forked from sigstore/scaffolding
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathMakefile
102 lines (81 loc) · 2.97 KB
/
Makefile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
GIT_TAG ?= $(shell git describe --tags --always --dirty)
GIT_HASH ?= $(shell git rev-parse HEAD)
LDFLAGS=-buildid= -X sigs.k8s.io/release-utils/version.gitVersion=$(GIT_TAG)
KO_DOCKER_REPO ?= ghcr.io/sigstore/scaffolding
# These are the subdirs under config that we'll turn into separate artifacts.
artifacts := trillian ctlog fulcio rekor tsa tuf prober
.PHONY: ko-resolve
ko-resolve:
# "Doing ko resolve for config"
$(foreach artifact, $(artifacts), $(shell export LDFLAGS="$(LDFLAGS)" KO_DOCKER_REPO=$(KO_DOCKER_REPO); \
ko resolve --tags $(GIT_TAG),latest -BRf ./config/$(artifact) \
--platform=all \
--image-refs imagerefs-$(artifact) > release-$(artifact).yaml )) \
# "Building cloudsqlproxy wrapper"
LDFLAGS="$(LDFLAGS)" KO_DOCKER_REPO=$(KO_DOCKER_REPO) \
ko build --base-import-paths --platform=all --tags $(GIT_TAG),latest --image-refs imagerefs-cloudsqlproxy ./cmd/cloudsqlproxy
.PHONY: ko-resolve-testdata
ko-resolve-testdata:
# "Doing ko resolve for testdata"
# "Build a big bundle of joy, this also produces SBOMs"
LDFLAGS="$(LDFLAGS)" KO_DOCKER_REPO=$(KO_DOCKER_REPO) \
ko resolve --tags $(GIT_TAG),latest --base-import-paths --recursive --filename ./testdata --platform=all --image-refs testimagerefs > testrelease.yaml
.PHONY: sign-test-images
sign-test-images:
GIT_HASH=$(GIT_HASH) GIT_VERSION=$(GIT_TAG) ARTIFACT=testimagerefs ./scripts/sign-release-images.sh
.PHONY: sign-release-images
sign-release-images: sign-test-images
$(foreach artifact,$(artifacts), \
echo "Signing $(artifact)"; export GIT_HASH=$(GIT_HASH) GIT_VERSION=$(GIT_TAG) ARTIFACT=imagerefs-$(artifact); ./scripts/sign-release-images.sh \
)
echo "Signing cloudsqlproxy"; export GIT_HASH=$(GIT_HASH) GIT_VERSION=$(GIT_TAG) ARTIFACT=imagerefs-cloudsqlproxy; ./scripts/sign-release-images.sh \
.PHONY: release-images
release-images: ko-resolve ko-resolve-testdata
.PHONY: prober
prober:
go build -trimpath -ldflags "$(LDFLAGS)" -o $@ ./cmd/prober
### Testing
.PHONY: ko-apply
ko-apply:
LDFLAGS="$(LDFLAGS)" \
ko apply -BRf ./config/
.PHONY: ko-apply-ctlog
ko-apply-ctlog:
LDFLAGS="$(LDFLAGS)" \
ko apply -BRf ./config/ctlog
.PHONY: ko-apply-fulcio
ko-apply-fulcio:
LDFLAGS="$(LDFLAGS)" \
ko apply -BRf ./config/fulcio
.PHONY: ko-apply-rekor
ko-apply-rekor:
LDFLAGS="$(LDFLAGS)" \
ko apply -BRf ./config/rekor
.PHONY: ko-apply-trillian
ko-apply-trillian:
LDFLAGS="$(LDFLAGS)" \
ko apply -BRf ./config/trillian
.PHONY: ko-apply-tsa
ko-apply-tsa:
LDFLAGS="$(LDFLAGS)" \
ko apply -BRf ./config/tsa
.PHONY: ko-apply-tuf
ko-apply-tuf:
LDFLAGS="$(LDFLAGS)" \
ko apply -BRf ./config/tuf
.PHONY: ko-apply-prober
ko-apply-prober:
LDFLAGS="$(LDFLAGS)" \
ko apply -BRf ./config/prober
.PHONY: ko-apply-sign-job
ko-apply-sign-job:
LDFLAGS="$(LDFLAGS)" \
ko apply -f ./testdata/config/sign-job
.PHONY: ko-apply-verify-job
ko-apply-verify-job:
LDFLAGS="$(LDFLAGS)" \
ko apply -f ./testdata/config/verify-job
.PHONY: ko-apply-gettoken
ko-apply-gettoken:
LDFLAGS="$(LDFLAGS)" \
ko apply -f ./testdata/config/gettoken