8000 Merge branch 'main' into feat/helm-automount · nginx/kubernetes-ingress@6746a05 · GitHub
[go: up one dir, main page]
Skip to content

Commit 6746a05

Browse files
jjngxjjngx
authored
Merge branch 'main' into feat/helm-automount
2 parents 321a00a + f03f906 commit 6746a05

File tree

335 files changed

+12204
-7817
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

335 files changed

+12204
-7817
lines changed

.github/actions/smoke-tests/action.yaml

Lines changed: 12 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -41,11 +41,8 @@ runs:
4141
- name: Ingress type
4242
id: ingress-type
4343
run: |
44-
plus=""
45-
if [[ ${{ inputs.image }} == *plus* ]]; then
46-
plus="-plus"
47-
fi
48-
echo ::set-output name=name::nginx$plus-ingress
44+
echo ::set-output name=name::nginx${{ contains(inputs.image, 'plus') && '-plus' || '' }}-ingress
45+
echo ::set-output name=tag::${{ inputs.image }}${{ contains(inputs.image, 'nap') && '-dos' || '' }}-${{ github.sha }}
4946
shell: bash
5047

5148
- name: Docker Buildx
@@ -59,12 +56,13 @@ runs:
5956
cache-from: type=gha,scope=${{ inputs.image }}
6057
cache-to: type=gha,scope=${{ inputs.image }},mode=max
6158
target: goreleaser
62-
tags: 'docker.io/nginx/${{ steps.ingress-type.outputs.name }}:${{ inputs.image }}-${{ github.sha }}'
59+
tags: 'docker.io/nginx/${{ steps.ingress-type.outputs.name }}:${{ steps.ingress-type.outputs.tag }}'
6360
load: true
6461
pull: true
6562
build-args: |
6663
BUILD_OS=${{ inputs.image }}
6764
IC_VERSION=CI
65+
${{ contains(inputs.image, 'nap') && 'NAP_MODULES=dos' || '' }}
6866
secrets: |
6967
"nginx-repo.crt=${{ inputs.nginx-crt }}"
7068
"nginx-repo.key=${{ inputs.nginx-key }}"
@@ -86,9 +84,12 @@ runs:
8684
# no support for dual stack in < 1.20, we need to use ipv4 only
8785
printf '%s\n' "1.20.0" "${{ inputs.k8s-version }}" | sort --version-sort --check=quiet || echo "Using ipv4" && sed -i 's/dual/ipv4/g' ${{ github.workspace }}/tests/ci-files/ci-kind-config.yaml
8886
kind create cluster --name ${{ github.run_id }} --image=kindest/node:v${{ inputs.k8s-version }} --config ${{ github.workspace }}/tests/ci-files/ci-kind-config.yaml --kubeconfig kube-${{ github.run_id }} --wait ${{ inputs.k8s-timeout }}
89-
kind load docker-image docker.io/nginx/${{ steps.ingress-type.outputs.name }}:${{ inputs.image }}-${{ github.sha }} --name ${{ github.run_id }}
87+
kind load docker-image docker.io/nginx/${{ steps.ingress-type.outputs.name }}:${{ steps.ingress-type.outputs.tag }} --name ${{ github.run_id }}
88+
marker="${{ inputs.marker }}"
89+
sanitized_marker="${marker// /_}"
90+
name="${sanitized_marker:-${{ inputs.k8s-version }}}"
9091
echo ::set-output name=cluster_ip::$(docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' ${{ github.run_id }}-control-plane)
91-
echo ::set-output name=cluster::$(echo nginx-${{ inputs.image }}-${{ inputs.marker != '' && inputs.marker || inputs.k8s-version }})
92+
echo ::set-output name=cluster::$(echo nginx-${{ inputs.image }}-$name)
9293
shell: bash
9394

9495
- name: Setup Kubeconfig
@@ -105,13 +106,14 @@ runs:
105106
-v ${{ github.workspace }}/tests/tests-${{ steps.k8s.outputs.cluster }}.html:/workspace/tests/tests-${{ steps.k8s.outputs.cluster }}.html \
106107
-v ${{ github.workspace }}/kube-${{ github.run_id }}:/root/.kube/config test-runner:${{ github.sha }} \
107108
--context=kind-${{ github.run_id }} \
108-
--image=docker.io/nginx/${{ steps.ingress-type.outputs.name }}:${{ inputs.image }}-${{ github.sha }} \
109+
--image=docker.io/nginx/${{ steps.ingress-type.outputs.name }}:${{ steps.ingress-type.outputs.tag }} \
109110
--image-pull-policy=Never \
110111
--ic-type=${{ steps.ingress-type.outputs.name }} \
111112
--service=nodeport --node-ip=${{ steps.k8s.outputs.cluster_ip }} \
112113
--html=tests-${{ steps.k8s.outputs.cluster }}.html \
113114
--self-contained-html \
115+
--durations=10 \
114116
--show-ic-logs=yes \
115-
-m ${{ inputs.marker != '' && inputs.marker || '""' }}
117+
-m ${{ inputs.marker != '' && inputs.marker || '""' }}
116118
working-directory: ./tests
117119
shell: bash

.github/labeler.yml

Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,22 @@
1+
enhancement:
2+
- branch: ['feature/**', 'feat/**', 'enhancement/**', 'enh/**']
3+
4+
bug:
5+
- branch: ['fix/**', 'bug/**']
6+
7+
chore:
8+
- branch: ['chore/**']
9+
10+
tests:
11+
- branch: ['tests/**', 'test/**']
12+
- tests/**/*
13+
- perf-tests/**/*
14+
15+
documentation:
16+
- branch: ['docs/**', 'doc/**']
17+
- '**/*.md'
18+
19+
dependencies:
20+
- branch: ['deps/**', 'dep/**', 'dependabot/**']
21+
- go.mod
22+
- go.sum

.github/release-drafter.yml

Lines changed: 0 additions & 33 deletions
This file was deleted.

.github/release.yml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -24,3 +24,6 @@ changelog:
2424
- title: ⬆️ Dependencies
2525
labels:
2626
- dependencies
27+
- title: Other Changes
28+
labels:
29+
- "*"

.github/workflows/ci.yml

Lines changed: 33 additions & 57 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
name: Continuous Integration
1+
name: CI
22

33
on:
44
push:
@@ -45,33 +45,26 @@ jobs:
4545
name: Checks and variables
4646
runs-on: ubuntu-20.04
4747
outputs:
48-
go_version: ${{ steps.vars.outputs.go_version }}
4948
go_path: ${{ steps.go.outputs.go_path }}
5049
k8s_latest: ${{ steps.vars.outputs.k8s_latest }}
5150
steps:
5251
- name: Checkout Repository
5352
uses: actions/checkout@v3
54-
- name: Cache Go controller tools
55-
uses: actions/cache@v3
56-
with:
57-
path: |
58-
~/.cache/go-build
59-
~/go/pkg/mod
60-
key: ${{ runner.os }}-go-tools-${{ hashFiles('**/go.sum') }}
61-
restore-keys: |
62-
${{ runner.os }}-go-tools-
6353
- name: Output Variables
6454
id: vars
6555
run: |
66-
echo "::set-output name=go_version::$(grep "go 1." go.mod | cut -d " " -f 2)"
6756
echo "::set-output name=k8s_latest::$(grep -m1 'FROM kindest/node' <tests/docker/Dockerfile | awk -F'[:v]' '{print $3}')"
6857
- name: Setup Golang Environment
6958
uses: actions/setup-go@v3
7059
with:
71-
go-version: ${{ steps.vars.outputs.go_version }}
60+
go-version-file: go.mod
61+
cache: true
7262
- name: Determine GOPATH
7363
id: go
7464
run: echo "::set-output name=go_path::$(go env GOPATH)"
65+
- name: Check if go.mod and go.sum are up to date
66+
run: |
67+
go mod tidy && git diff --exit-code -- go.mod go.sum
7568
- name: Check if CRDs changed
7669
run: |
7770
make update-crds && git diff --name-only --exit-code deployments/common/crds* deployments/helm-chart/crds*
@@ -90,19 +83,11 @@ jobs:
9083
uses: actions/checkout@v3
9184
with:
9285
fetch-depth: 0
93-
- name: Cache Go build
94-
uses: actions/cache@v3
95-
with:
96-
path: |
97-
~/.cache/go-build
98-
~/go/pkg/mod
99-
key: ${{ runner.os }}-go-build-${{ hashFiles('**/go.sum') }}
100-
restore-keys: |
101-
${{ runner.os }}-go-build-
10286
- name: Setup Golang Environment
10387
uses: actions/setup-go@v3
10488
with:
105-
go-version: ${{ needs.checks.outputs.go_version }}
89+
go-version-file: go.mod
90+
cache: true
10691
- name: Build binary
10792
uses: goreleaser/goreleaser-action@v3
10893
with:
@@ -126,19 +111,11 @@ jobs:
126111
steps:
127112
- name: Checkout Repository
128113
uses: actions/checkout@v3
129-
- name: Cache Go tests
130-
uses: actions/cache@v3
131-
with:
132-
path: |
133-
~/.cache/go-build
134-
~/go/pkg/mod
135-
key: ${{ runner.os }}-go-tests-${{ hashFiles('**/go.sum') }}
136-
restore-keys: |
137-
${{ runner.os }}-go-tests-
138114
- name: Setup Golang Environment
139115
uses: actions/setup-go@v3
140116
with:
141-
go-version: ${{ needs.checks.outputs.go_version }}
117+
go-version-file: go.mod
118+
cache: true
142119
- name: Run Tests
143120
run: make cover
144121
- name: Upload coverage to Codecov
@@ -166,10 +143,11 @@ jobs:
166143
{\"image\": \"debian-plus\", \"marker\": \"ts\"}, \
167144
{\"image\": \"alpine-plus\", \"marker\":\"ingresses\"}, \
168145
{\"image\": \"alpine-plus\", \"marker\": \"vsr\"}, \
169-
{\"image\": \"ubi-plus\", \"marker\": \"policies\"}], \
146+
{\"image\": \"ubi-plus\", \"marker\": \"policies\"}, \
147+
{\"image\": \"debian-plus-nap\", \"marker\": \"dos\"}], \
170148
\"k8s\": [\"${{ needs.checks.outputs.k8s_latest }}\"]}"
171149
else
172-
echo "::set-output name=matrix::{\"k8s\": [\"1.19.16\", \"1.20.15\", \"1.21.10\", \"1.22.7\", \"${{ needs.checks.outputs.k8s_latest }}\"], \
150+
echo "::set-output name=matrix::{\"k8s\": [\"1.19.16\", \"1.20.15\", \"1.21.14\", \"1.22.13\", \"1.23.10\", \"1.24.4\", \"${{ needs.checks.outputs.k8s_latest }}\"], \
173151
\"images\": [{\"image\": \"debian\"}, {\"image\": \"debian-plus\"}]}"
174152
fi
175153
@@ -190,8 +168,8 @@ jobs:
190168
image: ${{ matrix.images.image != '' && matrix.images.image || 'debian' }}
191169
marker: ${{ matrix.images.marker != '' && matrix.images.marker || '' }}
192170
k8s-version: ${{ matrix.k8s }}
193-
nginx-crt: ${{ secrets.NGINX_CRT }}
194-
nginx-key: ${{ secrets.NGINX_KEY }}
171+
nginx-crt: ${{ contains(matrix.images.image, 'nap') && secrets.NGINX_AP_CRT || secrets.NGINX_CRT }}
172+
nginx-key: ${{ contains(matrix.images.image, 'nap') && secrets.NGINX_AP_KEY || secrets.NGINX_KEY }}
195173
- name: Upload Test Results
196174
uses: actions/upload-artifact@v3
197175
with:
@@ -266,19 +244,11 @@ jobs:
266244
uses: actions/checkout@v3
267245
with:
268246
fetch-depth: 0
269-
- name: Cache Go build
270-
uses: actions/cache@v3
271-
with:
272-
path: |
273-
~/.cache/go-build
274-
~/go/pkg/mod
275-
key: ${{ runner.os }}-go-build-${{ hashFiles('**/go.sum') }}
276-
restore-keys: |
277-
${{ runner.os }}-go-build-
278247
- name: Setup Golang Environment
279248
uses: actions/setup-go@v3
280249
with:
281-
go-version: ${{ needs.checks.outputs.go_version }}
250+
go-version-file: go.mod
251+
cache: true
282252

283253
- uses: actions/setup-node@v3
284254
- run: npm install js-yaml
@@ -324,7 +294,7 @@ jobs:
324294
if: startsWith(github.ref, 'refs/tags/')
325295

326296
- name: Download Syft
327-
uses: anchore/sbom-action/download-syft@v0.11.0
297+
uses: anchore/sbom-action/download-syft@v0.12.0
328298

329299
- name: Build binaries
330300
uses: goreleaser/goreleaser-action@v3
@@ -457,7 +427,7 @@ jobs:
457427
BUILD_OS=${{ matrix.image }}
458428
IC_VERSION=${{ steps.var.outputs.ic_version }}
459429
- name: Run Trivy vulnerability scanner
460-
uses: aquasecurity/trivy-action@0.5.1
430+
uses: aquasecurity/trivy-action@0.7.1
461431
continue-on-error: true
462432
with:
463433
image-ref: nginx/nginx-ingress:${{ steps.meta.outputs.version }}
@@ -494,6 +464,10 @@ jobs:
494464
- image: debian-plus
495465
platforms: "linux/arm64, linux/amd64"
496466
target: aws
467+
- image: debian-plus-nap
468+
platforms: "linux/amd64"
469+
target: goreleaser
470+
497471
steps:
498472
- name: Checkout Repository
499473
uses: actions/checkout@v3
@@ -531,9 +505,9 @@ jobs:
531505
uses: docker/metadata-action@v4
532506
with:
533507
images: |
534-
name=gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress
535-
name=gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/release/nginx-ic/nginx-plus-ingress,enable=${{ startsWith(github.ref, 'refs/tags/') }}
536-
name=gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/staging/nginx-ic/nginx-plus-ingress,enable=${{ startsWith(github.ref, 'refs/heads/release') }}
508+
name=gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic${{ contains(matrix.image, 'nap') && '-dos' || '' }}/nginx-plus-ingress
509+
name=gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/release/nginx-ic${{ contains(matrix.image, 'nap') && '-dos' || '' }}/nginx-plus-ingress,enable=${{ startsWith(github.ref, 'refs/tags/') }}
510+
name=gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/staging/nginx-ic${{ contains(matrix.image, 'nap') && '-dos' || '' }}/nginx-plus-ingress,enable=${{ startsWith(github.ref, 'refs/heads/release') }}
537511
name=709825985650.dkr.ecr.us-east-1.amazonaws.com/nginx/nginx-plus-ingress,enable=${{ startsWith(github.ref, 'refs/tags/') && contains(matrix.target, 'aws') }}
538512
flavor: suffix=${{ contains(matrix.image, 'ubi') && '-ubi' || '' }}${{ contains(matrix.image, 'alpine') && '-alpine' || '' }}${{ contains(matrix.target, 'aws') && '-mktpl' || '' }},onlatest=true
539513
tags: |
@@ -577,9 +551,10 @@ jobs:
577551
build-args: |
578552
BUILD_OS=${{ matrix.image }}
579553
IC_VERSION=${{ startsWith(github.ref, 'refs/tags/') && steps.var.outputs.ic_version || 'CI' }}
554+
${{ contains(matrix.image, 'nap') && 'NAP_MODULES=dos' || '' }}
580555
secrets: |
581-
"nginx-repo.crt=${{ secrets.NGINX_CRT }}"
582-
"nginx-repo.key=${{ secrets.NGINX_KEY }}"
556+
"nginx-repo.crt=${{ contains(matrix.image, 'nap') && secrets.NGINX_AP_CRT || secrets.NGINX_CRT }}"
557+
"nginx-repo.key=${{ contains(matrix.image, 'nap') && secrets.NGINX_AP_KEY || secrets.NGINX_KEY }}"
583558
- name: Load image for Trivy
584559
uses: docker/build-push-action@v3
585560
with:
@@ -592,11 +567,12 @@ jobs:
592567
build-args: |
593568
BUILD_OS=${{ matrix.image }}
594569
IC_VERSION=CI
570+
${{ contains(matrix.image, 'nap') && 'NAP_MODULES=dos' || '' }}
595571
secrets: |
596-
"nginx-repo.crt=${{ secrets.NGINX_CRT }}"
597-
"nginx-repo.key=${{ secrets.NGINX_KEY }}"
572+
"nginx-repo.crt=${{ contains(matrix.image, 'nap') && secrets.NGINX_AP_CRT || secrets.NGINX_CRT }}"
573+
"nginx-repo.key=${{ contains(matrix.image, 'nap') && secrets.NGINX_AP_KEY || secrets.NGINX_KEY }}"
598574
- name: Run Trivy vulnerability scanner
599-
uses: aquasecurity/trivy-action@0.5.1
575+
uses: aquasecurity/trivy-action@0.7.1
600576
continue-on-error: true
601577
with:
602578
image-ref: docker.io/${{ matrix.image }}:${{ steps.meta.outputs.version }}

.github/workflows/labeler.yml

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,14 @@
1+
name: "Pull Request Labeler"
2+
on:
3+
- pull_request_target
4+
5+
jobs:
6+
triage:
7+
permissions:
8+
contents: read
9+
pull-requests: write
10+
runs-on: ubuntu-latest
11+
steps:
12+
- uses: joshdales/labeler@0861fa5accbc36878f85f40b98a9f40b15fe0429 # if https://github.com/actions/labeler/pull/203 is merged, use the official action actions/labeler
13+
with:
14+
repo-token: "${{ secrets.GITHUB_TOKEN }}"

.github/workflows/lint.yml

Lines changed: 9 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -29,14 +29,19 @@ jobs:
2929
steps:
3030
- name: Checkout Repository
3131
uses: actions/checkout@v3
32-
- name: Output Variables
33-
id: vars
34-
run: echo "::set-output name=go_version::$(grep "go 1." go.mod | cut -d " " -f 2)"
3532
- name: Setup Golang Environment
3633
uses: actions/setup-go@v3
3734
with:
38-
go-version: ${{ steps.vars.outputs.go_version }}
35+
go-version-file: go.mod
36+
cache: true
3937
- name: Lint Code
4038
uses: golangci/golangci-lint-action@v3
4139
with:
4240
only-new-issues: true
41+
42+
lint-python:
43+
runs-on: ubuntu-20.04
44+
steps:
45+
- uses: actions/checkout@v2
46+
- uses: isort/isort-action@v1.0.0
47+
- uses: psf/black@stable

.github/workflows/notifications.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@ on:
44
workflow_run:
55
branches: [main, release-*]
66
workflows:
7-
- "Continuous Integration"
7+
- "CI"
88
- "CodeQL"
99
- "Fossa"
1010
- "Lint"

.github/workflows/release-drafter-pr.yml

Lines changed: 0 additions & 15 deletions
This file was deleted.

0 commit comments

Comments
 (0)
0