Bump nginx from 156d75f
to f2802c2
in /build
#11743
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
push: | |
branches: | |
- main | |
- release-* | |
tags: | |
- "v[0-9]+.[0-9]+.[0-9]+" | |
pull_request: | |
branches: | |
- main | |
- release-* | |
schedule: | |
- cron: "0 4 * * *" # run every day at 04:00 UTC | |
defaults: | |
run: | |
shell: bash | |
concurrency: | |
group: ${{ github.ref_name }}-ci | |
cancel-in-progress: true | |
permissions: | |
contents: read | |
jobs: | |
checks: | |
name: Checks and variables | |
runs-on: ubuntu-22.04 | |
outputs: | |
go_path: ${{ steps.vars.outputs.go_path }} | |
k8s_latest: ${{ steps.vars.outputs.k8s_latest }} | |
latest_kindest_node_versions: ${{ steps.vars.outputs.latest_kindest_node_versions }} | |
go_code_md5: ${{ steps.vars.outputs.go_code_md5 }} | |
chart_version: ${{ steps.vars.outputs.chart_version }} | |
binary_cache_hit: ${{ steps.binary-cache.outputs.cache-hit }} | |
ic_version: ${{ steps.vars.outputs.ic_version }} | |
steps: | |
- name: Checkout Repository | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
- name: Setup Golang Environment | |
uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 | |
with: | |
go-version-file: go.mod | |
- name: Output Variables | |
id: vars | |
run: | | |
kindest_latest=$(curl -s "https://hub.docker.com/v2/repositories/kindest/node/tags" \ | |
| grep -o '"name": *"[^"]*' \ | |
| grep -o '[^"]*$' \ | |
| grep -E '^v[0-9]+\.[0-9]+\.[0-9]+$' \ | |
| sort -rV \ | |
| head -n 1 \ | |
| sed 's/^.\{1\}//' \ | |
| tr -d '\n') | |
echo "k8s_latest=$kindest_latest" >> $GITHUB_OUTPUT | |
echo "go_path=$(go env GOPATH)" >> $GITHUB_OUTPUT | |
kindest_versions=$(curl -s "https://hub.docker.com/v2/repositories/kindest/node/tags" \ | |
| grep -o '"name": *"[^"]*' \ | |
| grep -o '[^"]*$' \ | |
| grep -E '^v[0-9]+\.[0-9]+\.[0-9]+$' \ | |
| sort -rV \ | |
| awk -F. '!seen[$1"."$2]++' \ | |
| head -n 7 \ | |
| sort -V \ | |
| sed 's/v//g' \ | |
| sed 's/$//' \ | |
| sed 's/, $//' \ | |
| jq -R -s -c 'split("\n")[:-1]') | |
echo "latest_kindest_node_versions=$kindest_versions" >> $GITHUB_OUTPUT | |
echo go_code_md5=$(find . -type f \( -name "*.go" -o -name go.mod -o -name go.sum -o -name "*.tmpl" -o -name .goreleaser.yml -o -name .github/data/version.txt \) -not -path "./docs*" -exec md5sum {} + | LC_ALL=C sort | md5sum | awk '{ print $1 }') >> $GITHUB_OUTPUT | |
source .github/data/version.txt | |
echo "ic_version=${IC_VERSION}" >> $GITHUB_OUTPUT | |
echo "chart_version=${HELM_CHART_VERSION}" >> $GITHUB_OUTPUT | |
cat $GITHUB_OUTPUT | |
- name: Fetch Cached Binary Artifacts | |
id: binary-cache | |
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 | |
with: | |
path: ${{ github.workspace }}/dist | |
key: nginx-ingress-${{ steps.vars.outputs.go_code_md5 }} | |
lookup-only: true | |
- name: Check if go.mod and go.sum are up to date | |
run: go mod tidy && git diff --exit-code -- go.mod go.sum | |
- name: Check if CRDs changed | |
run: make update-crds && git diff --name-only --exit-code config/crd/bases | |
- name: Check if Codegen changed | |
run: | | |
cd ../.. && mkdir -p github.com/nginxinc && mv kubernetes-ingress/kubernetes-ingress github.com/nginxinc/ && cd github.com/nginxinc/kubernetes-ingress | |
make update-codegen && git diff --name-only --exit-code pkg/** | |
cd ../../.. && mv github.com/nginxinc/kubernetes-ingress kubernetes-ingress/kubernetes-ingress | |
unit-tests: | |
name: Unit Tests | |
runs-on: ubuntu-22.04 | |
needs: checks | |
steps: | |
- name: Checkout Repository | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
- name: Setup Golang Environment | |
uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 | |
with: | |
go-version-file: go.mod | |
if: ${{ needs.checks.outputs.binary_cache_hit != 'true' }} | |
- name: Run Tests | |
run: make cover | |
if: ${{ needs.checks.outputs.binary_cache_hit != 'true' }} | |
- name: Upload coverage to Codecov | |
uses: codecov/codecov-action@e0b68c6749509c5f83f984dd99a76a1c1a231044 # v4.0.1 | |
with: | |
files: ./coverage.txt | |
if: ${{ needs.checks.outputs.binary_cache_hit != 'true' }} | |
release-notes: | |
name: Release Notes | |
runs-on: ubuntu-22.04 | |
needs: [checks, unit-tests] | |
outputs: | |
release-url: ${{ steps.release-notes.outputs.release-url }} | |
permissions: | |
contents: write # for lucacome/draft-release | |
steps: | |
- name: Checkout Repository | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
with: | |
fetch-depth: 0 | |
- name: Create/Update Draft | |
uses: lucacome/draft-release@52f02d1a69b61568e54ab5cf86ce91503bac4066 # v1.0.2 | |
id: release-notes | |
with: | |
minor-label: "enhancement" | |
major-label: "change" | |
publish: ${{ github.ref_type == 'tag' }} | |
collapse-after: 50 | |
variables: | | |
helm-chart=${{ needs.checks.outputs.chart_version }} | |
notes-footer: | | |
## Upgrade | |
- For NGINX, use the {{version}} images from our [DockerHub](https://hub.docker.com/r/nginx/nginx-ingress/tags?page=1&ordering=last_updated&name={{version-number}}), [GitHub Container](https://github.com/nginxinc/kubernetes-ingress/pkgs/container/kubernetes-ingress), [Amazon ECR Public Gallery](https://gallery.ecr.aws/nginx/nginx-ingress) or [Quay.io](https://quay.io/repository/nginx/nginx-ingress). | |
- For NGINX Plus, use the {{version}} images from the F5 Container registry, the [AWS Marketplace](https://aws.amazon.com/marketplace/search/?CREATOR=741df81b-dfdc-4d36-b8da-945ea66b522c&FULFILLMENT_OPTION_TYPE=CONTAINER&filters=CREATOR%2CFULFILLMENT_OPTION_TYPE), the [GCP Marketplace](https://console.cloud.google.com/marketplace/browse?filter=partner:F5,%20Inc.&filter=solution-type:k8s&filter=category:networking) or build your own image using the {{version}} source code. | |
- For Helm, use version {{helm-chart}} of the chart. | |
## Resources | |
- Documentation -- https://docs.nginx.com/nginx-ingress-controller/ | |
- Configuration examples -- https://github.com/nginxinc/kubernetes-ingress/tree/{{version}}/examples | |
- Helm Chart -- https://github.com/nginxinc/kubernetes-ingress/tree/{{version}}/charts/nginx-ingress | |
- Operator -- https://github.com/nginxinc/nginx-ingress-helm-operator | |
if: ${{ github.event_name == 'push' && github.ref != 'refs/heads/main' }} | |
binaries: | |
name: Build Binaries | |
runs-on: ubuntu-22.04 | |
needs: [checks, unit-tests] | |
permissions: | |
contents: write # for goreleaser/goreleaser-action to manage releases | |
id-token: write # for goreleaser/goreleaser-action to sign artifacts | |
issues: write # for goreleaser/goreleaser-action to close milestone | |
steps: | |
- name: Checkout Repository | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
with: | |
fetch-depth: 0 | |
- name: Setup Golang Environment | |
uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 | |
with: | |
go-version-file: go.mod | |
if: ${{ needs.checks.outputs.binary_cache_hit != 'true' }} | |
- name: Download Syft | |
uses: anchore/sbom-action/download-syft@b6a39da80722a2cb0ef5d197531764a89b5d48c3 # v0.15.8 | |
if: github.ref_type == 'tag' | |
- name: Install Cosign | |
uses: sigstore/cosign-installer@e1523de7571e31dbe865fd2e80c5c7c23ae71eb4 # v3.4.0 | |
if: github.ref_type == 'tag' | |
- name: Build binaries | |
uses: goreleaser/goreleaser-action@7ec5c2b0c6cdda6e8bbb49444bc797dd33d74dd8 # v5.0.0 | |
with: | |
version: latest | |
args: ${{ github.ref_type == 'tag' && 'release' || 'build --snapshot' }} ${{ github.event_name == 'pull_request' && '--single-target' || '' }} --clean | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
GOPATH: ${{ needs.checks.outputs.go_path }} | |
AWS_PRODUCT_CODE: ${{ secrets.AWS_PRODUCT_CODE }} | |
AWS_PUB_KEY: ${{ secrets.AWS_PUB_KEY }} | |
AWS_NAP_DOS_PRODUCT_CODE: ${{ secrets.AWS_NAP_DOS_PRODUCT_CODE }} | |
AWS_NAP_DOS_PUB_KEY: ${{ secrets.AWS_NAP_DOS_PUB_KEY }} | |
AWS_NAP_WAF_PRODUCT_CODE: ${{ secrets.AWS_NAP_WAF_PRODUCT_CODE }} | |
AWS_NAP_WAF_PUB_KEY: ${{ secrets.AWS_NAP_WAF_PUB_KEY }} | |
AWS_NAP_WAF_DOS_PRODUCT_CODE: ${{ secrets.AWS_NAP_WAF_DOS_PRODUCT_CODE }} | |
AWS_NAP_WAF_DOS_PUB_KEY: ${{ secrets.AWS_NAP_WAF_DOS_PUB_KEY }} | |
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_COMMUNITY }} | |
AZURE_STORAGE_ACCOUNT: ${{ secrets.AZURE_STORAGE_ACCOUNT }} | |
AZURE_STORAGE_KEY: ${{ secrets.AZURE_STORAGE_KEY }} | |
AZURE_BUCKET_NAME: ${{ secrets.AZURE_BUCKET_NAME }} | |
GORELEASER_CURRENT_TAG: ${{ needs.checks.outputs.ic_version }} | |
if: ${{ needs.checks.outputs.binary_cache_hit != 'true' }} | |
- name: Store Artifacts in Cache | |
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 | |
with: | |
path: ${{ github.workspace }}/dist | |
key: nginx-ingress-${{ needs.checks.outputs.go_code_md5 }} | |
if: ${{ needs.checks.outputs.binary_cache_hit != 'true' }} | |
helm-tests: | |
name: Helm Tests | |
runs-on: ubuntu-22.04 | |
needs: [checks, binaries] | |
strategy: | |
matrix: | |
include: | |
- image: debian | |
type: oss | |
- image: debian-plus | |
type: plus | |
steps: | |
- name: Checkout Repository | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
- name: Fetch Cached Artifacts | |
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 | |
with: | |
path: ${{ github.workspace }}/dist | |
key: nginx-ingress-${{ needs.checks.outputs.go_code_md5 }} | |
- name: Docker Buildx | |
uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 | |
- name: Build Docker Image ${{ matrix.image }} | |
uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0 | |
with: | |
file: build/Dockerfile | |
context: "." | |
cache-from: type=gha,scope=${{ matrix.image }} | |
target: goreleaser | |
tags: ${{ matrix.type }}:${{ github.sha }} | |
pull: true | |
load: true | |
build-args: | | |
BUILD_OS=${{ matrix.image }} | |
IC_VERSION=CI | |
secrets: | | |
${{ contains(matrix.type, 'plus') && format('"nginx-repo.crt={0}"', secrets.NGINX_CRT) || '' }} | |
${{ contains(matrix.type, 'plus') && format('"nginx-repo.key={0}"', secrets.NGINX_KEY) || '' }} | |
- name: Deploy Kubernetes | |
id: k8s | |
run: | | |
kind create cluster --name ${{ github.run_id }} --image=kindest/node:v${{ needs.checks.outputs.k8s_latest }} --wait 75s | |
kind load docker-image ${{ matrix.type }}:${{ github.sha }} --name ${{ github.run_id }} | |
- name: Install Chart | |
run: > | |
helm install | |
${{ matrix.type }} | |
. | |
--set controller.image.repository=${{ matrix.type }} | |
--set controller.image.tag=${{ github.sha }} | |
--set controller.service.type=NodePort | |
--set controller.nginxplus=${{ contains(matrix.type, 'plus') && 'true' || 'false' }} | |
--wait | |
working-directory: ${{ github.workspace }}/charts/nginx-ingress | |
- name: Expose Test Ingresses | |
run: | | |
kubectl port-forward service/${{ matrix.type }}-nginx-ingress-controller 8080:80 8443:443 & | |
- name: Test HTTP | |
run: | | |
counter=0 | |
max_attempts=5 | |
until [ $(curl --write-out %{http_code} -s --output /dev/null http://localhost:8080) -eq 404 ]; do | |
if [ ${counter} -eq ${max_attempts} ]; then | |
exit 1 | |
fi | |
printf '.'; counter=$(($counter+1)); sleep 5; | |
done | |
- name: Test HTTPS | |
run: | | |
counter=0 | |
max_attempts=5 | |
until [ $(curl --write-out %{http_code} -ks --output /dev/null https://localhost:8443) -eq 000 ]; do | |
if [ ${counter} -eq ${max_attempts} ]; then | |
exit 1 | |
fi | |
printf '.'; counter=$(($counter+1)); sleep 5; | |
done | |
setup-matrix: | |
name: Setup Matrix for Smoke Tests | |
runs-on: ubuntu-22.04 | |
needs: [binaries, checks] | |
permissions: | |
contents: read | |
id-token: write | |
outputs: | |
matrix: ${{ steps.set-matrix.outputs.matrix }} | |
steps: | |
- name: Checkout Repository | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
- id: set-matrix | |
run: | | |
if [ "${{ github.event_name }}" == "schedule" ]; then | |
echo "matrix=$(cat .github/data/matrix-regression.json | jq -c --argjson latest '${{ needs.checks.outputs.latest_kindest_node_versions }}' '.k8s += $latest')" >> $GITHUB_OUTPUT | |
else | |
echo "matrix=$(cat .github/data/matrix-smoke.json | jq -c --arg latest "${{ needs.checks.outputs.k8s_latest }}" '.k8s += [$latest]')" >> $GITHUB_OUTPUT | |
fi | |
- name: Docker Buildx | |
uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 | |
- name: Authenticate to Google Cloud | |
id: auth | |
uses: google-github-actions/auth@a6e2e39c0a0331da29f7fd2c2a20a427e8d3ad1f # v2.1.1 | |
with: | |
token_format: access_token | |
workload_identity_provider: ${{ secrets.GCR_WORKLOAD_IDENTITY }} | |
service_account: ${{ secrets.GCR_SERVICE_ACCOUNT }} | |
if: github.event.pull_request.head.repo.full_name == github.repository | |
- name: Login to GCR | |
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 | |
with: | |
registry: gcr.io | |
username: oauth2accesstoken | |
password: ${{ steps.auth.outputs.access_token }} | |
if: github.event.pull_request.head.repo.full_name == github.repository | |
- name: Check if image exists | |
id: check-image | |
run: | | |
docker manifest inspect "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/test-runner:${{ hashFiles('./tests/requirements.txt') || 'latest' }}" | |
shell: bash | |
continue-on-error: true | |
if: github.event.pull_request.head.repo.full_name == github.repository | |
- name: Build Test-Runner Container | |
uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0 | |
with: | |
file: tests/Dockerfile | |
context: "." | |
cache-from: type=gha,scope=test-runner | |
tags: "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/test-runner:${{ hashFiles('./tests/requirements.txt') || 'latest' }}" | |
pull: true | |
push: ${{ github.event.pull_request.head.repo.full_name == github.repository }} | |
load: ${{ github.event.pull_request.head.repo.full_name != github.repository }} | |
if: ${{ steps.check-image.outcome == 'failure' || github.event.pull_request.head.repo.full_name != github.repository }} | |
smoke-tests: | |
name: ${{ matrix.images.label }} ${{ matrix.images.image }} smoke tests | |
runs-on: ubuntu-22.04 | |
needs: [checks, setup-matrix] | |
strategy: | |
fail-fast: false | |
matrix: ${{ fromJSON(needs.setup-matrix.outputs.matrix) }} | |
permissions: | |
contents: read | |
id-token: write | |
steps: | |
- name: Checkout Repository | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
- name: Run Smoke Tests | |
id: smoke-tests | |
uses: ./.github/actions/smoke-tests | |
with: | |
image: ${{ matrix.images.image != '' && matrix.images.image || 'debian' }} | |
marker: ${{ matrix.images.marker != '' && matrix.images.marker || '' }} | |
k8s-version: ${{ matrix.k8s }} | |
nginx-crt: ${{ contains(matrix.images.image, 'nap') && secrets.NGINX_AP_CRT || secrets.NGINX_CRT }} | |
nginx-key: ${{ contains(matrix.images.image, 'nap') && secrets.NGINX_AP_KEY || secrets.NGINX_KEY }} | |
azure-ad-secret: ${{ secrets.AZURE_AD_AUTOMATION }} | |
gcr-workload-identity-secret: ${{ secrets.GCR_WORKLOAD_IDENTITY }} | |
gcr-service-account-secret: ${{ secrets.GCR_SERVICE_ACCOUNT }} | |
rhel-license: ${{ contains(matrix.images.image, 'ubi') && secrets.RHEL_LICENSE || '' }} | |
go-md5: ${{ needs.checks.outputs.go_code_md5 }} | |
test-image: "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/test-runner:${{ hashFiles('./tests/requirements.txt') || 'latest' }}" | |
- name: Upload Test Results | |
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 | |
with: | |
name: ${{ steps.smoke-tests.outputs.test-results-name }} | |
path: ${{ github.workspace }}/tests/${{ steps.smoke-tests.outputs.test-results-name }}.html | |
if: always() | |
smoke-results: | |
if: ${{ always() }} | |
runs-on: ubuntu-22.04 | |
name: Final Smoke Test Results | |
needs: [smoke-tests] | |
steps: | |
- run: | | |
result="${{ needs.smoke-tests.result }}" | |
if [[ $result == "success" || $result == "skipped" ]]; then | |
exit 0 | |
else | |
exit 1 | |
fi | |
build-docker: | |
name: Build Docker OSS | |
needs: [checks, smoke-tests] | |
strategy: | |
fail-fast: false | |
matrix: | |
image: [debian, alpine] | |
platforms: | |
["linux/arm, linux/arm64, linux/amd64, linux/ppc64le, linux/s390x"] | |
include: | |
- image: ubi | |
platforms: "linux/arm64, linux/amd64, linux/ppc64le, linux/s390x" | |
uses: ./.github/workflows/build-oss.yml | |
with: | |
platforms: ${{ matrix.platforms }} | |
image: ${{ matrix.image }} | |
go-md5: ${{ needs.checks.outputs.go_code_md5 }} | |
permissions: | |
contents: read | |
actions: read | |
security-events: write | |
id-token: write | |
packages: write | |
secrets: inherit | |
build-docker-plus: | |
name: Build Docker Plus | |
needs: [checks, build-docker, release-notes] | |
strategy: | |
fail-fast: false | |
matrix: | |
image: [debian-plus, alpine-plus, alpine-plus-fips] | |
platforms: ["linux/arm64, linux/amd64"] | |
target: [goreleaser, aws] | |
include: | |
- image: ubi-plus | |
platforms: "linux/arm64, linux/amd64, linux/s390x" | |
target: goreleaser | |
uses: ./.github/workflows/build-plus.yml | |
with: | |
platforms: ${{ matrix.platforms }} | |
image: ${{ matrix.image }} | |
target: ${{ matrix.target }} | |
go-md5: ${{ needs.checks.outputs.go_code_md5 }} | |
release-url: ${{ needs.release-notes.outputs.release-url }} | |
permissions: | |
contents: read | |
security-events: write | |
id-token: write | |
secrets: inherit | |
build-docker-nap: | |
name: Build Docker NAP | |
needs: [checks, build-docker-plus, release-notes] | |
strategy: | |
fail-fast: false | |
matrix: | |
image: [debian-plus-nap] | |
platforms: ["linux/amd64"] | |
target: [goreleaser, aws] | |
nap_modules: [dos, waf, "waf,dos"] | |
include: | |
- image: ubi-9-plus-nap | |
target: goreleaser | |
platforms: "linux/amd64" | |
nap_modules: waf | |
- image: ubi-8-plus-nap | |
target: goreleaser | |
platforms: "linux/amd64" | |
nap_modules: dos | |
- image: ubi-8-plus-nap | |
target: goreleaser | |
platforms: "linux/amd64" | |
nap_modules: "waf,dos" | |
- image: ubi-9-plus-nap | |
target: aws | |
platforms: "linux/amd64" | |
nap_modules: waf | |
- image: ubi-8-plus-nap | |
target: aws | |
platforms: "linux/amd64" | |
nap_modules: dos | |
- image: ubi-8-plus-nap | |
target: aws | |
platforms: "linux/amd64" | |
nap_modules: "waf,dos" | |
- image: alpine-plus-nap-fips | |
target: goreleaser | |
platforms: "linux/amd64" | |
nap_modules: waf | |
uses: ./.github/workflows/build-plus.yml | |
with: | |
platforms: ${{ matrix.platforms }} | |
image: ${{ matrix.image }} | |
target: ${{ matrix.target }} | |
go-md5: ${{ needs.checks.outputs.go_code_md5 }} | |
nap_modules: ${{ matrix.nap_modules }} | |
release-url: ${{ needs.release-notes.outputs.release-url }} | |
permissions: | |
contents: read | |
security-events: write | |
id-token: write | |
secrets: inherit | |
publish-helm: | |
name: Package and Publish Helm Chart | |
runs-on: ubuntu-22.04 | |
needs: [checks, helm-tests] | |
if: ${{ github.event_name == 'push' && ! startsWith(github.ref, 'refs/heads/release-') }} | |
permissions: | |
contents: write # for pushing to Helm Charts repository | |
packages: write # for helm to push to GHCR | |
steps: | |
- name: Checkout Repository | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
with: | |
path: kic | |
- name: Login to GitHub Container Registry | |
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 | |
with: | |
registry: ghcr.io | |
username: ${{ github.repository_owner }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: DockerHub Login | |
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 | |
with: | |
username: ${{ secrets.DOCKER_USERNAME }} | |
password: ${{ secrets.DOCKER_PASSWORD }} | |
- name: Package | |
id: package | |
run: | | |
helm_versions="" | |
if [ ${{ github.ref_type }} != "tag" ]; then | |
helm_versions="--app-version edge --version 0.0.0-edge" | |
else | |
helm_versions="--app-version ${{ steps.checks.outputs.ic_version }} --version ${{ steps.checks.outputs.chart_version }}" | |
fi | |
output=$(helm package ${helm_versions} kic/charts/nginx-ingress) | |
echo "path=$(basename -- $(echo $output | cut -d: -f2))" >> $GITHUB_OUTPUT | |
- name: Push to OCI registries | |
run: | | |
helm push ${{ steps.package.outputs.path }} oci://ghcr.io/nginxinc/charts | |
helm push ${{ steps.package.outputs.path }} oci://registry-1.docker.io/nginxcharts | |
- name: Checkout Repository | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
with: | |
repository: nginxinc/helm-charts | |
fetch-depth: 1 | |
token: ${{ secrets.NGINX_PAT }} | |
path: helm-charts | |
if: github.ref_type == 'tag' | |
- name: Push Helm Chart to Helm Charts Repository | |
run: | | |
mv ${{ steps.package.outputs.path }} ${{ github.workspace }}/helm-charts/stable/ | |
cd ${{ github.workspace }}/helm-charts | |
helm repo index stable --url https://helm.nginx.com/stable | |
git add -A | |
git -c user.name='NGINX Kubernetes Team' -c user.email='kubernetes@nginx.com' \ | |
commit -m "NGINX Ingress Controller - Release ${{ needs.checks.outputs.chart_version }}" | |
git push -u origin master | |
if: github.ref_type == 'tag' | |
operator: | |
name: Trigger PR for Operator | |
runs-on: ubuntu-22.04 | |
needs: [checks, publish-helm] | |
steps: | |
- name: | |
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 | |
with: | |
github-token: ${{ secrets.NGINX_PAT }} | |
script: | | |
await github.rest.actions.createWorkflowDispatch({ | |
owner: context.repo.owner, | |
repo: 'nginx-ingress-helm-operator', | |
workflow_id: 'sync-chart.yml', | |
ref: 'main', | |
inputs: { | |
chart_version: '${{ needs.checks.outputs.chart_version }}' | |
}, | |
}) | |
if: github.ref_type == 'tag' | |
gcp-marketplace: | |
name: Trigger PR for GCP Marketplace | |
runs-on: ubuntu-22.04 | |
needs: [checks, publish-helm] | |
steps: | |
- name: | |
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 | |
with: | |
github-token: ${{ secrets.NGINX_PAT }} | |
script: | | |
await github.rest.actions.createWorkflowDispatch({ | |
owner: context.repo.owner, | |
repo: 'kubernetes-ingress-gcp', | |
workflow_id: 'sync-chart.yml', | |
ref: 'main', | |
inputs: { | |
chart_version: '${{ needs.checks.outputs.chart_version }}' | |
}, | |
}) | |
if: github.ref_type == 'tag' |