remove modsecurity coreruleset test files from nginx image #9805
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
pull_request: | |
branches: | |
- "*" | |
paths-ignore: | |
- 'docs/**' | |
- 'deploy/**' | |
- '**.md' | |
- 'images/**' # Images changes should be tested on their own workflow | |
- '!images/nginx-1.25/**' | |
push: | |
branches: | |
- main | |
- release-* | |
paths-ignore: | |
- 'docs/**' | |
- 'deploy/**' | |
- '**.md' | |
- 'images/**' # Images changes should be tested on their own workflow | |
workflow_dispatch: | |
inputs: | |
run_e2e: | |
description: 'Force e2e to run' | |
required: false | |
type: boolean | |
permissions: | |
contents: read | |
jobs: | |
changes: | |
permissions: | |
contents: read # for dorny/paths-filter to fetch a list of changed files | |
pull-requests: read # for dorny/paths-filter to read pull requests | |
runs-on: ubuntu-latest | |
outputs: | |
go: ${{ steps.filter.outputs.go }} | |
charts: ${{ steps.filter.outputs.charts }} | |
baseimage: ${{ steps.filter.outputs.baseimage }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
- uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 | |
id: filter | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
filters: | | |
go: | |
- '**/*.go' | |
- 'go.mod' | |
- 'go.sum' | |
- 'rootfs/**/*' | |
- 'TAG' | |
- 'test/e2e/**/*' | |
- 'NGINX_BASE' | |
charts: | |
- 'charts/ingress-nginx/Chart.yaml' | |
- 'charts/ingress-nginx/**/*' | |
- 'NGINX_BASE' | |
baseimage: | |
- 'NGINX_BASE' | |
- 'images/nginx-1.25/**' | |
test-go: | |
runs-on: ubuntu-latest | |
needs: changes | |
if: | | |
(needs.changes.outputs.go == 'true') || ${{ github.event.workflow_dispatch.run_e2e == 'true' }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
- name: Get go version | |
run: echo "GOLANG_VERSION=$(cat GOLANG_VERSION)" >> $GITHUB_ENV | |
- name: Set up Go | |
id: go | |
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 | |
with: | |
go-version: ${{ env.GOLANG_VERSION }} | |
check-latest: true | |
- name: Run test | |
run: make test | |
build: | |
name: Build | |
runs-on: ubuntu-latest | |
needs: changes | |
outputs: | |
golangversion: ${{ steps.golangversion.outputs.version }} | |
if: | | |
(needs.changes.outputs.go == 'true') || (needs.changes.outputs.charts == 'true') || (needs.changes.outputs.baseimage == 'true') || ${{ github.event.workflow_dispatch.run_e2e == 'true' }} | |
env: | |
PLATFORMS: linux/amd64 | |
steps: | |
- name: Checkout | |
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
- name: Get go version | |
id: golangversion | |
run: | | |
echo "version=$(cat GOLANG_VERSION)" >> "$GITHUB_OUTPUT" | |
- name: Set up Go | |
id: go | |
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 | |
with: | |
go-version: ${{ steps.golangversion.outputs.version }} | |
check-latest: true | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@5927c834f5b4fdf503fca6f4c7eccda82949e1ee # v3.1.0 | |
- name: Set up Docker Buildx | |
id: buildx | |
uses: docker/setup-buildx-action@4fd812986e6c8c2a69e18311145f9371337f27d4 # v3.4.0 | |
with: | |
version: latest | |
- name: Available platforms | |
run: echo ${{ steps.buildx.outputs.platforms }} | |
- name: Prepare Host | |
run: | | |
curl -LO https://dl.k8s.io/release/v1.27.3/bin/linux/amd64/kubectl | |
chmod +x ./kubectl | |
sudo mv ./kubectl /usr/local/bin/kubectl | |
- name: Build NGINX Base image | |
if: | | |
needs.changes.outputs.baseimage == 'true' | |
run: | | |
export TAG=$(cat images/nginx-1.25/TAG) | |
cd images/nginx-1.25/rootfs && docker buildx build --platform=${{ env.PLATFORMS }} --load -t registry.k8s.io/ingress-nginx/nginx-1.25:${TAG} . | |
- name: Build images | |
env: | |
TAG: 1.0.0-dev | |
ARCH: amd64 | |
REGISTRY: ingress-controller | |
run: | | |
echo "building images..." | |
export TAGNGINX=$(cat images/nginx-1.25/TAG) | |
make BASE_IMAGE=registry.k8s.io/ingress-nginx/nginx-1.25:${TAGNGINX} clean-image build image image-chroot | |
make -C test/e2e-image image | |
echo "creating images cache..." | |
docker save \ | |
nginx-ingress-controller:e2e \ | |
ingress-controller/controller:1.0.0-dev \ | |
ingress-controller/controller-chroot:1.0.0-dev \ | |
| gzip > docker.tar.gz | |
- name: cache | |
uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 | |
with: | |
name: docker.tar.gz | |
path: docker.tar.gz | |
retention-days: 5 | |
helm-lint: | |
name: Helm chart lint | |
runs-on: ubuntu-latest | |
needs: | |
- changes | |
if: | | |
(needs.changes.outputs.charts == 'true') || (needs.changes.outputs.baseimage == 'true') || ${{ github.event.workflow_dispatch.run_e2e == 'true' }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
with: | |
fetch-depth: 0 | |
- name: Set up Helm | |
uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0 | |
- uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f # v5.1.1 | |
with: | |
python-version: '3.x' | |
- name: Set up chart-testing | |
uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1 | |
- name: Install Helm Unit Test Plugin | |
run: | | |
helm plugin install https://github.com/helm-unittest/helm-unittest | |
- name: Run Helm Unit Tests | |
run: | | |
helm unittest charts/ingress-nginx -d | |
- name: Run chart-testing (lint) | |
run: ct lint --config ./.ct.yaml | |
- name: Run helm-docs | |
run: | | |
GOBIN=$PWD GO111MODULE=on go install github.com/norwoodj/helm-docs/cmd/helm-docs@v1.11.0 | |
./helm-docs --chart-search-root=${GITHUB_WORKSPACE}/charts | |
DIFF=$(git diff ${GITHUB_WORKSPACE}/charts/ingress-nginx/README.md) | |
if [ ! -z "$DIFF" ]; then | |
echo "Please use helm-docs in your clone, of your fork, of the project, and commit a updated README.md for the chart. https://github.com/kubernetes/ingress-nginx/blob/main/RELEASE.md#d-edit-the-valuesyaml-and-run-helm-docs" | |
fi | |
git diff --exit-code | |
rm -f ./helm-docs | |
- name: Run Artifact Hub lint | |
run: | | |
wget https://github.com/artifacthub/hub/releases/download/v1.5.0/ah_1.5.0_linux_amd64.tar.gz | |
echo 'ad0e44c6ea058ab6b85dbf582e88bad9fdbc64ded0d1dd4edbac65133e5c87da *ah_1.5.0_linux_amd64.tar.gz' | shasum -c | |
tar -xzvf ah_1.5.0_linux_amd64.tar.gz ah | |
./ah lint -p charts/ingress-nginx || exit 1 | |
rm -f ./ah ./ah_1.5.0_linux_amd64.tar.gz | |
helm-test: | |
name: Helm chart testing | |
runs-on: ubuntu-latest | |
needs: | |
- changes | |
- build | |
- helm-lint | |
if: | | |
(needs.changes.outputs.charts == 'true') || (needs.changes.outputs.baseimage == 'true') || ${{ github.event.workflow_dispatch.run_e2e == 'true' }} | |
strategy: | |
matrix: | |
k8s: [v1.26.15, v1.27.13, v1.28.9, v1.29.4, v1.30.0] | |
steps: | |
- name: Checkout | |
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
- name: Setup Go | |
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 | |
with: | |
go-version: ${{ needs.build.outputs.golangversion }} | |
check-latest: true | |
- name: cache | |
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
with: | |
name: docker.tar.gz | |
- name: fix permissions | |
run: | | |
sudo mkdir -p $HOME/.kube | |
sudo chmod -R 777 $HOME/.kube | |
- name: Create Kubernetes ${{ matrix.k8s }} cluster | |
id: kind | |
run: | | |
kind create cluster --image=kindest/node:${{ matrix.k8s }} | |
- name: Load images from cache | |
run: | | |
echo "loading docker images..." | |
gzip -dc docker.tar.gz | docker load | |
- name: Test | |
env: | |
KIND_CLUSTER_NAME: kind | |
SKIP_CLUSTER_CREATION: true | |
SKIP_IMAGE_CREATION: true | |
SKIP_INGRESS_IMAGE_CREATION: true | |
run: | | |
kind get kubeconfig > $HOME/.kube/kind-config-kind | |
make kind-e2e-chart-tests | |
kubernetes: | |
name: Kubernetes | |
needs: | |
- changes | |
- build | |
if: | | |
(needs.changes.outputs.go == 'true') || (needs.changes.outputs.baseimage == 'true') || ${{ github.event.workflow_dispatch.run_e2e == 'true' }} | |
strategy: | |
matrix: | |
k8s: [v1.26.15, v1.27.13, v1.28.9, v1.29.4, v1.30.0] | |
uses: ./.github/workflows/zz-tmpl-k8s-e2e.yaml | |
with: | |
k8s-version: ${{ matrix.k8s }} | |
kubernetes-validations: | |
name: Kubernetes with Validations | |
needs: | |
- changes | |
- build | |
if: | | |
(needs.changes.outputs.go == 'true') || (needs.changes.outputs.baseimage == 'true') || ${{ github.event.workflow_dispatch.run_e2e == 'true' }} | |
strategy: | |
matrix: | |
k8s: [v1.26.15, v1.27.13, v1.28.9, v1.29.4, v1.30.0] | |
uses: ./.github/workflows/zz-tmpl-k8s-e2e.yaml | |
with: | |
k8s-version: ${{ matrix.k8s }} | |
variation: "VALIDATIONS" | |
kubernetes-chroot: | |
name: Kubernetes chroot | |
needs: | |
- changes | |
- build | |
if: | | |
(needs.changes.outputs.go == 'true') || (needs.changes.outputs.baseimage == 'true') || ${{ github.event.workflow_dispatch.run_e2e == 'true' }} | |
strategy: | |
matrix: | |
k8s: [v1.26.15, v1.27.13, v1.28.9, v1.29.4, v1.30.0] | |
uses: ./.github/workflows/zz-tmpl-k8s-e2e.yaml | |
with: | |
k8s-version: ${{ matrix.k8s }} | |
variation: "CHROOT" |