45
45
min_k8s_version : ${{ steps.vars.outputs.min_k8s_version }}
46
46
k8s_latest : ${{ steps.vars.outputs.k8s_latest }}
47
47
helm_changes : ${{ steps.filter.outputs.charts }}
48
- goproxy : ${{ steps.goproxy.outputs.goproxy }}
49
48
steps :
50
49
- name : Checkout Repository
51
50
uses : actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
64
63
echo "Development mode - using dev Artifactory"
65
64
GOPROXY_VALUE="https://${{ secrets.ARTIFACTORY_USER }}:${{ secrets.ARTIFACTORY_TOKEN }}@${{ secrets.ARTIFACTORY_DEV_ENDPOINT }}"
66
65
fi
67
- echo "goproxy=${GOPROXY_VALUE}" >> $GITHUB_OUTPUT
68
66
echo "GOPROXY=${GOPROXY_VALUE}" >> $GITHUB_ENV
69
67
70
68
- name : Setup Golang Environment
@@ -105,12 +103,20 @@ jobs:
105
103
name : Unit Tests
106
104
runs-on : ubuntu-24.04
107
105
needs : vars
108
- env :
109
- GOPROXY : ${{ needs.vars.outputs.goproxy }}
110
106
steps :
111
107
- name : Checkout Repository
112
108
uses : actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
113
109
110
+ - name : Configure GOPROXY
111
+ id : goproxy
112
+ run : |
113
+ if [[ "${{ secrets.ARTIFACTORY_USER }}" == "" ]]; then
114
+ GOPROXY_VALUE="direct"
115
+ else
116
+ GOPROXY_VALUE="https://${{ secrets.ARTIFACTORY_USER }}:${{ secrets.ARTIFACTORY_TOKEN }}@${{ secrets.ARTIFACTORY_DEV_ENDPOINT }}"
117
+ fi
118
+ echo "GOPROXY=${GOPROXY_VALUE}" >> $GITHUB_ENV
119
+
114
120
- name : Setup Golang Environment
115
121
uses : actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
116
122
with :
@@ -159,8 +165,8 @@ jobs:
159
165
name : Build Binary
160
166
runs-on : ${{ github.repository_owner == 'nginx' && (inputs.is_production_release || (github.event_name == 'push' && github.ref == 'refs/heads/main')) && 'ubuntu-24.04-amd64' || 'ubuntu-24.04' }}
161
167
needs : [vars, unit-tests, njs-unit-tests]
162
- env :
163
- GOPROXY : ${{ needs.vars .outputs.goproxy }}
168
+ outputs :
169
+ json : ${{ steps.gateway_binaries .outputs.json }}
164
170
permissions :
165
171
contents : write # for goreleaser/goreleaser-action and lucacome/draft-release to create/update releases
166
172
id-token : write # for goreleaser/goreleaser-action to sign artifacts
@@ -171,6 +177,21 @@ jobs:
171
177
with :
172
178
fetch-depth : 0
173
179
180
+ - name : Configure GOPROXY
181
+ id : goproxy
182
+ run : |
183
+ if [[ "${{ secrets.ARTIFACTORY_USER }}" == "" ]]; then
184
+ echo "No Artifactory secrets available - using direct GOPROXY"
185
+ GOPROXY_VALUE="direct"
186
+ elif [[ "${{ inputs.is_production_release }}" == "true" ]] || [[ "${{ github.event_name }}" == "push" && "${{ github.ref }}" == "refs/heads/main" ]]; then
187
+ echo "Production mode - using production Artifactory"
188
+ GOPROXY_VALUE="https://${{ secrets.ARTIFACTORY_USER }}:${{ secrets.ARTIFACTORY_TOKEN }}@${{ secrets.ARTIFACTORY_ENDPOINT }}"
189
+ else
190
+ echo "Development mode - using dev Artifactory"
191
+ GOPROXY_VALUE="https://${{ secrets.ARTIFACTORY_USER }}:${{ secrets.ARTIFACTORY_TOKEN }}@${{ secrets.ARTIFACTORY_DEV_ENDPOINT }}"
192
+ fi
193
+ echo "GOPROXY=${GOPROXY_VALUE}" >> $GITHUB_ENV
194
+
174
195
- name : Setup Golang Environment
175
196
uses : actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
176
197
with :
@@ -220,12 +241,107 @@ jobs:
220
241
TELEMETRY_ENDPOINT : ${{ github.event_name == 'push' && startsWith(github.ref, 'refs/heads/release-') && 'oss-dev.edge.df.f5.com:443' || 'oss.edge.df.f5.com:443' }}
221
242
TELEMETRY_ENDPOINT_INSECURE : " false"
222
243
244
+ - name : Extract gateway binaries info
245
+ id : gateway_binaries
246
+ run : |
247
+ set -e
248
+ binaries=()
249
+ for bin in $(find ${{ github.workspace }}/dist -type f -name "gateway"); do
250
+ dir=$(basename $(dirname "$bin"))
251
+ if [[ "$dir" =~ gateway_([a-zA-Z0-9]+)_([a-zA-Z0-9]+) ]]; then
252
+ os="${BASH_REMATCH[1]}"
253
+ arch="${BASH_REMATCH[2]}"
254
+ digest=$(sha256sum "$bin" | cut -d' ' -f1)
255
+ binaries+=("{\"path\":\"$bin\",\"os\":\"$os\",\"arch\":\"$arch\",\"digest\":\"$digest\"}")
256
+ fi
257
+ done
258
+ # Join array elements with commas
259
+ IFS=','
260
+ json="[${binaries[*]}]"
261
+ echo "Generated JSON: $json"
262
+ echo "json=$json" >> $GITHUB_OUTPUT
263
+
223
264
- name : Cache Artifacts
224
265
uses : actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
225
266
with :
226
267
path : ${{ github.workspace }}/dist
227
268
key : nginx-gateway-fabric-${{ github.run_id }}-${{ github.run_number }}
228
269
270
+ assertion :
271
+ name : Generate and Sign Assertion Documents
272
+ needs : [vars, binary]
273
+ if : ${{ inputs.is_production_release }}
274
+ permissions :
275
+ contents : read
276
+ id-token : write # for compliance-rules action to sign assertion doc
277
+ runs-on : ubuntu-24.04
278
+ strategy :
279
+ fail-fast : false
280
+ matrix :
281
+ gateway : ${{ fromJson(needs.binary.outputs.json) }}
282
+ steps :
283
+ - name : Checkout Repository
284
+ uses : actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
285
+
286
+ - name : Configure GOPROXY
287
+ id : goproxy
288
+ run : |
289
+ if [[ "${{ secrets.ARTIFACTORY_USER }}" == "" ]]; then
290
+ echo "No Artifactory secrets available - using direct GOPROXY"
291
+ GOPROXY_VALUE="direct"
292
+ elif [[ "${{ inputs.is_production_release }}" == "true" ]] || [[ "${{ github.event_name }}" == "push" && "${{ github.ref }}" == "refs/heads/main" ]]; then
293
+ echo "Production mode - using production Artifactory"
294
+ GOPROXY_VALUE="https://${{ secrets.ARTIFACTORY_USER }}:${{ secrets.ARTIFACTORY_TOKEN }}@${{ secrets.ARTIFACTORY_ENDPOINT }}"
295
+ else
296
+ echo "Development mode - using dev Artifactory"
297
+ GOPROXY_VALUE="https://${{ secrets.ARTIFACTORY_USER }}:${{ secrets.ARTIFACTORY_TOKEN }}@${{ secrets.ARTIFACTORY_DEV_ENDPOINT }}"
298
+ fi
299
+ echo "GOPROXY=${GOPROXY_VALUE}" >> $GITHUB_ENV
300
+
301
+ - name : Setup Golang Environment
302
+ uses : actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
303
+ with :
304
+ go-version : stable
305
+
306
+ - name : Fetch Cached Artifacts
307
+ uses : actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
308
+ with :
309
+ path : ${{ github.workspace }}/dist
310
+ key : nginx-gateway-fabric-${{ github.run_id }}-${{ github.run_number }}
311
+
312
+ - name : List Dependencies in Go Binary
313
+ id : godeps
314
+ run : |
315
+ go version -m dist/gateway_${{ matrix.gateway.os }}_${{ matrix.gateway.arch }}*/gateway > goversionm_${{ github.run_id }}_${{ github.run_number }}_${{ matrix.gateway.os }}_${{ matrix.gateway.arch }}.txt
316
+ echo "goversionm=$(find -type f -name "goversionm*.txt" | head -n 1)" >> $GITHUB_OUTPUT
317
+ goversionm=$(find -type f -name "goversionm*.txt" | head -n 1)
318
+ cat $goversionm
319
+
320
+ - name : Generate Assertion Document
321
+ id : assertiondoc
322
+ uses : nginxinc/compliance-rules/.github/actions/assertion@83e452166aaf0ad8f07caf91a4f1f903b3dea1e6
323
+ with :
324
+ artifact-name : ${{ github.event.repository.name }}_${{ github.sha }}_${{ github.run_number }}_${{ matrix.gateway.os }}_${{ matrix.gateway.arch }}
325
+ artifact-digest : ${{ matrix.gateway.digest }}
326
+ build-type : ' github'
327
+ builder-id : ' github.com'
328
+ builder-version : ' 0.1.0-xyz'
329
+ invocation-id : ${{ github.run_id }}.${{ github.run_number }}.${{ strategy.job-index }}
330
+ started-on : ${{ github.event.head_commit.timestamp || github.event.created_at }}
331
+ finished-on : ${{ github.event.head_commit.timestamp || github.event.created_at }}
332
+ artifactory-user : ${{ secrets.ARTIFACTORY_USER }}
333
+ artifactory-api-token : ${{ secrets.ARTIFACTORY_TOKEN }}
334
+ artifactory-url : ${{ secrets.ARTIFACTORY_URL }}
335
+ artifactory-repo : ' f5-nginx-go-local-approved-dependency'
336
+ build-content-path : ${{ steps.godeps.outputs.goversionm }}
337
+ assertion-doc-file : assertion_${{ github.event.repository.name }}_${{ github.sha }}_${{ github.run_id }}_${{ github.run_number }}_${{ matrix.gateway.os }}_${{ matrix.gateway.arch }}.json
338
+
339
+ - name : Sign and Store Assertion Document
340
+ id : sign
341
+ uses : nginxinc/compliance-rules/.github/actions/sign@83e452166aaf0ad8f07caf91a4f1f903b3dea1e6
342
+ with :
343
+ assertion-doc : ${{ steps.assertiondoc.outputs.assertion-document-path }}
344
+
229
345
build-oss :
230
346
name : Build OSS images
231
347
needs : [vars, binary]
@@ -362,12 +478,20 @@ jobs:
362
478
name : CEL Tests
363
479
runs-on : ubuntu-24.04
364
480
needs : vars
365
- env :
366
- GOPROXY : ${{ needs.vars.outputs.goproxy }}
367
481
steps :
368
482
- name : Checkout Repository
369
483
uses : actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
370
484
485
+ - name : Configure GOPROXY
486
+ id : goproxy
487
+ run : |
488
+ if [[ "${{ secrets.ARTIFACTORY_USER }}" == "" ]]; then
489
+ GOPROXY_VALUE="direct"
490
+ else
491
+ GOPROXY_VALUE="https://${{ secrets.ARTIFACTORY_USER }}:${{ secrets.ARTIFACTORY_TOKEN }}@${{ secrets.ARTIFACTORY_DEV_ENDPOINT }}"
492
+ fi
493
+ echo "GOPROXY=${GOPROXY_VALUE}" >> $GITHUB_ENV
494
+
371
495
- name : Setup Golang Environment
372
496
uses : actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
373
497
with :
0 commit comments