 01:26:03 +00:00
|
|
|
|
2020-07-30 16:37:49 +00:00
|
|
|
# upload the version file that supports the application version update check (excluding pre-releases)
|
|
|
|
.github/scripts/update-version-file.sh "$(DISTDIR)" "$(VERSION)"
|
2020-07-24 01:26:03 +00:00
|
|
|
|
|
|
|
.PHONY: clean
|
2020-07-25 15:05:10 +00:00
|
|
|
clean: clean-dist clean-snapshot ## Remove previous builds and result reports
|
2020-07-24 01:26:03 +00:00
|
|
|
rm -rf $(RESULTSDIR)/*
|
|
|
|
|
2020-07-25 15:05:10 +00:00
|
|
|
.PHONY: clean-snapshot
|
|
|
|
clean-snapshot:
|
2020-07-24 01:26:03 +00:00
|
|
|
rm -rf $(SNAPSHOTDIR) $(TEMPDIR)/goreleaser.yaml
|
|
|
|
|
|
|
|
.PHONY: clean-dist
|
2021-11-14 02:56:47 +00:00
|
|
|
clean-dist: clean-changelog
|
2020-07-24 01:26:03 +00:00
|
|
|
rm -rf $(DISTDIR) $(TEMPDIR)/goreleaser.yaml
|
2021-11-14 02:56:47 +00:00
|
|
|
|
|
|
|
.PHONY: clean-changelog
|
|
|
|
clean-changelog:
|
|
|
|
rm -f CHANGELOG.md
|