From aecb4b7531b9ff5ad95f7bff006ed005de16b26c Mon Sep 17 00:00:00 2001 From: Noel Georgi Date: Wed, 22 May 2024 20:14:41 +0530 Subject: [PATCH] feat: support validating extensions rootfs Support validating extension rootfs. Signed-off-by: Noel Georgi --- .github/workflows/ci.yaml | 35 ++++++++-- .kres.yaml | 20 ++++++ Dockerfile | 22 ++++++- Makefile | 11 +++- cmd/extensions-validator/cmd/validate.go | 83 ++++++++++++++++++++++++ go.mod | 18 ++++- go.sum | 52 +++++++++++++++ 7 files changed, 228 insertions(+), 13 deletions(-) create mode 100644 cmd/extensions-validator/cmd/validate.go diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 3f6205a..55d17e5 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -1,6 +1,6 @@ # THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. # -# Generated on 2024-05-22T14:12:48Z by kres 5fac898. +# Generated on 2024-05-23T11:32:13Z by kres 2688b70. name: default concurrency: @@ -30,6 +30,31 @@ jobs: - generic if: (!startsWith(github.head_ref, 'renovate/') && !startsWith(github.head_ref, 'dependabot/')) steps: + - name: gather-system-info + id: system-info + uses: kenchan0130/actions-system-info@v1.3.0 + continue-on-error: true + - name: print-system-info + run: | + MEMORY_GB=$((${{ steps.system-info.outputs.totalmem }}/1024/1024/1024)) + + OUTPUTS=( + "CPU Core: ${{ steps.system-info.outputs.cpu-core }}" + "CPU Model: ${{ steps.system-info.outputs.cpu-model }}" + "Hostname: ${{ steps.system-info.outputs.hostname }}" + "NodeName: ${NODE_NAME}" + "Kernel release: ${{ steps.system-info.outputs.kernel-release }}" + "Kernel version: ${{ steps.system-info.outputs.kernel-version }}" + "Name: ${{ steps.system-info.outputs.name }}" + "Platform: ${{ steps.system-info.outputs.platform }}" + "Release: ${{ steps.system-info.outputs.release }}" + "Total memory: ${MEMORY_GB} GB" + ) + + for OUTPUT in "${OUTPUTS[@]}";do + echo "${OUTPUT}" + done + continue-on-error: true - name: checkout uses: actions/checkout@v4 - name: Unshallow @@ -51,12 +76,6 @@ jobs: - name: unit-tests-race run: | make unit-tests-race - - name: coverage - uses: codecov/codecov-action@v4 - with: - files: _out/coverage-unit-tests.txt - token: ${{ secrets.CODECOV_TOKEN }} - timeout-minutes: 3 - name: extensions-validator run: | make extensions-validator @@ -76,12 +95,14 @@ jobs: - name: push-extensions-validator if: github.event_name != 'pull_request' env: + PLATFORM: linux/amd64,linux/arm64 PUSH: "true" run: | make image-extensions-validator - name: push-extensions-validator-latest if: github.event_name != 'pull_request' && github.ref == 'refs/heads/main' env: + PLATFORM: linux/amd64,linux/arm64 PUSH: "true" run: | make image-extensions-validator IMAGE_TAG=latest diff --git a/.kres.yaml b/.kres.yaml index 0c5ef9f..c37f0d4 100644 --- a/.kres.yaml +++ b/.kres.yaml @@ -2,3 +2,23 @@ kind: golang.Generate spec: versionPackagePath: internal/version +--- +kind: common.Image +name: image-extensions-validator +spec: + extraEnvironment: + PLATFORM: linux/amd64,linux/arm64 +--- +kind: golang.Build +spec: + outputs: + linux-amd64: + GOOS: linux + GOARCH: amd64 + linux-arm64: + GOOS: linux + GOARCH: arm64 +--- +kind: service.CodeCov +spec: + enabled: false diff --git a/Dockerfile b/Dockerfile index 6c5e20c..ba75263 100644 --- a/Dockerfile +++ b/Dockerfile @@ -2,7 +2,7 @@ # THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. # -# Generated on 2024-05-22T14:13:32Z by kres 5fac898. +# Generated on 2024-05-23T11:32:13Z by kres 2688b70. ARG TOOLCHAIN @@ -20,7 +20,7 @@ COPY ./README.md ./README.md RUN markdownlint --ignore "CHANGELOG.md" --ignore "**/node_modules/**" --ignore '**/hack/chglog/**' --rules node_modules/sentences-per-line/index.js . # base toolchain image -FROM ${TOOLCHAIN} AS toolchain +FROM --platform=${BUILDPLATFORM} ${TOOLCHAIN} AS toolchain RUN apk --update --no-cache add bash curl build-base protoc protobuf-dev # build tools @@ -117,15 +117,31 @@ ARG GO_LDFLAGS ARG VERSION_PKG="internal/version" ARG SHA ARG TAG -RUN --mount=type=cache,target=/root/.cache/go-build --mount=type=cache,target=/go/pkg go build ${GO_BUILDFLAGS} -ldflags "${GO_LDFLAGS} -X ${VERSION_PKG}.Name=extensions-validator -X ${VERSION_PKG}.SHA=${SHA} -X ${VERSION_PKG}.Tag=${TAG}" -o /extensions-validator-linux-amd64 +RUN --mount=type=cache,target=/root/.cache/go-build --mount=type=cache,target=/go/pkg GOARCH=amd64 GOOS=linux go build ${GO_BUILDFLAGS} -ldflags "${GO_LDFLAGS} -X ${VERSION_PKG}.Name=extensions-validator -X ${VERSION_PKG}.SHA=${SHA} -X ${VERSION_PKG}.Tag=${TAG}" -o /extensions-validator-linux-amd64 + +# builds extensions-validator-linux-arm64 +FROM base AS extensions-validator-linux-arm64-build +COPY --from=generate / / +COPY --from=embed-generate / / +WORKDIR /src/cmd/extensions-validator +ARG GO_BUILDFLAGS +ARG GO_LDFLAGS +ARG VERSION_PKG="internal/version" +ARG SHA +ARG TAG +RUN --mount=type=cache,target=/root/.cache/go-build --mount=type=cache,target=/go/pkg GOARCH=arm64 GOOS=linux go build ${GO_BUILDFLAGS} -ldflags "${GO_LDFLAGS} -X ${VERSION_PKG}.Name=extensions-validator -X ${VERSION_PKG}.SHA=${SHA} -X ${VERSION_PKG}.Tag=${TAG}" -o /extensions-validator-linux-arm64 FROM scratch AS extensions-validator-linux-amd64 COPY --from=extensions-validator-linux-amd64-build /extensions-validator-linux-amd64 /extensions-validator-linux-amd64 +FROM scratch AS extensions-validator-linux-arm64 +COPY --from=extensions-validator-linux-arm64-build /extensions-validator-linux-arm64 /extensions-validator-linux-arm64 + FROM extensions-validator-linux-${TARGETARCH} AS extensions-validator FROM scratch AS extensions-validator-all COPY --from=extensions-validator-linux-amd64 / / +COPY --from=extensions-validator-linux-arm64 / / FROM scratch AS image-extensions-validator ARG TARGETARCH diff --git a/Makefile b/Makefile index 9b85f8f..7d9a5bf 100644 --- a/Makefile +++ b/Makefile @@ -1,6 +1,6 @@ # THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. # -# Generated on 2024-05-22T14:13:32Z by kres 5fac898. +# Generated on 2024-05-22T14:44:11Z by kres 5fac898. # common variables @@ -185,8 +185,15 @@ $(ARTIFACTS)/extensions-validator-linux-amd64: .PHONY: extensions-validator-linux-amd64 extensions-validator-linux-amd64: $(ARTIFACTS)/extensions-validator-linux-amd64 ## Builds executable for extensions-validator-linux-amd64. +.PHONY: $(ARTIFACTS)/extensions-validator-linux-arm64 +$(ARTIFACTS)/extensions-validator-linux-arm64: + @$(MAKE) local-extensions-validator-linux-arm64 DEST=$(ARTIFACTS) + +.PHONY: extensions-validator-linux-arm64 +extensions-validator-linux-arm64: $(ARTIFACTS)/extensions-validator-linux-arm64 ## Builds executable for extensions-validator-linux-arm64. + .PHONY: extensions-validator -extensions-validator: extensions-validator-linux-amd64 ## Builds executables for extensions-validator. +extensions-validator: extensions-validator-linux-amd64 extensions-validator-linux-arm64 ## Builds executables for extensions-validator. .PHONY: lint-markdown lint-markdown: ## Runs markdownlint. diff --git a/cmd/extensions-validator/cmd/validate.go b/cmd/extensions-validator/cmd/validate.go new file mode 100644 index 0000000..a51aaf2 --- /dev/null +++ b/cmd/extensions-validator/cmd/validate.go @@ -0,0 +1,83 @@ +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at http://mozilla.org/MPL/2.0/. + +package cmd + +import ( + "errors" + "fmt" + "os" + "strings" + + "github.com/blang/semver/v4" + "github.com/siderolabs/talos/pkg/machinery/extensions" + "github.com/spf13/cobra" + "gopkg.in/yaml.v3" +) + +var validateCmd = &cobra.Command{ + Use: "validate", + Short: "Validate the extensions rootfs", + Long: `Usage: extensions-validator validate`, + // define a rootfs path argument + Args: cobra.NoArgs, + RunE: func(_ *cobra.Command, _ []string) error { + return validateRootfs() + }, +} + +var ( + rootfsPath string + pkgFile string +) + +func init() { + validateCmd.Flags().StringVar(&rootfsPath, "rootfs", "", "Path to the rootfs") + validateCmd.MarkFlagRequired("rootfs") + validateCmd.Flags().StringVar(&pkgFile, "pkg-file", "", "Path to the pkg.yaml file") + rootCmd.AddCommand(validateCmd) +} + +// PartialPkgFile represents a partial package file +// we only care about the name field. +type PartialPkgFile struct { + Name string `yaml:"name"` +} + +func validateRootfs() error { + if rootfsPath == "" { + return errors.New("rootfs path is required") + } + + extension, err := extensions.Load(rootfsPath) + if err != nil { + return fmt.Errorf("error loading extension: %w", err) + } + + if pkgFile != "" { + // load the pkg file + pkgFileData, err := os.ReadFile(pkgFile) + if err != nil { + return fmt.Errorf("error loading pkg file: %w", err) + } + + var pkg PartialPkgFile + + // unmarshal the pkg file + if err := yaml.Unmarshal(pkgFileData, &pkg); err != nil { + return fmt.Errorf("error unmarshalling pkg file: %w", err) + } + + if pkg.Name != extension.Manifest.Metadata.Name { + return fmt.Errorf("pkg name does not match extension name: %s != %s", pkg.Name, extension.Manifest.Metadata.Name) + } + } + + // validate extension version + if _, err := semver.Parse(strings.TrimPrefix(extension.Manifest.Metadata.Version, "v")); err != nil { + return fmt.Errorf("error parsing extension with version %s, : %w", extension.Manifest.Metadata.Version, err) + } + + return extension.Validate() +} diff --git a/go.mod b/go.mod index 4f8b874..c2bd7bb 100644 --- a/go.mod +++ b/go.mod @@ -2,9 +2,25 @@ module github.com/siderolabs/extensions-validator go 1.22.3 -require github.com/spf13/cobra v1.8.0 +require ( + github.com/blang/semver/v4 v4.0.0 + github.com/siderolabs/talos/pkg/machinery v1.8.0-alpha.0.0.20240521202042-e7bd9cd2bbbd + github.com/spf13/cobra v1.8.0 + gopkg.in/yaml.v3 v3.0.1 +) require ( + github.com/Masterminds/semver/v3 v3.2.1 // indirect + github.com/containerd/go-cni v1.1.9 // indirect + github.com/containernetworking/cni v1.2.0 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect + github.com/planetscale/vtprotobuf v0.6.0 // indirect + github.com/siderolabs/crypto v0.4.4 // indirect github.com/spf13/pflag v1.0.5 // indirect + golang.org/x/net v0.24.0 // indirect + golang.org/x/sys v0.19.0 // indirect + golang.org/x/text v0.14.0 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20240506185236-b8a5c65736ae // indirect + google.golang.org/grpc v1.63.2 // indirect + google.golang.org/protobuf v1.34.1 // indirect ) diff --git a/go.sum b/go.sum index d0e8c2c..8944564 100644 --- a/go.sum +++ b/go.sum @@ -1,10 +1,62 @@ +github.com/Masterminds/semver/v3 v3.2.1 h1:RN9w6+7QoMeJVGyfmbcgs28Br8cvmnucEXnY0rYXWg0= +github.com/Masterminds/semver/v3 v3.2.1/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ= +github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM= +github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ= +github.com/containerd/go-cni v1.1.9 h1:ORi7P1dYzCwVM6XPN4n3CbkuOx/NZ2DOqy+SHRdo9rU= +github.com/containerd/go-cni v1.1.9/go.mod h1:XYrZJ1d5W6E2VOvjffL3IZq0Dz6bsVlERHbekNK90PM= +github.com/containernetworking/cni v1.2.0 h1:fEjhlfWwWAXEvlcMQu/i6z8DA0Kbu7EcmR5+zb6cm5I= +github.com/containernetworking/cni v1.2.0/go.mod h1:/r+vA/7vrynNfbvSP9g8tIKEoy6win7sALJAw4ZiJks= github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= +github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= +github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ= +github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= +github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI= +github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls= +github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= +github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/google/pprof v0.0.0-20240402174815-29b9bb013b0f h1:f00RU+zOX+B3rLAmMMkzHUF2h1z4DeYR9tTCvEq2REY= +github.com/google/pprof v0.0.0-20240402174815-29b9bb013b0f/go.mod h1:kf6iHlnVGwgKolg33glAes7Yg/8iWP8ukqeldJSO7jw= github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= +github.com/onsi/ginkgo/v2 v2.17.1 h1:V++EzdbhI4ZV4ev0UTIj0PzhzOcReJFyJaLjtSF55M8= +github.com/onsi/ginkgo/v2 v2.17.1/go.mod h1:llBI3WDLL9Z6taip6f33H76YcWtJv+7R3HigUjbIBOs= +github.com/onsi/gomega v1.32.0 h1:JRYU78fJ1LPxlckP6Txi/EYqJvjtMrDC04/MM5XRHPk= +github.com/onsi/gomega v1.32.0/go.mod h1:a4x4gW6Pz2yK1MAmvluYme5lvYTn61afQ2ETw/8n4Lg= +github.com/planetscale/vtprotobuf v0.6.0 h1:nBeETjudeJ5ZgBHUz1fVHvbqUKnYOXNhsIEabROxmNA= +github.com/planetscale/vtprotobuf v0.6.0/go.mod h1:t/avpk3KcrXxUnYOhZhMXJlSEyie6gQbtLq5NM3loB8= +github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= +github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= +github.com/siderolabs/crypto v0.4.4 h1:Q6EDBMR2Ub2oAZW5Xl8lrKB27bM3Sn8Gkfw3rngco5U= +github.com/siderolabs/crypto v0.4.4/go.mod h1:hsR3tJ3aaeuhCChsLF4dBd9vlJVPvmhg4vvx2ez4aD4= +github.com/siderolabs/talos/pkg/machinery v1.8.0-alpha.0.0.20240521202042-e7bd9cd2bbbd h1:FRu3Uvq0hUDD/0IwcX8zbbEd7hhFqPdCk5CcXRq2awg= +github.com/siderolabs/talos/pkg/machinery v1.8.0-alpha.0.0.20240521202042-e7bd9cd2bbbd/go.mod h1:aPP3ekRwHB9T1iLdLzGoIXrHQNOEdoeuy9leVSt3a8c= github.com/spf13/cobra v1.8.0 h1:7aJaZx1B85qltLMc546zn58BxxfZdR/W22ej9CFoEf0= github.com/spf13/cobra v1.8.0/go.mod h1:WXLWApfZ71AjXPya3WOlMsY9yMs7YeiHhFVlvLyhcho= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= +github.com/stretchr/objx v0.4.0 h1:M2gUjqZET1qApGOWNSnZ49BAIMX4F/1plDv3+l31EJ4= +github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= +github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= +github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= +github.com/vishvananda/netns v0.0.4 h1:Oeaw1EM2JMxD51g9uhtC0D7erkIjgmj8+JZc26m1YX8= +github.com/vishvananda/netns v0.0.4/go.mod h1:SpkAiCQRtJ6TvvxPnOSyH3BMl6unz3xZlaprSwhNNJM= +golang.org/x/net v0.24.0 h1:1PcaxkF854Fu3+lvBIx5SYn9wRlBzzcnHZSiaFFAb0w= +golang.org/x/net v0.24.0/go.mod h1:2Q7sJY5mzlzWjKtYUEXSlBWCdyaioyXzRB2RtU8KVE8= +golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o= +golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= +golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= +golang.org/x/tools v0.20.0 h1:hz/CVckiOxybQvFw6h7b/q80NTr9IUQb4s1IIzW7KNY= +golang.org/x/tools v0.20.0/go.mod h1:WvitBU7JJf6A4jOdg4S1tviW9bhUxkgeCui/0JHctQg= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240506185236-b8a5c65736ae h1:c55+MER4zkBS14uJhSZMGGmya0yJx5iHV4x/fpOSNRk= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240506185236-b8a5c65736ae/go.mod h1:I7Y+G38R2bu5j1aLzfFmQfTcU/WnFuqDwLZAbvKTKpM= +google.golang.org/grpc v1.63.2 h1:MUeiw1B2maTVZthpU5xvASfTh3LDbxHd6IJ6QQVU+xM= +google.golang.org/grpc v1.63.2/go.mod h1:WAX/8DgncnokcFUldAxq7GeB5DXHDbMF+lLvDomNkRA= +google.golang.org/protobuf v1.34.1 h1:9ddQBjfCyZPOHPUiPxpYESBLc+T8P3E+Vo4IbKZgFWg= +google.golang.org/protobuf v1.34.1/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=