Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
46 changes: 24 additions & 22 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -2,13 +2,22 @@
test-coverage full-test security-scan terraform-validate docker-build \
fmt vet lint complexity complexity-report security-scan-go security-scan-docker \
security-scan-terraform terraform-fmt terraform-fmt-check iac-arm docker-test pre-commit \
setup-git-secrets security-scan-snyk security-scan-all cost-estimate docker-compose-test \
setup-git-secrets security-scan-snyk security-scan-all ci docker-compose-test \
install-dev-tools

# Variables
VERSION?=dev
BUILD_TIME?=$(shell date -u '+%Y-%m-%dT%H:%M:%SZ')
GIT_SHA?=$(shell git rev-parse --short HEAD 2>/dev/null || echo unknown)

# Dev tool versions - keep in sync with the CI pins in
# .github/workflows/ci.yml, pre-commit.yml and database-migration.yml
GOLANGCI_LINT_VERSION?=v2.10.1
GOSEC_VERSION?=v2.22.4
GOCYCLO_VERSION?=v0.6.0
MIGRATE_VERSION?=v4.19.1
# staticcheck has no CI pin; it is used by scripts/security-scan.sh
STATICCHECK_VERSION?=v0.7.0
LDFLAGS=-ldflags "-s -w -X main.Version=$(VERSION) -X main.BuildTime=$(BUILD_TIME) -X main.GitSHA=$(GIT_SHA)"

# Default target
Expand All @@ -32,7 +41,6 @@ help: ## Display available targets
@echo " security-scan-all - Run all security scanners including Snyk"
@echo " setup-git-secrets - Set up git-secrets for preventing credential leaks"
@echo " terraform-validate - Validate Terraform configurations"
@echo " cost-estimate - Estimate infrastructure costs with Infracost"
@echo " docker-build - Build Docker image"
@echo " docker-compose-test - Run E2E tests with docker-compose"
@echo " ci - Run CI pipeline locally"
Expand Down Expand Up @@ -94,7 +102,7 @@ lint:
@if command -v golangci-lint > /dev/null; then \
golangci-lint run --timeout=5m; \
else \
echo "golangci-lint not installed. Install: go install github.com/golangci/golangci-lint/cmd/golangci-lint@latest"; \
echo "golangci-lint not installed. Install: make install-dev-tools"; \
fi

# Go vet
Expand All @@ -117,7 +125,7 @@ complexity:
echo "✅ All functions have acceptable cyclomatic complexity (≤10)"; \
fi \
else \
echo "gocyclo not installed. Install: go install github.com/fzipp/gocyclo/cmd/gocyclo@latest"; \
echo "gocyclo not installed. Install: make install-dev-tools"; \
exit 1; \
fi

Expand All @@ -129,7 +137,7 @@ complexity-report:
echo ""; \
echo "📊 Top 20 most complex functions saved to: complexity-report.txt"; \
else \
echo "gocyclo not installed. Install: go install github.com/fzipp/gocyclo/cmd/gocyclo@latest"; \
echo "gocyclo not installed. Install: make install-dev-tools"; \
fi

# Security scanning
Expand All @@ -141,7 +149,7 @@ security-scan-go:
gosec -fmt=json -out=gosec-report.json -exclude=G101,G104,G115,G204,G301,G304,G402,G505 ./...; \
echo "✓ Go security scan complete: gosec-report.json"; \
else \
echo "gosec not installed. Install: go install github.com/securego/gosec/v2/cmd/gosec@latest"; \
echo "gosec not installed. Install: make install-dev-tools"; \
fi

security-scan-docker:
Expand Down Expand Up @@ -221,11 +229,6 @@ security-scan-snyk:
security-scan-all: security-scan security-scan-snyk
@echo "✓ All security scans complete"

# Cost estimation with Infracost
cost-estimate:
@echo "Estimating infrastructure costs..."
@bash scripts/cost-estimate.sh

# Docker Compose E2E tests
docker-compose-test:
@echo "Running E2E tests with docker-compose..."
Expand All @@ -235,22 +238,21 @@ docker-compose-test:
# Install development dependencies
install-dev-tools:
@echo "Installing development tools..."
@echo "Installing golangci-lint..."
@go install github.com/golangci/golangci-lint/cmd/golangci-lint@latest
@echo "Installing gosec..."
@go install github.com/securego/gosec/v2/cmd/gosec@latest
@echo "Installing staticcheck..."
@go install honnef.co/go/tools/cmd/staticcheck@latest
@echo "Installing gocyclo..."
@go install github.com/fzipp/gocyclo/cmd/gocyclo@latest
@echo "Installing golang-migrate..."
@go install -tags 'postgres' github.com/golang-migrate/migrate/v4/cmd/migrate@latest
@echo "Installing golangci-lint $(GOLANGCI_LINT_VERSION)..."
@go install github.com/golangci/golangci-lint/v2/cmd/golangci-lint@$(GOLANGCI_LINT_VERSION)
@echo "Installing gosec $(GOSEC_VERSION)..."
@go install github.com/securego/gosec/v2/cmd/gosec@$(GOSEC_VERSION)
@echo "Installing staticcheck $(STATICCHECK_VERSION)..."
@go install honnef.co/go/tools/cmd/staticcheck@$(STATICCHECK_VERSION)
@echo "Installing gocyclo $(GOCYCLO_VERSION)..."
@go install github.com/fzipp/gocyclo/cmd/gocyclo@$(GOCYCLO_VERSION)
@echo "Installing golang-migrate $(MIGRATE_VERSION)..."
@go install -tags 'postgres' github.com/golang-migrate/migrate/v4/cmd/migrate@$(MIGRATE_VERSION)
@echo "✓ Development tools installed"
@echo ""
@echo "Additional tools to install manually:"
@echo " - trivy: https://aquasecurity.github.io/trivy/"
@echo " - tfsec: https://aquasecurity.github.io/tfsec/"
@echo " - infracost: https://www.infracost.io/docs/"
@echo " - git-secrets: https://github.com/awslabs/git-secrets"
@echo " - snyk: npm install -g snyk"
@echo " - pre-commit: pip install pre-commit"
6 changes: 1 addition & 5 deletions Makefile.terraform
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
# Terraform Deployment Makefile
# Simplified commands for common Terraform operations

.PHONY: help deploy plan destroy profile-new profile-list profile-show clean clean-locks \
.PHONY: help deploy plan destroy profile-list profile-show clean clean-locks \
output aws-dev aws-prod azure-dev gcp-dev quick-plan aws-dev-plan quick-deploy \
validate fmt state-list state-show docker-build docker-skip frontend-only frontend-skip

Expand All @@ -24,7 +24,6 @@ help: ## Show this help message
@echo " make plan PROFILE=prod # Plan AWS prod deployment"
@echo ""
@echo "Profile Management:"
@echo " make profile-new # Create new profile interactively"
@echo " make profile-list # List all available profiles"
@echo " make profile-show # Show current profile contents"
@echo ""
Expand Down Expand Up @@ -54,9 +53,6 @@ destroy: ## Destroy infrastructure (asks for confirmation)
output: ## Show Terraform outputs
@./scripts/tf-deploy.sh $(PROVIDER) $(PROFILE) output

profile-new: ## Create new profile interactively
@./scripts/generate-profile.sh

profile-list: ## List all available profiles
@echo "Available Profiles:"
@echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
Expand Down
1 change: 0 additions & 1 deletion docs/DEVELOPMENT.md
Original file line number Diff line number Diff line change
Expand Up @@ -321,7 +321,6 @@ make security-scan-terraform # tfsec
make terraform-validate
make terraform-fmt-check
make terraform-fmt
make cost-estimate # requires infracost

make docker-build # build Docker image
make docker-test # build and test image
Expand Down
53 changes: 6 additions & 47 deletions terraform/profiles/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -57,35 +57,20 @@ terraform apply -var-file="../../../profiles/aws/prod.tfvars"

## Creating a New Profile

### Option 1: Copy from Example
### Copy from Example

```bash
# Copy example profile
cp profiles/aws/dev.tfvars profiles/aws/my-profile.tfvars
# Copy example profile (run from repo root)
cp terraform/profiles/aws/dev.tfvars terraform/profiles/aws/my-profile.tfvars

# Edit with your settings
vim profiles/aws/my-profile.tfvars
vim terraform/profiles/aws/my-profile.tfvars

# Use it
# Use it (run from the matching environment directory)
cd terraform/environments/aws/dev
terraform apply -var-file="../../../profiles/aws/my-profile.tfvars"
```

### Option 2: Use Profile Generator

```bash
# Generate new profile interactively
./scripts/generate-profile.sh

# Prompts for:
# - Cloud provider (aws/azure/gcp)
# - Environment name
# - Region
# - Compute platform
# - Other settings

# Creates: profiles/{provider}/{name}.tfvars
```

## Profile Contents

Each profile contains environment-specific variables:
Expand Down Expand Up @@ -382,32 +367,6 @@ terraform init
terraform $ACTION -var-file="../../../../${PROFILE_FILE}"
```

### generate-profile.sh

```bash
#!/bin/bash
# Interactive profile generator

echo "Creating new Terraform profile..."
read -p "Cloud provider (aws/azure/gcp): " provider
read -p "Profile name: " profile_name
read -p "Region: " region
read -p "Compute platform: " compute_platform

cat > "profiles/${provider}/${profile_name}.tfvars" <<EOF
# Auto-generated profile
provider = "${provider}"
environment = "${profile_name}"
region = "${region}"
compute_platform = "${compute_platform}"
project_name = "cudly"

# Add more settings as needed
EOF

echo "✅ Profile created: profiles/${provider}/${profile_name}.tfvars"
```

## Related Documentation

- [Docker Build Module](../modules/build/README.md)
Expand Down
Loading