-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathMakefile
More file actions
273 lines (227 loc) · 10.4 KB
/
Copy pathMakefile
File metadata and controls
273 lines (227 loc) · 10.4 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
# Colors for terminal output
GREEN := \033[1;32m
YELLOW := \033[1;33m
BLUE := \033[1;34m
CYAN := \033[1;36m
WHITE := \033[1;37m
RESET := \033[0m
# Default target - show help
.DEFAULT_GOAL := help
# Variables
# Git version information
GIT_BRANCH := $(shell git rev-parse --abbrev-ref HEAD 2>/dev/null || echo "unknown")
GIT_SHA := $(shell git rev-parse --short HEAD 2>/dev/null || echo "unknown")
VERSION ?= "dev/$(GIT_BRANCH)/$(GIT_SHA)"
BUILD_TIME := $(shell date -u '+%Y-%m-%d_%H:%M:%S')
LDFLAGS := -X main.Version="$(VERSION)" -X main.BuildTime="$(BUILD_TIME)" -X main.GitCommit="$(GIT_SHA)"
BINARY_NAME := safe
GO_FILES := $(shell find . -name '*.go' -type f -not -path "./vendor/*")
##@ General
.PHONY: help
help: ## Display this help message
@echo "$(BLUE)safe Makefile$(RESET)"
@echo ""
@awk 'BEGIN {FS = ":.*##"; printf "Usage:\n make $(CYAN)<target>$(RESET)\n"} /^[a-zA-Z_-]+:.*?##/ { printf " $(CYAN)%-20s$(RESET) %s\n", $$1, $$2 } /^##@/ { printf "\n$(YELLOW)%s$(RESET)\n", substr($$0, 5) } ' $(MAKEFILE_LIST)
##@ Development
.PHONY: build
build: ## Build the safe binary for current OS/architecture
@echo "$(GREEN)Building $(BINARY_NAME)...$(RESET)"
@go build -ldflags="$(LDFLAGS)" -o $(BINARY_NAME) ./cmd/safe
@echo "$(GREEN)✓ Build complete$(RESET)"
.PHONY: linux
linux: ## Build the safe binary for Linux AMD64
@echo "$(GREEN)Building $(BINARY_NAME) for Linux AMD64...$(RESET)"
@env GOOS=linux GOARCH=amd64 go build -ldflags="$(LDFLAGS)" -o $(BINARY_NAME)-linux-amd64 ./cmd/safe
@echo "$(GREEN)✓ Linux build complete$(RESET)"
.PHONY: linux-arm64
linux-arm64: ## Build the safe binary for Linux ARM64
@echo "$(GREEN)Building $(BINARY_NAME) for Linux ARM64...$(RESET)"
@env GOOS=linux GOARCH=arm64 go build -ldflags="$(LDFLAGS)" -o $(BINARY_NAME)-linux-arm64 ./cmd/safe
@echo "$(GREEN)✓ Linux ARM64 build complete$(RESET)"
.PHONY: darwin
darwin: ## Build the safe binary for macOS AMD64
@echo "$(GREEN)Building $(BINARY_NAME) for macOS AMD64...$(RESET)"
@env GOOS=darwin GOARCH=amd64 go build -ldflags="$(LDFLAGS)" -o $(BINARY_NAME)-darwin-amd64 ./cmd/safe
@echo "$(GREEN)✓ macOS AMD64 build complete$(RESET)"
.PHONY: darwin-arm64
darwin-arm64: ## Build the safe binary for macOS ARM64 (Apple Silicon)
@echo "$(GREEN)Building $(BINARY_NAME) for macOS ARM64...$(RESET)"
@env GOOS=darwin GOARCH=arm64 go build -ldflags="$(LDFLAGS)" -o $(BINARY_NAME)-darwin-arm64 ./cmd/safe
@echo "$(GREEN)✓ macOS ARM64 build complete$(RESET)"
.PHONY: windows
windows: ## Build the safe binary for Windows AMD64
@echo "$(GREEN)Building $(BINARY_NAME) for Windows AMD64...$(RESET)"
@env GOOS=windows GOARCH=amd64 go build -ldflags="$(LDFLAGS)" -o $(BINARY_NAME)-windows-amd64.exe ./cmd/safe
@echo "$(GREEN)✓ Windows build complete$(RESET)"
.PHONY: build-all
build-all: linux linux-arm64 darwin darwin-arm64 windows ## Build binaries for all supported platforms
@echo "$(GREEN)✓ All platform builds complete$(RESET)"
##@ Testing & Quality
.PHONY: test
test: ## Run all tests with race detector
@echo "$(GREEN)Running tests...$(RESET)"
@go test -race -v $(shell go list ./... | grep -v vendor)
@echo "$(GREEN)✓ Tests complete$(RESET)"
.PHONY: test-short
test-short: ## Run tests in short mode (no race detector)
@echo "$(GREEN)Running short tests...$(RESET)"
@go test -short $(shell go list ./... | grep -v vendor)
@echo "$(GREEN)✓ Short tests complete$(RESET)"
.PHONY: test-race
test-race: ## Run all tests with the race detector explicitly
@echo "$(GREEN)Running tests with race detector...$(RESET)"
@go test -race ./...
@echo "$(GREEN)✓ Race detector tests complete$(RESET)"
.PHONY: coverage
coverage: ## Generate test coverage report
@echo "$(GREEN)Generating coverage report...$(RESET)"
@go test -coverprofile=coverage.out $(shell go list ./... | grep -v vendor)
@go tool cover -func=coverage.out
@echo "$(GREEN)✓ Coverage report generated$(RESET)"
.PHONY: coverage-html
coverage-html: coverage ## Generate and open HTML coverage report
@echo "$(GREEN)Opening HTML coverage report...$(RESET)"
@go tool cover -html=coverage.out
.PHONY: test-all
test-all: test coverage ## Run all tests and generate coverage report
@echo "$(GREEN)✓ All tests and coverage complete$(RESET)"
.PHONY: report
report: coverage-html ## Alias for coverage-html (backwards compatibility)
##@ Code Quality
.PHONY: fmt
fmt: ## Format all Go source files
@echo "$(GREEN)Formatting code...$(RESET)"
@go fmt $(shell go list ./... | grep -v vendor)
@echo "$(GREEN)✓ Code formatted$(RESET)"
.PHONY: vet
vet: ## Run go vet on all source files
@echo "$(GREEN)Running go vet...$(RESET)"
@go vet $(shell go list ./... | grep -v vendor)
@echo "$(GREEN)✓ Vet analysis complete$(RESET)"
.PHONY: lint
lint: fmt vet ## Run fmt and vet
.PHONY: govulncheck
govulncheck: ## Run vulnerability check on dependencies
@echo "$(GREEN)Checking for vulnerabilities...$(RESET)"
@command -v govulncheck >/dev/null 2>&1 || { \
echo "$(YELLOW)Installing govulncheck...$(RESET)"; \
go install golang.org/x/vuln/cmd/govulncheck@latest; \
}
@govulncheck $(shell go list ./... | grep -v vendor)
@echo "$(GREEN)✓ Vulnerability check complete$(RESET)"
.PHONY: gosec
gosec: ## Run security scanner on source code
@echo "$(GREEN)Running security scan...$(RESET)"
@command -v gosec >/dev/null 2>&1 || { \
echo "$(YELLOW)Installing gosec...$(RESET)"; \
go install github.com/securego/gosec/v2/cmd/gosec@latest; \
}
@gosec -fmt text ./...
@echo "$(GREEN)✓ Security scan complete$(RESET)"
.PHONY: staticcheck
staticcheck: ## Run staticcheck static analysis
@echo "$(GREEN)Running staticcheck...$(RESET)"
@command -v staticcheck >/dev/null 2>&1 || { \
echo "$(YELLOW)Installing staticcheck...$(RESET)"; \
go install honnef.co/go/tools/cmd/staticcheck@latest; \
}
@staticcheck $(shell go list ./... | grep -v vendor)
@echo "$(GREEN)✓ Staticcheck analysis complete$(RESET)"
.PHONY: trivy
trivy: ## Run Trivy container and dependency scanner
@echo "$(GREEN)Running Trivy scan...$(RESET)"
@command -v trivy >/dev/null 2>&1 || { \
echo "$(YELLOW)Trivy not found. Please install it:$(RESET)"; \
echo "$(CYAN) brew install trivy$(RESET) (macOS)"; \
echo "$(CYAN) apt-get install trivy$(RESET) (Debian/Ubuntu)"; \
echo "$(CYAN) Or visit: https://aquasecurity.github.io/trivy$(RESET)"; \
exit 1; \
}
@trivy fs --scanners vuln,misconfig,secret --severity HIGH,CRITICAL --skip-dirs vendor .
@echo "$(GREEN)✓ Trivy scan complete$(RESET)"
.PHONY: security
security: govulncheck gosec trivy ## Run all security scans (govulncheck, gosec, trivy)
@echo "$(GREEN)✓ All security scans complete$(RESET)"
.PHONY: check
check: lint vet staticcheck test ## Run basic checks (lint, vet, staticcheck, test)
@echo "$(GREEN)✓ Basic checks passed$(RESET)"
.PHONY: check-all
check-all: lint vet test-all ## Run all checks (lint, vet, tests with coverage)
@echo "$(GREEN)✓ All checks passed$(RESET)"
##@ Cleanup
.PHONY: clean
clean: ## Clean build artifacts and test cache
@echo "$(YELLOW)Cleaning up...$(RESET)"
@rm -f $(BINARY_NAME) $(BINARY_NAME)-*
@rm -f coverage.out coverage.html test.cov
@rm -rf artifacts/
@rm -rf safe-*/
@go clean -testcache
@echo "$(GREEN)✓ Cleanup complete$(RESET)"
##@ Release
.PHONY: shipit
shipit: ## Build release artifacts (requires VERSION env var)
@echo "$(BLUE)Preparing release...$(RESET)"
@echo "Checking that VERSION was defined in the calling environment"
@test -n "$(VERSION)" || { echo "$(RED)ERROR: VERSION not set$(RESET)"; exit 1; }
@echo "$(GREEN)OK. VERSION=$(VERSION)$(RESET)"
@echo "$(GREEN)Compiling safe binaries...$(RESET)"
@rm -rf artifacts
@mkdir artifacts
@GOOS=linux GOARCH=amd64 go build -ldflags="$(LDFLAGS)" -o artifacts/safe-linux-amd64 ./cmd/safe
@GOOS=linux GOARCH=arm64 go build -ldflags="$(LDFLAGS)" -o artifacts/safe-linux-arm64 ./cmd/safe
@GOOS=darwin GOARCH=amd64 go build -ldflags="$(LDFLAGS)" -o artifacts/safe-darwin-amd64 ./cmd/safe
@GOOS=darwin GOARCH=arm64 go build -ldflags="$(LDFLAGS)" -o artifacts/safe-darwin-arm64 ./cmd/safe
@GOOS=windows GOARCH=amd64 go build -ldflags="$(LDFLAGS)" -o artifacts/safe-windows-amd64.exe ./cmd/safe
@echo "$(GREEN)Assembling Distribution with platform binaries...$(RESET)"
@rm -f artifacts/*.tar.gz artifacts/*.tar.bz2
@rm -rf safe-$(VERSION)
@mkdir -p safe-$(VERSION)
@cp artifacts/safe-linux-amd64 safe-$(VERSION)/safe-linux-amd64
@cp artifacts/safe-linux-arm64 safe-$(VERSION)/safe-linux-arm64
@cp artifacts/safe-darwin-amd64 safe-$(VERSION)/safe-darwin-amd64
@cp artifacts/safe-darwin-arm64 safe-$(VERSION)/safe-darwin-arm64
@cp artifacts/safe-windows-amd64.exe safe-$(VERSION)/safe-windows-amd64.exe
@tar -cf - safe-$(VERSION)/ | gzip -9 > artifacts/safe-$(VERSION).tar.gz
@tar -cjf artifacts/safe-$(VERSION).tar.bz2 safe-$(VERSION)/
@rm -rf safe-$(VERSION)
@echo "$(GREEN)✓ Release artifacts built successfully$(RESET)"
.PHONY: version
version: ## Display the current version
@echo "$(CYAN)Version: $(VERSION)$(RESET)"
##@ Installation
.PHONY: install
install: build ## Install safe binary to /usr/local/bin (requires sudo)
@echo "$(GREEN)Installing $(BINARY_NAME) to /usr/local/bin...$(RESET)"
@sudo cp $(BINARY_NAME) /usr/local/bin/$(BINARY_NAME)
@sudo chmod +x /usr/local/bin/$(BINARY_NAME)
@echo "$(GREEN)✓ Installation complete$(RESET)"
.PHONY: install-user
install-user: build ## Install safe binary to ~/bin
@echo "$(GREEN)Installing $(BINARY_NAME) to ~/bin...$(RESET)"
@mkdir -p ~/bin
@cp $(BINARY_NAME) ~/bin/$(BINARY_NAME)
@chmod +x ~/bin/$(BINARY_NAME)
@echo "$(GREEN)✓ Installation complete to ~/bin$(RESET)"
@echo "$(YELLOW)Make sure ~/bin is in your PATH$(RESET)"
##@ Dependencies
.PHONY: deps
deps: ## Download and verify dependencies
@echo "$(GREEN)Downloading dependencies...$(RESET)"
@go mod download
@go mod verify
@echo "$(GREEN)✓ Dependencies ready$(RESET)"
.PHONY: deps-update
deps-update: ## Update all dependencies to latest versions
@echo "$(GREEN)Updating dependencies...$(RESET)"
@go get -u ./...
@go mod tidy
@echo "$(GREEN)✓ Dependencies updated$(RESET)"
.PHONY: deps-tidy
deps-tidy: ## Clean up go.mod and go.sum
@echo "$(GREEN)Tidying dependencies...$(RESET)"
@go mod tidy
@echo "$(GREEN)✓ Dependencies tidied$(RESET)"
# Include all phony targets
.PHONY: build linux linux-arm64 darwin darwin-arm64 windows build-all test test-short test-race test-all coverage coverage-html report fmt vet lint \
govulncheck gosec staticcheck trivy security check check-all clean shipit version install install-user deps deps-update deps-tidy help