Merge pull request #328 from wallarm/DEVOPS-2402

Helm 4.8.6

.github/workflows/build.yaml

@@ -158,4 +158,3 @@ jobs:
           retention-days: 30
           name: ${{ steps.sign.outputs.sbom }}
           path: ${{ steps.sign.outputs.sbom }}
-

.github/workflows/ci.yaml

@@ -28,7 +28,7 @@ jobs:
       - name: Checkout
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
-      - uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.10.2
+      - uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1
         id: filter
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
@@ -68,7 +68,7 @@ jobs:
       ARCH: ${{ matrix.ARCH }}
     steps:
       - name: Checkout
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v3.0.2
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
       - name: Build controller images
         env:
@@ -132,7 +132,7 @@ jobs:
             kv-gitlab-ci/data/github/shared/smoke-tests-registry-creds token_secret ;
 
       - name: Checkout
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v3.0.2
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
       - name: Load cache
         uses: actions/download-artifact@f44cd7b40bfd40b6aa1cc1b9b5b7bf03d3c67110
@@ -190,7 +190,7 @@ jobs:
           secrets: kv-gitlab-ci/data/github/ingress api_token
 
       - name: Checkout
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v3.0.2
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
         with:
           fetch-depth: 0
 
@@ -228,7 +228,7 @@ jobs:
       ARCH: amd64
     steps:
       - name: Checkout
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v3.0.2
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
       - name: Load controller build cache
         uses: actions/download-artifact@f44cd7b40bfd40b6aa1cc1b9b5b7bf03d3c67110
@@ -280,7 +280,7 @@ jobs:
           secrets: kv-gitlab-ci/data/github/ingress api_token
 
       - name: Checkout
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v3.0.2
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
       - name: Load controller build cache
         uses: actions/download-artifact@f44cd7b40bfd40b6aa1cc1b9b5b7bf03d3c67110
@@ -331,4 +331,4 @@ jobs:
           image: "wallarm/ingress-controller:1.0.0-dev"
           fail-build: true
           output-format: 'table'
-          severity-cutoff: 'critical'
+          severity-cutoff: 'critical'

.github/workflows/depreview.yaml

@@ -0,0 +1,14 @@
+name: 'Dependency Review'
+on: [pull_request]
+
+permissions:
+  contents: read
+
+jobs:
+  dependency-review:
+    runs-on: ubuntu-latest
+    steps:
+      - name: 'Checkout Repository'
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - name: 'Dependency Review'
+        uses: actions/dependency-review-action@01bc87099ba56df1e897b6874784491ea6309bc4 # v3.1.4

.github/workflows/golangci-lint.yml

@@ -25,10 +25,10 @@ jobs:
         id: go
         uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
         with:
-          go-version: '1.21.3'
+          go-version: '1.21.5'
           check-latest: true
 
       - name: golangci-lint
         uses: golangci/golangci-lint-action@3a919529898de77ec3da873e3063ca4b10e7f5cc # v3.7.0
         with:
-          version: v1.53
+          version: v1.55.2

.github/workflows/plugin.yaml

@@ -1 +0,0 @@
-

.github/workflows/scorecards.yml

@@ -59,6 +59,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@896079047b4bb059ba6f150a5d87d47dde99e6e5 # v2.1.37
+        uses: github/codeql-action/upload-sarif@03e7845b7bfcd5e7fb63d1ae8c61b0e791134fab # v2.1.37
         with:
           sarif_file: results.sarif

.github/workflows/vulnerability-scans.yaml

@@ -62,11 +62,11 @@ jobs:
 
     # This step checks out a copy of your repository.
     - name: Upload SARIF file
-      uses: github/codeql-action/upload-sarif@896079047b4bb059ba6f150a5d87d47dde99e6e5
+      uses: github/codeql-action/upload-sarif@03e7845b7bfcd5e7fb63d1ae8c61b0e791134fab # v2.1.37
       with:
         token: ${{ github.token }}
         # Path to SARIF file relative to the root of the repository
-        sarif_file: ${{ github.workspace }}/trivy-results-${{ needs.version.outputs.tag }}.sarif
+        sarif_file: ${{ github.workspace }}/trivy-results-${{ matrix.versions }}.sarif
 
     - name: Vulz Count
       shell: bash

.gitignore

@@ -63,3 +63,4 @@ tmp/
 test/junitreports/
 wallarm-*.tar.gz
 allure_report
+tests/__snapshot__

AIO_BASE

@@ -1 +1 @@
-4.8.0
+4.8.4

NGINX_BASE

@@ -1 +1 @@
-registry.k8s.io/ingress-nginx/nginx:v20231011-8b53cabe0@sha256:34881d62f71e8573fb765c40585dba28a1148206fbbe2c3871ad3f4e8c6e360f
+registry.k8s.io/ingress-nginx/nginx:v20231208-4c39e6acc@sha256:03508408458d00ba4e219d2693ba2a039ba66d4151ab9b43794f61877e0abb73

OWNERS_ALIASES

@@ -26,10 +26,12 @@ aliases:
 
   ingress-nginx-helm-maintainers:
   - cpanato
+  - Gacko
   - strongjz
 
   ingress-nginx-helm-reviewers:
   - cpanato
+  - Gacko
   - strongjz
 
   ingress-nginx-docs-maintainers:

README.md

@@ -38,17 +38,18 @@ the versions listed. Ingress-Nginx versions **may** work on older versions, but
 
 |  Supported  | Ingress-NGINX version | k8s supported version        | Alpine Version | Nginx Version | Helm Chart Version |
 |:--:|-----------------------|------------------------------|----------------|---------------|------------------------------|
-| 🔄 | **v1.9.4**            | 1.28, 1.27,1.26, 1.25        | 3.18.4         | 1.21.6        | 4.8.3*                        |
-| 🔄 | **v1.9.3**            | 1.28, 1.27,1.26, 1.25        | 3.18.4         | 1.21.6        | 4.8.*                        |
-| 🔄 | **v1.9.1**            | 1.28, 1.27,1.26, 1.25        | 3.18.4         | 1.21.6        | 4.8.*                        |
-| 🔄 | **v1.9.0**            | 1.28, 1.27,1.26, 1.25        | 3.18.2         | 1.21.6        | 4.8.*                        |
-| 🔄 | **v1.8.4**            | 1.27,1.26, 1.25, 1.24        | 3.18.2         | 1.21.6        | 4.7.*                        |
-| 🔄 | **v1.8.2**            | 1.27,1.26, 1.25, 1.24        | 3.18.2         | 1.21.6        | 4.7.*                        |
-| 🔄 | **v1.8.1**            | 1.27,1.26, 1.25, 1.24        | 3.18.2         | 1.21.6        | 4.7.*              |
-| 🔄 | **v1.8.0**            | 1.27,1.26, 1.25, 1.24        | 3.18.0         | 1.21.6        | 4.7.*              |
-| 🔄 | **v1.7.1**            | 1.27,1.26, 1.25, 1.24        | 3.17.2         | 1.21.6        | 4.6.*              |
+| 🔄 | **v1.9.5**            | 1.28, 1.27, 1.26, 1.25        | 3.18.4         | 1.21.6        | 4.9.0*                        |
+| 🔄 | **v1.9.4**            | 1.28, 1.27, 1.26, 1.25        | 3.18.4         | 1.21.6        | 4.8.3                        |
+| 🔄 | **v1.9.3**            | 1.28, 1.27, 1.26, 1.25        | 3.18.4         | 1.21.6        | 4.8.*                        |
+| 🔄 | **v1.9.1**            | 1.28, 1.27, 1.26, 1.25        | 3.18.4         | 1.21.6        | 4.8.*                        |
+| 🔄 | **v1.9.0**            | 1.28, 1.27, 1.26, 1.25        | 3.18.2         | 1.21.6        | 4.8.*                        |
+| 🔄 | **v1.8.4**            | 1.27, 1.26, 1.25, 1.24        | 3.18.2         | 1.21.6        | 4.7.*                        |
+| 🔄 | **v1.8.2**            | 1.27, 1.26, 1.25, 1.24        | 3.18.2         | 1.21.6        | 4.7.*                        |
+| 🔄 | **v1.8.1**            | 1.27, 1.26, 1.25, 1.24        | 3.18.2         | 1.21.6        | 4.7.*              |
+| 🔄 | **v1.8.0**            | 1.27, 1.26, 1.25, 1.24        | 3.18.0         | 1.21.6        | 4.7.*              |
+| 🔄 | **v1.7.1**            | 1.27, 1.26, 1.25, 1.24        | 3.17.2         | 1.21.6        | 4.6.*              |
 | 🔄 | **v1.7.0**            | 1.26, 1.25, 1.24             | 3.17.2         | 1.21.6        | 4.6.*              |
-|    | **v1.6.4**            | 1.26, 1.25, 1.24, 1.23       | 3.17.0         | 1.21.6        | 4.5.*              |
+|    | v1.6.4                | 1.26, 1.25, 1.24, 1.23       | 3.17.0         | 1.21.6        | 4.5.*              |
 |    | v1.5.1                | 1.25, 1.24, 1.23             | 3.16.2         | 1.21.6        | 4.4.*              |
 |    | v1.4.0                | 1.25, 1.24, 1.23, 1.22       | 3.16.2         | 1.19.10†      | 4.3.0              |
 |    | v1.3.1                | 1.24, 1.23, 1.22, 1.21, 1.20 | 3.16.2         | 1.19.10†      | 4.2.5              |

TAG

@@ -1 +1 @@
-4.8.1-1
+4.8.2-1

build/run-in-docker.sh

@@ -44,7 +44,7 @@ function cleanup {
 }
 trap cleanup EXIT
 
-E2E_IMAGE=${E2E_IMAGE:-registry.k8s.io/ingress-nginx/e2e-test-runner:v20231011-8b53cabe0@sha256:ed0dad805c635e66469b4ac376010eebdd0b3fe62d753f58db1632d6f12f451d}
+E2E_IMAGE=${E2E_IMAGE:-registry.k8s.io/ingress-nginx/e2e-test-runner:v20231208-4c39e6acc@sha256:0607184ca9c53c9c24a47b6f52347dd96137b05c6f276efa67051929a39e8f7a}
 
 if [[ "$RUNTIME" == podman ]]; then
   # Podman does not support both tag and digest
@@ -87,7 +87,7 @@ if [[ "$DOCKER_IN_DOCKER_ENABLED" == "true" ]]; then
   echo "..reached DIND check TRUE block, inside run-in-docker.sh"
   echo "FLAGS=$FLAGS"
   #go env
-  go install -mod=mod github.com/onsi/ginkgo/v2/ginkgo@v2.13.0
+  go install -mod=mod github.com/onsi/ginkgo/v2/ginkgo@v2.13.1
   find / -type f -name ginkgo 2>/dev/null
   which ginkgo
   /bin/bash -c "${FLAGS}"

changelog/Changelog-1.6.4.md → changelog/controller-1.6.4.md

@@ -1,12 +1,13 @@
 # Changelog
 
 ### 1.6.4
+
 Images:
 
- * registry.k8s.io/controller:controller-v1.6.4@sha256:15be4666c53052484dd2992efacf2f50ea77a78ae8aa21ccd91af6baaa7ea22f
- * registry.k8s.io/controller-chroot:controller-v1.6.4@sha256:0de01e2c316c3ca7847ca13b32d077af7910d07f21a4a82f81061839764f8f81
- 
-### All Changes:
+* registry.k8s.io/controller:controller-v1.6.4@sha256:15be4666c53052484dd2992efacf2f50ea77a78ae8aa21ccd91af6baaa7ea22f
+* registry.k8s.io/controller-chroot:controller-v1.6.4@sha256:0de01e2c316c3ca7847ca13b32d077af7910d07f21a4a82f81061839764f8f81
+
+### All changes:
 
 * remove tests and regex path checks (#9626)
 * Fix incorrect annotation name in upstream hashing configuration (#9617)
@@ -99,7 +100,8 @@ Images:
 * PDB: Add `maxUnavailable`. (#9278)
 * add containerSecurityContext to extraModules init containers (kubernetes#9016) (#9242)
 
-### Dependencies updates: 
+### Dependency updates:
+
 * Bump google.golang.org/grpc from 1.52.0 to 1.52.3 (#9555)
 * Bump k8s.io/klog/v2 from 2.80.1 to 2.90.0 (#9553)
 * Bump sigs.k8s.io/controller-runtime from 0.13.1 to 0.14.2 (#9552)
@@ -132,5 +134,5 @@ Images:
 * Bump github.com/onsi/ginkgo/v2 from 2.4.0 to 2.5.1 (#9317)
 * Bump actions/dependency-review-action from 2.5.1 to 3.0.0 (#9301)
 * Bump k8s.io/component-base from 0.25.3 to 0.25.4 (#9300)
- 
+
 **Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-controller-v1.5.1...controller-controller-v1.6.4

changelog/Changelog-1.7.0.md → changelog/controller-1.7.0.md

@@ -1,12 +1,13 @@
 # Changelog
 
 ### 1.7.0
+
 Images:
 
- * registry.k8s.io/ingress-nginx/controller:v1.7.0@sha256:7612338342a1e7b8090bef78f2a04fffcadd548ccaabe8a47bf7758ff549a5f7
- * registry.k8s.io/ingress-nginx/controller-chroot:v1.7.0@sha256:e84ef3b44c8efeefd8b0aa08770a886bfea1f04c53b61b4ba9a7204e9f1a7edc
- 
-### All Changes:
+* registry.k8s.io/ingress-nginx/controller:v1.7.0@sha256:7612338342a1e7b8090bef78f2a04fffcadd548ccaabe8a47bf7758ff549a5f7
+* registry.k8s.io/ingress-nginx/controller-chroot:v1.7.0@sha256:e84ef3b44c8efeefd8b0aa08770a886bfea1f04c53b61b4ba9a7204e9f1a7edc
+
+### All changes:
 
 * kick off 1.7.0 build (#9775)
 * Update exposing-tcp-udp-services.md (#9777)
@@ -46,7 +47,8 @@ Images:
 * Fix incorrect annotation name in upstream hashing configuration (#9617)
 * Release docs for Controller v1.6.3 and Helm v4.5.0 (#9614)
 
-### Dependencies updates: 
+### Dependency updates:
+
 * Bump aquasecurity/trivy-action from 0.8.0 to 0.9.2 (#9767)
 * Bump k8s.io/component-base from 0.26.2 to 0.26.3 (#9764)
 * Bump actions/dependency-review-action from 3.0.3 to 3.0.4 (#9766)
@@ -74,5 +76,5 @@ Images:
 * Bump google.golang.org/grpc from 1.52.3 to 1.53.0 (#9610)
 * Bump github.com/prometheus/client_golang (#9630)
 * Bump golang.org/x/crypto from 0.5.0 to 0.6.0 (#9609)
- 
+
 **Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-controller-v1.6.3...controller-controller-v1.7.0

changelog/Changelog-1.7.1.md → changelog/controller-1.7.1.md

@@ -1,12 +1,13 @@
 # Changelog
 
 ### 1.7.1
+
 Images:
 
- * registry.k8s.io/ingress-nginx/controller:v1.7.1@sha256:7244b95ea47bddcb8267c1e625fb163fc183ef55448855e3ac52a7b260a60407
- * registry.k8s.io/ingress-nginx/controller-chroot:v1.7.1@sha256:e35d5ab487861b9d419c570e3530589229224a0762c7b4d2e2222434abb8d988
- 
-### All Changes:
+* registry.k8s.io/ingress-nginx/controller:v1.7.1@sha256:7244b95ea47bddcb8267c1e625fb163fc183ef55448855e3ac52a7b260a60407
+* registry.k8s.io/ingress-nginx/controller-chroot:v1.7.1@sha256:e35d5ab487861b9d419c570e3530589229224a0762c7b4d2e2222434abb8d988
+
+### All changes:
 
 * Update TAG - 1.7.1 (#9922)
 * Update dependabot to watch docker images (#9600)
@@ -30,7 +31,8 @@ Images:
 * Values: Fix indention of commented values. (#9812)
 * The Ingress-Nginx project recently released version 1.7.0 of the controller, but the deployment documentation still referenced version 1.6.4. This commit updates the documentation to reference the latest version, ensuring that users have access to the most up-to-date information. Fixes#9787 (#9788)
 
-### Dependencies updates: 
+### Dependency updates:
+
 * Bump github.com/opencontainers/runc from 1.1.6 to 1.1.7 (#9912)
 * Bump github.com/prometheus/client_golang from 1.14.0 to 1.15.0 (#9868)
 * Bump aquasecurity/trivy-action from 0.9.2 to 0.10.0 (#9888)
@@ -48,5 +50,5 @@ Images:
 * Bump github.com/imdario/mergo from 0.3.13 to 0.3.15 (#9795)
 * Bump google.golang.org/grpc from 1.53.0 to 1.54.0 (#9794)
 * Bump sigs.k8s.io/controller-runtime from 0.14.5 to 0.14.6 (#9822)
- 
+
 **Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-controller-v1.7.0...controller-controller-v1.7.1

changelog/Changelog-1.8.0.md → changelog/controller-1.8.0.md

@@ -1,31 +1,28 @@
 # Changelog
 
 ### 1.8.0
+
 Images:
 
 * registry.k8s.io/ingress-nginx/controller:v1.8.0@sha256:744ae2afd433a395eeb13dc03d3313facba92e96ad71d9feaafc85925493fee3
 * registry.k8s.io/ingress-nginx/controller-chroot:v1.8.0@sha256:a45e41cd2b7670adf829759878f512d4208d0aec1869dae593a0fecd09a5e49e
 
-### Important Changes:
+### Important changes:
 
 * Validate path types (#9967)
 * images: upgrade to Alpine 3.18 (#9997)
 * Update documentation to reflect project name; Ingress-Nginx Controller
 
-For improving security on our 1.8.0 release includes a 
-[new, **optional** validation ](https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#strict-validate-path-type) 
-that limits the characters accepted  on ".spec paths.path" when pathType=Exact or pathType=Prefix, 
-to alphanumeric characters only. More information can be found on our 
-[Google doc](https://docs.google.com/document/d/1HPvaEwHRuMSkXYkVIJ-w7IpijKdHfNynm_4N2Akt0CQ/edit?usp=sharing)
-, our new [ingress-nginx-dev mailing list](https://groups.google.com/a/kubernetes.io/g/ingress-nginx-dev/c/ebbBMo-zX-w)
-or in our [docs](https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#strict-validate-path-type)
+For improving security, our 1.8.0 release includes a [new, **optional** validation ](https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#strict-validate-path-type) that limits the characters accepted  on ".spec paths.path" when pathType=Exact or athType=Prefix, to alphanumeric characters only.
+
+More information can be found on our [Google doc](https://docs.google.com/document/d/1HPvaEwHRuMSkXYkVIJ-w7IpijKdHfNynm_4N2Akt0CQ/edit?usp=sharing), our new [ingress-nginx-dev mailing list](https://groups.google.com/a/kubernetes.io/g/ingress-nginx-dev/c/ebbBMo-zX-w) or in our [docs](https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#strict-validate-path-type)
 
 ### Community Updates
 
 We are now posting updates and release to our twitter handle, [@IngressNginx](https://twitter.com/IngressNGINX) and
 on our new [ingress-nginx-dev mailing list](https://groups.google.com/a/kubernetes.io/g/ingress-nginx-dev/c/ebbBMo-zX-w)
 
-### All Changes:
+### All changes:
 
 * Add legacy to OpenTelemetry migration doc (#10011)
 * changed tagsha to recent builds (#10001)
@@ -64,4 +61,4 @@ on our new [ingress-nginx-dev mailing list](https://groups.google.com/a/kubernet
 * Bump github.com/prometheus/client_model from 0.3.0 to 0.4.0 (#9937)
 * Bump google.golang.org/grpc from 1.54.0 to 1.55.0 (#9936)
 
-**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-controller-v1.7.1...controller-controller-v1.8.0
+**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/controller-controller-v1.7.1...controller-controller-v1.8.0