-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathMakefile
More file actions
77 lines (62 loc) · 2.64 KB
/
Makefile
File metadata and controls
77 lines (62 loc) · 2.64 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
.PHONY: build test
REGISTRY=semaphoreci/controller
LATEST_VERSION=$(shell git tag | sort --version-sort | tail -n 1)
APP_NAME=agent-k8s-controller
MONOREPO_TMP_DIR?=/tmp/monorepo
SECURITY_TOOLBOX_TMP_DIR?=$(MONOREPO_TMP_DIR)/security-toolbox
SECURITY_TOOLBOX_BRANCH ?= main
APP_DIRECTORY ?= /app
SECURITY_SCANNERS=vuln,secret,misconfig
check.prepare:
rm -rf $(MONOREPO_TMP_DIR)
git clone --depth 1 --filter=blob:none --sparse https://github.com/semaphoreio/semaphore $(MONOREPO_TMP_DIR) && \
cd $(MONOREPO_TMP_DIR) && \
git config core.sparseCheckout true && \
git sparse-checkout init --cone && \
git sparse-checkout set security-toolbox && \
git checkout main && cd -
check.static: check.prepare
docker run -it -v $$(pwd):$(APP_DIRECTORY) \
-v $(SECURITY_TOOLBOX_TMP_DIR):$(SECURITY_TOOLBOX_TMP_DIR) \
registry.semaphoreci.com/ruby:3 \
bash -c 'cd $(APP_DIRECTORY) && $(SECURITY_TOOLBOX_TMP_DIR)/code --language go -d'
check.deps: check.prepare
docker run -it -v $$(pwd):$(APP_DIRECTORY) \
-v $(SECURITY_TOOLBOX_TMP_DIR):$(SECURITY_TOOLBOX_TMP_DIR) \
registry.semaphoreci.com/ruby:3 \
bash -c 'cd $(APP_DIRECTORY) && $(SECURITY_TOOLBOX_TMP_DIR)/dependencies --language go -d'
check.docker: check.prepare
docker run -it -v $$(pwd):$(APP_DIRECTORY) \
-v $(SECURITY_TOOLBOX_TMP_DIR):$(SECURITY_TOOLBOX_TMP_DIR) \
-v /var/run/docker.sock:/var/run/docker.sock \
registry.semaphoreci.com/ruby:3 \
bash -c 'cd $(APP_DIRECTORY) && $(SECURITY_TOOLBOX_TMP_DIR)/docker -d --image $(REGISTRY):latest --scanners $(SECURITY_SCANNERS)'
check.generate-report: check.prepare
docker run -it \
-v $$(pwd):/app \
-v $(SECURITY_TOOLBOX_TMP_DIR):$(SECURITY_TOOLBOX_TMP_DIR) \
registry.semaphoreci.com/ruby:3 \
bash -c 'cd $(APP_DIRECTORY) && $(SECURITY_TOOLBOX_TMP_DIR)/report --service-name "[$(CHECK_TYPE)] $(APP_NAME)"'
check.generate-global-report: check.prepare
docker run -it \
-v $$(pwd):/app \
-v $(SECURITY_TOOLBOX_TMP_DIR):$(SECURITY_TOOLBOX_TMP_DIR) \
registry.semaphoreci.com/ruby:3 \
bash -c 'cd $(APP_DIRECTORY) && $(SECURITY_TOOLBOX_TMP_DIR)/global-report -i reports -o out'
lint:
revive -formatter friendly -config lint.toml ./...
test:
docker compose run --rm app gotestsum --format short-verbose --junitfile junit-report.xml --packages="./..." -- -p 1
build:
rm -rf build
env GOOS=linux go build -o build/controller main.go
docker.build: build
docker build -t $(REGISTRY):latest .
docker.push:
@if [ -z "$(LATEST_VERSION)" ]; then \
docker push $(REGISTRY):latest; \
else \
docker tag $(REGISTRY):latest $(REGISTRY):$(LATEST_VERSION); \
docker push $(REGISTRY):$(LATEST_VERSION); \
docker push $(REGISTRY):latest; \
fi