Skip to content

Commit

Permalink
Merge branch 'main' into deps/use-nginx-ubi
Browse files Browse the repository at this point in the history
  • Loading branch information
@lucacome
lucacome authored Sep 7, 2022
2 parents 285ceef + 88d6dbf commit 43727c5
Show file tree
Hide file tree
Showing 331 changed files with 12,070 additions and 7,716 deletions.
22 changes: 12 additions & 10 deletions .github/actions/smoke-tests/action.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,11 +41,8 @@ runs:
- name: Ingress type
id: ingress-type
run: |
plus=""
if [[ ${{ inputs.image }} == *plus* ]]; then
plus="-plus"
fi
echo ::set-output name=name::nginx$plus-ingress
echo ::set-output name=name::nginx${{ contains(inputs.image, 'plus') && '-plus' || '' }}-ingress
echo ::set-output name=tag::${{ inputs.image }}${{ contains(inputs.image, 'nap') && '-dos' || '' }}-${{ github.sha }}
shell: bash

- name: Docker Buildx
Expand All @@ -59,12 +56,13 @@ runs:
cache-from: type=gha,scope=${{ inputs.image }}
cache-to: type=gha,scope=${{ inputs.image }},mode=max
target: goreleaser
tags: 'docker.io/nginx/${{ steps.ingress-type.outputs.name }}:${{ inputs.image }}-${{ github.sha }}'
tags: 'docker.io/nginx/${{ steps.ingress-type.outputs.name }}:${{ steps.ingress-type.outputs.tag }}'
load: true
pull: true
build-args: |
BUILD_OS=${{ inputs.image }}
IC_VERSION=CI
${{ contains(inputs.image, 'nap') && 'NAP_MODULES=dos' || '' }}
secrets: |
"nginx-repo.crt=${{ inputs.nginx-crt }}"
"nginx-repo.key=${{ inputs.nginx-key }}"
Expand All @@ -86,9 +84,12 @@ runs:
# no support for dual stack in < 1.20, we need to use ipv4 only
printf '%s\n' "1.20.0" "${{ inputs.k8s-version }}" | sort --version-sort --check=quiet || echo "Using ipv4" && sed -i 's/dual/ipv4/g' ${{ github.workspace }}/tests/ci-files/ci-kind-config.yaml
kind create cluster --name ${{ github.run_id }} --image=kindest/node:v${{ inputs.k8s-version }} --config ${{ github.workspace }}/tests/ci-files/ci-kind-config.yaml --kubeconfig kube-${{ github.run_id }} --wait ${{ inputs.k8s-timeout }}
kind load docker-image docker.io/nginx/${{ steps.ingress-type.outputs.name }}:${{ inputs.image }}-${{ github.sha }} --name ${{ github.run_id }}
kind load docker-image docker.io/nginx/${{ steps.ingress-type.outputs.name }}:${{ steps.ingress-type.outputs.tag }} --name ${{ github.run_id }}
marker="${{ inputs.marker }}"
sanitized_marker="${marker// /_}"
name="${sanitized_marker:-${{ inputs.k8s-version }}}"
echo ::set-output name=cluster_ip::$(docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' ${{ github.run_id }}-control-plane)
echo ::set-output name=cluster::$(echo nginx-${{ inputs.image }}-${{ inputs.marker != '' && inputs.marker || inputs.k8s-version }})
echo ::set-output name=cluster::$(echo nginx-${{ inputs.image }}-$name)
shell: bash

- name: Setup Kubeconfig
Expand All @@ -105,13 +106,14 @@ runs:
-v ${{ github.workspace }}/tests/tests-${{ steps.k8s.outputs.cluster }}.html:/workspace/tests/tests-${{ steps.k8s.outputs.cluster }}.html \
-v ${{ github.workspace }}/kube-${{ github.run_id }}:/root/.kube/config test-runner:${{ github.sha }} \
--context=kind-${{ github.run_id }} \
--image=docker.io/nginx/${{ steps.ingress-type.outputs.name }}:${{ inputs.image }}-${{ github.sha }} \
--image=docker.io/nginx/${{ steps.ingress-type.outputs.name }}:${{ steps.ingress-type.outputs.tag }} \
--image-pull-policy=Never \
--ic-type=${{ steps.ingress-type.outputs.name }} \
--service=nodeport --node-ip=${{ steps.k8s.outputs.cluster_ip }} \
--html=tests-${{ steps.k8s.outputs.cluster }}.html \
--self-contained-html \
--durations=10 \
--show-ic-logs=yes \
-m ${{ inputs.marker != '' && inputs.marker || '""' }}
-m ${{ inputs.marker != '' && inputs.marker || '""' }}
working-directory: ./tests
shell: bash
23 changes: 23 additions & 0 deletions .github/labeler.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
enhancement:
- branch: ['feature/**', 'feat/**', 'enhancement/**', 'enh/**']

bug:
- branch: ['fix/**', 'bug/**']

chore:
- branch: ['chore/**']

tests:
- branch: ['tests/**', 'test/**']
- tests/**/*
- perf-tests/**/*
- '**/*_test.go'

docs:
- branch: ['docs/**', 'doc/**']
- '**/*.md'

dependencies:
- branch: ['deps/**', 'dep/**']
- go.mod
- go.sum
33 changes: 0 additions & 33 deletions .github/release-drafter.yml
View file

This file was deleted.

3 changes: 3 additions & 0 deletions .github/release.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,3 +24,6 @@ changelog:
- title: ⬆️ Dependencies
labels:
- dependencies
- title: Other Changes
labels:
- "*"
88 changes: 32 additions & 56 deletions .github/workflows/ci.yml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
name: Continuous Integration
name: CI

on:
push:
Expand Down Expand Up @@ -45,33 +45,26 @@ jobs:
name: Checks and variables
runs-on: ubuntu-20.04
outputs:
go_version: ${{ steps.vars.outputs.go_version }}
go_path: ${{ steps.go.outputs.go_path }}
k8s_latest: ${{ steps.vars.outputs.k8s_latest }}
steps:
- name: Checkout Repository
uses: actions/checkout@v3
- name: Cache Go controller tools
uses: actions/cache@v3
with:
path: |
~/.cache/go-build
~/go/pkg/mod
key: ${{ runner.os }}-go-tools-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-go-tools-
- name: Output Variables
id: vars
run: |
echo "::set-output name=go_version::$(grep "go 1." go.mod | cut -d " " -f 2)"
echo "::set-output name=k8s_latest::$(grep -m1 'FROM kindest/node' <tests/docker/Dockerfile | awk -F'[:v]' '{print $3}')"
- name: Setup Golang Environment
uses: actions/setup-go@v3
with:
go-version: ${{ steps.vars.outputs.go_version }}
go-version-file: go.mod
cache: true
- name: Determine GOPATH
id: go
run: echo "::set-output name=go_path::$(go env GOPATH)"
- name: Check if go.mod and go.sum are up to date
run: |
go mod tidy && git diff --exit-code -- go.mod go.sum
- name: Check if CRDs changed
run: |
make update-crds && git diff --name-only --exit-code deployments/common/crds* deployments/helm-chart/crds*
Expand All @@ -90,19 +83,11 @@ jobs:
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Cache Go build
uses: actions/cache@v3
with:
path: |
~/.cache/go-build
~/go/pkg/mod
key: ${{ runner.os }}-go-build-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-go-build-
- name: Setup Golang Environment
uses: actions/setup-go@v3
with:
go-version: ${{ needs.checks.outputs.go_version }}
go-version-file: go.mod
cache: true
- name: Build binary
uses: goreleaser/goreleaser-action@v3
with:
Expand All @@ -126,19 +111,11 @@ jobs:
steps:
- name: Checkout Repository
uses: actions/checkout@v3
- name: Cache Go tests
uses: actions/cache@v3
with:
path: |
~/.cache/go-build
~/go/pkg/mod
key: ${{ runner.os }}-go-tests-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-go-tests-
- name: Setup Golang Environment
uses: actions/setup-go@v3
with:
go-version: ${{ needs.checks.outputs.go_version }}
go-version-file: go.mod
cache: true
- name: Run Tests
run: make cover
- name: Upload coverage to Codecov
Expand Down Expand Up @@ -166,7 +143,8 @@ jobs:
{\"image\": \"debian-plus\", \"marker\": \"ts\"}, \
{\"image\": \"alpine-plus\", \"marker\":\"ingresses\"}, \
{\"image\": \"alpine-plus\", \"marker\": \"vsr\"}, \
{\"image\": \"ubi-plus\", \"marker\": \"policies\"}], \
{\"image\": \"ubi-plus\", \"marker\": \"policies\"}, \
{\"image\": \"debian-plus-nap\", \"marker\": \"dos\"}], \
\"k8s\": [\"${{ needs.checks.outputs.k8s_latest }}\"]}"
else
echo "::set-output name=matrix::{\"k8s\": [\"1.19.16\", \"1.20.15\", \"1.21.12\", \"1.22.9\", \"1.23.6\", \"${{ needs.checks.outputs.k8s_latest }}\"], \
Expand All @@ -190,8 +168,8 @@ jobs:
image: ${{ matrix.images.image != '' && matrix.images.image || 'debian' }}
marker: ${{ matrix.images.marker != '' && matrix.images.marker || '' }}
k8s-version: ${{ matrix.k8s }}
nginx-crt: ${{ secrets.NGINX_CRT }}
nginx-key: ${{ secrets.NGINX_KEY }}
nginx-crt: ${{ contains(matrix.images.image, 'nap') && secrets.NGINX_AP_CRT || secrets.NGINX_CRT }}
nginx-key: ${{ contains(matrix.images.image, 'nap') && secrets.NGINX_AP_KEY || secrets.NGINX_KEY }}
- name: Upload Test Results
uses: actions/upload-artifact@v3
with:
Expand Down Expand Up @@ -266,19 +244,11 @@ jobs:
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Cache Go build
uses: actions/cache@v3
with:
path: |
~/.cache/go-build
~/go/pkg/mod
key: ${{ runner.os }}-go-build-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-go-build-
- name: Setup Golang Environment
uses: actions/setup-go@v3
with:
go-version: ${{ needs.checks.outputs.go_version }}
go-version-file: go.mod
cache: true

- uses: actions/setup-node@v3
- run: npm install js-yaml
Expand Down Expand Up @@ -324,7 +294,7 @@ jobs:
if: startsWith(github.ref, 'refs/tags/')

- name: Download Syft
uses: anchore/sbom-action/download-syft@v0.11.0
uses: anchore/sbom-action/download-syft@v0.12.0

- name: Build binaries
uses: goreleaser/goreleaser-action@v3
Expand Down Expand Up @@ -457,7 +427,7 @@ jobs:
BUILD_OS=${{ matrix.image }}
IC_VERSION=${{ steps.var.outputs.ic_version }}
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@0.5.1
uses: aquasecurity/trivy-action@0.7.1
continue-on-error: true
with:
image-ref: nginx/nginx-ingress:${{ steps.meta.outputs.version }}
Expand Down Expand Up @@ -494,6 +464,10 @@ jobs:
- image: debian-plus
platforms: "linux/arm64, linux/amd64"
target: aws
- image: debian-plus-nap
platforms: "linux/amd64"
target: goreleaser

steps:
- name: Checkout Repository
uses: actions/checkout@v3
Expand Down Expand Up @@ -531,9 +505,9 @@ jobs:
uses: docker/metadata-action@v4
with:
images: |
name=gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress
name=gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/release/nginx-ic/nginx-plus-ingress,enable=${{ startsWith(github.ref, 'refs/tags/') }}
name=gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/staging/nginx-ic/nginx-plus-ingress,enable=${{ startsWith(github.ref, 'refs/heads/release') }}
name=gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic${{ contains(matrix.image, 'nap') && '-dos' || '' }}/nginx-plus-ingress
name=gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/release/nginx-ic${{ contains(matrix.image, 'nap') && '-dos' || '' }}/nginx-plus-ingress,enable=${{ startsWith(github.ref, 'refs/tags/') }}
name=gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/staging/nginx-ic${{ contains(matrix.image, 'nap') && '-dos' || '' }}/nginx-plus-ingress,enable=${{ startsWith(github.ref, 'refs/heads/release') }}
name=709825985650.dkr.ecr.us-east-1.amazonaws.com/nginx/nginx-plus-ingress,enable=${{ startsWith(github.ref, 'refs/tags/') && contains(matrix.target, 'aws') }}
flavor: suffix=${{ contains(matrix.image, 'ubi') && '-ubi' || '' }}${{ contains(matrix.image, 'alpine') && '-alpine' || '' }}${{ contains(matrix.target, 'aws') && '-mktpl' || '' }},onlatest=true
tags: |
Expand Down Expand Up @@ -577,9 +551,10 @@ jobs:
build-args: |
BUILD_OS=${{ matrix.image }}
IC_VERSION=${{ startsWith(github.ref, 'refs/tags/') && steps.var.outputs.ic_version || 'CI' }}
${{ contains(matrix.image, 'nap') && 'NAP_MODULES=dos' || '' }}
secrets: |
"nginx-repo.crt=${{ secrets.NGINX_CRT }}"
"nginx-repo.key=${{ secrets.NGINX_KEY }}"
"nginx-repo.crt=${{ contains(matrix.image, 'nap') && secrets.NGINX_AP_CRT || secrets.NGINX_CRT }}"
"nginx-repo.key=${{ contains(matrix.image, 'nap') && secrets.NGINX_AP_KEY || secrets.NGINX_KEY }}"
- name: Load image for Trivy
uses: docker/build-push-action@v3
with:
Expand All @@ -592,11 +567,12 @@ jobs:
build-args: |
BUILD_OS=${{ matrix.image }}
IC_VERSION=CI
${{ contains(matrix.image, 'nap') && 'NAP_MODULES=dos' || '' }}
secrets: |
"nginx-repo.crt=${{ secrets.NGINX_CRT }}"
"nginx-repo.key=${{ secrets.NGINX_KEY }}"
"nginx-repo.crt=${{ contains(matrix.image, 'nap') && secrets.NGINX_AP_CRT || secrets.NGINX_CRT }}"
"nginx-repo.key=${{ contains(matrix.image, 'nap') && secrets.NGINX_AP_KEY || secrets.NGINX_KEY }}"
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@0.5.1
uses: aquasecurity/trivy-action@0.7.1
continue-on-error: true
with:
image-ref: docker.io/${{ matrix.image }}:${{ steps.meta.outputs.version }}
Expand Down
14 changes: 14 additions & 0 deletions .github/workflows/labeler.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
name: "Pull Request Labeler"
on:
- pull_request_target

jobs:
triage:
permissions:
contents: read
pull-requests: write
runs-on: ubuntu-latest
steps:
- uses: joshdales/labeler@0861fa5accbc36878f85f40b98a9f40b15fe0429 # if https://github.com/actions/labeler/pull/203 is merged, use the official action actions/labeler
with:
repo-token: "${{ secrets.GITHUB_TOKEN }}"
13 changes: 9 additions & 4 deletions .github/workflows/lint.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,14 +29,19 @@ jobs:
steps:
- name: Checkout Repository
uses: actions/checkout@v3
- name: Output Variables
id: vars
run: echo "::set-output name=go_version::$(grep "go 1." go.mod | cut -d " " -f 2)"
- name: Setup Golang Environment
uses: actions/setup-go@v3
with:
go-version: ${{ steps.vars.outputs.go_version }}
go-version-file: go.mod
cache: true
- name: Lint Code
uses: golangci/golangci-lint-action@v3
with:
only-new-issues: true

lint-python:
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v2
- uses: isort/[email protected]
- uses: psf/black@stable
2 changes: 1 addition & 1 deletion .github/workflows/notifications.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ on:
workflow_run:
branches: [main, release-*]
workflows:
- "Continuous Integration"
- "CI"
- "CodeQL"
- "Fossa"
- "Lint"
Expand Down
15 changes: 0 additions & 15 deletions .github/workflows/release-drafter-pr.yml
View file

This file was deleted.

Loading

0 comments on commit 43727c5

Please sign in to comment.