diff --git a/.github/workflows/container-validation-backends.yml b/.github/workflows/container-validation-backends.yml index 79bceb2c85..8845f822ba 100644 --- a/.github/workflows/container-validation-backends.yml +++ b/.github/workflows/container-validation-backends.yml @@ -75,6 +75,19 @@ jobs: run: | cd deploy/cloud/operator docker build --target tester --progress=plain --build-arg DOCKER_PROXY=${ECR_HOSTNAME}/dockerhub/ . + + - name: Set up Go + uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 + with: + go-version: '1.24' + - name: Check for uncommitted changes + shell: bash + env: + ECR_HOSTNAME: ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.${{ secrets.AWS_DEFAULT_REGION }}.amazonaws.com + run: | + sudo apt-get update && sudo apt-get install -y make + cd deploy/cloud/operator + make check - name: Build Container id: build-image shell: bash diff --git a/deploy/cloud/operator/Makefile b/deploy/cloud/operator/Makefile index 57d832e60b..6089f4e636 100644 --- a/deploy/cloud/operator/Makefile +++ b/deploy/cloud/operator/Makefile @@ -44,6 +44,19 @@ help: ## Display this help. ##@ Development +.PHONY: check +check: generate manifests generate-api-docs + @echo "> Checking for uncommitted changes" + @if [ -n "$$(git status --porcelain)" ]; then \ + echo "ERROR: Git tree is dirty after running validation steps."; \ + echo "Please check the diff to identify the step that dirtied the tree."; \ + git --no-pager status; \ + git --no-pager diff; \ + exit 1; \ + fi + @echo "> Check complete" + + .PHONY: ensure-yq ensure-yq: @if ! command -v yq &> /dev/null; then \ @@ -100,6 +113,29 @@ manifests: controller-gen ensure-yq ## Generate WebhookConfiguration, ClusterRol if [ -d "../helm/crds/templates/" ]; then \ cp config/crd/bases/*.yaml ../helm/crds/templates/; \ fi + echo "Adding NVIDIA header to RBAC files" + for file in config/rbac/*.yaml; do \ + if [ -f "$$file" ] && ! head -20 "$$file" | grep -q "NVIDIA CORPORATION"; then \ + { printf '%s\n' \ + '# SPDX-FileCopyrightText: Copyright (c) 2024-2025 NVIDIA CORPORATION & AFFILIATES. All rights reserved.' \ + '# SPDX-License-Identifier: Apache-2.0' \ + '#' \ + '# Licensed under the Apache License, Version 2.0 (the "License");' \ + '# you may not use this file except in compliance with the License.' \ + '# You may obtain a copy of the License at' \ + '#' \ + '# http://www.apache.org/licenses/LICENSE-2.0' \ + '#' \ + '# Unless required by applicable law or agreed to in writing, software' \ + '# distributed under the License is distributed on an "AS IS" BASIS,' \ + '# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.' \ + '# See the License for the specific language governing permissions and' \ + '# limitations under the License.' \ + ''; \ + cat "$$file"; \ + } > "$$file.tmp" && mv "$$file.tmp" "$$file"; \ + fi; \ + done .PHONY: generate generate: controller-gen ## Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations. diff --git a/deploy/cloud/operator/config/rbac/role.yaml b/deploy/cloud/operator/config/rbac/role.yaml index b3436669f9..188af8b03b 100644 --- a/deploy/cloud/operator/config/rbac/role.yaml +++ b/deploy/cloud/operator/config/rbac/role.yaml @@ -1,5 +1,17 @@ -# SPDX-FileCopyrightText: Copyright (c) 2025 NVIDIA CORPORATION & AFFILIATES. All rights reserved. +# SPDX-FileCopyrightText: Copyright (c) 2024-2025 NVIDIA CORPORATION & AFFILIATES. All rights reserved. # SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. --- apiVersion: rbac.authorization.k8s.io/v1