-
Notifications
You must be signed in to change notification settings - Fork 42
/
Makefile
146 lines (119 loc) · 5.11 KB
/
Makefile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
TOP := $(dir $(abspath $(firstword $(MAKEFILE_LIST))))
.PHONY: image fetch check-licenses build brupop-image clean check clippy fmt
# IMAGE_NAME is the full name of the container image being built. This may be
# specified to fully control the name of the container image's tag.
IMAGE_NAME ?= $(IMAGE_REPO_NAME)$(IMAGE_ARCH_SUFFIX):$(IMAGE_VERSION)$(addprefix -,$(SHORT_SHA))
# IMAGE_REPO_NAME is the image's full name in a container image registry. This
# could be an ECR Repository name or a Docker Hub name such as
# `example-org/example-image`. If the repository includes the architecture name,
# IMAGE_ARCH_SUFFIX must be overridden as needed.
IMAGE_REPO_NAME = $(shell basename `git rev-parse --show-toplevel`)
# IMAGE_VERSION is the semver version that's tagged on the image and helm charts.
IMAGE_VERSION = $(shell cat VERSION)
# SHORT_SHA is the revision that the container image was built with.
SHORT_SHA ?= $(shell git describe --abbrev=8 --always --dirty='-dev' --exclude '*' 2>/dev/null || echo "unknown")
# IMAGE_ARCH_SUFFIX is the runtime architecture designator for the container
# image, it is appended to the IMAGE_NAME unless the name is specified.
IMAGE_ARCH_SUFFIX ?= $(addprefix -,$(ARCH))
# UNAME_ARCH is the runtime architecture of the building host.
UNAME_ARCH = $(shell uname -m)
# ARCH is the target architecture which is being built for.
ARCH ?= $(lastword $(subst :, ,$(filter $(UNAME_ARCH):%,x86_64:amd64 aarch64:arm64)))
# DESTDIR is where the release artifacts will be written.
DESTDIR ?= .
# DISTFILE is the path to the dist target's output file - the container image
# tarball.
DISTFILE ?= $(DESTDIR:/=)/$(subst /,_,$(IMAGE_NAME)).tar.gz
BOTTLEROCKET_SDK_VERSION = v0.42.0
# Tools used during the chart release lifecycle
export KUBECONFORM_VERSION = v0.6.3
export HELMV3_VERSION = v3.6.3
BUILDER_IMAGE = public.ecr.aws/bottlerocket/bottlerocket-sdk:$(BOTTLEROCKET_SDK_VERSION)
export CARGO_ENV_VARS = CARGO_REGISTRIES_CRATES_IO_PROTOCOL=sparse
export CARGO_HOME = $(TOP)/.cargo
export CHART_BUILD_DIR := $(TOP)/chartbuild
export CHART_TMP_DIR := $(CHART_BUILD_DIR)/tmp
export CHART_TOOLS_DIR := $(CHART_BUILD_DIR)/tools
export CHARTS_DIR := $(TOP)/deploy/charts
export PATH := $(CHART_TOOLS_DIR):$(PATH)
image: check-licenses brupop-image
# Fetches crates from upstream
fetch:
docker run --rm \
--user "$(shell id -u):$(shell id -g)" \
--security-opt label=disable \
--env CARGO_HOME="/src/.cargo" \
--volume "$(TOP):/src" \
--workdir "/src/" \
"$(BUILDER_IMAGE)" \
bash -c "$(CARGO_ENV_VARS) cargo fetch --locked"
dev-tools:
cargo install cargo-insta
# Checks allowed/denied upstream licenses against the deny.toml
check-licenses: fetch
docker run --rm \
--network none \
--user "$(shell id -u):$(shell id -g)" \
--security-opt label=disable \
--env CARGO_HOME="/src/.cargo" \
--volume "$(TOP):/src" \
--workdir "/src/" \
"$(BUILDER_IMAGE)" \
bash -c "$(CARGO_ENV_VARS) cargo deny --all-features check --disable-fetch licenses bans sources"
fmt:
cargo fmt --check
clippy:
cargo clippy --locked -- -D warnings --no-deps
check: fmt clippy check-licenses
# Builds, Lints, and Tests the Rust workspace locally
build: check
$(CARGO_ENV_VARS) cargo fmt -- --check
$(CARGO_ENV_VARS) cargo test --locked
$(CARGO_ENV_VARS) cargo build --locked
# Builds only the brupop image. Useful target for CI/CD, releasing, etc.
brupop-image:
docker build $(DOCKER_BUILD_FLAGS) \
--build-arg UNAME_ARCH="$(UNAME_ARCH)" \
--build-arg BUILDER_IMAGE="$(BUILDER_IMAGE)" \
--tag "$(IMAGE_NAME)" \
-f Dockerfile .
dist: check-licenses brupop-image
@mkdir -p $(dir $(DISTFILE))
docker save $(IMAGE_NAME) | gzip > '$(DISTFILE)'
clean:
-rm -rf target
-rm -rf chartbuild
rm -f -- '$(DISTFILE)'
check-crd-golden-diff:
# =^..^= =^..^= =^..^= =^..^= =^..^= =^..^= =^..^= =^..^= =^..^=
# This useful make target visualizes the diff between the CRD template in
# the helm chart compared to the generated golden file (with real values)
# from the rust definitions. This is useful to ensure there are no hanging changes
# that need to be made to the template.
# You should expect to see a 1:1 relationship between a template and a value.
# =^..^= =^..^= =^..^= =^..^= =^..^= =^..^= =^..^= =^..^= =^..^=
diff --color \
deploy/charts/bottlerocket-shadow/templates/custom-resource-definition.yaml \
deploy/tests/golden/custom-resource-definition.yaml || return 0
manifest:
echo --- > bottlerocket-update-operator.yaml && \
kubectl create namespace brupop-bottlerocket-aws \
--dry-run=client \
-o yaml >> bottlerocket-update-operator.yaml && \
helm template deploy/charts/bottlerocket-shadow >> bottlerocket-update-operator.yaml && \
helm template deploy/charts/bottlerocket-update-operator >> bottlerocket-update-operator.yaml
verify-charts:
scripts/validate-charts.sh
scripts/validate-chart-versions.sh
scripts/lint-charts.sh
package-charts:
mkdir -p $(CHART_BUILD_DIR)
scripts/package-charts.sh
publish-charts: package-charts
scripts/publish-charts.sh
install-charts-toolchain:
mkdir -p $(CHART_BUILD_DIR)
mkdir -p $(CHART_TOOLS_DIR)
scripts/install-toolchain.sh
version:
@echo ${IMAGE_VERSION}