feat: add STIG compliance adjustments to hack/release files

maze88 · maze88 · commit 92060e449272 · 2025-10-21T12:48:27.000+03:00
Signed-off-by: Michael Zeevi &lt;mzeevi@nvidia.com&gt;
diff --git a/hack/release.go b/hack/release.go
@@ -67,6 +67,7 @@ type Release struct {
 	SriovCni                     *ReleaseImageSpec
 	SriovIbCni                   *ReleaseImageSpec
 	Mofed                        *ReleaseImageSpec
+	MofedStig                    *ReleaseImageSpec
 	RdmaSharedDevicePlugin       *ReleaseImageSpec
 	SriovDevicePlugin            *ReleaseImageSpec
 	IbKubernetes                 *ReleaseImageSpec
@@ -185,19 +186,31 @@ func docaDriverTagsCheck(release *Release, docaDriverMatrix *string) {
 		fmt.Printf("Error: %v\n", err)
 		os.Exit(1)
 	}
-	if err := validateTags(config, tags, release.Mofed.Version); err != nil {
+	tagsStig, err := listTags(release.MofedStig.Repository, release.MofedStig.Image)
+	if err != nil {
+		fmt.Printf("Error: %v\n", err)
+		os.Exit(1)
+	}
+	if err := validateTags(config, tags, release.Mofed.Version, func(os string) bool {return !strings.HasSuffix(os, "-stig")}); err != nil {
+		fmt.Printf("Error: %v\n", err)
+		os.Exit(1)
+	}
+	if err := validateTags(config, tagsStig, release.MofedStig.Version, func(os string) bool {return strings.HasSuffix(os, "-stig")}); err != nil {
 		fmt.Printf("Error: %v\n", err)
 		os.Exit(1)
 	}
 }
 
-func validateTags(config DocaDriverMatrix, tags []string, version string) error {
+func validateTags(config DocaDriverMatrix, tags []string, version string, shouldValidateOsFunction func(string) bool) error {
 	// Build expected OS-arch combinations
 	expectedCombinations := make(map[string]struct{})
 	for _, entry := range config.DynamicallyCompiled {
 		for _, arch := range entry.Arches {
-			key := fmt.Sprintf("%s-%s", entry.OS, arch)
-			expectedCombinations[key] = struct{}{}
+			shouldValidateCurrentEntry := shouldValidateOsFunction(entry.OS)
+			if shouldValidateCurrentEntry {
+				key := fmt.Sprintf("%s-%s", entry.OS, arch)
+				expectedCombinations[key] = struct{}{}
+			}
 		}
 	}
 
diff --git a/hack/release.yaml b/hack/release.yaml
@@ -38,6 +38,10 @@ Mofed:
   image: doca-driver
   repository: nvcr.io/nvstaging/mellanox
   version: doca3.2.0-25.10-0.8.4.0-0
+MofedStig:
+  image: doca-driver-stig
+  repository: nvcr.io/nvstaging/mellanox
+  version: doca3.2.0-25.10-0.4.2.0-0
 RdmaSharedDevicePlugin:
   image: k8s-rdma-shared-dev-plugin
   repository: nvcr.io/nvstaging/mellanox
