From 9b039cd4c26963bf425753bbefad48904e90d752 Mon Sep 17 00:00:00 2001 From: Chris Date: Wed, 9 Jul 2025 10:11:36 +0100 Subject: [PATCH] Standardise make and actions --- .github/workflows/test.yml | 2 +- Makefile | 70 ++++++++++++-------------------------- 2 files changed, 23 insertions(+), 49 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 172d23f..7d2d96e 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -14,7 +14,7 @@ jobs: - name: Setup OPA uses: open-policy-agent/setup-opa@v2 with: - version: latest + version: 1.6.0 - name: Run OPA Tests run: opa test policies diff --git a/Makefile b/Makefile index 0ea2f07..450d2d3 100644 --- a/Makefile +++ b/Makefile @@ -1,17 +1,13 @@ -# Makefile for building and pushing OPA policies to a registry - -# Variables -REGISTRY_URL := ghcr.io -NAMESPACE := compliance-framework -POLICY_NAME := plugin-github-settings-policies -VERSION := latest -POLICY_DIR := ./policies # Directory containing your .rego files - -# Build and Push Commands -.PHONY: all build bundle push clean - -# Default action -all: test check build push clean +# The help target prints out all targets with their descriptions organized +# beneath their categories. The categories are represented by '##@' and the +# target descriptions by '##'. The awk commands is responsible for reading the +# entire set of makefiles included in this invocation, looking for lines of the +# file as xyz: ## something, and then pretty-format the target and help. Then, +# if there's a line with ##@ something, that gets pretty-printed as a category. +# More info on the usage of ANSI catalog characters for terminal formatting: +# https://en.wikipedia.org/wiki/ANSI_escape_code#SGR_parameters +# More info on the awk command: +# http://linuxcommand.org/lc3_adv_awk.php # Check if OPA CLI is installed OPA := $(shell command -v opa 2> /dev/null) @@ -19,47 +15,25 @@ ifeq ($(OPA),) $(error "opa CLI not found. Please install it: https://www.openpolicyagent.org/docs/latest/cli/") endif -# Check if Docker CLI is installed +##@ Help +help: ## Display this concise help, ie only the porcelain target + @awk 'BEGIN {FS = ":.*##"; printf "\033[1mUsage\033[0m\n make \033[36m\033[0m\n"} /^[a-zA-Z_0-9-]+:.*?##/ { printf " \033[36m%-30s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST) -CONTAINER_CLI := "" -DOCKER := $(shell command -v docker 2> /dev/null) -PODMAN := $(shell command -v podman 2> /dev/null) -ifeq ($(DOCKER),) - PODMAN := := $(shell command -v podman 2> /dev/null) - ifeq ($(PODMAN),) - $(error "either docker or podman CLI is required.") - else - CONTAINER_CLI = PODMAN - endif -else - CONTAINER_CLI = DOCKER -endif +help-all: ## Display all help items, ie including plumbing targets + @awk 'BEGIN {FS = ":.*#"; printf "\nUsage:\n make \033[36m\033[0m\n"} /^[a-zA-Z_0-9-]+:.*?#/ { printf " \033[36m%-25s\033[0m %s\n", $$1, $$2 } /^#@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST) -test: - @echo "Testing policies..." +##@ Policies +test: ## Test policy files @OPA test policies -# Build the policies -check: - @echo "Checking policies..." +validate: ## Validate policy files @opa check policies +clean: # Cleanup build artifacts + @rm -f dist/* + # Bundle the policies into a tarball for OCI registry -build: clean - @echo "Bundling policies..." +build: clean ## Build the policy bundle @mkdir -p dist/ @opa build -b policies -o dist/bundle.tar.gz -# Push the bundled policies to an OCI-compliant registry -push: build - @echo "Pushing bundle to registry..." - @# Log in to the registry if necessary - @$(CONTAINER_CLI) login $(REGISTRY_URL) - @# Push the bundle as an OCI artifact - @$(CONTAINER_CLI) cp dist/bundle.tar.gz $(REGISTRY_URL)/$(NAMESPACE)/$(POLICY_NAME):$(VERSION) - @echo "Bundle pushed successfully to $(REGISTRY_URL)/$(NAMESPACE)/$(POLICY_NAME):$(VERSION)" - -# Clean up build artifacts -clean: - @echo "Cleaning up..." - @rm -f dist/bundle.tar.gz