fix!: remove 0.27.0 layout shim

[AustinAbro321]

Description

#1469 changed how manifests were loaded into a package, but kept a shim around in case old packages were deployed on newer versions of Zarf. This shim can cause a bug under specific circumstances, see #4819.

Some consideration for adding a minimumVersionRequirement here, but given that this package layout change happened in v0.27.0 from May 2023, I deemed this not practically necessary.

The breaking change here is that we will no longer deploy packages from <v0.27.0. I doubt this is relevant to anyone.

Related Issue

Fixes #4819

Checklist before merging

• Test, docs, adr added or updated as needed
• Contributor Guide Steps followed

[netlify]

✅ Deploy Preview for zarf-docs canceled.

Name	Link
🔨 Latest commit	8420ac3
🔍 Latest deploy log	https://app.netlify.com/projects/zarf-docs/deploys/69de9c8dcb9d4c0008adaf2b

[codecov]

Codecov Report

❌ Patch coverage is 0% with 2 lines in your changes missing coverage. Please review.

Files with missing lines	Patch %	Lines
src/pkg/packager/deploy.go	0.00%	2 Missing ⚠️

Files with missing lines	Coverage Δ
src/pkg/packager/deploy.go	0.00% <0.00%> (ø)

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[soltysh]

Two things:

1. Can you add a unit-test to ensure we don't cause a regression.
2. I'm not sure I'm recreating the problem correctly, I've tried this with zarf package create examples/yolo/ -c the resulting zarf.yaml still points to the same files as

   zarf/examples/yolo/zarf.yaml

   Lines 14 to 15 in bb4083d

   	- ../dos-games/manifests/deployment.yaml
   	- ../dos-games/manifests/service.yaml

   But we package both of these files as multi-games-0.yaml and multi-games-1.yaml inside the componentsyolo-games.tar in zarf-package-yolo-amd64.tar.zst. So either I'm reproducing the problem the wrong way, or they fix is not correct.

[AustinAbro321]

The problem is in the check that we currently have inside of Zarf skips permission errors with helpers.InvalidPath so we don't end up using the fallback.

Here are reproduction steps:

• create a simple manifest with root permissions

sudo tee /root/secret-ns.yaml >/dev/null <<'EOF'                                                                                                                      
apiVersion: v1
kind: Namespace
metadata:
  name: demo
EOF

• Create a zarf.yaml to consume this manifest

kind: ZarfPackageConfig
metadata:                                                                                                                                                             
  name: repro                                                                                                                                                       
  version: 1.0.0                                                                                                                                                      
components:                                                                                                                                                         
  - name: ns
    required: true
    manifests:                                                                                                                                                        
      - name: ns
        namespace: demo                                                                                                                                               
        files:                                                                                                                                                      
          - ../../../../../../../../../../root/secret-ns.yaml

• Create the package as root
• Deploy the package with latest Zarf, you'll get a permission error because we escape the filepath leaves the unarchived Zarf package and goes to the /root/secret-ns.yaml file on disk
• Deploy with Zarf from this branch is successful because we removed the fallback

[AustinAbro321]

Can you add a unit-test to ensure we don't cause a regression

We don't currently have any unit tests for deploy.go. Stems partially from the fact that it's hard to unit test our calls to Helm. I feel confident in our e2e tests here, and I see this more as a feature removal (backwards compatibility shim removal) so this won't be a case that comes back. Thoughts on tabling this until we get a better grasp on a testing strategy for deploy?

[soltysh]

Confirmed, I was able to reproduce this w/o the fix and working with the fix. Although I will admit that the zarf.yaml contents inside the package, whether you manually extract it or use zarf package inspect definition could also be updated not to point to the source location, but rather package relative. But that's not blocking this PR.

lgtm