-
Notifications
You must be signed in to change notification settings - Fork 50
/
Makefile
174 lines (146 loc) · 4.47 KB
/
Makefile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
SHELL := /bin/bash
PY_MODULE := sigstore
ALL_PY_SRCS := $(shell find $(PY_MODULE) -name '*.py') \
$(shell find test -name '*.py') \
$(shell find docs/scripts -name '*.py') \
# Optionally overriden by the user, if they're using a virtual environment manager.
VENV ?= env
# On Windows, venv scripts/shims are under `Scripts` instead of `bin`.
VENV_BIN := $(VENV)/bin
ifeq ($(OS),Windows_NT)
VENV_BIN := $(VENV)/Scripts
endif
# Optionally overridden by the user in the `release` target.
BUMP_ARGS :=
# Optionally overridden by the user in the `test` target.
TESTS ?=
# Optionally overridden by the user/CI, to limit the installation to a specific
# subset of development dependencies.
SIGSTORE_EXTRA := dev
# If the user selects a specific test pattern to run, set `pytest` to fail fast
# and only run tests that match the pattern.
# Otherwise, run all tests and enable coverage assertions, since we expect
# complete test coverage.
ifneq ($(TESTS),)
TEST_ARGS := -x -k $(TESTS) $(TEST_ARGS)
COV_ARGS :=
else
TEST_ARGS := $(TEST_ARGS)
# TODO: Reenable coverage testing
# COV_ARGS := --fail-under 100
endif
ifneq ($(T),)
T := $(T)
else
T := test/unit test/integration
endif
.PHONY: all
all:
@echo "Run my targets individually!"
$(VENV)/pyvenv.cfg: pyproject.toml
# Create our Python 3 virtual environment
python3 -m venv $(VENV)
$(VENV_BIN)/python -m pip install --upgrade pip
$(VENV_BIN)/python -m pip install -e .[$(SIGSTORE_EXTRA)]
.PHONY: dev
dev: $(VENV)/pyvenv.cfg
.PHONY: run
run: $(VENV)/pyvenv.cfg
@. $(VENV_BIN)/activate && sigstore $(ARGS)
.PHONY: lint
lint: $(VENV)/pyvenv.cfg
. $(VENV_BIN)/activate && \
ruff format --check $(ALL_PY_SRCS) && \
ruff check $(ALL_PY_SRCS) && \
mypy $(PY_MODULE) && \
bandit -c pyproject.toml -r $(PY_MODULE) && \
interrogate --fail-under 100 -c pyproject.toml $(PY_MODULE) && \
python docs/scripts/gen_ref_pages.py --check
.PHONY: reformat
reformat: $(VENV)/pyvenv.cfg
. $(VENV_BIN)/activate && \
ruff check --fix $(ALL_PY_SRCS) && \
ruff format $(ALL_PY_SRCS)
.PHONY: test
test: $(VENV)/pyvenv.cfg
. $(VENV_BIN)/activate && \
$(TEST_ENV) pytest --cov-append --cov=$(PY_MODULE) $(T) $(TEST_ARGS) && \
python -m coverage report -m $(COV_ARGS)
.PHONY: test-interactive
test-interactive: TEST_ENV += \
SIGSTORE_IDENTITY_TOKEN_production=$$($(MAKE) -s run ARGS="get-identity-token") \
SIGSTORE_IDENTITY_TOKEN_staging=$$($(MAKE) -s run ARGS="--staging get-identity-token")
test-interactive: test
.PHONY: gen-x509-testcases
gen-x509-testcases: $(VENV)/pyvenv.cfg
. $(VENV_BIN)/activate && \
export TESTCASE_OVERWRITE=1 && \
python test/assets/x509/build-testcases.py && \
git diff --exit-code
.PHONY: doc
doc: $(VENV)/pyvenv.cfg
. $(VENV_BIN)/activate && \
python docs/scripts/gen_ref_pages.py --overwrite && \
mkdocs build --strict --site-dir html
.PHONY: package
package: $(VENV)/pyvenv.cfg
. $(VENV_BIN)/activate && \
python3 -m build
.PHONY: release
release: $(VENV)/pyvenv.cfg
@. $(VENV_BIN)/activate && \
NEXT_VERSION=$$(bump $(BUMP_ARGS)) && \
git add $(PY_MODULE)/_version.py && git diff --quiet --exit-code && \
git commit -m "version: v$${NEXT_VERSION}" && \
git tag v$${NEXT_VERSION} && \
echo "RUN ME MANUALLY: git push origin main && git push origin v$${NEXT_VERSION}"
.PHONY: check-readme
check-readme:
# sigstore --help
@diff \
<( \
awk '/@begin-sigstore-help@/{f=1;next} /@end-sigstore-help@/{f=0} f' \
< README.md | sed '1d;$$d' \
) \
<( \
$(MAKE) -s run ARGS="--help" \
)
# sigstore sign --help
@diff \
<( \
awk '/@begin-sigstore-sign-help@/{f=1;next} /@end-sigstore-sign-help@/{f=0} f' \
< README.md | sed '1d;$$d' \
) \
<( \
$(MAKE) -s run ARGS="sign --help" \
)
# sigstore attest --help
@diff \
<( \
awk '/@begin-sigstore-attest-help@/{f=1;next} /@end-sigstore-attest-help@/{f=0} f' \
< README.md | sed '1d;$$d' \
) \
<( \
$(MAKE) -s run ARGS="attest --help" \
)
# sigstore verify identity --help
@diff \
<( \
awk '/@begin-sigstore-verify-identity-help@/{f=1;next} /@end-sigstore-verify-identity-help@/{f=0} f' \
< README.md | sed '1d;$$d' \
) \
<( \
$(MAKE) -s run ARGS="verify identity --help" \
)
# sigstore verify github --help
@diff \
<( \
awk '/@begin-sigstore-verify-github-help@/{f=1;next} /@end-sigstore-verify-github-help@/{f=0} f' \
< README.md | sed '1d;$$d' \
) \
<( \
$(MAKE) -s run ARGS="verify github --help" \
)
.PHONY: edit
edit:
$(EDITOR) $(ALL_PY_SRCS)