-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathMakefile
More file actions
403 lines (345 loc) Β· 17 KB
/
Makefile
File metadata and controls
403 lines (345 loc) Β· 17 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
# TRDR Hub Bank Pilot Makefile
# Commands for managing bank pilot infrastructure, deployments, and compliance operations
.PHONY: help bank_init bank_promote_uat bank_promote_prod bank_bundle_evidence bank_dashboards bank_test bank_deploy db_init migrate upgrade downgrade seed_demo pilot_demo admin_demo backup restore dr_drill rotate_secrets runbooks_serve audit-rules
# Variables
BANK_ALIAS ?= demo
ENVIRONMENT ?= sandbox
KUBECTL_CONTEXT ?= trdrhub-bank-pilot
HELM_NAMESPACE ?= trdrhub-system
# Default target
help: ## Show this help message
@echo "TRDR Hub Bank Pilot Management"
@echo "Available commands:"
@grep -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | sort | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}'
# Bank Pilot Management Commands
bank_init: ## Initialize bank tenant (Usage: make bank_init BANK_ALIAS=jpmorgan)
@echo "π¦ Initializing bank tenant: $(BANK_ALIAS)"
@if [ "$(BANK_ALIAS)" = "demo" ]; then \
echo "β οΈ Using demo alias - this will create a demo tenant"; \
fi
kubectl apply -f infra/k8s/tenants/bank-$(BANK_ALIAS)/namespace.yaml
kubectl apply -f infra/k8s/tenants/bank-$(BANK_ALIAS)/networkpolicy.yaml
kubectl apply -f infra/k8s/tenants/bank-$(BANK_ALIAS)/secrets.yaml
@echo "β
Bank tenant $(BANK_ALIAS) infrastructure created"
@echo "π Provisioning sandbox environment..."
kubectl apply -k infra/k8s/envs/sandbox/bank-$(BANK_ALIAS)/
@echo "β
Sandbox environment ready for $(BANK_ALIAS)"
bank_promote_uat: ## Promote bank tenant to UAT (Usage: make bank_promote_uat BANK_ALIAS=jpmorgan)
@echo "π Promoting $(BANK_ALIAS) to UAT environment"
@echo "π Running UAT promotion checks..."
python scripts/bank_pilot/promote_to_uat.py --bank-alias $(BANK_ALIAS) --check-only
@read -p "Checks passed. Continue with UAT promotion? [y/N] " confirm && [ "$$confirm" = "y" ]
python scripts/bank_pilot/promote_to_uat.py --bank-alias $(BANK_ALIAS) --execute
kubectl apply -k infra/k8s/envs/uat/bank-$(BANK_ALIAS)/
@echo "β
$(BANK_ALIAS) promoted to UAT"
bank_promote_prod: ## Promote bank tenant to Production (Usage: make bank_promote_prod BANK_ALIAS=jpmorgan)
@echo "π¨ PRODUCTION PROMOTION: $(BANK_ALIAS)"
@echo "π Running production readiness checks..."
python scripts/bank_pilot/promote_to_prod.py --bank-alias $(BANK_ALIAS) --check-only
@read -p "β οΈ This will enable billing and deploy to production. Continue? [y/N] " confirm && [ "$$confirm" = "y" ]
@read -p "Enter approver email: " approver_email && \
python scripts/bank_pilot/promote_to_prod.py --bank-alias $(BANK_ALIAS) --approver "$$approver_email" --execute
kubectl apply -k infra/k8s/envs/prod/bank-$(BANK_ALIAS)/
@echo "β
$(BANK_ALIAS) promoted to PRODUCTION with billing enabled"
bank_bundle_evidence: ## Generate regulatory evidence bundle (Usage: make bank_bundle_evidence BANK_ALIAS=jpmorgan)
@echo "π Generating regulatory evidence bundle for $(BANK_ALIAS)"
mkdir -p evidence/$(BANK_ALIAS)
python scripts/bank_pilot/generate_pilot_evidence_bundle.py \
--bank-alias $(BANK_ALIAS) \
--output evidence/$(BANK_ALIAS)/bank-$(BANK_ALIAS)-evidence-$(shell date +%Y%m).zip
@echo "β
Evidence bundle created: evidence/$(BANK_ALIAS)/bank-$(BANK_ALIAS)-evidence-$(shell date +%Y%m).zip"
bank_dashboards: ## Provision bank-specific Grafana dashboards (Usage: make bank_dashboards BANK_ALIAS=jpmorgan)
@echo "π Provisioning Grafana dashboards for $(BANK_ALIAS)"
kubectl create configmap bank-$(BANK_ALIAS)-dashboards \
--from-file=ops/grafana/dashboards/bank/ \
--namespace=$(HELM_NAMESPACE) \
--dry-run=client -o yaml | kubectl apply -f -
kubectl label configmap bank-$(BANK_ALIAS)-dashboards \
grafana_dashboard=1 \
tenant=$(BANK_ALIAS) \
--namespace=$(HELM_NAMESPACE)
@echo "β
Dashboards provisioned for $(BANK_ALIAS)"
# Workflow Features Dashboards
deploy_workflow_dashboards: ## Deploy workflow monitoring dashboards
@echo "π Deploying workflow monitoring dashboards"
kubectl create configmap workflow-dashboards \
--from-file=ops/grafana/dashboards/workflows/ \
--namespace=$(HELM_NAMESPACE) \
--dry-run=client -o yaml | kubectl apply -f -
kubectl label configmap workflow-dashboards \
grafana_dashboard=1 \
component=workflows \
--namespace=$(HELM_NAMESPACE)
@echo "β
Workflow dashboards deployed"
deploy_prometheus_rules: ## Deploy Prometheus alerting rules for workflows
@echo "β οΈ Deploying Prometheus alerting rules"
kubectl create configmap workflow-alert-rules \
--from-file=prom_rules/workflow.yml \
--namespace=$(HELM_NAMESPACE) \
--dry-run=client -o yaml | kubectl apply -f -
kubectl label configmap workflow-alert-rules \
prometheus_rule=1 \
component=workflows \
--namespace=$(HELM_NAMESPACE)
@echo "β
Prometheus rules deployed"
setup_monitoring: ## Setup complete monitoring stack for workflows
@echo "π― Setting up complete workflow monitoring stack"
make deploy_workflow_dashboards
make deploy_prometheus_rules
@echo "β
Workflow monitoring stack ready"
# Development and Testing
bank_test: ## Run bank pilot test suite
@echo "π§ͺ Running bank pilot test suite"
pytest tests/bank_pilot/ -v --cov=app.routers.bankpilot --cov=app.core.bankpilot
@echo "β
Bank pilot tests completed"
bank_test_e2e: ## Run end-to-end bank pilot tests
@echo "π Running E2E bank pilot tests"
playwright test tests/bank_pilot/e2e_bank_pilot.spec.ts
@echo "β
E2E tests completed"
# Workflow Features Testing
test_workflows: ## Run comprehensive workflow features test suite
@echo "π Running workflow features test suite"
pytest tests/workflows/ -v --cov=app.services --cov=app.core --cov=app.routers
@echo "β
Workflow features tests completed"
test_notifications: ## Run notification system tests
@echo "π Running notification system tests"
pytest tests/workflows/test_notification_service.py tests/api/test_notifications_api.py -v
@echo "β
Notification tests completed"
test_exports: ## Run export/reporting tests
@echo "π Running export and reporting tests"
pytest tests/workflows/test_export_service.py tests/api/test_reports_api.py -v
@echo "β
Export tests completed"
test_governance: ## Run governance hooks tests
@echo "π Running governance and approval tests"
pytest tests/workflows/test_governance_hooks.py -v
@echo "β
Governance tests completed"
test_metrics: ## Run observability and metrics tests
@echo "π Running metrics and observability tests"
pytest tests/workflows/test_workflow_metrics.py -v
@echo "β
Metrics tests completed"
test_events: ## Run event system tests
@echo "β‘ Running event system tests"
pytest tests/workflows/test_events.py -v
@echo "β
Event system tests completed"
# Infrastructure Management
bank_deploy_gateway: ## Deploy enterprise security gateway
@echo "π‘οΈ Deploying enterprise security gateway"
helm upgrade --install enterprise-gateway infra/helm/enterprise-gateway/ \
--namespace $(HELM_NAMESPACE) \
--create-namespace \
--values infra/helm/enterprise-gateway/values.yaml
@echo "β
Enterprise gateway deployed"
bank_update_gateway: ## Update gateway configuration for specific bank
@echo "π§ Updating gateway configuration for $(BANK_ALIAS)"
helm upgrade enterprise-gateway infra/helm/enterprise-gateway/ \
--namespace $(HELM_NAMESPACE) \
--set bankPilot.tenants[0].alias=$(BANK_ALIAS) \
--reuse-values
@echo "β
Gateway updated for $(BANK_ALIAS)"
# Monitoring and Troubleshooting
bank_status: ## Check bank tenant status (Usage: make bank_status BANK_ALIAS=jpmorgan)
@echo "π Status for bank tenant: $(BANK_ALIAS)"
@echo "=== Namespace Status ==="
kubectl get ns | grep bank-$(BANK_ALIAS) || echo "β Namespace not found"
@echo "=== Pod Status ==="
kubectl get pods -n bank-$(BANK_ALIAS) 2>/dev/null || echo "β No pods found"
@echo "=== Service Status ==="
kubectl get svc -n bank-$(BANK_ALIAS) 2>/dev/null || echo "β No services found"
@echo "=== Ingress Status ==="
kubectl get ingress -n bank-$(BANK_ALIAS) 2>/dev/null || echo "β No ingress found"
bank_logs: ## Get logs for bank tenant (Usage: make bank_logs BANK_ALIAS=jpmorgan)
@echo "π Fetching logs for $(BANK_ALIAS)"
kubectl logs -n bank-$(BANK_ALIAS) -l app.kubernetes.io/instance=bank-$(BANK_ALIAS) --tail=100
bank_shell: ## Get shell access to bank tenant pod (Usage: make bank_shell BANK_ALIAS=jpmorgan)
kubectl exec -it -n bank-$(BANK_ALIAS) \
$$(kubectl get pods -n bank-$(BANK_ALIAS) -l app.kubernetes.io/name=trdrhub -o jsonpath='{.items[0].metadata.name}') \
-- /bin/bash
# Data Management
bank_backup: ## Create backup for bank tenant (Usage: make bank_backup BANK_ALIAS=jpmorgan)
@echo "πΎ Creating backup for $(BANK_ALIAS)"
kubectl create job bank-$(BANK_ALIAS)-backup-$(shell date +%Y%m%d-%H%M%S) \
--from=cronjob/bank-$(BANK_ALIAS)-backup -n bank-$(BANK_ALIAS)
@echo "β
Backup job created for $(BANK_ALIAS)"
bank_restore: ## Restore bank tenant from backup (Usage: make bank_restore BANK_ALIAS=jpmorgan BACKUP_ID=20240115-120000)
@echo "π Restoring $(BANK_ALIAS) from backup $(BACKUP_ID)"
@read -p "β οΈ This will restore data from backup. Continue? [y/N] " confirm && [ "$$confirm" = "y" ]
kubectl create job bank-$(BANK_ALIAS)-restore-$(shell date +%Y%m%d-%H%M%S) \
--from=cronjob/bank-$(BANK_ALIAS)-restore -n bank-$(BANK_ALIAS) \
-- --backup-id $(BACKUP_ID)
@echo "β
Restore job created for $(BANK_ALIAS)"
# Security and Compliance
bank_security_scan: ## Run security scan for bank tenant (Usage: make bank_security_scan BANK_ALIAS=jpmorgan)
@echo "π Running security scan for $(BANK_ALIAS)"
kubectl run security-scan-$(BANK_ALIAS) \
--image=aquasec/trivy:latest \
--rm -i --restart=Never \
-- image trdrhub-api:latest
@echo "β
Security scan completed for $(BANK_ALIAS)"
bank_compliance_check: ## Run compliance checks for bank tenant (Usage: make bank_compliance_check BANK_ALIAS=jpmorgan)
@echo "β
Running compliance checks for $(BANK_ALIAS)"
python scripts/bank_pilot/compliance_checker.py --bank-alias $(BANK_ALIAS) --report
@echo "β
Compliance check completed for $(BANK_ALIAS)"
# Cleanup
bank_cleanup: ## Remove bank tenant (Usage: make bank_cleanup BANK_ALIAS=jpmorgan)
@echo "ποΈ WARNING: This will completely remove $(BANK_ALIAS) tenant"
@read -p "Are you sure? This action cannot be undone. Type '$(BANK_ALIAS)' to confirm: " confirm && [ "$$confirm" = "$(BANK_ALIAS)" ]
kubectl delete namespace bank-$(BANK_ALIAS) --ignore-not-found
kubectl delete -k infra/k8s/envs/sandbox/bank-$(BANK_ALIAS)/ --ignore-not-found
kubectl delete -k infra/k8s/envs/uat/bank-$(BANK_ALIAS)/ --ignore-not-found
kubectl delete -k infra/k8s/envs/prod/bank-$(BANK_ALIAS)/ --ignore-not-found
@echo "β
Bank tenant $(BANK_ALIAS) removed"
# CI/CD Integration
ci_test: ## Run all tests for CI/CD pipeline
@echo "π€ Running CI test suite"
make bank_test
make bank_test_e2e
make test_workflows
@echo "β
All CI tests passed"
ci_test_unit: ## Run unit tests only (faster CI option)
@echo "β‘ Running unit tests"
pytest tests/workflows/ tests/bank_pilot/ -v --tb=short
@echo "β
Unit tests passed"
ci_deploy: ## Deploy bank pilot infrastructure (CI/CD)
@echo "π Deploying bank pilot infrastructure"
make bank_deploy_gateway
make setup_monitoring
@echo "β
Bank pilot infrastructure deployed"
ci_security: ## Run security checks (CI/CD)
@echo "π Running security checks"
# Run security linting
bandit -r app/ -f json -o security-report.json
# Run dependency scanning
safety check --json --output safety-report.json
# Check for hardcoded secrets
detect-secrets scan --all-files --baseline .secrets.baseline
@echo "β
Security checks completed"
ci_lint: ## Run code quality checks
@echo "β¨ Running code quality checks"
flake8 app/ tests/ --statistics
black app/ tests/ --check
isort app/ tests/ --check-only
mypy app/
@echo "β
Code quality checks passed"
# Documentation
bank_docs: ## Generate bank pilot documentation
@echo "π Generating bank pilot documentation"
mkdir -p docs/generated
python scripts/generate_api_docs.py --module bankpilot --output docs/generated/bank-pilot-api.md
@echo "β
Documentation generated"
# Development
dev_setup: ## Setup development environment for bank pilot
@echo "π οΈ Setting up development environment"
pip install -r requirements-dev.txt
pre-commit install
npm install
@echo "β
Development environment ready"
dev_run: ## Run development server with bank pilot features
@echo "π Starting development server"
uvicorn app.main:app --reload --port 8000 --host 0.0.0.0
dev_run_with_workers: ## Run development server with background workers
@echo "π Starting development server with workers"
# Start Redis if not running
redis-server --daemonize yes --port 6379 || echo "Redis already running"
# Start Celery worker in background
celery -A app.workers worker --loglevel=info --detach
# Start FastAPI server
uvicorn app.main:app --reload --port 8000 --host 0.0.0.0
dev_stop_workers: ## Stop background workers
@echo "π Stopping background workers"
pkill -f "celery.*worker" || echo "No workers to stop"
redis-cli shutdown || echo "Redis not running"
# Workflow Feature Development
dev_test_notifications: ## Test notification system in development
@echo "π Testing notifications in development"
python -m pytest tests/workflows/test_notification_service.py -v -s
@echo "β
Notification tests completed"
dev_test_exports: ## Test export system in development
@echo "π Testing exports in development"
python -m pytest tests/workflows/test_export_service.py -v -s
@echo "β
Export tests completed"
dev_seed_data: ## Seed development database with test data
@echo "π± Seeding development database"
python scripts/dev/seed_workflow_data.py
@echo "β
Development data seeded"
# Quick commands for common scenarios
demo: ## Setup demo bank tenant quickly
make bank_init BANK_ALIAS=demo
make bank_dashboards BANK_ALIAS=demo
@echo "β
Demo bank tenant ready at: https://demo.enterprise.trdrhub.com"
jpmorgan: ## Setup JPMorgan pilot (example)
make bank_init BANK_ALIAS=jpmorgan
make bank_dashboards BANK_ALIAS=jpmorgan
@echo "β
JPMorgan pilot ready at: https://jpmorgan.enterprise.trdrhub.com"
# Database Migration Management
db_init: ## Initialize Alembic and create database
@echo "ποΈ Initializing database with Alembic"
alembic stamp head
@echo "β
Database initialized"
migrate: ## Create new Alembic migration (Usage: make migrate msg="description")
@echo "π Creating new migration: $(msg)"
alembic revision --autogenerate -m "$(msg)"
@echo "β
Migration created"
upgrade: ## Apply database migrations
@echo "β¬οΈ Applying database migrations"
alembic upgrade head
@echo "β
Database upgraded"
downgrade: ## Rollback last migration
@echo "β¬οΈ Rolling back last migration"
alembic downgrade -1
@echo "β
Database downgraded"
# Demo Data and Pilot Setup
seed_demo: ## Seed database with demo data
@echo "π± Seeding demo data"
python3 scripts/demo/seed_demo_data.py
@echo "β
Demo data seeded"
pilot_demo: db_init upgrade seed_demo ## Setup complete pilot demo environment
@echo "π TRDR Hub Pilot Demo Ready!"
@echo "π Admin Console: http://localhost:3000/admin"
@echo "π Grafana: http://localhost:3001"
@echo "π Demo Logins:"
@echo " SME Admin: sme.admin@demo.com / sme123"
@echo " Bank Officer: bank.officer@demo.com / bank123"
@echo " Auditor: auditor@demo.com / audit123"
@echo " Super Admin: admin@lcopilot.com / admin123"
admin_demo: ## Open admin console with demo credentials
@echo "π Demo admin credentials:"
@echo " Super Admin: admin@lcopilot.com / admin123"
@echo " Bank Officer: bank.officer@demo.com / bank123"
@echo " Auditor: auditor@demo.com / audit123"
open http://localhost:3000/admin
# Disaster Recovery Operations
backup: ## Create full backup (database + objects)
@echo "πΎ Creating full backup"
python3 scripts/dr/backup_db.py
python3 scripts/dr/backup_objects.py
@echo "β
Full backup completed"
restore: ## Restore from backup (Usage: make restore BACKUP_ID=backup_id)
@echo "π Restoring from backup: $(BACKUP_ID)"
python3 scripts/dr/restore_db.py $(BACKUP_ID)
python3 scripts/dr/restore_objects.py $(BACKUP_ID)
@echo "β
Restore completed"
dr_drill: ## Run disaster recovery drill
@echo "π¨ Running DR drill"
python3 scripts/dr/dr_drill.py --target-rpo=15 --target-rto=60
@echo "β
DR drill completed"
# Secrets Management
rotate_secrets: ## Rotate all application secrets
@echo "π Rotating application secrets"
python3 scripts/secrets/rotate_secrets.py --backend=local
@echo "β
Secrets rotated"
# Documentation
runbooks_serve: ## Serve operational runbooks locally
@echo "π Starting runbook server"
cd docs && python3 -m http.server 8080
@echo "π Runbooks available at: http://localhost:8080/runbooks/"
# Ruleset Management
audit-rules: ## Run ruleset integrity audit (validates JSON files and DB state)
@echo "π Running ruleset integrity audit..."
@PYTHONPATH=. python apps/api/scripts/recheck_rules.py
@echo "β
Ruleset audit completed"
# Version and build info
version: ## Show version information
@echo "TRDR Hub Bank Pilot"
@echo "Version: $(shell git describe --tags --always)"
@echo "Build: $(shell git rev-parse --short HEAD)"
@echo "Date: $(shell date -u +%Y-%m-%dT%H:%M:%SZ)"