Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package werf for openSUSE:Factory checked in at 2026-06-25 10:52:35 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/werf (Old) and /work/SRC/openSUSE:Factory/.werf.new.2088 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "werf" Thu Jun 25 10:52:35 2026 rev:76 rq:1361519 version:2.71.0 Changes: -------- --- /work/SRC/openSUSE:Factory/werf/werf.changes 2026-06-10 16:18:03.418639014 +0200 +++ /work/SRC/openSUSE:Factory/.werf.new.2088/werf.changes 2026-06-25 10:57:44.786494039 +0200 @@ -1,0 +2,13 @@ +Wed Jun 24 05:13:07 UTC 2026 - Johannes Kastl <[email protected]> + +- Update to version 2.71.0: + * Features + - build: add commit to build report for images and stages + (#7566) (38be712) + * Bug Fixes + - build, stapel, import: importing into symlinked directories + no longer silently loses files (#7545) (9d1bb68) + - deploy: autodependencies between pods/controllers, + rolebindings and serviceaccounts (#7567) (f152352) + +------------------------------------------------------------------- Old: ---- werf-2.70.0.obscpio New: ---- werf-2.71.0.obscpio ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ werf.spec ++++++ --- /var/tmp/diff_new_pack.qvX7qx/_old 2026-06-25 10:57:45.534519857 +0200 +++ /var/tmp/diff_new_pack.qvX7qx/_new 2026-06-25 10:57:45.534519857 +0200 @@ -17,7 +17,7 @@ Name: werf -Version: 2.70.0 +Version: 2.71.0 Release: 0 Summary: CLI for the Werf CI/CD system License: Apache-2.0 ++++++ _service ++++++ --- /var/tmp/diff_new_pack.qvX7qx/_old 2026-06-25 10:57:45.566520963 +0200 +++ /var/tmp/diff_new_pack.qvX7qx/_new 2026-06-25 10:57:45.570521100 +0200 @@ -3,7 +3,7 @@ <param name="url">https://github.com/werf/werf.git</param> <param name="scm">git</param> <param name="exclude">.git</param> - <param name="revision">refs/tags/v2.70.0</param> + <param name="revision">refs/tags/v2.71.0</param> <param name="versionformat">@PARENT_TAG@</param> <param name="versionrewrite-pattern">v(.*)</param> <param name="changesgenerate">enable</param> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.qvX7qx/_old 2026-06-25 10:57:45.590521791 +0200 +++ /var/tmp/diff_new_pack.qvX7qx/_new 2026-06-25 10:57:45.594521929 +0200 @@ -3,6 +3,6 @@ <param name="url">https://github.com/werf/werf</param> <param name="changesrevision">508fb9aee29baca228674ba7a3d2d4fa1f5844d5</param></service><service name="tar_scm"> <param name="url">https://github.com/werf/werf.git</param> - <param name="changesrevision">a4da61a6251bdbd4a6a131c61c65193c8121329f</param></service></servicedata> + <param name="changesrevision">bd0e4ae194c1caf651f770c022e7a5a528f64213</param></service></servicedata> (No newline at EOF) ++++++ vendor.tar.gz ++++++ /work/SRC/openSUSE:Factory/werf/vendor.tar.gz /work/SRC/openSUSE:Factory/.werf.new.2088/vendor.tar.gz differ: char 13, line 1 ++++++ werf-2.70.0.obscpio -> werf-2.71.0.obscpio ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/werf-2.70.0/.agents/skills/review-multi/SKILL.md new/werf-2.71.0/.agents/skills/review-multi/SKILL.md --- old/werf-2.70.0/.agents/skills/review-multi/SKILL.md 1970-01-01 01:00:00.000000000 +0100 +++ new/werf-2.71.0/.agents/skills/review-multi/SKILL.md 2026-06-10 12:07:16.000000000 +0200 @@ -0,0 +1,103 @@ +--- +name: review-multi +description: Multi-role code review. Orchestrates technical, product, and risk analysis roles into a single consolidated report. Use when asked to do a full review of a pull request, branch, or code changes. +--- + +# Multi-Role Code Review + +> **Role:** I act as world-famous Software Engineering Lead PhD Multi-Agent Code Review Orchestration with AgentSkills Certified Architect. +> +> **Criticality:** My orchestration is evidence-based and brutally honest. Every finding is grounded in the diff and codebase. I never sugarcoat incomplete or weak work. + +### Self-Reflection (internal use only) + +1. Define a 5-7 category rubric covering: DoD completeness, phase handoff quality, evidence depth, risk coverage, report clarity. +2. Iterate until every rubric category scores top marks. +3. Output only the final report and instructions — never the rubric. + +### Answering Rules + +1. Communicate in user's language. Headers in English. +2. Every claim references a specific file:line, function, or component. +3. Be concrete and specific — no vague statements. +4. NEVER sugarcoat. Deliver honest, fact-based critiques even when the work is weak or flawed. +5. First message opens with the full role declaration above. + +Orchestrate a multi-role review. Two roles run in parallel, then the third consumes both outputs: **(Technical Reviewer ∥ Product Reviewer)** → **Risk Analyst**. Do NOT skip or reorder phases. + +## Instructions + +1. **DoD first.** Ask user for numbered acceptance criteria. Block until received. Nothing proceeds without DoD. Record the criteria — they will be passed inline to every sub-skill. +2. **Get branch name:** `git rev-parse --abbrev-ref HEAD` → `$BRANCH`. Create safe directory name: `$SAFE_BRANCH=$(echo "$BRANCH" | sed 's|/|-|g')`. Create directory `reviews/$SAFE_BRANCH/`. +3. **Save diff to file:** `git --no-pager diff main...HEAD > reviews/$SAFE_BRANCH/pr_diff.txt` — read via `read_file` with `start_line`/`end_line`. Avoids terminal truncation. +4. **Diff analysis:** Identify modified files, change types (feature/fix/refactor/docs), patterns, concerns. +5. **Deep analysis:** Read changed files and their consumers. Examine key functions and their callers in the codebase. +6. **Read diff for sub-skills:** Use `read_file(path="reviews/$SAFE_BRANCH/pr_diff.txt")` to get the full diff content. It will be passed inline to every sub-skill. +7. **Phase 1a — Technical Reviewer (parallel).** Activate **review-tech**. Provide: the full diff content inline, the DoD criteria inline, analysis. + → **Output of Phase 1a:** best practices table + DoD tech checklist + issues found. +8. **Phase 1b — Product Reviewer (parallel with 1a).** Activate **review-product**. Provide: the full diff content inline, the DoD criteria inline, analysis. + → **Output of Phase 1b:** DoD product checklist + product impact assessment + gaps. + → **Wait for BOTH Phase 1a and Phase 1b to complete before proceeding.** +9. **Phase 2 — Risk Analyst.** Activate **review-risk**. Provide: the full diff content inline, the DoD criteria inline, analysis, AND full outputs from Phase 1a + Phase 1b. + → **Output of Phase 2:** risk analysis table with numbered rows. +10. **Phase 3 — Final report.** Assemble combined report (format below). Save to `reviews/$SAFE_BRANCH/REPORT.md`. + +## Output Format + +```markdown +# Multi-Role Code Review Report + +**Branch:** `$BRANCH` +**Diff:** [X files, +/-Y/Z lines] + +## DoD Criteria +1. ... +2. ... +3. ... + +--- + +## Expert Opinions + +*Read these first. If all are positive ✅, details below are optional.* + +- Technical Reviewer: [2-3 sentences, user's language] +- Product Reviewer: [2-3 sentences, user's language] +- Risk Analyst: [2-3 sentences, user's language] + +## Risk Analysis Table +| № | Risk | Type | Probability | Severity | Location | Circumstances | Consequences | +| :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | + +## Risk Treatment Recommendations +| Risk № | Severity | Role | Strategy | Recommendation | Justification | +| :--- | :--- | :--- | :--- | :--- | :--- | +``` + +### Guidance for Risk Treatment Recommendations + +- **Risk №** — references the row number from the Risk Analysis Table (`#1`, `#2`, ...). +- **Role** — one of: `Technical Specialist`, `Product Manager`, `Risk Manager`. +- **Strategy** — one of: `Avoid`, `Mitigate`, `Transfer`, `Accept`, `Monitor`, `Escalate`, `Contain`. +- **Recommendation** — concrete action with file:line references. Format: `As {Role} for risk «{Risk Name}» I recommend {recommendation}`. +- **Justification** — why this strategy was chosen for this risk. +- A single risk may have multiple recommendations from different roles. + +## Techniques + +- **spawn_agent for large changes (10+ files):** Split deep analysis into independent groups. Example: Agent A = new files, Agent B = storage/cleaning changes, Agent C = build pipeline changes. Synthesize after all complete. + +## Gotchas + +- werf uses [werf/nelm](https://github.com/werf/nelm) — evaluate against nelm patterns, not generic Helm. +- Content-based tagging — tag logic affects cache invalidation and registry cleanup. +- Registry cleanup — changes can cause data loss. Users rely on dry-run modes. +- All build/test: `task build`, `task test:unit`, etc. Never raw Go tools. +- werf is a CLI tool — CLI UX, error messages, help text are part of the product. + +## Language Rules + +- Communicate in user's language. +- Report headers in English. +- Circumstances/Consequences columns in user's language. +- Risk Treatment Recommendations: Risk№ and Strategy in English; Recommendation and Justification in user's language. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/werf-2.70.0/.agents/skills/review-product/SKILL.md new/werf-2.71.0/.agents/skills/review-product/SKILL.md --- old/werf-2.70.0/.agents/skills/review-product/SKILL.md 1970-01-01 01:00:00.000000000 +0100 +++ new/werf-2.71.0/.agents/skills/review-product/SKILL.md 2026-06-10 12:07:16.000000000 +0200 @@ -0,0 +1,67 @@ +--- +name: review-product +description: Product review for changes. Assesses DoD alignment, user impact, completeness, and consistency with werf/nelm product behavior. Use alongside technical review for a full picture. +--- + +# Product Review + +> **Role:** I act as world-famous Product Manager PhD Developer Tools & CI/CD Platforms with AgentSkills Certified Product Reviewer. +> +> **Criticality:** My review is user-centered and brutally honest. I evaluate product alignment, not code quality. I never sugarcoat. + +### Self-Reflection (internal use only) + +1. Define a 5-7 category rubric covering: DoD product alignment, user impact, completeness, consistency, documentation. +2. Iterate until every category scores top marks. +3. Output only the final evaluation — never the rubric. + +### Answering Rules + +1. Communicate in user's language. Headers in English. +2. Every claim references specific diff evidence or user-facing behavior. +3. Be concrete — no vague statements. +4. NEVER sugarcoat. Deliver honest, fact-based critiques. +5. First message opens with the full role declaration above. +6. The full diff is provided to you inline. Do NOT run `git diff` yourself. + +Assess whether code changes fulfill product requirements from a user and product perspective. + +## Instructions + +1. **Assess product context:** Are changes aligned with werf/nelm CLI conventions, user workflows, and existing behavior? Note any product inconsistencies. +2. **Check DoD alignment** — verify each numbered criterion from the DoD against the diff and Technical Reviewer's findings. State whether met, with concrete evidence. +3. **Evaluate user impact** — CLI UX, error messages, breaking changes, flag names, defaults, output formatting. +4. **Check completeness** — edge cases handled (dry-run, force, conflicting flags, empty states). +5. **Check consistency** — matches existing werf CLI conventions and nelm behavior. +6. **Check documentation** — changelog, help text, or docs updated. +7. **Stay in your lane.** Evaluate WHAT the change does for the user. Do NOT assess code quality or architecture — that is the Technical Reviewer's role. + +## Gotchas + +- werf is a **CLI tool** — CLI UX, error messages, help text are part of the product. +- **nelm** is an engine, not a standalone tool — changes to nelm affect all werf deployments. +- Registry cleanup is destructive — users rely on dry-run modes. +- Content-based tagging — users depend on predictable tag behavior for rollback and caching. + +## Output Format + +### Product Review Summary + +[2-3 sentences, user's language] + +### DoD Criteria Assessment + +| Criteria | Met? | Evidence | +| :--- | :--- | :--- | +| [Criterion] | ✅/⚠️/❌ | specific evidence from diff | + +### Product Impact + +- **Positive** — what works well +- **Concerns** — user confusion or friction +- **Gaps** — missing functionality or edge cases + +## Constraints + +- Content in user's language. Headers in English. +- Do NOT evaluate code quality — that is the tech reviewer's role. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/werf-2.70.0/.agents/skills/review-risk/SKILL.md new/werf-2.71.0/.agents/skills/review-risk/SKILL.md --- old/werf-2.70.0/.agents/skills/review-risk/SKILL.md 1970-01-01 01:00:00.000000000 +0100 +++ new/werf-2.71.0/.agents/skills/review-risk/SKILL.md 2026-06-10 12:07:16.000000000 +0200 @@ -0,0 +1,73 @@ +--- +name: review-risk +description: Risk analysis for changes. Identifies technical, security, UX, and operational risks based on technical and product review outputs. Produces a risk analysis table. +--- + +# Risk Analysis + +> **Role:** I act as world-famous Risk Analyst PhD Cloud Infrastructure & DevOps Systems with AgentSkills Certified Risk Analyst. +> +> **Criticality:** My analysis is evidence-based, severity-calibrated, and brutally honest. Every risk is grounded in findings from the technical and product reviews. I never inflate or sugarcoat. + +### Self-Reflection (internal use only) + +1. Define a 5-7 category rubric covering: evidence grounding, risk coverage (tech/security/UX/operational), probability & severity calibration, location precision, consequence clarity. +2. Iterate until every category scores top marks. +3. Output only the risk table — never the rubric. + +### Answering Rules + +1. Communicate in user's language. Circumstances/Consequences columns in user's language. Headers in English. +2. Every risk must have a specific file:line or component location. +3. Be realistic about probability and severity — do not inflate. +4. NEVER sugarcoat. Base risks only on evidence. +5. First message opens with the full role declaration above. +6. The full diff is provided to you inline. Do NOT run `git diff` yourself. + +Identify and assess risks based on the technical review, product review, and the actual diff. The output is a single table. No prose summary. + +**Risk analysis runs AFTER technical and product reviews are complete.** Both must have produced their findings before this role activates. + +## Instructions + +1. **Synthesize risks from both reviews** — combine Technical Reviewer findings and Product Reviewer findings. Cross-reference to identify compound risks (e.g. a technical flaw that causes a product gap, or a product gap that creates operational risk). +2. **Identify risks** from: engineering principles, Technical Reviewer findings, Product Reviewer findings, and the diff. Cover all types: technical, security, UX/Product, operational. +3. **Assign probability:** 0.0 to 1.0. Be realistic — do not inflate. +4. **Assign severity:** Critical / High / Medium / Low. Be realistic — do not inflate. +5. **Pin exact location:** file:line or component name. Every risk must have one. +6. **Describe circumstances** (user's language) — when does this risk manifest? +7. **Describe consequences** (user's language) — what is the impact on system, user, or process? +8. **Sort the table** — Critical severity first, then High, then Medium, then Low. Within same severity level, sort by probability descending (highest first). +9. **Output ONLY the table.** No prose summary before or after. +10. **Base risks ONLY on evidence.** Diff, codebase analysis, and findings from tech + product reviews. No hypothetical scenarios without supporting evidence. + +## Risk Types + +| Type | Covers | +| :--- | :--- | +| Technical | Architecture, performance, maintainability, testability | +| Security | Vulnerabilities, privilege escalation, data exposure | +| UX/Product | User confusion, incomplete features, breaking changes | +| Operational | Deployment issues, monitoring gaps, failure modes | + +## Gotchas + +- Registry cleanup risks → **Operational** type (data loss is consequence). +- Changes to nelm → **UX/Product** type (affects all deployments). +- Missing observability → **Technical** type (hard to debug in production). +- Table is the **final output**. Do NOT add prose after it. +- Every risk MUST have a specific file:line location. + +## Output Format + +### Risk Analysis Table + +| № | Risk | Type | Probability | Severity | Location | Circumstances | Consequences | +| :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | +| ... | ... | Technical/UX/Security/Operational | 0.0-1.0 | Critical/High/Medium/Low | file:line or component | (User Language) | (User Language) | + +## Constraints + +- Headers in English. Circumstances/Consequences in user's language. +- Every risk must have a specific location. +- NO textual summary after the table. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/werf-2.70.0/.agents/skills/review-tech/SKILL.md new/werf-2.71.0/.agents/skills/review-tech/SKILL.md --- old/werf-2.70.0/.agents/skills/review-tech/SKILL.md 1970-01-01 01:00:00.000000000 +0100 +++ new/werf-2.71.0/.agents/skills/review-tech/SKILL.md 2026-06-10 12:07:16.000000000 +0200 @@ -0,0 +1,87 @@ +--- +name: review-tech +description: Technical code review for changes. Evaluates Go, werf, Docker, Container Registry, and nelm code against SOLID/DRY/KISS principles and project conventions. Use when asked to review pull requests, branches, or code changes. +--- + +# Technical Review + +> **Role:** I act as world-famous Software Architect PhD Go Infrastructure & Cloud-Native Systems with AgentSkills Certified Technical Reviewer. +> +> **Criticality:** My review is technically rigorous and brutally honest. I evaluate code against engineering principles and project conventions. I never sugarcoat. + +### Self-Reflection (internal use only) + +1. Define a 5-7 category rubric covering: technology context, code quality (SOLID/DRY/KISS), security, observability, testability, DoD alignment. +2. Iterate until every category scores top marks. +3. Output only the final evaluation — never the rubric. + +### Answering Rules + +1. Communicate in user's language. Headers in English. +2. Every finding references a specific file:line. +3. Be concrete — no vague generalizations. +4. NEVER sugarcoat. Deliver honest, fact-based critiques. +5. First message opens with the full role declaration above. +6. The full diff is provided to you inline. Do NOT run `git diff` yourself. + +Review code changes for quality, architecture, and best practices. + +## Instructions + +1. **Assess technology context:** Are changes consistent with werf (nelm), Docker, and Container Registry patterns used in the project? Note any deviations. +2. **Evaluate code quality and architecture** against the table below. Every finding MUST reference a specific file:line. +3. **Assess DoD criteria** — check each numbered criterion from the DoD. State whether met, with evidence. +4. **Produce output in the format below.** No prose summary. No sugarcoating. +5. **Stay in your lane.** Evaluate code structure and correctness only. Do NOT assess user impact, product gaps, or UX — that is the Product Reviewer's role. + +## Evaluation Table + +| Principle | What to check | +| :--- | :--- | +| SOLID | SRP per type, OCP for extensibility, ISP for interface size. | +| DRY | Duplicated logic, config, or error handling. | +| KISS/YAGNI | Unnecessary abstraction, generics, or interfaces. | +| Security | Least privilege, input validation, secret handling, container security. | +| Observability | Logs/metrics for critical paths (deploy, registry ops). | +| Testability | Can the change be validated without integration setup? | + +## Gotchas + +- Built on **werf** ([nelm](https://github.com/werf/nelm)) — evaluate against nelm patterns, not generic Helm. +- **Content-based tagging** — tag logic affects cache invalidation and registry cleanup. +- **Registry cleanup** — changes can cause data loss if wrong. +- All build/test: `task` commands. Never raw Go tools. + +## Output Format + +### Technical Review Summary + +[2-3 sentences, user's language] + +### Adherence to Best Practices + +| Practice | Status | Comments | +| :--- | :--- | :--- | +| SOLID | ✅/⚠️/❌ | file:line — one-liner | +| DRY | ✅/⚠️/❌ | ... | +| KISS/YAGNI | ✅/⚠️/❌ | ... | +| Security | ✅/⚠️/❌ | ... | +| Observability | ✅/⚠️/❌ | ... | +| Testability | ✅/⚠️/❌ | ... | + +### DoD Criteria Assessment + +| Criteria | Met? | Comments | +| :--- | :--- | :--- | +| [Criterion] | ✅/⚠️/❌ | file:line reference | + +### Issues Found + +- **Critical** — blocking, with file:line +- **Major** — significant concern +- **Minor** — suggestion + +## Constraints + +- Issue descriptions in user's language. Headers in English. +- No obvious comments. Reference specific lines only. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/werf-2.70.0/CHANGELOG.md new/werf-2.71.0/CHANGELOG.md --- old/werf-2.70.0/CHANGELOG.md 2026-05-27 21:29:15.000000000 +0200 +++ new/werf-2.71.0/CHANGELOG.md 2026-06-10 12:07:16.000000000 +0200 @@ -1,5 +1,18 @@ # Changelog +## [2.71.0](https://github.com/werf/werf/compare/v2.70.0...v2.71.0) (2026-06-09) + + +### Features + +* **build:** add commit to build report for images and stages ([#7566](https://github.com/werf/werf/issues/7566)) ([38be712](https://github.com/werf/werf/commit/38be712c95347a247e0ed022f4b624df0bfd3857)) + + +### Bug Fixes + +* **build, stapel, import:** importing into symlinked directories no longer silently loses files ([#7545](https://github.com/werf/werf/issues/7545)) ([9d1bb68](https://github.com/werf/werf/commit/9d1bb68caae3f55f4b4d3de419eb44653661b47a)) +* **deploy:** autodependencies between pods/controllers, rolebindings and serviceaccounts ([#7567](https://github.com/werf/werf/issues/7567)) ([f152352](https://github.com/werf/werf/commit/f1523529a7ff3e7e40515dcd1c3e06c10dac13bd)) + ## [2.70.0](https://github.com/werf/werf/compare/v2.69.1...v2.70.0) (2026-05-27) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/werf-2.70.0/docs/.helm/templates/20-ingress.yaml new/werf-2.71.0/docs/.helm/templates/20-ingress.yaml --- old/werf-2.70.0/docs/.helm/templates/20-ingress.yaml 2026-05-27 21:29:15.000000000 +0200 +++ new/werf-2.71.0/docs/.helm/templates/20-ingress.yaml 2026-06-10 12:07:16.000000000 +0200 @@ -21,7 +21,6 @@ {{- if hasPrefix "review" $.Values.werf.env }} {{- $host = printf "%s.%s" $.Values.werf.env (pluck "dev" $.Values.host | first | default $.Values.host._default ) | lower }} {{- end }} -{{- $targetCluster := include "targetCluster" $ }} {{- $ruHost := printf "ru.%s" $host }} {{- if eq $.Values.werf.env "production" }} --- @@ -40,16 +39,12 @@ ingressClassName: {{ include "ingressClassName" $ }} tls: - hosts: -{{- if eq $targetCluster "eu" }} + - {{ $ruHost }} - {{ $host }} - www.{{ $host }} -{{- else }} - - {{ $ruHost }} -{{- end }} - secretName: tls-{{ $host }} + secretName: tls-werf-io rules: -{{- if eq $targetCluster "eu" }} - - host: {{ $host }} + - host: {{ $ruHost }} http: paths: - path: /docs/{{ $versionURLNormalized }}/ @@ -66,8 +61,7 @@ name: {{ $.Chart.Name }}-{{ $versionDNSNormalized }} port: name: http -{{- else }} - - host: {{ $ruHost }} + - host: {{ $host }} http: paths: - path: /docs/{{ $versionURLNormalized }}/ @@ -84,7 +78,6 @@ name: {{ $.Chart.Name }}-{{ $versionDNSNormalized }} port: name: http -{{- end }} {{- else }} --- @@ -107,7 +100,7 @@ - hosts: - {{ $host }} {{- if eq $.Values.werf.env "production" }} - secretName: tls-{{ $host }} + secretName: tls-werf-io {{- else }} secretName: {{ pluck $.Values.werf.env $.Values.ingressSecretName | first | default $.Values.ingressSecretName._default }} {{- end }} @@ -155,7 +148,7 @@ - ru-{{ $host }} {{- end }} {{- if eq $.Values.werf.env "production" }} - secretName: tls-{{ $host }} + secretName: tls-werf-io {{- else }} secretName: {{ pluck $.Values.werf.env $.Values.ingressSecretName | first | default $.Values.ingressSecretName._default }} {{- end }} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/werf-2.70.0/docs/pages_en/usage/build/process.md new/werf-2.71.0/docs/pages_en/usage/build/process.md --- old/werf-2.70.0/docs/pages_en/usage/build/process.md 2026-05-27 21:29:15.000000000 +0200 +++ new/werf-2.71.0/docs/pages_en/usage/build/process.md 2026-06-10 12:07:16.000000000 +0200 @@ -591,6 +591,7 @@ * Whether the image was rebuilt (`Rebuilt`) * Whether the image is [final or intermediate]({{ "/usage/build/images.html#using-intermediate-and-final-images" | true_relative_url }}) (`Final`). Final images are available in Helm chart values, can be tagged with custom tags, published to the final repository, and exported. Intermediate images (`final: false`) are used only as build dependencies * Image size in bytes (`Size`) and build time in seconds (`BuildTime`) + * Git commit the image was built on (`Commit`) * Build stages (`Stages`) with details: * Stage name (`Name`) * Tags (`DockerImageName`, `DockerTag`, `DockerImageID`, `DockerImageDigest`) @@ -599,7 +600,8 @@ * Source of the base image (`SourceType`: `local`, `secondary`, `cache-repo`, `registry`) * Whether the base image was pulled (`BaseImagePulled`) * Whether the stage was rebuilt (`Rebuilt`) - * Stage build time in seconds (`BuildTime`). + * Stage build time in seconds (`BuildTime`) + * Git commit the stage was built on (`Commit`). * **ImagesByPlatform** — per-platform breakdown for multiarch builds. This field is populated only when the `WERF_ENABLE_REPORT_BY_PLATFORM=1` environment variable is set. The record structure is the same as in `Images`, but the data is grouped by image name and platform. @@ -624,6 +626,7 @@ "Final": true, "Size": 20960980, "BuildTime": "0.00", + "Commit": "9d1bb68ca2f4e8b0e2b6e5f5a3c7d1e4f2a0b3c9", "Stages": [ { "Name": "from", @@ -636,7 +639,8 @@ "SourceType": "", "BaseImagePulled": false, "Rebuilt": false, - "BuildTime": "0.00" + "BuildTime": "0.00", + "Commit": "a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2" }, { "Name": "install", @@ -649,7 +653,8 @@ "SourceType": "", "BaseImagePulled": false, "Rebuilt": false, - "BuildTime": "0.00" + "BuildTime": "0.00", + "Commit": "9d1bb68ca2f4e8b0e2b6e5f5a3c7d1e4f2a0b3c9" } ] } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/werf-2.70.0/docs/pages_ru/usage/build/process.md new/werf-2.71.0/docs/pages_ru/usage/build/process.md --- old/werf-2.70.0/docs/pages_ru/usage/build/process.md 2026-05-27 21:29:15.000000000 +0200 +++ new/werf-2.71.0/docs/pages_ru/usage/build/process.md 2026-06-10 12:07:16.000000000 +0200 @@ -591,6 +591,7 @@ * Был ли образ пересобран (`Rebuilt`) * Является ли образ [конечным или промежуточным]({{ "/usage/build/images.html#использование-промежуточных-и-конечных-образов" | true_relative_url }}) (`Final`). Конечные образы доступны в values Helm-чарта, могут быть помечены произвольными тегами, опубликованы в финальный репозиторий и экспортированы. Промежуточные образы (`final: false`) используются только как зависимости сборки * Размер образа в байтах (`Size`) и время сборки в секундах (`BuildTime`) + * Git-коммит, на котором был собран образ (`Commit`) * Стадии сборки (`Stages`) с деталями: * Имя стадии (`Name`) * Теги (`DockerImageName`, `DockerTag`, `DockerImageID`, `DockerImageDigest`) @@ -599,7 +600,8 @@ * Источник базового образа (`SourceType`: `local`, `secondary`, `cache-repo`, `registry`) * Был ли загружен базовый образ (`BaseImagePulled`) * Была ли стадия пересобрана (`Rebuilt`) - * Время сборки стадии в секундах (`BuildTime`). + * Время сборки стадии в секундах (`BuildTime`) + * Git-коммит, на котором была собрана стадия (`Commit`). * **ImagesByPlatform** — разрез по платформам для multiarch-сборок. Поле включается только если установлена переменная окружения `WERF_ENABLE_REPORT_BY_PLATFORM=1`. Структура записей та же, что и у `Images`, но данные сгруппированы по имени образа и платформе. @@ -624,6 +626,7 @@ "Final": true, "Size": 20960980, "BuildTime": "0.00", + "Commit": "9d1bb68ca2f4e8b0e2b6e5f5a3c7d1e4f2a0b3c9", "Stages": [ { "Name": "from", @@ -636,7 +639,8 @@ "SourceType": "", "BaseImagePulled": false, "Rebuilt": false, - "BuildTime": "0.00" + "BuildTime": "0.00", + "Commit": "a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2" }, { "Name": "install", @@ -649,7 +653,8 @@ "SourceType": "", "BaseImagePulled": false, "Rebuilt": false, - "BuildTime": "0.00" + "BuildTime": "0.00", + "Commit": "9d1bb68ca2f4e8b0e2b6e5f5a3c7d1e4f2a0b3c9" } ] } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/werf-2.70.0/go.mod new/werf-2.71.0/go.mod --- old/werf-2.70.0/go.mod 2026-05-27 21:29:15.000000000 +0200 +++ new/werf-2.71.0/go.mod 2026-06-10 12:07:16.000000000 +0200 @@ -40,6 +40,7 @@ github.com/gosuri/uitable v0.0.4 github.com/goware/urlx v0.3.2 github.com/hofstadter-io/cinful v1.0.0 + github.com/joho/godotenv v1.5.1 github.com/mitchellh/copystructure v1.2.0 github.com/moby/buildkit v0.13.1 github.com/moby/patternmatcher v0.6.0 @@ -59,12 +60,12 @@ github.com/spf13/pflag v1.0.5 github.com/werf/3p-helm-for-werf-helm v0.0.0-20241217155820-089f92cd5c9d github.com/werf/common-go v0.0.0-20260414103517-0558f83edc6d - github.com/werf/copy-recurse v0.2.7 + github.com/werf/copy-recurse v0.2.8 github.com/werf/kubedog v0.13.1-0.20260212122756-5d3f8c0f1827 github.com/werf/kubedog-for-werf-helm v0.0.0-20241217155728-9d45c48b82b6 github.com/werf/lockgate v0.1.1 github.com/werf/logboek v0.6.1 - github.com/werf/nelm v1.24.1 + github.com/werf/nelm v1.24.3 github.com/werf/nelm-for-werf-helm v0.0.0-20241217155925-b0e6734d1dbf go.opentelemetry.io/otel v1.24.0 go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.24.0 @@ -108,7 +109,6 @@ github.com/gosimple/unidecode v1.0.1 // indirect github.com/hashicorp/go-multierror v1.1.1 // indirect github.com/hashicorp/go-retryablehttp v0.7.7 // indirect - github.com/joho/godotenv v1.5.1 // indirect github.com/klauspost/cpuid/v2 v2.2.7 // indirect github.com/mattn/go-zglob v0.0.6 // indirect github.com/mitchellh/hashstructure/v2 v2.0.2 // indirect diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/werf-2.70.0/go.sum new/werf-2.71.0/go.sum --- old/werf-2.70.0/go.sum 2026-05-27 21:29:15.000000000 +0200 +++ new/werf-2.71.0/go.sum 2026-06-10 12:07:16.000000000 +0200 @@ -1408,6 +1408,8 @@ github.com/werf/common-go v0.0.0-20260414103517-0558f83edc6d/go.mod h1:MXS0JR9zut+oR9oEM8PEkdXXoEbKDILTmWopt0z1eZs= github.com/werf/copy-recurse v0.2.7 h1:3FTOarbJ9uhFLi75oeUCioK9zxZwuV7o28kuUBPDZPM= github.com/werf/copy-recurse v0.2.7/go.mod h1:6Ypb+qN+hRBJgoCgEkX1vpbqcQ+8q69BQ3hi8s8Y6Qc= +github.com/werf/copy-recurse v0.2.8 h1:8IeAx0dGDzvVVaxci7SdVUhOjlkhgDcOVJfxQkxBhUU= +github.com/werf/copy-recurse v0.2.8/go.mod h1:6Ypb+qN+hRBJgoCgEkX1vpbqcQ+8q69BQ3hi8s8Y6Qc= github.com/werf/kubedog v0.13.1-0.20260212122756-5d3f8c0f1827 h1:Q7AHClg/aFCm+VrOCpTqahPb5QnhE9rr+aQUt3a7Yhs= github.com/werf/kubedog v0.13.1-0.20260212122756-5d3f8c0f1827/go.mod h1:gu4EY4hxtiYVDy5o6WE2lRZS0YWqrOV0HS//GTYyrUE= github.com/werf/kubedog-for-werf-helm v0.0.0-20241217155728-9d45c48b82b6 h1:lpgQPTCp+wNJfTqJWtR6A5gRA4e4m/eRJFV7V18XCoA= @@ -1416,8 +1418,8 @@ github.com/werf/lockgate v0.1.1/go.mod h1:0yIFSLq9ausy6ejNxF5uUBf/Ib6daMAfXuCaTMZJzIE= github.com/werf/logboek v0.6.1 h1:oEe6FkmlKg0z0n80oZjLplj6sXcBeLleCkjfOOZEL2g= github.com/werf/logboek v0.6.1/go.mod h1:Gez5J4bxekyr6MxTmIJyId1F61rpO+0/V4vjCIEIZmk= -github.com/werf/nelm v1.24.1 h1:Bq0hiBU4MghCNMDMSsdENDWuXRGWl45rxx4z3fGuGo4= -github.com/werf/nelm v1.24.1/go.mod h1:Gy6XJ42rwJVA+UyB6ka9/DVFPzm+lh7lmcjLAZECdIs= +github.com/werf/nelm v1.24.3 h1:KX5uk0rHymdOW6T3Nxrl2nuR1mI4c7FAsSQkI03ckIk= +github.com/werf/nelm v1.24.3/go.mod h1:Gy6XJ42rwJVA+UyB6ka9/DVFPzm+lh7lmcjLAZECdIs= github.com/werf/nelm-for-werf-helm v0.0.0-20241217155925-b0e6734d1dbf h1:K51qz209c1yJgKzPw8AeS72T21F/ACp0VI3RJvT4THA= github.com/werf/nelm-for-werf-helm v0.0.0-20241217155925-b0e6734d1dbf/go.mod h1:7RJXSGPKKPEvfPqrTwNA8jT7y52O0ebwhSbSn29ESMA= github.com/xanzy/go-gitlab v0.31.0/go.mod h1:sPLojNBn68fMUWSxIJtdVVIP8uSBYqesTfDUseX11Ug= diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/werf-2.70.0/pkg/build/build_report.go new/werf-2.71.0/pkg/build/build_report.go --- old/werf-2.70.0/pkg/build/build_report.go 2026-05-27 21:29:15.000000000 +0200 +++ new/werf-2.71.0/pkg/build/build_report.go 2026-06-10 12:07:16.000000000 +0200 @@ -52,6 +52,7 @@ Final bool Size int64 BuildTime string + Commit string Stages []ReportStageRecord } @@ -67,6 +68,7 @@ BaseImagePulled bool Rebuilt bool BuildTime string + Commit string } type ImagesReport struct { @@ -233,6 +235,7 @@ Final: img.IsFinal, Size: stageDesc.Info.Size, BuildTime: fmt.Sprintf("%.2f", img.BuildDuration.Seconds()), + Commit: stageDesc.Info.Labels[imagePkg.WerfProjectRepoCommitLabel], Stages: stages, ConfigType: configType, } @@ -283,6 +286,7 @@ Final: img.IsFinal, Size: stageDesc.Info.Size, BuildTime: fmt.Sprintf("%.2f", buildDuration), + Commit: stageDesc.Info.Labels[imagePkg.WerfProjectRepoCommitLabel], Stages: stages, } phase.ImagesReport.SetImageRecord(img.Name, record) @@ -355,6 +359,7 @@ BaseImagePulled: stgMeta.BaseImagePulled, Rebuilt: stgMeta.Rebuilt, BuildTime: fmt.Sprintf("%.2f", img.GetStageDuration(stg.Name()).Seconds()), + Commit: stgDesc.Info.Labels[imagePkg.WerfProjectRepoCommitLabel], } stagesRecords = append(stagesRecords, record) } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/werf-2.70.0/pkg/build/import_server/rsync_server.go new/werf-2.71.0/pkg/build/import_server/rsync_server.go --- old/werf-2.70.0/pkg/build/import_server/rsync_server.go 2026-05-27 21:29:15.000000000 +0200 +++ new/werf-2.71.0/pkg/build/import_server/rsync_server.go 2026-06-10 12:07:16.000000000 +0200 @@ -150,7 +150,7 @@ if importConfig.Owner != "" || importConfig.Group != "" { rsyncChownOption = fmt.Sprintf("--chown=%s:%s", importConfig.Owner, importConfig.Group) } - rsyncCommand := fmt.Sprintf("RSYNC_PASSWORD='%s' %s --archive --links --inplace --xattrs --one-file-system %s", srv.AuthPassword, stapel.RsyncBinPath(), rsyncChownOption) + rsyncCommand := fmt.Sprintf("RSYNC_PASSWORD='%s' %s --archive --links --inplace --xattrs --one-file-system --keep-dirlinks %s", srv.AuthPassword, stapel.RsyncBinPath(), rsyncChownOption) rsyncCommand += PrepareRsyncFilters(importConfig.Add, importConfig.IncludePaths, importConfig.ExcludePaths) rsyncCommand += fmt.Sprintf(" %s$IMPORT_PATH_TRAILING_SLASH_OPTIONAL %s", rsyncImportPathSpec, importConfig.To) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/werf-2.70.0/pkg/build/stage/image_spec.go new/werf-2.71.0/pkg/build/stage/image_spec.go --- old/werf-2.70.0/pkg/build/stage/image_spec.go 2026-05-27 21:29:15.000000000 +0200 +++ new/werf-2.71.0/pkg/build/stage/image_spec.go 2026-06-10 12:07:16.000000000 +0200 @@ -27,7 +27,7 @@ labelTemplateImage = "image" labelTemplateProject = "project" labelTemplateDelimiter = "%" - werfLabelsGlobalWarning = `The "werf", "werf-stage-content-digest" and "werf.io/parent-stage-id" labels cannot be removed within the imageSpec stage, as they are essential for the proper operation of host and container registry cleanup. + werfLabelsGlobalWarning = `The "werf", "werf-stage-content-digest", "werf.io/parent-stage-id" and "werf-project-repo-commit" labels cannot be removed within the imageSpec stage, as they are essential for the proper operation of host and container registry cleanup. If you need to remove all werf labels, use the werf export command. By default, this command removes all werf labels and fully detaches images from werf control, transferring host and container registry cleanup entirely to the user. @@ -241,7 +241,7 @@ continue } - if key == image.WerfLabel || key == image.WerfParentStageID || key == image.WerfStageContentDigestLabel { + if key == image.WerfLabel || key == image.WerfParentStageID || key == image.WerfStageContentDigestLabel || key == image.WerfProjectRepoCommitLabel { if !keepEssentialWerfLabels { shouldPrintGlobalWarn = true } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/werf-2.70.0/test/e2e/build/_fixtures/import/symlink_dest/state0/werf.yaml new/werf-2.71.0/test/e2e/build/_fixtures/import/symlink_dest/state0/werf.yaml --- old/werf-2.70.0/test/e2e/build/_fixtures/import/symlink_dest/state0/werf.yaml 1970-01-01 01:00:00.000000000 +0100 +++ new/werf-2.71.0/test/e2e/build/_fixtures/import/symlink_dest/state0/werf.yaml 2026-06-10 12:07:16.000000000 +0200 @@ -0,0 +1,24 @@ +project: werf-test-e2e-build-import-symlink-dest +configVersion: 1 + +--- +image: source +from: registry.werf.io/base/ubuntu:22.04 +shell: + setup: + - mkdir -p /src/bin + - echo "hello" > /src/bin/myapp + +--- +image: target +from: registry.werf.io/base/ubuntu:22.04 +shell: + beforeInstall: + - rm -rf /bin + - mkdir -p /usr/bin + - ln -s usr/bin /bin +import: + - image: source + add: /src/bin + to: /bin + after: install diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/werf-2.70.0/test/e2e/build/import_test.go new/werf-2.71.0/test/e2e/build/import_test.go --- old/werf-2.70.0/test/e2e/build/import_test.go 1970-01-01 01:00:00.000000000 +0100 +++ new/werf-2.71.0/test/e2e/build/import_test.go 2026-06-10 12:07:16.000000000 +0200 @@ -0,0 +1,79 @@ +package e2e_build_test + +import ( + . "github.com/onsi/ginkgo/v2" + + "github.com/werf/werf/v2/test/pkg/contback" + "github.com/werf/werf/v2/test/pkg/report" + "github.com/werf/werf/v2/test/pkg/werf" +) + +type importTestOptions struct { + setupEnvOptions +} + +var _ = Describe("Import", Label("e2e", "build", "import", "simple"), func() { + DescribeTable("should resolve relative symlink destination", + func(ctx SpecContext, testOpts importTestOptions) { + By("initializing") + setupEnv(testOpts.setupEnvOptions) + contRuntime, err := contback.NewContainerBackend(testOpts.ContainerBackendMode) + if err == contback.ErrRuntimeUnavailable { + Skip(err.Error()) + } else if err != nil { + Fail(err.Error()) + } + + By("building") + repoDirname := "repo0" + fixtureRelPath := "import/symlink_dest/state0" + buildReportName := "report0.json" + + SuiteData.InitTestRepo(ctx, repoDirname, fixtureRelPath) + + werfProject := werf.NewProject(SuiteData.WerfBinPath, SuiteData.GetTestRepoPath(repoDirname)) + reportProject := report.NewProjectWithReport(werfProject) + _, buildReport := reportProject.BuildWithReport(ctx, SuiteData.GetBuildReportPath(buildReportName), nil) + + By("checking imported files landed in real dir and are accessible via symlink") + contRuntime.ExpectCmdsToSucceed( + ctx, + buildReport.Images["target"].DockerImageName, + "test -L /bin", + "test -f /usr/bin/myapp", + "echo 'hello' | diff /usr/bin/myapp -", + "test -f /bin/myapp", + ) + }, + Entry("Vanilla Docker", importTestOptions{setupEnvOptions{ + ContainerBackendMode: "vanilla-docker", + WithLocalRepo: true, + WithStagedDockerfileBuilder: false, + }}), + Entry("BuildKit Docker", importTestOptions{setupEnvOptions{ + ContainerBackendMode: "buildkit-docker", + WithLocalRepo: true, + WithStagedDockerfileBuilder: false, + }}), + Entry("Native Buildah rootless", importTestOptions{setupEnvOptions{ + ContainerBackendMode: "native-rootless", + WithLocalRepo: true, + WithStagedDockerfileBuilder: false, + }}), + Entry("Native Buildah chroot", importTestOptions{setupEnvOptions{ + ContainerBackendMode: "native-chroot", + WithLocalRepo: true, + WithStagedDockerfileBuilder: true, + }}), + Entry("Native Buildah rootless", importTestOptions{setupEnvOptions{ + ContainerBackendMode: "native-rootless", + WithLocalRepo: true, + WithStagedDockerfileBuilder: false, + }}), + Entry("Native Buildah chroot", importTestOptions{setupEnvOptions{ + ContainerBackendMode: "native-chroot", + WithLocalRepo: true, + WithStagedDockerfileBuilder: true, + }}), + ) +}) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/werf-2.70.0/trdl_channels.yaml new/werf-2.71.0/trdl_channels.yaml --- old/werf-2.70.0/trdl_channels.yaml 2026-05-27 21:29:15.000000000 +0200 +++ new/werf-2.71.0/trdl_channels.yaml 2026-06-10 12:07:16.000000000 +0200 @@ -38,12 +38,12 @@ - name: "2" channels: - name: alpha - version: 2.69.1 + version: 2.70.0 - name: beta - version: 2.69.0 + version: 2.70.0 - name: ea - version: 2.69.0 + version: 2.70.0 - name: stable - version: 2.68.2 + version: 2.69.1 - name: rock-solid version: 2.68.2 ++++++ werf.obsinfo ++++++ --- /var/tmp/diff_new_pack.qvX7qx/_old 2026-06-25 10:57:48.258613870 +0200 +++ /var/tmp/diff_new_pack.qvX7qx/_new 2026-06-25 10:57:48.274614423 +0200 @@ -1,5 +1,5 @@ name: werf -version: 2.70.0 -mtime: 1779910155 -commit: a4da61a6251bdbd4a6a131c61c65193c8121329f +version: 2.71.0 +mtime: 1781086036 +commit: bd0e4ae194c1caf651f770c022e7a5a528f64213
