Merge branch 'main' into evolve_oidc_logout

.github/actionlint.yaml

@@ -0,0 +1,8 @@
+self-hosted-runner:
+  # Labels of self-hosted runner in array of strings.
+  labels:
+    - kic-plus
+# Configuration variables in array of strings defined in your repository or
+# organization. `null` means disabling configuration variables check.
+# Empty array means no configuration variable is allowed.
+config-variables: null

.github/actions/certify-openshift-image/action.yml

@@ -0,0 +1,57 @@
+name: Certify Openshift Image
+description: This action will attempt to certify an image for use in Openshift
+
+inputs:
+  image:
+    description: The image manifest to certify in the format <registry>/<repository>:<tag>
+    required: true
+  project_id:
+    description: The certification project id
+    required: true
+  pyxis_token:
+    description: The Pyxis API Token
+    required: true
+  preflight_version:
+    description: The version of the preflight utility to install
+    required: false
+    default: 1.9.1
+  platforms:
+    description: A comma separated list of architectures in the image manifest to certify
+    required: false
+    default: ""
+
+outputs:
+  result:
+    description: Did the certification succeed?
+    value: ${{ steps.result.outputs.result == 0 && true || false }}
+
+runs:
+  using: composite
+  steps:
+    - name: Install openshift-preflight
+      run: |
+        curl -fsSL https://github.com/redhat-openshift-ecosystem/openshift-preflight/releases/download/${{ inputs.preflight_version }}/preflight-linux-amd64 --output preflight
+        chmod +x preflight
+      shell: bash
+
+    - name: Certify Images
+      id: result
+      run: |
+        result=0
+        if [ -z "${{ inputs.platforms }}" ]; then
+          # list of platforms passed
+          IFS=',' read -ra arch_list <<< "${{ inputs.platforms }}"
+          for arch in "${arch_list[@]}"; do
+              architecture=("${arch#*/}")
+              ./preflight check container ${{ inputs.image }} --pyxis-api-token ${{ inputs.pyxis_token }} --certification-project-id ${{ inputs.project_id }} --platform $architecture --submit
+              if [ $? -ne 0 ]; then
+                result=1
+              fi
+          done
+        else
+          # no platforms passed, this is either a manifest or a single platform image
+          ./preflight check container ${{ inputs.image }} --pyxis-api-token ${{ inputs.pyxis_token }} --certification-project-id ${{ inputs.project_id }} --submit
+          result=$?
+        fi
+        echo "result=$result" >> $GITHUB_OUTPUT
+      shell: bash

.github/actions/install-skopeo/action.yml

@@ -0,0 +1,33 @@
+name: Install Skopeo
+description: Install Skopeo from source on ubuntu runner
+
+inputs:
+  version:
+    description: The Skopeo version to install
+    default: v1.14.2
+    required: false
+  repo:
+    description: The Skopeo repository
+    default: github.com/containers/skopeo
+    required: false
+
+outputs:
+  result:
+    description: Did the installation succeed?
+    value: ${{ steps.result.outputs.result == 0 && true || false }}
+
+runs:
+  using: composite
+  steps:
+    - name: Install Skopeo
+      id: result
+      run: |
+          sudo apt-get -y update
+          sudo apt install libgpgme-dev libassuan-dev libbtrfs-dev libdevmapper-dev pkg-config go-md2man
+          sudo mkdir -p $GOPATH/src/${{ inputs.repo }}
+          sudo git clone --depth 1 -b ${{ inputs.version }} https://${{ inputs.repo }} $GOPATH/src/${{ inputs.repo }}
+          pushd $GOPATH/src/${{ inputs.repo }} && sudo make install
+          popd
+          skopeo --version
+          echo "result=$?" >> $GITHUB_OUTPUT
+      shell: bash

.github/config/config-gcr-retag

@@ -0,0 +1,6 @@
+export TARGET_REGISTRY=gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev
+declare -a PLUS_TAG_POSTFIX_LIST=("" "-ubi" "-alpine" "-alpine-fips" "-mktpl" "-alpine-mktpl" "-alpine-mktpl-fips")
+declare -a NAP_WAF_TAG_POSTFIX_LIST=("" "-ubi" "-mktpl" "-ubi-mktpl" "-alpine-fips")
+declare -a NAP_DOS_TAG_POSTFIX_LIST=("" "-ubi" "-mktpl" "-ubi-mktpl")
+declare -a NAP_WAF_DOS_TAG_POSTFIX_LIST=("" "-ubi" "-mktpl" "-ubi-mktpl")
+declare -a ADDITIONAL_TAGS=()

.github/config/config-oss-dockerhub

@@ -0,0 +1,7 @@
+export TARGET_REGISTRY=docker.io
+export TARGET_OSS_IMAGE_PREFIX="nginx/nginx-ingress"
+declare -a ADDITIONAL_TAGS=("latest" "${ADDITIONAL_TAG}")
+export PUBLISH_PLUS=false
+export PUBLISH_WAF=false
+export PUBLISH_DOS=false
+export PUBLISH_WAF_DOS=false

.github/config/config-oss-ecr

@@ -0,0 +1,7 @@
+export TARGET_REGISTRY=public.ecr.aws
+export TARGET_OSS_IMAGE_PREFIX="nginx/nginx-ingress"
+declare -a ADDITIONAL_TAGS=("latest" "${ADDITIONAL_TAG}")
+export PUBLISH_PLUS=false
+export PUBLISH_WAF=false
+export PUBLISH_DOS=false
+export PUBLISH_WAF_DOS=false

.github/config/config-oss-gcr-release

@@ -0,0 +1,6 @@
+export TARGET_REGISTRY=gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/release
+declare -a ADDITIONAL_TAGS=("latest" "${ADDITIONAL_TAG}")
+export PUBLISH_PLUS=false
+export PUBLISH_WAF=false
+export PUBLISH_DOS=false
+export PUBLISH_WAF_DOS=false

.github/config/config-oss-github

@@ -0,0 +1,7 @@
+export TARGET_REGISTRY=ghcr.io
+export TARGET_OSS_IMAGE_PREFIX="nginxinc/kubernetes-ingress"
+declare -a ADDITIONAL_TAGS=("latest" "${ADDITIONAL_TAG}")
+export PUBLISH_PLUS=false
+export PUBLISH_WAF=false
+export PUBLISH_DOS=false
+export PUBLISH_WAF_DOS=false

.github/config/config-oss-quay

@@ -0,0 +1,7 @@
+export TARGET_REGISTRY=quay.io
+export TARGET_OSS_IMAGE_PREFIX="nginx/nginx-ingress"
+declare -a ADDITIONAL_TAGS=("latest" "${ADDITIONAL_TAG}")
+export PUBLISH_PLUS=false
+export PUBLISH_WAF=false
+export PUBLISH_DOS=false
+export PUBLISH_WAF_DOS=false

.github/config/config-plus-azure

@@ -0,0 +1,11 @@
+export TARGET_REGISTRY=nginxmktpl.azurecr.io
+export TARGET_PLUS_IMAGE_PREFIX="marketplaceimages/nginx-plus-ingress"
+export TARGET_NAP_WAF_IMAGE_PREFIX="marketplaceimages/nginx-plus-ingress-nap"
+export TARGET_NAP_DOS_IMAGE_PREFIX="marketplaceimages/nginx-plus-ingress-dos"
+export TARGET_NAP_WAF_DOS_IMAGE_PREFIX="marketplaceimages/nginx-plus-ingress-nap-dos"
+declare -a PLUS_TAG_POSTFIX_LIST=("")
+declare -a NAP_WAF_TAG_POSTFIX_LIST=("")
+declare -a NAP_DOS_TAG_POSTFIX_LIST=("")
+declare -a NAP_WAF_DOS_TAG_POSTFIX_LIST=("")
+declare -a ADDITIONAL_TAGS=()
+export PUBLISH_OSS=false

.github/config/config-plus-ecr

@@ -0,0 +1,11 @@
+export TARGET_REGISTRY=709825985650.dkr.ecr.us-east-1.amazonaws.com
+export TARGET_PLUS_IMAGE_PREFIX=nginx/nginx-plus-ingress
+export TARGET_NAP_WAF_IMAGE_PREFIX=nginx/nginx-plus-ingress-nap
+export TARGET_NAP_DOS_IMAGE_PREFIX=nginx/nginx-plus-ingress-dos
+export TARGET_NAP_WAF_DOS_IMAGE_PREFIX=nginx/nginx-plus-ingress-dos-nap
+declare -a PLUS_TAG_POSTFIX_LIST=("-mktpl" "-alpine-mktpl" "-alpine-mktpl-fips")
+declare -a NAP_WAF_TAG_POSTFIX_LIST=("-mktpl" "-ubi-mktpl")
+declare -a NAP_DOS_TAG_POSTFIX_LIST=("-mktpl" "-ubi-mktpl")
+declare -a NAP_WAF_DOS_TAG_POSTFIX_LIST=("-mktpl" "-ubi-mktpl")
+declare -a ADDITIONAL_TAGS=()
+export PUBLISH_OSS=false

.github/config/config-plus-gcr-public

@@ -0,0 +1,10 @@
+export PUBLISH_OSS=false
+export PUBLISH_WAF_DOS=false
+export TARGET_REGISTRY=gcr.io/f5-7626-networks-public
+export TARGET_PLUS_IMAGE_PREFIX=nginxinc/nginx-plus-ingress
+export TARGET_NAP_WAF_IMAGE_PREFIX=nginxinc/nginx-plus-ingress-nap
+export TARGET_NAP_DOS_IMAGE_PREFIX=nginxinc/nginx-plus-ingress-dos
+declare -a PLUS_TAG_POSTFIX_LIST=("")
+declare -a NAP_WAF_TAG_POSTFIX_LIST=("")
+declare -a NAP_DOS_TAG_POSTFIX_LIST=("")
+declare -a ADDITIONAL_TAGS=(${ADDITIONAL_TAG})

.github/config/config-plus-gcr-release

@@ -0,0 +1,7 @@
+export TARGET_REGISTRY=gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/release
+declare -a PLUS_TAG_POSTFIX_LIST=("" "-ubi" "-alpine" "-alpine-fips" "-mktpl" "-alpine-mktpl" "-alpine-mktpl-fips")
+declare -a NAP_WAF_TAG_POSTFIX_LIST=("" "-ubi" "-mktpl" "-ubi-mktpl" "-alpine-fips")
+declare -a NAP_DOS_TAG_POSTFIX_LIST=("" "-ubi" "-mktpl" "-ubi-mktpl")
+declare -a NAP_WAF_DOS_TAG_POSTFIX_LIST=("" "-ubi" "-mktpl" "-ubi-mktpl")
+declare -a ADDITIONAL_TAGS=("latest" "${ADDITIONAL_TAG}")
+export PUBLISH_OSS=false

.github/config/config-plus-nginx

@@ -0,0 +1,8 @@
+export TARGET_REGISTRY=docker-mgmt.nginx.com
+export TARGET_NAP_WAF_DOS_IMAGE_PREFIX="nginx-ic-nap-dos/nginx-plus-ingress"
+declare -a PLUS_TAG_POSTFIX_LIST=("" "-ubi" "-alpine" "-alpine-fips")
+declare -a NAP_WAF_TAG_POSTFIX_LIST=("" "-ubi" "-alpine-fips")
+declare -a NAP_DOS_TAG_POSTFIX_LIST=("" "-ubi")
+declare -a NAP_WAF_DOS_TAG_POSTFIX_LIST=("" "-ubi")
+declare -a ADDITIONAL_TAGS=("latest" "${ADDITIONAL_TAG}")
+export PUBLISH_OSS=false

.github/labeler.yml

@@ -8,22 +8,43 @@ bug:
   - head-branch: ['^fix/', '^bug/']
 
 chore:
-  - head-branch: ['^chore/']
+  - all:
+    - changed-files:
+      - any-glob-to-any-file: ['.github/**/*', 'hack/**/*', '*']
+      - all-globs-to-all-files: ['!*.md', '!go.mod', '!go.sum', '!*.go']
+
+github_actions:
+  - changed-files:
+    - any-glob-to-any-file: ['.github/**/*.yml', '.github/**/*.yaml', '.github/**/*.md']
+
+go:
+  - changed-files:
+    - any-glob-to-any-file: ['**/*.go', 'go.mod', 'go.sum']
+
+python:
+  - changed-files:
+    - any-glob-to-any-file: ['tests/**/*.py', 'tests/**/requirements.txt', 'tests/**/*.yaml', 'perf-tests/**/*.py', 'perf-tests/**/*.yaml']
 
 tests:
-  - any:
-      - head-branch: ['^tests/', '^test/']
-      - changed-files: ['tests/**/*', 'perf-tests/**/*']
   - all:
-      - changed-files: ['!tests/requirements.txt', '!perf-tests/requirements.txt']
+    - changed-files:
+      - any-glob-to-any-file: ['tests/**/*', 'perf-tests/**/*']
+      - all-globs-to-all-files: ['!tests/requirements.txt', '!perf-tests/requirements.txt']
 
 documentation:
   - head-branch: ['^docs/', '^doc/']
-  - changed-files: '**/*.md'
+  - changed-files:
+    - any-glob-to-any-file: '**/*.md'
 
 dependencies:
   - head-branch: ['^deps/', '^dep/', '^dependabot/', 'pre-commit-ci-update-config']
-  - changed-files: ['go.mod', 'go.sum']
+  - changed-files:
+    - any-glob-to-any-file: ['go.mod', 'go.sum']
 
 helm_chart:
-  - changed-files: ['charts/nginx-ingress/**/*']
+  - changed-files:
+    - any-glob-to-any-file: 'charts/nginx-ingress/**/*'
+
+docker:
+  - changed-files:
+    - any-glob-to-any-file: '**/Dockerfile'