security-insights/Makefile at main · ossf/security-insights · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
lintcue:
	@echo "  >  Linting CUE schema ..."
	@cd spec
	@cue vet ./spec --all-errors

lintyml:
	@echo "  >  Linting YAML files ..."
	@echo "  >  Linting .github/security-insights.yml ..."
	@cue vet -d '#SecurityInsights' ./spec .github/security-insights.yml
	@echo "  >  Linting template-full.yml ..."
	cue vet -d '#SecurityInsights' ./spec examples/example-full.yml
	@echo "  >  Linting template-minimum.yml ..."
	cue vet -d '#SecurityInsights' ./spec examples/example-minimum.yml
	@echo "  >  Linting template-multi-repository-project-reuse.yml ..."
	cue vet -d '#SecurityInsights' ./spec examples/example-multi-repository-project-reuse.yml
	@echo "  >  Linting template-multi-repository-project.yml ..."
	cue vet -d '#SecurityInsights' ./spec examples/example-multi-repository-project.yml

cuegen:
	@echo "  >  Generating types from cue schema ..."
	@cue exp gengotypes spec/schema.cue
	@echo "  >  vet the generated go types ..."
	@go vet cue_types_gen.go

genopenapi:
	@echo "  >  Converting CUE schema to OpenAPI ..."
	@cd cmd/cue2openapi && go run . -schema ../../spec -output ../../openapi.yaml -root SecurityInsights -version "$$(cat ../../VERSION)"
	@echo "  >  OpenAPI schema generation complete!"

genindex:
	@echo "  >  Copying README.md to docs/index.md for website ..."
	@{ \
		echo "---"; \
		echo "layout: default"; \
		echo "title: Home"; \
		echo "nav-title: About"; \
		echo "note: This file is automatically generated from README.md. Do not edit this file directly."; \
		echo "---"; \
		echo ""; \
		cat README.md | sed -e 's|docs/assets/|/assets/|g' -e 's|](docs/|](/|g' -e 's|](/\([A-Za-z0-9_-]\{1,\}\)\.md\([)#]\)|](/\1.html\2|g'; \
	} > docs/index.md
	@echo "  >  Index page generation complete!"

gendocs: genopenapi
	@echo "  >  Generating markdown from OpenAPI ..."
	@cd cmd/openapi2md && go run . -input ../../openapi.yaml -output ../../spec -roots SecurityInsights
	@echo "  >  Copying schema.md to docs/ for website ..."
	@{ \
		echo "---"; \
		echo "layout: default"; \
		echo "title: Schema Documentation"; \
		echo "nav-title: Schema"; \
		echo "note: This file is automatically generated from spec/schema.cue. Do not edit this file directly."; \
		echo "---"; \
		echo ""; \
		cat spec/schema.md; \
	} > docs/schema.md
	@echo "  >  Documentation generation complete!"

genpdf: gendocs
	@echo "  >  Generating PDF from markdown documentation ..."
	@if ! command -v pandoc >/dev/null 2>&1; then \
		echo "ERROR: pandoc not found. Install pandoc to generate PDF."; \
		echo "  macOS: brew install pandoc"; \
		echo "  Linux: apt-get install pandoc or yum install pandoc"; \
		exit 1; \
	fi
	@VERSION=$$(cat VERSION 2>/dev/null | sed 's/^/v/'); \
	PDF_ENGINE=""; \
	if command -v pdflatex >/dev/null 2>&1; then \
		PDF_ENGINE="pdflatex"; \
	elif command -v xelatex >/dev/null 2>&1; then \
		PDF_ENGINE="xelatex"; \
	elif command -v lualatex >/dev/null 2>&1; then \
		PDF_ENGINE="lualatex"; \
	elif command -v wkhtmltopdf >/dev/null 2>&1; then \
		PDF_ENGINE="wkhtmltopdf"; \
	elif command -v weasyprint >/dev/null 2>&1; then \
		PDF_ENGINE="weasyprint"; \
	fi; \
	if [ -z "$$PDF_ENGINE" ]; then \
		echo "  >  No PDF engine found (pdflatex, xelatex, lualatex, wkhtmltopdf, or weasyprint)."; \
		echo "  >  Generating HTML instead (convert to PDF manually)..."; \
		cd spec && pandoc schema.md \
			--from markdown \
			--to html \
			--standalone \
			--toc \
			--toc-depth=3 \
			--css=https://cdn.jsdelivr.net/npm/github-markdown-css@5/github-markdown.min.css \
			--metadata title="Security Insights Specification" \
			--metadata author="OpenSSF" \
			--metadata date="$$(date +%Y-%m-%d)" \
			--output ../Security-Insights-$$VERSION.html; \
		echo "  >  HTML generated at Security-Insights-$$VERSION.html"; \
		echo "  >  To generate PDF, install a PDF engine:"; \
		echo "     macOS: brew install basictex (for pdflatex/xelatex/lualatex)"; \
		echo "     macOS: brew install wkhtmltopdf (for wkhtmltopdf)"; \
		echo "     Linux: apt-get install texlive (for pdflatex/xelatex/lualatex)"; \
	else \
		echo "  >  Using PDF engine: $$PDF_ENGINE"; \
		cd spec && pandoc schema.md \
			--from markdown \
			--to pdf \
			--output ../Security-Insights-$$VERSION.pdf \
			--toc \
			--toc-depth=3 \
			--pdf-engine=$$PDF_ENGINE \
			-V geometry:margin=1in \
			-V documentclass=article \
			-V fontsize=11pt \
			--metadata title="Security Insights Specification" \
			--metadata author="OpenSSF" \
			--metadata date="$$(date +%Y-%m-%d)" 2>&1 | grep -v "LaTeX Warning" || \
		(echo "  >  PDF generation with $$PDF_ENGINE failed. Trying HTML fallback..." && \
		 pandoc schema.md \
			--from markdown \
			--to html \
			--standalone \
			--toc \
			--toc-depth=3 \
			--css=https://cdn.jsdelivr.net/npm/github-markdown-css@5/github-markdown.min.css \
			--metadata title="Security Insights Specification" \
			--metadata author="OpenSSF" \
			--metadata date="$$(date +%Y-%m-%d)" \
			--output ../Security-Insights-$$VERSION.html && \
		 echo "  >  HTML generated at Security-Insights-$$VERSION.html (convert to PDF manually)" && \
		 echo "  >  Install LaTeX for better PDF generation: brew install basictex (macOS) or texlive (Linux)"); \
	fi
	@echo "  >  PDF generation complete!"

start: genindex gendocs run

run:
	@echo "  >  Starting Jekyll site ..."
	@if ! command -v ruby -v >/dev/null 2>&1; then \
		echo "ERROR: ruby not found. Install ruby to run the site."; \
		exit 1; \
	fi
	@if ! command -v bundle >/dev/null 2>&1; then \
		echo "ERROR: bundle not found. Install bundler to run the site."; \
		echo "  macOS: gem install bundler"; \
		echo "  Linux: gem install bundler"; \
		exit 1; \
	fi
	@if [ -z "$$SSL_CERT_FILE" ]; then \
		for p in /opt/homebrew/etc/ca-certificates/cert.pem /usr/local/etc/ca-certificates/cert.pem; do \
			if [ -f "$$p" ]; then \
				export SSL_CERT_FILE="$$p"; \
				echo "  >  Using CA bundle $$SSL_CERT_FILE (Homebrew Ruby's default trust store often can't verify github.com for jekyll-remote-theme; set SSL_CERT_FILE in your shell to override)"; \
				break; \
			fi; \
		done; \
	fi; \
	cd docs && \
		echo "  >  Installing Jekyll dependencies ..."; \
		bundle install; \
		echo "  >  Starting Jekyll server at http://localhost:4000 ..."; \
		bundle exec jekyll serve --host 0.0.0.0

stop:
	@echo "  >  Stopping Jekyll site ..."
	@PIDS=$$(lsof -ti tcp:4000 2>/dev/null); \
	if [ -n "$$PIDS" ]; then \
		echo "  >  Killing processes on port 4000: $$PIDS"; \
		kill $$PIDS; \
		echo "  >  Jekyll site stopped."; \
	else \
		echo "  >  No process listening on port 4000."; \
	fi

.PHONY: lintcue lintyml cuegen genopenapi genindex gendocs genpdf start run stop