diff --git a/.github/config/config-gcr-retag b/.github/config/config-gcr-retag index 5a6ed07922..218de07652 100644 --- a/.github/config/config-gcr-retag +++ b/.github/config/config-gcr-retag @@ -1,6 +1,6 @@ export TARGET_REGISTRY=gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev -declare -a PLUS_TAG_POSTFIX_LIST=("" "-ubi" "-alpine" "-alpine-fips" "-mktpl" "-alpine-mktpl" "-alpine-mktpl-fips") -declare -a NAP_WAF_TAG_POSTFIX_LIST=("" "-ubi" "-mktpl" "-ubi-mktpl" "-alpine-fips") -declare -a NAP_DOS_TAG_POSTFIX_LIST=("" "-ubi" "-mktpl" "-ubi-mktpl") -declare -a NAP_WAF_DOS_TAG_POSTFIX_LIST=("" "-ubi" "-mktpl" "-ubi-mktpl") +declare -a PLUS_TAG_POSTFIX_LIST=("" "-ubi" "-alpine" "-alpine-fips" "-mktpl") +declare -a NAP_WAF_TAG_POSTFIX_LIST=("" "-ubi" "-mktpl" "-alpine-fips") +declare -a NAP_DOS_TAG_POSTFIX_LIST=("" "-ubi" "-mktpl") +declare -a NAP_WAF_DOS_TAG_POSTFIX_LIST=("" "-ubi" "-mktpl") declare -a ADDITIONAL_TAGS=() diff --git a/.github/config/config-plus-gcr-release b/.github/config/config-plus-gcr-release index 8106dd0607..73df01d812 100644 --- a/.github/config/config-plus-gcr-release +++ b/.github/config/config-plus-gcr-release @@ -1,8 +1,8 @@ export TARGET_REGISTRY=gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/release -declare -a PLUS_TAG_POSTFIX_LIST=("" "-ubi" "-alpine" "-mktpl" "-alpine-mktpl") -declare -a NAP_WAF_TAG_POSTFIX_LIST=("" "-ubi" "-mktpl" "-ubi-mktpl") +declare -a PLUS_TAG_POSTFIX_LIST=("" "-ubi" "-alpine" "-mktpl") +declare -a NAP_WAF_TAG_POSTFIX_LIST=("" "-ubi" "-mktpl") declare -a NAP_WAFV5_TAG_POSTFIX_LIST=("" "-ubi") -declare -a NAP_DOS_TAG_POSTFIX_LIST=("" "-ubi" "-mktpl" "-ubi-mktpl") -declare -a NAP_WAF_DOS_TAG_POSTFIX_LIST=("" "-ubi" "-mktpl" "-ubi-mktpl") +declare -a NAP_DOS_TAG_POSTFIX_LIST=("" "-ubi" "-mktpl") +declare -a NAP_WAF_DOS_TAG_POSTFIX_LIST=("" "-ubi" "-mktpl") declare -a ADDITIONAL_TAGS=("latest" "${ADDITIONAL_TAG}") export PUBLISH_OSS=false diff --git a/.github/data/matrix-images-nap.json b/.github/data/matrix-images-nap.json index 47da890cd9..8bcc222902 100644 --- a/.github/data/matrix-images-nap.json +++ b/.github/data/matrix-images-nap.json @@ -33,24 +33,6 @@ "platforms": "linux/amd64", "nap_modules": "waf,dos" }, - { - "image": "ubi-9-plus-nap", - "target": "aws", - "platforms": "linux/amd64", - "nap_modules": "waf" - }, - { - "image": "ubi-8-plus-nap", - "target": "aws", - "platforms": "linux/amd64", - "nap_modules": "dos" - }, - { - "image": "ubi-8-plus-nap", - "target": "aws", - "platforms": "linux/amd64", - "nap_modules": "waf,dos" - }, { "image": "alpine-plus-nap-fips", "target": "goreleaser", diff --git a/.github/data/matrix-images-plus.json b/.github/data/matrix-images-plus.json index f9f02f865d..463f2cf0d1 100644 --- a/.github/data/matrix-images-plus.json +++ b/.github/data/matrix-images-plus.json @@ -8,10 +8,14 @@ "linux/arm64, linux/amd64" ], "target": [ - "goreleaser", - "aws" + "goreleaser" ], "include": [ + { + "image": "debian-plus", + "platforms": "linux/arm64, linux/amd64", + "target": "aws" + }, { "image": "ubi-plus", "platforms": "linux/arm64, linux/amd64, linux/s390x", diff --git a/.github/workflows/image-promotion.yml b/.github/workflows/image-promotion.yml index 46cc42c402..2279789b43 100644 --- a/.github/workflows/image-promotion.yml +++ b/.github/workflows/image-promotion.yml @@ -112,6 +112,42 @@ jobs: echo stable_tag: ${{ steps.vars.outputs.stable_tag }} echo stable_image_exists: ${{ steps.stable_exists.outputs.exists }} + govulncheck: + name: Run govulncheck + runs-on: ubuntu-22.04 + permissions: + contents: read + security-events: write + steps: + - name: Checkout Repository + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + + - name: Setup Golang Environment + uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 + with: + go-version-file: go.mod + + - name: govulncheck + uses: golang/govulncheck-action@dd0578b371c987f96d1185abb54344b44352bd58 # v1.0.3 + with: + output-format: sarif + output-file: govulncheck.sarif + + - name: Check SARIF file + id: check-sarif + run: | + if [ -s govulncheck.sarif ] && grep -q '"results":' govulncheck.sarif; then + echo "sarif_has_results=true" >> $GITHUB_OUTPUT + else + echo "sarif_has_results=false" >> $GITHUB_OUTPUT + fi + + - name: Upload SARIF file + uses: github/codeql-action/upload-sarif@5cf07d8b700b67e235fbb65cbc84f69c0cf10464 # v3.25.14 + if: steps.check-sarif.outputs.sarif_has_results == 'true' + with: + sarif_file: govulncheck.sarif + binaries: name: Build Binaries runs-on: ubuntu-22.04 diff --git a/.github/workflows/update-docker-images.yml b/.github/workflows/update-docker-images.yml index 699c0d53a1..9a0b3cea03 100644 --- a/.github/workflows/update-docker-images.yml +++ b/.github/workflows/update-docker-images.yml @@ -110,11 +110,6 @@ jobs: image: gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/release/nginx-ic/nginx-plus-ingress target_image: gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress platforms: "linux/arm64, linux/amd64" - - tag: ${{ needs.variables.outputs.tag }}-alpine-mktpl - target_tag: "${{ needs.variables.outputs.tag }}-${{ needs.variables.outputs.date }}-alpine-mktpl" - image: gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/release/nginx-ic/nginx-plus-ingress - target_image: gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress - platforms: "linux/arm64, linux/amd64" - tag: ${{ needs.variables.outputs.tag }}-ubi target_tag: "${{ needs.variables.outputs.tag }}-${{ needs.variables.outputs.date }}-ubi" image: gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/release/nginx-ic/nginx-plus-ingress @@ -155,11 +150,6 @@ jobs: image: "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/release/nginx-ic-nap/nginx-plus-ingress" target_image: "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress" platforms: "linux/amd64" - - tag: "${{ needs.variables.outputs.tag }}-ubi-mktpl" - target_tag: "${{ needs.variables.outputs.tag }}-${{ needs.variables.outputs.date }}-ubi-mktpl" - image: "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/release/nginx-ic-nap/nginx-plus-ingress" - target_image: "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress" - platforms: "linux/amd64" - tag: "${{ needs.variables.outputs.tag }}" target_tag: "${{ needs.variables.outputs.tag }}-${{ needs.variables.outputs.date }}" image: "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/release/nginx-ic-nap-v5/nginx-plus-ingress" @@ -180,11 +170,6 @@ jobs: image: "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/release/nginx-ic-dos/nginx-plus-ingress" target_image: "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos/nginx-plus-ingress" platforms: "linux/amd64" - - tag: "${{ needs.variables.outputs.tag }}-ubi-mktpl" - target_tag: "${{ needs.variables.outputs.tag }}-${{ needs.variables.outputs.date }}-ubi-mktpl" - image: "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/release/nginx-ic-dos/nginx-plus-ingress" - target_image: "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos/nginx-plus-ingress" - platforms: "linux/amd64" - tag: "${{ needs.variables.outputs.tag }}-mktpl" target_tag: "${{ needs.variables.outputs.tag }}-${{ needs.variables.outputs.date }}-mktpl" image: "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/release/nginx-ic-dos/nginx-plus-ingress" @@ -200,11 +185,6 @@ jobs: image: "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/release/nginx-ic-dos-nap/nginx-plus-ingress" target_image: "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress" platforms: "linux/amd64" - - tag: "${{ needs.variables.outputs.tag }}-ubi-mktpl" - target_tag: "${{ needs.variables.outputs.tag }}-${{ needs.variables.outputs.date }}-ubi-mktpl" - image: "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/release/nginx-ic-dos-nap/nginx-plus-ingress" - target_image: "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress" - platforms: "linux/amd64" - tag: "${{ needs.variables.outputs.tag }}-mktpl" target_tag: "${{ needs.variables.outputs.tag }}-${{ needs.variables.outputs.date }}-mktpl" image: "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/release/nginx-ic-dos-nap/nginx-plus-ingress"