[deckhouse-tools] build fix (#12290)

borg-z · web-flow · commit 88afc76ff906 · 2025-03-21T13:56:40.000+03:00
Signed-off-by: borg-z &lt;me@nikolay-z.top&gt;
diff --git a/.github/ci_includes/werf_envs.yml b/.github/ci_includes/werf_envs.yml
@@ -22,10 +22,6 @@ CLOUD_PROVIDERS_SOURCE_REPO: "${{secrets.CLOUD_PROVIDERS_SOURCE_REPO}}"
 GOPROXY: "${{vars.GOPROXY}}"
 # observability source repo should contain creds for repo for ex https://user:password@my-repo.com/group
 OBSERVABILITY_SOURCE_REPO: "${{secrets.OBSERVABILITY_SOURCE_REPO}}"
-# Next two are required for accessing the stronghold repo during d8 cli builds.
-# Stronghold pull token should contain CI token with read access to stronghold repos.
-STRONGHOLD_PULL_TOKEN: "${{secrets.STRONGHOLD_PULL_TOKEN}}"
-# deckhouse private repo should contain the host address of proprietary parts of deckhouse ecosystem. Ex repo.my-repo.com
 DECKHOUSE_PRIVATE_REPO: "${{secrets.DECKHOUSE_PRIVATE_REPO}}"
 # </template: git_source_envs>
 {!{- end -}!}
diff --git a/.github/workflows/build-and-test_dev.yml b/.github/workflows/build-and-test_dev.yml
@@ -45,10 +45,6 @@ env:
   GOPROXY: "${{vars.GOPROXY}}"
   # observability source repo should contain creds for repo for ex https://user:password@my-repo.com/group
   OBSERVABILITY_SOURCE_REPO: "${{secrets.OBSERVABILITY_SOURCE_REPO}}"
-  # Next two are required for accessing the stronghold repo during d8 cli builds.
-  # Stronghold pull token should contain CI token with read access to stronghold repos.
-  STRONGHOLD_PULL_TOKEN: "${{secrets.STRONGHOLD_PULL_TOKEN}}"
-  # deckhouse private repo should contain the host address of proprietary parts of deckhouse ecosystem. Ex repo.my-repo.com
   DECKHOUSE_PRIVATE_REPO: "${{secrets.DECKHOUSE_PRIVATE_REPO}}"
   # </template: git_source_envs>
 
diff --git a/.github/workflows/build-and-test_pre-release.yml b/.github/workflows/build-and-test_pre-release.yml
@@ -47,10 +47,6 @@ env:
   GOPROXY: "${{vars.GOPROXY}}"
   # observability source repo should contain creds for repo for ex https://user:password@my-repo.com/group
   OBSERVABILITY_SOURCE_REPO: "${{secrets.OBSERVABILITY_SOURCE_REPO}}"
-  # Next two are required for accessing the stronghold repo during d8 cli builds.
-  # Stronghold pull token should contain CI token with read access to stronghold repos.
-  STRONGHOLD_PULL_TOKEN: "${{secrets.STRONGHOLD_PULL_TOKEN}}"
-  # deckhouse private repo should contain the host address of proprietary parts of deckhouse ecosystem. Ex repo.my-repo.com
   DECKHOUSE_PRIVATE_REPO: "${{secrets.DECKHOUSE_PRIVATE_REPO}}"
   # </template: git_source_envs>
 
diff --git a/.github/workflows/build-and-test_release.yml b/.github/workflows/build-and-test_release.yml
@@ -60,10 +60,6 @@ env:
   GOPROXY: "${{vars.GOPROXY}}"
   # observability source repo should contain creds for repo for ex https://user:password@my-repo.com/group
   OBSERVABILITY_SOURCE_REPO: "${{secrets.OBSERVABILITY_SOURCE_REPO}}"
-  # Next two are required for accessing the stronghold repo during d8 cli builds.
-  # Stronghold pull token should contain CI token with read access to stronghold repos.
-  STRONGHOLD_PULL_TOKEN: "${{secrets.STRONGHOLD_PULL_TOKEN}}"
-  # deckhouse private repo should contain the host address of proprietary parts of deckhouse ecosystem. Ex repo.my-repo.com
   DECKHOUSE_PRIVATE_REPO: "${{secrets.DECKHOUSE_PRIVATE_REPO}}"
   # </template: git_source_envs>
 
diff --git a/.werf/defines/modules.tmpl b/.werf/defines/modules.tmpl
@@ -25,7 +25,6 @@ args:
   SOURCE_REPO: {{ .SOURCE_REPO }}
   CLOUD_PROVIDERS_SOURCE_REPO: {{ .CLOUD_PROVIDERS_SOURCE_REPO }}
   OBSERVABILITY_SOURCE_REPO: {{ .OBSERVABILITY_SOURCE_REPO }}
-  STRONGHOLD_PULL_TOKEN: {{ .STRONGHOLD_PULL_TOKEN }}
   DECKHOUSE_PRIVATE_REPO: {{ .DECKHOUSE_PRIVATE_REPO }}
   # proxies for various packages
   GOPROXY: {{ .GOPROXY }}
diff --git a/.werf/werf-modules.yaml b/.werf/werf-modules.yaml
@@ -56,7 +56,6 @@
       {{- $_ := set $ctx "OBSERVABILITY_SOURCE_REPO" $Root.OBSERVABILITY_SOURCE_REPO }}
       {{- $_ := set $ctx "GOPROXY" $Root.GOPROXY }}
       {{- $_ := set $ctx "DECKHOUSE_PRIVATE_REPO" $Root.DECKHOUSE_PRIVATE_REPO }}
-      {{- $_ := set $ctx "STRONGHOLD_PULL_TOKEN" $Root.STRONGHOLD_PULL_TOKEN }}
       {{- $_ := set $ctx "DistroPackagesProxy" $Root.DistroPackagesProxy }}
       {{- $_ := set $ctx "CargoProxy" $Root.CargoProxy }}
 ---
diff --git a/Makefile b/Makefile
@@ -378,10 +378,7 @@ set-build-envs:
   ifeq ($(DECKHOUSE_PRIVATE_REPO),)
   	export DECKHOUSE_PRIVATE_REPO=https://github.com
   endif
-  ifeq ($(STRONGHOLD_PULL_TOKEN=),)
-  	export STRONGHOLD_PULL_TOKEN="token"
-  endif
-
+  
 	export WERF_REPO=$(DEV_REGISTRY_PATH)
 	export REGISTRY_SUFFIX=$(shell echo $(WERF_ENV) | tr '[:upper:]' '[:lower:]')
 	export SECONDARY_REPO=--secondary-repo $(DECKHOUSE_REGISTRY_HOST)/deckhouse/$(REGISTRY_SUFFIX)
diff --git a/candi/version_map.yml b/candi/version_map.yml
@@ -1,23 +1,23 @@
 bashible: &bashible
   ubuntu:
-    '18.04':
-    '20.04':
-    '22.04':
-    '24.04':
+    "18.04":
+    "20.04":
+    "22.04":
+    "24.04":
   debian:
-    '10':
-    '11':
-    '12':
+    "10":
+    "11":
+    "12":
   centos:
-    '7':
-    '8':
-    '9':
+    "7":
+    "8":
+    "9":
   opensuse:
-    '15.4':
-    '15.5':
-    '15.6':
+    "15.4":
+    "15.5":
+    "15.6":
 k8s:
-  '1.28':
+  "1.28":
     status: end-of-life
     patch: 15
     bashible: *bashible
@@ -41,7 +41,7 @@ k8s:
       registrar: v2.13.0
       snapshotter: v8.1.1
       livenessprobe: v2.15.0
-  '1.29':
+  "1.29":
     status: available
     patch: 14
     bashible: *bashible
@@ -65,7 +65,7 @@ k8s:
       registrar: v2.13.0
       snapshotter: v8.1.1
       livenessprobe: v2.15.0
-  '1.30':
+  "1.30":
     status: available
     patch: 10
     bashible: *bashible
@@ -89,7 +89,7 @@ k8s:
       registrar: v2.13.0
       snapshotter: v8.1.1
       livenessprobe: v2.15.0
-  '1.31':
+  "1.31":
     status: available
     patch: 6
     bashible: *bashible
@@ -113,7 +113,7 @@ k8s:
       registrar: v2.13.0
       snapshotter: v8.1.1
       livenessprobe: v2.15.0
-  '1.32':
+  "1.32":
     status: preview
     patch: 2
     bashible: *bashible
@@ -138,6 +138,6 @@ k8s:
       snapshotter: v8.1.1
       livenessprobe: v2.15.0
 d8:
-  d8CliVersion: v0.10.4
+  d8CliVersion: v0.11.0
 jq:
   version: 1.7.1
diff --git a/modules/007-registrypackages/images/d8/werf.inc.yaml b/modules/007-registrypackages/images/d8/werf.inc.yaml
@@ -52,10 +52,15 @@ shell:
   - apt-get update && apt-get install libbtrfs-dev -y
   install:
   - export GOPROXY={{ $.GOPROXY }}
+
   - export PRIVATE_REPO={{ $.DECKHOUSE_PRIVATE_REPO }}
-  - export PRIVATE_REPO_TOKEN={{ $.STRONGHOLD_PULL_TOKEN }}
-  - export GOPRIVATE={{ $.DECKHOUSE_PRIVATE_REPO }}
-  - git config --global url."https://gitlab-ci-token:${PRIVATE_REPO_TOKEN}@${PRIVATE_REPO}/".insteadOf https://${PRIVATE_REPO}/
+  - GOPRIVATE="flant.internal"
+  - git config --global url."ssh://git@${PRIVATE_REPO}/".insteadOf "https://flant.internal/"
+  - git config --global --add safe.directory '*'
+  - mkdir -p ~/.ssh
+  - touch ~/.ssh/known_hosts
+  - ssh-keyscan -H ${PRIVATE_REPO} >> ~/.ssh/known_hosts
+
   - cd /src/deckhouse-cli
   - task build:dist:linux:amd64
   - mv ./dist/{{ .CandiVersionMap.d8.d8CliVersion }}/linux-amd64/bin/d8 /d8
diff --git a/modules/800-deckhouse-tools/images/web/werf.inc.yaml b/modules/800-deckhouse-tools/images/web/werf.inc.yaml
@@ -69,10 +69,15 @@ shell:
     - find /var/lib/apt/ /var/cache/apt/ -type f -delete
   install:
     - export GOPROXY={{ $.GOPROXY }}
+
     - export PRIVATE_REPO={{ $.DECKHOUSE_PRIVATE_REPO }}
-    - export PRIVATE_REPO_TOKEN={{ $.STRONGHOLD_PULL_TOKEN }}
-    - export GOPRIVATE={{ $.DECKHOUSE_PRIVATE_REPO }}
-    - git config --global url."https://gitlab-ci-token:${PRIVATE_REPO_TOKEN}@${PRIVATE_REPO}/".insteadOf https://${PRIVATE_REPO}/
+    - GOPRIVATE="flant.internal"
+    - git config --global url."ssh://git@${PRIVATE_REPO}/".insteadOf "https://flant.internal/"
+    - git config --global --add safe.directory '*'
+    - mkdir -p ~/.ssh
+    - touch ~/.ssh/known_hosts
+    - ssh-keyscan -H ${PRIVATE_REPO} >> ~/.ssh/known_hosts
+
     - cd /src
     - task build:dist:all
     - mkdir -p /app/files/d8-cli
diff --git a/tools/images_tags/main.go b/tools/images_tags/main.go
@@ -83,7 +83,6 @@ func main() {
 		"GOPROXY=",
 		"CLOUD_PROVIDERS_SOURCE_REPO=",
 		"OBSERVABILITY_SOURCE_REPO=",
-		"STRONGHOLD_PULL_TOKEN=",
 		"DECKHOUSE_PRIVATE_REPO=",
 	)
 	cmd.Dir = path.Join("..")
diff --git a/werf-giterminism.yaml b/werf-giterminism.yaml
@@ -1,21 +1,20 @@
 giterminismConfigVersion: 1
 config:
-  goTemplateRendering:	# The rules for the Go-template functions
-    allowEnvVariables: 
-    - /CI_.+/
-    - /REPO_MCM_.+/
-    - SOURCE_REPO
-    - GOPROXY
-    - WERF_DISABLE_META_TAGS
-    - CLOUD_PROVIDERS_SOURCE_REPO
-    - OBSERVABILITY_SOURCE_REPO
-    - DISTRO_PACKAGES_PROXY
-    - CARGO_PROXY
-    - STRONGHOLD_PULL_TOKEN
-    - DECKHOUSE_PRIVATE_REPO
-    allowUncommittedFiles: [ "tools/build_includes/*" ]
+  goTemplateRendering: # The rules for the Go-template functions
+    allowEnvVariables:
+      - /CI_.+/
+      - /REPO_MCM_.+/
+      - SOURCE_REPO
+      - GOPROXY
+      - WERF_DISABLE_META_TAGS
+      - CLOUD_PROVIDERS_SOURCE_REPO
+      - OBSERVABILITY_SOURCE_REPO
+      - DISTRO_PACKAGES_PROXY
+      - CARGO_PROXY
+      - DECKHOUSE_PRIVATE_REPO
+    allowUncommittedFiles: ["tools/build_includes/*"]
   stapel:
     mount:
-     allowBuildDir: true
-     allowFromPaths:
-     - ~/go-pkg-cache
+      allowBuildDir: true
+      allowFromPaths:
+        - ~/go-pkg-cache
diff --git a/werf.yaml b/werf.yaml
@@ -77,8 +77,6 @@ cleanup:
 # Source repo with observability private code
 {{- $_ := set . "OBSERVABILITY_SOURCE_REPO" (env "OBSERVABILITY_SOURCE_REPO" | default "https://example.com") }}
 
-# Stronghold repo access for building d8 cli
-{{- $_ := set . "STRONGHOLD_PULL_TOKEN" (env "STRONGHOLD_PULL_TOKEN") }}
 {{- $_ := set . "DECKHOUSE_PRIVATE_REPO" (env "DECKHOUSE_PRIVATE_REPO") }}
 
 {{- $_ := set . "CI_COMMIT_TAG" (env "CI_COMMIT_TAG" "dev") }}

Original file line number	Diff line number	Diff line change
`@@ -83,7 +83,6 @@ func main() {`
`83`	`83`	`"GOPROXY=",`
`84`	`84`	`"CLOUD_PROVIDERS_SOURCE_REPO=",`
`85`	`85`	`"OBSERVABILITY_SOURCE_REPO=",`
`86`		`- "STRONGHOLD_PULL_TOKEN=",`
`87`	`86`	`"DECKHOUSE_PRIVATE_REPO=",`
`88`	`87`	`)`
`89`	`88`	`cmd.Dir = path.Join("..")`