NVIDIA
diff --git a/‎.conform.yaml‎
Lines changed: 28 additions & 0 deletions b/‎.conform.yaml‎
Lines changed: 28 additions & 0 deletions
diff --git a/‎.dockerignore‎
Lines changed: 4 additions & 0 deletions b/‎.dockerignore‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎.gitignore‎
Lines changed: 52 additions & 0 deletions b/‎.gitignore‎
Lines changed: 52 additions & 0 deletions
diff --git a/‎.golangci.yml‎
Lines changed: 116 additions & 0 deletions b/‎.golangci.yml‎
Lines changed: 116 additions & 0 deletions
diff --git a/‎Dockerfile‎
Lines changed: 37 additions & 0 deletions b/‎Dockerfile‎
Lines changed: 37 additions & 0 deletions
diff --git a/‎Dockerfile.bfb-registry‎
Lines changed: 58 additions & 0 deletions b/‎Dockerfile.bfb-registry‎
Lines changed: 58 additions & 0 deletions
diff --git a/‎Dockerfile.dpf-system‎
Lines changed: 67 additions & 0 deletions b/‎Dockerfile.dpf-system‎
Lines changed: 67 additions & 0 deletions
@@ -0,0 +1,28 @@
+policies:
+  - type: commit
+    spec:
+      header:
+        # Length is the maximum length of the commit subject.
+        length: 72
+        # Imperative enforces the use of imperative verbs as the first word of a
+        # commit message.
+        imperative: true
+        # HeaderCase is the case that the first word of the header must have ("upper" or "lower").
+        case: lower
+      body:
+        # Required enforces that the current commit has a body.
+        required: true
+      # DCO enables the Developer Certificate of Origin check.
+      dco: true
+      conventional:
+        types:
+          - chore
+          - ci
+          - docs
+          - feat
+          - fix
+          - refactor
+          - test
+          - release
+        scopes:
+          - .*
@@ -0,0 +1,4 @@
+# More info: https://docs.docker.com/engine/reference/builder/#dockerignore-file
+# Ignore build and test binaries.
+bin/
+testbin/
@@ -0,0 +1,52 @@
+
+# Binaries for programs and plugins
+*.exe
+*.exe~
+*.dll
+*.so
+*.dylib
+*.tar
+*.tgz
+*.tar.gz
+bin/*
+testbin/*
+Dockerfile.cross
+hack/tools/bin
+hack/charts
+hack/repos
+
+# Repos created by e2e tests.
+scans
+artifacts
+.gocache
+.golangci-cache
+
+# Test binary, built with `go test -c`
+*.test
+
+# junit files
+*junit.*
+# Output of the go coverage tool, specifically when used with LiteIDE
+*.out
+
+# Go workspace file
+go.work
+
+# All files with a `.tmp` extension
+*.tmp
+
+# Kubernetes Generated files - skip generated files, except for vendored files
+!vendor/**/zz_generated.*
+
+# editor and IDE paraphernalia
+.idea
+.vscode
+*.swp
+*.swo
+*~
+.devcontainer/
+
+
+# Ignore version file for third_party components
+third_party/forked/ovs-cni/.version
+
@@ -0,0 +1,116 @@
+run:
+  deadline: 5m
+  allow-parallel-runners: true
+
+linters:
+  disable-all: true
+  enable:
+    - dupl
+    - errcheck
+    - copyloopvar
+    - gci
+    - ginkgolinter
+    - goconst
+    - gocyclo
+    - gofmt
+    - goimports
+    - gosimple
+    - govet
+    - importas
+    - ineffassign
+    - misspell
+    - nakedret
+    - prealloc
+    - staticcheck
+    - stylecheck
+    - typecheck
+    - unconvert
+    - unparam
+    - unused
+
+linters-settings:
+  misspell:
+    locale: US
+  gci:
+    sections:
+      - standard # Standard packages.
+      - prefix(github.com/nvidia/doca-platform) # Packages from this go module.
+      - default # All other packages.
+    custom-order: true
+  ginkgolinter:
+    forbid-focus-container: true
+  importas:
+    no-unaliased: true
+    alias:
+      # DPF
+      - pkg: github.com/nvidia/doca-platform/api/operator/v1alpha1
+        alias: operatorv1
+      - pkg: github.com/nvidia/doca-platform/api/controlplane/v1alpha1
+        alias: controlplanev1
+      - pkg: github.com/nvidia/doca-platform/api/dpuservice/v1alpha1
+        alias: dpuservicev1
+      - pkg: github.com/nvidia/doca-platform/internal/operator/controllers
+        alias: operatorcontroller
+      - pkg: github.com/nvidia/doca-platform/internal/servicechainset/controllers
+        alias: sfcsetcontroller
+      - pkg: github.com/nvidia/doca-platform/internal/dpuservice/controllers
+        alias: dpuservicecontroller
+      - pkg: github.com/nvidia/doca-platform/internal/controlplane/metadata
+        alias: controlplanemeta
+      - pkg: github.com/nvidia/doca-platform/internal/cniprovisioner/dpu/config
+        alias: dpucniprovisionerconfig
+      - pkg: github.com/nvidia/doca-platform/internal/cniprovisioner/host/config
+        alias: hostcniprovisionerconfig
+      - pkg: github.com/nvidia/doca-platform/api/provisioning/v1alpha1
+        alias: provisioningv1
+
+        # Kubernetes
+      - pkg: k8s.io/api/core/v1
+        alias: corev1
+      - pkg: k8s.io/api/apps/v1
+        alias: appsv1
+      - pkg: k8s.io/apimachinery/pkg/apis/meta/v1
+        alias: metav1
+      - pkg: k8s.io/apimachinery/pkg/api/errors
+        alias: apierrors
+      - pkg: k8s.io/apimachinery/pkg/util/errors
+        alias: kerrors
+      - pkg: k8s.io/component-base/logs/api/v1
+        alias: logsv1
+      - pkg: k8s.io/utils/exec
+        alias: kexec
+      - pkg: k8s.io/api/admissionregistration/v1
+        alias: admissionregistrationv1
+      - pkg: k8s.io/api/batch/v1
+        alias: batchv1
+
+        # Third party APIs
+      - pkg: github.com/nvidia/doca-platform/third_party/api/nvipam/api/v1alpha1
+        alias: nvipamv1
+      - pkg: github.com/nvidia/doca-platform/third_party/api/kamaji/api/v1alpha1
+        alias: kamajiv1
+      - pkg: github.com/nvidia/doca-platform/third_party/api/argocd/api/application/v1alpha1
+        alias: argov1
+
+      # Controller Runtime
+      - pkg: sigs.k8s.io/controller-runtime
+        alias: ctrl
+  stylecheck:
+    # Disable ST1000: https://staticcheck.dev/docs/checks#ST1000
+    checks: [ "all",  "-ST1000" ]
+    dot-import-whitelist:
+      - github.com/onsi/ginkgo/v2
+      - github.com/onsi/gomega
+
+
+issues:
+  max-issues-per-linter: 0
+  max-same-issues: 0
+  exclude-use-default: false
+  # Exclude vendored directories from linting.
+  exclude-dirs:
+    - third_party
+  exclude-rules:
+    - path: _test\.go
+      linters:
+        - dupl
@@ -0,0 +1,37 @@
+ARG builder_image
+ARG base_image
+
+# Build the manager binary (no emulation)
+FROM --platform=${BUILDPLATFORM} ${builder_image} AS builder
+ARG TARGETOS
+ARG TARGETARCH
+
+WORKDIR /workspace
+# Copy the Go Modules manifests
+COPY go.mod go.mod
+COPY go.sum go.sum
+# Cache deps before building and copying source so that we don't need to re-download as much
+# and so that source changes don't invalidate our downloaded layer
+RUN --mount=type=cache,target=/go/pkg/mod \
+    go mod download
+
+# Copy the go source
+COPY ./ ./
+
+ARG package=.
+ARG gcflags
+ARG ldflags
+RUN --mount=type=cache,target=/root/.cache/go-build \
+    --mount=type=cache,target=/go/pkg/mod \
+    CGO_ENABLED=0 GOOS=${TARGETOS} GOARCH=${TARGETARCH} \
+    go build -trimpath \
+    -ldflags="${ldflags}"  \
+    -gcflags="${gcflags}" \
+    -o manager ${package}
+
+FROM ${base_image}
+WORKDIR /
+COPY --from=builder /workspace/manager .
+USER 65532:65532
+
+ENTRYPOINT ["/manager"]
@@ -0,0 +1,58 @@
+# Stage 1: Build Tengine
+ARG base_image=ubuntu:22.04
+FROM ${base_image} AS builder
+
+ARG tengine_version=3.1.0
+
+ARG PACKAGES="wget unzip build-essential libpcre3 libpcre3-dev libssl-dev zlib1g-dev gettext"
+
+# Enable deb-src to be able to fetch sources
+RUN sed -i 's/^# deb-src/deb-src/g' /etc/apt/sources.list
+
+RUN apt update && apt install -y ${PACKAGES}
+
+WORKDIR /workspace
+RUN wget https://github.com/alibaba/tengine/archive/refs/tags/${tengine_version}.zip && unzip ${tengine_version}.zip
+
+WORKDIR /workspace/tengine-${tengine_version}
+RUN ./configure --add-dynamic-module=modules/ngx_http_concat_module
+RUN make && make install
+
+# Create necessary directories in the builder stage
+RUN mkdir -p /nginx
+
+# Move source code to a directory
+WORKDIR /workspace
+RUN mkdir src && \
+    cd src && \
+    cp /workspace/${tengine_version}.zip . && \
+    apt-get source ${PACKAGES} && \
+    cd /workspace && \
+    tar -czf source-code.tar.gz src
+
+# Stage 2: Create final image based on distroless
+FROM nvcr.io/nvidia/doca/dpf_containers:1.0.2-ubuntu22.04-distroless AS distroless
+
+# copy the tengine source code
+ARG version=3.1.0
+COPY --from=builder /workspace/source-code.tar.gz source-code.tar.gz
+
+# libraries for the nginx binary
+COPY --from=builder /lib/x86_64-linux-gnu/libpcre.so* /lib/x86_64-linux-gnu/
+COPY --from=builder /lib/x86_64-linux-gnu/libssl.so* /lib/x86_64-linux-gnu/
+COPY --from=builder /lib/x86_64-linux-gnu/libcrypto.so* /lib/x86_64-linux-gnu/
+COPY --from=builder /lib/x86_64-linux-gnu/libz.so* /lib/x86_64-linux-gnu/
+COPY --from=builder /lib/x86_64-linux-gnu/libcrypt.so* /lib/x86_64-linux-gnu/
+COPY --from=builder /bin/sh /bin/
+COPY --from=builder /bin/envsubst /bin/
+# ${uid}:${uid} can execute the binary but can not modify it. Refer to https://sonar-sw.nvidia.com/coding_rules?open=docker%3AS6504&rule_key=docker%3AS6504 for more details.
+COPY --chown=root:root --chmod=755 --from=builder /usr/local/nginx /usr/local/nginx
+
+ENV uid=65532
+
+# Copy nginx directory with non-root ownership. The directory is copied instead of created to avoid the need of mkdir and chown binaries.
+# nginx.conf and all the temp files are in the /nginx directory.
+# This approach complies with S6504 because we're only changing ownership of non-executable directories
+COPY --chown=${uid}:${uid} --chmod=700 --from=builder /nginx /nginx
+
+USER ${uid}:${uid}
@@ -0,0 +1,67 @@
+ARG builder_image
+ARG base_image
+
+# 1) Builder stage builds go binaries (no emulation).
+FROM --platform=${BUILDPLATFORM} ${builder_image} AS builder
+WORKDIR /workspace
+
+# Copy the Go Modules manifests
+COPY go.mod go.mod
+COPY go.sum go.sum
+# Cache deps before building and copying source so that we don't need to re-download as much
+# and so that source changes don't invalidate our downloaded layer
+RUN --mount=type=cache,target=/go/pkg/mod \
+    go mod download
+
+COPY ./ ./
+
+# Ensure that no additional tools or artifacts are included.
+RUN make clean
+
+ARG gcflags
+ARG ldflags
+ARG TARGETARCH
+ARG TAG
+
+ENV GO_LDFLAGS=\"${ldflags}\"
+ENV GO_GCFLAGS=\"${gcflags}\"
+ENV ARCH=${TARGETARCH}
+# The TAG variable is necessary for the dpfctl versioning.
+ENV TAG=${TAG}
+
+RUN --mount=type=cache,target=/root/.cache/go-build \
+    --mount=type=cache,target=/go/pkg/mod \
+    make binaries-dpf-system
+
+# Copy the go source code so it can be distributed in the final image.
+RUN go mod vendor
+RUN mkdir src && \
+    find . -name '*.go' -not -path "./hack/*" -not -path "./.gocache/*" -exec cp --parents \{\}  src/ \; && \
+    tar -czf source-code.tar.gz src
+
+# 2) Final stage copies artefacts from the builder and dependency stages.
+FROM ${base_image}
+ARG TARGETARCH
+
+WORKDIR /
+
+# Ensure all files are copied with the correct user.
+ENV uid=65532
+USER ${uid}:${uid}
+
+# Add the source code.
+COPY --chown=${uid} --from=builder /workspace/source-code.tar.gz source-code.tar.gz
+
+# Add the DPF system binaries
+COPY --chown=${uid} --from=builder /workspace/bin/operator .
+COPY --chown=${uid} --from=builder /workspace/bin/provisioning .
+COPY --chown=${uid} --from=builder /workspace/bin/dpuservice .
+COPY --chown=${uid} --from=builder /workspace/bin/servicechainset .
+COPY --chown=${uid} --from=builder /workspace/bin/sfc-controller .
+COPY --chown=${uid} --from=builder /workspace/bin/kamaji-cluster-manager .
+COPY --chown=${uid} --from=builder /workspace/bin/static-cluster-manager .
+COPY --chown=${uid} --from=builder /workspace/bin/ovshelper .
+COPY --chown=${uid} --from=builder /workspace/bin/dpfctl .
+COPY --chown=${uid} --from=builder /workspace/bin/dpu-detector .
+
+