# The personal, minimalist, super fast, database-free, bookmarking service. # Makefile for PHP code analysis & testing, documentation and release generation BIN = vendor/bin all: check_permissions test ## # Docker test adapter # # Shaarli sources and vendored libraries are copied from a shared volume # to a user-owned directory to enable running tests as a non-root user. ## docker_%: rsync -az /shaarli/ ~/shaarli/ cd ~/shaarli && make $* ## # PHP_CodeSniffer # Detects PHP syntax errors # Documentation (usage, output formatting): # - http://pear.php.net/manual/en/package.php.php-codesniffer.usage.php # - http://pear.php.net/manual/en/package.php.php-codesniffer.reporting.php ## PHPCS := $(BIN)/phpcs # Use GNU Tar where available ifneq (, $(shell which gtar)) TAR := gtar else TAR := tar endif code_sniffer: @$(PHPCS) ### - errors by Git author code_sniffer_blame: @$(PHPCS) --report-gitblame ### - all errors/warnings code_sniffer_full: @$(PHPCS) --report-full --report-width=200 ### - errors grouped by kind code_sniffer_source: @$(PHPCS) --report-source || exit 0 ## # Checks source file & script permissions ## check_permissions: @echo "----------------------" @echo "Check file permissions" @echo "----------------------" @for file in `git ls-files | grep -v docker`; do \ if [ -x $$file ]; then \ errors=true; \ echo "$${file} is executable"; \ fi \ done; [ -z $$errors ] || false ## # PHPUnit # Runs unitary and functional tests # Generates an HTML coverage report if Xdebug is enabled # # See phpunit.xml for configuration # https://phpunit.de/manual/current/en/appendixes.configuration.html ## test: translate @echo "-------" @echo "PHPUNIT" @echo "-------" @mkdir -p sandbox coverage @$(BIN)/phpunit --coverage-php coverage/main.cov --bootstrap tests/bootstrap.php --testsuite unit-tests locale_test_%: @UT_LOCALE=$*.utf8 \ $(BIN)/phpunit \ --coverage-php coverage/$(firstword $(subst _, ,$*)).cov \ --bootstrap tests/languages/bootstrap.php \ --testsuite language-$(firstword $(subst _, ,$*)) all_tests: test locale_test_de_DE locale_test_en_US locale_test_fr_FR @# --The current version is not compatible with PHP 7.2 @#$(BIN)/phpcov merge --html coverage coverage @# --text doesn't work with phpunit 4.* (v5 requires PHP 5.6) @#$(BIN)/phpcov merge --text coverage/txt coverage ### download 3rd-party PHP libraries, including dev dependencies composer_dependencies_dev: clean composer install --prefer-dist ## # Custom release archive generation # # For each tagged revision, GitHub provides tar and zip archives that correspond # to the output of git-archive # # These targets produce similar archives, featuring 3rd-party dependencies # to ease deployment on shared hosting. ## ARCHIVE_VERSION := shaarli-$$(git describe)-full ARCHIVE_PREFIX=Shaarli/ release_archive: release_tar release_zip ### download 3rd-party PHP libraries composer_dependencies: clean composer install --no-dev --prefer-dist find vendor/ -name ".git" -type d -exec rm -rf {} + ### download 3rd-party frontend libraries frontend_dependencies: yarnpkg install ### Build frontend dependencies build_frontend: frontend_dependencies yarnpkg run build ### generate a release tarball and include 3rd-party dependencies and translations release_tar: composer_dependencies htmldoc translate build_frontend git archive --prefix=$(ARCHIVE_PREFIX) -o $(ARCHIVE_VERSION).tar HEAD $(TAR) rvf $(ARCHIVE_VERSION).tar --transform "s|^vendor|$(ARCHIVE_PREFIX)vendor|" vendor/ $(TAR) rvf $(ARCHIVE_VERSION).tar --transform "s|^doc/html|$(ARCHIVE_PREFIX)doc/html|" doc/html/ $(TAR) rvf $(ARCHIVE_VERSION).tar --transform "s|^tpl|$(ARCHIVE_PREFIX)tpl|" tpl/ gzip $(ARCHIVE_VERSION).tar ### generate a release zip and include 3rd-party dependencies and translations release_zip: composer_dependencies htmldoc translate build_frontend git archive --prefix=$(ARCHIVE_PREFIX) -o $(ARCHIVE_VERSION).zip -9 HEAD mkdir -p $(ARCHIVE_PREFIX)/doc mkdir -p $(ARCHIVE_PREFIX)/vendor rsync -a doc/html/ $(ARCHIVE_PREFIX)doc/html/ zip -r $(ARCHIVE_VERSION).zip $(ARCHIVE_PREFIX)doc/ rsync -a vendor/ $(ARCHIVE_PREFIX)vendor/ zip -r $(ARCHIVE_VERSION).zip $(ARCHIVE_PREFIX)vendor/ rsync -a tpl/ $(ARCHIVE_PREFIX)tpl/ zip -r $(ARCHIVE_VERSION).zip $(ARCHIVE_PREFIX)tpl/ rm -rf $(ARCHIVE_PREFIX) ## # Targets for repository and documentation maintenance ## ### remove all unversioned files clean: @git clean -df @rm -rf sandbox trivy* ### generate the AUTHORS file from Git commit information generate_authors: @cp .github/mailmap .mailmap @git shortlog -sne > AUTHORS @rm .mailmap ### generate phpDocumentor documentation phpdoc: clean @docker run --rm -v $(PWD):/data -u `id -u`:`id -g` phpdoc/phpdoc ### generate HTML documentation from Markdown pages with MkDocs htmldoc: python3 -m venv venv/ bash -c 'source venv/bin/activate; \ pip install wheel; \ pip install mkdocs; \ mkdocs build --clean' find doc/html/ -type f -exec chmod a-x '{}' \; rm -r venv ### Generate Shaarli's translation compiled file (.mo) translate: @echo "----------------------" @echo "Compile translation files" @echo "----------------------" @for pofile in `find inc/languages/ -name shaarli.po`; do \ echo "Compiling $$pofile"; \ msgfmt -v "$$pofile" -o "`dirname "$$pofile"`/`basename "$$pofile" .po`.mo"; \ done; ### Run ESLint check against Shaarli's JS files eslint: @yarnpkg run eslint -c .dev/.eslintrc.js assets/vintage/js/ @yarnpkg run eslint -c .dev/.eslintrc.js assets/default/js/ @yarnpkg run eslint -c .dev/.eslintrc.js assets/common/js/ ### Run CSSLint check against Shaarli's SCSS files sasslint: @yarnpkg run stylelint --config .dev/.stylelintrc.js 'assets/default/scss/*.scss' ## # Security scans ## # trivy version (https://github.com/aquasecurity/trivy/releases) TRIVY_VERSION=0.43.0 # default trivy exit code when vulnerabilities are found TRIVY_EXIT_CODE=1 # default docker image to scan with trivy TRIVY_TARGET_DOCKER_IMAGE=ghcr.io/shaarli/shaarli:latest ### download trivy vulneravbility scanner download_trivy: wget --quiet --continue -O trivy_$(TRIVY_VERSION)_Linux-64bit.tar.gz https://github.com/aquasecurity/trivy/releases/download/v$(TRIVY_VERSION)/trivy_$(TRIVY_VERSION)_Linux-64bit.tar.gz tar -z -x trivy -f trivy_$(TRIVY_VERSION)_Linux-64bit.tar.gz ### run trivy vulnerability scanner on docker image test_trivy_docker: download_trivy ./trivy --exit-code $(TRIVY_EXIT_CODE) image $(TRIVY_TARGET_DOCKER_IMAGE) ### run trivy vulnerability scanner on composer/yarn dependency trees test_trivy_repo: download_trivy ./trivy --exit-code $(TRIVY_EXIT_CODE) fs composer.lock ./trivy --exit-code $(TRIVY_EXIT_CODE) fs yarn.lock