-
Notifications
You must be signed in to change notification settings - Fork 1.8k
/
Makefile
773 lines (685 loc) · 25.8 KB
/
Makefile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
#
# This Makefile is used for producing official Teleport releases
#
ifneq ("$(wildcard /bin/bash)","")
SHELL := /bin/bash -o pipefail
endif
HOSTNAME=buildbox
SRCDIR=/go/src/github.com/gravitational/teleport
GOMODCACHE ?= /tmp/gomodcache
# TODO(hugoShaka) remove HELM_PLUGINS with teleport13 buildbox
DOCKERFLAGS := --rm=true -v "$$(pwd)/../":$(SRCDIR) -v /tmp:/tmp -w $(SRCDIR) -h $(HOSTNAME) -e GOMODCACHE=$(GOMODCACHE) -e HELM_PLUGINS=/home/ci/.local/share/helm/plugins-new -e GITHUB_REPOSITORY_OWNER=$(GITHUB_REPOSITORY_OWNER) -e MAKEFLAGS
# Teleport version - some targets require this to be set
VERSION ?= $(shell egrep ^VERSION ../Makefile | cut -d= -f2)
ADDFLAGS ?=
BATSFLAGS :=
KUBECONFIG ?=
TEST_KUBE ?=
OS ?= linux
UID := $$(id -u)
GID := $$(id -g)
NOROOT := -u $(UID):$(GID)
include versions.mk
include arch.mk
# BUILDBOX_VERSION, BUILDBOX and BUILDBOX_variant variables are included in images.mk
include images.mk
include grpcbox.mk # Requires images.mk
DOCSBOX=ghcr.io/gravitational/docs
ifneq ("$(KUBECONFIG)","")
DOCKERFLAGS := $(DOCKERFLAGS) -v $(KUBECONFIG):/mnt/kube/config -e KUBECONFIG=/mnt/kube/config -e TEST_KUBE=$(TEST_KUBE)
endif
# conditionally force the use of UID/GID 1000:1000 if we're running in Github Actions (in which case CI env var will be set)
ifeq ("$(CI)","true")
# The UID/GID of the runner user on ARC runners is 1001, not 1000
# This var is currently only set for ARC runners via https://github.com/gravitational/cloud-terraform/pull/2473
ifeq ("$(CI_SYSTEM)","ARC")
UID := 1001
GID := 1001
NOROOT := -u 1001:1001
else
UID := 1000
GID := 1000
NOROOT := -u 1000:1000
endif
# if running in CI and the GOCACHE environment variable is not set, set it to a sensible default
ifeq ("$(GOCACHE)",)
GOCACHE := /go/cache
endif
# pass external gocache path through to docker containers
DOCKERFLAGS := $(DOCKERFLAGS) -v $(GOCACHE):/go/cache -e GOCACHE=/go/cache
endif
# The ARM64 build cannot be cross-compiled - the host architecture must be arm64
# for this build. Define a var that expands to an error if the build arch does
# not match the host arch.
#
# It should be expanded in a target's recipe to prevent it running if a cross-
# compile was requested.
#
# $(RUNTIME_ARCH) is the host architecture normalised to the Go arch.
# $(ARCH) is the target architecture we want to build for.
REQUIRE_HOST_ARCH = $(if $(filter-out $(ARCH),$(RUNTIME_ARCH)),$(error Cannot cross-compile $@ $(ARCH) on $(RUNTIME_ARCH)))
# This determines which make target we call in this repo's top level Makefile when
# make release in this Makefile is called. Currently this supports its default value
# (release) and release-unix-preserving-webassets. See the release-arm target for
# more details.
RELEASE_TARGET ?= release
#
# Build 'teleport' release inside a docker container
#
.PHONY:build
build: buildbox-centos7 webassets
docker run $(DOCKERFLAGS) $(NOROOT) $(BUILDBOX_CENTOS7) \
make -C $(SRCDIR) ADDFLAGS='$(ADDFLAGS)' PIV=$(PIV) release-unix-preserving-webassets
#
# Build 'teleport' release inside a docker container
#
.PHONY:build-binaries
build-binaries: buildbox-centos7 webassets
docker run $(DOCKERFLAGS) $(NOROOT) $(BUILDBOX_CENTOS7) \
make -C $(SRCDIR) ADDFLAGS='$(ADDFLAGS)' PIV=$(PIV) full
#
# Build 'teleport' Enterprise release inside a docker container
#
.PHONY:build-enterprise-binaries
build-enterprise-binaries: buildbox-centos7 webassets
docker run $(DOCKERFLAGS) $(NOROOT) $(BUILDBOX_CENTOS7) \
make -C $(SRCDIR)/e ADDFLAGS='$(ADDFLAGS)' VERSION=$(VERSION) GITTAG=v$(VERSION) PIV=$(PIV) clean full
#
# Build 'teleport' FIPS release inside a docker container
# This builds Enterprise binaries only.
#
.PHONY:build-binaries-fips
build-binaries-fips: buildbox-centos7-fips webassets
docker run $(DOCKERFLAGS) $(NOROOT) $(BUILDBOX_CENTOS7_FIPS) \
make -C $(SRCDIR)/e ADDFLAGS='$(ADDFLAGS)' VERSION=$(VERSION) GITTAG=v$(VERSION) PIV=$(PIV) FIPS=yes clean full
#
# Build the buildbox thirdparty components. This rarely needs to be rebuilt and is
# slow to build, so it is done separately from the main buildbox
#
.PHONY: buildbox-thirdparty
buildbox-thirdparty:
docker buildx build \
--cache-from $(BUILDBOX_THIRDPARTY) \
--cache-to type=inline \
$(if $(PUSH),--push,--load) \
--tag $(BUILDBOX_THIRDPARTY) \
-f buildbox/Dockerfile-thirdparty \
buildbox
#
# A generic build rule to build a stage of Dockerfile-thirdparty based
# on the $(STAGE) variable. These stage builds are used for development
# of the thirdparty buildbox, whether to configure crosstool-NG
# (see config/buildbox-ng), or when adding additional third party
# libraries using either the compilers stage or libs stage.
#
.PHONY: buildbox-thirdparty-stage
buildbox-thirdparty-stage:
docker buildx build \
--load \
--tag buildbox-thirdparty-$(STAGE):$(BUILDBOX_VERSION) \
-f buildbox/Dockerfile-thirdparty \
--target $(STAGE) \
buildbox
.PHONY: buildbox-thirdparty-crosstoolng
buildbox-thirdparty-crosstoolng: STAGE=crosstoolng
buildbox-thirdparty-crosstoolng: buildbox-thirdparty-stage
.PHONY: buildbox-thirdparty-compilers
buildbox-thirdparty-compilers: STAGE=compilers
buildbox-thirdparty-compilers: buildbox-thirdparty-stage
.PHONY: buildbox-thirdparty-libs
buildbox-thirdparty-libs: STAGE=libs
buildbox-thirdparty-libs: buildbox-thirdparty-stage
#
# Build the buildbox-ng using the pre-built third party components from the
# buildbox-thirdparty image
#
.PHONY: buildbox-ng
buildbox-ng:
docker buildx build \
--build-arg THIRDPARTY_IMAGE=$(BUILDBOX_THIRDPARTY) \
--build-arg GOLANG_VERSION=$(GOLANG_VERSION) \
--build-arg RUST_VERSION=$(RUST_VERSION) \
--cache-from $(BUILDBOX_NG) \
--cache-to type=inline \
$(if $(PUSH),--push,--load) \
--tag $(BUILDBOX_NG) \
-f buildbox/Dockerfile \
buildbox
# Builds a Docker container which is used for building official Teleport binaries
# If running in CI and there is no image with the buildbox name:tag combination present locally,
# the image is pulled from the Docker repository. If this pull fails (i.e. when a new Go runtime is
# first used), the error is ignored and the buildbox is built using the Dockerfile.
# BUILDARCH is set explicitly, so it's set with and without BuildKit enabled.
#
.PHONY:buildbox
buildbox:
docker buildx build \
--build-arg UID=$(UID) \
--build-arg GID=$(GID) \
--build-arg BUILDARCH=$(RUNTIME_ARCH) \
--build-arg GOLANG_VERSION=$(GOLANG_VERSION) \
--build-arg GOLANGCI_LINT_VERSION=$(GOLANGCI_LINT_VERSION) \
--build-arg RUST_VERSION=$(RUST_VERSION) \
--build-arg WASM_PACK_VERSION=$(WASM_PACK_VERSION) \
--build-arg NODE_VERSION=$(NODE_VERSION) \
--build-arg LIBBPF_VERSION=$(LIBBPF_VERSION) \
--build-arg BUF_VERSION=$(BUF_VERSION) \
--build-arg GOGO_PROTO_TAG=$(GOGO_PROTO_TAG) \
--build-arg NODE_GRPC_TOOLS_VERSION=$(NODE_GRPC_TOOLS_VERSION) \
--build-arg NODE_PROTOC_TS_VERSION=$(NODE_PROTOC_TS_VERSION) \
--build-arg PROTOC_VERSION=$(PROTOC_VERSION) \
--cache-to type=inline \
--cache-from $(BUILDBOX) \
$(if $(PUSH),--push,--load) \
--tag $(BUILDBOX) .
# Builds a Docker buildbox for FIPS
#
.PHONY:buildbox-fips
buildbox-fips: buildbox-centos7-fips
#
# Builds a Docker buildbox for CentOS 7 builds. It is built for amd64 and arm64
# but cannot be cross-compiled, so the host architecture must match the target
# architecture we are building.
#
# This buildbox uses the cached assets from the buildbox-centos7-assets container.
# build-centos7-assets can take a long time to complete, and thus it is not included
# as a dependency of this target in order to make local builds / development faster.
# It is called explicitly in CI before anything that depends on it is built, and when
# building locally it can be called manually if the assets need to be rebuilt.
#
.PHONY:buildbox-centos7
buildbox-centos7:
$(REQUIRE_HOST_ARCH)
docker buildx build \
--target buildbox \
--build-arg UID=$(UID) \
--build-arg GID=$(GID) \
--build-arg BUILDBOX_CENTOS7_ASSETS=$(BUILDBOX_CENTOS7_ASSETS) \
--build-arg BUILDARCH=$(HOST_ARCH) \
--build-arg TARGETARCH=$(RUNTIME_ARCH) \
--build-arg GOLANG_VERSION=$(GOLANG_VERSION) \
--build-arg RUST_VERSION=$(RUST_VERSION) \
--build-arg WASM_PACK_VERSION=$(WASM_PACK_VERSION) \
--build-arg DEVTOOLSET=$(DEVTOOLSET) \
--build-arg LIBBPF_VERSION=$(LIBBPF_VERSION) \
--build-arg LIBPCSCLITE_VERSION=$(LIBPCSCLITE_VERSION) \
--cache-to type=inline \
--cache-from $(BUILDBOX_CENTOS7) \
$(if $(PUSH),--push,--load) \
--tag $(BUILDBOX_CENTOS7) -f Dockerfile-centos7 .
#
# Builds a Docker buildbox for CentOS 7 FIPS builds. This uses the same
# Dockerfile as `buildbox-centos7` but with the `buildbox-fips` target which
# sets the appropriate environment variables and config files to build
# FIPS-compliant binaries. It also does a test build to ensure the built
# binaries are FIPS-compliant.
#
.PHONY:buildbox-centos7-fips
buildbox-centos7-fips:
docker buildx build \
--target buildbox-fips \
--build-arg UID=$(UID) \
--build-arg GID=$(GID) \
--build-arg BUILDBOX_CENTOS7_ASSETS=$(BUILDBOX_CENTOS7_ASSETS) \
--build-arg BUILDARCH=$(HOST_ARCH) \
--build-arg TARGETARCH=$(RUNTIME_ARCH) \
--build-arg GOLANG_VERSION=$(GOLANG_VERSION) \
--build-arg RUST_VERSION=$(RUST_VERSION) \
--build-arg WASM_PACK_VERSION=$(WASM_PACK_VERSION) \
--build-arg DEVTOOLSET=$(DEVTOOLSET) \
--build-arg LIBBPF_VERSION=$(LIBBPF_VERSION) \
--build-arg LIBPCSCLITE_VERSION=$(LIBPCSCLITE_VERSION) \
--cache-to type=inline \
--cache-from $(BUILDBOX_CENTOS7_FIPS) \
$(if $(PUSH),--push,--load) \
--tag $(BUILDBOX_CENTOS7_FIPS) -f Dockerfile-centos7 .
#
# Builds a Docker buildbox for ARMv7/ARM64 builds
# ARM buildboxes use a regular Teleport buildbox as a base which already has a user
# with the correct UID and GID created, so those arguments are not needed here.
#
.PHONY:buildbox-arm
buildbox-arm:
docker buildx build \
--build-arg UID=$(UID) \
--build-arg GID=$(GID) \
--build-arg BUILDARCH=$(RUNTIME_ARCH) \
--build-arg GOLANG_VERSION=$(GOLANG_VERSION) \
--build-arg NODE_VERSION=$(NODE_VERSION) \
--build-arg RUST_VERSION=$(RUST_VERSION) \
--cache-to type=inline \
--cache-from $(BUILDBOX_ARM) \
$(if $(PUSH),--push,--load) \
--tag $(BUILDBOX_ARM) -f Dockerfile-arm .
CONNECT_VERSION ?= $(VERSION)
ifeq ($(CONNECT_VERSION),)
CONNECT_VERSION := $(BUILDBOX_VERSION)-dev
endif
#
# Builds a Docker buildbox for builds that depend on Node.js.
# This can be used for building webassets as well as Teleport Connect.
#
.PHONY:buildbox-node
buildbox-node:
docker buildx build \
--build-arg BUILDARCH=$(RUNTIME_ARCH) \
--build-arg UID=$(UID) \
--build-arg GID=$(GID) \
--build-arg NODE_VERSION=$(NODE_VERSION) \
--build-arg RUST_VERSION=$(RUST_VERSION) \
--build-arg WASM_PACK_VERSION=$(WASM_PACK_VERSION) \
--cache-to type=inline \
--cache-from $(BUILDBOX_NODE) \
$(if $(PUSH),--push,--load) \
--tag $(BUILDBOX_NODE) -f Dockerfile-node .
#
# Builds Teleport Connect inside the buildbox container.
#
.PHONY:teleterm
teleterm: buildbox-node
docker run $(DOCKERFLAGS) $(NOROOT) $(BUILDBOX_NODE) \
bash -c "cd $(SRCDIR) && export CONNECT_TSH_BIN_PATH=\$$PWD/../teleport/build/tsh && pnpm install --frozen-lockfile && pnpm build-term && pnpm package-term -c.extraMetadata.version=$(CONNECT_VERSION)"
# Builds webassets inside Docker.
.PHONY:ui
ui: buildbox
docker run -u $(UID):$(GID) -v "$$(pwd)/../":/teleport $(BUILDBOX) \
bash -c "cd ../teleport && pnpm install --frozen-lockfile && pnpm build-ui"
# Builds webassets inside the buildbox-node container via the
# Makefile (instead of calling pnpm directly as the ui target above does)
# as that computes a SHA to prevent unnecessary rebuilds. This is used by
# the CentOS 7 build that does not have a new enough version of node.js
# to build webassets. Enterprise webassets will only be built if the e
# submodule is present.
.PHONY: webassets
webassets: buildbox-node
docker run $(DOCKERFLAGS) $(NOROOT) $(BUILDBOX_NODE) \
/usr/bin/make ensure-webassets $(if $(wildcard ../e/Makefile),ensure-webassets-e)
# grpc generates GRPC stubs from inside the buildbox
.PHONY: grpc
grpc: grpcbox
$(GRPCBOX_RUN) make grpc/host
# protos-up-to-date checks if GRPC stubs are up to date from inside the buildbox
.PHONY: protos-up-to-date
protos-up-to-date: grpcbox
$(GRPCBOX_RUN) make protos-up-to-date/host
# fix-imports runs GCI to sort and re-order Go imports in a deterministic way.
.PHONY: fix-imports
fix-imports: buildbox
docker run \
$(DOCKERFLAGS) -t $(BUILDBOX) \
make -C /go/src/github.com/gravitational/teleport fix-imports/host
#
# Removes the docker image
#
.PHONY:clean
clean:
docker image rm --force $(BUILDBOX)
docker image rm --force $(DOCSBOX)
GOMODCACHE=$(GOMODCACHE) go clean -modcache
#
# Runs tests inside a build container
#
.PHONY:test
test: buildbox
docker run \
--env TELEPORT_XAUTH_TEST="yes" \
$(DOCKERFLAGS) $(NOROOT) -t $(BUILDBOX) \
/bin/bash -c \
"ssh-agent > external.agent.tmp && source external.agent.tmp; \
cd $(SRCDIR) && make TELEPORT_DEBUG=0 FLAGS='-cover -race' clean test"
.PHONY:test-root
test-root: buildbox
docker run \
--env TELEPORT_XAUTH_TEST="yes" \
$(DOCKERFLAGS) -t $(BUILDBOX) \
/bin/bash -c \
"ssh-agent > external.agent.tmp && source external.agent.tmp; \
cd $(SRCDIR) && make TELEPORT_DEBUG=0 FLAGS='-cover -race' clean test-go-root"
.PHONY:test-sh
test-sh: buildbox
docker run $(DOCKERFLAGS) $(NOROOT) -t $(BUILDBOX) \
/bin/bash -c "make -C $(SRCDIR) BATSFLAGS=$(BATSFLAGS) test-sh"
.PHONY:test-helm
test-helm: buildbox
docker run $(DOCKERFLAGS) $(NOROOT) -t $(BUILDBOX) \
/bin/bash -c "make -C $(SRCDIR) test-helm"
.PHONY:test-helm-update-snapshots
test-helm-update-snapshots:
docker run $(DOCKERFLAGS) $(NOROOT) -t $(BUILDBOX) \
/bin/bash -c "make -C $(SRCDIR) test-helm-update-snapshots"
.PHONY:integration
integration: buildbox
docker run \
--env TELEPORT_XAUTH_TEST="yes" \
$(DOCKERFLAGS) $(NOROOT) -t $(BUILDBOX) \
make -C $(SRCDIR) FLAGS='-cover' integration
.PHONY:integration-root
integration-root: buildbox
docker run $(DOCKERFLAGS) -t $(BUILDBOX) \
--env TELEPORT_XAUTH_TEST="yes" \
/bin/bash -c "make -C $(SRCDIR) FLAGS='-cover' integration-root"
.PHONY:integration-kube
integration-kube: buildbox
docker run $(DOCKERFLAGS) -t $(BUILDBOX) \
/bin/bash -c "make -C $(SRCDIR) FLAGS='-cover' integration-kube"
.PHONY:e2e-aws
e2e-aws: buildbox
docker run $(DOCKERFLAGS) -t $(BUILDBOX) \
/bin/bash -c "make -C $(SRCDIR) FLAGS='-cover' e2e-aws"
#
# Runs linters on new changes inside a build container.
#
.PHONY:lint
lint: buildbox
docker run $(DOCKERFLAGS) $(NOROOT) -t $(BUILDBOX) \
/bin/bash -c "make -C $(SRCDIR) lint"
.PHONY:lint-helm
lint-helm: buildbox
docker run $(DOCKERFLAGS) $(NOROOT) -t $(BUILDBOX) \
/bin/bash -c "make -C $(SRCDIR) lint-helm"
#
# Starts shell inside the build container
#
.PHONY:enter
enter: buildbox
docker run $(DOCKERFLAGS) -ti $(NOROOT) \
-e HOME=$(SRCDIR)/build.assets -w $(SRCDIR) $(BUILDBOX) /bin/bash
#
# Starts a root shell inside the build container
#
.PHONY:enter-root
enter-root: buildbox
docker run $(DOCKERFLAGS) -ti \
-e HOME=$(SRCDIR)/build.assets -w $(SRCDIR) $(BUILDBOX) /bin/bash
#
# Reconfigure crosstool-NG for the given ARCH via its menuconfig system.
# e.g.
# $ make config/buildbox-ng CROSSTOOLNG_ARCH=arm64
#
# After saving and exiting in the menuconfig, you should have an updated
# defconfig file in build.assets/buildbox/crosstoolng-configs
#
# You need to have a local copy of the configuration container image
# created with: make buildbox-thirdparty-crosstoolng
#
.PHONY: config/buildbox-ng
config/buildbox-ng:
@: $(or $(CROSSTOOLNG_ARCH),$(error CROSSTOOLNG_ARCH variable must be set))
@: $(or $(wildcard buildbox/crosstoolng-configs/$(CROSSTOOLNG_ARCH).defconfig),\
$(error No config for arch $(CROSSTOOLNG_ARCH)))
docker run -it --rm \
--volume $(shell pwd)/..:/home/teleport \
--workdir /home/teleport \
buildbox-thirdparty-crosstoolng:$(BUILDBOX_VERSION) \
make -C build.assets/buildbox -f crosstoolng.mk crosstoolng-menuconfig \
ARCH=$(CROSSTOOLNG_ARCH)
#
# Starts a shell in the buildbox-ng container
# We don't use $(DOCKERFLAGS) as it contains stuff for the old buildbox which is
# not relevant or incorrect for this one.
.PHONY: enter/buildbox-ng
enter/buildbox-ng:
docker run -it --rm \
--volume $(shell pwd)/..:/home/teleport \
--workdir /home/teleport \
--user $(shell id -u):$(shell id -g) \
$(BUILDBOX_NG)
#
# Starts a root shell in the buildbox-ng container
#
.PHONY: enter-root/buildbox-ng
enter-root/buildbox-ng:
docker run -it --rm \
--volume $(shell pwd)/..:/home/teleport \
--workdir /home/teleport \
--user 0:0 \
$(BUILDBOX_NG)
#
# Starts shell inside the centos7 container
#
.PHONY:enter/centos7
enter/centos7: buildbox-centos7
docker run $(DOCKERFLAGS) -ti $(NOROOT) \
-e HOME=$(SRCDIR)/build.assets -w $(SRCDIR) $(BUILDBOX_CENTOS7) /bin/bash
#
# Starts a root shell inside the centos7 container
#
.PHONY:enter-root/centos7
enter-root/centos7: buildbox-centos7
docker run $(DOCKERFLAGS) -ti \
-e HOME=$(SRCDIR)/build.assets -w $(SRCDIR) $(BUILDBOX_CENTOS7) /bin/bash
#
# Starts shell inside the centos7-fips container
#
.PHONY:enter/centos7-fips
enter/centos7-fips: buildbox-centos7-fips
docker run $(DOCKERFLAGS) -ti $(NOROOT) \
-e HOME=$(SRCDIR)/build.assets -w $(SRCDIR) $(BUILDBOX_CENTOS7_FIPS) /bin/bash
#
# Starts a root shell inside the centos7-fips container
#
.PHONY:enter-root/centos7-fips
enter-root/centos7-fips: buildbox-centos7-fips
docker run $(DOCKERFLAGS) -ti \
-e HOME=$(SRCDIR)/build.assets -w $(SRCDIR) $(BUILDBOX_CENTOS7_FIPS) /bin/bash
#
# Starts a shell inside the grpcbox.
#
.PHONY: enter/grpcbox
enter/grpcbox: grpcbox
$(GRPCBOX_RUN)
#
# Starts shell inside the node build container
#
.PHONY:enter/node
enter/node: buildbox-node
docker run $(DOCKERFLAGS) -ti $(NOROOT) \
-e HOME=$(SRCDIR)/build.assets -w $(SRCDIR) $(BUILDBOX_NODE) /bin/bash
.PHONY:enter/arm
enter/arm: buildbox-arm
docker run $(DOCKERFLAGS) -ti $(NOROOT) \
-e HOME=$(SRCDIR)/build.assets -w $(SRCDIR) $(BUILDBOX_ARM) /bin/bash
# #############################################################################
# Architecture and variant (fips) specific release targets
# These are aliases used to make build commands uniform.
# #############################################################################
# AMD64 builds are done on CentOS 7 build boxes for broader glibc compatibility.
.PHONY: release-amd64
release-amd64:
$(MAKE) release-centos7 ARCH=amd64 FIDO2=yes PIV=yes
.PHONY: release-amd64-fips
release-amd64-fips:
$(MAKE) release-centos7-fips ARCH=amd64 FIDO2=yes PIV=yes FIPS=yes
.PHONY: release-386
release-386:
$(MAKE) release ARCH=386
.PHONY: release-arm64
release-arm64:
$(MAKE) release-centos7 ARCH=arm64 FIDO2=yes PIV=yes
.PHONY: release-arm64-fips
release-arm64-fips:
$(MAKE) release-centos7-fips ARCH=arm64 FIDO2=yes PIV=yes FIPS=yes
# We depend on webassets to pre-build them in the buildbox-node container
# so that we don't need to install node.js and rust on the buildbox-arm container.
# Therefore we set RELEASE_TARGET to release-unix-preserving-webassets.
.PHONY: release-arm
release-arm: webassets
$(MAKE) release RELEASE_TARGET=release-unix-preserving-webassets ARCH=arm BUILDBOX=$(BUILDBOX_ARM)
# #############################################################################
# Generic release targets
# Don't use these targets directly; call named Makefile targets such as `release-amd64`.
# #############################################################################
# Define buildbox makefile targets for building various buildboxes, parameterizing
# the `release` target`.
BUILDBOX_TARGET_$(BUILDBOX_ARM) = buildbox-arm
# Select the correct makefile target for building a buildbox based on $(BUILDBOX)
# with a default fallback of "buildbox".
BUILDBOX_TARGET = $(or $(BUILDBOX_TARGET_$(BUILDBOX)),buildbox)
#
# Create a Teleport package using the build container.
#
.PHONY:release
release: $(BUILDBOX_TARGET)
@echo "Build Assets Release"
docker run $(DOCKERFLAGS) $(NOROOT) $(BUILDBOX) \
/usr/bin/make $(RELEASE_TARGET) -e ADDFLAGS="$(ADDFLAGS)" OS=$(OS) ARCH=$(ARCH) RUNTIME=$(GOLANG_VERSION) FIDO2=$(FIDO2) PIV=$(PIV) REPRODUCIBLE=yes
.PHONY: release-ng-amd64 release-ng-amd64-fips release-ng-arm64 release-ng-386 release-ng-arm
release-ng-amd64:
$(MAKE) release-ng ARCH=amd64 FIDO2=yes PIV=yes
release-ng-amd64-fips:
$(MAKE) release-ng ARCH=amd64 FIDO2=yes PIV=yes FIPS=yes RELEASE_TARGET=release-ent
release-ng-arm64:
$(MAKE) release-ng ARCH=arm64 FIDO2=yes PIV=yes
release-ng-arm64-fips:
$(MAKE) release-ng ARCH=arm64 FIDO2=yes PIV=yes FIPS=yes RELEASE_TARGET=release-ent
release-ng-386:
$(MAKE) release-ng ARCH=386
release-ng-arm:
$(MAKE) release-ng ARCH=arm
.PHONY: release-ng
release-ng: RELEASE_TARGET = release-unix-preserving-webassets
release-ng: webassets buildbox-ng
docker run --rm --interactive $(shell test -t 0 && echo --tty) \
--volume $(shell pwd)/..:/home/teleport \
--workdir /home/teleport \
--user $(shell id -u):$(shell id -g) \
$(BUILDBOX_NG) \
make -e $(RELEASE_TARGET) \
ADDFLAGS="$(ADDFLAGS)" \
OS="$(OS)" \
ARCH="$(ARCH)" \
RUNTIME="$(GOLANG_VERSION)" \
FIDO2="$(FIDO2)" \
PIV="$(PIV)" \
FIPS="$(FIPS)" \
REPRODUCIBLE=yes
#
# Create a Teleport FIPS package using the build container.
# This is a special case because it only builds and packages the Enterprise FIPS binaries, no OSS.
# CI should not use this target, it should use named Makefile targets like release-amd64-fips.
#
.PHONY:release-fips
release-fips: buildbox-centos7-fips webassets
@if [ -z ${VERSION} ]; then echo "VERSION is not set"; exit 1; fi
docker run $(DOCKERFLAGS) -i $(NOROOT) $(BUILDBOX_CENTOS7_FIPS) \
/usr/bin/make -C e release -e ADDFLAGS="$(ADDFLAGS)" OS=$(OS) ARCH=$(ARCH) RUNTIME=$(GOLANG_VERSION) FIDO2=$(FIDO2) PIV=$(PIV) FIPS=yes VERSION=$(VERSION) GITTAG=v$(VERSION) REPRODUCIBLE=yes
#
# Create a Teleport package for CentOS 7 using the build container.
# We depend on webassets to pre-build them in the buildbox-node container
# as the version of node.js on CentOS 7 is too old.
#
# CentOS 7 builds are for amd64 and arm64 and must be built (currently) on
# the same host architecture - i.e. no cross-compiling. CI (GitHub Actions)
# is set up to use an architecture-specific builder, but building locally
# for a foreign architecture cannot be done.
#
.PHONY:release-centos7
release-centos7: buildbox-centos7 webassets
$(REQUIRE_HOST_ARCH)
docker run $(DOCKERFLAGS) -i $(NOROOT) $(BUILDBOX_CENTOS7) \
/usr/bin/scl enable $(DEVTOOLSET) 'make release-unix-preserving-webassets -e ADDFLAGS="$(ADDFLAGS)" OS=$(OS) ARCH=$(ARCH) RUNTIME=$(GOLANG_VERSION) FIDO2=$(FIDO2) PIV=$(PIV) REPRODUCIBLE=no'
#
# Create a Teleport FIPS package for CentOS 7 using the build container.
# This only builds and packages enterprise FIPS binaries, no OSS.
# We depend on webassets to pre-build them in the buildbox-node container,
# as the version of node.js on CentOS 7 is too old. The enterprise Makefile
# does not clean the web assets on the `release` target so there is no need
# to call release-unix-preserving-webassets like we do for the non-fips release.
#
.PHONY:release-centos7-fips
release-centos7-fips: buildbox-centos7-fips webassets
docker run $(DOCKERFLAGS) -i $(NOROOT) $(BUILDBOX_CENTOS7_FIPS) \
/usr/bin/scl enable $(DEVTOOLSET) '/usr/bin/make -C e release -e ADDFLAGS="$(ADDFLAGS)" OS=$(OS) ARCH=$(ARCH) RUNTIME=$(GOLANG_VERSION) FIDO2=$(FIDO2) PIV=$(PIV) FIPS=yes VERSION=$(VERSION) GITTAG=v$(VERSION) REPRODUCIBLE=no'
#
# Create a Windows Teleport package using the build container.
#
.PHONY:release-windows
release-windows: buildbox
docker run $(DOCKERFLAGS) -i $(NOROOT) $(BUILDBOX) \
/usr/bin/make release -e ADDFLAGS="$(ADDFLAGS)" OS=windows RUNTIME=$(GOLANG_VERSION) REPRODUCIBLE=yes PIV=yes
#
# Create an unsigned Windows Teleport package using the build container.
#
.PHONY:release-windows-unsigned
release-windows-unsigned: buildbox
docker run $(DOCKERFLAGS) -i $(NOROOT) $(BUILDBOX) \
/usr/bin/make release-windows-unsigned -e ADDFLAGS="$(ADDFLAGS)" OS=windows RUNTIME=$(GOLANG_VERSION) REPRODUCIBLE=yes PIV=yes
#
# Run docs tester to detect problems.
#
.PHONY:docsbox
docsbox:
if ! docker inspect --type=image $(DOCSBOX) 2>&1 >/dev/null; then docker pull $(DOCSBOX) || true; fi
.PHONY:test-docs
test-docs: docsbox
docker run -i $(NOROOT) -v $$(pwd)/..:/src/content $(DOCSBOX) \
/bin/sh -c "yarn markdown-lint-external-links"
#
# Print the Go version used to build Teleport.
#
.PHONY:print-go-version
print-go-version:
@echo $(GOLANG_VERSION)
#
# Print the golangci-lint version used by Teleport.
#
.PHONY:print-golangci-lint-version
print-golangci-lint-version:
@echo $(GOLANGCI_LINT_VERSION)
#
# Print the Buf version used by Teleport.
#
.PHONY:print-buf-version
print-buf-version:
@echo $(BUF_VERSION)
#
# Print the Rust version used to build Teleport.
#
.PHONY:print-rust-version
print-rust-version:
@echo $(RUST_VERSION)
#
# Print the wasm-pack version used to build Teleport.
#
.PHONY:print-wasm-pack-version
print-wasm-pack-version:
@echo $(WASM_PACK_VERSION)
#
# Print the Node version used to build Teleport Connect.
#
.PHONY:print-node-version
print-node-version:
@echo $(NODE_VERSION)
#
# Print the buildbox version used to build Teleport.
#
.PHONY:print-buildbox-version
print-buildbox-version:
@echo $(BUILDBOX_VERSION)
#
# Build CentOS 7 assets - clang.
#
.PHONY:build-centos7-assets
build-centos7-assets:
docker buildx build \
--build-arg BUILDARCH=$(HOST_ARCH) \
--build-arg DEVTOOLSET=$(DEVTOOLSET) \
--build-arg TARGETARCH=$(RUNTIME_ARCH) \
--cache-to type=inline \
--cache-from $(BUILDBOX_CENTOS7_ASSETS) \
$(if $(PUSH),--push,--load) \
--tag $(BUILDBOX_CENTOS7_ASSETS) \
-f Dockerfile-centos7-assets .
#
# Generate event schema from proto files.
#
.PHONY:generate-eventschema
generate-eventschema:
$(eval PROTOBUF_MOD_PATH := $(shell go mod download --json github.com/gogo/protobuf | awk -F: '/"Dir"/ { print $$2 }' | tr -d ' ",'))
cd tooling && go build -o ./bin/protoc-gen-eventschema ./cmd/protoc-gen-eventschema/
protoc \
-I ../api/proto \
-I=$(PROTOBUF_MOD_PATH) \
--plugin=./tooling/bin/protoc-gen-eventschema \
--eventschema_out="../gen/go/eventschema" \
"teleport/legacy/types/events/events.proto";