diff --git a/.github/workflows/lint-chart.yaml b/.github/workflows/lint-chart.yaml index b4b8b019f..e15b2247f 100644 --- a/.github/workflows/lint-chart.yaml +++ b/.github/workflows/lint-chart.yaml @@ -5,7 +5,7 @@ on: # Exclude branches created by Dependabot to avoid triggering current workflow # for PRs initiated by Dependabot. branches-ignore: - - 'dependabot/**' + - "dependabot/**" pull_request: paths: - "charts/**" @@ -23,9 +23,8 @@ jobs: uses: azure/setup-helm@v4 with: version: v3.7.1 - - name: Lint Chart + - name: Chart Security run: | - make lint_chart + make chart-security - name: Check chart version run: bash ./hack/verify-chart-version.sh - diff --git a/Makefile b/Makefile index 3dd3709b2..e97bb2c1d 100644 --- a/Makefile +++ b/Makefile @@ -3,7 +3,13 @@ include version.mk Makefile.defs all: build -docker: +.PHONY: help +help: ## Display this help. + @awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n make \033[36m\033[0m\n"} /^[a-zA-Z_0-9-]+:.*?##/ { printf " \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST) + +##@ Build +.PHONY: docker-build +docker-build: ## Build docker image with the vgpu. docker build \ --build-arg GOLANG_IMAGE=${GOLANG_IMAGE} \ --build-arg TARGET_ARCH=${TARGET_ARCH} \ @@ -13,7 +19,8 @@ docker: --build-arg GOPROXY=https://goproxy.cn,direct \ . -f=docker/Dockerfile -t ${IMG_TAG} -dockerwithlib: +.PHONY: docker-buildwithlib +docker-buildwithlib: ## Build docker image without the enterprise vgpu and vgpuvalidator. docker build \ --no-cache \ --build-arg GOLANG_IMAGE=${GOLANG_IMAGE} \ @@ -27,11 +34,16 @@ dockerwithlib: tidy: $(GO) mod tidy +.PHONY: lint +lint: + bash hack/verify-staticcheck.sh + proto: $(GO) get github.com/gogo/protobuf/protoc-gen-gofast@v1.3.2 protoc --gofast_out=plugins=grpc:. ./pkg/api/*.proto -build: $(CMDS) $(DEVICES) +.PHONY: build +build: tidy lint $(CMDS) $(DEVICES) ## Build hami-scheduler,hami-device-plugin,vGPUmonitor binary $(CMDS): $(GO) build -ldflags '-s -w -X github.com/Project-HAMi/HAMi/pkg/version.version=$(VERSION)' -o ${OUTPUT_DIR}/$@ ./cmd/$@ @@ -43,21 +55,26 @@ clean: $(GO) clean -r -x ./cmd/... -rm -rf $(OUTPUT_DIR) -.PHONY: all build docker clean $(CMDS) +.PHONY: all build docker-build clean $(CMDS) -test: +##@ Test +.PHONY: test +test: ## Unit test mkdir -p ./_output/coverage/ bash hack/unit-test.sh -lint: - bash hack/verify-staticcheck.sh +.PHONY: e2e-test +e2e-test: ## e2-test + ./hack/e2e-test.sh "${E2E_TYPE}" "${KUBE_CONF}" + +.PHONY: e2e-env-setup +e2e-env-setup: + ./hack/e2e-test-setup.sh -.PHONY: verify -verify: - hack/verify-all.sh -.PHONY: lint_dockerfile -lint_dockerfile: +##@ Security +.PHONY: dockerfile-security +dockerfile-security: ##Scan Dockerfile security @ docker run --rm \ -v $(ROOT_DIR)/.trivyignore:/.trivyignore \ -v /tmp/trivy:/root/trivy.cache/ \ @@ -66,8 +83,8 @@ lint_dockerfile: (($$?==0)) || { echo "error, failed to check dockerfile trivy" && exit 1 ; } ; \ echo "dockerfile trivy check: pass" -.PHONY: lint_chart -lint_chart: +.PHONY: chart-security +chart-security: ##Scan Charts security @ docker run --rm \ -v $(ROOT_DIR)/.trivyignore:/.trivyignore \ -v /tmp/trivy:/root/trivy.cache/ \ @@ -76,14 +93,15 @@ lint_chart: (($$?==0)) || { echo "error, failed to check chart trivy" && exit 1 ; } ; \ echo "chart trivy check: pass" -.PHONY: e2e-env-setup -e2e-env-setup: - ./hack/e2e-test-setup.sh + +##@ Deploy .PHONY: helm-deploy -helm-deploy: +helm-deploy: ##Deploy hami to the K8s cluster specified in ~/.kube/config. ./hack/deploy-helm.sh "${E2E_TYPE}" "${KUBE_CONF}" "${HAMI_VERSION}" -.PHONY: e2e-test -e2e-test: - ./hack/e2e-test.sh "${E2E_TYPE}" "${KUBE_CONF}" + +.PHONY: verify +verify: + hack/verify-all.sh + diff --git a/docker/Dockerfile b/docker/Dockerfile index 3ff4102b7..33f3521e1 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -1,10 +1,11 @@ -ARG GOLANG_IMAGE=golang:1.22.5-bullseye -ARG NVIDIA_IMAGE=nvidia/cuda:12.2.0-devel-ubuntu20.04 +ARG GOLANG_IMAGE +ARG NVIDIA_IMAGE FROM $GOLANG_IMAGE AS build FROM $GOLANG_IMAGE AS gobuild -ARG GOPROXY ARG VERSION + +ARG GOPROXY=https://goproxy.cn,direct ADD . /k8s-vgpu #RUN --mount=type=cache,target=/go/pkg/mod \ # cd /k8s-vgpu && make all diff --git a/docker/Dockerfile.withlib b/docker/Dockerfile.withlib index 7d9f4b5b3..5209281d4 100644 --- a/docker/Dockerfile.withlib +++ b/docker/Dockerfile.withlib @@ -2,10 +2,11 @@ ARG GOLANG_IMAGE ARG NVIDIA_IMAGE FROM $GOLANG_IMAGE AS build -FROM $GOLANG_IMAGE AS GOBUILD +FROM $GOLANG_IMAGE AS gobuild +ARG VERSION + ADD . /k8s-vgpu ARG GOPROXY=https://goproxy.cn,direct -ARG VERSION RUN go env -w GO111MODULE=on RUN cd /k8s-vgpu && make all VERSION=$VERSION RUN go install github.com/NVIDIA/mig-parted/cmd/nvidia-mig-parted@latest @@ -19,9 +20,10 @@ ENV NVIDIA_DRIVER_CAPABILITIES=utility ARG VERSION LABEL version="$VERSION" LABEL maintainer="opensource@4paradigm.com" + COPY ./LICENSE /k8s-vgpu/LICENSE -COPY --from=GOBUILD /k8s-vgpu/bin /k8s-vgpu/bin -COPY --from=GOBUILD /go/bin/nvidia-mig-parted /k8s-vgpu/bin/ +COPY --from=gobuild /k8s-vgpu/bin /k8s-vgpu/bin +COPY --from=gobuild /go/bin/nvidia-mig-parted /k8s-vgpu/bin/ COPY ./docker/entrypoint.sh /k8s-vgpu/bin/entrypoint.sh COPY ./docker/vgpu-init.sh /k8s-vgpu/bin/vgpu-init.sh COPY ./lib /k8s-vgpu/lib