-
Notifications
You must be signed in to change notification settings - Fork 33
/
Makefile
250 lines (213 loc) · 8.94 KB
/
Makefile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
KUBEBUILDER_VERSION = 2.3.1
export KUBEBUILDER_ASSETS = ${PWD}/cache/kubebuilder_${KUBEBUILDER_VERSION}/bin
CONTROLLER_GEN_VERSION = 0.8.0
CONTROLLER_GEN=${PWD}/cache/controller-gen_${CONTROLLER_GEN_VERSION}/controller-gen
LINT_VERSION = 1.28.3
GOSEC_VERSION="v2.9.2"
KUBEVAL_VERSION= 0.15.0
KUBEVAL_KUBE_VERSION=1.18.1
# Set PATH to pick up cached tools. The additional 'sed' is required for cross-platform support of quoting the args to 'env'
SHELL := /usr/bin/env PATH=$(shell echo ${PWD}/cache/bin:${KUBEBUILDER_ASSETS}:${PATH} | sed 's/ /\\ /g') bash
# Version to create release. Value is set in .travis.yml's release job
RELEASE_VERSION ?= 0.0.0
# Image URL to use all building/pushing image targets
IMG ?= cloudoperators/ibmcloud-operator:${RELEASE_VERSION}
# Produce CRDs that work back to Kubernetes 1.11 (no version conversion)
CRD_OPTIONS ?= "crd"
# Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set)
ifeq (,$(shell go env GOBIN))
GOBIN=$(shell go env GOPATH)/bin
else
GOBIN=$(shell go env GOBIN)
endif
.PHONY: all
all: manager
# Prints exported env vars for use in ad hoc scripts, like 'go test ./... -run TestMyTest'
.PHONY: env
env:
@env | grep KUBEBUILDER
cache:
mkdir -p cache
cache/bin:
mkdir -p cache/bin
.PHONY: clean
clean:
rm -rf cache out
# Ensures kubebuilder is installed into the cache. Run `make kubebuilder CMD="--help"` to run kubebuilder with a custom command.
.PHONY: kubebuilder
kubebuilder: cache/kubebuilder_${KUBEBUILDER_VERSION}/bin
@if [[ -n "${CMD}" ]]; then \
set -ex; \
kubebuilder ${CMD}; \
find . -name '*.go' | xargs sed -i '' -e "s/YEAR/$(shell date +%Y)/"; \
fi
cache/kubebuilder_${KUBEBUILDER_VERSION}/bin: cache
@if [[ ! -d cache/kubebuilder_${KUBEBUILDER_VERSION}/bin ]]; then \
rm -rf cache/kubebuilder_${KUBEBUILDER_VERSION}; \
mkdir -p cache/kubebuilder_${KUBEBUILDER_VERSION}; \
set -o pipefail; \
curl -L https://github.com/kubernetes-sigs/kubebuilder/releases/download/v${KUBEBUILDER_VERSION}/kubebuilder_${KUBEBUILDER_VERSION}_$(shell go env GOOS)_$(shell go env GOARCH).tar.gz | tar --strip-components=1 -xz -C ./cache/kubebuilder_${KUBEBUILDER_VERSION}; \
fi
.PHONY: kustomize
kustomize: cache/bin/kustomize
cache/bin/kustomize: cache/bin
@rm -f cache/bin/kustomize
cd cache/bin && \
set -o pipefail && \
for (( i = 0; i < 5; i++ )); do \
curl -s "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh" | bash; \
if [[ "$$(which kustomize)" =~ cache/bin/kustomize ]]; then \
break; \
fi \
done
[[ "$$(which kustomize)" =~ cache/bin/kustomize ]]
.PHONY: test-unit
test-unit: generate manifests kubebuilder
go test -race -short -coverprofile cover.out ./...
.PHONY: test
test: generate manifests kubebuilder
go test -race -coverprofile cover.out ./...
.PHONY: coverage-unit
coverage-unit: test-unit
go install github.com/mattn/goveralls@v0.0.11
$(GOBIN)/goveralls -coverprofile="cover.out" -service=travis-ci
# Build manager binary
.PHONY: manager
manager: generate lint-fix
go build -o bin/manager main.go
# Run against the configured Kubernetes cluster in ~/.kube/config
.PHONY: run
run: generate lint-fix manifests
go run ./main.go
# Install CRDs into a cluster
.PHONY: install
install: manifests kustomize
go run ./internal/cmd/firstsetup # Install ICO secret & configmap
kustomize build config/crd | kubectl apply -f -
# Uninstall CRDs from a cluster
.PHONY: uninstall
uninstall: manifests kustomize
kustomize build config/crd | kubectl delete -f -
kubectl delete secret/ibmcloud-operator-secret configmap/ibmcloud-operator-defaults
# Deploy controller in the configured Kubernetes cluster in ~/.kube/config
.PHONY: deploy
deploy: manifests kustomize
cd config/manager && kustomize edit set image controller=${IMG}
kustomize build config/default | kubectl apply -f -
# Generate manifests e.g. CRD, RBAC etc.
.PHONY: manifests
manifests: controller-gen
$(CONTROLLER_GEN) $(CRD_OPTIONS) rbac:roleName=manager-role webhook paths="./..." output:crd:artifacts:config=config/crd/bases
go run ./internal/cmd/fixcrd ./config/crd/bases/*.yaml
.PHONY: lint-deps
lint-deps:
@if ! which golangci-lint >/dev/null || [[ "$$(golangci-lint --version)" != *${LINT_VERSION}* ]]; then \
set -o pipefail; \
curl -sfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(shell go env GOPATH)/bin v${LINT_VERSION}; \
fi
@if ! which shellcheck; then \
set -ex; curl -fsSL https://github.com/koalaman/shellcheck/releases/download/stable/shellcheck-stable.$$(uname).x86_64.tar.xz | tar -xJv --strip-components=1 shellcheck-stable/shellcheck; \
mv shellcheck $(shell go env GOPATH)/bin/shellcheck; chmod +x $(shell go env GOPATH)/bin/shellcheck; \
fi
@if ! which gosec >/dev/null || [[ "$$(gosec --version)" != *${GOSEC_VERSION}* ]]; then \
set -o pipefail; \
go install github.com/securego/gosec/v2/cmd/gosec@${GOSEC_VERSION}; \
fi
.PHONY: lint
lint: lint-deps
golangci-lint run
gosec -conf .gosec.json ./...
find . -name '*.*sh' | xargs shellcheck --color
go list -json -m all | docker run --rm -i sonatypecommunity/nancy:latest sleuth
.PHONY: lint-fix
lint-fix: lint-deps
golangci-lint run --fix
.PHONY: generate
generate: controller-gen
$(CONTROLLER_GEN) object:headerFile="hack/boilerplate.go.txt",year=$(shell date +%Y) paths="./..."
.PHONY: docker-build
docker-build:
docker build . -t ${IMG}
.PHONY: docker-push
docker-push: docker-build
if [[ ${RELEASE_VERSION} == 0.0.0 ]]; then \
echo Refusing to push development image version 0.0.0; \
else \
if [[ -n "$$DOCKER_USERNAME" ]]; then \
echo "$$DOCKER_PASSWORD" | docker login -u "$$DOCKER_USERNAME" --password-stdin; \
fi; \
docker push ${IMG}; \
fi
# find or download controller-gen
# download controller-gen if necessary
.PHONY: controller-gen
controller-gen: cache/controller-gen_${CONTROLLER_GEN_VERSION}
cache/controller-gen_${CONTROLLER_GEN_VERSION}: cache
@if [[ ! -f cache/controller-gen_${CONTROLLER_GEN_VERSION}/controller-gen ]]; then \
set -ex ;\
CONTROLLER_GEN_TMP_DIR=$$(mktemp -d) ;\
trap "rm -rf $$CONTROLLER_GEN_TMP_DIR" EXIT ;\
cd $$CONTROLLER_GEN_TMP_DIR ;\
go mod init tmp ;\
GOBIN=${PWD}/cache/controller-gen_${CONTROLLER_GEN_VERSION} go get sigs.k8s.io/controller-tools/cmd/controller-gen@v${CONTROLLER_GEN_VERSION} ;\
fi
out:
mkdir -p out
# Prepares Kubernetes yaml files for release. Useful for testing against your own cluster.
.PHONY: release-prep
release-prep: kustomize manifests out
cd config/manager && kustomize edit set image controller=${IMG}
kustomize build config/default --output out/
ulimit -n 1000 && go run ./internal/cmd/genolm --version ${RELEASE_VERSION}
.PHONY: release-operatorhub
release-operatorhub:
go run ./internal/cmd/release \
-version "${RELEASE_VERSION}" \
-csv "out/ibmcloud_operator.v${RELEASE_VERSION}.clusterserviceversion.yaml" \
-package out/ibmcloud-operator.package.yaml \
-crd-glob 'out/apiextensions.k8s.io_*_customresourcedefinition_*.ibmcloud.ibm.com.yaml' \
-draft=$${RELEASE_DRAFT:-false} \
-fork-org "$${RELEASE_FORK_ORG}" \
-gh-token "$${RELEASE_GH_TOKEN}" \
-signoff-name "$${RELEASE_GIT_NAME}" \
-signoff-email "$${RELEASE_GIT_EMAIL}"
.PHONY: release
release: release-prep docker-push release-operatorhub
# Validates release artifacts.
# TODO add validation for operator-courier. Currently hitting WAY too many issues with Travis CI and Python deps.
.PHONY: validate-release
validate-release: kubeval release-prep docker-build
kubeval -d out --kubernetes-version "${KUBEVAL_KUBE_VERSION}" --ignored-filename-patterns package.yaml --ignore-missing-schemas
.PHONY: operator-courier
operator-courier:
@if ! which operator-courier; then \
pip3 install operator-courier; \
fi
.PHONY: verify-operator-meta
verify-operator-meta: release-prep operator-courier
operator-courier verify --ui_validate_io out/
.PHONY: operator-push-test
operator-push-test: IMG = quay.io/${QUAY_NAMESPACE}/${QUAY_REPO}:${RELEASE_VERSION}
operator-push-test: verify-operator-meta docker-build
# Example values:
#
# QUAY_NAMESPACE=myuser
# QUAY_REPO=ibmcloud-operator-image
# QUAY_APP=ibmcloud-operator NOTE: Must have a repository AND a quay "application". They aren't the same thing.
# QUAY_USER=myuser+mybot NOTE: Bot users are best, so you can manage permissions better.
# QUAY_TOKEN=abcdef1234567
@for v in "${QUAY_NAMESPACE}" "${QUAY_APP}" "${QUAY_REPO}" "${RELEASE_VERSION}" "${QUAY_USER}" "${QUAY_TOKEN}"; do \
if [[ -z "$$v" ]]; then \
echo 'Not all Quay variables set. See the make target for details.'; \
exit 1; \
fi; \
done
docker login -u="${QUAY_USER}" -p="${QUAY_TOKEN}" quay.io
docker push "${IMG}"
operator-courier push ./out "${QUAY_NAMESPACE}" "${QUAY_APP}" "${RELEASE_VERSION}" "Basic $$(printf "${QUAY_USER}:${QUAY_TOKEN}" | base64)"
.PHONY: kubeval
kubeval: cache/bin
@if [[ ! -f cache/bin/kubeval ]]; then \
set -ex -o pipefail; \
curl -sL https://github.com/instrumenta/kubeval/releases/download/${KUBEVAL_VERSION}/kubeval-$$(uname)-amd64.tar.gz | tar -xz -C cache/bin; \
fi