Merge branch 'main' into evolve_oidc_logout

Author: llomgui

.github/actions/smoke-tests/action.yaml

@@ -2,51 +2,32 @@ name: Run Smoke Tests
 description: Run Smoke Tests for the project
 
 inputs:
-  go-md5:
-    required: true
-    type: string
-  base-image-md5:
-    required: true
-    type: string
   k8s-version:
     description: Kubernetes version to use
     required: false
   k8s-timeout:
     description: Timeout to use
     default: 75s
     required: false
-  image:
-    description: Docker image to use
-    default: debian
-    required: false
+  image-type:
+    description: Image type to test
+    required: true
+  image-name:
+    description: Docker image name to test
+    required: true
+  tag:
+    description: Docker image tag to test
+    required: true
   test-image:
     description: Test Docker image to use
     default: gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/test-runner:latest
     required: false
   marker:
     description: Marker to use
     required: false
-  nginx-key:
-    description: Nginx key to use
-    required: false
-  nginx-crt:
-    description: Nginx cert to use
-    required: false
   azure-ad-secret:
     description: Azure Active Directory secret for JWKs
     required: false
-  rhel-license:
-    description: RHEL license for UBI builds
-    required: false
-  gcr-workload-identity-secret:
-    description: Google Workflow Identity secret
-    required: false
-  gcr-service-account-secret:
-    description: Google Service Account secret
-    required: false
-  forked-workflow:
-    description: Does this workflow full access to repo resources?
-    required: false
 
 outputs:
   test-results-name:
@@ -56,90 +37,24 @@ outputs:
 runs:
   using: composite
   steps:
-    - name: Fetch Cached Artifacts
-      uses: actions/cache@v3
-      with:
-        path: ${{ github.workspace }}/dist
-        key: nginx-ingress-${{ inputs.go-md5 }}
-
-    - name: Ingress type
-      id: ingress-type
-      run: |
-        echo "name=nginx${{ contains(inputs.image, 'plus') && '-plus' || '' }}-ingress" >> $GITHUB_OUTPUT
-        echo "tag=${{ inputs.image }}${{ contains(inputs.marker, 'dos') && '-dos' || '' }}${{ contains(inputs.marker, 'appprotect') && '-nap' || '' }}-${{ github.sha }}" >> $GITHUB_OUTPUT
-        echo "modules=${{ contains(inputs.marker, 'appprotect') && 'waf' || '' }}${{ contains(inputs.marker, 'dos') && 'dos' || '' }}" >> $GITHUB_OUTPUT
-      shell: bash
-
-    - name: Docker Buildx
-      uses: docker/setup-buildx-action@v2
-
-    - name: Authenticate to Google Cloud
-      id: auth
-      uses: google-github-actions/auth@v2
-      with:
-        token_format: access_token
-        workload_identity_provider: ${{ inputs.gcr-workload-identity-secret }}
-        service_account: ${{ inputs.gcr-service-account-secret }}
-      if: ${{ inputs.forked-workflow == 'false' }}
-
-    - name: Login to GCR
-      uses: docker/login-action@v3
-      with:
-        registry: gcr.io
-        username: oauth2accesstoken
-        password: ${{ steps.auth.outputs.access_token }}
-      if: ${{ inputs.forked-workflow == 'false' }}
-
-    - name: Build ${{ inputs.image }} Container
-      uses: docker/build-push-action@v3
-      with:
-        file: build/Dockerfile
-        context: "."
-        cache-from: type=gha,scope=${{ inputs.image }}${{ contains(inputs.marker, 'dos') && '-dos' || '' }}${{ contains(inputs.marker, 'appprotect') && '-nap' || '' }}
-        target: goreleaser${{ inputs.forked-workflow == 'false' && '-prebuilt' || '' }}
-        tags: "docker.io/nginx/${{ steps.ingress-type.outputs.name }}:${{ steps.ingress-type.outputs.tag }}"
-        load: true
-        pull: true
-        build-args: |
-          BUILD_OS=${{ inputs.image }}
-          PREBUILT_BASE_IMG=gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-base/${{ contains(inputs.image, 'plus') && 'plus' || 'oss' }}:${{ inputs.base-image-md5 }}-${{ inputs.image }}${{ contains(inputs.marker, 'appprotect') && '-waf' || '' }}${{ contains(inputs.marker, 'dos') && '-dos' || '' }}
-          IC_VERSION=CI
-          ${{ steps.ingress-type.outputs.modules != '' && format('NAP_MODULES={0}', steps.ingress-type.outputs.modules) || '' }}
-          ${{ contains(inputs.marker, 'appprotect') && 'DEBIAN_VERSION=buster-slim' || '' }}
-        secrets: |
-          ${{ contains(inputs.image, 'plus') && format('"nginx-repo.crt={0}"', inputs.nginx-crt) || '' }}
-          ${{ contains(inputs.image, 'plus') && format('"nginx-repo.key={0}"', inputs.nginx-key) || '' }}
-          ${{ contains(inputs.image, 'ubi') && format('"rhel_license={0}"', inputs.rhel-license) || '' }}
-
     - name: Deploy Kubernetes
       id: k8s
       run: |
         make -f tests/Makefile create-kind-cluster K8S_CLUSTER_NAME=${{ github.run_id }} K8S_CLUSTER_VERSION=${{ inputs.k8s-version }} K8S_TIMEOUT=${{ inputs.k8s-timeout }}
-        make -f tests/Makefile image-load PREFIX=nginx/${{ steps.ingress-type.outputs.name }} TAG=${{ steps.ingress-type.outputs.tag }} K8S_CLUSTER_NAME=${{ github.run_id }}
+        make -f tests/Makefile image-load REGISTRY="" PREFIX=${{ inputs.image-name }} TAG=${{ inputs.tag }} K8S_CLUSTER_NAME=${{ github.run_id }}
         marker="${{ inputs.marker }}"
         nospaces="${marker// /_}"
         sanitized_marker="${nospaces//\'/}"
         name="${sanitized_marker:-${{ inputs.k8s-version }}}"
         echo "cluster_ip=$(docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' ${{ github.run_id }}-control-plane)" >> $GITHUB_OUTPUT
-        echo "cluster=$(echo nginx-${{ inputs.image }}-$name)" >> $GITHUB_OUTPUT
+        echo "cluster=$(echo nginx-${{ inputs.image-type }}-$name)" >> $GITHUB_OUTPUT
       shell: bash
 
     - name: Setup Kubeconfig
       run: |
         sed -i 's|server:.*|server: https://${{ steps.k8s.outputs.cluster_ip }}:6443|' ~/.kube/kind/config
       shell: bash
 
-    - name: Build Test-Runner Container
-      uses: docker/build-push-action@v3
-      with:
-        file: tests/Dockerfile
-        context: "."
-        cache-from: type=gha,scope=test-runner
-        tags: ${{ inputs.test-image }}
-        pull: true
-        load: true
-      if: ${{ inputs.forked-workflow == 'true' }}
-
     - name: Run Smoke Tests
       run: |
         touch tests-${{ steps.k8s.outputs.cluster }}.html
@@ -149,9 +64,9 @@ runs:
         -v ${{ github.workspace }}/tests:/workspace/tests \
         -v ~/.kube/kind/config:/root/.kube/config ${{ inputs.test-image }} \
         --context=kind-${{ github.run_id }} \
-        --image=docker.io/nginx/${{ steps.ingress-type.outputs.name }}:${{ steps.ingress-type.outputs.tag }} \
+        --image=${{ inputs.image-name }}:${{ inputs.tag }} \
         --image-pull-policy=Never \
-        --ic-type=${{ steps.ingress-type.outputs.name }} \
+        --ic-type=nginx${{ contains(inputs.image-type, 'plus') && '-plus' || '' }}-ingress \
         --service=nodeport --node-ip=${{ steps.k8s.outputs.cluster_ip }} \
         --html=tests-${{ steps.k8s.outputs.cluster }}.html \
         --self-contained-html \

.github/data/version.txt

@@ -1,2 +1,2 @@
-IC_VERSION=3.5.0
-HELM_CHART_VERSION=1.2.0
+IC_VERSION=3.6.0
+HELM_CHART_VERSION=1.3.0

.github/scripts/release-version-update.sh

@@ -28,40 +28,43 @@ FILE_TO_UPDATE_HELM_CHART_VERSION=(
 )
 
  usage() {
-    echo "Usage: $0 <ic_version> <helm_chart_version>"
+    echo "Usage: $0 <current_ic_version> <current_helm_chart_version> <new_ic_version> <new_helm_chart_version>"
     exit 1
  }
 
-if ! command -v yq > /dev/null 2>&1; then
-    echo "ERROR: yq command not found in \$PATH, cannot continue, exiting..."
-    exit 2
+current_ic_version=$1
+current_helm_chart_version=$2
+new_ic_version=$3
+new_helm_chart_version=$4
+
+if [ -z "${current_ic_version}" ]; then
+    usage
 fi
 
-ic_version=$1
-helm_chart_version=$2
+if [ -z "${current_helm_chart_version}" ]; then
+    usage
+fi
 
-if [ -z "${ic_version}" ]; then
+if [ -z "${new_ic_version}" ]; then
     usage
 fi
 
-if [ -z "${helm_chart_version}" ]; then
+if [ -z "${new_helm_chart_version}" ]; then
     usage
 fi
 
-current_ic_version=$(yq '.appVersion' <"${HELM_CHART_PATH}/Chart.yaml")
 escaped_current_ic_version=$(printf '%s' "$current_ic_version" | sed -e 's/\./\\./g');
-current_helm_chart_version=$(yq '.version' <"${HELM_CHART_PATH}/Chart.yaml")
 escaped_current_helm_chart_version=$(printf '%s' "$current_helm_chart_version" | sed -e 's/\./\\./g');
 
 echo "Updating versions: "
-echo "ic_version: ${current_ic_version} -> ${ic_version}"
-echo "helm_chart_version: ${current_helm_chart_version} -> ${helm_chart_version}"
+echo "ic_version: ${current_ic_version} -> ${new_ic_version}"
+echo "helm_chart_version: ${current_helm_chart_version} -> ${new_helm_chart_version}"
 
-regex_ic="s#$escaped_current_ic_version#$ic_version#g"
-regex_helm="s#$escaped_current_helm_chart_version#$helm_chart_version#g"
+regex_ic="s#$escaped_current_ic_version#$new_ic_version#g"
+regex_helm="s#$escaped_current_helm_chart_version#$new_helm_chart_version#g"
 
 mv "${HELM_CHART_PATH}/values.schema.json" "${TMPDIR}/"
-jq --arg version "${ic_version}" \
+jq --arg version "${new_ic_version}" \
     '.properties.controller.properties.image.properties.tag.default = $version | .properties.controller.properties.image.properties.tag.examples[0] = $version | .properties.controller.examples[0].image.tag = $version | .properties.controller.properties.image.examples[0].tag = $version | .examples[0].controller.image.tag = $version' \
     ${TMPDIR}/values.schema.json \
     > "${HELM_CHART_PATH}/values.schema.json"

.github/scripts/variables.sh

@@ -0,0 +1,65 @@
+#!/usr/bin/env bash
+
+if [ "$1" = "" ]; then
+    echo "ERROR: paramater needed"
+    exit 2
+fi
+
+INPUT=$1
+ROOTDIR=$(git rev-parse --show-toplevel || echo ".")
+if [ "$PWD" != "$ROOTDIR" ]; then
+    # shellcheck disable=SC2164
+    cd "$ROOTDIR";
+fi
+
+get_docker_md5() {
+  docker_md5=$(find build .github/data/version.txt -type f ! -name "*.md" -exec md5sum {} + | LC_ALL=C sort  | md5sum | awk '{ print $1 }')
+  echo "${docker_md5:0:8}"
+}
+
+get_go_code_md5() {
+  find . -type f \( -name "*.go" -o -name go.mod -o -name go.sum -o -name "*.tmpl" -o -name "version.txt" \) -not -path "./docs*"  -exec md5sum {} + | LC_ALL=C sort  | md5sum | awk '{ print $1 }'
+}
+
+get_tests_md5() {
+  find tests perf-tests .github/data/version.txt -type f -exec md5sum {} + | LC_ALL=C sort  | md5sum | awk '{ print $1 }'
+}
+
+get_chart_md5() {
+  find charts .github/data/version.txt -type f -exec md5sum {} + | LC_ALL=C sort  | md5sum | awk '{ print $1 }'
+}
+
+get_actions_md5() {
+  find .github .github/data/version.txt -type f -exec md5sum {} + | LC_ALL=C sort  | md5sum | awk '{ print $1 }'
+}
+
+get_build_tag() {
+  echo "$(get_docker_md5) $(get_go_code_md5)" | md5sum | awk '{ print $1 }'
+}
+
+get_stable_tag() {
+  echo "$(get_build_tag) $(get_tests_md5) $(get_chart_md5) $(get_actions_md5)" | md5sum | awk '{ print $1 }'
+}
+
+case $INPUT in
+  docker_md5)
+    echo "docker_md5=$(get_docker_md5)"
+    ;;
+
+  go_code_md5)
+    echo "go_code_md5=$(get_go_code_md5)"
+    ;;
+
+  build_tag)
+    echo "build_tag=$(get_build_tag)"
+    ;;
+
+  stable_tag)
+    echo "stable_tag=$(get_stable_tag)"
+    ;;
+
+  *)
+    echo "ERROR: option not found"
+    exit 2
+    ;;
+esac