From 85bcec9c5fbb02e087aed1b1f9af8c8103145d8b Mon Sep 17 00:00:00 2001 From: Jiaqi Luo <6218999+jiaqiluo@users.noreply.github.com> Date: Tue, 7 May 2024 11:24:47 -0700 Subject: [PATCH 1/5] Add Rancher's workflow files remove the upstream's workflow Add arm and s390x in the arches in scripts/build. only amd64 and arm64 was in arches because of this the CI wasn't able to find the following files with not found error. /bin/arm/nginx-ingress-controller, /bin/arm/wait-shutdown and /bin/arm/dbg fix drone build failure `go install ginkgo` followed by `which ginkgo` is newly added in the upstream repo. This is making the drone build fail for arm64 arch. The ginkgo library gets installed under $GOPATH/bin/linux_arm64 dir. This is unlike amd64 images which typically install go libraries under $GOPATH/bin. Since the previously mentioned dir is not in PATH, the command `which ginkgo` fails. I've added this location to PATH to fix the build failure. See upstream PRs linked below for more info: https://github.com/kubernetes/ingress-nginx/pull/8566 https://github.com/kubernetes/ingress-nginx/pull/8569 use rancher's repository image remove depreview action revert back PR #81 removed drone ci add drone's build and validate job in github actions workflow add release workflow which will run only while tagging added git in workflow steps for build and release remove G109 check till gosec resolves issues Remove test step from our CI Remove test step from our CI because it runs the upstream's e2e Go tests incorrectly and fails. Since we don't have any tests of our own, and upstream's CI already runs these tests, this step can be removed. --- .github/workflows/ci.yaml | 322 ------------------- .github/workflows/depreview.yaml | 14 - .github/workflows/docs.yaml | 55 ---- .github/workflows/golangci-lint.yml | 33 -- .github/workflows/helm.yaml | 88 ----- .github/workflows/images.yaml | 215 ------------- .github/workflows/junit-reports.yaml | 18 -- .github/workflows/perftest.yaml | 72 ----- .github/workflows/plugin.yaml | 50 --- .github/workflows/project.yml | 19 -- .github/workflows/push-and-pull-request.yaml | 41 +++ .github/workflows/release.yaml | 32 ++ .github/workflows/scorecards.yml | 64 ---- .github/workflows/stale.yaml | 24 -- .github/workflows/vulnerability-scans.yaml | 92 ------ .github/workflows/zz-tmpl-images.yaml | 81 ----- .github/workflows/zz-tmpl-k8s-e2e.yaml | 58 ---- Dockerfile.dapper | 45 +++ Makefile | 24 +- build/run-in-docker.sh | 1 + scripts/build | 17 + scripts/ci | 8 + scripts/package | 12 + scripts/version | 37 +++ 24 files changed, 197 insertions(+), 1225 deletions(-) delete mode 100644 .github/workflows/ci.yaml delete mode 100644 .github/workflows/depreview.yaml delete mode 100644 .github/workflows/docs.yaml delete mode 100644 .github/workflows/golangci-lint.yml delete mode 100644 .github/workflows/helm.yaml delete mode 100644 .github/workflows/images.yaml delete mode 100644 .github/workflows/junit-reports.yaml delete mode 100644 .github/workflows/perftest.yaml delete mode 100644 .github/workflows/plugin.yaml delete mode 100644 .github/workflows/project.yml create mode 100644 .github/workflows/push-and-pull-request.yaml create mode 100644 .github/workflows/release.yaml delete mode 100644 .github/workflows/scorecards.yml delete mode 100644 .github/workflows/stale.yaml delete mode 100644 .github/workflows/vulnerability-scans.yaml delete mode 100644 .github/workflows/zz-tmpl-images.yaml delete mode 100644 .github/workflows/zz-tmpl-k8s-e2e.yaml create mode 100644 Dockerfile.dapper create mode 100755 scripts/build create mode 100755 scripts/ci create mode 100755 scripts/package create mode 100755 scripts/version diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml deleted file mode 100644 index f3af49d37d..0000000000 --- a/.github/workflows/ci.yaml +++ /dev/null @@ -1,322 +0,0 @@ -name: CI - -on: - pull_request: - branches: - - "*" - paths-ignore: - - 'docs/**' - - 'deploy/**' - - '**.md' - - 'images/**' # Images changes should be tested on their own workflow - - '!images/nginx-1.25/**' - - push: - branches: - - main - - release-* - paths-ignore: - - 'docs/**' - - 'deploy/**' - - '**.md' - - 'images/**' # Images changes should be tested on their own workflow - - workflow_dispatch: - inputs: - run_e2e: - description: 'Force e2e to run' - required: false - type: boolean - - -permissions: - contents: read - -jobs: - - changes: - permissions: - contents: read # for dorny/paths-filter to fetch a list of changed files - pull-requests: read # for dorny/paths-filter to read pull requests - runs-on: ubuntu-latest - outputs: - go: ${{ steps.filter.outputs.go }} - charts: ${{ steps.filter.outputs.charts }} - baseimage: ${{ steps.filter.outputs.baseimage }} - - steps: - - - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - - - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 - id: filter - with: - token: ${{ secrets.GITHUB_TOKEN }} - filters: | - go: - - '**/*.go' - - 'go.mod' - - 'go.sum' - - 'rootfs/**/*' - - 'TAG' - - 'test/e2e/**/*' - - 'NGINX_BASE' - charts: - - 'charts/ingress-nginx/Chart.yaml' - - 'charts/ingress-nginx/**/*' - - 'NGINX_BASE' - baseimage: - - 'NGINX_BASE' - - 'images/nginx-1.25/**' - - test-go: - runs-on: ubuntu-latest - needs: changes - if: | - (needs.changes.outputs.go == 'true') || ${{ github.event.workflow_dispatch.run_e2e == 'true' }} - steps: - - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - - - name: Get go version - run: echo "GOLANG_VERSION=$(cat GOLANG_VERSION)" >> $GITHUB_ENV - - - name: Set up Go - id: go - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 - with: - go-version: ${{ env.GOLANG_VERSION }} - check-latest: true - - - name: Run test - run: make test - - build: - name: Build - runs-on: ubuntu-latest - needs: changes - outputs: - golangversion: ${{ steps.golangversion.outputs.version }} - if: | - (needs.changes.outputs.go == 'true') || (needs.changes.outputs.charts == 'true') || (needs.changes.outputs.baseimage == 'true') || ${{ github.event.workflow_dispatch.run_e2e == 'true' }} - - env: - PLATFORMS: linux/amd64 - steps: - - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - - - name: Get go version - id: golangversion - run: | - echo "version=$(cat GOLANG_VERSION)" >> "$GITHUB_OUTPUT" - - - name: Set up Go - id: go - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 - with: - go-version: ${{ steps.golangversion.outputs.version }} - check-latest: true - - - name: Set up QEMU - uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 - - - name: Set up Docker Buildx - id: buildx - uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1 - with: - version: latest - - - name: Available platforms - run: echo ${{ steps.buildx.outputs.platforms }} - - - name: Prepare Host - run: | - curl -LO https://dl.k8s.io/release/v1.27.3/bin/linux/amd64/kubectl - chmod +x ./kubectl - sudo mv ./kubectl /usr/local/bin/kubectl - - - name: Build NGINX Base image - if: | - needs.changes.outputs.baseimage == 'true' - run: | - export TAG=$(cat images/nginx-1.25/TAG) - cd images/nginx-1.25/rootfs && docker buildx build --platform=${{ env.PLATFORMS }} --load -t registry.k8s.io/ingress-nginx/nginx-1.25:${TAG} . - - - name: Build images - env: - TAG: 1.0.0-dev - ARCH: amd64 - REGISTRY: ingress-controller - run: | - echo "building images..." - export TAGNGINX=$(cat images/nginx-1.25/TAG) - make BASE_IMAGE=registry.k8s.io/ingress-nginx/nginx-1.25:${TAGNGINX} clean-image build image image-chroot - make -C test/e2e-image image - - echo "creating images cache..." - docker save \ - nginx-ingress-controller:e2e \ - ingress-controller/controller:1.0.0-dev \ - ingress-controller/controller-chroot:1.0.0-dev \ - | gzip > docker.tar.gz - - - name: cache - uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6 - with: - name: docker.tar.gz - path: docker.tar.gz - retention-days: 5 - - helm-lint: - name: Helm chart lint - runs-on: ubuntu-latest - needs: - - changes - if: | - (needs.changes.outputs.charts == 'true') || (needs.changes.outputs.baseimage == 'true') || ${{ github.event.workflow_dispatch.run_e2e == 'true' }} - - steps: - - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - with: - fetch-depth: 0 - - - name: Set up Helm - uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0 - - - uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f # v5.1.1 - with: - python-version: '3.x' - - - name: Set up chart-testing - uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1 - - - name: Install Helm Unit Test Plugin - run: | - helm plugin install https://github.com/helm-unittest/helm-unittest - - - name: Run Helm Unit Tests - run: | - helm unittest charts/ingress-nginx -d - - - name: Run chart-testing (lint) - run: ct lint --config ./.ct.yaml - - - name: Run helm-docs - run: | - GOBIN=$PWD GO111MODULE=on go install github.com/norwoodj/helm-docs/cmd/helm-docs@v1.11.0 - ./helm-docs --chart-search-root=${GITHUB_WORKSPACE}/charts - DIFF=$(git diff ${GITHUB_WORKSPACE}/charts/ingress-nginx/README.md) - if [ ! -z "$DIFF" ]; then - echo "Please use helm-docs in your clone, of your fork, of the project, and commit a updated README.md for the chart. https://github.com/kubernetes/ingress-nginx/blob/main/RELEASE.md#d-edit-the-valuesyaml-and-run-helm-docs" - fi - git diff --exit-code - rm -f ./helm-docs - - - name: Run Artifact Hub lint - run: | - wget https://github.com/artifacthub/hub/releases/download/v1.5.0/ah_1.5.0_linux_amd64.tar.gz - echo 'ad0e44c6ea058ab6b85dbf582e88bad9fdbc64ded0d1dd4edbac65133e5c87da *ah_1.5.0_linux_amd64.tar.gz' | shasum -c - tar -xzvf ah_1.5.0_linux_amd64.tar.gz ah - ./ah lint -p charts/ingress-nginx || exit 1 - rm -f ./ah ./ah_1.5.0_linux_amd64.tar.gz - - helm-test: - name: Helm chart testing - runs-on: ubuntu-latest - needs: - - changes - - build - - helm-lint - if: | - (needs.changes.outputs.charts == 'true') || (needs.changes.outputs.baseimage == 'true') || ${{ github.event.workflow_dispatch.run_e2e == 'true' }} - - strategy: - matrix: - k8s: [v1.26.15, v1.27.13, v1.28.9, v1.29.4, v1.30.0] - - steps: - - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - - - name: Setup Go - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 - with: - go-version: ${{ needs.build.outputs.golangversion }} - check-latest: true - - - name: cache - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 - with: - name: docker.tar.gz - - - name: fix permissions - run: | - sudo mkdir -p $HOME/.kube - sudo chmod -R 777 $HOME/.kube - - - name: Create Kubernetes ${{ matrix.k8s }} cluster - id: kind - run: | - kind create cluster --image=kindest/node:${{ matrix.k8s }} - - - name: Load images from cache - run: | - echo "loading docker images..." - gzip -dc docker.tar.gz | docker load - - - name: Test - env: - KIND_CLUSTER_NAME: kind - SKIP_CLUSTER_CREATION: true - SKIP_IMAGE_CREATION: true - SKIP_INGRESS_IMAGE_CREATION: true - run: | - kind get kubeconfig > $HOME/.kube/kind-config-kind - make kind-e2e-chart-tests - - kubernetes: - name: Kubernetes - needs: - - changes - - build - if: | - (needs.changes.outputs.go == 'true') || (needs.changes.outputs.baseimage == 'true') || ${{ github.event.workflow_dispatch.run_e2e == 'true' }} - strategy: - matrix: - k8s: [v1.26.15, v1.27.13, v1.28.9, v1.29.4, v1.30.0] - uses: ./.github/workflows/zz-tmpl-k8s-e2e.yaml - with: - k8s-version: ${{ matrix.k8s }} - - kubernetes-validations: - name: Kubernetes with Validations - needs: - - changes - - build - if: | - (needs.changes.outputs.go == 'true') || (needs.changes.outputs.baseimage == 'true') || ${{ github.event.workflow_dispatch.run_e2e == 'true' }} - strategy: - matrix: - k8s: [v1.26.15, v1.27.13, v1.28.9, v1.29.4, v1.30.0] - uses: ./.github/workflows/zz-tmpl-k8s-e2e.yaml - with: - k8s-version: ${{ matrix.k8s }} - variation: "VALIDATIONS" - - kubernetes-chroot: - name: Kubernetes chroot - needs: - - changes - - build - if: | - (needs.changes.outputs.go == 'true') || (needs.changes.outputs.baseimage == 'true') || ${{ github.event.workflow_dispatch.run_e2e == 'true' }} - strategy: - matrix: - k8s: [v1.26.15, v1.27.13, v1.28.9, v1.29.4, v1.30.0] - uses: ./.github/workflows/zz-tmpl-k8s-e2e.yaml - with: - k8s-version: ${{ matrix.k8s }} - variation: "CHROOT" diff --git a/.github/workflows/depreview.yaml b/.github/workflows/depreview.yaml deleted file mode 100644 index 913b995bd1..0000000000 --- a/.github/workflows/depreview.yaml +++ /dev/null @@ -1,14 +0,0 @@ -name: 'Dependency Review' -on: [pull_request] - -permissions: - contents: read - -jobs: - dependency-review: - runs-on: ubuntu-latest - steps: - - name: 'Checkout Repository' - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - - name: 'Dependency Review' - uses: actions/dependency-review-action@5a2ce3f5b92ee19cbb1541a4984c76d921601d7c # v4.3.4 diff --git a/.github/workflows/docs.yaml b/.github/workflows/docs.yaml deleted file mode 100644 index c1434c7b72..0000000000 --- a/.github/workflows/docs.yaml +++ /dev/null @@ -1,55 +0,0 @@ -name: Documentation - -on: - push: - branches: - - main - -permissions: - contents: read - -jobs: - - changes: - permissions: - contents: read # for dorny/paths-filter to fetch a list of changed files - pull-requests: read # for dorny/paths-filter to read pull requests - runs-on: ubuntu-latest - if: | - (github.repository == 'kubernetes/ingress-nginx') - outputs: - docs: ${{ steps.filter.outputs.docs }} - charts: ${{ steps.filter.outputs.charts }} - - steps: - - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - - - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 - id: filter - with: - token: ${{ secrets.GITHUB_TOKEN }} - filters: | - docs: - - 'docs/**/*' - - docs: - name: Update - runs-on: ubuntu-latest - needs: - - changes - if: | - (github.repository == 'kubernetes/ingress-nginx') && - (needs.changes.outputs.docs == 'true') - - permissions: - contents: write # needed to write releases - - steps: - - name: Checkout master - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - - - name: Deploy - uses: ./.github/actions/mkdocs - env: - PERSONAL_TOKEN: "${{ secrets.GITHUB_TOKEN }}" diff --git a/.github/workflows/golangci-lint.yml b/.github/workflows/golangci-lint.yml deleted file mode 100644 index dca8f07dbb..0000000000 --- a/.github/workflows/golangci-lint.yml +++ /dev/null @@ -1,33 +0,0 @@ -name: golangci-lint - -on: - pull_request: - paths: - - '**/*.go' - - '.github/workflows/golangci-lint.yml' - -permissions: - contents: read - -jobs: - golangci: - name: lint - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - - - name: Get go version - run: echo "GOLANG_VERSION=$(cat GOLANG_VERSION)" >> $GITHUB_ENV - - - name: Set up Go - id: go - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 - with: - go-version: ${{ env.GOLANG_VERSION }} - check-latest: true - - - name: golangci-lint - uses: golangci/golangci-lint-action@aaa42aa0628b4ae2578232a66b541047968fac86 # v6.1.0 - with: - version: v1.56 diff --git a/.github/workflows/helm.yaml b/.github/workflows/helm.yaml deleted file mode 100644 index f7a68af1aa..0000000000 --- a/.github/workflows/helm.yaml +++ /dev/null @@ -1,88 +0,0 @@ -name: Helm - -on: - push: - branches: - - main - - release-* - - workflow_dispatch: - -permissions: - contents: read - -jobs: - - changes: - runs-on: ubuntu-latest - - permissions: - contents: read # for dorny/paths-filter to fetch a list of changed files - - if: github.repository == 'kubernetes/ingress-nginx' - - outputs: - docs: ${{ steps.filter.outputs.docs }} - charts: ${{ steps.filter.outputs.charts }} - - steps: - - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - - - name: Run Artifact Hub lint - run: | - wget https://github.com/artifacthub/hub/releases/download/v1.5.0/ah_1.5.0_linux_amd64.tar.gz - echo 'ad0e44c6ea058ab6b85dbf582e88bad9fdbc64ded0d1dd4edbac65133e5c87da *ah_1.5.0_linux_amd64.tar.gz' | shasum -c - tar -xzvf ah_1.5.0_linux_amd64.tar.gz ah - ./ah lint -p charts/ingress-nginx || exit 1 - rm -f ./ah ./ah_1.5.0_linux_amd64.tar.gz - - - name: Set up chart-testing - uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1 - - - name: Run chart-testing (lint) - run: ct lint --target-branch ${{ github.ref_name }} --config ./.ct.yaml - - - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 - id: filter - with: - token: ${{ secrets.GITHUB_TOKEN }} - filters: | - charts: - - 'charts/ingress-nginx/Chart.yaml' - - 'charts/ingress-nginx/values.yaml' - - chart: - name: Release Chart - runs-on: ubuntu-latest - - permissions: - contents: write # needed to write releases - - needs: - - changes - - if: ${{ needs.changes.outputs.charts == 'true' }} - - steps: - - name: Checkout master - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - with: - # Fetch entire history. Required for chart-releaser; see https://github.com/helm/chart-releaser-action/issues/13#issuecomment-602063896 - fetch-depth: 0 - ref: ${{ github.ref_name }} - - - name: Setup - shell: bash - run: | - git config --global user.name "$GITHUB_ACTOR" - git config --global user.email "$GITHUB_ACTOR@users.noreply.github.com" - - - name: Helm Chart Releaser - uses: helm/chart-releaser-action@a917fd15b20e8b64b94d9158ad54cd6345335584 # v1.6.0 - env: - CR_SKIP_EXISTING: true - CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" - CR_RELEASE_NAME_TEMPLATE: "helm-chart-{{ .Version }}" - with: - charts_dir: charts diff --git a/.github/workflows/images.yaml b/.github/workflows/images.yaml deleted file mode 100644 index fe83f1dd33..0000000000 --- a/.github/workflows/images.yaml +++ /dev/null @@ -1,215 +0,0 @@ -name: Container Images - -on: - pull_request: - branches: - - "*" - paths: - - 'images/**' - - push: - branches: - - main - paths: - - 'images/**' - -permissions: - contents: write - packages: write - -env: - PLATFORMS: linux/amd64 - -jobs: - changes: - permissions: - contents: read # for dorny/paths-filter to fetch a list of changed files - pull-requests: read # for dorny/paths-filter to read pull requests - runs-on: ubuntu-latest - outputs: - custom-error-pages: ${{ steps.filter.outputs.custom-error-pages }} - cfssl: ${{ steps.filter.outputs.cfssl }} - fastcgi-helloserver: ${{ steps.filter.outputs.fastcgi-helloserver }} - e2e-test-echo: ${{ steps.filter.outputs.e2e-test-echo }} - go-grpc-greeter-server: ${{ steps.filter.outputs.go-grpc-greeter-server }} - httpbun: ${{ steps.filter.outputs.httpbun }} - kube-webhook-certgen: ${{ steps.filter.outputs.kube-webhook-certgen }} - ext-auth-example-authsvc: ${{ steps.filter.outputs.ext-auth-example-authsvc }} - nginx: ${{ steps.filter.outputs.nginx }} - nginx125: ${{ steps.filter.outputs.nginx125 }} - opentelemetry: ${{ steps.filter.outputs.opentelemetry }} - - steps: - - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 - id: filter - with: - token: ${{ secrets.GITHUB_TOKEN }} - filters: | - custom-error-pages: - - 'images/custom-error-pages/**' - cfssl: - - 'images/cfssl/**' - fastcgi-helloserver: - - 'images/fastcgi-helloserver/**' - e2e-test-echo: - - 'images/e2e-test-echo/**' - go-grpc-greeter-server: - - 'images/go-grpc-greeter-server/**' - httpbun: - - 'images/httpbun/**' - kube-webhook-certgen: - - 'images/kube-webhook-certgen/**' - ext-auth-example-authsvc: - - 'images/ext-auth-example-authsvc/**' - nginx: - - 'images/nginx/**' - opentelemetry: - - 'images/opentelemetry/**' - nginx125: - - 'images/nginx-1.25/TAG' - - #### TODO: Make the below jobs 'less dumb' and use the job name as parameter (the github.job context does not work here) - cfssl: - needs: changes - if: | - (needs.changes.outputs.cfssl == 'true') - uses: ./.github/workflows/zz-tmpl-images.yaml - with: - name: cfssl - secrets: inherit - - custom-error-pages: - needs: changes - if: | - (needs.changes.outputs.custom-error-pages == 'true') - uses: ./.github/workflows/zz-tmpl-images.yaml - with: - name: custom-error-pages - secrets: inherit - - e2e-test-echo: - needs: changes - if: | - (needs.changes.outputs.e2e-test-echo == 'true') - uses: ./.github/workflows/zz-tmpl-images.yaml - with: - name: e2e-test-echo - secrets: inherit - - ext-auth-example-authsvc: - needs: changes - if: | - (needs.changes.outputs.ext-auth-example-authsvc == 'true') - uses: ./.github/workflows/zz-tmpl-images.yaml - with: - name: ext-auth-example-authsvc - secrets: inherit - - fastcgi-helloserver: - needs: changes - if: | - (needs.changes.outputs.fastcgi-helloserver == 'true') - uses: ./.github/workflows/zz-tmpl-images.yaml - with: - name: fastcgi-helloserver - secrets: inherit - - go-grpc-greeter-server: - needs: changes - if: | - (needs.changes.outputs.go-grpc-greeter-server == 'true') - uses: ./.github/workflows/zz-tmpl-images.yaml - with: - name: go-grpc-greeter-server - secrets: inherit - - httpbun: - needs: changes - if: | - (needs.changes.outputs.httpbun == 'true') - uses: ./.github/workflows/zz-tmpl-images.yaml - with: - name: httpbun - secrets: inherit - - kube-webhook-certgen: - runs-on: ubuntu-latest - needs: changes - if: | - (needs.changes.outputs.kube-webhook-certgen == 'true') - strategy: - matrix: - k8s: [v1.26.15, v1.27.13, v1.28.9, v1.29.4, v1.30.0] - steps: - - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - - - name: Get go version - run: echo "GOLANG_VERSION=$(cat GOLANG_VERSION)" >> $GITHUB_ENV - - - name: Set up Go - id: go - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 - with: - go-version: ${{ env.GOLANG_VERSION }} - check-latest: true - - name: image build - run: | - cd images/ && make NAME=kube-webhook-certgen build - - name: Create Kubernetes cluster - id: kind - run: | - kind create cluster --image=kindest/node:${{ matrix.k8s }} - - name: image test - run: | - cd images/ && make NAME=kube-webhook-certgen test test-e2e - - opentelemetry: - runs-on: ubuntu-latest - env: - PLATFORMS: linux/amd64,linux/arm,linux/arm64 - needs: changes - if: | - (needs.changes.outputs.opentelemetry == 'true') - strategy: - matrix: - nginx: ['1.25.3', '1.21.6'] - steps: - - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - - name: image build - run: | - cd images/opentelemetry && make NGINX_VERSION=${{ matrix.nginx }} build - - nginx125: - permissions: - contents: write - packages: write - runs-on: ubuntu-latest - needs: changes - if: | - (github.event_name == 'push' && github.ref == 'refs/heads/main' && needs.changes.outputs.nginx125 == 'true') - env: - PLATFORMS: linux/amd64,linux/arm,linux/arm64,linux/s390x - steps: - - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - - name: Set up QEMU - uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 - - name: Set up Docker Buildx - id: buildx - uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1 - with: - version: latest - platforms: ${{ env.PLATFORMS }} - - name: Login to GitHub Container Registry - uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - - name: build-image - run: | - export TAG=$(cat images/nginx-1.25/TAG) - cd images/nginx-1.25/rootfs && docker buildx build --platform=${{ env.PLATFORMS }} --push -t ingressnginx/nginx-1.25:${TAG} . diff --git a/.github/workflows/junit-reports.yaml b/.github/workflows/junit-reports.yaml deleted file mode 100644 index 947b90c257..0000000000 --- a/.github/workflows/junit-reports.yaml +++ /dev/null @@ -1,18 +0,0 @@ -name: 'E2E Test Report' - -on: - workflow_run: - workflows: ['CI'] # runs after CI workflow - types: - - completed -jobs: - report: - runs-on: ubuntu-latest - steps: - - uses: dorny/test-reporter@31a54ee7ebcacc03a09ea97a7e5465a47b84aea5 # v1.9.1 - with: - artifact: /e2e-test-reports-(.*)/ - name: JEST Tests $1 # Name of the check run which will be created - path: 'report*.xml' # Path to test results (inside artifact .zip) - reporter: jest-junit # Format of test results - fail-on-empty: 'true' diff --git a/.github/workflows/perftest.yaml b/.github/workflows/perftest.yaml deleted file mode 100644 index 2e1e01a3ee..0000000000 --- a/.github/workflows/perftest.yaml +++ /dev/null @@ -1,72 +0,0 @@ -name: Performance Test - -on: - workflow_dispatch: - inputs: - logLevel: - description: 'Log level' - required: true - default: 'warning' - tags: - description: 'K6 Load Test' - -permissions: - contents: read - -jobs: - k6_test_run: - runs-on: ubuntu-latest - - steps: - - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - - - name: Install K6 - run: | - wget https://github.com/grafana/k6/releases/download/v0.38.2/k6-v0.38.2-linux-amd64.tar.gz - echo '7c9e5a26aaa2c638c042f6dfda7416161b8d2e0d4cb930721a38083b8be109ab *k6-v0.38.2-linux-amd64.tar.gz' | shasum -c - tar -xvf k6-v0.38.2-linux-amd64.tar.gz k6-v0.38.2-linux-amd64/k6 - mv k6-v0.38.2-linux-amd64/k6 . - ./k6 - - - name: Make dev-env - run: | - mkdir $HOME/.kube - make dev-env - podName=`kubectl -n ingress-nginx get po | grep -i controller | awk '{print $1}'` - if [[ -z ${podName} ]] ; then - sleep 5 - fi - kubectl wait pod -n ingress-nginx --for condition=Ready $podName - kubectl get all -A - - - name: Deploy workload - run: | - kubectl create deploy k6 --image kennethreitz/httpbin --port 80 && \ - kubectl expose deploy k6 --port 80 && \ - kubectl create ing k6 --class nginx \ - --rule test.ingress-nginx-controller.ga/*=k6:80 - podName=`kubectl get po | grep -i k6 | awk '{print $1}'` - if [[ -z ${podName} ]] ; then - sleep 5 - fi - kubectl wait pod --for condition=Ready $podName - kubectl get all,secrets,ing - - - name: Tune OS - run : | - sudo sysctl -A 2>/dev/null | egrep -i "local_port_range|tw_reuse|tcp_timestamps" - sudo sh -c "ulimit" - sudo sysctl -w net.ipv4.ip_local_port_range="1024 65535" - sudo sysctl -w net.ipv4.tcp_tw_reuse=1 - sudo sysctl -w net.ipv4.tcp_timestamps=1 - sudo sh -c "ulimit " - - - name: Run smoke test - run: | - vmstat -at 5 | tee vmstat_report & - #./k6 login cloud -t $K6_TOKEN - #./k6 run -o cloud ./smoketest.js - ./k6 run test/k6/smoketest.js - pkill vmstat - cat vmstat_report diff --git a/.github/workflows/plugin.yaml b/.github/workflows/plugin.yaml deleted file mode 100644 index 63b8c19bf6..0000000000 --- a/.github/workflows/plugin.yaml +++ /dev/null @@ -1,50 +0,0 @@ -name: kubectl plugin - -on: - release: - types: [published] - -permissions: - contents: write # for goreleaser/goreleaser-action - -jobs: - release-plugin: - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - with: - fetch-depth: 0 - - - name: Get go version - run: echo "GOLANG_VERSION=$(cat GOLANG_VERSION)" >> $GITHUB_ENV - - - name: Set up Go - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 - with: - go-version: ${{ env.GOLANG_VERSION }} - check-latest: true - - - name: Run GoReleaser Snapshot - if: ${{ ! startsWith(github.ref, 'refs/tags/') }} - uses: goreleaser/goreleaser-action@286f3b13b1b49da4ac219696163fb8c1c93e1200 # v6.0.0 - with: - version: latest - args: release --snapshot --clean - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - - name: Run GoReleaser - if: ${{ startsWith(github.ref, 'refs/tags/') }} - uses: goreleaser/goreleaser-action@286f3b13b1b49da4ac219696163fb8c1c93e1200 # v6.0.0 - with: - version: latest - args: release --clean - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - - name: Update new version in krew-index - if: ${{ startsWith(github.ref, 'refs/tags/') }} - uses: rajatjindal/krew-release-bot@df3eb197549e3568be8b4767eec31c5e8e8e6ad8 # v0.0.46 - with: - krew_template_file: cmd/plugin/krew.yaml diff --git a/.github/workflows/project.yml b/.github/workflows/project.yml deleted file mode 100644 index 9babf234e1..0000000000 --- a/.github/workflows/project.yml +++ /dev/null @@ -1,19 +0,0 @@ -name: Adds all issues - -on: - issues: - types: - - opened - -jobs: - add-to-project: - name: Add issue to project - runs-on: ubuntu-latest - permissions: - repository-projects: write - issues: write - steps: - - uses: actions/add-to-project@244f685bbc3b7adfa8466e08b698b5577571133e # v1.0.2 - with: - project-url: https://github.com/orgs/kubernetes/projects/104 - github-token: ${{ secrets.PROJECT_WRITER }} diff --git a/.github/workflows/push-and-pull-request.yaml b/.github/workflows/push-and-pull-request.yaml new file mode 100644 index 0000000000..d743155e96 --- /dev/null +++ b/.github/workflows/push-and-pull-request.yaml @@ -0,0 +1,41 @@ +name: CI on Push and Pull Request +on: + pull_request: + branches: + - '*' + push: + branches: + - '*' + +jobs: + validate: + runs-on: ubuntu-latest + container: + image: rancher/dapper:v0.6.0 + permissions: + contents: read + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: validate + run: dapper validate + + + build: + runs-on: ubuntu-latest + container: + image: rancher/dapper:v0.6.0 + permissions: + contents: read + steps: + - name: Fix the not-a-git-repository issue + run: | + apk -U add git + git config --global --add safe.directory "$GITHUB_WORKSPACE" + + - name: Checkout code + uses: actions/checkout@v4 + + - name: build + run: dapper build diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml new file mode 100644 index 0000000000..6dbb1e29d0 --- /dev/null +++ b/.github/workflows/release.yaml @@ -0,0 +1,32 @@ +name: CI on Releasing Tag +on: + push: + tags: + - '*' + +jobs: + ci: + runs-on: ubuntu-latest + container: + image: rancher/dapper:v0.6.0 + permissions: + contents: read + id-token: write # needed for the Vault authentication + steps: + - name: Fix the not-a-git-repository issue + run: | + apk -U add git + git config --global --add safe.directory "$GITHUB_WORKSPACE" + + - name: Checkout code + uses: actions/checkout@v4 + + - name: Load Secrets from Vault + uses: rancher-eio/read-vault-secrets@main + with: + secrets: | + secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials username | DOCKER_USERNAME ; + secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials password | DOCKER_PASSWORD + + - name: Run CI + run: dapper ci diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml deleted file mode 100644 index a6b64d4083..0000000000 --- a/.github/workflows/scorecards.yml +++ /dev/null @@ -1,64 +0,0 @@ -name: Scorecards supply-chain security - -on: - # Only the default branch is supported. - branch_protection_rule: - schedule: - - cron: '20 11 * * 5' - push: - branches: - - "main" - -# Declare default permissions as read only. -permissions: read-all - -jobs: - analysis: - name: Scorecards analysis - runs-on: ubuntu-latest - permissions: - # Needed to upload the results to code-scanning dashboard. - security-events: write - # Used to receive a badge. (Upcoming feature) - id-token: write - # Needs for private repositories. - contents: read - actions: read - - steps: - - name: "Checkout code" - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - with: - persist-credentials: false - - - name: "Run analysis" - uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0 - with: - results_file: results.sarif - results_format: sarif - # (Optional) Read-only PAT token. Uncomment the `repo_token` line below if: - # - you want to enable the Branch-Protection check on a *public* repository, or - # - you are installing Scorecards on a *private* repository - # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-pat. - # repo_token: ${{ secrets.SCORECARD_READ_TOKEN }} - - # Publish the results for public repositories to enable scorecard badges. For more details, see - # https://github.com/ossf/scorecard-action#publishing-results. - # For private repositories, `publish_results` will automatically be set to `false`, regardless - # of the value entered here. - publish_results: true - - # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF - # format to the repository Actions tab. - - name: "Upload artifact" - uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6 - with: - name: SARIF file - path: results.sarif - retention-days: 5 - - # Upload the results to GitHub's code scanning dashboard. - - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@eb055d739abdc2e8de2e5f4ba1a8b246daa779aa # v3.26.0 - with: - sarif_file: results.sarif diff --git a/.github/workflows/stale.yaml b/.github/workflows/stale.yaml deleted file mode 100644 index a7c2452951..0000000000 --- a/.github/workflows/stale.yaml +++ /dev/null @@ -1,24 +0,0 @@ -name: 'Stale Issues and PRs' - -on: - schedule: - - cron: '30 1 * * *' - -jobs: - stale: - runs-on: ubuntu-latest - - permissions: - issues: write - pull-requests: write - - steps: - - uses: actions/stale@28ca1036281a5e5922ead5184a1bbf96e5fc984e # v9.0.0 - with: - stale-issue-message: "This is stale, but we won't close it automatically, just bare in mind the maintainers may be busy with other tasks and will reach your issue ASAP. If you have any question or request to prioritize this, please reach `#ingress-nginx-dev` on Kubernetes Slack." - stale-pr-message: "This is stale, but we won't close it automatically, just bare in mind the maintainers may be busy with other tasks and will reach your issue ASAP. If you have any question or request to prioritize this, please reach `#ingress-nginx-dev` on Kubernetes Slack." - stale-issue-label: lifecycle/frozen - stale-pr-label: lifecycle/frozen - days-before-issue-stale: 30 - days-before-pr-stale: 45 - days-before-close: -1 # dont not close issues/prs diff --git a/.github/workflows/vulnerability-scans.yaml b/.github/workflows/vulnerability-scans.yaml deleted file mode 100644 index cc3240931d..0000000000 --- a/.github/workflows/vulnerability-scans.yaml +++ /dev/null @@ -1,92 +0,0 @@ -# This workflow uses actions that are not certified by GitHub. -# They are provided by a third-party and are governed by -# separate terms of service, privacy policy, and support -# documentation. - -name: Vulnerability Scan - -on: - workflow_dispatch: - release: - schedule: - - cron: '00 9 * * 1' - -permissions: - contents: read - security-events: write - -jobs: - version: - runs-on: ubuntu-latest - outputs: - versions: ${{ steps.version.outputs.TAGS }} - steps: - - name: Checkout code - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - with: - fetch-depth: 0 - - - name: Latest Tag - id: version - shell: bash - run: | - readarray -t TAGS_ARRAY <<<"$(git tag --list 'controller-v*.*.*' --sort=-version:refname | grep -v 'beta\|alpha')" - FULL_TAGS=(${TAGS_ARRAY[0]} ${TAGS_ARRAY[1]} ${TAGS_ARRAY[2]}) - SHORT_TAGS=() - for i in ${FULL_TAGS[@]} - do - echo "tag: $i" - short=$(echo "$i" | cut -d - -f 2) - SHORT_TAGS+=($short) - done - echo "${SHORT_TAGS[0]},${SHORT_TAGS[1]},${SHORT_TAGS[2]}" - TAGS_JSON="[\"${SHORT_TAGS[0]}\",\"${SHORT_TAGS[1]}\",\"${SHORT_TAGS[2]}\"]" - echo "${TAGS_JSON}" - echo "TAGS=${TAGS_JSON}" >> $GITHUB_OUTPUT - - scan: - runs-on: ubuntu-latest - needs: version - strategy: - matrix: - versions: ${{ fromJSON(needs.version.outputs.versions) }} - steps: - - name: Checkout code - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - - - shell: bash - id: test - run: echo "Scanning registry.k8s.io/ingress-nginx/controller@${{ matrix.versions }}" - - - name: Scan image with AquaSec/Trivy - id: scan - uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 # v0.24.0 - with: - image-ref: registry.k8s.io/ingress-nginx/controller:${{ matrix.versions }} - format: 'sarif' - output: trivy-results-${{ matrix.versions }}.sarif - exit-code: 0 - vuln-type: 'os,library' - severity: 'CRITICAL,HIGH,MEDIUM,LOW,UNKNOWN' - - - name: Output Sarif File - shell: bash - run: cat ${{ github.workspace }}/trivy-results-${{ matrix.versions }}.sarif - - # This step checks out a copy of your repository. - - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@eb055d739abdc2e8de2e5f4ba1a8b246daa779aa # v3.26.0 - with: - token: ${{ github.token }} - # Path to SARIF file relative to the root of the repository - sarif_file: ${{ github.workspace }}/trivy-results-${{ matrix.versions }}.sarif - - - name: Vulz Count - shell: bash - run: | - TRIVY_COUNT=$(cat ${{ github.workspace }}/trivy-results-${{ matrix.versions }}.sarif | jq '.runs[0].results | length') - echo "TRIVY_COUNT: $TRIVY_COUNT" - echo "Image Vulnerability scan output" >> $GITHUB_STEP_SUMMARY - echo "Image ID: registry.k8s.io/ingress-nginx/controller@${{ matrix.versions }}" >> $GITHUB_STEP_SUMMARY - echo "" >> $GITHUB_STEP_SUMMARY - echo "Trivy Count: $TRIVY_COUNT" >> $GITHUB_STEP_SUMMARY diff --git a/.github/workflows/zz-tmpl-images.yaml b/.github/workflows/zz-tmpl-images.yaml deleted file mode 100644 index 4594a1de46..0000000000 --- a/.github/workflows/zz-tmpl-images.yaml +++ /dev/null @@ -1,81 +0,0 @@ -#### THIS IS A TEMPLATE #### -# This workflow is created to be a template for every time an e2e teest is required, - -on: - workflow_call: - inputs: - name: - required: true - type: string - platforms-test: - type: string - default: linux/amd64 - platforms-publish: - type: string - default: linux/amd64 - -env: - PLATFORMS: ${{ inputs.platforms-test }} - -permissions: - contents: write - packages: write - -jobs: - changestag: - permissions: - contents: read # for dorny/paths-filter to fetch a list of changed files - runs-on: ubuntu-latest - outputs: - tag: ${{ steps.filter.outputs.tag }} - - steps: - - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 - id: filter - with: - token: ${{ secrets.GITHUB_TOKEN }} - filters: | - tag: - - 'images/**/TAG' - - image-build: - name: Build - runs-on: ubuntu-latest - permissions: - contents: read - - steps: - - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - - - name: Build - run: | - cd images/ && make NAME=${{ inputs.name }} build - - image-push: - name: Push - needs: changestag - if: | - (github.event_name == 'push' && github.ref == 'refs/heads/main' && github.repository == 'kubernetes/ingress-nginx' && needs.changestag.outputs.tag == 'true') - runs-on: ubuntu-latest - permissions: - contents: write - packages: write - env: - PLATFORMS: ${{ inputs.platforms-publish }} - steps: - - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - - - name: Login to GitHub Container Registry - uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - - - name: Push - run: | - cd images/ && make REGISTRY=ingressnginx NAME=${{ inputs.name }} push - diff --git a/.github/workflows/zz-tmpl-k8s-e2e.yaml b/.github/workflows/zz-tmpl-k8s-e2e.yaml deleted file mode 100644 index adf1dc0e89..0000000000 --- a/.github/workflows/zz-tmpl-k8s-e2e.yaml +++ /dev/null @@ -1,58 +0,0 @@ -#### THIS IS A TEMPLATE #### -# This workflow is created to be a template for every time an e2e teest is required, - -on: - workflow_call: - inputs: - k8s-version: - required: true - type: string - variation: - type: string - -permissions: - contents: read - -jobs: - kubernetes: - name: Kubernetes ${{ inputs.variation }} - runs-on: ubuntu-latest - - steps: - - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - - - name: cache - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 - with: - name: docker.tar.gz - - - name: Create Kubernetes ${{ inputs.k8s-version }} cluster - id: kind - run: | - kind create cluster --image=kindest/node:${{ inputs.k8s-version }} --config test/e2e/kind.yaml - - - name: Load images from cache - run: | - echo "loading docker images..." - gzip -dc docker.tar.gz | docker load - - - name: Run e2e tests ${{ inputs.variation }} - env: - KIND_CLUSTER_NAME: kind - SKIP_CLUSTER_CREATION: true - SKIP_INGRESS_IMAGE_CREATION: true - SKIP_E2E_IMAGE_CREATION: true - ENABLE_VALIDATIONS: ${{ inputs.variation == 'VALIDATIONS' }} - IS_CHROOT: ${{ inputs.variation == 'CHROOT' }} - run: | - kind get kubeconfig > $HOME/.kube/kind-config-kind - make kind-e2e-test - - - name: Upload e2e junit-reports ${{ inputs.variation }} - uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6 - if: success() || failure() - with: - name: e2e-test-reports-${{ inputs.k8s-version }}${{ inputs.variation }} - path: 'test/junitreports/report*.xml' - diff --git a/Dockerfile.dapper b/Dockerfile.dapper new file mode 100644 index 0000000000..056656beb5 --- /dev/null +++ b/Dockerfile.dapper @@ -0,0 +1,45 @@ +FROM docker:19.03.9 +ARG DAPPER_HOST_ARCH +ARG STEP=ci +ENV ARCH=${DAPPER_HOST_ARCH} +RUN mkdir -p /.docker/cli-plugins +RUN apk update && apk upgrade && apk add bash && ln -sf /bin/bash /bin/sh # use bash for subsequent variable expansion +ENV DOCKER_BUILDX_URL_arm=https://github.com/docker/buildx/releases/download/v0.5.1/buildx-v0.5.1.linux-arm-v7 \ + DOCKER_BUILDX_URL_arm64=https://github.com/docker/buildx/releases/download/v0.5.1/buildx-v0.5.1.linux-arm64 \ + DOCKER_BUILDX_URL_amd64=https://github.com/docker/buildx/releases/download/v0.5.1/buildx-v0.5.1.linux-amd64 \ + DOCKER_BUILDX_URL=DOCKER_BUILDX_URL_${ARCH} +RUN wget -O - ${!DOCKER_BUILDX_URL} > /.docker/cli-plugins/docker-buildx && chmod +x /.docker/cli-plugins/docker-buildx + +FROM ubuntu:18.04 +ARG DAPPER_HOST_ARCH +ARG DOCKER_USER +ARG DOCKER_PASS +ENV HOST_ARCH=${DAPPER_HOST_ARCH} \ + ARCH=${DAPPER_HOST_ARCH} \ + DOCKER_USER=${DOCKER_USER} \ + DOCKER_PASS=${DOCKER_PASS} +RUN apt-get update && \ + apt-get install -y gcc ca-certificates git wget curl vim less file zip make && \ + rm -f /bin/sh && ln -s /bin/bash /bin/sh +ENV GOLANG_ARCH_amd64=amd64 GOLANG_ARCH_arm=armv6l GOLANG_ARCH_arm64=arm64 GOLANG_ARCH=GOLANG_ARCH_${ARCH} \ + GOPATH=/go PATH=/go/bin:/usr/local/go/bin:${PATH} SHELL=/bin/bash +RUN wget -O - https://golang.org/dl/go1.21.5.linux-${!GOLANG_ARCH}.tar.gz | tar -xzf - -C /usr/local && \ + curl -sL https://install.goreleaser.com/github.com/golangci/golangci-lint.sh | sh -s v1.41.0 +COPY --from=0 /usr/local/bin/docker /usr/bin/docker +RUN mkdir -p /.docker/cli-plugins +COPY --from=0 /.docker/cli-plugins/docker-buildx /.docker/cli-plugins/docker-buildx +ENV DOCKER_CLI_EXPERIMENTAL=enabled \ + DOCKER_CONFIG=/.docker +RUN docker buildx install +ENV DAPPER_SOURCE /go/src/k8s.io/ingress-nginx/ +ENV DAPPER_OUTPUT ./bin ./dist +ENV DAPPER_DOCKER_SOCKET true +ENV DAPPER_ENV CROSS TAG DOCKER_PASSWORD DOCKER_USERNAME +ENV DAPPER_RUN_ARGS="--net host" +ENV TRASH_CACHE ${DAPPER_SOURCE}/.trash-cache +ENV HOME ${DAPPER_SOURCE} +ENV GIT_IN_DAPPER true +RUN mkdir -p /etc/nginx/geoip +WORKDIR ${DAPPER_SOURCE} +ENTRYPOINT ["./scripts/entry"] +CMD [${STEP}] diff --git a/Makefile b/Makefile index a99e1540c7..eac4f1cd1a 100644 --- a/Makefile +++ b/Makefile @@ -242,8 +242,9 @@ BUILDX_PLATFORMS ?= linux/amd64,linux/arm,linux/arm64 .PHONY: release # Build a multi-arch docker image release: ensure-buildx clean - echo "Building binaries..." - $(foreach PLATFORM,$(PLATFORMS), echo -n "$(PLATFORM)..."; ARCH=$(PLATFORM) make build;) +# Rancher CI: the build has been done in the build step in the scripts/ci +# echo "Building binaries..." +# $(foreach PLATFORM,$(PLATFORMS), echo -n "$(PLATFORM)..."; ARCH=$(PLATFORM) make build;) echo "Building and pushing ingress-nginx image...$(BUILDX_PLATFORMS)" @@ -258,22 +259,5 @@ release: ensure-buildx clean --build-arg VERSION="$(TAG)" \ --build-arg COMMIT_SHA="$(COMMIT_SHA)" \ --build-arg BUILD_ID="$(BUILD_ID)" \ - -t $(REGISTRY)/controller:$(TAG) rootfs - - docker buildx build \ - --no-cache \ - $(MAC_DOCKER_FLAGS) \ - --push \ - --pull \ - --progress plain \ - --platform $(BUILDX_PLATFORMS) \ - --build-arg BASE_IMAGE="$(BASE_IMAGE)" \ - --build-arg VERSION="$(TAG)" \ - --build-arg COMMIT_SHA="$(COMMIT_SHA)" \ - --build-arg BUILD_ID="$(BUILD_ID)" \ - -t $(REGISTRY)/controller-chroot:$(TAG) rootfs -f rootfs/Dockerfile-chroot + -t $(REGISTRY)/nginx-ingress-controller:$(TAG) rootfs -.PHONY: build-docs -build-docs: - pip install -r docs/requirements.txt - mkdocs build --config-file mkdocs.yml diff --git a/build/run-in-docker.sh b/build/run-in-docker.sh index fcbf8f6cdc..ba5ea6f6a5 100755 --- a/build/run-in-docker.sh +++ b/build/run-in-docker.sh @@ -84,6 +84,7 @@ if [[ "$DOCKER_IN_DOCKER_ENABLED" == "true" ]]; then #go env go install -mod=mod github.com/onsi/ginkgo/v2/ginkgo@v2.20.0 find / -type f -name ginkgo 2>/dev/null + PATH=$PATH:$GOPATH/bin/linux_arm64 which ginkgo /bin/bash -c "${FLAGS}" else diff --git a/scripts/build b/scripts/build new file mode 100755 index 0000000000..b8c5697d7a --- /dev/null +++ b/scripts/build @@ -0,0 +1,17 @@ +#!/bin/bash +set -e + +source $(dirname $0)/version + +cd $(dirname $0)/.. + +PKG="k8s.io/ingress-nginx" + +rm -rf bin/* +mkdir -p bin + +declare -a arches=("arm64" "amd64" "arm" "s390x") +for arch in "${arches[@]}" +do + ARCH="$arch" TAG="$TAG" DOCKER_IN_DOCKER_ENABLED=true USER=0 make build +done diff --git a/scripts/ci b/scripts/ci new file mode 100755 index 0000000000..74dcc397db --- /dev/null +++ b/scripts/ci @@ -0,0 +1,8 @@ +#!/bin/bash +set -e + +cd $(dirname $0) + +./validate +./build +./package diff --git a/scripts/package b/scripts/package new file mode 100755 index 0000000000..a5cbd19d8a --- /dev/null +++ b/scripts/package @@ -0,0 +1,12 @@ +#!/bin/bash +set -e + +REPO=${REPO:-rancher} + +source $(dirname $0)/version +cd $(dirname $0)/.. + +# manifest push happens as part of make release, so login is required inside the dapper container +echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin + +REGISTRY=${REPO} PLATFORMS="arm64 amd64" BUILDX_PLATFORMS="linux/amd64,linux/arm64" TAG=${TAG} DOCKER_IN_DOCKER_ENABLED=true USER=0 make release diff --git a/scripts/version b/scripts/version new file mode 100755 index 0000000000..9b27d9603c --- /dev/null +++ b/scripts/version @@ -0,0 +1,37 @@ +#!/bin/bash + +if [ "$GIT_IN_DAPPER" = true ]; then + git config --global user.email "rancher-ci@rancher.com" + git config --global user.name "rancher-ci" +fi + +if [ -n "$(git status --porcelain --untracked-files=no)" ]; then + DIRTY="-dirty" +fi + +# fetch tag information +git fetch + +GIT_COMMIT=${GIT_COMMIT:-$(git rev-parse --short HEAD)} +GIT_TAG=$(git tag -l --contains HEAD | head -n 1) +REPO_INFO=$(git config --get remote.origin.url) + +if [[ -z "$DIRTY" && -n "$GIT_TAG" ]]; then + VERSION=$GIT_TAG +else + VERSION="${GIT_COMMIT}${DIRTY}" +fi + +if [ -z "$ARCH" ]; then + ARCH=amd64 +fi + +TAG=${TAG:-$VERSION} + +PKG="k8s.io/ingress-nginx" + +echo "GIT_COMMIT: $GIT_COMMIT" +echo "GIT_TAG: $GIT_TAG" +echo "VERSION: $VERSION" +echo "TAG: $TAG" +echo "ARCH: $ARCH" From da01d6e742bb59c3f3fc6f1ef66944503be85fc6 Mon Sep 17 00:00:00 2001 From: Chirayu Kapoor Date: Wed, 21 Feb 2024 10:37:42 +0530 Subject: [PATCH 2/5] Fix adding 1.30 version Signed-off-by: Chirayu Kapoor --- .github/workflows/images.yaml | 215 ++++++++++++++++++++++++++++++++++ 1 file changed, 215 insertions(+) create mode 100644 .github/workflows/images.yaml diff --git a/.github/workflows/images.yaml b/.github/workflows/images.yaml new file mode 100644 index 0000000000..ea23c31856 --- /dev/null +++ b/.github/workflows/images.yaml @@ -0,0 +1,215 @@ +name: Container Images + +on: + pull_request: + branches: + - "*" + paths: + - 'images/**' + + push: + branches: + - main + paths: + - 'images/**' + +permissions: + contents: write + packages: write + +env: + PLATFORMS: linux/amd64 + +jobs: + changes: + permissions: + contents: read # for dorny/paths-filter to fetch a list of changed files + pull-requests: read # for dorny/paths-filter to read pull requests + runs-on: ubuntu-latest + outputs: + custom-error-pages: ${{ steps.filter.outputs.custom-error-pages }} + cfssl: ${{ steps.filter.outputs.cfssl }} + fastcgi-helloserver: ${{ steps.filter.outputs.fastcgi-helloserver }} + e2e-test-echo: ${{ steps.filter.outputs.e2e-test-echo }} + go-grpc-greeter-server: ${{ steps.filter.outputs.go-grpc-greeter-server }} + httpbun: ${{ steps.filter.outputs.httpbun }} + kube-webhook-certgen: ${{ steps.filter.outputs.kube-webhook-certgen }} + ext-auth-example-authsvc: ${{ steps.filter.outputs.ext-auth-example-authsvc }} + nginx: ${{ steps.filter.outputs.nginx }} + nginx125: ${{ steps.filter.outputs.nginx125 }} + opentelemetry: ${{ steps.filter.outputs.opentelemetry }} + + steps: + - name: Checkout + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 + id: filter + with: + token: ${{ secrets.GITHUB_TOKEN }} + filters: | + custom-error-pages: + - 'images/custom-error-pages/**' + cfssl: + - 'images/cfssl/**' + fastcgi-helloserver: + - 'images/fastcgi-helloserver/**' + e2e-test-echo: + - 'images/e2e-test-echo/**' + go-grpc-greeter-server: + - 'images/go-grpc-greeter-server/**' + httpbun: + - 'images/httpbun/**' + kube-webhook-certgen: + - 'images/kube-webhook-certgen/**' + ext-auth-example-authsvc: + - 'images/ext-auth-example-authsvc/**' + nginx: + - 'images/nginx/**' + opentelemetry: + - 'images/opentelemetry/**' + nginx125: + - 'images/nginx-1.25/TAG' + + #### TODO: Make the below jobs 'less dumb' and use the job name as parameter (the github.job context does not work here) + cfssl: + needs: changes + if: | + (needs.changes.outputs.cfssl == 'true') + uses: ./.github/workflows/zz-tmpl-images.yaml + with: + name: cfssl + secrets: inherit + + custom-error-pages: + needs: changes + if: | + (needs.changes.outputs.custom-error-pages == 'true') + uses: ./.github/workflows/zz-tmpl-images.yaml + with: + name: custom-error-pages + secrets: inherit + + e2e-test-echo: + needs: changes + if: | + (needs.changes.outputs.e2e-test-echo == 'true') + uses: ./.github/workflows/zz-tmpl-images.yaml + with: + name: e2e-test-echo + secrets: inherit + + ext-auth-example-authsvc: + needs: changes + if: | + (needs.changes.outputs.ext-auth-example-authsvc == 'true') + uses: ./.github/workflows/zz-tmpl-images.yaml + with: + name: ext-auth-example-authsvc + secrets: inherit + + fastcgi-helloserver: + needs: changes + if: | + (needs.changes.outputs.fastcgi-helloserver == 'true') + uses: ./.github/workflows/zz-tmpl-images.yaml + with: + name: fastcgi-helloserver + secrets: inherit + + go-grpc-greeter-server: + needs: changes + if: | + (needs.changes.outputs.go-grpc-greeter-server == 'true') + uses: ./.github/workflows/zz-tmpl-images.yaml + with: + name: go-grpc-greeter-server + secrets: inherit + + httpbun: + needs: changes + if: | + (needs.changes.outputs.httpbun == 'true') + uses: ./.github/workflows/zz-tmpl-images.yaml + with: + name: httpbun + secrets: inherit + + kube-webhook-certgen: + runs-on: ubuntu-latest + needs: changes + if: | + (needs.changes.outputs.kube-webhook-certgen == 'true') + strategy: + matrix: + k8s: [v1.26.14, v1.27.11, v1.28.7, v1.29.2, v1.30.0] + steps: + - name: Checkout + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + + - name: Get go version + run: echo "GOLANG_VERSION=$(cat GOLANG_VERSION)" >> $GITHUB_ENV + + - name: Set up Go + id: go + uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 + with: + go-version: ${{ env.GOLANG_VERSION }} + check-latest: true + - name: image build + run: | + cd images/ && make NAME=kube-webhook-certgen build + - name: Create Kubernetes cluster + id: kind + run: | + kind create cluster --image=kindest/node:${{ matrix.k8s }} + - name: image test + run: | + cd images/ && make NAME=kube-webhook-certgen test test-e2e + + opentelemetry: + runs-on: ubuntu-latest + env: + PLATFORMS: linux/amd64,linux/arm,linux/arm64 + needs: changes + if: | + (needs.changes.outputs.opentelemetry == 'true') + strategy: + matrix: + nginx: ['1.25.3', '1.21.6'] + steps: + - name: Checkout + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + - name: image build + run: | + cd images/opentelemetry && make NGINX_VERSION=${{ matrix.nginx }} build + + nginx125: + permissions: + contents: write + packages: write + runs-on: ubuntu-latest + needs: changes + if: | + (github.event_name == 'push' && github.ref == 'refs/heads/main' && needs.changes.outputs.nginx125 == 'true') + env: + PLATFORMS: linux/amd64,linux/arm,linux/arm64,linux/s390x + steps: + - name: Checkout + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + - name: Set up QEMU + uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0 + - name: Set up Docker Buildx + id: buildx + uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0 + with: + version: latest + platforms: ${{ env.PLATFORMS }} + - name: Login to GitHub Container Registry + uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + - name: build-image + run: | + export TAG=$(cat images/nginx-1.25/TAG) + cd images/nginx-1.25/rootfs && docker buildx build --platform=${{ env.PLATFORMS }} --push -t ingressnginx/nginx-1.25:${TAG} . From 1b04969d5e344a92909e4cf2998965bfef0705c1 Mon Sep 17 00:00:00 2001 From: Kinara Shah Date: Wed, 5 May 2021 15:44:18 -0700 Subject: [PATCH 3/5] Fix flaky arm64 emulator issue https://github.com/docker/buildx/issues/542 Add apk-tools first Now, apks-tools package is installed first. Apk-tools needs to finish installing before busybox can succesfully install on arm. Prior, apk-tools would start installing first but frequently busybox would start installing before apk-tools installation finished in drone. Specifically, the trigger script for busybox would fail while building arm image in drone. Revert "Add apk-tools first" This reverts commit 3179cfdacf1d7bf6be5cd1cbf6c53d1e5193ca57. --- hack/init-buildx.sh | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/hack/init-buildx.sh b/hack/init-buildx.sh index 1a47bf145e..b53c407025 100755 --- a/hack/init-buildx.sh +++ b/hack/init-buildx.sh @@ -51,6 +51,15 @@ if ! grep -q "^Driver: docker$" <<<"${current_builder}" && \ exit 0 fi +# Ensure qemu is in binfmt_misc +# Docker desktop already has these in versions recent enough to have buildx +# We only need to do this setup on linux hosts +if [ "$(uname)" == 'Linux' ]; then + # NOTE: this is pinned to a digest for a reason! + # https://github.com/docker/buildx/issues/542#issuecomment-778835576 + docker run --rm --privileged tonistiigi/binfmt --uninstall qemu-aarch64 && docker run --rm --privileged tonistiigi/binfmt --install arm64 + docker run --rm --privileged tonistiigi/binfmt +fi # Ensure we use a builder that can leverage it (the default on linux will not) docker buildx rm ingress-nginx || true From 47d781399c094e951338f7ceb956d70d63de9503 Mon Sep 17 00:00:00 2001 From: Ricardo Weir Date: Wed, 14 Apr 2021 12:16:45 -0700 Subject: [PATCH 4/5] Added non-package steps to push and pr events Add push even for debugging cherry pick commits: f3277463565ce64284d96aa659b5d0d11c17f058, b8966a64f5244c7a90cbd2282157db2838a508af refactor rancher build process due to upstream changes added git in workflow steps for build and release add drone's build and validate job in github actions workflow --- .drone.yml | 32 +++ .github/workflows/ci.yaml | 355 +++++++++++++++++++++++++++++++++ .github/workflows/release.yaml | 21 +- .gitignore | 5 +- Makefile_rancher | 23 +++ internal/k8s/main.go | 14 ++ scripts/build | 4 +- scripts/ci | 1 + scripts/entry | 11 + scripts/package | 4 +- scripts/release | 3 + scripts/test | 15 ++ scripts/validate | 14 ++ scripts/version | 6 - 14 files changed, 483 insertions(+), 25 deletions(-) create mode 100644 .drone.yml create mode 100644 .github/workflows/ci.yaml create mode 100644 Makefile_rancher create mode 100755 scripts/entry create mode 100755 scripts/release create mode 100755 scripts/test create mode 100755 scripts/validate diff --git a/.drone.yml b/.drone.yml new file mode 100644 index 0000000000..8271a9e6a9 --- /dev/null +++ b/.drone.yml @@ -0,0 +1,32 @@ +--- +kind: pipeline +name: ci + +platform: + os: linux + arch: amd64 + +steps: +- name: build + image: rancher/dapper:v0.5.3 + commands: + - dapper ci + environment: + GIT_IN_DAPPER: true + DOCKER_PASS: + from_secret: docker_password + DOCKER_USER: + from_secret: docker_username + volumes: + - name: docker + path: /var/run/docker.sock + when: + event: + - tag + instance: + - drone-publish.rancher.io + +volumes: +- name: docker + host: + path: /var/run/docker.sock \ No newline at end of file diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml new file mode 100644 index 0000000000..6e2ce23c48 --- /dev/null +++ b/.github/workflows/ci.yaml @@ -0,0 +1,355 @@ +name: CI + +on: + pull_request: + branches: + - "*" + paths-ignore: + - 'docs/**' + - 'deploy/**' + - '**.md' + - 'images/**' # Images changes should be tested on their own workflow + - '!images/nginx-1.25/**' + + push: + branches: + - main + - release-* + paths-ignore: + - 'docs/**' + - 'deploy/**' + - '**.md' + - 'images/**' # Images changes should be tested on their own workflow + + workflow_dispatch: + inputs: + run_e2e: + description: 'Force e2e to run' + required: false + type: boolean + + +permissions: + contents: read + +jobs: + + changes: + permissions: + contents: read # for dorny/paths-filter to fetch a list of changed files + pull-requests: read # for dorny/paths-filter to read pull requests + runs-on: ubuntu-latest + outputs: + go: ${{ steps.filter.outputs.go }} + charts: ${{ steps.filter.outputs.charts }} + baseimage: ${{ steps.filter.outputs.baseimage }} + + steps: + + - name: Checkout + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + + - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 + id: filter + with: + token: ${{ secrets.GITHUB_TOKEN }} + filters: | + go: + - '**/*.go' + - 'go.mod' + - 'go.sum' + - 'rootfs/**/*' + - 'TAG' + - 'test/e2e/**/*' + - 'NGINX_BASE' + charts: + - 'charts/ingress-nginx/Chart.yaml' + - 'charts/ingress-nginx/**/*' + - 'NGINX_BASE' + baseimage: + - 'NGINX_BASE' + - 'images/nginx-1.25/**' + + test-go: + runs-on: ubuntu-latest + needs: changes + if: | + (needs.changes.outputs.go == 'true') + steps: + - name: Checkout + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + + - name: Get go version + run: echo "GOLANG_VERSION=$(cat GOLANG_VERSION)" >> $GITHUB_ENV + + - name: Set up Go + id: go + uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 + with: + go-version: ${{ env.GOLANG_VERSION }} + check-latest: true + + - name: Run test + run: make test + + build: + name: Build + runs-on: ubuntu-latest + needs: changes + outputs: + golangversion: ${{ steps.golangversion.outputs.version }} + if: | + (needs.changes.outputs.go == 'true') || (needs.changes.outputs.charts == 'true') || (needs.changes.outputs.baseimage == 'true') + + env: + PLATFORMS: linux/amd64 + steps: + - name: Checkout + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + + - name: Get go version + id: golangversion + run: | + echo "version=$(cat GOLANG_VERSION)" >> "$GITHUB_OUTPUT" + + - name: Set up Go + id: go + uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 + with: + go-version: ${{ steps.golangversion.outputs.version }} + check-latest: true + + - name: Set up QEMU + uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0 + + - name: Set up Docker Buildx + id: buildx + uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0 + with: + version: latest + + - name: Available platforms + run: echo ${{ steps.buildx.outputs.platforms }} + + - name: Prepare Host + run: | + curl -LO https://dl.k8s.io/release/v1.27.3/bin/linux/amd64/kubectl + chmod +x ./kubectl + sudo mv ./kubectl /usr/local/bin/kubectl + + - name: Build NGINX Base image + if: | + needs.changes.outputs.baseimage == 'true' + run: | + export TAG=$(cat images/nginx-1.25/TAG) + cd images/nginx-1.25/rootfs && docker buildx build --platform=${{ env.PLATFORMS }} --load -t registry.k8s.io/ingress-nginx/nginx-1.25:${TAG} . + + - name: Build images + env: + TAG: 1.0.0-dev + ARCH: amd64 + REGISTRY: ingress-controller + run: | + echo "building images..." + export TAGNGINX=$(cat images/nginx-1.25/TAG) + make BASE_IMAGE=registry.k8s.io/ingress-nginx/nginx-1.25:${TAGNGINX} clean-image build image image-chroot + make -C test/e2e-image image + + echo "creating images cache..." + docker save \ + nginx-ingress-controller:e2e \ + ingress-controller/controller:1.0.0-dev \ + ingress-controller/controller-chroot:1.0.0-dev \ + | gzip > docker.tar.gz + + - name: cache + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 + with: + name: docker.tar.gz + path: docker.tar.gz + retention-days: 5 + + helm-lint: + name: Helm chart lint + runs-on: ubuntu-latest + needs: + - changes + if: | + (needs.changes.outputs.charts == 'true') || (needs.changes.outputs.baseimage == 'true') + + steps: + - name: Checkout + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + with: + fetch-depth: 0 + + - name: Set up Helm + uses: azure/setup-helm@b7246b12e77f7134dc2d460a3d5bad15bbe29390 # v4.1.0 + + - uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0 + with: + python-version: '3.x' + + - name: Set up chart-testing + uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1 + + - name: Install Helm Unit Test Plugin + run: | + helm plugin install https://github.com/helm-unittest/helm-unittest + + - name: Run Helm Unit Tests + run: | + helm unittest charts/ingress-nginx -d + + - name: Run chart-testing (lint) + run: ct lint --config ./.ct.yaml + + - name: Run helm-docs + run: | + GOBIN=$PWD GO111MODULE=on go install github.com/norwoodj/helm-docs/cmd/helm-docs@v1.11.0 + ./helm-docs --chart-search-root=${GITHUB_WORKSPACE}/charts + DIFF=$(git diff ${GITHUB_WORKSPACE}/charts/ingress-nginx/README.md) + if [ ! -z "$DIFF" ]; then + echo "Please use helm-docs in your clone, of your fork, of the project, and commit a updated README.md for the chart. https://github.com/kubernetes/ingress-nginx/blob/main/RELEASE.md#d-edit-the-valuesyaml-and-run-helm-docs" + fi + git diff --exit-code + rm -f ./helm-docs + + - name: Run Artifact Hub lint + run: | + wget https://github.com/artifacthub/hub/releases/download/v1.5.0/ah_1.5.0_linux_amd64.tar.gz + echo 'ad0e44c6ea058ab6b85dbf582e88bad9fdbc64ded0d1dd4edbac65133e5c87da *ah_1.5.0_linux_amd64.tar.gz' | shasum -c + tar -xzvf ah_1.5.0_linux_amd64.tar.gz ah + ./ah lint -p charts/ingress-nginx || exit 1 + rm -f ./ah ./ah_1.5.0_linux_amd64.tar.gz + + helm-test: + name: Helm chart testing + runs-on: ubuntu-latest + needs: + - changes + - build + - helm-lint + if: | + (needs.changes.outputs.charts == 'true') || (needs.changes.outputs.baseimage == 'true') + + strategy: + matrix: + k8s: [v1.26.14, v1.27.11, v1.28.7, v1.29.2] + + steps: + - name: Checkout + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + + - name: Setup Go + uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 + with: + go-version: ${{ needs.build.outputs.golangversion }} + check-latest: true + + - name: cache + uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4 + with: + name: docker.tar.gz + + - name: fix permissions + run: | + sudo mkdir -p $HOME/.kube + sudo chmod -R 777 $HOME/.kube + + - name: Create Kubernetes ${{ matrix.k8s }} cluster + id: kind + run: | + kind create cluster --image=kindest/node:${{ matrix.k8s }} + + - name: Load images from cache + run: | + echo "loading docker images..." + gzip -dc docker.tar.gz | docker load + + - name: Test + env: + KIND_CLUSTER_NAME: kind + SKIP_CLUSTER_CREATION: true + SKIP_IMAGE_CREATION: true + SKIP_INGRESS_IMAGE_CREATION: true + run: | + kind get kubeconfig > $HOME/.kube/kind-config-kind + make kind-e2e-chart-tests + + kubernetes: + name: Kubernetes + needs: + - changes + - build + if: | + (needs.changes.outputs.go == 'true') || (needs.changes.outputs.baseimage == 'true') + strategy: + matrix: + k8s: [v1.26.14, v1.27.11, v1.28.7, v1.29.2] + uses: ./.github/workflows/zz-tmpl-k8s-e2e.yaml + with: + k8s-version: ${{ matrix.k8s }} + + kubernetes-validations: + name: Kubernetes with Validations + needs: + - changes + - build + if: | + (needs.changes.outputs.go == 'true') || (needs.changes.outputs.baseimage == 'true') + strategy: + matrix: + k8s: [v1.26.14, v1.27.11, v1.28.7, v1.29.2] + uses: ./.github/workflows/zz-tmpl-k8s-e2e.yaml + with: + k8s-version: ${{ matrix.k8s }} + variation: "VALIDATIONS" + + kubernetes-chroot: + name: Kubernetes chroot + needs: + - changes + - build + if: | + (needs.changes.outputs.go == 'true') || (needs.changes.outputs.baseimage == 'true') + strategy: + matrix: + k8s: [v1.26.14, v1.27.11, v1.28.7, v1.29.2] + uses: ./.github/workflows/zz-tmpl-k8s-e2e.yaml + with: + k8s-version: ${{ matrix.k8s }} + variation: "CHROOT" + + rancher-validate: + runs-on: ubuntu-latest + env: + PLATFORMS: linux/amd64 + container: + image: rancher/dapper:v0.5.3 + env: + GIT_IN_DAPPER: true + steps: + - name: Checkout + uses: actions/checkout@v2 + + - name: validate + run: | + dapper validate + + rancher-build: + needs: rancher-validate + runs-on: ubuntu-latest + env: + PLATFORMS: linux/amd64 + container: + image: rancher/dapper:v0.5.3 + env: + GIT_IN_DAPPER: true + steps: + - name: Checkout + uses: actions/checkout@v2 + + - name: build + run: | + dapper build diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 6dbb1e29d0..a5c4cd3c62 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -13,20 +13,13 @@ jobs: contents: read id-token: write # needed for the Vault authentication steps: - - name: Fix the not-a-git-repository issue + - name: Add git run: | - apk -U add git - git config --global --add safe.directory "$GITHUB_WORKSPACE" + apk add --no-cache git - - name: Checkout code - uses: actions/checkout@v4 + - name: Checkout + uses: actions/checkout@v2 - - name: Load Secrets from Vault - uses: rancher-eio/read-vault-secrets@main - with: - secrets: | - secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials username | DOCKER_USERNAME ; - secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials password | DOCKER_PASSWORD - - - name: Run CI - run: dapper ci + - name: tag + run: | + dapper ci diff --git a/.gitignore b/.gitignore index 73108f6274..16c4188ddf 100644 --- a/.gitignore +++ b/.gitignore @@ -61,4 +61,7 @@ cmd/plugin/release/*.tar.gz cmd/plugin/release/LICENSE tmp/ test/junitreports/ -tests/__snapshot__ + +# rancher ci +.dapper +/dist/ diff --git a/Makefile_rancher b/Makefile_rancher new file mode 100644 index 0000000000..d7d72a16d5 --- /dev/null +++ b/Makefile_rancher @@ -0,0 +1,23 @@ +TARGETS := $(shell ls scripts) + +.dapper: + @echo Downloading dapper + @curl -sL https://releases.rancher.com/dapper/latest/dapper-`uname -s`-`uname -m` > .dapper.tmp + @@chmod +x .dapper.tmp + @./.dapper.tmp -v + @mv .dapper.tmp .dapper + +$(TARGETS): .dapper + ./.dapper $@ + +trash: .dapper + ./.dapper -m bind trash + +trash-keep: .dapper + ./.dapper -m bind trash -k + +deps: trash + +.DEFAULT_GOAL := ci + +.PHONY: $(TARGETS) diff --git a/internal/k8s/main.go b/internal/k8s/main.go index 5e93e560d6..e4d6c0b6b5 100644 --- a/internal/k8s/main.go +++ b/internal/k8s/main.go @@ -32,6 +32,11 @@ import ( "k8s.io/client-go/tools/cache" ) +const ( + internalAddressAnnotation = "rke.cattle.io/internal-ip" + externalAddressAnnotation = "rke.cattle.io/external-ip" +) + // ParseNameNS parses a string searching a namespace and name func ParseNameNS(input string) (ns, name string, err error) { nsName := strings.Split(input, "/") @@ -64,6 +69,15 @@ func GetNodeIPOrName(kubeClient clientset.Interface, name string, useInternalIP return defaultOrInternalIP } + if node.Annotations != nil { + if annotatedIP := node.Annotations[externalAddressAnnotation]; annotatedIP != "" { + return annotatedIP + } + if annotatedIP := node.Annotations[internalAddressAnnotation]; annotatedIP != "" { + return annotatedIP + } + } + for _, address := range node.Status.Addresses { if address.Type == apiv1.NodeExternalIP { if address.Address != "" { diff --git a/scripts/build b/scripts/build index b8c5697d7a..546bfd3929 100755 --- a/scripts/build +++ b/scripts/build @@ -10,8 +10,8 @@ PKG="k8s.io/ingress-nginx" rm -rf bin/* mkdir -p bin -declare -a arches=("arm64" "amd64" "arm" "s390x") +declare -a arches=("arm64" "amd64") for arch in "${arches[@]}" do - ARCH="$arch" TAG="$TAG" DOCKER_IN_DOCKER_ENABLED=true USER=0 make build + ARCH=$arch DOCKER_IN_DOCKER_ENABLED=true USER=0 make build done diff --git a/scripts/ci b/scripts/ci index 74dcc397db..b35955a738 100755 --- a/scripts/ci +++ b/scripts/ci @@ -5,4 +5,5 @@ cd $(dirname $0) ./validate ./build +./test ./package diff --git a/scripts/entry b/scripts/entry new file mode 100755 index 0000000000..78fb567905 --- /dev/null +++ b/scripts/entry @@ -0,0 +1,11 @@ +#!/bin/bash +set -e + +mkdir -p bin dist +if [ -e ./scripts/$1 ]; then + ./scripts/"$@" +else + exec "$@" +fi + +chown -R $DAPPER_UID:$DAPPER_GID . diff --git a/scripts/package b/scripts/package index a5cbd19d8a..0dbc972b07 100755 --- a/scripts/package +++ b/scripts/package @@ -7,6 +7,6 @@ source $(dirname $0)/version cd $(dirname $0)/.. # manifest push happens as part of make release, so login is required inside the dapper container -echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin +echo "$DOCKER_PASS" | docker login -u $DOCKER_USER --password-stdin -REGISTRY=${REPO} PLATFORMS="arm64 amd64" BUILDX_PLATFORMS="linux/amd64,linux/arm64" TAG=${TAG} DOCKER_IN_DOCKER_ENABLED=true USER=0 make release +REGISTRY=${REPO} PLATFORMS="arm64 amd64" TAG=${TAG} DOCKER_IN_DOCKER_ENABLED=true USER=0 make release \ No newline at end of file diff --git a/scripts/release b/scripts/release new file mode 100755 index 0000000000..7af0df35fc --- /dev/null +++ b/scripts/release @@ -0,0 +1,3 @@ +#!/bin/bash + +exec $(dirname $0)/ci diff --git a/scripts/test b/scripts/test new file mode 100755 index 0000000000..6363fc3282 --- /dev/null +++ b/scripts/test @@ -0,0 +1,15 @@ +#!/bin/bash +set -e + +cd $(dirname $0)/.. + +echo Running tests + +FIND_COMMAND="find" +if [ "$(go env GOHOSTOS)" = "darwin" ]; then + FIND_COMMAND="find ." +fi + +PACKAGES="$($FIND_COMMAND -name '*.go' | xargs -I{} dirname {} | sort -u | grep -Ev '(^\.$|.git|.trash-cache|vendor|bin|docs|test|controller/store|images|examples|hack)')" + +go test -v -p 1 -tags "cgo" -cover ${PACKAGES} diff --git a/scripts/validate b/scripts/validate new file mode 100755 index 0000000000..8b1f64ba62 --- /dev/null +++ b/scripts/validate @@ -0,0 +1,14 @@ +#!/bin/bash +set -e + +cd $(dirname $0)/.. + +echo Running validation + +PACKAGES="$(go list ./... | grep -v /vendor/)" + +echo Running: go vet +go vet -mod=readonly ${PACKAGES} + +echo Running: go fmt +test -z "$(go fmt -mod=readonly ${PACKAGES} | tee /dev/stderr)" diff --git a/scripts/version b/scripts/version index 9b27d9603c..d04d7e66ec 100755 --- a/scripts/version +++ b/scripts/version @@ -29,9 +29,3 @@ fi TAG=${TAG:-$VERSION} PKG="k8s.io/ingress-nginx" - -echo "GIT_COMMIT: $GIT_COMMIT" -echo "GIT_TAG: $GIT_TAG" -echo "VERSION: $VERSION" -echo "TAG: $TAG" -echo "ARCH: $ARCH" From 4bbc8e59cd842a5920b0f66815786ed55320d508 Mon Sep 17 00:00:00 2001 From: Rayan Das Date: Mon, 14 Feb 2022 16:53:00 +0530 Subject: [PATCH 5/5] removed drone ci add drone's build and validate job in github actions workflow add release workflow which will run only while tagging added git in workflow steps for build and release remove G109 check till gosec resolves issues --- .drone.yml | 32 -------------------------------- 1 file changed, 32 deletions(-) delete mode 100644 .drone.yml diff --git a/.drone.yml b/.drone.yml deleted file mode 100644 index 8271a9e6a9..0000000000 --- a/.drone.yml +++ /dev/null @@ -1,32 +0,0 @@ ---- -kind: pipeline -name: ci - -platform: - os: linux - arch: amd64 - -steps: -- name: build - image: rancher/dapper:v0.5.3 - commands: - - dapper ci - environment: - GIT_IN_DAPPER: true - DOCKER_PASS: - from_secret: docker_password - DOCKER_USER: - from_secret: docker_username - volumes: - - name: docker - path: /var/run/docker.sock - when: - event: - - tag - instance: - - drone-publish.rancher.io - -volumes: -- name: docker - host: - path: /var/run/docker.sock \ No newline at end of file