These enable scanning of each of our container images on linux/amd64
to check for vulnerabilities. These targets can then be used in CI as
an indicator that we might need to take a look at upgrading dependencies
or base images.
Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
I also took the opportunity to document the three most important "build"
variables in "make help".
Manually rebased to adopt $(BINDIR) changes
Signed-off-by: Maël Valais <mael@vls.dev>
Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
we don't _need_ to remove these and we can keep them around for
longer, but we don't need them to be in files we actually use and edit.
putting the targets in a separate file feels cleaner!
Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
This is needed because go and other tools will ignore directories
starting with "_" or "." but would treat a dir called "bin" as a regular
directory.
This in turn meant that when we vendored Go in bin, these tools would by
default scan the whole stdlib included with the bundled vendored go.
See https://pkg.go.dev/cmd/go#hdr-Package_lists_and_patterns for details
Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
- "make help" should be good enough for most people in most situations
to build and test cert-manager
- "make clean-all" can be a one-stop-shop to start fresh.
- "make which-go" makes it clearer whether go vendoring is being used
Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
The GOFLAGS make variable was set after "include make/cmctl.mk",
leading to the warning:
Makefile:34: warning: undefined variable 'RELEASE_VERSION'
Makefile:34: warning: undefined variable 'GITCOMMIT'
Signed-off-by: Maël Valais <mael@vls.dev>
When checking how User-Agent headers would differ from v1.7.1 to
v1.8.0, The User-Agent looked off:
cert-manager-issuers/v1.8.0 (linux/amd64) cert-manager/
The ending "/" should be followed by the git commit hash. It seems like
we forgot to port what Bazel does to fill AppVersion, AppGitCommit, and
AppGitState. This commit adds this feature to the Makefile. The
User-Agent should now look like this:
cert-manager-issuers/v1.8.0 (linux/amd64) cert-manager/9dd5f6c85fde2c3ed58cd6c9e465bb5a4c1ca2b2
<----->
This part depends
on the component.
Signed-off-by: Maël Valais <mael@vls.dev>
The commands can be run concurrently, with the exception of e2e that
has to be run after e2e-setup is done. The e2e target does not check
whether cert-manager and the addons are installed.
The two only scripts that were kept are:
- make/e2e.sh (previously called ./devel/run-e2e.sh)
- make/cluster.sh (previsouly called ./devel/cluster/create.sh)
The reason for the removal of the other scripts is that they didn't
have that much logic and could easily ported to Make, improving greatly
the execution speed thanks to make's concurrency.
make/e2e.sh now behaves "as expected" when using -ginkgo.focus or
GINKGO_FOCUS; previously, the logs would not be shown before the end
of the test.
make/cluster.sh has lost the ability to create an OpenShift 3.11 cluster.
for running the end-to-end tests. The two reasons are that OpenShift 4
wasn't supported by the script devel/cluster/create.sh, and OpenShift
3.11 is not supported by cert-manager anymore.
The Makefile targets that were used in the Prow jobs (verify, verify_deps,
verify_chart, verify_upgrade, and cluster) have been kept around. They
now show a warning to encourage people to use the new Make-based targets.
When running one of the deprecated targets the Makefile won't check the
presence of the system tools such as Go and jq, since Bazel takes care of
these dependencies.
On version change, downloaded tools and images are re-downloaded. The
command 'make clean' now keeps the downloaded images and tools.
Note that a lot of attention has been put into having a Make system that works
flawlessly both on Linux and on BSDs (such as macOS).
You will note that some recursive calls to make are made, and $(MAKE)
instead of plain "make" is used in that case. If we didn't use $(MAKE),
we would have concurrency issues, and warnings such as:
make[1]: warning: jobserver unavailable: using -j1. Add `+' to parent make rule.
Signed-off-by: Maël Valais <mael@vls.dev>
This slightly modifies our existing helm chart verification script to
accept the location of a tarball containing the chart we're verifying.
That in turn allows us to more generally use the script for both
validating the chart we build using make and the chart we build using
bazel.
Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
also adds a variable for the network name, potentially making it easier
to change in the future if kind improves its support for this kind of
thing
Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
the script will need to be manually updated if we want to add a new
k8s version, but it should be trivial to do that
the actual kind image SHAsums aren't updated, so that the addition of
the script can be separate from the act of updating the images
also adds a make target for creating a kind cluster with CI deps
Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
there seems to be justification for setting GOSUMDB to a universal value
here, but setting GOPROXY doesn't seem to provide value here
Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
having .PHONY next to the target which it's marking
helps with identifying which targets have been marked and makes it
easier to spot a missing .PHONY
also tweaks the find command to avoid piping, and cleans up a duplicated
ctl target
Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
