diff --git a/.env b/.env index 49e24f2..3b10319 100644 --- a/.env +++ b/.env @@ -3,3 +3,7 @@ BUILD_HARNESS_REPO=ghcr.io/defenseunicorns/build-harness/build-harness BUILD_HARNESS_VERSION=1.15.0 SCRIPT_DIR=iac/scripts + +UDS_EKS_ADDONS_REPO=ghcr.io/defenseunicorns/packages/narwhal-delivery-zarf-package-eks-addons/bundles/eks-addons +# x-release-please-start-version +UDS_EKS_ADDONS_VERSION=0.0.1 diff --git a/Makefile b/Makefile index 77b0c1f..e00f680 100644 --- a/Makefile +++ b/Makefile @@ -2,11 +2,15 @@ include .env .DEFAULT_GOAL := help -SHELL := /bin/bash - -ZARF := zarf -l debug --no-progress --no-log-file - -ALL_THE_DOCKER_ARGS := -it --rm \ +# Optionally add the "-it" flag for docker run commands if the env var "CI" is not set (meaning we are on a local machine and not in github actions) +# TTY_ARG := +# ifndef CI +# TTY_ARG := -it +# endif + +BUILD_HARNESS_RUN := TF_VARS=$$(env | grep '^TF_VAR_' | awk -F= '{printf "-e %s ", $$1}'); \ + docker run --rm \ + --platform=linux/amd64 \ --cap-add=NET_ADMIN \ --cap-add=NET_RAW \ -v "${PWD}:/app" \ @@ -16,6 +20,7 @@ ALL_THE_DOCKER_ARGS := -it --rm \ -v "${PWD}/.cache/go-build:/root/.cache/go-build" \ -v "${PWD}/.cache/.terraform.d/plugin-cache:/root/.terraform.d/plugin-cache" \ -v "${PWD}/.cache/.zarf-cache:/root/.zarf-cache" \ + -v "${HOME}/.uds-cache:/root/.uds-cache" \ --workdir "/app" \ -e TF_LOG_PATH \ -e TF_LOG \ @@ -30,14 +35,39 @@ ALL_THE_DOCKER_ARGS := -it --rm \ -e AWS_SESSION_TOKEN \ -e AWS_SECURITY_TOKEN \ -e AWS_SESSION_EXPIRATION \ + $${TF_VARS} \ ${BUILD_HARNESS_REPO}:${BUILD_HARNESS_VERSION} +REGION := $(shell $(BUILD_HARNESS_RUN) bash -c 'cd iac && terraform output -raw region') +BASTION_ID := $(shell $(BUILD_HARNESS_RUN) bash -c 'cd iac && terraform output -raw bastion_instance_id') + +SSM_SESSION_ARGS := \ + aws ssm start-session \ + --region $(REGION) \ + --target $(BASTION_ID) \ + --document-name AWS-StartInteractiveCommand + +ZARF := zarf -l debug --no-progress --no-log-file + +# The repo clone url +REPO := $(shell git remote get-url origin) # The current branch name BRANCH := $(shell git symbolic-ref --short HEAD) # The "primary" directory -PRIMARY_DIR := $(shell pwd) +PRIMARY_DIR := $(shell basename $$(pwd)) + +.PHONY: arbitrary-container-command +arbitrary-container-command: ## Run an arbitrary command in a container. Example: make arbitrary-container-command COMMAND="ls -lahrt" + ${BUILD_HARNESS_RUN} \ + bash -c '$(COMMAND)' -# Silent mode by default. Run `make VERBOSE=1` to turn off silent mode. +.PHONY: _check-env-vars +_check-env-vars: + echo $(PRIMARY_DIR) + echo $(SSM_SESSION_ARGS) + echo $(REGION) + +# Silent mode by default. Run `make VERBOSE=1` to turn off silent mode. ifndef VERBOSE .SILENT: endif @@ -64,56 +94,47 @@ help-internal: ## Show available internal targets | column -t -s ":" .PHONY: _create-folders -_create-folders: ## Create the .cache folder structure +_create-folders: mkdir -p .cache/docker mkdir -p .cache/pre-commit - mkdir -p .cache/go - mkdir -p .cache/go-build mkdir -p .cache/tmp - mkdir -p .cache/.terraform.d/plugin-cache mkdir -p .cache/.zarf-cache -.PHONY: _docker-save-build-harness -_docker-save-build-harness: _create-folders ## Save the build-harness docker image to the .cache folder +.PHONY: docker-save-build-harness +docker-save-build-harness: _create-folders ## Pulls the build harness docker image and saves it to a tarball docker pull ${BUILD_HARNESS_REPO}:${BUILD_HARNESS_VERSION} docker save -o .cache/docker/build-harness.tar ${BUILD_HARNESS_REPO}:${BUILD_HARNESS_VERSION} -.PHONY: _docker-load-build-harness -_docker-load-build-harness: ## Load the build-harness docker image from the .cache folder +.PHONY: docker-load-build-harness +docker-load-build-harness: ## Loads the saved build harness docker image docker load -i .cache/docker/build-harness.tar -.PHONY: _update-cache -_update-cache: _create-folders _docker-save-build-harness ## Update the cache - docker run ${ALL_THE_DOCKER_ARGS} \ - bash -c 'git config --global --add safe.directory /app \ - && pre-commit install --install-hooks \ - && (cd iac && terraform init)' - .PHONY: _runhooks -_runhooks: _create-folders ## Helper "function" for running pre-commits - docker run ${ALL_THE_DOCKER_ARGS} \ - bash -c 'git config --global --add safe.directory /app \ +_runhooks: _create-folders + ${BUILD_HARNESS_RUN} \ + bash -c 'git config --global --add safe.directory /app \ && pre-commit run -a --show-diff-on-failure $(HOOK)' .PHONY: pre-commit-all -pre-commit-all: ## [Docker] Run all pre-commit hooks +pre-commit-all: ## Run all pre-commit hooks. Returns nonzero exit code if any hooks fail. Uses Docker for maximum compatibility $(MAKE) _runhooks HOOK="" SKIP="" -.PHONY: pre-commit-terraform -pre-commit-terraform: ## [Docker] Run terraform pre-commit hooks - $(MAKE) _runhooks HOOK="" SKIP="check-added-large-files,check-merge-conflict,detect-aws-credentials,detect-private-key,end-of-file-fixer,fix-byte-order-marker,trailing-whitespace,check-yaml,fix-smartquotes,renovate-config-validator" .PHONY: pre-commit-renovate -pre-commit-renovate: ## [Docker] Run renovate pre-commit hooks +pre-commit-renovate: ## Run the renovate pre-commit hooks. Returns nonzero exit code if any hooks fail. Uses Docker for maximum compatibility $(MAKE) _runhooks HOOK="renovate-config-validator" SKIP="" .PHONY: pre-commit-common -pre-commit-common: ## [Docker] Run common pre-commit hooks - $(MAKE) _runhooks HOOK="" SKIP="terraform_fmt,terraform_docs,terraform_checkov,terraform_tflint,renovate-config-validator" +pre-commit-common: ## Run the common pre-commit hooks. Returns nonzero exit code if any hooks fail. Uses Docker for maximum compatibility + $(MAKE) _runhooks HOOK="" SKIP="go-fmt,golangci-lint,terraform_fmt,terraform_docs,terraform_checkov,terraform_tflint,renovate-config-validator" -.PHONY: _fix-cache-permissions -_fix-cache-permissions: ## [Docker] Fix permissions on the .cache folder +.PHONY: fix-cache-permissions +fix-cache-permissions: ## Fixes the permissions on the pre-commit cache docker run $(TTY_ARG) --rm -v "${PWD}:/app" --workdir "/app" -e "PRE_COMMIT_HOME=/app/.cache/pre-commit" ${BUILD_HARNESS_REPO}:${BUILD_HARNESS_VERSION} chmod -R a+rx .cache +.PHONY: autoformat +autoformat: ## Update files with automatic formatting tools. Uses Docker for maximum compatibility. + $(MAKE) _runhooks HOOK="" SKIP="check-added-large-files,check-merge-conflict,detect-aws-credentials,detect-private-key,check-yaml,golangci-lint,terraform_checkov,terraform_tflint,renovate-config-validator" + .PHONY: _test-targeted-infra-up _test-targeted-infra-up: docker run ${ALL_THE_DOCKER_ARGS} \