feat: support validating extensions rootfs

Support validating extension rootfs.

Signed-off-by: Noel Georgi <[email protected]>

.github/workflows/ci.yaml

@@ -1,6 +1,6 @@
 # THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
 #
-# Generated on 2024-05-22T14:12:48Z by kres 5fac898.
+# Generated on 2024-05-23T11:32:13Z by kres 2688b70.
 
 name: default
 concurrency:
@@ -30,6 +30,31 @@ jobs:
       - generic
     if: (!startsWith(github.head_ref, 'renovate/') && !startsWith(github.head_ref, 'dependabot/'))
     steps:
+      - name: gather-system-info
+        id: system-info
+        uses: kenchan0130/[email protected]
+        continue-on-error: true
+      - name: print-system-info
+        run: |
+          MEMORY_GB=$((${{ steps.system-info.outputs.totalmem }}/1024/1024/1024))
+
+          OUTPUTS=(
+            "CPU Core: ${{ steps.system-info.outputs.cpu-core }}"
+            "CPU Model: ${{ steps.system-info.outputs.cpu-model }}"
+            "Hostname: ${{ steps.system-info.outputs.hostname }}"
+            "NodeName: ${NODE_NAME}"
+            "Kernel release: ${{ steps.system-info.outputs.kernel-release }}"
+            "Kernel version: ${{ steps.system-info.outputs.kernel-version }}"
+            "Name: ${{ steps.system-info.outputs.name }}"
+            "Platform: ${{ steps.system-info.outputs.platform }}"
+            "Release: ${{ steps.system-info.outputs.release }}"
+            "Total memory: ${MEMORY_GB} GB"
+          )
+
+          for OUTPUT in "${OUTPUTS[@]}";do
+            echo "${OUTPUT}"
+          done
+        continue-on-error: true
       - name: checkout
         uses: actions/checkout@v4
       - name: Unshallow
@@ -51,12 +76,6 @@ jobs:
       - name: unit-tests-race
         run: |
           make unit-tests-race
-      - name: coverage
-        uses: codecov/codecov-action@v4
-        with:
-          files: _out/coverage-unit-tests.txt
-          token: ${{ secrets.CODECOV_TOKEN }}
-        timeout-minutes: 3
       - name: extensions-validator
         run: |
           make extensions-validator
@@ -76,12 +95,14 @@ jobs:
       - name: push-extensions-validator
         if: github.event_name != 'pull_request'
         env:
+          PLATFORM: linux/amd64,linux/arm64
           PUSH: "true"
         run: |
           make image-extensions-validator
       - name: push-extensions-validator-latest
         if: github.event_name != 'pull_request' && github.ref == 'refs/heads/main'
         env:
+          PLATFORM: linux/amd64,linux/arm64
           PUSH: "true"
         run: |
           make image-extensions-validator IMAGE_TAG=latest

.kres.yaml

@@ -2,3 +2,23 @@
 kind: golang.Generate
 spec:
     versionPackagePath: internal/version
+---
+kind: common.Image
+name: image-extensions-validator
+spec:
+    extraEnvironment:
+      PLATFORM: linux/amd64,linux/arm64
+---
+kind: golang.Build
+spec:
+  outputs:
+    linux-amd64:
+      GOOS: linux
+      GOARCH: amd64
+    linux-arm64:
+      GOOS: linux
+      GOARCH: arm64
+---
+kind: service.CodeCov
+spec:
+  enabled: false

Dockerfile

@@ -2,7 +2,7 @@
 
 # THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
 #
-# Generated on 2024-05-22T14:13:32Z by kres 5fac898.
+# Generated on 2024-05-23T11:32:13Z by kres 2688b70.
 
 ARG TOOLCHAIN
 
@@ -20,7 +20,7 @@ COPY ./README.md ./README.md
 RUN markdownlint --ignore "CHANGELOG.md" --ignore "**/node_modules/**" --ignore '**/hack/chglog/**' --rules node_modules/sentences-per-line/index.js .
 
 # base toolchain image
-FROM ${TOOLCHAIN} AS toolchain
+FROM --platform=${BUILDPLATFORM} ${TOOLCHAIN} AS toolchain
 RUN apk --update --no-cache add bash curl build-base protoc protobuf-dev
 
 # build tools
@@ -117,15 +117,31 @@ ARG GO_LDFLAGS
 ARG VERSION_PKG="internal/version"
 ARG SHA
 ARG TAG
-RUN --mount=type=cache,target=/root/.cache/go-build --mount=type=cache,target=/go/pkg go build ${GO_BUILDFLAGS} -ldflags "${GO_LDFLAGS} -X ${VERSION_PKG}.Name=extensions-validator -X ${VERSION_PKG}.SHA=${SHA} -X ${VERSION_PKG}.Tag=${TAG}" -o /extensions-validator-linux-amd64
+RUN --mount=type=cache,target=/root/.cache/go-build --mount=type=cache,target=/go/pkg GOARCH=amd64 GOOS=linux go build ${GO_BUILDFLAGS} -ldflags "${GO_LDFLAGS} -X ${VERSION_PKG}.Name=extensions-validator -X ${VERSION_PKG}.SHA=${SHA} -X ${VERSION_PKG}.Tag=${TAG}" -o /extensions-validator-linux-amd64
+
+# builds extensions-validator-linux-arm64
+FROM base AS extensions-validator-linux-arm64-build
+COPY --from=generate / /
+COPY --from=embed-generate / /
+WORKDIR /src/cmd/extensions-validator
+ARG GO_BUILDFLAGS
+ARG GO_LDFLAGS
+ARG VERSION_PKG="internal/version"
+ARG SHA
+ARG TAG
+RUN --mount=type=cache,target=/root/.cache/go-build --mount=type=cache,target=/go/pkg GOARCH=arm64 GOOS=linux go build ${GO_BUILDFLAGS} -ldflags "${GO_LDFLAGS} -X ${VERSION_PKG}.Name=extensions-validator -X ${VERSION_PKG}.SHA=${SHA} -X ${VERSION_PKG}.Tag=${TAG}" -o /extensions-validator-linux-arm64
 
 FROM scratch AS extensions-validator-linux-amd64
 COPY --from=extensions-validator-linux-amd64-build /extensions-validator-linux-amd64 /extensions-validator-linux-amd64
 
+FROM scratch AS extensions-validator-linux-arm64
+COPY --from=extensions-validator-linux-arm64-build /extensions-validator-linux-arm64 /extensions-validator-linux-arm64
+
 FROM extensions-validator-linux-${TARGETARCH} AS extensions-validator
 
 FROM scratch AS extensions-validator-all
 COPY --from=extensions-validator-linux-amd64 / /
+COPY --from=extensions-validator-linux-arm64 / /
 
 FROM scratch AS image-extensions-validator
 ARG TARGETARCH

Makefile

@@ -1,6 +1,6 @@
 # THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
 #
-# Generated on 2024-05-22T14:13:32Z by kres 5fac898.
+# Generated on 2024-05-22T14:44:11Z by kres 5fac898.
 
 # common variables
 
@@ -185,8 +185,15 @@ $(ARTIFACTS)/extensions-validator-linux-amd64:
 .PHONY: extensions-validator-linux-amd64
 extensions-validator-linux-amd64: $(ARTIFACTS)/extensions-validator-linux-amd64  ## Builds executable for extensions-validator-linux-amd64.
 
+.PHONY: $(ARTIFACTS)/extensions-validator-linux-arm64
+$(ARTIFACTS)/extensions-validator-linux-arm64:
+	@$(MAKE) local-extensions-validator-linux-arm64 DEST=$(ARTIFACTS)
+
+.PHONY: extensions-validator-linux-arm64
+extensions-validator-linux-arm64: $(ARTIFACTS)/extensions-validator-linux-arm64  ## Builds executable for extensions-validator-linux-arm64.
+
 .PHONY: extensions-validator
-extensions-validator: extensions-validator-linux-amd64  ## Builds executables for extensions-validator.
+extensions-validator: extensions-validator-linux-amd64 extensions-validator-linux-arm64  ## Builds executables for extensions-validator.
 
 .PHONY: lint-markdown
 lint-markdown:  ## Runs markdownlint.

cmd/extensions-validator/cmd/validate.go

@@ -0,0 +1,83 @@
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+package cmd
+
+import (
+	"errors"
+	"fmt"
+	"os"
+	"strings"
+
+	"github.com/blang/semver/v4"
+	"github.com/siderolabs/talos/pkg/machinery/extensions"
+	"github.com/spf13/cobra"
+	"gopkg.in/yaml.v3"
+)
+
+var validateCmd = &cobra.Command{
+	Use:   "validate",
+	Short: "Validate the extensions rootfs",
+	Long:  `Usage: extensions-validator validate`,
+	// define a rootfs path argument
+	Args: cobra.NoArgs,
+	RunE: func(_ *cobra.Command, _ []string) error {
+		return validateRootfs()
+	},
+}
+
+var (
+	rootfsPath string
+	pkgFile    string
+)
+
+func init() {
+	validateCmd.Flags().StringVar(&rootfsPath, "rootfs", "", "Path to the rootfs")
+	validateCmd.MarkFlagRequired("rootfs")
+	validateCmd.Flags().StringVar(&pkgFile, "pkg-file", "", "Path to the pkg.yaml file")
+	rootCmd.AddCommand(validateCmd)
+}
+
+// PartialPkgFile represents a partial package file
+// we only care about the name field.
+type PartialPkgFile struct {
+	Name string `yaml:"name"`
+}
+
+func validateRootfs() error {
+	if rootfsPath == "" {
+		return errors.New("rootfs path is required")
+	}
+
+	extension, err := extensions.Load(rootfsPath)
+	if err != nil {
+		return fmt.Errorf("error loading extension: %w", err)
+	}
+
+	if pkgFile != "" {
+		// load the pkg file
+		pkgFileData, err := os.ReadFile(pkgFile)
+		if err != nil {
+			return fmt.Errorf("error loading pkg file: %w", err)
+		}
+
+		var pkg PartialPkgFile
+
+		// unmarshal the pkg file
+		if err := yaml.Unmarshal(pkgFileData, &pkg); err != nil {
+			return fmt.Errorf("error unmarshalling pkg file: %w", err)
+		}
+
+		if pkg.Name != extension.Manifest.Metadata.Name {
+			return fmt.Errorf("pkg name does not match extension name: %s != %s", pkg.Name, extension.Manifest.Metadata.Name)
+		}
+	}
+
+	// validate extension version
+	if _, err := semver.Parse(strings.TrimPrefix(extension.Manifest.Metadata.Version, "v")); err != nil {
+		return fmt.Errorf("error parsing extension with version %s, : %w", extension.Manifest.Metadata.Version, err)
+	}
+
+	return extension.Validate()
+}

go.mod

@@ -2,9 +2,25 @@ module github.com/siderolabs/extensions-validator
 
 go 1.22.3
 
-require github.com/spf13/cobra v1.8.0
+require (
+	github.com/blang/semver/v4 v4.0.0
+	github.com/siderolabs/talos/pkg/machinery v1.8.0-alpha.0.0.20240521202042-e7bd9cd2bbbd
+	github.com/spf13/cobra v1.8.0
+	gopkg.in/yaml.v3 v3.0.1
+)
 
 require (
+	github.com/Masterminds/semver/v3 v3.2.1 // indirect
+	github.com/containerd/go-cni v1.1.9 // indirect
+	github.com/containernetworking/cni v1.2.0 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
+	github.com/planetscale/vtprotobuf v0.6.0 // indirect
+	github.com/siderolabs/crypto v0.4.4 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
+	golang.org/x/net v0.24.0 // indirect
+	golang.org/x/sys v0.19.0 // indirect
+	golang.org/x/text v0.14.0 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20240506185236-b8a5c65736ae // indirect
+	google.golang.org/grpc v1.63.2 // indirect
+	google.golang.org/protobuf v1.34.1 // indirect
 )

go.sum

@@ -1,10 +1,62 @@
+github.com/Masterminds/semver/v3 v3.2.1 h1:RN9w6+7QoMeJVGyfmbcgs28Br8cvmnucEXnY0rYXWg0=
+github.com/Masterminds/semver/v3 v3.2.1/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ=
+github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM=
+github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ=
+github.com/containerd/go-cni v1.1.9 h1:ORi7P1dYzCwVM6XPN4n3CbkuOx/NZ2DOqy+SHRdo9rU=
+github.com/containerd/go-cni v1.1.9/go.mod h1:XYrZJ1d5W6E2VOvjffL3IZq0Dz6bsVlERHbekNK90PM=
+github.com/containernetworking/cni v1.2.0 h1:fEjhlfWwWAXEvlcMQu/i6z8DA0Kbu7EcmR5+zb6cm5I=
+github.com/containernetworking/cni v1.2.0/go.mod h1:/r+vA/7vrynNfbvSP9g8tIKEoy6win7sALJAw4ZiJks=
 github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ=
+github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
+github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI=
+github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls=
+github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
+github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/pprof v0.0.0-20240402174815-29b9bb013b0f h1:f00RU+zOX+B3rLAmMMkzHUF2h1z4DeYR9tTCvEq2REY=
+github.com/google/pprof v0.0.0-20240402174815-29b9bb013b0f/go.mod h1:kf6iHlnVGwgKolg33glAes7Yg/8iWP8ukqeldJSO7jw=
 github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
 github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
+github.com/onsi/ginkgo/v2 v2.17.1 h1:V++EzdbhI4ZV4ev0UTIj0PzhzOcReJFyJaLjtSF55M8=
+github.com/onsi/ginkgo/v2 v2.17.1/go.mod h1:llBI3WDLL9Z6taip6f33H76YcWtJv+7R3HigUjbIBOs=
+github.com/onsi/gomega v1.32.0 h1:JRYU78fJ1LPxlckP6Txi/EYqJvjtMrDC04/MM5XRHPk=
+github.com/onsi/gomega v1.32.0/go.mod h1:a4x4gW6Pz2yK1MAmvluYme5lvYTn61afQ2ETw/8n4Lg=
+github.com/planetscale/vtprotobuf v0.6.0 h1:nBeETjudeJ5ZgBHUz1fVHvbqUKnYOXNhsIEabROxmNA=
+github.com/planetscale/vtprotobuf v0.6.0/go.mod h1:t/avpk3KcrXxUnYOhZhMXJlSEyie6gQbtLq5NM3loB8=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
+github.com/siderolabs/crypto v0.4.4 h1:Q6EDBMR2Ub2oAZW5Xl8lrKB27bM3Sn8Gkfw3rngco5U=
+github.com/siderolabs/crypto v0.4.4/go.mod h1:hsR3tJ3aaeuhCChsLF4dBd9vlJVPvmhg4vvx2ez4aD4=
+github.com/siderolabs/talos/pkg/machinery v1.8.0-alpha.0.0.20240521202042-e7bd9cd2bbbd h1:FRu3Uvq0hUDD/0IwcX8zbbEd7hhFqPdCk5CcXRq2awg=
+github.com/siderolabs/talos/pkg/machinery v1.8.0-alpha.0.0.20240521202042-e7bd9cd2bbbd/go.mod h1:aPP3ekRwHB9T1iLdLzGoIXrHQNOEdoeuy9leVSt3a8c=
 github.com/spf13/cobra v1.8.0 h1:7aJaZx1B85qltLMc546zn58BxxfZdR/W22ej9CFoEf0=
 github.com/spf13/cobra v1.8.0/go.mod h1:WXLWApfZ71AjXPya3WOlMsY9yMs7YeiHhFVlvLyhcho=
 github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
 github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
+github.com/stretchr/objx v0.4.0 h1:M2gUjqZET1qApGOWNSnZ49BAIMX4F/1plDv3+l31EJ4=
+github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
+github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
+github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
+github.com/vishvananda/netns v0.0.4 h1:Oeaw1EM2JMxD51g9uhtC0D7erkIjgmj8+JZc26m1YX8=
+github.com/vishvananda/netns v0.0.4/go.mod h1:SpkAiCQRtJ6TvvxPnOSyH3BMl6unz3xZlaprSwhNNJM=
+golang.org/x/net v0.24.0 h1:1PcaxkF854Fu3+lvBIx5SYn9wRlBzzcnHZSiaFFAb0w=
+golang.org/x/net v0.24.0/go.mod h1:2Q7sJY5mzlzWjKtYUEXSlBWCdyaioyXzRB2RtU8KVE8=
+golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o=
+golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
+golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
+golang.org/x/tools v0.20.0 h1:hz/CVckiOxybQvFw6h7b/q80NTr9IUQb4s1IIzW7KNY=
+golang.org/x/tools v0.20.0/go.mod h1:WvitBU7JJf6A4jOdg4S1tviW9bhUxkgeCui/0JHctQg=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240506185236-b8a5c65736ae h1:c55+MER4zkBS14uJhSZMGGmya0yJx5iHV4x/fpOSNRk=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240506185236-b8a5c65736ae/go.mod h1:I7Y+G38R2bu5j1aLzfFmQfTcU/WnFuqDwLZAbvKTKpM=
+google.golang.org/grpc v1.63.2 h1:MUeiw1B2maTVZthpU5xvASfTh3LDbxHd6IJ6QQVU+xM=
+google.golang.org/grpc v1.63.2/go.mod h1:WAX/8DgncnokcFUldAxq7GeB5DXHDbMF+lLvDomNkRA=
+google.golang.org/protobuf v1.34.1 h1:9ddQBjfCyZPOHPUiPxpYESBLc+T8P3E+Vo4IbKZgFWg=
+google.golang.org/protobuf v1.34.1/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=