-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathMakefile
More file actions
158 lines (132 loc) · 6.74 KB
/
Copy pathMakefile
File metadata and controls
158 lines (132 loc) · 6.74 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
# suctl/Makefile — single build entry point for the suctl product.
#
# Artifacts are segregated per target platform so Linux and Windows builds
# never overwrite each other:
#
# bin/$(GOOS)-$(GOARCH)/suctl[.exe] → suctl binary
# bin/$(GOOS)-$(GOARCH)/modules/suctl-mod-{name}/... → modules
#
# Defaults to the host platform; cross-build by overriding GOOS/GOARCH, e.g.:
# make all # host (e.g. linux-amd64)
# make all GOOS=windows GOARCH=amd64 # lands in bin/windows-amd64/
#
# To deploy (Linux):
# make all
# cd bin/linux-amd64 && sudo ./suctl install
GOOS ?= $(shell go env GOOS)
GOARCH ?= $(shell go env GOARCH)
PLATFORM := $(GOOS)-$(GOARCH)
export GOOS
export GOARCH
# CGo (libsystemd/journald) is Linux-only; default it off everywhere except Linux.
CGO_ENABLED ?= $(if $(filter linux,$(GOOS)),1,0)
export CGO_ENABLED
# Executable suffix and platform-scoped output tree. Artifacts land in the repo's
# own bin/$(PLATFORM)/ — one sub-tree per target platform, so Linux and Windows
# builds never clobber each other.
EXE := $(if $(filter windows,$(GOOS)),.exe,)
BIN := bin/$(PLATFORM)
GO := go
CMD := ./cmd
# Version is canonical in internal/version/VERSION (file-as-truth) and is embedded
# into the binary at compile time via //go:embed, so no -ldflags stamping is
# needed. Local builds simply embed whatever the file says — no tag required. The
# git tag and the release are created downstream by the GitHub Action from this
# same file (the file change is the trigger), so no manual tagging is needed to
# build.
VERSION := $(shell cat internal/version/VERSION 2>/dev/null)
# check-deps enforces libsystemd, which only exists on Linux — gate it by GOOS.
DEPS := $(if $(filter linux,$(GOOS)),check-deps,)
# Per-platform module set. Linux ships all bundled modules; no module compiles
# for Windows yet, so its set is empty until a Windows-capable module exists.
MODULES_linux := mod-nginx mod-certbot mod-os mod-fail2ban mod-odoo
MODULES_windows :=
MODULES := $(MODULES_$(GOOS))
.PHONY: all _build suctl-bin suctl-modtest mod-nginx mod-certbot mod-os mod-fail2ban mod-odoo \
check-deps vet test test-py check clean clean-all help
## all clean target platform + build suctl + suctl-modtest + modules
## → bin/$(PLATFORM)/ (only the current platform tree is
## wiped first, so other platforms' artifacts are never clobbered)
all: clean
@$(MAKE) --no-print-directory _build
_build: suctl-bin suctl-modtest $(MODULES)
## suctl-bin compile the suctl binary → $(BIN)/suctl$(EXE)
suctl-bin: $(DEPS)
@test -n "$(VERSION)" || { printf '\nERROR: could not read internal/version/VERSION.\n\n' >&2; exit 1; }
@echo "→ suctl$(EXE) ($(VERSION))"
@mkdir -p $(BIN)
$(GO) build -o $(BIN)/suctl$(EXE) $(CMD)
## suctl-modtest compile the module BIST tester → $(BIN)/suctl-modtest$(EXE)
suctl-modtest: $(DEPS)
@echo "→ suctl-modtest$(EXE)"
@mkdir -p $(BIN)
$(GO) build -o $(BIN)/suctl-modtest$(EXE) ./cmd/modtest
## mod-nginx compile suctl-mod-nginx → $(BIN)/modules/suctl-mod-nginx/
mod-nginx:
@echo "→ suctl-mod-nginx$(EXE)"
@mkdir -p $(BIN)/modules/suctl-mod-nginx
cd modules/suctl-mod-nginx && $(GO) build -o ../../$(BIN)/modules/suctl-mod-nginx/suctl-mod-nginx$(EXE) .
cp modules/suctl-mod-nginx/manifest.json $(BIN)/modules/suctl-mod-nginx/
cp modules/suctl-mod-nginx/surface.json $(BIN)/modules/suctl-mod-nginx/
## mod-certbot compile suctl-mod-certbot → $(BIN)/modules/suctl-mod-certbot/
mod-certbot:
@echo "→ suctl-mod-certbot$(EXE)"
@mkdir -p $(BIN)/modules/suctl-mod-certbot
cd modules/suctl-mod-certbot && $(GO) build -o ../../$(BIN)/modules/suctl-mod-certbot/suctl-mod-certbot$(EXE) .
cp modules/suctl-mod-certbot/manifest.json $(BIN)/modules/suctl-mod-certbot/
## mod-os compile suctl-mod-os → $(BIN)/modules/suctl-mod-os/
mod-os:
@echo "→ suctl-mod-os$(EXE)"
@mkdir -p $(BIN)/modules/suctl-mod-os
cd modules/suctl-mod-os && $(GO) build -o ../../$(BIN)/modules/suctl-mod-os/suctl-mod-os$(EXE) .
cp modules/suctl-mod-os/manifest.json $(BIN)/modules/suctl-mod-os/
cp modules/suctl-mod-os/surface.json $(BIN)/modules/suctl-mod-os/
## mod-fail2ban stage suctl-mod-fail2ban → $(BIN)/modules/suctl-mod-fail2ban/
## (Python entrypoint + vendored SDK + filter assets + catalog)
mod-fail2ban:
@echo "→ suctl-mod-fail2ban"
@mkdir -p $(BIN)/modules/suctl-mod-fail2ban/filter.d
cp modules/suctl-mod-fail2ban/suctl-mod-fail2ban $(BIN)/modules/suctl-mod-fail2ban/
cp modules/suctl-mod-fail2ban/manifest.json $(BIN)/modules/suctl-mod-fail2ban/
cp modules/suctl-mod-fail2ban/surface.json $(BIN)/modules/suctl-mod-fail2ban/
cp modules/suctl-mod-fail2ban/catalog.json $(BIN)/modules/suctl-mod-fail2ban/
cp sdk/python/suctlmod.py $(BIN)/modules/suctl-mod-fail2ban/
cp modules/suctl-mod-fail2ban/filter.d/*.conf $(BIN)/modules/suctl-mod-fail2ban/filter.d/
## mod-odoo stage suctl-mod-odoo → $(BIN)/modules/suctl-mod-odoo/
## (vendors sdk/python/suctlmod.py alongside the entrypoint)
mod-odoo:
@echo "→ suctl-mod-odoo"
@mkdir -p $(BIN)/modules/suctl-mod-odoo/hooks
cp modules/suctl-mod-odoo/suctl-mod-odoo $(BIN)/modules/suctl-mod-odoo/
cp modules/suctl-mod-odoo/suctl-odoo-service $(BIN)/modules/suctl-mod-odoo/
cp modules/suctl-mod-odoo/manifest.json $(BIN)/modules/suctl-mod-odoo/
cp modules/suctl-mod-odoo/surface.json $(BIN)/modules/suctl-mod-odoo/
cp sdk/python/suctlmod.py $(BIN)/modules/suctl-mod-odoo/
cp modules/suctl-mod-odoo/hooks/*.sh $(BIN)/modules/suctl-mod-odoo/hooks/
cp modules/suctl-mod-odoo/hooks/*.py $(BIN)/modules/suctl-mod-odoo/hooks/
## check-deps verify build-time C library dependencies (libsystemd-dev for CGo)
check-deps:
@pkg-config --exists libsystemd 2>/dev/null || \
(printf '\nERROR: libsystemd-dev not found — required to compile sdjournal (CGo).\nInstall with: apt install libsystemd-dev\n\n' && exit 1)
## vet run go vet
vet:
$(GO) vet ./...
## test run all Go tests
test:
$(GO) test ./...
## test-py run Python module unit tests (pytest; integration excluded —
## those need a live socket, run separately with -m integration)
test-py:
cd internal/installer && python3 -m pytest -q -m "not integration"
cd modules/suctl-mod-fail2ban && python3 -m pytest -q
## check vet + test + test-py — run before every commit
check: vet test test-py
## clean remove only the current platform tree ($(BIN))
clean:
rm -rf $(BIN)
## clean-all remove every platform tree (bin/)
clean-all:
rm -rf bin
## help list available targets
help:
@grep -E '^## ' $(MAKEFILE_LIST) | sed 's/^## //'