diff --git a/DEVELOPING.md b/DEVELOPING.md index f12462ab4ef..c30497100de 100644 --- a/DEVELOPING.md +++ b/DEVELOPING.md @@ -6,11 +6,38 @@ In order to test and develop in this repo you will need the following dependenci - docker - make -After cloning do the following: +After cloning the following step can help you get setup: 1. run `make bootstrap` to download go mod dependencies, create the `/.tmp` dir, and download helper utilities. -2. run `make` to run linting, tests, and other verifications to make certain everything is working alright. +2. run `make` to view the selection of developer commands in the Makefile +3. run `make build` to build the release snapshot binaries and packages +4. for an even quicker start you can run `go run cmd/syft/main.go` to print the syft help. + - this command `go run cmd/syft/main.go alpine:latest` will compile and run syft against `alpine:latest` +5. view the README or syft help output for more output options -Checkout `make help` to see what other actions you can take. +#### Make output +``` +all Run all linux-based checks (linting, license check, unit, integration, and linux compare tests) +benchmark Run benchmark tests and compare against the baseline (if available) +bootstrap Download and install all tooling dependencies (+ prep tooling in the ./tmp dir) +build Build release snapshot binaries and packages +check-licenses Ensure transitive dependencies are compliant with the current license policy +clean-test-image-cache Clean test image cache +clean Remove previous builds, result reports, and test cache +cli Run CLI tests +compare-linux Run compare tests on build snapshot binaries and packages (Linux) +compare-mac Run compare tests on build snapshot binaries and packages (Mac) +generate-json-schema Generate a new json schema +generate-license-list Generate an updated spdx license list +help Display this help +integration Run integration tests +lint-fix Auto-format all source code + run golangci lint fixers +lint Run gofmt + golangci lint checks +show-test-image-cache Show all docker and image tar cache +show-test-snapshots Show all test snapshots +snapshot-with-signing Build snapshot release binaries and packages (with dummy signing) +test Run all tests (currently unit, integration, linux compare, and cli tests) +unit Run unit tests (with coverage) +``` The main make tasks for common static analysis and testing are `lint`, `lint-fix`, `unit`, `integration`, and `cli`. @@ -176,4 +203,4 @@ TODO: outline: - source.Source - file.Resolvers - logger abstraction -- events / bus abstraction \ No newline at end of file +- events / bus abstraction diff --git a/Makefile b/Makefile index daa819042d5..ef4d296d7e1 100644 --- a/Makefile +++ b/Makefile @@ -1,19 +1,16 @@ BIN = syft +VERSION=$(shell git describe --dirty --always --tags) TEMPDIR = ./.tmp -RESULTSDIR = test/results -COVER_REPORT = $(RESULTSDIR)/unit-coverage-details.txt -COVER_TOTAL = $(RESULTSDIR)/unit-coverage-summary.txt -LINTCMD = $(TEMPDIR)/golangci-lint run --tests=false --timeout=4m --config .golangci.yaml + +# commands and versions +LINTCMD = $(TEMPDIR)/golangci-lint run --tests=false --timeout=5m --config .golangci.yaml GOIMPORTS_CMD = $(TEMPDIR)/gosimports -local github.com/anchore RELEASE_CMD=$(TEMPDIR)/goreleaser release --rm-dist SNAPSHOT_CMD=$(RELEASE_CMD) --skip-publish --snapshot -VERSION=$(shell git describe --dirty --always --tags) -COMPARE_TEST_IMAGE = centos:8.2.2004 -COMPARE_DIR = ./test/compare GOLANGCILINT_VERSION = v1.49.0 +GOSIMPORTS_VERSION = v0.3.1 BOUNCER_VERSION = v0.4.0 CHRONICLE_VERSION = v0.4.1 -GOSIMPORTS_VERSION = v0.3.1 GORELEASER_VERSION = v1.11.2 YAJSV_VERSION = v1.4.0 COSIGN_VERSION = v1.12.0 @@ -28,6 +25,12 @@ RESET := $(shell tput -T linux sgr0) TITLE := $(BOLD)$(PURPLE) SUCCESS := $(BOLD)$(GREEN) +# test variables +RESULTSDIR = test/results +COMPARE_DIR = ./test/compare +COMPARE_TEST_IMAGE = centos:8.2.2004 +COVER_REPORT = $(RESULTSDIR)/unit-coverage-details.txt +COVER_TOTAL = $(RESULTSDIR)/unit-coverage-summary.txt # the quality gate lower threshold for unit test total % coverage (by function statements) COVERAGE_THRESHOLD := 62 @@ -43,7 +46,6 @@ OS=$(shell uname | tr '[:upper:]' '[:lower:]') SNAPSHOT_BIN=$(realpath $(shell pwd)/$(SNAPSHOTDIR)/$(OS)-build_$(OS)_amd64_v1/$(BIN)) ## Variable assertions - ifndef TEMPDIR $(error TEMPDIR is not set) endif @@ -84,6 +86,9 @@ define safe_rm_rf_children bash -c 'test -z "$(1)" && false || rm -rf $(1)/*' endef +## Default Task +.DEFAULT_GOAL:=help + ## Tasks .PHONY: all @@ -93,10 +98,6 @@ all: clean static-analysis test ## Run all linux-based checks (linting, license .PHONY: test test: unit validate-cyclonedx-schema integration benchmark compare-linux cli ## Run all tests (currently unit, integration, linux compare, and cli tests) -.PHONY: help -help: - @grep -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | sort | awk 'BEGIN {FS = ":.*?## "}; {printf "$(BOLD)$(CYAN)%-25s$(RESET)%s\n", $$1, $$2}' - .PHONY: ci-bootstrap ci-bootstrap: DEBIAN_FRONTEND=noninteractive sudo apt update && sudo -E apt install -y bc jq libxml2-utils @@ -128,7 +129,7 @@ bootstrap-go: go mod download .PHONY: bootstrap -bootstrap: $(RESULTSDIR) bootstrap-go bootstrap-tools ## Download and install all go dependencies (+ prep tooling in the ./tmp dir) +bootstrap: $(RESULTSDIR) bootstrap-go bootstrap-tools ## Download and install all tooling dependencies (+ prep tooling in the ./tmp dir) $(call title,Bootstrapping dependencies) .PHONY: static-analysis @@ -350,7 +351,7 @@ CHANGELOG.md: $(TEMPDIR)/chronicle -vv > CHANGELOG.md .PHONY: release -release: clean-dist CHANGELOG.md ## Build and publish final binaries and packages. Intended to be run only on macOS. +release: clean-dist CHANGELOG.md $(call title,Publishing release artifacts) # create a config with the dist dir overridden @@ -404,14 +405,16 @@ clean-dist: clean-changelog clean-changelog: rm -f CHANGELOG.md -clean-test-image-cache: clean-test-image-tar-cache clean-test-image-docker-cache +clean-test-image-cache: clean-test-image-tar-cache clean-test-image-docker-cache ## Clean test image cache .PHONY: clear-test-image-tar-cache -clean-test-image-tar-cache: ## Delete all test cache (built docker image tars) +clean-test-image-tar-cache: + ## Delete all test cache (built docker image tars) find . -type f -wholename "**/test-fixtures/cache/stereoscope-fixture-*.tar" -delete .PHONY: clear-test-image-docker-cache -clean-test-image-docker-cache: ## Purge all test docker images +clean-test-image-docker-cache: + ## Purge all test docker images docker images --format '{{.ID}} {{.Repository}}' | grep stereoscope-fixture- | awk '{print $$1}' | uniq | xargs -r docker rmi --force .PHONY: show-test-image-cache @@ -426,3 +429,7 @@ show-test-image-cache: ## Show all docker and image tar cache show-test-snapshots: ## Show all test snapshots $(call title,Test snapshots) @find . -type f -wholename "**/test-fixtures/snapshot/*" | sort + +.PHONY: help +help: ## Display this help + @grep -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | sort | awk 'BEGIN {FS = ":.*?## "}; {printf "$(BOLD)$(CYAN)%-25s$(RESET)%s\n", $$1, $$2}'