DevFW-CICD/ingress-nginx-helm
16
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge branch 'kubernetes:main' into pie

Browse source
This commit is contained in:
chriss-de 2023-02-06 08:45:54 +01:00 committed by GitHub
commit 4ecc6c4161
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 21 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
.github/workflows/helm.yaml vendored
View file

@ -25,6 +25,18 @@ jobs:
- name: Checkout - name: Checkout
uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0
- name: Run Artifact Hub lint
run: |
wget https://github.com/artifacthub/hub/releases/download/v1.5.0/ah_1.5.0_linux_amd64.tar.gz
echo 'ad0e44c6ea058ab6b85dbf582e88bad9fdbc64ded0d1dd4edbac65133e5c87da *ah_1.5.0_linux_amd64.tar.gz' | shasum -c
tar -xzvf ah_1.5.0_linux_amd64.tar.gz ah
./ah lint -p charts/ingress-nginx || exit 1
rm -f ./ah ./ah_1.5.0_linux_amd64.tar.gz
- name: Lint
run: |
./build/run-in-docker.sh ./hack/verify-chart-lint.sh
- uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1 - uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1
id: filter id: filter
with: with:

2
.github/workflows/vulnerability-scans.yaml vendored
View file

@ -42,7 +42,7 @@ jobs:
echo "${SHORT_TAGS[0]},${SHORT_TAGS[1]},${SHORT_TAGS[2]}" echo "${SHORT_TAGS[0]},${SHORT_TAGS[1]},${SHORT_TAGS[2]}"
TAGS_JSON="[\"${SHORT_TAGS[0]}\",\"${SHORT_TAGS[1]}\",\"${SHORT_TAGS[2]}\"]" TAGS_JSON="[\"${SHORT_TAGS[0]}\",\"${SHORT_TAGS[1]}\",\"${SHORT_TAGS[2]}\"]"
echo "${TAGS_JSON}" echo "${TAGS_JSON}"
echo "::set-output name=TAGS::${TAGS_JSON}" echo "TAGS=${TAGS_JSON}" >> $GITHUB_OUTPUT
scan: scan:
runs-on: ubuntu-latest runs-on: ubuntu-latest

2
TAG
View file

@ -1 +1 @@
v1.6.1 v1.6.2

8
pkg/util/ingress/ingress.go
View file

@ -282,9 +282,11 @@ func checkPath(paths []networkingv1.HTTPIngressPath, enablePathTypeValidation bo
switch pathType := *path.PathType; pathType { switch pathType := *path.PathType; pathType {
case networkingv1.PathTypeImplementationSpecific: case networkingv1.PathTypeImplementationSpecific:
//only match on regex chars per Ingress spec when path is implementation specific if enablePathTypeValidation {
if !regexSpecificChars.MatchString(path.Path) { //only match on regex chars per Ingress spec when path is implementation specific
return fmt.Errorf("path %s of type %s contains invalid characters", path.Path, *path.PathType) if !regexSpecificChars.MatchString(path.Path) {
return fmt.Errorf("path %s of type %s contains invalid characters", path.Path, *path.PathType)
}
} }
case networkingv1.PathTypeExact, networkingv1.PathTypePrefix: case networkingv1.PathTypeExact, networkingv1.PathTypePrefix:

4
pkg/util/ingress/ingress_test.go
View file

@ -272,7 +272,7 @@ func TestValidateIngressPath(t *testing.T) {
name: "should reject path when the allowed additional set does not match", name: "should reject path when the allowed additional set does not match",
wantErr: true, wantErr: true,
additionalChars: "().?", additionalChars: "().?",
EnablePathTypeValidation: false, EnablePathTypeValidation: true,
copyIng: generateDumbIngressforPathTest(&pathTypeImplSpecific, "/foo/bar/(.+)"), copyIng: generateDumbIngressforPathTest(&pathTypeImplSpecific, "/foo/bar/(.+)"),
}, },
{ {
@ -291,7 +291,7 @@ func TestValidateIngressPath(t *testing.T) {
{ {
name: "should block if at least one path is bad", name: "should block if at least one path is bad",
wantErr: true, wantErr: true,
EnablePathTypeValidation: false, EnablePathTypeValidation: true,
copyIng: generateComplexIngress(generateDumbIngressforPathTest(&pathTypeImplSpecific, "/foo/bar/(.?)")), copyIng: generateComplexIngress(generateDumbIngressforPathTest(&pathTypeImplSpecific, "/foo/bar/(.?)")),
}, },
} }