From 367dee1be834aadbd05c975d94603dda76d7505c Mon Sep 17 00:00:00 2001 From: Cristian Magherusan-Stanciu Date: Thu, 11 Jun 2026 01:33:47 -0700 Subject: [PATCH 1/2] chore(make): drop broken recipes, pin dev tools, add ci to .PHONY Fixes review findings HYG-05 and HYG-11: - Remove the cost-estimate (Makefile) and profile-new (Makefile.terraform) targets: they invoke scripts/cost-estimate.sh and scripts/generate-profile.sh, which never existed in repo history, so both targets fail immediately. Drop their help lines and the stale references in docs/DEVELOPMENT.md and terraform/profiles/README.md. - Add ci to .PHONY so a file named "ci" cannot mask the target. - Pin install-dev-tools to the CI versions instead of @latest: golangci-lint v2.10.1 (v2 module path), gosec v2.22.4, gocyclo v0.6.0, golang-migrate v4.19.1. staticcheck has no CI pin and is only used by scripts/security-scan.sh; pinned to v0.7.0. - Point "not installed" hints at make install-dev-tools instead of per-tool @latest go install commands. The docker-compose v1 part of HYG-11 was already fixed on main by 5f45f5c09 (ci: use docker compose v2 instead of docker-compose v1). Verified with make -n on every touched target in both Makefiles and go list -m on each pinned module version. Closes #1174, Closes #1181 --- Makefile | 46 +++++++++++++++++++----------------- Makefile.terraform | 6 +---- docs/DEVELOPMENT.md | 1 - terraform/profiles/README.md | 44 +--------------------------------- 4 files changed, 26 insertions(+), 71 deletions(-) diff --git a/Makefile b/Makefile index d67f45b58..3b390f79f 100644 --- a/Makefile +++ b/Makefile @@ -2,13 +2,22 @@ test-coverage full-test security-scan terraform-validate docker-build \ fmt vet lint complexity complexity-report security-scan-go security-scan-docker \ security-scan-terraform terraform-fmt terraform-fmt-check iac-arm docker-test pre-commit \ - setup-git-secrets security-scan-snyk security-scan-all cost-estimate docker-compose-test \ + setup-git-secrets security-scan-snyk security-scan-all ci docker-compose-test \ install-dev-tools # Variables VERSION?=dev BUILD_TIME?=$(shell date -u '+%Y-%m-%dT%H:%M:%SZ') GIT_SHA?=$(shell git rev-parse --short HEAD 2>/dev/null || echo unknown) + +# Dev tool versions - keep in sync with the CI pins in +# .github/workflows/ci.yml, pre-commit.yml and database-migration.yml +GOLANGCI_LINT_VERSION?=v2.10.1 +GOSEC_VERSION?=v2.22.4 +GOCYCLO_VERSION?=v0.6.0 +MIGRATE_VERSION?=v4.19.1 +# staticcheck has no CI pin; it is used by scripts/security-scan.sh +STATICCHECK_VERSION?=v0.7.0 LDFLAGS=-ldflags "-s -w -X main.Version=$(VERSION) -X main.BuildTime=$(BUILD_TIME) -X main.GitSHA=$(GIT_SHA)" # Default target @@ -32,7 +41,6 @@ help: ## Display available targets @echo " security-scan-all - Run all security scanners including Snyk" @echo " setup-git-secrets - Set up git-secrets for preventing credential leaks" @echo " terraform-validate - Validate Terraform configurations" - @echo " cost-estimate - Estimate infrastructure costs with Infracost" @echo " docker-build - Build Docker image" @echo " docker-compose-test - Run E2E tests with docker-compose" @echo " ci - Run CI pipeline locally" @@ -94,7 +102,7 @@ lint: @if command -v golangci-lint > /dev/null; then \ golangci-lint run --timeout=5m; \ else \ - echo "golangci-lint not installed. Install: go install github.com/golangci/golangci-lint/cmd/golangci-lint@latest"; \ + echo "golangci-lint not installed. Install: make install-dev-tools"; \ fi # Go vet @@ -117,7 +125,7 @@ complexity: echo "✅ All functions have acceptable cyclomatic complexity (≤10)"; \ fi \ else \ - echo "gocyclo not installed. Install: go install github.com/fzipp/gocyclo/cmd/gocyclo@latest"; \ + echo "gocyclo not installed. Install: make install-dev-tools"; \ exit 1; \ fi @@ -129,7 +137,7 @@ complexity-report: echo ""; \ echo "📊 Top 20 most complex functions saved to: complexity-report.txt"; \ else \ - echo "gocyclo not installed. Install: go install github.com/fzipp/gocyclo/cmd/gocyclo@latest"; \ + echo "gocyclo not installed. Install: make install-dev-tools"; \ fi # Security scanning @@ -141,7 +149,7 @@ security-scan-go: gosec -fmt=json -out=gosec-report.json -exclude=G101,G104,G115,G204,G301,G304,G402,G505 ./...; \ echo "✓ Go security scan complete: gosec-report.json"; \ else \ - echo "gosec not installed. Install: go install github.com/securego/gosec/v2/cmd/gosec@latest"; \ + echo "gosec not installed. Install: make install-dev-tools"; \ fi security-scan-docker: @@ -221,11 +229,6 @@ security-scan-snyk: security-scan-all: security-scan security-scan-snyk @echo "✓ All security scans complete" -# Cost estimation with Infracost -cost-estimate: - @echo "Estimating infrastructure costs..." - @bash scripts/cost-estimate.sh - # Docker Compose E2E tests docker-compose-test: @echo "Running E2E tests with docker-compose..." @@ -235,22 +238,21 @@ docker-compose-test: # Install development dependencies install-dev-tools: @echo "Installing development tools..." - @echo "Installing golangci-lint..." - @go install github.com/golangci/golangci-lint/cmd/golangci-lint@latest - @echo "Installing gosec..." - @go install github.com/securego/gosec/v2/cmd/gosec@latest - @echo "Installing staticcheck..." - @go install honnef.co/go/tools/cmd/staticcheck@latest - @echo "Installing gocyclo..." - @go install github.com/fzipp/gocyclo/cmd/gocyclo@latest - @echo "Installing golang-migrate..." - @go install -tags 'postgres' github.com/golang-migrate/migrate/v4/cmd/migrate@latest + @echo "Installing golangci-lint $(GOLANGCI_LINT_VERSION)..." + @go install github.com/golangci/golangci-lint/v2/cmd/golangci-lint@$(GOLANGCI_LINT_VERSION) + @echo "Installing gosec $(GOSEC_VERSION)..." + @go install github.com/securego/gosec/v2/cmd/gosec@$(GOSEC_VERSION) + @echo "Installing staticcheck $(STATICCHECK_VERSION)..." + @go install honnef.co/go/tools/cmd/staticcheck@$(STATICCHECK_VERSION) + @echo "Installing gocyclo $(GOCYCLO_VERSION)..." + @go install github.com/fzipp/gocyclo/cmd/gocyclo@$(GOCYCLO_VERSION) + @echo "Installing golang-migrate $(MIGRATE_VERSION)..." + @go install -tags 'postgres' github.com/golang-migrate/migrate/v4/cmd/migrate@$(MIGRATE_VERSION) @echo "✓ Development tools installed" @echo "" @echo "Additional tools to install manually:" @echo " - trivy: https://aquasecurity.github.io/trivy/" @echo " - tfsec: https://aquasecurity.github.io/tfsec/" - @echo " - infracost: https://www.infracost.io/docs/" @echo " - git-secrets: https://github.com/awslabs/git-secrets" @echo " - snyk: npm install -g snyk" @echo " - pre-commit: pip install pre-commit" diff --git a/Makefile.terraform b/Makefile.terraform index 19668255b..5a4882062 100644 --- a/Makefile.terraform +++ b/Makefile.terraform @@ -1,7 +1,7 @@ # Terraform Deployment Makefile # Simplified commands for common Terraform operations -.PHONY: help deploy plan destroy profile-new profile-list profile-show clean clean-locks \ +.PHONY: help deploy plan destroy profile-list profile-show clean clean-locks \ output aws-dev aws-prod azure-dev gcp-dev quick-plan aws-dev-plan quick-deploy \ validate fmt state-list state-show docker-build docker-skip frontend-only frontend-skip @@ -24,7 +24,6 @@ help: ## Show this help message @echo " make plan PROFILE=prod # Plan AWS prod deployment" @echo "" @echo "Profile Management:" - @echo " make profile-new # Create new profile interactively" @echo " make profile-list # List all available profiles" @echo " make profile-show # Show current profile contents" @echo "" @@ -54,9 +53,6 @@ destroy: ## Destroy infrastructure (asks for confirmation) output: ## Show Terraform outputs @./scripts/tf-deploy.sh $(PROVIDER) $(PROFILE) output -profile-new: ## Create new profile interactively - @./scripts/generate-profile.sh - profile-list: ## List all available profiles @echo "Available Profiles:" @echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" diff --git a/docs/DEVELOPMENT.md b/docs/DEVELOPMENT.md index b3d07665f..5d6e9ae02 100644 --- a/docs/DEVELOPMENT.md +++ b/docs/DEVELOPMENT.md @@ -321,7 +321,6 @@ make security-scan-terraform # tfsec make terraform-validate make terraform-fmt-check make terraform-fmt -make cost-estimate # requires infracost make docker-build # build Docker image make docker-test # build and test image diff --git a/terraform/profiles/README.md b/terraform/profiles/README.md index dfadce77c..3c4790682 100644 --- a/terraform/profiles/README.md +++ b/terraform/profiles/README.md @@ -57,7 +57,7 @@ terraform apply -var-file="../../../profiles/aws/prod.tfvars" ## Creating a New Profile -### Option 1: Copy from Example +### Copy from Example ```bash # Copy example profile @@ -70,22 +70,6 @@ vim profiles/aws/my-profile.tfvars terraform apply -var-file="../../../profiles/aws/my-profile.tfvars" ``` -### Option 2: Use Profile Generator - -```bash -# Generate new profile interactively -./scripts/generate-profile.sh - -# Prompts for: -# - Cloud provider (aws/azure/gcp) -# - Environment name -# - Region -# - Compute platform -# - Other settings - -# Creates: profiles/{provider}/{name}.tfvars -``` - ## Profile Contents Each profile contains environment-specific variables: @@ -382,32 +366,6 @@ terraform init terraform $ACTION -var-file="../../../../${PROFILE_FILE}" ``` -### generate-profile.sh - -```bash -#!/bin/bash -# Interactive profile generator - -echo "Creating new Terraform profile..." -read -p "Cloud provider (aws/azure/gcp): " provider -read -p "Profile name: " profile_name -read -p "Region: " region -read -p "Compute platform: " compute_platform - -cat > "profiles/${provider}/${profile_name}.tfvars" < Date: Fri, 26 Jun 2026 17:25:59 +0200 Subject: [PATCH 2/2] docs(profiles): fix repo-root paths in Copy-from-Example block CodeRabbit flagged: cp/vim under "Copy from Example" used profiles/aws/... but the dir is terraform/profiles/aws/..., so users running the commands from repo root hit "file not found". Add the missing terraform/ prefix, annotate the intended cwd for each block (repo root for cp/vim; the env dir for terraform apply), and add the explicit `cd terraform/environments/aws/dev` step that the Quick Deployment section already uses, so the relative ../../../profiles/... path actually resolves. --- terraform/profiles/README.md | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/terraform/profiles/README.md b/terraform/profiles/README.md index 3c4790682..0cec1307f 100644 --- a/terraform/profiles/README.md +++ b/terraform/profiles/README.md @@ -60,13 +60,14 @@ terraform apply -var-file="../../../profiles/aws/prod.tfvars" ### Copy from Example ```bash -# Copy example profile -cp profiles/aws/dev.tfvars profiles/aws/my-profile.tfvars +# Copy example profile (run from repo root) +cp terraform/profiles/aws/dev.tfvars terraform/profiles/aws/my-profile.tfvars # Edit with your settings -vim profiles/aws/my-profile.tfvars +vim terraform/profiles/aws/my-profile.tfvars -# Use it +# Use it (run from the matching environment directory) +cd terraform/environments/aws/dev terraform apply -var-file="../../../profiles/aws/my-profile.tfvars" ```