github.com/nginxinc/kubernetes-ingress@v1.12.5/.github/workflows/edge.yml (about) 1 name: Edge 2 3 on: 4 push: 5 branches: 6 - master 7 paths-ignore: 8 - 'docs/**' 9 - 'docs-web/**' 10 - 'examples/**' 11 - 'examples-of-custom-resources/**' 12 - '**.md' 13 pull_request: 14 branches: 15 - master 16 - release-1.12 17 paths-ignore: 18 - 'docs/**' 19 - 'docs-web/**' 20 - 'examples/**' 21 - 'examples-of-custom-resources/**' 22 - '**.md' 23 types: 24 - opened 25 - reopened 26 - synchronize 27 28 defaults: 29 run: 30 shell: bash 31 32 env: 33 DOCKER_BUILDKIT: 1 34 K8S_VERSION: 1.20.15 35 K8S_TIMEOUT: 75s 36 HELM_CHART_DIR: deployments/helm-chart 37 HELM_CHART_VERSION: 0.0.0-edge 38 GIT_NAME: NGINX Kubernetes Team 39 GIT_MAIL: kubernetes@nginx.com 40 41 jobs: 42 43 binary: 44 name: Build Binary 45 runs-on: ubuntu-20.04 46 steps: 47 - name: Checkout Repository 48 uses: actions/checkout@v3 49 with: 50 fetch-depth: 0 51 - name: Output Variables 52 id: commit 53 run: | 54 echo "::set-output name=sha::$(echo ${GITHUB_SHA} | cut -c1-7)" 55 - name: Setup Golang Environment 56 uses: actions/setup-go@v3 57 with: 58 go-version-file: go.mod 59 cache: true 60 - name: Determine GOPATH 61 run: echo "GOPATH=$(go env GOPATH)" >> $GITHUB_ENV 62 - name: Check if CRDs changed 63 run: | 64 make update-crds && git diff --name-only --exit-code deployments/common/crds* deployments/helm-chart/crds* 65 - name: Check if Codegen changed 66 run: | 67 make update-codegen && git diff --name-only --exit-code pkg/**/zz_generated.deepcopy.go 68 - name: Build binaries 69 uses: goreleaser/goreleaser-action@v2 70 with: 71 version: latest 72 args: build --snapshot --rm-dist --single-target 73 env: 74 GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 75 GOPATH: ${{ env.GOPATH }} 76 - name: Store Artifacts in Cache 77 uses: actions/cache@v2 78 with: 79 path: ${{ github.workspace }}/dist 80 key: nginx-ingress-${{ github.run_id }}-${{ github.run_number }} 81 82 unit-tests: 83 name: Unit Tests 84 runs-on: ubuntu-20.04 85 steps: 86 - name: Checkout Repository 87 uses: actions/checkout@v3 88 - name: Setup Golang Environment 89 uses: actions/setup-go@v3 90 with: 91 go-version-file: go.mod 92 cache: true 93 - name: Run Tests 94 run: go test ./... 95 96 container-scan: 97 name: Container Scanning 98 runs-on: ubuntu-20.04 99 needs: binary 100 strategy: 101 fail-fast: false 102 matrix: 103 image: [debian, alpine, opentracing, ubi] 104 steps: 105 - name: Checkout Repository 106 uses: actions/checkout@v3 107 - name: Output Variables 108 id: commit 109 run: | 110 echo "::set-output name=nginx_version::$(cat build/Dockerfile | grep -m1 "FROM nginx:" | cut -d":" -f2 | cut -d" " -f1)" 111 - name: Fetch Cached Artifacts 112 uses: actions/cache@v2 113 with: 114 path: ${{ github.workspace }}/dist 115 key: nginx-ingress-${{ github.run_id }}-${{ github.run_number }} 116 - name: Docker Buildx 117 uses: docker/setup-buildx-action@v2 118 - name: Build ${{ matrix.image }} Container 119 uses: docker/build-push-action@v3 120 with: 121 file: build/Dockerfile 122 context: '.' 123 cache-from: type=gha,scope=${{ matrix.image }} 124 cache-to: type=gha,scope=${{ matrix.image }},mode=max 125 target: goreleaser 126 tags: ${{ matrix.image }}:${{ github.sha }} 127 load: true 128 build-args: | 129 BUILD_OS=${{ matrix.image }} 130 NGINX_VERSION=${{ steps.commit.outputs.nginx_version }} 131 - name: Run Trivy vulnerability scanner 132 uses: aquasecurity/trivy-action@0.7.1 133 continue-on-error: true 134 with: 135 image-ref: '${{ matrix.image }}:${{ github.sha }}' 136 format: 'sarif' 137 output: 'trivy-results-${{ matrix.image }}.sarif' 138 ignore-unfixed: 'true' 139 - name: Upload Trivy scan results to GitHub Security tab 140 uses: github/codeql-action/upload-sarif@v2 141 continue-on-error: true 142 with: 143 sarif_file: 'trivy-results-${{ matrix.image }}.sarif' 144 - name: Upload Scan Results 145 uses: actions/upload-artifact@v3 146 continue-on-error: true 147 with: 148 name: 'trivy-results-${{ matrix.image }}.sarif' 149 path: 'trivy-results-${{ matrix.image }}.sarif' 150 if: always() 151 152 smoke-tests: 153 name: Smoke Tests 154 runs-on: ubuntu-20.04 155 needs: [binary, unit-tests] 156 strategy: 157 fail-fast: false 158 matrix: 159 include: 160 - image: debian 161 marker: 'ingresses' 162 - image: alpine 163 marker: 'vsr' 164 - image: opentracing 165 marker: 'vs' 166 - image: ubi 167 marker: 'ts' 168 - image: debian 169 marker: 'policies' 170 steps: 171 - name: Checkout Repository 172 uses: actions/checkout@v3 173 - name: Output Variables 174 id: commit 175 run: | 176 echo "::set-output name=nginx_version::$(cat build/Dockerfile | grep -m1 "FROM nginx:" | cut -d":" -f2 | cut -d" " -f1)" 177 - name: Fetch Cached Artifacts 178 uses: actions/cache@v2 179 with: 180 path: ${{ github.workspace }}/dist 181 key: nginx-ingress-${{ github.run_id }}-${{ github.run_number }} 182 - name: Docker Buildx 183 uses: docker/setup-buildx-action@v2 184 - name: Build ${{ matrix.image }} Container 185 uses: docker/build-push-action@v3 186 with: 187 file: build/Dockerfile 188 context: '.' 189 cache-from: type=gha,scope=${{ matrix.image }} 190 cache-to: type=gha,scope=${{ matrix.image }},mode=max 191 target: goreleaser 192 tags: ${{ matrix.image }}:${{ github.sha }} 193 load: true 194 build-args: | 195 BUILD_OS=${{ matrix.image }} 196 NGINX_VERSION=${{ steps.commit.outputs.nginx_version }} 197 - name: Build Test-Runner Container 198 uses: docker/build-push-action@v3 199 with: 200 file: tests/docker/Dockerfile 201 context: '.' 202 cache-from: type=gha,scope=test-runner 203 cache-to: type=gha,scope=test-runner,mode=max 204 tags: test-runner:${{ github.sha }} 205 load: true 206 - name: Deploy Kubernetes 207 id: k8s 208 run: | 209 kind create cluster --name ${{ github.run_id }} --image=kindest/node:v${{ env.K8S_VERSION }} --config ${{ github.workspace }}/tests/ci-files/ci-kind-config.yaml --kubeconfig kube-${{ github.run_id }} --wait ${{ env.K8S_TIMEOUT }} 210 kind load docker-image ${{ matrix.image }}:${{ github.sha }} --name ${{ github.run_id }} 211 echo ::set-output name=cluster_ip::$(docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' ${{ github.run_id }}-control-plane) 212 echo ::set-output name=cluster::$(echo 'nginx-${{ matrix.image }}-${{ matrix.marker }}') 213 - name: Setup Kubeconfig 214 run: | 215 sed -i 's|server:.*|server: https://${{ steps.k8s.outputs.cluster_ip }}:6443|' kube-${{ github.run_id }} 216 - name: Run Smoke Tests 217 run: | 218 touch tests-${{ steps.k8s.outputs.cluster }}.html 219 docker run --rm \ 220 --name test-runner-${{ github.run_id }} \ 221 --network=kind \ 222 -v ${{ github.workspace }}/tests/tests-${{ steps.k8s.outputs.cluster }}.html:/workspace/tests/tests-${{ steps.k8s.outputs.cluster }}.html \ 223 -v ${{ github.workspace }}/kube-${{ github.run_id }}:/root/.kube/config test-runner:${{ github.sha }} \ 224 --context=kind-${{ github.run_id }} \ 225 --image=${{ matrix.image }}:${{ github.sha }} \ 226 --image-pull-policy=Never \ 227 --ic-type=nginx-ingress \ 228 --service=nodeport --node-ip=${{ steps.k8s.outputs.cluster_ip }} \ 229 --html=tests-${{ steps.k8s.outputs.cluster }}.html \ 230 --self-contained-html \ 231 --show-ic-logs=yes --profile \ 232 -m ${{ matrix.marker }} 233 working-directory: ./tests 234 - name: Upload Test Results 235 uses: actions/upload-artifact@v3 236 with: 237 name: test-results-${{ steps.k8s.outputs.cluster }} 238 path: ${{ github.workspace }}/tests/tests-${{ steps.k8s.outputs.cluster }}.html 239 if: always() 240 241 helm-tests: 242 name: Helm Tests 243 runs-on: ubuntu-20.04 244 needs: [binary, unit-tests] 245 env: 246 NGINX_HTTP_PORT: 8080 247 NGINX_HTTPS_PORT: 8443 248 HELM_TEST_RETRIES: 5 249 HELM_HTTP_POSTFIX: s 250 steps: 251 - name: Checkout Repository 252 uses: actions/checkout@v3 253 - name: Fetch Cached Artifacts 254 uses: actions/cache@v2 255 with: 256 path: ${{ github.workspace }}/dist 257 key: nginx-ingress-${{ github.run_id }}-${{ github.run_number }} 258 - name: Docker Buildx 259 uses: docker/setup-buildx-action@v2 260 with: 261 driver-opts: network=host 262 - name: Build Docker Image nginx-ingress 263 uses: docker/build-push-action@v3 264 with: 265 file: build/Dockerfile 266 context: '.' 267 cache-from: type=gha,scope=debian 268 cache-to: type=gha,scope=debian,mode=max 269 target: goreleaser 270 tags: nginx-ingress:${{ github.sha }} 271 load: true 272 build-args: | 273 BUILD_OS=debian 274 - name: Deploy Kubernetes 275 id: k8s 276 run: | 277 kind create cluster --name ${{ github.run_id }} --image=kindest/node:v${{ env.K8S_VERSION }} --wait ${{ env.K8S_TIMEOUT }} 278 kind load docker-image nginx-ingress:${{ github.sha }} --name ${{ github.run_id }} 279 - name: Install Chart 280 run: > 281 helm install 282 oss 283 . 284 --set controller.image.repository=nginx-ingress 285 --set controller.image.tag=${{ github.sha }} 286 --set controller.service.type=NodePort 287 --set controller.nginxplus=false 288 --wait 289 working-directory: ${{ github.workspace }}/deployments/helm-chart 290 - name: Expose Test Ingresses 291 run: | 292 kubectl port-forward service/oss-nginx-ingress ${{ env.NGINX_HTTP_PORT }}:80 & 293 kubectl port-forward service/oss-nginx-ingress ${{ env.NGINX_HTTPS_PORT }}:443 & 294 - name: Test HTTP 295 run: | 296 . tests/ci-files/helm-http-test.sh ${{ env.HELM_TEST_RETRIES }} ${{ env.NGINX_HTTP_PORT }} 297 - name: Test HTTPS 298 run: | 299 . tests/ci-files/helm-http-test.sh ${{ env.HELM_TEST_RETRIES }} ${{ env.NGINX_HTTPS_PORT }} ${{ env.HELM_HTTP_POSTFIX }} 300 301 release-docker: 302 name: Release Images 303 runs-on: ubuntu-20.04 304 needs: [smoke-tests, helm-tests] 305 if: github.event_name == 'push' && github.ref == 'refs/heads/master' 306 strategy: 307 fail-fast: false 308 matrix: 309 include: 310 - tag: edge 311 type: debian 312 platforms: linux/arm,linux/arm64,linux/amd64,linux/ppc64le,linux/s390x 313 - tag: edge-alpine 314 type: alpine 315 platforms: linux/arm,linux/arm64,linux/amd64,linux/ppc64le,linux/s390x 316 - tag: edge-ubi 317 type: ubi 318 platforms: linux/arm64,linux/amd64 319 steps: 320 - name: Checkout Repository 321 uses: actions/checkout@v3 322 with: 323 fetch-depth: 0 324 - name: Output Variables 325 id: commit 326 run: | 327 echo "::set-output name=sha::$(echo ${GITHUB_SHA} | cut -c1-7)" 328 echo "::set-output name=tag::$(git describe --tags --abbrev=0)" 329 echo "::set-output name=date::$(date -u +"%Y-%m-%dT%H:%M:%SZ")" 330 echo "::set-output name=nginx_version::$(cat build/Dockerfile | grep -m1 "FROM nginx:" | cut -d":" -f2 | cut -d" " -f1)" 331 - name: Fetch Cached Artifacts 332 uses: actions/cache@v2 333 with: 334 path: ${{ github.workspace }}/dist 335 key: nginx-ingress-${{ github.run_id }}-${{ github.run_number }} 336 - name: Setup QEMU 337 uses: docker/setup-qemu-action@v2 338 with: 339 platforms: arm,arm64,ppc64le,s390x 340 - name: Docker Buildx 341 uses: docker/setup-buildx-action@v2 342 - name: DockerHub Login 343 uses: docker/login-action@v2 344 with: 345 username: ${{ secrets.DOCKER_USERNAME }} 346 password: ${{ secrets.DOCKER_PASSWORD }} 347 - name: Push to Dockerhub 348 uses: docker/build-push-action@v3 349 with: 350 file: build/Dockerfile 351 context: '.' 352 cache-from: type=gha,scope=${{ matrix.type }} 353 cache-to: type=gha,scope=${{ matrix.type }},mode=max 354 target: goreleaser 355 tags: nginx/nginx-ingress:${{ matrix.tag }} 356 platforms: ${{ matrix.platforms }} 357 push: true 358 build-args: | 359 BUILD_OS=${{ matrix.type }} 360 IC_VERSION=${{ steps.commit.outputs.tag }}-SNAPSHOT-${{ steps.commit.outputs.sha }} 361 NGINX_VERSION=${{ steps.commit.outputs.nginx_version }} 362 DATE=${{ steps.commit.outputs.date }} 363 GIT_COMMIT=${{ github.sha }} 364 365 package-helm: 366 name: Package Helm Chart 367 runs-on: ubuntu-20.04 368 needs: [smoke-tests, helm-tests, release-docker] 369 if: github.event_name == 'push' && github.ref == 'refs/heads/master' 370 steps: 371 - name: Checkout Repository 372 uses: actions/checkout@v3 373 - name: Lint 374 run: | 375 helm lint ${{ env.HELM_CHART_DIR }} || true 376 - name: Package 377 run: | 378 helm package --version ${{ env.HELM_CHART_VERSION }} ${{ env.HELM_CHART_DIR }} 379 - name: Upload Chart 380 uses: actions/upload-artifact@v3 381 with: 382 name: helm-chart 383 path: ${{ github.workspace }}/nginx-ingress-${{ env.HELM_CHART_VERSION }}.tgz 384 385 release-helm: 386 name: Release Helm Chart 387 runs-on: ubuntu-20.04 388 needs: [smoke-tests, helm-tests, release-docker, package-helm] 389 if: github.event_name == 'push' && github.ref == 'refs/heads/master' 390 steps: 391 - name: Checkout Repository 392 uses: actions/checkout@v3 393 with: 394 repository: nginxinc/helm-charts 395 fetch-depth: 1 396 token: ${{ secrets.NGINX_PAT }} 397 - name: Remove previous Chart 398 run: rm -f ${{ github.workspace }}/edge/nginx-ingress-${{ env.HELM_CHART_VERSION }}.tgz 399 - name: Retrieve latest Helm Chart 400 uses: actions/download-artifact@v2 401 with: 402 name: helm-chart 403 path: ${{ github.workspace }}/edge 404 - name: Push Helm Chart 405 run: | 406 helm repo index edge --url https://helm.nginx.com/edge 407 git add -A 408 git -c user.name='${{ env.GIT_NAME }}' -c user.email='${{ env.GIT_MAIL }}' \ 409 commit -m "NGINX Ingress Controller - Edge Release (latest)" 410 git push -u origin master 411 412 notify: 413 name: Notify 414 runs-on: ubuntu-20.04 415 needs: release-helm 416 if: always() && github.ref == 'refs/heads/master' 417 steps: 418 - name: Workflow Status 419 id: check 420 uses: martialonline/workflow-status@v2 421 - name: Output Variables 422 id: commit 423 run: | 424 echo "::set-output name=sha::$(echo ${GITHUB_SHA} | cut -c1-7)" 425 echo "::set-output name=repo::$(echo ${GITHUB_REPOSITORY} | cut -d '/' -f 2)" 426 - name: Send Notification 427 uses: 8398a7/action-slack@v3 428 if: 429 steps.check.outputs.status == 'failure' 430 with: 431 status: custom 432 custom_payload: | 433 { 434 username: 'Github', 435 icon_emoji: ':octocat:', 436 mention: 'channel', 437 attachments: [{ 438 title: '${{ steps.commit.outputs.repo }} ${{ github.workflow }} pipeline has failed', 439 color: '${{ steps.check.outputs.status }}' == 'failure' ? 'danger' : 'warning', 440 fields: [{ 441 title: 'Commit Hash', 442 value: '${{ steps.commit.outputs.sha }}', 443 short: true 444 }, 445 { 446 title: 'Author', 447 value: '${{ github.actor }}', 448 short: true 449 }, 450 { 451 title: 'Commit Message', 452 value: `${{ github.event.head_commit.message }}`, 453 short: false 454 }, 455 { 456 title: 'Pipeline URL', 457 value: 'https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}', 458 short: false 459 }] 460 }] 461 } 462 env: 463 GITHUB_TOKEN: ${{ github.token }} 464 SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }}