-
Notifications
You must be signed in to change notification settings - Fork 13
Expand file tree
/
Copy pathMakefile
More file actions
197 lines (179 loc) · 5.98 KB
/
Makefile
File metadata and controls
197 lines (179 loc) · 5.98 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
AWS_REGION=us-east-1
AMI_ARCH=x86_64
AMI_PREFIX=semaphore-agent
AMI_INSTANCE_TYPE=t2.micro
AGENT_VERSION=v2.2.16
TOOLBOX_VERSION=v1.38.4
PACKER_OS=linux
UBUNTU_VERSION=focal
SOURCE_AMI?=
APT_HOLD_PATTERNS?=
# Set Ubuntu name and version number based on UBUNTU_VERSION
ifeq ($(UBUNTU_VERSION),focal)
UBUNTU_NAME=focal
UBUNTU_VERSION_NUMBER=20.04
else ifeq ($(UBUNTU_VERSION),noble)
UBUNTU_NAME=noble
UBUNTU_VERSION_NUMBER=24.04
else ifeq ($(UBUNTU_VERSION),jammy)
UBUNTU_NAME=jammy
UBUNTU_VERSION_NUMBER=22.04
else
UBUNTU_NAME=focal
UBUNTU_VERSION_NUMBER=20.04
endif
INSTALL_ERLANG=true
SYSTEMD_RESTART_SECONDS=1800
VERSION=$(shell cat package.json | jq -r '.version')
HASH=$(shell find Makefile packer/$(PACKER_OS) -type f -exec md5sum "{}" + | awk '{print $$1}' | sort | md5sum | awk '{print $$1}')
MONOREPO_TMP_DIR ?= /tmp/monorepo
SECURITY_TOOLBOX_TMP_DIR ?= $(MONOREPO_TMP_DIR)/security-toolbox
SECURITY_TOOLBOX_BRANCH ?= main
check.prepare:
rm -rf $(MONOREPO_TMP_DIR)
git clone --depth 1 --filter=blob:none --sparse https://github.com/semaphoreio/semaphore $(MONOREPO_TMP_DIR) && \
cd $(MONOREPO_TMP_DIR) && \
git config core.sparseCheckout true && \
git sparse-checkout init --cone && \
git sparse-checkout set security-toolbox && \
git checkout $(SECURITY_TOOLBOX_BRANCH) && cd -
check.static: check.prepare
docker run -it -v $$(pwd):/app \
-v $(SECURITY_TOOLBOX_TMP_DIR):$(SECURITY_TOOLBOX_TMP_DIR) \
-e PIP_BREAK_SYSTEM_PACKAGES=1 \
registry.semaphoreci.com/ruby:3 \
bash -c 'cd /app && $(SECURITY_TOOLBOX_TMP_DIR)/code --language js -d'
check.deps: check.prepare
docker run -it -v $$(pwd):/app \
-v $(SECURITY_TOOLBOX_TMP_DIR):$(SECURITY_TOOLBOX_TMP_DIR) \
-e PIP_BREAK_SYSTEM_PACKAGES=1 \
registry.semaphoreci.com/ruby:3 \
bash -c 'cd /app && $(SECURITY_TOOLBOX_TMP_DIR)/dependencies --language js -d'
venv.execute:
python3 -m venv venv && \
. venv/bin/activate && \
pip install --upgrade pip && \
pip install -r requirements.txt && \
$(COMMAND) && \
deactivate && \
cd -
packer.fmt:
cd packer/$(PACKER_OS) && packer fmt . && cd -
packer.validate:
@if [ $(PACKER_OS) = "windows" ]; then \
$(MAKE) packer.validate.windows; \
else \
$(MAKE) packer.validate.linux; \
fi
packer.validate.linux:
$(MAKE) venv.execute COMMAND='\
cd packer/linux && \
env \
ANSIBLE_VERBOSITY=$(ANSIBLE_VERBOSITY) \
packer validate \
-var "stack_version=v$(VERSION)" \
-var "agent_version=$(AGENT_VERSION)" \
-var "toolbox_version=$(TOOLBOX_VERSION)" \
-var "hash=$(HASH)" \
-var "region=$(AWS_REGION)" \
-var "ami_prefix=$(AMI_PREFIX)" \
-var "arch=$(AMI_ARCH)" \
-var "install_erlang=$(INSTALL_ERLANG)" \
-var "systemd_restart_seconds=$(SYSTEMD_RESTART_SECONDS)" \
-var "instance_type=$(AMI_INSTANCE_TYPE)" \
-var "ubuntu_name=$(UBUNTU_NAME)" \
-var "ubuntu_version=$(UBUNTU_VERSION_NUMBER)" \
-var "source_ami=$(SOURCE_AMI)" \
-var "apt_hold_patterns=$$(APT_HOLD_PATTERNS)" \
.'
packer.validate.windows:
$(MAKE) venv.execute COMMAND='\
cd packer/windows && \
packer validate \
-var "stack_version=v$(VERSION)" \
-var "agent_version=$(AGENT_VERSION)" \
-var "toolbox_version=$(TOOLBOX_VERSION)" \
-var "hash=$(HASH)" \
-var "region=$(AWS_REGION)" \
-var "ami_prefix=$(AMI_PREFIX)" \
-var "arch=$(AMI_ARCH)" \
-var "install_erlang=$(INSTALL_ERLANG)" \
-var "instance_type=$(AMI_INSTANCE_TYPE)" \
.'
packer.validate.macos:
$(MAKE) venv.execute COMMAND='\
cd packer/macos && \
packer validate \
-var "stack_version=v$(VERSION)" \
-var "agent_version=$(AGENT_VERSION)" \
-var "toolbox_version=$(TOOLBOX_VERSION)" \
-var "hash=$(HASH)" \
-var "region=$(AWS_REGION)" \
-var "ami_prefix=$(AMI_PREFIX)" \
-var "arch=$(AMI_ARCH)" \
-var "instance_type=$(AMI_INSTANCE_TYPE)" \
.'
packer.init:
$(MAKE) venv.execute COMMAND='cd packer/$(PACKER_OS) && packer init .'
packer.build:
@if [ $(PACKER_OS) = "windows" ]; then \
$(MAKE) packer.build.windows; \
elif [ $(PACKER_OS) = "macos" ]; then \
$(MAKE) packer.build.macos; \
else \
$(MAKE) packer.build.linux; \
fi
packer.build.linux:
$(MAKE) venv.execute COMMAND='\
cd packer/linux && \
env \
ANSIBLE_VERBOSITY=$(ANSIBLE_VERBOSITY) \
packer build \
-var "stack_version=v$(VERSION)" \
-var "agent_version=$(AGENT_VERSION)" \
-var "toolbox_version=$(TOOLBOX_VERSION)" \
-var "hash=$(HASH)" \
-var "region=$(AWS_REGION)" \
-var "ami_prefix=$(AMI_PREFIX)" \
-var "arch=$(AMI_ARCH)" \
-var "install_erlang=$(INSTALL_ERLANG)" \
-var "systemd_restart_seconds=$(SYSTEMD_RESTART_SECONDS)" \
-var "instance_type=$(AMI_INSTANCE_TYPE)" \
-var "ubuntu_name=$(UBUNTU_NAME)" \
-var "ubuntu_version=$(UBUNTU_VERSION_NUMBER)" \
-var "source_ami=$(SOURCE_AMI)" \
-var "apt_hold_patterns=$${APT_HOLD_PATTERNS}" \
.'
packer.build.windows:
$(MAKE) venv.execute COMMAND='\
cd packer/windows && \
packer build \
-var "stack_version=v$(VERSION)" \
-var "agent_version=$(AGENT_VERSION)" \
-var "toolbox_version=$(TOOLBOX_VERSION)" \
-var "hash=$(HASH)" \
-var "region=$(AWS_REGION)" \
-var "ami_prefix=$(AMI_PREFIX)" \
-var "arch=$(AMI_ARCH)" \
-var "install_erlang=$(INSTALL_ERLANG)" \
-var "instance_type=$(AMI_INSTANCE_TYPE)" \
.'
# In order to run this, you need to make sure you have an available dedicated host.
# Otherwise, you will get a UnavailableHostRequirements error
# For mac1 family AMIs (intel), use AMI_ARCH=x86_64 and AMI_INSTANCE_TYPE=mac1.metal
# For mac2 family AMIs (ARM), use AMI_ARCH=arm64 and AMI_INSTANCE_TYPE=mac2.metal
packer.build.macos:
$(MAKE) venv.execute COMMAND='\
cd packer/macos && \
packer build \
-var "stack_version=v$(VERSION)" \
-var "agent_version=$(AGENT_VERSION)" \
-var "toolbox_version=$(TOOLBOX_VERSION)" \
-var "hash=$(HASH)" \
-var "region=$(AWS_REGION)" \
-var "ami_prefix=$(AMI_PREFIX)" \
-var "arch=$(AMI_ARCH)" \
-var "instance_type=$(AMI_INSTANCE_TYPE)" \
.'
ansible.lint:
$(MAKE) venv.execute COMMAND='cd packer/linux && ansible-lint'