-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathMakefile
192 lines (140 loc) · 5.39 KB
/
Makefile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
TEMP_DIR = ./.tmp
IMAGE_NAME = ghcr.io/khulnasoft-lab/vulnlist
BIN_DIR = ./bin
ABS_BIN_DIR = $(shell realpath $(BIN_DIR))
# path to the grype repo, defaults to ../grype if not set in the GRYPE_PATH environment variable (same for the grype-db repo)
GRYPE_PATH ?= ../grype
GRYPE_DB_PATH ?= ../grype-db
# Command templates #################################
CRANE = $(TEMP_DIR)/crane
CHRONICLE = $(TEMP_DIR)/chronicle
GLOW = $(TEMP_DIR)/glow
PUBLISH_CMD = poetry publish --build -n
# Tool versions #################################
CHRONICLE_VERSION = v0.8.0
GLOW_VERSION = v1.4.1
CRANE_VERSION = v0.16.1
# Formatting variables #################################
BOLD := $(shell tput -T linux bold)
PURPLE := $(shell tput -T linux setaf 5)
GREEN := $(shell tput -T linux setaf 2)
CYAN := $(shell tput -T linux setaf 6)
RED := $(shell tput -T linux setaf 1)
RESET := $(shell tput -T linux sgr0)
TITLE := $(BOLD)$(PURPLE)
SUCCESS := $(BOLD)$(GREEN)
ERROR := $(BOLD)$(RED)
# this is the python package version for vulnlist, based off of the git state
# note: this should always have a prefixed "v"
PACKAGE_VERSION = v$(shell poetry run dunamai from git --style semver --dirty --no-metadata)
COMMIT = $(shell git rev-parse HEAD)
COMMIT_TAG = git-$(COMMIT)
ifndef PACKAGE_VERSION
$(error PACKAGE_VERSION is not set)
endif
.DEFAULT_GOAL := all
.PHONY: all
all: static-analysis test ## Run all validations
.PHONY: static-analysis
static-analysis: virtual-env-check ## Run all static analyses
pre-commit run -a --hook-stage push
.PHONY: test
test: unit ## Run all tests
virtual-env-check:
@ if [ "${VIRTUAL_ENV}" = "" ]; then \
echo "$(ERROR)Not in a virtual environment. Try running with 'poetry run' or enter a 'poetry shell' session.$(RESET)"; \
exit 1; \
fi
## Bootstrapping targets #################################
.PHONY: bootstrap
bootstrap: $(TEMP_DIR) ## Download and install all tooling dependencies
curl -sSfL https://raw.githubusercontent.com/anchore/chronicle/main/install.sh | sh -s -- -b $(TEMP_DIR)/ $(CHRONICLE_VERSION)
GOBIN="$(abspath $(TEMP_DIR))" go install github.com/charmbracelet/glow@$(GLOW_VERSION)
GOBIN="$(abspath $(TEMP_DIR))" go install github.com/google/go-containerregistry/cmd/crane@$(CRANE_VERSION)
$(TEMP_DIR):
mkdir -p $(TEMP_DIR)
$(BIN_DIR):
mkdir -p $(BIN_DIR)
## Development targets #################################
.PHONY: dev
dev: ## Get a development shell with locally editable grype, grype-db, and vulnlist repos
@DEV_VULNLIST_BIN_DIR=$(ABS_BIN_DIR) .github/scripts/dev-shell.sh $(provider) $(providers)
.PHONY: build-grype
build-grype: $(BIN_DIR) ## Build grype for local development
@cd $(GRYPE_PATH) && go build -o $(ABS_BIN_DIR)/grype ./cmd/grype
.PHONY: build-grype-db
build-grype-db: $(BIN_DIR) ## Build grype-db for local development
@cd $(GRYPE_DB_PATH) && go build -o $(ABS_BIN_DIR)/grype-db ./cmd/grype-db
.PHONY: update-db
update-db: check-dev-shell ## Build and import a grype database based off of the current configuration
@.github/scripts/update-dev-db.sh
.PHONY: check-dev-shell
check-dev-shell:
@test -n "$$DEV_VULNLIST_SHELL" || (echo "$(RED)DEV_VULNLIST_SHELL is not set. Run 'make dev provider=\"...\"' first$(RESET)" && exit 1)
## Static analysis targets #################################
.PHONY: lint
lint: virtual-env-check ## Show linting issues (ruff)
ruff check .
.PHONY: lint-fix
lint-fix: virtual-env-check ## Fix linting issues (ruff)
ruff check . --fix
.PHONY: format
format: virtual-env-check ## Format all code (black)
black src tests
.PHONY: check-types
check-types: virtual-env-check ## Run type checks (mypy)
mypy --config-file ./pyproject.toml src/vulnlist
## Testing targets #################################
.PHONY: unit
unit: virtual-env-check ## Run unit tests
pytest --cov-report html --cov vulnlist -v tests/unit/
.PHONY: unit-matrix
unit-matrix: virtual-env-check ## Run unit tests for all supported python versions
tox
## Build-related targets #################################
.PHONY: check-build-deps
check-build-deps:
@poetry self show plugins | grep poetry-dynamic-versioning || echo "install poetry-dynamic-versioning plugin with 'poetry plugin add poetry-dynamic-versioning[plugin]'"
.PHONY: build
build: check-build-deps ## Run build assets
git fetch --tags
rm -rf dist
poetry build
docker build \
-t $(IMAGE_NAME):$(COMMIT_TAG) \
.
.PHONY: version
version:
@echo $(PACKAGE_VERSION)
.PHONY: ci-check
ci-check:
@.github/scripts/ci-check.sh
.PHONY: ci-publish-commit
ci-publish-commit: ci-check
docker push $(IMAGE_NAME):$(COMMIT_TAG)
.PHONY: ci-promote-release
ci-promote-release: ci-check
$(CRANE) tag $(IMAGE_NAME):$(COMMIT_TAG) $(PACKAGE_VERSION)
$(CRANE) tag $(IMAGE_NAME):$(COMMIT_TAG) latest
.PHONY: ci-publish-testpypi
ci-publish-testpypi: clean-dist check-build-deps
poetry config repositories.testpypi https://test.pypi.org/legacy/
$(PUBLISH_CMD) -r testpypi
.PHONY: ci-publish-pypi
ci-publish-pypi: ci-check clean-dist check-build-deps
$(PUBLISH_CMD)
.PHONY: changelog
changelog:
@$(CHRONICLE) -vvv -n . --version-file VERSION > CHANGELOG.md
@$(GLOW) CHANGELOG.md
.PHONY: release
release:
@.github/scripts/trigger-release.sh
## Cleanup #################################
.PHONY: clean-dist
clean-dist:
rm -rf dist
## Halp! #################################
.PHONY: help
help:
@grep -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | sort | awk 'BEGIN {FS = ":.*?## "}; {printf "$(BOLD)$(CYAN)%-25s$(RESET)%s\n", $$1, $$2}'