From 3c75c1e770bdd2619a4959ad9d0ebd813dd9a16d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 19 Dec 2024 08:14:12 +0000 Subject: [PATCH 1/5] chore(deps): bump redhat/ubi9-minimal from `dee813b` to `daa61d6` in /build (#7016) chore(deps): bump redhat/ubi9-minimal in /build Bumps redhat/ubi9-minimal from `dee813b` to `daa61d6`. --- updated-dependencies: - dependency-name: redhat/ubi9-minimal dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- build/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build/Dockerfile b/build/Dockerfile index ea129ec58..ef509e5e0 100644 --- a/build/Dockerfile +++ b/build/Dockerfile @@ -16,7 +16,7 @@ FROM ghcr.io/nginxinc/dependencies/nginx-ot:nginx-1.27.3-alpine@sha256:8def19bba FROM ghcr.io/nginxinc/dependencies/nginx-ubi-ppc64le:nginx-1.27.3@sha256:4cda07664f09f16d780d1e803b9748c31489ea21c463bbcca50d9dcf26081a6f AS ubi-ppc64le FROM ghcr.io/nginxinc/alpine-fips:0.2.3-alpine3.17@sha256:67b69b49aff96e185be841e2b2ff2d8236551ea5c18002bffa4344798d803fd8 AS alpine-fips-3.17 FROM ghcr.io/nginxinc/alpine-fips:0.2.3-alpine3.20@sha256:4c29e5c50b122354d9d4ba6b97cdf64647468e788b965fc0240ead541653454a AS alpine-fips-3.20 -FROM redhat/ubi9-minimal:9.5@sha256:dee813b83663d420eb108983a1c94c614ff5d3fcb5159a7bd0324f0edbe7fca1 AS ubi-minimal +FROM redhat/ubi9-minimal:9.5@sha256:daa61d6103e98bccf40d7a69a0d4f8786ec390e2204fd94f7cc49053e9949360 AS ubi-minimal FROM golang:1.23-alpine@sha256:6c5c9590f169f77c8046e45c611d3b28fe477789acd8d3762d23d4744de69812 AS golang-builder From b2fa233ab95d68dab733bd05222c2945f867fd4d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 19 Dec 2024 08:41:41 +0000 Subject: [PATCH 2/5] chore(deps): bump the python group in /tests with 3 updates (#7001) Bumps the python group in /tests with 3 updates: [attrs](https://github.com/sponsors/hynek), [certifi](https://github.com/certifi/python-certifi) and [google-auth](https://github.com/googleapis/google-auth-library-python). Updates `attrs` from 24.2.0 to 24.3.0 - [Commits](https://github.com/sponsors/hynek/commits) Updates `certifi` from 2024.8.30 to 2024.12.14 - [Commits](https://github.com/certifi/python-certifi/compare/2024.08.30...2024.12.14) Updates `google-auth` from 2.36.0 to 2.37.0 - [Release notes](https://github.com/googleapis/google-auth-library-python/releases) - [Changelog](https://github.com/googleapis/google-auth-library-python/blob/main/CHANGELOG.md) - [Commits](https://github.com/googleapis/google-auth-library-python/compare/v2.36.0...v2.37.0) --- updated-dependencies: - dependency-name: attrs dependency-type: direct:production update-type: version-update:semver-minor dependency-group: python - dependency-name: certifi dependency-type: direct:production update-type: version-update:semver-minor dependency-group: python - dependency-name: google-auth dependency-type: direct:production update-type: version-update:semver-minor dependency-group: python ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Paul Abel <128620221+pdabelf5@users.noreply.github.com> Co-authored-by: Jakub Jarosz <99677300+jjngx@users.noreply.github.com> --- tests/requirements.txt | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/tests/requirements.txt b/tests/requirements.txt index e3e4f493d..7abfc0618 100644 --- a/tests/requirements.txt +++ b/tests/requirements.txt @@ -4,9 +4,9 @@ # # pip-compile --generate-hashes --resolver=backtracking requirements.txt # -attrs==24.2.0 \ - --hash=sha256:5cfb1b9148b5b086569baec03f20d7b6bf3bcacc9a42bebf87ffaaca362f6346 \ - --hash=sha256:81921eb96de3191c8258c199618104dd27ac608d9366f5e35d011eae1867ede2 +attrs==24.3.0 \ + --hash=sha256:8f5c07333d543103541ba7be0e2ce16eeee8130cb0b3f9238ab904ce1e85baff \ + --hash=sha256:ac96cd038792094f438ad1f6ff80837353805ac950cd2aa0e0625ef19850c308 # via -r requirements.txt cachetools==5.5.0 \ --hash=sha256:02134e8439cdc2ffb62023ce1debca2944c3f289d66bb17ead3ab3dede74b292 \ @@ -14,9 +14,9 @@ cachetools==5.5.0 \ # via # -r requirements.txt # google-auth -certifi==2024.8.30 \ - --hash=sha256:922820b53db7a7257ffbda3f597266d435245903d80737e34f8a45ff3e3230d8 \ - --hash=sha256:bec941d2aa8195e248a60b31ff9f0558284cf01a52591ceda73ea9afffd69fd9 +certifi==2024.12.14 \ + --hash=sha256:1275f7a45be9464efc1173084eaa30f866fe2e47d389406136d332ed4967ec56 \ + --hash=sha256:b650d30f370c2b724812bee08008be0c4163b163ddaec3f2546c1caf65f191db # via # -r requirements.txt # kubernetes @@ -248,9 +248,9 @@ forcediphttpsadapter==1.1.0 \ --hash=sha256:0d224cf6e8e50eb788c9f5994a7afa6d389bac6dbe540b7dfd77a32590ad0153 \ --hash=sha256:5e7662ece61735585332d09b87d94fffe4752469d5c0d3feff48746e5d70744b # via -r requirements.txt -google-auth==2.36.0 \ - --hash=sha256:51a15d47028b66fd36e5c64a82d2d57480075bccc7da37cde257fc94177a61fb \ - --hash=sha256:545e9618f2df0bcbb7dcbc45a546485b1212624716975a1ea5ae8149ce769ab1 +google-auth==2.37.0 \ + --hash=sha256:0054623abf1f9c83492c63d3f47e77f0a544caa3d40b2d98e099a611c2dd5d00 \ + --hash=sha256:42664f18290a6be591be5329a96fe30184be1a1badb7292a7f686a9659de9ca0 # via # -r requirements.txt # kubernetes From 001bed9d3b9344e7540786a8fb9b1c6b9510b530 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 19 Dec 2024 09:47:48 +0000 Subject: [PATCH 3/5] chore(deps): bump github.com/gruntwork-io/terratest from 0.48.0 to 0.48.1 in the go group (#7017) chore(deps): bump github.com/gruntwork-io/terratest in the go group Bumps the go group with 1 update: [github.com/gruntwork-io/terratest](https://github.com/gruntwork-io/terratest). Updates `github.com/gruntwork-io/terratest` from 0.48.0 to 0.48.1 - [Release notes](https://github.com/gruntwork-io/terratest/releases) - [Commits](https://github.com/gruntwork-io/terratest/compare/v0.48.0...v0.48.1) --- updated-dependencies: - dependency-name: github.com/gruntwork-io/terratest dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Paul Abel <128620221+pdabelf5@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 8a9478933..7b4ef92d6 100644 --- a/go.mod +++ b/go.mod @@ -10,7 +10,7 @@ require ( github.com/gkampitakis/go-snaps v0.5.7 github.com/golang-jwt/jwt/v4 v4.5.1 github.com/google/go-cmp v0.6.0 - github.com/gruntwork-io/terratest v0.48.0 + github.com/gruntwork-io/terratest v0.48.1 github.com/jinzhu/copier v0.4.0 github.com/nginxinc/nginx-plus-go-client/v2 v2.1.0 github.com/nginxinc/nginx-prometheus-exporter v1.4.0 diff --git a/go.sum b/go.sum index f10c61b8b..33b7a58d5 100644 --- a/go.sum +++ b/go.sum @@ -213,8 +213,8 @@ github.com/grpc-ecosystem/grpc-gateway/v2 v2.24.0 h1:TmHmbvxPmaegwhDubVz0lICL0J5 github.com/grpc-ecosystem/grpc-gateway/v2 v2.24.0/go.mod h1:qztMSjm835F2bXf+5HKAPIS5qsmQDqZna/PgVt4rWtI= github.com/gruntwork-io/go-commons v0.8.0 h1:k/yypwrPqSeYHevLlEDmvmgQzcyTwrlZGRaxEM6G0ro= github.com/gruntwork-io/go-commons v0.8.0/go.mod h1:gtp0yTtIBExIZp7vyIV9I0XQkVwiQZze678hvDXof78= -github.com/gruntwork-io/terratest v0.48.0 h1:OoqJYAnBxejInn7TPizFGJNMCFvPHbiWNS3hGFKdHhA= -github.com/gruntwork-io/terratest v0.48.0/go.mod h1:U2EQW4Odlz75XJUH16Kqkr9c93p+ZZtkpVez7GkZFa4= +github.com/gruntwork-io/terratest v0.48.1 h1:pnydDjkWbZCUYXvQkr24y21fBo8PfJC5hRGdwbl1eXM= +github.com/gruntwork-io/terratest v0.48.1/go.mod h1:U2EQW4Odlz75XJUH16Kqkr9c93p+ZZtkpVez7GkZFa4= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I= github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= From 42dd0f6eb56508e174472d671fbc6cc4656c62f6 Mon Sep 17 00:00:00 2001 From: Paul Abel <128620221+pdabelf5@users.noreply.github.com> Date: Thu, 19 Dec 2024 11:02:50 +0000 Subject: [PATCH 4/5] Add minikube as option for running tests (#7018) --- tests/Makefile | 94 ++++++++++++++++++++++++++++++++++++-------------- 1 file changed, 69 insertions(+), 25 deletions(-) diff --git a/tests/Makefile b/tests/Makefile index 73d03877f..0ae510209 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -1,30 +1,31 @@ -SHELL = /bin/bash -ROOT_DIR = $(shell git rev-parse --show-toplevel) -CONTEXT = -PULL_POLICY = IfNotPresent -DEPLOYMENT_TYPE = deployment -SERVICE = nodeport -NODE_IP = -TEST_PREFIX = test-runner -KUBE_CONFIG_FOLDER = ${HOME}/.kube -KIND_KUBE_CONFIG_FOLDER = $(KUBE_CONFIG_FOLDER)/kind -DOCKERFILEPATH := ${ROOT_DIR}/tests/Dockerfile -IP_FAMILY = dual -IC_TYPE ?= nginx-ingress ## The Ingress Controller type to use, "nginx-ingress" or "nginx-plus-ingress". Defaults to "nginx-ingress" -SHOW_IC_LOGS ?= no ## Should the tests show the Ingress Controller logs on failure, "yes" or "no". Defaults to "no" -TEST_TAG ?= latest ## The Tag to use for the test image. e.g. commitsha -REGISTRY ?= docker.io ## The registry where the image is located. For example, docker.io -PREFIX ?= nginx/nginx-ingress ## The name of the image. For example, nginx/nginx-ingress -TAG ?= edge ## The tag of the image. For example, edge -K8S_CLUSTER_NAME ?= local ## The name used when creating/using a Kind Kubernetes cluster -K8S_CLUSTER_VERSION ?= $(shell grep -m1 'FROM kindest/node' < ${DOCKERFILEPATH} | cut -d ':' -f 2 | sed -e 's/^v//' | cut -d '@' -f 1) ## The version used when creating a Kind Kubernetes cluster -K8S_TIMEOUT ?= 75s ## The timeout used when creating a Kind Kubernetes cluster -AD_SECRET ?= -PYTEST_ARGS ?= +SHELL = /bin/bash +ROOT_DIR = $(shell git rev-parse --show-toplevel) +CONTEXT = +PULL_POLICY = IfNotPresent +DEPLOYMENT_TYPE = deployment +SERVICE = nodeport +NODE_IP = +TEST_PREFIX = test-runner +KUBE_CONFIG_FOLDER = ${HOME}/.kube +KIND_KUBE_CONFIG_FOLDER = $(KUBE_CONFIG_FOLDER)/kind +MINIKUBE_KUBE_CONFIG_FOLDER = $(KUBE_CONFIG_FOLDER)/minikube +DOCKERFILEPATH := ${ROOT_DIR}/tests/Dockerfile +IP_FAMILY = dual +IC_TYPE ?= nginx-ingress ## The Ingress Controller type to use, "nginx-ingress" or "nginx-plus-ingress". Defaults to "nginx-ingress" +SHOW_IC_LOGS ?= no ## Should the tests show the Ingress Controller logs on failure, "yes" or "no". Defaults to "no" +TEST_TAG ?= latest ## The Tag to use for the test image. e.g. commitsha +REGISTRY ?= docker.io ## The registry where the image is located. For example, docker.io +PREFIX ?= nginx/nginx-ingress ## The name of the image. For example, nginx/nginx-ingress +TAG ?= edge ## The tag of the image. For example, edge +K8S_CLUSTER_NAME ?= local ## The name used when creating/using a Kind Kubernetes cluster +K8S_CLUSTER_VERSION ?= $(shell grep -m1 'FROM kindest/node' < ${DOCKERFILEPATH} | cut -d ':' -f 2 | sed -e 's/^v//' | cut -d '@' -f 1) ## The version used when creating a Kind Kubernetes cluster +K8S_TIMEOUT ?= 75s ## The timeout used when creating a Kind Kubernetes cluster +AD_SECRET ?= +PYTEST_ARGS ?= ifeq (${REGISTRY},) -BUILD_IMAGE := $(strip $(PREFIX)):$(strip $(TAG)) +BUILD_IMAGE := $(strip $(PREFIX)):$(strip $(TAG)) else -BUILD_IMAGE := $(strip $(REGISTRY))/$(strip $(PREFIX)):$(strip $(TAG)) +BUILD_IMAGE := $(strip $(REGISTRY))/$(strip $(PREFIX)):$(strip $(TAG)) endif .PHONY: help ## Show this help @@ -45,6 +46,10 @@ $(KIND_KUBE_CONFIG_FOLDER): $(KUBE_CONFIG_FOLDER) @mkdir -p $@ +$(MINIKUBE_KUBE_CONFIG_FOLDER): $(KUBE_CONFIG_FOLDER) + @mkdir -p $@ + + .PHONY: run-tests run-tests: ## Run tests docker run --rm -v $(KUBE_CONFIG_FOLDER):/root/.kube $(TEST_PREFIX):$(TEST_TAG) --context=$(CONTEXT) --image=$(BUILD_IMAGE) --image-pull-policy=$(PULL_POLICY) --deployment-type=$(DEPLOYMENT_TYPE) --ic-type=$(IC_TYPE) --service=$(SERVICE) --node-ip=$(NODE_IP) --show-ic-logs=$(SHOW_IC_LOGS) $(PYTEST_ARGS) @@ -91,6 +96,45 @@ image-load: ## Load the image into the Kind K8S cluster @kind load docker-image $(BUILD_IMAGE) --name $(K8S_CLUSTER_NAME) +.PHONY: run-tests-in-minikube +run-tests-in-minikube: ## Run tests in Minikube + docker run --network=minikube --rm \ + -v $(MINIKUBE_KUBE_CONFIG_FOLDER):/root/.kube \ + -v $(ROOT_DIR)/tests:/workspace/tests \ + -v $$HOME/.minikube:$$HOME/.minikube \ + -v $(ROOT_DIR)/examples/common-secrets:/workspace/examples/common-secrets \ + -v $(ROOT_DIR)/deployments:/workspace/deployments \ + -v $(ROOT_DIR)/config:/workspace/config \ + -v $(ROOT_DIR)/pyproject.toml:/workspace/pyproject.toml \ + $(TEST_PREFIX):$(TEST_TAG) \ + --context=minikube \ + --image=$(BUILD_IMAGE) --image-pull-policy=Never \ + --deployment-type=$(DEPLOYMENT_TYPE) \ + --ic-type=$(IC_TYPE) \ + --service=nodeport \ + --node-ip=minikube \ + --show-ic-logs=$(SHOW_IC_LOGS) \ + $(PYTEST_ARGS) + + +.PHONY: create-mini-cluster +create-mini-cluster: $(MINIKUBE_KUBE_CONFIG_FOLDER) ## Create a Minikube K8S cluster + @minikube start --kubernetes-version=v$(K8S_CLUSTER_VERSION) \ + && KUBECONFIG=$(MINIKUBE_KUBE_CONFIG_FOLDER)/config minikube update-context \ + && KUBECONFIG=$(MINIKUBE_KUBE_CONFIG_FOLDER)/config kubectl config set-cluster minikube --server=https://minikube:8443 + + +.PHONY: delete-mini-cluster +delete-mini-cluster: ## Delete a Minikube K8S cluster + @minikube delete + @rm -f $(MINIKUBE_KUBE_CONFIG_FOLDER)/config + + +.PHONY: mini-image-load +mini-image-load: ## Load the image into the Minikube K8S cluster + @minikube image load $(BUILD_IMAGE) + + .PHONY: test-lint test-lint: ## Run Python linting tools isort . From a0e566aaad35b9ca279e07a86f4640b4dc083a0c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 19 Dec 2024 11:28:48 +0000 Subject: [PATCH 5/5] chore(deps): bump actions/upload-artifact from 4.4.3 to 4.5.0 in the actions group (#7019) chore(deps): bump actions/upload-artifact in the actions group Bumps the actions group with 1 update: [actions/upload-artifact](https://github.com/actions/upload-artifact). Updates `actions/upload-artifact` from 4.4.3 to 4.5.0 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882...6f51ac03b9356f520e9adb1b1b7802705f340c2b) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Paul Abel <128620221+pdabelf5@users.noreply.github.com> --- .github/workflows/image-promotion.yml | 6 +++--- .github/workflows/regression.yml | 2 +- .github/workflows/scorecards.yml | 2 +- .github/workflows/setup-smoke.yml | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/image-promotion.yml b/.github/workflows/image-promotion.yml index 3b5c1ffa1..dc739c6e2 100644 --- a/.github/workflows/image-promotion.yml +++ b/.github/workflows/image-promotion.yml @@ -461,7 +461,7 @@ jobs: summary: true - name: Upload Scan Results to Github Artifacts - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 with: name: "${{ github.ref_name }}-${{ steps.directory.outputs.directory }}" path: "${{ steps.directory.outputs.directory }}/" @@ -550,7 +550,7 @@ jobs: summary: true - name: Upload Scan Results to Github Artifacts - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 with: name: "${{ github.ref_name }}-${{ steps.directory.outputs.directory }}" path: "${{ steps.directory.outputs.directory }}/" @@ -646,7 +646,7 @@ jobs: summary: true - name: Upload Scan Results to Github Artifacts - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 with: name: "${{ github.ref_name }}-${{ steps.directory.outputs.directory }}" path: "${{ steps.directory.outputs.directory }}/" diff --git a/.github/workflows/regression.yml b/.github/workflows/regression.yml index 30f0ef565..d518f8251 100644 --- a/.github/workflows/regression.yml +++ b/.github/workflows/regression.yml @@ -284,7 +284,7 @@ jobs: plus-jwt: ${{ secrets.PLUS_JWT }} - name: Upload Test Results - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 with: name: ${{ steps.regression-tests.outputs.test-results-name }} path: ${{ steps.regression-tests.outputs.test-results-path }} diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 290e20f51..05c0920b6 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -49,7 +49,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 with: name: SARIF file path: results.sarif diff --git a/.github/workflows/setup-smoke.yml b/.github/workflows/setup-smoke.yml index 4790ed41b..e4fbb5b14 100644 --- a/.github/workflows/setup-smoke.yml +++ b/.github/workflows/setup-smoke.yml @@ -169,7 +169,7 @@ jobs: if: ${{ steps.stable_exists.outputs.exists != 'true' }} - name: Upload Test Results - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 with: name: ${{ steps.smoke-tests.outputs.test-results-name }} path: ${{ steps.smoke-tests.outputs.test-results-path }}