Skip to content

Commit ca5a522

Browse files
bharath-b-rhbharath-b-rh
committed
ESO-155: AI suggestions Makefile improvements
Signed-off-by: Bharath B <[email protected]>
1 parent b3fd321 commit ca5a522

File tree

1 file changed

+37
-22
lines changed

1 file changed

+37
-22
lines changed

Makefile

Lines changed: 37 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -179,15 +179,15 @@ run: manifests generate fmt vet ## Run a controller from your host.
179179
# If you wish to build the manager image targeting other platforms you can use the --platform flag.
180180
# (i.e. docker build --platform linux/arm64). However, you must enable docker buildKit for it.
181181
# More info: https://docs.docker.com/develop/develop-images/build_enhancements/
182-
.PHONY: docker-build
183-
docker-build: ## Build docker image with the manager.
182+
.PHONY: image-build
183+
image-build: ## Build operator image.
184184
$(CONTAINER_TOOL) build -t ${IMG} .
185185

186-
.PHONY: docker-push
187-
docker-push: ## Push docker image with the manager.
186+
.PHONY: image-push
187+
image-push: ## Push operator image.
188188
$(CONTAINER_TOOL) push ${IMG}
189189

190-
# PLATFORMS defines the target platforms for the manager image be built to provide support to multiple
190+
# PLATFORMS defines the target platforms for the operator image be built to provide support to multiple
191191
# architectures. (i.e. make docker-buildx IMG=myregistry/mypoperator:0.0.1). To use this option you need to:
192192
# - be able to use docker buildx. More info: https://docs.docker.com/build/buildx/
193193
# - have enabled BuildKit. More info: https://docs.docker.com/develop/develop-images/build_enhancements/
@@ -198,10 +198,10 @@ PLATFORMS ?= linux/arm64,linux/amd64,linux/s390x,linux/ppc64le
198198
docker-buildx: ## Build and push docker image for the manager for cross-platform support
199199
# copy existing Dockerfile and insert --platform=${BUILDPLATFORM} into Dockerfile.cross, and preserve the original Dockerfile
200200
sed -e '1 s/\(^FROM\)/FROM --platform=\$$\{BUILDPLATFORM\}/; t' -e ' 1,// s//FROM --platform=\$$\{BUILDPLATFORM\}/' Dockerfile > Dockerfile.cross
201-
- $(CONTAINER_TOOL) buildx create --name external-secrets-operator-builder
202-
$(CONTAINER_TOOL) buildx use external-secrets-operator-builder
203-
- $(CONTAINER_TOOL) buildx build --push --platform=$(PLATFORMS) --tag ${IMG} -f Dockerfile.cross .
204-
- $(CONTAINER_TOOL) buildx rm external-secrets-operator-builder
201+
- docker buildx create --name external-secrets-operator-builder
202+
docker buildx use external-secrets-operator-builder
203+
- docker buildx build --push --platform=$(PLATFORMS) --tag ${IMG} -f Dockerfile.cross .
204+
- docker buildx rm external-secrets-operator-builder
205205
rm Dockerfile.cross
206206

207207
.PHONY: build-installer
@@ -240,7 +240,7 @@ LOCALBIN ?= $(shell pwd)/bin
240240
$(LOCALBIN):
241241
mkdir -p $(LOCALBIN)
242242

243-
## Location to story temp outputs
243+
## Location to store temp outputs
244244
OUTPUTS_PATH ?= $(shell pwd)/_output
245245
$(OUTPUTS_PATH):
246246
mkdir -p $(OUTPUTS_PATH)
@@ -293,16 +293,16 @@ govulncheck: $(LOCALBIN) ## Download govulncheck locally if necessary.
293293
ginkgo: $(LOCALBIN) ## Download ginkgo locally if necessary.
294294
$(call go-install-tool,$(GINKGO),github.com/onsi/ginkgo/v2/ginkgo)
295295

296-
# go-install-tool will 'go install' any package with custom target and name of binary, if it doesn't exist
296+
# go-install-tool will 'go install' any package with custom target and name of the binary.
297297
# $1 - target path with name of binary
298298
# $2 - package url which can be installed
299299
define go-install-tool
300300
@{ \
301301
set -e; \
302302
package=$(2) ;\
303-
echo "Downloading $${package}" ;\
303+
echo "Installing $${package}" ;\
304304
rm -f $(1) || true ;\
305-
GOBIN=$(LOCALBIN) go install $${package} ;\
305+
GOBIN=$(LOCALBIN) GOFLAGS="-mod=vendor" go install $${package} ;\
306306
}
307307
endef
308308

@@ -352,11 +352,11 @@ bundle: manifests kustomize operator-sdk ## Generate bundle manifests and metada
352352

353353
.PHONY: bundle-build
354354
bundle-build: ## Build the bundle image.
355-
docker build -f bundle.Dockerfile -t $(BUNDLE_IMG) .
355+
$(CONTAINER_TOOL) build -f bundle.Dockerfile -t $(BUNDLE_IMG) .
356356

357357
.PHONY: bundle-push
358358
bundle-push: ## Push the bundle image.
359-
$(MAKE) docker-push IMG=$(BUNDLE_IMG)
359+
$(CONTAINER_TOOL) push IMG=$(BUNDLE_IMG)
360360

361361
.PHONY: opm
362362
OPM = $(LOCALBIN)/opm
@@ -392,12 +392,12 @@ endif
392392
# https://github.com/operator-framework/community-operators/blob/7f1438c/docs/packaging-operator.md#updating-your-existing-operator
393393
.PHONY: catalog-build
394394
catalog-build: opm ## Build a catalog image.
395-
$(OPM) index add --container-tool docker --mode semver --tag $(CATALOG_IMG) --bundles $(BUNDLE_IMGS) $(FROM_INDEX_OPT)
395+
$(OPM) index add --container-tool $(CONTAINER_TOOL) --mode semver --tag $(CATALOG_IMG) --bundles $(BUNDLE_IMGS) $(FROM_INDEX_OPT)
396396

397397
# Push the catalog image.
398398
.PHONY: catalog-push
399399
catalog-push: ## Push a catalog image.
400-
$(MAKE) docker-push IMG=$(CATALOG_IMG)
400+
$(CONTAINER_TOOL) push IMG=$(CATALOG_IMG)
401401

402402
## verify the changes are working as expected.
403403
.PHONY: verify
@@ -419,15 +419,30 @@ docs: crd-ref-docs
419419

420420
## perform vulnerabilities scan using govulncheck.
421421
.PHONY: govulnscan
422-
#The ignored vulnerabilities are not in the operator code, but in the vendored packages.
422+
# The ignored vulnerabilities are not in the operator code, but in the vendored packages.
423+
# Each vulnerability ID corresponds to a specific issue that has been reviewed and deemed
424+
# acceptable for the current vendored dependencies.
423425
# - https://pkg.go.dev/vuln/GO-2025-3956
424426
# - https://pkg.go.dev/vuln/GO-2025-3547
425427
# - https://pkg.go.dev/vuln/GO-2025-3521
426-
KNOWN_VULNERABILITIES:="GO-2025-3547|GO-2025-3521|GO-2025-3956|GO-2025-3915"
428+
KNOWN_VULNERABILITIES=GO-2025-3956|GO-2025-3547|GO-2025-3521
427429
govulnscan: govulncheck $(OUTPUTS_PATH) ## Run govulncheck
428-
- $(GOVULNCHECK) ./... > $(OUTPUTS_PATH)/govulcheck.results 2>&1
429-
$(eval reported_vulnerabilities = $(strip $(shell grep "pkg.go.dev" $(OUTPUTS_PATH)/govulcheck.results | ([ -n $KNOWN_VULNERABILITIES ] && grep -Ev $(KNOWN_VULNERABILITIES) || cat) | wc -l)))
430-
@(if [ $(reported_vulnerabilities) -ne 0 ]; then echo -e "\n-- ERROR -- $(reported_vulnerabilities) new vulnerabilities reported, please check\n"; exit 1; fi)
430+
@echo "Running govulncheck vulnerability scan..."
431+
@$(GOVULNCHECK) ./... > $(OUTPUTS_PATH)/govulcheck.results 2>&1 || true
432+
@grep -q "pkg.go.dev" $(OUTPUTS_PATH)/govulcheck.results || { \
433+
echo "-- ERROR -- govulncheck may have failed to run; see $(OUTPUTS_PATH)/govulcheck.results"; exit 1; }
434+
@echo "Filtering known vulnerabilities and counting new ones..."
435+
$(eval reported_vulnerabilities = $(strip $(shell grep "pkg.go.dev" $(OUTPUTS_PATH)/govulcheck.results | grep -Ev "$(KNOWN_VULNERABILITIES)" | wc -l)))
436+
@echo "Found $(reported_vulnerabilities) new vulnerabilities (excluding known issues)"
437+
@(if [ $(reported_vulnerabilities) -ne 0 ]; then \
438+
echo ""; \
439+
echo "-- ERROR -- $(reported_vulnerabilities) new vulnerabilities reported"; \
440+
echo "Please review $(OUTPUTS_PATH)/govulcheck.results for details"; \
441+
echo ""; \
442+
exit 1; \
443+
else \
444+
echo "✓ Vulnerability scan passed - no new issues found"; \
445+
fi)
431446

432447
# Utilize controller-runtime provided envtest for API integration test
433448
.PHONY: test-apis ## Run only the api integration tests.

0 commit comments

Comments
 (0)