2023-01-17 15:04:22 +00:00
BIN := syft
TEMP_DIR := ./.tmp
# Command templates #################################
LINT_CMD := $( TEMP_DIR) /golangci-lint run --tests= false
GOIMPORTS_CMD := $( TEMP_DIR) /gosimports -local github.com/anchore
2023-02-27 20:57:56 +00:00
RELEASE_CMD := $( TEMP_DIR) /goreleaser release --clean
2023-01-17 15:04:22 +00:00
SNAPSHOT_CMD := $( RELEASE_CMD) --skip-publish --skip-sign --snapshot
2023-02-08 16:38:27 +00:00
CHRONICLE_CMD = $( TEMP_DIR) /chronicle
GLOW_CMD = $( TEMP_DIR) /glow
2023-01-17 15:04:22 +00:00
# Tool versions #################################
2023-03-27 13:17:34 +00:00
GOLANGCILINT_VERSION := v1.52.2
2023-03-13 14:40:13 +00:00
GOSIMPORTS_VERSION := v0.3.8
2023-01-17 15:04:22 +00:00
BOUNCER_VERSION := v0.4.0
2023-02-08 16:38:27 +00:00
CHRONICLE_VERSION := v0.6.0
2023-03-20 17:20:48 +00:00
GORELEASER_VERSION := v1.16.2
2023-01-17 15:04:22 +00:00
YAJSV_VERSION := v1.4.1
COSIGN_VERSION := v1.13.1
QUILL_VERSION := v0.2.0
2023-02-09 15:10:35 +00:00
GLOW_VERSION := v1.5.0
2023-01-17 15:04:22 +00:00
# Formatting variables #################################
2020-07-06 10:58:34 +00:00
BOLD := $( shell tput -T linux bold)
PURPLE := $( shell tput -T linux setaf 5)
GREEN := $( shell tput -T linux setaf 2)
CYAN := $( shell tput -T linux setaf 6)
RED := $( shell tput -T linux setaf 1)
RESET := $( shell tput -T linux sgr0)
2020-05-12 14:45:18 +00:00
TITLE := $( BOLD) $( PURPLE)
SUCCESS := $( BOLD) $( GREEN)
2022-02-04 17:41:37 +00:00
2023-01-17 15:04:22 +00:00
# Test variables #################################
COMPARE_DIR := ./test/compare
COMPARE_TEST_IMAGE := centos:8.2.2004
COVERAGE_THRESHOLD := 62 # the quality gate lower threshold for unit test total % coverage (by function statements)
2020-07-23 14:52:44 +00:00
2023-01-17 15:04:22 +00:00
## Build variables #################################
VERSION := $( shell git describe --dirty --always --tags)
DIST_DIR := ./dist
SNAPSHOT_DIR := ./snapshot
CHANGELOG := CHANGELOG.md
OS := $( shell uname | tr '[:upper:]' '[:lower:]' )
SNAPSHOT_BIN := $( realpath $( shell pwd ) /$( SNAPSHOT_DIR) /$( OS) -build_$( OS) _amd64_v1/$( BIN) )
2021-03-11 17:41:10 +00:00
2022-02-09 13:25:31 +00:00
i f n d e f V E R S I O N
$( error VERSION is not set )
e n d i f
2020-07-06 10:58:34 +00:00
d e f i n e t i t l e
@printf '$(TITLE)$(1)$(RESET)\n'
e n d e f
2020-05-12 14:45:18 +00:00
2022-02-04 17:41:37 +00:00
d e f i n e s a f e _ r m _ r f
bash -c 'test -z "$(1)" && false || rm -rf $(1)'
e n d e f
d e f i n e s a f e _ r m _ r f _ c h i l d r e n
bash -c 'test -z "$(1)" && false || rm -rf $(1)/*'
e n d e f
2022-09-19 14:38:12 +00:00
.DEFAULT_GOAL := help
2020-07-06 10:58:34 +00:00
2020-07-23 14:52:44 +00:00
.PHONY : all
2023-01-17 15:04:22 +00:00
all : static -analysis test ## Run all linux-based checks (linting, license check, unit, integration, and linux compare tests)
2020-05-12 14:45:18 +00:00
@printf '$(SUCCESS)All checks pass!$(RESET)\n'
2023-01-17 15:04:22 +00:00
.PHONY : static -analysis
static-analysis : check -go -mod -tidy lint check -licenses check -json -schema -drift ## Run all static analysis checks
2020-07-06 10:58:34 +00:00
2023-01-17 15:04:22 +00:00
.PHONY : test
test : unit integration validate -cyclonedx -schema benchmark cli ## Run all tests (currently unit, integration, linux compare, and cli tests)
2021-03-11 17:41:10 +00:00
2021-03-18 13:01:07 +00:00
2023-01-17 15:04:22 +00:00
## Bootstrapping targets #################################
2021-03-18 13:01:07 +00:00
2023-01-17 15:04:22 +00:00
.PHONY : bootstrap
bootstrap : $( TEMP_DIR ) bootstrap -go bootstrap -tools ## Download and install all tooling dependencies (+ prep tooling in the ./tmp dir)
$( call title,Bootstrapping dependencies)
2021-03-18 13:01:07 +00:00
.PHONY : bootstrap -tools
2023-01-17 15:04:22 +00:00
bootstrap-tools : $( TEMP_DIR )
curl -sSfL https://raw.githubusercontent.com/anchore/quill/main/install.sh | sh -s -- -b $( TEMP_DIR) / $( QUILL_VERSION)
GO111MODULE = off GOBIN = $( realpath $( TEMP_DIR) ) go get -u golang.org/x/perf/cmd/benchstat
curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $( TEMP_DIR) / $( GOLANGCILINT_VERSION)
curl -sSfL https://raw.githubusercontent.com/wagoodman/go-bouncer/master/bouncer.sh | sh -s -- -b $( TEMP_DIR) / $( BOUNCER_VERSION)
curl -sSfL https://raw.githubusercontent.com/anchore/chronicle/main/install.sh | sh -s -- -b $( TEMP_DIR) / $( CHRONICLE_VERSION)
.github/scripts/goreleaser-install.sh -d -b $( TEMP_DIR) / $( GORELEASER_VERSION)
2022-09-14 17:38:18 +00:00
# the only difference between goimports and gosimports is that gosimports removes extra whitespace between import blocks (see https://github.com/golang/go/issues/20818)
2023-01-17 15:04:22 +00:00
GOBIN = " $( realpath $( TEMP_DIR) ) " go install github.com/rinchsan/gosimports/cmd/gosimports@$( GOSIMPORTS_VERSION)
GOBIN = " $( realpath $( TEMP_DIR) ) " go install github.com/neilpa/yajsv@$( YAJSV_VERSION)
GOBIN = " $( realpath $( TEMP_DIR) ) " go install github.com/sigstore/cosign/cmd/cosign@$( COSIGN_VERSION)
2023-02-08 16:38:27 +00:00
GOBIN = " $( realpath $( TEMP_DIR) ) " go install github.com/charmbracelet/glow@$( GLOW_VERSION)
2020-07-23 14:52:44 +00:00
2021-03-18 13:01:07 +00:00
.PHONY : bootstrap -go
bootstrap-go :
go mod download
2023-01-17 15:04:22 +00:00
$(TEMP_DIR) :
mkdir -p $( TEMP_DIR)
2021-03-18 13:01:07 +00:00
2023-01-17 15:04:22 +00:00
## Static analysis targets #################################
2020-07-25 20:40:37 +00:00
2020-07-23 14:52:44 +00:00
.PHONY : lint
2023-01-17 15:04:22 +00:00
lint : ## Run gofmt + golangci lint checks
2020-07-06 10:58:34 +00:00
$( call title,Running linters)
2020-07-23 17:08:31 +00:00
# ensure there are no go fmt differences
2020-07-06 10:58:34 +00:00
@printf " files with gofmt issues: [ $( shell gofmt -l -s .) ]\n "
@test -z " $( shell gofmt -l -s .) "
2020-07-23 17:08:31 +00:00
# run all golangci-lint rules
2023-01-17 15:04:22 +00:00
$( LINT_CMD)
2022-09-14 17:38:18 +00:00
@[ -z " $( shell $( GOIMPORTS_CMD) -d .) " ] || ( echo "goimports needs to be fixed" && false )
2020-05-12 14:45:18 +00:00
2020-07-23 17:08:31 +00:00
# go tooling does not play well with certain filename characters, ensure the common cases don't result in future "go get" failures
$( eval MALFORMED_FILENAMES := $( shell find . | grep -e ':' ) )
@bash -c " [[ ' $( MALFORMED_FILENAMES) ' == '' ]] || (printf '\nfound unsupported filename characters:\n $( MALFORMED_FILENAMES) \n\n' && false) "
2020-07-23 14:52:44 +00:00
.PHONY : lint -fix
2023-01-17 15:04:22 +00:00
lint-fix : ## Auto-format all source code + run golangci lint fixers
2020-07-06 10:58:34 +00:00
$( call title,Running lint fixers)
2020-05-21 13:37:20 +00:00
gofmt -w -s .
2022-09-14 17:38:18 +00:00
$( GOIMPORTS_CMD) -w .
2023-01-17 15:04:22 +00:00
$( LINT_CMD) --fix
2021-05-25 21:13:58 +00:00
go mod tidy
2020-05-12 14:45:18 +00:00
2020-07-23 14:52:44 +00:00
.PHONY : check -licenses
2023-01-17 15:04:22 +00:00
check-licenses : ## Ensure transitive dependencies are compliant with the current license policy
$( call title,Checking for license compliance)
$( TEMP_DIR) /bouncer check ./...
2020-07-23 14:52:44 +00:00
2021-05-25 21:13:58 +00:00
check-go-mod-tidy :
@ .github/scripts/go-mod-tidy-check.sh && echo "go.mod and go.sum are tidy!"
2023-01-17 15:04:22 +00:00
check-json-schema-drift :
$( call title,Ensure there is no drift between the JSON schema and the code)
2023-01-31 16:39:57 +00:00
@.github/scripts/json-schema-drift-check.sh
2023-01-17 15:04:22 +00:00
## Testing targets #################################
.PHONY : unit
unit : $( TEMP_DIR ) fixtures ## Run unit tests (with coverage)
$( call title,Running unit tests)
go test -coverprofile $( TEMP_DIR) /unit-coverage-details.txt $( shell go list ./... | grep -v anchore/syft/test)
@.github/scripts/coverage.py $( COVERAGE_THRESHOLD) $( TEMP_DIR) /unit-coverage-details.txt
.PHONY : integration
integration : ## Run integration tests
$( call title,Running integration tests)
go test -v ./test/integration
2020-08-27 23:12:45 +00:00
.PHONY : validate -cyclonedx -schema
validate-cyclonedx-schema :
cd schema/cyclonedx && make
2023-01-17 15:04:22 +00:00
.PHONY : cli
cli : $( SNAPSHOT_DIR ) ## Run CLI tests
chmod 755 " $( SNAPSHOT_BIN) "
$( SNAPSHOT_BIN) version
SYFT_BINARY_LOCATION = '$(SNAPSHOT_BIN)' \
go test -count= 1 -timeout= 15m -v ./test/cli
## Benchmark test targets #################################
2020-05-12 14:45:18 +00:00
2021-03-18 13:01:07 +00:00
.PHONY : benchmark
2023-01-17 15:04:22 +00:00
benchmark : $( TEMP_DIR ) ## Run benchmark tests and compare against the baseline (if available)
2021-03-18 13:01:07 +00:00
$( call title,Running benchmark tests)
2023-01-17 15:04:22 +00:00
go test -p 1 -run= ^Benchmark -bench= . -count= 7 -benchmem ./... | tee $( TEMP_DIR) /benchmark-$( VERSION) .txt
( test -s $( TEMP_DIR) /benchmark-main.txt && \
$( TEMP_DIR) /benchstat $( TEMP_DIR) /benchmark-main.txt $( TEMP_DIR) /benchmark-$( VERSION) .txt || \
$( TEMP_DIR) /benchstat $( TEMP_DIR) /benchmark-$( VERSION) .txt) \
| tee $( TEMP_DIR) /benchstat.txt
2021-03-18 13:01:07 +00:00
.PHONY : show -benchstat
show-benchstat :
2023-01-17 15:04:22 +00:00
@cat $( TEMP_DIR) /benchstat.txt
2022-02-01 21:58:47 +00:00
2023-01-17 15:04:22 +00:00
## Test-fixture-related targets #################################
2022-02-01 21:58:47 +00:00
2023-01-17 15:04:22 +00:00
# note: this is used by CI to determine if various test fixture cache should be restored or recreated
fingerprints :
$( call title,Creating all test cache input fingerprints)
2022-02-01 21:58:47 +00:00
2023-01-17 15:04:22 +00:00
# for IMAGE integration test fixtures
cd test/integration/test-fixtures && \
make cache.fingerprint
2020-07-07 22:04:27 +00:00
2023-03-07 15:52:29 +00:00
# for BINARY test fixtures
cd syft/pkg/cataloger/binary/test-fixtures && \
make cache.fingerprint
2023-01-17 15:04:22 +00:00
# for JAVA BUILD test fixtures
2022-02-01 21:58:47 +00:00
cd syft/pkg/cataloger/java/test-fixtures/java-builds && \
make packages.fingerprint
2020-07-13 16:11:11 +00:00
2023-01-17 15:04:22 +00:00
# for GO BINARY test fixtures
2022-03-17 00:07:02 +00:00
cd syft/pkg/cataloger/golang/test-fixtures/archs && \
make binaries.fingerprint
2023-01-17 15:04:22 +00:00
# for RPM test fixtures
2022-09-07 18:16:30 +00:00
cd syft/pkg/cataloger/rpm/test-fixtures && \
make rpms.fingerprint
2023-01-17 15:04:22 +00:00
# for INSTALL integration test fixtures
cd test/install && \
make cache.fingerprint
# for CLI test fixtures
cd test/cli/test-fixtures && \
make cache.fingerprint
2020-07-25 14:06:52 +00:00
.PHONY : fixtures
fixtures :
$( call title,Generating test fixtures)
2021-03-18 13:01:07 +00:00
cd syft/pkg/cataloger/java/test-fixtures/java-builds && make
2022-09-07 18:16:30 +00:00
cd syft/pkg/cataloger/rpm/test-fixtures && make
2023-03-07 15:52:29 +00:00
cd syft/pkg/cataloger/binary/test-fixtures && make
2020-07-25 14:06:52 +00:00
2023-01-17 15:04:22 +00:00
.PHONY : show -test -image -cache
show-test-image-cache : ## Show all docker and image tar cache
$( call title,Docker daemon cache)
@docker images --format '{{.ID}} {{.Repository}}:{{.Tag}}' | grep stereoscope-fixture- | sort
2020-08-04 20:05:53 +00:00
2023-01-17 15:04:22 +00:00
$( call title,Tar cache)
@find . -type f -wholename "**/test-fixtures/cache/stereoscope-fixture-*.tar" | sort
2021-11-15 19:41:46 +00:00
2023-01-17 15:04:22 +00:00
.PHONY : show -test -snapshots
show-test-snapshots : ## Show all test snapshots
$( call title,Test snapshots)
@find . -type f -wholename "**/test-fixtures/snapshot/*" | sort
2020-07-23 14:52:44 +00:00
2022-02-04 17:41:37 +00:00
2023-01-17 15:04:22 +00:00
## install.sh testing targets #################################
2020-07-23 14:52:44 +00:00
2023-01-17 15:04:22 +00:00
install-test : $( SNAPSHOT_DIR )
cd test/install && \
make
2022-02-04 17:41:37 +00:00
2023-01-17 15:04:22 +00:00
install-test-cache-save : $( SNAPSHOT_DIR )
cd test/install && \
make save
2022-02-04 17:41:37 +00:00
2023-01-17 15:04:22 +00:00
install-test-cache-load : $( SNAPSHOT_DIR )
cd test/install && \
make load
2022-02-04 17:41:37 +00:00
2023-01-17 15:04:22 +00:00
install-test-ci-mac : $( SNAPSHOT_DIR )
cd test/install && \
make ci-test-mac
2022-08-01 21:08:38 +00:00
2023-03-13 17:26:43 +00:00
.PHONY : generate -compare -file
generate-compare-file :
$( call title,Generating compare test file)
go run ./cmd/syft $( COMPARE_TEST_IMAGE) -o json > $( COMPARE_DIR) /test-fixtures/acceptance-centos-8.2.2004.json
2021-03-11 17:41:10 +00:00
# note: we cannot clean the snapshot directory since the pipeline builds the snapshot separately
2022-02-01 21:58:47 +00:00
.PHONY : compare -mac
2023-01-17 15:04:22 +00:00
compare-mac : $( TEMP_DIR ) $( SNAPSHOT_DIR ) ## Run compare tests on build snapshot binaries and packages (Mac)
2022-02-01 21:58:47 +00:00
$( call title,Running compare test: Run on Mac)
$( COMPARE_DIR) /mac.sh \
2023-01-17 15:04:22 +00:00
$( SNAPSHOT_DIR) \
2022-02-01 21:58:47 +00:00
$( COMPARE_DIR) \
$( COMPARE_TEST_IMAGE) \
2023-01-17 15:04:22 +00:00
$( TEMP_DIR)
2020-07-23 14:52:44 +00:00
2021-03-11 17:41:10 +00:00
# note: we cannot clean the snapshot directory since the pipeline builds the snapshot separately
2022-02-01 21:58:47 +00:00
.PHONY : compare -linux
2023-01-17 15:04:22 +00:00
compare-linux : compare -test -deb -package -install compare -test -rpm -package -install ## Run compare tests on build snapshot binaries and packages (Linux)
2021-03-11 17:41:10 +00:00
2022-02-01 21:58:47 +00:00
.PHONY : compare -test -deb -package -install
2023-01-17 15:04:22 +00:00
compare-test-deb-package-install : $( TEMP_DIR ) $( SNAPSHOT_DIR )
2022-02-01 21:58:47 +00:00
$( call title,Running compare test: DEB install)
$( COMPARE_DIR) /deb.sh \
2023-01-17 15:04:22 +00:00
$( SNAPSHOT_DIR) \
2022-02-01 21:58:47 +00:00
$( COMPARE_DIR) \
$( COMPARE_TEST_IMAGE) \
2023-01-17 15:04:22 +00:00
$( TEMP_DIR)
2020-07-23 14:52:44 +00:00
2022-02-01 21:58:47 +00:00
.PHONY : compare -test -rpm -package -install
2023-01-17 15:04:22 +00:00
compare-test-rpm-package-install : $( TEMP_DIR ) $( SNAPSHOT_DIR )
2022-02-01 21:58:47 +00:00
$( call title,Running compare test: RPM install)
$( COMPARE_DIR) /rpm.sh \
2023-01-17 15:04:22 +00:00
$( SNAPSHOT_DIR) \
2022-02-01 21:58:47 +00:00
$( COMPARE_DIR) \
$( COMPARE_TEST_IMAGE) \
2023-01-17 15:04:22 +00:00
$( TEMP_DIR)
2020-07-23 14:52:44 +00:00
2021-03-18 13:01:07 +00:00
2023-01-17 15:04:22 +00:00
## Code generation targets #################################
.PHONY : generate -json -schema
generate-json-schema : ## Generate a new json schema
cd schema/json && go run generate.go
.PHONY : generate -license -list
generate-license-list : ## Generate an updated spdx license list
go generate ./internal/spdxlicense/...
gofmt -s -w ./internal/spdxlicense
## Build-related targets #################################
.PHONY : build
build : $( SNAPSHOT_DIR ) ## Build release snapshot binaries and packages
$(SNAPSHOT_DIR) : ## Build snapshot release binaries and packages
$( call title,Building snapshot artifacts)
# create a config with the dist dir overridden
echo " dist: $( SNAPSHOT_DIR) " > $( TEMP_DIR) /goreleaser.yaml
cat .goreleaser.yaml >> $( TEMP_DIR) /goreleaser.yaml
# build release snapshots
$( SNAPSHOT_CMD) --config $( TEMP_DIR) /goreleaser.yaml
2021-03-18 13:01:07 +00:00
2021-11-14 02:56:25 +00:00
.PHONY : changelog
2023-02-08 16:38:27 +00:00
changelog : clean -changelog ## Generate and show the changelog for the current unreleased version
$( CHRONICLE_CMD) -vvv -n --version-file VERSION > $( CHANGELOG)
@$( GLOW_CMD) $( CHANGELOG)
2020-09-25 20:58:56 +00:00
2023-01-17 15:04:22 +00:00
$(CHANGELOG) :
2023-02-08 16:38:27 +00:00
$( CHRONICLE_CMD) -vvv > $( CHANGELOG)
2023-02-09 16:35:11 +00:00
.PHONY : release
release :
2023-02-08 16:38:27 +00:00
@.github/scripts/trigger-release.sh
2021-11-14 02:56:25 +00:00
2023-02-09 16:35:11 +00:00
.PHONY : ci -release
ci-release : ci -check clean -dist $( CHANGELOG )
2021-03-11 17:41:10 +00:00
$( call title,Publishing release artifacts)
2021-03-25 20:50:09 +00:00
2022-02-28 14:46:41 +00:00
# create a config with the dist dir overridden
2023-01-17 15:04:22 +00:00
echo " dist: $( DIST_DIR) " > $( TEMP_DIR) /goreleaser.yaml
cat .goreleaser.yaml >> $( TEMP_DIR) /goreleaser.yaml
2021-03-11 17:41:10 +00:00
bash -c " \
2022-02-04 17:41:37 +00:00
$( RELEASE_CMD) \
2023-01-17 15:04:22 +00:00
--config $( TEMP_DIR) /goreleaser.yaml \
--release-notes <( cat $( CHANGELOG) ) \
2022-10-31 22:21:30 +00:00
|| ( cat /tmp/quill-*.log && false ) "
2020-07-25 11:47:14 +00:00
2020-07-29 18:54:47 +00:00
# upload the version file that supports the application version update check (excluding pre-releases)
2023-01-17 15:04:22 +00:00
.github/scripts/update-version-file.sh " $( DIST_DIR) " " $( VERSION) "
2023-02-09 16:35:11 +00:00
.PHONY : ci -check
ci-check :
@.github/scripts/ci-check.sh
2023-01-17 15:04:22 +00:00
## Cleanup targets #################################
2020-07-23 14:52:44 +00:00
.PHONY : clean
2023-01-17 15:04:22 +00:00
clean : clean -dist clean -snapshot clean -test -image -cache ## Remove previous builds, result reports, and test cache
$( call safe_rm_rf_children,$( TEMP_DIR) )
2020-07-23 14:52:44 +00:00
2021-03-10 18:25:31 +00:00
.PHONY : clean -snapshot
clean-snapshot :
2023-01-17 15:04:22 +00:00
$( call safe_rm_rf,$( SNAPSHOT_DIR) )
rm -f $( TEMP_DIR) /goreleaser.yaml
2021-03-11 17:41:10 +00:00
.PHONY : clean -dist
2021-11-14 02:56:25 +00:00
clean-dist : clean -changelog
2023-01-17 15:04:22 +00:00
$( call safe_rm_rf,$( DIST_DIR) )
rm -f $( TEMP_DIR) /goreleaser.yaml
2021-03-23 18:31:59 +00:00
2021-11-14 02:56:25 +00:00
.PHONY : clean -changelog
clean-changelog :
2023-02-08 16:38:27 +00:00
rm -f $( CHANGELOG) VERSION
2021-11-14 02:56:25 +00:00
2022-09-19 14:38:12 +00:00
clean-test-image-cache : clean -test -image -tar -cache clean -test -image -docker -cache ## Clean test image cache
2021-03-23 18:31:59 +00:00
.PHONY : clear -test -image -tar -cache
2023-01-17 15:04:22 +00:00
clean-test-image-tar-cache : ## Delete all test cache (built docker image tars)
2021-03-23 18:31:59 +00:00
find . -type f -wholename "**/test-fixtures/cache/stereoscope-fixture-*.tar" -delete
.PHONY : clear -test -image -docker -cache
2023-01-17 15:04:22 +00:00
clean-test-image-docker-cache : ## Purge all test docker images
2022-07-18 12:45:37 +00:00
docker images --format '{{.ID}} {{.Repository}}' | grep stereoscope-fixture- | awk '{print $$1}' | uniq | xargs -r docker rmi --force
2021-03-23 18:31:59 +00:00
2023-01-17 15:04:22 +00:00
## Halp! #################################
2022-09-19 14:38:12 +00:00
.PHONY : help
help : ## Display this help
@grep -E '^[a-zA-Z_-]+:.*?## .*$$' $( MAKEFILE_LIST) | sort | awk 'BEGIN {FS = ":.*?## "}; {printf "$(BOLD)$(CYAN)%-25s$(RESET)%s\n", $$1, $$2}'