Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package werf for openSUSE:Factory checked in
at 2025-04-17 16:08:58
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/werf (Old)
and /work/SRC/openSUSE:Factory/.werf.new.30101 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "werf"
Thu Apr 17 16:08:58 2025 rev:45 rq:1270105 version:2.35.4
Changes:
--------
--- /work/SRC/openSUSE:Factory/werf/werf.changes 2025-04-11
16:47:13.120333209 +0200
+++ /work/SRC/openSUSE:Factory/.werf.new.30101/werf.changes 2025-04-20
20:12:05.443483195 +0200
@@ -1,0 +2,39 @@
+Wed Apr 16 18:01:22 UTC 2025 - Johannes Kastl
<opensuse_buildserv...@ojkastl.de>
+
+- Update to version 2.35.4:
+ * chore: release 2.35.4
+ * chore(release): release v2.35.4
+ * Revert "chore: update Nelm module"
+ * Revert "fix(deploy): possible panic in tracking Flux Canary
+ resource"
+ * Revert "fix(deploy): allow `werf.io/sensitive: false` for
+ Secrets"
+ * Revert "fix(deploy): default kubeconfig not used"
+ * chore(channels): revert alpha
+
+-------------------------------------------------------------------
+Wed Apr 16 17:59:20 UTC 2025 - Johannes Kastl
<opensuse_buildserv...@ojkastl.de>
+
+- Update to version 2.35.3:
+ * fix(deploy): default kubeconfig not used
+
+-------------------------------------------------------------------
+Wed Apr 16 17:51:05 UTC 2025 - Johannes Kastl
<opensuse_buildserv...@ojkastl.de>
+
+- Update to version 2.35.2:
+ * chore: release 2.35.2
+ * docs(build, secrets): update example
+ * test(build, secrets): remove from e2e simple test
+ * fix(build, secrets): fix secrets validation error when
+ rendering config
+ * fix(deploy): allow `werf.io/sensitive: false` for Secrets
+ * fix(deploy): possible panic in tracking Flux Canary resource
+ * chore: task format
+ * fix(build, imageSpec): invalidate cache (breaking changes)
+ * fix(build, imageSpec): keep essential werf-stage-content-digest
+ label
+ * chore: update Nelm module
+ * refactor(cleanup): update logging message
+ * chore(release): 2 alpha,beta,ea
+
+-------------------------------------------------------------------
Old:
----
werf-2.35.1.obscpio
New:
----
werf-2.35.4.obscpio
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ werf.spec ++++++
--- /var/tmp/diff_new_pack.FvlSIC/_old 2025-04-20 20:12:06.543529248 +0200
+++ /var/tmp/diff_new_pack.FvlSIC/_new 2025-04-20 20:12:06.547529415 +0200
@@ -17,7 +17,7 @@
Name: werf
-Version: 2.35.1
+Version: 2.35.4
Release: 0
Summary: CLI for the Werf CI/CD system
License: Apache-2.0
++++++ _service ++++++
--- /var/tmp/diff_new_pack.FvlSIC/_old 2025-04-20 20:12:06.583530922 +0200
+++ /var/tmp/diff_new_pack.FvlSIC/_new 2025-04-20 20:12:06.587531090 +0200
@@ -3,7 +3,7 @@
<param name="url">https://github.com/werf/werf</param>
<param name="scm">git</param>
<param name="exclude">.git</param>
- <param name="revision">v2.35.1</param>
+ <param name="revision">v2.35.4</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="versionrewrite-pattern">v(.*)</param>
<param name="changesgenerate">enable</param>
++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.FvlSIC/_old 2025-04-20 20:12:06.611532094 +0200
+++ /var/tmp/diff_new_pack.FvlSIC/_new 2025-04-20 20:12:06.611532094 +0200
@@ -1,6 +1,6 @@
<servicedata>
<service name="tar_scm">
<param name="url">https://github.com/werf/werf</param>
- <param
name="changesrevision">efb923c6e24496f497418e529a06f72339f226cd</param></service></servicedata>
+ <param
name="changesrevision">a878391d9331ee5583e43fbd2ca96a6c5ed67182</param></service></servicedata>
(No newline at EOF)
++++++ vendor.tar.gz ++++++
/work/SRC/openSUSE:Factory/werf/vendor.tar.gz
/work/SRC/openSUSE:Factory/.werf.new.30101/vendor.tar.gz differ: char 5, line 1
++++++ werf-2.35.1.obscpio -> werf-2.35.4.obscpio ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/werf-2.35.1/CHANGELOG.md new/werf-2.35.4/CHANGELOG.md
--- old/werf-2.35.1/CHANGELOG.md 2025-04-10 10:36:10.000000000 +0200
+++ new/werf-2.35.4/CHANGELOG.md 2025-04-16 13:51:13.000000000 +0200
@@ -1,5 +1,30 @@
# Changelog
+### [2.35.4](https://www.github.com/werf/werf/compare/v2.35.3...v2.35.4)
(2025-04-16)
+
+
+### Miscellaneous Chores
+
+* **release:** release v2.35.4
([336b284](https://www.github.com/werf/werf/commit/336b284a023a151eaf769d7e2781d4a051220a6e))
+
+### [2.35.3](https://www.github.com/werf/werf/compare/v2.35.2...v2.35.3)
(2025-04-16)
+
+
+### Bug Fixes
+
+* **deploy:** default kubeconfig not used
([cbf9f55](https://www.github.com/werf/werf/commit/cbf9f55bd14f60ece0b6c39f611cb14814117479))
+
+### [2.35.2](https://www.github.com/werf/werf/compare/v2.35.1...v2.35.2)
(2025-04-14)
+
+
+### Bug Fixes
+
+* **build, imageSpec:** invalidate cache (breaking changes)
([c827491](https://www.github.com/werf/werf/commit/c827491bb77fc410da7591eeac295dd186ccd46a))
+* **build, imageSpec:** keep essential werf-stage-content-digest label
([73fcd70](https://www.github.com/werf/werf/commit/73fcd70ba3291ae1f20a79ac8c3eb6b3b944f466))
+* **build, secrets:** fix secrets validation error when rendering config
([94b4333](https://www.github.com/werf/werf/commit/94b433383cc042d6326cd0c95025300477b8959e))
+* **deploy:** allow `werf.io/sensitive: false` for Secrets
([9d4fcec](https://www.github.com/werf/werf/commit/9d4fcec4a87b56eedf26d042cb30877ceb72a86b))
+* **deploy:** possible panic in tracking Flux Canary resource
([047fb12](https://www.github.com/werf/werf/commit/047fb12f920b5063cde54daefd4255b1b8c1378e))
+
### [2.35.1](https://www.github.com/werf/werf/compare/v2.35.0...v2.35.1)
(2025-04-10)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/werf-2.35.1/docs/pages_en/usage/build/images.md
new/werf-2.35.4/docs/pages_en/usage/build/images.md
--- old/werf-2.35.1/docs/pages_en/usage/build/images.md 2025-04-10
10:36:10.000000000 +0200
+++ new/werf-2.35.4/docs/pages_en/usage/build/images.md 2025-04-16
13:51:13.000000000 +0200
@@ -165,6 +165,7 @@
secrets:
allowEnvVariables:
- "AWS_ACCESS_KEY_ID"
+ - "AWS_SECRET_ACCESS_KEY"
allowFiles:
- "~/.aws/credentials"
allowValueIds:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/werf-2.35.1/docs/pages_en/usage/build/stapel/instructions.md
new/werf-2.35.4/docs/pages_en/usage/build/stapel/instructions.md
--- old/werf-2.35.1/docs/pages_en/usage/build/stapel/instructions.md
2025-04-10 10:36:10.000000000 +0200
+++ new/werf-2.35.4/docs/pages_en/usage/build/stapel/instructions.md
2025-04-16 13:51:13.000000000 +0200
@@ -373,6 +373,7 @@
secrets:
allowEnvVariables:
- "AWS_ACCESS_KEY_ID"
+ - "AWS_SECRET_ACCESS_KEY"
allowFiles:
- "~/.aws/credentials"
allowValueIds:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/werf-2.35.1/docs/pages_en/usage/deploy/charts.md
new/werf-2.35.4/docs/pages_en/usage/deploy/charts.md
--- old/werf-2.35.1/docs/pages_en/usage/deploy/charts.md 2025-04-10
10:36:10.000000000 +0200
+++ new/werf-2.35.4/docs/pages_en/usage/deploy/charts.md 2025-04-16
13:51:13.000000000 +0200
@@ -205,7 +205,7 @@
- name: backend
```
-If you want to connect multiple dependent charts with the same name or connect
the same dependent chart several times, use the parent chart's
`dependencies[].alias' directive to add alias for the charts to be included,
for example:
+If you want to connect multiple dependent charts with the same name or connect
the same dependent chart several times, use the parent chart's
`dependencies[].alias` directive to add alias for the charts to be included,
for example:
```yaml
# .helm/Chart.yaml:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/werf-2.35.1/go.mod new/werf-2.35.4/go.mod
--- old/werf-2.35.1/go.mod 2025-04-10 10:36:10.000000000 +0200
+++ new/werf-2.35.4/go.mod 2025-04-16 13:51:13.000000000 +0200
@@ -273,7 +273,7 @@
github.com/mattn/go-isatty v0.0.20 // indirect
github.com/mattn/go-runewidth v0.0.15 // indirect
github.com/mattn/go-shellwords v1.0.12 // indirect
- github.com/mattn/go-sqlite3 v1.14.22 // indirect
+ github.com/mattn/go-sqlite3 v2.0.1+incompatible // indirect
github.com/miekg/pkcs11 v1.1.1 // indirect
github.com/mistifyio/go-zfs/v3 v3.0.1 // indirect
github.com/mitchellh/go-homedir v1.1.0 // indirect
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/werf-2.35.1/go.sum new/werf-2.35.4/go.sum
--- old/werf-2.35.1/go.sum 2025-04-10 10:36:10.000000000 +0200
+++ new/werf-2.35.4/go.sum 2025-04-16 13:51:13.000000000 +0200
@@ -951,8 +951,8 @@
github.com/mattn/go-sqlite3 v1.14.0/go.mod
h1:JIl7NbARA7phWnGvh0LKTyg7S9BA+6gx71ShQilpsus=
github.com/mattn/go-sqlite3 v1.14.6/go.mod
h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU=
github.com/mattn/go-sqlite3 v1.14.7/go.mod
h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU=
-github.com/mattn/go-sqlite3 v1.14.22
h1:2gZY6PC6kBnID23Tichd1K+Z0oS6nE/XwU+Vz/5o4kU=
-github.com/mattn/go-sqlite3 v1.14.22/go.mod
h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y=
+github.com/mattn/go-sqlite3 v2.0.1+incompatible
h1:xQ15muvnzGBHpIpdrNi1DA5x0+TcBZzsIDwmw9uTHzw=
+github.com/mattn/go-sqlite3 v2.0.1+incompatible/go.mod
h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc=
github.com/mattn/go-zglob v0.0.1/go.mod
h1:9fxibJccNxU2cnpIKLRRFA7zX7qhkJIQWBb449FYHOo=
github.com/mattn/go-zglob v0.0.6
h1:mP8RnmCgho4oaUYDIDn6GNxYk+qJGUs8fJLn+twYj2A=
github.com/mattn/go-zglob v0.0.6/go.mod
h1:MxxjyoXXnMxfIpxTK2GAkw1w8glPsQILx3N5wrKakiY=
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/werf-2.35.1/pkg/build/build_phase.go
new/werf-2.35.4/pkg/build/build_phase.go
--- old/werf-2.35.1/pkg/build/build_phase.go 2025-04-10 10:36:10.000000000
+0200
+++ new/werf-2.35.4/pkg/build/build_phase.go 2025-04-16 13:51:13.000000000
+0200
@@ -860,8 +860,6 @@
contentDigest, exist :=
stageDescCopy.Info.Labels[imagePkg.WerfStageContentDigestLabel]
if exist {
stg.SetContentDigest(contentDigest)
- } else if stg.Name() == stage.ImageSpec { //
The content digest tag might be missing for the imageSpec stage (removed by the
user).
-
stg.SetContentDigest(stageDescCopy.Info.GetDigest())
} else {
panic(fmt.Sprintf("expected stage %q
content digest label to be set!", stg.Name()))
}
@@ -983,8 +981,6 @@
contentDigest, exist :=
stageDesc.Info.Labels[imagePkg.WerfStageContentDigestLabel]
if exist {
stageContentSig = contentDigest
- } else if stg.Name() == stage.ImageSpec { // The content digest
tag might be missing for the imageSpec stage (removed by the user).
- stageContentSig = stageDesc.Info.GetDigest()
} else {
panic(fmt.Sprintf("expected stage %q content digest
label to be set!", stg.Name()))
}
@@ -1188,8 +1184,6 @@
contentDigest, exist :=
stageDesc.Info.Labels[imagePkg.WerfStageContentDigestLabel]
if exist {
stg.SetContentDigest(contentDigest)
- } else if stg.Name() == stage.ImageSpec { // The
content digest tag might be missing for the imageSpec stage (removed by the
user).
- stg.SetContentDigest(stageDesc.Info.GetDigest())
} else {
panic(fmt.Sprintf("expected stage %q content
digest label to be set!", stg.Name()))
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/werf-2.35.1/pkg/build/builder/ansible.go
new/werf-2.35.4/pkg/build/builder/ansible.go
--- old/werf-2.35.1/pkg/build/builder/ansible.go 2025-04-10
10:36:10.000000000 +0200
+++ new/werf-2.35.4/pkg/build/builder/ansible.go 2025-04-16
13:51:13.000000000 +0200
@@ -16,6 +16,7 @@
"github.com/werf/common-go/pkg/util"
"github.com/werf/logboek"
+ "github.com/werf/werf/v2/pkg/build/secrets"
"github.com/werf/werf/v2/pkg/config"
"github.com/werf/werf/v2/pkg/container_backend"
"github.com/werf/werf/v2/pkg/container_backend/stage_builder"
@@ -247,7 +248,7 @@
func (b *Ansible) addBuildSecretsVolumes(stageHostTmpDir string, fn
func(string)) error {
for _, s := range b.secrets {
- secretPath, err := s.GetMountPath(stageHostTmpDir)
+ secretPath, err := secrets.GetMountPath(s, stageHostTmpDir)
if err != nil {
return err
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/werf-2.35.1/pkg/build/builder/shell.go
new/werf-2.35.4/pkg/build/builder/shell.go
--- old/werf-2.35.1/pkg/build/builder/shell.go 2025-04-10 10:36:10.000000000
+0200
+++ new/werf-2.35.4/pkg/build/builder/shell.go 2025-04-16 13:51:13.000000000
+0200
@@ -11,6 +11,7 @@
"github.com/werf/common-go/pkg/util"
"github.com/werf/logboek"
+ "github.com/werf/werf/v2/pkg/build/secrets"
"github.com/werf/werf/v2/pkg/config"
"github.com/werf/werf/v2/pkg/container_backend"
"github.com/werf/werf/v2/pkg/container_backend/stage_builder"
@@ -200,7 +201,7 @@
func (b *Shell) addBuildSecretsVolumes(stageHostTmpDir string, fn
func(string)) error {
for _, s := range b.secrets {
- secretPath, err := s.GetMountPath(stageHostTmpDir)
+ secretPath, err := secrets.GetMountPath(s, stageHostTmpDir)
if err != nil {
return err
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/werf-2.35.1/pkg/build/image/dockerfile.go
new/werf-2.35.4/pkg/build/image/dockerfile.go
--- old/werf-2.35.1/pkg/build/image/dockerfile.go 2025-04-10
10:36:10.000000000 +0200
+++ new/werf-2.35.4/pkg/build/image/dockerfile.go 2025-04-16
13:51:13.000000000 +0200
@@ -13,6 +13,7 @@
"github.com/werf/common-go/pkg/util"
"github.com/werf/logboek"
+ "github.com/werf/werf/v2/pkg/build/secrets"
"github.com/werf/werf/v2/pkg/build/stage"
stage_instruction "github.com/werf/werf/v2/pkg/build/stage/instruction"
"github.com/werf/werf/v2/pkg/config"
@@ -86,6 +87,15 @@
}{WerfImageName: werfImageName, Stage: stage, Level: level})
}
+ buildSecrets := make([]string, 0, len(dockerfileImageConfig.Secrets))
+ for _, s := range dockerfileImageConfig.Secrets {
+ secret, err := secrets.GetSecretStringArg(s)
+ if err != nil {
+ return nil, fmt.Errorf("unable to get build secrets:
%w", err)
+ }
+ buildSecrets = append(buildSecrets, secret)
+ }
+
for len(queue) > 0 {
item := queue[0]
queue = queue[1:]
@@ -219,7 +229,7 @@
case
*dockerfile.DockerfileStageInstruction[*instructions.OnbuildCommand]:
stg = stage_instruction.NewOnBuild(typedInstr,
dockerfileImageConfig.Dependencies, !isFirstStage, &baseStageOptions)
case
*dockerfile.DockerfileStageInstruction[*instructions.RunCommand]:
- stg = stage_instruction.NewRun(typedInstr,
dockerfileImageConfig.Dependencies, !isFirstStage, &baseStageOptions,
dockerfileImageConfig.Secrets, dockerfileImageConfig.SSH)
+ stg = stage_instruction.NewRun(typedInstr,
dockerfileImageConfig.Dependencies, !isFirstStage, &baseStageOptions,
buildSecrets, dockerfileImageConfig.SSH)
case
*dockerfile.DockerfileStageInstruction[*instructions.ShellCommand]:
stg = stage_instruction.NewShell(typedInstr,
dockerfileImageConfig.Dependencies, !isFirstStage, &baseStageOptions)
case
*dockerfile.DockerfileStageInstruction[*instructions.StopSignalCommand]:
@@ -320,6 +330,15 @@
ProjectName: opts.ProjectName,
}
+ buildSecrets := make([]string, 0, len(dockerfileImageConfig.Secrets))
+ for _, s := range dockerfileImageConfig.Secrets {
+ secret, err := secrets.GetSecretStringArg(s)
+ if err != nil {
+ return nil, fmt.Errorf("unable to get build secrets:
%w", err)
+ }
+ buildSecrets = append(buildSecrets, secret)
+ }
+
imageCacheVersion :=
option.ValueOrDefault(dockerfileImageConfig.CacheVersion(),
metaConfig.Build.CacheVersion)
dockerfileStage :=
stage.GenerateFullDockerfileStage(stage.NewDockerRunArgs(
@@ -332,7 +351,7 @@
dockerfileImageConfig.AddHost,
dockerfileImageConfig.Network,
dockerfileImageConfig.SSH,
- dockerfileImageConfig.Secrets,
+ buildSecrets,
), ds, stage.NewContextChecksum(dockerIgnorePathMatcher),
baseStageOptions, dockerfileImageConfig.Dependencies, imageCacheVersion)
img.stages = append(img.stages, dockerfileStage)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/werf-2.35.1/pkg/build/secrets/build_secrets.go
new/werf-2.35.4/pkg/build/secrets/build_secrets.go
--- old/werf-2.35.1/pkg/build/secrets/build_secrets.go 1970-01-01
01:00:00.000000000 +0100
+++ new/werf-2.35.4/pkg/build/secrets/build_secrets.go 2025-04-16
13:51:13.000000000 +0200
@@ -0,0 +1,155 @@
+package secrets
+
+import (
+ "fmt"
+ "math"
+ "math/rand/v2"
+ "os"
+
+ "github.com/werf/common-go/pkg/util"
+ "github.com/werf/werf/v2/pkg/config"
+)
+
+type SecretFromEnv struct {
+ Id string
+ Value string
+}
+
+type SecretFromSrc struct {
+ Id string
+ Value string
+}
+
+type SecretFromPlainValue struct {
+ Id string
+ Value string
+}
+
+type Secret interface {
+ GetSecretStringArg() (string, error)
+ GetMountPath(stageHostTmpDir string) (string, error)
+}
+
+func GetSecretStringArg(secret config.Secret) (string, error) {
+ s, err := parseSecret(secret)
+ if err != nil {
+ return "", fmt.Errorf("error parsing secrets: %w", err)
+ }
+ return s.GetSecretStringArg()
+}
+
+func (s *SecretFromEnv) GetSecretStringArg() (string, error) {
+ return fmt.Sprintf("id=%s,env=%s", s.Id, s.Value), nil
+}
+
+func (s *SecretFromSrc) GetSecretStringArg() (string, error) {
+ return fmt.Sprintf("id=%s,src=%s", s.Id, s.Value), nil
+}
+
+func (s *SecretFromPlainValue) GetSecretStringArg() (string, error) {
+ secret, err := s.setPlainValueAsEnv()
+ if err != nil {
+ return "", err
+ }
+ return secret.GetSecretStringArg()
+}
+
+func (s *SecretFromPlainValue) setPlainValueAsEnv() (*SecretFromEnv, error) {
+ envKey := fmt.Sprintf("tmpbuild%d_%s", rand.IntN(math.MaxInt32), s.Id)
// generate unique value
+ if _, e := os.LookupEnv(envKey); e {
+ return nil, fmt.Errorf("can't set secret %s: id is not unique",
s.Id) // should never be here
+ }
+
+ err := os.Setenv(envKey, s.Value)
+ if err != nil {
+ return nil, fmt.Errorf("can't set value")
+ }
+
+ return &SecretFromEnv{
+ Id: s.Id,
+ Value: envKey,
+ }, nil
+}
+
+func GetMountPath(secret config.Secret, stageHostTmpDir string) (string,
error) {
+ s, err := parseSecret(secret)
+ if err != nil {
+ return "", fmt.Errorf("unable to get secret mount path: %w",
err)
+ }
+ return s.GetMountPath(stageHostTmpDir)
+}
+
+func parseSecret(secret config.Secret) (Secret, error) {
+ if secret.ValueFromEnv != "" {
+ return newSecretFromEnv(secret)
+ } else if secret.ValueFromSrc != "" {
+ return newSecretFromSrc(secret)
+ } else if secret.ValueFromPlain != "" {
+ return newSecretFromPlainValue(secret)
+ }
+ return nil, fmt.Errorf("unknown secret type")
+}
+
+func newSecretFromEnv(s config.Secret) (*SecretFromEnv, error) {
+ if _, exists := os.LookupEnv(s.ValueFromEnv); !exists {
+ return nil, fmt.Errorf("specified env variable `%s` is not
set", s.ValueFromEnv)
+ }
+ return &SecretFromEnv{Id: s.Id, Value: s.ValueFromEnv}, nil
+}
+
+func newSecretFromSrc(s config.Secret) (*SecretFromSrc, error) {
+ absPath, err := util.ExpandPath(s.ValueFromSrc)
+ if err != nil {
+ return nil, fmt.Errorf("error load secret from src: %w", err)
+ }
+
+ if exists, _ := util.FileExists(absPath); !exists {
+ return nil, fmt.Errorf("error load secret from src: path %s
doesn't exist", absPath)
+ }
+ return &SecretFromSrc{Id: s.Id, Value: absPath}, nil
+}
+
+func newSecretFromPlainValue(s config.Secret) (*SecretFromPlainValue, error) {
+ return &SecretFromPlainValue{Id: s.Id, Value: s.ValueFromPlain}, nil
+}
+
+func (s *SecretFromEnv) GetMountPath(stageHostTmpDir string) (string, error) {
+ data := []byte(os.Getenv(s.Value))
+ return getMountPath(s.Id, stageHostTmpDir, data)
+}
+
+func (s *SecretFromSrc) GetMountPath(stageHostTmpDir string) (string, error) {
+ return generateMountPath(s.Id, s.Value), nil
+}
+
+func (s *SecretFromPlainValue) GetMountPath(stageHostTmpDir string) (string,
error) {
+ return getMountPath(s.Id, stageHostTmpDir, []byte(s.Value))
+}
+
+func getMountPath(secretId, stageHostTmpDir string, data []byte) (string,
error) {
+ tmpFile, err := writeToTmpFile(stageHostTmpDir, data)
+ if err != nil {
+ return "", fmt.Errorf("unable to mount secret: %w", err)
+ }
+ return generateMountPath(secretId, tmpFile), nil
+}
+
+func writeToTmpFile(stageHostTmpDir string, data []byte) (string, error) {
+ tmpFile, err := os.CreateTemp(stageHostTmpDir, "stapel*")
+ if err != nil {
+ return "", err
+ }
+
+ tmpFilePath := tmpFile.Name()
+
+ if err := os.WriteFile(tmpFilePath, data, 0o400); err != nil {
+ return "", err
+ }
+
+ return tmpFilePath, nil
+}
+
+func generateMountPath(id, filepath string) string {
+ containerPath := fmt.Sprintf("/run/secrets/%s", id)
+ return fmt.Sprintf("%s:%s:ro", filepath, containerPath)
+}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/werf-2.35.1/pkg/build/stage/image_spec.go
new/werf-2.35.4/pkg/build/stage/image_spec.go
--- old/werf-2.35.1/pkg/build/stage/image_spec.go 2025-04-10
10:36:10.000000000 +0200
+++ new/werf-2.35.4/pkg/build/stage/image_spec.go 2025-04-16
13:51:13.000000000 +0200
@@ -22,7 +22,7 @@
labelTemplateImage = "image"
labelTemplateProject = "project"
labelTemplateDelimiter = "%"
- werfLabelsGlobalWarning = `The "werf" and "werf-parent-stage-id" labels
cannot be removed within the imageSpec stage, as they are essential for the
proper operation of host and container registry cleanup.
+ werfLabelsGlobalWarning = `The "werf", "werf-stage-content-digest" and
"werf.io/parent-stage-id" labels cannot be removed within the imageSpec stage,
as they are essential for the proper operation of host and container registry
cleanup.
If you need to remove all werf labels, use the werf export command. By
default, this command removes all werf labels and fully detaches images from
werf control, transferring host and container registry cleanup entirely to the
user.
@@ -111,44 +111,34 @@
return nil
}
-const imageSpecStageCacheVersion = "2"
-
func (s *ImageSpecStage) GetDependencies(_ context.Context, _ Conveyor, _
container_backend.ContainerBackend, _, _ *StageImage, _
container_backend.BuildContextArchiver) (string, error) {
var args []string
- args = append(args, imageSpecStageCacheVersion)
+ // imageSpec
args = append(args, s.imageSpec.Author)
args = append(args, fmt.Sprint(s.imageSpec.ClearHistory))
- args = append(args, fmt.Sprint(s.imageSpec.ClearWerfLabels))
- args = append(args, sortSliceWithNewSlice(s.imageSpec.RemoveLabels)...)
- args = append(args, sortSliceWithNewSlice(s.imageSpec.RemoveVolumes)...)
- args = append(args, sortSliceWithNewSlice(s.imageSpec.RemoveEnv)...)
-
- args = append(args, sortSliceWithNewSlice(s.imageSpec.Volumes)...)
- args = append(args, mapToSortedArgs(s.imageSpec.Labels)...)
+ // imageSpec.config
+ args = append(args, strings.Join(s.imageSpec.Cmd, " "))
+ args = append(args, strings.Join(s.imageSpec.Entrypoint, " "))
args = append(args, mapToSortedArgs(s.imageSpec.Env)...)
args = append(args, sortSliceWithNewSlice(s.imageSpec.Expose)...)
+ args = append(args, fmt.Sprint(s.imageSpec.Healthcheck))
+ args = append(args, mapToSortedArgs(s.imageSpec.Labels)...)
+ args = append(args, s.imageSpec.StopSignal)
args = append(args, s.imageSpec.User)
- args = append(args, strings.Join(s.imageSpec.Cmd, " "))
- args = append(args, fmt.Sprint(s.imageSpec.ClearCmd))
- args = append(args, strings.Join(s.imageSpec.Entrypoint, " "))
- args = append(args, fmt.Sprint(s.imageSpec.ClearEntrypoint))
+ args = append(args, sortSliceWithNewSlice(s.imageSpec.Volumes)...)
args = append(args, s.imageSpec.WorkingDir)
- args = append(args, s.imageSpec.StopSignal)
- args = append(args, fmt.Sprint(s.imageSpec.Healthcheck))
-
- if s.imageSpec.ClearUser {
- args = append(args, fmt.Sprint(s.imageSpec.ClearUser))
- }
- if s.imageSpec.ClearWorkingDir {
- args = append(args, fmt.Sprint(s.imageSpec.ClearWorkingDir))
- }
+ args = append(args, sortSliceWithNewSlice(s.imageSpec.RemoveLabels)...)
+ args = append(args, sortSliceWithNewSlice(s.imageSpec.RemoveVolumes)...)
+ args = append(args, sortSliceWithNewSlice(s.imageSpec.RemoveEnv)...)
+ args = append(args, fmt.Sprint(s.imageSpec.KeepEssentialWerfLabels))
- if s.imageSpec.KeepEssentialWerfLabels {
- args = append(args,
fmt.Sprint(s.imageSpec.KeepEssentialWerfLabels))
- }
+ args = append(args, fmt.Sprint(s.imageSpec.ClearCmd))
+ args = append(args, fmt.Sprint(s.imageSpec.ClearEntrypoint))
+ args = append(args, fmt.Sprint(s.imageSpec.ClearUser))
+ args = append(args, fmt.Sprint(s.imageSpec.ClearWorkingDir))
return util.Sha256Hash(args...), nil
}
@@ -207,7 +197,7 @@
continue
}
- if key == image.WerfLabel || key == image.WerfParentStageID {
+ if key == image.WerfLabel || key == image.WerfParentStageID ||
key == image.WerfStageContentDigestLabel {
if !keepEssentialWerfLabels {
shouldPrintGlobalWarn = true
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/werf-2.35.1/pkg/cleaning/cleanup.go
new/werf-2.35.4/pkg/cleaning/cleanup.go
--- old/werf-2.35.1/pkg/cleaning/cleanup.go 2025-04-10 10:36:10.000000000
+0200
+++ new/werf-2.35.4/pkg/cleaning/cleanup.go 2025-04-16 13:51:13.000000000
+0200
@@ -813,7 +813,7 @@
// skip kept stages and their relatives.
{
- logboek.Context(ctx).Default().LogProcess("Skipping relative
stages for protected stages").Do(func() {
+ logboek.Context(ctx).Default().LogProcess("Processing relative
stages for saved stages").Do(func() {
handledStageDescSet := image.NewStageDescSet()
for protectionReason, stageDescToKeepSet := range
m.stageManager.GetProtectedStageDescSetByReason() {
// Git history based policy keeps import
sources more effectively, other policies do not keep them.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/werf-2.35.1/pkg/config/image_from_dockerfile.go
new/werf-2.35.4/pkg/config/image_from_dockerfile.go
--- old/werf-2.35.1/pkg/config/image_from_dockerfile.go 2025-04-10
10:36:10.000000000 +0200
+++ new/werf-2.35.4/pkg/config/image_from_dockerfile.go 2025-04-16
13:51:13.000000000 +0200
@@ -20,7 +20,7 @@
SSH string
Dependencies []*Dependency
Staged bool
- Secrets []string
+ Secrets []Secret
ImageSpec *ImageSpec
cacheVersion string
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/werf-2.35.1/pkg/config/raw_image_from_dockerfile.go
new/werf-2.35.4/pkg/config/raw_image_from_dockerfile.go
--- old/werf-2.35.1/pkg/config/raw_image_from_dockerfile.go 2025-04-10
10:36:10.000000000 +0200
+++ new/werf-2.35.4/pkg/config/raw_image_from_dockerfile.go 2025-04-16
13:51:13.000000000 +0200
@@ -145,16 +145,7 @@
return nil, err
}
- secretsArgs := make([]string, 0, len(secrets))
- for _, s := range secrets {
- secret, err := s.GetSecretStringArg()
- if err != nil {
- return nil, err
- }
- secretsArgs = append(secretsArgs, secret)
- }
-
- image.Secrets = secretsArgs
+ image.Secrets = secrets
if c.RawImageSpec != nil {
image.ImageSpec = c.RawImageSpec.toDirective()
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/werf-2.35.1/pkg/config/raw_image_from_dockerfile_test.go
new/werf-2.35.4/pkg/config/raw_image_from_dockerfile_test.go
--- old/werf-2.35.1/pkg/config/raw_image_from_dockerfile_test.go
2025-04-10 10:36:10.000000000 +0200
+++ new/werf-2.35.4/pkg/config/raw_image_from_dockerfile_test.go
2025-04-16 13:51:13.000000000 +0200
@@ -53,7 +53,7 @@
Name: "image1",
ContextAddFiles: []string{},
AddHost: []string{},
- Secrets: []string{},
+ Secrets: []Secret{},
cacheVersion: "docker-cache-version",
platform: []string{},
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/werf-2.35.1/pkg/config/raw_secrets.go
new/werf-2.35.4/pkg/config/raw_secrets.go
--- old/werf-2.35.1/pkg/config/raw_secrets.go 2025-04-10 10:36:10.000000000
+0200
+++ new/werf-2.35.4/pkg/config/raw_secrets.go 2025-04-16 13:51:13.000000000
+0200
@@ -59,6 +59,6 @@
case s.PlainValue != "":
return newSecretFromPlainValue(s)
default:
- return nil, newDetailedConfigError("secret should be defined as
`env`, `src` or `value`", s, s.parent.getDoc())
+ return Secret{}, newDetailedConfigError("secret should be
defined as `env`, `src` or `value`", s, s.parent.getDoc())
}
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/werf-2.35.1/pkg/config/secrets.go
new/werf-2.35.4/pkg/config/secrets.go
--- old/werf-2.35.1/pkg/config/secrets.go 2025-04-10 10:36:10.000000000
+0200
+++ new/werf-2.35.4/pkg/config/secrets.go 2025-04-16 13:51:13.000000000
+0200
@@ -2,135 +2,57 @@
import (
"fmt"
- "math"
- "math/rand/v2"
- "os"
"path/filepath"
- "github.com/werf/common-go/pkg/util"
- "github.com/werf/kubedog/pkg/utils"
"github.com/werf/werf/v2/pkg/giterminism_manager"
)
-type Secret interface {
- GetSecretStringArg() (string, error)
- GetSecretId() string
- InspectByGiterminism(giterminismManager giterminism_manager.Interface)
error
- GetMountPath(stageHostTmpDir string) (string, error)
+type Secret struct {
+ Id string
+ ValueFromEnv string
+ ValueFromSrc string
+ ValueFromPlain string
}
-type SecretFromEnv struct {
- Id string
- Value string
-}
-
-type SecretFromSrc struct {
- Id string
- Value string
-}
-
-type SecretFromPlainValue struct {
- Id string
- Value string
-}
-
-func newSecretFromEnv(s *rawSecret) (*SecretFromEnv, error) {
- if _, exists := os.LookupEnv(s.Env); !exists {
- return nil, fmt.Errorf("specified env variable `%s` doesn't
exist", s.Env)
- }
+func newSecretFromEnv(s *rawSecret) (Secret, error) {
if s.Id == "" {
s.Id = s.Env
}
- return &SecretFromEnv{
- Id: s.Id,
- Value: s.Env,
+ return Secret{
+ Id: s.Id,
+ ValueFromEnv: s.Env,
}, nil
}
-func newSecretFromSrc(s *rawSecret) (*SecretFromSrc, error) {
- absPath, err := util.ExpandPath(s.Src)
- if err != nil {
- return nil, fmt.Errorf("error load secret from src: %w", err)
- }
-
- if exists, _ := utils.FileExists(absPath); !exists {
- return nil, fmt.Errorf("error load secret from src: path %s
doesn't exist", absPath)
- }
-
+func newSecretFromSrc(s *rawSecret) (Secret, error) {
if s.Id == "" {
- s.Id = filepath.Base(absPath)
+ s.Id = filepath.Base(s.Src)
}
- return &SecretFromSrc{
- Id: s.Id,
- Value: absPath,
+ return Secret{
+ Id: s.Id,
+ ValueFromSrc: s.Src,
}, nil
}
-func newSecretFromPlainValue(s *rawSecret) (*SecretFromPlainValue, error) {
+func newSecretFromPlainValue(s *rawSecret) (Secret, error) {
if s.Id == "" {
- return nil, fmt.Errorf("type value should be used with id
parameter")
+ return Secret{}, fmt.Errorf("type value should be used with id
parameter")
}
- return &SecretFromPlainValue{
- Id: s.Id,
- Value: s.PlainValue,
+ return Secret{
+ Id: s.Id,
+ ValueFromPlain: s.PlainValue,
}, nil
}
-func (s *SecretFromEnv) GetSecretStringArg() (string, error) {
- return fmt.Sprintf("id=%s,env=%s", s.Id, s.Value), nil
-}
-
-func (s *SecretFromSrc) GetSecretStringArg() (string, error) {
- return fmt.Sprintf("id=%s,src=%s", s.Id, s.Value), nil
-}
-
-func (s *SecretFromPlainValue) GetSecretStringArg() (string, error) {
- secret, err := s.setPlainValueAsEnv()
- if err != nil {
- return "", err
- }
- return secret.GetSecretStringArg()
-}
-
-func (s *SecretFromPlainValue) setPlainValueAsEnv() (*SecretFromEnv, error) {
- envKey := fmt.Sprintf("tmpbuild%d_%s", rand.IntN(math.MaxInt32), s.Id)
// generate unique value
- if _, e := os.LookupEnv(envKey); e {
- return nil, fmt.Errorf("can't set secret %s: id is not unique",
s.Id) // should never be here
- }
-
- err := os.Setenv(envKey, s.Value)
- if err != nil {
- return nil, fmt.Errorf("can't set value")
+func inspectSecretByGiterminism(giterminismManager
giterminism_manager.Interface, secret Secret) error {
+ if secret.ValueFromEnv != "" {
+ return
giterminismManager.Inspector().InspectConfigSecretEnvAccepted(secret.ValueFromEnv)
+ } else if secret.ValueFromSrc != "" {
+ return
giterminismManager.Inspector().InspectConfigSecretSrcAccepted(secret.ValueFromSrc)
+ } else if secret.ValueFromPlain != "" {
+ return
giterminismManager.Inspector().InspectConfigSecretValueAccepted(secret.Id)
}
-
- return &SecretFromEnv{
- Id: s.Id,
- Value: envKey,
- }, nil
-}
-
-func (s *SecretFromEnv) GetSecretId() string {
- return s.Id
-}
-
-func (s *SecretFromSrc) GetSecretId() string {
- return s.Id
-}
-
-func (s *SecretFromPlainValue) GetSecretId() string {
- return s.Id
-}
-
-func (s *SecretFromEnv) InspectByGiterminism(giterminismManager
giterminism_manager.Interface) error {
- return
giterminismManager.Inspector().InspectConfigSecretEnvAccepted(s.Value)
-}
-
-func (s *SecretFromSrc) InspectByGiterminism(giterminismManager
giterminism_manager.Interface) error {
- return
giterminismManager.Inspector().InspectConfigSecretSrcAccepted(s.Value)
-}
-
-func (s *SecretFromPlainValue) InspectByGiterminism(giterminismManager
giterminism_manager.Interface) error {
- return
giterminismManager.Inspector().InspectConfigSecretValueAccepted(s.Id)
+ return nil
}
func GetValidatedSecrets(rawSecrets []*rawSecret, giterminismManager
giterminism_manager.Interface, doc *doc) ([]Secret, error) {
@@ -143,14 +65,14 @@
return nil, newDetailedConfigError(fmt.Sprintf("unable
to load build secrets: %s", err.Error()), s, s.parent.getDoc())
}
- secretId := secret.GetSecretId()
+ secretId := secret.Id
if _, ok := secretIds[secretId]; !ok {
secretIds[secretId] = struct{}{}
} else {
return nil,
newDetailedConfigError(fmt.Sprintf("duplicated secret %q", secretId), nil,
s.parent.getDoc())
}
- err = secret.InspectByGiterminism(giterminismManager)
+ err = inspectSecretByGiterminism(giterminismManager, secret)
if err != nil {
return nil, err
}
@@ -160,44 +82,3 @@
return secrets, nil
}
-
-func (s *SecretFromEnv) GetMountPath(stageHostTmpDir string) (string, error) {
- data := []byte(os.Getenv(s.Value))
- return getMountPath(s.Id, stageHostTmpDir, data)
-}
-
-func (s *SecretFromSrc) GetMountPath(stageHostTmpDir string) (string, error) {
- return generateMountPath(s.Id, s.Value), nil
-}
-
-func (s *SecretFromPlainValue) GetMountPath(stageHostTmpDir string) (string,
error) {
- return getMountPath(s.Id, stageHostTmpDir, []byte(s.Value))
-}
-
-func getMountPath(secretId, stageHostTmpDir string, data []byte) (string,
error) {
- tmpFile, err := writeToTmpFile(stageHostTmpDir, data)
- if err != nil {
- return "", fmt.Errorf("unable to mount secret: %w", err)
- }
- return generateMountPath(secretId, tmpFile), nil
-}
-
-func writeToTmpFile(stageHostTmpDir string, data []byte) (string, error) {
- tmpFile, err := os.CreateTemp(stageHostTmpDir, "stapel*")
- if err != nil {
- return "", err
- }
-
- tmpFilePath := tmpFile.Name()
-
- if err := os.WriteFile(tmpFilePath, data, 0o400); err != nil {
- return "", err
- }
-
- return tmpFilePath, nil
-}
-
-func generateMountPath(id, filepath string) string {
- containerPath := fmt.Sprintf("/run/secrets/%s", id)
- return fmt.Sprintf("%s:%s:ro", filepath, containerPath)
-}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/werf-2.35.1/pkg/giterminism_manager/config/config.go
new/werf-2.35.4/pkg/giterminism_manager/config/config.go
--- old/werf-2.35.1/pkg/giterminism_manager/config/config.go 2025-04-10
10:36:10.000000000 +0200
+++ new/werf-2.35.4/pkg/giterminism_manager/config/config.go 2025-04-16
13:51:13.000000000 +0200
@@ -235,7 +235,11 @@
}
func (s *secrets) IsAllowSecretsFileAccepted(path string) bool {
- return isAbsPathMatched(s.AllowFiles, path)
+ absPath, err := util.ExpandPath(path)
+ if err != nil {
+ return false
+ }
+ return isAbsPathMatched(s.AllowFiles, absPath)
}
func (s *secrets) IsValueIdAccepted(name string) bool {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/werf-2.35.1/test/e2e/build/_fixtures/simple/state1/Dockerfile
new/werf-2.35.4/test/e2e/build/_fixtures/simple/state1/Dockerfile
--- old/werf-2.35.1/test/e2e/build/_fixtures/simple/state1/Dockerfile
2025-04-10 10:36:10.000000000 +0200
+++ new/werf-2.35.4/test/e2e/build/_fixtures/simple/state1/Dockerfile
1970-01-01 01:00:00.000000000 +0100
@@ -1,17 +0,0 @@
-FROM ubuntu:22.04
-
-RUN --mount=type=secret,id=ENV_SECRET \
- [ "$(cat /run/secrets/ENV_SECRET)" = "WERF_BUILD_SECRET" ] || (echo "Env
does not match the expected value" && exit 1)
-
-RUN --mount=type=secret,id=file \
- grep -q "filecontent" /run/secrets/file || (echo "Src secret does not
contain the expected content" && exit 1)
-
-RUN --mount=type=secret,id=plainSecret \
- [ "$(cat /run/secrets/plainSecret)" = "plainSecretValue" ] || (echo
"PlainSecret does not match the expected value" && exit 1)
-
-RUN --mount=type=secret,id=secret_file_in_home \
- grep -q "secret" /run/secrets/secret_file_in_home || (echo "Src secret
does not contain the expected content" && exit 1)
-
-COPY file /file
-
-RUN touch /created-by-run
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/werf-2.35.1/test/e2e/build/_fixtures/simple/state1/file
new/werf-2.35.4/test/e2e/build/_fixtures/simple/state1/file
--- old/werf-2.35.1/test/e2e/build/_fixtures/simple/state1/file 2025-04-10
10:36:10.000000000 +0200
+++ new/werf-2.35.4/test/e2e/build/_fixtures/simple/state1/file 1970-01-01
01:00:00.000000000 +0100
@@ -1 +0,0 @@
-filecontent
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/werf-2.35.1/test/e2e/build/_fixtures/simple/state1/werf-giterminism.yaml
new/werf-2.35.4/test/e2e/build/_fixtures/simple/state1/werf-giterminism.yaml
---
old/werf-2.35.1/test/e2e/build/_fixtures/simple/state1/werf-giterminism.yaml
2025-04-10 10:36:10.000000000 +0200
+++
new/werf-2.35.4/test/e2e/build/_fixtures/simple/state1/werf-giterminism.yaml
1970-01-01 01:00:00.000000000 +0100
@@ -1,11 +0,0 @@
-giterminismConfigVersion: 1
-
-config:
- secrets:
- allowEnvVariables:
- - "ENV_SECRET"
- allowFiles:
- - "./file"
- - "~/secret_file_in_home"
- allowValueIds:
- - plainSecret
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/werf-2.35.1/test/e2e/build/_fixtures/simple/state1/werf.yaml
new/werf-2.35.4/test/e2e/build/_fixtures/simple/state1/werf.yaml
--- old/werf-2.35.1/test/e2e/build/_fixtures/simple/state1/werf.yaml
2025-04-10 10:36:10.000000000 +0200
+++ new/werf-2.35.4/test/e2e/build/_fixtures/simple/state1/werf.yaml
1970-01-01 01:00:00.000000000 +0100
@@ -1,32 +0,0 @@
-project: werf-test-e2e-build-simple
-configVersion: 1
-
----
-image: dockerfile
-dockerfile: Dockerfile
-secrets:
- - env: ENV_SECRET
- - src: "./file"
- - id: "plainSecret"
- value: "plainSecretValue"
- - src: "~/secret_file_in_home"
-
----
-image: stapel-shell
-from: ubuntu:22.04
-git:
- - add: /file
- to: /file
-secrets:
- - env: ENV_SECRET
- - src: "./file"
- - id: "plainSecret"
- value: "plainSecretValue"
- - src: "~/secret_file_in_home"
-shell:
- setup:
- - "touch /created-by-setup"
- - '[ "$(cat /run/secrets/ENV_SECRET)" = "WERF_BUILD_SECRET" ] || (echo
"Env does not match the expected value" && exit 1)'
- - 'grep -q "filecontent" /run/secrets/file || (echo "Src secret does not
contain the expected content" && exit 1)'
- - '[ "$(cat /run/secrets/plainSecret)" = "plainSecretValue" ] || (echo
"PlainSecret does not match the expected value" && exit 1)'
- - 'grep -q "secret" /run/secrets/secret_file_in_home || (echo "Src secret
does not contain the expected content" && exit 1)'
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/werf-2.35.1/test/e2e/build/simple_test.go
new/werf-2.35.4/test/e2e/build/simple_test.go
--- old/werf-2.35.1/test/e2e/build/simple_test.go 2025-04-10
10:36:10.000000000 +0200
+++ new/werf-2.35.4/test/e2e/build/simple_test.go 2025-04-16
13:51:13.000000000 +0200
@@ -1,8 +1,6 @@
package e2e_build_test
import (
- "fmt"
-
. "github.com/onsi/ginkgo/v2"
. "github.com/onsi/gomega"
@@ -26,28 +24,28 @@
Fail(err.Error())
}
- By(fmt.Sprintf("%s: starting", testOpts.State))
+ By("state0: starting")
{
repoDirname := "repo0"
- fixtureRelPath := fmt.Sprintf("simple/%s",
testOpts.State)
+ fixtureRelPath := "simple/state0"
buildReportName := "report0.json"
- By(fmt.Sprintf("%s: preparing test repo",
testOpts.State))
+ By("state0: preparing test repo")
SuiteData.InitTestRepo(repoDirname,
fixtureRelPath)
- By(fmt.Sprintf("%s: building images",
testOpts.State))
+ By("state0: building images")
werfProject :=
werf.NewProject(SuiteData.WerfBinPath, SuiteData.GetTestRepoPath(repoDirname))
buildOut, buildReport :=
werfProject.BuildWithReport(SuiteData.GetBuildReportPath(buildReportName), nil)
Expect(buildOut).To(ContainSubstring("Building
stage"))
Expect(buildOut).NotTo(ContainSubstring("Use
previously built image"))
- By(fmt.Sprintf("%s: rebuilding same images",
testOpts.State))
+ By("state0: rebuilding same images")
Expect(werfProject.Build(nil)).To(And(
ContainSubstring("Use previously built
image"),
Not(ContainSubstring("Building stage")),
))
- By(fmt.Sprintf(`%s: checking "dockerfile" image
content`, testOpts.State))
+ By(`state0: checking "dockerfile" image
content`)
contRuntime.ExpectCmdsToSucceed(
buildReport.Images["dockerfile"].DockerImageName,
"test -f /file",
@@ -56,7 +54,7 @@
"test -f /created-by-run",
)
- By(fmt.Sprintf(`%s: checking "stapel-shell"
image content`, testOpts.State))
+ By(`state0: checking "stapel-shell" image
content`)
contRuntime.ExpectCmdsToSucceed(
buildReport.Images["stapel-shell"].DockerImageName,
"test -f /file",
@@ -71,37 +69,31 @@
ContainerBackendMode: "vanilla-docker",
WithLocalRepo: false,
WithStagedDockerfileBuilder: false,
- State: "state0",
}}),
Entry("with local repo using Vanilla Docker",
simpleTestOptions{setupEnvOptions{
ContainerBackendMode: "vanilla-docker",
WithLocalRepo: true,
WithStagedDockerfileBuilder: false,
- State: "state0",
}}),
Entry("without repo using BuildKit Docker",
simpleTestOptions{setupEnvOptions{
ContainerBackendMode: "buildkit-docker",
WithLocalRepo: false,
WithStagedDockerfileBuilder: false,
- State: "state1",
}}),
Entry("with local repo using BuildKit Docker",
simpleTestOptions{setupEnvOptions{
ContainerBackendMode: "buildkit-docker",
WithLocalRepo: true,
WithStagedDockerfileBuilder: false,
- State: "state1",
}}),
Entry("with local repo using Native Buildah with rootless
isolation", simpleTestOptions{setupEnvOptions{
ContainerBackendMode: "native-rootless",
WithLocalRepo: true,
WithStagedDockerfileBuilder: false,
- State: "state0", //
TODO(iapershin): change after buildah version upgrade
}}),
Entry("with local repo using Native Buildah with chroot
isolation", simpleTestOptions{setupEnvOptions{
ContainerBackendMode: "native-chroot",
WithLocalRepo: true,
WithStagedDockerfileBuilder: false,
- State: "state1",
}}),
// TODO(ilya-lesikov): uncomment after Staged Dockerfile
builder finished
// // TODO(1.3): after Full Dockerfile Builder removed and
Staged Dockerfile Builder enabled by default this test no longer needed
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/werf-2.35.1/trdl_channels.yaml
new/werf-2.35.4/trdl_channels.yaml
--- old/werf-2.35.1/trdl_channels.yaml 2025-04-10 10:36:10.000000000 +0200
+++ new/werf-2.35.4/trdl_channels.yaml 2025-04-16 13:51:13.000000000 +0200
@@ -38,11 +38,11 @@
- name: "2"
channels:
- name: alpha
- version: 2.35.0
+ version: 2.35.1
- name: beta
- version: 2.35.0
+ version: 2.35.1
- name: ea
- version: 2.35.0
+ version: 2.35.1
- name: stable
version: 2.31.1
- name: rock-solid
++++++ werf.obsinfo ++++++
--- /var/tmp/diff_new_pack.FvlSIC/_old 2025-04-20 20:12:07.975589199 +0200
+++ /var/tmp/diff_new_pack.FvlSIC/_new 2025-04-20 20:12:07.975589199 +0200
@@ -1,5 +1,5 @@
name: werf
-version: 2.35.1
-mtime: 1744274170
-commit: efb923c6e24496f497418e529a06f72339f226cd
+version: 2.35.4
+mtime: 1744804273
+commit: a878391d9331ee5583e43fbd2ca96a6c5ed67182
