-
Notifications
You must be signed in to change notification settings - Fork 6
/
Copy pathMakefile
164 lines (133 loc) · 6.59 KB
/
Makefile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
# SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Gardener contributors
#
# SPDX-License-Identifier: Apache-2.0
uname := $(shell uname)
ENSURE_GARDENER_MOD := $(shell go get github.com/gardener/gardener@$$(go list -m -f "{{.Version}}" github.com/gardener/gardener))
GARDENER_HACK_DIR := $(shell go list -m -f "{{.Dir}}" github.com/gardener/gardener)/hack
EXTENSION_PREFIX := gardener-extension
NAME := shoot-falco-service
ADMISSION_NAME := admission-shoot-falco-service
REGISTRY := europe-docker.pkg.dev/gardener-project/public/gardener
IMAGE_PREFIX := $(REGISTRY)/extensions
REPO_ROOT := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
IMAGE_PREFIX := $(REGISTRY)/extensions
REPO_ROOT := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
HACK_DIR := $(REPO_ROOT)/hack
VERSION := $(shell cat "$(REPO_ROOT)/VERSION")
EFFECTIVE_VERSION := $(VERSION)-$(shell git rev-parse HEAD)
LD_FLAGS := "-w $(shell bash $(GARDENER_HACK_DIR)/get-build-ld-flags.sh "" $(REPO_ROOT)/VERSION "$(EXTENSION_PREFIX)")"
LEADER_ELECTION := false
IGNORE_OPERATION_ANNOTATION := true
WEBHOOK_CONFIG_PORT := 8443
WEBHOOK_CONFIG_MODE := url
ifeq ($(uname),Darwin)
WEBHOOK_CONFIG_URL := host.docker.internal:$(WEBHOOK_CONFIG_PORT)
else
localip := $(shell ip route get 1.2.3.4 | awk '{print $$7}')
WEBHOOK_CONFIG_URL := $(localip):$(WEBHOOK_CONFIG_PORT)
endif
EXTENSION_NAMESPACE :=
WEBHOOK_PARAM := --webhook-config-url=$(WEBHOOK_CONFIG_URL)
ifeq ($(WEBHOOK_CONFIG_MODE), service)
WEBHOOK_PARAM := --webhook-config-namespace=$(EXTENSION_NAMESPACE)
endif
ifneq ($(strip $(shell git status --porcelain 2>/dev/null)),)
EFFECTIVE_VERSION := $(EFFECTIVE_VERSION)-dirty
endif
#########################################
# Tools #
#########################################
TOOLS_DIR := hack/tools
include $(GARDENER_HACK_DIR)/tools.mk
.PHONY: start
start:
@LEADER_ELECTION_NAMESPACE=garden go run \
cmd/$(EXTENSION_PREFIX)-$(NAME)/main.go \
--config-file=./example/00-config.yaml \
--leader-election=$(LEADER_ELECTION) \
--log-level=debug
.PHONY: start-admission
start-admission:
LEADER_ELECTION_NAMESPACE=garden go run \
-ldflags $(LD_FLAGS) \
./cmd/$(EXTENSION_PREFIX)-$(ADMISSION_NAME) \
--webhook-config-server-host=0.0.0.0 \
--webhook-config-server-port=$(WEBHOOK_CONFIG_PORT) \
--webhook-config-mode=$(WEBHOOK_CONFIG_MODE) \
--health-bind-address=:8082 \
--metrics-bind-address=:8083 \
$(WEBHOOK_PARAM)
#################################################################
# Rules related to binary build, Docker image build and release #
#################################################################
.PHONY: install
install:
@LD_FLAGS=$(LD_FLAGS) EFFECTIVE_VERSION=$(EFFECTIVE_VERSION) \
bash $(GARDENER_HACK_DIR)/install.sh ./...
.PHONY: docker-login
docker-login:
@gcloud auth activate-service-account --key-file .kube-secrets/gcr/gcr-readwrite.json
.PHONY: docker-images
docker-images:
@docker build --build-arg EFFECTIVE_VERSION=$(EFFECTIVE_VERSION) -t $(IMAGE_PREFIX)/$(EXTENSION_PREFIX)-$(NAME):$(VERSION) -t $(IMAGE_PREFIX)/$(EXTENSION_PREFIX)-$(NAME):latest -f Dockerfile -m 6g --target $(EXTENSION_PREFIX)-$(NAME) .
@docker build --build-arg EFFECTIVE_VERSION=$(EFFECTIVE_VERSION) -t $(IMAGE_PREFIX)/$(ADMISSION_NAME):$(VERSION) -t $(IMAGE_PREFIX)/$(ADMISSION_NAME):latest -f Dockerfile -m 6g --target $(EXTENSION_PREFIX)-$(ADMISSION_NAME) .
.PHONY: docker-push
docker-push:
@docker push $(IMAGE_PREFIX)/$(NAME):$(VERSION)
@docker push $(IMAGE_PREFIX)/$(NAME):latest
#####################################################################
# Rules for verification, formatting, linting, testing and cleaning #
#####################################################################
.PHONY: tidy
tidy:
@go mod tidy
@mkdir -p $(REPO_ROOT)/.ci/hack && cp $(GARDENER_HACK_DIR)/.ci/* $(HACK_DIR)/generate-controller-registration.sh $(REPO_ROOT)/.ci/hack/ && chmod +xw $(REPO_ROOT)/.ci/hack/*
@cp $(GARDENER_HACK_DIR)/cherry-pick-pull.sh $(HACK_DIR)/cherry-pick-pull.sh && chmod +xw $(HACK_DIR)/cherry-pick-pull.sh
.PHONY: clean
clean:
@$(shell find ./example -type f -name "controller-registration.yaml" -exec rm '{}' \;)
@bash $(GARDENER_HACK_DIR)/clean.sh ./cmd/... ./pkg/... ./imagevector/... ./falco/...
.PHONY: check-generate
check-generate:
@bash $(GARDENER_HACK_DIR)/check-generate.sh $(REPO_ROOT)
.PHONY: check
check: $(GOIMPORTS) $(GOLANGCI_LINT) $(HELM) $(YQ)
@bash $(GARDENER_HACK_DIR)/check.sh --golangci-lint-config=./.golangci.yaml ./cmd/... ./pkg/... ./imagevector/... ./falco/...
@bash $(GARDENER_HACK_DIR)/check-charts.sh ./charts
.PHONY: generate-controller-registration
generate-controller-registration:
@bash $(HACK_DIR)/generate-controller-registration.sh extension-shoot-falco charts/$(EXTENSION_PREFIX)-$(NAME) 0.0.1 example/ControllerRegistration.yaml
.PHONY: generate
generate: $(CONTROLLER_GEN) $(GEN_CRD_API_REFERENCE_DOCS) $(HELM) $(MOCKGEN) $(YQ) $(VGOPATH)
@VGOPATH=$(VGOPATH) REPO_ROOT=$(REPO_ROOT) GARDENER_HACK_DIR=$(GARDENER_HACK_DIR) hack/update-codegen.sh
@VGOPATH=$(VGOPATH) REPO_ROOT=$(REPO_ROOT) GARDENER_HACK_DIR=$(GARDENER_HACK_DIR) bash $(GARDENER_HACK_DIR)/generate-sequential.sh ./charts/... ./cmd/... ./pkg/...
@$(MAKE) format
.PHONY: format
format: $(GOIMPORTS) $(GOIMPORTSREVISER)
@bash $(GARDENER_HACK_DIR)/format.sh ./cmd ./pkg ./imagevector ./falco
.PHONY: sast
sast: $(GOSEC)
@bash $(GARDENER_HACK_DIR)/sast.sh
.PHONY: sast-report
sast-report: $(GOSEC)
@bash $(GARDENER_HACK_DIR)/sast.sh --gosec-report true
.PHONY: test
test:
@SKIP_FETCH_TOOLS=1 bash $(GARDENER_HACK_DIR)/test.sh ./cmd/... ./pkg/... ./falco/... ./imagevector
.PHONY: test-cov
test-cov:
@SKIP_FETCH_TOOLS=1 bash $(GARDENER_HACK_DIR)/test-cover.sh ./cmd/... ./pkg/...
.PHONY: test-clean
test-clean:
@bash $(GARDENER_HACK_DIR)/test-cover-clean.sh
.PHONY: verify
verify: check format test sast
.PHONY: generate-profile
generate-profile:
@$(HACK_DIR)/generate-falco-profile imagevector/images.yaml falco/falcoversions.yaml falco/falcosidekickversions.yaml falco/falcoctlversions.yaml >falco/falco-profile.yaml
.PHONY: validate-falco-rules
validate-falco-rules:
$(HACK_DIR)/validate-falco-rules falco/falco-profile.yaml falco/rules
.PHONY: verify-extended
verify-extended: check-generate check format generate-profile test sast-report
#verify-extended: check-generate check format test test-cov test-clean