Merge branch 'main' into kingoliver/watchconfigmap

.github/dependabot.yml

@@ -0,0 +1,26 @@
+version: 2
+updates:
+  - package-ecosystem: "gomod"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    groups:
+      # Group updates together, so that they are all applied in a single PR.
+      # Grouped updates are currently in beta and is subject to change.
+      # xref: https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#groups
+      k8s-go-deps:
+        patterns:
+          - "k8s.io/*"
+          - "sigs.k8s.io/*"
+          - "github.com/open-policy-agent/*"
+      go-deps:
+        patterns:
+          - "*"
+        exclude-patterns:
+          - "k8s.io/*"
+          - "sigs.k8s.io/*"
+          - "github.com/open-policy-agent/*"
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"

.github/workflows/codeql.yml

@@ -30,14 +30,14 @@ jobs:
       uses: actions/checkout@v3
 
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v2
+      uses: github/codeql-action/init@v3
       with:
         languages: ${{ matrix.language }}
 
     - name: Autobuild
-      uses: github/codeql-action/autobuild@v2
+      uses: github/codeql-action/autobuild@v3
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2
+      uses: github/codeql-action/analyze@v3
       with:
         category: "/language:${{matrix.language}}"

.github/workflows/e2ev2-matrix.yaml

@@ -22,9 +22,9 @@ jobs:
         with:
           ref: ${{ inputs.ref }}
 
-      - uses: actions/setup-go@v4
+      - uses: actions/setup-go@v5
         with:
-          go-version: '~1.20.3'
+          go-version: '~1.22'
           cache-dependency-path: "**/*.sum"
 
       - run: |
@@ -39,7 +39,7 @@ jobs:
             inputs.skipRefCheck
 
       - name: Ensure ref
-        uses: actions/github-script@v6
+        uses: actions/github-script@v7
         if: ${{ !((github.event_name == 'repository_dispatch' && github.event.client_payload.slash_command.args.named.sha != '' && contains(github.event.client_payload.pull_request.head.sha, github.event.client_payload.slash_command.args.named.sha)) || inputs.skipRefCheck) }}
         with:
             script: core.setFailed('Ref is not latest')

.github/workflows/e2ev2-provision-test.yaml

@@ -23,9 +23,9 @@ jobs:
         with:
           ref: ${{ inputs.ref }}
 
-      - uses: actions/setup-go@v4
+      - uses: actions/setup-go@v5
         with:
-          go-version: '~1.20.3'
+          go-version: '~1.22'
           cache-dependency-path: "**/*.sum"
 
       - name: Azure login
@@ -45,16 +45,16 @@ jobs:
           inputs.skipRefCheck
 
       - name: Ensure ref
-        uses: actions/github-script@v6
+        uses: actions/github-script@v7
         if: ${{ !((github.event_name == 'repository_dispatch' && github.event.client_payload.slash_command.args.named.sha != '' && contains(github.event.client_payload.pull_request.head.sha, github.event.client_payload.slash_command.args.named.sha)) || inputs.skipRefCheck) }}
         with:
           script: core.setFailed('Ref is not latest')
 
       - name: Upload infra file
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
         with:
           name: infra
-          path: testing/e2e/infra.json
+          path: testing/e2e/${{ inputs.name }}/infra.json
   test:
     needs: provision
     runs-on: ubuntu-latest
@@ -63,9 +63,10 @@ jobs:
         with:
           ref: ${{ inputs.ref }}
 
-      - uses: actions/setup-go@v4
+      - uses: actions/setup-go@v5
         with:
-          go-version: '~1.20.3'
+          go-version: '~1.22'
+          cache-dependency-path: "**/*.sum"
 
       - name: Azure login
         uses: azure/login@v1
@@ -74,10 +75,10 @@ jobs:
           tenant-id: ${{ secrets.AZURE_TENANT_ID }}
           subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
 
-      - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
+      - uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
         with:
           name: infra
-          path: testing/e2e/
+          path: testing/e2e/${{ inputs.name }}/
 
       - name: Test
         shell: bash
@@ -95,7 +96,7 @@ jobs:
         if: always() && (steps.test.outcome == 'failure' || steps.test.outcome == 'success')
 
       - name: Ensure ref
-        uses: actions/github-script@v6
+        uses: actions/github-script@v7
         if: ${{ !((github.event_name == 'repository_dispatch' && github.event.client_payload.slash_command.args.named.sha != '' && contains(github.event.client_payload.pull_request.head.sha, github.event.client_payload.slash_command.args.named.sha)) || inputs.skipRefCheck) }}
         with:
           script: core.setFailed('Ref is not latest')

.github/workflows/ok-to-test.yaml

@@ -17,7 +17,7 @@ jobs:
     if: ${{ github.event.issue.pull_request }}
     steps:
       - name: slash command dispatch
-        uses: peter-evans/slash-command-dispatch@a28ee6cd74d5200f99e247ebc7b365c03ae0ef3c # v3.0.1
+        uses: peter-evans/slash-command-dispatch@13bc09769d122a64f75aa5037256f6f2d78be8c4 # v4.0.0
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
           reaction-token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/pr-validate-fork.yaml

@@ -14,7 +14,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: set-check-run-in-progress
-        uses: actions/github-script@v6
+        uses: actions/github-script@v7
         id: set-check-run-in-progress
         env:
           number: ${{ github.event.client_payload.pull_request.number }}
@@ -60,7 +60,7 @@ jobs:
     if: ${{ always() }}
     steps:
       - name: Update status
-        uses: actions/github-script@v6
+        uses: actions/github-script@v7
         id: update-check-run
         if: ${{ always() }}
         env:

.github/workflows/pr-validate.yaml

@@ -23,7 +23,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Update status
-        uses: actions/github-script@v6
+        uses: actions/github-script@v7
         id: update-check-run
         env:
           number: ${{ github.event.number }}

.github/workflows/release.yaml

@@ -44,7 +44,7 @@ jobs:
           az acr login -n ${{ secrets.AZURE_REGISTRY_SERVER }}
 
       - name: Create or update release
-        uses: ncipollo/release-action@a2e71bdd4e7dab70ca26a852f29600c98b33153e # v1.12.0
+        uses: ncipollo/release-action@2c591bcc8ecdcd2db72b97d6147f871fcd833ba5 # v1.14.0
         with:
           name: ${{ steps.changelog.outputs.version }}
           tag: v${{ steps.changelog.outputs.version }}
@@ -66,9 +66,9 @@ jobs:
           docker buildx build --platform "amd64,arm64" --tag "${TAG}" --output type=registry .
 
       - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@d43c1f16c00cfd3978dde6c07f4bbcf9eb6993ca # v0.16.1
+        uses: aquasecurity/trivy-action@595be6a0f6560a0a8fc419ddf630567fc623531d # v0.22.0
         with:
-          image-ref: '${{ secrets.AZURE_REGISTRY_SERVER }}/public/aks/aks-app-routing-operator:${{ inputs.version }}'
+          image-ref: '${{ vars.PUBLIC_REGISTRY }}/aks/aks-app-routing-operator:${{ inputs.version }}'
           format: 'table'
           exit-code: '1'
           ignore-unfixed: true

.github/workflows/trivy.yml

@@ -20,9 +20,9 @@ jobs:
           validation_level: warn
 
       - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@d43c1f16c00cfd3978dde6c07f4bbcf9eb6993ca # v0.16.1
+        uses: aquasecurity/trivy-action@595be6a0f6560a0a8fc419ddf630567fc623531d # v0.22.0
         with:
-          image-ref: '${{ secrets.AZURE_REGISTRY_SERVER }}/aks/aks-app-routing-operator:${{ steps.changelog.outputs.version }}'
+          image-ref: '${{ vars.PUBLIC_REGISTRY }}/aks/aks-app-routing-operator:${{ steps.changelog.outputs.version }}'
           format: 'table'
           exit-code: '1'
           ignore-unfixed: true

.github/workflows/unit.yaml

@@ -12,10 +12,10 @@ jobs:
     steps:
     - uses: actions/checkout@v3
 
-    - name: Set up Go
-      uses: actions/setup-go@v3
+    - uses: actions/setup-go@v5
       with:
-        go-version: ~1.20.0
+        go-version: '~1.22'
+        cache-dependency-path: "**/*.sum"
 
     - name: Create kubebuilder directory
     # The default location for the etcd and kube-apiserver binaries is /kubebuilder/bin

Dockerfile

@@ -1,4 +1,4 @@
-FROM golang:1.20 as builder
+FROM golang:1.22 as builder
 
 WORKDIR /go/src/github.com/Azure/aks-app-routing-operator
 ADD . .

Dockerfile.e2e

@@ -1,4 +1,4 @@
-FROM golang:1.20 as builder
+FROM golang:1.22 as builder
 
 WORKDIR /go/src/e2e
 ADD . .

devenv/Dockerfile

@@ -1,6 +1,6 @@
 # convenience dockerfile for unit tests
 # run make unit from root
-FROM golang:1.20
+FROM golang:1.22
 RUN mkdir -p /usr/local/kubebuilder/bin
 RUN wget -q https://github.com/etcd-io/etcd/releases/download/v3.5.0/etcd-v3.5.0-linux-amd64.tar.gz &&\
     tar xzf etcd-v3.5.0-linux-amd64.tar.gz &&\

devenv/tf/main.tf

@@ -4,6 +4,11 @@ terraform {
       source  = "hashicorp/azurerm"
       version = "= 3.43.0"
     }
+
+    random = {
+      source = "hashicorp/random"
+      version = "3.6.2"
+    }
   }
 }
 
@@ -15,10 +20,20 @@ provider "azurerm" {
   }
 }
 
+// randomly choose location to be less to resource limits on our subscription (they are at the location level)
+resource "random_shuffle" "locations" {
+  input = ["North Central US", "South Central US", "East US", "East US 2", "West US", "West US 2", "West US 3"]
+  result_count = 1
+}
+
 variable "location" {
   type = string
   description = "The Azure Region in which resources will be created"
-  default = "South Central US"
+  default = ""
+}
+
+locals {
+  location = var.location == "" ? random_shuffle.locations.result[0] : var.location
 }
 
 resource "random_string" "random" {

devenv/tf/resourcegroup.tf

@@ -1,6 +1,6 @@
 resource "azurerm_resource_group" "rg" {
   name     = "app-routing-dev-${random_string.random.result}"
-  location = var.location
+  location = local.location
   tags = {
     deletion_due_time  = time_static.provisiontime.unix + 36000, // keep resources for 10hr
     deletion_marked_by = "gc",
@@ -9,7 +9,7 @@ resource "azurerm_resource_group" "rg" {
 
 resource "azurerm_resource_group" "rg-public" {
   name     = "app-routing-dev-${random_string.random.result}-public"
-  location = var.location
+  location = local.location
   tags = {
     deletion_due_time  = time_static.provisiontime.unix + 36000, // keep resources for 10hr
     deletion_marked_by = "gc",
@@ -18,7 +18,7 @@ resource "azurerm_resource_group" "rg-public" {
 
 resource "azurerm_resource_group" "rg-private" {
   name     = "app-routing-dev-${random_string.random.result}-private"
-  location = var.location
+  location = local.location
   tags = {
     deletion_due_time  = time_static.provisiontime.unix + 36000, // keep resources for 10hr
     deletion_marked_by = "gc",

docs/local-testing.md

@@ -13,6 +13,8 @@ You can easily provision a development environment to test your changes on.
 
 By default, the `make dev` command will create an environment with a public cluster using a public DNS Zone. However, two arguments can be specified to change the type of the cluster and/or the zone: `CLUSTER_TYPE` and `DNS_ZONE_TYPE`. For instance, to run a suite with a private cluster and a public zone, a user can run `	make dev CLUSTER_TYPE=private DNS_ZONE_TYPE=public`.
 
+Occasionally, the Cluster create might fail due to `AllocationFailed` when too many resources are used in a region. In this case, just repeat the steps required to make the dev environment since a location is chosen at random in each run.
+
 Region can be specified by exporting an env variable before running the `make dev` command. `export TF_VAR_location="East US"` sets the location to East US.
 
 This development environment is useful for manually interacting with App Routing during development.