-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathMakefile
More file actions
89 lines (69 loc) · 2.11 KB
/
Makefile
File metadata and controls
89 lines (69 loc) · 2.11 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
.DEFAULT_GOAL := check
.PHONY: check test test-race vet lint fmt fmt-check bench check-all \
tidy tidy-check replace-check vuln secrets security release-check release
# Default target: fast checks for inner-loop dev.
check: fmt-check vet test
test:
go test ./...
test-race:
go test -race ./...
vet:
go vet ./...
lint:
golangci-lint run
fmt:
gofmt -w .
fmt-check:
@test -z "$$(gofmt -l .)" || (echo "Run 'make fmt' to fix formatting" && gofmt -l . && exit 1)
bench:
go test -bench=. -benchmem ./...
# Tidy dependencies
tidy:
go mod tidy
# Verify go.mod/go.sum are tidy (CI gate)
tidy-check:
@set -e; cp go.mod go.mod.tidycheck; cp go.sum go.sum.tidycheck; \
restore() { mv go.mod.tidycheck go.mod; mv go.sum.tidycheck go.sum; }; \
if ! go mod tidy; then \
restore; \
echo "'go mod tidy' failed. Restored original go.mod/go.sum."; \
exit 1; \
fi; \
if ! git diff --quiet -- go.mod go.sum; then \
restore; \
echo "go.mod/go.sum are not tidy. Run 'make tidy' and commit the result."; \
exit 1; \
fi; \
rm -f go.mod.tidycheck go.sum.tidycheck
# Guard against local replace directives in go.mod
replace-check:
@if grep -q '^[[:space:]]*replace[[:space:]]' go.mod; then \
echo "ERROR: go.mod contains replace directives"; \
grep '^[[:space:]]*replace[[:space:]]' go.mod; \
echo ""; \
echo "Remove replace directives before releasing."; \
exit 1; \
fi
@echo "Replace check passed (no local replace directives)"
# --- Security targets ---
# Run vulnerability scanner
vuln:
@echo "Running govulncheck..."
govulncheck ./...
# Run secret scanner
secrets:
@command -v gitleaks >/dev/null || (echo "Install gitleaks: brew install gitleaks" && exit 1)
gitleaks detect --source . --verbose
# Run all security checks
security: lint vuln secrets
# Lint GitHub Actions workflows
lint-actions:
actionlint
zizmor .
# Full suite: everything CI runs.
check-all: fmt-check vet lint lint-actions test-race bench tidy-check
# Full pre-flight for release
release-check: check-all replace-check vuln secrets
# Cut a release (delegates to scripts/release.sh)
release:
DRY_RUN=$(DRY_RUN) scripts/release.sh $(VERSION)