mirror of
https://github.com/securego/gosec.git
synced 2024-12-28 21:08:22 +02:00
84661730b0
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com> Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
90 lines
2.4 KiB
Makefile
90 lines
2.4 KiB
Makefile
GIT_TAG?= $(shell git describe --always --tags)
|
|
BIN = gosec
|
|
FMT_CMD = $(gofmt -s -l -w $(find . -type f -name '*.go' -not -path './vendor/*') | tee /dev/stderr)
|
|
IMAGE_REPO = securego
|
|
BUILD_DATE ?= $(shell date +%Y-%m-%d)
|
|
BUILDFLAGS := "-w -s -X 'main.Version=$(GIT_TAG)' -X 'main.GitTag=$(GIT_TAG)' -X 'main.BuildDate=$(BUILD_DATE)'"
|
|
CGO_ENABLED = 0
|
|
GO := GO111MODULE=on go
|
|
GO_NOMOD :=GO111MODULE=off go
|
|
GOPATH ?= $(shell $(GO) env GOPATH)
|
|
GOBIN ?= $(GOPATH)/bin
|
|
GOLINT ?= $(GOBIN)/golint
|
|
GOSEC ?= $(GOBIN)/gosec
|
|
GINKGO ?= $(GOBIN)/ginkgo
|
|
GO_MINOR_VERSION = $(shell $(GO) version | cut -c 14- | cut -d' ' -f1 | cut -d'.' -f2)
|
|
GOVULN_MIN_VERSION = 17
|
|
GO_VERSION = 1.19
|
|
|
|
default:
|
|
$(MAKE) build
|
|
|
|
install-test-deps:
|
|
go install github.com/onsi/ginkgo/v2/ginkgo@latest
|
|
$(GO_NOMOD) get -u golang.org/x/crypto/ssh
|
|
$(GO_NOMOD) get -u github.com/lib/pq
|
|
|
|
install-govulncheck:
|
|
@if [ $(GO_MINOR_VERSION) -gt $(GOVULN_MIN_VERSION) ]; then \
|
|
go install golang.org/x/vuln/cmd/govulncheck@latest; \
|
|
fi
|
|
|
|
test: install-test-deps build fmt lint sec govulncheck
|
|
$(GINKGO) -v --fail-fast
|
|
|
|
fmt:
|
|
@echo "FORMATTING"
|
|
@FORMATTED=`$(GO) fmt ./...`
|
|
@([ ! -z "$(FORMATTED)" ] && printf "Fixed unformatted files:\n$(FORMATTED)") || true
|
|
|
|
lint:
|
|
@echo "LINTING: golint"
|
|
$(GO_NOMOD) get -u golang.org/x/lint/golint
|
|
$(GOLINT) -set_exit_status ./...
|
|
@echo "VETTING"
|
|
$(GO) vet ./...
|
|
|
|
golangci:
|
|
@echo "LINTING: golangci-lint"
|
|
golangci-lint run
|
|
|
|
sec:
|
|
@echo "SECURITY SCANNING"
|
|
./$(BIN) ./...
|
|
|
|
govulncheck: install-govulncheck
|
|
@echo "CHECKING VULNERABILITIES"
|
|
@if [ $(GO_MINOR_VERSION) -gt $(GOVULN_MIN_VERSION) ]; then \
|
|
govulncheck ./...; \
|
|
fi
|
|
|
|
test-coverage: install-test-deps
|
|
go test -race -v -count=1 -coverprofile=coverage.out ./...
|
|
|
|
build:
|
|
go build -o $(BIN) ./cmd/gosec/
|
|
|
|
clean:
|
|
rm -rf build vendor dist coverage.txt
|
|
rm -f release image $(BIN)
|
|
|
|
release:
|
|
@echo "Releasing the gosec binary..."
|
|
goreleaser release
|
|
|
|
build-linux:
|
|
CGO_ENABLED=$(CGO_ENABLED) GOOS=linux GOARCH=amd64 go build -ldflags=$(BUILDFLAGS) -o $(BIN) ./cmd/gosec/
|
|
|
|
image:
|
|
@echo "Building the Docker image..."
|
|
docker build -t $(IMAGE_REPO)/$(BIN):$(GIT_TAG) --build-arg GO_VERSION=$(GO_VERSION) .
|
|
docker tag $(IMAGE_REPO)/$(BIN):$(GIT_TAG) $(IMAGE_REPO)/$(BIN):latest
|
|
touch image
|
|
|
|
image-push: image
|
|
@echo "Pushing the Docker image..."
|
|
docker push $(IMAGE_REPO)/$(BIN):$(GIT_TAG)
|
|
docker push $(IMAGE_REPO)/$(BIN):latest
|
|
|
|
.PHONY: test build clean release image image-push
|