From 0f6960abfccd460f25e195df8821ed7559f6f69c Mon Sep 17 00:00:00 2001 From: Venktesh Shivam Patel Date: Tue, 30 Jul 2024 16:38:46 +0100 Subject: [PATCH 1/3] remove link to ingress example (#6101) --- .../integrations/app-protect-waf-v5/installation.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/content/installation/integrations/app-protect-waf-v5/installation.md b/docs/content/installation/integrations/app-protect-waf-v5/installation.md index f70b08d8ef..018916281f 100644 --- a/docs/content/installation/integrations/app-protect-waf-v5/installation.md +++ b/docs/content/installation/integrations/app-protect-waf-v5/installation.md @@ -336,7 +336,7 @@ To enable the NGINX App Protect DoS Module: {{< include "installation/manifests/verify-pods-are-running.md" >}} -For more information, see the [Configuration guide]({{< relref "installation/integrations/app-protect-waf-v5/configuration.md" >}}) and the NGINX Ingress Controller with App Protect version 5 example resources on GitHub [for VirtualServer resources](https://github.com/nginxinc/kubernetes-ingress/tree/v{{< nic-version >}}/examples/custom-resources/app-protect-waf/app-protect-waf-v5) and [for Ingress resources](https://github.com/nginxinc/kubernetes-ingress/tree/v{{< nic-version >}}/examples/ingress-resources/app-protect-waf-v5" >}}). +For more information, see the [Configuration guide]({{< relref "installation/integrations/app-protect-waf-v5/configuration.md" >}}) and the NGINX Ingress Controller with App Protect version 5 example resources on GitHub [for VirtualServer resources](https://github.com/nginxinc/kubernetes-ingress/tree/v{{< nic-version >}}/examples/custom-resources/app-protect-waf-v5). --- From 5de4c80f8fa2f2e93a334ff3bd7575cba7f4379f Mon Sep 17 00:00:00 2001 From: Paul Abel <128620221+pdabelf5@users.noreply.github.com> Date: Wed, 31 Jul 2024 10:19:27 +0100 Subject: [PATCH 2/3] be explicit where images are tagged (#6104) --- .github/config/config-oss-dockerhub | 1 - .github/config/config-oss-ecr | 1 - .github/config/config-oss-gcr-release | 1 - .github/config/config-oss-github | 1 - .github/config/config-oss-quay | 1 - .github/config/config-plus-azure | 1 - .github/config/config-plus-ecr | 1 - .github/config/config-plus-gcr-public | 1 - .github/config/config-plus-nginx | 1 - .github/scripts/copy-images.sh | 61 ----------- .github/workflows/oss-release.yml | 21 ---- .github/workflows/plus-release.yml | 15 --- .github/workflows/release.yml | 111 +++++++++++++++++++-- .github/workflows/update-docker-images.yml | 4 +- 14 files changed, 104 insertions(+), 117 deletions(-) diff --git a/.github/config/config-oss-dockerhub b/.github/config/config-oss-dockerhub index 345db41a21..a25443b2b7 100644 --- a/.github/config/config-oss-dockerhub +++ b/.github/config/config-oss-dockerhub @@ -1,6 +1,5 @@ export TARGET_REGISTRY=docker.io export TARGET_OSS_IMAGE_PREFIX="nginx/nginx-ingress" -declare -a ADDITIONAL_TAGS=("latest" "${ADDITIONAL_TAG}") export PUBLISH_PLUS=false export PUBLISH_WAF=false export PUBLISH_DOS=false diff --git a/.github/config/config-oss-ecr b/.github/config/config-oss-ecr index 964d71ed47..626d0c3748 100644 --- a/.github/config/config-oss-ecr +++ b/.github/config/config-oss-ecr @@ -1,6 +1,5 @@ export TARGET_REGISTRY=public.ecr.aws export TARGET_OSS_IMAGE_PREFIX="nginx/nginx-ingress" -declare -a ADDITIONAL_TAGS=("latest" "${ADDITIONAL_TAG}") export PUBLISH_PLUS=false export PUBLISH_WAF=false export PUBLISH_DOS=false diff --git a/.github/config/config-oss-gcr-release b/.github/config/config-oss-gcr-release index 4f378e9131..89fded6495 100644 --- a/.github/config/config-oss-gcr-release +++ b/.github/config/config-oss-gcr-release @@ -1,5 +1,4 @@ export TARGET_REGISTRY=gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/release -declare -a ADDITIONAL_TAGS=("latest" "${ADDITIONAL_TAG}") export PUBLISH_PLUS=false export PUBLISH_WAF=false export PUBLISH_DOS=false diff --git a/.github/config/config-oss-github b/.github/config/config-oss-github index 403cca86a3..7a875b18d5 100644 --- a/.github/config/config-oss-github +++ b/.github/config/config-oss-github @@ -1,6 +1,5 @@ export TARGET_REGISTRY=ghcr.io export TARGET_OSS_IMAGE_PREFIX="nginxinc/kubernetes-ingress" -declare -a ADDITIONAL_TAGS=("latest" "${ADDITIONAL_TAG}") export PUBLISH_PLUS=false export PUBLISH_WAF=false export PUBLISH_DOS=false diff --git a/.github/config/config-oss-quay b/.github/config/config-oss-quay index 70d5fd9cd9..cfe25520cc 100644 --- a/.github/config/config-oss-quay +++ b/.github/config/config-oss-quay @@ -1,6 +1,5 @@ export TARGET_REGISTRY=quay.io export TARGET_OSS_IMAGE_PREFIX="nginx/nginx-ingress" -declare -a ADDITIONAL_TAGS=("latest" "${ADDITIONAL_TAG}") export PUBLISH_PLUS=false export PUBLISH_WAF=false export PUBLISH_DOS=false diff --git a/.github/config/config-plus-azure b/.github/config/config-plus-azure index 69bf43c703..e9e70b04de 100644 --- a/.github/config/config-plus-azure +++ b/.github/config/config-plus-azure @@ -8,5 +8,4 @@ declare -a NAP_WAF_TAG_POSTFIX_LIST=("") declare -a NAP_DOS_TAG_POSTFIX_LIST=("") declare -a NAP_WAFV5_TAG_POSTFIX_LIST=() declare -a NAP_WAF_DOS_TAG_POSTFIX_LIST=("") -declare -a ADDITIONAL_TAGS=() export PUBLISH_OSS=false diff --git a/.github/config/config-plus-ecr b/.github/config/config-plus-ecr index a59a460a1a..c7f5c853d4 100644 --- a/.github/config/config-plus-ecr +++ b/.github/config/config-plus-ecr @@ -8,5 +8,4 @@ declare -a NAP_WAF_TAG_POSTFIX_LIST=("-mktpl") declare -a NAP_DOS_TAG_POSTFIX_LIST=("-mktpl") declare -a NAP_WAFV5_TAG_POSTFIX_LIST=() declare -a NAP_WAF_DOS_TAG_POSTFIX_LIST=("-mktpl") -declare -a ADDITIONAL_TAGS=() export PUBLISH_OSS=false diff --git a/.github/config/config-plus-gcr-public b/.github/config/config-plus-gcr-public index 71cee5dc28..47accb500f 100644 --- a/.github/config/config-plus-gcr-public +++ b/.github/config/config-plus-gcr-public @@ -8,4 +8,3 @@ declare -a PLUS_TAG_POSTFIX_LIST=("") declare -a NAP_WAF_TAG_POSTFIX_LIST=("") declare -a NAP_WAFV5_TAG_POSTFIX_LIST=() declare -a NAP_DOS_TAG_POSTFIX_LIST=() -declare -a ADDITIONAL_TAGS=(${ADDITIONAL_TAG}) diff --git a/.github/config/config-plus-nginx b/.github/config/config-plus-nginx index 37f0f648fd..2c177716e9 100644 --- a/.github/config/config-plus-nginx +++ b/.github/config/config-plus-nginx @@ -5,5 +5,4 @@ declare -a NAP_WAF_TAG_POSTFIX_LIST=("" "-ubi") declare -a NAP_WAFV5_TAG_POSTFIX_LIST=("" "-ubi") declare -a NAP_DOS_TAG_POSTFIX_LIST=("" "-ubi") declare -a NAP_WAF_DOS_TAG_POSTFIX_LIST=("" "-ubi") -declare -a ADDITIONAL_TAGS=("latest" "${ADDITIONAL_TAG}") export PUBLISH_OSS=false diff --git a/.github/scripts/copy-images.sh b/.github/scripts/copy-images.sh index dbff09ac56..bb3a2240ea 100755 --- a/.github/scripts/copy-images.sh +++ b/.github/scripts/copy-images.sh @@ -52,7 +52,6 @@ declare -a NAP_WAF_TAG_POSTFIX_LIST=("" "-ubi" "-alpine-fips") declare -a NAP_WAFV5_TAG_POSTFIX_LIST=("" "-ubi" "-alpine-fips") declare -a NAP_DOS_TAG_POSTFIX_LIST=("" "-ubi") declare -a NAP_WAF_DOS_TAG_POSTFIX_LIST=("" "-ubi") -declare -a ADDITIONAL_TAGS=("latest" "${ADDITIONAL_TAG}") CONFIG_PATH=${CONFIG_PATH:-~/.nic-release/config} if [ -f "$CONFIG_PATH" ]; then @@ -96,16 +95,6 @@ if $PUBLISH_OSS; then if ! $DRY_RUN; then ${SKOPEO_BIN} copy --retry-times 5 ${ARCH_OPTS} ${SOURCE_OPTS} ${TARGET_OPTS} docker://${image} docker://${new_tag} fi - for tag in "${ADDITIONAL_TAGS[@]}"; do - if [ -z "${tag}" ]; then - continue - fi - additional_tag=${TARGET_REGISTRY}/${TARGET_OSS_IMAGE_PREFIX}:${tag}${postfix} - echo " Pushing image OSS ${additional_tag}..." - if ! $DRY_RUN; then - ${SKOPEO_BIN} copy --retry-times 5 ${ARCH_OPTS} ${SOURCE_OPTS} ${TARGET_OPTS} docker://${image} docker://${additional_tag} - fi - done done else echo "Skipping Publish OSS flow" @@ -123,16 +112,6 @@ if $PUBLISH_PLUS; then if ! $DRY_RUN; then ${SKOPEO_BIN} copy --retry-times 5 ${ARCH_OPTS} ${SOURCE_OPTS} ${TARGET_OPTS} docker://${image} docker://${new_tag} fi - for tag in "${ADDITIONAL_TAGS[@]}"; do - if [ -z "${tag}" ]; then - continue - fi - additional_tag=${TARGET_REGISTRY}/${TARGET_PLUS_IMAGE_PREFIX}:${tag}${postfix} - echo " Pushing image Plus ${additional_tag}..." - if ! $DRY_RUN; then - ${SKOPEO_BIN} copy --retry-times 5 ${ARCH_OPTS} ${SOURCE_OPTS} ${TARGET_OPTS} docker://${image} docker://${additional_tag} - fi - done fi done else @@ -151,16 +130,6 @@ if $PUBLISH_WAF; then if ! $DRY_RUN; then ${SKOPEO_BIN} copy --retry-times 5 ${ARCH_OPTS} ${SOURCE_OPTS} ${TARGET_OPTS} docker://${image} docker://${new_tag} fi - for tag in "${ADDITIONAL_TAGS[@]}"; do - if [ -z "${tag}" ]; then - continue - fi - additional_tag=${TARGET_REGISTRY}/${TARGET_NAP_WAF_IMAGE_PREFIX}:${tag}${postfix} - echo " Pushing image NAP WAF ${additional_tag}..." - if ! $DRY_RUN; then - ${SKOPEO_BIN} copy --retry-times 5 ${ARCH_OPTS} ${SOURCE_OPTS} ${TARGET_OPTS} docker://${image} docker://${additional_tag} - fi - done fi done for postfix in "${NAP_WAFV5_TAG_POSTFIX_LIST[@]}"; do @@ -174,16 +143,6 @@ if $PUBLISH_WAF; then if ! $DRY_RUN; then ${SKOPEO_BIN} copy --retry-times 5 ${ARCH_OPTS} ${SOURCE_OPTS} ${TARGET_OPTS} docker://${image} docker://${new_tag} fi - for tag in "${ADDITIONAL_TAGS[@]}"; do - if [ -z "${tag}" ]; then - continue - fi - additional_tag=${TARGET_REGISTRY}/${TARGET_NAP_WAFV5_IMAGE_PREFIX}:${tag}${postfix} - echo " Pushing image NAP WAFV5 ${additional_tag}..." - if ! $DRY_RUN; then - ${SKOPEO_BIN} copy --retry-times 5 ${ARCH_OPTS} ${SOURCE_OPTS} ${TARGET_OPTS} docker://${image} docker://${additional_tag} - fi - done fi done else @@ -202,16 +161,6 @@ if $PUBLISH_DOS; then if ! $DRY_RUN; then ${SKOPEO_BIN} copy --retry-times 5 ${ARCH_OPTS} ${SOURCE_OPTS} ${TARGET_OPTS} docker://${image} docker://${new_tag} fi - for tag in "${ADDITIONAL_TAGS[@]}"; do - if [ -z "${tag}" ]; then - continue - fi - additional_tag=${TARGET_REGISTRY}/${TARGET_NAP_DOS_IMAGE_PREFIX}:${tag}${postfix} - echo " Pushing image NAP DOS ${additional_tag}..." - if ! $DRY_RUN; then - ${SKOPEO_BIN} copy --retry-times 5 ${ARCH_OPTS} ${SOURCE_OPTS} ${TARGET_OPTS} docker://${image} docker://${additional_tag} - fi - done fi done else @@ -230,16 +179,6 @@ if $PUBLISH_WAF_DOS; then if ! $DRY_RUN; then ${SKOPEO_BIN} copy --retry-times 5 ${ARCH_OPTS} ${SOURCE_OPTS} ${TARGET_OPTS} docker://${image} docker://${new_tag} fi - for tag in "${ADDITIONAL_TAGS[@]}"; do - if [ -z "${tag}" ]; then - continue - fi - additional_tag=${TARGET_REGISTRY}/${TARGET_NAP_WAF_DOS_IMAGE_PREFIX}:${tag}${postfix} - echo " Pushing image NAP WAF/DOS ${additional_tag}..." - if ! $DRY_RUN; then - ${SKOPEO_BIN} copy --retry-times 5 ${ARCH_OPTS} ${SOURCE_OPTS} ${TARGET_OPTS} docker://${image} docker://${additional_tag} - fi - done fi done else diff --git a/.github/workflows/oss-release.yml b/.github/workflows/oss-release.yml index 369832fd44..302a7b5ea3 100644 --- a/.github/workflows/oss-release.yml +++ b/.github/workflows/oss-release.yml @@ -24,9 +24,6 @@ on: target_tag: required: true type: string - short_target_tag: - type: string - default: '' dry_run: type: boolean default: false @@ -53,9 +50,6 @@ on: target_tag: required: true type: string - short_target_tag: - type: string - default: '' dry_run: type: boolean default: false @@ -102,9 +96,6 @@ jobs: if ${{ inputs.dry_run }}; then export DRY_RUN=true fi - if [ "${{ inputs.short_target_tag }}" != "" ]; then - export ADDITIONAL_TAG=${{ inputs.short_target_tag }} - fi .github/scripts/copy-images.sh release-oss-to-ecr-public-registry: @@ -149,9 +140,6 @@ jobs: export CONFIG_PATH=.github/config/config-oss-ecr export SOURCE_TAG=${{ inputs.source_tag }} export TARGET_TAG=${{ inputs.target_tag }} - if [ "${{ inputs.short_target_tag }}" != "" ]; then - export ADDITIONAL_TAG=${{ inputs.short_target_tag }} - fi if ${{ inputs.dry_run }}; then export DRY_RUN=true fi @@ -194,9 +182,6 @@ jobs: export CONFIG_PATH=.github/config/config-oss-dockerhub export SOURCE_TAG=${{ inputs.source_tag }} export TARGET_TAG=${{ inputs.target_tag }} - if [ "${{ inputs.short_target_tag }}" != "" ]; then - export ADDITIONAL_TAG=${{ inputs.short_target_tag }} - fi if ${{ inputs.dry_run }}; then export DRY_RUN=true fi @@ -240,9 +225,6 @@ jobs: export CONFIG_PATH=.github/config/config-oss-quay export SOURCE_TAG=${{ inputs.source_tag }} export TARGET_TAG=${{ inputs.target_tag }} - if [ "${{ inputs.short_target_tag }}" != "" ]; then - export ADDITIONAL_TAG=${{ inputs.short_target_tag }} - fi if ${{ inputs.dry_run }}; then export DRY_RUN=true fi @@ -287,9 +269,6 @@ jobs: export CONFIG_PATH=.github/config/config-oss-github export SOURCE_TAG=${{ inputs.source_tag }} export TARGET_TAG=${{ inputs.target_tag }} - if [ "${{ inputs.short_target_tag }}" != "" ]; then - export ADDITIONAL_TAG=${{ inputs.short_target_tag }} - fi if ${{ inputs.dry_run }}; then export DRY_RUN=true fi diff --git a/.github/workflows/plus-release.yml b/.github/workflows/plus-release.yml index 336eaaef75..b971394c66 100644 --- a/.github/workflows/plus-release.yml +++ b/.github/workflows/plus-release.yml @@ -24,9 +24,6 @@ on: target_tag: required: true type: string - short_target_tag: - type: string - default: '' dry_run: type: boolean default: false @@ -53,9 +50,6 @@ on: target_tag: required: true type: string - short_target_tag: - type: string - default: '' dry_run: type: boolean default: false @@ -102,9 +96,6 @@ jobs: if ${{ inputs.dry_run }}; then export DRY_RUN=true fi - if [ "${{ inputs.short_target_tag }}" != "" ]; then - export ADDITIONAL_TAG=${{ inputs.short_target_tag }} - fi .github/scripts/copy-images.sh release-to-nginx-registry: @@ -156,9 +147,6 @@ jobs: if ${{ inputs.dry_run }}; then export DRY_RUN=true fi - if [ "${{ inputs.short_target_tag }}" != "" ]; then - export ADDITIONAL_TAG=${{ inputs.short_target_tag }} - fi .github/scripts/copy-images.sh release-plus-to-gcr-marketplace-registry: @@ -198,9 +186,6 @@ jobs: if ${{ inputs.dry_run }}; then export DRY_RUN=true fi - if [ "${{ inputs.short_target_tag }}" != "" ]; then - export ADDITIONAL_TAG=${{ inputs.short_target_tag }} - fi .github/scripts/copy-images.sh release-plus-to-ecr-marketplace-registry: diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 586ea46eb8..d4e7e40f8e 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -52,6 +52,7 @@ jobs: short_tag: ${{ steps.vars.outputs.short_tag }} go_code_md5: ${{ steps.vars.outputs.go_code_md5 }} binary_cache_sign_hit: ${{ steps.binary-cache-sign.outputs.cache-hit }} + date: ${{ steps.vars.outputs.date }} steps: - name: Checkout Repository uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 @@ -70,6 +71,8 @@ jobs: tag=${{ inputs.nic_version }} echo "short_tag=${tag%.*}" >> $GITHUB_OUTPUT ./.github/scripts/variables.sh go_code_md5 >> $GITHUB_OUTPUT + date=$(date "+%Y%m%d") + echo "date=${date}" >> $GITHUB_OUTPUT cat $GITHUB_OUTPUT - name: Fetch Cached Signed Binary Artifacts @@ -119,6 +122,14 @@ jobs: name: Release Docker OSS needs: [variables] uses: ./.github/workflows/oss-release.yml + strategy: + fail-fast: false + matrix: + tag: + - "${{ inputs.nic_version }}" + - "${{ needs.variables.outputs.short_tag }}" + - "${{ inputs.nic_version }}-${{ needs.variables.outputs.date }}" + - "latest" with: gcr_release_registry: true ecr_public_registry: true @@ -126,8 +137,7 @@ jobs: quay_public_registry: true github_public_registry: true source_tag: ${{ needs.variables.outputs.source_tag }} - target_tag: ${{ inputs.nic_version }} - short_target_tag: ${{ needs.variables.outputs.short_tag }} + target_tag: ${{ matrix.tag }} dry_run: ${{ inputs.dry_run }} permissions: contents: read @@ -135,20 +145,103 @@ jobs: packages: write secrets: inherit - release-plus: + release-plus-gcr-nginx: if: ${{ ! cancelled() && ! failure() && ! contains(inputs.skip_step, 'release-plus') }} name: Release Docker Plus needs: [variables] uses: ./.github/workflows/plus-release.yml + strategy: + fail-fast: false + matrix: + tag: + - "${{ inputs.nic_version }}" + - "${{ needs.variables.outputs.short_tag }}" + - "${{ inputs.nic_version }}-${{ needs.variables.outputs.date }}" + - "latest" with: gcr_release_registry: true nginx_registry: true + gcr_mktpl_registry: false + ecr_mktpl_registry: false + az_mktpl_registry: false + source_tag: ${{ needs.variables.outputs.source_tag }} + target_tag: ${{ inputs.nic_version }} + dry_run: ${{ inputs.dry_run }} + permissions: + contents: read + id-token: write + secrets: inherit + + release-plus-gcr-mktpl: + if: ${{ ! cancelled() && ! failure() && ! contains(inputs.skip_step, 'release-plus') }} + name: Release Docker Plus + needs: [variables] + uses: ./.github/workflows/plus-release.yml + strategy: + fail-fast: false + matrix: + tag: + - "${{ inputs.nic_version }}" + - "${{ needs.variables.outputs.short_tag }}" + - "${{ inputs.nic_version }}-${{ needs.variables.outputs.date }}" + with: + gcr_release_registry: false + nginx_registry: false gcr_mktpl_registry: true + ecr_mktpl_registry: false + az_mktpl_registry: false + source_tag: ${{ needs.variables.outputs.source_tag }} + target_tag: ${{ inputs.nic_version }} + dry_run: ${{ inputs.dry_run }} + permissions: + contents: read + id-token: write + secrets: inherit + + release-plus-aws-mktpl: + if: ${{ ! cancelled() && ! failure() && ! contains(inputs.skip_step, 'release-plus') }} + name: Release Docker Plus + needs: [variables] + uses: ./.github/workflows/plus-release.yml + strategy: + fail-fast: false + matrix: + tag: + - "${{ inputs.nic_version }}" + - "${{ inputs.nic_version }}-${{ needs.variables.outputs.date }}" + with: + gcr_release_registry: false + nginx_registry: false + gcr_mktpl_registry: false ecr_mktpl_registry: true + az_mktpl_registry: false + source_tag: ${{ needs.variables.outputs.source_tag }} + target_tag: ${{ inputs.nic_version }} + dry_run: ${{ inputs.dry_run }} + permissions: + contents: read + id-token: write + secrets: inherit + + release-plus-azure-mktpl: + if: ${{ ! cancelled() && ! failure() && ! contains(inputs.skip_step, 'release-plus') }} + name: Release Docker Plus + needs: [variables] + uses: ./.github/workflows/plus-release.yml + strategy: + fail-fast: false + matrix: + tag: + - "${{ inputs.nic_version }}" + - "${{ inputs.nic_version }}-${{ needs.variables.outputs.date }}" + with: + gcr_release_registry: false + nginx_registry: false + gcr_mktpl_registry: false + ecr_mktpl_registry: false az_mktpl_registry: true source_tag: ${{ needs.variables.outputs.source_tag }} target_tag: ${{ inputs.nic_version }} - short_target_tag: ${{ needs.variables.outputs.short_tag }} dry_run: ${{ inputs.dry_run }} permissions: contents: read @@ -213,7 +306,7 @@ jobs: if: ${{ ! cancelled() && ! failure() && ! inputs.dry_run && ! contains(inputs.skip_step, 'gcp-marketplace') }} name: Trigger PR for GCP Marketplace runs-on: ubuntu-22.04 - needs: [publish-helm-chart] + needs: [publish-helm-chart,release-plus-gcr-mktpl] steps: - name: uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 @@ -234,7 +327,7 @@ jobs: if: ${{ ! cancelled() && ! failure() && ! inputs.dry_run && ! contains(inputs.skip_step, 'azure-marketplace') }} name: Trigger CNAB Build for Azure Marketplace runs-on: ubuntu-22.04 - needs: [publish-helm-chart] + needs: [publish-helm-chart,release-plus-azure-mktpl] steps: - name: uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 @@ -257,7 +350,7 @@ jobs: if: ${{ ! cancelled() && ! failure() && ! inputs.dry_run && ! contains(inputs.skip_step, 'aws-marketplace') }} name: Publish to AWS Marketplace runs-on: ubuntu-22.04 - needs: [release-plus] + needs: [release-plus-aws-mktpl] permissions: contents: read id-token: write @@ -385,7 +478,7 @@ jobs: if: ${{ ! cancelled() && ! failure() && ! contains(inputs.skip_step, 'github-release') }} name: Publish release to GitHub runs-on: ubuntu-22.04 - needs: [variables, binaries, release-oss, release-plus, azure-upload] + needs: [variables, binaries, release-oss, release-plus-gcr-nginx, azure-upload] permissions: contents: write # to modify the release issues: write # to close milestone @@ -490,7 +583,7 @@ jobs: if: ${{ ! cancelled() && ! failure() && ! inputs.dry_run && ! contains(inputs.skip_step, 'release-image-notification') }} name: Notify Slack channels about image release runs-on: ubuntu-22.04 - needs: [variables, binaries, release-oss, release-plus] + needs: [variables, binaries, release-oss, release-plus-gcr-nginx] permissions: contents: read actions: read diff --git a/.github/workflows/update-docker-images.yml b/.github/workflows/update-docker-images.yml index 9a0b3cea03..c003b81d32 100644 --- a/.github/workflows/update-docker-images.yml +++ b/.github/workflows/update-docker-images.yml @@ -223,7 +223,7 @@ jobs: secrets: inherit release-oss-public: - name: Publish Docker OSS ${{ needs.variables.outputs.tag }} to Public Registries + name: Publish Docker OSS ${{ matrix.tag }} to Public Registries needs: [variables, patch-oss-images] strategy: fail-fast: false @@ -250,7 +250,7 @@ jobs: secrets: inherit release-plus-nginx-gcr: - name: Publish Docker Plus ${{ needs.variables.outputs.tag }} to NGINX & GCR Marketplace registries + name: Publish Docker Plus ${{ matrix.tag }} to NGINX & GCR Marketplace registries needs: [variables, patch-plus-images, patch-plus-nap-images] strategy: fail-fast: false From f6746242ca6ef48c19cd2daf5d9f7689c6faff48 Mon Sep 17 00:00:00 2001 From: Paul Abel <128620221+pdabelf5@users.noreply.github.com> Date: Wed, 31 Jul 2024 11:11:59 +0100 Subject: [PATCH 3/3] ensure nginx-agent is installed on WAF images (#6107) --- .github/workflows/build-base-images.yml | 3 +++ .github/workflows/build-plus.yml | 6 +++++- .github/workflows/setup-smoke.yml | 3 +++ 3 files changed, 11 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build-base-images.yml b/.github/workflows/build-base-images.yml index a97886021f..11e2be34de 100644 --- a/.github/workflows/build-base-images.yml +++ b/.github/workflows/build-base-images.yml @@ -213,6 +213,8 @@ jobs: run: | [[ "${{ matrix.nap_modules }}" == "waf,dos" ]] && modules="waf-dos" || modules="${{ matrix.nap_modules }}" echo "modules=${modules}" >> $GITHUB_OUTPUT + [[ "${{ matrix.nap_modules }}" =~ waf ]] && agent="true" || agent="false" + echo "agent=${agent}" >> $GITHUB_OUTPUT if: ${{ matrix.nap_modules != '' }} - name: Docker meta @@ -242,6 +244,7 @@ jobs: BUILD_OS=${{ matrix.image }} IC_VERSION=${{ needs.checks.outputs.ic_version }} NAP_MODULES=${{ matrix.nap_modules }} + ${{ contains(matrix.nap_modules,'waf') && format('NGINX_AGENT={0}', steps.nap_modules.outputs.agent) || '' }} secrets: | "nginx-repo.crt=${{ secrets.NGINX_AP_CRT }}" "nginx-repo.key=${{ secrets.NGINX_AP_KEY }}" diff --git a/.github/workflows/build-plus.yml b/.github/workflows/build-plus.yml index 6af6ee2348..6908d835db 100644 --- a/.github/workflows/build-plus.yml +++ b/.github/workflows/build-plus.yml @@ -80,9 +80,11 @@ jobs: id: nap_modules run: | [[ "${{ inputs.nap-modules }}" == "waf,dos" ]] && modules="waf-dos" || name="${{ inputs.nap-modules }}" + echo "name=${name}" >> $GITHUB_OUTPUT [[ "${{ inputs.nap-modules }}" == "waf,dos" ]] && modules="both" || modules="${{ inputs.nap-modules }}" echo "modules=${modules}" >> $GITHUB_OUTPUT - echo "name=${name}" >> $GITHUB_OUTPUT + [[ "${{ inputs.nap-modules }}" =~ waf ]] && agent="true" || agent="false" + echo "agent=${agent}" >> $GITHUB_OUTPUT if: ${{ inputs.nap-modules != '' }} - name: Docker meta @@ -143,6 +145,7 @@ jobs: BUILD_OS=${{ inputs.image }} IC_VERSION=${{ inputs.ic-version && inputs.ic-version || steps.meta.outputs.version }} ${{ inputs.nap-modules != '' && format('NAP_MODULES={0}', steps.nap_modules.outputs.name) || '' }} + ${{ contains(inputs.nap-modules,'waf') && format('NGINX_AGENT={0}', steps.nap_modules.outputs.agent) || '' }} secrets: | "nginx-repo.crt=${{ inputs.nap-modules != '' && secrets.NGINX_AP_CRT || secrets.NGINX_CRT }}" "nginx-repo.key=${{ inputs.nap-modules != '' && secrets.NGINX_AP_KEY || secrets.NGINX_KEY }}" @@ -187,6 +190,7 @@ jobs: ${{ inputs.authenticated && format('PREBUILT_BASE_IMG={0}', steps.base_name.outputs.image ) }} IC_VERSION=${{ inputs.ic-version && inputs.ic-version || steps.meta.outputs.version }} ${{ inputs.nap-modules != '' && format('NAP_MODULES={0}', steps.nap_modules.outputs.name) || '' }} + ${{ contains(inputs.nap-modules,'waf') && format('NGINX_AGENT={0}', steps.nap_modules.outputs.agent) || '' }} ${{ (contains(inputs.target, 'aws') && inputs.nap-modules != '') && format('NAP_MODULES_AWS={0}', steps.nap_modules.outputs.modules) || '' }} ${{ contains(inputs.image, 'v5') && 'WAF_VERSION=v5' || '' }} secrets: | diff --git a/.github/workflows/setup-smoke.yml b/.github/workflows/setup-smoke.yml index 0c8e345806..6b89180923 100644 --- a/.github/workflows/setup-smoke.yml +++ b/.github/workflows/setup-smoke.yml @@ -88,6 +88,8 @@ jobs: run: | [[ "${{ inputs.nap-modules }}" == "waf,dos" ]] && modules="waf-dos" || modules="${{ inputs.nap-modules }}" echo "modules=${modules}" >> $GITHUB_OUTPUT + [[ "${{ inputs.nap-modules }}" =~ waf ]] && agent="true" || agent="false" + echo "agent=${agent}" >> $GITHUB_OUTPUT if: ${{ inputs.nap-modules }} - name: Pull build image @@ -137,6 +139,7 @@ jobs: BUILD_OS=${{ inputs.image }} IC_VERSION=CI ${{ contains(inputs.image, 'nap') && format('NAP_MODULES={0}', steps.nap_modules.outputs.modules) || '' }} + ${{ contains(inputs.nap-modules,'waf') && format('NGINX_AGENT={0}', steps.nap_modules.outputs.agent) || '' }} ${{ contains(inputs.marker, 'appprotect') && 'DEBIAN_VERSION=buster-slim' || '' }} secrets: | ${{ contains(inputs.image, 'nap') && format('"nginx-repo.crt={0}"', secrets.NGINX_AP_CRT) || format('"nginx-repo.crt={0}"', secrets.NGINX_CRT) }}