From 65a2a85ca79c344d1fab80c5b2f08a63d18942b7 Mon Sep 17 00:00:00 2001 From: cert-manager-bot Date: Sat, 25 May 2024 00:52:04 +0000 Subject: [PATCH] BOT: run 'make upgrade-klone' and 'make generate' Signed-off-by: cert-manager-bot --- Makefile | 13 +- OWNERS_ALIASES | 1 + klone.yaml | 12 +- make/_shared/generate-verify/00_mod.mk | 1 + make/_shared/generate-verify/02_mod.mk | 12 +- make/_shared/generate-verify/util/verify.sh | 2 +- make/_shared/help/help.sh | 4 +- make/_shared/repository-base/base/Makefile | 13 +- .../repository-base/base/OWNERS_ALIASES | 1 + make/_shared/tools/00_mod.mk | 771 +++++++++--------- make/_shared/tools/util/checkhash.sh | 4 +- make/_shared/tools/util/hash.sh | 4 +- make/_shared/tools/util/lock.sh | 70 ++ 13 files changed, 522 insertions(+), 386 deletions(-) create mode 100755 make/_shared/tools/util/lock.sh diff --git a/Makefile b/Makefile index 6e1916a5a6d..6c5aa12680e 100644 --- a/Makefile +++ b/Makefile @@ -48,6 +48,10 @@ FORCE: noop: # do nothing +# Set empty value for MAKECMDGOALS to prevent the "warning: undefined variable 'MAKECMDGOALS'" +# warning from happening when running make without arguments +MAKECMDGOALS ?= + ################################## # Host OS and architecture setup # ################################## @@ -56,8 +60,10 @@ noop: # do nothing # binary may not be available in the PATH yet when the Makefiles are # evaluated. HOST_OS and HOST_ARCH only support Linux, *BSD and macOS (M1 # and Intel). -HOST_OS ?= $(shell uname -s | tr A-Z a-z) -HOST_ARCH ?= $(shell uname -m) +host_os := $(shell uname -s | tr A-Z a-z) +host_arch := $(shell uname -m) +HOST_OS ?= $(host_os) +HOST_ARCH ?= $(host_arch) ifeq (x86_64, $(HOST_ARCH)) HOST_ARCH = amd64 @@ -70,7 +76,8 @@ endif # Git and versioning information # ################################## -VERSION ?= $(shell git describe --tags --always --match='v*' --abbrev=14 --dirty) +git_version := $(shell git describe --tags --always --match='v*' --abbrev=14 --dirty) +VERSION ?= $(git_version) IS_PRERELEASE := $(shell git describe --tags --always --match='v*' --abbrev=0 | grep -q '-' && echo true || echo false) GITCOMMIT := $(shell git rev-parse HEAD) GITEPOCH := $(shell git show -s --format=%ct HEAD) diff --git a/OWNERS_ALIASES b/OWNERS_ALIASES index 6d51f05b459..10d1279af3a 100644 --- a/OWNERS_ALIASES +++ b/OWNERS_ALIASES @@ -11,3 +11,4 @@ aliases: - irbekrm - sgtcodfish - inteon + - thatsmrtalbot diff --git a/klone.yaml b/klone.yaml index 56c814d2e42..8822d541861 100644 --- a/klone.yaml +++ b/klone.yaml @@ -10,30 +10,30 @@ targets: - folder_name: boilerplate repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: e9363accaaee20a995bbf8f1c9cba2ea77da8935 + repo_hash: f370709172d660a1589ed120aa34fd9adbeadc64 repo_path: modules/boilerplate - folder_name: generate-verify repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: e9363accaaee20a995bbf8f1c9cba2ea77da8935 + repo_hash: f370709172d660a1589ed120aa34fd9adbeadc64 repo_path: modules/generate-verify - folder_name: help repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: e9363accaaee20a995bbf8f1c9cba2ea77da8935 + repo_hash: f370709172d660a1589ed120aa34fd9adbeadc64 repo_path: modules/help - folder_name: klone repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: e9363accaaee20a995bbf8f1c9cba2ea77da8935 + repo_hash: f370709172d660a1589ed120aa34fd9adbeadc64 repo_path: modules/klone - folder_name: repository-base repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: e9363accaaee20a995bbf8f1c9cba2ea77da8935 + repo_hash: f370709172d660a1589ed120aa34fd9adbeadc64 repo_path: modules/repository-base - folder_name: tools repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: e9363accaaee20a995bbf8f1c9cba2ea77da8935 + repo_hash: f370709172d660a1589ed120aa34fd9adbeadc64 repo_path: modules/tools diff --git a/make/_shared/generate-verify/00_mod.mk b/make/_shared/generate-verify/00_mod.mk index 9b145a95f04..435551388ad 100644 --- a/make/_shared/generate-verify/00_mod.mk +++ b/make/_shared/generate-verify/00_mod.mk @@ -13,5 +13,6 @@ # limitations under the License. shared_generate_targets ?= +shared_generate_targets_dirty ?= shared_verify_targets ?= shared_verify_targets_dirty ?= diff --git a/make/_shared/generate-verify/02_mod.mk b/make/_shared/generate-verify/02_mod.mk index 2f2daacd976..c1ed5e2bb62 100644 --- a/make/_shared/generate-verify/02_mod.mk +++ b/make/_shared/generate-verify/02_mod.mk @@ -16,18 +16,24 @@ ## Generate all generate targets. ## @category [shared] Generate/ Verify generate: $$(shared_generate_targets) + @echo "The following targets cannot be run simultaniously with each other or other generate scripts:" + $(foreach TARGET,$(shared_generate_targets_dirty), $(MAKE) $(TARGET)) verify_script := $(dir $(lastword $(MAKEFILE_LIST)))/util/verify.sh # Run the supplied make target argument in a temporary workspace and diff the results. verify-%: FORCE - $(verify_script) $(MAKE) -s $* + +$(verify_script) $(MAKE) $* verify_generated_targets = $(shared_generate_targets:%=verify-%) +verify_generated_targets_dirty = $(shared_generate_targets_dirty:%=verify-%) + +verify_targets = $(sort $(verify_generated_targets) $(shared_verify_targets)) +verify_targets_dirty = $(sort $(verify_generated_targets_dirty) $(shared_verify_targets_dirty)) .PHONY: verify ## Verify code and generate targets. ## @category [shared] Generate/ Verify -verify: $$(verify_generated_targets) $$(shared_verify_targets) +verify: $$(verify_targets) @echo "The following targets create temporary files in the current directory, that is why they have to be run last:" - $(MAKE) noop $(shared_verify_targets_dirty) + $(foreach TARGET,$(verify_targets_dirty), $(MAKE) $(TARGET)) diff --git a/make/_shared/generate-verify/util/verify.sh b/make/_shared/generate-verify/util/verify.sh index 206d3e63a7b..4dbaefa269a 100755 --- a/make/_shared/generate-verify/util/verify.sh +++ b/make/_shared/generate-verify/util/verify.sh @@ -44,7 +44,7 @@ cleanup() { } trap "cleanup" EXIT SIGINT -cp -a "${projectdir}/." "${tmp}" +rsync -aEq "${projectdir}/." "${tmp}" --exclude "_bin/" pushd "${tmp}" >/dev/null "$@" diff --git a/make/_shared/help/help.sh b/make/_shared/help/help.sh index 96c4ad8e062..d9c831ff774 100755 --- a/make/_shared/help/help.sh +++ b/make/_shared/help/help.sh @@ -14,7 +14,9 @@ # See the License for the specific language governing permissions and # limitations under the License. -set -eu -o pipefail +set -o errexit +set -o nounset +set -o pipefail ## 1. Build set of extracted line items diff --git a/make/_shared/repository-base/base/Makefile b/make/_shared/repository-base/base/Makefile index 6e1916a5a6d..6c5aa12680e 100644 --- a/make/_shared/repository-base/base/Makefile +++ b/make/_shared/repository-base/base/Makefile @@ -48,6 +48,10 @@ FORCE: noop: # do nothing +# Set empty value for MAKECMDGOALS to prevent the "warning: undefined variable 'MAKECMDGOALS'" +# warning from happening when running make without arguments +MAKECMDGOALS ?= + ################################## # Host OS and architecture setup # ################################## @@ -56,8 +60,10 @@ noop: # do nothing # binary may not be available in the PATH yet when the Makefiles are # evaluated. HOST_OS and HOST_ARCH only support Linux, *BSD and macOS (M1 # and Intel). -HOST_OS ?= $(shell uname -s | tr A-Z a-z) -HOST_ARCH ?= $(shell uname -m) +host_os := $(shell uname -s | tr A-Z a-z) +host_arch := $(shell uname -m) +HOST_OS ?= $(host_os) +HOST_ARCH ?= $(host_arch) ifeq (x86_64, $(HOST_ARCH)) HOST_ARCH = amd64 @@ -70,7 +76,8 @@ endif # Git and versioning information # ################################## -VERSION ?= $(shell git describe --tags --always --match='v*' --abbrev=14 --dirty) +git_version := $(shell git describe --tags --always --match='v*' --abbrev=14 --dirty) +VERSION ?= $(git_version) IS_PRERELEASE := $(shell git describe --tags --always --match='v*' --abbrev=0 | grep -q '-' && echo true || echo false) GITCOMMIT := $(shell git rev-parse HEAD) GITEPOCH := $(shell git show -s --format=%ct HEAD) diff --git a/make/_shared/repository-base/base/OWNERS_ALIASES b/make/_shared/repository-base/base/OWNERS_ALIASES index 6d51f05b459..10d1279af3a 100644 --- a/make/_shared/repository-base/base/OWNERS_ALIASES +++ b/make/_shared/repository-base/base/OWNERS_ALIASES @@ -11,3 +11,4 @@ aliases: - irbekrm - sgtcodfish - inteon + - thatsmrtalbot diff --git a/make/_shared/tools/00_mod.mk b/make/_shared/tools/00_mod.mk index 3977bfae897..e2400990825 100644 --- a/make/_shared/tools/00_mod.mk +++ b/make/_shared/tools/00_mod.mk @@ -18,10 +18,17 @@ endif ########################################## -$(bin_dir)/scratch/image $(bin_dir)/tools $(bin_dir)/downloaded $(bin_dir)/downloaded/tools: +export DOWNLOAD_DIR ?= $(CURDIR)/$(bin_dir)/downloaded +export GOVENDOR_DIR ?= $(CURDIR)/$(bin_dir)/go_vendor + +$(bin_dir)/scratch/image $(bin_dir)/tools $(DOWNLOAD_DIR)/tools: @mkdir -p $@ checkhash_script := $(dir $(lastword $(MAKEFILE_LIST)))/util/checkhash.sh +lock_script := $(dir $(lastword $(MAKEFILE_LIST)))/util/lock.sh + +# $outfile is a variable in the lock script +outfile := $$outfile for_each_kv = $(foreach item,$2,$(eval $(call $1,$(word 1,$(subst =, ,$(item))),$(word 2,$(subst =, ,$(item)))))) @@ -37,110 +44,116 @@ export PATH := $(CURDIR)/$(bin_dir)/tools:$(PATH) CTR=docker -TOOLS := +tools := # https://github.com/helm/helm/releases -TOOLS += helm=v3.14.0 +tools += helm=v3.14.4 # https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl -TOOLS += kubectl=v1.29.1 +tools += kubectl=v1.30.0 # https://github.com/kubernetes-sigs/kind/releases -TOOLS += kind=v0.20.0 +tools += kind=v0.23.0 # https://www.vaultproject.io/downloads -TOOLS += vault=1.15.4 +tools += vault=1.16.2 # https://github.com/Azure/azure-workload-identity/releases -TOOLS += azwi=v1.2.0 +tools += azwi=v1.2.2 # https://github.com/kyverno/kyverno/releases -TOOLS += kyverno=v1.11.3 +tools += kyverno=v1.12.1 # https://github.com/mikefarah/yq/releases -TOOLS += yq=v4.43.1 +tools += yq=v4.43.1 # https://github.com/ko-build/ko/releases -TOOLS += ko=0.15.1 +tools += ko=0.15.2 # https://github.com/protocolbuffers/protobuf/releases -TOOLS += protoc=25.2 +tools += protoc=26.1 # https://github.com/aquasecurity/trivy/releases -TOOLS += trivy=v0.45.0 +tools += trivy=v0.50.4 # https://github.com/vmware-tanzu/carvel-ytt/releases -TOOLS += ytt=v0.45.4 +tools += ytt=v0.49.0 # https://github.com/rclone/rclone/releases -TOOLS += rclone=v1.64.0 +tools += rclone=v1.66.0 ### go packages # https://pkg.go.dev/sigs.k8s.io/controller-tools/cmd/controller-gen?tab=versions -TOOLS += controller-gen=v0.14.0 +tools += controller-gen=v0.15.0 # https://pkg.go.dev/golang.org/x/tools/cmd/goimports?tab=versions -TOOLS += goimports=v0.17.0 +tools += goimports=v0.20.0 # https://pkg.go.dev/github.com/google/go-licenses/licenses?tab=versions -TOOLS += go-licenses=706b9c60edd424a8b6d253fe10dfb7b8e942d4a5 +tools += go-licenses=706b9c60edd424a8b6d253fe10dfb7b8e942d4a5 # https://pkg.go.dev/gotest.tools/gotestsum?tab=versions -TOOLS += gotestsum=v1.11.0 +tools += gotestsum=v1.11.0 # https://pkg.go.dev/sigs.k8s.io/kustomize/kustomize/v4?tab=versions -TOOLS += kustomize=v4.5.7 +tools += kustomize=v4.5.7 # https://pkg.go.dev/github.com/itchyny/gojq?tab=versions -TOOLS += gojq=v0.12.14 +tools += gojq=v0.12.15 # https://pkg.go.dev/github.com/google/go-containerregistry/pkg/crane?tab=versions -TOOLS += crane=v0.18.0 +tools += crane=v0.19.1 # https://pkg.go.dev/google.golang.org/protobuf/cmd/protoc-gen-go?tab=versions -TOOLS += protoc-gen-go=v1.32.0 +tools += protoc-gen-go=v1.34.0 # https://pkg.go.dev/github.com/norwoodj/helm-docs/cmd/helm-docs?tab=versions -TOOLS += helm-docs=v1.12.0 +tools += helm-docs=v1.13.1 # https://pkg.go.dev/github.com/sigstore/cosign/v2/cmd/cosign?tab=versions -TOOLS += cosign=v2.2.2 +tools += cosign=v2.2.4 # https://pkg.go.dev/github.com/cert-manager/boilersuite?tab=versions -TOOLS += boilersuite=v0.1.0 +tools += boilersuite=v0.1.0 # https://pkg.go.dev/github.com/princjef/gomarkdoc/cmd/gomarkdoc?tab=versions -TOOLS += gomarkdoc=v1.1.0 +tools += gomarkdoc=v1.1.0 # https://pkg.go.dev/oras.land/oras/cmd/oras?tab=versions -TOOLS += oras=v1.1.0 +tools += oras=v1.1.0 # https://pkg.go.dev/github.com/onsi/ginkgo/v2/ginkgo?tab=versions # The gingko version should be kept in sync with the version used in code. # If there is no go.mod file (which is only the case for the makefile-modules # repo), then we default to a version that we know exists. We have to do this # because otherwise the awk failure renders the whole makefile unusable. -TOOLS += ginkgo=$(shell [[ -f go.mod ]] && awk '/ginkgo\/v2/ {print $$2}' go.mod || echo "v2.13.2") +detected_ginkgo_version := $(shell [[ -f go.mod ]] && awk '/ginkgo\/v2/ {print $$2}' go.mod || echo "v2.13.2") +tools += ginkgo=$(detected_ginkgo_version) # https://pkg.go.dev/github.com/cert-manager/klone?tab=versions -TOOLS += klone=v0.0.4 +tools += klone=v0.0.5 # https://pkg.go.dev/github.com/goreleaser/goreleaser?tab=versions -TOOLS += goreleaser=v1.23.0 +tools += goreleaser=v1.25.1 # https://pkg.go.dev/github.com/anchore/syft/cmd/syft?tab=versions -TOOLS += syft=v0.100.0 +tools += syft=v0.100.0 # https://github.com/cert-manager/helm-tool -TOOLS += helm-tool=v0.4.2 +tools += helm-tool=v0.4.2 # https://github.com/cert-manager/cmctl -TOOLS += cmctl=2f75014a7c360c319f8c7c8afe8e9ce33fe26dca +tools += cmctl=v2.0.0 # https://pkg.go.dev/github.com/cert-manager/release/cmd/cmrel?tab=versions -TOOLS += cmrel=fa10147dadc8c36718b7b08aed6d8c6418eb2 +tools += cmrel=e4c3a4dc07df5c7c0379d334c5bb00e172462551 # https://github.com/golangci/golangci-lint/releases -TOOLS += golangci-lint=v1.57.1 +tools += golangci-lint=v1.57.2 # https://pkg.go.dev/golang.org/x/vuln?tab=versions -TOOLS += govulncheck=v1.0.4 +tools += govulncheck=v1.1.0 # https://pkg.go.dev/github.com/operator-framework/operator-sdk/cmd/operator-sdk?tab=versions -TOOLS += operator-sdk=v1.34.1 +tools += operator-sdk=v1.34.1 # https://pkg.go.dev/github.com/cli/cli/v2?tab=versions -TOOLS += gh=v2.47.0 +tools += gh=v2.49.0 # https:///github.com/redhat-openshift-ecosystem/openshift-preflight/releases -TOOLS += preflight=1.9.1 +tools += preflight=1.9.2 +# https://github.com/daixiang0/gci/releases +tools += gci=v0.13.4 +# https://github.com/google/yamlfmt/releases +tools += yamlfmt=v0.12.1 # https://pkg.go.dev/k8s.io/code-generator/cmd?tab=versions -K8S_CODEGEN_VERSION=v0.29.1 -TOOLS += client-gen=$(K8S_CODEGEN_VERSION) -TOOLS += deepcopy-gen=$(K8S_CODEGEN_VERSION) -TOOLS += informer-gen=$(K8S_CODEGEN_VERSION) -TOOLS += lister-gen=$(K8S_CODEGEN_VERSION) -TOOLS += applyconfiguration-gen=$(K8S_CODEGEN_VERSION) -TOOLS += openapi-gen=$(K8S_CODEGEN_VERSION) -TOOLS += defaulter-gen=$(K8S_CODEGEN_VERSION) -TOOLS += conversion-gen=$(K8S_CODEGEN_VERSION) - -# https://github.com/kubernetes-sigs/kubebuilder/blob/tools-releases/build/cloudbuild_tools.yaml -KUBEBUILDER_ASSETS_VERSION=1.29.0 -TOOLS += etcd=$(KUBEBUILDER_ASSETS_VERSION) -TOOLS += kube-apiserver=$(KUBEBUILDER_ASSETS_VERSION) +K8S_CODEGEN_VERSION := v0.30.1 +tools += client-gen=$(K8S_CODEGEN_VERSION) +tools += deepcopy-gen=$(K8S_CODEGEN_VERSION) +tools += informer-gen=$(K8S_CODEGEN_VERSION) +tools += lister-gen=$(K8S_CODEGEN_VERSION) +tools += applyconfiguration-gen=$(K8S_CODEGEN_VERSION) +tools += defaulter-gen=$(K8S_CODEGEN_VERSION) +tools += conversion-gen=$(K8S_CODEGEN_VERSION) +# https://github.com/kubernetes/kube-openapi +tools += openapi-gen=f0e62f92d13f418e2732b21c952fd17cab771c75 + +# https://raw.githubusercontent.com/kubernetes-sigs/controller-tools/master/envtest-releases.yaml +KUBEBUILDER_ASSETS_VERSION := v1.30.0 +tools += etcd=$(KUBEBUILDER_ASSETS_VERSION) +tools += kube-apiserver=$(KUBEBUILDER_ASSETS_VERSION) # Additional tools can be defined to reuse the tooling in this file ADDITIONAL_TOOLS ?= -TOOLS += $(ADDITIONAL_TOOLS) +tools += $(ADDITIONAL_TOOLS) # https://go.dev/dl/ -VENDORED_GO_VERSION := 1.21.9 +VENDORED_GO_VERSION := 1.22.3 # Print the go version which can be used in GH actions .PHONY: print-go-version @@ -158,31 +171,25 @@ $(bin_dir)/scratch/%_VERSION: FORCE | $(bin_dir)/scratch # --location = follow redirects from the server # --retry = the number of times to retry a failed attempt to connect # --retry-connrefused = retry even if the initial connection was refused -CURL = curl --silent --show-error --fail --location --retry 10 --retry-connrefused +CURL := curl --silent --show-error --fail --location --retry 10 --retry-connrefused -# In Prow, the pod has the folder "$(bin_dir)/downloaded" mounted into the -# container. For some reason, even though the permissions are correct, -# binaries that are mounted with hostPath can't be executed. When in CI, we -# copy the binaries to work around that. Using $(LN) is only required when -# dealing with binaries. Other files and folders can be symlinked. -# -# Details on how "$(bin_dir)/downloaded" gets cached are available in the -# description of the PR https://github.com/jetstack/testing/pull/651. -# -# We use "printenv CI" instead of just "ifeq ($(CI),)" because otherwise we -# would get "warning: undefined variable 'CI'". -ifeq ($(shell printenv CI),) -LN := ln -f -s -else -LN := cp -f -r -endif +# LN is expected to be an atomic action, meaning that two Make processes +# can run the "link $(DOWNLOAD_DIR)/tools/xxx@$(XXX_VERSION)_$(HOST_OS)_$(HOST_ARCH) +# to $(bin_dir)/tools/xxx" operation simulatiously without issues (both +# will perform the action and the second time the link will be overwritten). +LN := ln -fs -UC = $(shell echo '$1' | tr a-z A-Z) -LC = $(shell echo '$1' | tr A-Z a-z) +upper_map := a:A b:B c:C d:D e:E f:F g:G h:H i:I j:J k:K l:L m:M n:N o:O p:P q:Q r:R s:S t:T u:U v:V w:W x:X y:Y z:Z +uc = $(strip \ + $(eval __upper := $1) \ + $(foreach p,$(upper_map), \ + $(eval __upper := $(subst $(word 1,$(subst :, ,$p)),$(word 2,$(subst :, ,$p)),$(__upper))) \ + ) \ + )$(__upper) -TOOL_NAMES := +tool_names := -# for each item `xxx` in the TOOLS variable: +# for each item `xxx` in the tools variable: # - a $(XXX_VERSION) variable is generated # -> this variable contains the version of the tool # - a $(NEEDS_XXX) variable is generated @@ -197,23 +204,23 @@ TOOL_NAMES := # in targets or in scripts, because it is agnostic to the # working directory # - an unversioned target $(bin_dir)/tools/xxx is generated that -# creates a copy/ link to the corresponding versioned target: -# $(bin_dir)/tools/xxx@$(XXX_VERSION)_$(HOST_OS)_$(HOST_ARCH) +# creates a link to the corresponding versioned target: +# $(DOWNLOAD_DIR)/tools/xxx@$(XXX_VERSION)_$(HOST_OS)_$(HOST_ARCH) define tool_defs -TOOL_NAMES += $1 +tool_names += $1 -$(call UC,$1)_VERSION ?= $2 -NEEDS_$(call UC,$1) := $$(bin_dir)/tools/$1 -$(call UC,$1) := $$(CURDIR)/$$(bin_dir)/tools/$1 +$(call uc,$1)_VERSION ?= $2 +NEEDS_$(call uc,$1) := $$(bin_dir)/tools/$1 +$(call uc,$1) := $$(CURDIR)/$$(bin_dir)/tools/$1 -$$(bin_dir)/tools/$1: $$(bin_dir)/scratch/$(call UC,$1)_VERSION | $$(bin_dir)/downloaded/tools/$1@$$($(call UC,$1)_VERSION)_$$(HOST_OS)_$$(HOST_ARCH) $$(bin_dir)/tools - cd $$(dir $$@) && $$(LN) $$(patsubst $$(bin_dir)/%,../%,$$(word 1,$$|)) $$(notdir $$@) +$$(bin_dir)/tools/$1: $$(bin_dir)/scratch/$(call uc,$1)_VERSION | $$(DOWNLOAD_DIR)/tools/$1@$$($(call uc,$1)_VERSION)_$$(HOST_OS)_$$(HOST_ARCH) $$(bin_dir)/tools + @cd $$(dir $$@) && $$(LN) $$(patsubst $$(bin_dir)/%,../%,$$(word 1,$$|)) $$(notdir $$@) @touch $$@ # making sure the target of the symlink is newer than *_VERSION endef -$(foreach TOOL,$(TOOLS),$(eval $(call tool_defs,$(word 1,$(subst =, ,$(TOOL))),$(word 2,$(subst =, ,$(TOOL)))))) +$(foreach tool,$(tools),$(eval $(call tool_defs,$(word 1,$(subst =, ,$(tool))),$(word 2,$(subst =, ,$(tool)))))) -TOOLS_PATHS := $(TOOL_NAMES:%=$(bin_dir)/tools/%) +tools_paths := $(tool_names:%=$(bin_dir)/tools/%) ###### # Go # @@ -229,13 +236,19 @@ TOOLS_PATHS := $(TOOL_NAMES:%=$(bin_dir)/tools/%) # or when "make vendor-go" was previously run, in which case $(NEEDS_GO) is set # to $(bin_dir)/tools/go, since $(bin_dir)/tools/go is a prerequisite of # any target depending on Go when "make vendor-go" was run. -NEEDS_GO := $(if $(findstring vendor-go,$(MAKECMDGOALS))$(shell [ -f $(bin_dir)/tools/go ] && echo yes), $(bin_dir)/tools/go,) -ifeq ($(NEEDS_GO),) + +detected_vendoring := $(findstring vendor-go,$(MAKECMDGOALS))$(shell [ -f $(bin_dir)/tools/go ] && echo yes) +export VENDOR_GO ?= $(detected_vendoring) + +ifeq ($(VENDOR_GO),) GO := go +NEEDS_GO := # else export GOROOT := $(CURDIR)/$(bin_dir)/tools/goroot export PATH := $(CURDIR)/$(bin_dir)/tools/goroot/bin:$(PATH) GO := $(CURDIR)/$(bin_dir)/tools/go +NEEDS_GO := $(bin_dir)/tools/go +MAKE := $(MAKE) vendor-go endif .PHONY: vendor-go @@ -262,306 +275,318 @@ which-go: | $(NEEDS_GO) @echo "go binary used for above version information: $(GO)" $(bin_dir)/tools/go: $(bin_dir)/scratch/VENDORED_GO_VERSION | $(bin_dir)/tools/goroot $(bin_dir)/tools - cd $(dir $@) && $(LN) ./goroot/bin/go $(notdir $@) + @cd $(dir $@) && $(LN) ./goroot/bin/go $(notdir $@) @touch $@ # making sure the target of the symlink is newer than *_VERSION # The "_" in "_bin" prevents "go mod tidy" from trying to tidy the vendored goroot. -$(bin_dir)/tools/goroot: $(bin_dir)/scratch/VENDORED_GO_VERSION | $(bin_dir)/go_vendor/go@$(VENDORED_GO_VERSION)_$(HOST_OS)_$(HOST_ARCH)/goroot $(bin_dir)/tools - @rm -rf $(bin_dir)/tools/goroot - cd $(dir $@) && $(LN) $(patsubst $(bin_dir)/%,../%,$(word 1,$|)) $(notdir $@) +$(bin_dir)/tools/goroot: $(bin_dir)/scratch/VENDORED_GO_VERSION | $(GOVENDOR_DIR)/go@$(VENDORED_GO_VERSION)_$(HOST_OS)_$(HOST_ARCH)/goroot $(bin_dir)/tools + @cd $(dir $@) && $(LN) $(patsubst $(bin_dir)/%,../%,$(word 1,$|)) $(notdir $@) @touch $@ # making sure the target of the symlink is newer than *_VERSION -# Extract the tar to the _bin/go directory, this directory is not cached across CI runs. -$(bin_dir)/go_vendor/go@$(VENDORED_GO_VERSION)_%/goroot: | $(bin_dir)/downloaded/tools/go@$(VENDORED_GO_VERSION)_%.tar.gz - @rm -rf $@ && mkdir -p $(dir $@) - tar xzf $| -C $(dir $@) - mv $(dir $@)/go $(dir $@)/goroot - -# Keep the downloaded tar so it is cached across CI runs. -.PRECIOUS: $(bin_dir)/downloaded/tools/go@$(VENDORED_GO_VERSION)_%.tar.gz -$(bin_dir)/downloaded/tools/go@$(VENDORED_GO_VERSION)_%.tar.gz: | $(bin_dir)/downloaded/tools - $(CURL) https://go.dev/dl/go$(VENDORED_GO_VERSION).$(subst _,-,$*).tar.gz -o $@ +# Extract the tar to the $(GOVENDOR_DIR) directory, this directory is not cached across CI runs. +$(GOVENDOR_DIR)/go@$(VENDORED_GO_VERSION)_$(HOST_OS)_$(HOST_ARCH)/goroot: | $(DOWNLOAD_DIR)/tools/go@$(VENDORED_GO_VERSION)_$(HOST_OS)_$(HOST_ARCH).tar.gz + @source $(lock_script) $@; \ + mkdir -p $(outfile).dir; \ + tar xzf $| -C $(outfile).dir; \ + mv $(outfile).dir/go $(outfile); \ + rm -rf $(outfile).dir ################### # go dependencies # ################### -GO_DEPENDENCIES := -GO_DEPENDENCIES += ginkgo=github.com/onsi/ginkgo/v2/ginkgo -GO_DEPENDENCIES += controller-gen=sigs.k8s.io/controller-tools/cmd/controller-gen -GO_DEPENDENCIES += goimports=golang.org/x/tools/cmd/goimports -GO_DEPENDENCIES += go-licenses=github.com/google/go-licenses -GO_DEPENDENCIES += gotestsum=gotest.tools/gotestsum -GO_DEPENDENCIES += kustomize=sigs.k8s.io/kustomize/kustomize/v4 -GO_DEPENDENCIES += gojq=github.com/itchyny/gojq/cmd/gojq -GO_DEPENDENCIES += crane=github.com/google/go-containerregistry/cmd/crane -GO_DEPENDENCIES += protoc-gen-go=google.golang.org/protobuf/cmd/protoc-gen-go -GO_DEPENDENCIES += helm-docs=github.com/norwoodj/helm-docs/cmd/helm-docs -GO_DEPENDENCIES += cosign=github.com/sigstore/cosign/v2/cmd/cosign -GO_DEPENDENCIES += boilersuite=github.com/cert-manager/boilersuite -GO_DEPENDENCIES += gomarkdoc=github.com/princjef/gomarkdoc/cmd/gomarkdoc -GO_DEPENDENCIES += oras=oras.land/oras/cmd/oras -GO_DEPENDENCIES += klone=github.com/cert-manager/klone -GO_DEPENDENCIES += goreleaser=github.com/goreleaser/goreleaser -GO_DEPENDENCIES += syft=github.com/anchore/syft/cmd/syft -GO_DEPENDENCIES += client-gen=k8s.io/code-generator/cmd/client-gen -GO_DEPENDENCIES += deepcopy-gen=k8s.io/code-generator/cmd/deepcopy-gen -GO_DEPENDENCIES += informer-gen=k8s.io/code-generator/cmd/informer-gen -GO_DEPENDENCIES += lister-gen=k8s.io/code-generator/cmd/lister-gen -GO_DEPENDENCIES += applyconfiguration-gen=k8s.io/code-generator/cmd/applyconfiguration-gen -GO_DEPENDENCIES += openapi-gen=k8s.io/code-generator/cmd/openapi-gen -GO_DEPENDENCIES += defaulter-gen=k8s.io/code-generator/cmd/defaulter-gen -GO_DEPENDENCIES += conversion-gen=k8s.io/code-generator/cmd/conversion-gen -GO_DEPENDENCIES += helm-tool=github.com/cert-manager/helm-tool -GO_DEPENDENCIES += cmctl=github.com/cert-manager/cmctl/v2 -GO_DEPENDENCIES += cmrel=github.com/cert-manager/release/cmd/cmrel -GO_DEPENDENCIES += golangci-lint=github.com/golangci/golangci-lint/cmd/golangci-lint -GO_DEPENDENCIES += govulncheck=golang.org/x/vuln/cmd/govulncheck -GO_DEPENDENCIES += operator-sdk=github.com/operator-framework/operator-sdk/cmd/operator-sdk -GO_DEPENDENCIES += gh=github.com/cli/cli/v2/cmd/gh -GO_DEPENDENCIES += preflight=github.com/redhat-openshift-ecosystem/openshift-preflight/cmd/preflight +go_dependencies := +go_dependencies += ginkgo=github.com/onsi/ginkgo/v2/ginkgo +go_dependencies += controller-gen=sigs.k8s.io/controller-tools/cmd/controller-gen +go_dependencies += goimports=golang.org/x/tools/cmd/goimports +go_dependencies += go-licenses=github.com/google/go-licenses +go_dependencies += gotestsum=gotest.tools/gotestsum +go_dependencies += kustomize=sigs.k8s.io/kustomize/kustomize/v4 +go_dependencies += gojq=github.com/itchyny/gojq/cmd/gojq +go_dependencies += crane=github.com/google/go-containerregistry/cmd/crane +go_dependencies += protoc-gen-go=google.golang.org/protobuf/cmd/protoc-gen-go +go_dependencies += helm-docs=github.com/norwoodj/helm-docs/cmd/helm-docs +go_dependencies += cosign=github.com/sigstore/cosign/v2/cmd/cosign +go_dependencies += boilersuite=github.com/cert-manager/boilersuite +go_dependencies += gomarkdoc=github.com/princjef/gomarkdoc/cmd/gomarkdoc +go_dependencies += oras=oras.land/oras/cmd/oras +go_dependencies += klone=github.com/cert-manager/klone +go_dependencies += goreleaser=github.com/goreleaser/goreleaser +go_dependencies += syft=github.com/anchore/syft/cmd/syft +go_dependencies += client-gen=k8s.io/code-generator/cmd/client-gen +go_dependencies += deepcopy-gen=k8s.io/code-generator/cmd/deepcopy-gen +go_dependencies += informer-gen=k8s.io/code-generator/cmd/informer-gen +go_dependencies += lister-gen=k8s.io/code-generator/cmd/lister-gen +go_dependencies += applyconfiguration-gen=k8s.io/code-generator/cmd/applyconfiguration-gen +go_dependencies += defaulter-gen=k8s.io/code-generator/cmd/defaulter-gen +go_dependencies += conversion-gen=k8s.io/code-generator/cmd/conversion-gen +go_dependencies += openapi-gen=k8s.io/kube-openapi/cmd/openapi-gen +go_dependencies += helm-tool=github.com/cert-manager/helm-tool +go_dependencies += cmctl=github.com/cert-manager/cmctl/v2 +go_dependencies += cmrel=github.com/cert-manager/release/cmd/cmrel +go_dependencies += golangci-lint=github.com/golangci/golangci-lint/cmd/golangci-lint +go_dependencies += govulncheck=golang.org/x/vuln/cmd/govulncheck +go_dependencies += operator-sdk=github.com/operator-framework/operator-sdk/cmd/operator-sdk +go_dependencies += gh=github.com/cli/cli/v2/cmd/gh +go_dependencies += gci=github.com/daixiang0/gci +go_dependencies += yamlfmt=github.com/google/yamlfmt/cmd/yamlfmt ################# # go build tags # ################# -GO_TAGS := +go_tags := # Additional Go dependencies can be defined to re-use the tooling in this file ADDITIONAL_GO_DEPENDENCIES ?= ADDITIONAL_GO_TAGS ?= -GO_DEPENDENCIES += $(ADDITIONAL_GO_DEPENDENCIES) -GO_TAGS += $(ADDITIONAL_GO_TAGS) +go_dependencies += $(ADDITIONAL_GO_DEPENDENCIES) +go_tags += $(ADDITIONAL_GO_TAGS) go_tags_init = go_tags_$1 := -$(call for_each_kv,go_tags_init,$(GO_DEPENDENCIES)) +$(call for_each_kv,go_tags_init,$(go_dependencies)) go_tags_defs = go_tags_$1 += $2 -$(call for_each_kv,go_tags_defs,$(GO_TAGS)) +$(call for_each_kv,go_tags_defs,$(go_tags)) define go_dependency -$$(bin_dir)/downloaded/tools/$1@$($(call UC,$1)_VERSION)_%: | $$(NEEDS_GO) $$(bin_dir)/downloaded/tools - GOWORK=off GOBIN=$$(CURDIR)/$$(dir $$@) $$(GO) install --tags "$(strip $(go_tags_$1))" $2@$($(call UC,$1)_VERSION) - @mv $$(CURDIR)/$$(dir $$@)/$1 $$@ +$$(DOWNLOAD_DIR)/tools/$1@$($(call uc,$1)_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $$(NEEDS_GO) $$(DOWNLOAD_DIR)/tools + @source $$(lock_script) $$@; \ + mkdir -p $$(outfile).dir; \ + GOWORK=off GOBIN=$$(outfile).dir $$(GO) install --tags "$(strip $(go_tags_$1))" $2@$($(call uc,$1)_VERSION); \ + mv $$(outfile).dir/$1 $$(outfile); \ + rm -rf $$(outfile).dir endef -$(call for_each_kv,go_dependency,$(GO_DEPENDENCIES)) - -######## -# Helm # -######## - -HELM_linux_amd64_SHA256SUM=f43e1c3387de24547506ab05d24e5309c0ce0b228c23bd8aa64e9ec4b8206651 -HELM_linux_arm64_SHA256SUM=b29e61674731b15f6ad3d1a3118a99d3cc2ab25a911aad1b8ac8c72d5a9d2952 -HELM_darwin_amd64_SHA256SUM=804586896496f7b3da97f56089ea00f220e075e969b6fdf6c0b7b9cdc22de120 -HELM_darwin_arm64_SHA256SUM=c2f36f3289a01c7c93ca11f84d740a170e0af1d2d0280bd523a409a62b8dfa1d - -$(bin_dir)/downloaded/tools/helm@$(HELM_VERSION)_%: | $(bin_dir)/downloaded/tools - $(CURL) https://get.helm.sh/helm-$(HELM_VERSION)-$(subst _,-,$*).tar.gz -o $@.tar.gz - $(checkhash_script) $@.tar.gz $(HELM_$*_SHA256SUM) - @# O writes the specified file to stdout - tar xfO $@.tar.gz $(subst _,-,$*)/helm > $@ - chmod +x $@ - rm -f $@.tar.gz - -########### -# kubectl # -########### - -KUBECTL_linux_amd64_SHA256SUM=69ab3a931e826bf7ac14d38ba7ca637d66a6fcb1ca0e3333a2cafdf15482af9f -KUBECTL_linux_arm64_SHA256SUM=96d6dc7b2bdcd344ce58d17631c452225de5bbf59b83fd3c89c33c6298fb5d8b -KUBECTL_darwin_amd64_SHA256SUM=c4da86e5c0fc9415db14a48d9ef1515b0b472346cbc9b7f015175b6109505d2c -KUBECTL_darwin_arm64_SHA256SUM=c31b99d7bf0faa486a6554c5f96e36af4821a488e90176a12ba18298bc4c8fb0 - -$(bin_dir)/downloaded/tools/kubectl@$(KUBECTL_VERSION)_%: | $(bin_dir)/downloaded/tools - $(CURL) https://dl.k8s.io/release/$(KUBECTL_VERSION)/bin/$(subst _,/,$*)/kubectl -o $@ - $(checkhash_script) $@ $(KUBECTL_$*_SHA256SUM) - chmod +x $@ - -######## -# kind # -######## - -KIND_linux_amd64_SHA256SUM=513a7213d6d3332dd9ef27c24dab35e5ef10a04fa27274fe1c14d8a246493ded -KIND_linux_arm64_SHA256SUM=639f7808443559aa30c3642d9913b1615d611a071e34f122340afeda97b8f422 -KIND_darwin_amd64_SHA256SUM=bffd8fb2006dc89fa0d1dde5ba6bf48caacb707e4df8551528f49145ebfeb7ad -KIND_darwin_arm64_SHA256SUM=8df041a5cae55471f3b039c3c9942226eb909821af63b5677fc80904caffaabf - -$(bin_dir)/downloaded/tools/kind@$(KIND_VERSION)_%: | $(bin_dir)/downloaded/tools $(bin_dir)/tools - $(CURL) -sSfL https://github.com/kubernetes-sigs/kind/releases/download/$(KIND_VERSION)/kind-$(subst _,-,$*) -o $@ - $(checkhash_script) $@ $(KIND_$*_SHA256SUM) - chmod +x $@ - -######### -# vault # -######### - -VAULT_linux_amd64_SHA256SUM=f42f550713e87cceef2f29a4e2b754491697475e3d26c0c5616314e40edd8e1b -VAULT_linux_arm64_SHA256SUM=79aee168078eb8c0dbb31c283e1136a7575f59fe36fccbb1f1ef6a16e0b67fdb -VAULT_darwin_amd64_SHA256SUM=a9d7c6e76d7d5c9be546e9a74860b98db6486fc0df095d8b00bc7f63fb1f6c1c -VAULT_darwin_arm64_SHA256SUM=4bf594a231bef07fbcfbf7329c8004acb8d219ce6a7aff186e0bac7027a0ab25 - -$(bin_dir)/downloaded/tools/vault@$(VAULT_VERSION)_%: | $(bin_dir)/downloaded/tools - $(CURL) https://releases.hashicorp.com/vault/$(VAULT_VERSION)/vault_$(VAULT_VERSION)_$*.zip -o $@.zip - $(checkhash_script) $@.zip $(VAULT_$*_SHA256SUM) - unzip -qq -c $@.zip > $@ - chmod +x $@ - rm -f $@.zip - -######## -# azwi # -######## - -AZWI_linux_amd64_SHA256SUM=d2ef0f27609b7157595fe62b13c03381a481f833c1e1b6290df560454890d337 -AZWI_linux_arm64_SHA256SUM=72e34bc96611080095e90ecce58a72e50debf846106b13976f2972bf06ae12df -AZWI_darwin_amd64_SHA256SUM=2be5f18c0acfb213a22db5a149dd89c7d494690988cb8e8a785dd6915f7094d0 -AZWI_darwin_arm64_SHA256SUM=d0b01768102dd472c72c98bb51ae990af8779e811c9f7ab1db48ccefc9988f4c - -$(bin_dir)/downloaded/tools/azwi@$(AZWI_VERSION)_%: | $(bin_dir)/downloaded/tools - $(CURL) https://github.com/Azure/azure-workload-identity/releases/download/$(AZWI_VERSION)/azwi-$(AZWI_VERSION)-$(subst _,-,$*).tar.gz -o $@.tar.gz - $(checkhash_script) $@.tar.gz $(AZWI_$*_SHA256SUM) - @# O writes the specified file to stdout - tar xfO $@.tar.gz azwi > $@ && chmod 775 $@ - rm -f $@.tar.gz - -############################ -# kubebuilder-tools assets # -# kube-apiserver / etcd # -############################ - -KUBEBUILDER_TOOLS_linux_amd64_SHA256SUM=e9899574fb92fd4a4ca27539d15a30f313f8a482b61b46cb874a07f2ba4f9bcb -KUBEBUILDER_TOOLS_linux_arm64_SHA256SUM=ef22e16c439b45f3e116498f7405be311bab92c3345766ab2142e86458cda92e -KUBEBUILDER_TOOLS_darwin_amd64_SHA256SUM=e5796637cc8e40029f0def639bbe7d99193c1872555c919d2b76c32e0e34378f -KUBEBUILDER_TOOLS_darwin_arm64_SHA256SUM=9734b90206f17a46f4dd0a7e3bb107d44aec9e79b7b135c6eb7c8a250ffd5e03 - -$(bin_dir)/downloaded/tools/etcd@$(KUBEBUILDER_ASSETS_VERSION)_%: $(bin_dir)/downloaded/tools/kubebuilder_tools_$(KUBEBUILDER_ASSETS_VERSION)_%.tar.gz | $(bin_dir)/downloaded/tools - $(checkhash_script) $< $(KUBEBUILDER_TOOLS_$*_SHA256SUM) - @# O writes the specified file to stdout - tar xfO $< kubebuilder/bin/etcd > $@ && chmod 775 $@ - -$(bin_dir)/downloaded/tools/kube-apiserver@$(KUBEBUILDER_ASSETS_VERSION)_%: $(bin_dir)/downloaded/tools/kubebuilder_tools_$(KUBEBUILDER_ASSETS_VERSION)_%.tar.gz | $(bin_dir)/downloaded/tools - $(checkhash_script) $< $(KUBEBUILDER_TOOLS_$*_SHA256SUM) - @# O writes the specified file to stdout - tar xfO $< kubebuilder/bin/kube-apiserver > $@ && chmod 775 $@ - -$(bin_dir)/downloaded/tools/kubebuilder_tools_$(KUBEBUILDER_ASSETS_VERSION)_$(HOST_OS)_$(HOST_ARCH).tar.gz: | $(bin_dir)/downloaded/tools - $(CURL) https://storage.googleapis.com/kubebuilder-tools/kubebuilder-tools-$(KUBEBUILDER_ASSETS_VERSION)-$(HOST_OS)-$(HOST_ARCH).tar.gz -o $@ - -########### -# kyverno # -########### - -KYVERNO_linux_amd64_SHA256SUM=08cf3640b847e3bbd41c5014ece4e0aa6c39915f5c199eeac8d80267955676e6 -KYVERNO_linux_arm64_SHA256SUM=31805a52e98733b390c60636f209e0bda3174bd09e764ba41fa971126b98d2fc -KYVERNO_darwin_amd64_SHA256SUM=21fa0733d1a73d510fa0e30ac10310153b7124381aa21224b54fe34a38239542 -KYVERNO_darwin_arm64_SHA256SUM=022bc2640f05482cab290ca8cd28a67f55b24c14b93076bd144c37a1732e6d7e - -$(bin_dir)/downloaded/tools/kyverno@$(KYVERNO_VERSION)_%: | $(bin_dir)/downloaded/tools - $(CURL) https://github.com/kyverno/kyverno/releases/download/$(KYVERNO_VERSION)/kyverno-cli_$(KYVERNO_VERSION)_$(subst amd64,x86_64,$*).tar.gz -fsSL -o $@.tar.gz - $(checkhash_script) $@.tar.gz $(KYVERNO_$*_SHA256SUM) - @# O writes the specified file to stdout - tar xfO $@.tar.gz kyverno > $@ - chmod +x $@ - rm -f $@.tar.gz - -###### -# yq # -###### - -YQ_linux_amd64_SHA256SUM=cfbbb9ba72c9402ef4ab9d8f843439693dfb380927921740e51706d90869c7e1 -YQ_linux_arm64_SHA256SUM=a8186efb079673293289f8c31ee252b0d533c7bb8b1ada6a778ddd5ec0f325b6 -YQ_darwin_amd64_SHA256SUM=fdc42b132ac460037f4f0f48caea82138772c651d91cfbb735210075ddfdbaed -YQ_darwin_arm64_SHA256SUM=9f1063d910698834cb9176593aa288471898031929138d226c2c2de9f262f8e5 - -$(bin_dir)/downloaded/tools/yq@$(YQ_VERSION)_%: | $(bin_dir)/downloaded/tools - $(CURL) https://github.com/mikefarah/yq/releases/download/$(YQ_VERSION)/yq_$* -o $@ - $(checkhash_script) $@ $(YQ_$*_SHA256SUM) - chmod +x $@ - -###### -# ko # -###### - -KO_linux_amd64_SHA256SUM=5b06079590371954cceadf0ddcfa8471afb039c29a2e971043915957366a2f39 -KO_linux_arm64_SHA256SUM=fcbb736f7440d686ca1cf8b4c3f6b9b80948eb17d6cef7c14242eddd275cab42 -KO_darwin_amd64_SHA256SUM=4f388a4b08bde612a20d799045a57a9b8847483baf1a1590d3c32735e7c30c16 -KO_darwin_arm64_SHA256SUM=45f2c1a50fdadb7ef38abbb479897d735c95238ec25c4f505177d77d60ed91d6 - -$(bin_dir)/downloaded/tools/ko@$(KO_VERSION)_%: | $(bin_dir)/downloaded/tools - $(CURL) https://github.com/ko-build/ko/releases/download/v$(KO_VERSION)/ko_$(KO_VERSION)_$(subst linux,Linux,$(subst darwin,Darwin,$(subst amd64,x86_64,$*))).tar.gz -o $@.tar.gz - $(checkhash_script) $@.tar.gz $(KO_$*_SHA256SUM) - tar xfO $@.tar.gz ko > $@ - chmod +x $@ - rm -f $@.tar.gz - -########## -# protoc # -########## - -PROTOC_linux_amd64_SHA256SUM=78ab9c3288919bdaa6cfcec6127a04813cf8a0ce406afa625e48e816abee2878 -PROTOC_linux_arm64_SHA256SUM=07683afc764e4efa3fa969d5f049fbc2bdfc6b4e7786a0b233413ac0d8753f6b -PROTOC_darwin_amd64_SHA256SUM=5fe89993769616beff1ed77408d1335216379ce7010eee80284a01f9c87c8888 -PROTOC_darwin_arm64_SHA256SUM=8822b090c396800c96ac652040917eb3fbc5e542538861aad7c63b8457934b20 - -$(bin_dir)/downloaded/tools/protoc@$(PROTOC_VERSION)_%: | $(bin_dir)/downloaded/tools - $(CURL) https://github.com/protocolbuffers/protobuf/releases/download/v$(PROTOC_VERSION)/protoc-$(PROTOC_VERSION)-$(subst darwin,osx,$(subst arm64,aarch_64,$(subst amd64,x86_64,$(subst _,-,$*)))).zip -o $@.zip - $(checkhash_script) $@.zip $(PROTOC_$*_SHA256SUM) - unzip -qq -c $@.zip bin/protoc > $@ - chmod +x $@ - rm -f $@.zip - -######### -# trivy # -######### - -TRIVY_linux_amd64_SHA256SUM=b9785455f711e3116c0a97b01ad6be334895143ed680a405e88a4c4c19830d5d -TRIVY_linux_arm64_SHA256SUM=a192edfcef8766fa7e3e96a6a5faf50cd861371785891857471548e4af7cb60b -TRIVY_darwin_amd64_SHA256SUM=997622dee1d07de0764f903b72d16ec4314daaf202d91c957137b4fd1a2f73c3 -TRIVY_darwin_arm64_SHA256SUM=68aa451f395fa5418f5af59ce4081ef71075c857b95a297dc61da49c6a229a45 - -$(bin_dir)/downloaded/tools/trivy@$(TRIVY_VERSION)_%: | $(bin_dir)/downloaded/tools - $(eval OS_AND_ARCH := $(subst darwin,macOS,$*)) - $(eval OS_AND_ARCH := $(subst linux,Linux,$(OS_AND_ARCH))) - $(eval OS_AND_ARCH := $(subst arm64,ARM64,$(OS_AND_ARCH))) - $(eval OS_AND_ARCH := $(subst amd64,64bit,$(OS_AND_ARCH))) - - $(CURL) https://github.com/aquasecurity/trivy/releases/download/$(TRIVY_VERSION)/trivy_$(patsubst v%,%,$(TRIVY_VERSION))_$(subst _,-,$(OS_AND_ARCH)).tar.gz -o $@.tar.gz - $(checkhash_script) $@.tar.gz $(TRIVY_$*_SHA256SUM) - tar xfO $@.tar.gz trivy > $@ - chmod +x $@ - rm $@.tar.gz - -####### -# ytt # -####### - -YTT_linux_amd64_SHA256SUM=9bf62175c7cc0b54f9731a5b87ee40250f0457b1fce1b0b36019c2f8d96db8f8 -YTT_linux_arm64_SHA256SUM=cbfc85f11ffd8e61d63accf799b8997caaebe46ee046290cc1c4d05ed1ab145b -YTT_darwin_amd64_SHA256SUM=2b6d173dec1b6087e22690386474786fd9a2232c4479d8975cc98ae8160eea76 -YTT_darwin_arm64_SHA256SUM=3e6f092bfe7a121d15126a0de6503797818c6b6745fbc97213f519d35fab08f9 - -$(bin_dir)/downloaded/tools/ytt@$(YTT_VERSION)_%: | $(bin_dir)/downloaded/tools - $(CURL) -sSfL https://github.com/vmware-tanzu/carvel-ytt/releases/download/$(YTT_VERSION)/ytt-$(subst _,-,$*) -o $@ - $(checkhash_script) $@ $(YTT_$*_SHA256SUM) - chmod +x $@ - -########## -# rclone # -########## - -RCLONE_linux_amd64_SHA256SUM=7ebdb680e615f690bd52c661487379f9df8de648ecf38743e49fe12c6ace6dc7 -RCLONE_linux_arm64_SHA256SUM=b5a6cb3aef4fd1a2165fb8c21b1b1705f3cb754a202adc81931b47cd39c64749 -RCLONE_darwin_amd64_SHA256SUM=9ef83833296876f3182b87030b4f2e851b56621bad4ca4d7a14753553bb8b640 -RCLONE_darwin_arm64_SHA256SUM=9183f495b28acb12c872175c6af1f6ba8ca677650cb9d2774caefea273294c8a - -$(bin_dir)/downloaded/tools/rclone@$(RCLONE_VERSION)_%: | $(bin_dir)/downloaded/tools - $(eval OS_AND_ARCH := $(subst darwin,osx,$*)) - $(CURL) https://github.com/rclone/rclone/releases/download/$(RCLONE_VERSION)/rclone-$(RCLONE_VERSION)-$(subst _,-,$(OS_AND_ARCH)).zip -o $@.zip - $(checkhash_script) $@.zip $(RCLONE_$*_SHA256SUM) - @# -p writes to stdout, the second file arg specifies the sole file we - @# want to extract - unzip -p $@.zip rclone-$(RCLONE_VERSION)-$(subst _,-,$(OS_AND_ARCH))/rclone > $@ - chmod +x $@ - rm -f $@.zip +$(call for_each_kv,go_dependency,$(go_dependencies)) + +################## +# File downloads # +################## + +go_linux_amd64_SHA256SUM=8920ea521bad8f6b7bc377b4824982e011c19af27df88a815e3586ea895f1b36 +go_linux_arm64_SHA256SUM=6c33e52a5b26e7aa021b94475587fce80043a727a54ceb0eee2f9fc160646434 +go_darwin_amd64_SHA256SUM=610e48c1df4d2f852de8bc2e7fd2dc1521aac216f0c0026625db12f67f192024 +go_darwin_arm64_SHA256SUM=02abeab3f4b8981232237ebd88f0a9bad933bc9621791cd7720a9ca29eacbe9d + +.PRECIOUS: $(DOWNLOAD_DIR)/tools/go@$(VENDORED_GO_VERSION)_$(HOST_OS)_$(HOST_ARCH).tar.gz +$(DOWNLOAD_DIR)/tools/go@$(VENDORED_GO_VERSION)_$(HOST_OS)_$(HOST_ARCH).tar.gz: | $(DOWNLOAD_DIR)/tools + @source $(lock_script) $@; \ + $(CURL) https://go.dev/dl/go$(VENDORED_GO_VERSION).$(HOST_OS)-$(HOST_ARCH).tar.gz -o $(outfile); \ + $(checkhash_script) $(outfile) $(go_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM) + +helm_linux_amd64_SHA256SUM=a5844ef2c38ef6ddf3b5a8f7d91e7e0e8ebc39a38bb3fc8013d629c1ef29c259 +helm_linux_arm64_SHA256SUM=113ccc53b7c57c2aba0cd0aa560b5500841b18b5210d78641acfddc53dac8ab2 +helm_darwin_amd64_SHA256SUM=73434aeac36ad068ce2e5582b8851a286dc628eae16494a26e2ad0b24a7199f9 +helm_darwin_arm64_SHA256SUM=61e9c5455f06b2ad0a1280975bf65892e707adc19d766b0cf4e9006e3b7b4b6c + +.PRECIOUS: $(DOWNLOAD_DIR)/tools/helm@$(HELM_VERSION)_$(HOST_OS)_$(HOST_ARCH) +$(DOWNLOAD_DIR)/tools/helm@$(HELM_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWNLOAD_DIR)/tools + @source $(lock_script) $@; \ + $(CURL) https://get.helm.sh/helm-$(HELM_VERSION)-$(HOST_OS)-$(HOST_ARCH).tar.gz -o $(outfile).tar.gz; \ + $(checkhash_script) $(outfile).tar.gz $(helm_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM); \ + tar xfO $(outfile).tar.gz $(HOST_OS)-$(HOST_ARCH)/helm > $(outfile); \ + chmod +x $(outfile); \ + rm -f $(outfile).tar.gz + +kubectl_linux_amd64_SHA256SUM=7c3807c0f5c1b30110a2ff1e55da1d112a6d0096201f1beb81b269f582b5d1c5 +kubectl_linux_arm64_SHA256SUM=669af0cf520757298ea60a8b6eb6b719ba443a9c7d35f36d3fb2fd7513e8c7d2 +kubectl_darwin_amd64_SHA256SUM=bcfa57d020b8d07d0ea77235ce8012c2c28fefdfd7cb9738f33674a7b16cef08 +kubectl_darwin_arm64_SHA256SUM=45cfa208151320153742062824398f22bb6bfb5a142bf6238476d55dacbd1bdd + +.PRECIOUS: $(DOWNLOAD_DIR)/tools/kubectl@$(KUBECTL_VERSION)_$(HOST_OS)_$(HOST_ARCH) +$(DOWNLOAD_DIR)/tools/kubectl@$(KUBECTL_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWNLOAD_DIR)/tools + @source $(lock_script) $@; \ + $(CURL) https://dl.k8s.io/release/$(KUBECTL_VERSION)/bin/$(HOST_OS)/$(HOST_ARCH)/kubectl -o $(outfile); \ + $(checkhash_script) $(outfile) $(kubectl_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM); \ + chmod +x $(outfile) + +kind_linux_amd64_SHA256SUM=1d86e3069ffbe3da9f1a918618aecbc778e00c75f838882d0dfa2d363bc4a68c +kind_linux_arm64_SHA256SUM=a416d6c311882337f0e56910e4a2e1f8c106ec70c22cbf0ac1dd8f33c1e284fe +kind_darwin_amd64_SHA256SUM=81c77f104b4b668812f7930659dc01ad88fa4d1cfc56900863eacdfb2731c457 +kind_darwin_arm64_SHA256SUM=68ec87c1e1ea2a708df883f4b94091150d19552d7b344e80ca59f449b301c2a0 + +.PRECIOUS: $(DOWNLOAD_DIR)/tools/kind@$(KIND_VERSION)_$(HOST_OS)_$(HOST_ARCH) +$(DOWNLOAD_DIR)/tools/kind@$(KIND_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWNLOAD_DIR)/tools + @source $(lock_script) $@; \ + $(CURL) https://github.com/kubernetes-sigs/kind/releases/download/$(KIND_VERSION)/kind-$(HOST_OS)-$(HOST_ARCH) -o $(outfile); \ + $(checkhash_script) $(outfile) $(kind_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM); \ + chmod +x $(outfile) + +vault_linux_amd64_SHA256SUM=688ce462b70cb674f84fddb731f75bb710db5ad9e4e5a17659e90e1283a8b4b7 +vault_linux_arm64_SHA256SUM=d5bd42227d295b1dcc4a5889c37e6a8ca945ece4795819718eaf54db87aa6d4f +vault_darwin_amd64_SHA256SUM=e4886d22273dedc579dc2382e114e7be29341049a48592f8f7be8a0020310731 +vault_darwin_arm64_SHA256SUM=ca59c85e7e3d67e25b6bfa505f7e7717b418452e8bfcd602a2a717bc06d5b1ee + +.PRECIOUS: $(DOWNLOAD_DIR)/tools/vault@$(VAULT_VERSION)_$(HOST_OS)_$(HOST_ARCH) +$(DOWNLOAD_DIR)/tools/vault@$(VAULT_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWNLOAD_DIR)/tools + @source $(lock_script) $@; \ + $(CURL) https://releases.hashicorp.com/vault/$(VAULT_VERSION)/vault_$(VAULT_VERSION)_$(HOST_OS)_$(HOST_ARCH).zip -o $(outfile).zip; \ + $(checkhash_script) $(outfile).zip $(vault_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM); \ + unzip -qq -c $(outfile).zip > $(outfile); \ + chmod +x $(outfile); \ + rm -f $(outfile).zip + +azwi_linux_amd64_SHA256SUM=d33aaedbcbcc0ef61d845b3704ab336deaafc192c854e887896e163b99097871 +azwi_linux_arm64_SHA256SUM=7c4b55ef83e62f4b597885e66fbbdf0720cf0e2be3f1a16212f9b41d4b61b454 +azwi_darwin_amd64_SHA256SUM=47a9e99a7e02e531967d1c9a8abf12e73134f88ce3363007f411ba9b83497fd0 +azwi_darwin_arm64_SHA256SUM=19c5cf9fe4e1a7394bc01456d5e314fd898162d2d360c585fc72e46dae930659 + +.PRECIOUS: $(DOWNLOAD_DIR)/tools/azwi@$(AZWI_VERSION)_$(HOST_OS)_$(HOST_ARCH) +$(DOWNLOAD_DIR)/tools/azwi@$(AZWI_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWNLOAD_DIR)/tools + @source $(lock_script) $@; \ + $(CURL) https://github.com/Azure/azure-workload-identity/releases/download/$(AZWI_VERSION)/azwi-$(AZWI_VERSION)-$(HOST_OS)-$(HOST_ARCH).tar.gz -o $(outfile).tar.gz; \ + $(checkhash_script) $(outfile).tar.gz $(azwi_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM); \ + tar xfO $(outfile).tar.gz azwi > $(outfile) && chmod 775 $(outfile); \ + rm -f $(outfile).tar.gz + +kubebuilder_tools_linux_amd64_SHA256SUM=2a9792cb5f1403f524543ce94c3115e3c4a4229f0e86af55fd26c078da448164 +kubebuilder_tools_linux_arm64_SHA256SUM=39cc7274a3075a650a20fcd24b9e2067375732bebaf5356088a8efb35155f068 +kubebuilder_tools_darwin_amd64_SHA256SUM=85890b864330baec88f53aabfc1d5d94a8ca8c17483f34f4823dec0fae7c6e3a +kubebuilder_tools_darwin_arm64_SHA256SUM=849362d26105b64193b4142982c710306d90248272731a81fb83efac27c5a750 + +.PRECIOUS: $(DOWNLOAD_DIR)/tools/kubebuilder_tools_$(KUBEBUILDER_ASSETS_VERSION)_$(HOST_OS)_$(HOST_ARCH).tar.gz +$(DOWNLOAD_DIR)/tools/kubebuilder_tools_$(KUBEBUILDER_ASSETS_VERSION)_$(HOST_OS)_$(HOST_ARCH).tar.gz: | $(DOWNLOAD_DIR)/tools + @source $(lock_script) $@; \ + $(CURL) https://github.com/kubernetes-sigs/controller-tools/releases/download/envtest-$(KUBEBUILDER_ASSETS_VERSION)/envtest-$(KUBEBUILDER_ASSETS_VERSION)-$(HOST_OS)-$(HOST_ARCH).tar.gz -o $(outfile); \ + $(checkhash_script) $(outfile) $(kubebuilder_tools_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM) + +$(DOWNLOAD_DIR)/tools/etcd@$(KUBEBUILDER_ASSETS_VERSION)_$(HOST_OS)_$(HOST_ARCH): $(DOWNLOAD_DIR)/tools/kubebuilder_tools_$(KUBEBUILDER_ASSETS_VERSION)_$(HOST_OS)_$(HOST_ARCH).tar.gz | $(DOWNLOAD_DIR)/tools + @source $(lock_script) $@; \ + tar xfO $< controller-tools/envtest/etcd > $(outfile) && chmod 775 $(outfile) + +$(DOWNLOAD_DIR)/tools/kube-apiserver@$(KUBEBUILDER_ASSETS_VERSION)_$(HOST_OS)_$(HOST_ARCH): $(DOWNLOAD_DIR)/tools/kubebuilder_tools_$(KUBEBUILDER_ASSETS_VERSION)_$(HOST_OS)_$(HOST_ARCH).tar.gz | $(DOWNLOAD_DIR)/tools + @source $(lock_script) $@; \ + tar xfO $< controller-tools/envtest/kube-apiserver > $(outfile) && chmod 775 $(outfile) + +kyverno_linux_amd64_SHA256SUM=a5f6e9070c17acc47168c8ce4db78e45258376551b8bf68ad2d5ed27454cf666 +kyverno_linux_arm64_SHA256SUM=007e828d622e73614365f5f7e8e107e36ae686e97e8982b1eeb53511fb2363c3 +kyverno_darwin_amd64_SHA256SUM=20786eebf45238e8b4a35f4146c3f8dfea35968cf8ef6ca6d6727559f5c0156e +kyverno_darwin_arm64_SHA256SUM=3a454fb0b2bfbca6225d46ff4cc0b702fd4a63e978718c50225472b9631a8015 + +.PRECIOUS: $(DOWNLOAD_DIR)/tools/kyverno@$(KYVERNO_VERSION)_$(HOST_OS)_$(HOST_ARCH) +$(DOWNLOAD_DIR)/tools/kyverno@$(KYVERNO_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWNLOAD_DIR)/tools + $(eval ARCH := $(subst amd64,x86_64,$(HOST_ARCH))) + + @source $(lock_script) $@; \ + $(CURL) https://github.com/kyverno/kyverno/releases/download/$(KYVERNO_VERSION)/kyverno-cli_$(KYVERNO_VERSION)_$(HOST_OS)_$(ARCH).tar.gz -o $(outfile).tar.gz; \ + $(checkhash_script) $(outfile).tar.gz $(kyverno_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM); \ + tar xfO $(outfile).tar.gz kyverno > $(outfile); \ + chmod +x $(outfile); \ + rm -f $(outfile).tar.gz + +yq_linux_amd64_SHA256SUM=cfbbb9ba72c9402ef4ab9d8f843439693dfb380927921740e51706d90869c7e1 +yq_linux_arm64_SHA256SUM=a8186efb079673293289f8c31ee252b0d533c7bb8b1ada6a778ddd5ec0f325b6 +yq_darwin_amd64_SHA256SUM=fdc42b132ac460037f4f0f48caea82138772c651d91cfbb735210075ddfdbaed +yq_darwin_arm64_SHA256SUM=9f1063d910698834cb9176593aa288471898031929138d226c2c2de9f262f8e5 + +.PRECIOUS: $(DOWNLOAD_DIR)/tools/yq@$(YQ_VERSION)_$(HOST_OS)_$(HOST_ARCH) +$(DOWNLOAD_DIR)/tools/yq@$(YQ_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWNLOAD_DIR)/tools + @source $(lock_script) $@; \ + $(CURL) https://github.com/mikefarah/yq/releases/download/$(YQ_VERSION)/yq_$(HOST_OS)_$(HOST_ARCH) -o $(outfile); \ + $(checkhash_script) $(outfile) $(yq_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM); \ + chmod +x $(outfile) + +ko_linux_amd64_SHA256SUM=d11f03f23261d16f9e7802291e9d098e84f5daecc7931e8573bece9025b6a2c5 +ko_linux_arm64_SHA256SUM=8294849c0f12138006cd149dd02bb580c0eea41a6031473705cbf825e021a688 +ko_darwin_amd64_SHA256SUM=314c33154de941bfc4ede5e7283eb182028459bac36eb4223859e0b778254936 +ko_darwin_arm64_SHA256SUM=b6ecd62eb4f9238a0ed0512d7a34648b881aea0774c3830e3e5159370eb6834f + +.PRECIOUS: $(DOWNLOAD_DIR)/tools/ko@$(KO_VERSION)_$(HOST_OS)_$(HOST_ARCH) +$(DOWNLOAD_DIR)/tools/ko@$(KO_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWNLOAD_DIR)/tools + $(eval OS := $(subst linux,Linux,$(subst darwin,Darwin,$(HOST_OS)))) + $(eval ARCH := $(subst amd64,x86_64,$(HOST_ARCH))) + + @source $(lock_script) $@; \ + $(CURL) https://github.com/ko-build/ko/releases/download/v$(KO_VERSION)/ko_$(KO_VERSION)_$(OS)_$(ARCH).tar.gz -o $(outfile).tar.gz; \ + $(checkhash_script) $(outfile).tar.gz $(ko_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM); \ + tar xfO $(outfile).tar.gz ko > $(outfile); \ + chmod +x $(outfile); \ + rm -f $(outfile).tar.gz + +protoc_linux_amd64_SHA256SUM=a7be2928c0454f132c599e25b79b7ad1b57663f2337d7f7e468a1d59b98ec1b0 +protoc_linux_arm64_SHA256SUM=64a3b3b5f7dac0c8f9cf1cb85b2b1a237eb628644f6bcb0fb8f23db6e0d66181 +protoc_darwin_amd64_SHA256SUM=febd8821c3a2a23f72f4641471e0ab6486f4fb07b68111490a27a31681465b3c +protoc_darwin_arm64_SHA256SUM=26a29befa8891ecc48809958c909d284f2b9539a2eb47f22cadc631fe6abe8fd + +.PRECIOUS: $(DOWNLOAD_DIR)/tools/protoc@$(PROTOC_VERSION)_$(HOST_OS)_$(HOST_ARCH) +$(DOWNLOAD_DIR)/tools/protoc@$(PROTOC_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWNLOAD_DIR)/tools + $(eval OS := $(subst darwin,osx,$(HOST_OS))) + $(eval ARCH := $(subst arm64,aarch_64,$(subst amd64,x86_64,$(HOST_ARCH)))) + + @source $(lock_script) $@; \ + $(CURL) https://github.com/protocolbuffers/protobuf/releases/download/v$(PROTOC_VERSION)/protoc-$(PROTOC_VERSION)-$(OS)-$(ARCH).zip -o $(outfile).zip; \ + $(checkhash_script) $(outfile).zip $(protoc_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM); \ + unzip -qq -c $(outfile).zip bin/protoc > $(outfile); \ + chmod +x $(outfile); \ + rm -f $(outfile).zip + +trivy_linux_amd64_SHA256SUM=b0d135815867246baba52f608f4af84beca90cfeb17a9ce407a21acca760ace1 +trivy_linux_arm64_SHA256SUM=1be1dee3a5e013528374f25391d6ba84e2a10fda59f4e98431e30d9c4975762b +trivy_darwin_amd64_SHA256SUM=744f5e8c5c09c1e5ec6ec6a0570f779d89964c0a91ab60b4e59b284cdd3e1576 +trivy_darwin_arm64_SHA256SUM=e78a0db86f6364e756d5e058316c7815a747fc7fd8e8e984e3baf5830166ec63 + +.PRECIOUS: $(DOWNLOAD_DIR)/tools/trivy@$(TRIVY_VERSION)_$(HOST_OS)_$(HOST_ARCH) +$(DOWNLOAD_DIR)/tools/trivy@$(TRIVY_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWNLOAD_DIR)/tools + $(eval OS := $(subst linux,Linux,$(subst darwin,macOS,$(HOST_OS)))) + $(eval ARCH := $(subst amd64,64bit,$(subst arm64,ARM64,$(HOST_ARCH)))) + + @source $(lock_script) $@; \ + $(CURL) https://github.com/aquasecurity/trivy/releases/download/$(TRIVY_VERSION)/trivy_$(patsubst v%,%,$(TRIVY_VERSION))_$(OS)-$(ARCH).tar.gz -o $(outfile).tar.gz; \ + $(checkhash_script) $(outfile).tar.gz $(trivy_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM); \ + tar xfO $(outfile).tar.gz trivy > $(outfile); \ + chmod +x $(outfile); \ + rm $(outfile).tar.gz + +ytt_linux_amd64_SHA256SUM=357ec754446b1eda29dd529e088f617e85809726c686598ab03cfc1c79f43b56 +ytt_linux_arm64_SHA256SUM=a2d195b058884c0e36a918936076965b8efb426f7e00f6b7d7b99b82737c7299 +ytt_darwin_amd64_SHA256SUM=71b5ea38bfc7a9748c35ce0735fd6f806dce46bd5c9039d527050c7682e62a70 +ytt_darwin_arm64_SHA256SUM=0658db4af8263ca091ca31e4b599cb40c324b75934660a4c0ed98ad9b701f7e9 + +.PRECIOUS: $(DOWNLOAD_DIR)/tools/ytt@$(YTT_VERSION)_$(HOST_OS)_$(HOST_ARCH) +$(DOWNLOAD_DIR)/tools/ytt@$(YTT_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWNLOAD_DIR)/tools + @source $(lock_script) $@; \ + $(CURL) -sSfL https://github.com/vmware-tanzu/carvel-ytt/releases/download/$(YTT_VERSION)/ytt-$(HOST_OS)-$(HOST_ARCH) -o $(outfile); \ + $(checkhash_script) $(outfile) $(ytt_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM); \ + chmod +x $(outfile) + +rclone_linux_amd64_SHA256SUM=b4d304b1dc76001b1d3bb820ae8d1ae60a072afbd3296be904a3ee00b3d4fab9 +rclone_linux_arm64_SHA256SUM=c50a3ab93082f21788f9244393b19f2426edeeb896eec2e3e05ffb2e8727e075 +rclone_darwin_amd64_SHA256SUM=5adb4c5fe0675627461000a63156001301ec7cade966c55c8c4ebcfaeb62c5ae +rclone_darwin_arm64_SHA256SUM=b5f4c4d06ff3d426aee99870ad437276c9ddaad55442f2df6a58b918115fe4cf + +.PRECIOUS: $(DOWNLOAD_DIR)/tools/rclone@$(RCLONE_VERSION)_$(HOST_OS)_$(HOST_ARCH) +$(DOWNLOAD_DIR)/tools/rclone@$(RCLONE_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWNLOAD_DIR)/tools + $(eval OS := $(subst darwin,osx,$(HOST_OS))) + + @source $(lock_script) $@; \ + $(CURL) https://github.com/rclone/rclone/releases/download/$(RCLONE_VERSION)/rclone-$(RCLONE_VERSION)-$(OS)-$(HOST_ARCH).zip -o $(outfile).zip; \ + $(checkhash_script) $(outfile).zip $(rclone_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM); \ + unzip -p $(outfile).zip rclone-$(RCLONE_VERSION)-$(OS)-$(HOST_ARCH)/rclone > $(outfile); \ + chmod +x $(outfile); \ + rm -f $(outfile).zip + +preflight_linux_amd64_SHA256SUM=20f31e4af2004e8e3407844afea4e973975069169d69794e0633f0cb91d45afd +preflight_linux_arm64_SHA256SUM=c42cf4132027d937da88da07760e8fd9b1a8836f9c7795a1b60513d99c6939fe + +# Currently there are no offical releases for darwin, you cannot submit results +# on non-official binaries, but we can still run tests. +# +# Once https://github.com/redhat-openshift-ecosystem/openshift-preflight/pull/942 is merged +# we can remove this darwin specific hack +.PRECIOUS: $(DOWNLOAD_DIR)/tools/preflight@$(PREFLIGHT_VERSION)_darwin_$(HOST_ARCH) +$(DOWNLOAD_DIR)/tools/preflight@$(PREFLIGHT_VERSION)_darwin_$(HOST_ARCH): | $(DOWNLOAD_DIR)/tools + @source $(lock_script) $@; \ + mkdir -p $(outfile).dir; \ + GOWORK=off GOBIN=$(outfile).dir $(GO) install github.com/redhat-openshift-ecosystem/openshift-preflight/cmd/preflight@$(PREFLIGHT_VERSION); \ + mv $(outfile).dir/preflight $(outfile); \ + rm -rf $(outfile).dir + +.PRECIOUS: $(DOWNLOAD_DIR)/tools/preflight@$(PREFLIGHT_VERSION)_linux_$(HOST_ARCH) +$(DOWNLOAD_DIR)/tools/preflight@$(PREFLIGHT_VERSION)_linux_$(HOST_ARCH): | $(DOWNLOAD_DIR)/tools + @source $(lock_script) $@; \ + $(CURL) https://github.com/redhat-openshift-ecosystem/openshift-preflight/releases/download/$(PREFLIGHT_VERSION)/preflight-linux-$(HOST_ARCH) -o $(outfile); \ + $(checkhash_script) $(outfile) $(preflight_linux_$(HOST_ARCH)_SHA256SUM); \ + chmod +x $(outfile) ################# # Other Targets # @@ -576,23 +601,30 @@ $(bin_dir)/downloaded/tools/rclone@$(RCLONE_VERSION)_%: | $(bin_dir)/downloaded/ # about go being missing even though abc itself depends on vendor-go! # That means we need to pass vendor-go at the top level if go is not installed (i.e. "make vendor-go abc") -MISSING=$(shell (command -v curl >/dev/null || echo curl) \ +missing=$(shell (command -v curl >/dev/null || echo curl) \ && (command -v sha256sum >/dev/null || command -v shasum >/dev/null || echo sha256sum) \ && (command -v git >/dev/null || echo git) \ + && (command -v rsync >/dev/null || echo rsync) \ && ([ -n "$(findstring vendor-go,$(MAKECMDGOALS),)" ] \ || command -v $(GO) >/dev/null || echo "$(GO) (or run 'make vendor-go')") \ && (command -v $(CTR) >/dev/null || echo "$(CTR) (or set CTR to a docker-compatible tool)")) -ifneq ($(MISSING),) -$(error Missing required tools: $(MISSING)) +ifneq ($(missing),) +$(error Missing required tools: $(missing)) endif .PHONY: tools ## Download and setup all tools ## @category [shared] Tools -tools: $(TOOLS_PATHS) +tools: $(tools_paths) self_file := $(dir $(lastword $(MAKEFILE_LIST)))/00_mod.mk +# see https://stackoverflow.com/a/53408233 +sed_inplace := sed -i'' +ifeq ($(HOST_OS),darwin) + sed_inplace := sed -i '' +endif + # This target is used to learn the sha256sum of the tools. It is used only # in the makefile-modules repo, and should not be used in any other repo. .PHONY: tools-learn-sha @@ -607,6 +639,11 @@ tools-learn-sha: | $(bin_dir) HOST_OS=darwin HOST_ARCH=amd64 $(MAKE) tools HOST_OS=darwin HOST_ARCH=arm64 $(MAKE) tools + HOST_OS=linux HOST_ARCH=amd64 $(MAKE) vendor-go + HOST_OS=linux HOST_ARCH=arm64 $(MAKE) vendor-go + HOST_OS=darwin HOST_ARCH=amd64 $(MAKE) vendor-go + HOST_OS=darwin HOST_ARCH=arm64 $(MAKE) vendor-go + while read p; do \ - sed -i "$$p" $(self_file); \ + $(sed_inplace) "$$p" $(self_file); \ done <"$(LEARN_FILE)" diff --git a/make/_shared/tools/util/checkhash.sh b/make/_shared/tools/util/checkhash.sh index f626f6f9cfe..62e5489bad4 100755 --- a/make/_shared/tools/util/checkhash.sh +++ b/make/_shared/tools/util/checkhash.sh @@ -14,7 +14,9 @@ # See the License for the specific language governing permissions and # limitations under the License. -set -eu -o pipefail +set -o errexit +set -o nounset +set -o pipefail SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" diff --git a/make/_shared/tools/util/hash.sh b/make/_shared/tools/util/hash.sh index 3e58bfcb8f5..21d006fc8fa 100755 --- a/make/_shared/tools/util/hash.sh +++ b/make/_shared/tools/util/hash.sh @@ -14,7 +14,9 @@ # See the License for the specific language governing permissions and # limitations under the License. -set -eu -o pipefail +set -o errexit +set -o nounset +set -o pipefail # This script is a wrapper for outputting purely the sha256 hash of the input file, # ideally in a portable way. diff --git a/make/_shared/tools/util/lock.sh b/make/_shared/tools/util/lock.sh new file mode 100755 index 00000000000..22564f7c10d --- /dev/null +++ b/make/_shared/tools/util/lock.sh @@ -0,0 +1,70 @@ +#!/usr/bin/env bash + +# Copyright 2023 The cert-manager Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -o errexit +set -o nounset +set -o pipefail + +# This script is used to lock a file while it is being downloaded. It prevents +# multiple processes from downloading the same file at the same time or from reading +# a half-downloaded file. +# We need this solution because we have recursive $(MAKE) calls in our makefile +# which each will try to download a set of tools. To prevent them from all downloading +# the same files, we re-use the same downloads folder for all $(MAKE) invocations and +# use this script to deduplicate the download processes. + +finalfile="$1" +lockfile="$finalfile.lock" + +# On OSX, flock is not installed, we just skip locking in that case, +# this means that running verify in parallel without downloading all +# tools first will not work. +flock_installed=$(command -v flock >/dev/null && echo "yes" || echo "no") + +if [[ "$flock_installed" == "yes" ]]; then + mkdir -p "$(dirname "$lockfile")" + touch "$lockfile" + exec {FD}<>"$lockfile" + + # wait for the file to be unlocked + if ! flock -x $FD; then + echo "Failed to obtain a lock for $lockfile" + exit 1 + fi +fi + +# now that we have the lock, check if file is already there +if [[ -e "$finalfile" ]]; then + exit 0 +fi + +# use a temporary file to prevent Make from thinking the file is ready +# while in reality is is only a partial download +# shellcheck disable=SC2034 +outfile="$finalfile.tmp" + +finish() { + rv=$? + if [[ $rv -eq 0 ]]; then + mv "$outfile" "$finalfile" + echo "[info]: downloaded $finalfile" + else + rm -rf "$outfile" || true + rm -rf "$finalfile" || true + fi + rm -rf "$lockfile" || true +} +trap finish EXIT SIGINT