Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update CI to build for Plus #2435

Merged
merged 1 commit into from
Feb 18, 2022
Merged

Update CI to build for Plus #2435

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
149 changes: 138 additions & 11 deletions .github/workflows/ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ on:
push:
branches:
- master
- release-*
paths-ignore:
- 'docs/**'
- 'examples/**'
Expand All @@ -13,7 +14,7 @@ on:
pull_request:
branches:
- master
- 'release-*'
- release-*
paths-ignore:
- 'docs/**'
- 'examples/**'
Expand All @@ -30,7 +31,7 @@ defaults:
shell: bash

env:
K8S_VERSION: 1.23.0
K8S_VERSION: 1.23.1
K8S_TIMEOUT: 75s
HELM_CHART_DIR: deployments/helm-chart
GIT_NAME: NGINX Kubernetes Team
Expand Down Expand Up @@ -165,7 +166,7 @@ jobs:
{\"image\": \"opentracing-plus\", \"marker\": \"vsr\"}, \
{\"image\": \"ubi-plus\", \"marker\": \"policies\"}]}"
else
echo "::set-output name=matrix::{\"k8s\": [\"1.19.11\", \"1.20.7\", \"1.21.2\", \"1.22.4\", \"1.23.0\"]}"
echo "::set-output name=matrix::{\"k8s\": [\"1.19.11\", \"1.20.7\", \"1.21.2\", \"1.22.4\", \"1.23.1\"]}"
fi

smoke-tests:
Expand Down Expand Up @@ -291,13 +292,14 @@ jobs:
name: Build Docker Images
runs-on: ubuntu-20.04
needs: build-binaries
if: ${{ !startsWith(github.ref, 'refs/heads/release') }}
strategy:
matrix:
image: [debian, alpine, opentracing, alpine-opentracing]
platforms: ["linux/arm, linux/arm64, linux/amd64, linux/ppc64le, linux/s390x"]
include:
- image: ubi
platforms: "linux/arm64, linux/amd64"
platforms: "linux/arm64, linux/amd64, linux/s390x"
steps:
- name: Checkout Repository
uses: actions/checkout@v2
Expand Down Expand Up @@ -343,7 +345,7 @@ jobs:
nginx/nginx-ingress
ghcr.io/nginxinc/kubernetes-ingress
public.ecr.aws/nginx/nginx-ingress
flavor: suffix=${{ matrix.image == 'ubi' && '-ubi' || '' }}${{ contains(matrix.image, 'alpine') && '-alpine' || '' }}${{ contains(matrix.image, 'opentracing') && '-ot' || '' }},onlatest=true
flavor: suffix=${{ contains(matrix.image, 'ubi') && '-ubi' || '' }}${{ contains(matrix.image, 'alpine') && '-alpine' || '' }}${{ contains(matrix.image, 'opentracing') && '-ot' || '' }},onlatest=true
tags: |
type=edge
type=ref,event=pr
Expand All @@ -357,7 +359,7 @@ jobs:
- name: Output Variables
id: var
run: |
version=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.version'] }}
version=${{ steps.meta.outputs.version }}
if ${{ startsWith(github.ref, 'refs/tags/') }}; then
ic_version=v$version
else
Expand All @@ -366,7 +368,7 @@ jobs:
ic_version=$tag-$version-$sha_short
fi
echo "::set-output name=ic_version::$ic_version"
- name: Build Docker images (and push to Dockerhub if not a PR)
- name: Build Docker image (and push if not a PR)
uses: docker/build-push-action@v2
with:
file: build/Dockerfile
Expand All @@ -384,10 +386,135 @@ jobs:
BUILD_OS=${{ matrix.image }}
IC_VERSION=${{ steps.var.outputs.ic_version }}
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@0.2.0
uses: aquasecurity/trivy-action@0.2.2
continue-on-error: true
with:
image-ref: nginx/nginx-ingress:${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.version'] }}
image-ref: nginx/nginx-ingress:${{ steps.meta.outputs.version }}
format: 'template'
template: '@/contrib/sarif.tpl'
output: 'trivy-results-${{ matrix.image }}.sarif'
ignore-unfixed: 'true'
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v1
continue-on-error: true
with:
sarif_file: 'trivy-results-${{ matrix.image }}.sarif'
- name: Upload Scan Results
uses: actions/upload-artifact@v2
continue-on-error: true
with:
name: 'trivy-results-${{ matrix.image }}.sarif'
path: 'trivy-results-${{ matrix.image }}.sarif'
if: always()

build-docker-plus:
name: Build Plus Docker Images
runs-on: ubuntu-20.04
needs: build-binaries
strategy:
matrix:
image: [debian-plus, alpine-plus, opentracing-plus]
platforms: ["linux/arm64, linux/amd64"]
include:
- image: ubi-plus
platforms: "linux/arm64, linux/amd64, linux/s390x"
steps:
- name: Checkout Repository
uses: actions/checkout@v2
with:
fetch-depth: 0
- name: Fetch Cached Artifacts
uses: actions/cache@v2
with:
path: ${{ github.workspace }}/dist
key: nginx-ingress-${{ github.run_id }}-${{ github.run_number }}-multi
- name: Setup QEMU
uses: docker/setup-qemu-action@v1
with:
platforms: arm64
if: github.event_name != 'pull_request'
- name: Docker Buildx
uses: docker/setup-buildx-action@v1
- name: GCR Login
uses: docker/login-action@v1
with:
registry: gcr.io
username: _json_key
password: ${{ secrets.GCR_JSON_KEY }}
if: github.event_name != 'pull_request'

- name: Docker meta
id: meta
uses: docker/metadata-action@v3
with:
images: |
${{ startsWith(github.ref, 'refs/tags/') && 'gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/release/nginx-ic/nginx-plus-ingress' || '' }}
${{ startsWith(github.ref, 'refs/heads/release') && 'gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/staging/nginx-ic/nginx-plus-ingress' || '' }}
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress
flavor: suffix=${{ contains(matrix.image, 'ubi') && '-ubi' || '' }}${{ contains(matrix.image, 'alpine') && '-alpine' || '' }}${{ contains(matrix.image, 'opentracing') && '-ot' || '' }},onlatest=true
tags: |
type=edge
type=ref,event=branch,enable=${{ startsWith(github.ref, 'refs/heads/release') }}
type=ref,event=pr
type=schedule,pattern={{date 'YYYYMMDD'}}
type=semver,pattern={{version}}
labels: |
org.opencontainers.image.description=NGINX Plus Ingress Controller for Kubernetes
org.opencontainers.image.documentation=https://docs.nginx.com/nginx-ingress-controller
org.opencontainers.image.vendor=NGINX Inc <kubernetes@nginx.com>

- name: Output Variables
id: var
run: |
version=${{ steps.meta.outputs.version }}
if ${{ startsWith(github.ref, 'refs/tags/') }}; then
ic_version=v$version
else
tag=$(git describe --tags --abbrev=0)
sha_short=$(echo ${{ github.sha }} | cut -c1-7)
ic_version=$tag-$version-$sha_short
fi
echo "::set-output name=ic_version::$ic_version"
- name: Build Plus Docker image
uses: docker/build-push-action@v2
with:
file: build/Dockerfile
context: '.'
cache-from: type=gha,scope=${{ matrix.image }}
cache-to: type=gha,scope=${{ matrix.image }},mode=max
target: goreleaser
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
platforms: ${{ github.event_name != 'pull_request' && matrix.platforms || '' }}
load: ${{ github.event_name == 'pull_request' }}
push: ${{ github.event_name != 'pull_request' }}
pull: true
build-args: |
BUILD_OS=${{ matrix.image }}
IC_VERSION=${{ startsWith(github.ref, 'refs/tags/') && steps.var.outputs.ic_version || 'CI' }}
secrets: |
"nginx-repo.crt=${{ secrets.NGINX_CRT }}"
"nginx-repo.key=${{ secrets.NGINX_KEY }}"
- name: Load image for Trivy
uses: docker/build-push-action@v2
with:
file: build/Dockerfile
context: '.'
cache-from: type=gha,scope=${{ matrix.image }}
target: goreleaser
tags: docker.io/${{ matrix.image }}:${{ steps.meta.outputs.version }}
load: true
build-args: |
BUILD_OS=${{ matrix.image }}
IC_VERSION=CI
secrets: |
"nginx-repo.crt=${{ secrets.NGINX_CRT }}"
"nginx-repo.key=${{ secrets.NGINX_KEY }}"
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@0.2.2
continue-on-error: true
with:
image-ref: docker.io/${{ matrix.image }}:${{ steps.meta.outputs.version }}
format: 'template'
template: '@/contrib/sarif.tpl'
output: 'trivy-results-${{ matrix.image }}.sarif'
Expand All @@ -412,7 +539,7 @@ jobs:
outputs:
version: ${{ steps.var.outputs.helm_version }}
type: ${{ steps.var.outputs.helm_type }}
if: github.event_name == 'push'
if: ${{ github.event_name == 'push' && !startsWith(github.ref, 'refs/heads/release') }}
steps:
- name: Checkout Repository
uses: actions/checkout@v2
Expand Down Expand Up @@ -442,7 +569,7 @@ jobs:
name: Release Helm Chart
runs-on: ubuntu-20.04
needs: package-helm
if: github.event_name == 'push'
if: ${{ github.event_name == 'push' && !startsWith(github.ref, 'refs/heads/release') }}
steps:
- name: Checkout Repository
uses: actions/checkout@v2
Expand Down
2 changes: 1 addition & 1 deletion docs/content/technical-specifications.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ All images include NGINX 1.21.5.
|Alpine-based image with OpenTracing | ``nginx:1.21.5-alpine``, which is based on ``alpine:3.15`` | NGINX OpenTracing module, OpenTracing library, OpenTracing tracers for Jaeger, Zipkin and Datadog | ``nginx/nginx-ingress:2.1.0-alpine-ot`` | arm/v7, arm64, amd64, ppc64le, s390x |
|Debian-based image | ``nginx:1.21.5``, which is based on ``debian:bullseye-slim`` | | ``nginx/nginx-ingress:2.1.0`` | arm/v7, arm64, amd64, ppc64le, s390x |
|Debian-based image with OpenTracing | ``nginx:1.21.5``, which is based on ``debian:bullseye-slim`` | NGINX OpenTracing module, OpenTracing library, OpenTracing tracers for Jaeger, Zipkin and Datadog | ``nginx/nginx-ingress:2.1.0-ot`` | arm/v7, arm64, amd64, ppc64le, s390x |
|Ubi-based image | ``redhat/ubi8-minimal`` | | ``nginx/nginx-ingress:2.1.0-ubi`` | arm64, amd64 |
|Ubi-based image | ``redhat/ubi8-minimal`` | | ``nginx/nginx-ingress:2.1.0-ubi`` | arm64, amd64, s390x |
{{% /table %}}

### Images with NGINX Plus
Expand Down