Makefile

.DEFAULT_GOAL := help
SHELL := /bin/bash
DATE = $(shell date +%Y-%m-%d:%H:%M:%S)

APP_VERSION_FILE = app/version.py

GIT_BRANCH ?= $(shell git symbolic-ref --short HEAD 2> /dev/null || echo "detached")
GIT_COMMIT ?= $(shell git rev-parse HEAD)

## DEVELOPMENT

.PHONY: bootstrap
bootstrap: ## Set up everything to run the app
	make generate-version-file
	pipenv install --dev
	createdb notification_api || true
	(pipenv run flask db upgrade) || true

.PHONY: bootstrap-with-docker
bootstrap-with-docker: ## Build the image to run the app in Docker
	docker build -f docker/Dockerfile -t notifications-api .

.PHONY: run-procfile
run-procfile:
	pipenv run honcho start -f Procfile.dev

.PHONY: avg-complexity
avg-complexity:
	echo "*** Shows average complexity in radon of all code ***"
	pipenv run radon cc ./app -a -na

.PHONY: too-complex
too-complex:
	echo "*** Shows code that got a rating of C, D or F in radon ***"
	pipenv run radon cc ./app -a -nc

.PHONY: run-flask
run-flask: ## Run flask
	pipenv run newrelic-admin run-program flask run -p 6011 --host=0.0.0.0

.PHONY: run-celery
run-celery: ## Run celery, TODO remove purge for staging/prod
	pipenv run celery -A run_celery.notify_celery purge -f
	pipenv run newrelic-admin run-program celery \
		-A run_celery.notify_celery worker \
		--pidfile="/tmp/celery.pid" \
		--loglevel=INFO \
		--concurrency=4


.PHONY: dead-code
dead-code:
	pipenv run vulture ./app --min-confidence=100

.PHONY: run-celery-beat
run-celery-beat: ## Run celery beat
	pipenv run celery \
	-A run_celery.notify_celery beat \
	--loglevel=INFO

.PHONY: cloudgov-user-report
cloudgov-user-report:
	@pipenv run python -m terraform.ops.cloudgov_user_report

.PHONY: help
help:
	@cat $(MAKEFILE_LIST) | grep -E '^[a-zA-Z_-]+:.*?## .*$$' | sort | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}'

.PHONY: generate-version-file
generate-version-file: ## Generates the app version file
	@echo -e "__git_commit__ = \"${GIT_COMMIT}\"\n__time__ = \"${DATE}\"" > ${APP_VERSION_FILE}

.PHONY: test
test: export NEW_RELIC_ENVIRONMENT=test
test: ## Run tests and create coverage report
	pipenv run black .
	pipenv run flake8 .
	pipenv run isort --check-only ./app ./tests
	pipenv run coverage run -m pytest -vv --maxfail=10
	pipenv run coverage report -m --fail-under=95
	pipenv run coverage html -d .coverage_cache

.PHONY: freeze-requirements
freeze-requirements: ## Pin all requirements including sub dependencies into requirements.txt
	pipenv lock
	pipenv requirements

.PHONY: audit
audit:
	pipenv requirements > requirements.txt
	pipenv requirements --dev > requirements_for_test.txt
	pipenv run pip-audit -r requirements.txt
	-pipenv run pip-audit -r requirements_for_test.txt

.PHONY: static-scan
static-scan:
	pipenv run bandit -r app/

.PHONY: clean
clean:
	rm -rf node_modules cache target venv .coverage build tests/.cache ${CF_MANIFEST_PATH}


## DEPLOYMENT

# .PHONY: cf-deploy-failwhale
# cf-deploy-failwhale:
# 	$(if ${CF_SPACE},,$(error Must target space, eg `make preview cf-deploy-failwhale`))
# 	cd ./paas-failwhale; cf push notify-api-failwhale -f manifest.yml

# .PHONY: enable-failwhale
# enable-failwhale: ## Enable the failwhale app and disable api
# 	$(if ${DNS_NAME},,$(error Must target space, eg `make preview enable-failwhale`))
# 	# make sure failwhale is running first
# 	cf start notify-api-failwhale

# 	cf map-route notify-api-failwhale ${DNS_NAME} --hostname api
# 	cf unmap-route notify-api ${DNS_NAME} --hostname api
# 	@echo "Failwhale is enabled"

# .PHONY: disable-failwhale
# disable-failwhale: ## Disable the failwhale app and enable api
# 	$(if ${DNS_NAME},,$(error Must target space, eg `make preview disable-failwhale`))

# 	cf map-route notify-api ${DNS_NAME} --hostname api
# 	cf unmap-route notify-api-failwhale ${DNS_NAME} --hostname api
# 	cf stop notify-api-failwhale
# 	@echo "Failwhale is disabled"
Create Docker build image, build project with Docker 2016-08-16 17:51:52 +01:00			`.DEFAULT_GOAL := help`
			`SHELL := /bin/bash`
			`DATE = $(shell date +%Y-%m-%d:%H:%M:%S)`

			`APP_VERSION_FILE = app/version.py`

Finish coveralls task 2016-08-26 16:18:04 +01:00			`GIT_BRANCH ?= $(shell git symbolic-ref --short HEAD 2> /dev/null \|\| echo "detached")`
Create Docker build image, build project with Docker 2016-08-16 17:51:52 +01:00			`GIT_COMMIT ?= $(shell git rev-parse HEAD)`

Reorganise makefile Also remove `check-env-vars` which is not being used anywhere 2020-03-03 11:51:50 +00:00			`## DEVELOPMENT`

Move bootstrap tasks into the Makefile This is more consistent with how we run all other tasks. Note that the virtual env setup is not generally applicable, and developers of this repo should follow the guidance in the README. 2021-02-17 17:22:45 +00:00			`.PHONY: bootstrap`
more pipenv transition 2022-10-26 14:05:37 +00:00			`bootstrap: ## Set up everything to run the app`
github setup change for pipenv 2022-10-26 15:26:53 -04:00			`make generate-version-file`
remove extra hyphen 2022-10-26 15:34:12 -04:00			`pipenv install --dev`
Update install instructions for Postgres This apps works with v11, but not with v13. Adding '\|\| true' in the Makefile means the 'bootstrap' rule can be run multiple times, even if the DB already exists. 2021-02-18 15:19:40 +00:00			`createdb notification_api \|\| true`
more pipenv transition 2022-10-26 14:05:37 +00:00			`(pipenv run flask db upgrade) \|\| true`
Move bootstrap tasks into the Makefile This is more consistent with how we run all other tasks. Note that the virtual env setup is not generally applicable, and developers of this repo should follow the guidance in the README. 2021-02-17 17:22:45 +00:00
Iterate local development with Docker This makes a few changes to: - Make local development consistent with our other apps. It's now faster to start Celery locally since we don't try to build the image each time - this is usually quick, but unnecessary. - Add support for connecting to a local Redis instance. Note that the previous suggestion of "REDIS = True" was incorrect as this would be turned into the literal string "True". I've also co-located and extended the recipes in the Makefile to make them a bit more visible. 2022-02-24 17:11:46 +00:00			`.PHONY: bootstrap-with-docker`
			`bootstrap-with-docker: ## Build the image to run the app in Docker`
			`docker build -f docker/Dockerfile -t notifications-api .`

Replace foreman with honcho 2022-11-01 09:54:31 -04:00			`.PHONY: run-procfile`
			`run-procfile:`
			`pipenv run honcho start -f Procfile.dev`

notify-api-386 scan projects for code complexity 2023-08-07 10:11:24 -07:00			`.PHONY: avg-complexity`
			`avg-complexity:`
			`echo "* Shows average complexity in radon of all code *"`
			`pipenv run radon cc ./app -a -na`

			`.PHONY: too-complex`
			`too-complex:`
change failure to be C, D or F 2023-08-07 10:59:51 -07:00			`echo "* Shows code that got a rating of C, D or F in radon *"`
			`pipenv run radon cc ./app -a -nc`
notify-api-386 scan projects for code complexity 2023-08-07 10:11:24 -07:00
Switch to 'make' for running app processes These are simple enough that they don't need their own scripts. 2021-02-17 16:49:05 +00:00			`.PHONY: run-flask`
Add make help commands for commonly used tasks if you run `make help` or just `make` then you get a nice list of the tasks that you can run (or at least, the ones with help text added to them. We were missing these for some of the key commands that a developer would want to know about. By adding help text to them, they will now show up in `make` or `make help` and saves a developer needing to go either look in the README or go look in the Makefile to figure out what commands are available. Note, there is no particular convention around which commands have help comments. I don't think we need to figure out this but at the least, the ones which developers may want to run locally I think should show up. 2021-04-27 12:00:53 +01:00			`run-flask: ## Run flask`
Install newrelic and enable in development 2023-01-17 14:08:17 -05:00			`pipenv run newrelic-admin run-program flask run -p 6011 --host=0.0.0.0`
Switch to 'make' for running app processes These are simple enough that they don't need their own scripts. 2021-02-17 16:49:05 +00:00
			`.PHONY: run-celery`
config formatting 2022-06-13 13:45:07 -07:00			`run-celery: ## Run celery, TODO remove purge for staging/prod`
more pipenv transition 2022-10-26 14:05:37 +00:00			`pipenv run celery -A run_celery.notify_celery purge -f`
Install newrelic and enable in development 2023-01-17 14:08:17 -05:00			`pipenv run newrelic-admin run-program celery \`
Switch to 'make' for running app processes These are simple enough that they don't need their own scripts. 2021-02-17 16:49:05 +00:00			`-A run_celery.notify_celery worker \`
			`--pidfile="/tmp/celery.pid" \`
			`--loglevel=INFO \`
			`--concurrency=4`

notify-api-387 Scan projects for unused code 2023-08-08 11:03:50 -07:00
			`.PHONY: dead-code`
			`dead-code:`
			`pipenv run vulture ./app --min-confidence=100`

Switch to 'make' for running app processes These are simple enough that they don't need their own scripts. 2021-02-17 16:49:05 +00:00			`.PHONY: run-celery-beat`
Add make help commands for commonly used tasks if you run `make help` or just `make` then you get a nice list of the tasks that you can run (or at least, the ones with help text added to them. We were missing these for some of the key commands that a developer would want to know about. By adding help text to them, they will now show up in `make` or `make help` and saves a developer needing to go either look in the README or go look in the Makefile to figure out what commands are available. Note, there is no particular convention around which commands have help comments. I don't think we need to figure out this but at the least, the ones which developers may want to run locally I think should show up. 2021-04-27 12:00:53 +01:00			`run-celery-beat: ## Run celery beat`
Turn off newrelic for celery-beat 2023-01-18 10:03:45 -05:00			`pipenv run celery \`
config formatting 2022-06-13 13:45:07 -07:00			`-A run_celery.notify_celery beat \`
			`--loglevel=INFO`
Switch to 'make' for running app processes These are simple enough that they don't need their own scripts. 2021-02-17 16:49:05 +00:00
Fix makefile typo 2023-05-09 21:54:22 -04:00			`.PHONY: cloudgov-user-report`
Add cloud.gov user audit script 2023-05-09 21:44:15 -04:00			`cloudgov-user-report:`
			`@pipenv run python -m terraform.ops.cloudgov_user_report`

Create Docker build image, build project with Docker 2016-08-16 17:51:52 +01:00			`.PHONY: help`
			`help:`
			`@cat $(MAKEFILE_LIST) \| grep -E '^[a-zA-Z_-]+:.?## .$$' \| sort \| awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}'`

			`.PHONY: generate-version-file`
			`generate-version-file: ## Generates the app version file`
Update healthcheck page - remove travis references Also remove travis references from the repository 2020-04-21 15:57:01 +01:00			`@echo -e "__git_commit__ = \"${GIT_COMMIT}\"\n__time__ = \"${DATE}\"" > ${APP_VERSION_FILE}`
Create Docker build image, build project with Docker 2016-08-16 17:51:52 +01:00
			`.PHONY: test`
Install newrelic and enable in development 2023-01-17 14:08:17 -05:00			`test: export NEW_RELIC_ENVIRONMENT=test`
Added coverage commands to make test and dir to gitignore 2023-04-17 15:56:08 -06:00			`test: ## Run tests and create coverage report`
notify-api-412 use black to enforce python style standards 2023-08-23 10:35:43 -07:00			`pipenv run black .`
pipenv in devcontainers, probably 2022-10-28 12:58:07 +00:00			`pipenv run flake8 .`
			`pipenv run isort --check-only ./app ./tests`
more 2023-08-15 10:35:34 -07:00			`pipenv run coverage run -m pytest -vv --maxfail=10`
			`pipenv run coverage report -m --fail-under=95`
Added coverage commands to make test and dir to gitignore 2023-04-17 15:56:08 -06:00			`pipenv run coverage html -d .coverage_cache`
Create Docker build image, build project with Docker 2016-08-16 17:51:52 +01:00
Pin all application requirements in requirements.txt The list of top-level dependencies is moved to requirements-app.txt, which is used by `make freeze-requirements` to generate the full list of requirements in requirements.txt. This is based on alphagov/digitalmarketplace-api#615, so rationale from that PR applies here. We had a problem with unpinned packages on new deployments leading to failed tests (e.g. alphagov/notifications-admin#2144) which is why we're implementing this now. After re-evaluating pipenv again, this still seems like the least disruptive approach: * pyup.io has experimental support for Pipfile, but doesn't respect version ranges or updating hashes in the lock file * CloudFoundry buildpack recognizes and supports Pipfiles out of the box, but the support is relatively new. For example until recently CF would install dev packages during deployment. It's also based on generating a requirements file from the Pipfile, which doesn't properly support pinning VCS dependencies (eg it doesn't set the #egg= version, meaning pip will not upgrade the package if it's already installed). * pipenv has a strict dependency resolution algorithm, which doesn't appear to be well documented and can cause some unexpected failures. For example, pipenv doesn't seem to be able to install `awscli-cwlogs` package at all, believing it to have a version conflict for `botocore` (which it doesn't list as a direct dependency) while neither `pip` nor `pip-tools` highlight any issues with it. * While trying out `pipenv install` on our list of dependencies it would regularly fail to install utils with a "Will try again." message. While the installation succeeds after a retry, this doesn't inspire confidence. * The switch to Pipfile and pipenv-managed virtualenvs requires a series of changes to `make` targets and scripts - replacing `pip install` with `pipenv`, removing references to requirements files and prefixing commands with `pipenv run`. While it's likely to simplify the overall process of managing dependencies, it would require time to properly implement across our applications and environments (Jenkins, PaaS, docker containers, and dev machines). 2018-07-10 14:50:30 +01:00			`.PHONY: freeze-requirements`
Improve help comments for makefile - Adds help text for freeze-requirements - moves help text into correct position for upload-paas-artifact 2019-10-28 11:26:55 +00:00			`freeze-requirements: ## Pin all requirements including sub dependencies into requirements.txt`
more pipenv transition 2022-10-26 14:05:37 +00:00			`pipenv lock`
			`pipenv requirements`
Pin all application requirements in requirements.txt The list of top-level dependencies is moved to requirements-app.txt, which is used by `make freeze-requirements` to generate the full list of requirements in requirements.txt. This is based on alphagov/digitalmarketplace-api#615, so rationale from that PR applies here. We had a problem with unpinned packages on new deployments leading to failed tests (e.g. alphagov/notifications-admin#2144) which is why we're implementing this now. After re-evaluating pipenv again, this still seems like the least disruptive approach: * pyup.io has experimental support for Pipfile, but doesn't respect version ranges or updating hashes in the lock file * CloudFoundry buildpack recognizes and supports Pipfiles out of the box, but the support is relatively new. For example until recently CF would install dev packages during deployment. It's also based on generating a requirements file from the Pipfile, which doesn't properly support pinning VCS dependencies (eg it doesn't set the #egg= version, meaning pip will not upgrade the package if it's already installed). * pipenv has a strict dependency resolution algorithm, which doesn't appear to be well documented and can cause some unexpected failures. For example, pipenv doesn't seem to be able to install `awscli-cwlogs` package at all, believing it to have a version conflict for `botocore` (which it doesn't list as a direct dependency) while neither `pip` nor `pip-tools` highlight any issues with it. * While trying out `pipenv install` on our list of dependencies it would regularly fail to install utils with a "Will try again." message. While the installation succeeds after a retry, this doesn't inspire confidence. * The switch to Pipfile and pipenv-managed virtualenvs requires a series of changes to `make` targets and scripts - replacing `pip install` with `pipenv`, removing references to requirements files and prefixing commands with `pipenv run`. While it's likely to simplify the overall process of managing dependencies, it would require time to properly implement across our applications and environments (Jenkins, PaaS, docker containers, and dev machines). 2018-07-10 14:50:30 +01:00
make audit for python dependency audits 2022-08-12 15:12:07 +00:00			`.PHONY: audit`
			`audit:`
more pipenv transition 2022-10-26 14:05:37 +00:00			`pipenv requirements > requirements.txt`
			`pipenv requirements --dev > requirements_for_test.txt`
Remove ignore-vulnerability for remediated redis vuln 2023-03-29 17:04:43 -04:00			`pipenv run pip-audit -r requirements.txt`
Update to most recent pip-audit action 2023-01-03 09:44:53 -05:00			`-pipenv run pip-audit -r requirements_for_test.txt`
make audit for python dependency audits 2022-08-12 15:12:07 +00:00
Implement bandit static security scan 2022-08-12 17:19:28 -04:00			`.PHONY: static-scan`
			`static-scan:`
pipenv in devcontainers, probably 2022-10-28 12:58:07 +00:00			`pipenv run bandit -r app/`
Implement bandit static security scan 2022-08-12 17:19:28 -04:00
Run API on Paas 2016-12-08 12:12:45 +00:00			`.PHONY: clean`
Create Docker build image, build project with Docker 2016-08-16 17:51:52 +01:00			`clean:`
put manifest in tmp folder for reasons unknown, using a file descriptor no longer works on concourse (or in that docker container generally). It might be a change within cf-cli v7 vs v6. Either way, it does't work, so use a temporary file. Clean up the temporary file afterwards. If the command fails, the temporary file will still stick around, so I've added the file to the /tmp/ folder instead. it's full of secret keys and things so if you do have a deployment error while running locally, you should make sure you clean up the file (make cf-rollback and make clean will both do this for you). 2020-12-07 17:51:15 +00:00			`rm -rf node_modules cache target venv .coverage build tests/.cache ${CF_MANIFEST_PATH}`
Run API on Paas 2016-12-08 12:12:45 +00:00
Reorganise makefile Also remove `check-env-vars` which is not being used anywhere 2020-03-03 11:51:50 +00:00
			`## DEPLOYMENT`

streamline makefile 2022-10-20 14:04:10 -04:00			`# .PHONY: cf-deploy-failwhale`
			`# cf-deploy-failwhale:`
			# $(if ${CF_SPACE},,$(error Must target space, eg `make preview cf-deploy-failwhale`))
			`# cd ./paas-failwhale; cf push notify-api-failwhale -f manifest.yml`

			`# .PHONY: enable-failwhale`
			`# enable-failwhale: ## Enable the failwhale app and disable api`
			# $(if ${DNS_NAME},,$(error Must target space, eg `make preview enable-failwhale`))
			`# # make sure failwhale is running first`
			`# cf start notify-api-failwhale`

			`# cf map-route notify-api-failwhale ${DNS_NAME} --hostname api`
			`# cf unmap-route notify-api ${DNS_NAME} --hostname api`
			`# @echo "Failwhale is enabled"`

			`# .PHONY: disable-failwhale`
			`# disable-failwhale: ## Disable the failwhale app and enable api`
			# $(if ${DNS_NAME},,$(error Must target space, eg `make preview disable-failwhale`))

			`# cf map-route notify-api ${DNS_NAME} --hostname api`
			`# cf unmap-route notify-api-failwhale ${DNS_NAME} --hostname api`
			`# cf stop notify-api-failwhale`
			`# @echo "Failwhale is disabled"`