-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathMakefile
More file actions
179 lines (144 loc) · 6.65 KB
/
Makefile
File metadata and controls
179 lines (144 loc) · 6.65 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
# Makefile for Portfolio System Architect
# Provides common development commands
.PHONY: help install dev test lint format clean docker-up docker-down docker-build docker-logs update-badge giga-token giga-vscode check-ports
# Default target
help:
@echo "Available commands:"
@echo " make install Install dependencies (create virtual environment if missing)"
@echo " make dev Start development environment (Docker Compose)"
@echo " make test Run unit and integration tests with coverage"
@echo " make lint Run linters (ruff, black, mypy)"
@echo " make format Format code with black and isort"
@echo " make clean Remove temporary files and caches"
@echo " make docker-up Start all services with Docker Compose"
@echo " make docker-down Stop all services"
@echo " make docker-build Build Docker images"
@echo " make docker-logs Follow logs from all services"
@echo " make pre-commit Run pre-commit hooks on all files"
@echo " make update-badge Update coverage badge in README (auto-runs tests)"
@echo " make giga-token Get new GigaChat Access Token"
@echo " make giga-vscode Update VS Code settings with new GigaChat token"
@echo " make check-ports Check for port conflicts and Traefik route collisions"
# Detect Python and virtual environment
PYTHON ?= python3
VENV ?= .venv
VENV_BIN = $(VENV)/bin
VENV_ACTIVATE = . $(VENV_BIN)/activate
# Check if virtual environment exists
VENV_EXISTS := $(shell test -d $(VENV) && echo yes)
install:
ifeq ($(VENV_EXISTS),yes)
@echo "Virtual environment already exists."
else
@echo "Creating virtual environment..."
$(PYTHON) -m venv $(VENV)
endif
@echo "Installing dependencies..."
$(VENV_ACTIVATE) && pip install --upgrade pip
$(VENV_ACTIVATE) && pip install -r requirements-dev.txt
$(VENV_ACTIVATE) && pip install -e .
@echo "Installing pre-commit hooks..."
$(VENV_ACTIVATE) && pre-commit install
dev: docker-up
@echo "Development environment started. Access services:"
@echo " - Traefik Dashboard: http://localhost:8080"
@echo " - Grafana: http://localhost:3000"
@echo " - Prometheus: http://localhost:9090"
test:
$(VENV_ACTIVATE) && python -m pytest --cov=apps --cov=src --cov-report=html --cov-report=term-missing -m "not slow"
lint:
$(VENV_ACTIVATE) && ruff check . --config ruff.toml
$(VENV_ACTIVATE) && ruff format --check . --config ruff.toml
$(VENV_ACTIVATE) && mypy apps src --config pyproject.toml
format:
$(VENV_ACTIVATE) && ruff check . --fix --config ruff.toml
$(VENV_ACTIVATE) && ruff format . --config ruff.toml
# Quick fix: only fix auto-fixable issues
lint-fix:
$(VENV_ACTIVATE) && ruff check . --fix --config ruff.toml
# =============================================================================
# CLEANUP
# =============================================================================
.PHONY: clean clean-pyc clean-test clean-build
## Clean all temporary files
clean: clean-pyc clean-test clean-build
@echo "✅ Cleanup complete"
## Remove Python cache files
clean-pyc:
@echo "🧹 Removing Python cache..."
find . -type d -name "__pycache__" -exec rm -r {} + 2>/dev/null || true
find . -type f -name "*.pyc" -delete 2>/dev/null || true
find . -type f -name "*~" -delete 2>/dev/null || true
## Remove test coverage and pytest cache
clean-test:
@echo "🧹 Removing test artifacts..."
rm -rf .pytest_cache .coverage coverage.xml htmlcov/ 2>/dev/null || true
## Remove build artifacts
clean-build:
@echo "🧹 Removing build artifacts..."
rm -rf build/ dist/ *.egg-info .eggs/ 2>/dev/null || true
docker-up:
docker-compose -f docker-compose.yml -f docker/docker-compose.monitoring.yml up -d
docker-down:
docker-compose -f docker-compose.yml -f docker/docker-compose.monitoring.yml down
docker-build:
docker-compose -f docker-compose.yml -f docker/docker-compose.monitoring.yml build
docker-logs:
docker-compose -f docker-compose.yml -f docker/docker-compose.monitoring.yml logs -f
pre-commit:
$(VENV_ACTIVATE) && pre-commit run --all-files
# Additional targets for CI/CD
ci: lint test
@echo "CI pipeline passed"
# Generate documentation locally
docs:
$(VENV_ACTIVATE) && mkdocs serve
# Update coverage badge in README
update-badge:
@echo "Updating coverage badge..."
@python scripts/update-coverage-badge.py
# Port & Route Validation
check-ports:
@echo "Checking port conflicts and Traefik routes..."
@$(VENV_ACTIVATE) && python scripts/check_ports.py
# GigaChat Token Management
giga-token:
@echo "Getting new GigaChat Access Token..."
@cd .devtools/.gigacode && python get_token.py
giga-vscode:
@echo "Updating VS Code settings with GigaChat token..."
@cd .devtools/.gigacode && python update_vscode_token.py
@echo "✅ Done! Restart VS Code: Ctrl+Shift+P → 'Developer: Reload Window'"
# =============================================================================
# SECURITY
# =============================================================================
.PHONY: security security-audit pip-audit bandit
## Run full security audit (pip-audit + bandit)
security: security-audit
## Check Python dependencies for vulnerabilities
pip-audit:
@echo "🔍 Scanning dependencies for vulnerabilities..."
$(VENV_ACTIVATE) && pip install -q pip-audit
$(VENV_ACTIVATE) && pip-audit pyproject.toml || $(VENV_ACTIVATE) && pip-audit requirements.txt || echo "⚠️ Check GitHub Dependabot for transitive vulnerabilities"
## Static code analysis with bandit
bandit:
@echo "🔍 Running bandit static analysis..."
$(VENV_ACTIVATE) && pip install -q bandit
$(VENV_ACTIVATE) && bandit -r apps/ src/ -lll
## Generate security reports (JSON format)
security-report:
@echo "📊 Generating security reports..."
$(VENV_ACTIVATE) && pip install -q pip-audit bandit
$(VENV_ACTIVATE) && pip-audit --format json > pip-audit-report.json 2>&1 || true
$(VENV_ACTIVATE) && bandit -r apps/ src/ -lll --format json --output bandit-report.json || true
@echo "✅ Reports generated: pip-audit-report.json, bandit-report.json"
## Scan Docker images with Trivy (requires Trivy installed locally)
trivy:
@echo "🔍 Scanning Docker images with Trivy..."
@which trivy > /dev/null 2>&1 || (echo "⚠️ Trivy not installed. Install from: https://aquasecurity.github.io/trivy/" && exit 1)
trivy image --severity CRITICAL,HIGH --ignore-unfixed $(shell docker-compose -f docker-compose.yml config | grep "image:" | awk '{print $2}' | sort -u) || echo "✅ Trivy scan completed"
## Scan filesystem with Trivy
trivy-fs:
@echo "🔍 Scanning filesystem with Trivy..."
@which trivy > /dev/null 2>&1 || (echo "⚠️ Trivy not installed. Install from: https://aquasecurity.github.io/trivy/" && exit 1)
trivy fs --severity CRITICAL,HIGH . || echo "✅ Trivy FS scan completed"