scuffle/Justfile at main · ScuffleCloud/scuffle · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
mod? local

default:
    just --list

# this should be kept in sync with
# .github/workflows/ci-check-fmt.yaml

fmt:
    bazel run //tools/cargo/fmt:fix
    buildifier $(git ls-files "*.bzl" "*.bazel" | xargs ls 2>/dev/null)
    dprint fmt
    buf format -w --disable-symlinks --debug
    just --unstable --fmt
    shfmt -w .

lint:
    bazel run //tools/cargo/clippy:fix
    pnpm lint:fix --ui=stream

clean *args="--async":
    bazel clean {{ args }}

run bin *args:
    #!/usr/bin/env bash

    if [ {{ bin }} == "core" ]; then
        bazel run //cloud/core:bin -- {{ args }}
    elif [ {{ bin }} == "email" ]; then
        bazel run //cloud/email:bin -- {{ args }}
    elif [ {{ bin }} == "ingest" ]; then
        bazel run //cloud/video/ingest:bin -- {{ args }}
    elif [ {{ bin }} == "video-api" ]; then
        bazel run //cloud/video/api:bin -- {{ args }}
    else
        echo "Unknown binary: {{ bin }}"
        exit 1
    fi

generate-test-certs:
    #!/usr/bin/env bash
    set -euo pipefail

    # Generate root CA
    openssl genpkey -out assets/root_key.pem -algorithm RSA -pkeyopt rsa_keygen_bits:2048
    openssl req -x509 -new -key assets/root_key.pem \
        -subj "/CN=scufflecloud-test-root" \
        -days 36500 -out assets/root_cert.pem

    # Generate server key and cert
    openssl genpkey -out assets/server_key.pem -algorithm RSA -pkeyopt rsa_keygen_bits:2048
    openssl req -new -key assets/server_key.pem \
        -subj "/CN=scufflecloud-test-server" \
        -addext "subjectAltName=DNS:localhost" \
        -out assets/server_csr.pem

    # Sign server cert with root CA
    openssl x509 -req \
        -in assets/server_csr.pem \
        -CA assets/root_cert.pem \
        -CAkey assets/root_key.pem \
        -set_serial 0x1 -days 36500 \
        -out assets/server_cert.pem \
        -copy_extensions copy
    rm assets/server_csr.pem

    # Generate client key and cert
    openssl genpkey -out assets/client_key.pem -algorithm RSA -pkeyopt rsa_keygen_bits:2048
    openssl req -new -key assets/client_key.pem \
        -subj "/CN=scufflecloud-test-client" \
        -addext "subjectAltName=DNS:localhost" \
        -out assets/client_csr.pem

    # Sign client cert with root CA
    openssl x509 -req \
        -in assets/client_csr.pem \
        -CA assets/root_cert.pem \
        -CAkey assets/root_key.pem \
        -set_serial 0x2 -days 36500 \
        -out assets/client_cert.pem \
        -copy_extensions copy
    rm assets/client_csr.pem

generate-mtls-certs:
    #!/usr/bin/env bash
    set -euo pipefail
    mkdir -p local/mtls

    # Generate root CA
    openssl genpkey -out local/mtls/root_key.pem -algorithm ED25519
    openssl req -x509 -new -key local/mtls/root_key.pem \
        -subj "/CN=scufflecloud-mtls-root" \
        -days 365 -out local/mtls/root_cert.pem

    # Generate core cert signed by root CA
    openssl genpkey -out local/mtls/scufflecloud_core_key.pem -algorithm ED25519
    openssl req -new -key local/mtls/scufflecloud_core_key.pem \
        -subj "/CN=scufflecloud-core-mtls" \
        -addext "subjectAltName=DNS:localhost" \
        -out local/mtls/scufflecloud_core_csr.pem

    # Sign core cert with root CA
    openssl x509 -req \
        -in local/mtls/scufflecloud_core_csr.pem \
        -CA local/mtls/root_cert.pem \
        -CAkey local/mtls/root_key.pem \
        -CAcreateserial -days 365 \
        -out local/mtls/scufflecloud_core_cert.pem \
        -copy_extensions copy

    # Generate email cert signed by root CA
    openssl genpkey -out local/mtls/scufflecloud_email_key.pem -algorithm ED25519
    openssl req -new -key local/mtls/scufflecloud_email_key.pem \
        -subj "/CN=scufflecloud-email-mtls" \
        -addext "subjectAltName=DNS:localhost" \
        -out local/mtls/scufflecloud_email_csr.pem

    # Sign email cert with root CA
    openssl x509 -req \
        -in local/mtls/scufflecloud_email_csr.pem \
        -CA local/mtls/root_cert.pem \
        -CAkey local/mtls/root_key.pem \
        -CAcreateserial -days 365 \
        -out local/mtls/scufflecloud_email_cert.pem \
        -copy_extensions copy

alias coverage := test
alias sync-rdme := sync-readme

sync-readme:
    bazel run //tools/cargo/sync-readme:fix

test *targets="//...":
    #!/usr/bin/env bash
    set -exuo pipefail

    cargo-insta reject > /dev/null

    targets=$(bazel query 'tests(set({{ targets }}))')

    bazel coverage ${targets} --//settings:test_insta_force_pass --skip_incompatible_explicit_targets

    test_logs=$(bazel info bazel-testlogs)

    snaps=$(find -L "${test_logs}" \( -name '*.snap.new' -o -name '*.pending-snap' \))
    # Loop over each found file
    for snap in $snaps; do
        rel_path="${snap#*test.outputs/}"
        # Create the symbolic link inside the target directory
        ln -sf "$(realpath "$snap")" "$(dirname "$rel_path")/$(basename "$rel_path")"
    done

    cargo-insta review

    rm lcov.info || true
    ln -s "$(bazel info output_path)"/_coverage/_coverage_report.dat lcov.info

# this should be kept in sync with
# .github/workflows/ci-check-vendor.yaml

alias vendor := lockfile

lockfile:
    cargo update --workspace
    bazel run //vendor:cargo_vendor
    pnpm install --lockfile-only

grind *targets="//...":
    #!/usr/bin/env bash
    set -euxo pipefail

    targets=$(bazel query 'kind("nextest_test rule", set({{ targets }}))')

    bazel test ${targets} --//settings:test_rustc_flags="--cfg=valgrind" --//settings:test_valgrind --skip_incompatible_explicit_targets

alias docs := doc

rustdoc_target := "//docs:rustdoc"

doc:
    bazel build {{ rustdoc_target }}

alias docs-serve := doc-serve

doc-serve: doc
    miniserve "$(bazel info execution_root)"/"$(bazel cquery --config=wrapper {{ rustdoc_target }} --output=files)" --index index.html --port 3000

deny:
    cargo-deny check