8000 Merge branch 'main' into patch-1 · nginx/kubernetes-ingress@2181198 · GitHub
[go: up one dir, main page]
Skip to content

Commit 2181198

Browse files
lucacomelucacome
authored
Merge branch 'main' into patch-1
2 parents 731d005 + 5a6a3d2 commit 2181198

File tree

246 files changed

+10917
-5230
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

246 files changed

+10917
-5230
lines changed

.github/ISSUE_TEMPLATE/bug_report.md

Lines changed: 6 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,7 @@ A clear and concise description of what the bug is.
1212

1313
**To Reproduce**
1414
Steps to reproduce the behavior:
15+
1516
1. Deploy x to '...' using some.yaml
1617
2. View logs on '....'
1718
3. See error
@@ -20,10 +21,11 @@ Steps to reproduce the behavior:
2021
A clear and concise description of what you expected to happen.
2122

2223
**Your environment**
23-
* Version of the Ingress Controller - release version or a specific commit
24-
* Version of Kubernetes
25-
* Kubernetes platform (e.g. Mini-kube or GCP)
26-
* Using NGINX or NGINX Plus
24+
25+
- Version of the Ingress Controller - release version or a specific commit
26+
- Version of Kubernetes
27+
- Kubernetes platform (e.g. Mini-kube or GCP)
28+
- Using NGINX or NGINX Plus
2729
<!-- output from `docker inspect --format '{{ json .Config.Labels }}' <docker image> | jq` if available -->
2830

2931
**Additional context**

.github/PULL_REQUEST_TEMPLATE.md

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,10 @@
11
### Proposed changes
2-
Describe the use case and detail of the change. If this PR addresses an issue on GitHub, make sure to include a link to that issue here in this description (not in the title of the PR).
2+
3+
Describe the use case and detail of the change. If this PR addresses an issue on GitHub, make sure to include a link to
4+
that issue here in this description (not in the title of the PR).
35

46
### Checklist
7+
58
Before creating a PR, run through this checklist and mark each as complete.
69

710
- [ ] I have read the [CONTRIBUTING](https://github.com/nginxinc/kubernetes-ingress/blob/main/CONTRIBUTING.md) doc

.github/actions/smoke-tests/action.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -74,7 +74,7 @@ runs:
7474
- name: Build Test-Runner Container
7575
uses: docker/build-push-action@v3
7676
with:
77-
file: tests/docker/Dockerfile
77+
file: tests/Dockerfile
7878
context: '.'
7979
cache-from: type=gha,scope=test-runner
8080
tags: test-runner:${{ github.sha }}

.github/dependabot.yml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,7 @@ updates:
1616
interval: daily
1717

1818
- package-ecosystem: docker
19-
directory: /tests/docker
19+
directory: /tests
2020
schedule:
2121
interval: daily
2222

@@ -25,7 +25,7 @@ updates:
2525
schedule:
2626
interval: weekly
2727

28-
- package-ecosystem: pip
29-
directory: /perf-tests
28+
- package-ecosystem: gomod
29+
directory: /docs
3030
schedule:
3131
interval: weekly

.github/dependency-review-config.yml

Lines changed: 0 additions & 13 deletions
This file was deleted.

.github/labels.yml

Lines changed: 0 additions & 75 deletions
This file was deleted.

.github/workflows/build-oss.yml

Lines changed: 8 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -17,6 +17,9 @@ defaults:
1717
run:
1818
shell: bash
1919

20+
permissions:
21+
contents: read
22+
2023
jobs:
2124
build:
2225
runs-on: ubuntu-22.04
@@ -48,7 +51,7 @@ jobs:
4851
if: ${{ github.event_name != 'pull_request' && ! startsWith(github.ref, 'refs/heads/release-') }}
4952

5053
- name: Docker Buildx
51-
uses: docker/setup-buildx-action@ecf95283f03858871ff00b787d79c419715afc34 # v2.7.0
54+
uses: docker/setup-buildx-action@4c0219f9ac95b02789c1075625400b2acbff50b1 # v2.9.1
5255

5356
- name: DockerHub Login
5457
uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0
@@ -158,7 +161,7 @@ jobs:
158161
ignore-unfixed: "true"
159162

160163
- name: Upload Trivy scan results to GitHub Security tab
161-
uses: github/codeql-action/upload-sarif@f6e388ebf0efc915c6c5b165b019ee61a6746a38 # v2.20.1
164+
uses: github/codeql-action/upload-sarif@a09933a12a80f87b87005513f0abb1494c27a716 # v2.21.4
162165
continue-on-error: true
163166
with:
164167
sarif_file: "trivy-results-${{ inputs.image }}.sarif"
@@ -179,5 +182,8 @@ jobs:
179182
tag: ${{ inputs.tag }}
180183
version: ${{ needs.build.outputs.version }}
181184
image_digest: ${{ needs.build.outputs.image_digest }}
185+
permissions:
186+
contents: read
187+
actions: read
182188
secrets: inherit
183189
if: ${{ inputs.tag != '' }}

.github/workflows/build-plus.yml

Lines changed: 47 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,9 @@ on:
1515
nap_modules:
1616
required: false
1717
type: string
18+
release-url:
19+
required: false
20+
type: string
1821

1922
defaults:
2023
run:
@@ -49,7 +52,7 @@ jobs:
4952
if: github.event_name != 'pull_request'
5053

5154
- name: Docker Buildx
52-
uses: docker/setup-buildx-action@ecf95283f03858871ff00b787d79c419715afc34 # v2.7.0
55+
uses: docker/setup-buildx-action@4c0219f9ac95b02789c1075625400b2acbff50b1 # v2.9.1
5356

5457
- name: Authenticate to Google Cloud
5558
id: auth
@@ -73,22 +76,22 @@ jobs:
7376
with:
7477
aws-region: us-east-1
7578
role-to-assume: ${{ secrets.AWS_ROLE_MARKETPLACE }}
76-
if: startsWith(github.ref, 'refs/tags/') && contains(inputs.target, 'aws')
79+
if: github.ref_type == 'tag' && contains(inputs.target, 'aws')
7780

7881
- name: Login to ECR
7982
uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0
8083
with:
8184
registry: 709825985650.dkr.ecr.us-east-1.amazonaws.com
82-
if: startsWith(github.ref, 'refs/tags/') && contains(inputs.target, 'aws')
85+
if: github.ref_type == 'tag' && contains(inputs.target, 'aws')
8386

8487
- name: Docker meta
8588
id: meta
8689
uses: docker/metadata-action@818d4b7b91585d195f67373fd9cb0332e31a7175 # v4.6.0
8790
with:
8891
images: |
8992
name=gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic${{ contains(inputs.nap_modules, 'dos') && '-dos' || '' }}${{ contains(inputs.nap_modules, 'waf') && '-nap' || '' }}/nginx-plus-ingress
90-
name=gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/release/nginx-ic${{ contains(inputs.nap_modules, 'dos') && '-dos' || '' }}${{ contains(inputs.nap_modules, 'waf') && '-nap' || '' }}/nginx-plus-ingress,enable=${{ startsWith(github.ref, 'refs/tags/') }}
91-
name=709825985650.dkr.ecr.us-east-1.amazonaws.com/nginx/nginx-plus-ingress${{ contains(inputs.nap_modules, 'dos') && '-dos' || '' }}${{ contains(inputs.nap_modules, 'waf') && '-nap' || '' }},enable=${{ startsWith(github.ref, 'refs/tags/') && contains(inputs.target, 'aws') }}
93+
name=gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/release/nginx-ic${{ contains(inputs.nap_modules, 'dos') && '-dos' || '' }}${{ contains(inputs.nap_modules, 'waf') && '-nap' || '' }}/nginx-plus-ingress,enable=${{ github.ref_type == 'tag' }}
94+
name=709825985650.dkr.ecr.us-east-1.amazonaws.com/nginx/nginx-plus-ingress${{ contains(inputs.nap_modules, 'dos') && '-dos' || '' }}${{ contains(inputs.nap_modules, 'waf') && '-nap' || '' }},enable=${{ github.ref_type == 'tag' && contains(inputs.target, 'aws') }}
9295
flavor: |
9396
suffix=${{ contains(inputs.image, 'ubi') && '-ubi' || '' }}${{ contains(inputs.image, 'alpine') && '-alpine' || '' }}${{ contains(inputs.target, 'aws') && '-mktpl' || '' }}${{ contains(inputs.image, 'fips') && '-fips' || ''}},onlatest=true
9497
latest=${{ contains(inputs.target, 'aws') && 'false' || 'auto' }}
@@ -106,12 +109,7 @@ jobs:
106109
- name: NAP modules
107110
id: nap_modules
108111
run: |
109-
modules="" 10A08 ;
110-
if [[ "${{ inputs.nap_modules }}" == "waf,dos" ]]; then
111-
modules="both"
112-
else
113-
modules="${{ inputs.nap_modules }}"
114-
fi
112+
[[ "${{ inputs.nap_modules }}" == "waf,dos" ]] && modules="both" || modules="${{ inputs.nap_modules }}"
115113
echo "modules=${modules}" >> $GITHUB_OUTPUT
116114
if: ${{ inputs.nap_modules != '' }}
117115

@@ -134,14 +132,49 @@ jobs:
134132
provenance: false
135133
build-args: |
136134
BUILD_OS=${{ inputs.image }}
137-
IC_VERSION=${{ startsWith(github.ref, 'refs/tags/') && steps.meta.outputs.version || 'CI' }}
135+
IC_VERSION=${{ github.ref_type == 'tag' && steps.meta.outputs.version || 'CI' }}
138136
${{ inputs.nap_modules != '' && format('NAP_MODULES={0}', inputs.nap_modules) || '' }}
139137
${{ steps.nap_modules.outputs.modules != '' && format('NAP_MODULES_AWS={0}', steps.nap_modules.outputs.modules) || '' }}
140138
secrets: |
141139
"nginx-repo.crt=${{ inputs.nap_modules != '' && secrets.NGINX_AP_CRT || secrets.NGINX_CRT }}"
142140
"nginx-repo.key=${{ inputs.nap_modules != '' && secrets.NGINX_AP_KEY || secrets.NGINX_KEY }}"
143141
${{ inputs.nap_modules != '' && contains(inputs.image, 'ubi') && format('"rhel_license={0}"', secrets.RHEL_LICENSE) || '' }}
144142
143+
- name: AWS variables
144+
id: aws
145+
run: |
146+
aws_registry=$(echo "${{ steps.meta.outputs.tags }}" | grep -oP "709825985650.dkr.ecr.us-east-1.amazonaws.com/[^[:space:]]+")
147+
version=$(echo ${{ steps.meta.outputs.version }} | sed 's/-mktpl//')
148+
declare -A nap_mapping=(
149+
["waf"]=_NAP_WAF
150+
["dos"]=_NAP_DOS
151+
["waf,dos"]=_NAP_WAF_DOS
152+
)
153+
modules=${{ inputs.nap_modules }}
154+
[[ -n $modules && ${nap_mapping[$modules]+_} ]] && nap=${nap_mapping[$modules]}
155+
156+
echo "version=$version" >> $GITHUB_OUTPUT
157+
echo "product_code=AWS${nap}_PRODUCT_ID" >> $GITHUB_OUTPUT
158+
echo "registry=${aws_registry}" >> $GITHUB_OUTPUT
159+
if: github.ref_type == 'tag' && contains(inputs.target, 'aws')
160+
161+
- name: Publish to AWS Marketplace
162+
uses: nginxinc/aws-marketplace-publish@93e03c5ce4baa842a8e5baad0a3f35d07b38460c # v0.1.2
163+
continue-on-error: true
164+
with:
165+
version: ${{ steps.aws.outputs.version }}
166+
product-id: ${{ secrets[steps.aws.outputs.product_code] }}
167+
registry: ${{ steps.aws.outputs.registry }}
168+
release-notes: ${{ inputs.release-url }}
169+
description: |
170+
Best-in-class traffic management solution for services in Amazon EKS.
171+
This is the official implementation of NGINX Ingress Controller (based on NGINX Plus) from NGINX.
172+
usage-instructions: |
173+
This container requires Kubernetes and can be deployed to EKS.
174+
Review the installation instructions https://docs.nginx.com/nginx-ingress-controller/installation/ and utilize the deployment resources available https://github.com/nginxinc/kubernetes-ingress/tree/master/deployments
175+
Use this image instead of building your own.
176+
if: ${{ github.ref_type == 'tag' && contains(inputs.target, 'aws') }}
177+
145178
- name: Load image for Trivy
146179
uses: docker/build-push-action@2eb1c1961a95fc15694676618e422e8ba1d63825 # v4.1.1
147180
with:
@@ -153,7 +186,7 @@ jobs:
153186
load: true
154187
build-args: |
155188
BUILD_OS=${{ inputs.image }}
156-
IC_VERSION=${{ startsWith(github.ref, 'refs/tags/') && steps.meta.outputs.version || 'CI' }}
189+
IC_VERSION=${{ github.ref_type == 'tag' && steps.meta.outputs.version || 'CI' }}
157190
${{ inputs.nap_modules != '' && format('NAP_MODULES={0}', inputs.nap_modules) || '' }}
158191
${{ steps.nap_modules.outputs.modules != '' && format('NAP_MODULES_AWS={0}', steps.nap_modules.outputs.modules) || '' }}
159192
secrets: |
@@ -171,7 +204,7 @@ jobs:
171204
ignore-unfixed: "true"
172205

173206
- name: Upload Trivy scan results to GitHub Security tab
174-
uses: github/codeql-action/upload-sarif@f6e388ebf0efc915c6c5b165b019ee61a6746a38 # v2.20.1
207+
uses: github/codeql-action/upload-sarif@a09933a12a80f87b87005513f0abb1494c27a716 # v2.21.4
175208
continue-on-error: true
176209
with:
177210
sarif_file: "trivy-results-${{ inputs.image }}.sarif"

0 commit comments

Comments
 (0)
0