Skip to content

Commit d79244a

Browse files
mohamadaldawamnahmohamadaldawamnah
authored
Merge branch 'main' into chore/update_crd_description
2 parents 14ae4a0 + c680eef commit d79244a

37 files changed

+908
-243
lines changed

.github/workflows/build-base-images.yml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -67,7 +67,7 @@ jobs:
6767

6868
- name: Authenticate to Google Cloud
6969
id: auth
70-
uses: google-github-actions/auth@ba79af03959ebeac9769e648f473a284504d9193 # v2.1.10
70+
uses: google-github-actions/auth@140bb5113ffb6b65a7e9b937a81fa96cf5064462 # v2.1.11
7171
with:
7272
token_format: access_token
7373
workload_identity_provider: ${{ secrets.GCR_WORKLOAD_IDENTITY }}
@@ -132,7 +132,7 @@ jobs:
132132

133133
- name: Authenticate to Google Cloud
134134
id: auth
135-
uses: google-github-actions/auth@ba79af03959ebeac9769e648f473a284504d9193 # v2.1.10
135+
uses: google-github-actions/auth@140bb5113ffb6b65a7e9b937a81fa96cf5064462 # v2.1.11
136136
with:
137137
token_format: access_token
138138
workload_identity_provider: ${{ secrets.GCR_WORKLOAD_IDENTITY }}
@@ -195,7 +195,7 @@ jobs:
195195

196196
- name: Authenticate to Google Cloud
197197
id: auth
198-
uses: google-github-actions/auth@ba79af03959ebeac9769e648f473a284504d9193 # v2.1.10
198+
uses: google-github-actions/auth@140bb5113ffb6b65a7e9b937a81fa96cf5064462 # v2.1.11
199199
with:
200200
token_format: access_token
201201
workload_identity_provider: ${{ secrets.GCR_WORKLOAD_IDENTITY }}

.github/workflows/build-oss.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -59,7 +59,7 @@ jobs:
5959

6060
- name: Authenticate to Google Cloud
6161
id: auth
62-
uses: google-github-actions/auth@ba79af03959ebeac9769e648f473a284504d9193 # v2.1.10
62+
uses: google-github-actions/auth@140bb5113ffb6b65a7e9b937a81fa96cf5064462 # v2.1.11
6363
with:
6464
token_format: access_token
6565
workload_identity_provider: ${{ secrets.GCR_WORKLOAD_IDENTITY }}
@@ -201,7 +201,7 @@ jobs:
201201

202202
- name: Run Docker Scout vulnerability scanner
203203
id: docker-scout
204-
uses: docker/scout-action@aceeb83b88f2ae54376891227858dda7af647183 # v1.18.1
204+
uses: docker/scout-action@f8c776824083494ab0d56b8105ba2ca85c86e4de # v1.18.2
205205
with:
206206
command: cves
207207
image: ${{ steps.meta.outputs.tags }}

.github/workflows/build-plus.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -61,7 +61,7 @@ jobs:
6161

6262
- name: Authenticate to Google Cloud
6363
id: auth
64-
uses: google-github-actions/auth@ba79af03959ebeac9769e648f473a284504d9193 # v2.1.10
64+
uses: google-github-actions/auth@140bb5113ffb6b65a7e9b937a81fa96cf5064462 # v2.1.11
6565
with:
6666
token_format: access_token
6767
workload_identity_provider: ${{ secrets.GCR_WORKLOAD_IDENTITY }}
@@ -217,7 +217,7 @@ jobs:
217217

218218
- name: Run Docker Scout vulnerability scanner
219219
id: docker-scout
220-
uses: docker/scout-action@aceeb83b88f2ae54376891227858dda7af647183 # v1.18.1
220+
uses: docker/scout-action@f8c776824083494ab0d56b8105ba2ca85c86e4de # v1.18.2
221221
with:
222222
command: cves
223223
image: ${{ steps.meta.outputs.tags }}

.github/workflows/build-single-image.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -66,7 +66,7 @@ jobs:
6666
6767
- name: Authenticate to Google Cloud
6868
id: auth
69-
uses: google-github-actions/auth@ba79af03959ebeac9769e648f473a284504d9193 # v2.1.10
69+
uses: google-github-actions/auth@140bb5113ffb6b65a7e9b937a81fa96cf5064462 # v2.1.11
7070
with:
7171
token_format: access_token
7272
workload_identity_provider: ${{ secrets.GCR_WORKLOAD_IDENTITY }}

.github/workflows/build-test-image.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -35,7 +35,7 @@ jobs:
3535

3636
- name: Authenticate to Google Cloud
3737
id: auth
38-
uses: google-github-actions/auth@ba79af03959ebeac9769e648f473a284504d9193 # v2.1.10
38+
uses: google-github-actions/auth@140bb5113ffb6b65a7e9b937a81fa96cf5064462 # v2.1.11
3939
with:
4040
token_format: access_token
4141
workload_identity_provider: ${{ secrets.GCR_WORKLOAD_IDENTITY }}

.github/workflows/ci.yml

Lines changed: 47 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -43,6 +43,7 @@ jobs:
4343
k8s_latest: ${{ steps.vars.outputs.k8s_latest }}
4444
go_path: ${{ steps.vars.outputs.go_path }}
4545
go_code_md5: ${{ steps.vars.outputs.go_code_md5 }}
46+
go_proxy: ${{ steps.vars.outputs.go_proxy }}
4647
binary_cache_hit: ${{ steps.binary-cache.outputs.cache-hit }}
4748
chart_version: ${{ steps.vars.outputs.chart_version }}
4849
ic_version: ${{ steps.vars.outputs.ic_version }}
@@ -98,7 +99,13 @@ jobs:
9899
source .github/data/version.txt
99100
echo "ic_version=${IC_VERSION}" >> $GITHUB_OUTPUT
100101
echo "chart_version=${HELM_CHART_VERSION}" >> $GITHUB_OUTPUT
101-
echo "forked_workflow=${{ (github.event.pull_request && github.event.pull_request.head.repo.full_name != github.event.pull_request.base.repo.full_name) || github.repository != 'nginx/kubernetes-ingress' }}" >> $GITHUB_OUTPUT
102+
forked_workflow=${{ (github.event.pull_request && github.event.pull_request.head.repo.full_name != github.event.pull_request.base.repo.full_name) || github.repository != 'nginx/kubernetes-ingress' }}
103+
echo "forked_workflow=${forked_workflow}" >> $GITHUB_OUTPUT
104+
go_proxy="https://proxy.golang.org,direct"
105+
if [ "$forked_workflow" = "false" ]; then
106+
go_proxy="https://azr.artifactory.f5net.com/artifactory/api/go/f5-nginx-go-dev"
107+
fi
108+
echo "go_proxy=${go_proxy}" >> $GITHUB_OUTPUT
102109
./.github/scripts/variables.sh go_code_md5 >> $GITHUB_OUTPUT
103110
./.github/scripts/variables.sh docker_md5 >> $GITHUB_OUTPUT
104111
./.github/scripts/variables.sh build_tag >> $GITHUB_OUTPUT
@@ -125,7 +132,7 @@ jobs:
125132

126133
- name: Authenticate to Google Cloud
127134
id: auth
128-
uses: google-github-actions/auth@ba79af03959ebeac9769e648f473a284504d9193 # v2.1.10
135+
uses: google-github-actions/auth@140bb5113ffb6b65a7e9b937a81fa96cf5064462 # v2.1.11
129136
with:
130137
token_format: access_token
131138
workload_identity_provider: ${{ secrets.GCR_WORKLOAD_IDENTITY }}
@@ -173,6 +180,8 @@ jobs:
173180
permissions:
174181
contents: read
175182
needs: checks
183+
env:
184+
GOPROXY: ${{ needs.checks.outputs.go_proxy }}
176185
steps:
177186
- name: Checkout Repository
178187
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
@@ -183,6 +192,16 @@ jobs:
183192
go-version-file: go.mod
184193
if: ${{ needs.checks.outputs.binary_cache_hit != 'true' }}
185194

195+
- name: Setup netrc
196+
run: |
197+
cat <<EOF > $HOME/.netrc
198+
machine azr.artifactory.f5net.com
199+
login ${{ secrets.ARTIFACTORY_USER }}
200+
password ${{ secrets.ARTIFACTORY_TOKEN }}
201+
EOF
202+
chmod 600 $HOME/.netrc
203+
if: ${{ needs.checks.outputs.binary_cache_hit != 'true' && needs.checks.outputs.forked_workflow != 'true' }}
204+
186205
- name: Check if go.mod and go.sum are up to date
187206
run: go mod tidy && git diff --exit-code -- go.mod go.sum
188207
if: ${{ needs.checks.outputs.binary_cache_hit != 'true' }}
@@ -212,6 +231,8 @@ jobs:
212231
name: Unit Tests
213232
runs-on: ubuntu-22.04
214233
needs: checks
234+
env:
235+
GOPROXY: ${{ needs.checks.outputs.go_proxy }}
215236
steps:
216237
- name: Checkout Repository
217238
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
@@ -222,6 +243,16 @@ jobs:
222243
go-version-file: go.mod
223244
if: ${{ needs.checks.outputs.binary_cache_hit != 'true' && (inputs.run_tests && inputs.run_tests || true) }}
224245

246+
- name: Setup netrc
247+
run: |
248+
cat <<EOF > $HOME/.netrc
249+
machine azr.artifactory.f5net.com
250+
login ${{ secrets.ARTIFACTORY_USER }}
251+
password ${{ secrets.ARTIFACTORY_TOKEN }}
252+
EOF
253+
chmod 600 $HOME/.netrc
254+
if: ${{ needs.checks.outputs.binary_cache_hit != 'true' && needs.checks.outputs.forked_workflow != 'true' }}
255+
225256
- name: Run Tests
226257
run: make cover
227258
if: ${{ needs.checks.outputs.binary_cache_hit != 'true' && (inputs.run_tests && inputs.run_tests || true) }}
@@ -260,6 +291,16 @@ jobs:
260291
go-version-file: go.mod
261292
if: ${{ (inputs.force && inputs.force || false) || needs.checks.outputs.binary_cache_hit != 'true' }}
262293

294+
- name: Setup netrc
295+
run: |
296+
cat <<EOF > $HOME/.netrc
297+
machine azr.artifactory.f5net.com
298+
login ${{ secrets.ARTIFACTORY_USER }}
299+
password ${{ secrets.ARTIFACTORY_TOKEN }}
300+
EOF
301+
chmod 600 $HOME/.netrc
302+
if: ${{ needs.checks.outputs.binary_cache_hit != 'true' && needs.checks.outputs.forked_workflow != 'true' }}
303+
263304
- name: Build binaries
264305
uses: goreleaser/goreleaser-action@9c156ee8a17a598857849441385a2041ef570552 # v6.3.0
265306
with:
@@ -268,6 +309,7 @@ jobs:
268309
env:
269310
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
270311
GOPATH: ${{ needs.checks.outputs.go_path }}
312+
GOPROXY: ${{ needs.checks.outputs.go_proxy }}
271313
AWS_PRODUCT_CODE: ${{ secrets.AWS_PRODUCT_CODE }}
272314
AWS_PUB_KEY: ${{ secrets.AWS_PUB_KEY }}
273315
AWS_NAP_DOS_PRODUCT_CODE: ${{ secrets.AWS_NAP_DOS_PRODUCT_CODE }}
@@ -398,7 +440,7 @@ jobs:
398440

399441
- name: Authenticate to Google Cloud
400442
id: auth
401-
uses: google-github-actions/auth@ba79af03959ebeac9769e648f473a284504d9193 # v2.1.10
443+
uses: google-github-actions/auth@140bb5113ffb6b65a7e9b937a81fa96cf5064462 # v2.1.11
402444
with:
403445
token_format: access_token
404446
workload_identity_provider: ${{ secrets.GCR_WORKLOAD_IDENTITY }}
@@ -463,7 +505,7 @@ jobs:
463505

464506
- name: Authenticate to Google Cloud
465507
id: auth
466-
uses: google-github-actions/auth@ba79af03959ebeac9769e648f473a284504d9193 # v2.1.10
508+
uses: google-github-actions/auth@140bb5113ffb6b65a7e9b937a81fa96cf5064462 # v2.1.11
467509
with:
468510
token_format: access_token
469511
workload_identity_provider: ${{ secrets.GCR_WORKLOAD_IDENTITY }}
@@ -603,7 +645,7 @@ jobs:
603645

604646
- name: Authenticate to Google Cloud
605647
id: auth
606-
uses: google-github-actions/auth@ba79af03959ebeac9769e648f473a284504d9193 # v2.1.10
648+
uses: google-github-actions/auth@140bb5113ffb6b65a7e9b937a81fa96cf5064462 # v2.1.11
607649
with:
608650
token_format: access_token
609651
workload_identity_provider: ${{ secrets.GCR_WORKLOAD_IDENTITY }}

.github/workflows/image-promotion.yml

Lines changed: 36 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -36,6 +36,7 @@ jobs:
3636
outputs:
3737
go_path: ${{ steps.vars.outputs.go_path }}
3838
go_code_md5: ${{ steps.vars.outputs.go_code_md5 }}
39+
go_proxy: ${{ steps.vars.outputs.go_proxy }}
3940
binary_cache_hit: ${{ steps.binary-cache.outputs.cache-hit }}
4041
chart_version: ${{ steps.vars.outputs.chart_version }}
4142
ic_version: ${{ steps.vars.outputs.ic_version }}
@@ -58,7 +59,7 @@ jobs:
5859
- name: Set Variables
5960
id: vars
6061
run: |
61-
echo "go_path=$(go env GOPATH)" >> $GITHUB_OUTPUT
62+
echo "go_proxy="https://azr.artifactory.f5net.com/artifactory/api/go/f5-nginx-go-dev" >> $GITHUB_OUTPUT
6263
source .github/data/version.txt
6364
echo "ic_version=${IC_VERSION}" >> $GITHUB_OUTPUT
6465
echo "chart_version=${HELM_CHART_VERSION}" >> $GITHUB_OUTPUT
@@ -80,7 +81,7 @@ jobs:
8081

8182
- name: Authenticate to Google Cloud
8283
id: auth
83-
uses: google-github-actions/auth@ba79af03959ebeac9769e648f473a284504d9193 # v2.1.10
84+
uses: google-github-actions/auth@140bb5113ffb6b65a7e9b937a81fa96cf5064462 # v2.1.11
8485
with:
8586
token_format: access_token
8687
workload_identity_provider: ${{ secrets.GCR_WORKLOAD_IDENTITY }}
@@ -118,6 +119,9 @@ jobs:
118119
permissions:
119120
contents: read
120121
security-events: write
122+
needs: [checks]
123+
env:
124+
GOPROXY: ${{ needs.checks.outputs.go_proxy }}
121125
steps:
122126
- name: Checkout Repository
123127
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
@@ -127,6 +131,15 @@ jobs:
127131
with:
128132
go-version-file: go.mod
129133

134+
- name: Setup netrc
135+
run: |
136+
cat <<EOF > $HOME/.netrc
137+
machine azr.artifactory.f5net.com
138+
login ${{ secrets.ARTIFACTORY_USER }}
139+
password ${{ secrets.ARTIFACTORY_TOKEN }}
140+
EOF
141+
chmod 600 $HOME/.netrc
142+
130143
- name: govulncheck
131144
uses: golang/govulncheck-action@b625fbe08f3bccbe446d94fbf87fcc875a4f50ee # v1.0.4
132145
with:
@@ -143,7 +156,7 @@ jobs:
143156
fi
144157
145158
- name: Upload SARIF file
146-
uses: github/codeql-action/upload-sarif@181d5eefc20863364f96762470ba6f862bdef56b # v3.29.2
159+
uses: github/codeql-action/upload-sarif@d6bbdef45e766d081b84a2def353b0055f728d3e # v3.29.3
147160
if: steps.check-sarif.outputs.sarif_has_results == 'true'
148161
with:
149162
sarif_file: govulncheck.sarif
@@ -164,6 +177,16 @@ jobs:
164177
go-version-file: go.mod
165178
if: ${{ needs.checks.outputs.binary_cache_hit != 'true' }}
166179

180+
- name: Setup netrc
181+
run: |
182+
cat <<EOF > $HOME/.netrc
183+
machine azr.artifactory.f5net.com
184+
login ${{ secrets.ARTIFACTORY_USER }}
185+
password ${{ secrets.ARTIFACTORY_TOKEN }}
186+
EOF
187+
chmod 600 $HOME/.netrc
188+
if: ${{ needs.checks.outputs.binary_cache_hit != 'true' }}
189+
167190
- name: Build binaries
168191
uses: goreleaser/goreleaser-action@9c156ee8a17a598857849441385a2041ef570552 # v6.3.0
169192
with:
@@ -172,6 +195,7 @@ jobs:
172195
env:
173196
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
174197
GOPATH: ${{ needs.checks.outputs.go_path }}
198+
GOPROXY: ${{ needs.checks.outputs.go_proxy }}
175199
AWS_PRODUCT_CODE: ${{ secrets.AWS_PRODUCT_CODE }}
176200
AWS_PUB_KEY: ${{ secrets.AWS_PUB_KEY }}
177201
AWS_NAP_DOS_PRODUCT_CODE: ${{ secrets.AWS_NAP_DOS_PRODUCT_CODE }}
@@ -420,7 +444,7 @@ jobs:
420444
421445
- name: Authenticate to Google Cloud
422446
id: auth
423-
uses: google-github-actions/auth@ba79af03959ebeac9769e648f473a284504d9193 # v2.1.10
447+
uses: google-github-actions/auth@140bb5113ffb6b65a7e9b937a81fa96cf5064462 # v2.1.11
424448
with:
425449
token_format: access_token
426450
workload_identity_provider: ${{ secrets.GCR_WORKLOAD_IDENTITY }}
@@ -450,7 +474,7 @@ jobs:
450474

451475
- name: Run Docker Scout vulnerability scanner
452476
id: docker-scout
453-
uses: docker/scout-action@aceeb83b88f2ae54376891227858dda7af647183 # v1.18.1
477+
uses: docker/scout-action@f8c776824083494ab0d56b8105ba2ca85c86e4de # v1.18.2
454478
with:
455479
command: cves
456480
image: ${{ steps.meta.outputs.tags }}
@@ -468,7 +492,7 @@ jobs:
468492
overwrite: true
469493

470494
- name: Upload Scan results to GitHub Security tab
471-
uses: github/codeql-action/upload-sarif@181d5eefc20863364f96762470ba6f862bdef56b # v3.29.2
495+
uses: github/codeql-action/upload-sarif@d6bbdef45e766d081b84a2def353b0055f728d3e # v3.29.3
472496
with:
473497
sarif_file: "${{ steps.directory.outputs.directory }}/"
474498

@@ -509,7 +533,7 @@ jobs:
509533
510534
- name: Authenticate to Google Cloud
511535
id: auth
512-
uses: google-github-actions/auth@ba79af03959ebeac9769e648f473a284504d9193 # v2.1.10
536+
uses: google-github-actions/auth@140bb5113ffb6b65a7e9b937a81fa96cf5064462 # v2.1.11
513537
with:
514538
token_format: access_token
515539
workload_identity_provider: ${{ secrets.GCR_WORKLOAD_IDENTITY }}
@@ -539,7 +563,7 @@ jobs:
539563

540564
- name: Run Docker Scout vulnerability scanner
541565
id: docker-scout
542-
uses: docker/scout-action@aceeb83b88f2ae54376891227858dda7af647183 # v1.18.1
566+
uses: docker/scout-action@f8c776824083494ab0d56b8105ba2ca85c86e4de # v1.18.2
543567
with:
544568
command: cves
545569
image: ${{ steps.meta.outputs.tags }}
@@ -557,7 +581,7 @@ jobs:
557581
overwrite: true
558582

559583
- name: Upload Scan results to GitHub Security tab
560-
uses: github/codeql-action/upload-sarif@181d5eefc20863364f96762470ba6f862bdef56b # v3.29.2
584+
uses: github/codeql-action/upload-sarif@d6bbdef45e766d081b84a2def353b0055f728d3e # v3.29.3
561585
with:
562586
sarif_file: "${{ steps.directory.outputs.directory }}/"
563587

@@ -605,7 +629,7 @@ jobs:
605629
606630
- name: Authenticate to Google Cloud
607631
id: auth
608-
uses: google-github-actions/auth@ba79af03959ebeac9769e648f473a284504d9193 # v2.1.10
632+
uses: google-github-actions/auth@140bb5113ffb6b65a7e9b937a81fa96cf5064462 # v2.1.11
609633
with:
610634
token_format: access_token
611635
workload_identity_provider: ${{ secrets.GCR_WORKLOAD_IDENTITY }}
@@ -635,7 +659,7 @@ jobs:
635659

636660
- name: Run Docker Scout vulnerability scanner
637661
id: docker-scout
638-
uses: docker/scout-action@aceeb83b88f2ae54376891227858dda7af647183 # v1.18.1
662+
uses: docker/scout-action@f8c776824083494ab0d56b8105ba2ca85c86e4de # v1.18.2
639663
with:
640664
command: cves
641665
image: ${{ steps.meta.outputs.tags }}
@@ -653,7 +677,7 @@ jobs:
653677
overwrite: true
654678

655679
- name: Upload Scan results to GitHub Security tab
656-
uses: github/codeql-action/upload-sarif@181d5eefc20863364f96762470ba6f862bdef56b # v3.29.2
680+
uses: github/codeql-action/upload-sarif@d6bbdef45e766d081b84a2def353b0055f728d3e # v3.29.3
657681
with:
658682
sarif_file: "${{ steps.directory.outputs.directory }}/"
659683
continue-on-error: true

0 commit comments

Comments
 (0)