-
Notifications
You must be signed in to change notification settings - Fork 57
/
Makefile
165 lines (129 loc) · 5.27 KB
/
Makefile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
GIT_TAG ?= $(shell git describe --tags --always --dirty)
GIT_HASH ?= $(shell git rev-parse HEAD)
LDFLAGS=-buildid= -X sigs.k8s.io/release-utils/version.gitVersion=$(GIT_TAG) -X sigs.k8s.io/release-utils/version.gitCommit=$(GIT_HASH)
KO_DOCKER_REPO ?= ghcr.io/sigstore/scaffolding
TRILLIAN_VERSION=$(shell go list -m -f '{{ .Version }}' github.com/google/trillian)
# These are the subdirs under config that we'll turn into separate artifacts.
artifacts := trillian ctlog fulcio rekor tsa tuf prober
.PHONY: ko-resolve
ko-resolve:
# "Doing ko resolve for config"
$(foreach artifact, $(artifacts), $(shell export LDFLAGS="$(LDFLAGS)" KO_DOCKER_REPO=$(KO_DOCKER_REPO); \
ko resolve --tags $(GIT_TAG),latest -BRf ./config/$(artifact) \
--platform=all \
--image-refs imagerefs-$(artifact) > release-$(artifact).yaml )) \
# "Building cloudsqlproxy wrapper"
LDFLAGS="$(LDFLAGS)" KO_DOCKER_REPO=$(KO_DOCKER_REPO) \
ko build --base-import-paths --platform=all --tags $(GIT_TAG),latest --image-refs imagerefs-cloudsqlproxy ./cmd/cloudsqlproxy
# "Building trillian_log_server"
LDFLAGS="$(LDFLAGS)" KO_DOCKER_REPO=$(KO_DOCKER_REPO) \
ko build --base-import-paths --platform=all --tags $(TRILLIAN_VERSION),$(GIT_TAG),latest --image-refs imagerefs-trillian_log_server github.com/google/trillian/cmd/trillian_log_server
# "Building trillian_log_signer"
LDFLAGS="$(LDFLAGS)" KO_DOCKER_REPO=$(KO_DOCKER_REPO) \
ko build --base-import-paths --platform=all --tags $(TRILLIAN_VERSION),$(GIT_TAG),latest --image-refs imagerefs-trillian_log_signer github.com/google/trillian/cmd/trillian_log_signer
.PHONY: ko-resolve-testdata
ko-resolve-testdata:
# "Doing ko resolve for testdata"
# "Build a big bundle of joy, this also produces SBOMs"
LDFLAGS="$(LDFLAGS)" KO_DOCKER_REPO=$(KO_DOCKER_REPO) \
ko resolve --tags $(GIT_TAG),latest --base-import-paths --recursive --filename ./testdata --platform=all --image-refs testimagerefs > testrelease.yaml
.PHONY: sign-test-images
sign-test-images:
GIT_HASH=$(GIT_HASH) GIT_VERSION=$(GIT_TAG) ARTIFACT=testimagerefs ./scripts/sign-release-images.sh
.PHONY: sign-release-images
sign-release-images: sign-test-images
$(foreach artifact,$(artifacts), \
echo "Signing $(artifact)"; export GIT_HASH=$(GIT_HASH) GIT_VERSION=$(GIT_TAG) ARTIFACT=imagerefs-$(artifact); ./scripts/sign-release-images.sh \
)
echo "Signing cloudsqlproxy"; export GIT_HASH=$(GIT_HASH) GIT_VERSION=$(GIT_TAG) ARTIFACT=imagerefs-cloudsqlproxy; ./scripts/sign-release-images.sh \
.PHONY: release-images
release-images: ko-resolve ko-resolve-testdata
.PHONY: prober
prober:
go build -trimpath -ldflags "$(LDFLAGS)" -o $@ ./cmd/prober
### Testing
.PHONY: ko-apply
ko-apply:
LDFLAGS="$(LDFLAGS)" \
ko apply -BRf ./config/
.PHONY: ko-apply-ctlog
ko-apply-ctlog:
LDFLAGS="$(LDFLAGS)" \
ko apply -BRf ./config/ctlog
.PHONY: ko-apply-fulcio
ko-apply-fulcio:
LDFLAGS="$(LDFLAGS)" \
ko apply -BRf ./config/fulcio
.PHONY: ko-apply-rekor
ko-apply-rekor:
LDFLAGS="$(LDFLAGS)" \
ko apply -BRf ./config/rekor
.PHONY: ko-apply-trillian
ko-apply-trillian:
LDFLAGS="$(LDFLAGS)" \
ko apply -v -BRf ./config/trillian
.PHONY: ko-apply-tsa
ko-apply-tsa:
LDFLAGS="$(LDFLAGS)" \
ko apply -BRf ./config/tsa
.PHONY: ko-apply-tuf
ko-apply-tuf:
LDFLAGS="$(LDFLAGS)" \
ko apply -BRf ./config/tuf
.PHONY: ko-apply-prober
ko-apply-prober:
LDFLAGS="$(LDFLAGS)" \
ko apply -BRf ./config/prober
.PHONY: ko-apply-sign-job
ko-apply-sign-job:
LDFLAGS="$(LDFLAGS)" \
ko apply -f ./testdata/config/sign-job
.PHONY: ko-apply-verify-job
ko-apply-verify-job:
LDFLAGS="$(LDFLAGS)" \
ko apply -f ./testdata/config/verify-job
.PHONY: ko-apply-gettoken
ko-apply-gettoken:
LDFLAGS="$(LDFLAGS)" \
ko apply -f ./testdata/config/gettoken
.PHONY: build
build: build-tuf-server build-cloudsqlproxy build-ctlog-createctconfig build-ctlog-managectroots build-ctlog-verifyfulcio build-fulcio-createcerts build-getoidctoken build-rekor-createsecret build-trillian-createdb build-trillian-createtree build-trillian-updatetree build-tsa-createcertchain build-tuf-createsecret
.PHONY: build-cloudsqlproxy
build-cloudsqlproxy:
go build -trimpath ./cmd/cloudsqlproxy
.PHONY: build-ctlog-createctconfig
build-ctlog-createctconfig:
go build -trimpath ./cmd/ctlog/createctconfig
.PHONY: build-ctlog-managectroots
build-ctlog-managectroots:
go build -trimpath ./cmd/ctlog/managectroots
.PHONY: build-ctlog-verifyfulcio
build-ctlog-verifyfulcio:
go build -trimpath ./cmd/ctlog/verifyfulcio
.PHONY: build-fulcio-createcerts
build-fulcio-createcerts:
go build -trimpath ./cmd/fulcio/createcerts
.PHONY: build-getoidctoken
build-getoidctoken:
go build -trimpath ./cmd/getoidctoken
.PHONY: build-rekor-createsecret
build-rekor-createsecret:
go build -trimpath ./cmd/rekor/rekor-createsecret
.PHONY: build-trillian-createdb
build-trillian-createdb:
go build -trimpath ./cmd/trillian/createdb
.PHONY: build-trillian-createtree
build-trillian-createtree:
go build -trimpath ./cmd/trillian/createtree
.PHONY: build-trillian-updatetree
build-trillian-updatetree:
go build -trimpath ./cmd/trillian/updatetree
.PHONY: build-tsa-createcertchain
build-tsa-createcertchain:
go build -trimpath ./cmd/tsa/createcertchain
.PHONY: build-tuf-createsecret
build-tuf-createsecret:
go build -trimpath ./cmd/tuf/createsecret
.PHONY: build-tuf-server
build-tuf-server:
go build -trimpath ./cmd/tuf/server