-
Notifications
You must be signed in to change notification settings - Fork 0
/
Makefile
104 lines (88 loc) · 3.35 KB
/
Makefile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
artifact_name := psc-statement-delta-consumer
version := "unversioned"
dependency_check_base_suppressions:=common_suppressions_spring_6.xml
# dependency_check_suppressions_repo_branch
# The branch of the dependency-check-suppressions repository to use
# as the source of the suppressions file.
# This should point to "main" branch when being used for release,
# but can point to a different branch for experimentation/development.
dependency_check_suppressions_repo_branch:=feature/suppressions-for-company-accounts-api
dependency_check_minimum_cvss := 4
dependency_check_assembly_analyzer_enabled := false
dependency_check_suppressions_repo_url:=git@github.com:companieshouse/dependency-check-suppressions.git
suppressions_file := target/suppressions.xml
.PHONY: all
all: build
.PHONY: clean
clean:
mvn clean
rm -f ./$(artifact_name).jar
rm -f ./$(artifact_name)-*.zip
rm -rf ./build-*
rm -f ./build.log
.PHONY: build
build:
mvn versions:set -DnewVersion=$(version) -DgenerateBackupPoms=false
mvn package -DskipTests=true
cp ./target/$(artifact_name)-$(version).jar ./$(artifact_name).jar
.PHONY: test
test: test-unit test-integration
.PHONY: test-unit
test-unit: clean
mvn test
.PHONY: test-integration
test-integration: clean
mvn integration-test -Dskip.unit.tests=true failsafe:verify
.PHONY: package
package:
ifndef version
$(error No version given. Aborting)
endif
$(info Packaging version: $(version))
mvn versions:set -DnewVersion=$(version) -DgenerateBackupPoms=false
mvn package -DskipTests=true
$(eval tmpdir:=$(shell mktemp -d build-XXXXXXXXXX))
cp ./start.sh $(tmpdir)
cp ./routes.yaml $(tmpdir)
cp ./target/$(artifact_name)-$(version).jar $(tmpdir)/$(artifact_name).jar
cd $(tmpdir); zip -r ../$(artifact_name)-$(version).zip *
rm -rf $(tmpdir)
.PHONY: dist
dist: clean build package
.PHONY: sonar
sonar:
mvn sonar:sonar
.PHONY: sonar-pr-analysis
sonar-pr-analysis:
mvn sonar:sonar -P sonar-pr-analysis
FAIL_BUILD_CVSS_LIMIT ?= 5
.PHONY: dependency-check
dependency-check:
@ if [ -d "$(DEPENDENCY_CHECK_SUPPRESSIONS_HOME)" ]; then \
suppressions_home="$${DEPENDENCY_CHECK_SUPPRESSIONS_HOME}"; \
fi; \
if [ ! -d "$${suppressions_home}" ]; then \
suppressions_home_target_dir="./target/dependency-check-suppressions"; \
if [ -d "$${suppressions_home_target_dir}" ]; then \
suppressions_home="$${suppressions_home_target_dir}"; \
else \
mkdir -p "./target"; \
git clone $(dependency_check_suppressions_repo_url) "$${suppressions_home_target_dir}" && \
suppressions_home="$${suppressions_home_target_dir}"; \
if [ -d "$${suppressions_home_target_dir}" ] && [ -n "$(dependency_check_suppressions_repo_branch)" ]; then \
cd "$${suppressions_home}"; \
git checkout $(dependency_check_suppressions_repo_branch); \
cd -; \
fi; \
fi; \
fi; \
suppressions_path="$${suppressions_home}/suppressions/$(dependency_check_base_suppressions)"; \
if [ -f "$${suppressions_path}" ]; then \
cp -av "$${suppressions_path}" $(suppressions_file); \
mvn org.owasp:dependency-check-maven:check -DfailBuildOnCVSS=$(dependency_check_minimum_cvss) -DassemblyAnalyzerEnabled=$(dependency_check_assembly_analyzer_enabled) -DsuppressionFiles=$(suppressions_file); \
else \
printf -- "\n ERROR Cannot find suppressions file at '%s'\n" "$${suppressions_path}" >&2; \
exit 1; \
fi
.PHONY: security-check
security-check: dependency-check