nginx
diff --git a/‎.github/workflows/ci-temp.yml‎
Lines changed: 345 additions & 0 deletions b/‎.github/workflows/ci-temp.yml‎
Lines changed: 345 additions & 0 deletions
@@ -0,0 +1,345 @@
+name: CI
+
+on:
+  push:
+    branches:
+      - main
+      - release-*
+    tags:
+      - "v[0-9]+.[0-9]+.[0-9]+*"
+  pull_request:
+    branches:
+      - "**"
+  schedule:
+    - cron: "0 4 * * *" # run every day at 4am UTC
+
+defaults:
+  run:
+    shell: bash
+
+env:
+  GOPROXY: ${{ github.repository_owner == 'nginx' && ((github.event_name == 'push' && github.ref == 'refs/heads/main') || github.ref_type == 'tag') && format('https://{0}:{1}@azr.artifactory.f5net.com/artifactory/api/go/f5-nginx-go-local-approved-dependency', secrets.ARTIFACTORY_USER, secrets.ARTIFACTORY_TOKEN) || github.repository_owner == 'nginx' && format('https://{0}:{1}@azr.artifactory.f5net.com/artifactory/api/go/f5-nginx-go-dev', secrets.ARTIFACTORY_USER, secrets.ARTIFACTORY_TOKEN) || 'direct' }}
+
+concurrency:
+  group: ${{ github.ref_name }}-ci
+  cancel-in-progress: true
+
+permissions:
+  contents: read
+
+jobs:
+  vars:
+    name: Checks and variables
+    runs-on: ubuntu-24.04
+    outputs:
+      go_path: ${{ steps.vars.outputs.go_path }}
+      min_k8s_version: ${{ steps.vars.outputs.min_k8s_version }}
+      k8s_latest: ${{ steps.vars.outputs.k8s_latest }}
+      helm_changes: ${{ steps.filter.outputs.charts }}
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          fetch-depth: 0
+          token: ${{ github.actor == 'renovate[bot]' && secrets.NGINX_PAT || github.token }}
+
+      - name: Setup Golang Environment
+        uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
+        with:
+          go-version: stable
+          cache-dependency-path: |
+            go.sum
+            .github/.cache/buster-for-vars
+
+      - name: Check for changes
+        uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
+        id: filter
+        with:
+          filters: |
+            charts:
+            - charts/nginx-gateway-fabric/**/*
+
+      - name: Output Variables
+        id: vars
+        run: |
+          K8S_KIND_VERSION=v1.33.2 # renovate: datasource=docker depName=kindest/node
+          echo "go_path=$(go env GOPATH)" >> $GITHUB_OUTPUT
+          echo "min_k8s_version=v1.25.16" >> $GITHUB_OUTPUT
+          echo "k8s_latest=${K8S_KIND_VERSION}" >> $GITHUB_OUTPUT
+
+      - name: Check if go.mod and go.sum are up to date
+        run: go mod tidy && git diff --exit-code -- go.mod go.sum
+
+      - name: Check if go.mod and go.sum are up to date in tests
+        run: go mod tidy && git diff --exit-code -- go.mod go.sum
+        working-directory: tests
+
+      - name: Check if all the generated files are up to date
+        run: make generate-all && git diff --exit-code
+
+  unit-tests:
+    name: Unit Tests
+    runs-on: ubuntu-24.04
+    needs: vars
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: Setup Golang Environment
+        uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
+        with:
+          go-version: stable
+          cache-dependency-path: |
+            go.sum
+            .github/.cache/buster-for-unit-tests
+
+      - name: Run Tests
+        run: make unit-test
+
+      - name: Upload coverage reports to Codecov
+        uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3
+        with:
+          token: ${{ secrets.CODECOV_TOKEN }}
+
+      - name: Upload Coverage Report
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        with:
+          name: cover-${{ github.run_id }}.html
+          path: ${{ github.workspace }}/cover.html
+        if: always()
+
+  njs-unit-tests:
+    name: NJS Unit Tests
+    runs-on: ubuntu-24.04
+    needs: vars
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: Setup Node.js Environment
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
+        with:
+          node-version-file: .nvmrc
+
+      - name: Run tests
+        run: npm --prefix ${{ github.workspace }}/internal/controller/nginx/modules install-ci-test
+
+      - name: Upload coverage reports to Codecov
+        uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3
+        with:
+          token: ${{ secrets.CODECOV_TOKEN }}
+
+  binary:
+    name: Build Binary
+    runs-on: ${{ github.repository_owner == 'nginx' && (github.ref_type == 'tag' || (github.event_name == 'push' && github.ref == 'refs/heads/main')) && 'ubuntu-22.04-amd64' || 'ubuntu-24.04' }}
+    needs: [vars, unit-tests, njs-unit-tests]
+    permissions:
+      contents: write # for goreleaser/goreleaser-action and lucacome/draft-release to create/update releases
+      id-token: write # for goreleaser/goreleaser-action to sign artifacts
+      issues: write # for goreleaser/goreleaser-action to close milestone
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          fetch-depth: 0
+
+      - name: Setup Golang Environment
+        uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
+        with:
+          go-version: stable
+          cache-dependency-path: |
+            go.sum
+            .github/.cache/buster-for-binary
+
+      - name: Create/Update Draft
+        uses: lucacome/draft-release@00f74370c044c322da6cb52acc707d62c7762c71 # v1.2.4
+        with:
+          minor-label: "enhancement"
+          major-label: "change"
+          publish: ${{ github.ref_type == 'tag' }}
+          collapse-after: 20
+          notes-header: |
+            *Below is the auto-generated changelog, which includes all PRs that went into the release.
+            For a shorter version that highlights only important changes, see [CHANGELOG.md](https://github.com/nginx/nginx-gateway-fabric/blob/{{version}}/CHANGELOG.md).*
+        if: ${{ github.event_name == 'push' && github.ref != 'refs/heads/main' }}
+
+      - name: Download Syft
+        uses: anchore/sbom-action/download-syft@7b36ad622f042cab6f59a75c2ac24ccb256e9b45 # v0.20.4
+        if: github.ref_type == 'tag'
+
+      - name: Install Cosign
+        uses: sigstore/cosign-installer@d58896d6a1865668819e1d91763c7751a165e159 # v3.9.2
+        if: github.ref_type == 'tag'
+
+      - name: Build binary
+        uses: goreleaser/goreleaser-action@9c156ee8a17a598857849441385a2041ef570552 # v6.3.0
+        with:
+          version: v2.11.2 # renovate: datasource=github-tags depName=goreleaser/goreleaser
+          args: ${{ github.ref_type == 'tag' && 'release' || 'build --snapshot' }} --clean
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GOPATH: ${{ needs.vars.outputs.go_path }}
+          AZURE_STORAGE_ACCOUNT: ${{ secrets.AZURE_STORAGE_ACCOUNT }}
+          AZURE_STORAGE_KEY: ${{ secrets.AZURE_STORAGE_KEY }}
+          AZURE_BUCKET_NAME: ${{ secrets.AZURE_BUCKET_NAME }}
+          SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_COMMUNITY }}
+          TELEMETRY_ENDPOINT: ${{ github.event_name == 'push' && startsWith(github.ref, 'refs/heads/release-') && 'oss-dev.edge.df.f5.com:443' || 'oss.edge.df.f5.com:443' }}
+          TELEMETRY_ENDPOINT_INSECURE: "false"
+
+      - name: Cache Artifacts
+        uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
+        with:
+          path: ${{ github.workspace }}/dist
+          key: nginx-gateway-fabric-${{ github.run_id }}-${{ github.run_number }}
+
+  build-oss:
+    name: Build OSS images
+    needs: [vars, binary]
+    strategy:
+      fail-fast: false
+      matrix:
+        image: [ngf, nginx]
+        platforms: ["linux/arm64, linux/amd64"]
+    uses: ./.github/workflows/build.yml
+    with:
+      image: ${{ matrix.image }}
+      platforms: ${{ matrix.platforms }}
+    permissions:
+      contents: read # for docker/build-push-action to read repo content
+      security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
+      packages: write # for docker/build-push-action to push to GHCR
+      id-token: write # for docker/login to login to NGINX registry
+    secrets: inherit
+
+  build-plus:
+    name: Build Plus images
+    needs: [vars, binary]
+    uses: ./.github/workflows/build.yml
+    with:
+      image: plus
+      platforms: "linux/arm64, linux/amd64"
+    permissions:
+      contents: read # for docker/build-push-action to read repo content
+      security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
+      packages: write # for docker/build-push-action to push to GHCR
+      id-token: write # for docker/login to login to NGINX registry
+    secrets: inherit
+
+  functional-tests:
+    name: Functional tests
+    needs: [vars, build-oss, build-plus]
+    strategy:
+      fail-fast: false
+      matrix:
+        image: [nginx, plus]
+        k8s-version:
+          [
+            "${{ needs.vars.outputs.min_k8s_version }}",
+            "${{ needs.vars.outputs.k8s_latest }}",
+          ]
+    uses: ./.github/workflows/functional.yml
+    with:
+      image: ${{ matrix.image }}
+      k8s-version: ${{ matrix.k8s-version }}
+    secrets: inherit
+    permissions:
+      contents: read
+
+  conformance-tests:
+    name: Conformance tests
+    needs: [vars, build-oss, build-plus]
+    strategy:
+      fail-fast: false
+      matrix:
+        image: [nginx, plus]
+        k8s-version:
+          [
+            "${{ needs.vars.outputs.min_k8s_version }}",
+            "${{ needs.vars.outputs.k8s_latest }}",
+          ]
+        enable-experimental: [true, false]
+    uses: ./.github/workflows/conformance.yml
+    with:
+      image: ${{ matrix.image }}
+      k8s-version: ${{ matrix.k8s-version }}
+      enable-experimental: ${{ matrix.enable-experimental }}
+    secrets: inherit
+    permissions:
+      contents: write
+
+  helm-tests:
+    name: Helm Tests
+    needs: [vars, build-oss, build-plus]
+    strategy:
+      fail-fast: false
+      matrix:
+        image: [nginx, plus]
+        k8s-version:
+          [
+            "${{ needs.vars.outputs.min_k8s_version }}",
+            "${{ needs.vars.outputs.k8s_latest }}",
+          ]
+    uses: ./.github/workflows/helm.yml
+    with:
+      image: ${{ matrix.image }}
+      k8s-version: ${{ matrix.k8s-version }}
+    secrets: inherit
+    if: ${{ needs.vars.outputs.helm_changes == 'true' || github.event_name == 'schedule' }}
+
+  publish-helm:
+    name: Package and Publish Helm Chart
+    runs-on: ${{ github.repository_owner == 'nginx' && (github.ref_type == 'tag' || (github.event_name == 'push' && github.ref == 'refs/heads/main')) && 'ubuntu-22.04-amd64' || 'ubuntu-24.04' }}
+    needs: [vars, helm-tests]
+    if: ${{ github.event_name == 'push' && ! startsWith(github.ref, 'refs/heads/release-') }}
+    permissions:
+      contents: read
+      packages: write # for helm to push to GHCR
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Package
+        id: package
+        run: |
+          output=$(helm package ${{ github.ref_type != 'tag' && '--app-version edge --version 0.0.0-edge' || '' }} charts/nginx-gateway-fabric)
+          echo "path=$(basename -- $(echo $output | cut -d: -f2))" >> $GITHUB_OUTPUT
+
+      - name: Push to GitHub Container Registry
+        run: |
+          helm push ${{ steps.package.outputs.path }} oci://ghcr.io/nginx/charts
+
+  cel-tests:
+    name: CEL Tests
+    runs-on: ubuntu-24.04
+    needs: vars
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: Setup Golang Environment
+        uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
+        with:
+          go-version: stable
+          cache-dependency-path: |
+            go.sum
+            .github/.cache/buster-for-unit-tests
+
+      - name: Deploy Kubernetes
+        id: k8s
+        run: |
+          kind create cluster --name ${{ github.run_id }} --image=kindest/node:${{ needs.vars.outputs.k8s_latest }}
+
+      - name: Apply CustomResourceDefinition
+        run: |
+          kubectl kustomize config/crd | kubectl apply --server-side -f -
+
+      - name: Run Tests
+        run: make test-cel-validation
+        working-directory: ./tests