Update Makefile to handle old versions in OLM #1717

Workflow file for this run

	name: CI

	on:
	push:
	branches:
	- main
	pull_request:
	branches:
	- main

	env:
	platforms: "linux/amd64,linux/arm64"

	concurrency:
	group: ${{ github.ref_name }}-ci
	cancel-in-progress: true

	permissions:
	contents: read

	jobs:
	variables:
	name: Set Variables
	runs-on: ubuntu-24.04
	outputs:
	runner: ${{ steps.vars.outputs.runner }}
	version: ${{ steps.vars.outputs.version }}
	chart_version: ${{ steps.vars.outputs.chart_version }}
	openshift_version: ${{ steps.vars.outputs.openshift_version }}
	steps:
	- name: Checkout Repository
	uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0

	- name: Output Variables
	id: vars
	run: \|
	runner=ubuntu-24.04
	if [ "${{ github.event_name }}" == "push" ]; then
	runner=ubuntu-24.04-amd64
	fi
	echo "runner=$runner" >> $GITHUB_OUTPUT
	echo "version=$(git describe --tags)" >> $GITHUB_OUTPUT
	echo "chart_version=$(yq '.appVersion' <helm-charts/nginx-ingress/Chart.yaml)" >> $GITHUB_OUTPUT
	echo "openshift_version=$(yq '.annotations["com.redhat.openshift.versions"]' <bundle/metadata/annotations.yaml \| cut -dv -f2)" >> $GITHUB_OUTPUT

	build:
	name: Build Image
	runs-on: ${{ needs.variables.outputs.runner }}
	needs: [variables]
	outputs:
	version: ${{ steps.meta.outputs.version }}
	permissions:
	contents: write # to create/update draft release
	security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
	packages: write # for docker/build-push-action to push to GHCR
	steps:
	- name: Checkout Repository
	uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0

	- name: DockerHub Login
	uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
	with:
	username: ${{ secrets.DOCKER_USERNAME }}
	password: ${{ secrets.DOCKER_PASSWORD }}
	if: github.event_name != 'pull_request'

	- name: Login to GitHub Container Registry
	uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
	with:
	registry: ghcr.io
	username: ${{ github.repository_owner }}
	password: ${{ secrets.GITHUB_TOKEN }}
	if: github.event_name != 'pull_request'

	- name: Login to Quay.io
	uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
	with:
	registry: quay.io
	username: ${{ secrets.QUAY_USERNAME }}
	password: ${{ secrets.QUAY_ROBOT_TOKEN }}
	if: github.event_name != 'pull_request'

	- name: Setup QEMU
	uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0
	with:
	platforms: arm64
	if: github.event_name != 'pull_request'

	- name: Docker Buildx
	uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1

	- name: Docker meta
	id: meta
	uses: docker/metadata-action@c1e51972afc2121e065aed6d45c65596fe445f3f # v5.8.0
	with:
	images: \|
	nginx/nginx-ingress-operator
	ghcr.io/nginx/nginx-ingress-operator
	quay.io/nginx/nginx-ingress-operator
	tags: \|
	type=edge
	type=ref,event=pr
	labels: \|
	org.opencontainers.image.documentation=https://docs.nginx.com/nginx-ingress-controller
	org.opencontainers.image.vendor=NGINX Inc <[email protected]>
	name="NGINX Ingress Operator"
	maintainer="[email protected]"
	vendor="NGINX Inc"
	version=${{ needs.variables.outputs.version }}
	release=1
	summary="The NGINX Ingress Operator is a Kubernetes/OpenShift component which deploys and manages one or more NGINX/NGINX Plus Ingress Controllers"
	description="The NGINX Ingress Operator is a Kubernetes/OpenShift component which deploys and manages one or more NGINX/NGINX Plus Ingress Controllers"

	- name: Build Image
	uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
	with:
	context: "."
	cache-from: type=gha
	cache-to: type=gha,mode=max
	tags: ${{ steps.meta.outputs.tags }}
	labels: ${{ steps.meta.outputs.labels }}
	platforms: ${{ github.event_name != 'pull_request' && env.platforms \|\| '' }}
	load: ${{ github.event_name == 'pull_request' }}
	push: ${{ github.event_name != 'pull_request' }}
	no-cache: ${{ github.event_name != 'pull_request' }}
	pull: true
	sbom: ${{ github.event_name != 'pull_request' }}
	provenance: false

	- name: Run Trivy vulnerability scanner
	uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8 # 0.33.1
	continue-on-error: true
	with:
	image-ref: nginx/nginx-ingress-operator:${{ steps.meta.outputs.version }}
	format: "sarif"
	output: "trivy-results.sarif"
	ignore-unfixed: "true"
	if: github.event_name != 'pull_request'

	- name: Upload Trivy scan results to GitHub Security tab
	uses: github/codeql-action/upload-sarif@4e94bd11f71e507f7f87df81788dff88d1dacbfb # v4.31.0
	continue-on-error: true
	with:
	sarif_file: "trivy-results.sarif"
	if: github.event_name != 'pull_request'

	- name: Upload Scan Results
	uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
	continue-on-error: true
	with:
	name: "trivy-results.sarif"
	path: "trivy-results.sarif"
	if: github.event_name != 'pull_request'

	- name: Create/Update Draft
	uses: lucacome/draft-release@fd099feb33710d1fa27b915a08a7acd6a1fb7fd2 # v2.0.0
	with:
	minor-label: "enhancement"
	major-label: "change"
	publish: false
	variables: \|
	nic_version=${{ needs.variables.outputs.chart_version }}
	openshift_version=${{ needs.variables.outputs.openshift_version }}
	notes-footer: \|
	## Compatibility

	- NGINX Ingress Controller {{nic_version}}
	- OpenShift {{openshift_version}} or newer.
	if: github.event_name != 'pull_request'

	e2e-test:
	name: Run E2E Tests # Deploy NGINX Ingress Operator and Nginx Ingress Controller
	uses: ./.github/workflows/e2e-test.yml
	needs: build
	with:
	operator_version: ${{ needs.build.outputs.version }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Update Makefile to handle old versions in OLM #1717

Workflow file

Update Makefile to handle old versions in OLM #1717

Uh oh!

Jobs

Run details

Workflow file for this run