# Set an output prefix, which is the local directory if not specified
PREFIX?=$(shell pwd)

GOFLAGS := -mod=vendor

# Populate version variables
# Add to compile time flags
NOTARY_PKG := github.com/theupdateframework/notary
NOTARY_VERSION := $(shell cat NOTARY_VERSION)
GITCOMMIT := $(shell git rev-parse --short HEAD)
GITUNTRACKEDCHANGES := $(shell git status --porcelain --untracked-files=no)
ifneq ($(GITUNTRACKEDCHANGES),)
GITCOMMIT := $(GITCOMMIT)-dirty
endif
CTIMEVAR=-X $(NOTARY_PKG)/version.GitCommit=$(GITCOMMIT) -X $(NOTARY_PKG)/version.NotaryVersion=$(NOTARY_VERSION)
GO_LDFLAGS=-ldflags "-w $(CTIMEVAR)"
GO_LDFLAGS_STATIC=-ldflags "-w $(CTIMEVAR) -extldflags -static"
GOOSES = darwin linux windows
NOTARY_BUILDTAGS ?= pkcs11
NOTARYDIR := /go/src/github.com/theupdateframework/notary

# check to be sure pkcs11 lib is always imported with a build tag
GO_LIST_PKCS11 := $(shell go list -tags "${NOTARY_BUILDTAGS}" -e -f '{{join .Deps "\n"}}' ./... | grep -v /vendor/ | xargs go list -e -f '{{if not .Standard}}{{.ImportPath}}{{end}}' | grep -q pkcs11)
ifeq ($(GO_LIST_PKCS11),)
$(info pkcs11 import was not found anywhere without a build tag, yay)
else
$(error You are importing pkcs11 somewhere and not using a build tag)
endif

_empty :=
_space := $(empty) $(empty)

# go cover test variables
COVERPROFILE?=coverage.txt
COVERMODE=atomic
PKGS ?= $(shell go list -tags "${NOTARY_BUILDTAGS}" ./... | grep -v /vendor/ | tr '\n' ' ')

.PHONY: clean all lint build test binaries cross cover docker-images notary-dockerfile
.DELETE_ON_ERROR: cover
.DEFAULT: default

all: clean lint build test binaries

# This only needs to be generated by hand when cutting full releases.
version/version.go:
	./version/version.sh > $@

${PREFIX}/bin/notary-server: NOTARY_VERSION $(shell find . -type f -name '*.go')
	@echo "+ $@"
	@go build -tags ${NOTARY_BUILDTAGS} -o $@ ${GO_LDFLAGS} ./cmd/notary-server

${PREFIX}/bin/notary: NOTARY_VERSION $(shell find . -type f -name '*.go')
	@echo "+ $@"
	@go build -tags ${NOTARY_BUILDTAGS} -o $@ ${GO_LDFLAGS} ./cmd/notary

${PREFIX}/bin/notary-signer: NOTARY_VERSION $(shell find . -type f -name '*.go')
	@echo "+ $@"
	@go build -tags ${NOTARY_BUILDTAGS} -o $@ ${GO_LDFLAGS} ./cmd/notary-signer

${PREFIX}/bin/escrow: NOTARY_VERSION $(shell find . -type f -name '*.go')
	@echo "+ $@"
	@go build -tags ${NOTARY_BUILDTAGS} -o $@ ${GO_LDFLAGS} ./cmd/escrow

ifeq ($(shell uname -s),Darwin)
${PREFIX}/bin/static/notary-server:
	@echo "notary-server: static builds not supported on OS X"

${PREFIX}/bin/static/notary-signer:
	@echo "notary-signer: static builds not supported on OS X"

${PREFIX}/bin/static/notary:
	@echo "notary: static builds not supported on OS X"
else
${PREFIX}/bin/static/notary-server: NOTARY_VERSION $(shell find . -type f -name '*.go')
	@echo "+ $@"
	@(export CGO_ENABLED=0; go build -tags "${NOTARY_BUILDTAGS} netgo" -o $@ ${GO_LDFLAGS_STATIC} ./cmd/notary-server)

${PREFIX}/bin/static/notary-signer: NOTARY_VERSION $(shell find . -type f -name '*.go')
	@echo "+ $@"
	@(export CGO_ENABLED=0; go build -tags "${NOTARY_BUILDTAGS} netgo" -o $@ ${GO_LDFLAGS_STATIC} ./cmd/notary-signer)

${PREFIX}/bin/static/notary:
	@echo "+ $@"
	@go build -tags "${NOTARY_BUILDTAGS} netgo" -o $@ ${GO_LDFLAGS_STATIC} ./cmd/notary
endif


# run all lint functionality - excludes Godep directory, vendoring, binaries, python tests, and git files
lint:
	@echo "+ $@: golint, go vet, go fmt, gocycle, misspell, ineffassign"
	# golint
	@test -z "$(shell find . -type f -name "*.go" -not -path "./vendor/*" -not -name "*.pb.*" -exec golint {} \; | tee /dev/stderr)"
	# gofmt
	@test -z "$$(gofmt -s -l .| grep -v .pb. | grep -v vendor/ | tee /dev/stderr)"
	# govet
ifeq ($(shell uname -s), Darwin)
	@test -z "$(shell find . -iname *test*.go | grep -v _test.go | grep -v vendor | xargs echo "This file should end with '_test':"  | tee /dev/stderr)"
else
	@test -z "$(shell find . -iname *test*.go | grep -v _test.go | grep -v vendor | xargs -r echo "This file should end with '_test':"  | tee /dev/stderr)"
endif
	@test -z "$$(go vet -printf=false . 2>&1 | grep -v vendor/ | tee /dev/stderr)"
	# gocyclo - we require cyclomatic complexity to be < 16
	@test -z "$(shell find . -type f -name "*.go" -not -path "./vendor/*" -not -name "*.pb.*" -exec gocyclo -over 15 {} \; | tee /dev/stderr)"
	# misspell - requires that the following be run first:
	#    go get -u github.com/client9/misspell/cmd/misspell
	@test -z "$$(find . -type f | grep -v vendor/ | grep -v bin/ | grep -v misc/ | grep -v .git/ | grep -v \.pdf | xargs misspell | tee /dev/stderr)"
	# ineffassign - requires that the following be run first:
	#    go get -u github.com/gordonklaus/ineffassign
	@test -z "$(shell find . -type f -name "*.go" -not -path "./vendor/*" -not -name "*.pb.*" -exec ineffassign {} \; | tee /dev/stderr)"
	# gosec - requires that the following be run first:
	#    go get -u github.com/securego/gosec/cmd/gosec/...
	@rm -f gosec_output.csv
	@gosec -fmt=csv -out=gosec_output.csv -exclude=G104,G304 ./... || (cat gosec_output.csv >&2; exit 1)

build:
	@echo "+ $@"
	@go build -tags "${NOTARY_BUILDTAGS}" -v ${GO_LDFLAGS} $(PKGS)

# When running `go test ./...`, it runs all the suites in parallel, which causes
# problems when running with a yubikey
test: TESTOPTS =
test:
	@echo Note: when testing with a yubikey plugged in, make sure to include 'TESTOPTS="-p 1"'
	@echo "+ $@ $(TESTOPTS)"
	@echo
	go test -tags "${NOTARY_BUILDTAGS}" $(TESTOPTS) $(PKGS)

integration: TESTDB = mysql
integration: clean
	buildscripts/integrationtest.sh $(TESTDB)

testdb: TESTDB = mysql
testdb:
	buildscripts/dbtests.sh $(TESTDB)

protos:
	@protoc --go_out=plugins=grpc:. proto/*.proto

# This allows coverage for a package to come from tests in different package.
# Requires that the following:
# go get github.com/wadey/gocovmerge; go install github.com/wadey/gocovmerge
#
# be run first
gen-cover:
gen-cover:
	@python -u buildscripts/covertest.py --tags "$(NOTARY_BUILDTAGS)" --pkgs="$(PKGS)" --testopts="${TESTOPTS}"

# Generates the cover binaries and runs them all in serial, so this can be used
# run all tests with a yubikey without any problems
cover: gen-cover covmerge
	@go tool cover -html="$(COVERPROFILE)"

# Generates the cover binaries and runs them all in serial, so this can be used
# run all tests with a yubikey without any problems
ci: override TESTOPTS = -race
# Codecov knows how to merge multiple coverage files, so covmerge is not needed
ci: gen-cover

yubikey-tests: override PKGS = github.com/theupdateframework/notary/cmd/notary github.com/theupdateframework/notary/trustmanager/yubikey
yubikey-tests: ci

covmerge:
	@gocovmerge $(shell find . -name coverage*.txt | tr "\n" " ") > $(COVERPROFILE)
	@go tool cover -func="$(COVERPROFILE)"

clean-protos:
	@rm proto/*.pb.go

client: ${PREFIX}/bin/notary
	@echo "+ $@"

binaries: ${PREFIX}/bin/notary-server ${PREFIX}/bin/notary ${PREFIX}/bin/notary-signer
	@echo "+ $@"

escrow: ${PREFIX}/bin/escrow
	@echo "+ $@"

static: ${PREFIX}/bin/static/notary-server ${PREFIX}/bin/static/notary-signer ${PREFIX}/bin/static/notary
	@echo "+ $@"

notary-dockerfile:
	@docker build --rm --force-rm -t notary .

server-dockerfile:
	@docker build --rm --force-rm -f server.Dockerfile -t notary-server .

signer-dockerfile:
	@docker build --rm --force-rm -f signer.Dockerfile -t notary-signer .

docker-images: notary-dockerfile server-dockerfile signer-dockerfile

shell: notary-dockerfile
	docker run --rm -it -v $(CURDIR)/cross:$(NOTARYDIR)/cross -v $(CURDIR)/bin:$(NOTARYDIR)/bin notary bash

cross:
	@rm -rf $(CURDIR)/cross
	@docker build --rm --force-rm -t notary -f cross.Dockerfile .
	docker run --rm -v $(CURDIR)/cross:$(NOTARYDIR)/cross -e CTIMEVAR="${CTIMEVAR}" -e NOTARY_BUILDTAGS=$(NOTARY_BUILDTAGS) notary buildscripts/cross.sh $(GOOSES)

clean:
	@echo "+ $@"
	@rm -rf .cover cross
	find . -name coverage.txt -delete
	@rm -rf "${PREFIX}/bin/notary-server" "${PREFIX}/bin/notary" "${PREFIX}/bin/notary-signer"
	@rm -rf "${PREFIX}/bin/static"