forked from alphagov/paas-cf
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathMakefile
295 lines (253 loc) Β· 12.7 KB
/
Makefile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
.PHONY: help test spec lint_yaml lint_terraform lint_shellcheck lint_concourse check-env
.DEFAULT_GOAL := help
help:
@grep -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | sort | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}'
DEPLOY_ENV_MAX_LENGTH=8
DEPLOY_ENV_VALID_LENGTH=$(shell if [ $$(printf "%s" $(DEPLOY_ENV) | wc -c) -gt $(DEPLOY_ENV_MAX_LENGTH) ]; then echo ""; else echo "OK"; fi)
DEPLOY_ENV_VALID_CHARS=$(shell if echo $(DEPLOY_ENV) | grep -q '^[a-zA-Z0-9-]*$$'; then echo "OK"; else echo ""; fi)
LOGSEARCH_BOSHRELEASE_TAG=v209.0.0
LOGSEARCH_FOR_CLOUDFOUNDRY_TAG=v207.0.0
check-env:
$(if ${DEPLOY_ENV},,$(error Must pass DEPLOY_ENV=<name>))
$(if ${DEPLOY_ENV_VALID_LENGTH},,$(error Sorry, DEPLOY_ENV ($(DEPLOY_ENV)) has a max length of $(DEPLOY_ENV_MAX_LENGTH), otherwise derived names will be too long))
$(if ${DEPLOY_ENV_VALID_CHARS},,$(error Sorry, DEPLOY_ENV ($(DEPLOY_ENV)) must use only alphanumeric chars and hyphens, otherwise derived names will be malformatted))
@./scripts/validate_aws_credentials.sh
test: spec compile_platform_tests lint_yaml lint_terraform lint_shellcheck lint_concourse lint_ruby lint_posix_newlines ## Run linting tests
spec:
cd scripts &&\
go get -d -t . &&\
go test
cd scripts &&\
bundle exec rspec
cd tools/metrics &&\
go test -v ./...
cd concourse/scripts &&\
go get -d -t . &&\
go test
cd concourse/scripts &&\
bundle exec rspec
cd manifests/shared &&\
bundle exec rspec
cd manifests/cloud-config &&\
bundle exec rspec
cd manifests/cf-manifest &&\
bundle exec rspec
cd manifests/prometheus &&\
bundle exec rspec
cd terraform/scripts &&\
go get -d -t . &&\
go test
cd platform-tests &&\
./run_tests.sh src/platform/availability/monitor/
compile_platform_tests:
GOPATH="$$(pwd)/platform-tests" \
go test -run ^$$ \
platform/acceptance \
platform/availability/api \
platform/availability/app \
platform/availability/helpers \
platform/availability/monitor \
platform/performance
lint_yaml:
find . -name '*.yml' -not -path '*/vendor/*' -not -path './manifests/prometheus/upstream/*' | xargs yamllint -c yamllint.yml
.PHONY: lint_terraform
lint_terraform: dev ## Lint the terraform files.
$(eval export TF_VAR_system_dns_zone_name=$SYSTEM_DNS_ZONE_NAME)
$(eval export TF_VAR_apps_dns_zone_name=$APPS_DNS_ZONE_NAME)
@terraform/scripts/lint.sh
lint_shellcheck:
find . -name '*.sh' -not -path '*/vendor/*' -not -path './platform-tests/pkg/*' -not -path './manifests/cf-deployment/*' -not -path './manifests/prometheus/upstream/*' | xargs shellcheck
lint_concourse:
cd .. && SHELLCHECK_OPTS="-e SC1091" python paas-cf/concourse/scripts/pipecleaner.py --fatal-warnings paas-cf/concourse/pipelines/*.yml
.PHONY: lint_ruby
lint_ruby:
bundle exec govuk-lint-ruby
.PHONY: lint_posix_newlines
lint_posix_newlines:
@# for some reason `git ls-files` is including 'manifests/cf-deployment' in its output...which is a directory
git ls-files | grep -v -e vendor/ -e manifests/cf-deployment -e manifests/prometheus/upstream | xargs ./scripts/test_posix_newline.sh
GPG = $(shell command -v gpg2 || command -v gpg)
.PHONY: list_merge_keys
list_merge_keys: ## List all GPG keys allowed to sign merge commits.
$(if $(GPG),,$(error "gpg2 or gpg not found in PATH"))
@for key in $$(cat .gpg-id); do \
printf "$${key}: "; \
if [ "$$($(GPG) --version | awk 'NR==1 { split($$3,version,"."); print version[1]}')" = "2" ]; then \
$(GPG) --list-keys --with-colons $$key 2> /dev/null | awk -F: '/^uid/ {found = 1; print $$10; exit} END {if (found != 1) {print "*** not found in local keychain ***"}}'; \
else \
$(GPG) --list-keys --with-colons $$key 2> /dev/null | awk -F: '/^pub/ {found = 1; print $$10} END {if (found != 1) {print "*** not found in local keychain ***"}}'; \
fi;\
done
.PHONY: update_merge_keys
update_merge_keys:
ruby concourse/scripts/generate-public-key-vars.rb
.PHONY: globals
PASSWORD_STORE_DIR?=${HOME}/.paas-pass
globals:
$(eval export PASSWORD_STORE_DIR=${PASSWORD_STORE_DIR})
$(eval export LOGIT_PASSWORD_STORE_DIR?=${HOME}/.paas-pass)
@true
.PHONY: dev
dev: globals ## Set Environment to DEV
$(eval export AWS_DEFAULT_REGION ?= eu-west-1)
$(eval export AWS_ACCOUNT=dev)
$(eval export MAKEFILE_ENV_TARGET=dev)
$(eval export PERSISTENT_ENVIRONMENT=false)
$(eval export ENABLE_DESTROY=true)
$(eval export ENABLE_AUTODELETE=true)
$(eval export SYSTEM_DNS_ZONE_NAME=${DEPLOY_ENV}.dev.cloudpipeline.digital)
$(eval export APPS_DNS_ZONE_NAME=${DEPLOY_ENV}.dev.cloudpipelineapps.digital)
$(eval export ALERT_EMAIL_ADDRESS=govpaas-alerting-dev@digital.cabinet-office.gov.uk)
$(eval export ENABLE_ALERT_NOTIFICATIONS ?= false)
$(eval export SKIP_COMMIT_VERIFICATION=true)
$(eval export ENV_SPECIFIC_BOSH_VARS_FILE=default.yml)
$(eval export DISABLE_HEALTHCHECK_DB=true)
$(eval export CONCOURSE_AUTH_DURATION=48h)
$(eval export DISABLE_PIPELINE_LOCKING=true)
$(eval export TEST_HEAVY_LOAD=true)
$(eval export ENABLE_MORNING_DEPLOYMENT=true)
$(eval export SLIM_DEV_DEPLOYMENT ?= true)
@true
.PHONY: stg-lon
stg-lon: globals ## Set Environment to stg-lon
$(eval export AWS_ACCOUNT=staging)
$(eval export MAKEFILE_ENV_TARGET=stg-lon)
$(eval export PERSISTENT_ENVIRONMENT=true)
$(eval export ENABLE_AUTO_DEPLOY=true)
$(eval export OUTPUT_TAG_PREFIX=prod-)
$(eval export SYSTEM_DNS_ZONE_NAME=london.staging.cloudpipeline.digital)
$(eval export APPS_DNS_ZONE_NAME=london.staging.cloudpipelineapps.digital)
$(eval export ALERT_EMAIL_ADDRESS=the-multi-cloud-paas-team+stg-lon@digital.cabinet-office.gov.uk)
$(eval export NEW_ACCOUNT_EMAIL_ADDRESS=${ALERT_EMAIL_ADDRESS})
$(eval export ENV_SPECIFIC_BOSH_VARS_FILE=stg-lon.yml)
$(eval export DEPLOY_ENV=stg-lon)
$(eval export TEST_HEAVY_LOAD=true)
$(eval export AIVEN_PASSWORD_STORE_HIGH_DIR?=${HOME}/.paas-pass-high)
$(eval export AWS_DEFAULT_REGION=eu-west-2)
@true
.PHONY: prod
prod: globals ## Set Environment to Production
$(eval export AWS_ACCOUNT=prod)
$(eval export MAKEFILE_ENV_TARGET=prod)
$(eval export PERSISTENT_ENVIRONMENT=true)
$(eval export ENABLE_AUTO_DEPLOY=true)
$(eval export INPUT_TAG_PREFIX=prod-)
$(eval export SYSTEM_DNS_ZONE_NAME=cloud.service.gov.uk)
$(eval export APPS_DNS_ZONE_NAME=cloudapps.digital)
$(eval export ALERT_EMAIL_ADDRESS=the-multi-cloud-paas-team+prod@digital.cabinet-office.gov.uk)
$(eval export NEW_ACCOUNT_EMAIL_ADDRESS=${ALERT_EMAIL_ADDRESS})
$(eval export ENV_SPECIFIC_BOSH_VARS_FILE=prod.yml)
$(eval export DISABLE_CF_ACCEPTANCE_TESTS=true)
$(eval export DEPLOY_ENV=prod)
$(eval export AIVEN_PASSWORD_STORE_HIGH_DIR?=${HOME}/.paas-pass-high)
$(eval export AWS_DEFAULT_REGION=eu-west-1)
@true
.PHONY: prod-lon
prod-lon: globals ## Set Environment to prod-lon
$(eval export AWS_ACCOUNT=prod)
$(eval export MAKEFILE_ENV_TARGET=prod-lon)
$(eval export PERSISTENT_ENVIRONMENT=true)
$(eval export ENABLE_AUTO_DEPLOY=true)
$(eval export INPUT_TAG_PREFIX=prod-)
$(eval export SYSTEM_DNS_ZONE_NAME=london.cloud.service.gov.uk)
$(eval export APPS_DNS_ZONE_NAME=london.cloudapps.digital)
$(eval export ALERT_EMAIL_ADDRESS=the-multi-cloud-paas-team+prod-lon@digital.cabinet-office.gov.uk)
$(eval export NEW_ACCOUNT_EMAIL_ADDRESS=${ALERT_EMAIL_ADDRESS})
$(eval export ENV_SPECIFIC_BOSH_VARS_FILE=prod-lon.yml)
$(eval export DISABLE_CF_ACCEPTANCE_TESTS=true)
$(eval export DEPLOY_ENV=prod-lon)
$(eval export AIVEN_PASSWORD_STORE_HIGH_DIR?=${HOME}/.paas-pass-high)
$(eval export AWS_DEFAULT_REGION=eu-west-2)
@true
.PHONY: bosh-cli
bosh-cli:
@echo "bosh-cli has moved to paas-bootstrap π"
.PHONY: ssh_bosh
ssh_bosh: ## SSH to the bosh server
@echo "ssh_bosh has moved to paas-bootstrap π"
.PHONY: pipelines
pipelines: check-env ## Upload pipelines to Concourse
concourse/scripts/pipelines-cloudfoundry.sh
.PHONY: trigger-deploy
trigger-deploy: check-env ## Trigger a run of the create-cloudfoundry pipeline.
concourse/scripts/trigger-deploy.sh
.PHONY: pause-kick-off
pause-kick-off: check-env ## Pause the morning kick-off of deployment.
concourse/scripts/pause-kick-off.sh pause
.PHONY: unpause-kick-off
unpause-kick-off: check-env ## Unpause the morning kick-off of deployment.
concourse/scripts/pause-kick-off.sh unpause
.PHONY: showenv
showenv: check-env ## Display environment information
$(eval export TARGET_CONCOURSE=deployer)
@concourse/scripts/environment.sh
@scripts/show-vars-store-secrets.sh cf-vars-store cf_admin_password
@echo export CONCOURSE_IP=$$(aws ec2 describe-instances \
--filters "Name=tag:deploy_env,Values=${DEPLOY_ENV}" 'Name=tag:instance_group,Values=concourse' \
--query 'Reservations[].Instances[].PublicIpAddress' --output text)
@scripts/show-vars-store-secrets.sh prometheus-vars-store alertmanager_password grafana_password grafana_mon_password prometheus_password
.PHONY: upload-all-secrets
upload-all-secrets: upload-google-oauth-secrets upload-notify-secrets upload-aiven-secrets upload-logit-secrets upload-pagerduty-secrets
.PHONY: upload-google-oauth-secrets
upload-google-oauth-secrets: check-env ## Decrypt and upload Google Admin Console credentials to S3
$(eval export OAUTH_PASSWORD_STORE_DIR?=${HOME}/.paas-pass)
$(if ${MAKEFILE_ENV_TARGET},,$(error Must set MAKEFILE_ENV_TARGET))
$(if ${OAUTH_PASSWORD_STORE_DIR},,$(error Must pass OAUTH_PASSWORD_STORE_DIR=<path_to_password_store>))
$(if $(wildcard ${OAUTH_PASSWORD_STORE_DIR}),,$(error Password store ${OAUTH_PASSWORD_STORE_DIR} does not exist))
@scripts/upload-google-oauth-secrets.sh
.PHONY: upload-notify-secrets
upload-notify-secrets: check-env ## Decrypt and upload Notify Credentials to S3
$(eval export NOTIFY_PASSWORD_STORE_DIR?=${HOME}/.paas-pass)
$(if ${MAKEFILE_ENV_TARGET},,$(error Must set MAKEFILE_ENV_TARGET))
$(if ${NOTIFY_PASSWORD_STORE_DIR},,$(error Must pass NOTIFY_PASSWORD_STORE_DIR=<path_to_password_store>))
$(if $(wildcard ${NOTIFY_PASSWORD_STORE_DIR}),,$(error Password store ${NOTIFY_PASSWORD_STORE_DIR} does not exist))
@scripts/upload-notify-secrets.sh
.PHONY: upload-aiven-secrets
upload-aiven-secrets: check-env ## Decrypt and upload Aiven credentials to S3
$(eval export AIVEN_PASSWORD_STORE_DIR?=${HOME}/.paas-pass)
$(if ${MAKEFILE_ENV_TARGET},,$(error Must set MAKEFILE_ENV_TARGET))
$(if ${AIVEN_PASSWORD_STORE_DIR},,$(error Must pass AIVEN_PASSWORD_STORE_DIR=<path_to_password_store>))
$(if $(wildcard ${AIVEN_PASSWORD_STORE_DIR}),,$(error Password store ${AIVEN_PASSWORD_STORE_DIR} does not exist))
@scripts/upload-aiven-secrets.sh
.PHONY: upload-logit-secrets
upload-logit-secrets: check-env ## Decrypt and upload Logit credentials to S3
$(if ${AWS_ACCOUNT},,$(error Must set environment to dev/staging/prod))
$(if ${LOGIT_PASSWORD_STORE_DIR},,$(error Must pass LOGIT_PASSWORD_STORE_DIR=<path_to_password_store>))
$(if $(wildcard ${LOGIT_PASSWORD_STORE_DIR}),,$(error Password store ${LOGIT_PASSWORD_STORE_DIR} does not exist))
@scripts/upload-logit-secrets.sh
.PHONY: upload-pagerduty-secrets
upload-pagerduty-secrets: check-env ## Decrypt and upload pagerduty credentials to S3
$(eval export PAGERDUTY_PASSWORD_STORE_DIR?=${HOME}/.paas-pass)
$(if ${MAKEFILE_ENV_TARGET},,$(error Must set MAKEFILE_ENV_TARGET))
$(if $(wildcard ${PAGERDUTY_PASSWORD_STORE_DIR}),,$(error Password store ${PAGERDUTY_PASSWORD_STORE_DIR} does not exist))
@scripts/upload-pagerduty-secrets.sh
.PHONY: pingdom
pingdom: check-env ## Use custom Terraform provider to set up Pingdom check
$(if ${ACTION},,$(error Must pass ACTION=<plan|apply|...>))
$(eval export PASSWORD_STORE_DIR=${PASSWORD_STORE_DIR})
@terraform/scripts/set-up-pingdom.sh ${ACTION}
merge_pr: ## Merge a PR. Must specify number in a PR=<number> form.
$(if ${PR},,$(error Must pass PR=<number>))
bundle exec github_merge_sign --pr ${PR}
find_diverged_forks: ## Check all github forks belonging to paas to see if they've diverged upstream
$(if ${GITHUB_TOKEN},,$(error Must pass GITHUB_TOKEN=<personal github token>))
./scripts/find_diverged_forks.py alphagov --prefix=paas --github-token=${GITHUB_TOKEN}
.PHONY: run_job
run_job: check-env ## Unbind paas-cf of $JOB in create-cloudfoundry pipeline and then trigger it
$(if ${JOB},,$(error Must pass JOB=<name>))
./concourse/scripts/run_job.sh ${JOB}
ssh_concourse: check-env ## SSH to the concourse server. Set SSH_CMD to pass a command to execute.
@echo "ssh_concourse has moved to paas-bootstrap π"
tunnel: check-env ## SSH tunnel to internal IPs
@echo "tunnel has moved to paas-bootstrap π"
stop-tunnel: check-env ## Stop SSH tunnel
@echo "stop-tunnel has moved to paas-bootstrap π"
.PHONY: logit-filters
logit-filters:
mkdir -p config/logit/output
docker run --rm -it \
-v $(CURDIR):/mnt:ro \
-v $(CURDIR)/config/logit/output:/output:rw \
-w /mnt \
jruby:9.1-alpine ./scripts/generate_logit_filters.sh $(LOGSEARCH_BOSHRELEASE_TAG) $(LOGSEARCH_FOR_CLOUDFOUNDRY_TAG)
@echo "updated $(CURDIR)/config/logit/output/generated_logit_filters.conf"