-
-
Notifications
You must be signed in to change notification settings - Fork 5
/
Makefile
41 lines (30 loc) · 1.12 KB
/
Makefile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
all: gomplate-ci-build/image.iid
%/image.iid: %/Dockerfile
docker build \
--progress auto \
--iidfile $@ \
-f $< \
$(dir $<)
dockerimage = "ghcr.io/hairyhenderson/$(patsubst %/image.tag,%,$(1))"
%/image.tag: %/image.iid
docker tag $(shell cat $<) $(call dockerimage,$@)
@echo $(call dockerimage,$@) > $@
%/image.scanned: %/image.tag .trivyignore Makefile
trivy i --exit-code 1 --ignore-unfixed --vuln-type os,library --severity HIGH,CRITICAL $(shell cat $<)
@cat $< > $@
%/image.pushed: %/image.tag
docker push $(shell cat $<)
@echo "$(call dockerimage,$@)" > $@
scan: $(patsubst %/Dockerfile,%/image.scanned,$(wildcard */Dockerfile))
clean:
@rm -f .github/workflows/build.yml
@rm -f .github/dependabot.yml
-@rm -f */image.iid */image.tag */image.scanned */image.pushed
.github/workflows/build.yml: .github/workflows/build.yml.tmpl */.* */Dockerfile
@gomplate -c dir=$(shell pwd) -f $< -o $@
.github/dependabot.yml: .github/dependabot.yml.tmpl */.ignore */Dockerfile
@gomplate -c dir=$(shell pwd) -f $< -o $@
gen: .github/workflows/build.yml .github/dependabot.yml
.PHONY: clean scan
.DELETE_ON_ERROR:
.SECONDARY: