Skip to content

remove modsecurity coreruleset test files from nginx image #9805

remove modsecurity coreruleset test files from nginx image

remove modsecurity coreruleset test files from nginx image #9805

Workflow file for this run

name: CI
on:
pull_request:
branches:
- "*"
paths-ignore:
- 'docs/**'
- 'deploy/**'
- '**.md'
- 'images/**' # Images changes should be tested on their own workflow
- '!images/nginx-1.25/**'
push:
branches:
- main
- release-*
paths-ignore:
- 'docs/**'
- 'deploy/**'
- '**.md'
- 'images/**' # Images changes should be tested on their own workflow
workflow_dispatch:
inputs:
run_e2e:
description: 'Force e2e to run'
required: false
type: boolean
permissions:
contents: read
jobs:
changes:
permissions:
contents: read # for dorny/paths-filter to fetch a list of changed files
pull-requests: read # for dorny/paths-filter to read pull requests
runs-on: ubuntu-latest
outputs:
go: ${{ steps.filter.outputs.go }}
charts: ${{ steps.filter.outputs.charts }}
baseimage: ${{ steps.filter.outputs.baseimage }}
steps:
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
id: filter
with:
token: ${{ secrets.GITHUB_TOKEN }}
filters: |
go:
- '**/*.go'
- 'go.mod'
- 'go.sum'
- 'rootfs/**/*'
- 'TAG'
- 'test/e2e/**/*'
- 'NGINX_BASE'
charts:
- 'charts/ingress-nginx/Chart.yaml'
- 'charts/ingress-nginx/**/*'
- 'NGINX_BASE'
baseimage:
- 'NGINX_BASE'
- 'images/nginx-1.25/**'
test-go:
runs-on: ubuntu-latest
needs: changes
if: |
(needs.changes.outputs.go == 'true') || ${{ github.event.workflow_dispatch.run_e2e == 'true' }}
steps:
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Get go version
run: echo "GOLANG_VERSION=$(cat GOLANG_VERSION)" >> $GITHUB_ENV
- name: Set up Go
id: go
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
with:
go-version: ${{ env.GOLANG_VERSION }}
check-latest: true
- name: Run test
run: make test
build:
name: Build
runs-on: ubuntu-latest
needs: changes
outputs:
golangversion: ${{ steps.golangversion.outputs.version }}
if: |
(needs.changes.outputs.go == 'true') || (needs.changes.outputs.charts == 'true') || (needs.changes.outputs.baseimage == 'true') || ${{ github.event.workflow_dispatch.run_e2e == 'true' }}
env:
PLATFORMS: linux/amd64
steps:
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Get go version
id: golangversion
run: |
echo "version=$(cat GOLANG_VERSION)" >> "$GITHUB_OUTPUT"
- name: Set up Go
id: go
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
with:
go-version: ${{ steps.golangversion.outputs.version }}
check-latest: true
- name: Set up QEMU
uses: docker/setup-qemu-action@5927c834f5b4fdf503fca6f4c7eccda82949e1ee # v3.1.0
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@4fd812986e6c8c2a69e18311145f9371337f27d4 # v3.4.0
with:
version: latest
- name: Available platforms
run: echo ${{ steps.buildx.outputs.platforms }}
- name: Prepare Host
run: |
curl -LO https://dl.k8s.io/release/v1.27.3/bin/linux/amd64/kubectl
chmod +x ./kubectl
sudo mv ./kubectl /usr/local/bin/kubectl
- name: Build NGINX Base image
if: |
needs.changes.outputs.baseimage == 'true'
run: |
export TAG=$(cat images/nginx-1.25/TAG)
cd images/nginx-1.25/rootfs && docker buildx build --platform=${{ env.PLATFORMS }} --load -t registry.k8s.io/ingress-nginx/nginx-1.25:${TAG} .
- name: Build images
env:
TAG: 1.0.0-dev
ARCH: amd64
REGISTRY: ingress-controller
run: |
echo "building images..."
export TAGNGINX=$(cat images/nginx-1.25/TAG)
make BASE_IMAGE=registry.k8s.io/ingress-nginx/nginx-1.25:${TAGNGINX} clean-image build image image-chroot
make -C test/e2e-image image
echo "creating images cache..."
docker save \
nginx-ingress-controller:e2e \
ingress-controller/controller:1.0.0-dev \
ingress-controller/controller-chroot:1.0.0-dev \
| gzip > docker.tar.gz
- name: cache
uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
with:
name: docker.tar.gz
path: docker.tar.gz
retention-days: 5
helm-lint:
name: Helm chart lint
runs-on: ubuntu-latest
needs:
- changes
if: |
(needs.changes.outputs.charts == 'true') || (needs.changes.outputs.baseimage == 'true') || ${{ github.event.workflow_dispatch.run_e2e == 'true' }}
steps:
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
fetch-depth: 0
- name: Set up Helm
uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0
- uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f # v5.1.1
with:
python-version: '3.x'
- name: Set up chart-testing
uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1
- name: Install Helm Unit Test Plugin
run: |
helm plugin install https://github.com/helm-unittest/helm-unittest
- name: Run Helm Unit Tests
run: |
helm unittest charts/ingress-nginx -d
- name: Run chart-testing (lint)
run: ct lint --config ./.ct.yaml
- name: Run helm-docs
run: |
GOBIN=$PWD GO111MODULE=on go install github.com/norwoodj/helm-docs/cmd/helm-docs@v1.11.0
./helm-docs --chart-search-root=${GITHUB_WORKSPACE}/charts
DIFF=$(git diff ${GITHUB_WORKSPACE}/charts/ingress-nginx/README.md)
if [ ! -z "$DIFF" ]; then
echo "Please use helm-docs in your clone, of your fork, of the project, and commit a updated README.md for the chart. https://github.com/kubernetes/ingress-nginx/blob/main/RELEASE.md#d-edit-the-valuesyaml-and-run-helm-docs"
fi
git diff --exit-code
rm -f ./helm-docs
- name: Run Artifact Hub lint
run: |
wget https://github.com/artifacthub/hub/releases/download/v1.5.0/ah_1.5.0_linux_amd64.tar.gz
echo 'ad0e44c6ea058ab6b85dbf582e88bad9fdbc64ded0d1dd4edbac65133e5c87da *ah_1.5.0_linux_amd64.tar.gz' | shasum -c
tar -xzvf ah_1.5.0_linux_amd64.tar.gz ah
./ah lint -p charts/ingress-nginx || exit 1
rm -f ./ah ./ah_1.5.0_linux_amd64.tar.gz
helm-test:
name: Helm chart testing
runs-on: ubuntu-latest
needs:
- changes
- build
- helm-lint
if: |
(needs.changes.outputs.charts == 'true') || (needs.changes.outputs.baseimage == 'true') || ${{ github.event.workflow_dispatch.run_e2e == 'true' }}
strategy:
matrix:
k8s: [v1.26.15, v1.27.13, v1.28.9, v1.29.4, v1.30.0]
steps:
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Setup Go
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
with:
go-version: ${{ needs.build.outputs.golangversion }}
check-latest: true
- name: cache
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: docker.tar.gz
- name: fix permissions
run: |
sudo mkdir -p $HOME/.kube
sudo chmod -R 777 $HOME/.kube
- name: Create Kubernetes ${{ matrix.k8s }} cluster
id: kind
run: |
kind create cluster --image=kindest/node:${{ matrix.k8s }}
- name: Load images from cache
run: |
echo "loading docker images..."
gzip -dc docker.tar.gz | docker load
- name: Test
env:
KIND_CLUSTER_NAME: kind
SKIP_CLUSTER_CREATION: true
SKIP_IMAGE_CREATION: true
SKIP_INGRESS_IMAGE_CREATION: true
run: |
kind get kubeconfig > $HOME/.kube/kind-config-kind
make kind-e2e-chart-tests
kubernetes:
name: Kubernetes
needs:
- changes
- build
if: |
(needs.changes.outputs.go == 'true') || (needs.changes.outputs.baseimage == 'true') || ${{ github.event.workflow_dispatch.run_e2e == 'true' }}
strategy:
matrix:
k8s: [v1.26.15, v1.27.13, v1.28.9, v1.29.4, v1.30.0]
uses: ./.github/workflows/zz-tmpl-k8s-e2e.yaml
with:
k8s-version: ${{ matrix.k8s }}
kubernetes-validations:
name: Kubernetes with Validations
needs:
- changes
- build
if: |
(needs.changes.outputs.go == 'true') || (needs.changes.outputs.baseimage == 'true') || ${{ github.event.workflow_dispatch.run_e2e == 'true' }}
strategy:
matrix:
k8s: [v1.26.15, v1.27.13, v1.28.9, v1.29.4, v1.30.0]
uses: ./.github/workflows/zz-tmpl-k8s-e2e.yaml
with:
k8s-version: ${{ matrix.k8s }}
variation: "VALIDATIONS"
kubernetes-chroot:
name: Kubernetes chroot
needs:
- changes
- build
if: |
(needs.changes.outputs.go == 'true') || (needs.changes.outputs.baseimage == 'true') || ${{ github.event.workflow_dispatch.run_e2e == 'true' }}
strategy:
matrix:
k8s: [v1.26.15, v1.27.13, v1.28.9, v1.29.4, v1.30.0]
uses: ./.github/workflows/zz-tmpl-k8s-e2e.yaml
with:
k8s-version: ${{ matrix.k8s }}
variation: "CHROOT"