deckhouse · duckhawk · Oct 31, 2025 · Oct 30, 2025 · Oct 30, 2025 · Oct 31, 2025
diff --git a/.github/workflows/build_dev.yml b/.github/workflows/build_dev.yml
@@ -10,7 +10,7 @@ env:
   GOPROXY: ${{ secrets.GOPROXY }}
   SOURCE_REPO: ${{ secrets.SOURCE_REPO }}
   SOURCE_REPO_SSH_KEY: ${{ secrets.SOURCE_REPO_SSH_KEY }}
-  BASE_IMAGES_VERSION: "v0.5.32"
+  BASE_IMAGES_VERSION: "v0.5.37"
 
 on:
   #pull_request:
@@ -138,13 +138,13 @@ jobs:
           module_tag: ${{ env.MODULES_MODULE_TAG }}
           source_repo: ${{ secrets.SOURCE_REPO }}
           source_repo_ssh_key: ${{ secrets.SOURCE_REPO_SSH_KEY }}
-          svace_enabled: ${{ contains(github.event.pull_request.labels.*.name, 'analyze/svace') || github.event.inputs.svace_enabled }}
+          svace_enabled: ${{ contains(github.event.pull_request.labels.*.name, 'analyze/svace') || inputs.svace_enabled == true }}
           svace_analyze_host: "${{ secrets.SVACE_ANALYZE_HOST }}"
           svace_analyze_ssh_user: "${{ secrets.SVACE_ANALYZE_SSH_USER }}"
           svace_analyze_ssh_key: "${{ secrets.SVACE_ANALYZE_SSH_PRIVATE_KEY }}"
 
   analyze_build:
-    if: ${{ contains(github.event.pull_request.labels.*.name, 'analyze/svace') || github.event.inputs.svace_enabled == 'true' }}
+    if: ${{ contains(github.event.pull_request.labels.*.name, 'analyze/svace') || inputs.svace_enabled == true }}
     name: Analyze build
     runs-on: [self-hosted, large]
     needs:

diff --git a/.github/workflows/build_prod.yml b/.github/workflows/build_prod.yml
@@ -11,7 +11,7 @@ env:
   GOPROXY: ${{ secrets.GOPROXY }}
   SOURCE_REPO: ${{ secrets.SOURCE_REPO }}
   SOURCE_REPO_SSH_KEY: ${{ secrets.SOURCE_REPO_SSH_KEY }}
-  BASE_IMAGES_VERSION: "v0.5.32"
+  BASE_IMAGES_VERSION: "v0.5.37"
 
 on:
   push:

diff --git a/.github/workflows/svace_analyze.yaml b/.github/workflows/svace_analyze.yaml
@@ -0,0 +1,12 @@
+name: Svace analyze
+
+on:
+  schedule:
+    - cron: "0 16 * * 6" # Regular static analysis
+
+jobs:
+  build_dev:
+    uses: ./.github/workflows/build_dev.yml
+    secrets: inherit
+    with:
+      svace_enabled: true
diff --git a/.github/workflows/trivy_image_check.yaml b/.github/workflows/trivy_image_check.yaml
@@ -2,7 +2,7 @@ name: Build and checks
 
 on:
   schedule:
-    - cron: "0 01 * * 0,3"
+    - cron: "0 01 * * 0,3" # Regular CVE scan
   pull_request:
     types: [opened, reopened, labeled, synchronize]
   push:
@@ -23,7 +23,7 @@ on:
         description: "Optional. Vulnerabilities severity to scan. Default is: UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL"
         required: false
       svace_enabled:
-        description: 'Enable svace build and analyze'
+        description: "Enable svace build and analyze"
         type: boolean
         required: false
 
@@ -41,9 +41,10 @@ jobs:
     needs: [build_dev]
     steps:
       - uses: actions/checkout@v4
-      - uses: deckhouse/modules-actions/cve_scan@v4
+      - uses: deckhouse/modules-actions/cve_scan@v6
         with:
           tag: pr${{ github.event.number }}
+          tag_type: "dev"
           module_name: ${{ vars.MODULE_NAME }}
           dd_url: ${{ secrets.DEFECTDOJO_HOST }}
           dd_token: ${{ secrets.DEFECTDOJO_API_TOKEN }}
@@ -61,9 +62,10 @@ jobs:
     runs-on: [self-hosted, regular]
     steps:
       - uses: actions/checkout@v4
-      - uses: deckhouse/modules-actions/cve_scan@v4
+      - uses: deckhouse/modules-actions/cve_scan@v6
         with:
           tag: ${{ github.event.inputs.release_branch || github.event.repository.default_branch }}
+          tag_type: "dev"
           module_name: ${{ vars.MODULE_NAME }}
           dd_url: ${{ secrets.DEFECTDOJO_HOST }}
           dd_token: ${{ secrets.DEFECTDOJO_API_TOKEN }}

diff --git a/CHANGELOG/v0.1.8.ru.yml b/CHANGELOG/v0.1.8.ru.yml
@@ -0,0 +1,4 @@
+Изменения:
+  - Обновлена версия Go до 1.24.9
+  - Обновлена lib-helm до deckhouse_lib_helm-1.64.1
+  - Обновление документации
diff --git a/CHANGELOG/v0.1.8.yml b/CHANGELOG/v0.1.8.yml
@@ -0,0 +1,4 @@
+Changes:
+  - Updated Go version to 1.24.9
+  - Updated lib-helm to deckhouse_lib_helm-1.64.1
+  - Documentation updates
diff --git a/charts/deckhouse_lib_helm-1.63.6.tgz b/charts/deckhouse_lib_helm-1.63.6.tgz
diff --git a/charts/deckhouse_lib_helm-1.64.1.tgz b/charts/deckhouse_lib_helm-1.64.1.tgz
diff --git a/hooks/go/go.mod b/hooks/go/go.mod
@@ -1,6 +1,6 @@
 module github.com/deckhouse/snapshot-controller/hooks/go
 
-go 1.24.8
+go 1.24.9
 
 require github.com/deckhouse/module-sdk v0.2.0
 

diff --git a/images/go-hooks/werf.inc.yaml b/images/go-hooks/werf.inc.yaml
@@ -17,7 +17,7 @@ shell:
 
 ---
 image: {{ .ModuleNamePrefix }}{{ .ImageName }}-artifact
-fromImage: {{ eq .SVACE_ENABLED "false" | ternary "builder/golang-alpine" "builder/alt-go-svace" }}
+fromImage: {{ eq .SVACE_ENABLED "false" | ternary "builder/golang-alpine" "builder/golang-alt-svace" }}
 final: false
 
 import:

diff --git a/images/snapshot-controller/werf.inc.yaml b/images/snapshot-controller/werf.inc.yaml
@@ -19,7 +19,7 @@ shell:
 
 ---
 image: {{ .ModuleNamePrefix }}{{ .ImageName }}-golang-artifact
-fromImage: {{ eq .SVACE_ENABLED "false" | ternary "builder/golang-alpine" "builder/alt-go-svace" }}
+fromImage: {{ eq .SVACE_ENABLED "false" | ternary "builder/golang-alpine" "builder/golang-alt-svace" }}
 final: false
 
 import:

diff --git a/images/webhooks/go.mod b/images/webhooks/go.mod
@@ -1,6 +1,6 @@
 module github.com/deckhouse/snapshot-controller/images/webhooks
 
-go 1.24.8
+go 1.24.9
 
 require (
 	github.com/deckhouse/sds-common-lib v0.5.0

diff --git a/images/webhooks/werf.inc.yaml b/images/webhooks/werf.inc.yaml
@@ -20,7 +20,7 @@ shell:
 
 ---
 image: {{ .ModuleNamePrefix }}{{ .ImageName }}-golang-artifact
-fromImage: {{ eq .SVACE_ENABLED "false" | ternary "builder/golang-alpine" "builder/alt-go-svace" }}
+fromImage: {{ eq .SVACE_ENABLED "false" | ternary "builder/golang-alpine" "builder/golang-alt-svace" }}
 final: false
 
 import: