-
Notifications
You must be signed in to change notification settings - Fork 2k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'master' into chore/add-pre-commit
- Loading branch information
Showing
117 changed files
with
1,070 additions
and
585 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,8 @@ | ||
| blank_issues_enabled: false | ||
| contact_links: | ||
| - name: NGINX Ingress Controller Documentation | ||
| url: https://docs.nginx.com/nginx-ingress-controller | ||
| about: Check out our documentation. | ||
| - name: General inquiries | ||
| url: https://github.com/nginxinc/kubernetes-ingress/discussions | ||
| about: Please use Discussions for all other questions. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -4,6 +4,7 @@ on: | |
| push: | ||
| branches: | ||
| - master | ||
| - release-* | ||
| paths-ignore: | ||
| - 'docs/**' | ||
| - 'examples/**' | ||
|
|
@@ -13,7 +14,7 @@ on: | |
| pull_request: | ||
| branches: | ||
| - master | ||
| - 'release-*' | ||
| - release-* | ||
| paths-ignore: | ||
| - 'docs/**' | ||
| - 'examples/**' | ||
|
|
@@ -30,7 +31,7 @@ defaults: | |
| shell: bash | ||
|
|
||
| env: | ||
| K8S_VERSION: 1.23.0 | ||
| K8S_VERSION: 1.23.4 | ||
| K8S_TIMEOUT: 75s | ||
| HELM_CHART_DIR: deployments/helm-chart | ||
| GIT_NAME: NGINX Kubernetes Team | ||
|
|
@@ -50,7 +51,7 @@ jobs: | |
| go_path: ${{ steps.go.outputs.go_path }} | ||
| steps: | ||
| - name: Checkout Repository | ||
| uses: actions/checkout@v2 | ||
| uses: actions/checkout@v3 | ||
| - name: Cache Go controller tools | ||
| uses: actions/cache@v2 | ||
| with: | ||
|
|
@@ -86,7 +87,7 @@ jobs: | |
| needs: checks | ||
| steps: | ||
| - name: Checkout Repository | ||
| uses: actions/checkout@v2 | ||
| uses: actions/checkout@v3 | ||
| with: | ||
| fetch-depth: 0 | ||
| - name: Cache Go build | ||
|
|
@@ -122,7 +123,7 @@ jobs: | |
| needs: checks | ||
| steps: | ||
| - name: Checkout Repository | ||
| uses: actions/checkout@v2 | ||
| uses: actions/checkout@v3 | ||
| - name: Cache Go tests | ||
| uses: actions/cache@v2 | ||
| with: | ||
|
|
@@ -165,7 +166,7 @@ jobs: | |
| {\"image\": \"opentracing-plus\", \"marker\": \"vsr\"}, \ | ||
| {\"image\": \"ubi-plus\", \"marker\": \"policies\"}]}" | ||
| else | ||
| echo "::set-output name=matrix::{\"k8s\": [\"1.19.11\", \"1.20.7\", \"1.21.2\", \"1.22.4\", \"1.23.0\"]}" | ||
| echo "::set-output name=matrix::{\"k8s\": [\"1.19.16\", \"1.20.15\", \"1.21.10\", \"1.22.7\", \"1.23.4\"]}" | ||
| fi | ||
| smoke-tests: | ||
|
|
@@ -176,7 +177,7 @@ jobs: | |
| matrix: ${{ fromJSON(needs.setup-matrix.outputs.matrix) }} | ||
| steps: | ||
| - name: Checkout Repository | ||
| uses: actions/checkout@v2 | ||
| uses: actions/checkout@v3 | ||
| - name: Run Smoke Tests | ||
| id: smoke-tests | ||
| uses: ./.github/actions/smoke-tests | ||
|
|
@@ -204,7 +205,7 @@ jobs: | |
| HELM_HTTP_POSTFIX: s | ||
| steps: | ||
| - name: Checkout Repository | ||
| uses: actions/checkout@v2 | ||
| uses: actions/checkout@v3 | ||
| - name: Fetch Cached Artifacts | ||
| uses: actions/cache@v2 | ||
| with: | ||
|
|
@@ -257,7 +258,7 @@ jobs: | |
| needs: [checks, smoke-tests] | ||
| steps: | ||
| - name: Checkout Repository | ||
| uses: actions/checkout@v2 | ||
| uses: actions/checkout@v3 | ||
| with: | ||
| fetch-depth: 0 | ||
| - name: Cache Go build | ||
|
|
@@ -291,16 +292,17 @@ jobs: | |
| name: Build Docker Images | ||
| runs-on: ubuntu-20.04 | ||
| needs: build-binaries | ||
| if: ${{ !startsWith(github.ref, 'refs/heads/release') }} | ||
| strategy: | ||
| matrix: | ||
| image: [debian, alpine, opentracing, alpine-opentracing] | ||
| platforms: ["linux/arm, linux/arm64, linux/amd64, linux/ppc64le, linux/s390x"] | ||
| include: | ||
| - image: ubi | ||
| platforms: "linux/arm64, linux/amd64" | ||
| platforms: "linux/arm64, linux/amd64, linux/s390x" | ||
| steps: | ||
| - name: Checkout Repository | ||
| uses: actions/checkout@v2 | ||
| uses: actions/checkout@v3 | ||
| with: | ||
| fetch-depth: 0 | ||
| - name: Fetch Cached Artifacts | ||
|
|
@@ -343,7 +345,7 @@ jobs: | |
| nginx/nginx-ingress | ||
| ghcr.io/nginxinc/kubernetes-ingress | ||
| public.ecr.aws/nginx/nginx-ingress | ||
| flavor: suffix=${{ matrix.image == 'ubi' && '-ubi' || '' }}${{ contains(matrix.image, 'alpine') && '-alpine' || '' }}${{ contains(matrix.image, 'opentracing') && '-ot' || '' }},onlatest=true | ||
| flavor: suffix=${{ contains(matrix.image, 'ubi') && '-ubi' || '' }}${{ contains(matrix.image, 'alpine') && '-alpine' || '' }}${{ contains(matrix.image, 'opentracing') && '-ot' || '' }},onlatest=true | ||
| tags: | | ||
| type=edge | ||
| type=ref,event=pr | ||
|
|
@@ -357,7 +359,7 @@ jobs: | |
| - name: Output Variables | ||
| id: var | ||
| run: | | ||
| version=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.version'] }} | ||
| version=${{ steps.meta.outputs.version }} | ||
| if ${{ startsWith(github.ref, 'refs/tags/') }}; then | ||
| ic_version=v$version | ||
| else | ||
|
|
@@ -366,7 +368,7 @@ jobs: | |
| ic_version=$tag-$version-$sha_short | ||
| fi | ||
| echo "::set-output name=ic_version::$ic_version" | ||
| - name: Build Docker images (and push to Dockerhub if not a PR) | ||
| - name: Build Docker image (and push if not a PR) | ||
| uses: docker/build-push-action@v2 | ||
| with: | ||
| file: build/Dockerfile | ||
|
|
@@ -379,17 +381,140 @@ jobs: | |
| platforms: ${{ github.event_name != 'pull_request' && matrix.platforms || '' }} | ||
| load: ${{ github.event_name == 'pull_request' }} | ||
| push: ${{ github.event_name != 'pull_request' }} | ||
| pull: true | ||
| no-cache: ${{ github.event_name != 'pull_request' }} | ||
| build-args: | | ||
| BUILD_OS=${{ matrix.image }} | ||
| IC_VERSION=${{ steps.var.outputs.ic_version }} | ||
| - name: Run Trivy vulnerability scanner | ||
| uses: aquasecurity/[email protected] | ||
| uses: aquasecurity/[email protected] | ||
| continue-on-error: true | ||
| with: | ||
| image-ref: nginx/nginx-ingress:${{ steps.meta.outputs.version }} | ||
| format: 'sarif' | ||
| output: 'trivy-results-${{ matrix.image }}.sarif' | ||
| ignore-unfixed: 'true' | ||
| - name: Upload Trivy scan results to GitHub Security tab | ||
| uses: github/codeql-action/upload-sarif@v1 | ||
| continue-on-error: true | ||
| with: | ||
| sarif_file: 'trivy-results-${{ matrix.image }}.sarif' | ||
| - name: Upload Scan Results | ||
| uses: actions/upload-artifact@v2 | ||
| continue-on-error: true | ||
| with: | ||
| name: 'trivy-results-${{ matrix.image }}.sarif' | ||
| path: 'trivy-results-${{ matrix.image }}.sarif' | ||
| if: always() | ||
|
|
||
| build-docker-plus: | ||
| name: Build Plus Docker Images | ||
| runs-on: ubuntu-20.04 | ||
| needs: build-binaries | ||
| strategy: | ||
| matrix: | ||
| image: [debian-plus, alpine-plus, opentracing-plus] | ||
| platforms: ["linux/arm64, linux/amd64"] | ||
| include: | ||
| - image: ubi-plus | ||
| platforms: "linux/arm64, linux/amd64, linux/s390x" | ||
| steps: | ||
| - name: Checkout Repository | ||
| uses: actions/checkout@v3 | ||
| with: | ||
| fetch-depth: 0 | ||
| - name: Fetch Cached Artifacts | ||
| uses: actions/cache@v2 | ||
| with: | ||
| path: ${{ github.workspace }}/dist | ||
| key: nginx-ingress-${{ github.run_id }}-${{ github.run_number }}-multi | ||
| - name: Setup QEMU | ||
| uses: docker/setup-qemu-action@v1 | ||
| with: | ||
| platforms: arm64 | ||
| if: github.event_name != 'pull_request' | ||
| - name: Docker Buildx | ||
| uses: docker/setup-buildx-action@v1 | ||
| - name: GCR Login | ||
| uses: docker/login-action@v1 | ||
| with: | ||
| registry: gcr.io | ||
| username: _json_key | ||
| password: ${{ secrets.GCR_JSON_KEY }} | ||
| if: github.event_name != 'pull_request' | ||
|
|
||
| - name: Docker meta | ||
| id: meta | ||
| uses: docker/metadata-action@v3 | ||
| with: | ||
| images: | | ||
| ${{ startsWith(github.ref, 'refs/tags/') && 'gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/release/nginx-ic/nginx-plus-ingress' || '' }} | ||
| ${{ startsWith(github.ref, 'refs/heads/release') && 'gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/staging/nginx-ic/nginx-plus-ingress' || '' }} | ||
| gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress | ||
| flavor: suffix=${{ contains(matrix.image, 'ubi') && '-ubi' || '' }}${{ contains(matrix.image, 'alpine') && '-alpine' || '' }}${{ contains(matrix.image, 'opentracing') && '-ot' || '' }},onlatest=true | ||
| tags: | | ||
| type=edge | ||
| type=ref,event=branch,enable=${{ startsWith(github.ref, 'refs/heads/release') }} | ||
| type=ref,event=pr | ||
| type=schedule,pattern={{date 'YYYYMMDD'}} | ||
| type=semver,pattern={{version}} | ||
| labels: | | ||
| org.opencontainers.image.description=NGINX Plus Ingress Controller for Kubernetes | ||
| org.opencontainers.image.documentation=https://docs.nginx.com/nginx-ingress-controller | ||
| org.opencontainers.image.vendor=NGINX Inc <[email protected]> | ||
| - name: Output Variables | ||
| id: var | ||
| run: | | ||
| version=${{ steps.meta.outputs.version }} | ||
| if ${{ startsWith(github.ref, 'refs/tags/') }}; then | ||
| ic_version=v$version | ||
| else | ||
| tag=$(git describe --tags --abbrev=0) | ||
| sha_short=$(echo ${{ github.sha }} | cut -c1-7) | ||
| ic_version=$tag-$version-$sha_short | ||
| fi | ||
| echo "::set-output name=ic_version::$ic_version" | ||
| - name: Build Plus Docker image | ||
| uses: docker/build-push-action@v2 | ||
| with: | ||
| file: build/Dockerfile | ||
| context: '.' | ||
| cache-from: type=gha,scope=${{ matrix.image }} | ||
| cache-to: type=gha,scope=${{ matrix.image }},mode=max | ||
| target: goreleaser | ||
| tags: ${{ steps.meta.outputs.tags }} | ||
| labels: ${{ steps.meta.outputs.labels }} | ||
| platforms: ${{ github.event_name != 'pull_request' && matrix.platforms || '' }} | ||
| load: ${{ github.event_name == 'pull_request' }} | ||
| push: ${{ github.event_name != 'pull_request' }} | ||
| no-cache: ${{ github.event_name != 'pull_request' }} | ||
| build-args: | | ||
| BUILD_OS=${{ matrix.image }} | ||
| IC_VERSION=${{ startsWith(github.ref, 'refs/tags/') && steps.var.outputs.ic_version || 'CI' }} | ||
| secrets: | | ||
| "nginx-repo.crt=${{ secrets.NGINX_CRT }}" | ||
| "nginx-repo.key=${{ secrets.NGINX_KEY }}" | ||
| - name: Load image for Trivy | ||
| uses: docker/build-push-action@v2 | ||
| with: | ||
| file: build/Dockerfile | ||
| context: '.' | ||
| cache-from: type=gha,scope=${{ matrix.image }} | ||
| target: goreleaser | ||
| tags: docker.io/${{ matrix.image }}:${{ steps.meta.outputs.version }} | ||
| load: true | ||
| build-args: | | ||
| BUILD_OS=${{ matrix.image }} | ||
| IC_VERSION=CI | ||
| secrets: | | ||
| "nginx-repo.crt=${{ secrets.NGINX_CRT }}" | ||
| "nginx-repo.key=${{ secrets.NGINX_KEY }}" | ||
| - name: Run Trivy vulnerability scanner | ||
| uses: aquasecurity/[email protected] | ||
| continue-on-error: true | ||
| with: | ||
| image-ref: nginx/nginx-ingress:${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.version'] }} | ||
| format: 'template' | ||
| template: '@/contrib/sarif.tpl' | ||
| image-ref: docker.io/${{ matrix.image }}:${{ steps.meta.outputs.version }} | ||
| format: 'sarif' | ||
| output: 'trivy-results-${{ matrix.image }}.sarif' | ||
| ignore-unfixed: 'true' | ||
| - name: Upload Trivy scan results to GitHub Security tab | ||
|
|
@@ -412,10 +537,10 @@ jobs: | |
| outputs: | ||
| version: ${{ steps.var.outputs.helm_version }} | ||
| type: ${{ steps.var.outputs.helm_type }} | ||
| if: github.event_name == 'push' | ||
| if: ${{ github.event_name == 'push' && !startsWith(github.ref, 'refs/heads/release') }} | ||
| steps: | ||
| - name: Checkout Repository | ||
| uses: actions/checkout@v2 | ||
| uses: actions/checkout@v3 | ||
| - name: Output Variables | ||
| id: var | ||
| run: | | ||
|
|
@@ -442,10 +567,10 @@ jobs: | |
| name: Release Helm Chart | ||
| runs-on: ubuntu-20.04 | ||
| needs: package-helm | ||
| if: github.event_name == 'push' | ||
| if: ${{ github.event_name == 'push' && !startsWith(github.ref, 'refs/heads/release') }} | ||
| steps: | ||
| - name: Checkout Repository | ||
| uses: actions/checkout@v2 | ||
| uses: actions/checkout@v3 | ||
| with: | ||
| repository: nginxinc/helm-charts | ||
| fetch-depth: 1 | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.