# Inou Build System # make deploy (staging @ .253), make deploy-prod (production @ .2) VERSION := 1.0.0 STAGING_HOST := johan@192.168.1.253 PROD_HOST := johan@192.168.100.2 BUILD_TIME := $(shell date '+%Y-%m-%d %H:%M:%S') LDFLAGS := -ldflags "-X main.Version=$(VERSION) -X 'main.BuildTime=$(BUILD_TIME)'" # FIPS 140-3 compliance FIPS := GOFIPS140=v1.0.0 BINDIR := bin DEPLOY_DIR := /tank/inou .PHONY: all clean deploy deploy-prod sync linux lab tools help list fips-check check-db test test-rbac import-dicom import-genome import-lab decrypt # Default: build everything all: linux lab $(BINDIR)/import-genome $(BINDIR)/import-dicom $(BINDIR)/import-lab # Linux binaries (native, FIPS) linux: $(BINDIR)/viewer $(BINDIR)/portal $(BINDIR)/api $(BINDIR)/viewer: ./viewer/*.go ./lib/*.go | $(BINDIR) $(FIPS) go build $(LDFLAGS) -o $@ ./viewer $(BINDIR)/portal: ./portal/*.go ./lib/*.go | $(BINDIR) $(FIPS) go build $(LDFLAGS) -o $@ ./portal $(BINDIR)/api: ./api/*.go ./lib/*.go | $(BINDIR) $(FIPS) go build $(LDFLAGS) -o $@ ./api # Lab utilities lab: $(BINDIR)/lab-scrape $(BINDIR)/lab-import $(BINDIR)/lab-scrape: ./scrape_mychart/main.go | $(BINDIR) $(FIPS) go build $(LDFLAGS) -o $@ ./scrape_mychart/main.go $(BINDIR)/lab-import: ./scrape_mychart/import.go | $(BINDIR) $(FIPS) go build $(LDFLAGS) -o $@ ./scrape_mychart/import.go # Genome import tool import-genome: $(BINDIR)/import-genome $(BINDIR)/import-genome: ./import-genome/*.go ./lib/*.go | $(BINDIR) $(FIPS) go build $(LDFLAGS) -o $@ ./import-genome # DICOM import tool import-dicom: $(BINDIR)/import-dicom $(BINDIR)/import-dicom: ./import-dicom/*.go ./lib/*.go | $(BINDIR) $(FIPS) go build $(LDFLAGS) -o $@ ./import-dicom # Lab import tool import-lab: $(BINDIR)/import-lab $(BINDIR)/import-lab: ./cmd/import-lab/*.go ./lib/*.go | $(BINDIR) $(FIPS) go build $(LDFLAGS) -o $@ ./cmd/import-lab # Debug tools (no FIPS needed) tools: $(BINDIR)/decrypt $(BINDIR)/fips-check $(BINDIR)/dbquery decrypt: $(BINDIR)/decrypt $(BINDIR)/decrypt: ./tools/decrypt/*.go ./lib/*.go | $(BINDIR) go build -o $@ ./tools/decrypt dbquery: $(BINDIR)/dbquery $(BINDIR)/dbquery: ./tools/dbquery/*.go ./lib/*.go | $(BINDIR) go build -o $@ ./tools/dbquery fips-check: $(BINDIR)/fips-check $(BINDIR)/fips-check: ./tools/fips-check/*.go | $(BINDIR) go build -o $@ ./tools/fips-check # Ensure bin directory exists $(BINDIR): mkdir -p $(BINDIR) # Check for forbidden direct database access check-db: @./scripts/check-db-access.sh # Run integration tests (requires services running) test: @./scripts/test-integration.sh # Run RBAC tests (requires API running) test-rbac: @./scripts/test-rbac.sh # Deploy to STAGING (builds locally, copies to staging, restarts) # Runs check-db FIRST to prevent deploying code with direct DB access deploy: check-db all $(BINDIR)/decrypt $(BINDIR)/fips-check @echo "=== Deploying to STAGING ($(STAGING_HOST)) ===" ssh $(STAGING_HOST) "$(DEPLOY_DIR)/stop.sh" rsync -avz $(BINDIR)/ $(STAGING_HOST):$(DEPLOY_DIR)/bin/ rsync -avz --delete portal/templates/ $(STAGING_HOST):$(DEPLOY_DIR)/templates/ rsync -avz portal/static/ $(STAGING_HOST):$(DEPLOY_DIR)/static/ rsync -avz portal/lang/ $(STAGING_HOST):$(DEPLOY_DIR)/lang/ rsync -avz api/prompts/ $(STAGING_HOST):$(DEPLOY_DIR)/prompts/ ssh $(STAGING_HOST) "$(DEPLOY_DIR)/start.sh" @echo "" ssh $(STAGING_HOST) "$(DEPLOY_DIR)/status.sh" # Deploy to PRODUCTION (builds locally, copies to prod, restarts) # This is a SEPARATE action from staging deploy - requires explicit invocation deploy-prod: check-db all $(BINDIR)/decrypt $(BINDIR)/fips-check @echo "=== Deploying to PRODUCTION ($(PROD_HOST)) ===" ssh $(PROD_HOST) "$(DEPLOY_DIR)/stop.sh" ssh $(PROD_HOST) "mkdir -p $(DEPLOY_DIR)/bin $(DEPLOY_DIR)/templates $(DEPLOY_DIR)/static $(DEPLOY_DIR)/lang" scp $(BINDIR)/viewer $(BINDIR)/portal $(BINDIR)/api $(PROD_HOST):$(DEPLOY_DIR)/bin/ scp $(BINDIR)/import-genome $(BINDIR)/import-dicom $(BINDIR)/import-lab $(BINDIR)/fips-check $(PROD_HOST):$(DEPLOY_DIR)/bin/ scp $(BINDIR)/lab-* $(PROD_HOST):$(DEPLOY_DIR)/bin/ 2>/dev/null || true rsync -avz --delete portal/templates/ $(PROD_HOST):$(DEPLOY_DIR)/templates/ rsync -avz portal/static/ $(PROD_HOST):$(DEPLOY_DIR)/static/ rsync -avz portal/lang/ $(PROD_HOST):$(DEPLOY_DIR)/lang/ ssh $(PROD_HOST) "$(DEPLOY_DIR)/start.sh" @echo "" ssh $(PROD_HOST) "$(DEPLOY_DIR)/status.sh" # Sync templates/static/lang without restart sync: rsync -av --delete portal/templates/ $(DEPLOY_DIR)/templates/ rsync -av portal/static/ $(DEPLOY_DIR)/static/ rsync -av portal/lang/ $(DEPLOY_DIR)/lang/ # Clean build artifacts clean: rm -rf $(BINDIR) # Show what's built list: @ls -la $(BINDIR)/ 2>/dev/null || echo "No binaries yet. Run: make all" # Verify FIPS status fips-check: @echo "FIPS 140-3 Build Status:" @for bin in $(BINDIR)/*; do \ if [ -f "$$bin" ]; then \ FIPS_INFO=$$(go version -m "$$bin" 2>/dev/null | grep GOFIPS140); \ NAME=$$(basename "$$bin"); \ if [ -n "$$FIPS_INFO" ]; then \ echo " $$NAME: ✓"; \ else \ echo " $$NAME: ✗ NOT FIPS"; \ fi \ fi \ done # Help help: @echo "Inou Build System (FIPS 140-3 Compliant)" @echo "" @echo "Usage:" @echo " make deploy - Build & deploy to STAGING (192.168.1.253)" @echo " make deploy-prod - Build & deploy to PRODUCTION (192.168.100.2)" @echo " make all - Build all binaries" @echo " make sync - Sync templates/static/lang (no restart)" @echo " make check-db - Verify no direct DB access (runs auto on deploy)" @echo " make test - Run integration tests (services must be running)" @echo " make test-rbac - Run RBAC permission tests (API must be running)" @echo " make import-genome - Build genome import tool" @echo " make import-dicom - Build DICOM import tool" @echo " make import-lab - Build lab import tool" @echo " make tools - Build debug tools (decrypt)" @echo " make decrypt - Build decrypt tool only" @echo " make clean - Remove build artifacts" @echo " make fips-check - Verify FIPS compliance" @echo " make list - Show built binaries"