initial

.dmtlint.yaml

@@ -0,0 +1,17 @@
+linters-settings:
+  container:
+    exclude-rules:
+      liveness-probe:
+        - kind: Deployment
+          name: snapshot-controller
+          container: snapshot-controller
+        - kind: Deployment
+          name: snapshot-validation-webhook
+          container: snapshot-validation
+      readiness-probe:
+        - kind: Deployment
+          name: snapshot-controller
+          container: snapshot-controller
+        - kind: Deployment
+          name: snapshot-validation-webhook
+          container: snapshot-validation

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -0,0 +1,59 @@
+name: 🎯 Bug report
+description: Report a bug to help us improve Deckhouse
+labels:
+- 'type/bug'
+- 'status/needs-triage'
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thank you for submitting a bug report!
+
+        Please fill out the template below to make it easier to debug your problem.
+  - type: checkboxes
+    attributes:
+      label: Preflight Checklist
+      description: Please ensure you've completed all of the following.
+      options:
+        - label: I agree to follow the [Code of Conduct](https://github.com/deckhouse/deckhouse/blob/main/CODE_OF_CONDUCT.md) that this project adheres to.
+          required: true
+        - label: I have searched the [issue tracker](https://github.com/deckhouse/deckhouse/issues) for an issue that matches the one I want to file, without success.
+          required: true
+  - type: input
+    attributes:
+      label: Version
+      description: |
+        What version of Deckhouse are you running?
+      placeholder: v1.0.0
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Expected Behavior
+      description: A clear and concise description of what you expected to happen.
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Actual Behavior
+      description: A clear description of what actually happens.
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Steps To Reproduce
+      description: Steps to reproduce the behavior if it is not self-explanatory.
+      placeholder: |
+        1. In this environment...
+        2. With this config...
+        3. Run '...'
+        4. See error...
+  - type: textarea
+    attributes:
+      label: Additional Information
+      description: Links? References? Anything that will give us more context about the issue that you are encountering!
+  - type: textarea
+    attributes:
+      label: Logs
+      description: Deckhouse application logs (if relevant).
+      render: shell

.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1,13 @@
+blank_issues_enabled: false
+contact_links:
+- name: 📚 Documentation
+  url: https://deckhouse.io/documentation/
+  about: Check the documentation for help
+
+- name: 💬 Telegram channel [EN]
+  url: https://t.me/deckhouse
+  about: Please ask and answer questions here
+
+- name: 🇷🇺 Telegram channel [RU]
+  url: https://t.me/deckhouse_ru
+  about: Please ask and answer questions here

.github/ISSUE_TEMPLATE/feature_request.yml

@@ -0,0 +1,37 @@
+name: 💡 Feature request
+description: Suggest an idea for Deckhouse
+labels:
+- 'type/enhancement'
+- 'status/needs-triage'
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thank you for submitting a feature request!
+
+        Please describe what you would like to change/add and why in detail by filling out the template below.
+  - type: checkboxes
+    attributes:
+      label: Preflight Checklist
+      description: Please ensure you've completed all of the following.
+      options:
+        - label: I agree to follow the [Code of Conduct](https://github.com/deckhouse/deckhouse/blob/main/CODE_OF_CONDUCT.md) that this project adheres to.
+          required: true
+        - label: I have searched the [issue tracker](https://github.com/deckhouse/deckhouse/issues) for an issue that matches the one I want to file, without success.
+          required: true
+  - type: textarea
+    attributes:
+      label: Use case. Why is this important?
+      description: A clear and concise description of the problem you are seeking to solve with this feature request.
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Proposed Solution
+      description: A clear and concise description of what would you like to happen.
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Additional Information
+      description: Add any other context about the problem here.

.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,30 @@
+## Description
+<!---
+  Describe your changes in detail.
+
+  Please let users know if your feature influences critical cluster components
+  (restarts of ingress-controllers, control-plane, Prometheus, etc).
+-->
+
+## Why do we need it, and what problem does it solve?
+<!---
+  This is the most important paragraph.
+  You must describe the main goal of your feature.
+
+  If it fixes an issue, place a link to the issue here.
+
+  If it fixes an obvious bug, please tell users about the impact and effect of the problem.
+-->
+
+## What is the expected result?
+<!---
+  How can one check these changes after applying?  
+
+  Describe, what (resource, state, event, etc.) MUST or MUST NOT change/happen after applying these changes.
+-->
+
+## Checklist
+- [ ] The code is covered by unit tests.
+- [ ] e2e tests passed.
+- [ ] Documentation updated according to the changes.
+- [ ] Changes were tested in the Kubernetes cluster manually.

.github/check_previous_channel_release.sh

@@ -0,0 +1,38 @@
+#!/bin/bash
+
+crane="/usr/local/bin/crane"
+repositoryName=$1
+edition=$2
+channel=$3
+version=$4
+user=$5
+password=$6
+
+echo "Module $repositoryName, edition $edition, channel $channel, version $version"
+
+if [[ "$channel" == "alpha" ]]; then
+ echo "Deploying $version to alpha channel"
+ exit 0
+elif [[ "$channel" == "beta" ]]; then
+ previousChannel="alpha"
+elif [[ "$channel" == "early-access" ]]; then
+ previousChannel="beta"
+elif [[ "$channel" == "stable" ]]; then
+ previousChannel="early-access"
+elif [[ "$channel" == "rock-solid" ]]; then
+ previousChannel="stable"
+else
+ echo "Unknown channel"
+ exit 1
+fi
+
+echo "Checking previous channel $previousChannel"
+$crane auth login -u $user -p $password registry.deckhouse.io
+previousChannelVersion=$($crane export registry.deckhouse.io/deckhouse/$edition/modules/$repositoryName/release:$previousChannel | grep -aoE '\{"version":".*"\}' | jq -r .version)
+if [[ "$version" == "$previousChannelVersion" ]]; then
+ echo "Previous channel $previousChannel version $previousChannelVersion is equal desired version $version, processing"
+ exit 0
+else
+ echo "Previous channel $previousChannel version $previousChannelVersion is not equal desired version $version, rejecting"
+ exit 1
+fi

.github/workflows/build_dev.yml

@@ -0,0 +1,163 @@
+name: Build and push for dev
+
+env:
+  MODULES_REGISTRY: ${{ vars.DEV_REGISTRY }}
+  CI_COMMIT_REF_NAME: ${{ github.ref_name }}
+  MODULES_MODULE_NAME: ${{ vars.MODULE_NAME }}
+  MODULES_MODULE_SOURCE: ${{ vars.DEV_MODULE_SOURCE }}
+  MODULES_REGISTRY_LOGIN: ${{ vars.DEV_MODULES_REGISTRY_LOGIN }}
+  MODULES_REGISTRY_PASSWORD: ${{ secrets.DEV_MODULES_REGISTRY_PASSWORD }}
+  GOPROXY: ${{ secrets.GOPROXY }}
+  SOURCE_REPO: ${{ secrets.SOURCE_REPO }}
+  SOURCE_REPO_SSH_KEY: ${{ secrets.SOURCE_REPO_SSH_KEY }}
+  BASE_IMAGES_VERSION: "v0.5.39"
+
+on:
+  #pull_request:
+  # call from trivy_image_check.yaml, which in turn call from pull_request
+  # https://stackoverflow.com/a/71489231
+  workflow_call:
+    inputs:
+      svace_enabled:
+        description: "Enable svace build and analyze"
+        type: boolean
+        required: false
+  push:
+    branches:
+      - main
+
+defaults:
+  run:
+    shell: bash
+
+concurrency:
+  group: "${{ github.workflow }}-${{ github.event.number || github.ref }}"
+  cancel-in-progress: true
+
+jobs:
+  lint:
+    runs-on: [self-hosted, regular]
+    continue-on-error: true
+    name: Lint
+    steps:
+      - uses: actions/checkout@v4
+      - name: Copy openapi/values_ce.yaml to openapi/values.yaml
+        run: |
+          if [ -f openapi/values_ce.yaml ]; then
+            cp -f openapi/values_ce.yaml openapi/values.yaml
+          fi
+      - uses: deckhouse/modules-actions/lint@main
+        env:
+          DMT_METRICS_URL: ${{ secrets.DMT_METRICS_URL }}
+          DMT_METRICS_TOKEN: ${{ secrets.DMT_METRICS_TOKEN }}
+      - name: Copy openapi/values_ee.yaml to openapi/values.yaml
+        run: |
+          if [ -f openapi/values_ee.yaml ]; then
+            cp -f openapi/values_ee.yaml openapi/values.yaml
+          fi
+      - uses: deckhouse/modules-actions/lint@main
+        env:
+          DMT_METRICS_URL: ${{ secrets.DMT_METRICS_URL }}
+          DMT_METRICS_TOKEN: ${{ secrets.DMT_METRICS_TOKEN }}
+
+  set_edition:
+    runs-on: [self-hosted, large]
+    name: Set edition
+    outputs:
+      module_edition: ${{ steps.set-vars.outputs.MODULE_EDITION }}
+    steps:
+      - name: Get Pull Request Labels
+        id: get-labels
+        uses: actions/github-script@v7
+        with:
+          script: |
+            if (context.eventName === "pull_request" || context.eventName === "pull_request_target" ) {
+              const prNumber = context.payload.pull_request.number;
+              const { data: labels } = await github.rest.issues.listLabelsOnIssue({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                issue_number: prNumber,
+              });
+              return labels.map(label => label.name);
+            } else {
+              return [];
+            }
+          result-encoding: string
+
+      - name: Set vars
+        id: set-vars
+        run: |
+          # Select edition for build, default ee
+          if echo "${{ steps.get-labels.outputs.result }}" | grep -q "edition/ce"; then
+            echo "MODULE_EDITION=ce" >> "$GITHUB_OUTPUT"
+          else
+            echo "MODULE_EDITION=ee" >> "$GITHUB_OUTPUT"
+          fi
+
+  dev_setup_build:
+    runs-on: [self-hosted, large]
+    name: Build and Push images
+    needs: [set_edition]
+    env:
+      MODULE_EDITION: ${{needs.set_edition.outputs.module_edition}}
+    steps:
+      - name: Set vars for PR
+        if: ${{ github.ref_name != 'main' }}
+        run: |
+          MODULES_MODULE_TAG="$(echo pr${{ github.ref_name }} | sed 's/\/.*//g')"
+          echo "MODULES_MODULE_TAG=$MODULES_MODULE_TAG" >> "$GITHUB_ENV"
+      - name: Set vars for main
+        if: ${{ github.ref_name == 'main' }}
+        run: |
+          echo "MODULES_MODULE_TAG=${{ github.ref_name }}" >> "$GITHUB_ENV"
+      - name: Print vars
+        run: |
+          echo MODULES_REGISTRY=$MODULES_REGISTRY
+          echo CI_COMMIT_REF_NAME=$CI_COMMIT_REF_NAME
+          echo MODULES_MODULE_NAME=$MODULES_MODULE_NAME
+          echo MODULES_MODULE_SOURCE=$MODULES_MODULE_SOURCE
+          echo MODULES_MODULE_TAG=$MODULES_MODULE_TAG
+          echo MODULE_EDITION=$MODULE_EDITION
+
+      - uses: actions/checkout@v4
+
+      - name: Download base images and auth prepare
+        run: |
+          wget https://fox.flant.com/api/v4/projects/deckhouse%2Fbase-images/packages/generic/base_images/$BASE_IMAGES_VERSION/base_images.yml -O base_images.yml
+          cat base_images.yml
+
+      - uses: deckhouse/modules-actions/setup@v4
+        with:
+          registry: ${{ vars.DEV_REGISTRY }}
+          registry_login: ${{ vars.DEV_MODULES_REGISTRY_LOGIN }}
+          registry_password: ${{ secrets.DEV_MODULES_REGISTRY_PASSWORD }}
+      - uses: deckhouse/modules-actions/build@v4
+        with:
+          module_source: "${{ vars.DEV_MODULE_SOURCE }}"
+          module_name: ${{ vars.MODULE_NAME }}
+          module_tag: ${{ env.MODULES_MODULE_TAG }}
+          source_repo: ${{ secrets.SOURCE_REPO }}
+          source_repo_ssh_key: ${{ secrets.SOURCE_REPO_SSH_KEY }}
+          svace_enabled: ${{ contains(github.event.pull_request.labels.*.name, 'analyze/svace') || inputs.svace_enabled == true }}
+          svace_analyze_host: "${{ secrets.SVACE_ANALYZE_HOST }}"
+          svace_analyze_ssh_user: "${{ secrets.SVACE_ANALYZE_SSH_USER }}"
+          svace_analyze_ssh_key: "${{ secrets.SVACE_ANALYZE_SSH_PRIVATE_KEY }}"
+
+  analyze_build:
+    if: ${{ contains(github.event.pull_request.labels.*.name, 'analyze/svace') || inputs.svace_enabled == true }}
+    name: Analyze build
+    runs-on: [self-hosted, large]
+    needs:
+      - dev_setup_build
+    steps:
+      - uses: deckhouse/modules-actions/svace_analyze@v4
+        with:
+          project_group: ${{ github.event.repository.name }}
+          ci_commit_ref_name: ${{ github.event.pull_request.head.ref || github.ref_name }}
+          ci_commit_hash: ${{ github.sha }}
+          svace_analyze_host: "${{ secrets.SVACE_ANALYZE_HOST }}"
+          svace_analyze_ssh_user: "${{ secrets.SVACE_ANALYZE_SSH_USER }}"
+          svacer_url: "${{ secrets.SVACER_URL }}"
+          svacer_import_user: "${{ secrets.SVACER_IMPORT_USER }}"
+          svacer_import_password: "${{ secrets.SVACER_IMPORT_PASSWORD }}"
+          svace_analyze_ssh_private_key: "${{ secrets.SVACE_ANALYZE_SSH_PRIVATE_KEY }}"