From ecf859f551ea9144ee6e3ff05c149b7818e9c25e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 15 May 2024 10:44:27 +0100 Subject: [PATCH 001/101] Bump redhat/ubi8 from `edc34f8` to `83068ea` in /build (#5535) Bumps redhat/ubi8 from `edc34f8` to `83068ea`. --- updated-dependencies: - dependency-name: redhat/ubi8 dependency-type: direct:production ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Jakub Jarosz <99677300+jjngx@users.noreply.github.com> Co-authored-by: oseoin --- build/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build/Dockerfile b/build/Dockerfile index 25be28965a..17856dd370 100644 --- a/build/Dockerfile +++ b/build/Dockerfile @@ -293,7 +293,7 @@ RUN --mount=type=secret,id=nginx-repo.crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode && dnf clean all ############################################# Base image for UBI with NGINX Plus and App Protect WAF & DoS ############################################# -FROM redhat/ubi8@sha256:edc34f89cf9c818c2fb28b8ea1780f384db563ce4293dc0ab8e73ec01791e5af as ubi-8-plus-nap +FROM redhat/ubi8@sha256:83068ea81dd02717b8e39b55cdeb2c1b2c9a3db260f01381b991755d44b15073 as ubi-8-plus-nap ARG NAP_MODULES RUN --mount=type=secret,id=nginx-repo.crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 \ From 4599949c8b5e9fd0230742eae4df5e8fa8172d0b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 15 May 2024 11:35:33 +0100 Subject: [PATCH 002/101] Bump kindest/node from v1.29.2 to v1.30.0 in /tests in the docker-tests group across 1 directory (#5549) --- tests/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/Dockerfile b/tests/Dockerfile index 22e1d75bcc..24eea9d05d 100644 --- a/tests/Dockerfile +++ b/tests/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:1.5 # this is here so we can grab the latest version of kind and have dependabot keep it up to date -FROM kindest/node:v1.29.2@sha256:51a1434a5397193442f0be2a297b488b6c919ce8a3931be0ce822606ea5ca245 +FROM kindest/node:v1.30.0@sha256:047357ac0cfea04663786a612ba1eaba9702bef25227a794b52890dd8bcd692e FROM python:3.12@sha256:3733015cdd1bd7d9a0b9fe21a925b608de82131aa4f3d397e465a1fcb545d36f From 655a7d0b70bd0378c317dbdd871347b3b49d94b2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 15 May 2024 13:03:54 +0000 Subject: [PATCH 003/101] Bump the actions group across 1 directory with 8 updates (#5548) Bumps the actions group with 8 updates in the / directory: | Package | From | To | | --- | --- | --- | | [google-github-actions/auth](https://github.com/google-github-actions/auth) | `2.1.2` | `2.1.3` | | [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) | `0.19.0` | `0.20.0` | | [github/codeql-action](https://github.com/github/codeql-action) | `3.25.3` | `3.25.5` | | [codecov/codecov-action](https://github.com/codecov/codecov-action) | `4.3.1` | `4.4.0` | | [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) | `5.0.0` | `5.1.0` | | [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) | `6.0.0` | `6.0.1` | | [reviewdog/action-actionlint](https://github.com/reviewdog/action-actionlint) | `1.45.0` | `1.46.0` | | [ossf/scorecard-action](https://github.com/ossf/scorecard-action) | `2.3.1` | `2.3.3` | Updates `google-github-actions/auth` from 2.1.2 to 2.1.3 - [Release notes](https://github.com/google-github-actions/auth/releases) - [Changelog](https://github.com/google-github-actions/auth/blob/main/CHANGELOG.md) - [Commits](https://github.com/google-github-actions/auth/compare/55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c...71fee32a0bb7e97b4d33d548e7d957010649d8fa) Updates `aquasecurity/trivy-action` from 0.19.0 to 0.20.0 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/d710430a6722f083d3b36b8339ff66b32f22ee55...b2933f565dbc598b29947660e66259e3c7bc8561) Updates `github/codeql-action` from 3.25.3 to 3.25.5 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/d39d31e687223d841ef683f52467bd88e9b21c14...b7cec7526559c32f1616476ff32d17ba4c59b2d6) Updates `codecov/codecov-action` from 4.3.1 to 4.4.0 - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/codecov/codecov-action/compare/5ecb98a3c6b747ed38dc09f787459979aebb39be...6d798873df2b1b8e5846dba6fb86631229fbcb17) Updates `goreleaser/goreleaser-action` from 5.0.0 to 5.1.0 - [Release notes](https://github.com/goreleaser/goreleaser-action/releases) - [Commits](https://github.com/goreleaser/goreleaser-action/compare/7ec5c2b0c6cdda6e8bbb49444bc797dd33d74dd8...5742e2a039330cbb23ebf35f046f814d4c6ff811) Updates `golangci/golangci-lint-action` from 6.0.0 to 6.0.1 - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](https://github.com/golangci/golangci-lint-action/compare/23faadfdeb23a6f9e511beaba149bb123b5b145a...a4f60bb28d35aeee14e6880718e0c85ff1882e64) Updates `reviewdog/action-actionlint` from 1.45.0 to 1.46.0 - [Release notes](https://github.com/reviewdog/action-actionlint/releases) - [Commits](https://github.com/reviewdog/action-actionlint/compare/51bfb044ddaed55059d16f14daedbe05a9937dc1...89a03f6ba8c0a9fd238e82c075ffb34b86e40291) Updates `ossf/scorecard-action` from 2.3.1 to 2.3.3 - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](https://github.com/ossf/scorecard-action/compare/0864cf19026789058feabb7e87baa5f140aac736...dc50aa9510b46c811795eb24b2f1ba02a914e534) --- updated-dependencies: - dependency-name: google-github-actions/auth dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: aquasecurity/trivy-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: goreleaser/goreleaser-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: golangci/golangci-lint-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: reviewdog/action-actionlint dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Jakub Jarosz <99677300+jjngx@users.noreply.github.com> --- .github/workflows/build-base-images.yml | 6 +++--- .github/workflows/build-oss.yml | 6 +++--- .github/workflows/build-plus.yml | 6 +++--- .github/workflows/build-test-image.yml | 2 +- .github/workflows/ci.yml | 10 +++++----- .github/workflows/codeql-analysis.yml | 6 +++--- .github/workflows/lint-format.yml | 4 ++-- .github/workflows/oss-release.yml | 10 +++++----- .github/workflows/patch-image.yml | 2 +- .github/workflows/plus-release.yml | 12 ++++++------ .github/workflows/retag-images.yml | 2 +- .github/workflows/scorecards.yml | 4 ++-- 12 files changed, 35 insertions(+), 35 deletions(-) diff --git a/.github/workflows/build-base-images.yml b/.github/workflows/build-base-images.yml index 940657e890..d444471393 100644 --- a/.github/workflows/build-base-images.yml +++ b/.github/workflows/build-base-images.yml @@ -64,7 +64,7 @@ jobs: - name: Authenticate to Google Cloud id: auth - uses: google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c # v2.1.2 + uses: google-github-actions/auth@71fee32a0bb7e97b4d33d548e7d957010649d8fa # v2.1.3 with: token_format: access_token workload_identity_provider: ${{ secrets.GCR_WORKLOAD_IDENTITY }} @@ -130,7 +130,7 @@ jobs: - name: Authenticate to Google Cloud id: auth - uses: google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c # v2.1.2 + uses: google-github-actions/auth@71fee32a0bb7e97b4d33d548e7d957010649d8fa # v2.1.3 with: token_format: access_token workload_identity_provider: ${{ secrets.GCR_WORKLOAD_IDENTITY }} @@ -205,7 +205,7 @@ jobs: - name: Authenticate to Google Cloud id: auth - uses: google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c # v2.1.2 + uses: google-github-actions/auth@71fee32a0bb7e97b4d33d548e7d957010649d8fa # v2.1.3 with: token_format: access_token workload_identity_provider: ${{ secrets.GCR_WORKLOAD_IDENTITY }} diff --git a/.github/workflows/build-oss.yml b/.github/workflows/build-oss.yml index 7f83f23491..256b020355 100644 --- a/.github/workflows/build-oss.yml +++ b/.github/workflows/build-oss.yml @@ -103,7 +103,7 @@ jobs: - name: Authenticate to Google Cloud id: auth - uses: google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c # v2.1.2 + uses: google-github-actions/auth@71fee32a0bb7e97b4d33d548e7d957010649d8fa # v2.1.3 with: token_format: access_token workload_identity_provider: ${{ secrets.GCR_WORKLOAD_IDENTITY }} @@ -224,7 +224,7 @@ jobs: if: ${{ github.ref_type == 'tag' && contains(inputs.image, 'ubi') }} - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 # 0.19.0 + uses: aquasecurity/trivy-action@b2933f565dbc598b29947660e66259e3c7bc8561 # 0.20.0 continue-on-error: true with: image-ref: nginx/nginx-ingress:${{ steps.meta.outputs.version }} @@ -233,7 +233,7 @@ jobs: ignore-unfixed: "true" - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@d39d31e687223d841ef683f52467bd88e9b21c14 # v3.25.3 + uses: github/codeql-action/upload-sarif@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5 continue-on-error: true with: sarif_file: "trivy-results-${{ inputs.image }}.sarif" diff --git a/.github/workflows/build-plus.yml b/.github/workflows/build-plus.yml index 1832b4ed20..63dd2911e6 100644 --- a/.github/workflows/build-plus.yml +++ b/.github/workflows/build-plus.yml @@ -74,7 +74,7 @@ jobs: - name: Authenticate to Google Cloud id: auth - uses: google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c # v2.1.2 + uses: google-github-actions/auth@71fee32a0bb7e97b4d33d548e7d957010649d8fa # v2.1.3 with: token_format: access_token workload_identity_provider: ${{ secrets.GCR_WORKLOAD_IDENTITY }} @@ -254,7 +254,7 @@ jobs: if: ${{ inputs.publish-image }} - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 # 0.19.0 + uses: aquasecurity/trivy-action@b2933f565dbc598b29947660e66259e3c7bc8561 # 0.20.0 continue-on-error: true with: image-ref: ${{ steps.trivy-tag.outputs.tag }} @@ -264,7 +264,7 @@ jobs: if: ${{ inputs.publish-image }} - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@d39d31e687223d841ef683f52467bd88e9b21c14 # v3.25.3 + uses: github/codeql-action/upload-sarif@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5 continue-on-error: true with: sarif_file: "trivy-results-${{ inputs.image }}.sarif" diff --git a/.github/workflows/build-test-image.yml b/.github/workflows/build-test-image.yml index 62b08500a9..3e1649aa1a 100644 --- a/.github/workflows/build-test-image.yml +++ b/.github/workflows/build-test-image.yml @@ -35,7 +35,7 @@ jobs: - name: Authenticate to Google Cloud id: auth - uses: google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c # v2.1.2 + uses: google-github-actions/auth@71fee32a0bb7e97b4d33d548e7d957010649d8fa # v2.1.3 with: token_format: access_token workload_identity_provider: ${{ secrets.GCR_WORKLOAD_IDENTITY }} diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 326de25caf..70f5ca1ec6 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -155,7 +155,7 @@ jobs: run: make cover if: ${{ needs.checks.outputs.binary_cache_hit != 'true' }} - name: Upload coverage to Codecov - uses: codecov/codecov-action@5ecb98a3c6b747ed38dc09f787459979aebb39be # v4.3.1 + uses: codecov/codecov-action@6d798873df2b1b8e5846dba6fb86631229fbcb17 # v4.4.0 with: files: ./coverage.txt token: ${{ secrets.CODECOV_TOKEN }} # required @@ -227,7 +227,7 @@ jobs: if: github.ref_type == 'tag' - name: Build binaries - uses: goreleaser/goreleaser-action@7ec5c2b0c6cdda6e8bbb49444bc797dd33d74dd8 # v5.0.0 + uses: goreleaser/goreleaser-action@5742e2a039330cbb23ebf35f046f814d4c6ff811 # v5.1.0 with: version: latest args: ${{ github.ref_type == 'tag' && 'release' || 'build --snapshot' }} ${{ github.event_name == 'pull_request' && '--single-target' || '' }} --clean @@ -298,7 +298,7 @@ jobs: - name: Authenticate to Google Cloud id: auth - uses: google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c # v2.1.2 + uses: google-github-actions/auth@71fee32a0bb7e97b4d33d548e7d957010649d8fa # v2.1.3 with: token_format: access_token workload_identity_provider: ${{ secrets.GCR_WORKLOAD_IDENTITY }} @@ -433,7 +433,7 @@ jobs: - name: Authenticate to Google Cloud id: auth - uses: google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c # v2.1.2 + uses: google-github-actions/auth@71fee32a0bb7e97b4d33d548e7d957010649d8fa # v2.1.3 with: token_format: access_token workload_identity_provider: ${{ secrets.GCR_WORKLOAD_IDENTITY }} @@ -501,7 +501,7 @@ jobs: - name: Authenticate to Google Cloud id: auth - uses: google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c # v2.1.2 + uses: google-github-actions/auth@71fee32a0bb7e97b4d33d548e7d957010649d8fa # v2.1.3 with: token_format: access_token workload_identity_provider: ${{ secrets.GCR_WORKLOAD_IDENTITY }} diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 0f75521a17..d1f6cff604 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -70,7 +70,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@d39d31e687223d841ef683f52467bd88e9b21c14 # v3.25.3 + uses: github/codeql-action/init@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -89,7 +89,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, Go, Java, or Swift). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@d39d31e687223d841ef683f52467bd88e9b21c14 # v3.25.3 + uses: github/codeql-action/autobuild@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5 # ℹ️ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -102,6 +102,6 @@ jobs: # ./location_of_script_within_repo/buildscript.sh - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@d39d31e687223d841ef683f52467bd88e9b21c14 # v3.25.3 + uses: github/codeql-action/analyze@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5 with: category: "/language:${{matrix.language}}" diff --git a/.github/workflows/lint-format.yml b/.github/workflows/lint-format.yml index 7ce12618e8..dd82df61bb 100644 --- a/.github/workflows/lint-format.yml +++ b/.github/workflows/lint-format.yml @@ -52,7 +52,7 @@ jobs: go-version-file: go.mod - name: Lint Code - uses: golangci/golangci-lint-action@23faadfdeb23a6f9e511beaba149bb123b5b145a # v6.0.0 + uses: golangci/golangci-lint-action@a4f60bb28d35aeee14e6880718e0c85ff1882e64 # v6.0.1 with: only-new-issues: true @@ -63,7 +63,7 @@ jobs: - name: Checkout Repository uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 - - uses: reviewdog/action-actionlint@51bfb044ddaed55059d16f14daedbe05a9937dc1 # v1.45.0 + - uses: reviewdog/action-actionlint@89a03f6ba8c0a9fd238e82c075ffb34b86e40291 # v1.46.0 with: actionlint_flags: -shellcheck "" diff --git a/.github/workflows/oss-release.yml b/.github/workflows/oss-release.yml index 2243a05eed..838a1b3244 100644 --- a/.github/workflows/oss-release.yml +++ b/.github/workflows/oss-release.yml @@ -81,7 +81,7 @@ jobs: - name: Authenticate to Google Cloud id: gcr-auth - uses: google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c # v2.1.2 + uses: google-github-actions/auth@71fee32a0bb7e97b4d33d548e7d957010649d8fa # v2.1.3 with: token_format: access_token workload_identity_provider: ${{ secrets.GCR_WORKLOAD_IDENTITY }} @@ -123,7 +123,7 @@ jobs: - name: Authenticate to Google Cloud id: gcr-auth - uses: google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c # v2.1.2 + uses: google-github-actions/auth@71fee32a0bb7e97b4d33d548e7d957010649d8fa # v2.1.3 with: token_format: access_token workload_identity_provider: ${{ secrets.GCR_WORKLOAD_IDENTITY }} @@ -176,7 +176,7 @@ jobs: - name: Authenticate to Google Cloud id: gcr-auth - uses: google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c # v2.1.2 + uses: google-github-actions/auth@71fee32a0bb7e97b4d33d548e7d957010649d8fa # v2.1.3 with: token_format: access_token workload_identity_provider: ${{ secrets.GCR_WORKLOAD_IDENTITY }} @@ -224,7 +224,7 @@ jobs: - name: Authenticate to Google Cloud id: gcr-auth - uses: google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c # v2.1.2 + uses: google-github-actions/auth@71fee32a0bb7e97b4d33d548e7d957010649d8fa # v2.1.3 with: token_format: access_token workload_identity_provider: ${{ secrets.GCR_WORKLOAD_IDENTITY }} @@ -273,7 +273,7 @@ jobs: - name: Authenticate to Google Cloud id: gcr-auth - uses: google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c # v2.1.2 + uses: google-github-actions/auth@71fee32a0bb7e97b4d33d548e7d957010649d8fa # v2.1.3 with: token_format: access_token workload_identity_provider: ${{ secrets.GCR_WORKLOAD_IDENTITY }} diff --git a/.github/workflows/patch-image.yml b/.github/workflows/patch-image.yml index 5e3f83d433..7d0e0f5f98 100644 --- a/.github/workflows/patch-image.yml +++ b/.github/workflows/patch-image.yml @@ -56,7 +56,7 @@ jobs: - name: Authenticate to Google Cloud id: auth - uses: google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c # v2.1.2 + uses: google-github-actions/auth@71fee32a0bb7e97b4d33d548e7d957010649d8fa # v2.1.3 with: token_format: access_token workload_identity_provider: ${{ secrets.GCR_WORKLOAD_IDENTITY }} diff --git a/.github/workflows/plus-release.yml b/.github/workflows/plus-release.yml index 912cd1de67..92f9554497 100644 --- a/.github/workflows/plus-release.yml +++ b/.github/workflows/plus-release.yml @@ -81,7 +81,7 @@ jobs: - name: Authenticate to Google Cloud id: gcr-auth - uses: google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c # v2.1.2 + uses: google-github-actions/auth@71fee32a0bb7e97b4d33d548e7d957010649d8fa # v2.1.3 with: token_format: access_token workload_identity_provider: ${{ secrets.GCR_WORKLOAD_IDENTITY }} @@ -123,7 +123,7 @@ jobs: - name: Authenticate to Google Cloud id: gcr-auth - uses: google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c # v2.1.2 + uses: google-github-actions/auth@71fee32a0bb7e97b4d33d548e7d957010649d8fa # v2.1.3 with: token_format: access_token workload_identity_provider: ${{ secrets.GCR_WORKLOAD_IDENTITY }} @@ -180,7 +180,7 @@ jobs: - name: Authenticate to Google Cloud id: gcr-priv-auth - uses: google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c # v2.1.2 + uses: google-github-actions/auth@71fee32a0bb7e97b4d33d548e7d957010649d8fa # v2.1.3 with: token_format: access_token workload_identity_provider: ${{ secrets.GCR_WORKLOAD_IDENTITY }} @@ -188,7 +188,7 @@ jobs: - name: Authenticate to Google Cloud Marketplace id: gcr-mktpl-auth - uses: google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c # v2.1.2 + uses: google-github-actions/auth@71fee32a0bb7e97b4d33d548e7d957010649d8fa # v2.1.3 with: token_format: access_token workload_identity_provider: ${{ secrets.GCR_WORKLOAD_IDENTITY_MKTPL }} @@ -225,7 +225,7 @@ jobs: - name: Authenticate to Google Cloud id: gcr-auth - uses: google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c # v2.1.2 + uses: google-github-actions/auth@71fee32a0bb7e97b4d33d548e7d957010649d8fa # v2.1.3 with: token_format: access_token workload_identity_provider: ${{ secrets.GCR_WORKLOAD_IDENTITY }} @@ -275,7 +275,7 @@ jobs: - name: Authenticate to Google Cloud id: gcr-auth - uses: google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c # v2.1.2 + uses: google-github-actions/auth@71fee32a0bb7e97b4d33d548e7d957010649d8fa # v2.1.3 with: token_format: access_token workload_identity_provider: ${{ secrets.GCR_WORKLOAD_IDENTITY }} diff --git a/.github/workflows/retag-images.yml b/.github/workflows/retag-images.yml index 598a171af6..8a763a8f23 100644 --- a/.github/workflows/retag-images.yml +++ b/.github/workflows/retag-images.yml @@ -44,7 +44,7 @@ jobs: - name: Authenticate to Google Cloud id: gcr-auth - uses: google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c # v2.1.2 + uses: google-github-actions/auth@71fee32a0bb7e97b4d33d548e7d957010649d8fa # v2.1.3 with: token_format: access_token workload_identity_provider: ${{ secrets.GCR_WORKLOAD_IDENTITY }} diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index e9267ea978..d93a17581c 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -34,7 +34,7 @@ jobs: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1 + uses: ossf/scorecard-action@dc50aa9510b46c811795eb24b2f1ba02a914e534 # v2.3.3 with: results_file: results.sarif results_format: sarif @@ -57,6 +57,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@d39d31e687223d841ef683f52467bd88e9b21c14 # v3.25.3 + uses: github/codeql-action/upload-sarif@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5 with: sarif_file: results.sarif From 589d65aedb4afd95683411e1ebb7d6491e9bf933 Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Wed, 15 May 2024 14:18:08 +0000 Subject: [PATCH 004/101] [pre-commit.ci] pre-commit autoupdate (#5539) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit updates: - [github.com/golangci/golangci-lint: v1.58.0 → v1.58.1](https://github.com/golangci/golangci-lint/compare/v1.58.0...v1.58.1) - [github.com/python-jsonschema/check-jsonschema: 0.28.2 → 0.28.3](https://github.com/python-jsonschema/check-jsonschema/compare/0.28.2...0.28.3) Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com> Co-authored-by: Jakub Jarosz <99677300+jjngx@users.noreply.github.com> --- .pre-commit-config.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 0ca65de478..18077c8bbc 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -43,7 +43,7 @@ repos: pass_filenames: false - repo: https://github.com/golangci/golangci-lint - rev: v1.58.0 + rev: v1.58.1 hooks: - id: golangci-lint args: [--new-from-patch=/tmp/diff.patch] @@ -64,7 +64,7 @@ repos: - id: black - repo: https://github.com/python-jsonschema/check-jsonschema - rev: 0.28.2 + rev: 0.28.3 hooks: - id: check-jsonschema name: "Check Helm Chart JSON Schema" From 64120d5b84fb5cb4a0c48dcd2c627e52362ef036 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 15 May 2024 17:29:58 +0100 Subject: [PATCH 005/101] Bump the go group across 1 directory with 4 updates (#5537) * Bump the go group across 1 directory with 4 updates Bumps the go group with 3 updates in the / directory: [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2), [github.com/aws/aws-sdk-go-v2/service/marketplacemetering](https://github.com/aws/aws-sdk-go-v2) and [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang). Updates `github.com/aws/aws-sdk-go-v2/config` from 1.27.11 to 1.27.13 - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.27.11...config/v1.27.13) Updates `github.com/aws/aws-sdk-go-v2/service/marketplacemetering` from 1.21.4 to 1.21.5 - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/pi/v1.21.4...service/pi/v1.21.5) Updates `github.com/prometheus/client_golang` from 1.18.0 to 1.19.1 - [Release notes](https://github.com/prometheus/client_golang/releases) - [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md) - [Commits](https://github.com/prometheus/client_golang/compare/v1.18.0...v1.19.1) Updates `github.com/prometheus/common` from 0.47.0 to 0.48.0 - [Release notes](https://github.com/prometheus/common/releases) - [Commits](https://github.com/prometheus/common/compare/v0.47.0...v0.48.0) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go-v2/config dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go - dependency-name: github.com/aws/aws-sdk-go-v2/service/marketplacemetering dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go - dependency-name: github.com/prometheus/client_golang dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go - dependency-name: github.com/prometheus/common dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go ... Signed-off-by: dependabot[bot] * rollback prometheus client changes --------- Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Jakub Jarosz <99677300+jjngx@users.noreply.github.com> Co-authored-by: Eoin O'Shaughnessy Co-authored-by: oseoin --- go.mod | 12 ++++++------ go.sum | 24 ++++++++++++------------ 2 files changed, 18 insertions(+), 18 deletions(-) diff --git a/go.mod b/go.mod index 54e560886a..a4d550aadd 100644 --- a/go.mod +++ b/go.mod @@ -3,8 +3,8 @@ module github.com/nginxinc/kubernetes-ingress go 1.22.3 require ( - github.com/aws/aws-sdk-go-v2/config v1.27.11 - github.com/aws/aws-sdk-go-v2/service/marketplacemetering v1.21.4 + github.com/aws/aws-sdk-go-v2/config v1.27.13 + github.com/aws/aws-sdk-go-v2/service/marketplacemetering v1.21.5 github.com/cert-manager/cert-manager v1.14.5 github.com/dlclark/regexp2 v1.11.0 github.com/go-chi/chi/v5 v5.0.12 @@ -36,16 +36,16 @@ require ( github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 // indirect github.com/Microsoft/go-winio v0.6.1 // indirect github.com/aws/aws-sdk-go-v2 v1.26.1 // indirect - github.com/aws/aws-sdk-go-v2/credentials v1.17.11 // indirect + github.com/aws/aws-sdk-go-v2/credentials v1.17.13 // indirect github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.1 // indirect github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.5 // indirect github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.5 // indirect github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 // indirect github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2 // indirect github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.7 // indirect - github.com/aws/aws-sdk-go-v2/service/sso v1.20.5 // indirect - github.com/aws/aws-sdk-go-v2/service/ssooidc v1.23.4 // indirect - github.com/aws/aws-sdk-go-v2/service/sts v1.28.6 // indirect + github.com/aws/aws-sdk-go-v2/service/sso v1.20.6 // indirect + github.com/aws/aws-sdk-go-v2/service/ssooidc v1.24.0 // indirect + github.com/aws/aws-sdk-go-v2/service/sts v1.28.7 // indirect github.com/aws/smithy-go v1.20.2 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/blang/semver/v4 v4.0.0 // indirect diff --git a/go.sum b/go.sum index 969fd2f9ea..0b02fef527 100644 --- a/go.sum +++ b/go.sum @@ -11,10 +11,10 @@ github.com/alexbrainman/sspi v0.0.0-20210105120005-909beea2cc74 h1:Kk6a4nehpJ3Uu github.com/alexbrainman/sspi v0.0.0-20210105120005-909beea2cc74/go.mod h1:cEWa1LVoE5KvSD9ONXsZrj0z6KqySlCCNKHlLzbqAt4= github.com/aws/aws-sdk-go-v2 v1.26.1 h1:5554eUqIYVWpU0YmeeYZ0wU64H2VLBs8TlhRB2L+EkA= github.com/aws/aws-sdk-go-v2 v1.26.1/go.mod h1:ffIFB97e2yNsv4aTSGkqtHnppsIJzw7G7BReUZ3jCXM= -github.com/aws/aws-sdk-go-v2/config v1.27.11 h1:f47rANd2LQEYHda2ddSCKYId18/8BhSRM4BULGmfgNA= -github.com/aws/aws-sdk-go-v2/config v1.27.11/go.mod h1:SMsV78RIOYdve1vf36z8LmnszlRWkwMQtomCAI0/mIE= -github.com/aws/aws-sdk-go-v2/credentials v1.17.11 h1:YuIB1dJNf1Re822rriUOTxopaHHvIq0l/pX3fwO+Tzs= -github.com/aws/aws-sdk-go-v2/credentials v1.17.11/go.mod h1:AQtFPsDH9bI2O+71anW6EKL+NcD7LG3dpKGMV4SShgo= +github.com/aws/aws-sdk-go-v2/config v1.27.13 h1:WbKW8hOzrWoOA/+35S5okqO/2Ap8hkkFUzoW8Hzq24A= +github.com/aws/aws-sdk-go-v2/config v1.27.13/go.mod h1:XLiyiTMnguytjRER7u5RIkhIqS8Nyz41SwAWb4xEjxs= +github.com/aws/aws-sdk-go-v2/credentials v1.17.13 h1:XDCJDzk/u5cN7Aple7D/MiAhx1Rjo/0nueJ0La8mRuE= +github.com/aws/aws-sdk-go-v2/credentials v1.17.13/go.mod h1:FMNcjQrmuBYvOTZDtOLCIu0esmxjF7RuA/89iSXWzQI= github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.1 h1:FVJ0r5XTHSmIHJV6KuDmdYhEpvlHpiSd38RQWhut5J4= github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.1/go.mod h1:zusuAeqezXzAB24LGuzuekqMAEgWkVYukBec3kr3jUg= github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.5 h1:aw39xVGeRWlWx9EzGVnhOR4yOjQDHPQ6o6NmBlscyQg= @@ -27,14 +27,14 @@ github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2 h1:Ji0DY1x github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2/go.mod h1:5CsjAbs3NlGQyZNFACh+zztPDI7fU6eW9QsxjfnuBKg= github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.7 h1:ogRAwT1/gxJBcSWDMZlgyFUM962F51A5CRhDLbxLdmo= github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.7/go.mod h1:YCsIZhXfRPLFFCl5xxY+1T9RKzOKjCut+28JSX2DnAk= -github.com/aws/aws-sdk-go-v2/service/marketplacemetering v1.21.4 h1:zKfueuQerw3RCopW6KbTkoTuD3W/t9e898UYqyssopw= -github.com/aws/aws-sdk-go-v2/service/marketplacemetering v1.21.4/go.mod h1:Q01yJLephuOzv6IYzcknrpVAriOqB66+qtGnpqgw9UE= -github.com/aws/aws-sdk-go-v2/service/sso v1.20.5 h1:vN8hEbpRnL7+Hopy9dzmRle1xmDc7o8tmY0klsr175w= -github.com/aws/aws-sdk-go-v2/service/sso v1.20.5/go.mod h1:qGzynb/msuZIE8I75DVRCUXw3o3ZyBmUvMwQ2t/BrGM= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.23.4 h1:Jux+gDDyi1Lruk+KHF91tK2KCuY61kzoCpvtvJJBtOE= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.23.4/go.mod h1:mUYPBhaF2lGiukDEjJX2BLRRKTmoUSitGDUgM4tRxak= -github.com/aws/aws-sdk-go-v2/service/sts v1.28.6 h1:cwIxeBttqPN3qkaAjcEcsh8NYr8n2HZPkcKgPAi1phU= -github.com/aws/aws-sdk-go-v2/service/sts v1.28.6/go.mod h1:FZf1/nKNEkHdGGJP/cI2MoIMquumuRK6ol3QQJNDxmw= +github.com/aws/aws-sdk-go-v2/service/marketplacemetering v1.21.5 h1:p2PxN+OO28p2bCCXE79sJfFBaSohwxa24bQdjuyPZCs= +github.com/aws/aws-sdk-go-v2/service/marketplacemetering v1.21.5/go.mod h1:Q01yJLephuOzv6IYzcknrpVAriOqB66+qtGnpqgw9UE= +github.com/aws/aws-sdk-go-v2/service/sso v1.20.6 h1:o5cTaeunSpfXiLTIBx5xo2enQmiChtu1IBbzXnfU9Hs= +github.com/aws/aws-sdk-go-v2/service/sso v1.20.6/go.mod h1:qGzynb/msuZIE8I75DVRCUXw3o3ZyBmUvMwQ2t/BrGM= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.24.0 h1:Qe0r0lVURDDeBQJ4yP+BOrJkvkiCo/3FH/t+wY11dmw= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.24.0/go.mod h1:mUYPBhaF2lGiukDEjJX2BLRRKTmoUSitGDUgM4tRxak= +github.com/aws/aws-sdk-go-v2/service/sts v1.28.7 h1:et3Ta53gotFR4ERLXXHIHl/Uuk1qYpP5uU7cvNql8ns= +github.com/aws/aws-sdk-go-v2/service/sts v1.28.7/go.mod h1:FZf1/nKNEkHdGGJP/cI2MoIMquumuRK6ol3QQJNDxmw= github.com/aws/smithy-go v1.20.2 h1:tbp628ireGtzcHDDmLT/6ADHidqnwgF57XOXZe6tp4Q= github.com/aws/smithy-go v1.20.2/go.mod h1:krry+ya/rV9RDcV/Q16kpu6ypI4K2czasz0NC3qS14E= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= From ee1625bd5bd94d74a4ded1770f54df33f02f15dc Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 15 May 2024 17:08:36 +0000 Subject: [PATCH 006/101] Bump golang from `cdc86d9` to `2a88224` in /build (#5522) Bumps golang from `cdc86d9` to `2a88224`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- build/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/build/Dockerfile b/build/Dockerfile index 17856dd370..eed1c3d23c 100644 --- a/build/Dockerfile +++ b/build/Dockerfile @@ -408,7 +408,7 @@ LABEL org.opencontainers.image.version="${IC_VERSION}" \ ############################################# Build nginx-ingress in golang container ############################################# -FROM golang:1.22-alpine@sha256:cdc86d9f363e8786845bea2040312b4efa321b828acdeb26f393faa864d887b0 AS builder +FROM golang:1.22-alpine@sha256:2a882244fb51835ebbd8313bffee83775b0c076aaf56b497b43d8a4c72db65e1 AS builder ARG IC_VERSION ARG TARGETARCH @@ -421,7 +421,7 @@ RUN --mount=type=bind,target=/go/src/github.com/nginxinc/kubernetes-ingress/ --m ############################################# Download delve ############################################# -FROM golang:1.22-alpine@sha256:cdc86d9f363e8786845bea2040312b4efa321b828acdeb26f393faa864d887b0 AS debug-builder +FROM golang:1.22-alpine@sha256:2a882244fb51835ebbd8313bffee83775b0c076aaf56b497b43d8a4c72db65e1 AS debug-builder ARG TARGETARCH WORKDIR /go/src/github.com/nginxinc/kubernetes-ingress/ From b33dbc328eb4498685835007c7e71dc7822e3579 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 16 May 2024 09:33:12 +0100 Subject: [PATCH 007/101] Bump golang from `2a88224` to `f1fe698` in /build (#5558) Bumps golang from `2a88224` to `f1fe698`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- build/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/build/Dockerfile b/build/Dockerfile index eed1c3d23c..6bab5bbf48 100644 --- a/build/Dockerfile +++ b/build/Dockerfile @@ -408,7 +408,7 @@ LABEL org.opencontainers.image.version="${IC_VERSION}" \ ############################################# Build nginx-ingress in golang container ############################################# -FROM golang:1.22-alpine@sha256:2a882244fb51835ebbd8313bffee83775b0c076aaf56b497b43d8a4c72db65e1 AS builder +FROM golang:1.22-alpine@sha256:f1fe698725f6ed14eb944dc587591f134632ed47fc0732ec27c7642adbe90618 AS builder ARG IC_VERSION ARG TARGETARCH @@ -421,7 +421,7 @@ RUN --mount=type=bind,target=/go/src/github.com/nginxinc/kubernetes-ingress/ --m ############################################# Download delve ############################################# -FROM golang:1.22-alpine@sha256:2a882244fb51835ebbd8313bffee83775b0c076aaf56b497b43d8a4c72db65e1 AS debug-builder +FROM golang:1.22-alpine@sha256:f1fe698725f6ed14eb944dc587591f134632ed47fc0732ec27c7642adbe90618 AS debug-builder ARG TARGETARCH WORKDIR /go/src/github.com/nginxinc/kubernetes-ingress/ From c0b733cd0be114525d5803618fed42f33f495650 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 16 May 2024 09:22:06 +0000 Subject: [PATCH 008/101] Bump nginx from `ca16009` to `ef587d1` in /build (#5515) Bumps nginx from `ca16009` to `ef587d1`. --- updated-dependencies: - dependency-name: nginx dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Jakub Jarosz <99677300+jjngx@users.noreply.github.com> --- build/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/build/Dockerfile b/build/Dockerfile index 6bab5bbf48..5b58109aca 100644 --- a/build/Dockerfile +++ b/build/Dockerfile @@ -16,7 +16,7 @@ FROM ghcr.io/nginxinc/alpine-fips:0.2.0-alpine3.19@sha256:1744ae3a8e795daf771f3f ############################################# Base image for Alpine ############################################# -FROM nginx:1.26.0-alpine@sha256:ca16009a8c25f52193506d4c90c98efbad4b6cbe73372e2a27972f05c5e02f15 AS alpine +FROM nginx:1.26.0-alpine@sha256:ef587d1eb99e991291c582bfb74f27db27f7ca2c095d4ba06cc3f7c910a0c7b3 AS alpine RUN --mount=type=bind,from=alpine-opentracing-lib,target=/tmp/ot/ \ apk add --no-cache libcap libstdc++ \ @@ -26,7 +26,7 @@ RUN --mount=type=bind,from=alpine-opentracing-lib,target=/tmp/ot/ \ ############################################# Base image for Debian ############################################# -FROM nginx:1.26.0@sha256:ba9587717b056e1993b051f71cea30ddd5caf09ae2087b1eeb11329f52468e49 AS debian +FROM nginx:1.26.0@sha256:192e88a0053c178683ca139b9d9a2afb0ad986d171fae491949fe10970dd9da9 AS debian RUN --mount=type=bind,from=opentracing-lib,target=/tmp/ot/ \ apt-get update \ From f28fcc72f6268e5ad77c544cccdd95eadc19b4dc Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 16 May 2024 09:53:08 +0000 Subject: [PATCH 009/101] Bump the go group with 6 updates (#5557) * Bump the go group with 6 updates Bumps the go group with 6 updates: | Package | From | To | | --- | --- | --- | | [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) | `1.18.0` | `1.19.1` | | [github.com/prometheus/common](https://github.com/prometheus/common) | `0.47.0` | `0.48.0` | | [k8s.io/api](https://github.com/kubernetes/api) | `0.30.0` | `0.30.1` | | [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery) | `0.30.0` | `0.30.1` | | [k8s.io/client-go](https://github.com/kubernetes/client-go) | `0.30.0` | `0.30.1` | | [k8s.io/code-generator](https://github.com/kubernetes/code-generator) | `0.30.0` | `0.30.1` | Updates `github.com/prometheus/client_golang` from 1.18.0 to 1.19.1 - [Release notes](https://github.com/prometheus/client_golang/releases) - [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md) - [Commits](https://github.com/prometheus/client_golang/compare/v1.18.0...v1.19.1) Updates `github.com/prometheus/common` from 0.47.0 to 0.48.0 - [Release notes](https://github.com/prometheus/common/releases) - [Commits](https://github.com/prometheus/common/compare/v0.47.0...v0.48.0) Updates `k8s.io/api` from 0.30.0 to 0.30.1 - [Commits](https://github.com/kubernetes/api/compare/v0.30.0...v0.30.1) Updates `k8s.io/apimachinery` from 0.30.0 to 0.30.1 - [Commits](https://github.com/kubernetes/apimachinery/compare/v0.30.0...v0.30.1) Updates `k8s.io/client-go` from 0.30.0 to 0.30.1 - [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md) - [Commits](https://github.com/kubernetes/client-go/compare/v0.30.0...v0.30.1) Updates `k8s.io/code-generator` from 0.30.0 to 0.30.1 - [Commits](https://github.com/kubernetes/code-generator/compare/v0.30.0...v0.30.1) --- updated-dependencies: - dependency-name: github.com/prometheus/client_golang dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go - dependency-name: github.com/prometheus/common dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go - dependency-name: k8s.io/api dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go - dependency-name: k8s.io/apimachinery dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go - dependency-name: k8s.io/client-go dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go - dependency-name: k8s.io/code-generator dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go ... Signed-off-by: dependabot[bot] * rollback prometheus client changes --------- Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Jakub Jarosz <99677300+jjngx@users.noreply.github.com> Co-authored-by: Eoin O'Shaughnessy Co-authored-by: oseoin --- go.mod | 8 ++++---- go.sum | 16 ++++++++-------- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/go.mod b/go.mod index a4d550aadd..5cc47ef98c 100644 --- a/go.mod +++ b/go.mod @@ -24,10 +24,10 @@ require ( go.opentelemetry.io/otel v1.26.0 go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.26.0 golang.org/x/exp v0.0.0-20231226003508-02704c960a9b - k8s.io/api v0.30.0 - k8s.io/apimachinery v0.30.0 - k8s.io/client-go v0.30.0 - k8s.io/code-generator v0.30.0 + k8s.io/api v0.30.1 + k8s.io/apimachinery v0.30.1 + k8s.io/client-go v0.30.1 + k8s.io/code-generator v0.30.1 k8s.io/utils v0.0.0-20240102154912-e7106e64919e sigs.k8s.io/controller-tools v0.15.0 ) diff --git a/go.sum b/go.sum index 0b02fef527..b02ed8dc84 100644 --- a/go.sum +++ b/go.sum @@ -382,18 +382,18 @@ gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -k8s.io/api v0.30.0 h1:siWhRq7cNjy2iHssOB9SCGNCl2spiF1dO3dABqZ8niA= -k8s.io/api v0.30.0/go.mod h1:OPlaYhoHs8EQ1ql0R/TsUgaRPhpKNxIMrKQfWUp8QSE= +k8s.io/api v0.30.1 h1:kCm/6mADMdbAxmIh0LBjS54nQBE+U4KmbCfIkF5CpJY= +k8s.io/api v0.30.1/go.mod h1:ddbN2C0+0DIiPntan/bye3SW3PdwLa11/0yqwvuRrJM= k8s.io/apiextensions-apiserver v0.30.0 h1:jcZFKMqnICJfRxTgnC4E+Hpcq8UEhT8B2lhBcQ+6uAs= k8s.io/apiextensions-apiserver v0.30.0/go.mod h1:N9ogQFGcrbWqAY9p2mUAL5mGxsLqwgtUce127VtRX5Y= -k8s.io/apimachinery v0.30.0 h1:qxVPsyDM5XS96NIh9Oj6LavoVFYff/Pon9cZeDIkHHA= -k8s.io/apimachinery v0.30.0/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc= +k8s.io/apimachinery v0.30.1 h1:ZQStsEfo4n65yAdlGTfP/uSHMQSoYzU/oeEbkmF7P2U= +k8s.io/apimachinery v0.30.1/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc= k8s.io/apiserver v0.30.0 h1:QCec+U72tMQ+9tR6A0sMBB5Vh6ImCEkoKkTDRABWq6M= k8s.io/apiserver v0.30.0/go.mod h1:smOIBq8t0MbKZi7O7SyIpjPsiKJ8qa+llcFCluKyqiY= -k8s.io/client-go v0.30.0 h1:sB1AGGlhY/o7KCyCEQ0bPWzYDL0pwOZO4vAtTSh/gJQ= -k8s.io/client-go v0.30.0/go.mod h1:g7li5O5256qe6TYdAMyX/otJqMhIiGgTapdLchhmOaY= -k8s.io/code-generator v0.30.0 h1:3VUVqHvWFSVSm9kqL/G6kD4ZwNdHF6J/jPyo3Jgjy3k= -k8s.io/code-generator v0.30.0/go.mod h1:mBMZhfRR4IunJUh2+7LVmdcWwpouCH5+LNPkZ3t/v7Q= +k8s.io/client-go v0.30.1 h1:uC/Ir6A3R46wdkgCV3vbLyNOYyCJ8oZnjtJGKfytl/Q= +k8s.io/client-go v0.30.1/go.mod h1:wrAqLNs2trwiCH/wxxmT/x3hKVH9PuV0GGW0oDoHVqc= +k8s.io/code-generator v0.30.1 h1:ZsG++q5Vt0ScmKCeLhynUuWgcwFGg1Hl1AGfatqPJBI= +k8s.io/code-generator v0.30.1/go.mod h1:hFgxRsvOUg79mbpbVKfjJvRhVz1qLoe40yZDJ/hwRH4= k8s.io/component-base v0.30.0 h1:cj6bp38g0ainlfYtaOQuRELh5KSYjhKxM+io7AUIk4o= k8s.io/component-base v0.30.0/go.mod h1:V9x/0ePFNaKeKYA3bOvIbrNoluTSG+fSJKjLdjOoeXQ= k8s.io/gengo/v2 v2.0.0-20240228010128-51d4e06bde70 h1:NGrVE502P0s0/1hudf8zjgwki1X/TByhmAoILTarmzo= From a012e5feb1b30b5e1e82c4003f13e4ae7dd4111d Mon Sep 17 00:00:00 2001 From: Venktesh Shivam Patel Date: Thu, 16 May 2024 11:34:50 +0100 Subject: [PATCH 010/101] add files for upgrade tests (#5553) --- tests/Makefile | 7 + tests/conftest.py | 6 + .../upgrade-test-resources/deployment.yaml | 19 +++ .../data/upgrade-test-resources/ingress.yaml | 21 +++ tests/data/upgrade-test-resources/ns.yaml | 4 + tests/data/upgrade-test-resources/secret.yaml | 8 ++ .../data/upgrade-test-resources/service.yaml | 12 ++ .../tcp-deployment.yaml | 21 +++ .../transport-server.yaml | 14 ++ .../virtual-server.yaml | 16 +++ tests/suite/test_upgrade_resources.py | 128 ++++++++++++++++++ tests/suite/utils/custom_resources_utils.py | 19 +++ 12 files changed, 275 insertions(+) create mode 100644 tests/data/upgrade-test-resources/deployment.yaml create mode 100644 tests/data/upgrade-test-resources/ingress.yaml create mode 100644 tests/data/upgrade-test-resources/ns.yaml create mode 100644 tests/data/upgrade-test-resources/secret.yaml create mode 100644 tests/data/upgrade-test-resources/service.yaml create mode 100644 tests/data/upgrade-test-resources/tcp-deployment.yaml create mode 100644 tests/data/upgrade-test-resources/transport-server.yaml create mode 100644 tests/data/upgrade-test-resources/virtual-server.yaml create mode 100644 tests/suite/test_upgrade_resources.py diff --git a/tests/Makefile b/tests/Makefile index 11c557a0dd..28c3f58bf1 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -91,3 +91,10 @@ image-load: ## Load the image into the Kind K8S cluster test-lint: ## Run Python linting tools isort . black . + + +.PHONY: upgrade-resources +upgrade-resources: +## Create and delete resources for upgrade tests e.g. `make upgrade-resources PYTEST_ARGS="create OR delete"` + pip install -r ../tests/requirements.txt --no-deps + pytest -v -s -m $(PYTEST_ARGS) diff --git a/tests/conftest.py b/tests/conftest.py index 403a39806b..d8edec86da 100644 --- a/tests/conftest.py +++ b/tests/conftest.py @@ -120,6 +120,12 @@ def pytest_addoption(parser) -> None: default=os.environ.get("AZURE_AD_AUTOMATION"), help="Azure active directory secret for JWKs", ) + parser.addoption( + "--num", + action="store", + default="1", + help="Number of resources to deploy for upgrade tests", + ) # import fixtures into pytest global namespace diff --git a/tests/data/upgrade-test-resources/deployment.yaml b/tests/data/upgrade-test-resources/deployment.yaml new file mode 100644 index 0000000000..f2b28d35d1 --- /dev/null +++ b/tests/data/upgrade-test-resources/deployment.yaml @@ -0,0 +1,19 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: backend +spec: + replicas: 2 + selector: + matchLabels: + app: backend + template: + metadata: + labels: + app: backend + spec: + containers: + - name: backend + image: nginxdemos/nginx-hello:plain-text + ports: + - containerPort: 8080 diff --git a/tests/data/upgrade-test-resources/ingress.yaml b/tests/data/upgrade-test-resources/ingress.yaml new file mode 100644 index 0000000000..b5cc519b1d --- /dev/null +++ b/tests/data/upgrade-test-resources/ingress.yaml @@ -0,0 +1,21 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: ingress +spec: + ingressClassName: nginx + tls: + - hosts: + - cafe.example.com + secretName: secret + rules: + - host: cafe.example.com + http: + paths: + - path: /backend + pathType: Prefix + backend: + service: + name: backend-svc + port: + number: 80 diff --git a/tests/data/upgrade-test-resources/ns.yaml b/tests/data/upgrade-test-resources/ns.yaml new file mode 100644 index 0000000000..115c384d62 --- /dev/null +++ b/tests/data/upgrade-test-resources/ns.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: ns diff --git a/tests/data/upgrade-test-resources/secret.yaml b/tests/data/upgrade-test-resources/secret.yaml new file mode 100644 index 0000000000..8061900506 --- /dev/null +++ b/tests/data/upgrade-test-resources/secret.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Secret +metadata: + name: test-secret +type: kubernetes.io/tls +data: + tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUQ4RENDQXRpZ0F3SUJBZ0lKQU9jbHdCelprYmlhTUEwR0NTcUdTSWIzRFFFQkJRVUFNRmd4Q3pBSkJnTlYKQkFZVEFsVlRNUXN3Q1FZRFZRUUlFd0pEUVRFaE1COEdBMVVFQ2hNWVNXNTBaWEp1WlhRZ1YybGtaMmwwY3lCUQpkSGtnVEhSa01Sa3dGd1lEVlFRREV4QmpZV1psTG1WNFlXMXdiR1V1WTI5dE1CNFhEVEUzTURnek1URXdNVGN5Ck1Gb1hEVEU0TURnek1URXdNVGN5TUZvd1dERUxNQWtHQTFVRUJoTUNWVk14Q3pBSkJnTlZCQWdUQWtOQk1TRXcKSHdZRFZRUUtFeGhKYm5SbGNtNWxkQ0JYYVdSbmFYUnpJRkIwZVNCTWRHUXhHVEFYQmdOVkJBTVRFR05oWm1VdQpaWGhoYlhCc1pTNWpiMjB3Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRQzdIT0xJCm5oZjE1aUcxOE16RXBzN0lvZmxHQmovMi9NVjA0OWtBS0hrTnZOem1XaXRXWDV2QU1yRkF5THY0dXBIWDI5b0IKa3l6YUhlYyt2TlFibEh1bStINUtkUWZXWHFXNkJ6UnVhMzBreEkrcG91cnhpNy9jaDJORS92djBhRGtvaTJ0RAovOUI2aHAyVkoxWXFJdm9hQ2wwSmFYWDd0WEc4SGU1S1BSZzBYMm1Mblcwa29tay9ZVGRPbS9xOVRjUDRnUmhrCms3bUhJMDlSME5vNUhTbURydmVBWFEyY3lGWVJQVUNjWkNPd0h6UUdVUVB1UU0wNVArWUNnVlNRcElKWFV0b0kKbGdEMHhZZUw4UU1rZjZ0TWpYcXpTVVRhQlhzNkRKU2x1YWN1aHpkV212UnFPUVNNYlVpZ3dVUEZCRDVLRUFIcwozM0hHeVZ5dkI4cVlrYUczQWdNQkFBR2pnYnd3Z2Jrd0hRWURWUjBPQkJZRUZOdTQvMTdpSituRGxPMkoyVisvCitqM2x5SzVZTUlHSkJnTlZIU01FZ1lFd2Y0QVUyN2ovWHVJbjZjT1U3WW5aWDcvNlBlWElybGloWEtSYU1GZ3gKQ3pBSkJnTlZCQVlUQWxWVE1Rc3dDUVlEVlFRSUV3SkRRVEVoTUI4R0ExVUVDaE1ZU1c1MFpYSnVaWFFnVjJsawpaMmwwY3lCUWRIa2dUSFJrTVJrd0Z3WURWUVFERXhCallXWmxMbVY0WVcxd2JHVXVZMjl0Z2drQTV5WEFITm1SCnVKb3dEQVlEVlIwVEJBVXdBd0VCL3pBTkJna3Foa2lHOXcwQkFRVUZBQU9DQVFFQUtGUHJBcXA3a3lzTDVGNnMKWFhWdXZkZzAyc0srUlpzb2F3QWVxbHlSRmpJeUlQL2VTajBhQjQwQmNOcWFyRHhwNjhBd1pZNG4yQk9EVmo5WgphOFlvV1YyOFpwamloaThxNnBPSElOa0MrOXpCY1hsZ2lvVUZBTERCcXFPTXFUZkw1cjNGejNUTGN1clozajhuCnUzL2hRVHNXZG5TZENWbmN0aXhaUHJ5cnhJSFlWSERiVHF4ZWdTQUN6WkU1MHMwdlRpMFJkNUkrcVdubVpIUloKL0hLNVZnNWlNS2E1clBPRTFaT2M3L2VnVjZ6R2p4THJiNEdlQ2JyTjBBb01tazNpL2d2K2kzL0N6aTlXOVhNNApwa2hQSjJUcEtMSjVaOHgxUVhjUW5Dem5yOEdtL2FuVzV4b3lDdWhjZzlXMlVSYzRKVTZ1UXh0WU9tczYrc0RxCjBBN1Y3UT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K + tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBdXh6aXlKNFg5ZVlodGZETXhLYk95S0g1UmdZLzl2ekZkT1BaQUNoNURiemM1bG9yClZsK2J3REt4UU1pNytMcVIxOXZhQVpNczJoM25QcnpVRzVSN3B2aCtTblVIMWw2bHVnYzBibXQ5Sk1TUHFhTHEKOFl1LzNJZGpSUDc3OUdnNUtJdHJRLy9RZW9hZGxTZFdLaUw2R2dwZENXbDErN1Z4dkIzdVNqMFlORjlwaTUxdApKS0pwUDJFM1RwdjZ2VTNEK0lFWVpKTzVoeU5QVWREYU9SMHBnNjczZ0YwTm5NaFdFVDFBbkdRanNCODBCbEVECjdrRE5PVC9tQW9GVWtLU0NWMUxhQ0pZQTlNV0hpL0VESkgrclRJMTZzMGxFMmdWN09neVVwYm1uTG9jM1ZwcjAKYWprRWpHMUlvTUZEeFFRK1NoQUI3Tjl4eHNsY3J3ZkttSkdodHdJREFRQUJBb0lCQUVuZHpXbUZmOUFEV2F1Sgp0RXl0elZSSEhURVhwb2pLb09qVVNnWlY4L1FJYXV4RkRIYThwNi9vVXpGUURXVFR3bCtFMnp0ajdvRHM3UzFIClBqVGxHU3VCVGRuMitYRVhURFYwUXE2VW9JS3pWa09SblU1ZDdSQVNJbzVLV3d6UldEODVTczg5WGdBQXhKVHQKUW9hLzZCdi9tMXJyMXpmWEdWODZNYWY5Rm1FVjI5bmpCcHZ3cUpzOFlUaFU5VE5BRUdnbkxBWGFJYTJZSUJTSgozcVhJd1RrdFBHUUZyZUowdnBiOVlaTkRxWk0rMmI1K3BBVEVXclpyeTQxTlpvdzhNUnVOYnoxVU5sWXkyazZKCjlXclUxUDVYM2l3dEZmcXA3TzREakNOMFR2Y1Y1Nm5QczJoYldDeHp4RmxFalJwNW5KQ3Bsdi9yNCt4eHJVRWQKd0NjU0x3RUNnWUVBOGVDUGM2S2JpSXVFUWxwVjcxTXRQMjdBZzhkMzN5aWZKajAvQ3R3RlF6dlhWcHZCSHFRagphUE1ZaEswZ3o0MzFHMGtqVUpTeUU2STJYVWhFU3gxZUw2TU5sVS9xc29Uc0JaZEV3N0cvMFRhdW1TQUJWemZPCkIvckdtbEZkZitxWVpiR3pIdGtvbVJWb1JqVWtPcGRJL3RnL1ZlSmJ3K1RIS2dYS01NU2V5cjhDZ1lFQXhnbTkKWXN5dVZVUGlEdDhuL1JXeEJwZ1Zqazk0M3BFOVFjK2FVK0VPcGROK2NNQjkvaGJiWUpMZEZ2WUUwd2s1cEQ1SQpibktscjZycndEVUJKNWY2TXM0L3gyS3JISjlCQ3VNT3JyTEVTVm42ZG9NdDhWdEtpQkVLTVFuSnIzYmM4UDV3CnpvVmNhRGl1dCtISjcySG83cG5QQTFhaS9QV1ZwM2pZUTlCSXZ3a0NnWUJRNzkzUXlmYlZxQ25uc2liVFlMZmgKWkFRVGxLbXVDUC9JWWZJNGhndFV4aTkya2NQN3B0MGFmMDRUQjRQVk1DRjJzZkNaUkVpYWZVdEh4Nmppb2I4awpuYUVyOTRRSG5LY0Y3K3BZdWFBQU9CWVFzejcvbW5MZEJMTjBiQW1uaGk3Y3lLdXhoT1VxNUpqeDlWSmNNTWVDClQ0WlNETjY4SEUvdzVlTVVrcGE0TFFLQmdGM0piUXhtUE1XYW9XdERtYytNdjBxTktlQThtTlJtMmlqWnBZL0YKek1jUnN4YTR3ckpicHNkRXBqbmlod1Jlb1JLOGdGYjJLcXRYK2RBTUNpRHpJNFYrRWN4ZVdRVDBFcnlTTFhqawpwbnJLaHdnck5jM1EyeW8zVDZsTHBsMVhvR2p0UndVM09UME9Zd2dvZ1JiQ09xc000bklGVEtrWnNTY2YzdU8yCnQwenBBb0dCQU5Fc1V4Yit6UHpKbEgwL2hOTlhteisvNGx4aXlJb1ZQQXgzaEtBemtjOGtkZzhoS25XWkZhK0YKTjZMOXZjTDhNbnRjNHpmVDdDanNxWGJ2cGUzRUFOeGk4TWRSZzd1Z093L2NiZWdLVklZY3hTdXdRKzYrNUZYOApKRzlhbGxzdXovTk40b2RpMzRvblpEVmRZcURnY2xaZnZucXZKMHZWSzc1VXhQZ3F3aUJQCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg== diff --git a/tests/data/upgrade-test-resources/service.yaml b/tests/data/upgrade-test-resources/service.yaml new file mode 100644 index 0000000000..7f651dc024 --- /dev/null +++ b/tests/data/upgrade-test-resources/service.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + name: backend-svc +spec: + ports: + - port: 80 + targetPort: 8080 + protocol: TCP + name: http + selector: + app: backend diff --git a/tests/data/upgrade-test-resources/tcp-deployment.yaml b/tests/data/upgrade-test-resources/tcp-deployment.yaml new file mode 100644 index 0000000000..ddb8798e43 --- /dev/null +++ b/tests/data/upgrade-test-resources/tcp-deployment.yaml @@ -0,0 +1,21 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: tcp +spec: + replicas: 2 + selector: + matchLabels: + app: tcp + template: + metadata: + labels: + app: tcp + spec: + containers: + - name: tcp-service + image: ghcr.io/nginxinc/kic-test-tcp-server:0.2.1 + ports: + - containerPort: 3333 + name: tcp-server + protocol: TCP diff --git a/tests/data/upgrade-test-resources/transport-server.yaml b/tests/data/upgrade-test-resources/transport-server.yaml new file mode 100644 index 0000000000..7f3a4d8c9b --- /dev/null +++ b/tests/data/upgrade-test-resources/transport-server.yaml @@ -0,0 +1,14 @@ +apiVersion: k8s.nginx.org/v1 +kind: TransportServer +metadata: + name: transport-server +spec: + listener: + name: tcp-server + protocol: TCP + upstreams: + - name: tcp-app + service: tcp-service + port: 3333 + action: + pass: tcp-app diff --git a/tests/data/upgrade-test-resources/virtual-server.yaml b/tests/data/upgrade-test-resources/virtual-server.yaml new file mode 100644 index 0000000000..255377034e --- /dev/null +++ b/tests/data/upgrade-test-resources/virtual-server.yaml @@ -0,0 +1,16 @@ +apiVersion: k8s.nginx.org/v1 +kind: VirtualServer +metadata: + name: vs +spec: + host: vs.example.com + tls: + secret: secret + upstreams: + - name: backend + service: backend-svc + port: 80 + routes: + - path: "/backend" + action: + pass: backend diff --git a/tests/suite/test_upgrade_resources.py b/tests/suite/test_upgrade_resources.py new file mode 100644 index 0000000000..2852e57b1d --- /dev/null +++ b/tests/suite/test_upgrade_resources.py @@ -0,0 +1,128 @@ +import os +import tempfile + +import pytest +import yaml +from settings import DEPLOYMENTS, TEST_DATA +from suite.utils.custom_resources_utils import create_resource_from_manifest, read_custom_resource +from suite.utils.resources_utils import ( + create_ingress, + create_items_from_yaml, + create_namespace, + delete_namespace, + wait_before_test, +) +from suite.utils.vs_vsr_resources_utils import create_virtual_server + +tcp_deployment = f"{TEST_DATA}/upgrade-test-resources/tcp-deployment.yaml" +deployment = f"{TEST_DATA}/upgrade-test-resources/deployment.yaml" +service = f"{TEST_DATA}/upgrade-test-resources/service.yaml" +ns = f"{TEST_DATA}/upgrade-test-resources/ns.yaml" +ingress = f"{TEST_DATA}/upgrade-test-resources/ingress.yaml" +vs = f"{TEST_DATA}/upgrade-test-resources/virtual-server.yaml" +ts = f"{TEST_DATA}/upgrade-test-resources/transport-server.yaml" +secret = f"{TEST_DATA}/upgrade-test-resources/secret.yaml" + +# Below test class only deployes resources for upgrade testing, IC deployment should be done manually via helm. + + +class TestUpgrade: + @pytest.mark.create + def test_create(self, request, kube_apis): + count = int(request.config.getoption("--num")) + + for i in range(1, count + 1): + with open(ns) as f: + doc = yaml.safe_load(f) + doc["metadata"]["name"] = f"ns-{i}" + with tempfile.NamedTemporaryFile(mode="w+", suffix=".yml", delete=False) as temp: + temp.write(yaml.safe_dump(doc) + "---\n") + namespace = create_namespace(kube_apis.v1, doc) + os.remove(temp.name) + + with open(deployment) as f: + doc = yaml.safe_load(f) + doc["metadata"]["name"] = f"backend-{i}" + doc["spec"]["selector"]["matchLabels"]["app"] = f"backend-{i}" + doc["spec"]["template"]["metadata"]["labels"]["app"] = f"backend-{i}" + doc["metadata"]["name"] = f"backend-{i}" + with tempfile.NamedTemporaryFile(mode="w+", suffix=".yml", delete=False) as temp: + temp.write(yaml.safe_dump(doc) + "---\n") + create_items_from_yaml(kube_apis, temp.name, namespace) + os.remove(temp.name) + + with open(service) as f: + doc = yaml.safe_load(f) + doc["metadata"]["name"] = f"backend-svc-{i}" + doc["spec"]["selector"]["app"] = f"backend-{i}" + with tempfile.NamedTemporaryFile(mode="w+", suffix=".yml", delete=False) as temp: + temp.write(yaml.safe_dump(doc) + "---\n") + create_items_from_yaml(kube_apis, temp.name, namespace) + os.remove(temp.name) + + with open(secret) as f: + doc = yaml.safe_load(f) + doc["metadata"]["name"] = f"secret-{i}" + with tempfile.NamedTemporaryFile(mode="w+", suffix=".yml", delete=False) as temp: + temp.write(yaml.safe_dump(doc) + "---\n") + create_items_from_yaml(kube_apis, temp.name, namespace) + os.remove(temp.name) + + # VirtualServer + with open(vs) as f: + doc = yaml.safe_load(f) + doc["metadata"]["name"] = f"vs-{i}" + doc["spec"]["host"] = f"vs-{i}.example.com" + doc["spec"]["tls"]["secret"] = f"secret-{i}" + doc["spec"]["upstreams"][0]["name"] = f"backend-{i}" + doc["spec"]["upstreams"][0]["service"] = f"backend-svc-{i}" + doc["spec"]["routes"][0]["action"]["pass"] = f"backend-{i}" + create_virtual_server(kube_apis.custom_objects, doc, namespace) + + # Ingress + with open(ingress) as f: + doc = yaml.safe_load(f) + doc["metadata"]["name"] = f"ingress-{i}" + doc["spec"]["tls"][0]["hosts"][0] = f"ingress-{i}.example.com" + doc["spec"]["tls"][0]["secretName"] = f"secret-{i}" + doc["spec"]["rules"][0]["host"] = f"ingress-{i}.example.com" + doc["spec"]["rules"][0]["http"]["paths"][0]["path"] = f"/backend-{i}" + doc["spec"]["rules"][0]["http"]["paths"][0]["backend"]["service"]["name"] = f"backend-svc-{i}" + create_ingress(kube_apis.networking_v1, namespace, doc) + + # TransportServer + with open(tcp_deployment) as f: + doc = yaml.safe_load(f) + doc["metadata"]["name"] = f"tcp-{i}" + doc["spec"]["selector"]["matchLabels"]["app"] = f"tcp-{i}" + doc["spec"]["template"]["metadata"]["labels"]["app"] = f"tcp-{i}" + with tempfile.NamedTemporaryFile(mode="w+", suffix=".yml", delete=False) as temp: + temp.write(yaml.safe_dump(doc) + "---\n") + create_items_from_yaml(kube_apis, temp.name, namespace) + os.remove(temp.name) + + with open(service) as f: + doc = yaml.safe_load(f) + doc["metadata"]["name"] = f"tcp-svc-{i}" + doc["spec"]["selector"]["app"] = f"tcp-{i}" + with tempfile.NamedTemporaryFile(mode="w+", suffix=".yml", delete=False) as temp: + temp.write(yaml.safe_dump(doc) + "---\n") + create_items_from_yaml(kube_apis, temp.name, namespace) + os.remove(temp.name) + + with open(ts) as f: + doc = yaml.safe_load(f) + doc["metadata"]["name"] = f"ts-{i}" + doc["spec"]["listener"]["name"] = "dns-tcp" + doc["spec"]["upstreams"][0]["name"] = f"tcp-{i}" + doc["spec"]["upstreams"][0]["service"] = f"tcp-svc-{i}" + doc["spec"]["upstreams"][0]["port"] = 5353 + doc["spec"]["action"]["pass"] = f"tcp-{i}" + create_resource_from_manifest(kube_apis.custom_objects, doc, namespace, "transportservers") + + @pytest.mark.delete + def test_delete(self, request, kube_apis): + count = int(request.config.getoption("--num")) + # delete namespaces + for i in range(1, count + 1): + delete_namespace(kube_apis.v1, f"ns-{i}") diff --git a/tests/suite/utils/custom_resources_utils.py b/tests/suite/utils/custom_resources_utils.py index e315228b5a..8c99c588f8 100644 --- a/tests/suite/utils/custom_resources_utils.py +++ b/tests/suite/utils/custom_resources_utils.py @@ -101,6 +101,25 @@ def is_dnsendpoint_present(custom_objects: CustomObjectsApi, name, namespace) -> return True +def create_resource_from_manifest(custom_objects: CustomObjectsApi, body, namespace, plural) -> None: + """ + Create a Resource based on manifest. + + :param custom_objects: CustomObjectsApi + :param body: manifest body + :param namespace: namespace where the resource will be created + :param plural: the plural of the resource + """ + try: + print("Create a Custom Resource: " + body["kind"]) + group, version = body["apiVersion"].split("/") + custom_objects.create_namespaced_custom_object(group, version, namespace, plural, body) + print(f"Custom resource {body['kind']} created with name '{body['metadata']['name']}'") + except ApiException as ex: + logging.exception(f"Exception: {ex} occurred while creating {body['kind']}: {body['metadata']['name']}") + raise ex + + def read_custom_resource_v1alpha1(custom_objects: CustomObjectsApi, namespace, plural, name) -> object: """ Get CRD information (kubectl describe output) From 372f2c2fdcbb264a6f9b063ef8110d0edd0b5962 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 16 May 2024 11:13:44 +0000 Subject: [PATCH 011/101] Bump nginxcontrib/nginx from `d3b4797` to `3cb2535` in /build (#5513) --- build/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build/Dockerfile b/build/Dockerfile index 5b58109aca..6305552f48 100644 --- a/build/Dockerfile +++ b/build/Dockerfile @@ -37,7 +37,7 @@ RUN --mount=type=bind,from=opentracing-lib,target=/tmp/ot/ \ ############################################# Base image for UBI ############################################# -FROM nginxcontrib/nginx:1.25.5-ubi@sha256:d3b479722302f4e99b70dc92a964530c8ee310e1962065dfc2d86e72b97063e6 AS ubi +FROM nginxcontrib/nginx:1.25.5-ubi@sha256:3cb2535d50740a937af4ab76be93ce5999540e58a9763c3790c5f3924e9208d5 AS ubi ARG IC_VERSION LABEL name="NGINX Ingress Controller" \ From 95e7c2d610ff14cc1da175b71353d07a04db8bbd Mon Sep 17 00:00:00 2001 From: AlexFenlon Date: Thu, 16 May 2024 14:50:10 +0100 Subject: [PATCH 012/101] Add AppProtectVersion to Telemetry (#5554) --- cmd/nginx-ingress/main.go | 3 +- docs/content/overview/product-telemetry.md | 1 + internal/k8s/controller.go | 2 + internal/telemetry/cluster.go | 5 + internal/telemetry/collector.go | 8 ++ internal/telemetry/collector_test.go | 113 ++++++++++++++++++ internal/telemetry/data.avdl | 3 + internal/telemetry/exporter.go | 2 + .../nicresourcecounts_attributes_generated.go | 1 + 9 files changed, 137 insertions(+), 1 deletion(-) diff --git a/cmd/nginx-ingress/main.go b/cmd/nginx-ingress/main.go index b0e8796b7c..1eb4b8c1bd 100644 --- a/cmd/nginx-ingress/main.go +++ b/cmd/nginx-ingress/main.go @@ -51,7 +51,7 @@ const ( versionLabel = "app.kubernetes.io/version" appProtectVersionLabel = "appprotect.f5.com/version" agentVersionLabel = "app.nginx.org/agent-version" - appProtectVersionPath = "/opt/app_protect/VERSION" + appProtectVersionPath = "/opt/app_protect/RELEASE" ) func main() { @@ -184,6 +184,7 @@ func main() { DefaultServerSecret: *defaultServerSecret, AppProtectEnabled: *appProtect, AppProtectDosEnabled: *appProtectDos, + AppProtectVersion: appProtectVersion, IsNginxPlus: *nginxPlus, IngressClass: *ingressClass, ExternalServiceName: *externalService, diff --git a/docs/content/overview/product-telemetry.md b/docs/content/overview/product-telemetry.md index 5d0f29234a..387421f619 100644 --- a/docs/content/overview/product-telemetry.md +++ b/docs/content/overview/product-telemetry.md @@ -47,6 +47,7 @@ These are the data points collected and reported by NGINX Ingress Controller: - **OIDCPolicies** Number of OIDC policies. - **WAFPolicies** Number of WAF policies. - **GlobalConfiguration** Represents the use of a GlobalConfiguration resource. +- **AppProtectVersion** The AppProtect version ## Opt out diff --git a/internal/k8s/controller.go b/internal/k8s/controller.go index 114ffbc4be..c87aa1d0d6 100644 --- a/internal/k8s/controller.go +++ b/internal/k8s/controller.go @@ -185,6 +185,7 @@ type NewLoadBalancerControllerInput struct { DefaultServerSecret string AppProtectEnabled bool AppProtectDosEnabled bool + AppProtectVersion string IsNginxPlus bool IngressClass string ExternalServiceName string @@ -364,6 +365,7 @@ func NewLoadBalancerController(input NewLoadBalancerControllerInput) *LoadBalanc Period: 24 * time.Hour, K8sClientReader: input.KubeClient, Version: input.NICVersion, + AppProtectVersion: input.AppProtectVersion, GlobalConfiguration: lbc.watchGlobalConfiguration, Configurator: lbc.configurator, SecretStore: lbc.secretStore, diff --git a/internal/telemetry/cluster.go b/internal/telemetry/cluster.go index 896ee7e2cb..ebc2c7a760 100644 --- a/internal/telemetry/cluster.go +++ b/internal/telemetry/cluster.go @@ -192,6 +192,11 @@ func (c *Collector) PolicyCount() map[string]int { return policyCounters } +// AppProtectVersion returns the AppProtect Version +func (c *Collector) AppProtectVersion() string { + return c.Config.AppProtectVersion +} + // lookupPlatform takes a string representing a K8s PlatformID // retrieved from a cluster node and returns a string // representing the platform name. diff --git a/internal/telemetry/collector.go b/internal/telemetry/collector.go index 21a5bf98ea..0c88ef0d41 100644 --- a/internal/telemetry/collector.go +++ b/internal/telemetry/collector.go @@ -71,6 +71,9 @@ type CollectorConfig struct { // Policies gets all policies Policies func() []*conf_v1.Policy + + // AppProtectVersion represents the version of App Protect. + AppProtectVersion string } // NewCollector takes 0 or more options and creates a new TraceReporter. @@ -133,6 +136,7 @@ func (c *Collector) Collect(ctx context.Context) { WAFPolicies: int64(report.WAFCount), GlobalConfiguration: report.GlobalConfiguration, IngressAnnotations: report.IngressAnnotations, + AppProtectVersion: report.AppProtectVersion, }, } @@ -173,6 +177,7 @@ type Report struct { WAFCount int GlobalConfiguration bool IngressAnnotations []string + AppProtectVersion string } // BuildReport takes context, collects telemetry data and builds the report. @@ -241,6 +246,8 @@ func (c *Collector) BuildReport(ctx context.Context) (Report, error) { ingressAnnotations := c.IngressAnnotations() + appProtectVersion := c.AppProtectVersion() + return Report{ Name: "NIC", Version: c.Config.Version, @@ -268,5 +275,6 @@ func (c *Collector) BuildReport(ctx context.Context) (Report, error) { WAFCount: wafCount, GlobalConfiguration: c.Config.GlobalConfiguration, IngressAnnotations: ingressAnnotations, + AppProtectVersion: appProtectVersion, }, err } diff --git a/internal/telemetry/collector_test.go b/internal/telemetry/collector_test.go index 55b0275ff9..b1867f1cdb 100644 --- a/internal/telemetry/collector_test.go +++ b/internal/telemetry/collector_test.go @@ -665,6 +665,119 @@ func TestIngressCountReportsNumberOfDeployedIngresses(t *testing.T) { } } +func TestCollectAppProtectVersion(t *testing.T) { + t.Parallel() + + testCases := []struct { + name string + appProtectVersion string + wantVersion string + }{ + { + name: "AppProtect 4.8", + appProtectVersion: "4.8.1", + wantVersion: "4.8.1", + }, + { + name: "AppProtect 4.9", + appProtectVersion: "4.9", + wantVersion: "4.9", + }, + { + name: "AppProtect 5.1", + appProtectVersion: "5.1", + wantVersion: "5.1", + }, + { + name: "No AppProtect Installed", + appProtectVersion: "", + wantVersion: "", + }, + } + + for _, tc := range testCases { + t.Run(tc.name, func(t *testing.T) { + buf := &bytes.Buffer{} + exp := &telemetry.StdoutExporter{Endpoint: buf} + + configurator := newConfiguratorWithIngress(t) + + cfg := telemetry.CollectorConfig{ + Configurator: configurator, + K8sClientReader: newTestClientset(node1, kubeNS), + Version: telemetryNICData.ProjectVersion, + AppProtectVersion: tc.appProtectVersion, + } + + c, err := telemetry.NewCollector(cfg, telemetry.WithExporter(exp)) + if err != nil { + t.Fatal(err) + } + c.Collect(context.Background()) + + ver := c.AppProtectVersion() + + if tc.wantVersion != ver { + t.Errorf("want: %s, got: %s", tc.wantVersion, ver) + } + }) + } +} + +func TestCollectInvalidAppProtectVersion(t *testing.T) { + t.Parallel() + + testCases := []struct { + name string + appProtectVersion string + wantVersion string + }{ + { + name: "AppProtect Not Installed", + appProtectVersion: "", + wantVersion: "4.8.1", + }, + { + name: "Cant Find AppProtect 4.9", + appProtectVersion: "4.9", + wantVersion: "", + }, + { + name: "Found Different AppProtect Version", + appProtectVersion: "5.1", + wantVersion: "4.9", + }, + } + + for _, tc := range testCases { + t.Run(tc.name, func(t *testing.T) { + buf := &bytes.Buffer{} + exp := &telemetry.StdoutExporter{Endpoint: buf} + + configurator := newConfiguratorWithIngress(t) + + cfg := telemetry.CollectorConfig{ + Configurator: configurator, + K8sClientReader: newTestClientset(node1, kubeNS), + Version: telemetryNICData.ProjectVersion, + AppProtectVersion: tc.appProtectVersion, + } + + c, err := telemetry.NewCollector(cfg, telemetry.WithExporter(exp)) + if err != nil { + t.Fatal(err) + } + c.Collect(context.Background()) + + ver := c.AppProtectVersion() + + if tc.wantVersion == ver { + t.Errorf("want: %s, got: %s", tc.wantVersion, ver) + } + }) + } +} + func TestCountVirtualServers(t *testing.T) { t.Parallel() diff --git a/internal/telemetry/data.avdl b/internal/telemetry/data.avdl index d70633f21a..a7a105186a 100644 --- a/internal/telemetry/data.avdl +++ b/internal/telemetry/data.avdl @@ -87,5 +87,8 @@ It is the UID of the `kube-system` Namespace. */ /** IngressAnnotations is the list of annotations resources managed by NGINX Ingress Controller */ union {null, array} IngressAnnotations = null; + /** AppProtectVersion represents the version of AppProtect. */ + string? AppProtectVersion = null; + } } diff --git a/internal/telemetry/exporter.go b/internal/telemetry/exporter.go index 05b687009f..db158dd875 100644 --- a/internal/telemetry/exporter.go +++ b/internal/telemetry/exporter.go @@ -101,4 +101,6 @@ type NICResourceCounts struct { GlobalConfiguration bool // IngressAnnotations is the list of annotations resources managed by NGINX Ingress Controller IngressAnnotations []string + // AppProtectVersion represents the version of AppProtect. + AppProtectVersion string } diff --git a/internal/telemetry/nicresourcecounts_attributes_generated.go b/internal/telemetry/nicresourcecounts_attributes_generated.go index 896180518a..75f8eb905d 100644 --- a/internal/telemetry/nicresourcecounts_attributes_generated.go +++ b/internal/telemetry/nicresourcecounts_attributes_generated.go @@ -31,6 +31,7 @@ func (d *NICResourceCounts) Attributes() []attribute.KeyValue { attrs = append(attrs, attribute.Int64("WAFPolicies", d.WAFPolicies)) attrs = append(attrs, attribute.Bool("GlobalConfiguration", d.GlobalConfiguration)) attrs = append(attrs, attribute.StringSlice("IngressAnnotations", d.IngressAnnotations)) + attrs = append(attrs, attribute.String("AppProtectVersion", d.AppProtectVersion)) return attrs } From c3cf2f1280cbe556464547cb61078918018d7532 Mon Sep 17 00:00:00 2001 From: Paul Abel <128620221+pdabelf5@users.noreply.github.com> Date: Thu, 16 May 2024 16:01:36 +0100 Subject: [PATCH 013/101] update telemetry export version (#5532) --- go.mod | 4 ++-- go.sum | 12 ++++++------ 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/go.mod b/go.mod index 5cc47ef98c..01fa7f887e 100644 --- a/go.mod +++ b/go.mod @@ -16,7 +16,7 @@ require ( github.com/nginxinc/nginx-plus-go-client v1.2.0 github.com/nginxinc/nginx-prometheus-exporter v1.1.0 github.com/nginxinc/nginx-service-mesh v1.7.0 - github.com/nginxinc/telemetry-exporter v0.0.0-20240307135433-a5ecce59bddf + github.com/nginxinc/telemetry-exporter v0.0.0-20240429155028-5a630a5eb82a github.com/prometheus/client_golang v1.18.0 github.com/prometheus/common v0.47.0 github.com/spiffe/go-spiffe/v2 v2.2.0 @@ -101,7 +101,7 @@ require ( go.etcd.io/etcd/client/pkg/v3 v3.5.11 // indirect go.etcd.io/etcd/client/v3 v3.5.11 // indirect go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.46.1 // indirect - go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.46.1 // indirect + go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0 // indirect go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.26.0 // indirect go.opentelemetry.io/otel/metric v1.26.0 // indirect go.opentelemetry.io/otel/sdk v1.26.0 // indirect diff --git a/go.sum b/go.sum index b02ed8dc84..6c305a6d32 100644 --- a/go.sum +++ b/go.sum @@ -181,14 +181,14 @@ github.com/nginxinc/nginx-prometheus-exporter v1.1.0 h1:Uj+eWKGvUionZc8gWFDnrb3j github.com/nginxinc/nginx-prometheus-exporter v1.1.0/go.mod h1:A1Fy5uLQonVGmwLC5xNxBX+vPFgYzBOvPjNRs8msT0k= github.com/nginxinc/nginx-service-mesh v1.7.0 h1:oxKr+Jdbxkos10VTy5xF2UHCcmfIhqWNlsOK/zPnZDM= github.com/nginxinc/nginx-service-mesh v1.7.0/go.mod h1:8tREM3kSEUGyk8JT8hdCf/9ol2kEo7hLR8b+m5Yd8Fs= -github.com/nginxinc/telemetry-exporter v0.0.0-20240307135433-a5ecce59bddf h1:PM0o/J1QyRpNCn8C9SI17b5ePuAnLdI1D5B/TV2hneY= -github.com/nginxinc/telemetry-exporter v0.0.0-20240307135433-a5ecce59bddf/go.mod h1:rZ+Ohzwv9LJMzxRDPS/dEwXOUPlNrzjoGkICaG9fv0k= +github.com/nginxinc/telemetry-exporter v0.0.0-20240429155028-5a630a5eb82a h1:TowqRJw/ODgj2cUeC8ik+LuTIkrVANFKE/xa2LcsEWg= +github.com/nginxinc/telemetry-exporter v0.0.0-20240429155028-5a630a5eb82a/go.mod h1:NaUaDd1tR4wLKYuRp8hT1LZgQP2e5lmBVWlCm7O1Ms4= github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE= github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU= github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU= -github.com/onsi/ginkgo/v2 v2.16.0 h1:7q1w9frJDzninhXxjZd+Y/x54XNjG/UlRLIYPZafsPM= -github.com/onsi/ginkgo/v2 v2.16.0/go.mod h1:llBI3WDLL9Z6taip6f33H76YcWtJv+7R3HigUjbIBOs= +github.com/onsi/ginkgo/v2 v2.17.1 h1:V++EzdbhI4ZV4ev0UTIj0PzhzOcReJFyJaLjtSF55M8= +github.com/onsi/ginkgo/v2 v2.17.1/go.mod h1:llBI3WDLL9Z6taip6f33H76YcWtJv+7R3HigUjbIBOs= github.com/onsi/gomega v1.33.0 h1:snPCflnZrpMsy94p4lXVEkHo12lmPnc3vY5XBbreexE= github.com/onsi/gomega v1.33.0/go.mod h1:+925n5YtiFsLzzafLUHzVMBpvvRAzrydIBiSIxjX3wY= github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA= @@ -255,8 +255,8 @@ go.etcd.io/etcd/server/v3 v3.5.10 h1:4NOGyOwD5sUZ22PiWYKmfxqoeh72z6EhYjNosKGLmZg go.etcd.io/etcd/server/v3 v3.5.10/go.mod h1:gBplPHfs6YI0L+RpGkTQO7buDbHv5HJGG/Bst0/zIPo= go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.46.1 h1:SpGay3w+nEwMpfVnbqOLH5gY52/foP8RE8UzTZ1pdSE= go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.46.1/go.mod h1:4UoMYEZOC0yN/sPGH76KPkkU7zgiEWYWL9vwmbnTJPE= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.46.1 h1:aFJWCqJMNjENlcleuuOkGAPH82y0yULBScfXcIEdS24= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.46.1/go.mod h1:sEGXWArGqc3tVa+ekntsN65DmVbVeW+7lTKTjZF3/Fo= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0 h1:jq9TW8u3so/bN+JPT166wjOI6/vQPF6Xe7nMNIltagk= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0/go.mod h1:p8pYQP+m5XfbZm9fxtSKAbM6oIllS7s2AfxrChvc7iw= go.opentelemetry.io/otel v1.26.0 h1:LQwgL5s/1W7YiiRwxf03QGnWLb2HW4pLiAhaA5cZXBs= go.opentelemetry.io/otel v1.26.0/go.mod h1:UmLkJHUAidDval2EICqBMbnAd0/m2vmpf/dAM+fvFs4= go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.26.0 h1:1u/AyyOqAWzy+SkPxDpahCNZParHV8Vid1RnI2clyDE= From 4f993087832a6a62e310d4f43321f7268b69d027 Mon Sep 17 00:00:00 2001 From: Venktesh Shivam Patel Date: Thu, 16 May 2024 16:23:14 +0100 Subject: [PATCH 014/101] update operator version (#5564) --- docs/content/technical-specifications.md | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/docs/content/technical-specifications.md b/docs/content/technical-specifications.md index 2a1ed517d4..479a13e9a3 100644 --- a/docs/content/technical-specifications.md +++ b/docs/content/technical-specifications.md @@ -24,7 +24,7 @@ We explicitly test NGINX Ingress Controller on a range of Kubernetes platforms f {{< bootstrap-table "table table-bordered table-striped table-responsive" >}} | NIC Version | Supported Kubernetes Version | NIC Helm Chart Version | NIC Operator Version | NGINX / NGINX Plus version | | --- | --- | --- | --- | --- | -| 3.5.1 | 1.29 - 1.23 | 1.2.1 | 2.2.0 | 1.25.4 / R31 P1 | +| 3.5.1 | 1.29 - 1.23 | 1.2.1 | 2.2.1 | 1.25.4 / R31 P1 | | 3.4.3 | 1.29 - 1.23 | 1.1.3 | 2.1.2 | 1.25.4 / R31 P1 | | 3.3.2 | 1.28 - 1.22 | 1.0.2 | 2.0.2 | 1.25.3 / R30 | | 3.2.1 | 1.27 - 1.22 | 0.18.1 | 1.5.1 | 1.25.2 / R30 | @@ -39,9 +39,6 @@ We explicitly test NGINX Ingress Controller on a range of Kubernetes platforms f | 1.11.3 | 1.20 - 1.16 | 0.9.0 | 0.2.0 | 1.21.0 / R23 P1 | | 1.10.1 | 1.19 - 1.16 | 0.8.0 | 0.1.0 | 1.19.8 / R23 | | 1.9.1 | 1.18 - 1.16 | 0.7.1 | 0.0.7 | 1.19.3 / R22 | -| 1.8.1 | | 0.6.0 | 0.0.6 | 1.19.2 / R22 | -| 1.7.2 | | 0.5.1 | 0.0.4 | 1.19.0 / R22 | -| 1.6.3 | | 0.4.3 | -- | 1.17.9 / R21 | {{% /bootstrap-table %}} ## Supported Docker Images From 15b02987db6dd3ca6c8ce28f0ec74f85be0f366e Mon Sep 17 00:00:00 2001 From: AlexFenlon Date: Thu, 16 May 2024 17:44:44 +0100 Subject: [PATCH 015/101] Fix incorrect errors showing in Telemetry (#5561) --- internal/telemetry/collector.go | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/internal/telemetry/collector.go b/internal/telemetry/collector.go index 0c88ef0d41..8606ffe2aa 100644 --- a/internal/telemetry/collector.go +++ b/internal/telemetry/collector.go @@ -195,42 +195,42 @@ func (c *Collector) BuildReport(ctx context.Context) (Report, error) { clusterID, err := c.ClusterID(ctx) if err != nil { - glog.Errorf("Error collecting telemetry data: ClusterID: %v", err) + glog.V(3).Infof("Unable to collect telemetry data: ClusterID: %v", err) } nodes, err := c.NodeCount(ctx) if err != nil { - glog.Errorf("Error collecting telemetry data: Nodes: %v", err) + glog.V(3).Infof("Unable to collect telemetry data: Nodes: %v", err) } version, err := c.ClusterVersion() if err != nil { - glog.Errorf("Error collecting telemetry data: K8s Version: %v", err) + glog.V(3).Infof("Unable to collect telemetry data: K8s Version: %v", err) } platform, err := c.Platform(ctx) if err != nil { - glog.Errorf("Error collecting telemetry data: Platform: %v", err) + glog.V(3).Infof("Unable to collect telemetry data: Platform: %v", err) } replicas, err := c.ReplicaCount(ctx) if err != nil { - glog.Errorf("Error collecting telemetry data: Replicas: %v", err) + glog.V(3).Infof("Unable to collect telemetry data: Replicas: %v", err) } installationID, err := c.InstallationID(ctx) if err != nil { - glog.Errorf("Error collecting telemetry data: InstallationID: %v", err) + glog.V(3).Infof("Unable to collect telemetry data: InstallationID: %v", err) } secretCount, err := c.Secrets() if err != nil { - glog.Errorf("Error collecting telemetry data: Secrets: %v", err) + glog.V(3).Infof("Unable to collect telemetry data: Secrets: %v", err) } ingressCount := c.IngressCount() ingressClassCount, err := c.IngressClassCount(ctx) if err != nil { - glog.Errorf("Error collecting telemetry data: Ingress Classes: %v", err) + glog.V(3).Infof("Unable to collect telemetry data: Ingress Classes: %v", err) } policies := c.PolicyCount() From 5b603f42838bcaddb74ba15097cb2cc523c23824 Mon Sep 17 00:00:00 2001 From: oseoin Date: Thu, 16 May 2024 23:35:21 +0100 Subject: [PATCH 016/101] Forced SHA update workflow (#5560) --- .github/scripts/docker-updater.sh | 75 +++++++++++++++++++++++++ .github/workflows/update-docker-sha.yml | 69 +++++++++++++++++++++++ 2 files changed, 144 insertions(+) create mode 100755 .github/scripts/docker-updater.sh create mode 100644 .github/workflows/update-docker-sha.yml diff --git a/.github/scripts/docker-updater.sh b/.github/scripts/docker-updater.sh new file mode 100755 index 0000000000..6827e70cd1 --- /dev/null +++ b/.github/scripts/docker-updater.sh @@ -0,0 +1,75 @@ +#!/usr/bin/env bash + +set -o pipefail + +SCRIPT_ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd -P)" +DOCKER_FILE=${SCRIPT_ROOT}/build/Dockerfile +exclude_strings="" + +# Parse command line arguments +while [[ $# -gt 0 ]]; do + key="$1" + case $key in + --exclude) + exclude_strings="$2" + shift + shift + ;; + *) + DOCKER_FILE="$1" + shift + ;; + esac +done + +# Check if the file exists +if [ ! -f "$DOCKER_FILE" ]; then + echo "File $DOCKER_FILE does not exist." + exit 1 +fi + +function contains_excluded() { + local line="$1" + local exclude="$2" + local IFS=',' + local excluded=($exclude) + for word in "${excluded[@]}"; do + if [[ "$line" == *"$word"* ]]; then + return 0 + fi + done + return 1 +} + +function check_sha() { + image_sha="$1" + image=$(echo "$image_sha" | cut -d '@' -f1) + tag_sha=$(echo "$image_sha" | cut -d '@' -f2) + + docker pull -q "$image" > /dev/null + latest_digest=$(docker inspect --format='{{index .RepoDigests 0}}' "$image") + latest_sha=$(echo "$latest_digest" | cut -d '@' -f2) + + if [ "$tag_sha" = "$latest_sha" ]; then + echo "The provided SHA256 hash is the latest for $image" + else + echo "> A newer version of $image is available:" + echo "> - $image@$tag_sha" + echo "> + $image@$latest_sha" + echo "> updating $DOCKER_FILE" + sed -i -e "s/$tag_sha/$latest_sha/g" "$DOCKER_FILE" + fi +} +if [ -n "$exclude_strings" ]; then + echo "excluding images containing one of: '$exclude_strings'" +fi +while IFS= read -r line; do + if [[ $line =~ ^FROM\ (.+@.+) ]]; then + image=$(echo "${BASH_REMATCH[1]}" | awk '{print $1}') + if [ -n "$exclude_strings" ] && contains_excluded "$line" "$exclude_strings"; then + echo "Skipping $image" + continue + fi + check_sha "$image" + fi +done < "$DOCKER_FILE" diff --git a/.github/workflows/update-docker-sha.yml b/.github/workflows/update-docker-sha.yml new file mode 100644 index 0000000000..5d34136442 --- /dev/null +++ b/.github/workflows/update-docker-sha.yml @@ -0,0 +1,69 @@ +name: "Update pinned container SHAs" + +on: + workflow_dispatch: + inputs: + source_branch: + required: true + type: string + default: 'main' + excludes: + description: Comma separated list of strings to exclude images from the update + required: false + type: string + default: '' + dry_run: + type: boolean + default: false + +defaults: + run: + shell: bash + +permissions: + contents: read + +jobs: + update-docker-sha: + permissions: + contents: write + runs-on: ubuntu-22.04 + steps: + - name: Checkout Repository + uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + with: + ref: ${{ inputs.source_branch }} + + - name: Update images + id: update_images + run: | + docker_md5=$(find . -type f \( -wholename "build/Dockerfile" -o -wholename "tests/Dockerfile" \) -exec md5sum {} + | LC_ALL=C sort | md5sum | awk '{ print $1 }') + echo "docker_md5=${docker_md5:0:8}" >> $GITHUB_OUTPUT + ARGS="" + if [ -n ${{ github.event.inputs.excludes }} ]; then + ARGS="--exclude ${{ github.event.inputs.excludes }}" + fi + .github/scripts/docker-updater.sh ./build/Dockerfile $ARGS + .github/scripts/docker-updater.sh ./tests/Dockerfile $ARGS + files=$(git diff --name-only) + if [[ $files == *"Dockerfile"* ]]; then + echo "change_detected=true" >> $GITHUB_OUTPUT + else + echo "change_detected=false" >> $GITHUB_OUTPUT + fi + echo $GITHUB_OUTPUT + + - name: Create Pull Request + uses: peter-evans/create-pull-request@6d6857d36972b65feb161a90e484f2984215f83e # v6.0.5 + with: + token: ${{ secrets.NGINX_PAT }} + commit-message: Update docker images ${{ steps.update_images.outputs.docker_md5 }} + title: Docker image update ${{ steps.update_images.outputs.docker_md5 }} + branch: chore/image-update-${{ inputs.source_branch }}-${{ steps.update_images.outputs.docker_md5 }} + author: nginx-bot + labels: | + chore + dependency + body: | + This automated PR updates pinned container image SHAs to latest. + if: ${{ !inputs.dry_run && steps.update_images.outputs.change_detected == 'true' }} From 5c4b31c7c83ebeac8d85052c476f36e2ed0f950e Mon Sep 17 00:00:00 2001 From: nginx-bot <68849795+nginx-bot@users.noreply.github.com> Date: Fri, 17 May 2024 02:10:49 -0700 Subject: [PATCH 017/101] Docker image update d41d8cd9 (#5570) Update docker images d41d8cd9 --- build/Dockerfile | 6 +++--- tests/Dockerfile | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/build/Dockerfile b/build/Dockerfile index 6305552f48..aa39ec3f44 100644 --- a/build/Dockerfile +++ b/build/Dockerfile @@ -128,7 +128,7 @@ RUN --mount=type=bind,from=alpine-fips-3.19,target=/tmp/fips/ \ ############################################# Base image for Alpine with NGINX Plus, App Protect WAF and FIPS ############################################# -FROM alpine:3.17@sha256:6e94b5cda2d6fd57d85abf81e81dabaea97a5885f919da676cc19d3551da4061 as alpine-plus-nap-fips +FROM alpine:3.17@sha256:53cf9478b76f4c8fae126acbdfb79bed6e69e628faff572ebe4a029d3d247d98 as alpine-plus-nap-fips ARG NGINX_PLUS_VERSION RUN --mount=type=bind,from=alpine-fips-3.17,target=/tmp/fips/ \ @@ -154,7 +154,7 @@ RUN --mount=type=bind,from=alpine-fips-3.17,target=/tmp/fips/ \ ############################################# Base image for Debian with NGINX Plus ############################################# -FROM debian:12-slim@sha256:155280b00ee0133250f7159b567a07d7cd03b1645714c3a7458b2287b0ca83cb AS debian-plus +FROM debian:12-slim@sha256:804194b909ef23fb995d9412c9378fb3505fe2427b70f3cc425339e48a828fca AS debian-plus SHELL ["/bin/bash", "-o", "pipefail", "-c"] RUN --mount=type=secret,id=nginx-repo.crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 \ @@ -177,7 +177,7 @@ RUN --mount=type=secret,id=nginx-repo.crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode ############################################# Base image for Debian with NGINX Plus and App Protect WAF/DoS ############################################# -FROM debian:11-slim@sha256:715354035496a48b9c4c8f146a6f751de70449913773038776eb1f3d01c93989 as debian-plus-nap +FROM debian:11-slim@sha256:0e75382930ceb533e2f438071307708e79dc86d9b8e433cc6dd1a96872f2651d as debian-plus-nap ARG NAP_MODULES RUN --mount=type=secret,id=nginx-repo.crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 \ diff --git a/tests/Dockerfile b/tests/Dockerfile index 24eea9d05d..5cb4aca587 100644 --- a/tests/Dockerfile +++ b/tests/Dockerfile @@ -2,7 +2,7 @@ # this is here so we can grab the latest version of kind and have dependabot keep it up to date FROM kindest/node:v1.30.0@sha256:047357ac0cfea04663786a612ba1eaba9702bef25227a794b52890dd8bcd692e -FROM python:3.12@sha256:3733015cdd1bd7d9a0b9fe21a925b608de82131aa4f3d397e465a1fcb545d36f +FROM python:3.12@sha256:3966b81808d864099f802080d897cef36c01550472ab3955fdd716d1c665acd6 RUN apt-get update \ && apt-get install -y curl git \ From 0c54622e70accb946129ef895597ee573be660f1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 17 May 2024 10:57:59 +0100 Subject: [PATCH 018/101] Bump the go group with 4 updates (#5568) --- go.mod | 22 +++++++++++----------- go.sum | 44 ++++++++++++++++++++++---------------------- 2 files changed, 33 insertions(+), 33 deletions(-) diff --git a/go.mod b/go.mod index 01fa7f887e..347129d215 100644 --- a/go.mod +++ b/go.mod @@ -3,8 +3,8 @@ module github.com/nginxinc/kubernetes-ingress go 1.22.3 require ( - github.com/aws/aws-sdk-go-v2/config v1.27.13 - github.com/aws/aws-sdk-go-v2/service/marketplacemetering v1.21.5 + github.com/aws/aws-sdk-go-v2/config v1.27.14 + github.com/aws/aws-sdk-go-v2/service/marketplacemetering v1.21.6 github.com/cert-manager/cert-manager v1.14.5 github.com/dlclark/regexp2 v1.11.0 github.com/go-chi/chi/v5 v5.0.12 @@ -35,17 +35,17 @@ require ( require ( github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 // indirect github.com/Microsoft/go-winio v0.6.1 // indirect - github.com/aws/aws-sdk-go-v2 v1.26.1 // indirect - github.com/aws/aws-sdk-go-v2/credentials v1.17.13 // indirect - github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.1 // indirect - github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.5 // indirect - github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.5 // indirect + github.com/aws/aws-sdk-go-v2 v1.26.2 // indirect + github.com/aws/aws-sdk-go-v2/credentials v1.17.14 // indirect + github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.2 // indirect + github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.6 // indirect + github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.6 // indirect github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 // indirect github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.7 // indirect - github.com/aws/aws-sdk-go-v2/service/sso v1.20.6 // indirect - github.com/aws/aws-sdk-go-v2/service/ssooidc v1.24.0 // indirect - github.com/aws/aws-sdk-go-v2/service/sts v1.28.7 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.8 // indirect + github.com/aws/aws-sdk-go-v2/service/sso v1.20.7 // indirect + github.com/aws/aws-sdk-go-v2/service/ssooidc v1.24.1 // indirect + github.com/aws/aws-sdk-go-v2/service/sts v1.28.8 // indirect github.com/aws/smithy-go v1.20.2 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/blang/semver/v4 v4.0.0 // indirect diff --git a/go.sum b/go.sum index 6c305a6d32..207db6aace 100644 --- a/go.sum +++ b/go.sum @@ -9,32 +9,32 @@ github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migc github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM= github.com/alexbrainman/sspi v0.0.0-20210105120005-909beea2cc74 h1:Kk6a4nehpJ3UuJRqlA3JxYxBZEqCeOmATOvrbT4p9RA= github.com/alexbrainman/sspi v0.0.0-20210105120005-909beea2cc74/go.mod h1:cEWa1LVoE5KvSD9ONXsZrj0z6KqySlCCNKHlLzbqAt4= -github.com/aws/aws-sdk-go-v2 v1.26.1 h1:5554eUqIYVWpU0YmeeYZ0wU64H2VLBs8TlhRB2L+EkA= -github.com/aws/aws-sdk-go-v2 v1.26.1/go.mod h1:ffIFB97e2yNsv4aTSGkqtHnppsIJzw7G7BReUZ3jCXM= -github.com/aws/aws-sdk-go-v2/config v1.27.13 h1:WbKW8hOzrWoOA/+35S5okqO/2Ap8hkkFUzoW8Hzq24A= -github.com/aws/aws-sdk-go-v2/config v1.27.13/go.mod h1:XLiyiTMnguytjRER7u5RIkhIqS8Nyz41SwAWb4xEjxs= -github.com/aws/aws-sdk-go-v2/credentials v1.17.13 h1:XDCJDzk/u5cN7Aple7D/MiAhx1Rjo/0nueJ0La8mRuE= -github.com/aws/aws-sdk-go-v2/credentials v1.17.13/go.mod h1:FMNcjQrmuBYvOTZDtOLCIu0esmxjF7RuA/89iSXWzQI= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.1 h1:FVJ0r5XTHSmIHJV6KuDmdYhEpvlHpiSd38RQWhut5J4= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.1/go.mod h1:zusuAeqezXzAB24LGuzuekqMAEgWkVYukBec3kr3jUg= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.5 h1:aw39xVGeRWlWx9EzGVnhOR4yOjQDHPQ6o6NmBlscyQg= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.5/go.mod h1:FSaRudD0dXiMPK2UjknVwwTYyZMRsHv3TtkabsZih5I= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.5 h1:PG1F3OD1szkuQPzDw3CIQsRIrtTlUC3lP84taWzHlq0= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.5/go.mod h1:jU1li6RFryMz+so64PpKtudI+QzbKoIEivqdf6LNpOc= +github.com/aws/aws-sdk-go-v2 v1.26.2 h1:OTRAL8EPdNoOdiq5SUhCaHhVPBU2wxAUe5uwasoJGRM= +github.com/aws/aws-sdk-go-v2 v1.26.2/go.mod h1:ffIFB97e2yNsv4aTSGkqtHnppsIJzw7G7BReUZ3jCXM= +github.com/aws/aws-sdk-go-v2/config v1.27.14 h1:QOg8Ud53rrmdjBHX080AaYUBhG2ER28kP/yjE7afF/0= +github.com/aws/aws-sdk-go-v2/config v1.27.14/go.mod h1:CLgU27opbIwnjwH++zQPvF4qsEIqviKL6l8b1AtRImc= +github.com/aws/aws-sdk-go-v2/credentials v1.17.14 h1:0y1IAEldTO2ZA3Lcq7u7y4Q2tUQlB3At2LZQijUHu3U= +github.com/aws/aws-sdk-go-v2/credentials v1.17.14/go.mod h1:En2zXCfDZJgtbp2UnzHDgKMz+mSRc4pA3Ka+jxoJvaA= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.2 h1:HTAQSEibYaSioHzjOQssUJnE8itwVP9SzmdR6lqC38g= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.2/go.mod h1:NjUtmUEIimOc5tPw//xqKNK/spUqCTSbxjwzCrnsj8U= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.6 h1:yrfbQyxO73opeqep8FohU4LJx56iiQuvf4/XPgFB4To= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.6/go.mod h1:bFtlRACYBPG2AUYst0ky5TPtgeYqWCksozVTGsZ1zq0= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.6 h1:DXsuqiAp1mGkelZCUSex8DsRtkeK4mW3oreyjNSegoo= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.6/go.mod h1:cLtGzsyh+Wz2j1w9Qyfn5DA9i25RfbYjwfJBZqCiP9Y= github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 h1:hT8rVHwugYE2lEfdFE0QWVo81lF7jMrYJVDWI+f+VxU= github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0/go.mod h1:8tu/lYfQfFe6IGnaOdrpVgEL2IrrDOf6/m9RQum4NkY= github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2 h1:Ji0DY1xUsUr3I8cHps0G+XM3WWU16lP6yG8qu1GAZAs= github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2/go.mod h1:5CsjAbs3NlGQyZNFACh+zztPDI7fU6eW9QsxjfnuBKg= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.7 h1:ogRAwT1/gxJBcSWDMZlgyFUM962F51A5CRhDLbxLdmo= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.7/go.mod h1:YCsIZhXfRPLFFCl5xxY+1T9RKzOKjCut+28JSX2DnAk= -github.com/aws/aws-sdk-go-v2/service/marketplacemetering v1.21.5 h1:p2PxN+OO28p2bCCXE79sJfFBaSohwxa24bQdjuyPZCs= -github.com/aws/aws-sdk-go-v2/service/marketplacemetering v1.21.5/go.mod h1:Q01yJLephuOzv6IYzcknrpVAriOqB66+qtGnpqgw9UE= -github.com/aws/aws-sdk-go-v2/service/sso v1.20.6 h1:o5cTaeunSpfXiLTIBx5xo2enQmiChtu1IBbzXnfU9Hs= -github.com/aws/aws-sdk-go-v2/service/sso v1.20.6/go.mod h1:qGzynb/msuZIE8I75DVRCUXw3o3ZyBmUvMwQ2t/BrGM= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.24.0 h1:Qe0r0lVURDDeBQJ4yP+BOrJkvkiCo/3FH/t+wY11dmw= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.24.0/go.mod h1:mUYPBhaF2lGiukDEjJX2BLRRKTmoUSitGDUgM4tRxak= -github.com/aws/aws-sdk-go-v2/service/sts v1.28.7 h1:et3Ta53gotFR4ERLXXHIHl/Uuk1qYpP5uU7cvNql8ns= -github.com/aws/aws-sdk-go-v2/service/sts v1.28.7/go.mod h1:FZf1/nKNEkHdGGJP/cI2MoIMquumuRK6ol3QQJNDxmw= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.8 h1:gwdGHxiV5f6Of48JJIZVD7sx45kT1l9kYdoUH5oQTZM= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.8/go.mod h1:C9Glc6N50uIJqPPeL6N3spW/wzGyeQsQmecnKS7DTR4= +github.com/aws/aws-sdk-go-v2/service/marketplacemetering v1.21.6 h1:ixdcPoI5vCQ5aM9Wsz4cKat/cPz6eydoP9uaViwWxzU= +github.com/aws/aws-sdk-go-v2/service/marketplacemetering v1.21.6/go.mod h1:dmFYm11OJxaJgHb5NVgxnxUnZUeBWLjHmMh6qfBjBg4= +github.com/aws/aws-sdk-go-v2/service/sso v1.20.7 h1:sdPpNCoUijc0ntu024ZdjrXh3mB9rud5SjmE7djIfK4= +github.com/aws/aws-sdk-go-v2/service/sso v1.20.7/go.mod h1:8RMeDMFTkkDQ5LvaaAykdkNVVR0eQxGWm8CD6uBvd1M= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.24.1 h1:/vljM1ZswUEIRHWVxEqDhLzOSGmDcstW2zeTt23Ipf0= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.24.1/go.mod h1:XhJksmKh1RYjMbWHf3ZwQF0UYJjlqrm45NVvDe54SOU= +github.com/aws/aws-sdk-go-v2/service/sts v1.28.8 h1:FCYhQETaff4Skb2Hz9WoUqJAesr4MIQ9+TQ9ypjz7Ic= +github.com/aws/aws-sdk-go-v2/service/sts v1.28.8/go.mod h1:s+7oFIwiOegfrF00xNowWwLAtRiA9xhvm1UpZdJ0aus= github.com/aws/smithy-go v1.20.2 h1:tbp628ireGtzcHDDmLT/6ADHidqnwgF57XOXZe6tp4Q= github.com/aws/smithy-go v1.20.2/go.mod h1:krry+ya/rV9RDcV/Q16kpu6ypI4K2czasz0NC3qS14E= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= From 9060ba69fab24a9fa011fce6646a5f3c18afc934 Mon Sep 17 00:00:00 2001 From: AlexFenlon Date: Fri, 17 May 2024 15:27:28 +0100 Subject: [PATCH 019/101] Add IsPlus to Telemetry (#5571) --- docs/content/overview/product-telemetry.md | 1 + internal/k8s/controller.go | 1 + internal/telemetry/cluster.go | 5 + internal/telemetry/collector.go | 8 ++ internal/telemetry/collector_test.go | 98 +++++++++++++++++++ internal/telemetry/data.avdl | 3 + internal/telemetry/exporter.go | 2 + .../nicresourcecounts_attributes_generated.go | 1 + 8 files changed, 119 insertions(+) diff --git a/docs/content/overview/product-telemetry.md b/docs/content/overview/product-telemetry.md index 387421f619..c93e283a15 100644 --- a/docs/content/overview/product-telemetry.md +++ b/docs/content/overview/product-telemetry.md @@ -48,6 +48,7 @@ These are the data points collected and reported by NGINX Ingress Controller: - **WAFPolicies** Number of WAF policies. - **GlobalConfiguration** Represents the use of a GlobalConfiguration resource. - **AppProtectVersion** The AppProtect version +- **IsPlus** Represents whether NGINX is Plus or OSS ## Opt out diff --git a/internal/k8s/controller.go b/internal/k8s/controller.go index c87aa1d0d6..43a0c4fb89 100644 --- a/internal/k8s/controller.go +++ b/internal/k8s/controller.go @@ -374,6 +374,7 @@ func NewLoadBalancerController(input NewLoadBalancerControllerInput) *LoadBalanc Name: os.Getenv("POD_NAME"), }, Policies: lbc.getAllPolicies, + IsPlus: lbc.isNginxPlus, } collector, err := telemetry.NewCollector( collectorConfig, diff --git a/internal/telemetry/cluster.go b/internal/telemetry/cluster.go index ebc2c7a760..4e3af5167f 100644 --- a/internal/telemetry/cluster.go +++ b/internal/telemetry/cluster.go @@ -197,6 +197,11 @@ func (c *Collector) AppProtectVersion() string { return c.Config.AppProtectVersion } +// IsPlusEnabled returns true or false depending on if NGINX is Plus or OSS +func (c *Collector) IsPlusEnabled() bool { + return c.Config.IsPlus +} + // lookupPlatform takes a string representing a K8s PlatformID // retrieved from a cluster node and returns a string // representing the platform name. diff --git a/internal/telemetry/collector.go b/internal/telemetry/collector.go index 8606ffe2aa..7621d54bba 100644 --- a/internal/telemetry/collector.go +++ b/internal/telemetry/collector.go @@ -74,6 +74,9 @@ type CollectorConfig struct { // AppProtectVersion represents the version of App Protect. AppProtectVersion string + + // IsPlus represents whether NGINX is Plus or OSS + IsPlus bool } // NewCollector takes 0 or more options and creates a new TraceReporter. @@ -137,6 +140,7 @@ func (c *Collector) Collect(ctx context.Context) { GlobalConfiguration: report.GlobalConfiguration, IngressAnnotations: report.IngressAnnotations, AppProtectVersion: report.AppProtectVersion, + IsPlus: report.IsPlus, }, } @@ -178,6 +182,7 @@ type Report struct { GlobalConfiguration bool IngressAnnotations []string AppProtectVersion string + IsPlus bool } // BuildReport takes context, collects telemetry data and builds the report. @@ -248,6 +253,8 @@ func (c *Collector) BuildReport(ctx context.Context) (Report, error) { appProtectVersion := c.AppProtectVersion() + isPlus := c.IsPlusEnabled() + return Report{ Name: "NIC", Version: c.Config.Version, @@ -276,5 +283,6 @@ func (c *Collector) BuildReport(ctx context.Context) (Report, error) { GlobalConfiguration: c.Config.GlobalConfiguration, IngressAnnotations: ingressAnnotations, AppProtectVersion: appProtectVersion, + IsPlus: isPlus, }, err } diff --git a/internal/telemetry/collector_test.go b/internal/telemetry/collector_test.go index b1867f1cdb..308fba89ab 100644 --- a/internal/telemetry/collector_test.go +++ b/internal/telemetry/collector_test.go @@ -389,6 +389,104 @@ func TestCollectPoliciesReport(t *testing.T) { } } +func TestCollectIsPlus(t *testing.T) { + t.Parallel() + + testCases := []struct { + name string + isPlus bool + want bool + }{ + { + name: "Plus enabled", + isPlus: true, + want: true, + }, + { + name: "Plus disabled", + isPlus: false, + want: false, + }, + } + + for _, tc := range testCases { + t.Run(tc.name, func(t *testing.T) { + buf := &bytes.Buffer{} + exp := &telemetry.StdoutExporter{Endpoint: buf} + + configurator := newConfiguratorWithIngress(t) + + cfg := telemetry.CollectorConfig{ + Configurator: configurator, + K8sClientReader: newTestClientset(node1, kubeNS), + Version: telemetryNICData.ProjectVersion, + IsPlus: tc.isPlus, + } + + c, err := telemetry.NewCollector(cfg, telemetry.WithExporter(exp)) + if err != nil { + t.Fatal(err) + } + c.Collect(context.Background()) + + ver := c.IsPlusEnabled() + + if tc.want != ver { + t.Errorf("want: %t, got: %t", tc.want, ver) + } + }) + } +} + +func TestCollectInvalidIsPlus(t *testing.T) { + t.Parallel() + + testCases := []struct { + name string + isPlus bool + want bool + }{ + { + name: "Plus disabled but want enabled", + isPlus: false, + want: true, + }, + { + name: "Plus disabled but want enabled", + isPlus: false, + want: true, + }, + } + + for _, tc := range testCases { + t.Run(tc.name, func(t *testing.T) { + buf := &bytes.Buffer{} + exp := &telemetry.StdoutExporter{Endpoint: buf} + + configurator := newConfiguratorWithIngress(t) + + cfg := telemetry.CollectorConfig{ + Configurator: configurator, + K8sClientReader: newTestClientset(node1, kubeNS), + Version: telemetryNICData.ProjectVersion, + IsPlus: tc.isPlus, + } + + c, err := telemetry.NewCollector(cfg, telemetry.WithExporter(exp)) + if err != nil { + t.Fatal(err) + } + c.Collect(context.Background()) + + ver := c.IsPlusEnabled() + + if tc.want == ver { + t.Errorf("want: %t, got: %t", tc.want, ver) + } + }) + } +} + func TestIngressCountReportsNoDeployedIngresses(t *testing.T) { t.Parallel() diff --git a/internal/telemetry/data.avdl b/internal/telemetry/data.avdl index a7a105186a..23c17f4fa1 100644 --- a/internal/telemetry/data.avdl +++ b/internal/telemetry/data.avdl @@ -90,5 +90,8 @@ It is the UID of the `kube-system` Namespace. */ /** AppProtectVersion represents the version of AppProtect. */ string? AppProtectVersion = null; + /** IsPlus represents whether NGINX is Plus or OSS */ + boolean? IsPlus = null; + } } diff --git a/internal/telemetry/exporter.go b/internal/telemetry/exporter.go index db158dd875..ce2dc11e3e 100644 --- a/internal/telemetry/exporter.go +++ b/internal/telemetry/exporter.go @@ -103,4 +103,6 @@ type NICResourceCounts struct { IngressAnnotations []string // AppProtectVersion represents the version of AppProtect. AppProtectVersion string + // IsPlus represents whether NGINX is Plus or OSS + IsPlus bool } diff --git a/internal/telemetry/nicresourcecounts_attributes_generated.go b/internal/telemetry/nicresourcecounts_attributes_generated.go index 75f8eb905d..f215145ad4 100644 --- a/internal/telemetry/nicresourcecounts_attributes_generated.go +++ b/internal/telemetry/nicresourcecounts_attributes_generated.go @@ -32,6 +32,7 @@ func (d *NICResourceCounts) Attributes() []attribute.KeyValue { attrs = append(attrs, attribute.Bool("GlobalConfiguration", d.GlobalConfiguration)) attrs = append(attrs, attribute.StringSlice("IngressAnnotations", d.IngressAnnotations)) attrs = append(attrs, attribute.String("AppProtectVersion", d.AppProtectVersion)) + attrs = append(attrs, attribute.Bool("IsPlus", d.IsPlus)) return attrs } From f0bb2d728df15d3e9307588cbcfdc318d9333bbe Mon Sep 17 00:00:00 2001 From: oseoin Date: Fri, 17 May 2024 16:40:16 +0100 Subject: [PATCH 020/101] Fix workflow PR labels (#5574) fix workflow PR labels --- .github/workflows/update-docker-sha.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/update-docker-sha.yml b/.github/workflows/update-docker-sha.yml index 5d34136442..787c2323f0 100644 --- a/.github/workflows/update-docker-sha.yml +++ b/.github/workflows/update-docker-sha.yml @@ -62,8 +62,8 @@ jobs: branch: chore/image-update-${{ inputs.source_branch }}-${{ steps.update_images.outputs.docker_md5 }} author: nginx-bot labels: | - chore - dependency + dependencies + docker body: | This automated PR updates pinned container image SHAs to latest. if: ${{ !inputs.dry_run && steps.update_images.outputs.change_detected == 'true' }} From 58deae32bc957ec7d07d44081feb769c94450198 Mon Sep 17 00:00:00 2001 From: Jakub Jarosz <99677300+jjngx@users.noreply.github.com> Date: Mon, 20 May 2024 10:10:21 +0100 Subject: [PATCH 021/101] Remove deprecated Go code (#5559) --- internal/certmanager/test_files/util.go | 5 ----- 1 file changed, 5 deletions(-) diff --git a/internal/certmanager/test_files/util.go b/internal/certmanager/test_files/util.go index 7dfdb27624..101a0ab99b 100644 --- a/internal/certmanager/test_files/util.go +++ b/internal/certmanager/test_files/util.go @@ -19,13 +19,8 @@ package test import ( "math/rand" - "time" ) -func init() { - rand.Seed(time.Now().UnixNano()) -} - type StringGenerator func(n int) string const letterBytes = "abcdefghijklmnopqrstuvwxyz0123456789" From 829396e56021bace59846fdf593c4e4f20afe5d2 Mon Sep 17 00:00:00 2001 From: Venktesh Shivam Patel Date: Mon, 20 May 2024 10:45:03 +0100 Subject: [PATCH 022/101] exclude upgrade files from nightly regression tests (#5581) --- .github/data/matrix-regression.json | 2 ++ tests/suite/test_upgrade_resources.py | 6 +++++- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/.github/data/matrix-regression.json b/.github/data/matrix-regression.json index ab3c909788..fe52bc0cd9 100644 --- a/.github/data/matrix-regression.json +++ b/.github/data/matrix-regression.json @@ -5,12 +5,14 @@ "label": "regression", "image": "debian", "type": "oss", + "marker": "not upgrade", "platforms": "linux/arm, linux/arm64, linux/amd64, linux/ppc64le, linux/s390x" }, { "label": "regression", "image": "debian-plus", "type": "plus", + "marker": "'not upgrade'", "platforms": "linux/arm64, linux/amd64" } ] diff --git a/tests/suite/test_upgrade_resources.py b/tests/suite/test_upgrade_resources.py index 2852e57b1d..b17ec2c6fb 100644 --- a/tests/suite/test_upgrade_resources.py +++ b/tests/suite/test_upgrade_resources.py @@ -23,9 +23,13 @@ ts = f"{TEST_DATA}/upgrade-test-resources/transport-server.yaml" secret = f"{TEST_DATA}/upgrade-test-resources/secret.yaml" -# Below test class only deployes resources for upgrade testing, IC deployment should be done manually via helm. +""" +Test class below only deployes resources for upgrade testing, NIC deployment should be done manually via helm. +Run `make upgrade-resources PYTEST_ARGS="create OR delete"` to create OR delete resources. +""" +@pytest.mark.upgrade class TestUpgrade: @pytest.mark.create def test_create(self, request, kube_apis): From 7392f6bb660756f5e205ad48850cfa24728d0586 Mon Sep 17 00:00:00 2001 From: Venktesh Shivam Patel Date: Mon, 20 May 2024 11:39:14 +0100 Subject: [PATCH 023/101] add cherry-pick action (#5575) --- .github/workflows/cherry-pick.yml | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 .github/workflows/cherry-pick.yml diff --git a/.github/workflows/cherry-pick.yml b/.github/workflows/cherry-pick.yml new file mode 100644 index 0000000000..a380d5e1c1 --- /dev/null +++ b/.github/workflows/cherry-pick.yml @@ -0,0 +1,26 @@ +name: "Cherry-pick dependencies to release branch" +on: + pull_request: + branches: + - main + types: ["closed"] + +jobs: + cherry_pick_to_release: + runs-on: ubuntu-latest + name: Cherry pick into release-3.5 + if: ${{ contains(github.event.pull_request.labels.*.name, 'dependencies') && github.event.pull_request.merged == true }} + steps: + - name: Checkout + uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c1 + with: + fetch-depth: 0 + - name: Cherry pick into release-3.5 + uses: carloscastrojumo/github-cherry-pick-action@v1.0.1 + with: + branch: release-3.5 + author: nginx-bot + labels: | + dependencies + reviewers: | + kic From 39b6695338db77a04c7f1cb41c0c395dc674df44 Mon Sep 17 00:00:00 2001 From: Venktesh Shivam Patel Date: Mon, 20 May 2024 12:09:56 +0100 Subject: [PATCH 024/101] remove cert-gen script (#5583) --- Makefile | 4 ---- build/generate_default_cert_and_key.sh | 5 ----- .../installation/building-nginx-ingress-controller.md | 1 - 3 files changed, 10 deletions(-) delete mode 100755 build/generate_default_cert_and_key.sh diff --git a/Makefile b/Makefile index c44a581c90..94468a59ab 100644 --- a/Makefile +++ b/Makefile @@ -93,10 +93,6 @@ telemetry-schema: ## Generate the telemetry Schema go generate internal/telemetry/exporter.go gofumpt -w internal/telemetry/*_generated.go -.PHONY: certificate-and-key -certificate-and-key: ## Create default cert and key - ./build/generate_default_cert_and_key.sh - .PHONY: build build: ## Build Ingress Controller binary @docker -v || (code=$$?; printf "\033[0;31mError\033[0m: there was a problem with Docker\n"; exit $$code) diff --git a/build/generate_default_cert_and_key.sh b/build/generate_default_cert_and_key.sh deleted file mode 100755 index a0b6cda5ec..0000000000 --- a/build/generate_default_cert_and_key.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/usr/bin/env bash - -openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout default.key -out default.crt -subj "/CN=NGINXIngressController" -cat default.key default.crt >default.pem -rm default.key default.crt diff --git a/docs/content/installation/building-nginx-ingress-controller.md b/docs/content/installation/building-nginx-ingress-controller.md index a2aff0cd66..b968a198af 100644 --- a/docs/content/installation/building-nginx-ingress-controller.md +++ b/docs/content/installation/building-nginx-ingress-controller.md @@ -165,7 +165,6 @@ A few other useful targets: | _push_ | Pushes the built image to the Docker registry. Configures with `PREFIX` and `TAG`. | | _all_ | Runs `test`, `lint`, `verify-codegen`, `update-crds`, and `debian-image`. Stops and reports an error if any of these targets fail. | | _test_ | Runs unit tests. | -| _certificate-and-key_ | NGINX Ingress Controller requires a certificate and key for the default HTTP/HTTPS server. You have several options:
  • Reference them in a TLS Secret in a command-line argument to NGINX Ingress Controller.
  • Add them to the image in in a file in PEM format as `/etc/nginx/secrets/default`.
  • Generate a self-signed certificate and key with this target.
Note, you must include the `ADD` instruction in your Dockerfile to copy the cert and key to the image. | {{}} ### Makefile variables you can customize {#makefile-variables} From 202b3d68da1f004a3f1560a4b0c5f655182bfc37 Mon Sep 17 00:00:00 2001 From: Jakub Jarosz <99677300+jjngx@users.noreply.github.com> Date: Mon, 20 May 2024 12:57:50 +0100 Subject: [PATCH 025/101] Fix error msg to comply with a Go linter (#5582) --- internal/k8s/secrets/validation.go | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/internal/k8s/secrets/validation.go b/internal/k8s/secrets/validation.go index 0f2908a5f0..5ca4697148 100644 --- a/internal/k8s/secrets/validation.go +++ b/internal/k8s/secrets/validation.go @@ -78,10 +78,10 @@ func ValidateCASecret(secret *api_v1.Secret) error { block, _ := pem.Decode(secret.Data[CAKey]) if block == nil { - return fmt.Errorf("The data field %s must hold a valid CERTIFICATE PEM block", CAKey) + return fmt.Errorf("the data field %s must hold a valid CERTIFICATE PEM block", CAKey) } if block.Type != "CERTIFICATE" { - return fmt.Errorf("The data field %s must hold a valid CERTIFICATE PEM block, but got '%s'", CAKey, block.Type) + return fmt.Errorf("the data field %s must hold a valid CERTIFICATE PEM block, but got '%s'", CAKey, block.Type) } _, err := x509.ParseCertificate(block.Bytes) @@ -112,11 +112,11 @@ func ValidateOIDCSecret(secret *api_v1.Secret) error { // ValidateHtpasswdSecret validates the secret. If it is valid, the function returns nil. func ValidateHtpasswdSecret(secret *api_v1.Secret) error { if secret.Type != SecretTypeHtpasswd { - return fmt.Errorf("Htpasswd secret must be of the type %v", SecretTypeHtpasswd) + return fmt.Errorf("htpasswd secret must be of the type %v", SecretTypeHtpasswd) } if _, exists := secret.Data[HtpasswdFileKey]; !exists { - return fmt.Errorf("Htpasswd secret must have the data field %v", HtpasswdFileKey) + return fmt.Errorf("htpasswd secret must have the data field %v", HtpasswdFileKey) } // we don't validate the contents of secret.Data[HtpasswdFileKey], because invalid contents will not make NGINX @@ -149,7 +149,7 @@ func ValidateSecret(secret *api_v1.Secret) error { return ValidateHtpasswdSecret(secret) } - return fmt.Errorf("Secret is of the unsupported type %v", secret.Type) + return fmt.Errorf("secret is of the unsupported type %v", secret.Type) } var clientSecretValueFmtRegexp = regexp.MustCompile(`^([^"$\\\s]|\\[^$])*$`) From db1de8ec37b03abd4204a0534d8c961fc1f7db8f Mon Sep 17 00:00:00 2001 From: Venktesh Shivam Patel Date: Mon, 20 May 2024 15:26:18 +0100 Subject: [PATCH 026/101] add top level permission to gh action (#5584) --- .github/workflows/cherry-pick.yml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/.github/workflows/cherry-pick.yml b/.github/workflows/cherry-pick.yml index a380d5e1c1..96582e790e 100644 --- a/.github/workflows/cherry-pick.yml +++ b/.github/workflows/cherry-pick.yml @@ -5,9 +5,15 @@ on: - main types: ["closed"] +permissions: + contents: read + jobs: cherry_pick_to_release: - runs-on: ubuntu-latest + permissions: + contents: write + pull-requests: write + runs-on: ubuntu-22.04 name: Cherry pick into release-3.5 if: ${{ contains(github.event.pull_request.labels.*.name, 'dependencies') && github.event.pull_request.merged == true }} steps: From 24ab78deab35f0c3961e19a57791e2a416046f99 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 20 May 2024 17:13:39 +0100 Subject: [PATCH 027/101] Bump the actions group across 1 directory with 5 updates (#5587) Bumps the actions group with 5 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `4.1.5` | `4.1.6` | | [github/codeql-action](https://github.com/github/codeql-action) | `3.25.5` | `3.25.6` | | [carloscastrojumo/github-cherry-pick-action](https://github.com/carloscastrojumo/github-cherry-pick-action) | `1.0.1` | `1.0.10` | | [codecov/codecov-action](https://github.com/codecov/codecov-action) | `4.4.0` | `4.4.1` | | [anchore/sbom-action](https://github.com/anchore/sbom-action) | `0.15.11` | `0.16.0` | Updates `actions/checkout` from 4.1.5 to 4.1.6 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v4.1.5...a5ac7e51b41094c92402da3b24376905380afc29) Updates `github/codeql-action` from 3.25.5 to 3.25.6 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/b7cec7526559c32f1616476ff32d17ba4c59b2d6...9fdb3e49720b44c48891d036bb502feb25684276) Updates `carloscastrojumo/github-cherry-pick-action` from 1.0.1 to 1.0.10 - [Release notes](https://github.com/carloscastrojumo/github-cherry-pick-action/releases) - [Commits](https://github.com/carloscastrojumo/github-cherry-pick-action/compare/v1.0.1...v1.0.10) Updates `codecov/codecov-action` from 4.4.0 to 4.4.1 - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/codecov/codecov-action/compare/6d798873df2b1b8e5846dba6fb86631229fbcb17...125fc84a9a348dbcf27191600683ec096ec9021c) Updates `anchore/sbom-action` from 0.15.11 to 0.16.0 - [Release notes](https://github.com/anchore/sbom-action/releases) - [Commits](https://github.com/anchore/sbom-action/compare/7ccf588e3cf3cc2611714c2eeae48550fbc17552...e8d2a6937ecead383dfe75190d104edd1f9c5751) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: carloscastrojumo/github-cherry-pick-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: anchore/sbom-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/build-base-images.yml | 8 ++++---- .github/workflows/build-oss.yml | 4 ++-- .github/workflows/build-plus.yml | 4 ++-- .github/workflows/build-test-image.yml | 2 +- .github/workflows/cache-update.yml | 4 ++-- .github/workflows/cherry-pick.yml | 4 ++-- .github/workflows/ci.yml | 22 ++++++++++----------- .github/workflows/codeql-analysis.yml | 10 +++++----- .github/workflows/create-release-branch.yml | 2 +- .github/workflows/create-release-tag.yml | 2 +- .github/workflows/dependabot-hugo.yml | 2 +- .github/workflows/dependency-review.yml | 2 +- .github/workflows/dockerhub-description.yml | 2 +- .github/workflows/fossa.yml | 2 +- .github/workflows/labeler.yml | 2 +- .github/workflows/lint-format.yml | 10 +++++----- .github/workflows/mend.yml | 2 +- .github/workflows/oss-release.yml | 10 +++++----- .github/workflows/patch-image.yml | 2 +- .github/workflows/plus-release.yml | 10 +++++----- .github/workflows/publish-helm.yml | 6 +++--- .github/workflows/release-pr.yml | 2 +- .github/workflows/retag-images.yml | 2 +- .github/workflows/scorecards.yml | 4 ++-- .github/workflows/update-docker-images.yml | 4 ++-- .github/workflows/update-docker-sha.yml | 2 +- .github/workflows/updates-notification.yml | 2 +- .github/workflows/version-bump.yml | 2 +- 28 files changed, 65 insertions(+), 65 deletions(-) diff --git a/.github/workflows/build-base-images.yml b/.github/workflows/build-base-images.yml index d444471393..f101831cab 100644 --- a/.github/workflows/build-base-images.yml +++ b/.github/workflows/build-base-images.yml @@ -27,7 +27,7 @@ jobs: ic_version: ${{ steps.vars.outputs.ic_version }} steps: - name: Checkout Repository - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Output Variables id: vars @@ -52,7 +52,7 @@ jobs: platforms: "linux/arm64, linux/amd64, linux/ppc64le, linux/s390x" steps: - name: Checkout Repository - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Docker Buildx uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0 @@ -118,7 +118,7 @@ jobs: platforms: "linux/arm64, linux/amd64, linux/s390x" steps: - name: Checkout Repository - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Docker Buildx uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0 @@ -198,7 +198,7 @@ jobs: nap_modules: waf steps: - name: Checkout Repository - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Docker Buildx uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0 diff --git a/.github/workflows/build-oss.yml b/.github/workflows/build-oss.yml index 256b020355..19023effaf 100644 --- a/.github/workflows/build-oss.yml +++ b/.github/workflows/build-oss.yml @@ -45,7 +45,7 @@ jobs: image_digest: ${{ steps.build-push.outputs.digest }} steps: - name: Checkout Repository - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: ref: ${{ inputs.tag != '' && format('refs/tags/v{0}', inputs.tag) || github.ref }} fetch-depth: 0 @@ -233,7 +233,7 @@ jobs: ignore-unfixed: "true" - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5 + uses: github/codeql-action/upload-sarif@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6 continue-on-error: true with: sarif_file: "trivy-results-${{ inputs.image }}.sarif" diff --git a/.github/workflows/build-plus.yml b/.github/workflows/build-plus.yml index 63dd2911e6..8e33569fe6 100644 --- a/.github/workflows/build-plus.yml +++ b/.github/workflows/build-plus.yml @@ -53,7 +53,7 @@ jobs: runs-on: ${{ github.event_name == 'pull_request' && 'ubuntu-22.04' || 'kic-plus' }} steps: - name: Checkout Repository - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: fetch-depth: 0 @@ -264,7 +264,7 @@ jobs: if: ${{ inputs.publish-image }} - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5 + uses: github/codeql-action/upload-sarif@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6 continue-on-error: true with: sarif_file: "trivy-results-${{ inputs.image }}.sarif" diff --git a/.github/workflows/build-test-image.yml b/.github/workflows/build-test-image.yml index 3e1649aa1a..84b49c100c 100644 --- a/.github/workflows/build-test-image.yml +++ b/.github/workflows/build-test-image.yml @@ -28,7 +28,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout Repository - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Docker Buildx uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0 diff --git a/.github/workflows/cache-update.yml b/.github/workflows/cache-update.yml index 2e763ec0f4..a9607484cb 100644 --- a/.github/workflows/cache-update.yml +++ b/.github/workflows/cache-update.yml @@ -24,7 +24,7 @@ jobs: chart_version: ${{ steps.vars.outputs.chart_version }} steps: - name: Checkout Repository - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Output Variables id: vars @@ -45,7 +45,7 @@ jobs: contents: write # for lucacome/draft-release steps: - name: Checkout Repository - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: fetch-depth: 0 diff --git a/.github/workflows/cherry-pick.yml b/.github/workflows/cherry-pick.yml index 96582e790e..02fdd0a5fb 100644 --- a/.github/workflows/cherry-pick.yml +++ b/.github/workflows/cherry-pick.yml @@ -18,11 +18,11 @@ jobs: if: ${{ contains(github.event.pull_request.labels.*.name, 'dependencies') && github.event.pull_request.merged == true }} steps: - name: Checkout - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c1 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 with: fetch-depth: 0 - name: Cherry pick into release-3.5 - uses: carloscastrojumo/github-cherry-pick-action@v1.0.1 + uses: carloscastrojumo/github-cherry-pick-action@v1.0.10 with: branch: release-3.5 author: nginx-bot diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 70f5ca1ec6..7d17d4c351 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -52,7 +52,7 @@ jobs: forked_workflow: ${{ steps.vars.outputs.forked_workflow }} steps: - name: Checkout Repository - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: fetch-depth: 0 @@ -145,7 +145,7 @@ jobs: needs: checks steps: - name: Checkout Repository - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Setup Golang Environment uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: @@ -155,7 +155,7 @@ jobs: run: make cover if: ${{ needs.checks.outputs.binary_cache_hit != 'true' }} - name: Upload coverage to Codecov - uses: codecov/codecov-action@6d798873df2b1b8e5846dba6fb86631229fbcb17 # v4.4.0 + uses: codecov/codecov-action@125fc84a9a348dbcf27191600683ec096ec9021c # v4.4.1 with: files: ./coverage.txt token: ${{ secrets.CODECOV_TOKEN }} # required @@ -171,7 +171,7 @@ jobs: contents: write # for lucacome/draft-release steps: - name: Checkout Repository - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: fetch-depth: 0 @@ -208,7 +208,7 @@ jobs: issues: write # for goreleaser/goreleaser-action to close milestone steps: - name: Checkout Repository - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: fetch-depth: 0 @@ -219,7 +219,7 @@ jobs: if: ${{ needs.checks.outputs.binary_cache_hit != 'true' }} - name: Download Syft - uses: anchore/sbom-action/download-syft@7ccf588e3cf3cc2611714c2eeae48550fbc17552 # v0.15.11 + uses: anchore/sbom-action/download-syft@e8d2a6937ecead383dfe75190d104edd1f9c5751 # v0.16.0 if: github.ref_type == 'tag' - name: Install Cosign @@ -279,7 +279,7 @@ jobs: id-token: write steps: - name: Checkout Repository - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Fetch Cached Artifacts uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 @@ -418,7 +418,7 @@ jobs: matrix: ${{ steps.set-matrix.outputs.matrix }} steps: - name: Checkout Repository - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - id: set-matrix run: | @@ -481,7 +481,7 @@ jobs: id-token: write steps: - name: Checkout Repository - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Set image variables id: image_details @@ -767,7 +767,7 @@ jobs: packages: write # for helm to push to GHCR steps: - name: Checkout Repository - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: path: kic @@ -802,7 +802,7 @@ jobs: helm push ${{ steps.package.outputs.path }} oci://registry-1.docker.io/nginxcharts - name: Checkout Repository - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: repository: nginxinc/helm-charts fetch-depth: 1 diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index d1f6cff604..4fe35c3405 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -28,7 +28,7 @@ jobs: docs_only: ${{ github.event.pull_request && steps.docs.outputs.docs_only == 'true' }} steps: - name: Checkout Repository - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: fetch-depth: 0 @@ -66,11 +66,11 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5 + uses: github/codeql-action/init@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -89,7 +89,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, Go, Java, or Swift). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5 + uses: github/codeql-action/autobuild@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6 # ℹ️ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -102,6 +102,6 @@ jobs: # ./location_of_script_within_repo/buildscript.sh - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5 + uses: github/codeql-action/analyze@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6 with: category: "/language:${{matrix.language}}" diff --git a/.github/workflows/create-release-branch.yml b/.github/workflows/create-release-branch.yml index aa9d8c77f2..8888381256 100644 --- a/.github/workflows/create-release-branch.yml +++ b/.github/workflows/create-release-branch.yml @@ -38,7 +38,7 @@ jobs: contents: write steps: - name: Checkout NIC repo - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: ref: ${{ inputs.source_branch }} diff --git a/.github/workflows/create-release-tag.yml b/.github/workflows/create-release-tag.yml index 928578f2f4..9b1ce39b07 100644 --- a/.github/workflows/create-release-tag.yml +++ b/.github/workflows/create-release-tag.yml @@ -31,7 +31,7 @@ jobs: contents: write steps: - name: Checkout NIC repo - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: ref: ${{ inputs.release_branch }} diff --git a/.github/workflows/dependabot-hugo.yml b/.github/workflows/dependabot-hugo.yml index f49895ac30..78b71bf67c 100644 --- a/.github/workflows/dependabot-hugo.yml +++ b/.github/workflows/dependabot-hugo.yml @@ -26,7 +26,7 @@ jobs: uses: dependabot/fetch-metadata@5e5f99653a5b510e8555840e80cbf1514ad4af38 # v2.1.0 - name: Checkout Repository - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 if: ${{ steps.dependabot-metadata.outputs.package-ecosystem == 'go_modules' && contains(steps.dependabot-metadata.outputs.dependency-names, 'hugo') }} with: ref: ${{ github.head_ref }} diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index cdc18d9f50..ecd789f63a 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -21,7 +21,7 @@ jobs: pull-requests: write # for actions/dependency-review-action to post comments steps: - name: "Checkout Repository" - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: "Dependency Review" uses: actions/dependency-review-action@0c155c5e8556a497adf53f2c18edabf945ed8e70 # v4.3.2 diff --git a/.github/workflows/dockerhub-description.yml b/.github/workflows/dockerhub-description.yml index 22451bf7ae..e93f6eb638 100644 --- a/.github/workflows/dockerhub-description.yml +++ b/.github/workflows/dockerhub-description.yml @@ -19,7 +19,7 @@ jobs: runs-on: ubuntu-22.04 if: ${{ github.event.repository.fork == false }} steps: - - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Modify readme for DockerHub run: | diff --git a/.github/workflows/fossa.yml b/.github/workflows/fossa.yml index f190cd9260..e1478fc64f 100644 --- a/.github/workflows/fossa.yml +++ b/.github/workflows/fossa.yml @@ -23,7 +23,7 @@ jobs: if: ${{ github.event.repository.fork == false }} steps: - name: Checkout Repository - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Scan uses: fossas/fossa-action@47ef11b1e1e3812e88dae436ccbd2d0cbd1adab0 # v1.3.3 diff --git a/.github/workflows/labeler.yml b/.github/workflows/labeler.yml index b1d4ceb318..a086abc154 100644 --- a/.github/workflows/labeler.yml +++ b/.github/workflows/labeler.yml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout Repository - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - uses: actions/labeler@8558fd74291d67161a8a78ce36a881fa63b766a9 # v5.0.0 with: diff --git a/.github/workflows/lint-format.yml b/.github/workflows/lint-format.yml index dd82df61bb..c93d63a01a 100644 --- a/.github/workflows/lint-format.yml +++ b/.github/workflows/lint-format.yml @@ -24,7 +24,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout Repository - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Setup Golang Environment uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 @@ -44,7 +44,7 @@ jobs: pull-requests: read # for golangci-lint-action steps: - name: Checkout Repository - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Setup Golang Environment uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 @@ -61,7 +61,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout Repository - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - uses: reviewdog/action-actionlint@89a03f6ba8c0a9fd238e82c075ffb34b86e40291 # v1.46.0 with: @@ -72,7 +72,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout Repository - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Lint chart run: helm lint charts/nginx-ingress @@ -82,7 +82,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout Repository - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - uses: DavidAnson/markdownlint-cli2-action@b4c9feab76d8025d1e83c653fa3990936df0e6c8 # v16.0.0 with: diff --git a/.github/workflows/mend.yml b/.github/workflows/mend.yml index 5dfa20d72e..f51cff0bb6 100644 --- a/.github/workflows/mend.yml +++ b/.github/workflows/mend.yml @@ -24,7 +24,7 @@ jobs: if: ${{ github.event.repository.fork == false }} steps: - name: Checkout Repository - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Download agent run: curl -fsSLJO https://github.com/whitesource/unified-agent-distribution/releases/latest/download/wss-unified-agent.jar diff --git a/.github/workflows/oss-release.yml b/.github/workflows/oss-release.yml index 838a1b3244..c999ef6981 100644 --- a/.github/workflows/oss-release.yml +++ b/.github/workflows/oss-release.yml @@ -77,7 +77,7 @@ jobs: if: ${{ inputs.gcr_release_registry }} steps: - name: Checkout Repository - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Authenticate to Google Cloud id: gcr-auth @@ -119,7 +119,7 @@ jobs: if: ${{ inputs.ecr_public_registry }} steps: - name: Checkout Repository - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Authenticate to Google Cloud id: gcr-auth @@ -172,7 +172,7 @@ jobs: if: ${{ inputs.dockerhub_public_registry }} steps: - name: Checkout Repository - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Authenticate to Google Cloud id: gcr-auth @@ -220,7 +220,7 @@ jobs: if: ${{ inputs.quay_public_registry }} steps: - name: Checkout Repository - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Authenticate to Google Cloud id: gcr-auth @@ -269,7 +269,7 @@ jobs: if: ${{ inputs.github_public_registry }} steps: - name: Checkout Repository - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Authenticate to Google Cloud id: gcr-auth diff --git a/.github/workflows/patch-image.yml b/.github/workflows/patch-image.yml index 7d0e0f5f98..00f5bc410e 100644 --- a/.github/workflows/patch-image.yml +++ b/.github/workflows/patch-image.yml @@ -44,7 +44,7 @@ jobs: id-token: write steps: - name: Checkout Repository - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Docker Buildx uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0 diff --git a/.github/workflows/plus-release.yml b/.github/workflows/plus-release.yml index 92f9554497..41681fa915 100644 --- a/.github/workflows/plus-release.yml +++ b/.github/workflows/plus-release.yml @@ -77,7 +77,7 @@ jobs: if: ${{ inputs.gcr_release_registry }} steps: - name: Checkout Repository - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Authenticate to Google Cloud id: gcr-auth @@ -119,7 +119,7 @@ jobs: if: ${{ inputs.nginx_registry }} steps: - name: Checkout Repository - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Authenticate to Google Cloud id: gcr-auth @@ -176,7 +176,7 @@ jobs: if: ${{ inputs.gcr_mktpl_registry }} steps: - name: Checkout Repository - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Authenticate to Google Cloud id: gcr-priv-auth @@ -221,7 +221,7 @@ jobs: if: ${{ inputs.ecr_mktpl_registry }} steps: - name: Checkout Repository - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Authenticate to Google Cloud id: gcr-auth @@ -271,7 +271,7 @@ jobs: if: ${{ inputs.az_mktpl_registry }} steps: - name: Checkout Repository - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Authenticate to Google Cloud id: gcr-auth diff --git a/.github/workflows/publish-helm.yml b/.github/workflows/publish-helm.yml index 6bd6688dfe..413c5b9082 100644 --- a/.github/workflows/publish-helm.yml +++ b/.github/workflows/publish-helm.yml @@ -27,7 +27,7 @@ jobs: ic_version: ${{ steps.vars.outputs.ic_version }} steps: - name: Checkout Repository - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: ref: refs/heads/${{ inputs.branch }} @@ -48,7 +48,7 @@ jobs: packages: write # for helm to push to GHCR steps: - name: Checkout Repository - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: ref: refs/heads/${{ inputs.branch }} path: kic @@ -79,7 +79,7 @@ jobs: helm push ${{ steps.package.outputs.path }} oci://registry-1.docker.io/nginxcharts - name: Checkout Repository - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: repository: nginxinc/helm-charts fetch-depth: 1 diff --git a/.github/workflows/release-pr.yml b/.github/workflows/release-pr.yml index b79cf59a0b..0c6ce07165 100644 --- a/.github/workflows/release-pr.yml +++ b/.github/workflows/release-pr.yml @@ -49,7 +49,7 @@ jobs: echo "branch=release-$version" >> $GITHUB_OUTPUT - name: Checkout Repository - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: ref: ${{ steps.branch.outputs.branch }} token: ${{ secrets.NGINX_PAT }} diff --git a/.github/workflows/retag-images.yml b/.github/workflows/retag-images.yml index 8a763a8f23..ea39bd1c0d 100644 --- a/.github/workflows/retag-images.yml +++ b/.github/workflows/retag-images.yml @@ -40,7 +40,7 @@ jobs: id-token: write steps: - name: Checkout Repository - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Authenticate to Google Cloud id: gcr-auth diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index d93a17581c..0e36c0ff0c 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -29,7 +29,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: persist-credentials: false @@ -57,6 +57,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5 + uses: github/codeql-action/upload-sarif@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6 with: sarif_file: results.sarif diff --git a/.github/workflows/update-docker-images.yml b/.github/workflows/update-docker-images.yml index 519b9b734c..347c0fc8cc 100644 --- a/.github/workflows/update-docker-images.yml +++ b/.github/workflows/update-docker-images.yml @@ -33,7 +33,7 @@ jobs: date: ${{ steps.kic.outputs.date }} steps: - name: Checkout Repository - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: fetch-depth: 0 @@ -340,7 +340,7 @@ jobs: needs: [variables, release-oss-public] steps: - name: Checkout Repository - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Certify UBI OSS images in quay uses: ./.github/actions/certify-openshift-image diff --git a/.github/workflows/update-docker-sha.yml b/.github/workflows/update-docker-sha.yml index 787c2323f0..2f0b3245fb 100644 --- a/.github/workflows/update-docker-sha.yml +++ b/.github/workflows/update-docker-sha.yml @@ -30,7 +30,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout Repository - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: ref: ${{ inputs.source_branch }} diff --git a/.github/workflows/updates-notification.yml b/.github/workflows/updates-notification.yml index b67f3caaf0..6168dbffef 100644 --- a/.github/workflows/updates-notification.yml +++ b/.github/workflows/updates-notification.yml @@ -29,7 +29,7 @@ jobs: actions: read # for 8398a7/action-slack steps: - name: Checkout Repository - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: ref: refs/tags/v${{ inputs.tag }} diff --git a/.github/workflows/version-bump.yml b/.github/workflows/version-bump.yml index 970c068c73..3b8e219e39 100644 --- a/.github/workflows/version-bump.yml +++ b/.github/workflows/version-bump.yml @@ -30,7 +30,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout Repository - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: ref: ${{ inputs.source_branch }} From 064bfd55d985491452da4fcd1cadb6dfecae2cc3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 20 May 2024 18:00:51 +0100 Subject: [PATCH 028/101] Bump the go group with 2 updates (#5577) --- go.mod | 22 +++++++++++----------- go.sum | 44 ++++++++++++++++++++++---------------------- 2 files changed, 33 insertions(+), 33 deletions(-) diff --git a/go.mod b/go.mod index 347129d215..260fd1a679 100644 --- a/go.mod +++ b/go.mod @@ -3,8 +3,8 @@ module github.com/nginxinc/kubernetes-ingress go 1.22.3 require ( - github.com/aws/aws-sdk-go-v2/config v1.27.14 - github.com/aws/aws-sdk-go-v2/service/marketplacemetering v1.21.6 + github.com/aws/aws-sdk-go-v2/config v1.27.15 + github.com/aws/aws-sdk-go-v2/service/marketplacemetering v1.21.7 github.com/cert-manager/cert-manager v1.14.5 github.com/dlclark/regexp2 v1.11.0 github.com/go-chi/chi/v5 v5.0.12 @@ -35,17 +35,17 @@ require ( require ( github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 // indirect github.com/Microsoft/go-winio v0.6.1 // indirect - github.com/aws/aws-sdk-go-v2 v1.26.2 // indirect - github.com/aws/aws-sdk-go-v2/credentials v1.17.14 // indirect - github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.2 // indirect - github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.6 // indirect - github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.6 // indirect + github.com/aws/aws-sdk-go-v2 v1.27.0 // indirect + github.com/aws/aws-sdk-go-v2/credentials v1.17.15 // indirect + github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.3 // indirect + github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.7 // indirect + github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.7 // indirect github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 // indirect github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.8 // indirect - github.com/aws/aws-sdk-go-v2/service/sso v1.20.7 // indirect - github.com/aws/aws-sdk-go-v2/service/ssooidc v1.24.1 // indirect - github.com/aws/aws-sdk-go-v2/service/sts v1.28.8 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.9 // indirect + github.com/aws/aws-sdk-go-v2/service/sso v1.20.8 // indirect + github.com/aws/aws-sdk-go-v2/service/ssooidc v1.24.2 // indirect + github.com/aws/aws-sdk-go-v2/service/sts v1.28.9 // indirect github.com/aws/smithy-go v1.20.2 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/blang/semver/v4 v4.0.0 // indirect diff --git a/go.sum b/go.sum index 207db6aace..9922d84d18 100644 --- a/go.sum +++ b/go.sum @@ -9,32 +9,32 @@ github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migc github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM= github.com/alexbrainman/sspi v0.0.0-20210105120005-909beea2cc74 h1:Kk6a4nehpJ3UuJRqlA3JxYxBZEqCeOmATOvrbT4p9RA= github.com/alexbrainman/sspi v0.0.0-20210105120005-909beea2cc74/go.mod h1:cEWa1LVoE5KvSD9ONXsZrj0z6KqySlCCNKHlLzbqAt4= -github.com/aws/aws-sdk-go-v2 v1.26.2 h1:OTRAL8EPdNoOdiq5SUhCaHhVPBU2wxAUe5uwasoJGRM= -github.com/aws/aws-sdk-go-v2 v1.26.2/go.mod h1:ffIFB97e2yNsv4aTSGkqtHnppsIJzw7G7BReUZ3jCXM= -github.com/aws/aws-sdk-go-v2/config v1.27.14 h1:QOg8Ud53rrmdjBHX080AaYUBhG2ER28kP/yjE7afF/0= -github.com/aws/aws-sdk-go-v2/config v1.27.14/go.mod h1:CLgU27opbIwnjwH++zQPvF4qsEIqviKL6l8b1AtRImc= -github.com/aws/aws-sdk-go-v2/credentials v1.17.14 h1:0y1IAEldTO2ZA3Lcq7u7y4Q2tUQlB3At2LZQijUHu3U= -github.com/aws/aws-sdk-go-v2/credentials v1.17.14/go.mod h1:En2zXCfDZJgtbp2UnzHDgKMz+mSRc4pA3Ka+jxoJvaA= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.2 h1:HTAQSEibYaSioHzjOQssUJnE8itwVP9SzmdR6lqC38g= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.2/go.mod h1:NjUtmUEIimOc5tPw//xqKNK/spUqCTSbxjwzCrnsj8U= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.6 h1:yrfbQyxO73opeqep8FohU4LJx56iiQuvf4/XPgFB4To= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.6/go.mod h1:bFtlRACYBPG2AUYst0ky5TPtgeYqWCksozVTGsZ1zq0= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.6 h1:DXsuqiAp1mGkelZCUSex8DsRtkeK4mW3oreyjNSegoo= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.6/go.mod h1:cLtGzsyh+Wz2j1w9Qyfn5DA9i25RfbYjwfJBZqCiP9Y= +github.com/aws/aws-sdk-go-v2 v1.27.0 h1:7bZWKoXhzI+mMR/HjdMx8ZCC5+6fY0lS5tr0bbgiLlo= +github.com/aws/aws-sdk-go-v2 v1.27.0/go.mod h1:ffIFB97e2yNsv4aTSGkqtHnppsIJzw7G7BReUZ3jCXM= +github.com/aws/aws-sdk-go-v2/config v1.27.15 h1:uNnGLZ+DutuNEkuPh6fwqK7LpEiPmzb7MIMA1mNWEUc= +github.com/aws/aws-sdk-go-v2/config v1.27.15/go.mod h1:7j7Kxx9/7kTmL7z4LlhwQe63MYEE5vkVV6nWg4ZAI8M= +github.com/aws/aws-sdk-go-v2/credentials v1.17.15 h1:YDexlvDRCA8ems2T5IP1xkMtOZ1uLJOCJdTr0igs5zo= +github.com/aws/aws-sdk-go-v2/credentials v1.17.15/go.mod h1:vxHggqW6hFNaeNC0WyXS3VdyjcV0a4KMUY4dKJ96buU= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.3 h1:dQLK4TjtnlRGb0czOht2CevZ5l6RSyRWAnKeGd7VAFE= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.3/go.mod h1:TL79f2P6+8Q7dTsILpiVST+AL9lkF6PPGI167Ny0Cjw= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.7 h1:lf/8VTF2cM+N4SLzaYJERKEWAXq8MOMpZfU6wEPWsPk= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.7/go.mod h1:4SjkU7QiqK2M9oozyMzfZ/23LmUY+h3oFqhdeP5OMiI= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.7 h1:4OYVp0705xu8yjdyoWix0r9wPIRXnIzzOoUpQVHIJ/g= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.7/go.mod h1:vd7ESTEvI76T2Na050gODNmNU7+OyKrIKroYTu4ABiI= github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 h1:hT8rVHwugYE2lEfdFE0QWVo81lF7jMrYJVDWI+f+VxU= github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0/go.mod h1:8tu/lYfQfFe6IGnaOdrpVgEL2IrrDOf6/m9RQum4NkY= github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2 h1:Ji0DY1xUsUr3I8cHps0G+XM3WWU16lP6yG8qu1GAZAs= github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2/go.mod h1:5CsjAbs3NlGQyZNFACh+zztPDI7fU6eW9QsxjfnuBKg= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.8 h1:gwdGHxiV5f6Of48JJIZVD7sx45kT1l9kYdoUH5oQTZM= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.8/go.mod h1:C9Glc6N50uIJqPPeL6N3spW/wzGyeQsQmecnKS7DTR4= -github.com/aws/aws-sdk-go-v2/service/marketplacemetering v1.21.6 h1:ixdcPoI5vCQ5aM9Wsz4cKat/cPz6eydoP9uaViwWxzU= -github.com/aws/aws-sdk-go-v2/service/marketplacemetering v1.21.6/go.mod h1:dmFYm11OJxaJgHb5NVgxnxUnZUeBWLjHmMh6qfBjBg4= -github.com/aws/aws-sdk-go-v2/service/sso v1.20.7 h1:sdPpNCoUijc0ntu024ZdjrXh3mB9rud5SjmE7djIfK4= -github.com/aws/aws-sdk-go-v2/service/sso v1.20.7/go.mod h1:8RMeDMFTkkDQ5LvaaAykdkNVVR0eQxGWm8CD6uBvd1M= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.24.1 h1:/vljM1ZswUEIRHWVxEqDhLzOSGmDcstW2zeTt23Ipf0= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.24.1/go.mod h1:XhJksmKh1RYjMbWHf3ZwQF0UYJjlqrm45NVvDe54SOU= -github.com/aws/aws-sdk-go-v2/service/sts v1.28.8 h1:FCYhQETaff4Skb2Hz9WoUqJAesr4MIQ9+TQ9ypjz7Ic= -github.com/aws/aws-sdk-go-v2/service/sts v1.28.8/go.mod h1:s+7oFIwiOegfrF00xNowWwLAtRiA9xhvm1UpZdJ0aus= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.9 h1:Wx0rlZoEJR7JwlSZcHnEa7CNjrSIyVxMFWGAaXy4fJY= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.9/go.mod h1:aVMHdE0aHO3v+f/iw01fmXV/5DbfQ3Bi9nN7nd9bE9Y= +github.com/aws/aws-sdk-go-v2/service/marketplacemetering v1.21.7 h1:Qro9bPGqmXbFouJEEs/5eqYXd4mI0MnpNzyn99A2fug= +github.com/aws/aws-sdk-go-v2/service/marketplacemetering v1.21.7/go.mod h1:XvmRgpZk17Rf5Yqmmlp68mFNQQh0hCaqI/ygv875xFA= +github.com/aws/aws-sdk-go-v2/service/sso v1.20.8 h1:Kv1hwNG6jHC/sxMTe5saMjH6t6ZLkgfvVxyEjfWL1ks= +github.com/aws/aws-sdk-go-v2/service/sso v1.20.8/go.mod h1:c1qtZUWtygI6ZdvKppzCSXsDOq5I4luJPZ0Ud3juFCA= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.24.2 h1:nWBZ1xHCF+A7vv9sDzJOq4NWIdzFYm0kH7Pr4OjHYsQ= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.24.2/go.mod h1:9lmoVDVLz/yUZwLaQ676TK02fhCu4+PgRSmMaKR1ozk= +github.com/aws/aws-sdk-go-v2/service/sts v1.28.9 h1:Qp6Boy0cGDloOE3zI6XhNLNZgjNS8YmiFQFHe71SaW0= +github.com/aws/aws-sdk-go-v2/service/sts v1.28.9/go.mod h1:0Aqn1MnEuitqfsCNyKsdKLhDUOr4txD/g19EfiUqgws= github.com/aws/smithy-go v1.20.2 h1:tbp628ireGtzcHDDmLT/6ADHidqnwgF57XOXZe6tp4Q= github.com/aws/smithy-go v1.20.2/go.mod h1:krry+ya/rV9RDcV/Q16kpu6ypI4K2czasz0NC3qS14E= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= From 5e851d16792c25292a9d7ac936d500ebcf8ab200 Mon Sep 17 00:00:00 2001 From: Paul Abel <128620221+pdabelf5@users.noreply.github.com> Date: Tue, 21 May 2024 10:31:50 +0100 Subject: [PATCH 029/101] pick latest release branch for cherry picks (#5595) --- .github/workflows/cherry-pick.yml | 21 ++++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) diff --git a/.github/workflows/cherry-pick.yml b/.github/workflows/cherry-pick.yml index 02fdd0a5fb..b60ffaa896 100644 --- a/.github/workflows/cherry-pick.yml +++ b/.github/workflows/cherry-pick.yml @@ -14,19 +14,26 @@ jobs: contents: write pull-requests: write runs-on: ubuntu-22.04 - name: Cherry pick into release-3.5 + name: Cherry pick into release branch if: ${{ contains(github.event.pull_request.labels.*.name, 'dependencies') && github.event.pull_request.merged == true }} steps: - name: Checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: fetch-depth: 0 - - name: Cherry pick into release-3.5 - uses: carloscastrojumo/github-cherry-pick-action@v1.0.10 + + - name: Set release branch variable + id: branch + run: | + branch=$(git branch -a | egrep '^\s+remotes/origin/release' | awk '{print $1}' | sort -u | tail -n 1) + release_branch=$(basename ${branch}) + echo "branch=${release_branch}" >> $GITHUB_OUTPUT + cat $GITHUB_OUTPUT + + - name: Cherry pick into ${{ steps.branch.outputs.branch }} + uses: carloscastrojumo/github-cherry-pick-action@503773289f4a459069c832dc628826685b75b4b3 # v1.0.10 with: - branch: release-3.5 + branch: ${{ steps.branch.outputs.branch }} author: nginx-bot labels: | dependencies - reviewers: | - kic From 2124431c34bd730d111297bf5e2964fd497702f9 Mon Sep 17 00:00:00 2001 From: Venktesh Shivam Patel Date: Tue, 21 May 2024 11:19:23 +0100 Subject: [PATCH 030/101] fix test artifact name and test marker (#5596) --- .github/data/matrix-regression.json | 2 +- .github/workflows/ci.yml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/data/matrix-regression.json b/.github/data/matrix-regression.json index fe52bc0cd9..738a767375 100644 --- a/.github/data/matrix-regression.json +++ b/.github/data/matrix-regression.json @@ -5,7 +5,7 @@ "label": "regression", "image": "debian", "type": "oss", - "marker": "not upgrade", + "marker": "'not upgrade'", "platforms": "linux/arm, linux/arm64, linux/amd64, linux/ppc64le, linux/s390x" }, { diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 7d17d4c351..561636f29a 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -619,8 +619,8 @@ jobs: - name: Upload Test Results uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 with: - name: ${{ steps.smoke-tests.outputs.test-results-name }} - path: ${{ github.workspace }}/tests/${{ steps.smoke-tests.outputs.test-results-name }}.html + name: ${{ steps.smoke-tests.outputs.test-results-name }}-${{ matrix.k8s }} + path: ${{ github.workspace }}/tests/${{ steps.smoke-tests.outputs.test-results-name }}-${{ matrix.k8s }}.html if: always() smoke-results: From daa40ef14628d2b2c373cd4b0daff77ea93e530d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 21 May 2024 12:03:06 +0100 Subject: [PATCH 031/101] Bump the python group across 1 directory with 4 updates (#5597) --- updated-dependencies: - dependency-name: grpcio dependency-type: direct:production update-type: version-update:semver-minor dependency-group: python - dependency-name: grpcio-tools dependency-type: direct:production update-type: version-update:semver-minor dependency-group: python - dependency-name: pytest dependency-type: direct:production update-type: version-update:semver-patch dependency-group: python - dependency-name: requests dependency-type: direct:production update-type: version-update:semver-minor dependency-group: python ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- tests/requirements.txt | 200 ++++++++++++++++++++--------------------- 1 file changed, 100 insertions(+), 100 deletions(-) diff --git a/tests/requirements.txt b/tests/requirements.txt index ef0548e07e..45b28bb5cc 100644 --- a/tests/requirements.txt +++ b/tests/requirements.txt @@ -227,103 +227,103 @@ gprof2dot==2022.7.29 \ # via # -r requirements.txt # pytest-profiling -grpcio==1.63.0 \ - --hash=sha256:01799e8649f9e94ba7db1aeb3452188048b0019dc37696b0f5ce212c87c560c3 \ - --hash=sha256:0697563d1d84d6985e40ec5ec596ff41b52abb3fd91ec240e8cb44a63b895094 \ - --hash=sha256:08e1559fd3b3b4468486b26b0af64a3904a8dbc78d8d936af9c1cf9636eb3e8b \ - --hash=sha256:166e5c460e5d7d4656ff9e63b13e1f6029b122104c1633d5f37eaea348d7356d \ - --hash=sha256:1ff737cf29b5b801619f10e59b581869e32f400159e8b12d7a97e7e3bdeee6a2 \ - --hash=sha256:219bb1848cd2c90348c79ed0a6b0ea51866bc7e72fa6e205e459fedab5770172 \ - --hash=sha256:259e11932230d70ef24a21b9fb5bb947eb4703f57865a404054400ee92f42f5d \ - --hash=sha256:2e93aca840c29d4ab5db93f94ed0a0ca899e241f2e8aec6334ab3575dc46125c \ - --hash=sha256:3a6d1f9ea965e750db7b4ee6f9fdef5fdf135abe8a249e75d84b0a3e0c668a1b \ - --hash=sha256:50344663068041b34a992c19c600236e7abb42d6ec32567916b87b4c8b8833b3 \ - --hash=sha256:56cdf96ff82e3cc90dbe8bac260352993f23e8e256e063c327b6cf9c88daf7a9 \ - --hash=sha256:5c039ef01516039fa39da8a8a43a95b64e288f79f42a17e6c2904a02a319b357 \ - --hash=sha256:6426e1fb92d006e47476d42b8f240c1d916a6d4423c5258ccc5b105e43438f61 \ - --hash=sha256:65bf975639a1f93bee63ca60d2e4951f1b543f498d581869922910a476ead2f5 \ - --hash=sha256:6a1a3642d76f887aa4009d92f71eb37809abceb3b7b5a1eec9c554a246f20e3a \ - --hash=sha256:6ef0ad92873672a2a3767cb827b64741c363ebaa27e7f21659e4e31f4d750280 \ - --hash=sha256:756fed02dacd24e8f488f295a913f250b56b98fb793f41d5b2de6c44fb762434 \ - --hash=sha256:75f701ff645858a2b16bc8c9fc68af215a8bb2d5a9b647448129de6e85d52bce \ - --hash=sha256:8064d986d3a64ba21e498b9a376cbc5d6ab2e8ab0e288d39f266f0fca169b90d \ - --hash=sha256:878b1d88d0137df60e6b09b74cdb73db123f9579232c8456f53e9abc4f62eb3c \ - --hash=sha256:8f3f6883ce54a7a5f47db43289a0a4c776487912de1a0e2cc83fdaec9685cc9f \ - --hash=sha256:91b73d3f1340fefa1e1716c8c1ec9930c676d6b10a3513ab6c26004cb02d8b3f \ - --hash=sha256:93a46794cc96c3a674cdfb59ef9ce84d46185fe9421baf2268ccb556f8f81f57 \ - --hash=sha256:93f45f27f516548e23e4ec3fbab21b060416007dbe768a111fc4611464cc773f \ - --hash=sha256:9e350cb096e5c67832e9b6e018cf8a0d2a53b2a958f6251615173165269a91b0 \ - --hash=sha256:a2d60cd1d58817bc5985fae6168d8b5655c4981d448d0f5b6194bbcc038090d2 \ - --hash=sha256:a3abfe0b0f6798dedd2e9e92e881d9acd0fdb62ae27dcbbfa7654a57e24060c0 \ - --hash=sha256:a44624aad77bf8ca198c55af811fd28f2b3eaf0a50ec5b57b06c034416ef2d0a \ - --hash=sha256:a7b19dfc74d0be7032ca1eda0ed545e582ee46cd65c162f9e9fc6b26ef827dc6 \ - --hash=sha256:ad2ac8903b2eae071055a927ef74121ed52d69468e91d9bcbd028bd0e554be6d \ - --hash=sha256:b005292369d9c1f80bf70c1db1c17c6c342da7576f1c689e8eee4fb0c256af85 \ - --hash=sha256:b2e44f59316716532a993ca2966636df6fbe7be4ab6f099de6815570ebe4383a \ - --hash=sha256:b3afbd9d6827fa6f475a4f91db55e441113f6d3eb9b7ebb8fb806e5bb6d6bd0d \ - --hash=sha256:b416252ac5588d9dfb8a30a191451adbf534e9ce5f56bb02cd193f12d8845b7f \ - --hash=sha256:b5194775fec7dc3dbd6a935102bb156cd2c35efe1685b0a46c67b927c74f0cfb \ - --hash=sha256:cacdef0348a08e475a721967f48206a2254a1b26ee7637638d9e081761a5ba86 \ - --hash=sha256:cd1e68776262dd44dedd7381b1a0ad09d9930ffb405f737d64f505eb7f77d6c7 \ - --hash=sha256:cdcda1156dcc41e042d1e899ba1f5c2e9f3cd7625b3d6ebfa619806a4c1aadda \ - --hash=sha256:cf8dae9cc0412cb86c8de5a8f3be395c5119a370f3ce2e69c8b7d46bb9872c8d \ - --hash=sha256:d2497769895bb03efe3187fb1888fc20e98a5f18b3d14b606167dacda5789434 \ - --hash=sha256:e3b77eaefc74d7eb861d3ffbdf91b50a1bb1639514ebe764c47773b833fa2d91 \ - --hash=sha256:e48cee31bc5f5a31fb2f3b573764bd563aaa5472342860edcc7039525b53e46a \ - --hash=sha256:e4cbb2100ee46d024c45920d16e888ee5d3cf47c66e316210bc236d5bebc42b3 \ - --hash=sha256:f28f8b2db7b86c77916829d64ab21ff49a9d8289ea1564a2b2a3a8ed9ffcccd3 \ - --hash=sha256:f3023e14805c61bc439fb40ca545ac3d5740ce66120a678a3c6c2c55b70343d1 \ - --hash=sha256:fdf348ae69c6ff484402cfdb14e18c1b0054ac2420079d575c53a60b9b2853ae +grpcio==1.64.0 \ + --hash=sha256:01615bbcae6875eee8091e6b9414072f4e4b00d8b7e141f89635bdae7cf784e5 \ + --hash=sha256:02cc9cc3f816d30f7993d0d408043b4a7d6a02346d251694d8ab1f78cc723e7e \ + --hash=sha256:0b2dfe6dcace264807d9123d483d4c43274e3f8c39f90ff51de538245d7a4145 \ + --hash=sha256:0da1d921f8e4bcee307aeef6c7095eb26e617c471f8cb1c454fd389c5c296d1e \ + --hash=sha256:0f30596cdcbed3c98024fb4f1d91745146385b3f9fd10c9f2270cbfe2ed7ed91 \ + --hash=sha256:1ce4cd5a61d4532651079e7aae0fedf9a80e613eed895d5b9743e66b52d15812 \ + --hash=sha256:1f279ad72dd7d64412e10f2443f9f34872a938c67387863c4cd2fb837f53e7d2 \ + --hash=sha256:1f5de082d936e0208ce8db9095821361dfa97af8767a6607ae71425ac8ace15c \ + --hash=sha256:1f8ea18b928e539046bb5f9c124d717fbf00cc4b2d960ae0b8468562846f5aa1 \ + --hash=sha256:2186d76a7e383e1466e0ea2b0febc343ffeae13928c63c6ec6826533c2d69590 \ + --hash=sha256:23b6887bb21d77649d022fa1859e05853fdc2e60682fd86c3db652a555a282e0 \ + --hash=sha256:257baf07f53a571c215eebe9679c3058a313fd1d1f7c4eede5a8660108c52d9c \ + --hash=sha256:2a18090371d138a57714ee9bffd6c9c9cb2e02ce42c681aac093ae1e7189ed21 \ + --hash=sha256:2e8fabe2cc57a369638ab1ad8e6043721014fdf9a13baa7c0e35995d3a4a7618 \ + --hash=sha256:3161a8f8bb38077a6470508c1a7301cd54301c53b8a34bb83e3c9764874ecabd \ + --hash=sha256:31890b24d47b62cc27da49a462efe3d02f3c120edb0e6c46dcc0025506acf004 \ + --hash=sha256:3550493ac1d23198d46dc9c9b24b411cef613798dc31160c7138568ec26bc9b4 \ + --hash=sha256:3b09c3d9de95461214a11d82cc0e6a46a6f4e1f91834b50782f932895215e5db \ + --hash=sha256:3d2004e85cf5213995d09408501f82c8534700d2babeb81dfdba2a3bff0bb396 \ + --hash=sha256:46b8b43ba6a2a8f3103f103f97996cad507bcfd72359af6516363c48793d5a7b \ + --hash=sha256:579dd9fb11bc73f0de061cab5f8b2def21480fd99eb3743ed041ad6a1913ee2f \ + --hash=sha256:597191370951b477b7a1441e1aaa5cacebeb46a3b0bd240ec3bb2f28298c7553 \ + --hash=sha256:59c68df3a934a586c3473d15956d23a618b8f05b5e7a3a904d40300e9c69cbf0 \ + --hash=sha256:5a56797dea8c02e7d3a85dfea879f286175cf4d14fbd9ab3ef2477277b927baa \ + --hash=sha256:650a8150a9b288f40d5b7c1d5400cc11724eae50bd1f501a66e1ea949173649b \ + --hash=sha256:6d5541eb460d73a07418524fb64dcfe0adfbcd32e2dac0f8f90ce5b9dd6c046c \ + --hash=sha256:6ec5ed15b4ffe56e2c6bc76af45e6b591c9be0224b3fb090adfb205c9012367d \ + --hash=sha256:73f84f9e5985a532e47880b3924867de16fa1aa513fff9b26106220c253c70c5 \ + --hash=sha256:753cb58683ba0c545306f4e17dabf468d29cb6f6b11832e1e432160bb3f8403c \ + --hash=sha256:7c1f5b2298244472bcda49b599be04579f26425af0fd80d3f2eb5fd8bc84d106 \ + --hash=sha256:7e013428ab472892830287dd082b7d129f4d8afef49227a28223a77337555eaa \ + --hash=sha256:7f17572dc9acd5e6dfd3014d10c0b533e9f79cd9517fc10b0225746f4c24b58e \ + --hash=sha256:85fda90b81da25993aa47fae66cae747b921f8f6777550895fb62375b776a231 \ + --hash=sha256:874c741c8a66f0834f653a69e7e64b4e67fcd4a8d40296919b93bab2ccc780ba \ + --hash=sha256:8d598b5d5e2c9115d7fb7e2cb5508d14286af506a75950762aa1372d60e41851 \ + --hash=sha256:8de0399b983f8676a7ccfdd45e5b2caec74a7e3cc576c6b1eecf3b3680deda5e \ + --hash=sha256:a053584079b793a54bece4a7d1d1b5c0645bdbee729215cd433703dc2532f72b \ + --hash=sha256:a54362f03d4dcfae63be455d0a7d4c1403673498b92c6bfe22157d935b57c7a9 \ + --hash=sha256:aca4f15427d2df592e0c8f3d38847e25135e4092d7f70f02452c0e90d6a02d6d \ + --hash=sha256:b2cbdfba18408389a1371f8c2af1659119e1831e5ed24c240cae9e27b4abc38d \ + --hash=sha256:b52e1ec7185512103dd47d41cf34ea78e7a7361ba460187ddd2416b480e0938c \ + --hash=sha256:c46fb6bfca17bfc49f011eb53416e61472fa96caa0979b4329176bdd38cbbf2a \ + --hash=sha256:c56c91bd2923ddb6e7ed28ebb66d15633b03e0df22206f22dfcdde08047e0a48 \ + --hash=sha256:cf4c8daed18ae2be2f1fc7d613a76ee2a2e28fdf2412d5c128be23144d28283d \ + --hash=sha256:d7b7bf346391dffa182fba42506adf3a84f4a718a05e445b37824136047686a1 \ + --hash=sha256:d9171f025a196f5bcfec7e8e7ffb7c3535f7d60aecd3503f9e250296c7cfc150 # via # -r requirements.txt # grpcio-tools -grpcio-tools==1.63.0 \ - --hash=sha256:0ca6d5623dadce66fabbd8b04d0572e35fd63b31f1ae7ea1555d662864852d33 \ - --hash=sha256:0f8ce3fc598886a5370f28c86f94d06ddb0d3a251101a5bb8ed9576d9f86a519 \ - --hash=sha256:1ab17460a2dfd3433af3120598bc18e705e3092d4d8396d3c06fe93deab19bbb \ - --hash=sha256:1b88be61eaa41eb4deb6b91a1e21d2a789d8567f0a973694fa27c09196f39a9a \ - --hash=sha256:2474cffbc8f29404f0e3a2109c0a0423211ba93fe048b144e734f601ff391fc7 \ - --hash=sha256:27684446c81bffcd4f20f13bf672ac7cbeaefbd270b3d867cdb58132e4b866bc \ - --hash=sha256:2924747142ebcbbd62acf65936fbc9694afbdfc2c6ae721461015370e27b8d6f \ - --hash=sha256:32247ac2d575a633aea2536840fd232d56f309bd940081d772081bd71e0626c6 \ - --hash=sha256:376136b9bbd16304a2e550ea0bb2b3340b720a0f623856124987845ef071d479 \ - --hash=sha256:3ef50fa15689f46a2c903f1c9687aa40687d67dcb0469903fff37a63e55f11cd \ - --hash=sha256:3f138c822090e7c87ef6a5dce0a6c4fdf68a9472e6a936b70ac7be2371184abe \ - --hash=sha256:409613bb694308a1945256d1d05c3ef3497f9fbf7fd68bd8bed86d80d97df334 \ - --hash=sha256:4374c8beefec84f682c799b8df5ac4b217c09de6d69038ce16fc12dcd862fff8 \ - --hash=sha256:49404876ec70bdae431eac5b1591c32c0bba4047dfd96dc6add03dbcdad5a5fc \ - --hash=sha256:49435413548e019921e125b178f3fd30543aa348c70775669b5ed80f0b39b393 \ - --hash=sha256:49af114fed0075025fe243cb3c8405c7a99f0b87f4eb7ccdaaf33ce1f55d8318 \ - --hash=sha256:517ed2b405793e55c527f332296ae92a3e17fdd83772f1569709f2c228acaf54 \ - --hash=sha256:54136ac94eabc45b1b72d5ca379e5a2753f21a654f562838c5a9b706482bc1f0 \ - --hash=sha256:632f78d8730d39363fc5afaf7cb5cf2f56b4e346ca11f550af74cff85e702f79 \ - --hash=sha256:63a975d0457b2db1ee19fe99806091c71ad22f6f3664adc8f4c95943684dc0fd \ - --hash=sha256:6bbf51f334452fcac422509979635f97e2c2c3e71f21480891f2ba280b4b6867 \ - --hash=sha256:711d9f038c18c2f637b89af70c485018ae437dff5f7d2c631ca6a1eee7563038 \ - --hash=sha256:744952a560fdb060a5f9d467d130fde6dbfee2abb07143c87e9b17aae3c19d5a \ - --hash=sha256:7cbf570f7b9badd3bd27be5e057ca466d447c1047bf80c87a53d8bcb2e87bbbe \ - --hash=sha256:8341846604df00cf1c0a822476d27f4c481f678601a2f0b190e3b9936f857ded \ - --hash=sha256:847ca8d75090d66e787576049500eb7c230a9997146d5d433da7928baf914273 \ - --hash=sha256:94b52c0dfb6026f69858a10ee3eadf15c343667647b5846cace82f61fe809c88 \ - --hash=sha256:acb5cc845942dc0f020eefbe10ad8ac6fe2f96b99c035da738c5d3026d3a5324 \ - --hash=sha256:b2d246eee3b2a6afe65362c22a98b0e6d805c227c2569c5616ad3bec619621dd \ - --hash=sha256:b5d74a30409eda2a0cdaa700da23fe3cad5d7ac47ac2d52644abe13a84047aa0 \ - --hash=sha256:b61682c06f0bcf2c576537819c42d5fb8eec1a0a9c05c905005200a57ff54c1f \ - --hash=sha256:b87750347cb024bb74d5139da01ffba9f099ad2e43ba45893dc627ec920d57ab \ - --hash=sha256:bc0e6af05f66b36186ad3467d46ecc0f51dc9fa366005e095f4aa7739c7bfcba \ - --hash=sha256:c305274aa111412f5b8858242853e56c16ebcedc25d6a49ad615fd1b3ecd5971 \ - --hash=sha256:c63a0f37b6b64dc31b2f1a0e5f889ae8b6bb7b7b20fe2406c1285321a7c54fdd \ - --hash=sha256:c759306c04e3d0b3da3bd576e3de8bcbccc31a243a85ad256fd46d3a3ed93402 \ - --hash=sha256:cb9a0f61cabff426eaf5c0a506de599c9f006b31947ba1159254cc291c1dbdd1 \ - --hash=sha256:d58a5aacee102858e49b1cc89b1ba1a020bb04f001df057e2b03fa11e6c636d1 \ - --hash=sha256:d7142b0162834d3a67df532744a733b0757b11056373bd489a70dc07a3f65829 \ - --hash=sha256:df4dc9db9763594ae6ae04b42d6fcf7f163897a072f8fc946b864c9c3f0fbab1 \ - --hash=sha256:e197d5de49bb024f3d0b9e1ee1a0cce9e39955e17738bfbed72b0cc506a4824c \ - --hash=sha256:e68d9df9134906cbab1b225b625e11a368ab01b9ff24a4546bddec705ec7fd66 \ - --hash=sha256:e952835e7b8f40204bceb2a96fc7bcb8b07ff45ca9d07266774bc429db1efead \ - --hash=sha256:f2cc0b3098ff48811ca821440e03763dcabd11158a11d9ea819c58938a9ea276 \ - --hash=sha256:f305a5d61613e7ea3510eab62d65d47dff5206fcbe3b2347a7c1ebc9eff23dc6 \ - --hash=sha256:f74a6da9db48296c3e7e34820e96744a0ea9cd58c3fa075ed206f7bb75229324 +grpcio-tools==1.64.0 \ + --hash=sha256:087da41ee5f4cf8f0bed419d5ac59e06f07ff1109662724112bf3105fa168eb2 \ + --hash=sha256:09168716a11dab29de2950c08898fd5946a0f6479dfe95e751459685b8d9ff8f \ + --hash=sha256:0ac6f77ceddf3c93ab5ecbbd3c63ba6b8bb4aa6ad059fa64d14bcaa618d3add6 \ + --hash=sha256:18be83c9996b29d75c634731bedd654464ca7bf0a533d5bd2fb8e5e735f3ba2d \ + --hash=sha256:2968b63e02a7e3ef2b4ad607303f52db774736017a51b03150136306817d6d9a \ + --hash=sha256:2a23f739518c091b6a821f118b4f3f006cfd52d567e76eccd3b14654cfcccde8 \ + --hash=sha256:2a2dc978b5f6e62fea88ba39589b37d71d09e6c43bb7c05ac1be256020187406 \ + --hash=sha256:2aa82c4af0bac8940e429bf6bd4c029994ab85a963ddf62c0072116588fcf75b \ + --hash=sha256:32a76a524f4d20eb8aadd9c57a542322c0d21b508c304bbd92b88d105b449c0a \ + --hash=sha256:32a9e2a7613bf4361c1876161d76a5d6b12e2ac10ebc2b43253f5d7483c3ed88 \ + --hash=sha256:335fa345eca68274800d53d055d70a87c2dc0c735a19dba0d3ae443b6801cbcc \ + --hash=sha256:36842cc0db9026572d970a615e7b1e55fce89eda733fa64df4727ff7910a0a4b \ + --hash=sha256:489b0e18603a30ee7c54c622d4f2cbfe5a13134ca91282b4ea9c4e8153a544b3 \ + --hash=sha256:51b75ca0b86b967e1fbdea52416ef79a1507959bb2a64783e5c1dd9515608bf5 \ + --hash=sha256:5816b722a0ce9eebe9228264dbd8c9e0a4552ff92256590c73a97c1ab20e48a8 \ + --hash=sha256:691369981d2f680bbf754ebde29a4fa630795543c565919558c178671d7e2a11 \ + --hash=sha256:6c32e77fcff8861a1d781c561e939cc7171efff73804e817c76bc513bb1073ab \ + --hash=sha256:6c377252957be7bd9e479ba3c23f755237b42941460128c3240831f025f8294c \ + --hash=sha256:711d268f03d4d6cb2f90b55b8965c205ce4a5405fcf10a60aadbebd8b4c6a7e7 \ + --hash=sha256:78d37deb5207b06d14f95f375c094631009f95b3834541aec9c866442908c7ca \ + --hash=sha256:7c21c53595080518feaed2ce10c6ad39b643eb1c225b162506222c64d74088e0 \ + --hash=sha256:852e1bdb30ce4ff47eb53d8bcdf9f72654c11d7569006afb86b8b0ad47e93cf5 \ + --hash=sha256:89f5d7985d483f48406c10d1658e587d50c4188c3c1aa2bc882d06c0592f6186 \ + --hash=sha256:8be1f77c8dab0412eb6cc596abac985cdf1c42608c921966cbb84d6d66f31b2c \ + --hash=sha256:8de2c2a956cd6e9331a417e118c5b1a60a111cd93b1ea8366234081eee1871f4 \ + --hash=sha256:944d5d00b177e67be7eac80fc04ee41e9b4c2a790f0a61cd95cae5aaa59328b8 \ + --hash=sha256:9800e2699ddc6e794abeca17a10b0ab75291eceac00ed256caf75283ee813e77 \ + --hash=sha256:99ab2be15a8027cb3c65e957c2f8bb7e596af954f399c4b1d257b34996860b36 \ + --hash=sha256:9a3db8b94b094ae3b5bf30b055f0f29570a57221602d31dec6c19b4a2933c0c2 \ + --hash=sha256:9ac55d595bc0ed9ef2757e688f68641de6dc5f4696e6848cae380aa34f0ac0d9 \ + --hash=sha256:9db97ef2e3b2ec17d1d5b5471b16bfed10521fe6e00674e36f9ba35344e20153 \ + --hash=sha256:a64ae624a0496b9f45824325fdc14fb8cbcab2c25ecb67c42cd0edd796a5b79e \ + --hash=sha256:af5436ff5865fd80d8a6796e904ae71bc8377f6646a42a3931ae801869d790fc \ + --hash=sha256:c2729d2ecdfc63c3852510f62b0dddb929648303fa9f394a86eb1e2121811c3b \ + --hash=sha256:d0118866227874203a2cd27ca9cf8d62cddf703449f009b548b9fee83594d12b \ + --hash=sha256:d86cdd273a8d29a856b1a1da27e3bd7cea524072dbe364b03bc16e12cb0f85cd \ + --hash=sha256:de5e1e7d4deaebfe16ea0c734bc933ddbdcacd04b980ab44e881c8ad3e88670a \ + --hash=sha256:e0375536d220edc897e39a7d0ca5859dba586d27170614bb8f5edae6a6f3276e \ + --hash=sha256:f0e694b9f427e437bf60e1138d0ca9a7bee5b0ce1a6d70b1e1c3b99720692d4d \ + --hash=sha256:f6cae2a6f1270c52c9bce9d44b390404ce02b64e72d480b9c09bcc9468e13ce6 \ + --hash=sha256:f89f8a5b8b49b724ff371676c56e658a3ee2a9bbbb5c45ac181366c6834bcafc \ + --hash=sha256:f96302dad3292c797914caf9bc3c44528194a30b446b502838cc92834942ef6a \ + --hash=sha256:fa4c47897a0ddb78204456d002923294724e1b7fc87f0745528727383c2260ad \ + --hash=sha256:fdf13921cb8cc226a8b7a101ba81a4a4626dfcd8fd817a480615f6e09b6ef43a \ + --hash=sha256:fef19899d65e90f46784a0a5a8c9bd90c8d73b3449eaca231f1123b4d65d03a6 \ + --hash=sha256:ff57dd9c87da6995039e04f76a6791ae46fec94d7531fe1403fd94a0e3d80cdd # via -r requirements.txt idna==3.7 \ --hash=sha256:028ff3aadf0609c1fd278d8ea3089299412a7a8b9bd005dd08b9f8285bcb5cfc \ @@ -483,9 +483,9 @@ pyparsing==3.1.2 \ --hash=sha256:a1bac0ce561155ecc3ed78ca94d3c9378656ad4c94c1270de543f621420f94ad \ --hash=sha256:f9db75911801ed778fe61bb643079ff86601aca99fcae6345aa67292038fb742 # via -r requirements.txt -pytest==8.2.0 \ - --hash=sha256:1733f0620f6cda4095bbf0d9ff8022486e91892245bb9e7d5542c018f612f233 \ - --hash=sha256:d507d4482197eac0ba2bae2e9babf0672eb333017bcedaa5fb1a3d42c1174b3f +pytest==8.2.1 \ + --hash=sha256:5046e5b46d8e4cac199c373041f26be56fdb81eb4e67dc11d4e10811fc3408fd \ + --hash=sha256:faccc5d332b8c3719f40283d0d44aa5cf101cec36f88cde9ed8f2bc0538612b1 # via # -r requirements.txt # pytest-html @@ -566,9 +566,9 @@ pyyaml==6.0.1 \ # via # -r requirements.txt # kubernetes -requests==2.31.0 \ - --hash=sha256:58cd2187c01e70e6e26505bca751777aa9f2ee0b7f4300988b709f44e013003f \ - --hash=sha256:942c5a758f98d790eaed1a29cb6eefc7ffb0d1cf7af05c3d2791656dbd6ad1e1 +requests==2.32.1 \ + --hash=sha256:21ac9465cdf8c1650fe1ecde8a71669a93d4e6f147550483a2967d08396a56a5 \ + --hash=sha256:eb97e87e64c79e64e5b8ac75cee9dd1f97f49e289b083ee6be96268930725685 # via # -r requirements.txt # forcediphttpsadapter From 7751f1c48dd1b96aef333d7fb5637efe75c88a4e Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Tue, 21 May 2024 14:25:26 +0100 Subject: [PATCH 032/101] [pre-commit.ci] pre-commit autoupdate (#5593) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit updates: - [github.com/golangci/golangci-lint: v1.58.1 → v1.58.2](https://github.com/golangci/golangci-lint/compare/v1.58.1...v1.58.2) - [github.com/python-jsonschema/check-jsonschema: 0.28.3 → 0.28.4](https://github.com/python-jsonschema/check-jsonschema/compare/0.28.3...0.28.4) Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com> --- .pre-commit-config.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 18077c8bbc..e31f1a1e45 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -43,7 +43,7 @@ repos: pass_filenames: false - repo: https://github.com/golangci/golangci-lint - rev: v1.58.1 + rev: v1.58.2 hooks: - id: golangci-lint args: [--new-from-patch=/tmp/diff.patch] @@ -64,7 +64,7 @@ repos: - id: black - repo: https://github.com/python-jsonschema/check-jsonschema - rev: 0.28.3 + rev: 0.28.4 hooks: - id: check-jsonschema name: "Check Helm Chart JSON Schema" From 106890cf689eff39678f863961261a379ce242ff Mon Sep 17 00:00:00 2001 From: Venktesh Shivam Patel Date: Tue, 21 May 2024 15:50:13 +0100 Subject: [PATCH 033/101] add PAT to cp jobs (#5599) --- .github/workflows/cherry-pick.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/cherry-pick.yml b/.github/workflows/cherry-pick.yml index b60ffaa896..117011bfb1 100644 --- a/.github/workflows/cherry-pick.yml +++ b/.github/workflows/cherry-pick.yml @@ -21,6 +21,7 @@ jobs: uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: fetch-depth: 0 + token: ${{ secrets.NGINX_PAT }} - name: Set release branch variable id: branch @@ -34,6 +35,7 @@ jobs: uses: carloscastrojumo/github-cherry-pick-action@503773289f4a459069c832dc628826685b75b4b3 # v1.0.10 with: branch: ${{ steps.branch.outputs.branch }} + token: ${{ secrets.NGINX_PAT }} author: nginx-bot labels: | dependencies From 20fb00e0f0e17b2b77eef84445b14b9b14335c06 Mon Sep 17 00:00:00 2001 From: AlexFenlon Date: Wed, 22 May 2024 14:45:57 +0100 Subject: [PATCH 034/101] Add Installation Flags to Telemetry (#5586) --- cmd/nginx-ingress/main.go | 2 + docs/content/overview/product-telemetry.md | 1 + internal/k8s/controller.go | 2 + internal/telemetry/cluster.go | 5 + internal/telemetry/cluster_test.go | 23 +++++ internal/telemetry/collector.go | 8 ++ internal/telemetry/collector_test.go | 97 +++++++++++++++++++ internal/telemetry/data.avdl | 3 + internal/telemetry/exporter.go | 2 + .../nicresourcecounts_attributes_generated.go | 1 + 10 files changed, 144 insertions(+) diff --git a/cmd/nginx-ingress/main.go b/cmd/nginx-ingress/main.go index 1eb4b8c1bd..db38de9bd5 100644 --- a/cmd/nginx-ingress/main.go +++ b/cmd/nginx-ingress/main.go @@ -59,6 +59,7 @@ func main() { fmt.Printf("NGINX Ingress Controller Version=%v Commit=%v Date=%v DirtyState=%v Arch=%v/%v Go=%v\n", version, commitHash, commitTime, dirtyBuild, runtime.GOOS, runtime.GOARCH, runtime.Version()) parseFlags() + parsedFlags := os.Args[1:] config, kubeClient := createConfigAndKubeClient() @@ -217,6 +218,7 @@ func main() { TelemetryReportingEndpoint: telemetryEndpoint, NICVersion: version, DynamicWeightChangesReload: *enableDynamicWeightChangesReload, + InstallationFlags: parsedFlags, } lbc := k8s.NewLoadBalancerController(lbcInput) diff --git a/docs/content/overview/product-telemetry.md b/docs/content/overview/product-telemetry.md index c93e283a15..c461b127f9 100644 --- a/docs/content/overview/product-telemetry.md +++ b/docs/content/overview/product-telemetry.md @@ -49,6 +49,7 @@ These are the data points collected and reported by NGINX Ingress Controller: - **GlobalConfiguration** Represents the use of a GlobalConfiguration resource. - **AppProtectVersion** The AppProtect version - **IsPlus** Represents whether NGINX is Plus or OSS +- **InstallationFlags** List of command line arguments configured for NGINX Ingress Controller ## Opt out diff --git a/internal/k8s/controller.go b/internal/k8s/controller.go index 43a0c4fb89..c6e2ab664a 100644 --- a/internal/k8s/controller.go +++ b/internal/k8s/controller.go @@ -218,6 +218,7 @@ type NewLoadBalancerControllerInput struct { TelemetryReportingEndpoint string NICVersion string DynamicWeightChangesReload bool + InstallationFlags []string } // NewLoadBalancerController creates a controller @@ -366,6 +367,7 @@ func NewLoadBalancerController(input NewLoadBalancerControllerInput) *LoadBalanc K8sClientReader: input.KubeClient, Version: input.NICVersion, AppProtectVersion: input.AppProtectVersion, + InstallationFlags: input.InstallationFlags, GlobalConfiguration: lbc.watchGlobalConfiguration, Configurator: lbc.configurator, SecretStore: lbc.secretStore, diff --git a/internal/telemetry/cluster.go b/internal/telemetry/cluster.go index 4e3af5167f..191694a509 100644 --- a/internal/telemetry/cluster.go +++ b/internal/telemetry/cluster.go @@ -202,6 +202,11 @@ func (c *Collector) IsPlusEnabled() bool { return c.Config.IsPlus } +// InstallationFlags returns the list of all set flags +func (c *Collector) InstallationFlags() []string { + return c.Config.InstallationFlags +} + // lookupPlatform takes a string representing a K8s PlatformID // retrieved from a cluster node and returns a string // representing the platform name. diff --git a/internal/telemetry/cluster_test.go b/internal/telemetry/cluster_test.go index 5ba851741a..fb88ba7004 100644 --- a/internal/telemetry/cluster_test.go +++ b/internal/telemetry/cluster_test.go @@ -4,6 +4,8 @@ import ( "context" "testing" + "github.com/google/go-cmp/cmp" + "github.com/nginxinc/kubernetes-ingress/internal/telemetry" appsV1 "k8s.io/api/apps/v1" apiCoreV1 "k8s.io/api/core/v1" @@ -436,6 +438,27 @@ func TestInstallationIDFailsOnMissingDaemonSet(t *testing.T) { } } +func TestGetInstallationFlags(t *testing.T) { + t.Parallel() + + c, err := telemetry.NewCollector( + telemetry.CollectorConfig{ + InstallationFlags: []string{ + "-nginx-plus=true", + }, + }, + ) + if err != nil { + t.Fatal(err) + } + + got := c.InstallationFlags() + want := []string{"-nginx-plus=true"} + if !cmp.Equal(want, got) { + t.Error(cmp.Diff(want, got)) + } +} + // newTestCollectorForClusterWithNodes returns a telemetry collector configured // to simulate collecting data on a cluser with provided nodes. func newTestCollectorForClusterWithNodes(t *testing.T, nodes ...runtime.Object) *telemetry.Collector { diff --git a/internal/telemetry/collector.go b/internal/telemetry/collector.go index 7621d54bba..5fa5249e46 100644 --- a/internal/telemetry/collector.go +++ b/internal/telemetry/collector.go @@ -77,6 +77,9 @@ type CollectorConfig struct { // IsPlus represents whether NGINX is Plus or OSS IsPlus bool + + // InstallationFlags represents the list of set flags managed by NIC + InstallationFlags []string } // NewCollector takes 0 or more options and creates a new TraceReporter. @@ -141,6 +144,7 @@ func (c *Collector) Collect(ctx context.Context) { IngressAnnotations: report.IngressAnnotations, AppProtectVersion: report.AppProtectVersion, IsPlus: report.IsPlus, + InstallationFlags: report.InstallationFlags, }, } @@ -183,6 +187,7 @@ type Report struct { IngressAnnotations []string AppProtectVersion string IsPlus bool + InstallationFlags []string } // BuildReport takes context, collects telemetry data and builds the report. @@ -255,6 +260,8 @@ func (c *Collector) BuildReport(ctx context.Context) (Report, error) { isPlus := c.IsPlusEnabled() + installationFlags := c.InstallationFlags() + return Report{ Name: "NIC", Version: c.Config.Version, @@ -284,5 +291,6 @@ func (c *Collector) BuildReport(ctx context.Context) (Report, error) { IngressAnnotations: ingressAnnotations, AppProtectVersion: appProtectVersion, IsPlus: isPlus, + InstallationFlags: installationFlags, }, err } diff --git a/internal/telemetry/collector_test.go b/internal/telemetry/collector_test.go index 308fba89ab..69aea3c5ee 100644 --- a/internal/telemetry/collector_test.go +++ b/internal/telemetry/collector_test.go @@ -876,6 +876,103 @@ func TestCollectInvalidAppProtectVersion(t *testing.T) { } } +func TestCollectInstallationFlags(t *testing.T) { + t.Parallel() + + testCases := []struct { + name string + setFlags []string + wantFlags []string + }{ + { + name: "first flag", + setFlags: []string{ + "nginx-plus=true", + }, + wantFlags: []string{ + "nginx-plus=true", + }, + }, + { + name: "second flag", + setFlags: []string{ + "-v=3", + }, + wantFlags: []string{ + "-v=3", + }, + }, + { + name: "multiple flags", + setFlags: []string{ + "nginx-plus=true", + "-v=3", + }, + wantFlags: []string{ + "nginx-plus=true", + "-v=3", + }, + }, + { + name: "no flags", + setFlags: []string{}, + wantFlags: []string{}, + }, + } + + for _, tc := range testCases { + t.Run(tc.name, func(t *testing.T) { + buf := &bytes.Buffer{} + exp := &telemetry.StdoutExporter{Endpoint: buf} + + configurator := newConfigurator(t) + + cfg := telemetry.CollectorConfig{ + Configurator: configurator, + K8sClientReader: newTestClientset(node1, kubeNS), + Version: telemetryNICData.ProjectVersion, + InstallationFlags: tc.setFlags, + } + + c, err := telemetry.NewCollector(cfg, telemetry.WithExporter(exp)) + if err != nil { + t.Fatal(err) + } + c.Collect(context.Background()) + + telData := tel.Data{ + ProjectName: telemetryNICData.ProjectName, + ProjectVersion: telemetryNICData.ProjectVersion, + ProjectArchitecture: telemetryNICData.ProjectArchitecture, + ClusterNodeCount: 1, + ClusterID: telemetryNICData.ClusterID, + ClusterVersion: telemetryNICData.ClusterVersion, + ClusterPlatform: "other", + } + + nicResourceCounts := telemetry.NICResourceCounts{ + VirtualServers: 0, + VirtualServerRoutes: 0, + TransportServers: 0, + Ingresses: 0, + InstallationFlags: tc.wantFlags, + } + + td := telemetry.Data{ + Data: telData, + NICResourceCounts: nicResourceCounts, + } + + want := fmt.Sprintf("%+v", &td) + + got := buf.String() + if !cmp.Equal(want, got) { + t.Error(cmp.Diff(got, want)) + } + }) + } +} + func TestCountVirtualServers(t *testing.T) { t.Parallel() diff --git a/internal/telemetry/data.avdl b/internal/telemetry/data.avdl index 23c17f4fa1..36c46b4484 100644 --- a/internal/telemetry/data.avdl +++ b/internal/telemetry/data.avdl @@ -93,5 +93,8 @@ It is the UID of the `kube-system` Namespace. */ /** IsPlus represents whether NGINX is Plus or OSS */ boolean? IsPlus = null; + /** InstallationFlags is the list of command line arguments configured for NGINX Ingress Controller */ + union {null, array} InstallationFlags = null; + } } diff --git a/internal/telemetry/exporter.go b/internal/telemetry/exporter.go index ce2dc11e3e..ccdf703664 100644 --- a/internal/telemetry/exporter.go +++ b/internal/telemetry/exporter.go @@ -105,4 +105,6 @@ type NICResourceCounts struct { AppProtectVersion string // IsPlus represents whether NGINX is Plus or OSS IsPlus bool + // InstallationFlags is the list of command line arguments configured for NGINX Ingress Controller + InstallationFlags []string } diff --git a/internal/telemetry/nicresourcecounts_attributes_generated.go b/internal/telemetry/nicresourcecounts_attributes_generated.go index f215145ad4..6d11eab24f 100644 --- a/internal/telemetry/nicresourcecounts_attributes_generated.go +++ b/internal/telemetry/nicresourcecounts_attributes_generated.go @@ -33,6 +33,7 @@ func (d *NICResourceCounts) Attributes() []attribute.KeyValue { attrs = append(attrs, attribute.StringSlice("IngressAnnotations", d.IngressAnnotations)) attrs = append(attrs, attribute.String("AppProtectVersion", d.AppProtectVersion)) attrs = append(attrs, attribute.Bool("IsPlus", d.IsPlus)) + attrs = append(attrs, attribute.StringSlice("InstallationFlags", d.InstallationFlags)) return attrs } From 80407075b086dd5a37af4c971ee8f69e032c6f76 Mon Sep 17 00:00:00 2001 From: Alan Dooley Date: Wed, 22 May 2024 16:47:43 +0100 Subject: [PATCH 035/101] Fix codeblock languages, prefix instances (#5604) This commit replaces all instances of console with shell, ensuring that codeblock highlighting and formatting is activated. It removes prefixes from shell prompt (such as $), removes unnecessary blank lines and adds languages to blocks that do not have them. --- .../globalconfiguration-resource.md | 16 ++++---- .../reporting-resources-status.md | 28 +++++++------- .../handling-host-and-listener-collisions.md | 4 +- ...advanced-configuration-with-annotations.md | 4 +- .../advanced-configuration-with-snippets.md | 4 +- .../ingress-resources/custom-annotations.md | 2 +- docs/content/configuration/policy-resource.md | 14 +++---- .../configuration/transportserver-resource.md | 12 +++--- ...server-and-virtualserverroute-resources.md | 14 +++---- .../installing-nic/installation-with-helm.md | 2 +- .../app-protect-dos/dos-protected.md | 9 ++--- .../app-protect-waf/configuration.md | 24 ++++++------ .../app-protect-waf/installation.md | 2 +- .../content/logging-and-monitoring/logging.md | 2 +- docs/content/overview/design.md | 2 +- .../troubleshooting/troubleshoot-common.md | 2 +- .../troubleshooting-app-protect-waf.md | 2 +- docs/content/tutorials/custom-listen-ports.md | 2 +- docs/content/tutorials/nginx-ingress-istio.md | 13 +++---- docs/content/tutorials/nginx-ingress-osm.md | 37 +++++++++---------- .../tutorials/oidc-custom-configuration.md | 14 +++---- docs/content/usage-reporting.md | 10 ++--- 22 files changed, 108 insertions(+), 111 deletions(-) diff --git a/docs/content/configuration/global-configuration/globalconfiguration-resource.md b/docs/content/configuration/global-configuration/globalconfiguration-resource.md index 51d9f8f48f..33830af896 100644 --- a/docs/content/configuration/global-configuration/globalconfiguration-resource.md +++ b/docs/content/configuration/global-configuration/globalconfiguration-resource.md @@ -77,15 +77,15 @@ You can use the usual `kubectl` commands to work with a GlobalConfiguration reso For example, the following command creates a GlobalConfiguration resource defined in `global-configuration.yaml` with the name `nginx-configuration`: -``` -$ kubectl apply -f global-configuration.yaml +```shell +kubectl apply -f global-configuration.yaml globalconfiguration.k8s.nginx.org/nginx-configuration created ``` Assuming the namespace of the resource is `nginx-ingress`, you can get the resource by running: -``` -$ kubectl get globalconfiguration nginx-configuration -n nginx-ingress +```shell +kubectl get globalconfiguration nginx-configuration -n nginx-ingress NAME AGE nginx-configuration 13s ``` @@ -128,8 +128,8 @@ The Ingress Controller validates the fields of a GlobalConfiguration resource. I You can check if the Ingress Controller successfully applied the configuration for a GlobalConfiguration. For our `nginx-configuration` GlobalConfiguration, we can run: -``` -$ kubectl describe gc nginx-configuration -n nginx-ingress +```shell +kubectl describe gc nginx-configuration -n nginx-ingress . . . Events: Type Reason Age From Message @@ -141,8 +141,8 @@ Note how the events section includes a Normal event with the Updated reason that If you create a GlobalConfiguration `nginx-configuration` with two or more listeners that have the same protocol UDP and port 53, you will get: -``` -$ kubectl describe gc nginx-configuration -n nginx-ingress +```shell +kubectl describe gc nginx-configuration -n nginx-ingress . . . Events: Type Reason Age From Message diff --git a/docs/content/configuration/global-configuration/reporting-resources-status.md b/docs/content/configuration/global-configuration/reporting-resources-status.md index dad4f17fe6..4c75281d60 100644 --- a/docs/content/configuration/global-configuration/reporting-resources-status.md +++ b/docs/content/configuration/global-configuration/reporting-resources-status.md @@ -34,16 +34,16 @@ Notes: NGINX Ingress Controller does not clear the status of Ingress resources w A VirtualServer or VirtualServerRoute resource includes the status field with information about the state of the resource and the IP address, through which the hosts of that resource are publicly accessible. You can see the status in the output of the `kubectl get virtualservers` or `kubectl get virtualserverroutes` commands as shown below: -``` -$ kubectl get virtualservers +```shell +kubectl get virtualservers NAME STATE HOST IP PORTS AGE cafe Valid cafe.example.com 12.13.23.123 [80,443] 34s ``` To see an external hostname address associated with a VirtualServer resource, use the `-o wide` option: -``` -$ kubectl get virtualservers -o wide +```shell +kubectl get virtualservers -o wide NAME STATE HOST IP EXTERNALHOSTNAME PORTS AGE cafe Valid cafe.example.com ae430f41a1a0042908655abcdefghijkl-12345678.eu-west-2.elb.amazonaws.com [80,443] 106s ``` @@ -52,8 +52,8 @@ $ kubectl get virtualservers -o wide In order to see additional addresses or extra information about the `Status` of the resource, use the following command: -``` -$ kubectl describe virtualserver +```shell +kubectl describe virtualserver . . . Status: External Endpoints: @@ -110,16 +110,16 @@ Notes: The Ingress Controller does not clear the status of VirtualServer and Vir A Policy resource includes the status field with information about the state of the resource. You can see the status in the output of the `kubectl get policy` command as shown below: -``` -$ kubectl get policy +```shell +kubectl get policy NAME STATE AGE webapp-policy Valid 30s ``` In order to see additional addresses or extra information about the `Status` of the resource, use the following command: -``` -$ kubectl describe policy +```shell +kubectl describe policy . . . Status: Message: Configuration for default/webapp-policy was added or updated @@ -144,16 +144,16 @@ The following fields are reported in Policy status: A TransportServer resource includes the status field with information about the state of the resource. You can see the status in the output of the `kubectl get transportserver` command as shown below: -``` -$ kubectl get transportserver +```shell +kubectl get transportserver NAME STATE REASON AGE dns-tcp Valid AddedOrUpdated 47m ``` In order to see additional addresses or extra information about the `Status` of the resource, use the following command: -``` -$ kubectl describe transportserver +```shell +kubectl describe transportserver . . . Status: Message: Configuration for default/dns-tcp was added or updated diff --git a/docs/content/configuration/handling-host-and-listener-collisions.md b/docs/content/configuration/handling-host-and-listener-collisions.md index 90963365d6..45ef42afd8 100644 --- a/docs/content/configuration/handling-host-and-listener-collisions.md +++ b/docs/content/configuration/handling-host-and-listener-collisions.md @@ -56,7 +56,7 @@ If a user creates both resources in the cluster, a host collision will occur. As In our example, if `cafe-virtual-server` was created first, it will win the host `cafe.example.com` and the Ingress Controller will reject `cafe-ingress`. This will be reflected in the events and in the resource's status field: -```console +```shell kubectl describe vs cafe-virtual-server . . . @@ -130,7 +130,7 @@ If a user creates both resources in the cluster, a listener collision will occur In our example, if `tcp-1` was created first, it will win the listener `dns-tcp` and the Ingress Controller will reject `tcp-2`. This will be reflected in the events and in the resource's status field: -```console +```shell kubectl describe ts tcp-2 . . . diff --git a/docs/content/configuration/ingress-resources/advanced-configuration-with-annotations.md b/docs/content/configuration/ingress-resources/advanced-configuration-with-annotations.md index 656e95c997..5c96acc8e6 100644 --- a/docs/content/configuration/ingress-resources/advanced-configuration-with-annotations.md +++ b/docs/content/configuration/ingress-resources/advanced-configuration-with-annotations.md @@ -57,7 +57,7 @@ NGINX Ingress Controller validates the annotations of Ingress resources. If an I You can check if the Ingress Controller successfully applied the configuration for an Ingress. For our example `cafe-ingress-with-annotations` Ingress, we can run: -```console +```shell kubectl describe ing cafe-ingress-with-annotations . . . @@ -71,7 +71,7 @@ Note how the events section includes a Normal event with the AddedOrUpdated reas If you create an invalid Ingress, the Ingress Controller will reject it and emit a Rejected event. For example, if you create an Ingress `cafe-ingress-with-annotations`, with an annotation `nginx.org/redirect-to-https` set to `yes please` instead of `true`, you will get: -```console +```shell kubectl describe ing cafe-ingress-with-annotations . . . diff --git a/docs/content/configuration/ingress-resources/advanced-configuration-with-snippets.md b/docs/content/configuration/ingress-resources/advanced-configuration-with-snippets.md index fd83073a90..6001d18e4f 100644 --- a/docs/content/configuration/ingress-resources/advanced-configuration-with-snippets.md +++ b/docs/content/configuration/ingress-resources/advanced-configuration-with-snippets.md @@ -104,7 +104,7 @@ If a snippet includes an invalid NGINX configuration, the Ingress Controller wil An example of an error from the logs: -``` +```shell [emerg] 31#31: unknown directive "badd_header" in /etc/nginx/conf.d/default-cafe-ingress-with-snippets.conf:54 Event(v1.ObjectReference{Kind:"Ingress", Namespace:"default", Name:"cafe-ingress-with-snippets", UID:"f9656dc9-63a6-41dd-a499-525b0e0309bb", APIVersion:"extensions/v1beta1", ResourceVersion:"2322030", FieldPath:""}): type: 'Warning' reason: 'AddedOrUpdatedWithError' Configuration for default/cafe-ingress-with-snippets was added or updated, but not applied: Error reloading NGINX for default/cafe-ingress-with-snippets: nginx reload failed: Command /usr/sbin/nginx -s reload stdout: "" stderr: "nginx: [emerg] unknown directive \"badd_header\" in /etc/nginx/conf.d/default-cafe-ingress-with-snippets.conf:54\n" @@ -113,7 +113,7 @@ finished with error: exit status 1 An example of an event with an error (you can view events associated with the Ingress by running `kubectl describe -n nginx-ingress ingress nginx-ingress`): -``` +```shell Events: Type Reason Age From Message ---- ------ ---- ---- ------- diff --git a/docs/content/configuration/ingress-resources/custom-annotations.md b/docs/content/configuration/ingress-resources/custom-annotations.md index c1fefcb130..67738816b3 100644 --- a/docs/content/configuration/ingress-resources/custom-annotations.md +++ b/docs/content/configuration/ingress-resources/custom-annotations.md @@ -57,7 +57,7 @@ spec: Assuming that the Ingress Controller is using that customized template, it will generate a config for the Ingress resource that will include the following part, generated by our template excerpt: -``` +```yaml # This is the configuration for cafe-ingress/default # Insert config for feature A if the annotation is set diff --git a/docs/content/configuration/policy-resource.md b/docs/content/configuration/policy-resource.md index 892f72edc0..35c8962d07 100644 --- a/docs/content/configuration/policy-resource.md +++ b/docs/content/configuration/policy-resource.md @@ -501,7 +501,7 @@ You can use the usual `kubectl` commands to work with Policy resources, just as For example, the following command creates a Policy resource defined in `access-control-policy-allow.yaml` with the name `webapp-policy`: -```console +```shell kubectl apply -f access-control-policy-allow.yaml policy.k8s.nginx.org/webapp-policy configured @@ -509,7 +509,7 @@ policy.k8s.nginx.org/webapp-policy configured You can get the resource by running: -```console +```shell kubectl get policy webapp-policy NAME AGE @@ -669,7 +669,7 @@ If you try to create (or update) a resource that violates the structural schema - Example of `kubectl` validation: - ```console + ```shell kubectl apply -f access-control-policy-allow.yaml error: error validating "access-control-policy-allow.yaml": error validating data: ValidationError(Policy.spec.accessControl.allow): invalid type for org.nginx.k8s.v1.Policy.spec.accessControl.allow: got "string", expected "array"; if you choose to ignore these errors, turn validation off with --validate=false @@ -677,7 +677,7 @@ If you try to create (or update) a resource that violates the structural schema - Example of Kubernetes API server validation: - ```console + ```shell kubectl apply -f access-control-policy-allow.yaml --validate=false The Policy "webapp-policy" is invalid: spec.accessControl.allow: Invalid value: "string": spec.accessControl.allow in body must be of type array: "string" @@ -691,7 +691,7 @@ NGINX Ingress Controller validates the fields of a Policy resource. If a resourc You can use `kubectl` to check whether or not NGINX Ingress Controller successfully applied a Policy configuration. For our example `webapp-policy` Policy, we can run: -```console +```shell kubectl describe pol webapp-policy . . . @@ -705,7 +705,7 @@ Note how the events section includes a Normal event with the AddedOrUpdated reas If you create an invalid resource, NGINX Ingress Controller will reject it and emit a Rejected event. For example, if you create a Policy `webapp-policy` with an invalid IP `10.0.0.` in the `allow` field, you will get: -```console +```shell kubectl describe policy webapp-policy . . . @@ -719,7 +719,7 @@ Note how the events section includes a Warning event with the Rejected reason. Additionally, this information is also available in the `status` field of the Policy resource. Note the Status section of the Policy: -```console +```shell kubectl describe pol webapp-policy . . . diff --git a/docs/content/configuration/transportserver-resource.md b/docs/content/configuration/transportserver-resource.md index c0d0d9d44d..2ef19d51f3 100644 --- a/docs/content/configuration/transportserver-resource.md +++ b/docs/content/configuration/transportserver-resource.md @@ -278,7 +278,7 @@ You can use the usual `kubectl` commands to work with TransportServer resources, For example, the following command creates a TransportServer resource defined in `transport-server-passthrough.yaml` with the name `secure-app`: -```console +```shell kubectl apply -f transport-server-passthrough.yaml transportserver.k8s.nginx.org/secure-app created @@ -286,7 +286,7 @@ transportserver.k8s.nginx.org/secure-app created You can get the resource by running: -```console +```shell kubectl get transportserver secure-app NAME AGE @@ -363,7 +363,7 @@ If you try to create (or update) a resource that violates the structural schema - Example of `kubectl` validation: - ```console + ```shell kubectl apply -f transport-server-passthrough.yaml error: error validating "transport-server-passthrough.yaml": error validating data: ValidationError(TransportServer.spec.upstreams[0].port): invalid type for org.nginx.k8s.v1.TransportServer.spec.upstreams.port: got "string", expected "integer"; if you choose to ignore these errors, turn validation off with --validate=false @@ -371,7 +371,7 @@ If you try to create (or update) a resource that violates the structural schema - Example of Kubernetes API server validation: - ```console + ```shell kubectl apply -f transport-server-passthrough.yaml --validate=false The TransportServer "secure-app" is invalid: []: Invalid value: map[string]interface {}{ ... }: validation failure list: @@ -386,7 +386,7 @@ The Ingress Controller validates the fields of a TransportServer resource. If a You can check if the Ingress Controller successfully applied the configuration for a TransportServer. For our example `secure-app` TransportServer, we can run: -```console +```shell kubectl describe ts secure-app . . . @@ -400,7 +400,7 @@ Note how the events section includes a Normal event with the AddedOrUpdated reas If you create an invalid resource, the Ingress Controller will reject it and emit a Rejected event. For example, if you create a TransportServer `secure-app` with a pass action that references a non-existing upstream, you will get : -```console +```shell kubectl describe ts secure-app . . . diff --git a/docs/content/configuration/virtualserver-and-virtualserverroute-resources.md b/docs/content/configuration/virtualserver-and-virtualserverroute-resources.md index 209ca295d0..2cc77b556d 100644 --- a/docs/content/configuration/virtualserver-and-virtualserverroute-resources.md +++ b/docs/content/configuration/virtualserver-and-virtualserverroute-resources.md @@ -936,7 +936,7 @@ You can use the usual `kubectl` commands to work with VirtualServer and VirtualS For example, the following command creates a VirtualServer resource defined in `cafe-virtual-server.yaml` with the name `cafe`: -```console +```shell kubectl apply -f cafe-virtual-server.yaml virtualserver.k8s.nginx.org "cafe" created @@ -944,7 +944,7 @@ virtualserver.k8s.nginx.org "cafe" created You can get the resource by running: -```console +```shell kubectl get virtualserver cafe NAME STATE HOST IP PORTS AGE @@ -1024,7 +1024,7 @@ If you try to create (or update) a resource that violates the structural schema - Example of `kubectl` validation: - ```console + ```shell kubectl apply -f cafe-virtual-server.yaml error: error validating "cafe-virtual-server.yaml": error validating data: ValidationError(VirtualServer.spec.upstreams[0].port): invalid type for org.nginx.k8s.v1.VirtualServer.spec.upstreams.port: got "string", expected "integer"; if you choose to ignore these errors, turn validation off with --validate=false @@ -1032,7 +1032,7 @@ If you try to create (or update) a resource that violates the structural schema - Example of Kubernetes API server validation: - ```console + ```shell kubectl apply -f cafe-virtual-server.yaml --validate=false The VirtualServer "cafe" is invalid: []: Invalid value: map[string]interface {}{ ... }: validation failure list: @@ -1047,7 +1047,7 @@ The Ingress Controller validates the fields of the VirtualServer and VirtualServ You can check if the Ingress Controller successfully applied the configuration for a VirtualServer. For our example `cafe` VirtualServer, we can run: -```console +```shell kubectl describe vs cafe . . . @@ -1061,7 +1061,7 @@ Note how the events section includes a Normal event with the AddedOrUpdated reas If you create an invalid resource, the Ingress Controller will reject it and emit a Rejected event. For example, if you create a VirtualServer `cafe` with two upstream with the same name `tea`, you will get: -```console +```shell kubectl describe vs cafe . . . @@ -1075,7 +1075,7 @@ Note how the events section includes a Warning event with the Rejected reason. Additionally, this information is also available in the `status` field of the VirtualServer resource. Note the Status section of the VirtualServer: -```console +```shell kubectl describe vs cafe . . . diff --git a/docs/content/installation/installing-nic/installation-with-helm.md b/docs/content/installation/installing-nic/installation-with-helm.md index 6ce206d878..7a8ddbce7a 100644 --- a/docs/content/installation/installing-nic/installation-with-helm.md +++ b/docs/content/installation/installing-nic/installation-with-helm.md @@ -38,7 +38,7 @@ kubectl apply -f crds/ Alternatively, CRDs can be upgraded without pulling the chart by running: -```console +```shell kubectl apply -f https://raw.githubusercontent.com/nginxinc/kubernetes-ingress/v3.5.1/deploy/crds.yaml ``` diff --git a/docs/content/installation/integrations/app-protect-dos/dos-protected.md b/docs/content/installation/integrations/app-protect-dos/dos-protected.md index 2c76cb2f2f..f58e0bc780 100644 --- a/docs/content/installation/integrations/app-protect-dos/dos-protected.md +++ b/docs/content/installation/integrations/app-protect-dos/dos-protected.md @@ -27,7 +27,6 @@ spec: name: "my-dos" apDosMonitor: uri: "webapp.example.com" - ``` {{% table %}} @@ -95,8 +94,8 @@ The Ingress Controller validates the fields of a dos protected resource. If a re You can use `kubectl` to check if the Ingress Controller successfully applied a dos protected resource configuration. For our example `dos-protected` dos protected resource, we can run: -``` -$ kubectl describe dosprotectedresource dos-protected +```shell +kubectl describe dosprotectedresource dos-protected . . . Events: Type Reason Age From Message @@ -108,8 +107,8 @@ Note how the events section includes a Normal event with the AddedOrUpdated reas If you create an invalid resource, the Ingress Controller will reject it and emit a Rejected event. For example, if you create a dos protected resource `dos-protected` with an invalid URI `bad` in the `dosSecurityLog/dosLogDest` field, you will get: -``` -$ kubectl describe policy webapp-policy +```shell +kubectl describe policy webapp-policy . . . Events: Type Reason Age From Message diff --git a/docs/content/installation/integrations/app-protect-waf/configuration.md b/docs/content/installation/integrations/app-protect-waf/configuration.md index 0c0c3e91fb..5e2ae4d80e 100644 --- a/docs/content/installation/integrations/app-protect-waf/configuration.md +++ b/docs/content/installation/integrations/app-protect-waf/configuration.md @@ -407,7 +407,7 @@ paths: In this case, the following request will trigger an `Illegal parameter data type` violation, as we expect to have an integer value in the `query_int` parameter: -``` +```none http://localhost/query?query_int=abc ``` @@ -428,13 +428,13 @@ In this example we deploy NGINX Ingress Controller with NGINX Plus and NGINX App 1. Follow the installation [instructions](https://docs.nginx.com/nginx-ingress-controller/installation) to deploy NGINX Ingress Controller with NGINX Plus and NGINX App Protect WAF. 2. Save the public IP address of NGINX Ingress Controller into a shell variable: - ```console + ```shell IC_IP=XXX.YYY.ZZZ.III ``` 3. Save the HTTP port of NGINX Ingress Controller into a shell variable: - ```console + ```shell IC_HTTP_PORT= ``` @@ -442,7 +442,7 @@ In this example we deploy NGINX Ingress Controller with NGINX Plus and NGINX App Create the application deployment and service: - ```console + ```shell kubectl apply -f https://raw.githubusercontent.com/nginxinc/kubernetes-ingress/v3.5.1/examples/custom-resources/app-protect-waf/webapp.yaml ``` @@ -450,13 +450,13 @@ Create the application deployment and service: 1. Create the syslog service and pod for the NGINX App Protect WAF security logs: - ```console + ```shell kubectl apply -f https://raw.githubusercontent.com/nginxinc/kubernetes-ingress/v3.5.1/examples/custom-resources/app-protect-waf/syslog.yaml ``` 2. Create the User-Defined Signature, WAF policy, and log configuration: - ```console + ```shell kubectl apply -f https://raw.githubusercontent.com/nginxinc/kubernetes-ingress/v3.5.1/examples/custom-resources/app-protect-waf/ap-apple-uds.yaml kubectl apply -f https://raw.githubusercontent.com/nginxinc/kubernetes-ingress/v3.5.1/examples/custom-resources/app-protect-waf/ap-dataguard-alarm-policy.yaml kubectl apply -f https://raw.githubusercontent.com/nginxinc/kubernetes-ingress/v3.5.1/examples/custom-resources/app-protect-waf/ap-logconf.yaml @@ -466,7 +466,7 @@ Create the application deployment and service: Create the WAF policy - ```console + ```shell kubectl apply -f https://raw.githubusercontent.com/nginxinc/kubernetes-ingress/v3.5.1/examples/custom-resources/app-protect-waf/waf.yaml ``` @@ -476,7 +476,7 @@ Create the WAF policy 1. Create the VirtualServer Resource: - ```console + ```shell kubectl apply -f https://raw.githubusercontent.com/nginxinc/kubernetes-ingress/v3.5.1/examples/custom-resources/app-protect-waf/virtual-server.yaml ``` @@ -488,7 +488,7 @@ To access the application, curl the coffee and the tea services. We'll use the - 1. Send a request to the application: - ```console + ```shell $ curl --resolve webapp.example.com:$IC_HTTP_PORT:$IC_IP http://webapp.example.com:$IC_HTTP_PORT/ Server address: 10.12.0.18:80 Server name: webapp-7586895968-r26zn @@ -496,14 +496,14 @@ To access the application, curl the coffee and the tea services. We'll use the - 2. Now, let's try to send a request with a suspicious URL: - ```console + ```shell $ curl --resolve webapp.example.com:$IC_HTTP_PORT:$IC_IP "http://webapp.example.com:$IC_HTTP_PORT/