Align with engineering standards (steps 1-5)

- Rename dist/ -> deploy/ with subdirs examples/, scripts/, systemd/ per standard repository layout - Update .gitignore: gitignore all of dist/ (build output only) - Makefile: all target is now vet->lint->test->build; add vet, proto-lint, devserver targets; CGO_ENABLED=0 for builds (modernc.org/sqlite is pure-Go, no C toolchain needed); CGO_ENABLED=1 retained for tests (race detector) - Dockerfile: builder -> golang:1.26-alpine, runtime -> alpine:3.21; drop libc6 dep; add /srv/mcias/certs and /srv/mcias/backups to image - deploy/systemd/mcias.service: add RestrictSUIDSGID=true - deploy/systemd/mcias-backup.service: new oneshot backup unit - deploy/systemd/mcias-backup.timer: daily 02:00 UTC, 5m jitter - deploy/scripts/install.sh: install backup units and enable timer; create certs/ and backups/ subdirs in /srv/mcias - buf.yaml: add proto linting config for proto-lint target - internal/db: add Snapshot and SnapshotDir methods (VACUUM INTO) - cmd/mciasdb: add snapshot subcommand; no master key required
2026-03-16 20:26:43 -07:00
parent 446b3df52d
commit b0afe3b993
15 changed files with 293 additions and 62 deletions
--- a/77
+++ b/77
@@ -3,10 +3,14 @@
 # Usage:
 #   make build     — compile all binaries to bin/
 #   make test      — run tests with race detector
+#   make vet       — run go vet
 #   make lint      — run golangci-lint
+#   make all       — vet → lint → test → build (CI pipeline)
 #   make generate  — regenerate protobuf stubs (requires protoc)
+#   make proto-lint — lint proto files with buf
 #   make man       — build compressed man pages
-#   make install   — run dist/install.sh (requires root)
+#   make install   — run deploy/scripts/install.sh (requires root)
+#   make devserver — build and run mciassrv against run/ config
 #   make clean     — remove bin/ and generated artifacts
 #   make dist      — build release tarballs for linux/amd64 and linux/arm64
 #   make docker    — build Docker image tagged mcias:$(VERSION) and mcias:latest
@@ -27,20 +31,25 @@ MAN_PAGES  := $(MAN_DIR)/mciassrv.1 $(MAN_DIR)/mciasctl.1 \
 VERSION    := $(shell git describe --tags --always 2>/dev/null || echo dev)

 # Build flags: trim paths from binaries and strip DWARF/symbol table.
-# CGO_ENABLED=1 is required for modernc.org/sqlite.
+# modernc.org/sqlite is pure-Go and does not require CGo; CGO_ENABLED=0
+# produces statically linked binaries that deploy cleanly to Alpine containers.
 GO         := go
 GOFLAGS    := -trimpath
 LDFLAGS    := -s -w -X main.version=$(VERSION)
-CGO        := CGO_ENABLED=1
+CGO        := CGO_ENABLED=0
+
+# The race detector requires CGo on some platforms, so tests continue to use
+# CGO_ENABLED=1 while production builds are CGO_ENABLED=0.
+CGO_TEST   := CGO_ENABLED=1

 # Platforms for cross-compiled dist tarballs.
 DIST_PLATFORMS := linux/amd64 linux/arm64

 # ---------------------------------------------------------------------------
-# Default target
+# Default target — CI pipeline: vet → lint → test → build
 # ---------------------------------------------------------------------------
 .PHONY: all
-all: build
+all: vet lint test build

 # ---------------------------------------------------------------------------
 # build — compile all binaries to bin/
@@ -59,7 +68,14 @@ build:
 # ---------------------------------------------------------------------------
 .PHONY: test
 test:
-	$(CGO) $(GO) test -race ./...
+	$(CGO_TEST) $(GO) test -race ./...
+
+# ---------------------------------------------------------------------------
+# vet — static analysis via go vet
+# ---------------------------------------------------------------------------
+.PHONY: vet
+vet:
+	$(GO) vet ./...

 # ---------------------------------------------------------------------------
 # lint — run golangci-lint
@@ -68,6 +84,15 @@ test:
 lint:
 	golangci-lint run ./...

+# ---------------------------------------------------------------------------
+# proto-lint — lint and check for breaking changes in proto definitions
+# Requires: buf (https://buf.build/docs/installation)
+# ---------------------------------------------------------------------------
+.PHONY: proto-lint
+proto-lint:
+	buf lint
+	buf breaking --against '.git#branch=master,subdir=proto'
+
 # ---------------------------------------------------------------------------
 # generate — regenerate protobuf stubs from proto/ definitions
 # Requires: protoc, protoc-gen-go, protoc-gen-go-grpc
@@ -76,6 +101,13 @@ lint:
 generate:
 	$(GO) generate ./...

+# ---------------------------------------------------------------------------
+# devserver — build and run mciassrv against the local run/ config
+# ---------------------------------------------------------------------------
+.PHONY: devserver
+devserver: build
+	$(BIN_DIR)/mciassrv -config run/mcias.conf
+
 # ---------------------------------------------------------------------------
 # man — build compressed man pages
 # ---------------------------------------------------------------------------
@@ -90,7 +122,7 @@ man: $(patsubst %.1,%.1.gz,$(MAN_PAGES))
 # ---------------------------------------------------------------------------
 .PHONY: install
 install: build
-	sh dist/install.sh
+	sh deploy/scripts/install.sh

 # ---------------------------------------------------------------------------
 # clean — remove build artifacts
@@ -98,6 +130,7 @@ install: build
 .PHONY: clean
 clean:
 	rm -rf $(BIN_DIR)
+	rm -rf dist/
 	rm -f $(patsubst %.1,%.1.gz,$(MAN_PAGES))
 	-docker rmi mcias:$(VERSION) mcias:latest 2>/dev/null || true

@@ -106,7 +139,7 @@ clean:
 #
 # Output files: dist/mcias_<version>_<os>_<arch>.tar.gz
 # Each tarball contains: mciassrv, mciasctl, mciasdb, mciasgrpcctl,
-#   man pages, and dist/ files.
+#   man pages, and deploy/ files.
 # ---------------------------------------------------------------------------
 .PHONY: dist
 dist: man
@@ -117,14 +150,12 @@ dist: man
 		echo "  DIST      $$platform -> $$outdir.tar.gz"; \
 		mkdir -p $$outdir/bin; \
 		for bin in $(BINARIES); do \
-			CGO_ENABLED=1 GOOS=$$os GOARCH=$$arch $(GO) build \
+			CGO_ENABLED=0 GOOS=$$os GOARCH=$$arch $(GO) build \
 				$(GOFLAGS) -ldflags "$(LDFLAGS)" \
 				-o $$outdir/bin/$$bin ./cmd/$$bin; \
 		done; \
 		cp -r man $$outdir/; \
-		cp dist/mcias.conf.example dist/mcias-dev.conf.example \
-		   dist/mcias.env.example  dist/mcias.service \
-		   dist/install.sh $$outdir/; \
+		cp -r deploy $$outdir/; \
 		tar -czf $$outdir.tar.gz -C dist mcias_$$(echo $(VERSION) | tr -d 'v')_$${os}_$${arch}; \
 		rm -rf $$outdir; \
 	done
@@ -154,13 +185,17 @@ install-local: build
 .PHONY: help
 help:
 	@echo "Available targets:"
-	@echo "  build     Compile all binaries to bin/"
-	@echo "  test      Run tests with race detector"
-	@echo "  lint      Run golangci-lint"
-	@echo "  generate  Regenerate protobuf stubs"
-	@echo "  man       Build compressed man pages"
-	@echo "  install   Install to /usr/local/bin (requires root)"
-	@echo "  clean     Remove build artifacts"
-	@echo "  dist      Build release tarballs for Linux amd64/arm64"
-	@echo "  docker       Build Docker image mcias:$(VERSION) and mcias:latest"
+	@echo "  all        vet → lint → test → build (CI pipeline)"
+	@echo "  build      Compile all binaries to bin/"
+	@echo "  test       Run tests with race detector"
+	@echo "  vet        Run go vet"
+	@echo "  lint       Run golangci-lint"
+	@echo "  proto-lint Lint proto files with buf"
+	@echo "  generate   Regenerate protobuf stubs"
+	@echo "  devserver  Build and run mciassrv against run/ config"
+	@echo "  man        Build compressed man pages"
+	@echo "  install    Install to /usr/local/bin (requires root)"
+	@echo "  clean      Remove build artifacts"
+	@echo "  dist       Build release tarballs for Linux amd64/arm64"
+	@echo "  docker     Build Docker image mcias:$(VERSION) and mcias:latest"
 	@echo "  docker-clean Remove local mcias Docker images"