-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathMakefile
More file actions
160 lines (122 loc) · 3.92 KB
/
Makefile
File metadata and controls
160 lines (122 loc) · 3.92 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
SHELL = /bin/bash
PROJECT_NAME := python-stack
ALPINE_VERSION := `cat ./version/alpine`
DEBIAN_VERSION := `cat ./version/debian`
POETRY_VERSION := `cat ./version/poetry`
PYTHON_VERSION := `cat ./version/python`
IMAGE_NAME := $(or ${IMAGE_NAME}, ${IMAGE_NAME}, $(PROJECT_NAME)-image)
IMAGE_VERSION := $(or ${IMAGE_VERSION}, ${IMAGE_VERSION}, latest)
IMAGE_TAG := $(IMAGE_NAME):$(IMAGE_VERSION)
IMAGE_ARCHIVE := $(IMAGE_NAME)-$(IMAGE_VERSION).tar.gz
CONTAINER_NAME := $(PROJECT_NAME)-container
CONTAINER_ID := $(or ${CONTAINER_ID}, ${CONTAINER_ID}, `date +%s`)
USER_NAME := user
USER_UID := 10000
help:
@echo
@fgrep -h "##" $(MAKEFILE_LIST) | fgrep -v fgrep | sed -e 's/\\$$//' | sed -e 's/\(.*\):.*##[ \t]*/ \1 ## /' | column -t -s '##'
@echo
## Main commands
bash: ## - bash shell
@docker container run \
$(call as_interactive) \
$(call as_removable) \
$(call as_user) \
$(call with_labels) \
$(call with_volume) \
--name $(CONTAINER_NAME)-$(CONTAINER_ID) \
$(IMAGE_TAG) bash
install: ## - install dependencies
@docker container run \
$(call as_removable) \
$(call as_user) \
$(call with_labels) \
$(call with_volume) \
--name $(CONTAINER_NAME)-$(CONTAINER_ID) \
$(IMAGE_TAG) poetry install --sync --no-root --no-directory --all-extras --compile --no-interaction --no-plugins
## Docker commands
build: prune rebuild ## - build image
rebuild:
@docker image build \
$(call with_build_args) \
$(call with_labels) \
$(call force_rebuild) \
--target production \
--tag $(IMAGE_TAG) .
images: ## - list images
@docker image ls $(call filter_project) --digests
containers: ## - list containers
@docker container ls $(call filter_project)
stats: ## - show container stats
@docker container ls $(call filter_project) --quiet | xargs docker container stats
scout: ## - scout image
@docker image ls $(call filter_project) --quiet | xargs docker scout quickview
dive: ## - dive image
@docker container run \
$(call as_removable) \
$(call with_docker) \
--platform linux/amd64 \
wagoodman/dive:latest \
$(IMAGE_TAG) \
--ci --highestWastedBytes "1MB"
grype: ## - grype image
@docker container run \
$(call as_removable) \
$(call with_docker) \
anchore/grype:latest \
$(IMAGE_TAG) \
--add-cpes-if-none --show-suppressed --fail-on critical --scope all-layers --only-fixed
trivy: ## - trivy image
@docker container run \
$(call as_removable) \
$(call with_docker) \
aquasec/trivy:latest \
image --no-progress --ignore-unfixed \
$(IMAGE_TAG)
prune: prune-containers prune-images prune-system ## - prune containers and images
prune-containers:
-@docker container prune $(call filter_project) --force
-@docker container ls $(call filter_project) --quiet | xargs docker container rm --force
prune-images:
-@docker image prune $(call filter_project) --force
-@docker image ls $(call filter_project) --quiet | xargs docker image rm --force
prune-system:
-@docker system prune $(call filter_project) --force
save-image:
@docker image save $(IMAGE_TAG) | pigz --fast --processes `nproc` > /tmp/$(IMAGE_ARCHIVE)
load-image:
@docker image load < /tmp/$(IMAGE_ARCHIVE)
define with_build_args
--build-arg ALPINE_VERSION=$(ALPINE_VERSION) \
--build-arg DEBIAN_VERSION=$(DEBIAN_VERSION) \
--build-arg POETRY_VERSION=$(POETRY_VERSION) \
--build-arg PYTHON_VERSION=$(PYTHON_VERSION) \
--build-arg USER_NAME=$(USER_NAME) \
--build-arg USER_UID=$(USER_UID)
endef
define with_labels
--label project.name=$(PROJECT_NAME) \
--label image.name=$(IMAGE_NAME) \
--label image.version=$(IMAGE_VERSION)
endef
define force_rebuild
--no-cache --pull
endef
define as_interactive
--interactive --tty
endef
define as_removable
--rm
endef
define as_user
--user $(USER_NAME):$(USER_NAME)
endef
define with_volume
--volume ./:/home/user/workdir --read-only
endef
define filter_project
--filter label=project.name=$(PROJECT_NAME)
endef
define with_docker
--volume /var/run/docker.sock:/var/run/docker.sock
endef