doc/Makefile

   1 # Build and safety-check requirements.txt
   2
   3 # skjold needs a personal github access token.  This needs no permissions,
   4 # it is only required to query the GitHub GraphQL API v4.
   5 # See: https://pythonawesome.com/security-audit-python-project-dependencies-against-security-advisory-databases/
   6 # We attempt to get it from the environment variable SKJOLD_GITHUB_API_TOKEN
   7 # or GITHUB_TOKEN.
   8 # It can also be passed to this Makefile via either:
   9 #
  10 #   make GITHUB_TOKEN=... (build-and-)check-requirements
  11 #   make SKJOLD_GITHUB_API_TOKEN=... (build-and-)check-requirements
  12 #
  13 #
  14 SKJOLD_GITHUB_API_TOKEN ?= ${GITHUB_TOKEN}
  15
  16 .PHONY: build-and-check-requirements
  17 build-and-check-requirements: requirements.txt check-requirements
  18
  19 # Always rebuild requirements.txt
  20 .PHONY: requirements.txt
  21 # requirements.txt is generated from requirements.in
  22 # via pip-compile included in the pip-tools package.
  23 # See https://modelpredict.com/wht-requirements-txt-is-not-enough
  24 requirements.txt: requirements.in
  25         . ../.python-sphinx-virtualenv/bin/activate \
  26           && pip install --upgrade pip \
  27           && pip install pip-tools \
  28           && pip-compile requirements.in
  29
  30 # Check requirements.txt for security violations via skjold,
  31 # configured in pyproject.toml.
  32 # See: https://pythonawesome.com/security-audit-python-project-dependencies-against-security-advisory-databases/
  33 .PHONY: check-requirements
  34 check-requirements:
  35         @if [ -z "$${SKJOLD_GITHUB_API_TOKEN}" ] \
  36         ; then \
  37           echo "WARNING: Neither SKJOLD_GITHUB_API_TOKEN nor GITHUB_TOKEN is set." \
  38         ; echo "Vulnerability check via skjold might fail when using the GitHub GraphQL API." \
  39         ; fi
  40         . ../.python-sphinx-virtualenv/bin/activate \
  41           && pip install skjold \
  42           && skjold audit
  43 # NB: For portability, we use '.' (sh etc.) instead of 'source' (bash).
  44
  45 # Debug print environment variables
  46 debug:
  47         @echo "GITHUB_TOKEN = ${GITHUB_TOKEN}"
  48         @echo "SKJOLD_GITHUB_API_TOKEN = $${SKJOLD_GITHUB_API_TOKEN}"
  49         @echo "Is SKJOLD_GITHUB_API_TOKEN set? $${SKJOLD_GITHUB_API_TOKEN:+yes}"
  50
  51 # EOF