DevFW-CICD/ingress-nginx-helm
12
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Reuse workflow CI (#10826)

Browse source 
* Reuse workflow CI

* Simplify images Makefiles
This commit is contained in:
Ricardo Katz 2024-01-13 13:15:35 +00:00 committed by GitHub
parent 00db204d86
commit c9a3571556
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
39 changed files with 385 additions and 782 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

286
.github/workflows/ci.yaml vendored
View file

@ -8,6 +8,7 @@ on:
- 'docs/**'
- 'deploy/**'
- '**.md'
- 'images/**' # Images changes should be tested on their own workflow
push:
branches:
@ -16,6 +17,7 @@ on:
- 'docs/**'
- 'deploy/**'
- '**.md'
- 'images/**' # Images changes should be tested on their own workflow
workflow_dispatch:
inputs:
@ -86,7 +88,7 @@ jobs:
runs-on: ubuntu-latest
needs: changes
if: |
(needs.changes.outputs.go == 'true') || (needs.changes.outputs.charts == 'true') || ${{ inputs.run_e2e }}
(needs.changes.outputs.go == 'true') || (needs.changes.outputs.charts == 'true')
steps:
- name: Checkout
@ -147,7 +149,7 @@ jobs:
- changes
- build
if: |
(needs.changes.outputs.charts == 'true') || ${{ inputs.run_e2e }}
(needs.changes.outputs.charts == 'true')
strategy:
matrix:
@ -225,296 +227,44 @@ jobs:
kubernetes:
name: Kubernetes
runs-on: ubuntu-latest
needs:
- changes
- build
if: |
(needs.changes.outputs.go == 'true') || ${{ inputs.run_e2e }}
(needs.changes.outputs.go == 'true')
strategy:
matrix:
k8s: [v1.25.11, v1.26.6, v1.27.3, v1.28.0]
steps:
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: cache
uses: actions/download-artifact@f44cd7b40bfd40b6aa1cc1b9b5b7bf03d3c67110 # v4.1.0
with:
name: docker.tar.gz
- name: Create Kubernetes ${{ matrix.k8s }} cluster
id: kind
run: |
kind create cluster --image=kindest/node:${{ matrix.k8s }} --config test/e2e/kind.yaml
- name: Load images from cache
run: |
echo "loading docker images..."
gzip -dc docker.tar.gz | docker load
- name: Run e2e tests
env:
KIND_CLUSTER_NAME: kind
SKIP_CLUSTER_CREATION: true
SKIP_IMAGE_CREATION: true
run: |
kind get kubeconfig > $HOME/.kube/kind-config-kind
make kind-e2e-test
- name: Upload e2e junit-reports
uses: actions/upload-artifact@c7d193f32edcb7bfad88892161225aeda64e9392 # v4.0.0
if: success() || failure()
with:
name: e2e-test-reports-${{ matrix.k8s }}
path: 'test/junitreports/report*.xml'
uses: ./.github/workflows/zz-tmpl-k8s-e2e.yaml
with:
k8s-version: ${{ matrix.k8s }}
kubernetes-validations:
name: Kubernetes with Validations
runs-on: ubuntu-latest
needs:
- changes
- build
if: |
(needs.changes.outputs.go == 'true') || ${{ inputs.run_e2e }}
(needs.changes.outputs.go == 'true')
strategy:
matrix:
k8s: [v1.25.11, v1.26.6, v1.27.3, v1.28.0]
steps:
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: cache
uses: actions/download-artifact@f44cd7b40bfd40b6aa1cc1b9b5b7bf03d3c67110 # v4.1.0
with:
name: docker.tar.gz
- name: Create Kubernetes ${{ matrix.k8s }} cluster
id: kind
run: |
kind create cluster --image=kindest/node:${{ matrix.k8s }} --config test/e2e/kind.yaml
- name: Load images from cache
run: |
echo "loading docker images..."
gzip -dc docker.tar.gz | docker load
- name: Run e2e tests
env:
KIND_CLUSTER_NAME: kind
SKIP_CLUSTER_CREATION: true
SKIP_IMAGE_CREATION: true
ENABLE_VALIDATIONS: true
run: |
kind get kubeconfig > $HOME/.kube/kind-config-kind
make kind-e2e-test
- name: Upload e2e junit-reports
uses: actions/upload-artifact@c7d193f32edcb7bfad88892161225aeda64e9392 # v4.0.0
if: success() || failure()
with:
name: e2e-test-reports-validations-${{ matrix.k8s }}
path: 'test/junitreports/report*.xml'
uses: ./.github/workflows/zz-tmpl-k8s-e2e.yaml
with:
k8s-version: ${{ matrix.k8s }}
variation: "VALIDATIONS"
kubernetes-chroot:
name: Kubernetes chroot
runs-on: ubuntu-latest
needs:
- changes
- build
if: |
(needs.changes.outputs.go == 'true') || ${{ inputs.run_e2e }}
(needs.changes.outputs.go == 'true')
strategy:
matrix:
k8s: [v1.25.11, v1.26.6, v1.27.3, v1.28.0]
steps:
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: cache
uses: actions/download-artifact@f44cd7b40bfd40b6aa1cc1b9b5b7bf03d3c67110 # v4.1.0
with:
name: docker.tar.gz
- name: Create Kubernetes ${{ matrix.k8s }} cluster
id: kind
run: |
kind create cluster --image=kindest/node:${{ matrix.k8s }} --config test/e2e/kind.yaml
- name: Load images from cache
run: |
echo "loading docker images..."
gzip -dc docker.tar.gz | docker load
- name: Run e2e tests
env:
KIND_CLUSTER_NAME: kind
SKIP_CLUSTER_CREATION: true
SKIP_IMAGE_CREATION: true
IS_CHROOT: true
run: |
kind get kubeconfig > $HOME/.kube/kind-config-kind
make kind-e2e-test
- name: Upload e2e junit-reports
uses: actions/upload-artifact@c7d193f32edcb7bfad88892161225aeda64e9392 # v4.0.0
if: success() || failure()
with:
name: e2e-test-reports-chroot-${{ matrix.k8s }}
path: 'test/junitreports/report*.xml'
test-nginx-image-build:
permissions:
contents: read # for dorny/paths-filter to fetch a list of changed files
pull-requests: read # for dorny/paths-filter to read pull requests
runs-on: ubuntu-latest
env:
PLATFORMS: linux/amd64,linux/arm64
steps:
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1
id: filter-images
with:
token: ${{ secrets.GITHUB_TOKEN }}
filters: |
nginx-base:
- 'images/nginx/**'
- name: nginx-base-image
if: ${{ steps.filter-images.outputs.nginx-base == 'true' }}
run: |
cd images/nginx/rootfs && docker build -t docker.io/nginx-test-workflow/nginx:${{ github.sha }} .
- name: Run Trivy on NGINX Image
if: ${{ steps.filter-images.outputs.nginx-base == 'true' }}
uses: aquasecurity/trivy-action@master
with:
image-ref: 'docker.io/nginx-test-workflow/nginx:${{ github.sha }}'
format: 'sarif'
ignore-unfixed: true
output: 'trivy-results.sarif'
- name: Upload Trivy scan results to GitHub Security tab
if: ${{ steps.filter-images.outputs.nginx-base == 'true' && always() }}
uses: github/codeql-action/upload-sarif@v3.22.12
with:
sarif_file: 'trivy-results.sarif'
test-image-build:
permissions:
contents: read # for dorny/paths-filter to fetch a list of changed files
pull-requests: read # for dorny/paths-filter to read pull requests
runs-on: ubuntu-latest
env:
PLATFORMS: linux/amd64,linux/arm64
steps:
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1
id: filter-images
with:
token: ${{ secrets.GITHUB_TOKEN }}
filters: |
custom-error-pages:
- 'images/custom-error-pages/**'
cfssl:
- 'images/cfssl/**'
fastcgi-helloserver:
- 'images/fastcgi-helloserver/**'
echo:
- 'images/echo/**'
go-grpc-greeter-server:
- 'images/go-grpc-greeter-server/**'
httpbun:
- 'images/httpbun/**'
kube-webhook-certgen:
- 'images/kube-webhook-certgen/**'
ext-auth-example-authsvc:
- 'images/ext-auth-example-authsvc/**'
- name: custom-error-pages image build
if: ${{ steps.filter-images.outputs.custom-error-pages == 'true' }}
run: |
cd images/custom-error-pages && make build
- name: cfssl image build
if: ${{ steps.filter-images.outputs.cfssl == 'true' }}
run: |
cd images/cfssl && make build
- name: fastcgi-helloserver
if: ${{ steps.filter-images.outputs.fastcgi-helloserver == 'true' }}
run: |
cd images/fastcgi-helloserver && make build
- name: echo image build
if: ${{ steps.filter-images.outputs.echo == 'true' }}
run: |
cd images/echo && make build
- name: go-grpc-greeter-server image build
if: ${{ steps.filter-images.outputs.go-grpc-greeter-server == 'true' }}
run: |
cd images/go-grpc-greeter-server && make build
- name: httpbun image build
if: ${{ steps.filter-images.outputs.httpbin == 'true' }}
run: |
cd images/httpbun && make build
- name: kube-webhook-certgen image build
if: ${{ steps.filter-images.outputs.kube-webhook-certgen == 'true' }}
run: |
cd images/kube-webhook-certgen && make build
- name: ext-auth-example-authsvc
if: ${{ steps.filter-images.outputs.ext-auth-example-authsvc == 'true' }}
run: |
cd images/ext-auth-example-authsvc && make build
test-image:
permissions:
contents: read # for dorny/paths-filter to fetch a list of changed files
pull-requests: read # for dorny/paths-filter to read pull requests
runs-on: ubuntu-latest
env:
PLATFORMS: linux/amd64
strategy:
matrix:
k8s: [v1.25.11, v1.26.6, v1.27.3, v1.28.0]
steps:
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1
id: filter-images
with:
token: ${{ secrets.GITHUB_TOKEN }}
filters: |
kube-webhook-certgen:
- 'images/kube-webhook-certgen/**'
- name: Create Kubernetes cluster
id: kind
if: ${{ steps.filter-images.outputs.kube-webhook-certgen == 'true' }}
run: |
kind create cluster --image=kindest/node:${{ matrix.k8s }}
- name: Set up Go
id: go
if: ${{ steps.filter-images.outputs.kube-webhook-certgen == 'true' }}
uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
with:
go-version: '1.21.5'
check-latest: true
- name: kube-webhook-certgen image build
if: ${{ steps.filter-images.outputs.kube-webhook-certgen == 'true' }}
run: |
cd images/kube-webhook-certgen && make test test-e2e
uses: ./.github/workflows/zz-tmpl-k8s-e2e.yaml
with:
k8s-version: ${{ matrix.k8s }}
variation: "CHROOT"

9
.github/workflows/golangci-lint.yml vendored
View file

@ -2,13 +2,10 @@ name: golangci-lint
on:
pull_request:
push:
branches:
- main
paths-ignore:
- 'docs/**'
- 'deploy/**'
- '**.md'
- "*"
paths:
- '**/*.go'
permissions:
contents: read

173
.github/workflows/images.yaml vendored Normal file
View file

@ -0,0 +1,173 @@
name: Container Images
on:
pull_request:
branches:
- "*"
paths:
- 'images/**'
push:
branches:
- main
paths:
- 'images/**'
permissions:
contents: write
packages: write
env:
PLATFORMS: linux/amd64
jobs:
changes:
permissions:
contents: read # for dorny/paths-filter to fetch a list of changed files
pull-requests: read # for dorny/paths-filter to read pull requests
runs-on: ubuntu-latest
outputs:
custom-error-pages: ${{ steps.filter.outputs.custom-error-pages }}
cfssl: ${{ steps.filter.outputs.cfssl }}
fastcgi-helloserver: ${{ steps.filter.outputs.fastcgi-helloserver }}
e2e-test-echo: ${{ steps.filter.outputs.e2e-test-echo }}
go-grpc-greeter-server: ${{ steps.filter.outputs.go-grpc-greeter-server }}
httpbun: ${{ steps.filter.outputs.httpbun }}
kube-webhook-certgen: ${{ steps.filter.outputs.kube-webhook-certgen }}
ext-auth-example-authsvc: ${{ steps.filter.outputs.ext-auth-example-authsvc }}
nginx: ${{ steps.filter.outputs.nginx }}
steps:
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1
id: filter
with:
token: ${{ secrets.GITHUB_TOKEN }}
filters: |
custom-error-pages:
- 'images/custom-error-pages/**'
cfssl:
- 'images/cfssl/**'
fastcgi-helloserver:
- 'images/fastcgi-helloserver/**'
e2e-test-echo:
- 'images/e2e-test-echo/**'
go-grpc-greeter-server:
- 'images/go-grpc-greeter-server/**'
httpbun:
- 'images/httpbun/**'
kube-webhook-certgen:
- 'images/kube-webhook-certgen/**'
ext-auth-example-authsvc:
- 'images/ext-auth-example-authsvc/**'
nginx:
- 'images/nginx/**'
#### TODO: Make the below jobs 'less dumb' and use the job name as parameter (the github.job context does not work here)
cfssl:
needs: changes
if: |
(needs.changes.outputs.cfssl == 'true')
uses: ./.github/workflows/zz-tmpl-images.yaml
with:
name: cfssl
custom-error-pages:
needs: changes
if: |
(needs.changes.outputs.custom-error-pages == 'true')
uses: ./.github/workflows/zz-tmpl-images.yaml
with:
name: custom-error-pages
e2e-test-echo:
needs: changes
if: |
(needs.changes.outputs.e2e-test-echo == 'true')
uses: ./.github/workflows/zz-tmpl-images.yaml
with:
name: e2e-test-echo
ext-auth-example-authsvc:
needs: changes
if: |
(needs.changes.outputs.ext-auth-example-authsvc == 'true')
uses: ./.github/workflows/zz-tmpl-images.yaml
with:
name: ext-auth-example-authsvc
fastcgi-helloserver:
needs: changes
if: |
(needs.changes.outputs.fastcgi-helloserver == 'true')
uses: ./.github/workflows/zz-tmpl-images.yaml
with:
name: fastcgi-helloserver
go-grpc-greeter-server:
needs: changes
if: |
(needs.changes.outputs.go-grpc-greeter-server == 'true')
uses: ./.github/workflows/zz-tmpl-images.yaml
with:
name: go-grpc-greeter-server
httpbun:
needs: changes
if: |
(needs.changes.outputs.httpbun == 'true')
uses: ./.github/workflows/zz-tmpl-images.yaml
with:
name: httpbun
kube-webhook-certgen:
runs-on: ubuntu-latest
needs: changes
if: |
(needs.changes.outputs.kube-webhook-certgen == 'true')
strategy:
matrix:
k8s: [v1.25.11, v1.26.6, v1.27.3, v1.28.0]
steps:
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Set up Go
id: go
uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
with:
go-version: '1.21.5'
check-latest: true
- name: image build
run: |
cd images/ && make NAME=kube-webhook-certgen build
- name: Create Kubernetes cluster
id: kind
run: |
kind create cluster --image=kindest/node:${{ matrix.k8s }}
- name: image test
run: |
cd images/ && make NAME=kube-webhook-certgen test test-e2e
nginx:
runs-on: ubuntu-latest
needs: changes
if: |
(needs.changes.outputs.nginx == 'true')
steps:
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: nginx-base-image
run: |
cd images/nginx/rootfs && docker build -t docker.io/nginx-test-workflow/nginx:${{ github.sha }} .
- name: Run Trivy on NGINX Image
uses: aquasecurity/trivy-action@master
with:
image-ref: 'docker.io/nginx-test-workflow/nginx:${{ github.sha }}'
format: 'sarif'
ignore-unfixed: true
output: 'trivy-results.sarif'
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v3.22.12
with:
sarif_file: 'trivy-results.sarif'

1
.github/workflows/junit-reports.yaml vendored
View file

@ -15,3 +15,4 @@ jobs:
name: JEST Tests $1 # Name of the check run which will be created
path: 'report*.xml' # Path to test results (inside artifact .zip)
reporter: jest-junit # Format of test results
fail-on-empty: 'true'

82
.github/workflows/zz-tmpl-images.yaml vendored Normal file
View file

@ -0,0 +1,82 @@
#### THIS IS A TEMPLATE ####
# This workflow is created to be a template for every time an e2e teest is required,
on:
workflow_call:
inputs:
name:
required: true
type: string
platforms-test:
type: string
default: linux/amd64
platforms-publish:
type: string
default: linux/amd64
env:
PLATFORMS: ${{ inputs.platforms-test }}
permissions:
contents: write
packages: write
jobs:
changestag:
permissions:
contents: read # for dorny/paths-filter to fetch a list of changed files
runs-on: ubuntu-latest
outputs:
tag: ${{ steps.filter.outputs.tag }}
steps:
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1
id: filter
with:
token: ${{ secrets.GITHUB_TOKEN }}
filters: |
tag:
- 'images/**/TAG'
image-build:
name: Build
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Build
run: |
cd images/ && make NAME=${{ inputs.name }} build
image-push:
name: Push
needs: changestag
if: |
(github.event_name == 'push' && github.ref == 'refs/heads/main' && github.repository == 'kubernetes/ingress-nginx' && needs.changestag.outputs.tag == 'true')
runs-on: ubuntu-latest
permissions:
contents: write
packages: write
env:
PLATFORMS: ${{ inputs.platforms-publish }}
steps:
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Login to GitHub Container Registry
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Push
run: |
cd images/ && make REGISTRY=ghcr.io/kubernetes/ingress-nginx NAME=${{ inputs.name }} push

57
.github/workflows/zz-tmpl-k8s-e2e.yaml vendored Normal file
View file

@ -0,0 +1,57 @@
#### THIS IS A TEMPLATE ####
# This workflow is created to be a template for every time an e2e teest is required,
on:
workflow_call:
inputs:
k8s-version:
required: true
type: string
variation:
type: string
permissions:
contents: read
jobs:
kubernetes:
name: Kubernetes ${{ inputs.variation }}
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: cache
uses: actions/download-artifact@f44cd7b40bfd40b6aa1cc1b9b5b7bf03d3c67110 # v4.1.0
with:
name: docker.tar.gz
- name: Create Kubernetes ${{ inputs.k8s-version }} cluster
id: kind
run: |
kind create cluster --image=kindest/node:${{ inputs.k8s-version }} --config test/e2e/kind.yaml
- name: Load images from cache
run: |
echo "loading docker images..."
gzip -dc docker.tar.gz | docker load
- name: Run e2e tests ${{ inputs.variation }}
env:
KIND_CLUSTER_NAME: kind
SKIP_CLUSTER_CREATION: true
SKIP_IMAGE_CREATION: true
ENABLE_VALIDATIONS: ${{ inputs.variation == 'VALIDATIONS' }}
IS_CHROOT: ${{ inputs.variation == 'CHROOT' }}
run: |
kind get kubeconfig > $HOME/.kube/kind-config-kind
make kind-e2e-test
- name: Upload e2e junit-reports ${{ inputs.variation }}
uses: actions/upload-artifact@c7d193f32edcb7bfad88892161225aeda64e9392 # v4.0.0
if: success() || failure()
with:
name: e2e-test-reports-${{ inputs.k8s-version }}${{ inputs.variation }}
path: 'test/junitreports/report*.xml'

2
go.work.sum
View file

@ -180,4 +180,4 @@ golang.org/x/sys v0.14.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
golang.org/x/tools v0.12.0/go.mod h1:Sc0INKfu04TlqNoRA1hgpFZbhYXHPr4V5DzpSBTPqQM=
golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58=
google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=

46
images/kube-webhook-certgen/Makefile → images/Makefile
View file

@ -1,4 +1,4 @@
# Copyright 2021 The Kubernetes Authors. All rights reserved.
# Copyright 2024 The Kubernetes Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@ -14,17 +14,23 @@
.DEFAULT_GOAL:=build
# set default shell
SHELL=/bin/bash -o pipefail -o errexit
DIR:=$(strip $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))))
INIT_BUILDX=$(DIR)/../../hack/init-buildx.sh
INIT_BUILDX=$(DIR)/../hack/init-buildx.sh
SHORT_SHA ?=$(shell git rev-parse --short HEAD)
TAG ?=v$(shell date +%Y%m%d)-$(SHORT_SHA)
BASE_IMAGE = $(shell cat $(DIR)/../NGINX_BASE)
REGISTRY ?= local
NAME ?=
IMAGE = $(REGISTRY)/$(NAME)
TAG ?= $(shell cat $(NAME)/TAG)
EXTRAARGS ?= $(shell cat $(NAME)/EXTRAARGS)
IMAGE = $(REGISTRY)/kube-webhook-certgen
# required to enable buildx
export DOCKER_CLI_EXPERIMENTAL=enabled
@ -34,17 +40,33 @@ PLATFORMS?=linux/amd64,linux/arm,linux/arm64,linux/s390x
OUTPUT=
PROGRESS=plain
build: ensure-buildx
precheck:
ifndef NAME
$(error NAME variable is required)
endif
build: precheck ensure-buildx
docker buildx build \
--label=org.opencontainers.image.source=https://github.com/kubernetes/ingress-nginx \
--label=org.opencontainers.image.licenses=Apache-2.0 \
--label=org.opencontainers.image.description="Ingress NGINX $(NAME) image" \
--build-arg BASE_IMAGE=$(BASE_IMAGE) \
--platform=${PLATFORMS} $(OUTPUT) \
--progress=$(PROGRESS) \
--pull \
-t $(IMAGE):$(TAG) rootfs
--pull $(EXTRAARGS) \
-t $(IMAGE):$(TAG) $(NAME)/rootfs
# push the cross built image
push: OUTPUT=--push
push: build
test: precheck
cd $(NAME)/rootfs && go test ./...
test-e2e: precheck
cd $(NAME) && ./hack/e2e.sh
# enable buildx
ensure-buildx:
# this is required for cloudbuild
@ -55,10 +77,4 @@ else
endif
@echo "done"
test:
cd rootfs && go test ./...
test-e2e:
./hack/e2e.sh
.PHONY: build push ensure-buildx test test-e2e
.PHONY: build push ensure-buildx test test-e2e precheck

57
images/cfssl/Makefile
View file

@ -1,57 +0,0 @@
# Copyright 2020 The Kubernetes Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# set default shell
SHELL=/bin/bash -o pipefail -o errexit
DIR:=$(strip $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))))
INIT_BUILDX=$(DIR)/../../hack/init-buildx.sh
SHORT_SHA ?=$(shell git rev-parse --short HEAD)
TAG ?=v$(shell date +%Y%m%d)-$(SHORT_SHA)
REGISTRY ?= local
IMAGE = $(REGISTRY)/e2e-test-cfssl
# required to enable buildx
export DOCKER_CLI_EXPERIMENTAL=enabled
# build with buildx
PLATFORMS?=linux/amd64,linux/arm,linux/arm64,linux/s390x
OUTPUT=
PROGRESS=plain
build: ensure-buildx
docker buildx build \
--platform=${PLATFORMS} $(OUTPUT) \
--progress=$(PROGRESS) \
--pull \
-t $(IMAGE):$(TAG) rootfs
# push the cross built image
push: OUTPUT=--push
push: build
# enable buildx
ensure-buildx:
# this is required for cloudbuild
ifeq ("$(wildcard $(INIT_BUILDX))","")
@curl -sSL https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/hack/init-buildx.sh | bash
else
@exec $(INIT_BUILDX)
endif
@echo "done"
.PHONY: build push ensure-buildx

1
images/cfssl/TAG Normal file
View file

@ -0,0 +1 @@
v0.0.1

2
images/cfssl/cloudbuild.yaml
View file

@ -14,4 +14,4 @@ steps:
- -c
- |
gcloud auth configure-docker \
&& cd images/cfssl && make push
&& cd images && make NAME=cfssl push

1
images/cfssl/rootfs/Dockerfile
View file

@ -14,7 +14,6 @@
FROM alpine:3.19.0
RUN echo "@testing http://nl.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories
RUN apk update \
&& apk upgrade && \

59
images/custom-error-pages/Makefile
View file

@ -1,59 +0,0 @@
# Copyright 2021 The Kubernetes Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Container image for nginx-errors.
# set default shell
SHELL=/bin/bash -o pipefail -o errexit
DIR:=$(strip $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))))
INIT_BUILDX=$(DIR)/../../hack/init-buildx.sh
SHORT_SHA ?=$(shell git rev-parse --short HEAD)
TAG ?=v$(shell date +%Y%m%d)-$(SHORT_SHA)
REGISTRY ?= local
IMAGE = $(REGISTRY)/nginx-errors
# required to enable buildx
export DOCKER_CLI_EXPERIMENTAL=enabled
# build with buildx
PLATFORMS?=linux/amd64,linux/arm,linux/arm64,linux/s390x
OUTPUT=
PROGRESS=plain
build: ensure-buildx
docker buildx build \
--platform=${PLATFORMS} $(OUTPUT) \
--progress=$(PROGRESS) \
--pull \
-t $(IMAGE):$(TAG) rootfs
# push the cross built image
push: OUTPUT=--push
push: build
# enable buildx
ensure-buildx:
# this is required for cloudbuild
ifeq ("$(wildcard $(INIT_BUILDX))","")
@curl -sSL https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/hack/init-buildx.sh | bash
else
@exec $(INIT_BUILDX)
endif
@echo "done"
.PHONY: build push ensure-buildx

1
images/custom-error-pages/TAG Normal file
View file

@ -0,0 +1 @@
v0.0.1

2
images/custom-error-pages/cloudbuild.yaml
View file

@ -14,4 +14,4 @@ steps:
- -c
- |
gcloud auth configure-docker \
&& cd images/custom-error-pages && make push
&& cd images/ && make NAME=custom-error-pages push

1
images/e2e-test-echo/EXTRAARGS Normal file
View file

@ -0,0 +1 @@
--build-arg LUAROCKS_VERSION=3.8.0 --build-arg LUAROCKS_SHA=ab6612ca9ab87c6984871d2712d05525775e8b50172701a0a1cabddf76de2be7

1
images/e2e-test-echo/TAG Normal file
View file

@ -0,0 +1 @@
v0.0.1

0
images/echo/rootfs/Dockerfile → images/e2e-test-echo/rootfs/Dockerfile
View file

0
images/echo/rootfs/nginx.conf → images/e2e-test-echo/rootfs/nginx.conf
View file

61
images/echo/Makefile
View file

@ -1,61 +0,0 @@
# Copyright 2020 The Kubernetes Authors. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# set default shell
SHELL=/bin/bash -o pipefail -o errexit
DIR:=$(strip $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))))
INIT_BUILDX=$(DIR)/../../hack/init-buildx.sh
SHORT_SHA ?=$(shell git rev-parse --short HEAD)
TAG ?=v$(shell date +%Y%m%d)-$(SHORT_SHA)
REGISTRY ?= local
IMAGE = $(REGISTRY)/e2e-test-echo
# required to enable buildx
export DOCKER_CLI_EXPERIMENTAL=enabled
BASE_IMAGE = $(shell cat $(DIR)/../../NGINX_BASE)
# build with buildx
PLATFORMS?=linux/amd64
OUTPUT=
PROGRESS=plain
build: ensure-buildx
docker buildx build \
--platform=${PLATFORMS} $(OUTPUT) \
--progress=$(PROGRESS) \
--pull \
--build-arg BASE_IMAGE=${BASE_IMAGE} \
--build-arg LUAROCKS_VERSION=3.8.0 \
--build-arg LUAROCKS_SHA=ab6612ca9ab87c6984871d2712d05525775e8b50172701a0a1cabddf76de2be7 \
-t $(IMAGE):$(TAG) rootfs
# push the cross built image
push: OUTPUT=--push
push: build
# enable buildx
ensure-buildx:
# this is required for cloudbuild
ifeq ("$(wildcard $(INIT_BUILDX))","")
@curl -sSL https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/hack/init-buildx.sh | bash
else
@exec $(INIT_BUILDX)
endif
@echo "done"
.PHONY: build push ensure-buildx

17
images/echo/cloudbuild.yaml
View file

@ -1,17 +0,0 @@
timeout: 1200s
options:
substitution_option: ALLOW_LOOSE
steps:
- name: gcr.io/k8s-staging-test-infra/gcb-docker-gcloud:v20211118-2f2d816b90
entrypoint: bash
env:
- DOCKER_CLI_EXPERIMENTAL=enabled
- REGISTRY=gcr.io/k8s-staging-ingress-nginx
# default cloudbuild has HOME=/builder/home and docker buildx is in /root/.docker/cli-plugins/docker-buildx
# set the home to /root explicitly to if using docker buildx
- HOME=/root
args:
- -c
- |
gcloud auth configure-docker \
&& cd images/echo && make push

57
images/ext-auth-example-authsvc/Makefile
View file

@ -1,57 +0,0 @@
# Copyright 2022 The Kubernetes Authors. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# set default shell
SHELL=/bin/bash -o pipefail -o errexit
DIR:=$(strip $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))))
INIT_BUILDX=$(DIR)/../../hack/init-buildx.sh
SHORT_SHA ?=$(shell git rev-parse --short HEAD)
TAG ?=v$(shell date +%Y%m%d)-$(SHORT_SHA)
REGISTRY ?= local
IMAGE = $(REGISTRY)/ext-auth-example-authsvc
# required to enable buildx
export DOCKER_CLI_EXPERIMENTAL=enabled
# build with buildx
PLATFORMS?=linux/amd64,linux/arm,linux/arm64,linux/s390x
OUTPUT=
PROGRESS=plain
build: ensure-buildx
docker buildx build \
--platform=${PLATFORMS} $(OUTPUT) \
--progress=$(PROGRESS) \
--pull \
-t $(IMAGE):$(TAG) rootfs
# push the cross built image
push: OUTPUT=--push
push: build
# enable buildx
ensure-buildx:
# this is required for cloudbuild
ifeq ("$(wildcard $(INIT_BUILDX))","")
@curl -sSL https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/hack/init-buildx.sh | bash
else
@exec $(INIT_BUILDX)
endif
@echo "done"
.PHONY: build push ensure-buildx

1
images/ext-auth-example-authsvc/TAG Normal file
View file

@ -0,0 +1 @@
v0.0.1

2
images/ext-auth-example-authsvc/cloudbuild.yaml
View file

@ -16,4 +16,4 @@ steps:
- -c
- |
gcloud auth configure-docker \
&& cd images/ext-auth-example-authsvc && make push
&& cd images/ && make NAME=ext-auth-example-authsvc push

59
images/fastcgi-helloserver/Makefile
View file

@ -1,59 +0,0 @@
# Copyright 2020 The Kubernetes Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Docker image for e2e testing.
# set default shell
SHELL=/bin/bash -o pipefail -o errexit
DIR:=$(strip $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))))
INIT_BUILDX=$(DIR)/../../hack/init-buildx.sh
SHORT_SHA ?=$(shell git rev-parse --short HEAD)
TAG ?=v$(shell date +%Y%m%d)-$(SHORT_SHA)
REGISTRY ?= local
IMAGE = $(REGISTRY)/e2e-test-fastcgi-helloserver
# required to enable buildx
export DOCKER_CLI_EXPERIMENTAL=enabled
# build with buildx
PLATFORMS?=linux/amd64,linux/arm,linux/arm64
OUTPUT=
PROGRESS=plain
build: ensure-buildx
docker buildx build \
--platform=${PLATFORMS} $(OUTPUT) \
--progress=$(PROGRESS) \
--pull \
-t $(IMAGE):$(TAG) rootfs
# push the cross built image
push: OUTPUT=--push
push: build
# enable buildx
ensure-buildx:
# this is required for cloudbuild
ifeq ("$(wildcard $(INIT_BUILDX))","")
@curl -sSL https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/hack/init-buildx.sh | bash
else
@exec $(INIT_BUILDX)
endif
@echo "done"
.PHONY: build push ensure-buildx

1
images/fastcgi-helloserver/TAG Normal file
View file

@ -0,0 +1 @@
v0.0.1

2
images/fastcgi-helloserver/cloudbuild.yaml
View file

@ -14,5 +14,5 @@ steps:
- -c
- |
gcloud auth configure-docker \
&& cd images/fastcgi-helloserver && make push
&& cd images/ && make NAME=fastcgi-helloserver push

57
images/go-grpc-greeter-server/Makefile
View file

@ -1,57 +0,0 @@
# Copyright 2021 The Kubernetes Authors. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# set default shell
SHELL=/bin/bash -o pipefail -o errexit
DIR:=$(strip $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))))
INIT_BUILDX=$(DIR)/../../hack/init-buildx.sh
SHORT_SHA ?=$(shell git rev-parse --short HEAD)
TAG ?=v$(shell date +%Y%m%d)-$(SHORT_SHA)
REGISTRY ?= local
IMAGE = $(REGISTRY)/go-grpc-greeter-server
# required to enable buildx
export DOCKER_CLI_EXPERIMENTAL=enabled
# build with buildx
PLATFORMS?=linux/amd64,linux/arm,linux/arm64,linux/s390x
OUTPUT=
PROGRESS=plain
build: ensure-buildx
docker buildx build \
--platform=${PLATFORMS} $(OUTPUT) \
--progress=$(PROGRESS) \
--pull \
-t $(IMAGE):$(TAG) rootfs
# push the cross built image
push: OUTPUT=--push
push: build
# enable buildx
ensure-buildx:
# this is required for cloudbuild
ifeq ("$(wildcard $(INIT_BUILDX))","")
@curl -sSL https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/hack/init-buildx.sh | bash
else
@exec $(INIT_BUILDX)
endif
@echo "done"
.PHONY: build push ensure-buildx

1
images/go-grpc-greeter-server/TAG Normal file
View file

@ -0,0 +1 @@
v0.0.1

2
images/go-grpc-greeter-server/cloudbuild.yaml
View file

@ -16,4 +16,4 @@ steps:
- -c
- |
gcloud auth configure-docker \
&& cd images/go-grpc-greeter-server && make push
&& cd images/ && make NAME=go-grpc-greeter-server push

57
images/httpbun/Makefile
View file

@ -1,57 +0,0 @@
# Copyright 2020 The Kubernetes Authors. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# set default shell
SHELL=/bin/bash -o pipefail -o errexit
DIR:=$(strip $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))))
INIT_BUILDX=$(DIR)/../../hack/init-buildx.sh
SHORT_SHA ?=$(shell git rev-parse --short HEAD)
TAG ?=v$(shell date +%Y%m%d)-$(SHORT_SHA)
REGISTRY ?= local
IMAGE = $(REGISTRY)/e2e-test-httpbun
# required to enable buildx
export DOCKER_CLI_EXPERIMENTAL=enabled
# build with buildx
PLATFORMS?=linux/amd64,linux/arm,linux/arm64,linux/s390x
OUTPUT=
PROGRESS=plain
build: ensure-buildx
docker buildx build \
--platform=${PLATFORMS} $(OUTPUT) \
--progress=$(PROGRESS) \
--pull \
-t $(IMAGE):$(TAG) rootfs
# push the cross built image
push: OUTPUT=--push
push: build
# enable buildx
ensure-buildx:
# this is required for cloudbuild
ifeq ("$(wildcard $(INIT_BUILDX))","")
@curl -sSL https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/hack/init-buildx.sh | bash
else
@exec $(INIT_BUILDX)
endif
@echo "done"
.PHONY: build push ensure-buildx

1
images/httpbun/TAG Normal file
View file

@ -0,0 +1 @@
v0.0.1

2
images/httpbun/cloudbuild.yaml
View file

@ -16,4 +16,4 @@ steps:
- -c
- |
gcloud auth configure-docker \
&& cd images/httpbun && make push
&& cd images/ && make NAME=httpbun push

1
images/kube-webhook-certgen/TAG Normal file
View file

@ -0,0 +1 @@
v0.0.1

2
images/kube-webhook-certgen/cloudbuild.yaml
View file

@ -29,4 +29,4 @@ steps:
- -c
- |
gcloud auth configure-docker \
&& cd images/kube-webhook-certgen && make push
&& cd images/ && make NAME=kube-webhook-certgen push

59
images/opentelemetry/Makefile
View file

@ -1,59 +0,0 @@
# Copyright 2021 The Kubernetes Authors. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
.DEFAULT_GOAL:=build
# set default shell
SHELL=/bin/bash -o pipefail -o errexit
DIR:=$(strip $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))))
INIT_BUILDX=$(DIR)/../../hack/init-buildx.sh
# 0.0.0 shouldn't clobber any released builds
SHORT_SHA ?=$(shell git rev-parse --short HEAD)
TAG ?=v$(shell date +%Y%m%d)-$(SHORT_SHA)
REGISTRY ?= gcr.io/k8s-staging-ingress-nginx
IMAGE = $(REGISTRY)/opentelemetry
# required to enable buildx
export DOCKER_CLI_EXPERIMENTAL=enabled
# build with buildx
PLATFORMS?=linux/amd64,linux/arm,linux/arm64,linux/s390x
OUTPUT=
PROGRESS=plain
build: ensure-buildx
docker buildx build \
--platform=${PLATFORMS} $(OUTPUT) \
--progress=$(PROGRESS) \
--pull \
--tag $(IMAGE):$(TAG) rootfs
# push the cross built image
push: OUTPUT=--push
push: build
# enable buildx
ensure-buildx:
# this is required for cloudbuild
ifeq ("$(wildcard $(INIT_BUILDX))","")
@curl -sSL https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/hack/init-buildx.sh | bash
else
@exec $(INIT_BUILDX)
endif
@echo "done"
.PHONY: build push ensure-buildx

1
images/opentelemetry/TAG Normal file
View file

@ -0,0 +1 @@
v0.0.1

2
images/opentelemetry/cloudbuild.yaml
View file

@ -16,4 +16,4 @@ steps:
- -c
- |
gcloud auth configure-docker \
&& cd images/opentelemetry && make push
&& cd images/ && make NAME=opentelemetry push

1
images/test-runner/TAG Normal file
View file

@ -0,0 +1 @@
v0.0.1