chore: add DOCA driver matrix validation

Signed-off-by: Fred Rolland <[email protected]>

Author: rollandf

.github/workflows/checks.yaml

@@ -78,6 +78,22 @@ jobs:
         uses: actions/checkout@v4
       - name: check release-build
         run: make check-release-build
+  check-doca-drivers:
+    name: check doca-drivers
+    runs-on: ubuntu-22.04
+    env:
+      NGC_CLI_API_KEY: ${{ secrets.NVCR_TOKEN }}
+    permissions:
+      contents: read
+    steps:
+      - name: Set up Go 1.x
+        uses: actions/setup-go@v5
+        with:
+          go-version: '1.23'
+      - name: checkout
+        uses: actions/checkout@v4
+      - name: check doca-drivers
+        run: make check-doca-drivers
   unit-tests:
     name: Unit-tests
     runs-on: ubuntu-22.04

.gitignore

@@ -30,3 +30,4 @@ testbin
 test
 build
 hack/manifests
+hack/tmp

Makefile

@@ -20,6 +20,7 @@ REPO_PATH=$(ORG_PATH)/$(PACKAGE)
 CHART_PATH=$(CURDIR)/deployment/$(PACKAGE)
 TOOLSDIR=$(CURDIR)/hack/tools/bin
 MANIFESTDIR=$(CURDIR)/hack/manifests
+HACKTMPDIR=$(CURDIR)/hack/tmp
 BUILDDIR=$(CURDIR)/build/_output
 GOFILES=$(shell find . -name "*.go" | grep -vE "(\/vendor\/)|(_test.go)")
 TESTPKGS=./...
@@ -37,6 +38,7 @@ BUILD_VERSION := $(strip $(shell [ -d .git ] && git describe --always --tags --d
 BUILD_TIMESTAMP := $(shell date -u +"%Y-%m-%dT%H:%M:%S%Z")
 VCS_BRANCH := $(strip $(shell git rev-parse --abbrev-ref HEAD))
 VCS_REF := $(strip $(shell [ -d .git ] && git rev-parse --short HEAD))
+DOCA_DRIVER_RELEASE_URL := https://raw.githubusercontent.com/Mellanox/doca-driver-build/refs/heads/main/release_manifests/
 
 # Docker
 IMAGE_BUILDER?=docker
@@ -109,6 +111,9 @@ $(MANIFESTDIR):
 $(BUILDDIR): ; $(info Creating build directory...)
 	mkdir -p $@
 
+$(HACKTMPDIR):
+	@mkdir -p $@
+
 build: generate $(BUILDDIR)/$(BINARY_NAME) ; $(info Building $(BINARY_NAME)...) @ ## Build executable file
 	$(info Done!)
 
@@ -356,6 +361,7 @@ clean: ; $(info  Cleaning...)	 @ ## Cleanup everything
 	@rm -rf $(BUILDDIR)
 	@rm -rf $(TOOLSDIR)
 	@rm -rf $(MANIFESTDIR)
+	@rm -rf $(HACKTMPDIR)
 
 .PHONY: help
 help: ## Show this message
@@ -414,6 +420,12 @@ release-build:
 	cd hack && $(GO) run release.go --templateDir ./templates/crs/ --outputDir ../example/crs
 	cd hack && $(GO) run release.go --templateDir ./templates/values/ --outputDir ../deployment/network-operator/
 
+.PHONY: check-doca-drivers
+check-doca-drivers: $(HACKTMPDIR)
+	$(eval DOCAVERSION := $(shell yq '.Mofed.version'  hack/release.yaml | cut -d'-' -f1))
+	wget $(DOCA_DRIVER_RELEASE_URL)$(DOCAVERSION)-TBD.yaml  -O $(HACKTMPDIR)/doca-driver-matrix.yaml
+	cd hack && $(GO) run release.go --doca-driver-check --doca-driver-matrix $(HACKTMPDIR)/doca-driver-matrix.yaml
+
 # dev environment
 
 MINIKUBE_CLUSTER_NAME = net-op-dev

hack/release.go

@@ -30,6 +30,8 @@ import (
 
 	"sigs.k8s.io/yaml"
 
+	yamlflow "gopkg.in/yaml.v3"
+
 	mellanoxv1alpha1 "github.com/Mellanox/network-operator/api/v1alpha1"
 
 	"github.com/google/go-containerregistry/pkg/authn"
@@ -80,6 +82,18 @@ type Release struct {
 	MaintenanceOperator          *ReleaseImageSpec
 }
 
+type DocaDriverMatrix struct {
+	Precompiled []struct {
+		OS      string   `yaml:"os"`
+		Arch    []string `yaml:"archs,flow"`
+		Kernels []string `yaml:"kernels,flow"`
+	} `yaml:"precompiled"`
+	DynamicallyCompiled []struct {
+		OS   string   `yaml:"os,flow"`
+		Arch []string `yaml:"archs,flow"`
+	} `yaml:"dynamically_compiled"`
+}
+
 func readDefaults(releaseDefaults string) Release {
 	f, err := os.ReadFile(filepath.Clean(releaseDefaults))
 	if err != nil {
@@ -136,9 +150,82 @@ func main() {
 	outputDir := flag.String("outputDir", ".", "Destination directory to render templates to")
 	releaseDefaults := flag.String("releaseDefaults", "release.yaml", "Destination of the release defaults definition")
 	retrieveSha := flag.Bool("with-sha256", false, "retrieve SHA256 for container images references")
+	docaDriverCheck := flag.Bool("doca-driver-check", false, "Verify DOCA Driver tags")
+	docaDriverMatrix := flag.String("doca-driver-matrix", "tmp/doca-driver-matrix.yaml", "DOCA Driver tags matrix")
 	flag.Parse()
 	release := readDefaults(*releaseDefaults)
 	readEnvironmentVariables(&release)
+
+	if !*docaDriverCheck {
+		renderTemplates(release, templateDir, outputDir, retrieveSha)
+	} else {
+		docaDriverTagsCheck(release, docaDriverMatrix)
+	}
+}
+
+func docaDriverTagsCheck(release Release, docaDriverMatrix *string) {
+	f, err := os.ReadFile(filepath.Clean(*docaDriverMatrix))
+	if err != nil {
+		fmt.Printf("Error: %v\n", err)
+		os.Exit(1)
+	}
+	var config DocaDriverMatrix
+	if err := yamlflow.Unmarshal(f, &config); err != nil {
+		fmt.Printf("Error: %v\n", err)
+		os.Exit(1)
+	}
+	auth, err := getAuth()
+	if err != nil {
+		fmt.Printf("Error: %v\n", err)
+		os.Exit(1)
+	}
+	tags, err := resolveTags(release.Mofed.Repository, release.Mofed.Image, auth)
+	if err != nil {
+		fmt.Printf("Error: %v\n", err)
+		os.Exit(1)
+	}
+	if err := validateTags(config, tags, release.Mofed.Version); err != nil {
+		fmt.Printf("Error: %v\n", err)
+		os.Exit(1)
+	}
+}
+
+func validateTags(config DocaDriverMatrix, tags []string, version string) error {
+	// Build expected OS-arch combinations
+	expectedCombinations := make(map[string]struct{})
+	for _, entry := range config.DynamicallyCompiled {
+		for _, arch := range entry.Arch {
+			key := fmt.Sprintf("%s-%s", entry.OS, arch)
+			expectedCombinations[key] = struct{}{}
+		}
+	}
+
+	// Filter tags based on version prefix
+	filteredTags := []string{}
+	for _, tag := range tags {
+		if strings.HasPrefix(tag, version) {
+			filteredTags = append(filteredTags, tag)
+		}
+	}
+
+	// Validate if each expected combination exists in the filtered tags
+	for combo := range expectedCombinations {
+		found := false
+		for _, tag := range filteredTags {
+			if strings.Contains(tag, combo) {
+				found = true
+				break
+			}
+		}
+		if !found {
+			return fmt.Errorf("missing os-arch combination: %s", combo)
+		}
+	}
+
+	return nil
+}
+
+func renderTemplates(release Release, templateDir, outputDir *string, retrieveSha *bool) {
 	if *retrieveSha {
 		err := resolveImagesSha(&release)
 		if err != nil {
@@ -198,15 +285,23 @@ func main() {
 	}
 }
 
-func resolveImagesSha(release *Release) error {
+func getAuth() (*authn.Basic, error) {
 	nvcrToken := os.Getenv("NGC_CLI_API_KEY")
 	if nvcrToken == "" {
-		return fmt.Errorf("NGC_CLI_API_KEY is unset")
+		return nil, fmt.Errorf("NGC_CLI_API_KEY is unset")
 	}
 	auth := &authn.Basic{
 		Username: "$oauthtoken",
 		Password: nvcrToken,
 	}
+	return auth, nil
+}
+
+func resolveImagesSha(release *Release) error {
+	auth, err := getAuth()
+	if err != nil {
+		return err
+	}
 	v := reflect.ValueOf(*release)
 	for i := 0; i < v.NumField(); i++ {
 		field := v.Field(i)
@@ -263,27 +358,35 @@ func resolveImageSha(repo, image, tag string, auth *authn.Basic) (string, error)
 	return digest.String(), nil
 }
 
-func resolveDocaDriversShas(repoName, imageName, ver string, auth *authn.Basic) ([]string, error) {
-	shaArray := make([]string, 0)
+func resolveTags(repoName, imageName string, auth *authn.Basic) ([]string, error) {
+	tags := make([]string, 0)
 	image := fmt.Sprintf("%s/%s", repoName, imageName)
 	repo, err := containerregistryname.NewRepository(image)
 	if err != nil {
-		return shaArray, err
+		return tags, err
 	}
-	var tags []string
 	if strings.Contains(repoName, "nvstaging") {
 		tags, err = remote.List(repo, remote.WithAuth(auth))
 		if err != nil {
-			return shaArray, err
+			return tags, err
 		}
 	} else {
 		// Container registry might fail if providing unneeded auth
 		tags, err = remote.List(repo)
 		if err != nil {
-			return shaArray, err
+			return tags, err
 		}
 	}
 	sort.Strings(tags)
+	return tags, nil
+}
+
+func resolveDocaDriversShas(repoName, imageName, ver string, auth *authn.Basic) ([]string, error) {
+	shaArray := make([]string, 0)
+	tags, err := resolveTags(repoName, imageName, auth)
+	if err != nil {
+		return shaArray, err
+	}
 	shaSet := make(map[string]interface{})
 	for _, tag := range tags {
 		if strings.Contains(tag, ver) && (strings.Contains(tag, "rhcos") || strings.Contains(tag, "rhel")) {