Skip to content

Fix broken install Makefile target, update README #214

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
mclasmeier wants to merge 2 commits into
base: main
Choose a base branch
from
+52 −24
Open

Fix broken install Makefile target, update README #214

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
f37e8fe
Fix 'install' Makefile target
Jun 22, 2026
fda0eb1
Reorganize and update README instructions
Jun 22, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 6 additions & 1 deletion Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@

# Go configuration
GOCMD := go
GOPATH ?= $(shell $(GOCMD) env GOPATH)
GOBUILD := $(GOCMD) build
GOTEST := $(GOCMD) test
GOVET := $(GOCMD) vet
Expand All @@ -16,6 +17,7 @@ PKG_LIST := $(shell $(GOCMD) list ./... | grep -v /vendor/)
# Build output
BUILD_DIR := .
BINARY := $(BUILD_DIR)/$(BINARY_NAME)
INSTALLED_BINARY := $(GOPATH)/bin/$(BINARY_NAME)

# Convention is that the git tags are of the form
# v<major>.<minor>.<patch>-<build-number>-<commit-hash>[-dirty]
Expand Down Expand Up @@ -70,7 +72,10 @@ build-all: fmt vet build ## Format, vet, and build
.PHONY: install
install: ## Install roxie to $GOPATH/bin
@echo "📦 Installing roxie..."
$(GOCMD) install -ldflags "$(LDFLAGS)" $(CMD_PATH)
# We cannot use 'go install', because the installed binary would be named 'cmd', given the
# current source tree layout.
mkdir -p $$(dirname $(INSTALLED_BINARY))
$(GOBUILD) -ldflags "$(LDFLAGS)" -o $(INSTALLED_BINARY) ./cmd

# Development targets
.PHONY: fmt
Expand Down
69 changes: 46 additions & 23 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,15 +24,50 @@ roxie has been authored with significant AI contributions.

## Installation

### Download from GitHub releases
Look up the latest release from https://github.com/stackrox/roxie/releases.

### Install from GitHub releases into local dev environment

For example, installing into `$HOME/bin`:
```bash
curl -fsSL -o "${HOME}/bin/roxie" \
https://github.com/stackrox/roxie/releases/download/v0.4.0/roxie-linux-amd64
chmod +x "${HOME}/bin/roxie"
```

On macOS you likely also need
```bash
xattr -d com.apple.quarantine "${HOME}/bin/roxie"
```

### Installing from source into local dev environment

Built using:
```bash
git clone git@github.com:stackrox/roxie.git
cd roxie
make install
```

This will install `roxie` into `${GOPATH}/bin`. If that is not desired you can also
build and copy manually:
```bash
make build
cp roxie /your/custom/bin
```

### Install from GitHub releases as part of CI workflow

```bash
curl -fsSL --retry 5 --retry-all-errors -o /usr/local/bin/roxie \
https://github.com/stackrox/roxie/releases/download/v0.4.0/roxie-linux-amd64
chmod +x /usr/local/bin/roxie
```

### Copy from container image in a Dockerfile
### Install in container image

roxie can also be installed by extracting from a published roxie container image, for example
during container building:

```dockerfile
ARG ROXIE_VERSION=0.4.0
Expand Down Expand Up @@ -61,8 +96,7 @@ Example for deploying Central and SecuredCluster to an Infra OpenShift 4 cluster
```bash
podman run --rm -it --privileged \
-v $KUBECONFIG:/kubeconfig:U \
-e MAIN_IMAGE_TAG=4.9.2 \
quay.io/rhacs-eng/roxie:latest deploy --resources=auto
quay.io/rhacs-eng/roxie:latest deploy -t 4.11.0 --resources=auto

@coderabbitai coderabbitai Bot Jun 22, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Verify the current default version in code and assess other version references
rg -n 'defaultMainImageTag|DEFAULT.*VERSION|default.*tag' --type go
# Check for other hardcoded version references in code
rg -n '"4\.9\.2"|"4\.11\.0"' --type go

Repository: stackrox/roxie

Length of output: 568

🏁 Script executed:

#!/bin/bash
# Check README at the specific line numbers mentioned
echo "=== README.md lines 99, 110, 124, 140, 155 ===" 
sed -n '99p;110p;124p;140p;155p' README.md

echo ""
echo "=== Context around those lines (versions) ===" 
sed -n '95,105p;106,115p;120,130p;136,145p;151,160p' README.md | grep -E 'quay.io|version|tag|4\.[0-9]+\.[0-9]+'

echo ""
echo "=== All version references in README ===" 
rg -n '4\.[0-9]+\.[0-9]+' README.md

Repository: stackrox/roxie

Length of output: 1073

🏁 Script executed:

#!/bin/bash
# Get broader context around the example lines
echo "=== README context (lines 85-165) ===" 
sed -n '85,165p' README.md

echo ""
echo "=== Search for 'default' or 'omit' in README ===" 
rg -i 'default.*tag|omit.*tag|without.*tag|-t' README.md | head -20

Repository: stackrox/roxie

Length of output: 3102

Reconcile documentation version promotion with code defaults.

The README examples uniformly show version 4.11.0 for deployment across all five examples (lines 99, 110, 124, 140, 155). However, the codebase default (in internal/helpers/tag.go:13) is 4.9.2, while tests use 4.10.1 (in tests/e2e/helpers.go:26). This creates a mismatch: users who follow README examples will explicitly deploy 4.11.0, but users who omit the -t flag will silently get 4.9.2 without explicit documentation of that default behavior.

Consider either:

  1. Updating the code's defaultMainImageTag to 4.11.0 to match the documentation
  2. Adding an explicit note in the README clarifying that 4.9.2 is the default when -t is omitted, and explaining why 4.11.0 is recommended
🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@README.md` at line 99, The README documentation examples uniformly use
version 4.11.0, but the codebase default for `defaultMainImageTag` in
internal/helpers/tag.go is set to 4.9.2, creating a mismatch. Update the
`defaultMainImageTag` constant to 4.11.0 to align the code default with the
documented examples. This ensures consistency so users who follow README
examples or omit the version flag receive the same version as the documentation
shows.

```
Specify the `MAIN_IMAGE_TAG` as desired.

@coderabbitai coderabbitai Bot Jun 22, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Update stale reference to MAIN_IMAGE_TAG environment variable.

This comment references the old MAIN_IMAGE_TAG environment variable approach, but the example above (lines 99–100) now uses the -t flag (deploy -t 4.11.0). The comment should be updated to reflect the current approach.

📝 Proposed update 
-Specify the `MAIN_IMAGE_TAG` as desired.
+Specify the tag using the `-t` flag as desired (see line 99 for example).

Or simply remove the line if it's self-evident from the example above.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
Specify the `MAIN_IMAGE_TAG` as desired.
Specify the tag using the `-t` flag as desired (see line 99 for example).
🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@README.md` at line 101, The comment referencing the `MAIN_IMAGE_TAG`
environment variable is outdated since the example above now uses the `-t` flag
approach (deploy -t 4.11.0). Update the line that says "Specify the
`MAIN_IMAGE_TAG` as desired" to reflect the current `-t` flag method, or remove
it entirely if the approach is self-evident from the example above.


Expand All @@ -71,37 +105,26 @@ Deploying to a GKE cluster requires passing of some more arguments:
podman run --rm -it --privileged \
-v ~/.config/gcloud:/.config/gcloud:U \
-v $KUBECONFIG:/kubeconfig:U \
-e MAIN_IMAGE_TAG=4.9.2 \
-e REGISTRY_USERNAME=$REGISTRY_USERNAME \
-e REGISTRY_PASSWORD=$REGISTRY_PASSWORD \
quay.io/rhacs-eng/roxie:latest deploy --resources=auto
quay.io/rhacs-eng/roxie:latest deploy -t 4.11.0 --resources=auto
```
Note that in this case we also need to pass the gcloud configuration for the authentication towards
the cluster to succeed.

### Option 2: Deploying using local build
### Option 2: Deploying using native executable

Prerequisites:
- `kubectl` configured to point at your target cluster
- The `roxctl` CLI
- The `roxie` branch forked and cloned to your local machine

Built using:
```bash
make build
```

Get help:
```bash
./roxie --help
```
- `roxctl` CLI is installed
- `roxie` CLI is installed

Deploy using:
```bash
MAIN_IMAGE_TAG=4.9.2 ./roxie deploy [ <component> ]
./roxie deploy -t 4.11.0 [ <component> ]
```
where `component` can be `central` or `sensor`. If not specified, both components will be deployed.
Specify the `MAIN_IMAGE_TAG` as desired.
Specify the tag to deploy as desired.

Similarly, the deployment(s) can be torn down using:
```bash
Expand All @@ -114,7 +137,7 @@ roxie supports hub + spoke architectures where Central and SecuredCluster run on

1. Deploy Central on the hub cluster:
```bash
./roxie deploy central -t 4.9.2
./roxie deploy central -t 4.11.0
```

2. Create a config file for the spoke cluster, pointing at the Central endpoint (printed during step 1):
Expand All @@ -129,7 +152,7 @@ securedCluster:
```bash
ROX_ADMIN_PASSWORD=<admin-password> \
ROX_CA_CERT_FILE=<path-to-ca-cert> \
./roxie deploy secured-cluster -t 4.9.2 -c spoke-config.yaml
./roxie deploy secured-cluster -t 4.11.0 -c spoke-config.yaml
```

> **Tip:** If deploying from the roxie subshell, `ROX_ADMIN_PASSWORD` and `ROX_CA_CERT_FILE` are
Expand Down
Loading