-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathMakefile
More file actions
58 lines (48 loc) · 2.1 KB
/
Makefile
File metadata and controls
58 lines (48 loc) · 2.1 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
.PHONY: build test
APP_NAME=artifact
MONOREPO_TMP_DIR?=/tmp/monorepo
SECURITY_TOOLBOX_TMP_DIR?=$(MONOREPO_TMP_DIR)/security-toolbox
SECURITY_TOOLBOX_BRANCH ?= main
APP_DIRECTORY ?= /app
SECURITY_SCANNERS=vuln,secret,misconfig
check.prepare:
rm -rf $(MONOREPO_TMP_DIR)
git clone --depth 1 --filter=blob:none --sparse https://github.com/semaphoreio/semaphore $(MONOREPO_TMP_DIR) && \
cd $(MONOREPO_TMP_DIR) && \
git config core.sparseCheckout true && \
git sparse-checkout init --cone && \
git sparse-checkout set security-toolbox && \
git checkout main && cd -
check.static: check.prepare
docker run -it -v $$(pwd):$(APP_DIRECTORY) \
-v $(SECURITY_TOOLBOX_TMP_DIR):$(SECURITY_TOOLBOX_TMP_DIR) \
registry.semaphoreci.com/ruby:3 \
bash -c 'cd $(APP_DIRECTORY) && $(SECURITY_TOOLBOX_TMP_DIR)/code --language go -d'
check.deps: check.prepare
docker run -it -v $$(pwd):$(APP_DIRECTORY) \
-v $(SECURITY_TOOLBOX_TMP_DIR):$(SECURITY_TOOLBOX_TMP_DIR) \
registry.semaphoreci.com/ruby:3 \
bash -c 'cd $(APP_DIRECTORY) && $(SECURITY_TOOLBOX_TMP_DIR)/dependencies --language go -d'
check.generate-report: check.prepare
docker run -it \
-v $$(pwd):/app \
-v $(SECURITY_TOOLBOX_TMP_DIR):$(SECURITY_TOOLBOX_TMP_DIR) \
registry.semaphoreci.com/ruby:3 \
bash -c 'cd $(APP_DIRECTORY) && $(SECURITY_TOOLBOX_TMP_DIR)/report --service-name "[$(CHECK_TYPE)] $(APP_NAME)"'
check.generate-global-report: check.prepare
docker run -it \
-v $$(pwd):/app \
-v $(SECURITY_TOOLBOX_TMP_DIR):$(SECURITY_TOOLBOX_TMP_DIR) \
registry.semaphoreci.com/ruby:3 \
bash -c 'cd $(APP_DIRECTORY) && $(SECURITY_TOOLBOX_TMP_DIR)/global-report -i reports -o out'
go.get:
docker-compose run --rm cli go get ./...
go.fmt:
docker-compose run --rm cli go fmt ./...
test:
docker-compose run --rm cli gotestsum --format short-verbose --junitfile junit-report.xml --packages="./..." -- -p 1
# Go 1.20 changed the handling of git worktrees,
# so we need to pass buildvcs=false, for now.
# See: https://github.com/golang/go/issues/59068
build:
docker-compose run --rm cli env GOFLAGS=-buildvcs=false GOOS=$(OS) GOARCH=$(ARCH) go build -o artifact