-
-
Notifications
You must be signed in to change notification settings - Fork 6
Expand file tree
/
Copy pathMakefile
More file actions
47 lines (37 loc) · 2.05 KB
/
Makefile
File metadata and controls
47 lines (37 loc) · 2.05 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
.PHONY: help format lint clean
.DEFAULT_GOAL := help
## TODO: include MEDIUM severity in security scanning.
TRIVY_SEVERITY := HIGH,CRITICAL
help: ## Show available commands
@grep -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | awk 'BEGIN {FS = ":.*?## "}; {printf " %-10s %s\n", $$1, $$2}'
trivy-severity: ## Output the Trivy severity levels for use in scripts
@echo $(TRIVY_SEVERITY)
format: ## Format all Terraform files
@find . -name "*.tf" -type f | xargs dirname | sort -u | xargs -I {} terraform fmt {}
format-check: ## Check formatting of all Terraform files
@echo "Checking format..."
@find . -name "*.tf" -type f | xargs dirname | sort -u | while read dir; do \
terraform fmt -check=true -diff=true "$$dir" || exit 1; \
done
validate: ## Validate all Terraform files
@echo "Validating..."
@find . -name "*.tf" -type f | xargs dirname | sort -u | grep -v "\.terraform" | while read dir; do \
echo " $$dir"; \
cd "$$dir" && terraform init -backend=false -get=true -upgrade=false >/dev/null && terraform validate && cd - >/dev/null || exit 1; \
done
lint: ## Lint using tflint
@echo "Running tflint..."
@find . -name "*.tf" -type f | xargs dirname | sort -u | grep -v "\.terraform" | while read dir; do \
echo " $$dir"; \
docker run --rm -v "$$(pwd):/data" -w "/data/$$dir" -t ghcr.io/terraform-linters/tflint --format=compact --minimum-failure-severity=error; \
done
scan: ## Run security scan using Trivy
@echo "Running security scan..."
@docker run --rm -v "$$(pwd):/work" -w /work ghcr.io/aquasecurity/trivy:latest config . --format=table --quiet --exit-code 1 --severity $(TRIVY_SEVERITY) --skip-dirs '**/.terraform/**'
test: format-check validate lint scan ## Run all tests: format-check, validate, lint, and scan
@echo "All tests passed!"
clean: ## Clean up .terraform directories and temp files
@find . -type d -name ".terraform" -exec rm -rf {} + 2>/dev/null || true
@find . -name "*.tfplan" -delete 2>/dev/null || true
@find . -name "*.tfstate*" -delete 2>/dev/null || true
@find . -name ".terraform.lock.hcl" -delete 2>/dev/null || true