deckhouse
diff --git a/‎.dmtlint.yaml‎
Lines changed: 4 additions & 93 deletions b/‎.dmtlint.yaml‎
Lines changed: 4 additions & 93 deletions
diff --git a/‎.editorconfig‎
Lines changed: 2 additions & 1 deletion b/‎.editorconfig‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎.github/actions/milestone-changelog/action.yml‎
Lines changed: 1 addition & 1 deletion b/‎.github/actions/milestone-changelog/action.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/check-changelog-entry.yml‎
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/check-changelog-entry.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/cve_scan_daily.yml‎
Lines changed: 56 additions & 0 deletions b/‎.github/workflows/cve_scan_daily.yml‎
Lines changed: 56 additions & 0 deletions
diff --git a/‎.github/workflows/dev_build_svace.yml‎
Lines changed: 30 additions & 0 deletions b/‎.github/workflows/dev_build_svace.yml‎
Lines changed: 30 additions & 0 deletions
diff --git a/‎.github/workflows/dev_module_build-and-registration.yml‎
Lines changed: 26 additions & 16 deletions b/‎.github/workflows/dev_module_build-and-registration.yml‎
Lines changed: 26 additions & 16 deletions
@@ -1,95 +1,8 @@
+global:
+  linters-settings:
+    documentation:
+      impact: error
 linters-settings:
-  container:
-    exclude-rules:
-      liveness-probe:
-        - kind: Deployment
-          name: cdi-operator
-          container: proxy
-        - kind: Deployment
-          name: cdi-operator
-          namespace: d8-virtualization
-          container: cdi-operator
-        - kind: Deployment
-          name: cdi-operator
-          namespace: d8-virtualization
-          container: proxy
-        - kind: Deployment
-          name: virtualization-api
-          namespace: d8-virtualization
-          container: virtualization-api
-        - kind: Deployment
-          name: virt-operator
-          namespace: d8-virtualization
-          container: virt-operator
-        - kind: Deployment
-          name: virtualization-controller
-          namespace: d8-virtualization
-          container: proxy
-        - kind: Deployment
-          name: virtualization-controller
-          namespace: d8-virtualization
-          container: virtualization-controller
-        - kind: Deployment
-          name: virtualization-controller
-          namespace: d8-virtualization
-          container: kube-rbac-proxy
-        - kind: Deployment
-          name: virt-operator
-          namespace: d8-virtualization
-          container: kube-rbac-proxy
-        - kind: Deployment
-          name: cdi-operator
-          namespace: d8-virtualization
-          container: kube-rbac-proxy
-        - kind: Deployment
-          name: dvcr
-          namespace: d8-virtualization
-          container: kube-rbac-proxy
-        - kind: Deployment
-          name: virt-operator
-          namespace: d8-virtualization
-          container: proxy
-      readiness-probe:
-        - kind: Deployment
-          name: virtualization-controller
-          namespace: d8-virtualization
-          container: kube-rbac-proxy
-        - kind: Deployment
-          name: virt-operator
-          namespace: d8-virtualization
-          container: proxy
-        - kind: Deployment
-          name: cdi-operator
-          namespace: d8-virtualization
-          container: kube-rbac-proxy
-        - kind: Deployment
-          name: cdi-operator
-          namespace: d8-virtualization
-          container: cdi-operator
-        - kind: Deployment
-          name: virtualization-api
-          namespace: d8-virtualization
-          container: virtualization-api
-        - kind: Deployment
-          name: cdi-operator
-          namespace: d8-virtualization
-          container: proxy
-        - kind: Deployment
-          name: dvcr
-          namespace: d8-virtualization
-          container: kube-rbac-proxy
-        - kind: Deployment
-          name: virtualization-controller
-          namespace: d8-virtualization
-          container: virtualization-controller
-        - kind: Deployment
-          name: virtualization-controller
-          namespace: d8-virtualization
-          container: proxy
-        - kind: Deployment
-          name: virt-operator
-          namespace: d8-virtualization
-          container: kube-rbac-proxy
   openapi:
     exclude-rules:
       enum:
@@ -135,8 +48,6 @@ linters-settings:
         - kubevirt-internal-virtualization-controller
         - kubevirt-internal-virtualization-handler
   module:
-    oss:
-      disable: true
     exclude-rules:
       license:
         files:
 
@@ -24,4 +24,5 @@ indent_style = space
 ;python pep8 indentation
 [*.py]
 indent_style = space
-indent_size = 4
+indent_size = 4
+
@@ -19,7 +19,7 @@ runs:
 
     - name: Collect Changelog
       id: changelog
-      uses: deckhouse/changelog-action@v2
+      uses: deckhouse/changelog-action@v2.6.0
       with:
         token: ${{ inputs.token }}
         repo: ${{ github.repository }}
 
@@ -32,7 +32,7 @@ jobs:
         uses: actions/[email protected]
       - name: Check Changelog entry
         id: entry-check
-        uses: deckhouse/changelog-action@v2.5.0
+        uses: deckhouse/changelog-action@v2.6.0
         with:
           validate_only: true
           allowed_sections: |
 
@@ -0,0 +1,56 @@
+# Copyright 2025 Flant JSC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+name: "Daily CVE tests"
+on:
+  schedule:
+    # Run at 2:00 every night (UTC).
+    - cron: "0 02 * * *"
+  workflow_dispatch:
+    inputs:
+      tag_type:
+        type: choice
+        description: Tag type
+        required: false
+        options:
+          - release
+          - dev
+      tag_name:
+        description: "release version in semver minor format (example: 1.68) or specified tag from dev registry"
+        required: false
+
+concurrency:
+  group: cve-daily
+
+jobs:
+  cve_scan_daily:
+    name: Trivy images check
+    runs-on: [self-hosted, large]
+    steps:
+      - uses: actions/checkout@v4
+      - uses: deckhouse/modules-actions/cve_scan@v5
+        with:
+          tag: ${{ github.event.inputs.tag_name || 'main' }}
+          tag_type: ${{ github.event.inputs.tag_type }}
+          module_name: ${{ vars.MODULE_NAME }}
+          dd_url: ${{vars.DEFECTDOJO_HOST}}
+          dd_token: ${{secrets.DEFECTDOJO_API_TOKEN}}
+          prod_registry: ${{vars.TRIVY_REGISTRY}}
+          prod_registry_user: ${{ secrets.PROD_READ_REGISTRY_USER }}
+          prod_registry_password: ${{ secrets.PROD_READ_REGISTRY_PASSWORD }}
+          dev_registry: ${{ vars.DEV_REGISTRY }}
+          dev_registry_user: ${{ vars.DEV_MODULES_REGISTRY_LOGIN }}
+          dev_registry_password: ${{ secrets.DEV_MODULES_REGISTRY_PASSWORD }}
+          deckhouse_private_repo: ${{vars.DECKHOUSE_PRIVATE_REPO}}
+          latest_releases_amount: 5
@@ -167,6 +167,7 @@ jobs:
       - dev_setup_build
     steps:
       - uses: deckhouse/modules-actions/svace_analyze@v4
+        id: analyze
         with:
           project_group: ${{ github.event.repository.name }}
           ci_commit_ref_name: ${{ github.event.pull_request.head.ref || github.ref_name }}
@@ -177,3 +178,32 @@ jobs:
           svacer_import_user: "${{ secrets.SVACER_IMPORT_USER }}"
           svacer_import_password: "${{ secrets.SVACER_IMPORT_PASSWORD }}"
           svace_analyze_ssh_private_key: "${{ secrets.SVACE_ANALYZE_SSH_PRIVATE_KEY }}"
+
+  notify:
+    name: Notify Loop
+    runs-on: ubuntu-latest
+    needs:
+      - set_vars
+      - dev_setup_build
+      - analyze_build
+    if: always()
+    steps:
+      - name: Send results to Loop
+        run: |
+          DATE=$(date '+%Y-%m-%d')
+          if [ "${{ needs.analyze_build.result }}" == "success" ]; then
+            STATUS=":white_check_mark: SUCCESS!"
+          else
+            STATUS=":x: FAIL!"
+          fi
+          MESSAGE="
+          ### :gear: **DVP $DATE Weekly Svace Analyze Report**
+
+          **Branch:** \`$GITHUB_REF_NAME\`
+          **Status: ${STATUS}**
+
+          [:link: GitHub Actions Output]($GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID)
+          "
+          curl -XPOST -H 'Content-Type: application/json' -d "{\"text\": \"${MESSAGE}\"}" $LOOP_WEBHOOK_URL
+        env:
+          LOOP_WEBHOOK_URL: ${{ secrets.LOOP_WEBHOOK_URL }}
@@ -22,20 +22,23 @@ env:
   MODULES_REGISTRY_LOGIN: ${{ vars.DEV_MODULES_REGISTRY_LOGIN }}
   MODULES_REGISTRY_PASSWORD: ${{ secrets.DEV_MODULES_REGISTRY_PASSWORD }}
   RELEASE_CHANNEL: ${{ github.event.inputs.channel }}
-  MODULES_MODULE_TAG: ${{ github.event.inputs.tag }}-dev
+  MODULES_MODULE_TAG: ${{ github.event.inputs.tag }}
   SOURCE_REPO: "${{secrets.SOURCE_REPO}}"
   SOURCE_REPO_GIT: "${{secrets.SOURCE_REPO_GIT}}"
-  GO_VERSION: "1.22.7"
+  GO_VERSION: "1.24.6"
   MODULE_EDITION: "EE"
 
 on:
   push:
     tags:
-      - "v[0-9]+.[0-9]+.[0-9]+"
+      - "v[0-9]+.[0-9]+.[0-9]+.*"
   workflow_dispatch:
     inputs:
       tag:
-        description: "Input existing tag, example v0.16.1. Image module tag in dev-registry will have suffix -dev. For example: v0.16.1-dev"
+        description: |
+          Allow input tag vX.Y.Z (release tag) or vX.Y.Z-rc.N (release candidate tag).
+
+          Example: v1.0.0 or v1.0.0-rc.1
         type: string
         required: true
 
@@ -64,12 +67,26 @@ jobs:
           echo CI_COMMIT_REF_NAME=$CI_COMMIT_REF_NAME
           echo MODULES_MODULE_NAME=$MODULES_MODULE_NAME
           echo RELEASE_CHANNEL=$RELEASE_CHANNEL
-          echo MODULES_MODULE_TAG=$MODULES_MODULE_TAG
           echo MODULE_EDITION=$MODULE_EDITION
         shell: bash
-      - name: Validation for tag
+      - name: Validation and set MODULES_MODULE_TAG
+        id: get-tag
         run: |
-          echo ${{ github.event.inputs.tag }} | grep -P '^v\d+\.\d+\.\d+.*$'
+          TAG="${{ github.event.inputs.tag }}"
+          echo "Processing tag: $TAG"
+
+          # Check if tag matches vX.Y.Z pattern (release)
+          if echo "$TAG" | grep -P '^v\d+\.\d+\.\d+$' > /dev/null; then
+            echo "Release tag detected"
+            echo "MODULES_MODULE_TAG=${TAG}" >> $GITHUB_OUTPUT
+          # Check if tag matches vX.Y.Z-rc.N pattern (release candidate)
+          elif echo "$TAG" | grep -P '^v\d+\.\d+\.\d+-rc\.\d+$' > /dev/null; then
+            echo "Release candidate tag detected"
+            echo "MODULES_MODULE_TAG=$TAG" >> $GITHUB_OUTPUT
+          else
+            echo "Error: Invalid tag format. Use format vX.Y.Z or vX.Y.Z-rc.N"
+            exit 1
+          fi
         shell: bash
 
       - uses: actions/checkout@v4
@@ -91,13 +108,6 @@ jobs:
       - if: ${{ github.event.inputs.enableBuild == 'true' }}
         uses: deckhouse/modules-actions/build@v2
         with:
-          module_source: "$MODULES_MODULE_SOURCE"
-          module_name: ${{ vars.MODULE_NAME }}
-          module_tag: "$MODULES_MODULE_TAG"
-
-      - uses: deckhouse/modules-actions/deploy@v2
-        with:
-          module_source: "$MODULES_MODULE_SOURCE"
+          module_source: ${{ vars.DEV_MODULE_SOURCE}}
           module_name: ${{ vars.MODULE_NAME }}
-          module_tag: "$MODULES_MODULE_TAG"
-          release_channel: ${{ github.event.inputs.version }}
+          module_tag: ${{ steps.get-tag.outputs.MODULES_MODULE_TAG }}