Implement Phase 8: operational artifacts

- Makefile: build/test/lint/generate/man/install/clean/dist/docker; CGO_ENABLED=1 throughout; VERSION from git describe --tags --always - Dockerfile: multi-stage (golang:1.26-bookworm builder -> debian:bookworm-slim runtime); non-root uid 10001 (mcias), VOLUME /data, EXPOSE 8443/9443; no toolchain in final image - dist/mcias.service: hardened systemd unit (ProtectSystem=strict, ProtectHome, PrivateTmp, NoNewPrivileges, MemoryDenyWriteExecute, CapabilityBoundingSet= empty, EnvironmentFile, LimitNOFILE=65536) - dist/mcias.env.example: passphrase env file template - dist/mcias.conf.example: fully-commented production TOML config - dist/mcias-dev.conf.example: local dev config (/tmp, short expiry) - dist/mcias.conf.docker.example: container config template - dist/install.sh: POSIX sh idempotent installer; creates mcias user/group, installs binaries, /etc/mcias, /var/lib/mcias, systemd unit, man pages; prints post-install instructions - man/man1/mciassrv.1: mdoc synopsis/config/API/signals/files - man/man1/mciasctl.1: mdoc all subcommands/env/examples - man/man1/mciasdb.1: mdoc trust model/safety/all subcommands - man/man1/mciasgrpcctl.1: mdoc gRPC commands/grpcurl example - README.md: user-facing quick-start, first-run setup, build instructions, CLI references, Docker deployment, security notes - .gitignore: added /bin/, dist/mcias_*.tar.gz, man/man1/*.gz
2026-03-11 15:11:36 -07:00
parent 8f706f10ec
commit 941c71f2d1
15 changed files with 1715 additions and 54 deletions
--- a/151
+++ b/151
@@ -0,0 +1,151 @@
+# Makefile — MCIAS build, test, lint, and release targets
+#
+# Usage:
+#   make build     — compile all binaries to bin/
+#   make test      — run tests with race detector
+#   make lint      — run golangci-lint
+#   make generate  — regenerate protobuf stubs (requires protoc)
+#   make man       — build compressed man pages
+#   make install   — run dist/install.sh (requires root)
+#   make clean     — remove bin/ and generated artifacts
+#   make dist      — build release tarballs for linux/amd64 and linux/arm64
+#   make docker    — build Docker image tagged mcias:$(VERSION)
+
+# ---------------------------------------------------------------------------
+# Variables
+# ---------------------------------------------------------------------------
+MODULE     := git.wntrmute.dev/kyle/mcias
+BINARIES   := mciassrv mciasctl mciasdb mciasgrpcctl
+BIN_DIR    := bin
+MAN_DIR    := man/man1
+MAN_PAGES  := $(MAN_DIR)/mciassrv.1 $(MAN_DIR)/mciasctl.1 \
+              $(MAN_DIR)/mciasdb.1  $(MAN_DIR)/mciasgrpcctl.1
+
+# Version: prefer git describe; fall back to "dev" when git is unavailable
+# or the tree has no tags.
+VERSION    := $(shell git describe --tags --always 2>/dev/null || echo dev)
+
+# Build flags: trim paths from binaries and strip DWARF/symbol table.
+# CGO_ENABLED=1 is required for modernc.org/sqlite.
+GO         := go
+GOFLAGS    := -trimpath
+LDFLAGS    := -s -w -X main.version=$(VERSION)
+CGO        := CGO_ENABLED=1
+
+# Platforms for cross-compiled dist tarballs.
+DIST_PLATFORMS := linux/amd64 linux/arm64
+
+# ---------------------------------------------------------------------------
+# Default target
+# ---------------------------------------------------------------------------
+.PHONY: all
+all: build
+
+# ---------------------------------------------------------------------------
+# build — compile all binaries to bin/
+# ---------------------------------------------------------------------------
+.PHONY: build
+build:
+	@mkdir -p $(BIN_DIR)
+	@for bin in $(BINARIES); do \
+		echo "  GO BUILD  cmd/$$bin"; \
+		$(CGO) $(GO) build $(GOFLAGS) -ldflags "$(LDFLAGS)" \
+			-o $(BIN_DIR)/$$bin ./cmd/$$bin; \
+	done
+
+# ---------------------------------------------------------------------------
+# test — run all tests with race detector
+# ---------------------------------------------------------------------------
+.PHONY: test
+test:
+	$(CGO) $(GO) test -race ./...
+
+# ---------------------------------------------------------------------------
+# lint — run golangci-lint
+# ---------------------------------------------------------------------------
+.PHONY: lint
+lint:
+	golangci-lint run ./...
+
+# ---------------------------------------------------------------------------
+# generate — regenerate protobuf stubs from proto/ definitions
+# Requires: protoc, protoc-gen-go, protoc-gen-go-grpc
+# ---------------------------------------------------------------------------
+.PHONY: generate
+generate:
+	$(GO) generate ./...
+
+# ---------------------------------------------------------------------------
+# man — build compressed man pages
+# ---------------------------------------------------------------------------
+.PHONY: man
+man: $(patsubst %.1,%.1.gz,$(MAN_PAGES))
+
+%.1.gz: %.1
+	gzip -kf $<
+
+# ---------------------------------------------------------------------------
+# install — run the installation script (requires root)
+# ---------------------------------------------------------------------------
+.PHONY: install
+install: build
+	sh dist/install.sh
+
+# ---------------------------------------------------------------------------
+# clean — remove build artifacts
+# ---------------------------------------------------------------------------
+.PHONY: clean
+clean:
+	rm -rf $(BIN_DIR)
+	rm -f $(patsubst %.1,%.1.gz,$(MAN_PAGES))
+
+# ---------------------------------------------------------------------------
+# dist — cross-compiled release tarballs for linux/amd64 and linux/arm64
+#
+# Output files: dist/mcias_<version>_<os>_<arch>.tar.gz
+# Each tarball contains: mciassrv, mciasctl, mciasdb, mciasgrpcctl,
+#   man pages, and dist/ files.
+# ---------------------------------------------------------------------------
+.PHONY: dist
+dist: man
+	@for platform in $(DIST_PLATFORMS); do \
+		os=$$(echo $$platform | cut -d/ -f1); \
+		arch=$$(echo $$platform | cut -d/ -f2); \
+		outdir=dist/mcias_$$(echo $(VERSION) | tr -d 'v')_$${os}_$${arch}; \
+		echo "  DIST      $$platform -> $$outdir.tar.gz"; \
+		mkdir -p $$outdir/bin; \
+		for bin in $(BINARIES); do \
+			CGO_ENABLED=1 GOOS=$$os GOARCH=$$arch $(GO) build \
+				$(GOFLAGS) -ldflags "$(LDFLAGS)" \
+				-o $$outdir/bin/$$bin ./cmd/$$bin; \
+		done; \
+		cp -r man $$outdir/; \
+		cp dist/mcias.conf.example dist/mcias-dev.conf.example \
+		   dist/mcias.env.example  dist/mcias.service \
+		   dist/install.sh $$outdir/; \
+		tar -czf $$outdir.tar.gz -C dist mcias_$$(echo $(VERSION) | tr -d 'v')_$${os}_$${arch}; \
+		rm -rf $$outdir; \
+	done
+
+# ---------------------------------------------------------------------------
+# docker — build the Docker image
+# ---------------------------------------------------------------------------
+.PHONY: docker
+docker:
+	docker build -t mcias:$(VERSION) .
+
+# ---------------------------------------------------------------------------
+# Help
+# ---------------------------------------------------------------------------
+.PHONY: help
+help:
+	@echo "Available targets:"
+	@echo "  build     Compile all binaries to bin/"
+	@echo "  test      Run tests with race detector"
+	@echo "  lint      Run golangci-lint"
+	@echo "  generate  Regenerate protobuf stubs"
+	@echo "  man       Build compressed man pages"
+	@echo "  install   Install to /usr/local/bin (requires root)"
+	@echo "  clean     Remove build artifacts"
+	@echo "  dist      Build release tarballs for Linux amd64/arm64"
+	@echo "  docker    Build Docker image mcias:$(VERSION)"