pw/Justfile at main · lebe-dev/pw · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
version := `cat Cargo.toml | grep version | head -1 | cut -d " " -f 3 | tr -d "\""`
chartName := `cat helm-chart/Chart.yaml | yq -r '.name'`
chartVersion := `cat helm-chart/Chart.yaml | yq -r '.version'`
image := "tinyops/pw"
nginxImage := `cat helm-chart/values.yaml | yq -r '.nginx.image.repository + ":" + .nginx.image.tag'`
trivyReportFile := "docs/security/trivy-scan-report.txt"
dockleReportFile := "docs/security/dockle-scan-report.txt"

cleanup:
    rm -f {{ chartName }}-*.tgz

init: cleanup
    rustup component add clippy
    cargo install cargo-llvm-cov cargo-crev

bump-frontend-deps:
    cd frontend && yarn upgrade

bump-backend-deps:
    cargo update

bump-deps: bump-frontend-deps && bump-backend-deps

build-dev-image:
    docker build --progress=plain --platform=linux/amd64 .

format:
    cargo fmt

lint: format
    cargo clippy -- -D warnings
    cd frontend && yarn lint

test:
    cd frontend && yarn test run
    cargo test

build: lint && test
    cargo build

# DEV ENV

run-backend:
    cargo run

run-frontend:
    cd frontend && yarn && npm run dev -- --port=4200

start-dev-image:
    docker compose -f docker-compose-dev.yml up -d --build --force-recreate

stop-dev-image:
    docker compose -f docker-compose-dev.yml down

# HELM CHART
test-chart:
    helm template helm-chart/

build-chart: test-chart
    helm package helm-chart/ --app-version {{ version }}

release-chart: build-chart
    rm -rf helm-repo
    git clone git@github.com:tinyops-ru/tinyops-ru.github.io.git helm-repo
    bash -euo pipefail -c '\
        cd helm-repo && \
        cp ../{{ chartName }}-{{ chartVersion }}.tgz helm-charts/ && \
        helm repo index helm-charts/ && \
        if [ -z "$(git status --porcelain)" ]; then \
            echo "Chart {{ chartName }}-{{ chartVersion }} already published, skipping." && \
            exit 0; \
        fi && \
        git add helm-charts/ && \
        git commit -m "Add helm chart: {{ chartName }}-{{ chartVersion }}" && \
        git push'
    rm -rf helm-repo

# SECURITY
trivy:
    trivy image --severity HIGH,CRITICAL {{ image }}:{{ version }}

# RELEASE
build-release-image: lint && test
    docker build --progress=plain --platform=linux/amd64 -t {{ image }}:{{ version }} .

trivy-save-reports:
    trivy -v > {{ trivyReportFile }}
    trivy config Dockerfile >> {{ trivyReportFile }}
    trivy image --severity HIGH,CRITICAL {{ image }}:{{ version }} >> {{ trivyReportFile }}
    echo "\n=== Nginx Image Scan ===" >> {{ trivyReportFile }}
    trivy image --severity HIGH,CRITICAL {{ nginxImage }} >> {{ trivyReportFile }}

dockle-scan-reports:
    dockle --no-color {{ image }}:{{ version }} > {{ dockleReportFile }}

release: build-release-image && release-chart
    docker push {{ image }}:{{ version }}
    just trivy-save-reports
    just dockle-scan-reports