From ad7ba3909a020a9c7fabb43c4dcd3313a5d371b2 Mon Sep 17 00:00:00 2001 From: Paul Abel Date: Wed, 2 Apr 2025 11:06:17 +0100 Subject: [PATCH 1/3] update NGINX Plus to R34 and App Protect to 4.14 & 5.6 --- .github/workflows/regression.yml | 2 +- .github/workflows/setup-smoke.yml | 2 +- Makefile | 2 +- build/Dockerfile | 10 +++++----- charts/nginx-ingress/values.schema.json | 20 +++++++++---------- charts/nginx-ingress/values.yaml | 4 ++-- charts/tests/__snapshots__/helmunit_test.snap | 4 ++-- .../installing-nic/installation-with-helm.md | 4 ++-- .../app-protect-waf-v5/installation.md | 3 ++- site/content/technical-specifications.md | 5 +++-- tests/settings.py | 2 +- 11 files changed, 30 insertions(+), 28 deletions(-) diff --git a/.github/workflows/regression.yml b/.github/workflows/regression.yml index f23530520d..511cb8fd36 100644 --- a/.github/workflows/regression.yml +++ b/.github/workflows/regression.yml @@ -265,7 +265,7 @@ jobs: - name: Generate WAF v5 tgz from JSON run: | - docker run --rm --user root -v /var/run/docker.sock:/var/run/docker.sock -v ${{ github.workspace }}/tests/data/ap-waf-v5:/data gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/nap/waf-compiler:5.5.0 -p /data/wafv5.json -o /data/wafv5.tgz + docker run --rm --user root -v /var/run/docker.sock:/var/run/docker.sock -v ${{ github.workspace }}/tests/data/ap-waf-v5:/data gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/nap/waf-compiler:5.6.0 -p /data/wafv5.json -o /data/wafv5.tgz if: ${{ contains(matrix.images.image, 'nap-v5')}} - name: Run Regression Tests diff --git a/.github/workflows/setup-smoke.yml b/.github/workflows/setup-smoke.yml index f90153666e..ecccf0e53e 100644 --- a/.github/workflows/setup-smoke.yml +++ b/.github/workflows/setup-smoke.yml @@ -149,7 +149,7 @@ jobs: - name: Generate WAF v5 tgz from JSON run: | - docker run --rm --user root -v /var/run/docker.sock:/var/run/docker.sock -v ${{ github.workspace }}/tests/data/ap-waf-v5:/data gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/nap/waf-compiler:5.5.0 -p /data/wafv5.json -o /data/wafv5.tgz + docker run --rm --user root -v /var/run/docker.sock:/var/run/docker.sock -v ${{ github.workspace }}/tests/data/ap-waf-v5:/data gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/nap/waf-compiler:5.6.0 -p /data/wafv5.json -o /data/wafv5.tgz if: ${{ contains(inputs.image, 'nap-v5')}} - name: Run Smoke Tests diff --git a/Makefile b/Makefile index 56f497a3c9..3010a74624 100644 --- a/Makefile +++ b/Makefile @@ -2,7 +2,7 @@ VER = $(shell grep IC_VERSION .github/data/version.txt | cut -d '=' -f 2) GIT_TAG = $(shell git describe --exact-match --tags || echo untagged) VERSION = $(VER)-SNAPSHOT -NGINX_PLUS_VERSION ?= R33 +NGINX_PLUS_VERSION ?= R34 PLUS_ARGS = --build-arg NGINX_PLUS_VERSION=$(NGINX_PLUS_VERSION) --secret id=nginx-repo.crt,src=nginx-repo.crt --secret id=nginx-repo.key,src=nginx-repo.key # Variables that can be overridden diff --git a/build/Dockerfile b/build/Dockerfile index a7321e673e..4ae9d88aff 100644 --- a/build/Dockerfile +++ b/build/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:1.6 ARG BUILD_OS=debian -ARG NGINX_PLUS_VERSION=R33 +ARG NGINX_PLUS_VERSION=R34 ARG DOWNLOAD_TAG=edge ARG DEBIAN_FRONTEND=noninteractive ARG PREBUILT_BASE_IMG=nginx/nginx-ingress:${DOWNLOAD_TAG} @@ -206,7 +206,7 @@ RUN --mount=type=bind,from=alpine-fips-3.19,target=/tmp/fips/ \ && mkdir -p /etc/nginx/reporting/ \ && cp -av /tmp/nginx/reporting/tracking.info /etc/nginx/reporting/tracking.info \ && ldconfig /usr/local/lib/ \ - && apk add --no-cache app-protect-module-plus~=33.5.264 \ + && apk add --no-cache app-protect-module-plus~=33.5.342 \ && sed -i -e '/nginx.com/d' /etc/apk/repositories \ && nap-waf.sh \ && if [ "${NGINX_AGENT}" = "true" ]; then \ @@ -312,7 +312,7 @@ RUN --mount=type=secret,id=nginx-repo.crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode && apt-get update \ && if [ "${NGINX_AGENT}" = "true" ]; then apt-get install --no-install-recommends --no-install-suggests -y nginx-agent; fi \ && if [ -z "${NAP_MODULES##*waf*}" ]; then \ - apt-get install --no-install-recommends --no-install-suggests -y app-protect-module-plus=33+5.264* nginx-plus-module-appprotect=33+5.264* app-protect-plugin=6.9.0*; \ + apt-get install --no-install-recommends --no-install-suggests -y app-protect-module-plus=33+5.342* nginx-plus-module-appprotect=33+5.342* app-protect-plugin=6.12.0*; \ rm -f /etc/apt/sources.list.d/app-protect.sources; \ nap-waf.sh; \ fi \ @@ -448,7 +448,7 @@ RUN --mount=type=secret,id=nginx-repo.crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode && if [ "${NGINX_AGENT}" = "true" ]; then microdnf --nodocs install -y nginx-agent; fi \ && if [ -z "${NAP_MODULES##*waf*}" ]; then \ cp /tmp/app-protect-9.repo /etc/yum.repos.d/app-protect-9.repo \ - && microdnf --nodocs install -y app-protect-module-plus-33+5.264* \ + && microdnf --nodocs install -y app-protect-module-plus-33+5.342* \ && nap-waf.sh \ && rm -f /etc/yum.repos.d/app-protect-9.repo; \ fi \ @@ -539,7 +539,7 @@ RUN --mount=type=secret,id=nginx-repo.crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode && dnf config-manager --set-enabled codeready-builder-for-rhel-8-x86_64-rpms \ && dnf --nodocs install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm \ && if [ -z "${NAP_MODULES##*waf*}" ]; then \ - dnf --nodocs install -y app-protect-module-plus-33+5.264*; \ + dnf --nodocs install -y app-protect-module-plus-33+5.342*; \ fi \ && subscription-manager unregister \ && if [ -z "${NAP_MODULES##*waf*}" ]; then \ diff --git a/charts/nginx-ingress/values.schema.json b/charts/nginx-ingress/values.schema.json index 2606ccfd3d..a7dcd1b8fa 100644 --- a/charts/nginx-ingress/values.schema.json +++ b/charts/nginx-ingress/values.schema.json @@ -327,10 +327,10 @@ }, "tag": { "type": "string", - "default": "5.5.0", + "default": "5.6.0", "title": "The tag of the App Protect WAF v5 Enforcer image", "examples": [ - "5.5.0" + "5.6.0" ] }, "digest": { @@ -367,7 +367,7 @@ "examples": [ { "repository": "private-registry.nginx.com/nap/waf-enforcer", - "tag": "5.5.0", + "tag": "5.6.0", "pullPolicy": "IfNotPresent" } ] @@ -401,10 +401,10 @@ }, "tag": { "type": "string", - "default": "5.5.0", + "default": "5.6.0", "title": "The tag of the App Protect WAF v5 Config Manager image", "examples": [ - "5.5.0" + "5.6.0" ] }, "digest": { @@ -441,7 +441,7 @@ "examples": [ { "repository": "private-registry.nginx.com/nap/waf-config-mgr", - "tag": "5.5.0", + "tag": "5.6.0", "pullPolicy": "IfNotPresent" } ] @@ -1837,7 +1837,7 @@ "port": 50000, "image": { "repository": "private-registry.nginx.com/nap/waf-enforcer", - "tag": "5.5.0", + "tag": "5.6.0", "pullPolicy": "IfNotPresent" }, "securityContext": {} @@ -1845,7 +1845,7 @@ "configManager": { "image": { "repository": "private-registry.nginx.com/nap/waf-config-mgr", - "tag": "5.5.0", + "tag": "5.6.0", "pullPolicy": "IfNotPresent" }, "securityContext": { @@ -2451,7 +2451,7 @@ "port": 50000, "image": { "repository": "private-registry.nginx.com/nap/waf-enforcer", - "tag": "5.5.0", + "tag": "5.6.0", "pullPolicy": "IfNotPresent" }, "securityContext": {} @@ -2459,7 +2459,7 @@ "configManager": { "image": { "repository": "private-registry.nginx.com/nap/waf-config-mgr", - "tag": "5.5.0", + "tag": "5.6.0", "pullPolicy": "IfNotPresent" }, "securityContext": { diff --git a/charts/nginx-ingress/values.yaml b/charts/nginx-ingress/values.yaml index d9af078893..a122e4f835 100644 --- a/charts/nginx-ingress/values.yaml +++ b/charts/nginx-ingress/values.yaml @@ -82,7 +82,7 @@ controller: repository: private-registry.nginx.com/nap/waf-enforcer ## The tag of the App Protect WAF v5 Enforcer image. - tag: "5.5.0" + tag: "5.6.0" ## The digest of the App Protect WAF v5 Enforcer image. ## If digest is specified it has precedence over tag and will be used instead # digest: "sha256:CHANGEME" @@ -98,7 +98,7 @@ controller: repository: private-registry.nginx.com/nap/waf-config-mgr ## The tag of the App Protect WAF v5 Configuration Manager image. - tag: "5.5.0" + tag: "5.6.0" ## The digest of the App Protect WAF v5 Configuration Manager image. ## If digest is specified it has precedence over tag and will be used instead # digest: "sha256:CHANGEME" diff --git a/charts/tests/__snapshots__/helmunit_test.snap b/charts/tests/__snapshots__/helmunit_test.snap index ffd9d5d6ba..8735bc6170 100755 --- a/charts/tests/__snapshots__/helmunit_test.snap +++ b/charts/tests/__snapshots__/helmunit_test.snap @@ -1472,7 +1472,7 @@ spec: - -weight-changes-dynamic-reload=false - name: waf-enforcer - image: my.private.reg/nap/waf-enforcer:5.5.0 + image: my.private.reg/nap/waf-enforcer:5.6.0 imagePullPolicy: "IfNotPresent" env: - name: ENFORCER_PORT @@ -1483,7 +1483,7 @@ spec: - name: app-protect-bd-config mountPath: /opt/app_protect/bd_config - name: waf-config-mgr - image: my.private.reg/nap/waf-config-mgr:5.5.0 + image: my.private.reg/nap/waf-config-mgr:5.6.0 imagePullPolicy: "IfNotPresent" securityContext: diff --git a/site/content/installation/installing-nic/installation-with-helm.md b/site/content/installation/installing-nic/installation-with-helm.md index 9395bf01da..163cf46173 100644 --- a/site/content/installation/installing-nic/installation-with-helm.md +++ b/site/content/installation/installing-nic/installation-with-helm.md @@ -423,12 +423,12 @@ The following tables lists the configurable parameters of the NGINX Ingress Cont | **controller.appprotect.enforcer.host** | Host that the App Protect WAF v5 Enforcer runs on. | "127.0.0.1" | | **controller.appprotect.enforcer.port** | Port that the App Protect WAF v5 Enforcer runs on. | 50000 | | **controller.appprotect.enforcer.image.repository** | The image repository of the App Protect WAF v5 Enforcer. | private-registry.nginx.com/nap/waf-enforcer | -| **controller.appprotect.enforcer.image.tag** | The tag of the App Protect WAF v5 Enforcer. | "5.5.0" | +| **controller.appprotect.enforcer.image.tag** | The tag of the App Protect WAF v5 Enforcer. | "5.6.0" | | **controller.appprotect.enforcer.image.digest** | The digest of the App Protect WAF v5 Enforcer. Takes precedence over tag if set. | "" | | **controller.appprotect.enforcer.image.pullPolicy** | The pull policy for the App Protect WAF v5 Enforcer image. | IfNotPresent | | **controller.appprotect.enforcer.securityContext** | The security context for App Protect WAF v5 Enforcer container. | {} | | **controller.appprotect.configManager.image.repository** | The image repository of the App Protect WAF v5 Configuration Manager. | private-registry.nginx.com/nap/waf-config-mgr | -| **controller.appprotect.configManager.image.tag** | The tag of the App Protect WAF v5 Configuration Manager. | "5.5.0" | +| **controller.appprotect.configManager.image.tag** | The tag of the App Protect WAF v5 Configuration Manager. | "5.6.0" | | **controller.appprotect.configManager.image.digest** | The digest of the App Protect WAF v5 Configuration Manager. Takes precedence over tag if set. | "" | | **controller.appprotect.configManager.image.pullPolicy** | The pull policy for the App Protect WAF v5 Configuration Manager image. | IfNotPresent | | **controller.appprotect.configManager.securityContext** | The security context for App Protect WAF v5 Configuration Manager container. | {"allowPrivilegeEscalation":false,"runAsUser":101,"runAsNonRoot":true,"capabilities":{"drop":["all"]}} | diff --git a/site/content/installation/integrations/app-protect-waf-v5/installation.md b/site/content/installation/integrations/app-protect-waf-v5/installation.md index 93f3b46da2..22c4da5705 100644 --- a/site/content/installation/integrations/app-protect-waf-v5/installation.md +++ b/site/content/installation/integrations/app-protect-waf-v5/installation.md @@ -507,7 +507,8 @@ If you prefer not to build your own NGINX Ingress Controller image, you can use {{< bootstrap-table "table table-bordered table-striped table-responsive" >}} | NIC Version | App Protect WAFv5 Version | Config Manager | Enforcer | | --- | --- | --- | --- | -| {{< nic-version >}} | 33_5.264 | 5.5.0 | 5.5.0 | +| {{< nic-version >}} | 33_5.342 | 5.6.0 | 5.6.0 | +| 4.0.1 | 33_5.264 | 5.5.0 | 5.5.0 | | 3.7.2 | 32_5.144 | 5.3.0 | 5.3.0 | | 3.6.2 | 32_5.48 | 5.2.0 | 5.2.0 | {{% /bootstrap-table %}} diff --git a/site/content/technical-specifications.md b/site/content/technical-specifications.md index 1f7bb3ee60..46d7fc90f1 100644 --- a/site/content/technical-specifications.md +++ b/site/content/technical-specifications.md @@ -28,7 +28,8 @@ We test NGINX Ingress Controller on a range of Kubernetes platforms for each rel {{< bootstrap-table "table table-bordered table-striped table-responsive" >}} | NIC Version | Supported Kubernetes Version | NIC Helm Chart Version | NIC Operator Version | NGINX / NGINX Plus version | | --- | --- | --- | --- | --- | -| {{< nic-version >}} | 1.25 - 1.32 | {{< nic-helm-version >}} | {{< nic-operator-version >}} | 1.27.4 / R33 P2 | +| {{< nic-version >}} | 1.25 - 1.32 | {{< nic-helm-version >}} | {{< nic-operator-version >}} | 1.27.4 / R34 | +| 4.0.1 | 1.25 - 1.32 | 2.0.1 | 3.0.1 | 1.27.4 / R33 P2 | | 3.7.2 | 1.25 - 1.31 | 1.4.2 | 2.4.2 | 1.27.2 / R32 P1 | | 3.6.2 | 1.25 - 1.31 | 1.3.2 | 2.3.2 | 1.27.1 / R32 P1 | | 3.5.2 | 1.23 - 1.30 | 1.2.2 | 2.2.2 | 1.27.0 / R32 | @@ -61,7 +62,7 @@ _All images include NGINX 1.27.4._ ### Images with NGINX Plus -_NGINX Plus images include NGINX Plus R33._ +_NGINX Plus images include NGINX Plus R34._ --- diff --git a/tests/settings.py b/tests/settings.py index bc4c97370c..66071c3eb7 100644 --- a/tests/settings.py +++ b/tests/settings.py @@ -33,4 +33,4 @@ # Nginx registry address to pull waf components from NGX_REG = "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr" # WAF component version to pull from above registry -WAF_V5_VERSION = "5.5.0" +WAF_V5_VERSION = "5.6.0" From 83f30962aeaf6db17dfd7d49adcbcc718b0b17d8 Mon Sep 17 00:00:00 2001 From: Paul Abel Date: Thu, 3 Apr 2025 12:08:35 +0100 Subject: [PATCH 2/3] update plus version for waf --- build/Dockerfile | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/build/Dockerfile b/build/Dockerfile index 4ae9d88aff..a7f330f62c 100644 --- a/build/Dockerfile +++ b/build/Dockerfile @@ -206,7 +206,7 @@ RUN --mount=type=bind,from=alpine-fips-3.19,target=/tmp/fips/ \ && mkdir -p /etc/nginx/reporting/ \ && cp -av /tmp/nginx/reporting/tracking.info /etc/nginx/reporting/tracking.info \ && ldconfig /usr/local/lib/ \ - && apk add --no-cache app-protect-module-plus~=33.5.342 \ + && apk add --no-cache app-protect-module-plus~=34.5.342 \ && sed -i -e '/nginx.com/d' /etc/apk/repositories \ && nap-waf.sh \ && if [ "${NGINX_AGENT}" = "true" ]; then \ @@ -312,7 +312,7 @@ RUN --mount=type=secret,id=nginx-repo.crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode && apt-get update \ && if [ "${NGINX_AGENT}" = "true" ]; then apt-get install --no-install-recommends --no-install-suggests -y nginx-agent; fi \ && if [ -z "${NAP_MODULES##*waf*}" ]; then \ - apt-get install --no-install-recommends --no-install-suggests -y app-protect-module-plus=33+5.342* nginx-plus-module-appprotect=33+5.342* app-protect-plugin=6.12.0*; \ + apt-get install --no-install-recommends --no-install-suggests -y app-protect-module-plus=34+5.342* nginx-plus-module-appprotect=34+5.342* app-protect-plugin=6.12.0*; \ rm -f /etc/apt/sources.list.d/app-protect.sources; \ nap-waf.sh; \ fi \ @@ -448,7 +448,7 @@ RUN --mount=type=secret,id=nginx-repo.crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode && if [ "${NGINX_AGENT}" = "true" ]; then microdnf --nodocs install -y nginx-agent; fi \ && if [ -z "${NAP_MODULES##*waf*}" ]; then \ cp /tmp/app-protect-9.repo /etc/yum.repos.d/app-protect-9.repo \ - && microdnf --nodocs install -y app-protect-module-plus-33+5.342* \ + && microdnf --nodocs install -y app-protect-module-plus-34+5.342* \ && nap-waf.sh \ && rm -f /etc/yum.repos.d/app-protect-9.repo; \ fi \ @@ -539,7 +539,7 @@ RUN --mount=type=secret,id=nginx-repo.crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode && dnf config-manager --set-enabled codeready-builder-for-rhel-8-x86_64-rpms \ && dnf --nodocs install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm \ && if [ -z "${NAP_MODULES##*waf*}" ]; then \ - dnf --nodocs install -y app-protect-module-plus-33+5.342*; \ + dnf --nodocs install -y app-protect-module-plus-34+5.342*; \ fi \ && subscription-manager unregister \ && if [ -z "${NAP_MODULES##*waf*}" ]; then \ From 1870c62c9137996e057721b8f7a23d1fcbe5ca35 Mon Sep 17 00:00:00 2001 From: Paul Abel Date: Thu, 3 Apr 2025 12:18:40 +0100 Subject: [PATCH 3/3] Revert "temporarily disable builds failing for NAP WAF v4 on UBI (#7606)" This reverts commit 912a2d942b94294f5d6027fe38c51574f0d638d2. --- .github/config/config-gcr-retag | 4 ++-- .github/config/config-plus-gcr-release | 4 ++-- .github/config/config-plus-nginx | 4 ++-- .github/data/matrix-images-nap.json | 18 ++++++++++++++++++ .github/data/matrix-smoke-nap.json | 4 ++-- 5 files changed, 26 insertions(+), 8 deletions(-) diff --git a/.github/config/config-gcr-retag b/.github/config/config-gcr-retag index e29d8794bf..3273e6ffaf 100644 --- a/.github/config/config-gcr-retag +++ b/.github/config/config-gcr-retag @@ -1,7 +1,7 @@ export TARGET_REGISTRY=gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev declare -a PLUS_TAG_POSTFIX_LIST=("" "-ubi" "-alpine" "-alpine-fips" "-mktpl") -declare -a NAP_WAF_TAG_POSTFIX_LIST=("" "-mktpl" "-alpine-fips") +declare -a NAP_WAF_TAG_POSTFIX_LIST=("" "-ubi" "-ubi8" "-mktpl" "-alpine-fips") declare -a NAP_WAFV5_TAG_POSTFIX_LIST=("" "-ubi" "-ubi8" "-alpine-fips") declare -a NAP_DOS_TAG_POSTFIX_LIST=("" "-ubi" "-mktpl") -declare -a NAP_WAF_DOS_TAG_POSTFIX_LIST=("" "-mktpl") +declare -a NAP_WAF_DOS_TAG_POSTFIX_LIST=("" "-ubi" "-mktpl") declare -a ADDITIONAL_TAGS=() diff --git a/.github/config/config-plus-gcr-release b/.github/config/config-plus-gcr-release index 911baf2544..e1c6d12e01 100644 --- a/.github/config/config-plus-gcr-release +++ b/.github/config/config-plus-gcr-release @@ -1,8 +1,8 @@ export TARGET_REGISTRY=gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/release declare -a PLUS_TAG_POSTFIX_LIST=("" "-ubi" "-alpine" "-alpine-fips" "-mktpl") -declare -a NAP_WAF_TAG_POSTFIX_LIST=("" "-alpine-fips" "-mktpl") +declare -a NAP_WAF_TAG_POSTFIX_LIST=("" "-ubi" "-ubi8" "-alpine-fips" "-mktpl") declare -a NAP_WAFV5_TAG_POSTFIX_LIST=("" "-ubi" "-alpine-fips" "-ubi8") declare -a NAP_DOS_TAG_POSTFIX_LIST=("" "-ubi" "-mktpl") -declare -a NAP_WAF_DOS_TAG_POSTFIX_LIST=("" "-mktpl") +declare -a NAP_WAF_DOS_TAG_POSTFIX_LIST=("" "-ubi" "-mktpl") declare -a ADDITIONAL_TAGS=("latest" "${ADDITIONAL_TAG}") export PUBLISH_OSS=false diff --git a/.github/config/config-plus-nginx b/.github/config/config-plus-nginx index 9e98b14ed7..546c636721 100644 --- a/.github/config/config-plus-nginx +++ b/.github/config/config-plus-nginx @@ -1,8 +1,8 @@ export TARGET_REGISTRY=docker-mgmt.nginx.com export TARGET_NAP_WAF_DOS_IMAGE_PREFIX="nginx-ic-nap-dos/nginx-plus-ingress" declare -a PLUS_TAG_POSTFIX_LIST=("" "-ubi" "-alpine" "-alpine-fips") -declare -a NAP_WAF_TAG_POSTFIX_LIST=("" "-alpine-fips") +declare -a NAP_WAF_TAG_POSTFIX_LIST=("" "-ubi" "-ubi8" "-alpine-fips") declare -a NAP_WAFV5_TAG_POSTFIX_LIST=("" "-ubi" "-ubi8" "-alpine-fips") declare -a NAP_DOS_TAG_POSTFIX_LIST=("" "-ubi") -declare -a NAP_WAF_DOS_TAG_POSTFIX_LIST=("") +declare -a NAP_WAF_DOS_TAG_POSTFIX_LIST=("" "-ubi") export PUBLISH_OSS=false diff --git a/.github/data/matrix-images-nap.json b/.github/data/matrix-images-nap.json index 969231d648..b93c8404d3 100644 --- a/.github/data/matrix-images-nap.json +++ b/.github/data/matrix-images-nap.json @@ -15,18 +15,36 @@ "waf,dos" ], "include": [ + { + "image": "ubi-8-plus-nap", + "target": "goreleaser", + "platforms": "linux/amd64", + "nap_modules": "waf" + }, { "image": "ubi-8-plus-nap-v5", "target": "goreleaser", "platforms": "linux/amd64", "nap_modules": "waf" }, + { + "image": "ubi-9-plus-nap", + "target": "goreleaser", + "platforms": "linux/amd64", + "nap_modules": "waf" + }, { "image": "ubi-9-plus-nap", "target": "goreleaser", "platforms": "linux/amd64", "nap_modules": "dos" }, + { + "image": "ubi-9-plus-nap", + "target": "goreleaser", + "platforms": "linux/amd64", + "nap_modules": "waf,dos" + }, { "image": "alpine-plus-nap-fips", "target": "goreleaser", diff --git a/.github/data/matrix-smoke-nap.json b/.github/data/matrix-smoke-nap.json index 850cc8a2ca..1d780e7a7d 100644 --- a/.github/data/matrix-smoke-nap.json +++ b/.github/data/matrix-smoke-nap.json @@ -2,7 +2,7 @@ "images": [ { "label": "AP_WAF 1/4", - "image": "debian-plus-nap", + "image": "ubi-8-plus-nap", "type": "plus", "nap_modules": "waf", "marker": "appprotect_waf_policies_allow", @@ -10,7 +10,7 @@ }, { "label": "AP_WAF 2/4", - "image": "debian-plus-nap", + "image": "ubi-9-plus-nap", "type": "plus", "nap_modules": "waf", "marker": "'appprotect_waf_policies and not appprotect_waf_policies_allow and not appprotect_waf_policies_vsr'",