talos

Makefile
617 строк · 25.7 Кб
Перенос по словам
1
REGISTRY ?= ghcr.io
2
USERNAME ?= siderolabs
3
SHA ?= $(shell git describe --match=none --always --abbrev=8 --dirty)
4
TAG ?= $(shell git describe --tag --always --dirty --match v[0-9]\*)
5
ABBREV_TAG ?= $(shell git describe --tag --always --match v[0-9]\* --abbrev=0 )
6
TAG_SUFFIX ?=
7
SOURCE_DATE_EPOCH ?= $(shell git log -1 --pretty=%ct)
8
IMAGE_REGISTRY ?= $(REGISTRY)
9
IMAGE_TAG ?= $(TAG)$(TAG_SUFFIX)
10
BRANCH ?= $(shell git rev-parse --abbrev-ref HEAD)
11
REGISTRY_AND_USERNAME := $(IMAGE_REGISTRY)/$(USERNAME)
12
NAME = Talos
13

14
CLOUD_IMAGES_EXTRA_ARGS ?= ""
15
ZSTD_COMPRESSION_LEVEL ?= 18
16

17
ARTIFACTS := _out
18
TOOLS ?= ghcr.io/siderolabs/tools:v1.8.0-alpha.0-6-g31ad71b
19

20
PKGS_PREFIX ?= ghcr.io/siderolabs
21
PKGS ?= v1.8.0-alpha.0-34-gce49757
22
EXTRAS ?= v1.8.0-alpha.0-3-gcab51d8
23

24
KRES_IMAGE ?= ghcr.io/siderolabs/kres:latest
25
CONFORMANCE_IMAGE ?= ghcr.io/siderolabs/conform:latest
26

27
PKG_FHS ?= $(PKGS_PREFIX)/fhs:$(PKGS)
28
PKG_CA_CERTIFICATES ?= $(PKGS_PREFIX)/ca-certificates:$(PKGS)
29
PKG_APPARMOR ?= $(PKGS_PREFIX)/apparmor:$(PKGS)
30
PKG_CRYPTSETUP ?= $(PKGS_PREFIX)/cryptsetup:$(PKGS)
31
PKG_CONTAINERD ?= $(PKGS_PREFIX)/containerd:$(PKGS)
32
PKG_DOSFSTOOLS ?= $(PKGS_PREFIX)/dosfstools:$(PKGS)
33
PKG_EUDEV ?= $(PKGS_PREFIX)/eudev:$(PKGS)
34
PKG_GRUB ?= $(PKGS_PREFIX)/grub:$(PKGS)
35
PKG_SD_BOOT ?= $(PKGS_PREFIX)/sd-boot:$(PKGS)
36
PKG_IPTABLES ?= $(PKGS_PREFIX)/iptables:$(PKGS)
37
PKG_IPXE ?= $(PKGS_PREFIX)/ipxe:$(PKGS)
38
PKG_LIBINIH ?= $(PKGS_PREFIX)/libinih:$(PKGS)
39
PKG_LIBJSON_C ?= $(PKGS_PREFIX)/libjson-c:$(PKGS)
40
PKG_LIBPOPT ?= $(PKGS_PREFIX)/libpopt:$(PKGS)
41
PKG_LIBURCU ?= $(PKGS_PREFIX)/liburcu:$(PKGS)
42
PKG_OPENSSL ?= $(PKGS_PREFIX)/openssl:$(PKGS)
43
PKG_LIBSECCOMP ?= $(PKGS_PREFIX)/libseccomp:$(PKGS)
44
PKG_LINUX_FIRMWARE ?= $(PKGS_PREFIX)/linux-firmware:$(PKGS)
45
PKG_LVM2 ?= $(PKGS_PREFIX)/lvm2:$(PKGS)
46
PKG_LIBAIO ?= $(PKGS_PREFIX)/libaio:$(PKGS)
47
PKG_MUSL ?= $(PKGS_PREFIX)/musl:$(PKGS)
48
PKG_RUNC ?= $(PKGS_PREFIX)/runc:$(PKGS)
49
PKG_XFSPROGS ?= $(PKGS_PREFIX)/xfsprogs:$(PKGS)
50
PKG_UTIL_LINUX ?= $(PKGS_PREFIX)/util-linux:$(PKGS)
51
PKG_KMOD ?= $(PKGS_PREFIX)/kmod:$(PKGS)
52
PKG_KERNEL ?= $(PKGS_PREFIX)/kernel:$(PKGS)
53
PKG_TALOSCTL_CNI_BUNDLE_INSTALL ?= $(PKGS_PREFIX)/talosctl-cni-bundle-install:$(EXTRAS)
54

55
# renovate: datasource=github-tags depName=golang/go
56
GO_VERSION ?= 1.22
57
# renovate: datasource=go depName=golang.org/x/tools
58
GOIMPORTS_VERSION ?= v0.21.0
59
# renovate: datasource=go depName=mvdan.cc/gofumpt
60
GOFUMPT_VERSION ?= v0.6.0
61
# renovate: datasource=go depName=github.com/golangci/golangci-lint
62
GOLANGCILINT_VERSION ?= v1.59.1
63
# renovate: datasource=go depName=golang.org/x/tools
64
STRINGER_VERSION ?= v0.21.0
65
# renovate: datasource=go depName=github.com/dmarkham/enumer
66
ENUMER_VERSION ?= v1.5.9
67
# renovate: datasource=go depName=k8s.io/code-generator
68
DEEPCOPY_GEN_VERSION ?= v0.30.1
69
# renovate: datasource=go depName=github.com/planetscale/vtprotobuf
70
VTPROTOBUF_VERSION ?= v0.6.0
71
# renovate: datasource=go depName=github.com/siderolabs/deep-copy
72
DEEPCOPY_VERSION ?= v0.5.6
73
# renovate: datasource=go depName=github.com/siderolabs/importvet
74
IMPORTVET_VERSION ?= v0.2.0
75
# renovate: datasource=npm depName=markdownlint-cli
76
MARKDOWNLINTCLI_VERSION ?= 0.40.0
77
# renovate: datasource=npm depName=textlint
78
TEXTLINT_VERSION ?= 14.0.4
79
# renovate: datasource=npm depName=textlint-filter-rule-comments
80
TEXTLINT_FILTER_RULE_COMMENTS_VERSION ?= 1.2.2
81
# renovate: datasource=npm depName=textlint-rule-one-sentence-per-line
82
TEXTLINT_RULE_ONE_SENTENCE_PER_LINE_VERSION ?= 2.0.0
83
# renovate: datasource=docker depName=klakegg/hugo
84
HUGO_VERSION ?= 0.111.3-ext-alpine
85
OPERATING_SYSTEM := $(shell uname -s | tr "[:upper:]" "[:lower:]")
86
ARCH := $(shell uname -m | sed 's/x86_64/amd64/' | sed 's/aarch64/arm64/')
87
TALOSCTL_DEFAULT_TARGET := talosctl-$(OPERATING_SYSTEM)
88
TALOSCTL_EXECUTABLE := $(PWD)/$(ARTIFACTS)/$(TALOSCTL_DEFAULT_TARGET)-$(ARCH)
89
INTEGRATION_TEST_DEFAULT_TARGET := integration-test-$(OPERATING_SYSTEM)
90
INTEGRATION_TEST_PROVISION_DEFAULT_TARGET := integration-test-provision-$(OPERATING_SYSTEM)
91
# renovate: datasource=github-releases depName=kubernetes/kubernetes
92
KUBECTL_VERSION ?= v1.30.2
93
# renovate: datasource=github-releases depName=kastenhq/kubestr
94
KUBESTR_VERSION ?= v0.4.44
95
# renovate: datasource=github-releases depName=helm/helm
96
HELM_VERSION ?= v3.15.2
97
# renovate: datasource=github-releases depName=kubernetes-sigs/cluster-api
98
CLUSTERCTL_VERSION ?= 1.7.3
99
# renovate: datasource=github-releases depName=cilium/cilium-cli
100
CILIUM_CLI_VERSION ?= v0.16.11
101
KUBECTL_URL ?= https://dl.k8s.io/release/$(KUBECTL_VERSION)/bin/$(OPERATING_SYSTEM)/amd64/kubectl
102
KUBESTR_URL ?= https://github.com/kastenhq/kubestr/releases/download/$(KUBESTR_VERSION)/kubestr_$(subst v,,$(KUBESTR_VERSION))_Linux_amd64.tar.gz
103
HELM_URL ?= https://get.helm.sh/helm-$(HELM_VERSION)-linux-amd64.tar.gz
104
CLUSTERCTL_URL ?= https://github.com/kubernetes-sigs/cluster-api/releases/download/v$(CLUSTERCTL_VERSION)/clusterctl-$(OPERATING_SYSTEM)-amd64
105
CILIUM_CLI_URL ?= https://github.com/cilium/cilium-cli/releases/download/$(CILIUM_CLI_VERSION)/cilium-$(OPERATING_SYSTEM)-amd64.tar.gz
106
TESTPKGS ?= github.com/siderolabs/talos/...
107
RELEASES ?= v1.6.7 v1.7.0
108
SHORT_INTEGRATION_TEST ?=
109
CUSTOM_CNI_URL ?=
110
INSTALLER_ARCH ?= all
111
IMAGER_ARGS ?=
112

113
CGO_ENABLED ?= 0
114
GO_BUILDFLAGS ?=
115
GO_BUILDTAGS ?= tcell_minimal,grpcnotrace
116
GO_LDFLAGS ?=
117
GOAMD64 ?= v2
118

119
WITH_RACE ?= false
120
WITH_DEBUG ?= false
121

122
ifneq (, $(filter $(WITH_RACE), t true TRUE y yes 1))
123
CGO_ENABLED = 1
124
GO_BUILDFLAGS += -race
125
GO_LDFLAGS += -linkmode=external -extldflags '-static'
126
INSTALLER_ARCH = targetarch
127
endif
128

129
ifneq (, $(filter $(WITH_DEBUG), t true TRUE y yes 1))
130
GO_BUILDTAGS := $(GO_BUILDTAGS),sidero.debug
131
else
132
GO_LDFLAGS += -s -w
133
endif
134

135
GO_BUILDFLAGS += -tags "$(GO_BUILDTAGS)"
136

137
, := ,
138
space := $(subst ,, )
139
BUILD := docker buildx build
140
PLATFORM ?= linux/amd64
141
PROGRESS ?= auto
142
PUSH ?= false
143
COMMON_ARGS := --file=Dockerfile
144
COMMON_ARGS += --progress=$(PROGRESS)
145
COMMON_ARGS += --platform=$(PLATFORM)
146
COMMON_ARGS += --push=$(PUSH)
147
COMMON_ARGS += --build-arg=TOOLS=$(TOOLS)
148
COMMON_ARGS += --build-arg=PKGS=$(PKGS)
149
COMMON_ARGS += --build-arg=EXTRAS=$(EXTRAS)
150
COMMON_ARGS += --build-arg=GOFUMPT_VERSION=$(GOFUMPT_VERSION)
151
COMMON_ARGS += --build-arg=GOIMPORTS_VERSION=$(GOIMPORTS_VERSION)
152
COMMON_ARGS += --build-arg=STRINGER_VERSION=$(STRINGER_VERSION)
153
COMMON_ARGS += --build-arg=ENUMER_VERSION=$(ENUMER_VERSION)
154
COMMON_ARGS += --build-arg=DEEPCOPY_GEN_VERSION=$(DEEPCOPY_GEN_VERSION)
155
COMMON_ARGS += --build-arg=VTPROTOBUF_VERSION=$(VTPROTOBUF_VERSION)
156
COMMON_ARGS += --build-arg=IMPORTVET_VERSION=$(IMPORTVET_VERSION)
157
COMMON_ARGS += --build-arg=GOLANGCILINT_VERSION=$(GOLANGCILINT_VERSION)
158
COMMON_ARGS += --build-arg=DEEPCOPY_VERSION=$(DEEPCOPY_VERSION)
159
COMMON_ARGS += --build-arg=MARKDOWNLINTCLI_VERSION=$(MARKDOWNLINTCLI_VERSION)
160
COMMON_ARGS += --build-arg=TEXTLINT_VERSION=$(TEXTLINT_VERSION)
161
COMMON_ARGS += --build-arg=TEXTLINT_FILTER_RULE_COMMENTS_VERSION=$(TEXTLINT_FILTER_RULE_COMMENTS_VERSION)
162
COMMON_ARGS += --build-arg=TEXTLINT_RULE_ONE_SENTENCE_PER_LINE_VERSION=$(TEXTLINT_RULE_ONE_SENTENCE_PER_LINE_VERSION)
163
COMMON_ARGS += --build-arg=TAG=$(TAG)
164
COMMON_ARGS += --build-arg=SOURCE_DATE_EPOCH=$(SOURCE_DATE_EPOCH)
165
COMMON_ARGS += --build-arg=ARTIFACTS=$(ARTIFACTS)
166
COMMON_ARGS += --build-arg=TESTPKGS=$(TESTPKGS)
167
COMMON_ARGS += --build-arg=INSTALLER_ARCH=$(INSTALLER_ARCH)
168
COMMON_ARGS += --build-arg=CGO_ENABLED=$(CGO_ENABLED)
169
COMMON_ARGS += --build-arg=GO_BUILDFLAGS="$(GO_BUILDFLAGS)"
170
COMMON_ARGS += --build-arg=GO_LDFLAGS="$(GO_LDFLAGS)"
171
COMMON_ARGS += --build-arg=GOAMD64="$(GOAMD64)"
172
COMMON_ARGS += --build-arg=http_proxy=$(http_proxy)
173
COMMON_ARGS += --build-arg=https_proxy=$(https_proxy)
174
COMMON_ARGS += --build-arg=NAME=$(NAME)
175
COMMON_ARGS += --build-arg=SHA=$(SHA)
176
COMMON_ARGS += --build-arg=USERNAME=$(USERNAME)
177
COMMON_ARGS += --build-arg=REGISTRY=$(REGISTRY)
178
COMMON_ARGS += --build-arg=PKGS_PREFIX=$(PKGS_PREFIX)
179
COMMON_ARGS += --build-arg=PKG_FHS=$(PKG_FHS)
180
COMMON_ARGS += --build-arg=PKG_CA_CERTIFICATES=$(PKG_CA_CERTIFICATES)
181
COMMON_ARGS += --build-arg=PKG_APPARMOR=$(PKG_APPARMOR)
182
COMMON_ARGS += --build-arg=PKG_CRYPTSETUP=$(PKG_CRYPTSETUP)
183
COMMON_ARGS += --build-arg=PKG_CONTAINERD=$(PKG_CONTAINERD)
184
COMMON_ARGS += --build-arg=PKG_DOSFSTOOLS=$(PKG_DOSFSTOOLS)
185
COMMON_ARGS += --build-arg=PKG_EUDEV=$(PKG_EUDEV)
186
COMMON_ARGS += --build-arg=PKG_GRUB=$(PKG_GRUB)
187
COMMON_ARGS += --build-arg=PKG_SD_BOOT=$(PKG_SD_BOOT)
188
COMMON_ARGS += --build-arg=PKG_IPTABLES=$(PKG_IPTABLES)
189
COMMON_ARGS += --build-arg=PKG_IPXE=$(PKG_IPXE)
190
COMMON_ARGS += --build-arg=PKG_LIBINIH=$(PKG_LIBINIH)
191
COMMON_ARGS += --build-arg=PKG_LIBJSON_C=$(PKG_LIBJSON_C)
192
COMMON_ARGS += --build-arg=PKG_LIBPOPT=$(PKG_LIBPOPT)
193
COMMON_ARGS += --build-arg=PKG_LIBURCU=$(PKG_LIBURCU)
194
COMMON_ARGS += --build-arg=PKG_OPENSSL=$(PKG_OPENSSL)
195
COMMON_ARGS += --build-arg=PKG_LIBSECCOMP=$(PKG_LIBSECCOMP)
196
COMMON_ARGS += --build-arg=PKG_LINUX_FIRMWARE=$(PKG_LINUX_FIRMWARE)
197
COMMON_ARGS += --build-arg=PKG_LVM2=$(PKG_LVM2)
198
COMMON_ARGS += --build-arg=PKG_LIBAIO=$(PKG_LIBAIO)
199
COMMON_ARGS += --build-arg=PKG_MUSL=$(PKG_MUSL)
200
COMMON_ARGS += --build-arg=PKG_RUNC=$(PKG_RUNC)
201
COMMON_ARGS += --build-arg=PKG_XFSPROGS=$(PKG_XFSPROGS)
202
COMMON_ARGS += --build-arg=PKG_UTIL_LINUX=$(PKG_UTIL_LINUX)
203
COMMON_ARGS += --build-arg=PKG_KMOD=$(PKG_KMOD)
204
COMMON_ARGS += --build-arg=PKG_U_BOOT=$(PKG_U_BOOT)
205
COMMON_ARGS += --build-arg=PKG_RASPBERYPI_FIRMWARE=$(PKG_RASPBERYPI_FIRMWARE)
206
COMMON_ARGS += --build-arg=PKG_KERNEL=$(PKG_KERNEL)
207
COMMON_ARGS += --build-arg=PKG_TALOSCTL_CNI_BUNDLE_INSTALL=$(PKG_TALOSCTL_CNI_BUNDLE_INSTALL)
208
COMMON_ARGS += --build-arg=ABBREV_TAG=$(ABBREV_TAG)
209
COMMON_ARGS += --build-arg=ZSTD_COMPRESSION_LEVEL=$(ZSTD_COMPRESSION_LEVEL)
210

211
CI_ARGS ?=
212

213
all: initramfs kernel installer imager talosctl talosctl-image talos
214

215
# Help Menu
216

217
define HELP_MENU_HEADER
218
# Getting Started
219

220
To build this project, you must have the following installed:
221

222
- git
223
- make
224
- docker (19.03 or higher)
225
- buildx (https://github.com/docker/buildx)
226
- crane (https://github.com/google/go-containerregistry/blob/main/cmd/crane/README.md)
227

228
## Creating a Builder Instance
229

230
The build process makes use of features not currently supported by the default
231
builder instance (docker driver). To create a compatible builder instance, run:
232

233
```
234
docker buildx create --driver docker-container --name local --buildkitd-flags '--allow-insecure-entitlement security.insecure' --use
235
```
236

237
If you already have a compatible builder instance, you may use that instead.
238

239
> Note: The security.insecure entitlement is only required, and used by the unit-tests target.
240

241
## Artifacts
242

243
All artifacts will be output to ./$(ARTIFACTS). Images will be tagged with the
244
registry "$(IMAGE_REGISTRY)", username "$(USERNAME)", and a dynamic tag (e.g. $(REGISTRY_AND_USERNAME)/image:$(IMAGE_TAG)).
245
The registry and username can be overridden by exporting REGISTRY, and USERNAME
246
respectively.
247

248
## Race Detector
249

250
Building with `WITH_RACE=1` enables race detector in the Talos executables. Integration tests are always built with the race detector
251
enabled.
252

253
endef
254

255
export HELP_MENU_HEADER
256

257
help: ## This help menu.
258
	@echo "$$HELP_MENU_HEADER"
259
	@grep -E '^[a-zA-Z0-9%_-]+:.*?## .*$$' $(MAKEFILE_LIST) | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}'
260

261
# Build Abstractions
262

263
.PHONY: base
264
target-%: ## Builds the specified target defined in the Dockerfile. The build result will only remain in the build cache.
265
	@$(BUILD) \
266
		--target=$* \
267
		$(COMMON_ARGS) \
268
		$(TARGET_ARGS) \
269
		$(CI_ARGS) .
270

271
local-%: ## Builds the specified target defined in the Dockerfile using the local output type. The build result will be output to the specified local destination.
272
	@$(MAKE) target-$* TARGET_ARGS="--output=type=local,dest=$(DEST) $(TARGET_ARGS)"
273
	@PLATFORM=$(PLATFORM) \
274
		ARTIFACTS=$(ARTIFACTS) \
275
		./hack/fix-artifacts.sh
276

277
docker-%: ## Builds the specified target defined in the Dockerfile using the docker output type. The build result will be output to the specified local destination.
278
	@mkdir -p $(DEST)
279
	@$(MAKE) target-$* TARGET_ARGS="--output type=docker,dest=$(DEST)/$*.tar,name=$(REGISTRY_AND_USERNAME)/$*:$(IMAGE_TAG) $(TARGET_ARGS)"
280

281
registry-%: ## Builds the specified target defined in the Dockerfile using the image/registry output type. The build result will be pushed to the registry if PUSH=true.
282
	@$(MAKE) target-$* TARGET_ARGS="--output type=image,name=$(REGISTRY_AND_USERNAME)/$*:$(IMAGE_TAG) $(TARGET_ARGS)"
283

284
hack-test-%: ## Runs the specified script in ./hack/test with well known environment variables.
285
	@./hack/test/$*.sh
286

287
# Generators
288

289
.PHONY: generate
290
generate: ## Generates code from protobuf service definitions and machinery config.
291
	@$(MAKE) local-$@ DEST=./ PLATFORM=linux/amd64
292

293
.PHONY: docs
294
docs: ## Generates the documentation for machine config, and talosctl.
295
	@rm -rf docs/configuration/*
296
	@rm -rf docs/talosctl/*
297
	@$(MAKE) local-$@ DEST=./ PLATFORM=linux/amd64
298

299
.PHONY: docs-preview
300
docs-preview: ## Starts a local preview of the documentation using Hugo in docker
301
	@docker run --rm --interactive --tty \
302
	--user $(shell id -u):$(shell id -g) \
303
	--volume $(PWD):/src --workdir /src/website \
304
	--publish 1313:1313 \
305
	klakegg/hugo:$(HUGO_VERSION) \
306
	server
307

308
# Local Artifacts
309

310
.PHONY: kernel
311
kernel: ## Outputs the kernel package contents (vmlinuz) to the artifact directory.
312
	@$(MAKE) local-$@ DEST=$(ARTIFACTS) PUSH=false
313
	@-rm -rf $(ARTIFACTS)/modules
314

315
.PHONY: initramfs
316
initramfs: ## Builds the compressed initramfs and outputs it to the artifact directory.
317
	@$(MAKE) local-$@ DEST=$(ARTIFACTS) PUSH=false
318

319
.PHONY: sd-boot
320
sd-boot: ## Outputs the systemd-boot to the artifact directory.
321
	@$(MAKE) local-$@ DEST=$(ARTIFACTS) PUSH=false
322

323
.PHONY: sd-stub
324
sd-stub: ## Outputs the systemd-stub to the artifact directory.
325
	@$(MAKE) local-$@ DEST=$(ARTIFACTS) PUSH=false
326

327
.PHONY: installer
328
installer: ## Builds the container image for the installer and outputs it to the registry.
329
	@INSTALLER_ARCH=targetarch  \
330
		$(MAKE) registry-$@
331

332
.PHONY: imager
333
imager: ## Builds the container image for the imager and outputs it to the registry.
334
	@$(MAKE) registry-$@
335

336
.PHONY: talos
337
talos: ## Builds the Talos container image and outputs it to the registry.
338
	@$(MAKE) registry-$@
339

340
.PHONY: talosctl-image
341
talosctl-image: ## Builds the talosctl container image and outputs it to the registry.
342
	@$(MAKE) registry-talosctl
343

344
talosctl-all:
345
	@$(MAKE) local-talosctl-all DEST=$(ARTIFACTS) PUSH=false NAME=Client
346

347
talosctl-linux-amd64:
348
	@$(MAKE) local-talosctl-linux-amd64 DEST=$(ARTIFACTS) PUSH=false NAME=Client
349

350
talosctl-linux-arm64:
351
	@$(MAKE) local-talosctl-linux-arm64 DEST=$(ARTIFACTS) PUSH=false NAME=Client
352

353
talosctl-darwin-amd64:
354
	@$(MAKE) local-talosctl-darwin-amd64 DEST=$(ARTIFACTS) PUSH=false NAME=Client
355

356
talosctl-darwin-arm64:
357
	@$(MAKE) local-talosctl-darwin-arm64 DEST=$(ARTIFACTS) PUSH=false NAME=Client
358

359
talosctl-freebsd-amd64:
360
	@$(MAKE) local-talosctl-freebsd-amd64 DEST=$(ARTIFACTS) PUSH=false NAME=Client
361

362
taloscl-freebsd-arm64:
363
	@$(MAKE) local-talosctl-freebsd-arm64 DEST=$(ARTIFACTS) PUSH=false NAME=Client
364

365
talosctl-windows-amd64:
366
	@$(MAKE) local-talosctl-windows-amd64 DEST=$(ARTIFACTS) PUSH=false NAME=Client
367

368
talosctl:
369
	@$(MAKE) local-talosctl-targetarch DEST=$(ARTIFACTS)
370

371
image-%: ## Builds the specified image. Valid options are aws, azure, digital-ocean, gcp, and vmware (e.g. image-aws)
372
	@docker pull $(REGISTRY_AND_USERNAME)/imager:$(IMAGE_TAG)
373
	@for platform in $(subst $(,),$(space),$(PLATFORM)); do \
374
		arch=$$(basename "$${platform}") && \
375
		docker run --rm -t -v /dev:/dev -v $(PWD)/$(ARTIFACTS):/secureboot:ro -v $(PWD)/$(ARTIFACTS):/out --network=host --privileged $(REGISTRY_AND_USERNAME)/imager:$(IMAGE_TAG) $* --arch $$arch $(IMAGER_ARGS) ; \
376
	done
377

378
images-essential: image-aws image-azure image-gcp image-metal secureboot-installer ## Builds only essential images used in the CI (AWS, GCP, and Metal).
379

380
images: image-akamai image-aws image-azure image-digital-ocean image-exoscale image-gcp image-hcloud image-iso image-metal image-nocloud image-opennebula image-openstack image-oracle image-scaleway image-upcloud image-vmware image-vultr ## Builds all known images (AWS, Azure, DigitalOcean, Exoscale, GCP, HCloud, Metal, NoCloud, OpenNebula, OpenStack, Oracle, Scaleway, UpCloud, Vultr and VMware).
381

382
.PHONY: iso
383
iso: image-iso ## Builds the ISO and outputs it to the artifact directory.
384

385
.PHONY: secureboot-iso
386
secureboot-iso: image-secureboot-iso ## Builds UEFI only ISO which uses UKI and outputs it to the artifact directory.
387

388
.PHONY: secureboot-installer
389
secureboot-installer: ## Builds UEFI only installer which uses UKI and push it to the registry.
390
	@$(MAKE) image-secureboot-installer IMAGER_ARGS="--base-installer-image $(REGISTRY_AND_USERNAME)/installer:$(IMAGE_TAG)"
391
	@for platform in $(subst $(,),$(space),$(PLATFORM)); do \
392
		arch=$$(basename "$${platform}") && \
393
		crane push $(ARTIFACTS)/installer-$${arch}-secureboot.tar $(REGISTRY_AND_USERNAME)/installer:$(IMAGE_TAG)-$${arch}-secureboot ; \
394
	done
395

396
.PHONY: talosctl-cni-bundle
397
talosctl-cni-bundle: ## Creates a compressed tarball that includes CNI bundle for talosctl.
398
	@$(MAKE) local-$@ DEST=$(ARTIFACTS)
399
	@for platform in $(subst $(,),$(space),$(PLATFORM)); do \
400
		arch=`basename "$${platform}"` ; \
401
		tar  -C $(ARTIFACTS)/talosctl-cni-bundle-$${arch} -czf $(ARTIFACTS)/talosctl-cni-bundle-$${arch}.tar.gz . ; \
402
	done
403
	@rm -rf $(ARTIFACTS)/talosctl-cni-bundle-*/
404

405
.PHONY: cloud-images
406
cloud-images: ## Uploads cloud images (AMIs, etc.) to the cloud registry.
407
	@docker run --rm -v $(PWD):/src -w /src \
408
		-e TAG=$(TAG) -e ARTIFACTS=$(ARTIFACTS) -e ABBREV_TAG=$(ABBREV_TAG) \
409
		-e AWS_ACCESS_KEY_ID -e AWS_SECRET_ACCESS_KEY \
410
		-e AZURE_SUBSCRIPTION_ID -e AZURE_CLIENT_ID -e AZURE_CLIENT_SECRET -e AZURE_TENANT_ID \
411
		golang:$(GO_VERSION) \
412
		./hack/cloud-image-uploader.sh $(CLOUD_IMAGES_EXTRA_ARGS)
413

414
.PHONY: uki-certs
415
uki-certs: talosctl ## Generate test certificates for SecureBoot/PCR Signing
416
	@$(TALOSCTL_EXECUTABLE) gen secureboot uki
417
	@$(TALOSCTL_EXECUTABLE) gen secureboot pcr
418
	@$(TALOSCTL_EXECUTABLE) gen secureboot database
419

420
# Code Quality
421

422
api-descriptors: ## Generates API descriptors used to detect breaking API changes.
423
	@$(MAKE) local-api-descriptors DEST=./ PLATFORM=linux/amd64
424

425
fmt-go: ## Formats the source code.
426
	@docker run --rm -it -v $(PWD):/src -w /src -e GOTOOLCHAIN=local golang:$(GO_VERSION) bash -c "go install golang.org/x/tools/cmd/goimports@$(GOIMPORTS_VERSION) && goimports -w -local github.com/siderolabs/talos . && go install mvdan.cc/gofumpt@$(GOFUMPT_VERSION) && gofumpt -w ."
427

428
fmt-protobuf: ## Formats protobuf files.
429
	@$(MAKE) local-fmt-protobuf DEST=./ PLATFORM=linux/amd64
430

431
fmt: ## Formats the source code and protobuf files.
432
	@$(MAKE) fmt-go fmt-protobuf
433

434
lint-%: ## Runs the specified linter. Valid options are go, protobuf, and markdown (e.g. lint-go).
435
	@$(MAKE) target-lint-$* PLATFORM=linux/amd64
436

437
lint: ## Runs linters on go, vulncheck, protobuf, and markdown file types.
438
	@$(MAKE) lint-go lint-vulncheck lint-protobuf lint-markdown
439

440
check-dirty: ## Verifies that source tree is not dirty
441
	@if test -n "`git status --porcelain`"; then echo "Source tree is dirty"; git status; git diff; exit 1 ; fi
442

443
go-mod-outdated: ## Runs the go-mod-oudated to show outdated dependencies.
444
	@$(MAKE) target-go-mod-outdated PLATFORM=linux/amd64
445

446
# Tests
447

448
.PHONY: unit-tests
449
unit-tests: ## Performs unit tests.
450
	@$(MAKE) local-$@ DEST=$(ARTIFACTS) TARGET_ARGS="--allow security.insecure" PLATFORM=linux/amd64
451

452
.PHONY: unit-tests-race
453
unit-tests-race: ## Performs unit tests with race detection enabled.
454
	@$(MAKE) target-$@ TARGET_ARGS="--allow security.insecure" PLATFORM=linux/amd64
455

456
$(ARTIFACTS)/$(INTEGRATION_TEST_DEFAULT_TARGET)-amd64:
457
	@$(MAKE) local-$(INTEGRATION_TEST_DEFAULT_TARGET) DEST=$(ARTIFACTS) PLATFORM=linux/amd64 WITH_RACE=true NAME=Client PUSH=false
458

459
$(ARTIFACTS)/$(INTEGRATION_TEST_PROVISION_DEFAULT_TARGET)-amd64:
460
	@$(MAKE) local-$(INTEGRATION_TEST_PROVISION_DEFAULT_TARGET) DEST=$(ARTIFACTS) PLATFORM=linux/amd64 WITH_RACE=true NAME=Client
461

462
$(ARTIFACTS)/kubectl:
463
	@mkdir -p $(ARTIFACTS)
464
	@curl -L -o $(ARTIFACTS)/kubectl "$(KUBECTL_URL)"
465
	@chmod +x $(ARTIFACTS)/kubectl
466

467
$(ARTIFACTS)/kubestr:
468
	@mkdir -p $(ARTIFACTS)
469
	@curl -L "$(KUBESTR_URL)" | tar xzf - -C $(ARTIFACTS) kubestr
470
	@chmod +x $(ARTIFACTS)/kubestr
471

472
$(ARTIFACTS)/helm:
473
	@mkdir -p $(ARTIFACTS)
474
	@curl -L "$(HELM_URL)" | tar xzf - -C $(ARTIFACTS) --strip-components=1 linux-amd64/helm
475
	@chmod +x $(ARTIFACTS)/helm
476

477
$(ARTIFACTS)/clusterctl:
478
	@mkdir -p $(ARTIFACTS)
479
	@curl -L -o $(ARTIFACTS)/clusterctl "$(CLUSTERCTL_URL)"
480
	@chmod +x $(ARTIFACTS)/clusterctl
481

482
$(ARTIFACTS)/cilium:
483
	@mkdir -p $(ARTIFACTS)
484
	@curl -L "$(CILIUM_CLI_URL)" | tar xzf - -C $(ARTIFACTS) cilium
485
	@chmod +x $(ARTIFACTS)/cilium
486

487
external-artifacts: $(ARTIFACTS)/kubectl $(ARTIFACTS)/clusterctl $(ARTIFACTS)/kubestr $(ARTIFACTS)/helm $(ARTIFACTS)/cilium
488

489
e2e-%: $(ARTIFACTS)/$(INTEGRATION_TEST_DEFAULT_TARGET)-amd64 external-artifacts ## Runs the E2E test for the specified platform (e.g. e2e-docker).
490
	@$(MAKE) hack-test-$@ \
491
		PLATFORM=$* \
492
		TAG=$(TAG) \
493
		SHA=$(SHA) \
494
		REGISTRY=$(IMAGE_REGISTRY) \
495
		IMAGE=$(REGISTRY_AND_USERNAME)/talos:$(IMAGE_TAG) \
496
		INSTALLER_IMAGE=$(REGISTRY_AND_USERNAME)/installer:$(IMAGE_TAG) \
497
		ARTIFACTS=$(ARTIFACTS) \
498
		TALOSCTL=$(PWD)/$(ARTIFACTS)/$(TALOSCTL_DEFAULT_TARGET)-amd64 \
499
		INTEGRATION_TEST=$(PWD)/$(ARTIFACTS)/$(INTEGRATION_TEST_DEFAULT_TARGET)-amd64 \
500
		SHORT_INTEGRATION_TEST=$(SHORT_INTEGRATION_TEST) \
501
		CUSTOM_CNI_URL=$(CUSTOM_CNI_URL) \
502
		KUBECTL=$(PWD)/$(ARTIFACTS)/kubectl \
503
		KUBESTR=$(PWD)/$(ARTIFACTS)/kubestr \
504
		HELM=$(PWD)/$(ARTIFACTS)/helm \
505
		CLUSTERCTL=$(PWD)/$(ARTIFACTS)/clusterctl \
506
		CILIUM_CLI=$(PWD)/$(ARTIFACTS)/cilium
507

508
provision-tests-prepare: release-artifacts $(ARTIFACTS)/$(INTEGRATION_TEST_PROVISION_DEFAULT_TARGET)-amd64
509

510
provision-tests: provision-tests-prepare
511
	@$(MAKE) hack-test-$@ \
512
		TAG=$(TAG) \
513
		TALOSCTL=$(PWD)/$(ARTIFACTS)/$(TALOSCTL_DEFAULT_TARGET)-amd64 \
514
		INTEGRATION_TEST=$(PWD)/$(ARTIFACTS)/$(INTEGRATION_TEST_PROVISION_DEFAULT_TARGET)-amd64
515

516
provision-tests-track-%:
517
	@$(MAKE) hack-test-provision-tests \
518
		TAG=$(TAG) \
519
		TALOSCTL=$(PWD)/$(ARTIFACTS)/$(TALOSCTL_DEFAULT_TARGET)-amd64 \
520
		INTEGRATION_TEST=$(PWD)/$(ARTIFACTS)/$(INTEGRATION_TEST_PROVISION_DEFAULT_TARGET)-amd64 \
521
		INTEGRATION_TEST_RUN="TestIntegration/.+-TR$*" \
522
		INTEGRATION_TEST_TRACK="$*" \
523
		CUSTOM_CNI_URL=$(CUSTOM_CNI_URL) \
524
		REGISTRY=$(IMAGE_REGISTRY) \
525
		ARTIFACTS=$(ARTIFACTS)
526

527
installer-with-extensions: $(ARTIFACTS)/extensions/_out/extensions-metadata
528
	$(MAKE) image-installer \
529
		IMAGER_ARGS="--base-installer-image=$(REGISTRY_AND_USERNAME)/installer:$(IMAGE_TAG) $(shell cat $(ARTIFACTS)/extensions/_out/extensions-metadata | grep -vE 'tailscale|xen-guest-agent|nvidia|vmtoolsd-guest-agent' | xargs -n 1 echo --system-extension-image)"
530
	crane push $(ARTIFACTS)/installer-amd64.tar $(REGISTRY_AND_USERNAME)/installer:$(IMAGE_TAG)-amd64-extensions
531
	echo -n "$(REGISTRY_AND_USERNAME)/installer:$(IMAGE_TAG)-amd64-extensions" | jq -Rs -f hack/test/extensions/extension-patch-filter.jq | yq eval ".[] | split_doc" -P > $(ARTIFACTS)/extensions-patch.yaml
532

533
# Assets for releases
534

535
.PHONY: $(ARTIFACTS)/$(TALOS_RELEASE)
536
$(ARTIFACTS)/$(TALOS_RELEASE): $(ARTIFACTS)/$(TALOS_RELEASE)/vmlinuz $(ARTIFACTS)/$(TALOS_RELEASE)/initramfs.xz
537

538
# download release artifacts for specific version
539
$(ARTIFACTS)/$(TALOS_RELEASE)/%:
540
	@mkdir -p $(ARTIFACTS)/$(TALOS_RELEASE)/
541
	@case "$*" in \
542
		vmlinuz) \
543
			curl -L -o "$(ARTIFACTS)/$(TALOS_RELEASE)/$*" "https://github.com/siderolabs/talos/releases/download/$(TALOS_RELEASE)/vmlinuz-amd64" \
544
			;; \
545
		initramfs.xz) \
546
			curl -L -o "$(ARTIFACTS)/$(TALOS_RELEASE)/$*" "https://github.com/siderolabs/talos/releases/download/$(TALOS_RELEASE)/initramfs-amd64.xz" \
547
			;; \
548
	esac
549

550
.PHONY: release-artifacts
551
release-artifacts:
552
	@for release in $(RELEASES); do \
553
		$(MAKE) $(ARTIFACTS)/$$release TALOS_RELEASE=$$release; \
554
	done
555

556
# Utilities
557

558
.PHONY: rekres
559
rekres:
560
	@docker pull $(KRES_IMAGE)
561
	@docker run --rm --net=host --user $(shell id -u):$(shell id -g) -v $(PWD):/src -w /src -e GITHUB_TOKEN $(KRES_IMAGE)
562

563
.PHONY: conformance
564
conformance:
565
	@docker pull $(CONFORMANCE_IMAGE)
566
	@docker run --rm -it -v $(PWD):/src -w /src $(CONFORMANCE_IMAGE) enforce
567

568
.PHONY: release-notes
569
release-notes:
570
	ARTIFACTS=$(ARTIFACTS) ./hack/release.sh $@ $(ARTIFACTS)/RELEASE_NOTES.md $(TAG)
571

572
push: ## Pushes the installer, imager, talos and talosctl images to the configured container registry with the generated tag.
573
	@$(MAKE) installer PUSH=true
574
	@$(MAKE) imager PUSH=true
575
	@$(MAKE) talos PUSH=true
576
	@$(MAKE) talosctl-image PUSH=true
577

578
push-%: ## Pushes the installer, imager, talos and talosctl images to the configured container registry with the specified tag (e.g. push-latest).
579
	@$(MAKE) push IMAGE_TAG=$*
580

581
.PHONY: clean
582
clean: ## Cleans up all artifacts.
583
	@-rm -rf $(ARTIFACTS)
584

585
.PHONY: image-list
586
image-list: ## Prints a list of all images built by this Makefile with digests.
587
	@echo -n installer talos imager talosctl | xargs -d ' ' -I{} sh -c 'echo $(REGISTRY_AND_USERNAME)/{}:$(IMAGE_TAG)' | xargs -I{} sh -c 'echo {}@$$(crane digest {})'
588

589
.PHONY: sign-images
590
sign-images: ## Run cosign to sign all images built by this Makefile.
591
	@for image in $(shell $(MAKE) --quiet image-list REGISTRY_AND_USERNAME=$(REGISTRY_AND_USERNAME) IMAGE_TAG=$(IMAGE_TAG)); do \
592
		echo '==>' $$image; \
593
		cosign verify $$image --certificate-identity-regexp '@siderolabs\.com$$' --certificate-oidc-issuer https://accounts.google.com || \
594
			cosign sign --yes $$image; \
595
	done
596

597
.PHONY: reproducibility-test
598
reproducibility-test:
599
	@$(MAKE) reproducibility-test-local-initramfs
600
	@$(MAKE) reproducibility-test-docker-installer INSTALLER_ARCH=targetarch PLATFORM=linux/amd64
601
	@$(MAKE) reproducibility-test-docker-talos reproducibility-test-docker-imager reproducibility-test-docker-talosctl PLATFORM=linux/amd64
602

603
reproducibility-test-docker-%:
604
	@rm -rf _out1/ _out2/
605
	@mkdir -p _out1/ _out2/
606
	@$(MAKE) docker-$* DEST=_out1/
607
	@$(MAKE) docker-$* DEST=_out2/ TARGET_ARGS="--no-cache"
608
	@find _out1/ -type f | xargs -IFILE diffoscope FILE `echo FILE | sed 's/_out1/_out2/'`
609
	@rm -rf _out1/ _out2/
610

611
reproducibility-test-local-%:
612
	@rm -rf _out1/ _out2/
613
	@mkdir -p _out1/ _out2/
614
	@$(MAKE) local-$* DEST=_out1/
615
	@$(MAKE) local-$* DEST=_out2/ TARGET_ARGS="--no-cache"
616
	@find _out1/ -type f | xargs -IFILE diffoscope FILE `echo FILE | sed 's/_out1/_out2/'`
617
	@rm -rf _out1/ _out2/
618
talos

Использование cookies
