-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathMakefile
217 lines (177 loc) · 7.83 KB
/
Makefile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
## This Makefile is a wrapper around the docker-bake command
## to provide support for login and push to a registry.
SHELL := /bin/bash
DOCKER_BAKE_ARGS := --progress=plain
.PHONY: help setenv auth all clean test
help:
@echo "Usage: make <target>"
@echo ""
@echo "Targets:"
@echo " all Build all images"
@echo " enterprise Build enterprise images"
@echo " community Build community images"
@echo " adf_apps Build ADF Apps images"
@echo " ats Build Transform Service images"
@echo " audit_storage Build Audit Storage images"
@echo " connectors Build Connector images"
@echo " repo Build Repository image"
@echo " search_enterprise Build Search Enterprise images"
@echo " search_service Build Search Service images"
@echo " share Build Share images"
@echo " sync Build Sync Service images"
@echo " tengines Build Transform Engine images"
@echo " =================="
@echo " clean Clean up Nexus artifacts"
@echo " clean_caches Clean up Docker and artifact caches"
@echo " help Display this help message"
ACS_VERSION ?= 23
TOMCAT_VERSIONS_FILE := tomcat/tomcat_versions.yaml
ifeq ($(ACS_VERSION), 23)
TOMCAT_FIELD := "tomcat10"
else
TOMCAT_FIELD := "tomcat9"
endif
export TOMCAT_MAJOR := $(shell yq e '.${TOMCAT_FIELD}.major' $(TOMCAT_VERSIONS_FILE))
export TOMCAT_VERSION := $(shell yq e '.${TOMCAT_FIELD}.version' $(TOMCAT_VERSIONS_FILE))
export TOMCAT_SHA512 := $(shell yq e '.${TOMCAT_FIELD}.sha512' $(TOMCAT_VERSIONS_FILE))
setenv: auth
ifdef BAKE_NO_CACHE
DOCKER_BAKE_ARGS += --no-cache
endif
ifdef BAKE_NO_PROVENANCE
DOCKER_BAKE_ARGS += --provenance=false
endif
auth:
ifeq ($(REGISTRY),localhost)
@echo "REGISTRY environment variable is set to localhost. Images will be build & loaded locally"
else ifdef REGISTRY
@echo "Checking for REGISTRY authentication"
@if docker login ${REGISTRY}; then \
echo '!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!'; \
echo "Images will be pushed to ${REGISTRY}/$${REGISTRY_NAMESPACE:-alfresco}"; \
echo "Do make sure this location is safe to push to!"; \
echo "In particular, make sure you are not pushing to a public registry"; \
echo "without paying attention to the security & legal implications."; \
echo "If you are not sure, please stop the build and check"; \
echo '!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!'; \
read -p "Do you want to continue? [y/N] " -n 1 -r; \
[[ $$REPLY =~ ^[Yy]$$ ]] && echo -e '\n' || (echo -e "\nStopping build"; exit 1); \
else \
echo "Failed to login to ${REGISTRY}. Stopping build."; \
exit 1; \
fi
DOCKER_BAKE_ARGS += --set *.output=type=registry,push=true
else
@echo "REGISTRY environment variable is not set. Images will be build & loaded locally"
endif
clean:
@echo "Cleaning up Artifacts"
@./scripts/clean-artifacts.sh -f
clean_caches:
@echo "Cleaning up Docker cache"
docker builder prune -f
@echo "Cleaning up Artifacts cache"
find artifacts_cache/ ! -name .gitkeep -mindepth 1 -delete
## PREPARE TARGETS
## Keep targets in alphabetical order (following the folder structure)
prepare: scripts/fetch_artifacts.py
@echo "Fetching all artifacts"
@python3 ./scripts/fetch_artifacts.py
prepare_adf: scripts/fetch_artifacts.py
@echo "Fetching all artifacts for ADF targets"
@python3 ./scripts/fetch_artifacts.py adf-apps
prepare_ats: scripts/fetch_artifacts.py
@echo "Fetching all artifacts for ATS targets"
@python3 ./scripts/fetch_artifacts.py ats
prepare_audit_storage: scripts/fetch_artifacts.py
@echo "Fetching all artifacts for Audit Storage targets"
@python3 ./scripts/fetch_artifacts.py audit-storage
prepare_connectors: scripts/fetch_artifacts.py
@echo "Fetching all artifacts for Connector targets"
@python3 ./scripts/fetch_artifacts.py connector
prepare_repo: scripts/fetch_artifacts.py
@echo "Fetching all artifacts for Repository target"
@python3 ./scripts/fetch_artifacts.py repository
prepare_search_enterprise: scripts/fetch_artifacts.py
@echo "Fetching all artifacts for Search Enterprise targets"
@python3 ./scripts/fetch_artifacts.py search/enterprise
prepare_search_service: scripts/fetch_artifacts.py
@echo "Fetching all artifacts for Search Service targets"
@python3 ./scripts/fetch_artifacts.py search/service
prepare_share: scripts/fetch_artifacts.py
@echo "Fetching all artifacts for Share targets"
@python3 ./scripts/fetch_artifacts.py share
prepare_sync: scripts/fetch_artifacts.py
@echo "Fetching all artifacts for ADF targets"
@python3 ./scripts/fetch_artifacts.py sync
prepare_tengines: scripts/fetch_artifacts.py
@echo "Fetching all artifacts for Transform Engine targets"
@python3 ./scripts/fetch_artifacts.py tengine
## BUILD TARGETS
## Keep targets in alphabetical order (following the folder structure)
all: docker-bake.hcl prepare setenv
@echo "Building all images"
docker buildx bake ${DOCKER_BAKE_ARGS}
$(call grype_scan,$@)
enterprise: docker-bake.hcl prepare setenv
@echo "Building all Enterprise images"
docker buildx bake ${DOCKER_BAKE_ARGS} $@
$(call grype_scan,$@)
community: docker-bake.hcl prepare setenv
@echo "Building all Community images"
docker buildx bake ${DOCKER_BAKE_ARGS} $@
$(call grype_scan,$@)
adf_apps: docker-bake.hcl prepare_adf setenv
@echo "Building ADF App images"
docker buildx bake ${DOCKER_BAKE_ARGS} $@
$(call grype_scan,$@)
ats: docker-bake.hcl tengines prepare_ats prepare_tengines setenv
@echo "Building Transform Service images"
docker buildx bake ${DOCKER_BAKE_ARGS} $@
$(call grype_scan,$@)
audit_storage: docker-bake.hcl prepare_audit_storage setenv
@echo "Building Audit Storage images"
docker buildx bake ${DOCKER_BAKE_ARGS} $@
$(call grype_scan,$@)
connectors: docker-bake.hcl prepare_connectors setenv
@echo "Building Connector images"
docker buildx bake ${DOCKER_BAKE_ARGS} $@
$(call grype_scan,$@)
repo: docker-bake.hcl prepare_repo setenv
@echo "Building Repository images"
docker buildx bake ${DOCKER_BAKE_ARGS} repository
$(call grype_scan,repository)
search_enterprise: docker-bake.hcl prepare_search_enterprise setenv
@echo "Building Search Enterprise images"
docker buildx bake ${DOCKER_BAKE_ARGS} $@
$(call grype_scan,$@)
search_service: docker-bake.hcl prepare_search_service setenv
@echo "Building Search Service images"
docker buildx bake ${DOCKER_BAKE_ARGS} $@
$(call grype_scan,$@)
share: docker-bake.hcl prepare_share setenv
@echo "Building Share images"
docker buildx bake ${DOCKER_BAKE_ARGS} $@
$(call grype_scan,$@)
sync: docker-bake.hcl prepare_sync setenv
@echo "Building Sync Service images"
docker buildx bake ${DOCKER_BAKE_ARGS} $@
$(call grype_scan,$@)
tengines: docker-bake.hcl prepare_tengines setenv
@echo "Building Transform Egnine images"
docker buildx bake ${DOCKER_BAKE_ARGS} $@
$(call grype_scan,$@)
all_ci: adf_apps ats audit_storage connectors repo search_enterprise search_service share sync tengines all prepare clean clean_caches
@echo "Building all targets including cleanup for Continuous Integration"
GRYPE_OPTS := -f high --only-fixed --ignore-states wont-fix
grype:
@command -v grype >/dev/null 2>&1 || { echo >&2 "grype is required but it's not installed. See https://github.com/anchore/grype/blob/main/README.md#installation. Aborting."; exit 1; }
@echo "Running grype scan"
@docker buildx bake $(GRYPE_TARGET) --print | jq '.target[] | select(.output == ["type=docker"]) | .tags[]' | xargs -I {} grype $(GRYPE_OPTS) {}
ifdef GRYPE_ONBUILD
define grype_scan
@command -v grype >/dev/null 2>&1 || { echo >&2 "grype is required but it's not installed. See https://github.com/anchore/grype/blob/main/README.md#installation. Aborting."; exit 1; }
@echo "Running grype scan for $(1)"
@docker buildx bake $(1) --print | jq '.target[] | select(.output == ["type=docker"]) | .tags[]' | xargs -I {} grype $(GRYPE_OPTS) {}
endef
endif