Skip to content
CI

Update NGINX Ingress Controller to 5.1.1 (#546) #1469

Sign in to view logs

Update NGINX Ingress Controller to 5.1.1 (#546)

Update NGINX Ingress Controller to 5.1.1 (#546) #1469

Workflow file for this run

.github/workflows/ci.yml at f83c523
name: CI
on:
push:
branches:
- main
tags:
- "v[0-9]+.[0-9]+.[0-9]+"
pull_request:
branches:
- main
env:
platforms: "linux/amd64,linux/arm64"
concurrency:
group: ${{ github.ref_name }}-ci
cancel-in-progress: true
permissions:
contents: read
jobs:
build:
name: Build Image
runs-on: ubuntu-22.04
outputs:
version: ${{ steps.meta.outputs.version }}
permissions:
contents: write # for lucacome/draft-release to create a draft release
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
packages: write # for docker/build-push-action to push to GHCR
steps:
- name: Checkout Repository
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: DockerHub Login
uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
if: github.event_name != 'pull_request'
- name: Login to GitHub Container Registry
uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
if: github.event_name != 'pull_request'
- name: Login to Quay.io
uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0
with:
registry: quay.io
username: ${{ secrets.QUAY_USERNAME }}
password: ${{ secrets.QUAY_ROBOT_TOKEN }}
if: github.event_name != 'pull_request'
- name: Setup QEMU
uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0
with:
platforms: arm64
if: github.event_name != 'pull_request'
- name: Docker Buildx
uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
- name: Output Variables
id: vars
run: |
echo "version=$(git describe --tags)" >> $GITHUB_OUTPUT
echo "chart_version=$(yq '.appVersion' <helm-charts/nginx-ingress/Chart.yaml)" >> $GITHUB_OUTPUT
echo "openshift_version=$(yq '.annotations["com.redhat.openshift.versions"]' <bundle/metadata/annotations.yaml | cut -dv -f2)" >> $GITHUB_OUTPUT
- name: Docker meta
id: meta
uses: docker/metadata-action@c1e51972afc2121e065aed6d45c65596fe445f3f # v5.8.0
with:
images: |
nginx/nginx-ingress-operator
ghcr.io/nginx/nginx-ingress-operator
quay.io/nginx/nginx-ingress-operator
tags: |
type=edge
type=ref,event=pr
type=semver,pattern={{version}}
labels: |
org.opencontainers.image.documentation=https://docs.nginx.com/nginx-ingress-controller
org.opencontainers.image.vendor=NGINX Inc <[email protected]>
name="NGINX Ingress Operator"
maintainer="[email protected]"
vendor="NGINX Inc"
version=${{ steps.vars.outputs.version }}
release=1
summary="The NGINX Ingress Operator is a Kubernetes/OpenShift component which deploys and manages one or more NGINX/NGINX Plus Ingress Controllers"
description="The NGINX Ingress Operator is a Kubernetes/OpenShift component which deploys and manages one or more NGINX/NGINX Plus Ingress Controllers"
- name: Build Image
uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
with:
context: "."
cache-from: type=gha
cache-to: type=gha,mode=max
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
platforms: ${{ github.event_name != 'pull_request' && env.platforms || '' }}
load: ${{ github.event_name == 'pull_request' }}
push: ${{ github.event_name != 'pull_request' }}
no-cache: ${{ github.event_name != 'pull_request' }}
pull: true
sbom: ${{ github.event_name != 'pull_request' }}
provenance: false
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@dc5a429b52fcf669ce959baa2c2dd26090d2a6c4 # 0.32.0
continue-on-error: true
with:
image-ref: nginx/nginx-ingress-operator:${{ steps.meta.outputs.version }}
format: "sarif"
output: "trivy-results.sarif"
ignore-unfixed: "true"
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@df559355d593797519d70b90fc8edd5db049e7a2 # v3.29.9
continue-on-error: true
with:
sarif_file: "trivy-results.sarif"
- name: Upload Scan Results
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
continue-on-error: true
with:
name: "trivy-results.sarif"
path: "trivy-results.sarif"
if: always()
- name: Create/Update Draft
uses: lucacome/draft-release@00f74370c044c322da6cb52acc707d62c7762c71 # v1.2.4
with:
minor-label: "enhancement"
major-label: "change"
publish: ${{ github.ref_type == 'tag' }}
variables: |
nic_version=${{ steps.vars.outputs.chart_version }}
openshift_version=${{ steps.vars.outputs.openshift_version }}
notes-footer: |
## Compatibility
- NGINX Ingress Controller {{nic_version}}
- OpenShift {{openshift_version}} or newer.
if: github.event_name != 'pull_request'
e2e-test:
name: Run E2E Tests # Deploy NGINX Ingress Operator and Nginx Ingress Controller
uses: ./.github/workflows/e2e-test.yml
needs: build
with:
operator_version: ${{ github.ref_type == 'tag' && needs.build.outputs.version || 'edge' }}
certify:
name: Certify for Red Hat OpenShift
runs-on: ubuntu-22.04
needs: [build, e2e-test]
if: ${{ github.ref_type == 'tag' }}
steps:
- name: Checkout Repository
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Certify Images
continue-on-error: false
run: |
curl -fsSL https://github.com/redhat-openshift-ecosystem/openshift-preflight/releases/download/1.13.3/preflight-linux-amd64 --output preflight
chmod +x preflight
IFS=',' read -ra arch_list <<< "${{ env.platforms }}"
for arch in "${arch_list[@]}"; do
architecture=("${arch#*/}")
./preflight check container quay.io/nginx/nginx-ingress-operator:${{ needs.build.outputs.version }} --pyxis-api-token ${{ secrets.PYXIS_API_TOKEN }} --certification-project-id ${{ secrets.CERTIFICATION_PROJECT_ID }} --platform $architecture --submit
done
## Disable PR creation until issues with NGINX_PAT are resolved
# - name: Make
# run: |
# make bundle USE_IMAGE_DIGESTS=true
# - name: Checkout certified-operators repo
# uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
# with:
# token: ${{ secrets.NGINX_PAT }}
# repository: nginx-bot/certified-operators
# path: certified-operators
# - name: Update certified-operators repo
# working-directory: certified-operators/operators/nginx-ingress-operator
# run: |
# mkdir v${{ needs.build.outputs.version }}
# cp -R ../../../bundle/manifests v${{ needs.build.outputs.version }}/
# cp -R ../../../bundle/metadata v${{ needs.build.outputs.version }}/
# - name: Commit changes
# uses: stefanzweifel/git-auto-commit-action@b863ae1933cb653a53c021fe36dbb774e1fb9403 # v5.2.0
# with:
# commit_message: operator nginx-ingress-operator (v${{ needs.build.outputs.version }})
# commit_author: nginx-bot <[email protected]>
# commit_user_name: nginx-bot
# commit_user_email: [email protected]
# create_branch: true
# branch: update-nginx-ingress-operator-to-v${{ needs.build.outputs.version }}
# repository: certified-operators
# - name: Create PR
# working-directory: certified-operators
# run: |
# gh pr create --title "operator nginx-ingress-operator (v${{ needs.build.outputs.version }})" --body "Update nginx-ingress-operator to v${{ needs.build.outputs.version }}" --head nginx-bot:update-nginx-ingress-operator-to-v${{ needs.build.outputs.version }} --base main --repo redhat-openshift-ecosystem/certified-operators
# env:
# GITHUB_TOKEN: ${{ secrets.NGINX_PAT }}