-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathMakefile
More file actions
112 lines (91 loc) · 3.5 KB
/
Makefile
File metadata and controls
112 lines (91 loc) · 3.5 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
include tools.env
VERSION ?= $(shell git describe --tags --always --dirty 2>/dev/null || echo dev)
LDFLAGS := -X github.com/bborbe/vault-cli/pkg/cli.version=$(VERSION)
.PHONY: default
default: precommit
.PHONY: run
run:
@go run main.go
.PHONY: build
build:
@go build -mod=mod -o bin/vault-cli main.go
.PHONY: install
install:
@go install -mod=mod -ldflags "$(LDFLAGS)" .
.PHONY: precommit
precommit: ensure format generate test check addlicense
@echo "ready to commit"
.PHONY: check-versions
check-versions:
@bash scripts/check-versions.sh
.PHONY: release-check
release-check: precommit check-versions
@echo "ready to release"
.PHONY: ensure
ensure:
go mod tidy -e
go mod verify
rm -rf vendor
.PHONY: format
format:
find . -type f -name 'go.mod' -not -path './vendor/*' -exec go run github.com/shoenig/go-modtool@$(GO_MODTOOL_VERSION) -w fmt "{}" \;
find . -type f -name '*.go' -not -path './vendor/*' -exec gofmt -w "{}" +
go run github.com/incu6us/goimports-reviser/v3@$(GOIMPORTS_REVISER_VERSION) -project-name github.com/bborbe/vault-cli -format -excludes vendor ./...
find . -type d -name vendor -prune -o -type f -name '*.go' -print0 | xargs -0 -n 10 go run github.com/segmentio/golines@$(GOLINES_VERSION) --max-len=100 -w
.PHONY: generate
generate:
rm -rf mocks avro
mkdir -p mocks
echo "package mocks" > mocks/mocks.go
go generate -mod=mod ./...
.PHONY: test
test:
go test -mod=mod -count=1 -p=$${GO_TEST_PARALLEL:-1} -cover -race $(shell go list -mod=mod ./... | grep -v /vendor/)
.PHONY: check
check: lint vet vulncheck osv-scanner trivy
.PHONY: lint
lint:
go run github.com/golangci/golangci-lint/v2/cmd/golangci-lint@$(GOLANGCI_LINT_VERSION) run --allow-parallel-runners --config .golangci.yml ./...
.PHONY: vet
vet:
go vet -mod=mod $(shell go list -mod=mod ./... | grep -v /vendor/)
VULNCHECK_IGNORE ?= GO-2026-4923 GO-2026-4514 GO-2022-0470 GO-2026-4772 GO-2026-4771
.PHONY: vulncheck
vulncheck:
@PKGS="$(shell go list -mod=mod ./... | grep -v /vendor/)"; \
IGNORE_JSON=$$(printf '%s\n' $(VULNCHECK_IGNORE) | jq -R . | jq -s .); \
REMAIN=$$(go run golang.org/x/vuln/cmd/govulncheck@$(GOVULNCHECK_VERSION) -format json $$PKGS 2>/dev/null | \
jq -rs --argjson ignore "$$IGNORE_JSON" \
'(map(select(.osv != null)) | map({key: .osv.id, value: (.osv.summary // "")}) | from_entries) as $$sum | \
map(select(.finding != null) | .finding) | \
map(select(.osv as $$o | $$ignore | index($$o) | not)) | \
map("\(.osv)\t\(.trace[-1].module)@\(.trace[-1].version) -> \(.fixed_version)\t\($$sum[.osv] // "")") | \
unique | .[]'); \
if [ -n "$$REMAIN" ]; then \
echo "Unexpected vulnerabilities (ignored: $(VULNCHECK_IGNORE)):"; \
printf '%s\n' "$$REMAIN" | column -t -s "$$(printf '\t')"; \
exit 1; \
else \
echo "No unignored vulnerabilities found"; \
fi
.PHONY: osv-scanner
osv-scanner:
@if [ -f .osv-scanner.toml ]; then \
echo "Using .osv-scanner.toml"; \
go run github.com/google/osv-scanner/v2/cmd/osv-scanner@$(OSV_SCANNER_VERSION) --config .osv-scanner.toml --recursive .; \
else \
echo "No config found, running default scan"; \
go run github.com/google/osv-scanner/v2/cmd/osv-scanner@$(OSV_SCANNER_VERSION) --recursive .; \
fi
.PHONY: trivy
trivy:
trivy fs \
--db-repository ghcr.io/aquasecurity/trivy-db \
--scanners vuln,secret \
--quiet \
--no-progress \
--disable-telemetry \
--exit-code 1 .
.PHONY: addlicense
addlicense:
go run github.com/google/addlicense@$(ADDLICENSE_VERSION) -c "Benjamin Borbe" -y $$(date +'%Y') -l bsd $$(find . -name "*.go" -not -path './vendor/*')