feature: unable to use CRDs imported as modules

nginx · Jul 26, 2023 · 7fbb010 · 7fbb010
1 parent 18a37de
commit 7fbb010
Show file tree

Hide file tree

Showing 340 changed files with 9,940 additions and 5,774 deletions.
diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -12,6 +12,7 @@ A clear and concise description of what the bug is.
 
 **To Reproduce**
 Steps to reproduce the behavior:
+
 1. Deploy x to '...' using some.yaml
 2. View logs on '....'
 3. See error
@@ -20,10 +21,11 @@ Steps to reproduce the behavior:
 A clear and concise description of what you expected to happen.
 
 **Your environment**
-* Version of the Ingress Controller - release version or a specific commit
-* Version of Kubernetes
-* Kubernetes platform (e.g. Mini-kube or GCP)
-* Using NGINX or NGINX Plus
+
+- Version of the Ingress Controller - release version or a specific commit
+- Version of Kubernetes
+- Kubernetes platform (e.g. Mini-kube or GCP)
+- Using NGINX or NGINX Plus
 <!-- output from `docker inspect --format '{{ json .Config.Labels }}' <docker image> | jq` if available -->
 
 **Additional context**

diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md
@@ -1,7 +1,10 @@
 ### Proposed changes
-Describe the use case and detail of the change. If this PR addresses an issue on GitHub, make sure to include a link to that issue here in this description (not in the title of the PR).
+
+Describe the use case and detail of the change. If this PR addresses an issue on GitHub, make sure to include a link to
+that issue here in this description (not in the title of the PR).
 
 ### Checklist
+
 Before creating a PR, run through this checklist and mark each as complete.
 
 - [ ] I have read the [CONTRIBUTING](https://github.com/nginxinc/kubernetes-ingress/blob/main/CONTRIBUTING.md) doc

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -25,7 +25,7 @@ updates:
     schedule:
       interval: weekly
 
-  - package-ecosystem: pip
-    directory: /perf-tests
+  - package-ecosystem: gomod
+    directory: /docs
     schedule:
       interval: weekly
diff --git a/.github/labeler.yml b/.github/labeler.yml
@@ -1,25 +1,29 @@
+change:
+  - head-branch: ['^change/']
+
 enhancement:
-- branch: ['feature/**', 'feat/**', 'enhancement/**', 'enh/**']
+  - head-branch: ['^feature/', '^feat/', '^enhancement/', '^enh/']
 
 bug:
-- branch: ['fix/**', 'bug/**']
+  - head-branch: ['^fix/', '^bug/']
 
 chore:
-- branch: ['chore/**']
+  - head-branch: ['^chore/']
 
 tests:
-- branch: ['tests/**', 'test/**']
-- tests/**/*
-- perf-tests/**/*
+  - any:
+      - head-branch: ['^tests/', '^test/']
+      - changed-files: ['tests/**/*', 'perf-tests/**/*']
+  - all:
+      - changed-files: ['!tests/requirements.txt', '!perf-tests/requirements.txt']
 
 documentation:
-- branch: ['docs/**', 'doc/**']
-- '**/*.md'
+  - head-branch: ['^docs/', '^doc/']
+  - changed-files: '**/*.md'
 
 dependencies:
-- branch: ['deps/**', 'dep/**', 'dependabot/**']
-- go.mod
-- go.sum
+  - head-branch: ['^deps/', '^dep/', '^dependabot/', 'pre-commit-ci-update-config']
+  - changed-files: ['go.mod', 'go.sum']
 
 helm_chart:
-- deployments/helm-chart/**/*
+  - changed-files: ['deployments/helm-chart/**/*']
diff --git a/.github/labels.yml b/.github/labels.yml
diff --git a/.github/workflows/build-oss.yml b/.github/workflows/build-oss.yml
@@ -17,6 +17,9 @@ defaults:
   run:
     shell: bash
 
+permissions:
+  contents: read
+
 jobs:
   build:
     runs-on: ubuntu-22.04
@@ -30,7 +33,7 @@ jobs:
       image_digest: ${{ steps.build-push.outputs.digest }}
     steps:
       - name: Checkout Repository
-        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
         with:
           ref: ${{ inputs.tag != '' && format('refs/tags/v{0}', inputs.tag) || github.ref }}
           fetch-depth: 0
@@ -42,49 +45,49 @@ jobs:
           key: nginx-ingress-${{ github.run_id }}-${{ github.run_number }}
 
       - name: Setup QEMU
-        uses: docker/setup-qemu-action@e81a89b1732b9c48d79cd809d8d81d79c4647a18 # v2.1.0
+        uses: docker/setup-qemu-action@2b82ce82d56a2a04d2637cd93a637ae1b359c0a7 # v2.2.0
         with:
           platforms: arm,arm64,ppc64le,s390x
-        if: github.event_name != 'pull_request'
+        if: ${{ github.event_name != 'pull_request' && ! startsWith(github.ref, 'refs/heads/release-') }}
 
       - name: Docker Buildx
-        uses: docker/setup-buildx-action@4b4e9c3e2d4531116a6f8ba8e71fc6e2cb6e6c8c # v2.5.0
+        uses: docker/setup-buildx-action@4c0219f9ac95b02789c1075625400b2acbff50b1 # v2.9.1
 
       - name: DockerHub Login
-        uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # v2.1.0
+        uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0
         with:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_PASSWORD }}
-        if: github.event_name != 'pull_request'
+        if: ${{ github.event_name != 'pull_request' && ! startsWith(github.ref, 'refs/heads/release-') }}
 
       - name: Login to GitHub Container Registry
-        uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # v2.1.0
+        uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0
         with:
           registry: ghcr.io
           username: ${{ github.repository_owner }}
           password: ${{ secrets.GITHUB_TOKEN }}
-        if: github.event_name != 'pull_request'
+        if: ${{ github.event_name != 'pull_request' && ! startsWith(github.ref, 'refs/heads/release-') }}
 
       - name: Configure AWS Credentials
-        uses: aws-actions/configure-aws-credentials@e1e17a757e536f70e52b5a12b2e8d1d1c60e04ef # v2.0.0
+        uses: aws-actions/configure-aws-credentials@5fd3084fc36e372ff1fff382a39b10d03659f355 # v2.2.0
         with:
           aws-region: us-east-1
           role-to-assume: ${{ secrets.AWS_ROLE_PUBLIC_ECR }}
-        if: github.event_name != 'pull_request'
+        if: ${{ github.event_name != 'pull_request' && ! startsWith(github.ref, 'refs/heads/release-') }}
 
       - name: Login to Public ECR
-        uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # v2.1.0
+        uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0
         with:
           registry: public.ecr.aws
-        if: github.event_name != 'pull_request'
+        if: ${{ github.event_name != 'pull_request' && ! startsWith(github.ref, 'refs/heads/release-') }}
 
       - name: Login to Quay.io
-        uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # v2.1.0
+        uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0
         with:
           registry: quay.io
           username: ${{ secrets.QUAY_USERNAME }}
           password: ${{ secrets.QUAY_ROBOT_TOKEN }}
-        if: github.event_name != 'pull_request'
+        if: ${{ github.event_name != 'pull_request' && ! startsWith(github.ref, 'refs/heads/release-') }}
 
       - name: Get short tag
         id: tag
@@ -96,7 +99,7 @@ jobs:
 
       - name: Docker meta
         id: meta
-        uses: docker/metadata-action@c4ee3adeed93b1fa6a762f209fb01608c1a22f1e # v4.4.0
+        uses: docker/metadata-action@818d4b7b91585d195f67373fd9cb0332e31a7175 # v4.6.0
         with:
           context: ${{ inputs.tag != '' && 'git' || 'workflow' }}
           images: |
@@ -110,7 +113,8 @@ jobs:
           tags: |
             type=edge
             type=ref,event=pr
-            type=schedule
+            type=ref,event=branch,enable=${{ startsWith(github.ref, 'refs/heads/release-') }}
+            type=schedule,enable=${{ inputs.tag == '' }}
             type=semver,pattern={{version}}
             type=semver,pattern={{major}}.{{minor}}
             type=raw,value=${{ inputs.tag }},enable=${{ inputs.tag != '' }}
@@ -126,7 +130,7 @@ jobs:
             io.artifacthub.package.keywords=kubernetes,ingress,nginx,controller
 
       - name: Build Docker image
-        uses: docker/build-push-action@3b5e8027fcad23fda98b2e3ac259d8d67585f671 # v4.0.0
+        uses: docker/build-push-action@2eb1c1961a95fc15694676618e422e8ba1d63825 # v4.1.1
         id: build-push
         with:
           file: build/Dockerfile
@@ -136,19 +140,19 @@ jobs:
           target: goreleaser
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
-          platforms: ${{ github.event_name != 'pull_request' && inputs.platforms || '' }}
-          load: ${{ github.event_name == 'pull_request' }}
-          push: ${{ github.event_name != 'pull_request' }}
+          platforms: ${{ github.event_name != 'pull_request' && ! startsWith(github.ref, 'refs/heads/release-') && inputs.platforms || '' }}
+          load: ${{ github.event_name == 'pull_request' || startsWith(github.ref, 'refs/heads/release-') }}
+          push: ${{ github.event_name != 'pull_request' && ! startsWith(github.ref, 'refs/heads/release-') }}
           pull: true
-          no-cache: ${{ github.event_name != 'pull_request' }}
-          sbom: ${{ github.event_name != 'pull_request' }}
+          no-cache: ${{ github.event_name != 'pull_request' && ! startsWith(github.ref, 'refs/heads/release-') }}
+          sbom: ${{ github.event_name != 'pull_request' && ! startsWith(github.ref, 'refs/heads/release-') }}
           provenance: false
           build-args: |
             BUILD_OS=${{ inputs.image }}
-            IC_VERSION=${{ github.event_name == 'pull_request' && 'CI' || steps.meta.outputs.version }}
+            IC_VERSION=${{ (github.event_name == 'pull_request' || startsWith(github.ref, 'refs/heads/release-')) && 'CI' || steps.meta.outputs.version }}
 
       - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@e5f43133f6e8736992c9f3c1b3296e24b37e17f2 # 0.10.0
+        uses: aquasecurity/trivy-action@41f05d9ecffa2ed3f1580af306000f734b733e54 # 0.11.2
         continue-on-error: true
         with:
           image-ref: nginx/nginx-ingress:${{ steps.meta.outputs.version }}
@@ -157,7 +161,7 @@ jobs:
           ignore-unfixed: "true"
 
       - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@f3feb00acb00f31a6f60280e6ace9ca31d91c76a # v2.3.2
+        uses: github/codeql-action/upload-sarif@1813ca74c3faaa3a2da2070b9b8a0b3e7373a0d8 # v2.21.0
         continue-on-error: true
         with:
           sarif_file: "trivy-results-${{ inputs.image }}.sarif"
@@ -178,5 +182,8 @@ jobs:
       tag: ${{ inputs.tag }}
       version: ${{ needs.build.outputs.version }}
       image_digest: ${{ needs.build.outputs.image_digest }}
+    permissions:
+      contents: read
+      actions: read
     secrets: inherit
     if: ${{ inputs.tag != '' }}