Mirrors/grype
2
0
Fork 0
mirror of https://github.com/anchore/grype synced 2024-11-10 14:44:12 +00:00
Code Issues Projects Releases Packages Wiki Activity
grype/test/quality/Makefile
William Murphy 0e7c72af59
chore: Init submodule if missing (#1439) 
Previously, if a user cloned grype without passing
"--recurse-submodules", the makefile under test/quality would fail to
initialize the submodule, resulting in unexpected behavior. Always
initialize the submodule if it's misisng.

Signed-off-by: Will Murphy <will.murphy@anchore.com>
2023-08-17 10:05:45 -04:00

68 lines
2.3 KiB
Makefile
Raw Blame History

SBOM_STORE_TAG = md5-$(shell md5sum .yardstick.yaml | cut -d' ' -f1)
SBOM_STORE_IMAGE = ghcr.io/anchore/grype/quality-test-sbom-store:$(SBOM_STORE_TAG)
ACTIVATE_VENV = . venv/bin/activate &&
YARDSTICK = $(ACTIVATE_VENV) yardstick -v
YARDSTICK_RESULT_DIR = .yardstick/result
YARDSTICK_LABELS_DIR = .yardstick/labels
VULNERABILITY_LABELS = ./vulnerability-labels
RESULT_SET = pr_vs_latest_via_sbom
# formatting variables
BOLD := $(shell tput -T linux bold)
PURPLE := $(shell tput -T linux setaf 5)
GREEN := $(shell tput -T linux setaf 2)
CYAN := $(shell tput -T linux setaf 6)
RED := $(shell tput -T linux setaf 1)
RESET := $(shell tput -T linux sgr0)
TITLE := $(BOLD)$(PURPLE)
SUCCESS := $(BOLD)$(GREEN)
.PHONY: all
all: capture validate ## Fetch or capture all data and run all quality checks
.PHONY: validate
validate: venv $(VULNERABILITY_LABELS)/Makefile ## Run all quality checks against already collected data
$(ACTIVATE_VENV) ./gate.py
.PHONY: capture
capture: sboms vulns ## Collect and store all syft and grype results
.PHONY: capture
vulns: venv ## Collect and store all grype results
$(YARDSTICK) -v result capture -r $(RESULT_SET)
.PHONY: sboms
sboms: $(YARDSTICK_RESULT_DIR) venv clear-results ## Collect and store all syft results (deletes all existing results)
bash -c "make download-sboms || ($(YARDSTICK) -v result capture -r $(RESULT_SET) --only-producers)"
.PHONY: download-sboms
download-sboms: $(VULNERABILITY_LABELS)/Makefile
cd vulnerability-match-labels && make venv
bash -c "export ORAS_CACHE=$(shell pwd)/.oras-cache && make venv && . vulnerability-match-labels/venv/bin/activate && ./vulnerability-match-labels/sboms.py download -r $(RESULT_SET)"
venv: venv/touchfile
venv/touchfile: requirements.txt
test -d venv || python3 -m venv venv
$(ACTIVATE_VENV) pip install -Ur requirements.txt
touch venv/touchfile
$(YARDSTICK_RESULT_DIR):
mkdir -p $(YARDSTICK_RESULT_DIR)
$(VULNERABILITY_LABELS)/Makefile:
git submodule update --init
.PHONY: clear-results
clear-results: venv ## Clear all existing yardstick results
$(YARDSTICK) result clear
.PHONY: clean
clean: clear-results ## Clear all existing yardstick results and delete python environment
rm -rf venv
find -iname "*.pyc" -delete
help:
@grep -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | sort | awk 'BEGIN {FS = ":.*?## "}; {printf "$(BOLD)$(CYAN)%-25s$(RESET)%s\n", $$1, $$2}'
Reference in a new issue View git blame Copy permalink