chore: Improved Makefile for more robust CI pipelines and development

orlowskilp · Oct 15, 2024 · 8ad96a0 · 8ad96a0
1 parent 6d37b6c
commit 8ad96a0
Show file tree

Hide file tree

Showing 3 changed files with 88 additions and 53 deletions.
diff --git a/.github/workflows/build-and-test.yml b/.github/workflows/build-and-test.yml
@@ -25,19 +25,15 @@ jobs:
     name: Execute tests and measure coverage
     runs-on: ubuntu-latest
     env:
-      LCOV_UT_OUT: unit-test-cov.lcov
-      LCOV_IT_OUT: integration-test-cov.lcov
+      LCOV_OUT: test-coverage.lcov
+      KMS_KEY_ID: ${{ secrets.KMS_KEY_ID }}
     steps:
-      - uses: actions/checkout@v4
+      - name: Checkout codebase
+        uses: actions/checkout@v4
 
       - name: Install llvm-cov for code coverage
         uses: taiki-e/install-action@cargo-llvm-cov
 
-      - name: Run unit tests and measure coverage
-        env:
-          LLVM_COV_ARGS: --lcov --output-path ${{ env.LCOV_UT_OUT }} --lib
-        run: make test-coverage ARGS="${{ env.LLVM_COV_ARGS }}"
-
       - name: Assume AWS role
         uses: aws-actions/configure-aws-credentials@v4
         with:
@@ -46,51 +42,48 @@ jobs:
           role-session-name: ${{ vars.AWS_STS_SESSION_NAME}}
           mask-aws-account-id: true
 
-      - name: Run integration tests and measure coverage
+      - name: Run unit and integration tests
         env:
-          LLVM_COV_ARGS: --lcov --output-path ${{ env.LCOV_IT_OUT }} --tests
-          KMS_KEY_ID: ${{ secrets.KMS_KEY_ID }}
-        run: make test-coverage ARGS="${{ env.LLVM_COV_ARGS }}"
+          LLVM_COV_ARGS: --lcov --output-path ${{ env.LCOV_OUT }}
+        run: |
+          make fetch-public-key
+          make test-coverage
 
       - name: Run doc tests
-        env:
-          KMS_KEY_ID: ${{ secrets.KMS_KEY_ID }}
-        run: make test-doc
+        run: make doc-test
 
       - name: Upload coverage to Codecov
         uses: codecov/codecov-action@v4
         with:
           token: ${{ secrets.CODECOV_TOKEN }}
-          files: ./${{ env.LCOV_UT_OUT }},./${{ env.LCOV_IT_OUT }}
+          files: ./${{ env.LCOV_OUT }}
           fail_ci_if_error: true
 
   build-x86-gnu:
     name: Build for x86_64-unknown-linux-gnu
-    env:
-      TOOL_CHAIN : x86_64-unknown-linux-gnu
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - name: Checkout codebase
+        uses: actions/checkout@v4
 
-      - name: Build for ${{ env.TOOL_CHAIN }}
-        env:
-          ARGS: --target=${{ env.TOOL_CHAIN }}
-        run: make ARGS=${{ env.ARGS }} build
+      - name: Build for x86_64-unknown-linux-gnu
+        run: make build
 
   build-x86-musl:
     name: Build for x86_64-unknown-linux-musl
     env:
       TOOL_CHAIN : x86_64-unknown-linux-musl
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - name: Checkout codebase
+        uses: actions/checkout@v4
 
       - name: Install musl toolchain
         run: |
           sudo apt install musl-tools
           rustup target add --toolchain stable ${{ env.TOOL_CHAIN }}
 
-      - name: Build for ${{ env.TOOL_CHAIN }}
+      - name: Build for x86_64-unknown-linux-musl
         env:
-          ARGS: --target=${{ env.TOOL_CHAIN }}
-        run: make ARGS=${{ env.ARGS }} build
+          TOOL_CHAIN: x86_64-unknown-linux-gnu
+        run: make build
diff --git a/Makefile b/Makefile
@@ -1,42 +1,84 @@
+# Build the library with the specified tool chain. Default is x86_64-unknown-linux-gnu
 .PHONY: build
-build:
-	cargo build $(ARGS) --release
+TOOL_CHAIN =
+ifndef TOOL_CHAIN
+	TOOL_CHAIN = x86_64-unknown-linux-gnu
+endif
+build: format
+	cargo clippy
+	cargo build --target=$(TOOL_CHAIN) --release
 
+# Build documentation for the library
 .PHONY: doc
 doc:
 	cargo fmt --check
-	cargo doc --no-deps --open
+	cargo doc --no-deps
 
+# Run all tests (no coverage)
 .PHONY: test
-test:
-ifndef KMS_KEY_ID
-	$(error KMS_KEY_ID is not set)
-endif
-	cargo fmt
-	cargo test --lib --tests
+test: format check-env
+	cargo test
+
+# Clean up
+.PHONY: clean
+clean:
+	cargo clean
+
+# ==== Directives for developers ====
 
+# Run unit and integration tests and measure coverage.
+# Additional flags can be passed with LLVM_COV_ARGS
 .PHONY: test-coverage
-test-coverage:
-	cargo llvm-cov $(ARGS)
+test-coverage: check-env
+	cargo llvm-cov $(LLVM_COV_ARGS)
 
-.PHONY: test-doc
-test-doc:
-ifndef KMS_KEY_ID
-	$(error KMS_KEY_ID is not set)
-endif
+# Run only documentation tests (shorthand for developers)
+.PHONY: doc-test
+doc-test: format check-env
 	cargo test --doc
 
+# Run only unit tests (shorthand for developers)
 .PHONY: unit-test
-unit-test:
+unit-test: format
 	cargo test --lib
 
-.PHONY: integration-tests
+# Run only integration tests (shorthand for developers)
+.PHONY: integration-test
+integration-test: format check-env
+	cargo test --tests
+
+# ==== Helper directives ====
+
+# Format codebase
+.PHONY: format
+format:
+	cargo fmt
+
+# Downloads and decodes the public key from KMS
+.PHONY: fetch-public-key
+PUBLIC_KEY_FILE_PATH = ./tests/data/pub-key
+PUBLIC_KEY_FILE_PEM = $(PUBLIC_KEY_FILE_PATH).pem
+PUBLIC_KEY_FILE_DER = $(PUBLIC_KEY_FILE_PATH).der
+fetch-public-key: check-env
+	@aws kms get-public-key \
+		--region $(AWS_REGION) \
+		--key-id $(KMS_KEY_ID) \
+		--output text \
+		--query PublicKey > $(PUBLIC_KEY_FILE_PEM) || \
+		(echo "Failed to fetch public key" && exit 1)
+	@cat $(PUBLIC_KEY_FILE_PEM) | base64 -d > $(PUBLIC_KEY_FILE_DER)
+	@echo "Public key saved to $(PUBLIC_KEY_FILE_PEM) and decoded to $(PUBLIC_KEY_FILE_DER)"
+
+# Check if the environment variables are set and STS token is valid
+.PHONY: check-env
+check-env:
 ifndef KMS_KEY_ID
 	$(error KMS_KEY_ID is not set)
 endif
-integration-test:
-	cargo test --tests
-
-.PHONY: clean
-clean:
-	cargo clean
+ifndef AWS_REGION
+	$(error AWS_REGION is not set)
+endif
+	@aws --version &> /dev/null || (echo "AWS CLI not installed" && exit 1)
+	@aws sts get-caller-identity &> /dev/null || \
+		(echo "AWS CLI could not assume role. Did the STS token expire?" && exit 1)
+	@echo "Environment variables are set and the STS token is valid"
diff --git a/README.md b/README.md
@@ -15,14 +15,14 @@ EVM transaction signing library using key pairs generated and stored in
 
 ## Tool chain compatibility
 
-Works [MUSL](https://musl.libc.org) and [GNU](https://www.gnu.org/software/libc) tool chains.
+Works with [MUSL](https://musl.libc.org) and [GNU](https://www.gnu.org/software/libc) tool chains.
 
 ## Features
 
 * Legacy (type 0) transactions
 * [EIP-2930](https://eips.ethereum.org/EIPS/eip-2930) (type 1) transactions
 * [EIP-1559](https://eips.ethereum.org/EIPS/eip-1559) (type 2) transactions
-* Easy expandable to future [EIP-2718](https://eips.ethereum.org/EIPS/eip-2718) typed transactions
+* Easily expandable to future [EIP-2718](https://eips.ethereum.org/EIPS/eip-2718) typed transactions
 
 ## What's needed