Merge branch 'main' into docs/jwt-token-update

Signed-off-by: Jason Williams - NGIИX <[email protected]>

Author: jasonwilliams14

.github/ISSUE_TEMPLATE/bug_report.md

@@ -12,6 +12,7 @@ A clear and concise description of what the bug is.
 
 **To Reproduce**
 Steps to reproduce the behavior:
+
 1. Deploy x to '...' using some.yaml
 2. View logs on '....'
 3. See error
@@ -20,10 +21,11 @@ Steps to reproduce the behavior:
 A clear and concise description of what you expected to happen.
 
 **Your environment**
-* Version of the Ingress Controller - release version or a specific commit
-* Version of Kubernetes
-* Kubernetes platform (e.g. Mini-kube or GCP)
-* Using NGINX or NGINX Plus
+
+- Version of the Ingress Controller - release version or a specific commit
+- Version of Kubernetes
+- Kubernetes platform (e.g. Mini-kube or GCP)
+- Using NGINX or NGINX Plus
 <!-- output from `docker inspect --format '{{ json .Config.Labels }}' <docker image> | jq` if available -->
 
 **Additional context**

.github/PULL_REQUEST_TEMPLATE.md

@@ -1,7 +1,10 @@
 ### Proposed changes
-Describe the use case and detail of the change. If this PR addresses an issue on GitHub, make sure to include a link to that issue here in this description (not in the title of the PR).
+
+Describe the use case and detail of the change. If this PR addresses an issue on GitHub, make sure to include a link to
+that issue here in this description (not in the title of the PR).
 
 ### Checklist
+
 Before creating a PR, run through this checklist and mark each as complete.
 
 - [ ] I have read the [CONTRIBUTING](https://github.com/nginxinc/kubernetes-ingress/blob/main/CONTRIBUTING.md) doc

.github/actions/smoke-tests/action.yaml

@@ -74,7 +74,7 @@ runs:
     - name: Build Test-Runner Container
       uses: docker/build-push-action@v3
       with:
-        file: tests/docker/Dockerfile
+        file: tests/Dockerfile
         context: '.'
         cache-from: type=gha,scope=test-runner
         tags: test-runner:${{ github.sha }}

.github/dependabot.yml

@@ -16,7 +16,7 @@ updates:
       interval: daily
 
   - package-ecosystem: docker
-    directory: /tests/docker
+    directory: /tests
     schedule:
       interval: daily
 

.github/dependency-review-config.yml

@@ -17,6 +17,9 @@ defaults:
   run:
     shell: bash
 
+permissions:
+  contents: read
+
 jobs:
   build:
     runs-on: ubuntu-22.04
@@ -158,7 +161,7 @@ jobs:
           ignore-unfixed: "true"
 
       - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@489225d82a57396c6f426a40e66d461b16b3461d # v2.20.4
+        uses: github/codeql-action/upload-sarif@a09933a12a80f87b87005513f0abb1494c27a716 # v2.21.4
         continue-on-error: true
         with:
           sarif_file: "trivy-results-${{ inputs.image }}.sarif"
@@ -179,5 +182,8 @@ jobs:
       tag: ${{ inputs.tag }}
       version: ${{ needs.build.outputs.version }}
       image_digest: ${{ needs.build.outputs.image_digest }}
+    permissions:
+      contents: read
+      actions: read
     secrets: inherit
     if: ${{ inputs.tag != '' }}

.github/labels.yml

@@ -76,22 +76,22 @@ jobs:
         with:
           aws-region: us-east-1
           role-to-assume: ${{ secrets.AWS_ROLE_MARKETPLACE }}
-        if: startsWith(github.ref, 'refs/tags/') && contains(inputs.target, 'aws')
+        if: github.ref_type == 'tag' && contains(inputs.target, 'aws')
 
       - name: Login to ECR
         uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0
         with:
           registry: 709825985650.dkr.ecr.us-east-1.amazonaws.com
-        if: startsWith(github.ref, 'refs/tags/') && contains(inputs.target, 'aws')
+        if: github.ref_type == 'tag' && contains(inputs.target, 'aws')
 
       - name: Docker meta
         id: meta
         uses: docker/metadata-action@818d4b7b91585d195f67373fd9cb0332e31a7175 # v4.6.0
         with:
           images: |
             name=gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic${{ contains(inputs.nap_modules, 'dos') && '-dos' || '' }}${{ contains(inputs.nap_modules, 'waf') && '-nap' || '' }}/nginx-plus-ingress
-            name=gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/release/nginx-ic${{ contains(inputs.nap_modules, 'dos') && '-dos' || '' }}${{ contains(inputs.nap_modules, 'waf') && '-nap' || '' }}/nginx-plus-ingress,enable=${{ startsWith(github.ref, 'refs/tags/') }}
-            name=709825985650.dkr.ecr.us-east-1.amazonaws.com/nginx/nginx-plus-ingress${{ contains(inputs.nap_modules, 'dos') && '-dos' || '' }}${{ contains(inputs.nap_modules, 'waf') && '-nap' || '' }},enable=${{ startsWith(github.ref, 'refs/tags/') && contains(inputs.target, 'aws') }}
+            name=gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/release/nginx-ic${{ contains(inputs.nap_modules, 'dos') && '-dos' || '' }}${{ contains(inputs.nap_modules, 'waf') && '-nap' || '' }}/nginx-plus-ingress,enable=${{ github.ref_type == 'tag' }}
+            name=709825985650.dkr.ecr.us-east-1.amazonaws.com/nginx/nginx-plus-ingress${{ contains(inputs.nap_modules, 'dos') && '-dos' || '' }}${{ contains(inputs.nap_modules, 'waf') && '-nap' || '' }},enable=${{ github.ref_type == 'tag' && contains(inputs.target, 'aws') }}
           flavor: |
             suffix=${{ contains(inputs.image, 'ubi') && '-ubi' || '' }}${{ contains(inputs.image, 'alpine') && '-alpine' || '' }}${{ contains(inputs.target, 'aws') && '-mktpl' || '' }}${{ contains(inputs.image, 'fips') && '-fips' || ''}},onlatest=true
             latest=${{ contains(inputs.target, 'aws') && 'false' || 'auto' }}
@@ -132,7 +132,7 @@ jobs:
           provenance: false
           build-args: |
             BUILD_OS=${{ inputs.image }}
-            IC_VERSION=${{ startsWith(github.ref, 'refs/tags/') && steps.meta.outputs.version || 'CI' }}
+            IC_VERSION=${{ github.ref_type == 'tag' && steps.meta.outputs.version || 'CI' }}
             ${{ inputs.nap_modules != '' && format('NAP_MODULES={0}', inputs.nap_modules) || '' }}
             ${{ steps.nap_modules.outputs.modules != '' && format('NAP_MODULES_AWS={0}', steps.nap_modules.outputs.modules) || '' }}
           secrets: |
@@ -156,7 +156,7 @@ jobs:
           echo "version=$version" >> $GITHUB_OUTPUT
           echo "product_code=AWS${nap}_PRODUCT_ID" >> $GITHUB_OUTPUT
           echo "registry=${aws_registry}" >> $GITHUB_OUTPUT
-        if: startsWith(github.ref, 'refs/tags/') && contains(inputs.target, 'aws')
+        if: github.ref_type == 'tag' && contains(inputs.target, 'aws')
 
       - name: Publish to AWS Marketplace
         uses: nginxinc/aws-marketplace-publish@93e03c5ce4baa842a8e5baad0a3f35d07b38460c # v0.1.2
@@ -173,7 +173,7 @@ jobs:
             This container requires Kubernetes and can be deployed to EKS.
             Review the installation instructions https://docs.nginx.com/nginx-ingress-controller/installation/ and utilize the deployment resources available https://github.com/nginxinc/kubernetes-ingress/tree/master/deployments
             Use this image instead of building your own.
-        if: ${{ startsWith(github.ref, 'refs/tags/') && contains(inputs.target, 'aws') }}
+        if: ${{ github.ref_type == 'tag' && contains(inputs.target, 'aws') }}
 
       - name: Load image for Trivy
         uses: docker/build-push-action@2eb1c1961a95fc15694676618e422e8ba1d63825 # v4.1.1
@@ -186,7 +186,7 @@ jobs:
           load: true
           build-args: |
             BUILD_OS=${{ inputs.image }}
-            IC_VERSION=${{ startsWith(github.ref, 'refs/tags/') && steps.meta.outputs.version || 'CI' }}
+            IC_VERSION=${{ github.ref_type == 'tag' && steps.meta.outputs.version || 'CI' }}
             ${{ inputs.nap_modules != '' && format('NAP_MODULES={0}', inputs.nap_modules) || '' }}
             ${{ steps.nap_modules.outputs.modules != '' && format('NAP_MODULES_AWS={0}', steps.nap_modules.outputs.modules) || '' }}
           secrets: |
@@ -204,7 +204,7 @@ jobs:
           ignore-unfixed: "true"
 
       - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@489225d82a57396c6f426a40e66d461b16b3461d # v2.20.4
+        uses: github/codeql-action/upload-sarif@a09933a12a80f87b87005513f0abb1494c27a716 # v2.21.4
         continue-on-error: true
         with:
           sarif_file: "trivy-results-${{ inputs.image }}.sarif"