Add Starlark-based provisioner backend

 - New provisioner implementation that delegates every
   `pkg/provisioner.Provisioner` method to a named
   function in a user-supplied Starlark script, enabled
   via `--starlark-provisioner-script` CLI arg.

 - The reference script `efi-vmedia.star` that targets
   Ironic redfish-virtualmedia UEFI (custom-deploy or
   qcow2) and rejects unsupported specs.

Signed-off-by: s3rj1k <evasive.gyron@gmail.com>

Author: s3rj1k

.github/workflows/build-images-action.yml

@@ -2,29 +2,48 @@ name: build-images-action
 
 permissions:
   contents: read
+  packages: write
 
 on:
   push:
     branches:
     - 'main'
     - 'release-*'
+    - 'starlark'
     tags:
     - 'v*'
 
 jobs:
   build_bmo:
-    name: Build BMO container image
-    if: github.repository == 'metal3-io/baremetal-operator'
-    permissions:
-      contents: read
-      id-token: write
-    uses: metal3-io/project-infra/.github/workflows/container-image-build.yml@main # zizmor: ignore[unpinned-uses]
-    with:
-      image-name: 'baremetal-operator'
-      pushImage: true
-      generate-sbom: true
-      sign-image: true
-    secrets:
-      QUAY_USERNAME: ${{ secrets.QUAY_USERNAME }}
-      QUAY_PASSWORD: ${{ secrets.QUAY_PASSWORD }}
-      SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
+    name: Build and push BMO container image
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v6
+      with:
+        persist-credentials: false
+
+    - name: Calculate go version
+      id: vars
+      run: echo "go_version=$(make go-version)" >> $GITHUB_OUTPUT
+
+    - name: Set up Go
+      uses: actions/setup-go@v6
+      with:
+        go-version: ${{ steps.vars.outputs.go_version }}
+
+    - name: Log in to GHCR
+      uses: docker/login-action@v4
+      with:
+        registry: ghcr.io
+        username: ${{ github.actor }}
+        password: ${{ secrets.GITHUB_TOKEN }}
+
+    - name: Build image
+      run: make docker-build
+      env:
+        REGISTRY: ghcr.io/${{ github.repository_owner }}
+        IMG_TAG: ${{ github.ref_name }}
+
+    - name: Push image
+      run: docker push ghcr.io/${{ github.repository_owner }}/baremetal-operator-amd64:${{ github.ref_name }}

go.mod

@@ -15,6 +15,7 @@ require (
 	github.com/prometheus/client_golang v1.23.2
 	github.com/stretchr/testify v1.11.1
 	go.etcd.io/etcd/client/pkg/v3 v3.6.10
+	go.starlark.net v0.0.0-20260326113308-fadfc96def35
 	go.uber.org/zap v1.27.1
 	k8s.io/api v0.34.6
 	k8s.io/apimachinery v0.34.6
@@ -90,7 +91,7 @@ require (
 	golang.org/x/oauth2 v0.34.0 // indirect
 	golang.org/x/sync v0.19.0 // indirect
 	golang.org/x/sys v0.42.0 // indirect
-	golang.org/x/term v0.39.0 // indirect
+	golang.org/x/term v0.41.0 // indirect
 	golang.org/x/text v0.33.0 // indirect
 	golang.org/x/time v0.9.0 // indirect
 	golang.org/x/tools v0.41.0 // indirect

go.sum

@@ -217,6 +217,8 @@ go.opentelemetry.io/otel/trace v1.43.0 h1:BkNrHpup+4k4w+ZZ86CZoHHEkohws8AY+WTX09
 go.opentelemetry.io/otel/trace v1.43.0/go.mod h1:/QJhyVBUUswCphDVxq+8mld+AvhXZLhe+8WVFxiFff0=
 go.opentelemetry.io/proto/otlp v1.9.0 h1:l706jCMITVouPOqEnii2fIAuO3IVGBRPV5ICjceRb/A=
 go.opentelemetry.io/proto/otlp v1.9.0/go.mod h1:xE+Cx5E/eEHw+ISFkwPLwCZefwVjY+pqKg1qcK03+/4=
+go.starlark.net v0.0.0-20260326113308-fadfc96def35 h1:VYAqieSOJNxBDX8KJneTAwvdf4J4zRDE2u+UFXtt9h4=
+go.starlark.net v0.0.0-20260326113308-fadfc96def35/go.mod h1:Iue6g6iirlfLoVi/DYCi5/x0h/bAOuWF3dULTKpt2Vo=
 go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
 go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
 go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
@@ -256,8 +258,8 @@ golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.42.0 h1:omrd2nAlyT5ESRdCLYdm3+fMfNFE/+Rf4bDIQImRJeo=
 golang.org/x/sys v0.42.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw=
-golang.org/x/term v0.39.0 h1:RclSuaJf32jOqZz74CkPA9qFuVTX7vhLlpfj/IGWlqY=
-golang.org/x/term v0.39.0/go.mod h1:yxzUCTP/U+FzoxfdKmLaA0RV1WgE0VY7hXBwKtY/4ww=
+golang.org/x/term v0.41.0 h1:QCgPso/Q3RTJx2Th4bDLqML4W6iJiaXFq2/ftQF13YU=
+golang.org/x/term v0.41.0/go.mod h1:3pfBgksrReYfZ5lvYM0kSO0LIkAl4Yl2bXOkKP7Ec2A=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.33.0 h1:B3njUFyqtHDUI5jMn1YIr5B0IE2U0qck04r6d4KPAxE=

internal/controller/metal3.io/baremetalhost_controller.go

@@ -828,7 +828,7 @@ func (r *BareMetalHostReconciler) registerHost(ctx context.Context, prov provisi
 		dirty = true
 	}
 
-	preprovImgFormats, err := prov.PreprovisioningImageFormats()
+	preprovImgFormats, err := prov.PreprovisioningImageFormats(ctx)
 	if err != nil {
 		return actionError{err}
 	}

internal/controller/metal3.io/host_state_machine_test.go

@@ -1319,7 +1319,7 @@ func (m *mockProvisioner) Register(_ context.Context, _ provisioner.ManagementAc
 	return m.getNextResultByMethod("ValidateManagementAccess"), "", err
 }
 
-func (m *mockProvisioner) PreprovisioningImageFormats() ([]metal3api.ImageFormat, error) {
+func (m *mockProvisioner) PreprovisioningImageFormats(_ context.Context) ([]metal3api.ImageFormat, error) {
 	return nil, nil
 }
 

main.go

@@ -33,6 +33,7 @@ import (
 	"github.com/metal3-io/baremetal-operator/pkg/provisioner/demo"
 	"github.com/metal3-io/baremetal-operator/pkg/provisioner/fixture"
 	"github.com/metal3-io/baremetal-operator/pkg/provisioner/ironic"
+	starlarkprov "github.com/metal3-io/baremetal-operator/pkg/provisioner/starlark"
 	"github.com/metal3-io/baremetal-operator/pkg/secretutils"
 	"github.com/metal3-io/baremetal-operator/pkg/version"
 	ironicv1alpha1 "github.com/metal3-io/ironic-standalone-operator/api/v1alpha1"
@@ -133,6 +134,7 @@ func main() {
 	var devLogging bool
 	var runInTestMode bool
 	var runInDemoMode bool
+	var starlarkScript string
 	var webhookPort int
 	var restConfigQPS float64
 	var restConfigBurst int
@@ -157,6 +159,8 @@ func main() {
 	flag.BoolVar(&runInTestMode, "test-mode", false, "disable ironic communication")
 	flag.BoolVar(&runInDemoMode, "demo-mode", false,
 		"use the demo provisioner to set host states")
+	flag.StringVar(&starlarkScript, "starlark-provisioner-script", os.Getenv("STARLARK_PROVISIONER_SCRIPT"),
+		"path to a Starlark script implementing the provisioner interface")
 	flag.StringVar(&healthAddr, "health-addr", ":9440",
 		"The address the health endpoint binds to.")
 	flag.IntVar(&webhookPort, "webhook-port", 9443, //nolint:mnd
@@ -201,6 +205,23 @@ func main() {
 
 	printVersion()
 
+	// At most one provisioner mode may be selected. Silently picking the
+	// first true mode (the previous behavior) hides a misconfiguration
+	// that would otherwise surface much later as confusing reconcile
+	// behavior. Run this guard before any expensive setup so the operator
+	// fails fast at startup. Enumerating the three pairwise conflicts
+	// covers every "two or more true" combination (the all-three case
+	// matches all three disjuncts).
+	if (runInTestMode && runInDemoMode) ||
+		(runInTestMode && starlarkScript != "") ||
+		(runInDemoMode && starlarkScript != "") {
+		setupLog.Error(nil, "only one provisioner mode may be set",
+			"test-mode", runInTestMode,
+			"demo-mode", runInDemoMode,
+			"starlark-provisioner-script", starlarkScript)
+		os.Exit(1)
+	}
+
 	enableWebhook := webhookPort != 0
 
 	leaderElectionNamespace := os.Getenv("POD_NAMESPACE")
@@ -320,6 +341,13 @@ func main() {
 	} else if runInDemoMode {
 		ctrl.Log.Info("using demo provisioner")
 		provisionerFactory = &demo.Demo{}
+	} else if starlarkScript != "" {
+		ctrl.Log.Info("using starlark provisioner", "script", starlarkScript)
+		provisionerFactory, err = starlarkprov.NewProvisionerFactory(starlarkScript)
+		if err != nil {
+			setupLog.Error(err, "cannot start starlark provisioner")
+			os.Exit(1)
+		}
 	} else {
 		provLog := zap.New(zap.UseFlagOptions(&logOpts)).WithName("provisioner")
 		// Check if we should use Ironic CR integration

pkg/provisioner/demo/demo.go

@@ -111,7 +111,7 @@ func (p *demoProvisioner) Register(_ context.Context, _ provisioner.ManagementAc
 	return
 }
 
-func (p *demoProvisioner) PreprovisioningImageFormats() ([]metal3api.ImageFormat, error) {
+func (p *demoProvisioner) PreprovisioningImageFormats(_ context.Context) ([]metal3api.ImageFormat, error) {
 	return nil, nil
 }
 

pkg/provisioner/fixture/fixture.go

@@ -149,7 +149,7 @@ func (p *fixtureProvisioner) Register(_ context.Context, _ provisioner.Managemen
 	return
 }
 
-func (p *fixtureProvisioner) PreprovisioningImageFormats() ([]metal3api.ImageFormat, error) {
+func (p *fixtureProvisioner) PreprovisioningImageFormats(_ context.Context) ([]metal3api.ImageFormat, error) {
 	return nil, nil
 }
 

pkg/provisioner/ironic/ironic.go

@@ -382,7 +382,7 @@ func (p *ironicProvisioner) configureNode(ctx context.Context, data provisioner.
 // PreprovisioningImageFormats returns a list of acceptable formats for a
 // pre-provisioning image to be built by a PreprovisioningImage object. The
 // list should be nil if no image build is requested.
-func (p *ironicProvisioner) PreprovisioningImageFormats() ([]metal3api.ImageFormat, error) {
+func (p *ironicProvisioner) PreprovisioningImageFormats(_ context.Context) ([]metal3api.ImageFormat, error) {
 	if !p.config.havePreprovImgBuilder {
 		return nil, nil
 	}

pkg/provisioner/ironic/register_test.go

@@ -1,6 +1,7 @@
 package ironic
 
 import (
+	"context"
 	"net/http"
 	"testing"
 
@@ -964,7 +965,7 @@ func TestPreprovisioningImageFormats(t *testing.T) {
 			prov, _ := newProvisionerWithSettings(host, bmc.Credentials{}, nil, ironicEndpoint, auth)
 			prov.config.havePreprovImgBuilder = tc.PreprovImgEnabled
 
-			fmts, err := prov.PreprovisioningImageFormats()
+			fmts, err := prov.PreprovisioningImageFormats(context.Background())
 
 			require.NoError(t, err)
 			assert.Equal(t, tc.Expected, fmts)