josh/Vetting
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
a427640608874ab05a17c10c4530ba46e8f630f8
Vetting/Makefile
T
josh a5055b3c7a
CI / Lint + build + test (push) Has been cancelled
Details
Automate PXE setup: release bundle + pxe-setup.sh + startup validation 
Collapses the LXC side of PXE enablement from a six-step manual dance
(build, fetch iPXE, scp, bridge, hand-edit yaml) into:

  make release                   # dev box (Linux/WSL)
  scp bundle.tar.gz lxc:/tmp/
  sudo ./install.sh              # base install, unchanged
  sudo ./pxe-setup.sh --interface ... --dhcp-range ... --orchestrator-url ...

pxe-setup.sh fetches iPXE from boot.ipxe.org, verifies against pinned
SHA256s in deploy/ipxe-shas.txt (fail-closed), places vmlinuz/initrd.img
from the bundle, and rewrites only the pxe: block of vetting.yaml.
Idempotent; --force gates overwriting a hand-edited block.

Adds Supervisor.Validate() — called before dnsmasq spawn — so typo'd
configs fail at orchestrator startup with clear errors naming the
missing file or yaml key, instead of silently serving broken TFTP
until a real host tries to PXE-boot. Nine tests cover missing files,
bogus interface, malformed dhcp_range, bad orchestrator_url, and
aggregate reporting.

Hypervisor bridge creation stays documented (LXC can't do it) but
everything downstream of the bridge is now scripted.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-04-18 01:38:43 -04:00

92 lines
3.4 KiB
Makefile
Raw Blame History

.DEFAULT_GOAL := help
UNAME_S := $(shell uname -s 2>/dev/null || echo Windows)
GOOS_LINUX := GOOS=linux GOARCH=amd64
GIT_SHA := $(shell git rev-parse --short HEAD 2>/dev/null || echo dev)
LDFLAGS := -s -w -X vetting/internal/version.GitSHA=$(GIT_SHA)
.PHONY: help
help: ## Show targets
@awk 'BEGIN {FS = ":.*##"} /^[a-zA-Z_-]+:.*##/ {printf " %-20s %s\n", $$1, $$2}' $(MAKEFILE_LIST)
.PHONY: templ
templ: ## Generate templ .go files
templ generate
.PHONY: orchestrator
orchestrator: templ ## Build orchestrator for host OS
go build -ldflags="$(LDFLAGS)" -o bin/vetting$(if $(filter Windows%,$(UNAME_S)),.exe,) ./cmd/vetting
.PHONY: orchestrator-linux
orchestrator-linux: templ ## Cross-build orchestrator for linux-amd64
$(GOOS_LINUX) go build -ldflags="$(LDFLAGS)" -o bin/vetting-linux-amd64 ./cmd/vetting
.PHONY: agent
agent: ## Build agent for host OS (handy for unit testing only — real agent runs in the live image)
go build -ldflags="$(LDFLAGS)" -o bin/vetting-agent$(if $(filter Windows%,$(UNAME_S)),.exe,) ./cmd/vetting-agent
.PHONY: agent-linux
agent-linux: ## Cross-build agent for linux-amd64 (consumed by live-image build)
$(GOOS_LINUX) go build -ldflags="$(LDFLAGS)" -o bin/vetting-agent.linux-amd64 ./cmd/vetting-agent
.PHONY: tidy
tidy: ## go mod tidy
go mod tidy
.PHONY: fmt
fmt: ## go fmt
go fmt ./...
.PHONY: vet
vet: ## go vet
go vet ./...
.PHONY: test
test: templ ## Run tests
go test ./...
.PHONY: test-race
test-race: templ ## Run tests with the race detector
go test -race -count=1 ./...
.PHONY: e2e
e2e: ## Run the QEMU PXE E2E test (Linux, root, live image required)
sudo go test -tags=e2e -v ./test/e2e/...
.PHONY: live-image
live-image: agent-linux ## Build reproducible live image (requires Linux/WSL + mkosi)
ifneq ($(findstring Windows,$(UNAME_S))$(findstring MINGW,$(UNAME_S))$(findstring MSYS,$(UNAME_S)),)
@echo "ERROR: live-image must be built under Linux (use WSL: wsl make live-image)." && exit 1
endif
$(MAKE) -C live-image all
.PHONY: all
all: orchestrator agent ## Build everything buildable on host OS
.PHONY: run
run: orchestrator ## Build and run orchestrator with example config
./bin/vetting$(if $(filter Windows%,$(UNAME_S)),.exe,) --config deploy/vetting.example.yaml
.PHONY: install
install: orchestrator-linux agent-linux ## Run deploy/install.sh (must be run on the target LXC as root)
sudo ./deploy/install.sh --binary ./bin/vetting-linux-amd64 --agent-binary ./bin/vetting-agent.linux-amd64
.PHONY: release
release: orchestrator-linux agent-linux live-image ## Build the scp-and-go release tarball (run from Linux/WSL)
ifneq ($(findstring Windows,$(UNAME_S))$(findstring MINGW,$(UNAME_S))$(findstring MSYS,$(UNAME_S)),)
@echo "ERROR: make release must be run from Linux/WSL (live-image dep needs mkosi)." && exit 1
endif
@stamp=vetting-bundle-$(GIT_SHA); \
rm -rf build/$$stamp bin/$$stamp.tar.gz; \
mkdir -p build/$$stamp/bin build/$$stamp/live-image; \
cp bin/vetting-linux-amd64 bin/vetting-agent.linux-amd64 build/$$stamp/bin/; \
cp live-image/build/vmlinuz live-image/build/initrd.img build/$$stamp/live-image/; \
cp deploy/install.sh deploy/pxe-setup.sh deploy/vetting.service \
deploy/vetting.production.yaml deploy/ipxe-shas.txt build/$$stamp/; \
echo $(GIT_SHA) > build/$$stamp/VERSION; \
tar -C build -czf bin/$$stamp.tar.gz $$stamp; \
echo "wrote bin/$$stamp.tar.gz ($$(du -h bin/$$stamp.tar.gz | cut -f1))"
.PHONY: clean
clean: ## Remove build artifacts
rm -rf bin out dist tmp build
Reference in New Issue View Git Blame Copy Permalink