-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathMakefile
More file actions
189 lines (138 loc) · 7.5 KB
/
Copy pathMakefile
File metadata and controls
189 lines (138 loc) · 7.5 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
.PHONY: build dev container container-push test-unit test-integration test-e2e test-race test-stress test-stress-go test-chaos test-security test-benchmark test-benchmark-go test-monitoring test-performance test-automation test-usecases test-all coverage scan-vuln scan-sast scan-snyk scan-sonar scan-container scan-fs scan-quick scan-all probe deploy status logs monitor rebalance ingest collections stats lint fmt docs gen deps clean certs website website-serve website-clean
# ── Variables ────────────────────────────────────────────
BINARY := helixllm
GOFLAGS := -ldflags="-s -w"
CONTAINER_RUNTIME := $(shell command -v podman 2>/dev/null || command -v docker 2>/dev/null)
IMAGE := helixllm
TAG := dev
# ── Build ────────────────────────────────────────────────
build:
go build $(GOFLAGS) -o bin/$(BINARY) ./cmd/helixllm
dev: certs
HELIX_MODE=full go run ./cmd/helixllm
container:
$(CONTAINER_RUNTIME) build -f container/Containerfile -t $(IMAGE):$(TAG) .
container-push:
$(CONTAINER_RUNTIME) push $(IMAGE):$(TAG)
# ── Test ─────────────────────────────────────────────────
test-unit:
go test -v -count=1 -race -coverprofile=coverage-unit.out ./internal/...
test-integration:
go test -v -count=1 -race ./tests/integration/
test-e2e:
go test -v -count=1 -race -tags=e2e ./tests/integration/...
test-race:
GOMAXPROCS=$$(nproc) go test -count=1 -race -p 1 ./internal/... ./pkg/... ./tests/...
test-stress:
./bin/helixllm --challenges --banks-dir=challenges/banks/benchmarks/ --base-url=$${HELIX_BASE_URL:-https://localhost:8443}
test-stress-go:
go test -v -count=1 -tags=stress -timeout=10m ./tests/stress/...
test-chaos:
./bin/helixllm --challenges --banks-dir=challenges/banks/chaos/ --base-url=$${HELIX_BASE_URL:-https://localhost:8443}
test-security:
./bin/helixllm --challenges --banks-dir=challenges/banks/security/ --base-url=$${HELIX_BASE_URL:-https://localhost:8443}
test-benchmark:
./bin/helixllm --challenges --banks-dir=challenges/banks/benchmarks/ --base-url=$${HELIX_BASE_URL:-https://localhost:8443}
test-automation: build
@echo "Running full automation pipeline..."
$(MAKE) test-unit
$(MAKE) test-integration
$(MAKE) test-challenges
test-usecases:
./bin/helixllm --challenges --banks-dir=challenges/banks/workflows/ --base-url=$${HELIX_BASE_URL:-https://localhost:8443}
test-challenges:
./bin/helixllm --challenges --banks-dir=challenges/banks/ --base-url=https://localhost:8443
test-challenges-api:
./bin/helixllm --challenges --banks-dir=challenges/banks/api/ --base-url=https://localhost:8443
test-all: test-unit test-integration
test-monitoring:
go test -v -count=1 -tags=monitoring ./tests/monitoring/...
test-performance:
go test -v -count=1 -tags=performance -timeout=5m ./tests/performance/...
test-benchmark-go:
go test -bench=. -benchmem -count=3 -run=^$$ ./internal/...
COVERAGE_THRESHOLD := 91
coverage: test-unit
go tool cover -func=coverage-unit.out
@echo "---"
@TOTAL=$$(go tool cover -func=coverage-unit.out | grep '^total:' | awk '{print $$NF}' | tr -d '%'); \
echo "Total coverage: $${TOTAL}% (threshold: $(COVERAGE_THRESHOLD)%)"; \
if [ $$(echo "$${TOTAL} < $(COVERAGE_THRESHOLD)" | bc -l) -eq 1 ]; then \
echo "FAIL: coverage $${TOTAL}% is below $(COVERAGE_THRESHOLD)% threshold"; \
exit 1; \
fi; \
echo "PASS: coverage meets threshold"
@echo "Full coverage report: go tool cover -html=coverage-unit.out"
# ── Security Scanning ───────────────────────────────────
scan-vuln:
govulncheck ./...
scan-sast:
golangci-lint run --enable-only gosec ./...
scan-snyk:
@command -v snyk >/dev/null 2>&1 && snyk test --all-projects || echo "Snyk CLI not installed — install via: npm install -g snyk"
scan-sonar:
@echo "Starting SonarQube via compose..."
$(CONTAINER_RUNTIME) compose -f deploy/compose.security.yaml --profile sonar up -d sonarqube
@echo "Waiting for SonarQube to be ready (this may take 2-3 minutes)..."
@timeout 180 bash -c 'until curl -sf http://localhost:9000/api/system/status | grep -q UP; do sleep 5; done' || (echo "SonarQube failed to start" && exit 1)
@echo "Running SonarQube scanner..."
$(CONTAINER_RUNTIME) run --rm --network host -v $$(pwd):/usr/src -w /usr/src sonarsource/sonar-scanner-cli:latest
@echo "SonarQube results at http://localhost:9000/dashboard?id=helixllm"
scan-container:
$(CONTAINER_RUNTIME) run --rm -v $$(pwd):/project aquasec/trivy:latest image $(IMAGE):$(TAG)
scan-fs:
$(CONTAINER_RUNTIME) run --rm -v $$(pwd):/project aquasec/trivy:latest fs /project
scan-quick: scan-vuln scan-sast
scan-all: scan-vuln scan-sast scan-snyk scan-fs
# ── Cluster ──────────────────────────────────────────────
probe:
curl -sk https://localhost:$${HELIX_PORT:-8443}/internal/cluster/probe -X POST | python3 -m json.tool
deploy:
curl -sk https://localhost:$${HELIX_PORT:-8443}/internal/cluster/deploy -X POST | python3 -m json.tool
status:
curl -sk https://localhost:$${HELIX_PORT:-8443}/internal/cluster/status | python3 -m json.tool
logs:
$(CONTAINER_RUNTIME) compose -f deploy/compose.yaml logs -f
monitor:
./bin/helixllm --monitor
rebalance:
curl -sk https://localhost:$${HELIX_PORT:-8443}/internal/cluster/rebalance -X POST | python3 -m json.tool
# ── Knowledge ────────────────────────────────────────────
ingest:
@test -n "$(DIR)" || (echo "Usage: make ingest DIR=./path/to/docs" && exit 1)
@find $(DIR) -type f \( -name '*.md' -o -name '*.txt' -o -name '*.go' -o -name '*.py' \) -exec sh -c 'curl -sk https://localhost:$${HELIX_PORT:-8443}/internal/knowledge/ingest -X POST -H "Content-Type: application/json" -d "{\"title\":\"$$(basename {})\",\"content\":\"$$(cat {} | head -c 10000 | sed "s/\"/\\\\\\\"/g" | tr "\n" " ")\",\"source\":\"{}\",\"collection\":\"$${COLLECTION:-default}\"}"' \;
collections:
curl -sk https://localhost:$${HELIX_PORT:-8443}/internal/knowledge/collections | python3 -m json.tool
stats:
curl -sk https://localhost:$${HELIX_PORT:-8443}/internal/knowledge/stats | python3 -m json.tool
# ── Development ──────────────────────────────────────────
lint:
golangci-lint run ./...
fmt:
gofmt -w .
goimports -w .
docs:
@echo "Documentation available at docs/user-guide/ and docs/manual/"
@echo "API reference: docs/user-guide/api-reference.md"
@ls docs/user-guide/ docs/manual/ 2>/dev/null
gen:
go generate ./...
deps:
git submodule update --init --recursive
go mod tidy
clean:
rm -rf bin/ coverage-*.out certs/
certs:
@mkdir -p certs
@test -f certs/cert.pem || openssl req -x509 -newkey ec -pkeyopt ec_paramgen_curve:P-256 \
-keyout certs/key.pem -out certs/cert.pem -days 365 -nodes \
-subj "/CN=localhost" \
-addext "subjectAltName=DNS:localhost,DNS:nezha.local,IP:127.0.0.1" 2>/dev/null
@echo "TLS certs ready at certs/"
# ── Website ─────────────────────────────────────────────
website:
cd website && hugo --minify
website-serve:
cd website && hugo server --bind 0.0.0.0 --port 1313
website-clean:
rm -rf website/public/