Merge branch 'main' into evolve_oidc_logout

Author: llomgui

.github/actionlint.yaml

@@ -0,0 +1,8 @@
+self-hosted-runner:
+  # Labels of self-hosted runner in array of strings.
+  labels:
+    - kic-plus
+# Configuration variables in array of strings defined in your repository or
+# organization. `null` means disabling configuration variables check.
+# Empty array means no configuration variable is allowed.
+config-variables: null

.github/actions/certify-openshift-image/action.yml

@@ -0,0 +1,57 @@
+name: Certify Openshift Image
+description: This action will attempt to certify an image for use in Openshift
+
+inputs:
+  image:
+    description: The image manifest to certify in the format <registry>/<repository>:<tag>
+    required: true
+  project_id:
+    description: The certification project id
+    required: true
+  pyxis_token:
+    description: The Pyxis API Token
+    required: true
+  preflight_version:
+    description: The version of the preflight utility to install
+    required: false
+    default: 1.9.1
+  platforms:
+    description: A comma separated list of architectures in the image manifest to certify
+    required: false
+    default: ""
+
+outputs:
+  result:
+    description: Did the certification succeed?
+    value: ${{ steps.result.outputs.result == 0 && true || false }}
+
+runs:
+  using: composite
+  steps:
+    - name: Install openshift-preflight
+      run: |
+        curl -fsSL https://github.com/redhat-openshift-ecosystem/openshift-preflight/releases/download/${{ inputs.preflight_version }}/preflight-linux-amd64 --output preflight
+        chmod +x preflight
+      shell: bash
+
+    - name: Certify Images
+      id: result
+      run: |
+        result=0
+        if [ -z "${{ inputs.platforms }}" ]; then
+          # list of platforms passed
+          IFS=',' read -ra arch_list <<< "${{ inputs.platforms }}"
+          for arch in "${arch_list[@]}"; do
+              architecture=("${arch#*/}")
+              ./preflight check container ${{ inputs.image }} --pyxis-api-token ${{ inputs.pyxis_token }} --certification-project-id ${{ inputs.project_id }} --platform $architecture --submit
+              if [ $? -ne 0 ]; then
+                result=1
+              fi
+          done
+        else
+          # no platforms passed, this is either a manifest or a single platform image
+          ./preflight check container ${{ inputs.image }} --pyxis-api-token ${{ inputs.pyxis_token }} --certification-project-id ${{ inputs.project_id }} --submit
+          result=$?
+        fi
+        echo "result=$result" >> $GITHUB_OUTPUT
+      shell: bash

.github/actions/install-skopeo/action.yml

@@ -0,0 +1,33 @@
+name: Install Skopeo
+description: Install Skopeo from source on ubuntu runner
+
+inputs:
+  version:
+    description: The Skopeo version to install
+    default: v1.14.2
+    required: false
+  repo:
+    description: The Skopeo repository
+    default: github.com/containers/skopeo
+    required: false
+
+outputs:
+  result:
+    description: Did the installation succeed?
+    value: ${{ steps.result.outputs.result == 0 && true || false }}
+
+runs:
+  using: composite
+  steps:
+    - name: Install Skopeo
+      id: result
+      run: |
+          sudo apt-get -y update
+          sudo apt install libgpgme-dev libassuan-dev libbtrfs-dev libdevmapper-dev pkg-config go-md2man
+          sudo mkdir -p $GOPATH/src/${{ inputs.repo }}
+          sudo git clone --depth 1 -b ${{ inputs.version }} https://${{ inputs.repo }} $GOPATH/src/${{ inputs.repo }}
+          pushd $GOPATH/src/${{ inputs.repo }} && sudo make install
+          popd
+          skopeo --version
+          echo "result=$?" >> $GITHUB_OUTPUT
+      shell: bash

.github/config/config-gcr-retag

@@ -0,0 +1,6 @@
+export TARGET_REGISTRY=gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev
+declare -a PLUS_TAG_POSTFIX_LIST=("" "-ubi" "-alpine" "-alpine-fips" "-mktpl" "-alpine-mktpl" "-alpine-mktpl-fips")
+declare -a NAP_WAF_TAG_POSTFIX_LIST=("" "-ubi" "-mktpl" "-ubi-mktpl" "-alpine-fips")
+declare -a NAP_DOS_TAG_POSTFIX_LIST=("" "-ubi" "-mktpl" "-ubi-mktpl")
+declare -a NAP_WAF_DOS_TAG_POSTFIX_LIST=("" "-ubi" "-mktpl" "-ubi-mktpl")
+declare -a ADDITIONAL_TAGS=()

.github/config/config-oss-dockerhub

@@ -0,0 +1,7 @@
+export TARGET_REGISTRY=docker.io
+export TARGET_OSS_IMAGE_PREFIX="nginx/nginx-ingress"
+declare -a ADDITIONAL_TAGS=("latest" "${ADDITIONAL_TAG}")
+export PUBLISH_PLUS=false
+export PUBLISH_WAF=false
+export PUBLISH_DOS=false
+export PUBLISH_WAF_DOS=false

.github/config/config-oss-ecr

@@ -0,0 +1,7 @@
+export TARGET_REGISTRY=public.ecr.aws
+export TARGET_OSS_IMAGE_PREFIX="nginx/nginx-ingress"
+declare -a ADDITIONAL_TAGS=("latest" "${ADDITIONAL_TAG}")
+export PUBLISH_PLUS=false
+export PUBLISH_WAF=false
+export PUBLISH_DOS=false
+export PUBLISH_WAF_DOS=false

.github/config/config-oss-gcr-release

@@ -0,0 +1,6 @@
+export TARGET_REGISTRY=gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/release
+declare -a ADDITIONAL_TAGS=("latest" "${ADDITIONAL_TAG}")
+export PUBLISH_PLUS=false
+export PUBLISH_WAF=false
+export PUBLISH_DOS=false
+export PUBLISH_WAF_DOS=false

.github/config/config-oss-github

@@ -0,0 +1,7 @@
+export TARGET_REGISTRY=ghcr.io
+export TARGET_OSS_IMAGE_PREFIX="nginxinc/kubernetes-ingress"
+declare -a ADDITIONAL_TAGS=("latest" "${ADDITIONAL_TAG}")
+export PUBLISH_PLUS=false
+export PUBLISH_WAF=false
+export PUBLISH_DOS=false
+export PUBLISH_WAF_DOS=false

.github/config/config-oss-quay

@@ -0,0 +1,7 @@
+export TARGET_REGISTRY=quay.io
+export TARGET_OSS_IMAGE_PREFIX="nginx/nginx-ingress"
+declare -a ADDITIONAL_TAGS=("latest" "${ADDITIONAL_TAG}")
+export PUBLISH_PLUS=false
+export PUBLISH_WAF=false
+export PUBLISH_DOS=false
+export PUBLISH_WAF_DOS=false

.github/config/config-plus-azure

@@ -0,0 +1,11 @@
+export TARGET_REGISTRY=nginxmktpl.azurecr.io
+export TARGET_PLUS_IMAGE_PREFIX="marketplaceimages/nginx-plus-ingress"
+export TARGET_NAP_WAF_IMAGE_PREFIX="marketplaceimages/nginx-plus-ingress-nap"
+export TARGET_NAP_DOS_IMAGE_PREFIX="marketplaceimages/nginx-plus-ingress-dos"
+export TARGET_NAP_WAF_DOS_IMAGE_PREFIX="marketplaceimages/nginx-plus-ingress-nap-dos"
+declare -a PLUS_TAG_POSTFIX_LIST=("")
+declare -a NAP_WAF_TAG_POSTFIX_LIST=("")
+declare -a NAP_DOS_TAG_POSTFIX_LIST=("")
+declare -a NAP_WAF_DOS_TAG_POSTFIX_LIST=("")
+declare -a ADDITIONAL_TAGS=()
+export PUBLISH_OSS=false