diff --git a/.github/config/config-gcr-retag b/.github/config/config-gcr-retag index 07e0e71beb..3273e6ffaf 100644 --- a/.github/config/config-gcr-retag +++ b/.github/config/config-gcr-retag @@ -1,7 +1,7 @@ export TARGET_REGISTRY=gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev -declare -a PLUS_TAG_POSTFIX_LIST=("" "-alpine" "-alpine-fips" "-mktpl") -declare -a NAP_WAF_TAG_POSTFIX_LIST=("" "-mktpl" "-alpine-fips") -declare -a NAP_WAFV5_TAG_POSTFIX_LIST=("" "-alpine-fips") -declare -a NAP_DOS_TAG_POSTFIX_LIST=("" "-mktpl") -declare -a NAP_WAF_DOS_TAG_POSTFIX_LIST=("" "-mktpl") +declare -a PLUS_TAG_POSTFIX_LIST=("" "-ubi" "-alpine" "-alpine-fips" "-mktpl") +declare -a NAP_WAF_TAG_POSTFIX_LIST=("" "-ubi" "-ubi8" "-mktpl" "-alpine-fips") +declare -a NAP_WAFV5_TAG_POSTFIX_LIST=("" "-ubi" "-ubi8" "-alpine-fips") +declare -a NAP_DOS_TAG_POSTFIX_LIST=("" "-ubi" "-mktpl") +declare -a NAP_WAF_DOS_TAG_POSTFIX_LIST=("" "-ubi" "-mktpl") declare -a ADDITIONAL_TAGS=() diff --git a/.github/config/config-plus-gcr-release b/.github/config/config-plus-gcr-release index 9cf8fb9723..e1c6d12e01 100644 --- a/.github/config/config-plus-gcr-release +++ b/.github/config/config-plus-gcr-release @@ -1,8 +1,8 @@ export TARGET_REGISTRY=gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/release -declare -a PLUS_TAG_POSTFIX_LIST=("" "-alpine" "-alpine-fips" "-mktpl") -declare -a NAP_WAF_TAG_POSTFIX_LIST=("" "-alpine-fips" "-mktpl") -declare -a NAP_WAFV5_TAG_POSTFIX_LIST=("" "-alpine-fips") -declare -a NAP_DOS_TAG_POSTFIX_LIST=("" "-mktpl") -declare -a NAP_WAF_DOS_TAG_POSTFIX_LIST=("" "-mktpl") +declare -a PLUS_TAG_POSTFIX_LIST=("" "-ubi" "-alpine" "-alpine-fips" "-mktpl") +declare -a NAP_WAF_TAG_POSTFIX_LIST=("" "-ubi" "-ubi8" "-alpine-fips" "-mktpl") +declare -a NAP_WAFV5_TAG_POSTFIX_LIST=("" "-ubi" "-alpine-fips" "-ubi8") +declare -a NAP_DOS_TAG_POSTFIX_LIST=("" "-ubi" "-mktpl") +declare -a NAP_WAF_DOS_TAG_POSTFIX_LIST=("" "-ubi" "-mktpl") declare -a ADDITIONAL_TAGS=("latest" "${ADDITIONAL_TAG}") export PUBLISH_OSS=false diff --git a/.github/config/config-plus-nginx b/.github/config/config-plus-nginx index b7633a1434..546c636721 100644 --- a/.github/config/config-plus-nginx +++ b/.github/config/config-plus-nginx @@ -1,8 +1,8 @@ export TARGET_REGISTRY=docker-mgmt.nginx.com export TARGET_NAP_WAF_DOS_IMAGE_PREFIX="nginx-ic-nap-dos/nginx-plus-ingress" -declare -a PLUS_TAG_POSTFIX_LIST=("" "-alpine" "-alpine-fips") -declare -a NAP_WAF_TAG_POSTFIX_LIST=("" "-alpine-fips") -declare -a NAP_WAFV5_TAG_POSTFIX_LIST=("" "-alpine-fips") -declare -a NAP_DOS_TAG_POSTFIX_LIST=("") -declare -a NAP_WAF_DOS_TAG_POSTFIX_LIST=("") +declare -a PLUS_TAG_POSTFIX_LIST=("" "-ubi" "-alpine" "-alpine-fips") +declare -a NAP_WAF_TAG_POSTFIX_LIST=("" "-ubi" "-ubi8" "-alpine-fips") +declare -a NAP_WAFV5_TAG_POSTFIX_LIST=("" "-ubi" "-ubi8" "-alpine-fips") +declare -a NAP_DOS_TAG_POSTFIX_LIST=("" "-ubi") +declare -a NAP_WAF_DOS_TAG_POSTFIX_LIST=("" "-ubi") export PUBLISH_OSS=false diff --git a/.github/data/matrix-images-nap.json b/.github/data/matrix-images-nap.json index a391e9314b..b93c8404d3 100644 --- a/.github/data/matrix-images-nap.json +++ b/.github/data/matrix-images-nap.json @@ -15,6 +15,36 @@ "waf,dos" ], "include": [ + { + "image": "ubi-8-plus-nap", + "target": "goreleaser", + "platforms": "linux/amd64", + "nap_modules": "waf" + }, + { + "image": "ubi-8-plus-nap-v5", + "target": "goreleaser", + "platforms": "linux/amd64", + "nap_modules": "waf" + }, + { + "image": "ubi-9-plus-nap", + "target": "goreleaser", + "platforms": "linux/amd64", + "nap_modules": "waf" + }, + { + "image": "ubi-9-plus-nap", + "target": "goreleaser", + "platforms": "linux/amd64", + "nap_modules": "dos" + }, + { + "image": "ubi-9-plus-nap", + "target": "goreleaser", + "platforms": "linux/amd64", + "nap_modules": "waf,dos" + }, { "image": "alpine-plus-nap-fips", "target": "goreleaser", @@ -32,6 +62,12 @@ "target": "goreleaser", "platforms": "linux/amd64", "nap_modules": "waf" + }, + { + "image": "ubi-9-plus-nap-v5", + "target": "goreleaser", + "platforms": "linux/amd64", + "nap_modules": "waf" } ] } diff --git a/.github/data/matrix-images-oss.json b/.github/data/matrix-images-oss.json index 7c94faf8e3..237c3014fb 100644 --- a/.github/data/matrix-images-oss.json +++ b/.github/data/matrix-images-oss.json @@ -5,5 +5,11 @@ ], "platforms": [ "linux/arm, linux/arm64, linux/amd64, linux/ppc64le, linux/s390x" + ], + "include": [ + { + "image": "ubi", + "platforms": "linux/arm64, linux/amd64, linux/ppc64le, linux/s390x" + } ] } diff --git a/.github/data/matrix-images-plus.json b/.github/data/matrix-images-plus.json index b74a88d670..ab1717d37d 100644 --- a/.github/data/matrix-images-plus.json +++ b/.github/data/matrix-images-plus.json @@ -15,6 +15,11 @@ "image": "debian-plus", "platforms": "linux/arm64, linux/amd64", "target": "aws" + }, + { + "image": "ubi-9-plus", + "platforms": "linux/arm64, linux/amd64", + "target": "goreleaser" } ] } diff --git a/.github/data/matrix-smoke-nap.json b/.github/data/matrix-smoke-nap.json index b2d6f4a400..1d780e7a7d 100644 --- a/.github/data/matrix-smoke-nap.json +++ b/.github/data/matrix-smoke-nap.json @@ -2,7 +2,7 @@ "images": [ { "label": "AP_WAF 1/4", - "image": "debian-plus-nap", + "image": "ubi-8-plus-nap", "type": "plus", "nap_modules": "waf", "marker": "appprotect_waf_policies_allow", @@ -10,7 +10,7 @@ }, { "label": "AP_WAF 2/4", - "image": "debian-plus-nap", + "image": "ubi-9-plus-nap", "type": "plus", "nap_modules": "waf", "marker": "'appprotect_waf_policies and not appprotect_waf_policies_allow and not appprotect_waf_policies_vsr'", @@ -58,7 +58,7 @@ }, { "label": "AP_DOS 3/3", - "image": "debian-plus-nap", + "image": "ubi-9-plus-nap", "type": "plus", "nap_modules": "dos", "marker": "dos_learning", diff --git a/.github/data/matrix-smoke-oss.json b/.github/data/matrix-smoke-oss.json index 52a9a7f456..a15b9b8937 100644 --- a/.github/data/matrix-smoke-oss.json +++ b/.github/data/matrix-smoke-oss.json @@ -72,7 +72,7 @@ }, { "label": "TS", - "image": "debian", + "image": "ubi", "type": "oss", "marker": "ts", "platforms": "linux/arm64, linux/amd64, linux/ppc64le, linux/s390x" diff --git a/.github/data/matrix-smoke-plus.json b/.github/data/matrix-smoke-plus.json index a67fa4addb..572d6e4d8a 100644 --- a/.github/data/matrix-smoke-plus.json +++ b/.github/data/matrix-smoke-plus.json @@ -65,14 +65,14 @@ }, { "label": "policies 1/2", - "image": "alpine-plus", + "image": "ubi-9-plus", "type": "plus", "marker": "'policies and not policies_ac and not policies_jwt and not policies_mtls'", "platforms": "linux/arm64, linux/amd64, linux/s390x" }, { "label": "policies 2/2", - "image": "debian-plus", + "image": "ubi-9-plus", "type": "plus", "marker": "'policies_ac or policies_jwt or policies_mtls'", "platforms": "linux/arm64, linux/amd64, linux/s390x" diff --git a/.github/data/patch-images.json b/.github/data/patch-images.json index 22b2662e35..b258b2c4ce 100644 --- a/.github/data/patch-images.json +++ b/.github/data/patch-images.json @@ -11,6 +11,12 @@ "target_image": "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress", "platforms": "linux/arm, linux/arm64, linux/amd64, linux/ppc64le, linux/s390x" }, + { + "source_image": "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/release/nginx-ic/nginx-ingress", + "source_os": "ubi", + "target_image": "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress", + "platforms": "linux/arm64, linux/amd64, linux/ppc64le, linux/s390x" + }, { "source_image": "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/release/nginx-ic/nginx-plus-ingress", "source_os": "debian", @@ -35,6 +41,12 @@ "target_image": "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress", "platforms": "linux/arm64, linux/amd64" }, + { + "source_image": "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/release/nginx-ic/nginx-plus-ingress", + "source_os": "ubi", + "target_image": "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress", + "platforms": "linux/arm64, linux/amd64" + }, { "source_image": "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/release/nginx-ic-nap/nginx-plus-ingress", "source_os": "debian", @@ -47,6 +59,18 @@ "target_image": "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress", "platforms": "linux/amd64" }, + { + "source_image": "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/release/nginx-ic-nap/nginx-plus-ingress", + "source_os": "ubi", + "target_image": "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress", + "platforms": "linux/amd64" + }, + { + "source_image": "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/release/nginx-ic-nap/nginx-plus-ingress", + "source_os": "ubi8", + "target_image": "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress", + "platforms": "linux/amd64" + }, { "source_image": "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/release/nginx-ic-nap/nginx-plus-ingress", "source_os": "alpine-fips", @@ -59,6 +83,18 @@ "target_image": "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress", "platforms": "linux/amd64" }, + { + "source_image": "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/release/nginx-ic-nap-v5/nginx-plus-ingress", + "source_os": "ubi", + "target_image": "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress", + "platforms": "linux/amd64" + }, + { + "source_image": "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/release/nginx-ic-nap-v5/nginx-plus-ingress", + "source_os": "ubi8", + "target_image": "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress", + "platforms": "linux/amd64" + }, { "source_image": "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/release/nginx-ic-nap-v5/nginx-plus-ingress", "source_os": "alpine-fips", @@ -77,6 +113,12 @@ "target_image": "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos/nginx-plus-ingress", "platforms": "linux/amd64" }, + { + "source_image": "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/release/nginx-ic-dos/nginx-plus-ingress", + "source_os": "ubi", + "target_image": "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos/nginx-plus-ingress", + "platforms": "linux/amd64" + }, { "source_image": "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/release/nginx-ic-dos-nap/nginx-plus-ingress", "source_os": "debian", @@ -88,5 +130,11 @@ "source_os": "mktpl", "target_image": "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress", "platforms": "linux/amd64" + }, + { + "source_image": "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/release/nginx-ic-dos-nap/nginx-plus-ingress", + "source_os": "ubi", + "target_image": "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress", + "platforms": "linux/amd64" } ] diff --git a/.github/scripts/copy-images.sh b/.github/scripts/copy-images.sh index ef8d7d0375..bb3a2240ea 100755 --- a/.github/scripts/copy-images.sh +++ b/.github/scripts/copy-images.sh @@ -46,12 +46,12 @@ TARGET_NAP_WAFV5_IMAGE_PREFIX=${TARGET_NAP_WAFV5_IMAGE_PREFIX:-"nginx-ic-nap-v5/ TARGET_NAP_DOS_IMAGE_PREFIX=${TARGET_NAP_DOS_IMAGE_PREFIX:-"nginx-ic-dos/nginx-plus-ingress"} TARGET_NAP_WAF_DOS_IMAGE_PREFIX=${TARGET_NAP_WAF_DOS_IMAGE_PREFIX:-"nginx-ic-dos-nap/nginx-plus-ingress"} -declare -a OSS_TAG_POSTFIX_LIST=("" "-alpine") -declare -a PLUS_TAG_POSTFIX_LIST=("" "-alpine" "-alpine-fips") -declare -a NAP_WAF_TAG_POSTFIX_LIST=("" "-alpine-fips") -declare -a NAP_WAFV5_TAG_POSTFIX_LIST=("" "-alpine-fips") -declare -a NAP_DOS_TAG_POSTFIX_LIST=("") -declare -a NAP_WAF_DOS_TAG_POSTFIX_LIST=("") +declare -a OSS_TAG_POSTFIX_LIST=("" "-ubi" "-alpine") +declare -a PLUS_TAG_POSTFIX_LIST=("" "-ubi" "-alpine" "-alpine-fips") +declare -a NAP_WAF_TAG_POSTFIX_LIST=("" "-ubi" "-alpine-fips") +declare -a NAP_WAFV5_TAG_POSTFIX_LIST=("" "-ubi" "-alpine-fips") +declare -a NAP_DOS_TAG_POSTFIX_LIST=("" "-ubi") +declare -a NAP_WAF_DOS_TAG_POSTFIX_LIST=("" "-ubi") CONFIG_PATH=${CONFIG_PATH:-~/.nic-release/config} if [ -f "$CONFIG_PATH" ]; then diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 9b33743bd1..ac9614c6d3 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -294,14 +294,14 @@ jobs: with: ref: ${{ inputs.release_branch }} - # - name: Certify UBI OSS images in quay - # uses: ./.github/actions/certify-openshift-image - # continue-on-error: true - # with: - # image: quay.io/nginx/nginx-ingress:${{ inputs.nic_version }}-ubi - # project_id: ${{ secrets.CERTIFICATION_PROJECT_ID }} - # pyxis_token: ${{ secrets.PYXIS_API_TOKEN }} - # preflight_version: 1.11.1 + - name: Certify UBI OSS images in quay + uses: ./.github/actions/certify-openshift-image + continue-on-error: true + with: + image: quay.io/nginx/nginx-ingress:${{ inputs.nic_version }}-ubi + project_id: ${{ secrets.CERTIFICATION_PROJECT_ID }} + pyxis_token: ${{ secrets.PYXIS_API_TOKEN }} + preflight_version: 1.11.1 operator: if: ${{ ! cancelled() && ! failure() && ! inputs.dry_run && ! contains(inputs.skip_step, 'operator') && !contains(inputs.skip_step, 'publish-helm-chart') }} @@ -621,7 +621,7 @@ jobs: strategy: fail-fast: false matrix: - image: ["nginx/nginx-ingress:${{ inputs.nic_version }}", "nginx/nginx-ingress:${{ inputs.nic_version }}-alpine"] + image: ["nginx/nginx-ingress:${{ inputs.nic_version }}", "nginx/nginx-ingress:${{ inputs.nic_version }}-ubi", "nginx/nginx-ingress:${{ inputs.nic_version }}-alpine"] steps: - name: Checkout Repository uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 diff --git a/.github/workflows/update-docker-images.yml b/.github/workflows/update-docker-images.yml index 4aa4a6e183..fe65c8267e 100644 --- a/.github/workflows/update-docker-images.yml +++ b/.github/workflows/update-docker-images.yml @@ -177,12 +177,12 @@ jobs: - name: Checkout Repository uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - # - name: Certify UBI OSS images in quay - # uses: ./.github/actions/certify-openshift-image - # with: - # image: quay.io/nginx/nginx-ingress:${{ needs.variables.outputs.tag }}-ubi - # project_id: ${{ secrets.CERTIFICATION_PROJECT_ID }} - # pyxis_token: ${{ secrets.PYXIS_API_TOKEN }} - # platforms: "" - # preflight_version: 1.11.1 - # submit: ${{ ! inputs.dry_run || true }} + - name: Certify UBI OSS images in quay + uses: ./.github/actions/certify-openshift-image + with: + image: quay.io/nginx/nginx-ingress:${{ needs.variables.outputs.tag }}-ubi + project_id: ${{ secrets.CERTIFICATION_PROJECT_ID }} + pyxis_token: ${{ secrets.PYXIS_API_TOKEN }} + platforms: "" + preflight_version: 1.11.1 + submit: ${{ ! inputs.dry_run || true }}