From b46ec32464bcc0616a21022b91a0fb01eca7df49 Mon Sep 17 00:00:00 2001 From: Ciara Stacke Date: Thu, 4 Sep 2025 15:31:20 +0100 Subject: [PATCH 1/3] Fix workflow for forks --- .github/workflows/ci.yml | 2 +- .github/workflows/conformance.yml | 2 +- .github/workflows/functional.yml | 2 +- .github/workflows/lint.yml | 2 +- .github/workflows/renovate-build.yml | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 51ee235425..bc2eea81f3 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -30,7 +30,7 @@ defaults: shell: bash env: - GOPROXY: ${{ (github.repository_owner == 'nginx' && (inputs.is_production_release || github.event_name == 'push' && github.ref == 'refs/heads/main') && format('https://{0}:{1}@{2}', secrets.ARTIFACTORY_USER, secrets.ARTIFACTORY_TOKEN, secrets.ARTIFACTORY_ENDPOINT)) || (github.repository_owner == 'nginx' && format('https://{0}:{1}@{2}', secrets.ARTIFACTORY_USER, secrets.ARTIFACTORY_TOKEN, secrets.ARTIFACTORY_DEV_ENDPOINT) || 'direct') }} + GOPROXY: ${{ github.repository_owner != 'nginx' && 'direct' || (inputs.is_production_release || (github.event_name == 'push' && github.ref == 'refs/heads/main')) && format('https://{0}:{1}@{2}', secrets.ARTIFACTORY_USER, secrets.ARTIFACTORY_TOKEN, secrets.ARTIFACTORY_ENDPOINT) || format('https://{0}:{1}@{2}', secrets.ARTIFACTORY_USER, secrets.ARTIFACTORY_TOKEN, secrets.ARTIFACTORY_DEV_ENDPOINT) }} concurrency: group: ${{ github.ref_name }}-ci diff --git a/.github/workflows/conformance.yml b/.github/workflows/conformance.yml index 1a74014a77..fe3f823aec 100644 --- a/.github/workflows/conformance.yml +++ b/.github/workflows/conformance.yml @@ -28,7 +28,7 @@ defaults: env: PLUS_USAGE_ENDPOINT: ${{ secrets.JWT_PLUS_REPORTING_ENDPOINT }} ENABLE_EXPERIMENTAL: ${{ inputs.enable-experimental }} - GOPROXY: ${{ github.repository_owner == 'nginx' && format('https://{0}:{1}@{2}', secrets.ARTIFACTORY_USER, secrets.ARTIFACTORY_TOKEN, secrets.ARTIFACTORY_DEV_ENDPOINT) || 'direct' }} + GOPROXY: ${{ github.repository_owner != 'nginx' && 'direct' || format('https://{0}:{1}@{2}', secrets.ARTIFACTORY_USER, secrets.ARTIFACTORY_TOKEN, secrets.ARTIFACTORY_DEV_ENDPOINT) }} permissions: contents: read diff --git a/.github/workflows/functional.yml b/.github/workflows/functional.yml index c9f2d80c8e..3c988f3e71 100644 --- a/.github/workflows/functional.yml +++ b/.github/workflows/functional.yml @@ -16,7 +16,7 @@ defaults: env: PLUS_USAGE_ENDPOINT: ${{ secrets.JWT_PLUS_REPORTING_ENDPOINT }} - GOPROXY: ${{ github.repository_owner == 'nginx' && format('https://{0}:{1}@{2}', secrets.ARTIFACTORY_USER, secrets.ARTIFACTORY_TOKEN, secrets.ARTIFACTORY_DEV_ENDPOINT) || 'direct' }} + GOPROXY: ${{ github.repository_owner != 'nginx' && 'direct' || format('https://{0}:{1}@{2}', secrets.ARTIFACTORY_USER, secrets.ARTIFACTORY_TOKEN, secrets.ARTIFACTORY_DEV_ENDPOINT) }} permissions: contents: read diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 074b179f60..7efbdc2fac 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -13,7 +13,7 @@ defaults: shell: bash env: - GOPROXY: ${{ github.repository_owner == 'nginx' && format('https://{0}:{1}@{2}', secrets.ARTIFACTORY_USER, secrets.ARTIFACTORY_TOKEN, secrets.ARTIFACTORY_DEV_ENDPOINT) || 'direct' }} + GOPROXY: ${{ github.repository_owner != 'nginx' && 'direct' || format('https://{0}:{1}@{2}', secrets.ARTIFACTORY_USER, secrets.ARTIFACTORY_TOKEN, secrets.ARTIFACTORY_DEV_ENDPOINT) }} concurrency: group: ${{ github.ref_name }}-lint diff --git a/.github/workflows/renovate-build.yml b/.github/workflows/renovate-build.yml index 8b384c388e..d6733d7a41 100644 --- a/.github/workflows/renovate-build.yml +++ b/.github/workflows/renovate-build.yml @@ -12,7 +12,7 @@ defaults: shell: bash env: - GOPROXY: ${{ github.repository_owner == 'nginx' && format('https://{0}:{1}@{2}', secrets.ARTIFACTORY_USER, secrets.ARTIFACTORY_TOKEN, secrets.ARTIFACTORY_DEV_ENDPOINT) || 'direct' }} + GOPROXY: ${{ github.repository_owner != 'nginx' && 'direct' || format('https://{0}:{1}@{2}', secrets.ARTIFACTORY_USER, secrets.ARTIFACTORY_TOKEN, secrets.ARTIFACTORY_DEV_ENDPOINT) }} concurrency: group: ${{ github.ref_name }}-renovate From 6c0ba00be3132b39a3e87536c105bf75a426b280 Mon Sep 17 00:00:00 2001 From: Ciara Stacke Date: Thu, 4 Sep 2025 16:05:57 +0100 Subject: [PATCH 2/3] Second attempt --- .github/workflows/ci.yml | 24 +++++++++++++++++++++--- .github/workflows/conformance.yml | 11 ++++++++++- .github/workflows/functional.yml | 11 ++++++++++- .github/workflows/lint.yml | 13 ++++++++++--- .github/workflows/renovate-build.yml | 13 ++++++++++--- 5 files changed, 61 insertions(+), 11 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index bc2eea81f3..dfb7e051bd 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -29,9 +29,6 @@ defaults: run: shell: bash -env: - GOPROXY: ${{ github.repository_owner != 'nginx' && 'direct' || (inputs.is_production_release || (github.event_name == 'push' && github.ref == 'refs/heads/main')) && format('https://{0}:{1}@{2}', secrets.ARTIFACTORY_USER, secrets.ARTIFACTORY_TOKEN, secrets.ARTIFACTORY_ENDPOINT) || format('https://{0}:{1}@{2}', secrets.ARTIFACTORY_USER, secrets.ARTIFACTORY_TOKEN, secrets.ARTIFACTORY_DEV_ENDPOINT) }} - concurrency: group: ${{ github.ref_name }}-ci cancel-in-progress: true @@ -53,6 +50,21 @@ jobs: uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: fetch-depth: 0 + - name: Configure GOPROXY + id: goproxy + run: | + if [[ "${{ secrets.ARTIFACTORY_USER }}" == "" ]]; then + echo "No Artifactory secrets available - using direct GOPROXY" + GOPROXY_VALUE="direct" + elif [[ "${{ inputs.is_production_release }}" == "true" ]] || [[ "${{ github.event_name }}" == "push" && "${{ github.ref }}" == "refs/heads/main" ]]; then + echo "Production mode - using production Artifactory" + GOPROXY_VALUE="https://${{ secrets.ARTIFACTORY_USER }}:${{ secrets.ARTIFACTORY_TOKEN }}@${{ secrets.ARTIFACTORY_ENDPOINT }}" + else + echo "Development mode - using dev Artifactory" + GOPROXY_VALUE="https://${{ secrets.ARTIFACTORY_USER }}:${{ secrets.ARTIFACTORY_TOKEN }}@${{ secrets.ARTIFACTORY_DEV_ENDPOINT }}" + fi + echo "goproxy=${GOPROXY_VALUE}" >> $GITHUB_OUTPUT + echo "GOPROXY=${GOPROXY_VALUE}" >> $GITHUB_ENV - name: Setup Golang Environment uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0 @@ -92,6 +104,8 @@ jobs: name: Unit Tests runs-on: ubuntu-24.04 needs: vars + env: + GOPROXY: ${{ needs.vars.outputs.goproxy }} steps: - name: Checkout Repository uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 @@ -144,6 +158,8 @@ jobs: name: Build Binary runs-on: ${{ github.repository_owner == 'nginx' && (inputs.is_production_release || (github.event_name == 'push' && github.ref == 'refs/heads/main')) && 'ubuntu-24.04-amd64' || 'ubuntu-24.04' }} needs: [vars, unit-tests, njs-unit-tests] + env: + GOPROXY: ${{ needs.vars.outputs.goproxy }} permissions: contents: write # for goreleaser/goreleaser-action and lucacome/draft-release to create/update releases id-token: write # for goreleaser/goreleaser-action to sign artifacts @@ -345,6 +361,8 @@ jobs: name: CEL Tests runs-on: ubuntu-24.04 needs: vars + env: + GOPROXY: ${{ needs.vars.outputs.goproxy }} steps: - name: Checkout Repository uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 diff --git a/.github/workflows/conformance.yml b/.github/workflows/conformance.yml index fe3f823aec..53f590a457 100644 --- a/.github/workflows/conformance.yml +++ b/.github/workflows/conformance.yml @@ -28,7 +28,6 @@ defaults: env: PLUS_USAGE_ENDPOINT: ${{ secrets.JWT_PLUS_REPORTING_ENDPOINT }} ENABLE_EXPERIMENTAL: ${{ inputs.enable-experimental }} - GOPROXY: ${{ github.repository_owner != 'nginx' && 'direct' || format('https://{0}:{1}@{2}', secrets.ARTIFACTORY_USER, secrets.ARTIFACTORY_TOKEN, secrets.ARTIFACTORY_DEV_ENDPOINT) }} permissions: contents: read @@ -48,6 +47,16 @@ jobs: with: fetch-depth: 0 + - name: Configure GOPROXY + id: goproxy + run: | + if [[ "${{ secrets.ARTIFACTORY_USER }}" == "" ]]; then + GOPROXY_VALUE="direct" + else + GOPROXY_VALUE="https://${{ secrets.ARTIFACTORY_USER }}:${{ secrets.ARTIFACTORY_TOKEN }}@${{ secrets.ARTIFACTORY_DEV_ENDPOINT }}" + fi + echo "GOPROXY=${GOPROXY_VALUE}" >> $GITHUB_ENV + - name: Setup Golang Environment uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0 with: diff --git a/.github/workflows/functional.yml b/.github/workflows/functional.yml index 3c988f3e71..8487de4139 100644 --- a/.github/workflows/functional.yml +++ b/.github/workflows/functional.yml @@ -16,7 +16,6 @@ defaults: env: PLUS_USAGE_ENDPOINT: ${{ secrets.JWT_PLUS_REPORTING_ENDPOINT }} - GOPROXY: ${{ github.repository_owner != 'nginx' && 'direct' || format('https://{0}:{1}@{2}', secrets.ARTIFACTORY_USER, secrets.ARTIFACTORY_TOKEN, secrets.ARTIFACTORY_DEV_ENDPOINT) }} permissions: contents: read @@ -34,6 +33,16 @@ jobs: with: fetch-depth: 0 + - name: Configure GOPROXY + id: goproxy + run: | + if [[ "${{ secrets.ARTIFACTORY_USER }}" == "" ]]; then + GOPROXY_VALUE="direct" + else + GOPROXY_VALUE="https://${{ secrets.ARTIFACTORY_USER }}:${{ secrets.ARTIFACTORY_TOKEN }}@${{ secrets.ARTIFACTORY_DEV_ENDPOINT }}" + fi + echo "GOPROXY=${GOPROXY_VALUE}" >> $GITHUB_ENV + - name: Setup Golang Environment uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0 with: diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 7efbdc2fac..39ca3a8e74 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -12,9 +12,6 @@ defaults: run: shell: bash -env: - GOPROXY: ${{ github.repository_owner != 'nginx' && 'direct' || format('https://{0}:{1}@{2}', secrets.ARTIFACTORY_USER, secrets.ARTIFACTORY_TOKEN, secrets.ARTIFACTORY_DEV_ENDPOINT) }} - concurrency: group: ${{ github.ref_name }}-lint cancel-in-progress: true @@ -34,6 +31,16 @@ jobs: - name: Checkout Repository uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - name: Configure GOPROXY + id: goproxy + run: | + if [[ "${{ secrets.ARTIFACTORY_USER }}" == "" ]]; then + GOPROXY_VALUE="direct" + else + GOPROXY_VALUE="https://${{ secrets.ARTIFACTORY_USER }}:${{ secrets.ARTIFACTORY_TOKEN }}@${{ secrets.ARTIFACTORY_DEV_ENDPOINT }}" + fi + echo "GOPROXY=${GOPROXY_VALUE}" >> $GITHUB_ENV + - name: Setup Golang Environment uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0 with: diff --git a/.github/workflows/renovate-build.yml b/.github/workflows/renovate-build.yml index d6733d7a41..b373dc924e 100644 --- a/.github/workflows/renovate-build.yml +++ b/.github/workflows/renovate-build.yml @@ -11,9 +11,6 @@ defaults: run: shell: bash -env: - GOPROXY: ${{ github.repository_owner != 'nginx' && 'direct' || format('https://{0}:{1}@{2}', secrets.ARTIFACTORY_USER, secrets.ARTIFACTORY_TOKEN, secrets.ARTIFACTORY_DEV_ENDPOINT) }} - concurrency: group: ${{ github.ref_name }}-renovate cancel-in-progress: true @@ -53,6 +50,16 @@ jobs: with: ref: ${{ github.head_ref }} + - name: Configure GOPROXY + id: goproxy + run: | + if [[ "${{ secrets.ARTIFACTORY_USER }}" == "" ]]; then + GOPROXY_VALUE="direct" + else + GOPROXY_VALUE="https://${{ secrets.ARTIFACTORY_USER }}:${{ secrets.ARTIFACTORY_TOKEN }}@${{ secrets.ARTIFACTORY_DEV_ENDPOINT }}" + fi + echo "GOPROXY=${GOPROXY_VALUE}" >> $GITHUB_ENV + - name: Setup Golang Environment uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0 with: From d1c0b815581b6c994aa0fa3c8d9c1a4572d99461 Mon Sep 17 00:00:00 2001 From: Ciara Stacke Date: Thu, 4 Sep 2025 16:17:24 +0100 Subject: [PATCH 3/3] Add goproxy to outputs --- .github/workflows/ci.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index dfb7e051bd..842fd82869 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -45,6 +45,7 @@ jobs: min_k8s_version: ${{ steps.vars.outputs.min_k8s_version }} k8s_latest: ${{ steps.vars.outputs.k8s_latest }} helm_changes: ${{ steps.filter.outputs.charts }} + goproxy: ${{ steps.goproxy.outputs.goproxy }} steps: - name: Checkout Repository uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0