-
Notifications
You must be signed in to change notification settings - Fork 595
/
Copy pathMakefile
261 lines (207 loc) · 10.2 KB
/
Makefile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
PWD=$(shell pwd)
export ROOT_MAKEFILE_DIR=$(shell pwd)
export DEEPFENCE_AGENT_DIR=$(PWD)/deepfence_agent
export DEEPFENCE_ROUTER_DIR=$(PWD)/haproxy
export DEEPFENCE_TELEMETRY_DIR=$(PWD)/deepfence_telemetry
export DEEPFENCE_FILE_SERVER_DIR=$(PWD)/deepfence_file_server
export DEEPFENCE_FRONTEND_DIR=$(PWD)/deepfence_frontend
export SECRET_SCANNER_DIR=$(DEEPFENCE_AGENT_DIR)/plugins/SecretScanner
export MALWARE_SCANNER_DIR=$(DEEPFENCE_AGENT_DIR)/plugins/YaraHunter/
export PACKAGE_SCANNER_DIR=$(DEEPFENCE_AGENT_DIR)/plugins/package-scanner
export COMPLIANCE_SCANNER_DIR=$(DEEPFENCE_AGENT_DIR)/plugins/compliance
export CLOUD_SCANNER_DIR=$(DEEPFENCE_AGENT_DIR)/plugins/cloud-scanner
export DEEPFENCE_CTL=$(PWD)/deepfence_ctl
export DEEPFENCED=$(PWD)/deepfence_bootstrapper
export DEEPFENCE_FARGATE_DIR=$(DEEPFENCE_AGENT_DIR)/agent-binary
export IMAGE_REPOSITORY?=quay.io/deepfenceio
export DF_IMG_TAG?=latest
export STEAMPIPE_IMG_TAG?=0.23.x
export IS_DEV_BUILD?=false
export VERSION?=v2.5.2
export AGENT_BINARY_BUILD=$(DEEPFENCE_FARGATE_DIR)/build
export AGENT_BINARY_BUILD_RELATIVE=deepfence_agent/agent-binary/build
export AGENT_BINARY_DIST=$(DEEPFENCE_FARGATE_DIR)/dist
export AGENT_BINARY_DIST_RELATIVE=deepfence_agent/agent-binary/dist
export AGENT_BINARY_FILENAME=deepfence-agent-$(shell dpkg --print-architecture)-$(VERSION).tar.gz
default: bootstrap console_plugins agent console fargate-local
.PHONY: console
console: redis postgres kafka-broker router server worker ui file-server graphdb jaeger
.PHONY: console_plugins
console_plugins: secretscanner malwarescanner packagescanner compliancescanner
.PHONY: bootstrap
bootstrap:
./bootstrap.sh
.PHONY: alpine_builder
alpine_builder:
docker build --tag=$(IMAGE_REPOSITORY)/deepfence_builder_ce:$(DF_IMG_TAG) -f docker_builders/Dockerfile-alpine .
.PHONY: debian_builder
debian_builder:
docker build --build-arg DF_IMG_TAG=${DF_IMG_TAG} --build-arg IMAGE_REPOSITORY=${IMAGE_REPOSITORY} --tag=$(IMAGE_REPOSITORY)/deepfence_glibc_builder_ce:$(DF_IMG_TAG) -f docker_builders/Dockerfile-debian .
.PHONY: bootstrap-agent-plugins
bootstrap-agent-plugins:
(cd $(DEEPFENCE_AGENT_DIR)/plugins && make localinit)
(cd $(PACKAGE_SCANNER_DIR) && bash bootstrap.sh)
(cd $(SECRET_SCANNER_DIR) && bash bootstrap.sh)
(cd $(MALWARE_SCANNER_DIR) && bash bootstrap.sh)
(cd $(CLOUD_SCANNER_DIR) && bash bootstrap.sh)
.PHONY: agent
agent: debian_builder deepfenced console_plugins
(cd $(DEEPFENCE_AGENT_DIR) &&\
IMAGE_REPOSITORY=$(IMAGE_REPOSITORY) DF_IMG_TAG=$(DF_IMG_TAG) VERSION=$(VERSION) bash build.sh)
.PHONY: agent-binary
agent-binary: agent agent-binary-tar
.PHONY: agent-binary-tar
agent-binary-tar:
mkdir -p $(AGENT_BINARY_DIST) $(AGENT_BINARY_BUILD)
ID=$$(docker create $(IMAGE_REPOSITORY)/deepfence_agent_ce:$(DF_IMG_TAG)); \
(cd $(DEEPFENCE_FARGATE_DIR) &&\
CONTAINER_ID=$$ID VERSION=$(VERSION) AGENT_BINARY_BUILD=$(AGENT_BINARY_BUILD) AGENT_BINARY_DIST=$(AGENT_BINARY_DIST) AGENT_BINARY_FILENAME=$(AGENT_BINARY_FILENAME) bash copy-bin-from-agent.sh); \
docker rm -v $$ID
.PHONY: fargate-local
fargate-local: agent-binary-tar
(cd $(DEEPFENCE_AGENT_DIR) &&\
IMAGE_REPOSITORY=$(IMAGE_REPOSITORY) DF_IMG_TAG=$(DF_IMG_TAG) VERSION=$(VERSION) AGENT_BINARY_BUILD_RELATIVE=$(AGENT_BINARY_BUILD_RELATIVE) AGENT_BINARY_FILENAME=$(AGENT_BINARY_FILENAME) bash build-fargate-local-bin.sh)
.PHONY: fargate
fargate:
mkdir -p $(AGENT_BINARY_BUILD)
(cd $(DEEPFENCE_AGENT_DIR) &&\
IMAGE_REPOSITORY=$(IMAGE_REPOSITORY) DF_IMG_TAG=$(DF_IMG_TAG) VERSION=$(VERSION) AGENT_BINARY_BUILD=$(AGENT_BINARY_BUILD) AGENT_BINARY_BUILD_RELATIVE=$(AGENT_BINARY_BUILD_RELATIVE) bash build-fargate.sh)
.PHONY: deepfenced
deepfenced: alpine_builder bootstrap bootstrap-agent-plugins
(cd $(DEEPFENCED) && make prepare)
cp $(DEEPFENCED)/deepfence_bootstrapper $(DEEPFENCE_AGENT_DIR)/deepfenced
.PHONY: redis
redis:
(cd deepfence_redis && docker build --tag=$(IMAGE_REPOSITORY)/deepfence_redis_ce:$(DF_IMG_TAG) .)
.PHONY: postgres
postgres:
docker build --tag=$(IMAGE_REPOSITORY)/deepfence_postgres_ce:$(DF_IMG_TAG) -f deepfence_postgres/Dockerfile ./deepfence_postgres
.PHONY: kafka-broker
kafka-broker:
docker build -t $(IMAGE_REPOSITORY)/deepfence_kafka_broker_ce:$(DF_IMG_TAG) -f ./deepfence_kafka/kafka-broker-Dockerfile ./deepfence_kafka
.PHONY: router
router:
docker build --build-arg is_dev_build=$(IS_DEV_BUILD) -t $(IMAGE_REPOSITORY)/deepfence_router_ce:$(DF_IMG_TAG) $(DEEPFENCE_ROUTER_DIR)
.PHONY: file-server
file-server:
docker build -t $(IMAGE_REPOSITORY)/deepfence_file_server_ce:$(DF_IMG_TAG) $(DEEPFENCE_FILE_SERVER_DIR)
.PHONY: server
server: debian_builder
(cd ./deepfence_server && VERSION=$(VERSION) make image)
.PHONY: worker
worker: debian_builder agent-binary-tar
(cd ./deepfence_worker && VERSION=$(VERSION) AGENT_BINARY_DIST_RELATIVE=$(AGENT_BINARY_DIST_RELATIVE) make image)
.PHONY: jaeger
jaeger:
docker build -t $(IMAGE_REPOSITORY)/deepfence_telemetry_ce:$(DF_IMG_TAG) $(DEEPFENCE_TELEMETRY_DIR)
.PHONY: graphdb
graphdb:
docker build -f ./deepfence_neo4j/Dockerfile --build-arg IMAGE_REPOSITORY=$(IMAGE_REPOSITORY) --build-arg DF_IMG_TAG=$(DF_IMG_TAG) -t $(IMAGE_REPOSITORY)/deepfence_neo4j_ce:$(DF_IMG_TAG) ./deepfence_neo4j
.PHONY: ui
ui:
git log --format="%h" -n 1 > $(DEEPFENCE_FRONTEND_DIR)/console_version.txt && \
echo $(subst v,,$(VERSION)) > $(DEEPFENCE_FRONTEND_DIR)/product_version.txt && \
docker run --rm --entrypoint=bash -v $(DEEPFENCE_FRONTEND_DIR):/app node:18-bullseye-slim -c "cd /app && corepack enable && corepack prepare [email protected] --activate && PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD=true pnpm install --frozen-lockfile --prefer-offline && ENABLE_ANALYTICS=true pnpm run build" && \
docker build -f $(DEEPFENCE_FRONTEND_DIR)/Dockerfile -t $(IMAGE_REPOSITORY)/deepfence_ui_ce:$(DF_IMG_TAG) $(DEEPFENCE_FRONTEND_DIR) && \
rm -rf $(DEEPFENCE_FRONTEND_DIR)/console_version.txt $(DEEPFENCE_FRONTEND_DIR)/product_version.txt
.PHONY: secretscanner
secretscanner: bootstrap-agent-plugins
docker build --tag=$(IMAGE_REPOSITORY)/deepfence_secret_scanner_ce:$(DF_IMG_TAG) -f $(SECRET_SCANNER_DIR)/Dockerfile $(SECRET_SCANNER_DIR)
.PHONY: malwarescanner
malwarescanner: bootstrap-agent-plugins
docker build --tag=$(IMAGE_REPOSITORY)/deepfence_malware_scanner_ce:$(DF_IMG_TAG) -f $(MALWARE_SCANNER_DIR)/Dockerfile $(MALWARE_SCANNER_DIR)
.PHONY: packagescanner
packagescanner: bootstrap-agent-plugins
docker build --tag=$(IMAGE_REPOSITORY)/deepfence_package_scanner_ce:$(DF_IMG_TAG) -f $(PACKAGE_SCANNER_DIR)/Dockerfile $(PACKAGE_SCANNER_DIR)
.PHONY: packagescanner-cli
packagescanner-cli:
(cd $(PACKAGE_SCANNER_DIR) && make docker-cli)
.PHONY: compliancescanner
compliancescanner:
docker build --tag=$(IMAGE_REPOSITORY)/deepfence_compliance_scanner_ce:$(DF_IMG_TAG) -f $(COMPLIANCE_SCANNER_DIR)/Dockerfile $(COMPLIANCE_SCANNER_DIR)
.PHONY: cloudscanner
cloudscanner: debian_builder deepfenced
(cd $(DEEPFENCE_AGENT_DIR) && IMAGE_REPOSITORY=$(IMAGE_REPOSITORY) DF_IMG_TAG=$(DF_IMG_TAG) VERSION=$(VERSION) bash build_cloud_agent.sh)
.PHONY: openapi
openapi: server
docker run --rm \
--entrypoint=/usr/local/bin/deepfence_server \
-v $(PWD):/app $(IMAGE_REPOSITORY)/deepfence_server_ce:$(DF_IMG_TAG) \
--export-api-docs-path /app/openapi.yaml
rm -rf golang_deepfence_sdk/client/*
docker pull openapitools/openapi-generator-cli:latest
docker run --rm \
-v $(PWD):/local openapitools/openapi-generator-cli:latest generate \
-i /local/openapi.yaml \
-g go \
-o /local/golang_deepfence_sdk/client \
-p isGoSubmodule=true \
-p packageName=client \
--git-repo-id golang_deepfence_sdk \
--git-user-id deepfence
rm openapi.yaml
cd $(PWD)/golang_deepfence_sdk/client && rm -rf ./test && sed -i 's/go 1.18/go 1.23.2/g' go.mod && go mod tidy -v && cd -
.PHONY: cli
cli: bootstrap
(cd $(DEEPFENCE_CTL) && make clean && make all)
.PHONY: publish
publish: publish-redis publish-postgres publish-kafka publish-router publish-file-server publish-server publish-worker publish-ui publish-agent publish-cluster-agent publish-packagescanner publish-secretscanner publish-malwarescanner publish-graphdb publish-jaeger
.PHONY: publish-redis
publish-redis:
docker push $(IMAGE_REPOSITORY)/deepfence_redis_ce:$(DF_IMG_TAG)
.PHONY: publish-postgres
publish-postgres:
docker push $(IMAGE_REPOSITORY)/deepfence_postgres_ce:$(DF_IMG_TAG)
.PHONY: publish-kafka
publish-kafka:
docker push $(IMAGE_REPOSITORY)/deepfence_kafka_broker_ce:$(DF_IMG_TAG)
.PHONY: publish-router
publish-router:
docker push $(IMAGE_REPOSITORY)/deepfence_router_ce:$(DF_IMG_TAG)
.PHONY: publish-file-server
publish-file-server:
docker push $(IMAGE_REPOSITORY)/deepfence_file_server_ce:$(DF_IMG_TAG)
.PHONY: publish-server
publish-server:
docker push $(IMAGE_REPOSITORY)/deepfence_server_ce:$(DF_IMG_TAG)
.PHONY: publish-worker
publish-worker:
docker push $(IMAGE_REPOSITORY)/deepfence_worker_ce:$(DF_IMG_TAG)
.PHONY: publish-ui
publish-ui:
docker push $(IMAGE_REPOSITORY)/deepfence_ui_ce:$(DF_IMG_TAG)
.PHONY: publish-agent
publish-agent:
docker push $(IMAGE_REPOSITORY)/deepfence_agent_ce:$(DF_IMG_TAG)
.PHONY: publish-cluster-agent
publish-cluster-agent:
docker push $(IMAGE_REPOSITORY)/deepfence_cluster_agent_ce:$(DF_IMG_TAG)
.PHONY: publish-packagescanner
publish-packagescanner:
docker push $(IMAGE_REPOSITORY)/deepfence_package_scanner_ce:$(DF_IMG_TAG)
.PHONY: publish-packagescanner-cli
publish-packagescanner-cli:
(cd $(PACKAGE_SCANNER_DIR) && make publish-docker-cli)
.PHONY: publish-secretscanner
publish-secretscanner:
docker push $(IMAGE_REPOSITORY)/deepfence_secret_scanner_ce:$(DF_IMG_TAG)
.PHONY: publish-malwarescanner
publish-malwarescanner:
docker push $(IMAGE_REPOSITORY)/deepfence_malware_scanner_ce:$(DF_IMG_TAG)
.PHONY: publish-graphdb
publish-graphdb:
docker push $(IMAGE_REPOSITORY)/deepfence_neo4j_ce:$(DF_IMG_TAG)
.PHONY: publish-jaeger
publish-jaeger:
docker push $(IMAGE_REPOSITORY)/deepfence_telemetry_ce:$(DF_IMG_TAG)
.PHONY: publish-cloudscanner
publish-cloudscanner:
docker push $(IMAGE_REPOSITORY)/cloud_scanner_ce:$(DF_IMG_TAG)
.PHONY: clean
clean:
-(cd $(DEEPFENCE_AGENT_DIR) && make clean)
-(cd $(DEEPFENCE_FARGATE_DIR) && rm -rf deepfence-agent-bin-$(VERSION)*)
-(cd $(ROOT_MAKEFILE_DIR)/deepfence_server && make clean)
-(cd $(ROOT_MAKEFILE_DIR)/deepfence_worker && make clean)
-(cd $(DEEPFENCED) && make clean && rm $(DEEPFENCE_AGENT_DIR)/deepfenced)
-rm -rf $(AGENT_BINARY_DIST)/* $(AGENT_BINARY_BUILD)/*