You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
206 lines
7.8 KiB
Makefile
206 lines
7.8 KiB
Makefile
# Set an output prefix, which is the local directory if not specified
|
|
PREFIX?=$(shell pwd)
|
|
|
|
GOFLAGS := -mod=vendor
|
|
|
|
# Populate version variables
|
|
# Add to compile time flags
|
|
NOTARY_PKG := github.com/theupdateframework/notary
|
|
NOTARY_VERSION := $(shell cat NOTARY_VERSION)
|
|
GITCOMMIT := $(shell git rev-parse --short HEAD)
|
|
GITUNTRACKEDCHANGES := $(shell git status --porcelain --untracked-files=no)
|
|
ifneq ($(GITUNTRACKEDCHANGES),)
|
|
GITCOMMIT := $(GITCOMMIT)-dirty
|
|
endif
|
|
CTIMEVAR=-X $(NOTARY_PKG)/version.GitCommit=$(GITCOMMIT) -X $(NOTARY_PKG)/version.NotaryVersion=$(NOTARY_VERSION)
|
|
GO_LDFLAGS=-ldflags "-w $(CTIMEVAR)"
|
|
GO_LDFLAGS_STATIC=-ldflags "-w $(CTIMEVAR) -extldflags -static"
|
|
GOOSES = darwin linux windows
|
|
NOTARY_BUILDTAGS ?= pkcs11
|
|
NOTARYDIR := /go/src/github.com/theupdateframework/notary
|
|
|
|
# check to be sure pkcs11 lib is always imported with a build tag
|
|
GO_LIST_PKCS11 := $(shell go list -tags "${NOTARY_BUILDTAGS}" -e -f '{{join .Deps "\n"}}' ./... | grep -v /vendor/ | xargs go list -e -f '{{if not .Standard}}{{.ImportPath}}{{end}}' | grep -q pkcs11)
|
|
ifeq ($(GO_LIST_PKCS11),)
|
|
$(info pkcs11 import was not found anywhere without a build tag, yay)
|
|
else
|
|
$(error You are importing pkcs11 somewhere and not using a build tag)
|
|
endif
|
|
|
|
_empty :=
|
|
_space := $(empty) $(empty)
|
|
|
|
# go cover test variables
|
|
COVERPROFILE?=coverage.txt
|
|
COVERMODE=atomic
|
|
PKGS ?= $(shell go list -tags "${NOTARY_BUILDTAGS}" ./... | grep -v /vendor/ | tr '\n' ' ')
|
|
|
|
.PHONY: clean all lint build test binaries cross cover docker-images notary-dockerfile
|
|
.DELETE_ON_ERROR: cover
|
|
.DEFAULT: default
|
|
|
|
all: clean lint build test binaries
|
|
|
|
# This only needs to be generated by hand when cutting full releases.
|
|
version/version.go:
|
|
./version/version.sh > $@
|
|
|
|
${PREFIX}/bin/notary-server: NOTARY_VERSION $(shell find . -type f -name '*.go')
|
|
@echo "+ $@"
|
|
@go build -tags ${NOTARY_BUILDTAGS} -o $@ ${GO_LDFLAGS} ./cmd/notary-server
|
|
|
|
${PREFIX}/bin/notary: NOTARY_VERSION $(shell find . -type f -name '*.go')
|
|
@echo "+ $@"
|
|
@go build -tags ${NOTARY_BUILDTAGS} -o $@ ${GO_LDFLAGS} ./cmd/notary
|
|
|
|
${PREFIX}/bin/notary-signer: NOTARY_VERSION $(shell find . -type f -name '*.go')
|
|
@echo "+ $@"
|
|
@go build -tags ${NOTARY_BUILDTAGS} -o $@ ${GO_LDFLAGS} ./cmd/notary-signer
|
|
|
|
${PREFIX}/bin/escrow: NOTARY_VERSION $(shell find . -type f -name '*.go')
|
|
@echo "+ $@"
|
|
@go build -tags ${NOTARY_BUILDTAGS} -o $@ ${GO_LDFLAGS} ./cmd/escrow
|
|
|
|
ifeq ($(shell uname -s),Darwin)
|
|
${PREFIX}/bin/static/notary-server:
|
|
@echo "notary-server: static builds not supported on OS X"
|
|
|
|
${PREFIX}/bin/static/notary-signer:
|
|
@echo "notary-signer: static builds not supported on OS X"
|
|
|
|
${PREFIX}/bin/static/notary:
|
|
@echo "notary: static builds not supported on OS X"
|
|
else
|
|
${PREFIX}/bin/static/notary-server: NOTARY_VERSION $(shell find . -type f -name '*.go')
|
|
@echo "+ $@"
|
|
@(export CGO_ENABLED=0; go build -tags "${NOTARY_BUILDTAGS} netgo" -o $@ ${GO_LDFLAGS_STATIC} ./cmd/notary-server)
|
|
|
|
${PREFIX}/bin/static/notary-signer: NOTARY_VERSION $(shell find . -type f -name '*.go')
|
|
@echo "+ $@"
|
|
@(export CGO_ENABLED=0; go build -tags "${NOTARY_BUILDTAGS} netgo" -o $@ ${GO_LDFLAGS_STATIC} ./cmd/notary-signer)
|
|
|
|
${PREFIX}/bin/static/notary:
|
|
@echo "+ $@"
|
|
@go build -tags "${NOTARY_BUILDTAGS} netgo" -o $@ ${GO_LDFLAGS_STATIC} ./cmd/notary
|
|
endif
|
|
|
|
|
|
# run all lint functionality - excludes Godep directory, vendoring, binaries, python tests, and git files
|
|
lint:
|
|
@echo "+ $@: golint, go vet, go fmt, gocycle, misspell, ineffassign"
|
|
# golint
|
|
@test -z "$(shell find . -type f -name "*.go" -not -path "./vendor/*" -not -name "*.pb.*" -exec golint {} \; | tee /dev/stderr)"
|
|
# gofmt
|
|
@test -z "$$(gofmt -s -l .| grep -v .pb. | grep -v vendor/ | tee /dev/stderr)"
|
|
# govet
|
|
ifeq ($(shell uname -s), Darwin)
|
|
@test -z "$(shell find . -iname *test*.go | grep -v _test.go | grep -v vendor | xargs echo "This file should end with '_test':" | tee /dev/stderr)"
|
|
else
|
|
@test -z "$(shell find . -iname *test*.go | grep -v _test.go | grep -v vendor | xargs -r echo "This file should end with '_test':" | tee /dev/stderr)"
|
|
endif
|
|
@test -z "$$(go vet -printf=false . 2>&1 | grep -v vendor/ | tee /dev/stderr)"
|
|
# gocyclo - we require cyclomatic complexity to be < 16
|
|
@test -z "$(shell find . -type f -name "*.go" -not -path "./vendor/*" -not -name "*.pb.*" -exec gocyclo -over 15 {} \; | tee /dev/stderr)"
|
|
# misspell - requires that the following be run first:
|
|
# go get -u github.com/client9/misspell/cmd/misspell
|
|
@test -z "$$(find . -type f | grep -v vendor/ | grep -v bin/ | grep -v misc/ | grep -v .git/ | grep -v \.pdf | xargs misspell | tee /dev/stderr)"
|
|
# ineffassign - requires that the following be run first:
|
|
# go get -u github.com/gordonklaus/ineffassign
|
|
@test -z "$(shell find . -type f -name "*.go" -not -path "./vendor/*" -not -name "*.pb.*" -exec ineffassign {} \; | tee /dev/stderr)"
|
|
# gosec - requires that the following be run first:
|
|
# go get -u github.com/securego/gosec/cmd/gosec/...
|
|
@rm -f gosec_output.csv
|
|
@gosec -fmt=csv -out=gosec_output.csv -exclude=G104,G304 ./... || (cat gosec_output.csv >&2; exit 1)
|
|
|
|
build:
|
|
@echo "+ $@"
|
|
@go build -tags "${NOTARY_BUILDTAGS}" -v ${GO_LDFLAGS} $(PKGS)
|
|
|
|
# When running `go test ./...`, it runs all the suites in parallel, which causes
|
|
# problems when running with a yubikey
|
|
test: TESTOPTS =
|
|
test:
|
|
@echo Note: when testing with a yubikey plugged in, make sure to include 'TESTOPTS="-p 1"'
|
|
@echo "+ $@ $(TESTOPTS)"
|
|
@echo
|
|
go test -tags "${NOTARY_BUILDTAGS}" $(TESTOPTS) $(PKGS)
|
|
|
|
integration: TESTDB = mysql
|
|
integration: clean
|
|
buildscripts/integrationtest.sh $(TESTDB)
|
|
|
|
testdb: TESTDB = mysql
|
|
testdb:
|
|
buildscripts/dbtests.sh $(TESTDB)
|
|
|
|
protos:
|
|
@protoc --go_out=plugins=grpc:. proto/*.proto
|
|
|
|
# This allows coverage for a package to come from tests in different package.
|
|
# Requires that the following:
|
|
# go get github.com/wadey/gocovmerge; go install github.com/wadey/gocovmerge
|
|
#
|
|
# be run first
|
|
gen-cover:
|
|
gen-cover:
|
|
@python -u buildscripts/covertest.py --tags "$(NOTARY_BUILDTAGS)" --pkgs="$(PKGS)" --testopts="${TESTOPTS}"
|
|
|
|
# Generates the cover binaries and runs them all in serial, so this can be used
|
|
# run all tests with a yubikey without any problems
|
|
cover: gen-cover covmerge
|
|
@go tool cover -html="$(COVERPROFILE)"
|
|
|
|
# Generates the cover binaries and runs them all in serial, so this can be used
|
|
# run all tests with a yubikey without any problems
|
|
ci: override TESTOPTS = -race
|
|
# Codecov knows how to merge multiple coverage files, so covmerge is not needed
|
|
ci: gen-cover
|
|
|
|
yubikey-tests: override PKGS = github.com/theupdateframework/notary/cmd/notary github.com/theupdateframework/notary/trustmanager/yubikey
|
|
yubikey-tests: ci
|
|
|
|
covmerge:
|
|
@gocovmerge $(shell find . -name coverage*.txt | tr "\n" " ") > $(COVERPROFILE)
|
|
@go tool cover -func="$(COVERPROFILE)"
|
|
|
|
clean-protos:
|
|
@rm proto/*.pb.go
|
|
|
|
client: ${PREFIX}/bin/notary
|
|
@echo "+ $@"
|
|
|
|
binaries: ${PREFIX}/bin/notary-server ${PREFIX}/bin/notary ${PREFIX}/bin/notary-signer
|
|
@echo "+ $@"
|
|
|
|
escrow: ${PREFIX}/bin/escrow
|
|
@echo "+ $@"
|
|
|
|
static: ${PREFIX}/bin/static/notary-server ${PREFIX}/bin/static/notary-signer ${PREFIX}/bin/static/notary
|
|
@echo "+ $@"
|
|
|
|
notary-dockerfile:
|
|
@docker build --rm --force-rm -t notary .
|
|
|
|
server-dockerfile:
|
|
@docker build --rm --force-rm -f server.Dockerfile -t notary-server .
|
|
|
|
signer-dockerfile:
|
|
@docker build --rm --force-rm -f signer.Dockerfile -t notary-signer .
|
|
|
|
docker-images: notary-dockerfile server-dockerfile signer-dockerfile
|
|
|
|
shell: notary-dockerfile
|
|
docker run --rm -it -v $(CURDIR)/cross:$(NOTARYDIR)/cross -v $(CURDIR)/bin:$(NOTARYDIR)/bin notary bash
|
|
|
|
cross:
|
|
@rm -rf $(CURDIR)/cross
|
|
@docker build --rm --force-rm -t notary -f cross.Dockerfile .
|
|
docker run --rm -v $(CURDIR)/cross:$(NOTARYDIR)/cross -e CTIMEVAR="${CTIMEVAR}" -e NOTARY_BUILDTAGS=$(NOTARY_BUILDTAGS) notary buildscripts/cross.sh $(GOOSES)
|
|
|
|
clean:
|
|
@echo "+ $@"
|
|
@rm -rf .cover cross
|
|
find . -name coverage.txt -delete
|
|
@rm -rf "${PREFIX}/bin/notary-server" "${PREFIX}/bin/notary" "${PREFIX}/bin/notary-signer"
|
|
@rm -rf "${PREFIX}/bin/static"
|