Merge branch 'main' into deps/image-update-main-0525becc

.github/config/config-gcr-retag

@@ -1,7 +1,7 @@
 export TARGET_REGISTRY=gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev
-declare -a PLUS_TAG_POSTFIX_LIST=("" "-ubi" "-alpine" "-alpine-fips" "-mktpl")
-declare -a NAP_WAF_TAG_POSTFIX_LIST=("" "-ubi" "-ubi8" "-mktpl" "-alpine-fips")
-declare -a NAP_WAFV5_TAG_POSTFIX_LIST=("" "-ubi" "-ubi8" "-alpine-fips")
-declare -a NAP_DOS_TAG_POSTFIX_LIST=("" "-ubi" "-mktpl")
-declare -a NAP_WAF_DOS_TAG_POSTFIX_LIST=("" "-ubi" "-mktpl")
+declare -a PLUS_TAG_POSTFIX_LIST=("" "-alpine" "-alpine-fips" "-mktpl")
+declare -a NAP_WAF_TAG_POSTFIX_LIST=("" "-mktpl" "-alpine-fips")
+declare -a NAP_WAFV5_TAG_POSTFIX_LIST=("" "-alpine-fips")
+declare -a NAP_DOS_TAG_POSTFIX_LIST=("" "-mktpl")
+declare -a NAP_WAF_DOS_TAG_POSTFIX_LIST=("" "-mktpl")
 declare -a ADDITIONAL_TAGS=()

.github/config/config-plus-gcr-release

@@ -1,8 +1,8 @@
 export TARGET_REGISTRY=gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/release
-declare -a PLUS_TAG_POSTFIX_LIST=("" "-ubi" "-alpine" "-alpine-fips" "-mktpl")
-declare -a NAP_WAF_TAG_POSTFIX_LIST=("" "-ubi" "-ubi8" "-alpine-fips" "-mktpl")
-declare -a NAP_WAFV5_TAG_POSTFIX_LIST=("" "-ubi" "-alpine-fips" "-ubi8")
-declare -a NAP_DOS_TAG_POSTFIX_LIST=("" "-ubi" "-mktpl")
-declare -a NAP_WAF_DOS_TAG_POSTFIX_LIST=("" "-ubi" "-mktpl")
+declare -a PLUS_TAG_POSTFIX_LIST=("" "-alpine" "-alpine-fips" "-mktpl")
+declare -a NAP_WAF_TAG_POSTFIX_LIST=("" "-alpine-fips" "-mktpl")
+declare -a NAP_WAFV5_TAG_POSTFIX_LIST=("" "-alpine-fips")
+declare -a NAP_DOS_TAG_POSTFIX_LIST=("" "-mktpl")
+declare -a NAP_WAF_DOS_TAG_POSTFIX_LIST=("" "-mktpl")
 declare -a ADDITIONAL_TAGS=("latest" "${ADDITIONAL_TAG}")
 export PUBLISH_OSS=false

.github/config/config-plus-nginx

@@ -1,8 +1,8 @@
 export TARGET_REGISTRY=docker-mgmt.nginx.com
 export TARGET_NAP_WAF_DOS_IMAGE_PREFIX="nginx-ic-nap-dos/nginx-plus-ingress"
-declare -a PLUS_TAG_POSTFIX_LIST=("" "-ubi" "-alpine" "-alpine-fips")
-declare -a NAP_WAF_TAG_POSTFIX_LIST=("" "-ubi" "-ubi8" "-alpine-fips")
-declare -a NAP_WAFV5_TAG_POSTFIX_LIST=("" "-ubi" "-ubi8" "-alpine-fips")
-declare -a NAP_DOS_TAG_POSTFIX_LIST=("" "-ubi")
-declare -a NAP_WAF_DOS_TAG_POSTFIX_LIST=("" "-ubi")
+declare -a PLUS_TAG_POSTFIX_LIST=("" "-alpine" "-alpine-fips")
+declare -a NAP_WAF_TAG_POSTFIX_LIST=("" "-alpine-fips")
+declare -a NAP_WAFV5_TAG_POSTFIX_LIST=("" "-alpine-fips")
+declare -a NAP_DOS_TAG_POSTFIX_LIST=("")
+declare -a NAP_WAF_DOS_TAG_POSTFIX_LIST=("")
 export PUBLISH_OSS=false

.github/data/matrix-images-nap.json

@@ -15,36 +15,6 @@
     "waf,dos"
   ],
   "include": [
-    {
-      "image": "ubi-8-plus-nap",
-      "target": "goreleaser",
-      "platforms": "linux/amd64",
-      "nap_modules": "waf"
-    },
-    {
-      "image": "ubi-8-plus-nap-v5",
-      "target": "goreleaser",
-      "platforms": "linux/amd64",
-      "nap_modules": "waf"
-    },
-    {
-      "image": "ubi-9-plus-nap",
-      "target": "goreleaser",
-      "platforms": "linux/amd64",
-      "nap_modules": "waf"
-    },
-    {
-      "image": "ubi-9-plus-nap",
-      "target": "goreleaser",
-      "platforms": "linux/amd64",
-      "nap_modules": "dos"
-    },
-    {
-      "image": "ubi-9-plus-nap",
-      "target": "goreleaser",
-      "platforms": "linux/amd64",
-      "nap_modules": "waf,dos"
-    },
     {
       "image": "alpine-plus-nap-fips",
       "target": "goreleaser",
@@ -62,12 +32,6 @@
       "target": "goreleaser",
       "platforms": "linux/amd64",
       "nap_modules": "waf"
-    },
-    {
-      "image": "ubi-9-plus-nap-v5",
-      "target": "goreleaser",
-      "platforms": "linux/amd64",
-      "nap_modules": "waf"
     }
   ]
 }

.github/data/matrix-images-oss.json

@@ -5,11 +5,5 @@
   ],
   "platforms": [
     "linux/arm, linux/arm64, linux/amd64, linux/ppc64le, linux/s390x"
-  ],
-  "include": [
-    {
-      "image": "ubi",
-      "platforms": "linux/arm64, linux/amd64, linux/ppc64le, linux/s390x"
-    }
   ]
 }

.github/data/matrix-images-plus.json

@@ -15,11 +15,6 @@
       "image": "debian-plus",
       "platforms": "linux/arm64, linux/amd64",
       "target": "aws"
-    },
-    {
-      "image": "ubi-9-plus",
-      "platforms": "linux/arm64, linux/amd64",
-      "target": "goreleaser"
     }
   ]
 }

.github/data/matrix-smoke-nap.json

@@ -2,15 +2,15 @@
   "images": [
     {
       "label": "AP_WAF 1/4",
-      "image": "ubi-8-plus-nap",
+      "image": "debian-plus-nap",
       "type": "plus",
       "nap_modules": "waf",
       "marker": "appprotect_waf_policies_allow",
       "platforms": "linux/amd64"
     },
     {
       "label": "AP_WAF 2/4",
-      "image": "ubi-9-plus-nap",
+      "image": "debian-plus-nap",
       "type": "plus",
       "nap_modules": "waf",
       "marker": "'appprotect_waf_policies and not appprotect_waf_policies_allow and not appprotect_waf_policies_vsr'",
@@ -58,7 +58,7 @@
     },
     {
       "label": "AP_DOS 3/3",
-      "image": "ubi-9-plus-nap",
+      "image": "debian-plus-nap",
       "type": "plus",
       "nap_modules": "dos",
       "marker": "dos_learning",

.github/data/matrix-smoke-oss.json

@@ -72,7 +72,7 @@
     },
     {
       "label": "TS",
-      "image": "ubi",
+      "image": "debian",
       "type": "oss",
       "marker": "ts",
       "platforms": "linux/arm64, linux/amd64, linux/ppc64le, linux/s390x"

.github/data/matrix-smoke-plus.json

@@ -65,14 +65,14 @@
     },
     {
       "label": "policies 1/2",
-      "image": "ubi-9-plus",
+      "image": "alpine-plus",
       "type": "plus",
       "marker": "'policies and not policies_ac and not policies_jwt and not policies_mtls'",
       "platforms": "linux/arm64, linux/amd64, linux/s390x"
     },
     {
       "label": "policies 2/2",
-      "image": "ubi-9-plus",
+      "image": "debian-plus",
       "type": "plus",
       "marker": "'policies_ac or policies_jwt or policies_mtls'",
       "platforms": "linux/arm64, linux/amd64, linux/s390x"

.github/data/patch-images.json

@@ -11,12 +11,6 @@
     "target_image": "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress",
     "platforms": "linux/arm, linux/arm64, linux/amd64, linux/ppc64le, linux/s390x"
   },
-  {
-    "source_image": "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/release/nginx-ic/nginx-ingress",
-    "source_os": "ubi",
-    "target_image": "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress",
-    "platforms": "linux/arm64, linux/amd64, linux/ppc64le, linux/s390x"
-  },
   {
     "source_image": "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/release/nginx-ic/nginx-plus-ingress",
     "source_os": "debian",
@@ -41,12 +35,6 @@
     "target_image": "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress",
     "platforms": "linux/arm64, linux/amd64"
   },
-  {
-    "source_image": "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/release/nginx-ic/nginx-plus-ingress",
-    "source_os": "ubi",
-    "target_image": "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress",
-    "platforms": "linux/arm64, linux/amd64"
-  },
   {
     "source_image": "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/release/nginx-ic-nap/nginx-plus-ingress",
     "source_os": "debian",
@@ -59,18 +47,6 @@
     "target_image": "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress",
     "platforms": "linux/amd64"
   },
-  {
-    "source_image": "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/release/nginx-ic-nap/nginx-plus-ingress",
-    "source_os": "ubi",
-    "target_image": "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress",
-    "platforms": "linux/amd64"
-  },
-  {
-    "source_image": "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/release/nginx-ic-nap/nginx-plus-ingress",
-    "source_os": "ubi8",
-    "target_image": "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap/nginx-plus-ingress",
-    "platforms": "linux/amd64"
-  },
   {
     "source_image": "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/release/nginx-ic-nap/nginx-plus-ingress",
     "source_os": "alpine-fips",
@@ -83,18 +59,6 @@
     "target_image": "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress",
     "platforms": "linux/amd64"
   },
-  {
-    "source_image": "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/release/nginx-ic-nap-v5/nginx-plus-ingress",
-    "source_os": "ubi",
-    "target_image": "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress",
-    "platforms": "linux/amd64"
-  },
-  {
-    "source_image": "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/release/nginx-ic-nap-v5/nginx-plus-ingress",
-    "source_os": "ubi8",
-    "target_image": "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-nap-v5/nginx-plus-ingress",
-    "platforms": "linux/amd64"
-  },
   {
     "source_image": "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/release/nginx-ic-nap-v5/nginx-plus-ingress",
     "source_os": "alpine-fips",
@@ -113,12 +77,6 @@
     "target_image": "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos/nginx-plus-ingress",
     "platforms": "linux/amd64"
   },
-  {
-    "source_image": "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/release/nginx-ic-dos/nginx-plus-ingress",
-    "source_os": "ubi",
-    "target_image": "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos/nginx-plus-ingress",
-    "platforms": "linux/amd64"
-  },
   {
     "source_image": "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/release/nginx-ic-dos-nap/nginx-plus-ingress",
     "source_os": "debian",
@@ -130,11 +88,5 @@
     "source_os": "mktpl",
     "target_image": "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress",
     "platforms": "linux/amd64"
-  },
-  {
-    "source_image": "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/release/nginx-ic-dos-nap/nginx-plus-ingress",
-    "source_os": "ubi",
-    "target_image": "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-dos-nap/nginx-plus-ingress",
-    "platforms": "linux/amd64"
   }
 ]

.github/scripts/copy-images.sh

@@ -46,12 +46,12 @@ TARGET_NAP_WAFV5_IMAGE_PREFIX=${TARGET_NAP_WAFV5_IMAGE_PREFIX:-"nginx-ic-nap-v5/
 TARGET_NAP_DOS_IMAGE_PREFIX=${TARGET_NAP_DOS_IMAGE_PREFIX:-"nginx-ic-dos/nginx-plus-ingress"}
 TARGET_NAP_WAF_DOS_IMAGE_PREFIX=${TARGET_NAP_WAF_DOS_IMAGE_PREFIX:-"nginx-ic-dos-nap/nginx-plus-ingress"}
 
-declare -a OSS_TAG_POSTFIX_LIST=("" "-ubi" "-alpine")
-declare -a PLUS_TAG_POSTFIX_LIST=("" "-ubi" "-alpine" "-alpine-fips")
-declare -a NAP_WAF_TAG_POSTFIX_LIST=("" "-ubi" "-alpine-fips")
-declare -a NAP_WAFV5_TAG_POSTFIX_LIST=("" "-ubi" "-alpine-fips")
-declare -a NAP_DOS_TAG_POSTFIX_LIST=("" "-ubi")
-declare -a NAP_WAF_DOS_TAG_POSTFIX_LIST=("" "-ubi")
+declare -a OSS_TAG_POSTFIX_LIST=("" "-alpine")
+declare -a PLUS_TAG_POSTFIX_LIST=("" "-alpine" "-alpine-fips")
+declare -a NAP_WAF_TAG_POSTFIX_LIST=("" "-alpine-fips")
+declare -a NAP_WAFV5_TAG_POSTFIX_LIST=(""  "-alpine-fips")
+declare -a NAP_DOS_TAG_POSTFIX_LIST=("")
+declare -a NAP_WAF_DOS_TAG_POSTFIX_LIST=("")
 
 CONFIG_PATH=${CONFIG_PATH:-~/.nic-release/config}
 if [ -f "$CONFIG_PATH" ]; then

.github/workflows/release.yml

@@ -294,14 +294,14 @@ jobs:
         with:
           ref: ${{ inputs.release_branch }}
 
-      - name: Certify UBI OSS images in quay
-        uses: ./.github/actions/certify-openshift-image
-        continue-on-error: true
-        with:
-          image: quay.io/nginx/nginx-ingress:${{ inputs.nic_version }}-ubi
-          project_id: ${{ secrets.CERTIFICATION_PROJECT_ID }}
-          pyxis_token: ${{ secrets.PYXIS_API_TOKEN }}
-          preflight_version: 1.11.1
+      # - name: Certify UBI OSS images in quay
+      #   uses: ./.github/actions/certify-openshift-image
+      #   continue-on-error: true
+      #   with:
+      #     image: quay.io/nginx/nginx-ingress:${{ inputs.nic_version }}-ubi
+      #     project_id: ${{ secrets.CERTIFICATION_PROJECT_ID }}
+      #     pyxis_token: ${{ secrets.PYXIS_API_TOKEN }}
+      #     preflight_version: 1.11.1
 
   operator:
     if: ${{ ! cancelled() && ! failure() && ! inputs.dry_run && ! contains(inputs.skip_step, 'operator') && !contains(inputs.skip_step, 'publish-helm-chart') }}
@@ -621,7 +621,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        image: ["nginx/nginx-ingress:${{ inputs.nic_version }}", "nginx/nginx-ingress:${{ inputs.nic_version }}-ubi", "nginx/nginx-ingress:${{ inputs.nic_version }}-alpine"]
+        image: ["nginx/nginx-ingress:${{ inputs.nic_version }}", "nginx/nginx-ingress:${{ inputs.nic_version }}-alpine"]
     steps:
       - name: Checkout Repository
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

.github/workflows/update-docker-images.yml

@@ -177,12 +177,12 @@ jobs:
       - name: Checkout Repository
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
-      - name: Certify UBI OSS images in quay
-        uses: ./.github/actions/certify-openshift-image
-        with:
-          image: quay.io/nginx/nginx-ingress:${{ needs.variables.outputs.tag }}-ubi
-          project_id: ${{ secrets.CERTIFICATION_PROJECT_ID }}
-          pyxis_token: ${{ secrets.PYXIS_API_TOKEN }}
-          platforms: ""
-          preflight_version: 1.11.1
-          submit: ${{ ! inputs.dry_run || true }}
+      # - name: Certify UBI OSS images in quay
+      #   uses: ./.github/actions/certify-openshift-image
+      #   with:
+      #     image: quay.io/nginx/nginx-ingress:${{ needs.variables.outputs.tag }}-ubi
+      #     project_id: ${{ secrets.CERTIFICATION_PROJECT_ID }}
+      #     pyxis_token: ${{ secrets.PYXIS_API_TOKEN }}
+      #     platforms: ""
+      #     preflight_version: 1.11.1
+      #     submit: ${{ ! inputs.dry_run || true }}

.pre-commit-config.yaml

@@ -45,7 +45,7 @@ repos:
         pass_filenames: false
 
   - repo: https://github.com/golangci/golangci-lint
-    rev: v1.62.2
+    rev: v1.63.4
     hooks:
       - id: golangci-lint
         args: [--new-from-patch=/tmp/diff.patch]
@@ -87,12 +87,12 @@ repos:
         args: ["--schemafile", "charts/nginx-ingress/values.schema.json"]
 
   - repo: https://github.com/DavidAnson/markdownlint-cli2
-    rev: v0.17.0
+    rev: v0.17.1
     hooks:
       - id: markdownlint-cli2
 
   - repo: https://github.com/rhysd/actionlint
-    rev: v1.7.5
+    rev: v1.7.6
     hooks:
       - id: actionlint
         name: Lint GitHub Actions workflow files

build/Dockerfile

@@ -17,11 +17,11 @@ FROM ghcr.io/nginxinc/dependencies/nginx-ubi-ppc64le:nginx-1.27.3@sha256:4cda076
 FROM ghcr.io/nginxinc/alpine-fips:0.2.3-alpine3.17@sha256:67b69b49aff96e185be841e2b2ff2d8236551ea5c18002bffa4344798d803fd8 AS alpine-fips-3.17
 FROM ghcr.io/nginxinc/alpine-fips:0.2.3-alpine3.20@sha256:4c29e5c50b122354d9d4ba6b97cdf64647468e788b965fc0240ead541653454a AS alpine-fips-3.20
 FROM redhat/ubi9-minimal:9.5@sha256:daa61d6103e98bccf40d7a69a0d4f8786ec390e2204fd94f7cc49053e9949360 AS ubi-minimal
-FROM golang:1.23-alpine@sha256:6c5c9590f169f77c8046e45c611d3b28fe477789acd8d3762d23d4744de69812 AS golang-builder
+FROM golang:1.23-alpine@sha256:13aaa4b92fd4dc81683816b4b62041442e9f685deeb848897ce78c5e2fb03af7 AS golang-builder
 
 
 ############################################# Base image for Alpine #############################################
-FROM nginx:1.27.3-alpine@sha256:41523187cf7d7a2f2677a80609d9caa14388bf5c1fbca9c410ba3de602aaaab4 AS alpine
+FROM nginx:1.27.3-alpine@sha256:4efa432b751239898e576a2178702fb156fc483f6d456e0ad5899b3bf5c0445a AS alpine
 
 RUN --mount=type=bind,from=alpine-opentracing-lib,target=/tmp/ot/ \
 	apk add --no-cache libcap libstdc++ \
@@ -102,7 +102,7 @@ USER 101
 
 
 ############################################# Base image for Alpine with NGINX Plus ##############################################
-FROM alpine:3.20@sha256:1e42bbe2508154c9126d48c2b8a75420c3544343bf86fd041fb7527e017a4b4a AS alpine-plus
+FROM alpine:3.20@sha256:780405de0f7cf99f985dd5a4f04dfc5aae71509d89505c1ba48a88d95a0ceb7f AS alpine-plus
 ARG NGINX_PLUS_VERSION
 ARG PACKAGE_REPO