new makefile targets

Author: anthony-nhs

README.md

@@ -283,6 +283,13 @@ Check targets (`check.mk`)
 - `cfn-guard-terraform` - validates `terraform_plans` against cfn-guard rulesets and writes outputs to `.cfn_guard_out/`
 - `actionlint` - runs actionlint against github actions
 - `secret-scan` - runs git-secrets (including scanning history) against the repo
+- `guard-<ENVIRONMENT_VARIABLE>` - checks if an environment variable is set and errors if it is not
+
+Credentials targets (`credentials.mk`)
+- `aws-configure` - configures an AWS sso session
+- `aws-login` - Authorizes an sso session with AWS so aws cli tools can be used. You may still need to set AWS_PROFILE before running commands
+- `github-login` - Authorizes github cli to github with scope to read packages
+- `create-npmrc` - depends on `github-login`, then writes `.npmrc` with a GitHub Packages auth token and `@nhsdigital` registry
 
 Trivy targets (`trivy.mk`)
 - `trivy-license-check` - runs Trivy license scan (HIGH/CRITICAL) and writes `.trivy_out/license_scan.txt`

src/base/.devcontainer/Mk/check.mk

@@ -81,3 +81,9 @@ actionlint:
 
 secret-scan:
 	git-secrets --scan-history .
+
+guard-%:
+	@ if [ "${${*}}" = "" ]; then \
+		echo "Environment variable $* not set"; \
+		exit 1; \
+	fi

src/base/.devcontainer/Mk/common.mk

@@ -1,3 +1,4 @@
 include /usr/local/share/eps/Mk/build.mk
 include /usr/local/share/eps/Mk/check.mk
 include /usr/local/share/eps/Mk/trivy.mk
+include /usr/local/share/eps/Mk/credentials.mk

src/base/.devcontainer/Mk/credentials.mk

@@ -0,0 +1,14 @@
+.PHONY: aws-configure aws-login create-npmrc github-login
+
+aws-configure:
+	aws configure sso --region eu-west-2
+
+aws-login:
+	aws sso login --sso-session sso-session
+
+create-npmrc: github-login
+	echo "//npm.pkg.github.com/:_authToken=$$(gh auth token)" > .npmrc
+	echo "@nhsdigital:registry=https://npm.pkg.github.com" >> .npmrc
+
+github-login:
+	gh auth login --scopes read:packages