-
Notifications
You must be signed in to change notification settings - Fork 3
/
Makefile
213 lines (189 loc) · 4.77 KB
/
Makefile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
# RESOURCE DEPLOYMENT FOR ANCHORE ENGINE
REGION ?= us-east-2
PROFILE ?= set-a-profile
ACCOUNT_ID ?= account-id-number
USERNAME ?= aws-user-name
export DOCKER_BUILDKIT=1
export AWS_DEFAULT_REGION=$(REGION)
TAG=1.0
IMAGE=demo/anchore-engine
TEST_IMAGE=tested/nginx
DOCKERFILE_PATH=anchore/anchore-engine/
default: all
#############
### LOGIN ###
#############
# get temporary mfa credentials
# USAGE: make get-cred REGION=xx-xxxx-x PROFILE=xxxx ACCOUNT_ID=xxxxx USERNAME=xxxx TOKEN=xxxx
get-cred:
@echo "=== Creating a MFA-protected temporary session... ==="
chmod +x tasks/scripts/get_temp_cred.sh
bash tasks/scripts/get_temp_cred.sh $(ACCOUNT_ID) $(USERNAME) $(PROFILE) $(REGION) $(TOKEN)
@echo "===== Temporary credential session ready!!! ====="
#############
### BUILD ###
#############
build:
@echo "=== Building Image ==="
docker build \
--build-arg AWS_PROFILE=$(AWS_PROFILE) \
--build-arg AWS_ACCESS_KEY_ID=$(AWS_ACCESS_KEY_ID) \
--build-arg AWS_SECRET_ACCESS_KEY=$(AWS_SECRET_ACCESS_KEY) \
--build-arg AWS_SESSION_TOKEN=$(AWS_SESSION_TOKEN) \
--target prod \
-t aws-anchore-engine:prod .
build-test:
@echo "=== Building Test Image ==="
docker build \
--build-arg AWS_PROFILE=$(AWS_PROFILE) \
--build-arg AWS_ACCESS_KEY_ID=$(AWS_ACCESS_KEY_ID) \
--build-arg AWS_SECRET_ACCESS_KEY=$(AWS_SECRET_ACCESS_KEY) \
--build-arg AWS_SESSION_TOKEN=$(AWS_SESSION_TOKEN) \
--target test \
-t aws-anchore-engine:test .
###############
### DEVELOP ###
###############
develop:
@echo "=== Develop ==="
docker run -it --rm \
-e AWS_PROFILE \
-e AWS_DEFAULT_REGION \
-e AWS_ACCESS_KEY_ID \
-e AWS_SECRET_ACCESS_KEY \
-e AWS_SESSION_TOKEN \
-v $(PWD):/src \
-w /src \
aws-anchore-engine:test
############
### TEST ###
############
test-%:
@echo "=== Testing and Validating CFN templates ==="
docker run -it --rm \
-e AWS_PROFILE \
-e AWS_DEFAULT_REGION \
-e AWS_ACCESS_KEY_ID \
-e AWS_SECRET_ACCESS_KEY \
-e AWS_SESSION_TOKEN \
-v $(PWD):/src \
aws-anchore-engine:test \
make $*
lint:
python -m pylint anchore tasks
validate:
python tests/validate.py
security:
bandit -r .
unit:
python -m pytest -vv \
-W ignore::DeprecationWarning \
--cov-report term-missing \
--cov=anchore \
--cov-fail-under=95 \
tests/unit
e2e:
python -m pytest -vv -W ignore::DeprecationWarning tests/e2e
test:
ifeq ($(TEST),)
$(eval CMD=test-)
else
$(eval CMD:=)
endif
make $(CMD)lint
make $(CMD)validate
make $(CMD)security
make $(CMD)unit
# make $(CMD)e2e
##############
### DEPLOY ###
##############
# push container images to ECR registry
push-image:
docker run -t --rm \
-e AWS_PROFILE \
-e AWS_DEFAULT_REGION \
-e AWS_ACCESS_KEY_ID \
-e AWS_SECRET_ACCESS_KEY \
-e AWS_SESSION_TOKEN \
-v $(PWD):/src \
aws-anchore-engine:prod \
python app_image.py
@echo "=== Pushing local image to remote registry... ==="
chmod +x tasks/scripts/push_image.sh
bash tasks/scripts/push_image.sh \
$(IMAGE) \
$(DOCKERFILE_PATH) \
$(ACCOUNT_ID) \
$(TAG) \
$(AWS_DEFAULT_REGION)
@echo "===== Image Pushed to ECR Complete!!!! ====="
# deploy cloudformation stacks
deploy-stacks:
docker run -t --rm \
-e AWS_PROFILE \
-e AWS_DEFAULT_REGION \
-e AWS_ACCESS_KEY_ID \
-e AWS_SECRET_ACCESS_KEY \
-e AWS_SESSION_TOKEN \
-v $(PWD):/src \
aws-anchore-engine:prod \
python index.py
# USAGE: make deploy ACCOUNT_ID=12345678901
deploy: push-image deploy-stacks
pipeline:
docker run -t --rm \
-e AWS_PROFILE \
-e AWS_DEFAULT_REGION \
-e AWS_ACCESS_KEY_ID \
-e AWS_SECRET_ACCESS_KEY \
-e AWS_SESSION_TOKEN \
-v $(PWD):/src \
aws-anchore-engine:prod \
python pipeline.py
##############
### DELETE ###
##############
teardown:
docker run -it --rm \
-e AWS_PROFILE \
-e AWS_DEFAULT_REGION \
-e AWS_ACCESS_KEY_ID \
-e AWS_SECRET_ACCESS_KEY \
-e AWS_SESSION_TOKEN \
-v $(PWD):/src \
-w /src \
aws-anchore-engine:prod \
aws ecr delete-repository --repository-name $(TEST_IMAGE) --force
docker run -it --rm \
-e AWS_PROFILE \
-e AWS_DEFAULT_REGION \
-e AWS_ACCESS_KEY_ID \
-e AWS_SECRET_ACCESS_KEY \
-e AWS_SESSION_TOKEN \
-v $(PWD):/src \
-w /src \
aws-anchore-engine:prod \
python tasks/teardown_stack.py 'configs/delete_configs.yml'
docker run -it --rm \
-e AWS_PROFILE \
-e AWS_DEFAULT_REGION \
-e AWS_ACCESS_KEY_ID \
-e AWS_SECRET_ACCESS_KEY \
-e AWS_SESSION_TOKEN \
-v $(PWD):/src \
-w /src \
aws-anchore-engine:prod \
aws ecr delete-repository --repository-name $(IMAGE) --force
docker run -it --rm \
-e AWS_PROFILE \
-e AWS_DEFAULT_REGION \
-e AWS_ACCESS_KEY_ID \
-e AWS_SECRET_ACCESS_KEY \
-e AWS_SESSION_TOKEN \
-v $(PWD):/src \
-w /src \
aws-anchore-engine:prod \
python tasks/teardown_stack.py configs/ecr_configs.yml
all: build-test test build deploy test-e2e
.PHONY: build all test develop