f388709c78
Publish the plugin as an installable RPM so hosts can drop it into the Vault/ OpenBao plugin directory. On a tag, build the binary, package it with nfpm (mirroring the rpmbuilder approach), and upload the RPM to artifactapi's local rpm-internal repository. - Add packaging/nfpm.yaml installing the binary to /opt/vault-plugins/ plus a preinstall script that creates the directory - Add scripts/build-rpm.sh and make rpm / rpm-package targets - Add .woodpecker/release.yml (event: tag): build -> nfpm package -> PUT to artifactapi remotes/rpm-internal/files/
81 lines
2.5 KiB
Makefile
81 lines
2.5 KiB
Makefile
.PHONY: build install test lint fmt clean tidy e2e e2e-vault e2e-openbao e2e-up e2e-down rpm rpm-package patch minor major check-go
|
|
|
|
BINARY := vault-plugin-secrets-litellm
|
|
PKG := ./cmd/vault-plugin-secrets-litellm
|
|
VERSION ?= $(shell git describe --tags --always --dirty 2>/dev/null || echo "0.0.0-dev")
|
|
OS ?= $(shell go env GOOS)
|
|
ARCH ?= $(shell go env GOARCH)
|
|
PLUGIN_DIR ?= ./dist
|
|
|
|
GO_VERSION_REQUIRED := 1.25
|
|
GO_VERSION_ACTUAL := $(shell go version | sed 's/go version go\([0-9]*\.[0-9]*\).*/\1/')
|
|
|
|
check-go:
|
|
@if [ "$$(printf '%s\n%s' "$(GO_VERSION_REQUIRED)" "$(GO_VERSION_ACTUAL)" | sort -V | head -1)" != "$(GO_VERSION_REQUIRED)" ]; then \
|
|
echo "ERROR: Go >= $(GO_VERSION_REQUIRED) required, found $(GO_VERSION_ACTUAL)"; exit 1; \
|
|
fi
|
|
|
|
build: check-go tidy
|
|
CGO_ENABLED=0 GOOS=$(OS) GOARCH=$(ARCH) go build -ldflags="-s -w -X main.version=$(VERSION)" -o $(PLUGIN_DIR)/$(BINARY) $(PKG)
|
|
|
|
install: build
|
|
@echo "Built $(PLUGIN_DIR)/$(BINARY) (register it with: vault plugin register -sha256=<sha> secret $(BINARY))"
|
|
|
|
test: check-go
|
|
go test -race -count=1 ./...
|
|
|
|
lint: check-go
|
|
go vet ./...
|
|
|
|
fmt: check-go
|
|
gofmt -w .
|
|
|
|
tidy:
|
|
go mod tidy
|
|
|
|
clean:
|
|
rm -rf $(PLUGIN_DIR)
|
|
|
|
# Build the plugin binary then package it into an RPM with nfpm.
|
|
rpm: build rpm-package
|
|
|
|
# Package an already-built binary into an RPM (used by CI after the build step).
|
|
rpm-package:
|
|
./scripts/build-rpm.sh $(VERSION)
|
|
|
|
# End-to-end tests spin up LiteLLM + Postgres and both Vault and OpenBao in
|
|
# Docker, then exercise the full lifecycle (configure, create role, generate,
|
|
# use, revoke) against each engine using the same plugin binary.
|
|
e2e:
|
|
./scripts/e2e.sh
|
|
|
|
e2e-vault:
|
|
ENGINES=vault ./scripts/e2e.sh
|
|
|
|
e2e-openbao:
|
|
ENGINES=openbao ./scripts/e2e.sh
|
|
|
|
e2e-up:
|
|
docker compose -f test/docker-compose.yml up -d --build
|
|
|
|
e2e-down:
|
|
docker compose -f test/docker-compose.yml down -v
|
|
|
|
_LATEST := $(shell git tag --sort=-v:refname | grep -E '^v[0-9]+\.[0-9]+\.[0-9]+$$' | head -1)
|
|
_BASE := $(if $(_LATEST),$(_LATEST),v0.0.0)
|
|
_MAJ := $(shell echo $(_BASE) | sed 's/^v//' | cut -d. -f1)
|
|
_MIN := $(shell echo $(_BASE) | sed 's/^v//' | cut -d. -f2)
|
|
_PAT := $(shell echo $(_BASE) | sed 's/^v//' | cut -d. -f3)
|
|
|
|
patch:
|
|
@NEW=v$(_MAJ).$(_MIN).$(shell expr $(_PAT) + 1); \
|
|
git tag $$NEW && echo "Tagged $$NEW" && git push origin $$NEW
|
|
|
|
minor:
|
|
@NEW=v$(_MAJ).$(shell expr $(_MIN) + 1).0; \
|
|
git tag $$NEW && echo "Tagged $$NEW" && git push origin $$NEW
|
|
|
|
major:
|
|
@NEW=v$(shell expr $(_MAJ) + 1).0.0; \
|
|
git tag $$NEW && echo "Tagged $$NEW" && git push origin $$NEW
|