From f21bc7ed6e59b1a036b5f51466c16981dd197404 Mon Sep 17 00:00:00 2001 From: Pavel Tishkov Date: Thu, 3 Apr 2025 14:43:39 +0300 Subject: [PATCH 1/9] xxx --- .github/workflows/dev_module_build.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/.github/workflows/dev_module_build.yml b/.github/workflows/dev_module_build.yml index bc0b070943..001c94b0cc 100644 --- a/.github/workflows/dev_module_build.yml +++ b/.github/workflows/dev_module_build.yml @@ -35,6 +35,9 @@ on: type: number pull_request: types: [opened, reopened, synchronize, labeled, unlabeled] + branches: + - main + - pt-debug push: branches: - main @@ -103,8 +106,10 @@ jobs: # Select runner if echo "${{ steps.get-labels.outputs.result }}" | grep -q "build/github/ubuntu"; then echo "RUNNER_TYPE=[\"ubuntu-22.04\"]" >> "$GITHUB_OUTPUT" + elif echo "${{ steps.get-labels.outputs.result }}" | grep -q "build/self-hosted/regular"; then + echo "RUNNER_TYPE=[\"self-hosted\", \"regular\"]" >> "$GITHUB_OUTPUT" else - echo "RUNNER_TYPE=[\"self-hosted\", \"regular\", \"selectel\"]" >> "$GITHUB_OUTPUT" + echo "RUNNER_TYPE=[\"self-hosted\", \"large\"]" >> "$GITHUB_OUTPUT" fi show_dev_manifest: From 88455769c7d6c2d94ebe49a570c630dafc9303b1 Mon Sep 17 00:00:00 2001 From: Nikita Korolev Date: Thu, 3 Apr 2025 15:34:57 +0300 Subject: [PATCH 2/9] Set git postBuffer 1048576000 Signed-off-by: Nikita Korolev --- .github/workflows/dev_module_build.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/dev_module_build.yml b/.github/workflows/dev_module_build.yml index 001c94b0cc..1acbd7cfb4 100644 --- a/.github/workflows/dev_module_build.yml +++ b/.github/workflows/dev_module_build.yml @@ -254,4 +254,8 @@ jobs: - uses: deckhouse/modules-actions/setup@v1 + - name: Set git postBuffer 1048576000 + run: | + git config --global http.postBuffer 1048576000 + - uses: deckhouse/modules-actions/build@v1 From 4320a348eeef89678a6e7f1942bdab94be6b46a2 Mon Sep 17 00:00:00 2001 From: Nikita Korolev Date: Thu, 3 Apr 2025 15:47:38 +0300 Subject: [PATCH 3/9] ++ --- .github/workflows/dev_module_build.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/dev_module_build.yml b/.github/workflows/dev_module_build.yml index 1acbd7cfb4..52bc523c60 100644 --- a/.github/workflows/dev_module_build.yml +++ b/.github/workflows/dev_module_build.yml @@ -259,3 +259,7 @@ jobs: git config --global http.postBuffer 1048576000 - uses: deckhouse/modules-actions/build@v1 + + - name: Echo done + run: | + echo "Done" From b2ddb4d77a2139e92a1880a946236cbaddfba317 Mon Sep 17 00:00:00 2001 From: Maksim Fedotov Date: Thu, 3 Apr 2025 15:37:01 +0300 Subject: [PATCH 4/9] add git config http.postBuffer Signed-off-by: Maksim Fedotov --- .github/workflows/dev_module_build.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/dev_module_build.yml b/.github/workflows/dev_module_build.yml index 52bc523c60..756689753c 100644 --- a/.github/workflows/dev_module_build.yml +++ b/.github/workflows/dev_module_build.yml @@ -173,6 +173,10 @@ jobs: with: version: 3.37.2 + + - run: | + git config --global http.postBuffer 157286400 + - uses: actions/checkout@v4 with: ref: ${{ github.event.pull_request.head.sha || github.sha }} From 05b00d9c6e20d297487f738d1a285ce5c2e4f40d Mon Sep 17 00:00:00 2001 From: Nikita Korolev Date: Thu, 3 Apr 2025 16:10:53 +0300 Subject: [PATCH 5/9] tst for del Signed-off-by: Nikita Korolev --- .github/workflows/dev_module_build.yml | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/.github/workflows/dev_module_build.yml b/.github/workflows/dev_module_build.yml index 756689753c..001c94b0cc 100644 --- a/.github/workflows/dev_module_build.yml +++ b/.github/workflows/dev_module_build.yml @@ -173,10 +173,6 @@ jobs: with: version: 3.37.2 - - - run: | - git config --global http.postBuffer 157286400 - - uses: actions/checkout@v4 with: ref: ${{ github.event.pull_request.head.sha || github.sha }} @@ -258,12 +254,4 @@ jobs: - uses: deckhouse/modules-actions/setup@v1 - - name: Set git postBuffer 1048576000 - run: | - git config --global http.postBuffer 1048576000 - - uses: deckhouse/modules-actions/build@v1 - - - name: Echo done - run: | - echo "Done" From 7d43fda576c27334cb191a2305a3cde25532831d Mon Sep 17 00:00:00 2001 From: Nikita Korolev Date: Thu, 3 Apr 2025 16:15:01 +0300 Subject: [PATCH 6/9] add git buf in werf qemu and libvirt Signed-off-by: Nikita Korolev --- images/libvirt/werf.inc.yaml | 2 ++ images/qemu/werf.inc.yaml | 2 ++ 2 files changed, 4 insertions(+) diff --git a/images/libvirt/werf.inc.yaml b/images/libvirt/werf.inc.yaml index 50025d445d..a9a299b362 100644 --- a/images/libvirt/werf.inc.yaml +++ b/images/libvirt/werf.inc.yaml @@ -126,6 +126,8 @@ shell: export NINJA="/usr/bin/ninja" export PYTHON="/usr/bin/python3" + git config --global http.postBuffer 157286400 + git clone --depth=1 --branch v{{ $version }} {{ $gitRepoUrl }} {{ $gitRepoName }}-{{ $version }} cd {{ $gitRepoName }}-{{ $version }} diff --git a/images/qemu/werf.inc.yaml b/images/qemu/werf.inc.yaml index f9d8cc9488..552d51ccce 100644 --- a/images/qemu/werf.inc.yaml +++ b/images/qemu/werf.inc.yaml @@ -113,6 +113,8 @@ shell: export NINJA="/usr/bin/ninja" export PYTHON="/usr/bin/python3" + git config --global http.postBuffer 157286400 + git clone --depth=1 --branch v{{ $version }} {{ $gitRepoUrl }} {{ $gitRepoName }}-{{ $version }} cd {{ $gitRepoName }}-{{ $version }} From 31e035f340c3509f3c7d559067cde9cbd92acc21 Mon Sep 17 00:00:00 2001 From: Nikita Korolev Date: Thu, 3 Apr 2025 16:23:16 +0300 Subject: [PATCH 7/9] ++ Signed-off-by: Nikita Korolev --- images/libvirt/werf.inc.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/images/libvirt/werf.inc.yaml b/images/libvirt/werf.inc.yaml index a9a299b362..250b4a92c1 100644 --- a/images/libvirt/werf.inc.yaml +++ b/images/libvirt/werf.inc.yaml @@ -126,8 +126,9 @@ shell: export NINJA="/usr/bin/ninja" export PYTHON="/usr/bin/python3" + echo "git config --global http.postBuffer 157286400" git config --global http.postBuffer 157286400 - + git clone --depth=1 --branch v{{ $version }} {{ $gitRepoUrl }} {{ $gitRepoName }}-{{ $version }} cd {{ $gitRepoName }}-{{ $version }} From ccef59ddd7a15ea86d776735ced0c0f27fa7f5c5 Mon Sep 17 00:00:00 2001 From: Nikita Korolev Date: Thu, 3 Apr 2025 17:03:30 +0300 Subject: [PATCH 8/9] update ci build from main Signed-off-by: Nikita Korolev --- .github/workflows/dev_module_build.yml | 94 ++++++++++++++++++++++++-- 1 file changed, 89 insertions(+), 5 deletions(-) diff --git a/.github/workflows/dev_module_build.yml b/.github/workflows/dev_module_build.yml index 001c94b0cc..049b3505e2 100644 --- a/.github/workflows/dev_module_build.yml +++ b/.github/workflows/dev_module_build.yml @@ -22,6 +22,7 @@ env: MODULES_REGISTRY_LOGIN: ${{ vars.DEV_MODULES_REGISTRY_LOGIN }} MODULES_REGISTRY_PASSWORD: ${{ secrets.DEV_MODULES_REGISTRY_PASSWORD }} GO_VERSION: "1.22.7" + GOLANGCI_LINT_VERSION: "1.64.8" SOURCE_REPO: "${{secrets.SOURCE_REPO}}" on: @@ -177,10 +178,85 @@ jobs: with: ref: ${{ github.event.pull_request.head.sha || github.sha }} - - name: Run lint virtualization-controller + - name: Install golangci-lint run: | - task virtualization-controller:init - task virtualization-controller:lint:go + echo "Installing golangci-lint..." + curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin v${{ env.GOLANGCI_LINT_VERSION}} + echo "$(go env GOPATH)/bin" >> $GITHUB_PATH + echo "golangci-lint v${{ env.GOLANGCI_LINT_VERSION}} installed successfully!" + + - name: Lint all directories with golangci-lint + id: linters + # continue-on-error: true + shell: bash + run: | + # Find directories containing .golangci.yaml + mapfile -t config_dirs < <(find . -type f -name '.golangci.yaml' -printf '%h\0' | xargs -0 -n1 | sort -u) + count=${#config_dirs[@]} + echo "::notice title=Lint Setup::🔍 Found $count directories with linter configurations" + + report="" + error_count=0 + find_errors=0 + + for dir in "${config_dirs[@]}"; do + # echo "::group::📂 Linting directory: $dir" + # cd "$dir" || { echo "::error::Failed to access directory $dir"; exit 1; } + + cd "$dir" || { echo "::error::Failed to access directory $dir"; continue; } + + # Run linter with multiple formats + + output=$(golangci-lint run --out-format=json 2>/dev/null | jq '{warning: .Report.Warnings, error: .Report.Error}' || true) + find_errors=$(echo $output | jq '.error | select(.!=null)' | wc -l) + + # Track errors + if [ $find_errors -ne 0 ]; then + error_count=$(( error_count + 1 )) + echo "::group::📂 Linting directory ❌: $dir" + else + echo "::group::📂 Linting directory ✅: $dir" + fi + + report_out_warning=$(echo $output | jq '.warning') + report_out_error=$(echo $output | jq '.error') + + # Build report section + report+="\n\n### Directory: $dir\n" + report+="Find Errors: $find_errors\n" + report+="Output:\n\`\`\`\n$report_out_warning\n$report_out_error\n\`\`\`\n" + report+="---\n" + + cd - &>/dev/null + + if [ $find_errors -ne 0 ]; then + echo -e "⚠️ Warnings:\n$report_out_warning" + echo -e "❌ Errors:\n$report_out_error\n" + else + echo -e "✅ All check passed\n" + fi + + echo "::endgroup::" + done + + echo "directory_count=$count" >> "$GITHUB_OUTPUT" + + has_errors=$( [[ "$error_count" -gt 0 ]] && echo true || echo false) + echo "has_errors=$has_errors" >> "$GITHUB_OUTPUT" + + if [ $error_count -gt 0 ]; then + exit 1 + fi + + - name: Final status check + if: always() + run: | + if ${{ steps.linters.outputs.has_errors }}; then + echo "::error::🔥 Lint errors found in $error_count directories. Check step 'Lint all directories with golangci-lint' for details." + exit 1 + else + echo "::notice::✅ All linters passed successfully in ${{ steps.linters.outputs.directory_count }} directories" + fi lint_yaml: runs-on: ubuntu-latest @@ -252,6 +328,14 @@ jobs: if: ${{ !contains(needs.set_vars.outputs.runner_type, 'self-hosted') }} uses: ./.github/actions/remove-unwanted-software - - uses: deckhouse/modules-actions/setup@v1 + - uses: deckhouse/modules-actions/setup@v2 + with: + registry: ${{ vars.DEV_REGISTRY }} + registry_login: ${{ vars.DEV_MODULES_REGISTRY_LOGIN }} + registry_password: ${{ secrets.DEV_MODULES_REGISTRY_PASSWORD }} - - uses: deckhouse/modules-actions/build@v1 + - uses: deckhouse/modules-actions/build@v2 + with: + module_source: ${{ vars.DEV_MODULE_SOURCE}} + module_name: ${{ vars.MODULE_NAME }} + module_tag: "$MODULES_MODULE_TAG" From f61bee0157e14f0a953c8c72e142dbebe95a8a4a Mon Sep 17 00:00:00 2001 From: Nikita Korolev Date: Thu, 3 Apr 2025 17:05:04 +0300 Subject: [PATCH 9/9] back vce scan Signed-off-by: Nikita Korolev --- .github/workflows/dev_module_build.yml | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/.github/workflows/dev_module_build.yml b/.github/workflows/dev_module_build.yml index 049b3505e2..23020a7838 100644 --- a/.github/workflows/dev_module_build.yml +++ b/.github/workflows/dev_module_build.yml @@ -339,3 +339,23 @@ jobs: module_source: ${{ vars.DEV_MODULE_SOURCE}} module_name: ${{ vars.MODULE_NAME }} module_tag: "$MODULES_MODULE_TAG" + + cve_scan_on_pr: + name: Trivy images check + runs-on: ${{ fromJSON(needs.set_vars.outputs.runner_type)}} + needs: + - set_vars + - dev_setup_build + steps: + - uses: actions/checkout@v4 + - uses: deckhouse/modules-actions/cve_scan@v2 + with: + image: ${{ vars.DEV_MODULE_SOURCE }}/${{ vars.MODULE_NAME }} + tag: ${{needs.set_vars.outputs.modules_module_tag}} + module_name: ${{ vars.MODULE_NAME }} + dd_url: ${{vars.DEFECTDOJO_HOST}} + dd_token: ${{secrets.DEFECTDOJO_API_TOKEN}} + trivy_registry: ${{ vars.PROD_REGISTRY }} + trivy_registry_user: ${{ vars.PROD_MODULES_REGISTRY_LOGIN }} + trivy_registry_password: ${{ secrets.PROD_MODULES_REGISTRY_PASSWORD }} + deckhouse_private_repo: ${{vars.DECKHOUSE_PRIVATE_REPO}}