Merge branch 'main' into deprecate-v1alpha1-crds

.github/workflows/build-oss.yml

@@ -201,7 +201,7 @@ jobs:
 
       - name: Run Docker Scout vulnerability scanner
         id: docker-scout
-        uses: docker/scout-action@e1c0d589b972d5605e035bbf74ed95cfc306d597 # v1.15.0
+        uses: docker/scout-action@6ac950eb733f8b2811f25c05d97bfb3d181b8026 # v1.15.1
         with:
           command: cves,recommendations
           image: ${{ steps.meta.outputs.tags }}

.github/workflows/build-plus.yml

@@ -222,7 +222,7 @@ jobs:
 
       - name: Run Docker Scout vulnerability scanner
         id: docker-scout
-        uses: docker/scout-action@e1c0d589b972d5605e035bbf74ed95cfc306d597 # v1.15.0
+        uses: docker/scout-action@6ac950eb733f8b2811f25c05d97bfb3d181b8026 # v1.15.1
         with:
           command: cves,recommendations
           image: ${{ steps.meta.outputs.tags }}

.github/workflows/codeql-analysis.yml

@@ -70,7 +70,7 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@4f3212b61783c3c68e8309a0f18a699764811cda # v3.27.1
+        uses: github/codeql-action/init@396bb3e45325a47dd9ef434068033c6d5bb0d11a # v3.27.3
         with:
           languages: ${{ matrix.language }}
           # If you wish to specify custom queries, you can do so here or in a config file.
@@ -89,7 +89,7 @@ jobs:
       # Autobuild attempts to build any compiled languages (C/C++, C#, Go, Java, or Swift).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@4f3212b61783c3c68e8309a0f18a699764811cda # v3.27.1
+        uses: github/codeql-action/autobuild@396bb3e45325a47dd9ef434068033c6d5bb0d11a # v3.27.3
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -102,6 +102,6 @@ jobs:
       #     ./location_of_script_within_repo/buildscript.sh
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@4f3212b61783c3c68e8309a0f18a699764811cda # v3.27.1
+        uses: github/codeql-action/analyze@396bb3e45325a47dd9ef434068033c6d5bb0d11a # v3.27.3
         with:
           category: "/language:${{matrix.language}}"

.github/workflows/image-promotion.yml

@@ -143,7 +143,7 @@ jobs:
           fi
 
       - name: Upload SARIF file
-        uses: github/codeql-action/upload-sarif@4f3212b61783c3c68e8309a0f18a699764811cda # v3.27.1
+        uses: github/codeql-action/upload-sarif@396bb3e45325a47dd9ef434068033c6d5bb0d11a # v3.27.3
         if: steps.check-sarif.outputs.sarif_has_results == 'true'
         with:
           sarif_file: govulncheck.sarif
@@ -449,7 +449,7 @@ jobs:
 
       - name: Run Docker Scout vulnerability scanner
         id: docker-scout
-        uses: docker/scout-action@e1c0d589b972d5605e035bbf74ed95cfc306d597 # v1.15.0
+        uses: docker/scout-action@6ac950eb733f8b2811f25c05d97bfb3d181b8026 # v1.15.1
         with:
           command: cves,recommendations
           image: ${{ steps.meta.outputs.tags }}
@@ -468,7 +468,7 @@ jobs:
           overwrite: true
 
       - name: Upload Scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@4f3212b61783c3c68e8309a0f18a699764811cda # v3.27.1
+        uses: github/codeql-action/upload-sarif@396bb3e45325a47dd9ef434068033c6d5bb0d11a # v3.27.3
         with:
           sarif_file: "${{ steps.directory.outputs.directory }}/"
 
@@ -539,7 +539,7 @@ jobs:
 
       - name: Run Docker Scout vulnerability scanner
         id: docker-scout
-        uses: docker/scout-action@e1c0d589b972d5605e035bbf74ed95cfc306d597 # v1.15.0
+        uses: docker/scout-action@6ac950eb733f8b2811f25c05d97bfb3d181b8026 # v1.15.1
         with:
           command: cves,recommendations
           image: ${{ steps.meta.outputs.tags }}
@@ -558,7 +558,7 @@ jobs:
           overwrite: true
 
       - name: Upload Scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@4f3212b61783c3c68e8309a0f18a699764811cda # v3.27.1
+        uses: github/codeql-action/upload-sarif@396bb3e45325a47dd9ef434068033c6d5bb0d11a # v3.27.3
         with:
           sarif_file: "${{ steps.directory.outputs.directory }}/"
 
@@ -636,7 +636,7 @@ jobs:
 
       - name: Run Docker Scout vulnerability scanner
         id: docker-scout
-        uses: docker/scout-action@e1c0d589b972d5605e035bbf74ed95cfc306d597 # v1.15.0
+        uses: docker/scout-action@6ac950eb733f8b2811f25c05d97bfb3d181b8026 # v1.15.1
         with:
           command: cves,recommendations
           image: ${{ steps.meta.outputs.tags }}
@@ -655,7 +655,7 @@ jobs:
           overwrite: true
 
       - name: Upload Scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@4f3212b61783c3c68e8309a0f18a699764811cda # v3.27.1
+        uses: github/codeql-action/upload-sarif@396bb3e45325a47dd9ef434068033c6d5bb0d11a # v3.27.3
         with:
           sarif_file: "${{ steps.directory.outputs.directory }}/"
 

.github/workflows/scorecards.yml

@@ -57,6 +57,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@4f3212b61783c3c68e8309a0f18a699764811cda # v3.27.1
+        uses: github/codeql-action/upload-sarif@396bb3e45325a47dd9ef434068033c6d5bb0d11a # v3.27.3
         with:
           sarif_file: results.sarif

.pre-commit-config.yaml

@@ -44,7 +44,7 @@ repos:
         pass_filenames: false
 
   - repo: https://github.com/golangci/golangci-lint
-    rev: v1.61.0
+    rev: v1.62.0
     hooks:
       - id: golangci-lint
         args: [--new-from-patch=/tmp/diff.patch]
@@ -86,7 +86,7 @@ repos:
         args: ["--schemafile", "charts/nginx-ingress/values.schema.json"]
 
   - repo: https://github.com/DavidAnson/markdownlint-cli2
-    rev: v0.14.0
+    rev: v0.15.0
     hooks:
       - id: markdownlint-cli2
 

internal/configs/configmaps.go

@@ -359,10 +359,14 @@ func ParseConfigMap(ctx context.Context, cfgm *v1.ConfigMap, nginxPlus bool, has
 
 	if virtualServerTemplate, exists := cfgm.Data["virtualserver-template"]; exists {
 		cfgParams.VirtualServerTemplate = &virtualServerTemplate
+	} else {
+		cfgParams.VirtualServerTemplate = nil
 	}
 
 	if transportServerTemplate, exists := cfgm.Data["transportserver-template"]; exists {
 		cfgParams.TransportServerTemplate = &transportServerTemplate
+	} else {
+		cfgParams.TransportServerTemplate = nil
 	}
 
 	if mainStreamSnippets, exists := GetMapKeyAsStringSlice(cfgm.Data, "stream-snippets", cfgm, "\n"); exists {

internal/configs/configurator.go

@@ -1318,7 +1318,7 @@ func (cnf *Configurator) UpdateConfig(cfgParams *ConfigParams, resources Extende
 			return allWarnings, fmt.Errorf("error when parsing the main template: %w", err)
 		}
 	} else {
-		// Reverse to default main template parsed at NIC startup.
+		// Reverse to default Main template parsed at NIC startup.
 		cnf.templateExecutor.UseOriginalMainTemplate()
 	}
 
@@ -1327,20 +1327,29 @@ func (cnf *Configurator) UpdateConfig(cfgParams *ConfigParams, resources Extende
 		if err != nil {
 			return allWarnings, fmt.Errorf("error when parsing the ingress template: %w", err)
 		}
+	} else {
+		// Reverse to default Ingress template parsed at NIC startup.
+		cnf.templateExecutor.UseOriginalIngressTemplate()
 	}
 
 	if cfgParams.VirtualServerTemplate != nil {
 		err := cnf.templateExecutorV2.UpdateVirtualServerTemplate(cfgParams.VirtualServerTemplate)
 		if err != nil {
 			return allWarnings, fmt.Errorf("error when parsing the VirtualServer template: %w", err)
 		}
+	} else {
+		// Reverse to default TransportServer template parsed at NIC startup.
+		cnf.templateExecutorV2.UseOriginalVStemplate()
 	}
 
 	if cfgParams.TransportServerTemplate != nil {
 		err := cnf.templateExecutorV2.UpdateTransportServerTemplate(cfgParams.TransportServerTemplate)
 		if err != nil {
 			return allWarnings, fmt.Errorf("error when parsing the TransportServer template: %w", err)
 		}
+	} else {
+		// Reverse to default TransportServer template parsed at NIC startup.
+		cnf.templateExecutorV2.UseOriginalTStemplate()
 	}
 
 	mainCfg := GenerateNginxMainConfig(cnf.staticCfgParams, cfgParams)