1#
2# Copyright 2021 The Sigstore Authors.
3#
4# Licensed under the Apache License, Version 2.0 (the "License");
5# you may not use this file except in compliance with the License.
6# You may obtain a copy of the License at
7#
8# http://www.apache.org/licenses/LICENSE-2.0
9#
10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS,
12# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13# See the License for the specific language governing permissions and
14# limitations under the License.
15
16ifeq (,$(shell echo $$DEBUG))
17else
18SHELL = bash -x
19endif
20
21# allow overwriting the default `go` value with the custom path to the go executable
22GOEXE ?= go
23
24# Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set)
25ifeq (,$(shell $(GOEXE) env GOBIN))
26GOBIN=$(shell $(GOEXE) env GOPATH)/bin
27else
28GOBIN=$(shell $(GOEXE) env GOBIN)
29endif
30
31# Set version variables for LDFLAGS
32PROJECT_ID ?= projectsigstore
33RUNTIME_IMAGE ?= gcr.io/distroless/static
34GIT_TAG ?= dirty-tag
35GIT_VERSION ?= $(shell git describe --tags --always --dirty)
36GIT_HASH ?= $(shell git rev-parse HEAD)
37DATE_FMT = +%Y-%m-%dT%H:%M:%SZ
38SOURCE_DATE_EPOCH ?= $(shell git log -1 --no-show-signature --pretty=%ct)
39ifdef SOURCE_DATE_EPOCH
40 BUILD_DATE ?= $(shell date -u -d "@$(SOURCE_DATE_EPOCH)" "$(DATE_FMT)" 2>/dev/null || date -u -r "$(SOURCE_DATE_EPOCH)" "$(DATE_FMT)" 2>/dev/null || date -u "$(DATE_FMT)")
41else
42 BUILD_DATE ?= $(shell date "$(DATE_FMT)")
43endif
44GIT_TREESTATE = "clean"
45DIFF = $(shell git diff --quiet >/dev/null 2>&1; if [ $$? -eq 1 ]; then echo "1"; fi)
46ifeq ($(DIFF), 1)
47 GIT_TREESTATE = "dirty"
48endif
49PLATFORMS=darwin linux windows
50ARCHITECTURES=amd64
51COSIGNED_ARCHS?=all
52
53LDFLAGS=-buildid= -X sigs.k8s.io/release-utils/version.gitVersion=$(GIT_VERSION) \
54 -X sigs.k8s.io/release-utils/version.gitCommit=$(GIT_HASH) \
55 -X sigs.k8s.io/release-utils/version.gitTreeState=$(GIT_TREESTATE) \
56 -X sigs.k8s.io/release-utils/version.buildDate=$(BUILD_DATE)
57
58SRCS = $(shell find cmd -iname "*.go") $(shell find pkg -iname "*.go")
59
60GOLANGCI_LINT_DIR = $(shell pwd)/bin
61GOLANGCI_LINT_BIN = $(GOLANGCI_LINT_DIR)/golangci-lint
62
63KO_PREFIX ?= gcr.io/projectsigstore
64export KO_DOCKER_REPO=$(KO_PREFIX)
65GHCR_PREFIX ?= ghcr.io/sigstore/cosign
66LATEST_TAG ?=
67
68.PHONY: all lint test clean cosign cross
69all: cosign
70
71log-%:
72 @grep -h -E '^$*:.*?## .*$$' $(MAKEFILE_LIST) | \
73 awk \
74 'BEGIN { \
75 FS = ":.*?## " \
76 }; \
77 { \
78 printf "\033[36m==> %s\033[0m\n", $$2 \
79 }'
80
81cosign: $(SRCS)
82 CGO_ENABLED=0 $(GOEXE) build -trimpath -ldflags "$(LDFLAGS)" -o $@ ./cmd/cosign
83
84cosign-pivkey-pkcs11key: $(SRCS)
85 CGO_ENABLED=1 $(GOEXE) build -trimpath -tags=pivkey,pkcs11key -ldflags "$(LDFLAGS)" -o cosign ./cmd/cosign
86
87.PHONY: cross
88cross:
89 $(foreach GOOS, $(PLATFORMS),\
90 $(foreach GOARCH, $(ARCHITECTURES), $(shell export GOOS=$(GOOS); export GOARCH=$(GOARCH); \
91 $(GOEXE) build -trimpath -ldflags "$(LDFLAGS)" -o cosign-$(GOOS)-$(GOARCH) ./cmd/cosign; \
92 shasum -a 256 cosign-$(GOOS)-$(GOARCH) > cosign-$(GOOS)-$(GOARCH).sha256 ))) \
93
94#####################
95# lint / test section
96#####################
97
98golangci-lint:
99 rm -f $(GOLANGCI_LINT_BIN) || :
100 set -e ;\
101 GOBIN=$(GOLANGCI_LINT_DIR) $(GOEXE) install github.com/golangci/golangci-lint/cmd/golangci-lint@v1.55.2 ;\
102
103lint: golangci-lint ## Run golangci-lint linter
104 $(GOLANGCI_LINT_BIN) run -n
105
106test:
107 $(GOEXE) test $(shell $(GOEXE) list ./... | grep -v third_party/)
108
109clean:
110 rm -rf cosign
111 rm -rf dist/
112
113KOCACHE_PATH=/tmp/ko
114ARTIFACT_HUB_LABELS=--image-label io.artifacthub.package.readme-url="https://raw.githubusercontent.com/sigstore/cosign/main/README.md" \
115 --image-label io.artifacthub.package.logo-url=https://raw.githubusercontent.com/sigstore/cosign/main/images/logo.svg \
116 --image-label io.artifacthub.package.license=Apache-2.0 --image-label io.artifacthub.package.vendor=sigstore \
117 --image-label io.artifacthub.package.version=0.1.0 \
118 --image-label io.artifacthub.package.name=cosign \
119 --image-label org.opencontainers.image.created=$(BUILD_DATE) \
120 --image-label org.opencontainers.image.description="Container signing verification and storage in an OCI registry" \
121 --image-label io.artifacthub.package.alternative-locations="oci://ghcr.io/sigstore/cosign/cosign"
122
123define create_kocache_path
124 mkdir -p $(KOCACHE_PATH)
125endef
126
127##########
128# ko build
129##########
130.PHONY: ko
131ko: ko-cosign ko-cosign-dev
132
133.PHONY: ko-cosign
134ko-cosign:
135 $(create_kocache_path)
136 LDFLAGS="$(LDFLAGS)" GIT_HASH=$(GIT_HASH) GIT_VERSION=$(GIT_VERSION) \
137 KOCACHE=$(KOCACHE_PATH) ko build --base-import-paths \
138 --platform=all --tags $(GIT_VERSION) --tags $(GIT_HASH)$(LATEST_TAG) \
139 $(ARTIFACT_HUB_LABELS) --image-refs cosignImagerefs \
140 github.com/sigstore/cosign/v2/cmd/cosign
141
142.PHONY: ko-cosign-dev
143ko-cosign-dev:
144 $(create_kocache_path)
145 LDFLAGS="$(LDFLAGS)" GIT_HASH=$(GIT_HASH) GIT_VERSION=$(GIT_VERSION) \
146 KOCACHE=$(KOCACHE_PATH) KO_DEFAULTBASEIMAGE=gcr.io/distroless/static-debian12:debug-nonroot ko build --base-import-paths \
147 --platform=all --tags $(GIT_VERSION)-dev --tags $(GIT_HASH)-dev \
148 $(ARTIFACT_HUB_LABELS) --image-refs cosignDevImagerefs \
149 github.com/sigstore/cosign/v2/cmd/cosign
150
151.PHONY: ko-local
152ko-local:
153 $(create_kocache_path)
154 KO_DOCKER_REPO=ko.local LDFLAGS="$(LDFLAGS)" GIT_HASH=$(GIT_HASH) GIT_VERSION=$(GIT_VERSION) \
155 KOCACHE=$(KOCACHE_PATH) ko build --base-import-paths \
156 --tags $(GIT_VERSION) --tags $(GIT_HASH) \
157 $(ARTIFACT_HUB_LABELS) \
158 github.com/sigstore/cosign/v2/cmd/cosign
159
160.PHONY: ko-local-dev
161ko-local-dev:
162 $(create_kocache_path)
163 KO_DOCKER_REPO=ko.local/cosign-dev LDFLAGS="$(LDFLAGS)" GIT_HASH=$(GIT_HASH) GIT_VERSION=$(GIT_VERSION) \
164 KOCACHE=$(KOCACHE_PATH) KO_DEFAULTBASEIMAGE=gcr.io/distroless/static-debian12:debug-nonroot ko build --base-import-paths \
165 --tags $(GIT_VERSION) --tags $(GIT_HASH) \
166 $(ARTIFACT_HUB_LABELS) \
167 github.com/sigstore/cosign/v2/cmd/cosign
168
169##################
170# help
171##################
172
173help: # Display help
174 @awk -F ':|##' \
175 '/^[^\t].+?:.*?##/ {\
176 printf "\033[36m%-30s\033[0m %s\n", $$1, $$NF \
177 }' $(MAKEFILE_LIST) | sort
178
179include release/release.mk
180include test/ci.mk
181
182##########################
183# Documentation generation
184##########################
185
186.PHONY: docgen
187docgen:
188 $(GOEXE) run -tags pivkey,pkcs11key,cgo ./cmd/help/
View as plain text