Merge branch 'main' into fix/test/fuzz-testing-fail

Author: danilrwx

.dmtlint.yaml

@@ -1,95 +1,4 @@
 linters-settings:
-  container:
-    exclude-rules:
-      liveness-probe:
-        - kind: Deployment
-          name: cdi-operator
-          container: proxy
-        - kind: Deployment
-          name: cdi-operator
-          namespace: d8-virtualization
-          container: cdi-operator
-        - kind: Deployment
-          name: cdi-operator
-          namespace: d8-virtualization
-          container: proxy
-        - kind: Deployment
-          name: virtualization-api
-          namespace: d8-virtualization
-          container: virtualization-api
-        - kind: Deployment
-          name: virt-operator
-          namespace: d8-virtualization
-          container: virt-operator
-        - kind: Deployment
-          name: virtualization-controller
-          namespace: d8-virtualization
-          container: proxy
-        - kind: Deployment
-          name: virtualization-controller
-          namespace: d8-virtualization
-          container: virtualization-controller
-        - kind: Deployment
-          name: virtualization-controller
-          namespace: d8-virtualization
-          container: kube-rbac-proxy
-        - kind: Deployment
-          name: virt-operator
-          namespace: d8-virtualization
-          container: kube-rbac-proxy
-        - kind: Deployment
-          name: cdi-operator
-          namespace: d8-virtualization
-          container: kube-rbac-proxy
-        - kind: Deployment
-          name: dvcr
-          namespace: d8-virtualization
-          container: kube-rbac-proxy
-        - kind: Deployment
-          name: virt-operator
-          namespace: d8-virtualization
-          container: proxy
-      readiness-probe:
-        - kind: Deployment
-          name: virtualization-controller
-          namespace: d8-virtualization
-          container: kube-rbac-proxy
-        - kind: Deployment
-          name: virt-operator
-          namespace: d8-virtualization
-          container: proxy
-        - kind: Deployment
-          name: cdi-operator
-          namespace: d8-virtualization
-          container: kube-rbac-proxy
-        - kind: Deployment
-          name: cdi-operator
-          namespace: d8-virtualization
-          container: cdi-operator
-        - kind: Deployment
-          name: virtualization-api
-          namespace: d8-virtualization
-          container: virtualization-api
-        - kind: Deployment
-          name: cdi-operator
-          namespace: d8-virtualization
-          container: proxy
-        - kind: Deployment
-          name: dvcr
-          namespace: d8-virtualization
-          container: kube-rbac-proxy
-        - kind: Deployment
-          name: virtualization-controller
-          namespace: d8-virtualization
-          container: virtualization-controller
-        - kind: Deployment
-          name: virtualization-controller
-          namespace: d8-virtualization
-          container: proxy
-        - kind: Deployment
-          name: virt-operator
-          namespace: d8-virtualization
-          container: kube-rbac-proxy
   openapi:
     exclude-rules:
       enum:

.editorconfig

@@ -24,4 +24,5 @@ indent_style = space
 ;python pep8 indentation
 [*.py]
 indent_style = space
-indent_size = 4
+indent_size = 4
+

.github/workflows/cve_scan_daily.yml

@@ -0,0 +1,56 @@
+# Copyright 2025 Flant JSC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+name: "Daily CVE tests"
+on:
+  schedule:
+    # Run at 2:00 every night (UTC).
+    - cron: "0 02 * * *"
+  workflow_dispatch:
+    inputs:
+      tag_type:
+        type: choice
+        description: Tag type
+        required: false
+        options:
+          - release
+          - dev
+      tag_name:
+        description: "release version in semver minor format (example: 1.68) or specified tag from dev registry"
+        required: false
+
+concurrency:
+  group: cve-daily
+
+jobs:
+  cve_scan_daily:
+    name: Trivy images check
+    runs-on: [self-hosted, large]
+    steps:
+      - uses: actions/checkout@v4
+      - uses: deckhouse/modules-actions/cve_scan@v5
+        with:
+          tag: ${{ github.event.inputs.tag_name || 'main' }}
+          tag_type: ${{ github.event.inputs.tag_type }}
+          module_name: ${{ vars.MODULE_NAME }}
+          dd_url: ${{vars.DEFECTDOJO_HOST}}
+          dd_token: ${{secrets.DEFECTDOJO_API_TOKEN}}
+          prod_registry: ${{vars.TRIVY_REGISTRY}}
+          prod_registry_user: ${{ secrets.PROD_READ_REGISTRY_USER }}
+          prod_registry_password: ${{ secrets.PROD_READ_REGISTRY_PASSWORD }}
+          dev_registry: ${{ vars.DEV_REGISTRY }}
+          dev_registry_user: ${{ vars.DEV_MODULES_REGISTRY_LOGIN }}
+          dev_registry_password: ${{ secrets.DEV_MODULES_REGISTRY_PASSWORD }}
+          deckhouse_private_repo: ${{vars.DECKHOUSE_PRIVATE_REPO}}
+          latest_releases_amount: 5

.github/workflows/dev_module_build-and-registration.yml

@@ -25,7 +25,7 @@ env:
   MODULES_MODULE_TAG: ${{ github.event.inputs.tag }}-dev
   SOURCE_REPO: "${{secrets.SOURCE_REPO}}"
   SOURCE_REPO_GIT: "${{secrets.SOURCE_REPO_GIT}}"
-  GO_VERSION: "1.22.7"
+  GO_VERSION: "1.24.5"
   MODULE_EDITION: "EE"
 
 on:

.github/workflows/dev_module_build.yml

@@ -21,7 +21,7 @@ env:
   MODULES_MODULE_SOURCE: ${{ vars.DEV_MODULE_SOURCE }}
   MODULES_REGISTRY_LOGIN: ${{ vars.DEV_MODULES_REGISTRY_LOGIN }}
   MODULES_REGISTRY_PASSWORD: ${{ secrets.DEV_MODULES_REGISTRY_PASSWORD }}
-  GO_VERSION: "1.22.7"
+  GO_VERSION: "1.24.5"
   GOLANGCI_LINT_VERSION: "1.64.8"
   SOURCE_REPO: "${{secrets.SOURCE_REPO}}"
   SOURCE_REPO_GIT: "${{secrets.SOURCE_REPO_GIT}}"
@@ -58,27 +58,58 @@ concurrency:
 jobs:
   set_vars:
     runs-on: ubuntu-latest
-    name: Set MODULES_MODULE_TAG
+    name: Get PR info and set vars
     outputs:
       modules_module_tag: ${{ steps.modules_module_tag.outputs.MODULES_MODULE_TAG }}
       module_edition: ${{ steps.modules_module_tag.outputs.MODULE_EDITION }}
       runner_type: ${{ steps.modules_module_tag.outputs.RUNNER_TYPE }}
+      debug_component: ${{ steps.get-labels.outputs.debug_component }}
     steps:
       - name: Get Pull Request Labels
         id: get-labels
         uses: actions/github-script@v7
         with:
           script: |
+            function processDelveLabels(labelList) {
+              const delveLabels = labelList.filter(label => label.includes('delve'));
+              
+              if (delveLabels.length === 0) {
+                  console.log("No delve labels found");
+                  return null;
+              } else if (delveLabels.length === 1) {
+                  return delveLabels[0];
+              } else {
+                  const errorMsg = "Error: Multiple delve labels found - " + delveLabels.join(', ');
+                  console.error(errorMsg);
+                  core.setFailed(errorMsg);
+                  return null;
+              }
+            }
+
+            let allLabels = [];
+            let debug_component = '';
+
             if (context.eventName === "pull_request" || context.eventName === "pull_request_target" ) {
-              const prNumber = context.payload.pull_request.number;
-              const { data: labels } = await github.rest.issues.listLabelsOnIssue({
-                owner: context.repo.owner,
-                repo: context.repo.repo,
-                issue_number: prNumber,
-              });
-              return labels.map(label => label.name);
+              let prNumber = context.payload.pull_request.number;
+              try {
+                let { data: labels } = await github.rest.issues.listLabelsOnIssue({
+                  owner: context.repo.owner,
+                  repo: context.repo.repo,
+                  issue_number: prNumber,
+                });
+                allLabels = labels.map(label => label.name);
+                debug_component = processDelveLabels(allLabels);
+                
+                // Set the outputs
+                core.setOutput('debug_component', debug_component);
+                core.setOutput('prLabels', allLabels);
+              
+              } catch (error) {
+                core.setFailed(`Script failed: ${error.message}`);
+              }
             } else {
-              return [];
+              core.setOutput('debug_component', debug_component);
+              core.setOutput('prLabels', allLabels);
             }
           result-encoding: string
 
@@ -100,17 +131,17 @@ jobs:
 
           echo "MODULES_MODULE_TAG=$MODULES_MODULE_TAG" >> "$GITHUB_OUTPUT"
 
-          # Slect edition for build, default EE
-          if echo "${{ steps.get-labels.outputs.result }}" | grep -q "edition/ce"; then
+          # Select edition for build, default EE
+          if echo "${{ steps.get-labels.outputs.prLabels }}" | grep -q "edition/ce"; then
             echo "MODULE_EDITION=CE" >> $GITHUB_OUTPUT
           else
             echo "MODULE_EDITION=EE" >> "$GITHUB_OUTPUT"
           fi
 
           # Select runner
-          if echo "${{ steps.get-labels.outputs.result }}" | grep -q "build/github/ubuntu"; then
+          if echo "${{ steps.get-labels.outputs.prLabels }}" | grep -q "build/github/ubuntu"; then
             echo "RUNNER_TYPE=[\"ubuntu-22.04\"]" >> "$GITHUB_OUTPUT"
-          elif echo "${{ steps.get-labels.outputs.result }}" | grep -q "build/self-hosted/regular"; then
+          elif echo "${{ steps.get-labels.outputs.prLabels }}" | grep -q "build/self-hosted/regular"; then
             echo "RUNNER_TYPE=[\"self-hosted\", \"regular\"]" >> "$GITHUB_OUTPUT"
           else
             echo "RUNNER_TYPE=[\"self-hosted\", \"large\"]" >> "$GITHUB_OUTPUT"
@@ -281,10 +312,6 @@ jobs:
         with:
           ref: ${{ github.event.pull_request.head.sha || github.sha }}
 
-      - name: Run test Python hooks
-        run: |
-          task hooks:test
-
       - name: Run test GO hooks
         run: |
           task gohooks:test
@@ -302,6 +329,7 @@ jobs:
       MODULES_MODULE_TAG: ${{needs.set_vars.outputs.modules_module_tag}}
       MODULE_EDITION: ${{needs.set_vars.outputs.module_edition}}
       WERF_VIRTUAL_MERGE: 0
+      DEBUG_COMPONENT: ${{needs.set_vars.outputs.component_debug}}
     steps:
       - name: Print vars
         run: |
@@ -311,6 +339,7 @@ jobs:
           echo MODULES_MODULE_SOURCE=$MODULES_MODULE_SOURCE
           echo MODULES_MODULE_TAG=$MODULES_MODULE_TAG
           echo MODULE_EDITION=$MODULE_EDITION
+          echo DEBUG_COMPONENT=$DEBUG_COMPONENT
 
       - uses: actions/checkout@v4
         with:
@@ -430,7 +459,7 @@ jobs:
       - dev_setup_build
     steps:
       - uses: actions/checkout@v4
-      - uses: deckhouse/modules-actions/cve_scan@v3
+      - uses: deckhouse/modules-actions/cve_scan@v5
         with:
           tag: ${{needs.set_vars.outputs.modules_module_tag}}
           module_name: ${{ vars.MODULE_NAME }}

.github/workflows/dev_validation.yaml

@@ -15,8 +15,7 @@
 name: Validations
 
 env:
-  GO_VERSION: "1.22.7"
-
+  GO_VERSION: "1.24.5"
 on:
   pull_request:
     types: [opened, synchronize, labeled, unlabeled]
@@ -159,9 +158,9 @@ jobs:
       matrix:
         # Define two groups of components with their respective Go versions
         components:
-          - { component: virtualization-artifact, go-version: "1.23.9" }
-          - { component: vm-route-forge, go-version: "1.23.9" }
-          - { component: api, go-version: "1.22.7" }
+          - { component: virtualization-artifact, go-version: "1.24.5" }
+          - { component: vm-route-forge, go-version: "1.24.5" }
+          - { component: api, go-version: "1.24.5" }
 
     steps:
       - name: Set skip flag
@@ -240,12 +239,8 @@ jobs:
               export GOPATH=$(go env GOPATH)
               echo "GOPATH=$GOPATH" >> $GITHUB_ENV
               echo "Installing k8s tools..."
-              go get k8s.io/[email protected]
-              go install github.com/matryer/[email protected]
-              
-              go install -mod=readonly sigs.k8s.io/controller-tools/cmd/[email protected]
-              go install -mod=readonly k8s.io/kube-openapi/cmd/openapi-gen
-              
+              go install tool
+
               echo "Run generate"
               task generate
               # task controller:api:generate

.github/workflows/nightly_e2e_tests_main.yaml

@@ -16,7 +16,7 @@ name: Nightly E2E tests(main)
 
 env:
   CI_COMMIT_REF_NAME: ${{ github.ref_name }}
-  GO_VERSION: "1.22.7"
+  GO_VERSION: "1.24.5"
   TIMEOUT: "2h"
 
 on:

.werf/consts.yaml

@@ -0,0 +1,26 @@
+# Edition module settings
+{{- $_ := set . "MODULE_EDITION" (env "MODULE_EDITION" "EE") }}
+
+# Component versions
+{{- $_ := set . "Firmware" dict -}}
+{{- $_ := set . "Package" dict -}}
+{{- $_ := set . "Core" dict -}}
+{{- $versions_path := "/build/components/versions.yml" -}}
+
+{{- if .ModuleDir -}}
+{{-   $versions_path = (printf "%s%s" (trimPrefix "/" .ModuleDir ) $versions_path) -}}
+{{- end -}}
+
+{{- $versions_ctx := (.Files.Get $versions_path | fromYaml) -}}
+
+{{- range $k, $v := $versions_ctx.firmware -}}
+{{-   $_ := set $.Firmware $k $v -}}
+{{- end -}}
+
+{{- range $k, $v := $versions_ctx.package -}}
+{{-   $_ := set $.Package $k $v -}}
+{{- end -}}
+
+{{- range $k, $v := $versions_ctx.core -}}
+{{-   $_ := set $.Core $k $v -}}
+{{- end -}}