From 3e1a94992786ea8353807518a19e553859d3173b Mon Sep 17 00:00:00 2001 From: Christopher Phillips Date: Fri, 16 Sep 2022 14:09:47 -0400 Subject: [PATCH 1/6] wip Signed-off-by: Christopher Phillips --- Makefile | 39 +++++++++++++++++++++++---------------- 1 file changed, 23 insertions(+), 16 deletions(-) diff --git a/Makefile b/Makefile index daa819042d5..a9460e0ac12 100644 --- a/Makefile +++ b/Makefile @@ -1,19 +1,16 @@ BIN = syft +VERSION=$(shell git describe --dirty --always --tags) TEMPDIR = ./.tmp -RESULTSDIR = test/results -COVER_REPORT = $(RESULTSDIR)/unit-coverage-details.txt -COVER_TOTAL = $(RESULTSDIR)/unit-coverage-summary.txt + +# commands and versions LINTCMD = $(TEMPDIR)/golangci-lint run --tests=false --timeout=4m --config .golangci.yaml GOIMPORTS_CMD = $(TEMPDIR)/gosimports -local github.com/anchore RELEASE_CMD=$(TEMPDIR)/goreleaser release --rm-dist SNAPSHOT_CMD=$(RELEASE_CMD) --skip-publish --snapshot -VERSION=$(shell git describe --dirty --always --tags) -COMPARE_TEST_IMAGE = centos:8.2.2004 -COMPARE_DIR = ./test/compare GOLANGCILINT_VERSION = v1.49.0 +GOSIMPORTS_VERSION = v0.3.1 BOUNCER_VERSION = v0.4.0 CHRONICLE_VERSION = v0.4.1 -GOSIMPORTS_VERSION = v0.3.1 GORELEASER_VERSION = v1.11.2 YAJSV_VERSION = v1.4.0 COSIGN_VERSION = v1.12.0 @@ -28,6 +25,12 @@ RESET := $(shell tput -T linux sgr0) TITLE := $(BOLD)$(PURPLE) SUCCESS := $(BOLD)$(GREEN) +# test variables +RESULTSDIR = test/results +COMPARE_DIR = ./test/compare +COMPARE_TEST_IMAGE = centos:8.2.2004 +COVER_REPORT = $(RESULTSDIR)/unit-coverage-details.txt +COVER_TOTAL = $(RESULTSDIR)/unit-coverage-summary.txt # the quality gate lower threshold for unit test total % coverage (by function statements) COVERAGE_THRESHOLD := 62 @@ -43,7 +46,6 @@ OS=$(shell uname | tr '[:upper:]' '[:lower:]') SNAPSHOT_BIN=$(realpath $(shell pwd)/$(SNAPSHOTDIR)/$(OS)-build_$(OS)_amd64_v1/$(BIN)) ## Variable assertions - ifndef TEMPDIR $(error TEMPDIR is not set) endif @@ -84,6 +86,9 @@ define safe_rm_rf_children bash -c 'test -z "$(1)" && false || rm -rf $(1)/*' endef +## Default Task +.DEFAULT_GOAL:=help + ## Tasks .PHONY: all @@ -93,10 +98,6 @@ all: clean static-analysis test ## Run all linux-based checks (linting, license .PHONY: test test: unit validate-cyclonedx-schema integration benchmark compare-linux cli ## Run all tests (currently unit, integration, linux compare, and cli tests) -.PHONY: help -help: - @grep -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | sort | awk 'BEGIN {FS = ":.*?## "}; {printf "$(BOLD)$(CYAN)%-25s$(RESET)%s\n", $$1, $$2}' - .PHONY: ci-bootstrap ci-bootstrap: DEBIAN_FRONTEND=noninteractive sudo apt update && sudo -E apt install -y bc jq libxml2-utils @@ -128,7 +129,7 @@ bootstrap-go: go mod download .PHONY: bootstrap -bootstrap: $(RESULTSDIR) bootstrap-go bootstrap-tools ## Download and install all go dependencies (+ prep tooling in the ./tmp dir) +bootstrap: $(RESULTSDIR) bootstrap-go bootstrap-tools ## Download and install all tooling dependencies (+ prep tooling in the ./tmp dir) $(call title,Bootstrapping dependencies) .PHONY: static-analysis @@ -404,14 +405,16 @@ clean-dist: clean-changelog clean-changelog: rm -f CHANGELOG.md -clean-test-image-cache: clean-test-image-tar-cache clean-test-image-docker-cache +clean-test-image-cache: clean-test-image-tar-cache clean-test-image-docker-cache ## Clean test image cache .PHONY: clear-test-image-tar-cache -clean-test-image-tar-cache: ## Delete all test cache (built docker image tars) +clean-test-image-tar-cache: + ## Delete all test cache (built docker image tars) find . -type f -wholename "**/test-fixtures/cache/stereoscope-fixture-*.tar" -delete .PHONY: clear-test-image-docker-cache -clean-test-image-docker-cache: ## Purge all test docker images +clean-test-image-docker-cache: + ## Purge all test docker images docker images --format '{{.ID}} {{.Repository}}' | grep stereoscope-fixture- | awk '{print $$1}' | uniq | xargs -r docker rmi --force .PHONY: show-test-image-cache @@ -426,3 +429,7 @@ show-test-image-cache: ## Show all docker and image tar cache show-test-snapshots: ## Show all test snapshots $(call title,Test snapshots) @find . -type f -wholename "**/test-fixtures/snapshot/*" | sort + +.PHONY: help +help: ## Display this help + @grep -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | sort | awk 'BEGIN {FS = ":.*?## "}; {printf "$(BOLD)$(CYAN)%-25s$(RESET)%s\n", $$1, $$2}' From 1f05741f0581b5727f93be5ccfe12c9d2fa7605d Mon Sep 17 00:00:00 2001 From: Christopher Phillips Date: Fri, 16 Sep 2022 14:14:27 -0400 Subject: [PATCH 2/6] remove help text from release - release command is not a manual command - remove from help output Signed-off-by: Christopher Phillips --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index a9460e0ac12..682b75ecda7 100644 --- a/Makefile +++ b/Makefile @@ -351,7 +351,7 @@ CHANGELOG.md: $(TEMPDIR)/chronicle -vv > CHANGELOG.md .PHONY: release -release: clean-dist CHANGELOG.md ## Build and publish final binaries and packages. Intended to be run only on macOS. +release: clean-dist CHANGELOG.md $(call title,Publishing release artifacts) # create a config with the dist dir overridden From 6e8f0f4db85bdcca66f0dab277d177f54c0a9cad Mon Sep 17 00:00:00 2001 From: Christopher Phillips Date: Fri, 16 Sep 2022 14:37:43 -0400 Subject: [PATCH 3/6] update DEVELOPING.md with extra steps and sample Signed-off-by: Christopher Phillips --- DEVELOPING.md | 37 ++++++++++++++++++++++++++++++++----- 1 file changed, 32 insertions(+), 5 deletions(-) diff --git a/DEVELOPING.md b/DEVELOPING.md index f12462ab4ef..a39fbd616c2 100644 --- a/DEVELOPING.md +++ b/DEVELOPING.md @@ -6,14 +6,41 @@ In order to test and develop in this repo you will need the following dependenci - docker - make -After cloning do the following: +After cloning you can do the following: 1. run `make bootstrap` to download go mod dependencies, create the `/.tmp` dir, and download helper utilities. -2. run `make` to run linting, tests, and other verifications to make certain everything is working alright. - -Checkout `make help` to see what other actions you can take. +2. run `make` to view the selection of developer commands in the Makefile +3. run `make build` to build the release snapshot binaries and packages +4. for an even quicker start you can run `go run cmd/syft/main.go` to print the syft help. + - this command `go run cmd/syft/main.go alpine:latest` will compile and run syft against `alpine:latest` +5. view the README or syft help output for more output options The main make tasks for common static analysis and testing are `lint`, `lint-fix`, `unit`, `integration`, and `cli`. +#### Make output +``` +all Run all linux-based checks (linting, license check, unit, integration, and linux compare tests) +benchmark Run benchmark tests and compare against the baseline (if available) +bootstrap Download and install all tooling dependencies (+ prep tooling in the ./tmp dir) +build Build release snapshot binaries and packages +check-licenses Ensure transitive dependencies are compliant with the current license policy +clean-test-image-cache Clean test image cache +clean Remove previous builds, result reports, and test cache +cli Run CLI tests +compare-linux Run compare tests on build snapshot binaries and packages (Linux) +compare-mac Run compare tests on build snapshot binaries and packages (Mac) +generate-json-schema Generate a new json schema +generate-license-list Generate an updated spdx license list +help Display this help +integration Run integration tests +lint-fix Auto-format all source code + run golangci lint fixers +lint Run gofmt + golangci lint checks +show-test-image-cache Show all docker and image tar cache +show-test-snapshots Show all test snapshots +snapshot-with-signing Build snapshot release binaries and packages (with dummy signing) +test Run all tests (currently unit, integration, linux compare, and cli tests) +unit Run unit tests (with coverage) +``` + ## Levels of testing - `unit`: The default level of test which is distributed throughout the repo are unit tests. Any `_test.go` file that @@ -176,4 +203,4 @@ TODO: outline: - source.Source - file.Resolvers - logger abstraction -- events / bus abstraction \ No newline at end of file +- events / bus abstraction From 637c8a76196fe6ad7c442262a26be7dd11cc129c Mon Sep 17 00:00:00 2001 From: Christopher Phillips Date: Fri, 16 Sep 2022 14:40:11 -0400 Subject: [PATCH 4/6] update timeout based on latest master failure Signed-off-by: Christopher Phillips --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 682b75ecda7..ef4d296d7e1 100644 --- a/Makefile +++ b/Makefile @@ -3,7 +3,7 @@ VERSION=$(shell git describe --dirty --always --tags) TEMPDIR = ./.tmp # commands and versions -LINTCMD = $(TEMPDIR)/golangci-lint run --tests=false --timeout=4m --config .golangci.yaml +LINTCMD = $(TEMPDIR)/golangci-lint run --tests=false --timeout=5m --config .golangci.yaml GOIMPORTS_CMD = $(TEMPDIR)/gosimports -local github.com/anchore RELEASE_CMD=$(TEMPDIR)/goreleaser release --rm-dist SNAPSHOT_CMD=$(RELEASE_CMD) --skip-publish --snapshot From ce09b9092493b0699f1894d28544c762b2c5243f Mon Sep 17 00:00:00 2001 From: Christopher Phillips Date: Fri, 16 Sep 2022 14:41:22 -0400 Subject: [PATCH 5/6] remove typo Signed-off-by: Christopher Phillips --- DEVELOPING.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/DEVELOPING.md b/DEVELOPING.md index a39fbd616c2..058c14aa488 100644 --- a/DEVELOPING.md +++ b/DEVELOPING.md @@ -6,7 +6,7 @@ In order to test and develop in this repo you will need the following dependenci - docker - make -After cloning you can do the following: +After cloning the following step can help you get setup: 1. run `make bootstrap` to download go mod dependencies, create the `/.tmp` dir, and download helper utilities. 2. run `make` to view the selection of developer commands in the Makefile 3. run `make build` to build the release snapshot binaries and packages From 6fff771fc345359bc94ab522e805e9d2e9f33de4 Mon Sep 17 00:00:00 2001 From: Christopher Phillips Date: Fri, 16 Sep 2022 14:42:38 -0400 Subject: [PATCH 6/6] reorder instruction Signed-off-by: Christopher Phillips --- DEVELOPING.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/DEVELOPING.md b/DEVELOPING.md index 058c14aa488..c30497100de 100644 --- a/DEVELOPING.md +++ b/DEVELOPING.md @@ -14,8 +14,6 @@ After cloning the following step can help you get setup: - this command `go run cmd/syft/main.go alpine:latest` will compile and run syft against `alpine:latest` 5. view the README or syft help output for more output options -The main make tasks for common static analysis and testing are `lint`, `lint-fix`, `unit`, `integration`, and `cli`. - #### Make output ``` all Run all linux-based checks (linting, license check, unit, integration, and linux compare tests) @@ -41,6 +39,8 @@ test Run all tests (currently unit, integration, linux compa unit Run unit tests (with coverage) ``` +The main make tasks for common static analysis and testing are `lint`, `lint-fix`, `unit`, `integration`, and `cli`. + ## Levels of testing - `unit`: The default level of test which is distributed throughout the repo are unit tests. Any `_test.go` file that