1# Copyright 2023 The cert-manager Authors.
2#
3# Licensed under the Apache License, Version 2.0 (the "License");
4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and
13# limitations under the License.
14
15ifndef bin_dir
16$(error bin_dir is not set)
17endif
18
19##########################################
20
21export DOWNLOAD_DIR ?= $(CURDIR)/$(bin_dir)/downloaded
22export GOVENDOR_DIR ?= $(CURDIR)/$(bin_dir)/go_vendor
23
24$(bin_dir)/scratch/image $(bin_dir)/tools $(DOWNLOAD_DIR)/tools:
25 @mkdir -p $@
26
27checkhash_script := $(dir $(lastword $(MAKEFILE_LIST)))/util/checkhash.sh
28lock_script := $(dir $(lastword $(MAKEFILE_LIST)))/util/lock.sh
29
30# $outfile is a variable in the lock script
31outfile := $$outfile
32
33for_each_kv = $(foreach item,$2,$(eval $(call $1,$(word 1,$(subst =, ,$(item))),$(word 2,$(subst =, ,$(item))))))
34
35# To make sure we use the right version of each tool, we put symlink in
36# $(bin_dir)/tools, and the actual binaries are in $(bin_dir)/downloaded. When bumping
37# the version of the tools, this symlink gets updated.
38
39# Let's have $(bin_dir)/tools in front of the PATH so that we don't inavertedly
40# pick up the wrong binary somewhere. Watch out, $(shell echo $$PATH) will
41# still print the original PATH, since GNU make does not honor exported
42# variables: https://stackoverflow.com/questions/54726457
43export PATH := $(CURDIR)/$(bin_dir)/tools:$(PATH)
44
45CTR=docker
46
47TOOLS :=
48# https://github.com/helm/helm/releases
49TOOLS += helm=v3.14.0
50# https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl
51TOOLS += kubectl=v1.29.1
52# https://github.com/kubernetes-sigs/kind/releases
53TOOLS += kind=v0.20.0
54# https://www.vaultproject.io/downloads
55TOOLS += vault=1.15.4
56# https://github.com/Azure/azure-workload-identity/releases
57TOOLS += azwi=v1.2.0
58# https://github.com/kyverno/kyverno/releases
59TOOLS += kyverno=v1.11.3
60# https://github.com/mikefarah/yq/releases
61TOOLS += yq=v4.43.1
62# https://github.com/ko-build/ko/releases
63TOOLS += ko=0.15.1
64# https://github.com/protocolbuffers/protobuf/releases
65TOOLS += protoc=25.2
66# https://github.com/aquasecurity/trivy/releases
67TOOLS += trivy=v0.45.0
68# https://github.com/vmware-tanzu/carvel-ytt/releases
69TOOLS += ytt=v0.45.4
70# https://github.com/rclone/rclone/releases
71TOOLS += rclone=v1.64.0
72
73### go packages
74# https://pkg.go.dev/sigs.k8s.io/controller-tools/cmd/controller-gen?tab=versions
75TOOLS += controller-gen=v0.14.0
76# https://pkg.go.dev/golang.org/x/tools/cmd/goimports?tab=versions
77TOOLS += goimports=v0.17.0
78# https://pkg.go.dev/github.com/google/go-licenses/licenses?tab=versions
79TOOLS += go-licenses=706b9c60edd424a8b6d253fe10dfb7b8e942d4a5
80# https://pkg.go.dev/gotest.tools/gotestsum?tab=versions
81TOOLS += gotestsum=v1.11.0
82# https://pkg.go.dev/sigs.k8s.io/kustomize/kustomize/v4?tab=versions
83TOOLS += kustomize=v4.5.7
84# https://pkg.go.dev/github.com/itchyny/gojq?tab=versions
85TOOLS += gojq=v0.12.14
86# https://pkg.go.dev/github.com/google/go-containerregistry/pkg/crane?tab=versions
87TOOLS += crane=v0.18.0
88# https://pkg.go.dev/google.golang.org/protobuf/cmd/protoc-gen-go?tab=versions
89TOOLS += protoc-gen-go=v1.32.0
90# https://pkg.go.dev/github.com/norwoodj/helm-docs/cmd/helm-docs?tab=versions
91TOOLS += helm-docs=v1.12.0
92# https://pkg.go.dev/github.com/sigstore/cosign/v2/cmd/cosign?tab=versions
93TOOLS += cosign=v2.2.2
94# https://pkg.go.dev/github.com/cert-manager/boilersuite?tab=versions
95TOOLS += boilersuite=v0.1.0
96# https://pkg.go.dev/github.com/princjef/gomarkdoc/cmd/gomarkdoc?tab=versions
97TOOLS += gomarkdoc=v1.1.0
98# https://pkg.go.dev/oras.land/oras/cmd/oras?tab=versions
99TOOLS += oras=v1.1.0
100# https://pkg.go.dev/github.com/onsi/ginkgo/v2/ginkgo?tab=versions
101# The gingko version should be kept in sync with the version used in code.
102# If there is no go.mod file (which is only the case for the makefile-modules
103# repo), then we default to a version that we know exists. We have to do this
104# because otherwise the awk failure renders the whole makefile unusable.
105TOOLS += ginkgo=$(shell [[ -f go.mod ]] && awk '/ginkgo\/v2/ {print $$2}' go.mod || echo "v2.13.2")
106# https://pkg.go.dev/github.com/cert-manager/klone?tab=versions
107TOOLS += klone=v0.0.4
108# https://pkg.go.dev/github.com/goreleaser/goreleaser?tab=versions
109TOOLS += goreleaser=v1.23.0
110# https://pkg.go.dev/github.com/anchore/syft/cmd/syft?tab=versions
111TOOLS += syft=v0.100.0
112# https://github.com/cert-manager/helm-tool
113TOOLS += helm-tool=v0.4.2
114# https://github.com/cert-manager/cmctl
115TOOLS += cmctl=2f75014a7c360c319f8c7c8afe8e9ce33fe26dca
116# https://pkg.go.dev/github.com/cert-manager/release/cmd/cmrel?tab=versions
117TOOLS += cmrel=fa10147dadc8c36718b7b08aed6d8c6418eb2
118# https://github.com/golangci/golangci-lint/releases
119TOOLS += golangci-lint=v1.57.1
120# https://pkg.go.dev/golang.org/x/vuln?tab=versions
121TOOLS += govulncheck=v1.0.4
122# https://pkg.go.dev/github.com/operator-framework/operator-sdk/cmd/operator-sdk?tab=versions
123TOOLS += operator-sdk=v1.34.1
124# https://pkg.go.dev/github.com/cli/cli/v2?tab=versions
125TOOLS += gh=v2.47.0
126# https:///github.com/redhat-openshift-ecosystem/openshift-preflight/releases
127TOOLS += preflight=1.9.2
128
129# https://pkg.go.dev/k8s.io/code-generator/cmd?tab=versions
130K8S_CODEGEN_VERSION=v0.29.1
131TOOLS += client-gen=$(K8S_CODEGEN_VERSION)
132TOOLS += deepcopy-gen=$(K8S_CODEGEN_VERSION)
133TOOLS += informer-gen=$(K8S_CODEGEN_VERSION)
134TOOLS += lister-gen=$(K8S_CODEGEN_VERSION)
135TOOLS += applyconfiguration-gen=$(K8S_CODEGEN_VERSION)
136TOOLS += openapi-gen=$(K8S_CODEGEN_VERSION)
137TOOLS += defaulter-gen=$(K8S_CODEGEN_VERSION)
138TOOLS += conversion-gen=$(K8S_CODEGEN_VERSION)
139
140# https://github.com/kubernetes-sigs/kubebuilder/blob/tools-releases/build/cloudbuild_tools.yaml
141KUBEBUILDER_ASSETS_VERSION=1.29.0
142TOOLS += etcd=$(KUBEBUILDER_ASSETS_VERSION)
143TOOLS += kube-apiserver=$(KUBEBUILDER_ASSETS_VERSION)
144
145# Additional tools can be defined to reuse the tooling in this file
146ADDITIONAL_TOOLS ?=
147TOOLS += $(ADDITIONAL_TOOLS)
148
149# https://go.dev/dl/
150VENDORED_GO_VERSION := 1.22.2
151
152# Print the go version which can be used in GH actions
153.PHONY: print-go-version
154print-go-version:
155 @echo result=$(VENDORED_GO_VERSION)
156
157# When switching branches which use different versions of the tools, we
158# need a way to re-trigger the symlinking from $(bin_dir)/downloaded to $(bin_dir)/tools.
159$(bin_dir)/scratch/%_VERSION: FORCE | $(bin_dir)/scratch
160 @test "$($*_VERSION)" == "$(shell cat $@ 2>/dev/null)" || echo $($*_VERSION) > $@
161
162# --silent = don't print output like progress meters
163# --show-error = but do print errors when they happen
164# --fail = exit with a nonzero error code without the response from the server when there's an HTTP error
165# --location = follow redirects from the server
166# --retry = the number of times to retry a failed attempt to connect
167# --retry-connrefused = retry even if the initial connection was refused
168CURL = curl --silent --show-error --fail --location --retry 10 --retry-connrefused
169
170# LN is expected to be an atomic action, meaning that two Make processes
171# can run the "link $(DOWNLOAD_DIR)/tools/xxx@$(XXX_VERSION)_$(HOST_OS)_$(HOST_ARCH)
172# to $(bin_dir)/tools/xxx" operation simulatiously without issues (both
173# will perform the action and the second time the link will be overwritten).
174LN := ln -fs
175
176UC = $(shell echo '$1' | tr a-z A-Z)
177LC = $(shell echo '$1' | tr A-Z a-z)
178
179TOOL_NAMES :=
180
181# for each item `xxx` in the TOOLS variable:
182# - a $(XXX_VERSION) variable is generated
183# -> this variable contains the version of the tool
184# - a $(NEEDS_XXX) variable is generated
185# -> this variable contains the target name for the tool,
186# which is the relative path of the binary, this target
187# should be used when adding the tool as a dependency to
188# your target, you can't use $(XXX) as a dependency because
189# make does not support an absolute path as a dependency
190# - a $(XXX) variable is generated
191# -> this variable contains the absolute path of the binary,
192# the absolute path should be used when executing the binary
193# in targets or in scripts, because it is agnostic to the
194# working directory
195# - an unversioned target $(bin_dir)/tools/xxx is generated that
196# creates a link to the corresponding versioned target:
197# $(DOWNLOAD_DIR)/tools/xxx@$(XXX_VERSION)_$(HOST_OS)_$(HOST_ARCH)
198define tool_defs
199TOOL_NAMES += $1
200
201$(call UC,$1)_VERSION ?= $2
202NEEDS_$(call UC,$1) := $$(bin_dir)/tools/$1
203$(call UC,$1) := $$(CURDIR)/$$(bin_dir)/tools/$1
204
205$$(bin_dir)/tools/$1: $$(bin_dir)/scratch/$(call UC,$1)_VERSION | $$(DOWNLOAD_DIR)/tools/$1@$$($(call UC,$1)_VERSION)_$$(HOST_OS)_$$(HOST_ARCH) $$(bin_dir)/tools
206 @cd $$(dir $$@) && $$(LN) $$(patsubst $$(bin_dir)/%,../%,$$(word 1,$$|)) $$(notdir $$@)
207 @touch $$@ # making sure the target of the symlink is newer than *_VERSION
208endef
209
210$(foreach TOOL,$(TOOLS),$(eval $(call tool_defs,$(word 1,$(subst =, ,$(TOOL))),$(word 2,$(subst =, ,$(TOOL))))))
211
212TOOLS_PATHS := $(TOOL_NAMES:%=$(bin_dir)/tools/%)
213
214######
215# Go #
216######
217
218# $(NEEDS_GO) is a target that is set as an order-only prerequisite in
219# any target that calls $(GO), e.g.:
220#
221# $(bin_dir)/tools/crane: $(NEEDS_GO)
222# $(GO) build -o $(bin_dir)/tools/crane
223#
224# $(NEEDS_GO) is empty most of the time, except when running "make vendor-go"
225# or when "make vendor-go" was previously run, in which case $(NEEDS_GO) is set
226# to $(bin_dir)/tools/go, since $(bin_dir)/tools/go is a prerequisite of
227# any target depending on Go when "make vendor-go" was run.
228export NEEDS_GO ?= $(if $(findstring vendor-go,$(MAKECMDGOALS))$(shell [ -f $(bin_dir)/tools/go ] && echo yes), $(bin_dir)/tools/go,)
229ifeq ($(NEEDS_GO),)
230GO := go
231else
232export GOROOT := $(CURDIR)/$(bin_dir)/tools/goroot
233export PATH := $(CURDIR)/$(bin_dir)/tools/goroot/bin:$(PATH)
234GO := $(CURDIR)/$(bin_dir)/tools/go
235MAKE := $(MAKE) vendor-go
236endif
237
238.PHONY: vendor-go
239## By default, this Makefile uses the system's Go. You can use a "vendored"
240## version of Go that will get downloaded by running this command once. To
241## disable vendoring, run "make unvendor-go". When vendoring is enabled,
242## you will want to set the following:
243##
244## export PATH="$PWD/$(bin_dir)/tools:$PATH"
245## export GOROOT="$PWD/$(bin_dir)/tools/goroot"
246## @category [shared] Tools
247vendor-go: $(bin_dir)/tools/go
248
249.PHONY: unvendor-go
250unvendor-go: $(bin_dir)/tools/go
251 rm -rf $(bin_dir)/tools/go $(bin_dir)/tools/goroot
252
253.PHONY: which-go
254## Print the version and path of go which will be used for building and
255## testing in Makefile commands. Vendored go will have a path in ./bin
256## @category [shared] Tools
257which-go: | $(NEEDS_GO)
258 @$(GO) version
259 @echo "go binary used for above version information: $(GO)"
260
261$(bin_dir)/tools/go: $(bin_dir)/scratch/VENDORED_GO_VERSION | $(bin_dir)/tools/goroot $(bin_dir)/tools
262 @cd $(dir $@) && $(LN) ./goroot/bin/go $(notdir $@)
263 @touch $@ # making sure the target of the symlink is newer than *_VERSION
264
265# The "_" in "_bin" prevents "go mod tidy" from trying to tidy the vendored goroot.
266$(bin_dir)/tools/goroot: $(bin_dir)/scratch/VENDORED_GO_VERSION | $(GOVENDOR_DIR)/go@$(VENDORED_GO_VERSION)_$(HOST_OS)_$(HOST_ARCH)/goroot $(bin_dir)/tools
267 @cd $(dir $@) && $(LN) $(patsubst $(bin_dir)/%,../%,$(word 1,$|)) $(notdir $@)
268 @touch $@ # making sure the target of the symlink is newer than *_VERSION
269
270# Extract the tar to the $(GOVENDOR_DIR) directory, this directory is not cached across CI runs.
271$(GOVENDOR_DIR)/go@$(VENDORED_GO_VERSION)_$(HOST_OS)_$(HOST_ARCH)/goroot: | $(DOWNLOAD_DIR)/tools/go@$(VENDORED_GO_VERSION)_$(HOST_OS)_$(HOST_ARCH).tar.gz
272 @source $(lock_script) $@; \
273 mkdir -p $(outfile).dir; \
274 tar xzf $| -C $(outfile).dir; \
275 mv $(outfile).dir/go $(outfile); \
276 rm -rf $(outfile).dir
277
278###################
279# go dependencies #
280###################
281
282GO_DEPENDENCIES :=
283GO_DEPENDENCIES += ginkgo=github.com/onsi/ginkgo/v2/ginkgo
284GO_DEPENDENCIES += controller-gen=sigs.k8s.io/controller-tools/cmd/controller-gen
285GO_DEPENDENCIES += goimports=golang.org/x/tools/cmd/goimports
286GO_DEPENDENCIES += go-licenses=github.com/google/go-licenses
287GO_DEPENDENCIES += gotestsum=gotest.tools/gotestsum
288GO_DEPENDENCIES += kustomize=sigs.k8s.io/kustomize/kustomize/v4
289GO_DEPENDENCIES += gojq=github.com/itchyny/gojq/cmd/gojq
290GO_DEPENDENCIES += crane=github.com/google/go-containerregistry/cmd/crane
291GO_DEPENDENCIES += protoc-gen-go=google.golang.org/protobuf/cmd/protoc-gen-go
292GO_DEPENDENCIES += helm-docs=github.com/norwoodj/helm-docs/cmd/helm-docs
293GO_DEPENDENCIES += cosign=github.com/sigstore/cosign/v2/cmd/cosign
294GO_DEPENDENCIES += boilersuite=github.com/cert-manager/boilersuite
295GO_DEPENDENCIES += gomarkdoc=github.com/princjef/gomarkdoc/cmd/gomarkdoc
296GO_DEPENDENCIES += oras=oras.land/oras/cmd/oras
297GO_DEPENDENCIES += klone=github.com/cert-manager/klone
298GO_DEPENDENCIES += goreleaser=github.com/goreleaser/goreleaser
299GO_DEPENDENCIES += syft=github.com/anchore/syft/cmd/syft
300GO_DEPENDENCIES += client-gen=k8s.io/code-generator/cmd/client-gen
301GO_DEPENDENCIES += deepcopy-gen=k8s.io/code-generator/cmd/deepcopy-gen
302GO_DEPENDENCIES += informer-gen=k8s.io/code-generator/cmd/informer-gen
303GO_DEPENDENCIES += lister-gen=k8s.io/code-generator/cmd/lister-gen
304GO_DEPENDENCIES += applyconfiguration-gen=k8s.io/code-generator/cmd/applyconfiguration-gen
305GO_DEPENDENCIES += openapi-gen=k8s.io/code-generator/cmd/openapi-gen
306GO_DEPENDENCIES += defaulter-gen=k8s.io/code-generator/cmd/defaulter-gen
307GO_DEPENDENCIES += conversion-gen=k8s.io/code-generator/cmd/conversion-gen
308GO_DEPENDENCIES += helm-tool=github.com/cert-manager/helm-tool
309GO_DEPENDENCIES += cmctl=github.com/cert-manager/cmctl/v2
310GO_DEPENDENCIES += cmrel=github.com/cert-manager/release/cmd/cmrel
311GO_DEPENDENCIES += golangci-lint=github.com/golangci/golangci-lint/cmd/golangci-lint
312GO_DEPENDENCIES += govulncheck=golang.org/x/vuln/cmd/govulncheck
313GO_DEPENDENCIES += operator-sdk=github.com/operator-framework/operator-sdk/cmd/operator-sdk
314GO_DEPENDENCIES += gh=github.com/cli/cli/v2/cmd/gh
315
316#################
317# go build tags #
318#################
319
320GO_TAGS :=
321
322# Additional Go dependencies can be defined to re-use the tooling in this file
323ADDITIONAL_GO_DEPENDENCIES ?=
324ADDITIONAL_GO_TAGS ?=
325GO_DEPENDENCIES += $(ADDITIONAL_GO_DEPENDENCIES)
326GO_TAGS += $(ADDITIONAL_GO_TAGS)
327
328go_tags_init = go_tags_$1 :=
329$(call for_each_kv,go_tags_init,$(GO_DEPENDENCIES))
330
331go_tags_defs = go_tags_$1 += $2
332$(call for_each_kv,go_tags_defs,$(GO_TAGS))
333
334define go_dependency
335$$(DOWNLOAD_DIR)/tools/$1@$($(call UC,$1)_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $$(NEEDS_GO) $$(DOWNLOAD_DIR)/tools
336 @source $$(lock_script) $$@; \
337 mkdir -p $$(outfile).dir; \
338 GOWORK=off GOBIN=$$(outfile).dir $$(GO) install --tags "$(strip $(go_tags_$1))" $2@$($(call UC,$1)_VERSION); \
339 mv $$(outfile).dir/$1 $$(outfile); \
340 rm -rf $$(outfile).dir
341endef
342$(call for_each_kv,go_dependency,$(GO_DEPENDENCIES))
343
344##################
345# File downloads #
346##################
347
348GO_linux_amd64_SHA256SUM=5901c52b7a78002aeff14a21f93e0f064f74ce1360fce51c6ee68cd471216a17
349GO_linux_arm64_SHA256SUM=4d169d9cf3dde1692b81c0fd9484fa28d8bc98f672d06bf9db9c75ada73c5fbc
350GO_darwin_amd64_SHA256SUM=c0599a349b8d4a1afa3a1721478bb21136ab96c0d75b5f0a0b5fdc9e3b736880
351GO_darwin_arm64_SHA256SUM=3411600bd7596c57ae29cfdb4978e5d45cafa3f428a44a526ad5a2d5ad870506
352
353.PRECIOUS: $(DOWNLOAD_DIR)/tools/go@$(VENDORED_GO_VERSION)_$(HOST_OS)_$(HOST_ARCH).tar.gz
354$(DOWNLOAD_DIR)/tools/go@$(VENDORED_GO_VERSION)_$(HOST_OS)_$(HOST_ARCH).tar.gz: | $(DOWNLOAD_DIR)/tools
355 @source $(lock_script) $@; \
356 $(CURL) https://go.dev/dl/go$(VENDORED_GO_VERSION).$(HOST_OS)-$(HOST_ARCH).tar.gz -o $(outfile); \
357 $(checkhash_script) $(outfile) $(GO_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM)
358
359HELM_linux_amd64_SHA256SUM=f43e1c3387de24547506ab05d24e5309c0ce0b228c23bd8aa64e9ec4b8206651
360HELM_linux_arm64_SHA256SUM=b29e61674731b15f6ad3d1a3118a99d3cc2ab25a911aad1b8ac8c72d5a9d2952
361HELM_darwin_amd64_SHA256SUM=804586896496f7b3da97f56089ea00f220e075e969b6fdf6c0b7b9cdc22de120
362HELM_darwin_arm64_SHA256SUM=c2f36f3289a01c7c93ca11f84d740a170e0af1d2d0280bd523a409a62b8dfa1d
363
364.PRECIOUS: $(DOWNLOAD_DIR)/tools/helm@$(HELM_VERSION)_$(HOST_OS)_$(HOST_ARCH)
365$(DOWNLOAD_DIR)/tools/helm@$(HELM_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWNLOAD_DIR)/tools
366 @source $(lock_script) $@; \
367 $(CURL) https://get.helm.sh/helm-$(HELM_VERSION)-$(HOST_OS)-$(HOST_ARCH).tar.gz -o $(outfile).tar.gz; \
368 $(checkhash_script) $(outfile).tar.gz $(HELM_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM); \
369 tar xfO $(outfile).tar.gz $(HOST_OS)-$(HOST_ARCH)/helm > $(outfile); \
370 chmod +x $(outfile); \
371 rm -f $(outfile).tar.gz
372
373KUBECTL_linux_amd64_SHA256SUM=69ab3a931e826bf7ac14d38ba7ca637d66a6fcb1ca0e3333a2cafdf15482af9f
374KUBECTL_linux_arm64_SHA256SUM=96d6dc7b2bdcd344ce58d17631c452225de5bbf59b83fd3c89c33c6298fb5d8b
375KUBECTL_darwin_amd64_SHA256SUM=c4da86e5c0fc9415db14a48d9ef1515b0b472346cbc9b7f015175b6109505d2c
376KUBECTL_darwin_arm64_SHA256SUM=c31b99d7bf0faa486a6554c5f96e36af4821a488e90176a12ba18298bc4c8fb0
377
378.PRECIOUS: $(DOWNLOAD_DIR)/tools/kubectl@$(KUBECTL_VERSION)_$(HOST_OS)_$(HOST_ARCH)
379$(DOWNLOAD_DIR)/tools/kubectl@$(KUBECTL_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWNLOAD_DIR)/tools
380 @source $(lock_script) $@; \
381 $(CURL) https://dl.k8s.io/release/$(KUBECTL_VERSION)/bin/$(HOST_OS)/$(HOST_ARCH)/kubectl -o $(outfile); \
382 $(checkhash_script) $(outfile) $(KUBECTL_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM); \
383 chmod +x $(outfile)
384
385KIND_linux_amd64_SHA256SUM=513a7213d6d3332dd9ef27c24dab35e5ef10a04fa27274fe1c14d8a246493ded
386KIND_linux_arm64_SHA256SUM=639f7808443559aa30c3642d9913b1615d611a071e34f122340afeda97b8f422
387KIND_darwin_amd64_SHA256SUM=bffd8fb2006dc89fa0d1dde5ba6bf48caacb707e4df8551528f49145ebfeb7ad
388KIND_darwin_arm64_SHA256SUM=8df041a5cae55471f3b039c3c9942226eb909821af63b5677fc80904caffaabf
389
390.PRECIOUS: $(DOWNLOAD_DIR)/tools/kind@$(KIND_VERSION)_$(HOST_OS)_$(HOST_ARCH)
391$(DOWNLOAD_DIR)/tools/kind@$(KIND_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWNLOAD_DIR)/tools $(bin_dir)/tools
392 @source $(lock_script) $@; \
393 $(CURL) https://github.com/kubernetes-sigs/kind/releases/download/$(KIND_VERSION)/kind-$(HOST_OS)-$(HOST_ARCH) -o $(outfile); \
394 $(checkhash_script) $(outfile) $(KIND_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM); \
395 chmod +x $(outfile)
396
397VAULT_linux_amd64_SHA256SUM=f42f550713e87cceef2f29a4e2b754491697475e3d26c0c5616314e40edd8e1b
398VAULT_linux_arm64_SHA256SUM=79aee168078eb8c0dbb31c283e1136a7575f59fe36fccbb1f1ef6a16e0b67fdb
399VAULT_darwin_amd64_SHA256SUM=a9d7c6e76d7d5c9be546e9a74860b98db6486fc0df095d8b00bc7f63fb1f6c1c
400VAULT_darwin_arm64_SHA256SUM=4bf594a231bef07fbcfbf7329c8004acb8d219ce6a7aff186e0bac7027a0ab25
401
402.PRECIOUS: $(DOWNLOAD_DIR)/tools/vault@$(VAULT_VERSION)_$(HOST_OS)_$(HOST_ARCH)
403$(DOWNLOAD_DIR)/tools/vault@$(VAULT_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWNLOAD_DIR)/tools
404 @source $(lock_script) $@; \
405 $(CURL) https://releases.hashicorp.com/vault/$(VAULT_VERSION)/vault_$(VAULT_VERSION)_$(HOST_OS)_$(HOST_ARCH).zip -o $(outfile).zip; \
406 $(checkhash_script) $(outfile).zip $(VAULT_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM); \
407 unzip -qq -c $(outfile).zip > $(outfile); \
408 chmod +x $(outfile); \
409 rm -f $(outfile).zip
410
411AZWI_linux_amd64_SHA256SUM=d2ef0f27609b7157595fe62b13c03381a481f833c1e1b6290df560454890d337
412AZWI_linux_arm64_SHA256SUM=72e34bc96611080095e90ecce58a72e50debf846106b13976f2972bf06ae12df
413AZWI_darwin_amd64_SHA256SUM=2be5f18c0acfb213a22db5a149dd89c7d494690988cb8e8a785dd6915f7094d0
414AZWI_darwin_arm64_SHA256SUM=d0b01768102dd472c72c98bb51ae990af8779e811c9f7ab1db48ccefc9988f4c
415
416.PRECIOUS: $(DOWNLOAD_DIR)/tools/azwi@$(AZWI_VERSION)_$(HOST_OS)_$(HOST_ARCH)
417$(DOWNLOAD_DIR)/tools/azwi@$(AZWI_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWNLOAD_DIR)/tools
418 @source $(lock_script) $@; \
419 $(CURL) https://github.com/Azure/azure-workload-identity/releases/download/$(AZWI_VERSION)/azwi-$(AZWI_VERSION)-$(HOST_OS)-$(HOST_ARCH).tar.gz -o $(outfile).tar.gz; \
420 $(checkhash_script) $(outfile).tar.gz $(AZWI_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM); \
421 tar xfO $(outfile).tar.gz azwi > $(outfile) && chmod 775 $(outfile); \
422 rm -f $(outfile).tar.gz
423
424KUBEBUILDER_TOOLS_linux_amd64_SHA256SUM=e9899574fb92fd4a4ca27539d15a30f313f8a482b61b46cb874a07f2ba4f9bcb
425KUBEBUILDER_TOOLS_linux_arm64_SHA256SUM=ef22e16c439b45f3e116498f7405be311bab92c3345766ab2142e86458cda92e
426KUBEBUILDER_TOOLS_darwin_amd64_SHA256SUM=e5796637cc8e40029f0def639bbe7d99193c1872555c919d2b76c32e0e34378f
427KUBEBUILDER_TOOLS_darwin_arm64_SHA256SUM=9734b90206f17a46f4dd0a7e3bb107d44aec9e79b7b135c6eb7c8a250ffd5e03
428
429.PRECIOUS: $(DOWNLOAD_DIR)/tools/kubebuilder_tools_$(KUBEBUILDER_ASSETS_VERSION)_$(HOST_OS)_$(HOST_ARCH).tar.gz
430$(DOWNLOAD_DIR)/tools/kubebuilder_tools_$(KUBEBUILDER_ASSETS_VERSION)_$(HOST_OS)_$(HOST_ARCH).tar.gz: | $(DOWNLOAD_DIR)/tools
431 @source $(lock_script) $@; \
432 $(CURL) https://storage.googleapis.com/kubebuilder-tools/kubebuilder-tools-$(KUBEBUILDER_ASSETS_VERSION)-$(HOST_OS)-$(HOST_ARCH).tar.gz -o $(outfile); \
433 $(checkhash_script) $(outfile) $(KUBEBUILDER_TOOLS_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM)
434
435$(DOWNLOAD_DIR)/tools/etcd@$(KUBEBUILDER_ASSETS_VERSION)_$(HOST_OS)_$(HOST_ARCH): $(DOWNLOAD_DIR)/tools/kubebuilder_tools_$(KUBEBUILDER_ASSETS_VERSION)_$(HOST_OS)_$(HOST_ARCH).tar.gz | $(DOWNLOAD_DIR)/tools
436 @source $(lock_script) $@; \
437 tar xfO $< kubebuilder/bin/etcd > $(outfile) && chmod 775 $(outfile)
438
439$(DOWNLOAD_DIR)/tools/kube-apiserver@$(KUBEBUILDER_ASSETS_VERSION)_$(HOST_OS)_$(HOST_ARCH): $(DOWNLOAD_DIR)/tools/kubebuilder_tools_$(KUBEBUILDER_ASSETS_VERSION)_$(HOST_OS)_$(HOST_ARCH).tar.gz | $(DOWNLOAD_DIR)/tools
440 @source $(lock_script) $@; \
441 tar xfO $< kubebuilder/bin/kube-apiserver > $(outfile) && chmod 775 $(outfile)
442
443KYVERNO_linux_amd64_SHA256SUM=08cf3640b847e3bbd41c5014ece4e0aa6c39915f5c199eeac8d80267955676e6
444KYVERNO_linux_arm64_SHA256SUM=31805a52e98733b390c60636f209e0bda3174bd09e764ba41fa971126b98d2fc
445KYVERNO_darwin_amd64_SHA256SUM=21fa0733d1a73d510fa0e30ac10310153b7124381aa21224b54fe34a38239542
446KYVERNO_darwin_arm64_SHA256SUM=022bc2640f05482cab290ca8cd28a67f55b24c14b93076bd144c37a1732e6d7e
447
448.PRECIOUS: $(DOWNLOAD_DIR)/tools/kyverno@$(KYVERNO_VERSION)_$(HOST_OS)_$(HOST_ARCH)
449$(DOWNLOAD_DIR)/tools/kyverno@$(KYVERNO_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWNLOAD_DIR)/tools
450 $(eval ARCH := $(subst amd64,x86_64,$(HOST_ARCH)))
451
452 @source $(lock_script) $@; \
453 $(CURL) https://github.com/kyverno/kyverno/releases/download/$(KYVERNO_VERSION)/kyverno-cli_$(KYVERNO_VERSION)_$(HOST_OS)_$(ARCH).tar.gz -o $(outfile).tar.gz; \
454 $(checkhash_script) $(outfile).tar.gz $(KYVERNO_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM); \
455 tar xfO $(outfile).tar.gz kyverno > $(outfile); \
456 chmod +x $(outfile); \
457 rm -f $(outfile).tar.gz
458
459YQ_linux_amd64_SHA256SUM=cfbbb9ba72c9402ef4ab9d8f843439693dfb380927921740e51706d90869c7e1
460YQ_linux_arm64_SHA256SUM=a8186efb079673293289f8c31ee252b0d533c7bb8b1ada6a778ddd5ec0f325b6
461YQ_darwin_amd64_SHA256SUM=fdc42b132ac460037f4f0f48caea82138772c651d91cfbb735210075ddfdbaed
462YQ_darwin_arm64_SHA256SUM=9f1063d910698834cb9176593aa288471898031929138d226c2c2de9f262f8e5
463
464.PRECIOUS: $(DOWNLOAD_DIR)/tools/yq@$(YQ_VERSION)_$(HOST_OS)_$(HOST_ARCH)
465$(DOWNLOAD_DIR)/tools/yq@$(YQ_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWNLOAD_DIR)/tools
466 @source $(lock_script) $@; \
467 $(CURL) https://github.com/mikefarah/yq/releases/download/$(YQ_VERSION)/yq_$(HOST_OS)_$(HOST_ARCH) -o $(outfile); \
468 $(checkhash_script) $(outfile) $(YQ_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM); \
469 chmod +x $(outfile)
470
471KO_linux_amd64_SHA256SUM=5b06079590371954cceadf0ddcfa8471afb039c29a2e971043915957366a2f39
472KO_linux_arm64_SHA256SUM=fcbb736f7440d686ca1cf8b4c3f6b9b80948eb17d6cef7c14242eddd275cab42
473KO_darwin_amd64_SHA256SUM=4f388a4b08bde612a20d799045a57a9b8847483baf1a1590d3c32735e7c30c16
474KO_darwin_arm64_SHA256SUM=45f2c1a50fdadb7ef38abbb479897d735c95238ec25c4f505177d77d60ed91d6
475
476.PRECIOUS: $(DOWNLOAD_DIR)/tools/ko@$(KO_VERSION)_$(HOST_OS)_$(HOST_ARCH)
477$(DOWNLOAD_DIR)/tools/ko@$(KO_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWNLOAD_DIR)/tools
478 $(eval OS := $(subst linux,Linux,$(subst darwin,Darwin,$(HOST_OS))))
479 $(eval ARCH := $(subst amd64,x86_64,$(HOST_ARCH)))
480
481 @source $(lock_script) $@; \
482 $(CURL) https://github.com/ko-build/ko/releases/download/v$(KO_VERSION)/ko_$(KO_VERSION)_$(OS)_$(ARCH).tar.gz -o $(outfile).tar.gz; \
483 $(checkhash_script) $(outfile).tar.gz $(KO_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM); \
484 tar xfO $(outfile).tar.gz ko > $(outfile); \
485 chmod +x $(outfile); \
486 rm -f $(outfile).tar.gz
487
488PROTOC_linux_amd64_SHA256SUM=78ab9c3288919bdaa6cfcec6127a04813cf8a0ce406afa625e48e816abee2878
489PROTOC_linux_arm64_SHA256SUM=07683afc764e4efa3fa969d5f049fbc2bdfc6b4e7786a0b233413ac0d8753f6b
490PROTOC_darwin_amd64_SHA256SUM=5fe89993769616beff1ed77408d1335216379ce7010eee80284a01f9c87c8888
491PROTOC_darwin_arm64_SHA256SUM=8822b090c396800c96ac652040917eb3fbc5e542538861aad7c63b8457934b20
492
493.PRECIOUS: $(DOWNLOAD_DIR)/tools/protoc@$(PROTOC_VERSION)_$(HOST_OS)_$(HOST_ARCH)
494$(DOWNLOAD_DIR)/tools/protoc@$(PROTOC_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWNLOAD_DIR)/tools
495 $(eval OS := $(subst darwin,osx,$(HOST_OS)))
496 $(eval ARCH := $(subst arm64,aarch_64,$(subst amd64,x86_64,$(HOST_ARCH))))
497
498 @source $(lock_script) $@; \
499 $(CURL) https://github.com/protocolbuffers/protobuf/releases/download/v$(PROTOC_VERSION)/protoc-$(PROTOC_VERSION)-$(OS)-$(ARCH).zip -o $(outfile).zip; \
500 $(checkhash_script) $(outfile).zip $(PROTOC_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM); \
501 unzip -qq -c $(outfile).zip bin/protoc > $(outfile); \
502 chmod +x $(outfile); \
503 rm -f $(outfile).zip
504
505TRIVY_linux_amd64_SHA256SUM=b9785455f711e3116c0a97b01ad6be334895143ed680a405e88a4c4c19830d5d
506TRIVY_linux_arm64_SHA256SUM=a192edfcef8766fa7e3e96a6a5faf50cd861371785891857471548e4af7cb60b
507TRIVY_darwin_amd64_SHA256SUM=997622dee1d07de0764f903b72d16ec4314daaf202d91c957137b4fd1a2f73c3
508TRIVY_darwin_arm64_SHA256SUM=68aa451f395fa5418f5af59ce4081ef71075c857b95a297dc61da49c6a229a45
509
510.PRECIOUS: $(DOWNLOAD_DIR)/tools/trivy@$(TRIVY_VERSION)_$(HOST_OS)_$(HOST_ARCH)
511$(DOWNLOAD_DIR)/tools/trivy@$(TRIVY_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWNLOAD_DIR)/tools
512 $(eval OS := $(subst linux,Linux,$(subst darwin,macOS,$(HOST_OS))))
513 $(eval ARCH := $(subst amd64,64bit,$(subst arm64,ARM64,$(HOST_ARCH))))
514
515 @source $(lock_script) $@; \
516 $(CURL) https://github.com/aquasecurity/trivy/releases/download/$(TRIVY_VERSION)/trivy_$(patsubst v%,%,$(TRIVY_VERSION))_$(OS)-$(ARCH).tar.gz -o $(outfile).tar.gz; \
517 $(checkhash_script) $(outfile).tar.gz $(TRIVY_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM); \
518 tar xfO $(outfile).tar.gz trivy > $(outfile); \
519 chmod +x $(outfile); \
520 rm $(outfile).tar.gz
521
522YTT_linux_amd64_SHA256SUM=9bf62175c7cc0b54f9731a5b87ee40250f0457b1fce1b0b36019c2f8d96db8f8
523YTT_linux_arm64_SHA256SUM=cbfc85f11ffd8e61d63accf799b8997caaebe46ee046290cc1c4d05ed1ab145b
524YTT_darwin_amd64_SHA256SUM=2b6d173dec1b6087e22690386474786fd9a2232c4479d8975cc98ae8160eea76
525YTT_darwin_arm64_SHA256SUM=3e6f092bfe7a121d15126a0de6503797818c6b6745fbc97213f519d35fab08f9
526
527.PRECIOUS: $(DOWNLOAD_DIR)/tools/ytt@$(YTT_VERSION)_$(HOST_OS)_$(HOST_ARCH)
528$(DOWNLOAD_DIR)/tools/ytt@$(YTT_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWNLOAD_DIR)/tools
529 @source $(lock_script) $@; \
530 $(CURL) -sSfL https://github.com/vmware-tanzu/carvel-ytt/releases/download/$(YTT_VERSION)/ytt-$(HOST_OS)-$(HOST_ARCH) -o $(outfile); \
531 $(checkhash_script) $(outfile) $(YTT_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM); \
532 chmod +x $(outfile)
533
534RCLONE_linux_amd64_SHA256SUM=7ebdb680e615f690bd52c661487379f9df8de648ecf38743e49fe12c6ace6dc7
535RCLONE_linux_arm64_SHA256SUM=b5a6cb3aef4fd1a2165fb8c21b1b1705f3cb754a202adc81931b47cd39c64749
536RCLONE_darwin_amd64_SHA256SUM=9ef83833296876f3182b87030b4f2e851b56621bad4ca4d7a14753553bb8b640
537RCLONE_darwin_arm64_SHA256SUM=9183f495b28acb12c872175c6af1f6ba8ca677650cb9d2774caefea273294c8a
538
539.PRECIOUS: $(DOWNLOAD_DIR)/tools/rclone@$(RCLONE_VERSION)_$(HOST_OS)_$(HOST_ARCH)
540$(DOWNLOAD_DIR)/tools/rclone@$(RCLONE_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWNLOAD_DIR)/tools
541 $(eval OS := $(subst darwin,osx,$(HOST_OS)))
542
543 @source $(lock_script) $@; \
544 $(CURL) https://github.com/rclone/rclone/releases/download/$(RCLONE_VERSION)/rclone-$(RCLONE_VERSION)-$(OS)-$(HOST_ARCH).zip -o $(outfile).zip; \
545 $(checkhash_script) $(outfile).zip $(RCLONE_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM); \
546 unzip -p $(outfile).zip rclone-$(RCLONE_VERSION)-$(OS)-$(HOST_ARCH)/rclone > $(outfile); \
547 chmod +x $(outfile); \
548 rm -f $(outfile).zip
549
550PREFLIGHT_linux_amd64_SHA256SUM=20f31e4af2004e8e3407844afea4e973975069169d69794e0633f0cb91d45afd
551PREFLIGHT_linux_arm64_SHA256SUM=c42cf4132027d937da88da07760e8fd9b1a8836f9c7795a1b60513d99c6939fe
552
553# Currently there are no offical releases for darwin, you cannot submit results
554# on non-official binaries, but we can still run tests.
555#
556# Once https://github.com/redhat-openshift-ecosystem/openshift-preflight/pull/942 is merged
557# we can remove this darwin specific hack
558.PRECIOUS: $(DOWNLOAD_DIR)/tools/preflight@$(PREFLIGHT_VERSION)_darwin_$(HOST_ARCH)
559$(DOWNLOAD_DIR)/tools/preflight@$(PREFLIGHT_VERSION)_darwin_$(HOST_ARCH): | $(DOWNLOAD_DIR)/tools
560 @source $(lock_script) $@; \
561 mkdir -p $(outfile).dir; \
562 GOWORK=off GOBIN=$(outfile).dir $(GO) install github.com/redhat-openshift-ecosystem/openshift-preflight/cmd/preflight@$(PREFLIGHT_VERSION); \
563 mv $(outfile).dir/preflight $(outfile); \
564 rm -rf $(outfile).dir
565
566.PRECIOUS: $(DOWNLOAD_DIR)/tools/preflight@$(PREFLIGHT_VERSION)_linux_$(HOST_ARCH)
567$(DOWNLOAD_DIR)/tools/preflight@$(PREFLIGHT_VERSION)_linux_$(HOST_ARCH): | $(DOWNLOAD_DIR)/tools
568 @source $(lock_script) $@; \
569 $(CURL) https://github.com/redhat-openshift-ecosystem/openshift-preflight/releases/download/$(PREFLIGHT_VERSION)/preflight-linux-$(HOST_ARCH) -o $(outfile); \
570 $(checkhash_script) $(outfile) $(PREFLIGHT_linux_$(HOST_ARCH)_SHA256SUM); \
571 chmod +x $(outfile)
572
573#################
574# Other Targets #
575#################
576
577# Although we "vendor" most tools in $(bin_dir)/tools, we still require some binaries
578# to be available on the system. The vendor-go MAKECMDGOALS trick prevents the
579# check for the presence of Go when 'make vendor-go' is run.
580
581# Gotcha warning: MAKECMDGOALS only contains what the _top level_ make invocation used, and doesn't look at target dependencies
582# i.e. if we have a target "abc: vendor-go test" and run "make abc", we'll get an error
583# about go being missing even though abc itself depends on vendor-go!
584# That means we need to pass vendor-go at the top level if go is not installed (i.e. "make vendor-go abc")
585
586MISSING=$(shell (command -v curl >/dev/null || echo curl) \
587 && (command -v sha256sum >/dev/null || command -v shasum >/dev/null || echo sha256sum) \
588 && (command -v git >/dev/null || echo git) \
589 && (command -v rsync >/dev/null || echo rsync) \
590 && ([ -n "$(findstring vendor-go,$(MAKECMDGOALS),)" ] \
591 || command -v $(GO) >/dev/null || echo "$(GO) (or run 'make vendor-go')") \
592 && (command -v $(CTR) >/dev/null || echo "$(CTR) (or set CTR to a docker-compatible tool)"))
593ifneq ($(MISSING),)
594$(error Missing required tools: $(MISSING))
595endif
596
597.PHONY: tools
598## Download and setup all tools
599## @category [shared] Tools
600tools: $(TOOLS_PATHS)
601
602self_file := $(dir $(lastword $(MAKEFILE_LIST)))/00_mod.mk
603
604# This target is used to learn the sha256sum of the tools. It is used only
605# in the makefile-modules repo, and should not be used in any other repo.
606.PHONY: tools-learn-sha
607tools-learn-sha: | $(bin_dir)
608 rm -rf ./$(bin_dir)/
609 mkdir -p ./$(bin_dir)/scratch/
610 $(eval export LEARN_FILE=$(CURDIR)/$(bin_dir)/scratch/learn_tools_file)
611 echo -n "" > "$(LEARN_FILE)"
612
613 HOST_OS=linux HOST_ARCH=amd64 $(MAKE) tools
614 HOST_OS=linux HOST_ARCH=arm64 $(MAKE) tools
615 HOST_OS=darwin HOST_ARCH=amd64 $(MAKE) tools
616 HOST_OS=darwin HOST_ARCH=arm64 $(MAKE) tools
617
618 HOST_OS=linux HOST_ARCH=amd64 $(MAKE) vendor-go
619 HOST_OS=linux HOST_ARCH=arm64 $(MAKE) vendor-go
620 HOST_OS=darwin HOST_ARCH=amd64 $(MAKE) vendor-go
621 HOST_OS=darwin HOST_ARCH=arm64 $(MAKE) vendor-go
622
623 while read p; do \
624 sed -i "$$p" $(self_file); \
625 done <"$(LEARN_FILE)"
View as plain text