This PR adds an automated make help target that scans all Makefiles

[nios-x]

Proposed change

Resolves #4080

This PR adds an automated make help target that scans all Makefiles (root and subdirectories) and generates a categorized, human-readable command list based on documented targets.

Checklist

• Required: I followed the contributing workflow
• Required: I verified that my code works as intended and resolves the issue as described
• Required: I ran make check-test locally: all warnings addressed, tests passed
• I used AI for code, documentation, tests, or communication related to this PR

Screenshots

[coderabbitai]

Warning

Rate limit exceeded

@nios-x has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 7 minutes and 20 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📥 Commits

Reviewing files that changed from the base of the PR and between f830d17 and e96335f.

📒 Files selected for processing (2)

• Makefile
• frontend/Makefile

Walkthrough

Adds a generated make help and default goal to the root Makefile, introduces many annotated and composite Make targets across Makefiles (root, backend, frontend, cspell, infrastructure), and inserts a brief make help suggestion into CONTRIBUTING.md. No runtime logic changes.

Changes

Cohort / File(s)	Summary
Documentation CONTRIBUTING.md	Inserted "Run make help for a categorized list of available targets." in the "Run the Application" section (two locations).
Root Makefile Makefile	Added .DEFAULT_GOAL := help, an AWK-based help target, expanded .PHONY, and many annotated targets and sections (build, run, help, clean*, prune, check*/test*/pre-commit, security-scan* including semgrep/trivy/zap, update* and maintenance targets).
Backend Makefile backend/Makefile	Added/annotated targets for data orchestration and developer UX: enrich-data (expanded OWASP/GitHub enrich dependencies), index-data, load-data, dump-data, create-superuser, django-shell, test-backend, and updated migration/collect-static annotations.
Frontend Makefile frontend/Makefile	Added build-frontend-local-image, check-frontend (now depends on generate-graphql-types), test-frontend, and test-frontend-e2e; added Frontend section header.
Spelling Makefile cspell/Makefile	Added section header ##@ Spelling and annotated check-spelling: ## Run spell checker (no behavior change).
Infrastructure Makefile infrastructure/Makefile	Added ##@ Infrastructure header and annotated test-infrastructure: ## Run infrastructure tests (recipe unchanged).

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• feat: Add bmake pre-commit hook  #3998 — modifies root Makefile .PHONY and help-related wiring; strong Makefile-level overlap.
• refactor(ci): standardize security scans via Makefile targets #3678 — expands security-scan/Trivy/Semgrep/ZAP Makefile targets; directly related to added security targets.
• Docs: add security scanning guides and Makefile targets #3525 — adjusts security scanning and CONTRIBUTING guidance for Semgrep/Trivy; related to documentation and scan targets.

Suggested labels

frontend

Suggested reviewers

• arkid15r
• kasya

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Out of Scope Changes check	❓ Inconclusive	While changes focus on help implementation, the extensive Makefile modifications add many new targets and reorganizations beyond the core help objective, and their necessity for the help feature is unclear.	Clarify whether all new targets (build, run, clean-dependencies, security-scan variants, etc.) are essential dependencies of the help feature or represent scope expansion beyond issue #4080.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The PR title directly describes the main change: adding an automated make help target that scans all Makefiles, which aligns with the primary objective.
Description check	✅ Passed	The PR description clearly explains the proposed change (automated help target generation from Makefiles), references the linked issue #4080, and documents the implementation with a screenshot.
Linked Issues check	✅ Passed	The PR successfully implements all core requirements from #4080: automated help target enumerating targets across multiple Makefiles, categorized by use case (Getting started, Testing, Data, Cleanup, Security, Maintenance), and accessible via 'make help'.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (1)

backend/Makefile (1)

101-107: Consider consistent comment style for help descriptions.

The file uses two different styles for help annotations:

• Standalone comment above target (lines 101, 222): ## @category Description
• Inline comment (lines 112, 118): target: ## @category Description

While the awk parser handles both, using a consistent style improves maintainability.

Option: Align with inline style used elsewhere

-## `@Data` Enrich datasets from source systems
-enrich-data: \
+enrich-data: ## `@Data` Enrich datasets from source systems
+enrich-data: enrich-data-deps
+enrich-data-deps: \

Alternatively, keep current style if standalone comments are preferred for multi-line dependency targets.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@backend/Makefile` around lines 101 - 107, The comment style is inconsistent;
change standalone help comments (e.g., the block above the enrich-data target
that currently reads "## `@Data` Enrich datasets from source systems" and any
other standalone help comments) to the inline style used elsewhere by appending
the descriptor to the target line (e.g., enrich-data: ## `@Data` Enrich datasets
from source systems) so all targets follow the same "target: ## `@Category`
Description" format; update the enrich-data target and other similarly styled
targets (like github-enrich-issues, owasp-enrich-*) to use the inline help
annotation.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@backend/Makefile`:
- Around line 101-107: The comment style is inconsistent; change standalone help
comments (e.g., the block above the enrich-data target that currently reads "##
`@Data` Enrich datasets from source systems" and any other standalone help
comments) to the inline style used elsewhere by appending the descriptor to the
target line (e.g., enrich-data: ## `@Data` Enrich datasets from source systems) so
all targets follow the same "target: ## `@Category` Description" format; update
the enrich-data target and other similarly styled targets (like
github-enrich-issues, owasp-enrich-*) to use the inline help annotation.

---

ℹ️ Review info

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between e5d3d6a and 5674eb5.

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (3)

• CONTRIBUTING.md
• Makefile
• backend/Makefile

[cubic-dev-ai]

1 issue found across 4 files

Confidence score: 4/5

• This PR looks safe to merge; the main concern is a minor performance overhead rather than functional breakage.
• Makefile uses a top-level := that triggers a full repository find during parsing, so any make invocation may incur extra overhead and could fail before unrelated targets run.
• Pay close attention to Makefile - top-level find runs during parse and adds global overhead.

Prompt for AI agents (unresolved issues)

Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.


<file name="Makefile">

<violation number="1" location="Makefile:7">
P2: Top-level `:=` executes the repository-wide `find` during Makefile parsing, so every `make` run incurs a full scan even when `help` is not invoked. This adds global overhead and can fail before unrelated targets run. Use deferred evaluation so the scan only happens for `help`.</violation>
</file>

_{Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.}

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (1)

Makefile (1)

176-221: Extract the embedded AWK program into a dedicated script file.

The target works, but this inline block is hard to maintain and already triggers maxbodylength. Moving it to scripts/make-help.awk would simplify future edits and reviews.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@Makefile` around lines 176 - 221, The inline AWK program embedded in the help
target should be moved to a dedicated script: create scripts/make-help.awk
containing the AWK code (including the add_entry function and BEGIN/END blocks),
make it executable (or include a proper #! /usr/bin/awk -f header), and then
simplify the Makefile help target to invoke awk -f scripts/make-help.awk
$(HELP_MAKEFILES); ensure the new script reproduces the same logic/variable
names (add_entry, entries, order, seen, doc) and that HELP_MAKEFILES is still
passed through.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@Makefile`:
- Line 7: Change HELP_MAKEFILES to only include repository-tracked Makefiles by
using git to list them instead of find; replace the assignment of HELP_MAKEFILES
with a command like `$(shell git ls-files -- 'Makefile' '*/Makefile' | sort)` so
only repo-owned (tracked) Makefiles are discovered for `make help` rather than
scanning local/generated directories.
- Around line 9-12: The .PHONY declaration is missing explicit entries for the
implicit/default targets flagged by checkmake (e.g., all and test); update the
.PHONY line to include "all" and "test" and add a lightweight default "all"
target (e.g., depends on build or prints help) so the linter stops reporting
minphony noise; modify the Makefile's .PHONY list and add a simple all target
(and if desired a test target stub) to clearly declare these targets referenced
elsewhere.

---

Nitpick comments:
In `@Makefile`:
- Around line 176-221: The inline AWK program embedded in the help target should
be moved to a dedicated script: create scripts/make-help.awk containing the AWK
code (including the add_entry function and BEGIN/END blocks), make it executable
(or include a proper #! /usr/bin/awk -f header), and then simplify the Makefile
help target to invoke awk -f scripts/make-help.awk $(HELP_MAKEFILES); ensure the
new script reproduces the same logic/variable names (add_entry, entries, order,
seen, doc) and that HELP_MAKEFILES is still passed through.

---

ℹ️ Review info

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 5674eb5 and 6b916be.

📒 Files selected for processing (1)

• Makefile

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Resolve checkmake minphony noise with explicit declarations.

Static analysis flags all/test phony requirements here. Adding explicit entries (and a lightweight all default) keeps lint output clean and avoids ambiguity.

Proposed fix

 .PHONY: build clean check pre-commit prune run scan-images security-scan security-scan-code \
 	security-scan-code-semgrep security-scan-code-trivy security-scan-images \
 	security-scan-backend-image security-scan-frontend-image security-scan-zap \
 	test update clean-trivy-cache help
+.PHONY: all test
+
+all: help

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	.PHONY: build clean check pre-commit prune run scan-images security-scan security-scan-code \
	security-scan-code-semgrep security-scan-code-trivy security-scan-images \
	security-scan-backend-image security-scan-frontend-image security-scan-zap \
	test update clean-trivy-cache
	test update clean-trivy-cache help
	.PHONY: build clean check pre-commit prune run scan-images security-scan security-scan-code \
	security-scan-code-semgrep security-scan-code-trivy security-scan-images \
	security-scan-backend-image security-scan-frontend-image security-scan-zap \
	test update clean-trivy-cache help
	.PHONY: all test
	all: help

🧰 Tools

🪛 checkmake (0.2.2)

[warning] 9-9: Missing required phony target "all"

(minphony)

---

[warning] 9-9: Missing required phony target "test"

(minphony)

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@Makefile` around lines 9 - 12, The .PHONY declaration is missing explicit
entries for the implicit/default targets flagged by checkmake (e.g., all and
test); update the .PHONY line to include "all" and "test" and add a lightweight
default "all" target (e.g., depends on build or prints help) so the linter stops
reporting minphony noise; modify the Makefile's .PHONY list and add a simple all
target (and if desired a test target stub) to clearly declare these targets
referenced elsewhere.

[cubic-dev-ai]

1 issue found across 1 file (changes from recent commits).

Prompt for AI agents (unresolved issues)

Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.


<file name="Makefile">

<violation number="1" location="Makefile:7">
P2: `find` exclusions only match top-level paths and don’t prune traversal, so nested dependency/build folders are still walked and can pollute help output or slow `make help`. Use globbed paths with `-prune` to skip traversal of those directories entirely.</violation>
</file>

_{Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

frontend/Makefile (1)

5-12: Consider documenting build-frontend-local-image in help output.

Line 6 defines a public/useful target, but it won’t be shown by make help without a ## description.

Suggested diff

-build-frontend-local-image:
+build-frontend-local-image: ## Build local frontend Docker image

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@frontend/Makefile` around lines 5 - 12, The make target
build-frontend-local-image is public but not listed by make help; add a help
description by adding a '##' comment for that target (e.g., add a line like
"build-frontend-local-image: ## Build local frontend Docker image" or place "##
Build local frontend Docker image" immediately above the target) so the existing
make help parser will include build-frontend-local-image in the help output;
update the Makefile around the build-frontend-local-image target accordingly.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@Makefile`:
- Around line 50-53: The Makefile prune target over-promises age scoping: the
target named "prune" claims "older than 72h" but the docker volume prune command
(docker volume prune -f) has no age filter and may remove recent volumes; update
the prune target so behavior matches the description by adding the same age
filter to the volume prune command (use the --filter 'until=72h' / --filter
'until=72h' syntax) or alternatively relax the target description to reflect
that volumes are pruned unconditionally—change either the description or modify
the docker volume prune invocation in the prune target to include the age filter
so all three prune commands are consistent.

---

Nitpick comments:
In `@frontend/Makefile`:
- Around line 5-12: The make target build-frontend-local-image is public but not
listed by make help; add a help description by adding a '##' comment for that
target (e.g., add a line like "build-frontend-local-image: ## Build local
frontend Docker image" or place "## Build local frontend Docker image"
immediately above the target) so the existing make help parser will include
build-frontend-local-image in the help output; update the Makefile around the
build-frontend-local-image target accordingly.

---

ℹ️ Review info

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 0a0f882 and f830d17.

📒 Files selected for processing (5)

• Makefile
• backend/Makefile
• cspell/Makefile
• frontend/Makefile
• infrastructure/Makefile

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

prune description over-promises age scoping.

Line 50 says “older than 72h”, but Line 53 prunes unused volumes without any age qualifier. This can surprise contributors by removing newer volumes too.

Suggested diff

-prune: ## Prune Docker resources older than 72h
+prune: ## Prune unused Docker resources (builders/images older than 72h)

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@Makefile` around lines 50 - 53, The Makefile prune target over-promises age
scoping: the target named "prune" claims "older than 72h" but the docker volume
prune command (docker volume prune -f) has no age filter and may remove recent
volumes; update the prune target so behavior matches the description by adding
the same age filter to the volume prune command (use the --filter 'until=72h' /
--filter 'until=72h' syntax) or alternatively relax the target description to
reflect that volumes are pruned unconditionally—change either the description or
modify the docker volume prune invocation in the prune target to include the age
filter so all three prune commands are consistent.

[cubic-dev-ai]

1 issue found across 5 files (changes from recent commits).

Prompt for AI agents (unresolved issues)

Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.


<file name="Makefile">

<violation number="1" location="Makefile:50">
P2: The `prune` target description claims it prunes Docker resources "older than 72h", but `docker volume prune -f` removes **all** unused volumes regardless of age. This mismatch between the documented behavior and actual behavior could lead to unexpected data loss. Either add `--filter 'until=72h'` to the volume prune command, or update the description to accurately reflect that volumes are pruned without an age qualifier (e.g., `Prune unused Docker resources (builders/images older than 72h, all unused volumes)`).</violation>
</file>

_{Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.}

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[nios-x]

@arkid15r

[arkid15r]

Closing in favor of #4091

Please follow our contributing guidelines -- it'll drastically improve chances of your PR to be merged.