diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index f712ae62e..7529981d0 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -289,8 +289,9 @@ jobs: done # Special handling for Mofed component (update registry only, not version, for all releases) - echo "Updating Mofed component registry for release" - yq -i '.Mofed.repository = "${{ env.DOCKER_REGISTRY_MANAGED_COMPONENTS }}"' hack/release.yaml + echo "Updating Mofed components registry for release" + yq -i '.Mofed.repository = "${{ env.DOCKER_REGISTRY_MANAGED_COMPONENTS }}"' hack/release.yaml + yq -i '.MofedStig.repository = "${{ env.DOCKER_REGISTRY_MANAGED_COMPONENTS }}"' hack/release.yaml # Update chart versions yq -i '.version = "${{ env.CHART_VERSION }}"' deployment/network-operator/Chart.yaml @@ -309,4 +310,4 @@ jobs: --base $BASE_BRANCH \ --head $(git branch --show-current) \ --title "cicd: release Network Operator $APP_VERSION" \ - --body "Created by the [*${{ github.job }}* job](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }})." \ No newline at end of file + --body "Created by the [*${{ github.job }}* job](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }})." diff --git a/hack/release.go b/hack/release.go index 72f5528ec..eacade062 100644 --- a/hack/release.go +++ b/hack/release.go @@ -67,6 +67,7 @@ type Release struct { SriovCni *ReleaseImageSpec SriovIbCni *ReleaseImageSpec Mofed *ReleaseImageSpec + MofedStig *ReleaseImageSpec RdmaSharedDevicePlugin *ReleaseImageSpec SriovDevicePlugin *ReleaseImageSpec IbKubernetes *ReleaseImageSpec @@ -185,19 +186,38 @@ func docaDriverTagsCheck(release *Release, docaDriverMatrix *string) { fmt.Printf("Error: %v\n", err) os.Exit(1) } - if err := validateTags(config, tags, release.Mofed.Version); err != nil { + tagsStig, err := listTags(release.MofedStig.Repository, release.MofedStig.Image) + if err != nil { + fmt.Printf("Error: %v\n", err) + os.Exit(1) + } + // validate all non-STIG compliant tags + if err := validateTags(config, tags, release.Mofed.Version, func(os string) bool { + return !strings.HasSuffix(os, "-stig") + }); err != nil { + fmt.Printf("Error: %v\n", err) + os.Exit(1) + } + // validate all STIG compliant tags + if err := validateTags(config, tagsStig, release.MofedStig.Version, func(os string) bool { + return strings.HasSuffix(os, "-stig") + }); err != nil { fmt.Printf("Error: %v\n", err) os.Exit(1) } } -func validateTags(config DocaDriverMatrix, tags []string, version string) error { +func validateTags(config DocaDriverMatrix, tags []string, version string, + shouldValidateOsFunction func(string) bool) error { // Build expected OS-arch combinations expectedCombinations := make(map[string]struct{}) for _, entry := range config.DynamicallyCompiled { for _, arch := range entry.Arches { - key := fmt.Sprintf("%s-%s", entry.OS, arch) - expectedCombinations[key] = struct{}{} + shouldValidateCurrentEntry := shouldValidateOsFunction(entry.OS) + if shouldValidateCurrentEntry { + key := fmt.Sprintf("%s-%s", entry.OS, arch) + expectedCombinations[key] = struct{}{} + } } } diff --git a/hack/release.yaml b/hack/release.yaml index 722c84aa6..d6028af25 100644 --- a/hack/release.yaml +++ b/hack/release.yaml @@ -38,6 +38,10 @@ Mofed: image: doca-driver repository: nvcr.io/nvstaging/mellanox version: doca3.2.0-25.10-1.0.0.0-0 +MofedStig: + image: doca-driver-stig + repository: nvcr.io/nvstaging/mellanox + version: doca3.2.0-25.10-1.0.0.0-0 RdmaSharedDevicePlugin: image: k8s-rdma-shared-dev-plugin repository: nvcr.io/nvstaging/mellanox