181 lines
6.6 KiB
Makefile
Executable File
181 lines
6.6 KiB
Makefile
Executable File
# Inou Build System
|
|
# make deploy (staging @ .253), make deploy-prod (production @ .2)
|
|
|
|
VERSION := 1.0.0
|
|
STAGING_HOST := johan@192.168.1.253
|
|
PROD_HOST := johan@192.168.100.2
|
|
BUILD_TIME := $(shell date '+%Y-%m-%d %H:%M:%S')
|
|
LDFLAGS := -ldflags "-X main.Version=$(VERSION) -X 'main.BuildTime=$(BUILD_TIME)'"
|
|
|
|
# FIPS 140-3 compliance
|
|
FIPS := GOFIPS140=v1.0.0
|
|
|
|
BINDIR := bin
|
|
DEPLOY_DIR := /tank/inou
|
|
|
|
.PHONY: all clean deploy deploy-prod sync linux lab tools help list fips-check check-db test test-rbac import-dicom import-renpho import-lab nuke-imaging decrypt
|
|
|
|
# Default: build everything
|
|
all: linux lab $(BINDIR)/import-renpho $(BINDIR)/import-dicom $(BINDIR)/import-lab $(BINDIR)/nuke-imaging
|
|
|
|
# Linux binaries (native, FIPS)
|
|
linux: $(BINDIR)/viewer $(BINDIR)/portal $(BINDIR)/api
|
|
|
|
$(BINDIR)/viewer: ./viewer/*.go ./lib/*.go | $(BINDIR)
|
|
$(FIPS) go build $(LDFLAGS) -o $@ ./viewer
|
|
|
|
$(BINDIR)/portal: ./portal/*.go ./lib/*.go | $(BINDIR)
|
|
$(FIPS) go build $(LDFLAGS) -o $@ ./portal
|
|
|
|
$(BINDIR)/api: ./api/*.go ./lib/*.go | $(BINDIR)
|
|
$(FIPS) go build $(LDFLAGS) -o $@ ./api
|
|
|
|
# Lab utilities
|
|
lab: $(BINDIR)/lab-scrape $(BINDIR)/lab-import
|
|
|
|
$(BINDIR)/lab-scrape: ./scrape_mychart/main.go | $(BINDIR)
|
|
$(FIPS) go build $(LDFLAGS) -o $@ ./scrape_mychart/main.go
|
|
|
|
$(BINDIR)/lab-import: ./scrape_mychart/import.go | $(BINDIR)
|
|
$(FIPS) go build $(LDFLAGS) -o $@ ./scrape_mychart/import.go
|
|
|
|
# DICOM import tool
|
|
import-dicom: $(BINDIR)/import-dicom
|
|
$(BINDIR)/import-dicom: ./import-dicom/*.go ./lib/*.go | $(BINDIR)
|
|
$(FIPS) go build $(LDFLAGS) -o $@ ./import-dicom
|
|
|
|
# Renpho import tool
|
|
import-renpho: $(BINDIR)/import-renpho
|
|
$(BINDIR)/import-renpho: ./import-renpho/*.go ./lib/*.go | $(BINDIR)
|
|
$(FIPS) go build $(LDFLAGS) -o $@ ./import-renpho
|
|
|
|
# Nuke imaging tool
|
|
nuke-imaging: $(BINDIR)/nuke-imaging
|
|
$(BINDIR)/nuke-imaging: ./nuke-imaging/*.go ./lib/*.go | $(BINDIR)
|
|
$(FIPS) go build $(LDFLAGS) -o $@ ./nuke-imaging
|
|
|
|
# Lab import tool
|
|
import-lab: $(BINDIR)/import-lab
|
|
$(BINDIR)/import-lab: ./cmd/import-lab/*.go ./lib/*.go | $(BINDIR)
|
|
$(FIPS) go build $(LDFLAGS) -o $@ ./cmd/import-lab
|
|
|
|
# Debug tools (no FIPS needed)
|
|
tools: $(BINDIR)/decrypt $(BINDIR)/fips-check $(BINDIR)/dbquery $(BINDIR)/toolkit $(BINDIR)/translate
|
|
|
|
decrypt: $(BINDIR)/decrypt
|
|
$(BINDIR)/decrypt: ./tools/decrypt/*.go ./lib/*.go | $(BINDIR)
|
|
go build -o $@ ./tools/decrypt
|
|
|
|
dbquery: $(BINDIR)/dbquery
|
|
$(BINDIR)/dbquery: ./tools/dbquery/*.go ./lib/*.go | $(BINDIR)
|
|
go build -o $@ ./tools/dbquery
|
|
|
|
toolkit: $(BINDIR)/toolkit
|
|
$(BINDIR)/toolkit: ./tools/toolkit/*.go ./lib/*.go | $(BINDIR)
|
|
go build -o $@ ./tools/toolkit
|
|
|
|
translate: $(BINDIR)/translate
|
|
$(BINDIR)/translate: ./tools/translate/*.go | $(BINDIR)
|
|
go build -o $@ ./tools/translate
|
|
|
|
fips-check: $(BINDIR)/fips-check
|
|
$(BINDIR)/fips-check: ./tools/fips-check/*.go | $(BINDIR)
|
|
go build -o $@ ./tools/fips-check
|
|
|
|
# Ensure bin directory exists
|
|
$(BINDIR):
|
|
mkdir -p $(BINDIR)
|
|
|
|
# Check for forbidden direct database access
|
|
check-db:
|
|
@./scripts/check-db-access.sh
|
|
|
|
# Run integration tests (requires services running)
|
|
test:
|
|
@./scripts/test-integration.sh
|
|
|
|
# Run RBAC tests (requires API running)
|
|
test-rbac:
|
|
@./scripts/test-rbac.sh
|
|
|
|
# Deploy to STAGING (builds locally, copies to staging, restarts)
|
|
# Runs check-db FIRST to prevent deploying code with direct DB access
|
|
deploy: check-db all $(BINDIR)/decrypt $(BINDIR)/fips-check
|
|
@echo "=== Deploying to STAGING ($(STAGING_HOST)) ==="
|
|
ssh $(STAGING_HOST) "$(DEPLOY_DIR)/stop.sh"
|
|
rsync -avz $(BINDIR)/ $(STAGING_HOST):$(DEPLOY_DIR)/bin/
|
|
rsync -avz --delete portal/templates/ $(STAGING_HOST):$(DEPLOY_DIR)/templates/
|
|
rsync -avz portal/static/ $(STAGING_HOST):$(DEPLOY_DIR)/static/
|
|
rsync -avz portal/lang/ $(STAGING_HOST):$(DEPLOY_DIR)/lang/
|
|
rsync -avz api/tracker_prompts/ $(STAGING_HOST):$(DEPLOY_DIR)/tracker_prompts/
|
|
ssh $(STAGING_HOST) "$(DEPLOY_DIR)/start.sh"
|
|
@echo ""
|
|
ssh $(STAGING_HOST) "$(DEPLOY_DIR)/status.sh"
|
|
|
|
# Deploy to PRODUCTION (builds locally, copies to prod, restarts)
|
|
# This is a SEPARATE action from staging deploy - requires explicit invocation
|
|
deploy-prod: check-db all $(BINDIR)/decrypt $(BINDIR)/fips-check
|
|
@echo "=== Deploying to PRODUCTION ($(PROD_HOST)) ==="
|
|
ssh $(PROD_HOST) "$(DEPLOY_DIR)/stop.sh"
|
|
ssh $(PROD_HOST) "mkdir -p $(DEPLOY_DIR)/bin $(DEPLOY_DIR)/templates $(DEPLOY_DIR)/static $(DEPLOY_DIR)/lang"
|
|
scp $(BINDIR)/viewer $(BINDIR)/portal $(BINDIR)/api $(PROD_HOST):$(DEPLOY_DIR)/bin/
|
|
scp $(BINDIR)/import-renpho $(BINDIR)/import-dicom $(BINDIR)/import-lab $(BINDIR)/nuke-imaging $(BINDIR)/fips-check $(PROD_HOST):$(DEPLOY_DIR)/bin/
|
|
scp $(BINDIR)/lab-* $(PROD_HOST):$(DEPLOY_DIR)/bin/ 2>/dev/null || true
|
|
rsync -avz --delete portal/templates/ $(PROD_HOST):$(DEPLOY_DIR)/templates/
|
|
rsync -avz portal/static/ $(PROD_HOST):$(DEPLOY_DIR)/static/
|
|
rsync -avz portal/lang/ $(PROD_HOST):$(DEPLOY_DIR)/lang/
|
|
rsync -avz api/tracker_prompts/ $(PROD_HOST):$(DEPLOY_DIR)/tracker_prompts/
|
|
ssh $(PROD_HOST) "$(DEPLOY_DIR)/start.sh"
|
|
@echo ""
|
|
ssh $(PROD_HOST) "$(DEPLOY_DIR)/status.sh"
|
|
|
|
# Sync templates/static/lang without restart
|
|
sync:
|
|
rsync -av --delete portal/templates/ $(DEPLOY_DIR)/templates/
|
|
rsync -av portal/static/ $(DEPLOY_DIR)/static/
|
|
rsync -av portal/lang/ $(DEPLOY_DIR)/lang/
|
|
|
|
# Clean build artifacts
|
|
clean:
|
|
rm -rf $(BINDIR)
|
|
|
|
# Show what's built
|
|
list:
|
|
@ls -la $(BINDIR)/ 2>/dev/null || echo "No binaries yet. Run: make all"
|
|
|
|
# Verify FIPS status
|
|
fips-check:
|
|
@echo "FIPS 140-3 Build Status:"
|
|
@for bin in $(BINDIR)/*; do \
|
|
if [ -f "$$bin" ]; then \
|
|
FIPS_INFO=$$(go version -m "$$bin" 2>/dev/null | grep GOFIPS140); \
|
|
NAME=$$(basename "$$bin"); \
|
|
if [ -n "$$FIPS_INFO" ]; then \
|
|
echo " $$NAME: ✓"; \
|
|
else \
|
|
echo " $$NAME: ✗ NOT FIPS"; \
|
|
fi \
|
|
fi \
|
|
done
|
|
|
|
# Help
|
|
help:
|
|
@echo "Inou Build System (FIPS 140-3 Compliant)"
|
|
@echo ""
|
|
@echo "Usage:"
|
|
@echo " make deploy - Build & deploy to STAGING (192.168.1.253)"
|
|
@echo " make deploy-prod - Build & deploy to PRODUCTION (192.168.100.2)"
|
|
@echo " make all - Build all binaries"
|
|
@echo " make sync - Sync templates/static/lang (no restart)"
|
|
@echo " make check-db - Verify no direct DB access (runs auto on deploy)"
|
|
@echo " make test - Run integration tests (services must be running)"
|
|
@echo " make test-rbac - Run RBAC permission tests (API must be running)"
|
|
@echo " make import-renpho - Build Renpho import tool"
|
|
@echo " make import-dicom - Build DICOM import tool"
|
|
@echo " make import-lab - Build lab import tool"
|
|
@echo " make tools - Build debug tools (decrypt)"
|
|
@echo " make decrypt - Build decrypt tool only"
|
|
@echo " make clean - Remove build artifacts"
|
|
@echo " make fips-check - Verify FIPS compliance"
|
|
@echo " make list - Show built binaries"
|