talos
/
Makefile
617 строк · 25.7 Кб
1REGISTRY ?= ghcr.io
2USERNAME ?= siderolabs
3SHA ?= $(shell git describe --match=none --always --abbrev=8 --dirty)
4TAG ?= $(shell git describe --tag --always --dirty --match v[0-9]\*)
5ABBREV_TAG ?= $(shell git describe --tag --always --match v[0-9]\* --abbrev=0 )
6TAG_SUFFIX ?=
7SOURCE_DATE_EPOCH ?= $(shell git log -1 --pretty=%ct)
8IMAGE_REGISTRY ?= $(REGISTRY)
9IMAGE_TAG ?= $(TAG)$(TAG_SUFFIX)
10BRANCH ?= $(shell git rev-parse --abbrev-ref HEAD)
11REGISTRY_AND_USERNAME := $(IMAGE_REGISTRY)/$(USERNAME)
12NAME = Talos
13
14CLOUD_IMAGES_EXTRA_ARGS ?= ""
15ZSTD_COMPRESSION_LEVEL ?= 18
16
17ARTIFACTS := _out
18TOOLS ?= ghcr.io/siderolabs/tools:v1.8.0-alpha.0-6-g31ad71b
19
20PKGS_PREFIX ?= ghcr.io/siderolabs
21PKGS ?= v1.8.0-alpha.0-34-gce49757
22EXTRAS ?= v1.8.0-alpha.0-3-gcab51d8
23
24KRES_IMAGE ?= ghcr.io/siderolabs/kres:latest
25CONFORMANCE_IMAGE ?= ghcr.io/siderolabs/conform:latest
26
27PKG_FHS ?= $(PKGS_PREFIX)/fhs:$(PKGS)
28PKG_CA_CERTIFICATES ?= $(PKGS_PREFIX)/ca-certificates:$(PKGS)
29PKG_APPARMOR ?= $(PKGS_PREFIX)/apparmor:$(PKGS)
30PKG_CRYPTSETUP ?= $(PKGS_PREFIX)/cryptsetup:$(PKGS)
31PKG_CONTAINERD ?= $(PKGS_PREFIX)/containerd:$(PKGS)
32PKG_DOSFSTOOLS ?= $(PKGS_PREFIX)/dosfstools:$(PKGS)
33PKG_EUDEV ?= $(PKGS_PREFIX)/eudev:$(PKGS)
34PKG_GRUB ?= $(PKGS_PREFIX)/grub:$(PKGS)
35PKG_SD_BOOT ?= $(PKGS_PREFIX)/sd-boot:$(PKGS)
36PKG_IPTABLES ?= $(PKGS_PREFIX)/iptables:$(PKGS)
37PKG_IPXE ?= $(PKGS_PREFIX)/ipxe:$(PKGS)
38PKG_LIBINIH ?= $(PKGS_PREFIX)/libinih:$(PKGS)
39PKG_LIBJSON_C ?= $(PKGS_PREFIX)/libjson-c:$(PKGS)
40PKG_LIBPOPT ?= $(PKGS_PREFIX)/libpopt:$(PKGS)
41PKG_LIBURCU ?= $(PKGS_PREFIX)/liburcu:$(PKGS)
42PKG_OPENSSL ?= $(PKGS_PREFIX)/openssl:$(PKGS)
43PKG_LIBSECCOMP ?= $(PKGS_PREFIX)/libseccomp:$(PKGS)
44PKG_LINUX_FIRMWARE ?= $(PKGS_PREFIX)/linux-firmware:$(PKGS)
45PKG_LVM2 ?= $(PKGS_PREFIX)/lvm2:$(PKGS)
46PKG_LIBAIO ?= $(PKGS_PREFIX)/libaio:$(PKGS)
47PKG_MUSL ?= $(PKGS_PREFIX)/musl:$(PKGS)
48PKG_RUNC ?= $(PKGS_PREFIX)/runc:$(PKGS)
49PKG_XFSPROGS ?= $(PKGS_PREFIX)/xfsprogs:$(PKGS)
50PKG_UTIL_LINUX ?= $(PKGS_PREFIX)/util-linux:$(PKGS)
51PKG_KMOD ?= $(PKGS_PREFIX)/kmod:$(PKGS)
52PKG_KERNEL ?= $(PKGS_PREFIX)/kernel:$(PKGS)
53PKG_TALOSCTL_CNI_BUNDLE_INSTALL ?= $(PKGS_PREFIX)/talosctl-cni-bundle-install:$(EXTRAS)
54
55# renovate: datasource=github-tags depName=golang/go
56GO_VERSION ?= 1.22
57# renovate: datasource=go depName=golang.org/x/tools
58GOIMPORTS_VERSION ?= v0.21.0
59# renovate: datasource=go depName=mvdan.cc/gofumpt
60GOFUMPT_VERSION ?= v0.6.0
61# renovate: datasource=go depName=github.com/golangci/golangci-lint
62GOLANGCILINT_VERSION ?= v1.59.1
63# renovate: datasource=go depName=golang.org/x/tools
64STRINGER_VERSION ?= v0.21.0
65# renovate: datasource=go depName=github.com/dmarkham/enumer
66ENUMER_VERSION ?= v1.5.9
67# renovate: datasource=go depName=k8s.io/code-generator
68DEEPCOPY_GEN_VERSION ?= v0.30.1
69# renovate: datasource=go depName=github.com/planetscale/vtprotobuf
70VTPROTOBUF_VERSION ?= v0.6.0
71# renovate: datasource=go depName=github.com/siderolabs/deep-copy
72DEEPCOPY_VERSION ?= v0.5.6
73# renovate: datasource=go depName=github.com/siderolabs/importvet
74IMPORTVET_VERSION ?= v0.2.0
75# renovate: datasource=npm depName=markdownlint-cli
76MARKDOWNLINTCLI_VERSION ?= 0.40.0
77# renovate: datasource=npm depName=textlint
78TEXTLINT_VERSION ?= 14.0.4
79# renovate: datasource=npm depName=textlint-filter-rule-comments
80TEXTLINT_FILTER_RULE_COMMENTS_VERSION ?= 1.2.2
81# renovate: datasource=npm depName=textlint-rule-one-sentence-per-line
82TEXTLINT_RULE_ONE_SENTENCE_PER_LINE_VERSION ?= 2.0.0
83# renovate: datasource=docker depName=klakegg/hugo
84HUGO_VERSION ?= 0.111.3-ext-alpine
85OPERATING_SYSTEM := $(shell uname -s | tr "[:upper:]" "[:lower:]")
86ARCH := $(shell uname -m | sed 's/x86_64/amd64/' | sed 's/aarch64/arm64/')
87TALOSCTL_DEFAULT_TARGET := talosctl-$(OPERATING_SYSTEM)
88TALOSCTL_EXECUTABLE := $(PWD)/$(ARTIFACTS)/$(TALOSCTL_DEFAULT_TARGET)-$(ARCH)
89INTEGRATION_TEST_DEFAULT_TARGET := integration-test-$(OPERATING_SYSTEM)
90INTEGRATION_TEST_PROVISION_DEFAULT_TARGET := integration-test-provision-$(OPERATING_SYSTEM)
91# renovate: datasource=github-releases depName=kubernetes/kubernetes
92KUBECTL_VERSION ?= v1.30.2
93# renovate: datasource=github-releases depName=kastenhq/kubestr
94KUBESTR_VERSION ?= v0.4.44
95# renovate: datasource=github-releases depName=helm/helm
96HELM_VERSION ?= v3.15.2
97# renovate: datasource=github-releases depName=kubernetes-sigs/cluster-api
98CLUSTERCTL_VERSION ?= 1.7.3
99# renovate: datasource=github-releases depName=cilium/cilium-cli
100CILIUM_CLI_VERSION ?= v0.16.11
101KUBECTL_URL ?= https://dl.k8s.io/release/$(KUBECTL_VERSION)/bin/$(OPERATING_SYSTEM)/amd64/kubectl
102KUBESTR_URL ?= https://github.com/kastenhq/kubestr/releases/download/$(KUBESTR_VERSION)/kubestr_$(subst v,,$(KUBESTR_VERSION))_Linux_amd64.tar.gz
103HELM_URL ?= https://get.helm.sh/helm-$(HELM_VERSION)-linux-amd64.tar.gz
104CLUSTERCTL_URL ?= https://github.com/kubernetes-sigs/cluster-api/releases/download/v$(CLUSTERCTL_VERSION)/clusterctl-$(OPERATING_SYSTEM)-amd64
105CILIUM_CLI_URL ?= https://github.com/cilium/cilium-cli/releases/download/$(CILIUM_CLI_VERSION)/cilium-$(OPERATING_SYSTEM)-amd64.tar.gz
106TESTPKGS ?= github.com/siderolabs/talos/...
107RELEASES ?= v1.6.7 v1.7.0
108SHORT_INTEGRATION_TEST ?=
109CUSTOM_CNI_URL ?=
110INSTALLER_ARCH ?= all
111IMAGER_ARGS ?=
112
113CGO_ENABLED ?= 0
114GO_BUILDFLAGS ?=
115GO_BUILDTAGS ?= tcell_minimal,grpcnotrace
116GO_LDFLAGS ?=
117GOAMD64 ?= v2
118
119WITH_RACE ?= false
120WITH_DEBUG ?= false
121
122ifneq (, $(filter $(WITH_RACE), t true TRUE y yes 1))
123CGO_ENABLED = 1
124GO_BUILDFLAGS += -race
125GO_LDFLAGS += -linkmode=external -extldflags '-static'
126INSTALLER_ARCH = targetarch
127endif
128
129ifneq (, $(filter $(WITH_DEBUG), t true TRUE y yes 1))
130GO_BUILDTAGS := $(GO_BUILDTAGS),sidero.debug
131else
132GO_LDFLAGS += -s -w
133endif
134
135GO_BUILDFLAGS += -tags "$(GO_BUILDTAGS)"
136
137, := ,
138space := $(subst ,, )
139BUILD := docker buildx build
140PLATFORM ?= linux/amd64
141PROGRESS ?= auto
142PUSH ?= false
143COMMON_ARGS := --file=Dockerfile
144COMMON_ARGS += --progress=$(PROGRESS)
145COMMON_ARGS += --platform=$(PLATFORM)
146COMMON_ARGS += --push=$(PUSH)
147COMMON_ARGS += --build-arg=TOOLS=$(TOOLS)
148COMMON_ARGS += --build-arg=PKGS=$(PKGS)
149COMMON_ARGS += --build-arg=EXTRAS=$(EXTRAS)
150COMMON_ARGS += --build-arg=GOFUMPT_VERSION=$(GOFUMPT_VERSION)
151COMMON_ARGS += --build-arg=GOIMPORTS_VERSION=$(GOIMPORTS_VERSION)
152COMMON_ARGS += --build-arg=STRINGER_VERSION=$(STRINGER_VERSION)
153COMMON_ARGS += --build-arg=ENUMER_VERSION=$(ENUMER_VERSION)
154COMMON_ARGS += --build-arg=DEEPCOPY_GEN_VERSION=$(DEEPCOPY_GEN_VERSION)
155COMMON_ARGS += --build-arg=VTPROTOBUF_VERSION=$(VTPROTOBUF_VERSION)
156COMMON_ARGS += --build-arg=IMPORTVET_VERSION=$(IMPORTVET_VERSION)
157COMMON_ARGS += --build-arg=GOLANGCILINT_VERSION=$(GOLANGCILINT_VERSION)
158COMMON_ARGS += --build-arg=DEEPCOPY_VERSION=$(DEEPCOPY_VERSION)
159COMMON_ARGS += --build-arg=MARKDOWNLINTCLI_VERSION=$(MARKDOWNLINTCLI_VERSION)
160COMMON_ARGS += --build-arg=TEXTLINT_VERSION=$(TEXTLINT_VERSION)
161COMMON_ARGS += --build-arg=TEXTLINT_FILTER_RULE_COMMENTS_VERSION=$(TEXTLINT_FILTER_RULE_COMMENTS_VERSION)
162COMMON_ARGS += --build-arg=TEXTLINT_RULE_ONE_SENTENCE_PER_LINE_VERSION=$(TEXTLINT_RULE_ONE_SENTENCE_PER_LINE_VERSION)
163COMMON_ARGS += --build-arg=TAG=$(TAG)
164COMMON_ARGS += --build-arg=SOURCE_DATE_EPOCH=$(SOURCE_DATE_EPOCH)
165COMMON_ARGS += --build-arg=ARTIFACTS=$(ARTIFACTS)
166COMMON_ARGS += --build-arg=TESTPKGS=$(TESTPKGS)
167COMMON_ARGS += --build-arg=INSTALLER_ARCH=$(INSTALLER_ARCH)
168COMMON_ARGS += --build-arg=CGO_ENABLED=$(CGO_ENABLED)
169COMMON_ARGS += --build-arg=GO_BUILDFLAGS="$(GO_BUILDFLAGS)"
170COMMON_ARGS += --build-arg=GO_LDFLAGS="$(GO_LDFLAGS)"
171COMMON_ARGS += --build-arg=GOAMD64="$(GOAMD64)"
172COMMON_ARGS += --build-arg=http_proxy=$(http_proxy)
173COMMON_ARGS += --build-arg=https_proxy=$(https_proxy)
174COMMON_ARGS += --build-arg=NAME=$(NAME)
175COMMON_ARGS += --build-arg=SHA=$(SHA)
176COMMON_ARGS += --build-arg=USERNAME=$(USERNAME)
177COMMON_ARGS += --build-arg=REGISTRY=$(REGISTRY)
178COMMON_ARGS += --build-arg=PKGS_PREFIX=$(PKGS_PREFIX)
179COMMON_ARGS += --build-arg=PKG_FHS=$(PKG_FHS)
180COMMON_ARGS += --build-arg=PKG_CA_CERTIFICATES=$(PKG_CA_CERTIFICATES)
181COMMON_ARGS += --build-arg=PKG_APPARMOR=$(PKG_APPARMOR)
182COMMON_ARGS += --build-arg=PKG_CRYPTSETUP=$(PKG_CRYPTSETUP)
183COMMON_ARGS += --build-arg=PKG_CONTAINERD=$(PKG_CONTAINERD)
184COMMON_ARGS += --build-arg=PKG_DOSFSTOOLS=$(PKG_DOSFSTOOLS)
185COMMON_ARGS += --build-arg=PKG_EUDEV=$(PKG_EUDEV)
186COMMON_ARGS += --build-arg=PKG_GRUB=$(PKG_GRUB)
187COMMON_ARGS += --build-arg=PKG_SD_BOOT=$(PKG_SD_BOOT)
188COMMON_ARGS += --build-arg=PKG_IPTABLES=$(PKG_IPTABLES)
189COMMON_ARGS += --build-arg=PKG_IPXE=$(PKG_IPXE)
190COMMON_ARGS += --build-arg=PKG_LIBINIH=$(PKG_LIBINIH)
191COMMON_ARGS += --build-arg=PKG_LIBJSON_C=$(PKG_LIBJSON_C)
192COMMON_ARGS += --build-arg=PKG_LIBPOPT=$(PKG_LIBPOPT)
193COMMON_ARGS += --build-arg=PKG_LIBURCU=$(PKG_LIBURCU)
194COMMON_ARGS += --build-arg=PKG_OPENSSL=$(PKG_OPENSSL)
195COMMON_ARGS += --build-arg=PKG_LIBSECCOMP=$(PKG_LIBSECCOMP)
196COMMON_ARGS += --build-arg=PKG_LINUX_FIRMWARE=$(PKG_LINUX_FIRMWARE)
197COMMON_ARGS += --build-arg=PKG_LVM2=$(PKG_LVM2)
198COMMON_ARGS += --build-arg=PKG_LIBAIO=$(PKG_LIBAIO)
199COMMON_ARGS += --build-arg=PKG_MUSL=$(PKG_MUSL)
200COMMON_ARGS += --build-arg=PKG_RUNC=$(PKG_RUNC)
201COMMON_ARGS += --build-arg=PKG_XFSPROGS=$(PKG_XFSPROGS)
202COMMON_ARGS += --build-arg=PKG_UTIL_LINUX=$(PKG_UTIL_LINUX)
203COMMON_ARGS += --build-arg=PKG_KMOD=$(PKG_KMOD)
204COMMON_ARGS += --build-arg=PKG_U_BOOT=$(PKG_U_BOOT)
205COMMON_ARGS += --build-arg=PKG_RASPBERYPI_FIRMWARE=$(PKG_RASPBERYPI_FIRMWARE)
206COMMON_ARGS += --build-arg=PKG_KERNEL=$(PKG_KERNEL)
207COMMON_ARGS += --build-arg=PKG_TALOSCTL_CNI_BUNDLE_INSTALL=$(PKG_TALOSCTL_CNI_BUNDLE_INSTALL)
208COMMON_ARGS += --build-arg=ABBREV_TAG=$(ABBREV_TAG)
209COMMON_ARGS += --build-arg=ZSTD_COMPRESSION_LEVEL=$(ZSTD_COMPRESSION_LEVEL)
210
211CI_ARGS ?=
212
213all: initramfs kernel installer imager talosctl talosctl-image talos
214
215# Help Menu
216
217define HELP_MENU_HEADER
218# Getting Started
219
220To build this project, you must have the following installed:
221
222- git
223- make
224- docker (19.03 or higher)
225- buildx (https://github.com/docker/buildx)
226- crane (https://github.com/google/go-containerregistry/blob/main/cmd/crane/README.md)
227
228## Creating a Builder Instance
229
230The build process makes use of features not currently supported by the default
231builder instance (docker driver). To create a compatible builder instance, run:
232
233```
234docker buildx create --driver docker-container --name local --buildkitd-flags '--allow-insecure-entitlement security.insecure' --use
235```
236
237If you already have a compatible builder instance, you may use that instead.
238
239> Note: The security.insecure entitlement is only required, and used by the unit-tests target.
240
241## Artifacts
242
243All artifacts will be output to ./$(ARTIFACTS). Images will be tagged with the
244registry "$(IMAGE_REGISTRY)", username "$(USERNAME)", and a dynamic tag (e.g. $(REGISTRY_AND_USERNAME)/image:$(IMAGE_TAG)).
245The registry and username can be overridden by exporting REGISTRY, and USERNAME
246respectively.
247
248## Race Detector
249
250Building with `WITH_RACE=1` enables race detector in the Talos executables. Integration tests are always built with the race detector
251enabled.
252
253endef
254
255export HELP_MENU_HEADER
256
257help: ## This help menu.
258@echo "$$HELP_MENU_HEADER"
259@grep -E '^[a-zA-Z0-9%_-]+:.*?## .*$$' $(MAKEFILE_LIST) | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}'
260
261# Build Abstractions
262
263.PHONY: base
264target-%: ## Builds the specified target defined in the Dockerfile. The build result will only remain in the build cache.
265@$(BUILD) \
266--target=$* \
267$(COMMON_ARGS) \
268$(TARGET_ARGS) \
269$(CI_ARGS) .
270
271local-%: ## Builds the specified target defined in the Dockerfile using the local output type. The build result will be output to the specified local destination.
272@$(MAKE) target-$* TARGET_ARGS="--output=type=local,dest=$(DEST) $(TARGET_ARGS)"
273@PLATFORM=$(PLATFORM) \
274ARTIFACTS=$(ARTIFACTS) \
275./hack/fix-artifacts.sh
276
277docker-%: ## Builds the specified target defined in the Dockerfile using the docker output type. The build result will be output to the specified local destination.
278@mkdir -p $(DEST)
279@$(MAKE) target-$* TARGET_ARGS="--output type=docker,dest=$(DEST)/$*.tar,name=$(REGISTRY_AND_USERNAME)/$*:$(IMAGE_TAG) $(TARGET_ARGS)"
280
281registry-%: ## Builds the specified target defined in the Dockerfile using the image/registry output type. The build result will be pushed to the registry if PUSH=true.
282@$(MAKE) target-$* TARGET_ARGS="--output type=image,name=$(REGISTRY_AND_USERNAME)/$*:$(IMAGE_TAG) $(TARGET_ARGS)"
283
284hack-test-%: ## Runs the specified script in ./hack/test with well known environment variables.
285@./hack/test/$*.sh
286
287# Generators
288
289.PHONY: generate
290generate: ## Generates code from protobuf service definitions and machinery config.
291@$(MAKE) local-$@ DEST=./ PLATFORM=linux/amd64
292
293.PHONY: docs
294docs: ## Generates the documentation for machine config, and talosctl.
295@rm -rf docs/configuration/*
296@rm -rf docs/talosctl/*
297@$(MAKE) local-$@ DEST=./ PLATFORM=linux/amd64
298
299.PHONY: docs-preview
300docs-preview: ## Starts a local preview of the documentation using Hugo in docker
301@docker run --rm --interactive --tty \
302--user $(shell id -u):$(shell id -g) \
303--volume $(PWD):/src --workdir /src/website \
304--publish 1313:1313 \
305klakegg/hugo:$(HUGO_VERSION) \
306server
307
308# Local Artifacts
309
310.PHONY: kernel
311kernel: ## Outputs the kernel package contents (vmlinuz) to the artifact directory.
312@$(MAKE) local-$@ DEST=$(ARTIFACTS) PUSH=false
313@-rm -rf $(ARTIFACTS)/modules
314
315.PHONY: initramfs
316initramfs: ## Builds the compressed initramfs and outputs it to the artifact directory.
317@$(MAKE) local-$@ DEST=$(ARTIFACTS) PUSH=false
318
319.PHONY: sd-boot
320sd-boot: ## Outputs the systemd-boot to the artifact directory.
321@$(MAKE) local-$@ DEST=$(ARTIFACTS) PUSH=false
322
323.PHONY: sd-stub
324sd-stub: ## Outputs the systemd-stub to the artifact directory.
325@$(MAKE) local-$@ DEST=$(ARTIFACTS) PUSH=false
326
327.PHONY: installer
328installer: ## Builds the container image for the installer and outputs it to the registry.
329@INSTALLER_ARCH=targetarch \
330$(MAKE) registry-$@
331
332.PHONY: imager
333imager: ## Builds the container image for the imager and outputs it to the registry.
334@$(MAKE) registry-$@
335
336.PHONY: talos
337talos: ## Builds the Talos container image and outputs it to the registry.
338@$(MAKE) registry-$@
339
340.PHONY: talosctl-image
341talosctl-image: ## Builds the talosctl container image and outputs it to the registry.
342@$(MAKE) registry-talosctl
343
344talosctl-all:
345@$(MAKE) local-talosctl-all DEST=$(ARTIFACTS) PUSH=false NAME=Client
346
347talosctl-linux-amd64:
348@$(MAKE) local-talosctl-linux-amd64 DEST=$(ARTIFACTS) PUSH=false NAME=Client
349
350talosctl-linux-arm64:
351@$(MAKE) local-talosctl-linux-arm64 DEST=$(ARTIFACTS) PUSH=false NAME=Client
352
353talosctl-darwin-amd64:
354@$(MAKE) local-talosctl-darwin-amd64 DEST=$(ARTIFACTS) PUSH=false NAME=Client
355
356talosctl-darwin-arm64:
357@$(MAKE) local-talosctl-darwin-arm64 DEST=$(ARTIFACTS) PUSH=false NAME=Client
358
359talosctl-freebsd-amd64:
360@$(MAKE) local-talosctl-freebsd-amd64 DEST=$(ARTIFACTS) PUSH=false NAME=Client
361
362taloscl-freebsd-arm64:
363@$(MAKE) local-talosctl-freebsd-arm64 DEST=$(ARTIFACTS) PUSH=false NAME=Client
364
365talosctl-windows-amd64:
366@$(MAKE) local-talosctl-windows-amd64 DEST=$(ARTIFACTS) PUSH=false NAME=Client
367
368talosctl:
369@$(MAKE) local-talosctl-targetarch DEST=$(ARTIFACTS)
370
371image-%: ## Builds the specified image. Valid options are aws, azure, digital-ocean, gcp, and vmware (e.g. image-aws)
372@docker pull $(REGISTRY_AND_USERNAME)/imager:$(IMAGE_TAG)
373@for platform in $(subst $(,),$(space),$(PLATFORM)); do \
374arch=$$(basename "$${platform}") && \
375docker run --rm -t -v /dev:/dev -v $(PWD)/$(ARTIFACTS):/secureboot:ro -v $(PWD)/$(ARTIFACTS):/out --network=host --privileged $(REGISTRY_AND_USERNAME)/imager:$(IMAGE_TAG) $* --arch $$arch $(IMAGER_ARGS) ; \
376done
377
378images-essential: image-aws image-azure image-gcp image-metal secureboot-installer ## Builds only essential images used in the CI (AWS, GCP, and Metal).
379
380images: image-akamai image-aws image-azure image-digital-ocean image-exoscale image-gcp image-hcloud image-iso image-metal image-nocloud image-opennebula image-openstack image-oracle image-scaleway image-upcloud image-vmware image-vultr ## Builds all known images (AWS, Azure, DigitalOcean, Exoscale, GCP, HCloud, Metal, NoCloud, OpenNebula, OpenStack, Oracle, Scaleway, UpCloud, Vultr and VMware).
381
382.PHONY: iso
383iso: image-iso ## Builds the ISO and outputs it to the artifact directory.
384
385.PHONY: secureboot-iso
386secureboot-iso: image-secureboot-iso ## Builds UEFI only ISO which uses UKI and outputs it to the artifact directory.
387
388.PHONY: secureboot-installer
389secureboot-installer: ## Builds UEFI only installer which uses UKI and push it to the registry.
390@$(MAKE) image-secureboot-installer IMAGER_ARGS="--base-installer-image $(REGISTRY_AND_USERNAME)/installer:$(IMAGE_TAG)"
391@for platform in $(subst $(,),$(space),$(PLATFORM)); do \
392arch=$$(basename "$${platform}") && \
393crane push $(ARTIFACTS)/installer-$${arch}-secureboot.tar $(REGISTRY_AND_USERNAME)/installer:$(IMAGE_TAG)-$${arch}-secureboot ; \
394done
395
396.PHONY: talosctl-cni-bundle
397talosctl-cni-bundle: ## Creates a compressed tarball that includes CNI bundle for talosctl.
398@$(MAKE) local-$@ DEST=$(ARTIFACTS)
399@for platform in $(subst $(,),$(space),$(PLATFORM)); do \
400arch=`basename "$${platform}"` ; \
401tar -C $(ARTIFACTS)/talosctl-cni-bundle-$${arch} -czf $(ARTIFACTS)/talosctl-cni-bundle-$${arch}.tar.gz . ; \
402done
403@rm -rf $(ARTIFACTS)/talosctl-cni-bundle-*/
404
405.PHONY: cloud-images
406cloud-images: ## Uploads cloud images (AMIs, etc.) to the cloud registry.
407@docker run --rm -v $(PWD):/src -w /src \
408-e TAG=$(TAG) -e ARTIFACTS=$(ARTIFACTS) -e ABBREV_TAG=$(ABBREV_TAG) \
409-e AWS_ACCESS_KEY_ID -e AWS_SECRET_ACCESS_KEY \
410-e AZURE_SUBSCRIPTION_ID -e AZURE_CLIENT_ID -e AZURE_CLIENT_SECRET -e AZURE_TENANT_ID \
411golang:$(GO_VERSION) \
412./hack/cloud-image-uploader.sh $(CLOUD_IMAGES_EXTRA_ARGS)
413
414.PHONY: uki-certs
415uki-certs: talosctl ## Generate test certificates for SecureBoot/PCR Signing
416@$(TALOSCTL_EXECUTABLE) gen secureboot uki
417@$(TALOSCTL_EXECUTABLE) gen secureboot pcr
418@$(TALOSCTL_EXECUTABLE) gen secureboot database
419
420# Code Quality
421
422api-descriptors: ## Generates API descriptors used to detect breaking API changes.
423@$(MAKE) local-api-descriptors DEST=./ PLATFORM=linux/amd64
424
425fmt-go: ## Formats the source code.
426@docker run --rm -it -v $(PWD):/src -w /src -e GOTOOLCHAIN=local golang:$(GO_VERSION) bash -c "go install golang.org/x/tools/cmd/goimports@$(GOIMPORTS_VERSION) && goimports -w -local github.com/siderolabs/talos . && go install mvdan.cc/gofumpt@$(GOFUMPT_VERSION) && gofumpt -w ."
427
428fmt-protobuf: ## Formats protobuf files.
429@$(MAKE) local-fmt-protobuf DEST=./ PLATFORM=linux/amd64
430
431fmt: ## Formats the source code and protobuf files.
432@$(MAKE) fmt-go fmt-protobuf
433
434lint-%: ## Runs the specified linter. Valid options are go, protobuf, and markdown (e.g. lint-go).
435@$(MAKE) target-lint-$* PLATFORM=linux/amd64
436
437lint: ## Runs linters on go, vulncheck, protobuf, and markdown file types.
438@$(MAKE) lint-go lint-vulncheck lint-protobuf lint-markdown
439
440check-dirty: ## Verifies that source tree is not dirty
441@if test -n "`git status --porcelain`"; then echo "Source tree is dirty"; git status; git diff; exit 1 ; fi
442
443go-mod-outdated: ## Runs the go-mod-oudated to show outdated dependencies.
444@$(MAKE) target-go-mod-outdated PLATFORM=linux/amd64
445
446# Tests
447
448.PHONY: unit-tests
449unit-tests: ## Performs unit tests.
450@$(MAKE) local-$@ DEST=$(ARTIFACTS) TARGET_ARGS="--allow security.insecure" PLATFORM=linux/amd64
451
452.PHONY: unit-tests-race
453unit-tests-race: ## Performs unit tests with race detection enabled.
454@$(MAKE) target-$@ TARGET_ARGS="--allow security.insecure" PLATFORM=linux/amd64
455
456$(ARTIFACTS)/$(INTEGRATION_TEST_DEFAULT_TARGET)-amd64:
457@$(MAKE) local-$(INTEGRATION_TEST_DEFAULT_TARGET) DEST=$(ARTIFACTS) PLATFORM=linux/amd64 WITH_RACE=true NAME=Client PUSH=false
458
459$(ARTIFACTS)/$(INTEGRATION_TEST_PROVISION_DEFAULT_TARGET)-amd64:
460@$(MAKE) local-$(INTEGRATION_TEST_PROVISION_DEFAULT_TARGET) DEST=$(ARTIFACTS) PLATFORM=linux/amd64 WITH_RACE=true NAME=Client
461
462$(ARTIFACTS)/kubectl:
463@mkdir -p $(ARTIFACTS)
464@curl -L -o $(ARTIFACTS)/kubectl "$(KUBECTL_URL)"
465@chmod +x $(ARTIFACTS)/kubectl
466
467$(ARTIFACTS)/kubestr:
468@mkdir -p $(ARTIFACTS)
469@curl -L "$(KUBESTR_URL)" | tar xzf - -C $(ARTIFACTS) kubestr
470@chmod +x $(ARTIFACTS)/kubestr
471
472$(ARTIFACTS)/helm:
473@mkdir -p $(ARTIFACTS)
474@curl -L "$(HELM_URL)" | tar xzf - -C $(ARTIFACTS) --strip-components=1 linux-amd64/helm
475@chmod +x $(ARTIFACTS)/helm
476
477$(ARTIFACTS)/clusterctl:
478@mkdir -p $(ARTIFACTS)
479@curl -L -o $(ARTIFACTS)/clusterctl "$(CLUSTERCTL_URL)"
480@chmod +x $(ARTIFACTS)/clusterctl
481
482$(ARTIFACTS)/cilium:
483@mkdir -p $(ARTIFACTS)
484@curl -L "$(CILIUM_CLI_URL)" | tar xzf - -C $(ARTIFACTS) cilium
485@chmod +x $(ARTIFACTS)/cilium
486
487external-artifacts: $(ARTIFACTS)/kubectl $(ARTIFACTS)/clusterctl $(ARTIFACTS)/kubestr $(ARTIFACTS)/helm $(ARTIFACTS)/cilium
488
489e2e-%: $(ARTIFACTS)/$(INTEGRATION_TEST_DEFAULT_TARGET)-amd64 external-artifacts ## Runs the E2E test for the specified platform (e.g. e2e-docker).
490@$(MAKE) hack-test-$@ \
491PLATFORM=$* \
492TAG=$(TAG) \
493SHA=$(SHA) \
494REGISTRY=$(IMAGE_REGISTRY) \
495IMAGE=$(REGISTRY_AND_USERNAME)/talos:$(IMAGE_TAG) \
496INSTALLER_IMAGE=$(REGISTRY_AND_USERNAME)/installer:$(IMAGE_TAG) \
497ARTIFACTS=$(ARTIFACTS) \
498TALOSCTL=$(PWD)/$(ARTIFACTS)/$(TALOSCTL_DEFAULT_TARGET)-amd64 \
499INTEGRATION_TEST=$(PWD)/$(ARTIFACTS)/$(INTEGRATION_TEST_DEFAULT_TARGET)-amd64 \
500SHORT_INTEGRATION_TEST=$(SHORT_INTEGRATION_TEST) \
501CUSTOM_CNI_URL=$(CUSTOM_CNI_URL) \
502KUBECTL=$(PWD)/$(ARTIFACTS)/kubectl \
503KUBESTR=$(PWD)/$(ARTIFACTS)/kubestr \
504HELM=$(PWD)/$(ARTIFACTS)/helm \
505CLUSTERCTL=$(PWD)/$(ARTIFACTS)/clusterctl \
506CILIUM_CLI=$(PWD)/$(ARTIFACTS)/cilium
507
508provision-tests-prepare: release-artifacts $(ARTIFACTS)/$(INTEGRATION_TEST_PROVISION_DEFAULT_TARGET)-amd64
509
510provision-tests: provision-tests-prepare
511@$(MAKE) hack-test-$@ \
512TAG=$(TAG) \
513TALOSCTL=$(PWD)/$(ARTIFACTS)/$(TALOSCTL_DEFAULT_TARGET)-amd64 \
514INTEGRATION_TEST=$(PWD)/$(ARTIFACTS)/$(INTEGRATION_TEST_PROVISION_DEFAULT_TARGET)-amd64
515
516provision-tests-track-%:
517@$(MAKE) hack-test-provision-tests \
518TAG=$(TAG) \
519TALOSCTL=$(PWD)/$(ARTIFACTS)/$(TALOSCTL_DEFAULT_TARGET)-amd64 \
520INTEGRATION_TEST=$(PWD)/$(ARTIFACTS)/$(INTEGRATION_TEST_PROVISION_DEFAULT_TARGET)-amd64 \
521INTEGRATION_TEST_RUN="TestIntegration/.+-TR$*" \
522INTEGRATION_TEST_TRACK="$*" \
523CUSTOM_CNI_URL=$(CUSTOM_CNI_URL) \
524REGISTRY=$(IMAGE_REGISTRY) \
525ARTIFACTS=$(ARTIFACTS)
526
527installer-with-extensions: $(ARTIFACTS)/extensions/_out/extensions-metadata
528$(MAKE) image-installer \
529IMAGER_ARGS="--base-installer-image=$(REGISTRY_AND_USERNAME)/installer:$(IMAGE_TAG) $(shell cat $(ARTIFACTS)/extensions/_out/extensions-metadata | grep -vE 'tailscale|xen-guest-agent|nvidia|vmtoolsd-guest-agent' | xargs -n 1 echo --system-extension-image)"
530crane push $(ARTIFACTS)/installer-amd64.tar $(REGISTRY_AND_USERNAME)/installer:$(IMAGE_TAG)-amd64-extensions
531echo -n "$(REGISTRY_AND_USERNAME)/installer:$(IMAGE_TAG)-amd64-extensions" | jq -Rs -f hack/test/extensions/extension-patch-filter.jq | yq eval ".[] | split_doc" -P > $(ARTIFACTS)/extensions-patch.yaml
532
533# Assets for releases
534
535.PHONY: $(ARTIFACTS)/$(TALOS_RELEASE)
536$(ARTIFACTS)/$(TALOS_RELEASE): $(ARTIFACTS)/$(TALOS_RELEASE)/vmlinuz $(ARTIFACTS)/$(TALOS_RELEASE)/initramfs.xz
537
538# download release artifacts for specific version
539$(ARTIFACTS)/$(TALOS_RELEASE)/%:
540@mkdir -p $(ARTIFACTS)/$(TALOS_RELEASE)/
541@case "$*" in \
542vmlinuz) \
543curl -L -o "$(ARTIFACTS)/$(TALOS_RELEASE)/$*" "https://github.com/siderolabs/talos/releases/download/$(TALOS_RELEASE)/vmlinuz-amd64" \
544;; \
545initramfs.xz) \
546curl -L -o "$(ARTIFACTS)/$(TALOS_RELEASE)/$*" "https://github.com/siderolabs/talos/releases/download/$(TALOS_RELEASE)/initramfs-amd64.xz" \
547;; \
548esac
549
550.PHONY: release-artifacts
551release-artifacts:
552@for release in $(RELEASES); do \
553$(MAKE) $(ARTIFACTS)/$$release TALOS_RELEASE=$$release; \
554done
555
556# Utilities
557
558.PHONY: rekres
559rekres:
560@docker pull $(KRES_IMAGE)
561@docker run --rm --net=host --user $(shell id -u):$(shell id -g) -v $(PWD):/src -w /src -e GITHUB_TOKEN $(KRES_IMAGE)
562
563.PHONY: conformance
564conformance:
565@docker pull $(CONFORMANCE_IMAGE)
566@docker run --rm -it -v $(PWD):/src -w /src $(CONFORMANCE_IMAGE) enforce
567
568.PHONY: release-notes
569release-notes:
570ARTIFACTS=$(ARTIFACTS) ./hack/release.sh $@ $(ARTIFACTS)/RELEASE_NOTES.md $(TAG)
571
572push: ## Pushes the installer, imager, talos and talosctl images to the configured container registry with the generated tag.
573@$(MAKE) installer PUSH=true
574@$(MAKE) imager PUSH=true
575@$(MAKE) talos PUSH=true
576@$(MAKE) talosctl-image PUSH=true
577
578push-%: ## Pushes the installer, imager, talos and talosctl images to the configured container registry with the specified tag (e.g. push-latest).
579@$(MAKE) push IMAGE_TAG=$*
580
581.PHONY: clean
582clean: ## Cleans up all artifacts.
583@-rm -rf $(ARTIFACTS)
584
585.PHONY: image-list
586image-list: ## Prints a list of all images built by this Makefile with digests.
587@echo -n installer talos imager talosctl | xargs -d ' ' -I{} sh -c 'echo $(REGISTRY_AND_USERNAME)/{}:$(IMAGE_TAG)' | xargs -I{} sh -c 'echo {}@$$(crane digest {})'
588
589.PHONY: sign-images
590sign-images: ## Run cosign to sign all images built by this Makefile.
591@for image in $(shell $(MAKE) --quiet image-list REGISTRY_AND_USERNAME=$(REGISTRY_AND_USERNAME) IMAGE_TAG=$(IMAGE_TAG)); do \
592echo '==>' $$image; \
593cosign verify $$image --certificate-identity-regexp '@siderolabs\.com$$' --certificate-oidc-issuer https://accounts.google.com || \
594cosign sign --yes $$image; \
595done
596
597.PHONY: reproducibility-test
598reproducibility-test:
599@$(MAKE) reproducibility-test-local-initramfs
600@$(MAKE) reproducibility-test-docker-installer INSTALLER_ARCH=targetarch PLATFORM=linux/amd64
601@$(MAKE) reproducibility-test-docker-talos reproducibility-test-docker-imager reproducibility-test-docker-talosctl PLATFORM=linux/amd64
602
603reproducibility-test-docker-%:
604@rm -rf _out1/ _out2/
605@mkdir -p _out1/ _out2/
606@$(MAKE) docker-$* DEST=_out1/
607@$(MAKE) docker-$* DEST=_out2/ TARGET_ARGS="--no-cache"
608@find _out1/ -type f | xargs -IFILE diffoscope FILE `echo FILE | sed 's/_out1/_out2/'`
609@rm -rf _out1/ _out2/
610
611reproducibility-test-local-%:
612@rm -rf _out1/ _out2/
613@mkdir -p _out1/ _out2/
614@$(MAKE) local-$* DEST=_out1/
615@$(MAKE) local-$* DEST=_out2/ TARGET_ARGS="--no-cache"
616@find _out1/ -type f | xargs -IFILE diffoscope FILE `echo FILE | sed 's/_out1/_out2/'`
617@rm -rf _out1/ _out2/
618