# This is a combination of 26 commits.

# This is the 1st commit message:

add ingress mtls test

# This is the commit message #2:

add std vs

# This is the commit message #3:

change vs host

# This is the commit message #4:

Update tls secret

# This is the commit message #5:

update certs with host

# This is the commit message #6:

modify get_cert

# This is the commit message #7:

Addind encoded cert

# This is the commit message #8:

Update secrets

# This is the commit message #9:

Add correct cert and SNI module

# This is the commit message #10:

Bump styfle/cancel-workflow-action from 0.8.0 to 0.9.0 (#1527)

Bumps [styfle/cancel-workflow-action](https://github.com/styfle/cancel-workflow-action) from 0.8.0 to 0.9.0.
- [Release notes](https://github.com/styfle/cancel-workflow-action/releases)
- [Commits](styfle/cancel-workflow-action@0.8.0...89f242e)

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
# This is the commit message #11:

Remove patch version from Docker image for tests (#1534)


# This is the commit message #12:

Add tests for Ingress TLS termination

# This is the commit message #13:

Improve assertion of TLS errors in tests

When NGINX terminates a TLS connection for a server
with a missing/invalid TLS secret, we expect NGINX
to reject the connection with the error
TLSV1_UNRECOGNIZED_NAME

In this commit we:
* ensure the specific error
* rename the assertion function to be more specific

# This is the commit message #14:

Bump k8s.io/client-go from 0.20.5 to 0.21.0 (#1530)

Bumps [k8s.io/client-go](https://github.com/kubernetes/client-go) from 0.20.5 to 0.21.0.
- [Release notes](https://github.com/kubernetes/client-go/releases)
- [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md)
- [Commits](kubernetes/client-go@v0.20.5...v0.21.0)

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
# This is the commit message #15:

Improve tests Dockerfile

* Reorganize layers so that changes to the tests do not cause a full
image rebuilt
* Use .dockerignore to ignore cache folders
* Convert spaces to tabs for consistency with the other Dockerfiles

# This is the commit message #16:

Upgrade kubernetes-python client to 12.0.1 (#1522)

* Upgrade kubernetes-python client to 12.0.1

Co-authored-by: Venktesh Patel <[email protected]>
# This is the commit message #17:

Bump k8s.io/code-generator from 0.20.5 to 0.21.0 (#1531)

Bumps [k8s.io/code-generator](https://github.com/kubernetes/code-generator) from 0.20.5 to 0.21.0.
- [Release notes](https://github.com/kubernetes/code-generator/releases)
- [Commits](kubernetes/code-generator@v0.20.5...v0.21.0)

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
# This is the commit message #18:

Test all images (#1533)

* Test on all images

* Update nightly to test all images

* Run all test markers on debian plus also

* Update .github/workflows/nightly.yml

# This is the commit message #19:

Add tests for default server

# This is the commit message #20:

Support running tests in kind

# This is the commit message #21:

Update badge for Fossa (#1546)


# This is the commit message #22:

Fix ensuring connection in tests

* Add timeout for establishing a connection to prevent potential
"hangs" of the test runs. The problem was noticeable when running
tests in kind.
* Increase the number of tries to make sure the Ingress Controller
pod has enough time to get ready. When running tests in kind
locally the number of tries sometimes was not enough.

# This is the commit message #23:

Ensure connection in Ingress TLS tests

Ensure connection to NGINX before running tests.
Without ensuring, sometimes the first connection to NGINX would
hang (timeout). The problem is noticable when running tests in
kind.

# This is the commit message #24:

Revert changes in nightly for now (#1547)


# This is the commit message #25:

Bump actions/cache from v2.1.4 to v2.1.5 (#1541)

Bumps [actions/cache](https://github.com/actions/cache) from v2.1.4 to v2.1.5.
- [Release notes](https://github.com/actions/cache/releases)
- [Commits](actions/cache@v2.1.4...1a9e213)

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
# This is the commit message #26:

Create release workflow

Author: vepatel

.dockerignore

@@ -1,3 +1,5 @@
 docs*
 examples*
 grafana
+tests/.pytest_cache
+tests/__pycache__

.github/workflows/cancel.yml

@@ -29,7 +29,7 @@ jobs:
     runs-on: ubuntu-latest
     timeout-minutes: 3
     steps:
-      - uses: styfle/cancel-workflow-action@0.8.0
+      - uses: styfle/cancel-workflow-action@0.9.0
         with:
           workflow_id: 2012221,5339701,7611535
           access_token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/edge.yml

@@ -71,7 +71,7 @@ jobs:
         env:
           GOFLAGS: '-gcflags=-trimpath=${{ github.workspace }} -asmflags=-trimpath=${{ github.workspace }}'
       - name: Store Artifacts in Cache
-        uses: actions/[email protected].4
+        uses: actions/[email protected].5
         with:
           path: ${{ github.workspace }}/nginx-ingress
           key: nginx-ingress-${{ github.run_id }}-${{ github.run_number }}
@@ -100,65 +100,76 @@ jobs:
       matrix:
         include:
           - os: ubuntu-20.04
-            image: nginx-ingress
+            image: debian
             tag: ${{ github.sha }}
             marker: 'ingresses'
             type: oss
+            ic-type: nginx-ingress
           - os: ubuntu-20.04
-            image: nginx-ingress
+            image: alpine
             tag: ${{ github.sha }}
             marker: 'vsr'
             type: oss
+            ic-type: nginx-ingress
           - os: ubuntu-20.04
-            image: nginx-ingress
+            image: opentracing
             tag: ${{ github.sha }}
             marker: 'vs'
             type: oss
+            ic-type: nginx-ingress
           - os: ubuntu-20.04
-            image: nginx-ingress
+            image: openshift
             tag: ${{ github.sha }}
             marker: 'ts'
             type: oss
+            ic-type: nginx-ingress
           - os: ubuntu-20.04
-            image: nginx-ingress
+            image: debian
             tag: ${{ github.sha }}
             marker: 'policies'
             type: oss
+            ic-type: nginx-ingress
           - os: ubuntu-20.04
-            image: nginx-plus-ingress
+            image: openshift-plus
             tag: ${{ github.sha }}
             marker: 'ingresses'
             type: plus
+            ic-type: nginx-plus-ingress
           - os: ubuntu-20.04
-            image: nginx-plus-ingress
+            image: debian-plus
             tag: ${{ github.sha }}
             marker: 'vsr'
             type: plus
+            ic-type: nginx-plus-ingress
           - os: ubuntu-20.04
-            image: nginx-plus-ingress
+            image: debian-plus
             tag: ${{ github.sha }}
             marker: 'vs'
             type: plus
+            ic-type: nginx-plus-ingress
           - os: ubuntu-20.04
-            image: nginx-plus-ingress
+            image: opentracing-plus
             tag: ${{ github.sha }}
             marker: 'ts'
             type: plus
+            ic-type: nginx-plus-ingress
           - os: ubuntu-20.04
-            image: nginx-plus-ingress
+            image: debian-plus
             tag: ${{ github.sha }}
             marker: 'policies'
             type: plus
+            ic-type: nginx-plus-ingress
           - os: ubuntu-20.04
-            image: nginx-plus-ingress
+            image: debian-plus-ap
             tag: ${{ github.sha }}-ap
             marker: 'appprotect'
             type: plus-ap
+            ic-type: nginx-plus-ingress
     steps:
       - name: Checkout Repository
         uses: actions/checkout@v2
       - name: Fetch Cached Artifacts
-        uses: actions/[email protected].4
+        uses: actions/[email protected].5
         with:
           path: ${{ github.workspace }}/nginx-ingress
           key: nginx-ingress-${{ github.run_id }}-${{ github.run_number }}
@@ -167,7 +178,7 @@ jobs:
         with:
           driver-opts: network=host
       - name: Cache Docker layers
-        uses: actions/[email protected].4
+        uses: actions/[email protected].5
         with:
           path: /tmp/.buildx-cache
           key: ${{ runner.os }}-buildx-${{ github.sha }}
@@ -184,7 +195,7 @@ jobs:
           tags: ${{ matrix.image }}:${{ matrix.tag }}
           load: true
           build-args: |
-            BUILD_OS=debian
+            BUILD_OS=${{ matrix.image }}
         if: matrix.type == 'oss'
       - name: Build Plus Docker Image ${{ matrix.image }}
         uses: docker/build-push-action@v2
@@ -200,24 +211,23 @@ jobs:
             "nginx-repo.crt=${{ secrets.KIC_NGINX_CRT }}"
             "nginx-repo.key=${{ secrets.KIC_NGINX_KEY }}"
           build-args: |
-            BUILD_OS=debian-plus
+            BUILD_OS=${{ matrix.image }}
             PLUS=-plus
         if: matrix.type == 'plus'
       - name: Build AP Docker Image ${{ matrix.image }}
         uses: docker/build-push-action@v2
         with:
           file: build/Dockerfile
           context: '.'
-          cache-from: type=local,src=/tmp/.buildx-cache
-          cache-to: type=local,dest=/tmp/.buildx-cache
           target: local
           tags: ${{ matrix.image }}:${{ matrix.tag }}
           load: true
           secrets: |
             "nginx-repo.crt=${{ secrets.KIC_NGINX_AP_CRT }}"
             "nginx-repo.key=${{ secrets.KIC_NGINX_AP_KEY }}"
+            "rhel_license=${{ secrets.KIC_RHEL_LICENSE }}"
           build-args: |
-            BUILD_OS=debian-plus-ap
+            BUILD_OS=${{ matrix.image }}
             PLUS=-plus
         if: matrix.type == 'plus-ap'
       - name: Build Test-Runner Container
@@ -244,7 +254,7 @@ jobs:
           kind create cluster --name ${{ github.run_id }} --image=kindest/node:v${{ env.K8S_VERSION }} --config kind-config.yaml --kubeconfig kube-${{ github.run_id }} --wait ${{ env.K8S_TIMEOUT }}
           kind load docker-image ${{ matrix.image }}:${{ matrix.tag }} --name ${{ github.run_id }}
           echo ::set-output name=cluster_ip::$(docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' ${{ github.run_id }}-control-plane)
-          echo ::set-output name=cluster::$(echo 'nginx-${{ matrix.type }}-${{ matrix.marker }}')
+          echo ::set-output name=cluster::$(echo 'nginx-${{ matrix.image }}-${{ matrix.marker }}')
       - name: Setup Kubeconfig
         run: |
           sed -i 's|server:.*|server: https://${{ steps.k8s.outputs.cluster_ip }}:6443|' kube-${{ github.run_id }}
@@ -259,7 +269,7 @@ jobs:
           --context=kind-${{ github.run_id }} \
           --image=${{ matrix.image }}:${{ matrix.tag }} \
           --image-pull-policy=Never \
-          --ic-type=${{ matrix.image }} \
+          --ic-type=${{ matrix.ic-type }} \
           --service=nodeport --node-ip=${{ steps.k8s.outputs.cluster_ip }} \
           --html=tests-${{ steps.k8s.outputs.cluster }}.html \
           --self-contained-html \
@@ -273,6 +283,48 @@ jobs:
           path: ${{ github.workspace }}/tests/tests-${{ steps.k8s.outputs.cluster }}.html
         if: always()
 
+  build:
+    name: Build Docker Images
+    runs-on: ubuntu-20.04
+    needs: [binary, unit-tests]
+    if:
+      github.event.pull_request.head.repo.full_name == 'nginxinc/kubernetes-ingress' ||
+      github.event_name == 'push'
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v2
+      - name: Fetch Cached Artifacts
+        uses: actions/[email protected]
+        with:
+          path: ${{ github.workspace }}/nginx-ingress
+          key: nginx-ingress-${{ github.run_id }}-${{ github.run_number }}
+      - name: Docker Buildx
+        uses: docker/setup-buildx-action@v1
+        with:
+          driver-opts: network=host
+      - name: Cache Docker layers
+        uses: actions/[email protected]
+        with:
+          path: /tmp/.buildx-cache
+          key: ${{ runner.os }}-buildx-${{ github.sha }}
+          restore-keys: |
+            ${{ runner.os }}-buildx-
+      - name: Build AP Docker Image ${{ matrix.image }}
+        uses: docker/build-push-action@v2
+        with:
+          file: build/DockerfileWithAppProtectForPlusForOpenShift
+          context: '.'
+          cache-from: type=local,src=/tmp/.buildx-cache
+          cache-to: type=local,dest=/tmp/.buildx-cache
+          target: local
+          tags: nginx-plus-ingress-ap-openshift:${{ github.sha }}
+          secrets: |
+            "nginx-repo.crt=${{ secrets.KIC_NGINX_AP_CRT }}"
+            "nginx-repo.key=${{ secrets.KIC_NGINX_AP_KEY }}"
+            "rhel_license=${{ secrets.KIC_RHEL_LICENSE }}"
+          build-args: |
+            PLUS=-plus
+
   helm-tests:
     name: Helm Tests
     runs-on: ${{ matrix.os }}
@@ -299,7 +351,7 @@ jobs:
       - name: Checkout Repository
         uses: actions/checkout@v2
       - name: Fetch Cached Artifacts
-        uses: actions/[email protected].4
+        uses: actions/[email protected].5
         with:
           path: ${{ github.workspace }}/nginx-ingress
           key: nginx-ingress-${{ github.run_id }}-${{ github.run_number }}
@@ -308,7 +360,7 @@ jobs:
         with:
           driver-opts: network=host
       - name: Docker build cache
-        uses: actions/[email protected].4
+        uses: actions/[email protected].5
         with:
           path: /tmp/.buildx-cache
           key: ${{ runner.os }}-buildx-${{ github.sha }}
@@ -412,7 +464,7 @@ jobs:
         run: |
           echo "::set-output name=sha::$(echo ${GITHUB_SHA} | cut -c1-7)"
       - name: Fetch Cached Artifacts
-        uses: actions/[email protected].4
+        uses: actions/[email protected].5
         with:
           path: ${{ github.workspace }}/nginx-ingress
           key: nginx-ingress-${{ github.run_id }}-${{ github.run_number }}
@@ -421,7 +473,7 @@ jobs:
         with:
           driver-opts: network=host
       - name: Cache Docker layers
-        uses: actions/[email protected].4
+        uses: actions/[email protected].5
         with:
           path: /tmp/.buildx-cache
           key: ${{ runner.os }}-buildx-${{ github.sha }}