# # This is a shim installed automatically by the build-harness # https://github.com/cloudposse/build-harness # # templates/Makefile.build-harness includes this Makefile # and this Makefile includes templates/Makefile.build-harness # to support different modes of invocation. Use a guard variable # to prevent infinite recursive includes ifeq ($(BUILD_HARNESS_TEMPLATES_MAKEFILE_GUARD),) BUILD_HARNESS_TEMPLATES_MAKEFILE_GUARD := included export SHELL = /bin/bash export PWD = $(shell pwd) export BUILD_HARNESS_ORG ?= cloudposse export BUILD_HARNESS_PROJECT ?= build-harness export BUILD_HARNESS_DOCKER_IMAGE ?= $(BUILD_HARNESS_ORG)/$(BUILD_HARNESS_PROJECT) export BUILD_HARNESS_BRANCH ?= master export BUILD_HARNESS_CLONE_URL ?= https://github.com/$(BUILD_HARNESS_ORG)/$(BUILD_HARNESS_PROJECT).git # Resolves BUILD_HARNESS_PATH to BUILD_HARNESS_PATH_LOCAL when BUILD_HARNESS_PATH does not exist BUILD_HARNESS_PATH ?= $(shell until [ -d "$(BUILD_HARNESS_PROJECT)" ] || [ "`pwd`" == '/' ]; do cd ..; done; pwd)/$(BUILD_HARNESS_PROJECT) BUILD_HARNESS_PATH_LOCAL := $(PWD)/$(BUILD_HARNESS_PROJECT) export BUILD_HARNESS_PATH := $(or $(wildcard $(BUILD_HARNESS_PATH)),$(BUILD_HARNESS_PATH_LOCAL)) # It is kind of expensive to figure out the Docker SHA tag, so we just define the command here, and only call it when needed # With the ":=" syntax, it stores the current value of BUILD_HARNESS_PATH, so this has to come after that has been set with ":=" export BUILD_HARNESS_DOCKER_SHA_TAG_CMD := git -C "$(BUILD_HARNESS_PATH)" log -n 1 --format=sha-%h 2>/dev/null || echo latest # Toggles the auto-init feature BUILD_HARNESS_AUTO_INIT ?= false # Macro to clone/install BUILD_HARNESS_PROJECT define harness_install curl --retry 5 --fail --silent --retry-delay 1 \ https://raw.githubusercontent.com/$(BUILD_HARNESS_ORG)/$(BUILD_HARNESS_PROJECT)/$(BUILD_HARNESS_BRANCH)/bin/install.sh | \ bash -s "$(BUILD_HARNESS_ORG)" "$(BUILD_HARNESS_PROJECT)" "$(BUILD_HARNESS_BRANCH)" endef # Macro to auto-init the BUILD_HARNESS_PROJECT with the `include` directive # Tests if BUILD_HARNESS_PROJECT does not yet exist, or if it does exist but the # checkout does not match BUILD_HARNESS_BRANCH define harness_auto_init if [[ \ -f "/build-harness/Makefile" || -f "/$(BUILD_HARNESS_PROJECT)/Makefile" \ ]]; then \ echo "[.build-harness]: In $(BUILD_HARNESS_PROJECT) docker container, skipping auto-init" ;\ elif grep -q docker /proc/1/cgroup 2>/dev/null; then \ echo "[.build-harness]: In unknown docker container, skipping auto-init" ;\ elif [[ \ "$(BUILD_HARNESS_PATH)" != "$(BUILD_HARNESS_PATH_LOCAL)" && \ -f "$(BUILD_HARNESS_PATH)/Makefile" \ ]]; then \ echo "[.build-harness]: Using external $(BUILD_HARNESS_PATH), skipping auto-init" ;\ elif [[ \ "$(BUILD_HARNESS_PATH)" == "$(BUILD_HARNESS_PATH_LOCAL)" && \ -f "$(BUILD_HARNESS_PATH)/Makefile" && \ "$$(git -C '$(BUILD_HARNESS_PATH_LOCAL)' ls-remote '$(BUILD_HARNESS_CLONE_URL)' '$(BUILD_HARNESS_BRANCH)' | cut -f1)" == "$$(git -C '$(BUILD_HARNESS_PATH_LOCAL)' rev-parse HEAD)" \ ]]; then \ echo "[.build-harness]: Clone of $(BUILD_HARNESS_PROJECT) is up-to-date, skipping auto-init" ;\ else \ $(harness_install) ;\ fi endef -include $(if $(findstring true,$(BUILD_HARNESS_AUTO_INIT)),$(shell $(harness_auto_init) >&2)) $(BUILD_HARNESS_PATH)/Makefile .PHONY : init ## Init build-harness init:: @ $(harness_install) .PHONY : clean ## Clean build-harness clean:: @if [ -d "$(BUILD_HARNESS_PATH)" ]; then \ if [ -d build-harness ] && [ "$(BUILD_HARNESS_PATH)" -ef build-harness ]; then \ echo rm -rf build-harness; \ rm -rf build-harness; \ else \ echo Not removing build harness from "$(BUILD_HARNESS_PATH)" because it appears to be shared.; \ echo If you are sure you want to delete it, run: ; \ echo ' rm -rf "$(BUILD_HARNESS_PATH)"'; \ fi; \ fi .PHONY: git-safe-directory # Workaround for https://github.com/actions/checkout/issues/766 # Note that if we always add a safe directory, we are recreating the security problem git is trying to solve. # So we only add the safe directory if we are running in a GitHub Actions environment. git-safe-directory: @if remove_protection_cmd=$$(git log -1 2>&1 | grep -F 'git config --global --add safe.directory'); then \ if [[ -n "$$GITHUB_WORKSPACE" ]]; then \ printf "Marking directory %s as safe for git to trust\n" "$$GITHUB_WORKSPACE" >&2; \ git config --global --add safe.directory "$$GITHUB_WORKSPACE"; \ else \ printf "\nGit refused to trust a directory, presumably due to dubious ownership.\n" >&2; \ printf "GitHub Actions environment not detected, so script is not automatically trusting suspicious directory.\n\n" >&2 ;\ printf "To trust the directory git is concerned about, run:\n\n %s\n\n" "$$remove_protection_cmd" >&2; \ fi \ fi .PHONY: build-harness/shell builder build-harness/shell/pull builder/pull builder/build builder-slim/build build-harness/shell/pull builder/pull builder/build builder-slim/build: BUILD_HARNESS_DOCKER_SHA_TAG ?= $(shell $(BUILD_HARNESS_DOCKER_SHA_TAG_CMD)) build-harness/shell/pull builder/pull: docker pull $(BUILD_HARNESS_DOCKER_IMAGE):$(BUILD_HARNESS_DOCKER_SHA_TAG) @[[ "$(BUILD_HARNESS_DOCKER_SHA_TAG)" == "latest" ]] || docker pull $(BUILD_HARNESS_DOCKER_IMAGE):latest builder/build: export DOCKER_IMAGE_NAME = $(BUILD_HARNESS_DOCKER_IMAGE):$(BUILD_HARNESS_DOCKER_SHA_TAG) builder/build: @$(MAKE) --no-print-directory docker/build builder-slim/build: export DOCKER_IMAGE_NAME = $(BUILD_HARNESS_DOCKER_IMAGE):slim-$(BUILD_HARNESS_DOCKER_SHA_TAG) builder-slim/build: export DOCKER_FILE := Dockerfile.slim builder-slim/build: @$(MAKE) --no-print-directory docker/build DEFAULT_DOCKER_ENVS := AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN TERM AWS_PROFILE AWS_REGION \ AWS_DEFAULT_PROFILE AWS_DEFAULT_REGION EXTRA_DOCKER_ENVS ?= AWS_CONFIG_FILE AWS_SHARED_CREDENTIALS_FILE DOCKER_ENVS ?= $(DEFAULT_DOCKER_ENVS) $(EXTRA_DOCKER_ENVS) ## Start a shell inside of the `build-harness` docker container with `make build-harness/shell` or `make builder` ## Run `make` targets inside the build-harness shell by setting `TARGETS` or `TARGET`, e.g. ## make builder TARGETS="github/init readme" build-harness/shell builder tester: MOUNT_HOME ?= $(shell [ -d "$$HOME" ] && printf -- "-e HOME -v \"%s\":\"%s\"" "$$HOME" "$$HOME") build-harness/shell builder tester: TARGETS ?= $(TARGET) build-harness/shell builder tester: ARGS := $(if $(TARGETS),$(TARGETS),-l || true) build-harness/shell builder tester: ENTRYPOINT := $(if $(TARGETS),/usr/bin/make,/bin/bash) build-harness/shell builder pr/pre-commit pr/readme pr/github-update: RUNNER_DOCKER_TAG ?= $(shell $(BUILD_HARNESS_DOCKER_SHA_TAG_CMD)) build-harness/shell builder pr/pre-commit pr/readme pr/github-update: RUNNER_DOCKER_IMAGE ?= $(BUILD_HARNESS_DOCKER_IMAGE) build-harness/shell builder: build-harness/runner @exit 0 .PHONY: build-harness/shell-slim builder-slim pr/readme pr/readme/host pr/pre-commit pr/github-update pr/github-update/host tf14-upgrade .PHONY: precommit/terraform pr/auto-format precommit/terraform/host pr/auto-format/host build-harness/shell-slim builder-slim precommit/terraform pr/auto-format pr/readme tf14-upgrade: RUNNER_DOCKER_IMAGE ?= $(BUILD_HARNESS_DOCKER_IMAGE) build-harness/shell-slim builder-slim tf14-upgrade precommit/terraform pr/auto-format pr/readme: RUNNER_DOCKER_SHA_TAG ?= $(shell $(BUILD_HARNESS_DOCKER_SHA_TAG_CMD)) build-harness/shell-slim builder-slim tf14-upgrade precommit/terraform pr/auto-format pr/readme: RUNNER_DOCKER_TAG ?= \ $(shell docker inspect --type=image $(RUNNER_DOCKER_IMAGE):$(RUNNER_DOCKER_SHA_TAG) >/dev/null 2>&1 && \ echo "$(RUNNER_DOCKER_SHA_TAG) " || echo "slim-$(RUNNER_DOCKER_SHA_TAG)") build-harness/shell-slim builder-slim: TARGETS ?= $(TARGET) build-harness/shell-slim builder-slim: ARGS := $(if $(TARGETS),$(TARGETS),-l || true) build-harness/shell-slim builder-slim: ENTRYPOINT := $(if $(TARGETS),/usr/bin/make,/bin/bash) build-harness/shell-slim builder-slim: build-harness/runner precommit/terraform pr/auto-format pr/readme pr/pre-commit pr/github-update tf14-upgrade : ENTRYPOINT := /usr/bin/make # Prior to 2023-05-17 (build-harness v1.18.0), before committing changes to a terraform module, you could run # make pr/auto-format # which used this setting: # pr/auto-format pr/auto-format/host: ARGS := github/update terraform/fmt readme # Now the preferred target is `precommit/terraform` but the old targets are left for backwards compatibility. precommit/terraform pr/auto-format precommit/terraform/host pr/auto-format/host: ARGS := terraform/precommit pr/readme pr/readme/host: ARGS := readme/deps readme pr/github-update pr/github-update/host: ARGS := github/update precommit/terraform pr/auto-format pr/readme pr/github-update: build-harness/runner precommit/terraform/host pr/auto-format/host pr/readme/host pr/github-update/host: git-safe-directory $(MAKE) $(ARGS) pr/pre-commit: ARGS := pre-commit/run pr/pre-commit: build-harness/runner tf14-upgrade: export TERRAFORM_FORCE_README := true tf14-upgrade: ARGS := github/init terraform/v14-rewrite tf14-upgrade: build-harness/runner .PHONY: tester tester/pull tester tester/pull: TEST_HARNESS_DOCKER_IMAGE ?= cloudposse/test-harness tester tester/pull: TEST_HARNESS_DOCKER_TAG ?= latest tester: RUNNER_DOCKER_IMAGE ?= $(TEST_HARNESS_DOCKER_IMAGE) tester: RUNNER_DOCKER_TAG ?= $(TEST_HARNESS_DOCKER_TAG) tester: build-harness/runner tester/pull: docker pull $(TEST_HARNESS_DOCKER_IMAGE):$(TEST_HARNESS_DOCKER_TAG) .PHONY: build-harness/runner build-harness/runner: $(info Starting $(RUNNER_DOCKER_IMAGE):$(RUNNER_DOCKER_TAG)) docker run --name build-harness \ --rm -it \ --platform linux/amd64 \ -e PACKAGES_PREFER_HOST=true \ $(addprefix -e ,$(DOCKER_ENVS)) \ $(MOUNT_HOME) \ -v $(CURDIR):/host \ --workdir /host \ --entrypoint $(ENTRYPOINT) \ $(RUNNER_DOCKER_IMAGE):$(RUNNER_DOCKER_TAG) $(ARGS) .PHONY: reset-owner reset-owner: @if [[ -n $$(find . -xdev -user 0 -print) ]]; then \ printf "\n* To reset ownership on files, run:\n sudo find . -xdev -user 0 -exec chown $$USER {} \;\n\n" ; \ else \ printf "\n* No root-owned files found\n\n" ; \ fi endif