-
Notifications
You must be signed in to change notification settings - Fork 10
/
Makefile.common
69 lines (53 loc) · 2.18 KB
/
Makefile.common
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
SHELL=/bin/bash -o pipefail
MANIFESTS_DIR=manifests
JSONNET_VENDOR=jsonnet/vendor
JSONNETFMT_ARGS=-n 2 --max-blank-lines 2 --string-style s --comment-style s
TLD=$(shell git rev-parse --show-toplevel)
SCHEMAS_DIR=$(TLD)/tmp/schemas
KUBESCAPE_THRESHOLD=10
.PHONY: all
all: fmt generate
.PHONY: fmt
fmt: ## Format code
find . -name 'vendor' -prune -o -name '*.libsonnet' -print -o -name '*.jsonnet' -print | \
xargs -n 1 -- jsonnetfmt $(JSONNETFMT_ARGS) -i
.PHONY: generate
generate: $(MANIFESTS_DIR) $(JSONNET_VENDOR) ## Generate yaml code from jsonnet
jsonnet -J jsonnet/vendor -c -m $(MANIFESTS_DIR) -S jsonnet/main.jsonnet
$(MAKE) beautify
$(MANIFESTS_DIR):
rm -rf $(MANIFESTS_DIR)
mkdir -p $(MANIFESTS_DIR)
$(JSONNET_VENDOR):
-cd jsonnet && jb install
.PHONY: beautify
beautify: ## Make yaml files readable
for i in $(shell find $(MANIFESTS_DIR)/ -name '*.yaml'); do yq --prettyPrint --no-colors --inplace "$$i"; done
.PHONY: clean
clean: ## Clean vendored code
rm -rf jsonnet/vendor
.PHONY: update
update: ## Update jsonnet dependencies
cd jsonnet && jb update
rm -rf $(JSONNET_VENDOR)
$(MAKE) generate
.PHONY: version-update
version-update: ## Upgrade component version and image
$(TLD)/hack/version-update.sh .
if ! git diff-index --quiet HEAD .; then $(MAKE) generate; fi
$(SCHEMAS_DIR):
$(TLD)/hack/generate-schemas.sh
.PHONY: validate
validate: $(MANIFESTS_DIR) $(SCHEMAS_DIR)
kubeconform \
-schema-location 'https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/{{ .NormalizedKubernetesVersion }}-standalone{{ .StrictSuffix }}/{{ .ResourceKind }}.json' \
-schema-location '$(SCHEMAS_DIR)/{{ .ResourceKind }}.json' \
-skip CustomResourceDefinition,SealedSecret,Kustomization,Provider,Alert,Receiver \
-summary \
$(MANIFESTS_DIR)
.PHONY: sec-scan
sec-scan: ## Security scanning of manifests
kubescape scan -s framework -t $(KUBESCAPE_THRESHOLD) nsa $(shell find $(MANIFESTS_DIR)/ -name '*.yaml') --exceptions 'kubescape-exceptions.json'
.PHONY: help
help: ## Displays help.
@awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n make \033[36m<target>\033[0m\n\nTargets:\n"} /^[a-z0-9A-Z_-]+:.*?##/ { printf " \033[36m%-15s\033[0m %s\n", $$1, $$2 }' $(MAKEFILE_LIST)