-
Notifications
You must be signed in to change notification settings - Fork 12
/
Makefile.common
72 lines (61 loc) · 2.96 KB
/
Makefile.common
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
#############################################
#### Common Makefiles for distributions #####
#############################################
# Note: file is included in Makefile within distro folders,
# so paths are relative to distro folder unless they use SRC_ROOT
# SRC_ROOT is the top of the source tree.
SRC_ROOT := $(realpath $(dir $(lastword $(MAKEFILE_LIST))))
BUILD_DIR=$(shell basename $(shell yq '.dist.output_path' 'manifest.yaml'))
DISTRO_NAME=$(shell basename $(shell pwd))
########################
#### Check targets #####
########################
.PHONY: assert_build-dir
assert_build-dir:
@test $(BUILD_DIR) = _build || (echo "expected build directory _build but was $(BUILD_DIR): required because it is hardcoded for goreleaser" && exit 1)
NOTICE_OUTPUT ?= THIRD_PARTY_NOTICES.md
GO_MOD_TMP_FILE ?= /tmp/tmp_notices.json
.PHONY: third-party-notices
third-party-notices: assert_build-dir
@command -v go-licence-detector &> /dev/null || (echo "go-license-detector tool not found, install it from the base directory with \"make internal/tools\"" && exit 1)
echo '' > $(GO_MOD_TMP_FILE);\
cd $(BUILD_DIR) && go list -mod=mod -m -json all >> $(GO_MOD_TMP_FILE);\
go-licence-detector \
-in $(GO_MOD_TMP_FILE) \
-rules $(SRC_ROOT)/internal/assets/license/rules.json \
-noticeTemplate $(SRC_ROOT)/internal/assets/license/THIRD_PARTY_NOTICES.md.tmpl \
-noticeOut $(NOTICE_OUTPUT)
.PHONY: third-party-notices-check
third-party-notices-check: third-party-notices
@git diff --name-only | grep -q $(NOTICE_OUTPUT) \
&& { \
echo "Third party notices out of date, please run \"make licenses\" and commit the changes in this PR.";\
echo "Diff of $(NOTICE_OUTPUT):";\
git --no-pager diff HEAD -- $(NOTICE_OUTPUT);\
echo "go.mod file used:";\
cat $(BUILD_DIR)/go.mod;\
exit 1;\
} \
|| exit 0
trivy-check: IMAGE_NAME=newrelic/$(DISTRO_NAME)
trivy-check: IMAGE_TAG_TO_CHECK=$(shell git describe --tags --abbrev=0)-SNAPSHOT-$(shell git rev-parse --short=7 HEAD)
trivy-check:
docker images -a --filter 'reference=$(IMAGE_NAME)' | grep $(IMAGE_TAG_TO_CHECK) -q \
|| { echo 'Expected snapshot image "$(IMAGE_NAME):$(IMAGE_TAG_TO_CHECK)" to be present for trivy test' && exit 1; }; \
trivy image --scanners=vuln --vuln-type=os,library --severity=CRITICAL,HIGH --ignore-unfixed --format sarif \
--db-repository public.ecr.aws/aquasecurity/trivy-db:2 \
--java-db-repository public.ecr.aws/aquasecurity/trivy-java-db:1 \
$(IMAGE_NAME):$(IMAGE_TAG_TO_CHECK)-rc-amd64
########################
#### Build targets #####
########################
BINARY_NAME=$(shell yq '.dist.name' 'manifest.yaml')
build-distro: assert_build-dir $(BUILD_DIR)/$(BINARY_NAME)
$(BUILD_DIR)/$(BINARY_NAME): manifest.yaml
$(SRC_ROOT)/scripts/build.sh -d $(DISTRO_NAME)
generate-sources-for-distro: assert_build-dir $(BUILD_DIR)/go.mod
$(BUILD_DIR)/go.mod: manifest.yaml
$(SRC_ROOT)/scripts/build.sh -d $(DISTRO_NAME) -s true
.PHONY: clean-build-dir-distro
clean-build-dir-distro:
rm -rf $(BUILD_DIR)