-
Notifications
You must be signed in to change notification settings - Fork 8
/
Makefile
102 lines (83 loc) · 3.4 KB
/
Makefile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
RUNNER ?= docker
POLICIES = $(shell find policy -mindepth 1 -maxdepth 1 -type d | sort -u | cut -f 2 -d'/')
# GPG Signing
DRY_RUN ?= false
SIGN_KEY_EMAIL ?= ci@rancher.com
PRIVATE_KEY ?=
PRIVATE_KEY_PASS_PHRASE ?=
TESTING_PRIVATE_KEY ?=
TESTING_PRIVATE_KEY_PASS_PHRASE ?=
# S3 Upload
TESTING_AWS_ACCESS_KEY_ID ?=
TESTING_AWS_SECRET_ACCESS_KEY ?=
TESTING_AWS_S3_BUCKET ?=
PRODUCTION_AWS_ACCESS_KEY_ID ?=
PRODUCTION_AWS_SECRET_ACCESS_KEY ?=
PRODUCTION_AWS_S3_BUCKET ?=
ifeq ($(DRY_RUN),true)
DRY_RUN_SIGN := --dry-run
endif
SHELL := /bin/bash
include hack/make/version.mk
include hack/make/tools.mk
.PHONY: build
build: ## build all policies.
$(MAKE) $(addsuffix -build, $(POLICIES))
%-build: version ## build a specific policy.
$(MAKE) $(subst :,/,$*)-build-clean
$(MAKE) $(subst :,/,$*)-build-image
$(MAKE) $(subst :,/,$*)-build-artefacts
$(MAKE) $(subst :,/,$*)-build-sign
$(MAKE) $(subst :,/,$*)-build-metadata
%-build-image: ## build the container image used to generate a given policy.
$(RUNNER) build --build-arg POLICY=$(subst :,/,$*) \
-t rancher-selinux:$(subst :,/,$*) -f Dockerfile .
%-build-clean: ## remove any artefacts related to the building of a policy.
rm -rf $(shell pwd)/build/$(subst :,/,$*)
mkdir -p $(shell pwd)/build/$(subst :,/,$*)
%-build-artefacts: ## generate artefacts of a given policy.
$(RUNNER) run --rm \
-e USER=$(shell id -u) -e GROUP=$(shell id -g) \
-v $(shell pwd)/build/$(subst :,/,$*):/out \
rancher-selinux:$(subst :,/,$*) ./build $(RPM_VERSION) $(RPM_RELEASE)
%-build-sign: ## sign the generate rpms of a given policy.
@$(RUNNER) run --rm \
-e USER=$(shell id -u) -e GROUP=$(shell id -g) \
-e SIGN_KEY_EMAIL="$(SIGN_KEY_EMAIL)" -e RPM_CHANNEL="$(RPM_CHANNEL)" \
-e TESTING_PRIVATE_KEY_PASS_PHRASE \
-e TESTING_PRIVATE_KEY \
-e PRIVATE_KEY -e PRIVATE_KEY_PASS_PHRASE \
-v $(shell pwd)/build/$(subst :,/,$*):/dist \
rancher-selinux:$(subst :,/,$*) sign $(DRY_RUN_SIGN)
%-build-metadata: ## generate repository metadata for a given policy.
$(RUNNER) run --rm \
-e USER=$(shell id -u) -e GROUP=$(shell id -g) \
-v $(shell pwd)/build/$(subst :,/,$*):/dist \
rancher-selinux:$(subst :,/,$*) ./metadata
upload: $(AWSCLI) version ## uploads all artefacts from each policy into S3.
$(MAKE) $(addsuffix -upload, $(POLICIES))
%-upload:
RPM_CHANNEL=$(RPM_CHANNEL) POLICY=$(subst :,/,$*) \
TESTING_AWS_ACCESS_KEY_ID="$(TESTING_AWS_ACCESS_KEY_ID)" \
TESTING_AWS_SECRET_ACCESS_KEY="$(TESTING_AWS_SECRET_ACCESS_KEY)" \
TESTING_AWS_S3_BUCKET="$(TESTING_AWS_S3_BUCKET)" \
PRODUCTION_AWS_ACCESS_KEY_ID="$(PRODUCTION_AWS_ACCESS_KEY_ID)" \
PRODUCTION_AWS_SECRET_ACCESS_KEY="$(PRODUCTION_AWS_SECRET_ACCESS_KEY)" \
PRODUCTION_AWS_S3_BUCKET="$(PRODUCTION_AWS_S3_BUCKET)" \
./hack/upload
upload-gh: $(GH) ## upload all artefacts to the GitHub release.
$(MAKE) $(addsuffix -upload-gh, $(POLICIES))
%-upload-gh:
TAG=$(TAG) \
./hack/upload-gh $(subst :,/,$*)
version: ## parse and display version.
ifdef VERSION_MSG
@echo $(VERSION_MSG); exit 1
endif
@echo Version Information
@echo RPM_VERSION: $(RPM_VERSION)
@echo RPM_RELEASE: $(RPM_RELEASE)
@echo RPM_CHANNEL: $(RPM_CHANNEL)
@echo VERSION: $(VERSION)
help: ## display Makefile's help.
@awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n make \033[36m<target>\033[0m\n"} /^[a-zA-Z_0-9-]+:.*?##/ { printf " \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST)