-
Notifications
You must be signed in to change notification settings - Fork 2
/
Makefile
176 lines (154 loc) · 8.05 KB
/
Makefile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
include .env
.DEFAULT_GOAL := help
# Optionally add the "-it" flag for docker run commands if the env var "CI" is not set (meaning we are on a local machine and not in github actions)
TTY_ARG :=
ifndef CI
TTY_ARG := -it
endif
# Silent mode by default. Run `make VERBOSE=1` to turn off silent mode.
ifndef VERBOSE
.SILENT:
endif
# Idiomatic way to force a target to always run, by having it depend on this dummy target
FORCE:
.PHONY: help
help: ## Show a list of all targets
grep -E '^[a-zA-Z0-9_-]+:.*?## .*$$' $(MAKEFILE_LIST) \
| sed -n 's/^\(.*\): \(.*\)##\(.*\)/\1:\3/p' \
| column -t -s ":"
.PHONY: _create-folders
_create-folders:
mkdir -p .cache/docker
mkdir -p .cache/pre-commit
mkdir -p .cache/go
mkdir -p .cache/go-build
mkdir -p .cache/tmp
mkdir -p .cache/.terraform.d/plugin-cache
mkdir -p .cache/.zarf-cache
.PHONY: _test-all
_test-all: _create-folders
# import any TF_VAR_ environment variables into the docker container.
echo "Running automated tests. This will take several minutes. At times it does not log anything to the console. If you interrupt the test run you will need to log into AWS console and manually delete any orphaned infrastructure.";\
TF_VARS=$$(env | grep '^TF_VAR_' | awk -F= '{printf "-e %s ", $$1}'); \
docker run $(TTY_ARG) --rm \
--cap-add=NET_ADMIN \
--cap-add=NET_RAW \
-v "${PWD}:/app" \
-v "${PWD}/.cache/tmp:/tmp" \
-v "${PWD}/.cache/go:/root/go" \
-v "${PWD}/.cache/go-build:/root/.cache/go-build" \
-v "${PWD}/.cache/.terraform.d/plugin-cache:/root/.terraform.d/plugin-cache" \
-v "${PWD}/.cache/.zarf-cache:/root/.zarf-cache" \
--workdir "/app" \
-e TF_LOG_PATH \
-e TF_LOG \
-e GOPATH=/root/go \
-e GOCACHE=/root/.cache/go-build \
-e TF_PLUGIN_CACHE_MAY_BREAK_DEPENDENCY_LOCK_FILE=true \
-e TF_PLUGIN_CACHE_DIR=/root/.terraform.d/plugin-cache \
-e AWS_REGION \
-e AWS_DEFAULT_REGION \
-e AWS_ACCESS_KEY_ID \
-e AWS_SECRET_ACCESS_KEY \
-e AWS_SESSION_TOKEN \
-e AWS_SECURITY_TOKEN \
-e AWS_SESSION_EXPIRATION \
-e SKIP_SETUP \
-e SKIP_TEST \
-e SKIP_TEARDOWN \
$${TF_VARS} \
${BUILD_HARNESS_REPO}:${BUILD_HARNESS_VERSION} \
bash -c 'git config --global --add safe.directory /app && cd examples/complete && tofu init -upgrade=true && cd ../../test/e2e && go test -count 1 -v $(EXTRA_TEST_ARGS) .'
.PHONY: go-init
go-init: _create-folders
echo "Running automated tests. This will take several minutes. At times it does not log anything to the console. If you interrupt the test run you will need to log into AWS console and manually delete any orphaned infrastructure."
docker run $(TTY_ARG) --rm \
--cap-add=NET_ADMIN \
--cap-add=NET_RAW \
-v "${PWD}:/app" \
-v "${PWD}/.cache/tmp:/tmp" \
-v "${PWD}/.cache/go:/root/go" \
-v "${PWD}/.cache/go-build:/root/.cache/go-build" \
-v "${PWD}/.cache/.terraform.d/plugin-cache:/root/.terraform.d/plugin-cache" \
-v "${PWD}/.cache/.zarf-cache:/root/.zarf-cache" \
--workdir "/app" \
-e TF_LOG_PATH \
-e TF_LOG \
-e GOPATH=/root/go \
-e GOCACHE=/root/.cache/go-build \
-e TF_PLUGIN_CACHE_MAY_BREAK_DEPENDENCY_LOCK_FILE=true \
-e TF_PLUGIN_CACHE_DIR=/root/.terraform.d/plugin-cache \
-e AWS_REGION \
-e AWS_DEFAULT_REGION \
-e AWS_ACCESS_KEY_ID \
-e AWS_SECRET_ACCESS_KEY \
-e AWS_SESSION_TOKEN \
-e AWS_SECURITY_TOKEN \
-e AWS_SESSION_EXPIRATION \
-e SKIP_SETUP \
-e SKIP_TEST \
-e SKIP_TEARDOWN \
${TF_VARS} \
${BUILD_HARNESS_REPO}:${BUILD_HARNESS_VERSION} \
bash -c 'git config --global --add safe.directory /app && go mod init github.com/defenseunicorns/terraform-aws-eks && go mod tidy -v'
.PHONY: test
test: ## Run all automated tests. Requires access to an AWS account. Costs real money.
$(MAKE) _test-all EXTRA_TEST_ARGS="-timeout 3h"
.PHONY: test-ci-complete-insecure
test-ci-complete-insecure: ## Run one test (TestExamplesCompleteInsecure). Requires access to an AWS account. Costs real money.
$(eval export TF_VAR_region := $(or $(REGION),$(TF_VAR_region),us-east-2))
$(MAKE) _test-all EXTRA_TEST_ARGS="-timeout 3h -run TestExamplesCompleteInsecure"
.PHONY: test-release-complete-secure
test-release-complete-secure: ## Run one test (TestExamplesCompleteSecure). Requires access to an AWS account. Costs real money.
$(eval export TF_VAR_region := $(or $(REGION),$(TF_VAR_region),us-gov-west-1))
$(MAKE) _test-all EXTRA_TEST_ARGS="-timeout 3h -run TestExamplesCompleteSecure"
.PHONY: test-complete-plan-only
test-complete-plan-only: ## Run one test (TestExamplesCompletePlanOnly). Requires access to an AWS account. It will not cost money or create any resources since it is just running `terraform plan`.
$(eval export TF_VAR_region := $(or $(REGION),$(TF_VAR_region),us-east-2))
$(MAKE) _test-all EXTRA_TEST_ARGS="-timeout 2h -run TestExamplesCompletePlanOnly"
.PHONY: docker-save-build-harness
docker-save-build-harness: _create-folders ## Pulls the build harness docker image and saves it to a tarball
docker pull ${BUILD_HARNESS_REPO}:${BUILD_HARNESS_VERSION}
docker save -o .cache/docker/build-harness.tar ${BUILD_HARNESS_REPO}:${BUILD_HARNESS_VERSION}
.PHONY: docker-load-build-harness
docker-load-build-harness: ## Loads the saved build harness docker image
docker load -i .cache/docker/build-harness.tar
.PHONY: _runhooks
_runhooks: _create-folders
docker run $(TTY_ARG) --rm \
-v "${PWD}:/app" \
-v "${PWD}/.cache/tmp:/tmp" \
-v "${PWD}/.cache/go:/root/go" \
-v "${PWD}/.cache/go-build:/root/.cache/go-build" \
-v "${PWD}/.cache/.terraform.d/plugin-cache:/root/.terraform.d/plugin-cache" \
-v "${PWD}/.cache/.zarf-cache:/root/.zarf-cache" \
--workdir "/app" \
-e GOPATH=/root/go \
-e GOCACHE=/root/.cache/go-build \
-e TF_PLUGIN_CACHE_MAY_BREAK_DEPENDENCY_LOCK_FILE=true \
-e TF_PLUGIN_CACHE_DIR=/root/.terraform.d/plugin-cache \
-e "SKIP=$(SKIP)" \
-e "PRE_COMMIT_HOME=/app/.cache/pre-commit" \
${BUILD_HARNESS_REPO}:${BUILD_HARNESS_VERSION} \
bash -c 'git config --global --add safe.directory /app && pre-commit run -a --show-diff-on-failure $(HOOK)'
.PHONY: pre-commit-all
pre-commit-all: ## Run all pre-commit hooks. Returns nonzero exit code if any hooks fail. Uses Docker for maximum compatibility
$(MAKE) _runhooks HOOK="" SKIP=""
.PHONY: pre-commit-terraform
pre-commit-terraform: ## Run the terraform pre-commit hooks. Returns nonzero exit code if any hooks fail. Uses Docker for maximum compatibility
$(MAKE) _runhooks HOOK="" SKIP="check-added-large-files,check-merge-conflict,detect-aws-credentials,detect-private-key,end-of-file-fixer,fix-byte-order-marker,trailing-whitespace,check-yaml,fix-smartquotes,go-fmt,golangci-lint,renovate-config-validator"
.PHONY: pre-commit-golang
pre-commit-golang: ## Run the golang pre-commit hooks. Returns nonzero exit code if any hooks fail. Uses Docker for maximum compatibility
$(MAKE) _runhooks HOOK="" SKIP="check-added-large-files,check-merge-conflict,detect-aws-credentials,detect-private-key,end-of-file-fixer,fix-byte-order-marker,trailing-whitespace,check-yaml,fix-smartquotes,terraform_fmt,tofu_docs,tofu_checkov,terraform_tflint,renovate-config-validator"
.PHONY: pre-commit-renovate
pre-commit-renovate: ## Run the renovate pre-commit hooks. Returns nonzero exit code if any hooks fail. Uses Docker for maximum compatibility
$(MAKE) _runhooks HOOK="renovate-config-validator" SKIP=""
.PHONY: pre-commit-common
pre-commit-common: ## Run the common pre-commit hooks. Returns nonzero exit code if any hooks fail. Uses Docker for maximum compatibility
$(MAKE) _runhooks HOOK="" SKIP="go-fmt,golangci-lint,terraform_fmt,tofu_docs,tofu_checkov,terraform_tflint,renovate-config-validator"
.PHONY: fix-cache-permissions
fix-cache-permissions: ## Fixes the permissions on the pre-commit cache
docker run $(TTY_ARG) --rm -v "${PWD}:/app" --workdir "/app" -e "PRE_COMMIT_HOME=/app/.cache/pre-commit" ${BUILD_HARNESS_REPO}:${BUILD_HARNESS_VERSION} chmod -R a+rx .cache
.PHONY: autoformat
autoformat: ## Update files with automatic formatting tools. Uses Docker for maximum compatibility.
$(MAKE) _runhooks HOOK="" SKIP="check-added-large-files,check-merge-conflict,detect-aws-credentials,detect-private-key,check-yaml,golangci-lint,tofu_checkov,terraform_tflint,renovate-config-validator"