nginx
diff --git a/‎.dockerignore
+3-1 b/‎.dockerignore
+3-1
diff --git a/‎.github/actions/smoke-tests/action.yaml
+3-2 b/‎.github/actions/smoke-tests/action.yaml
+3-2
diff --git a/‎.github/labeler.yml
+22 b/‎.github/labeler.yml
+22
diff --git a/‎.github/release-drafter.yml
-33 b/‎.github/release-drafter.yml
-33
diff --git a/‎.github/workflows/ci.yml
+89-61 b/‎.github/workflows/ci.yml
+89-61
diff --git a/‎.github/workflows/labeler.yml
+14 b/‎.github/workflows/labeler.yml
+14
diff --git a/‎.github/workflows/release-drafter-pr.yml
-15 b/‎.github/workflows/release-drafter-pr.yml
-15
diff --git a/‎.github/workflows/stale.yml
+1-1 b/‎.github/workflows/stale.yml
+1-1
diff --git a/‎.goreleaser.yml
+13-4 b/‎.goreleaser.yml
+13-4
diff --git a/‎CHANGELOG.md
+6 b/‎CHANGELOG.md
+6
diff --git a/‎Makefile
+4-3 b/‎Makefile
+4-3
@@ -4,7 +4,9 @@ grafana
 tests/.pytest_cache
 tests/__pycache__
 hack
-.git*
+.git/modules
+.git/rr-cache
+.git/logs
 *.md
 *.crt
 *.key
@@ -64,8 +64,8 @@ runs:
           IC_VERSION=CI
           ${{ contains(inputs.image, 'nap') && 'NAP_MODULES=dos' || '' }}
         secrets: |
-          "nginx-repo.crt=${{ inputs.nginx-crt }}"
-          "nginx-repo.key=${{ inputs.nginx-key }}"
+          ${{ contains(inputs.image, 'plus') && format('"nginx-repo.crt={0}"', inputs.nginx-crt) || '' }}
+          ${{ contains(inputs.image, 'plus') && format('"nginx-repo.key={0}"', inputs.nginx-key) || '' }}
 
     - name: Build Test-Runner Container
       uses: docker/build-push-action@v2
@@ -112,6 +112,7 @@ runs:
         --service=nodeport --node-ip=${{ steps.k8s.outputs.cluster_ip }} \
         --html=tests-${{ steps.k8s.outputs.cluster }}.html \
         --self-contained-html \
+        --durations=10 \
         --show-ic-logs=yes \
         -m ${{ inputs.marker != '' && inputs.marker || '""' }}
       working-directory: ./tests
 
@@ -0,0 +1,22 @@
+enhancement:
+- branch: ['feature/**', 'feat/**', 'enhancement/**', 'enh/**']
+
+bug:
+- branch: ['fix/**', 'bug/**']
+
+chore:
+- branch: ['chore/**']
+
+tests:
+- branch: ['tests/**', 'test/**']
+- tests/**/*
+- perf-tests/**/*
+
+documentation:
+- branch: ['docs/**', 'doc/**']
+- '**/*.md'
+
+dependencies:
+- branch: ['deps/**', 'dep/**', 'dependabot/**']
+- go.mod
+- go.sum
@@ -123,10 +123,89 @@ jobs:
         with:
           files: ./coverage.txt
 
+  helm-tests:
+    name: Helm Tests
+    runs-on: ubuntu-20.04
+    needs: [binary, unit-tests, checks]
+    strategy:
+      matrix:
+        include:
+         - image: debian
+           type: oss
+         - image: debian-plus
+           type: plus
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v3
+      - name: Fetch Cached Artifacts
+        uses: actions/cache@v3
+        with:
+          path: ${{ github.workspace }}/dist
+          key: nginx-ingress-${{ github.run_id }}-${{ github.run_number }}-single
+      - name: Docker Buildx
+        uses: docker/setup-buildx-action@v2
+      - name: Build Docker Image ${{ matrix.image }}
+        uses: docker/build-push-action@v3
+        with:
+          file: build/Dockerfile
+          context: '.'
+          cache-from: type=gha,scope=${{ matrix.image }}
+          cache-to: type=gha,scope=${{ matrix.image }},mode=max
+          target: goreleaser
+          tags: ${{ matrix.type }}:${{ github.sha }}
+          pull: true
+          load: true
+          build-args: |
+            BUILD_OS=${{ matrix.image }}
+            IC_VERSION=CI
+          secrets: |
+            ${{ contains(matrix.type, 'plus') && format('"nginx-repo.crt={0}"', secrets.NGINX_CRT) || '' }}
+            ${{ contains(matrix.type, 'plus') && format('"nginx-repo.key={0}"', secrets.NGINX_KEY) || '' }}
+      - name: Deploy Kubernetes
+        id: k8s
+        run: |
+          kind create cluster --name ${{ github.run_id }} --image=kindest/node:v${{ needs.checks.outputs.k8s_latest }} --wait 75s
+          kind load docker-image ${{ matrix.type }}:${{ github.sha }} --name ${{ github.run_id }}
+      - name: Install Chart
+        run: >
+          helm install
+          ${{ matrix.type }}
+          .
+          --set controller.image.repository=${{ matrix.type }}
+          --set controller.image.tag=${{ github.sha }}
+          --set controller.service.type=NodePort
+          --set controller.nginxplus=${{ contains(matrix.type, 'plus') && 'true' || 'false' }}
+          --wait
+        working-directory: ${{ github.workspace }}/deployments/helm-chart
+      - name: Expose Test Ingresses
+        run: |
+          kubectl port-forward service/${{ matrix.type }}-nginx-ingress 8080:80 &
+          kubectl port-forward service/${{ matrix.type }}-nginx-ingress 8443:443 &
+      - name: Test HTTP
+        run: |
+          counter=0
+          max_attempts=5
+          until [ $(curl --write-out %{http_code} -s --output /dev/null http://localhost:8080) -eq 404 ]; do
+            if [ ${counter} -eq ${max_attempts} ]; then
+              exit 1
+            fi
+            printf '.'; counter=$(($counter+1)); sleep 5;
+          done
+      - name: Test HTTPS
+        run: |
+          counter=0
+          max_attempts=5
+          until [ $(curl --write-out %{http_code} -ks --output /dev/null https://localhost:8443) -eq 404 ]; do
+            if [ ${counter} -eq ${max_attempts} ]; then
+              exit 1
+            fi
+            printf '.'; counter=$(($counter+1)); sleep 5;
+          done
+
   setup-matrix:
     name: Setup Matrix for Smoke Tests
     runs-on: ubuntu-20.04
-    needs: [binary, unit-tests, checks]
+    needs: [checks, helm-tests]
     outputs:
       matrix: ${{ steps.set-matrix.outputs.matrix }}
     steps:
@@ -147,7 +226,7 @@ jobs:
                                                 {\"image\": \"debian-plus-nap\", \"marker\": \"dos\"}], \
                                               \"k8s\": [\"${{ needs.checks.outputs.k8s_latest }}\"]}"
           else
-            echo "::set-output name=matrix::{\"k8s\": [\"1.19.16\", \"1.20.15\", \"1.21.12\", \"1.22.9\", \"1.23.6\", \"${{ needs.checks.outputs.k8s_latest }}\"], \
+            echo "::set-output name=matrix::{\"k8s\": [\"1.19.16\", \"1.20.15\", \"1.21.14\", \"1.22.13\", \"1.23.10\", \"1.24.4\", \"${{ needs.checks.outputs.k8s_latest }}\"], \
                                              \"images\": [{\"image\": \"debian\"}, {\"image\": \"debian-plus\"}]}"
           fi
 
@@ -177,64 +256,6 @@ jobs:
           path: ${{ github.workspace }}/tests/${{ steps.smoke-tests.outputs.test-results-name }}.html
         if: always()
 
-  helm-tests:
-    name: Helm Tests
-    runs-on: ubuntu-20.04
-    needs: [binary, unit-tests, checks]
-    env:
-      NGINX_HTTP_PORT: 8080
-      NGINX_HTTPS_PORT: 8443
-      HELM_TEST_RETRIES: 5
-      HELM_HTTP_POSTFIX: s
-    steps:
-      - name: Checkout Repository
-        uses: actions/checkout@v3
-      - name: Fetch Cached Artifacts
-        uses: actions/cache@v3
-        with:
-          path: ${{ github.workspace }}/dist
-          key: nginx-ingress-${{ github.run_id }}-${{ github.run_number }}-single
-      - name: Docker Buildx
-        uses: docker/setup-buildx-action@v2
-      - name: Build Docker Image nginx-ingress
-        uses: docker/build-push-action@v3
-        with:
-          file: build/Dockerfile
-          context: '.'
-          cache-from: type=gha,scope=debian
-          cache-to: type=gha,scope=debian,mode=max
-          target: goreleaser
-          tags: nginx-ingress:${{ github.sha }}
-          pull: true
-          load: true
-          build-args: BUILD_OS=debian
-      - name: Deploy Kubernetes
-        id: k8s
-        run: |
-          kind create cluster --name ${{ github.run_id }} --image=kindest/node:v${{ needs.checks.outputs.k8s_latest }} --wait 75s
-          kind load docker-image nginx-ingress:${{ github.sha }} --name ${{ github.run_id }}
-      - name: Install Chart
-        run: >
-          helm install
-          oss
-          .
-          --set controller.image.repository=nginx-ingress
-          --set controller.image.tag=${{ github.sha }}
-          --set controller.service.type=NodePort
-          --set controller.nginxplus=false
-          --wait
-        working-directory: ${{ github.workspace }}/deployments/helm-chart
-      - name: Expose Test Ingresses
-        run: |
-          kubectl port-forward service/oss-nginx-ingress ${{ env.NGINX_HTTP_PORT }}:80 &
-          kubectl port-forward service/oss-nginx-ingress ${{ env.NGINX_HTTPS_PORT }}:443 &
-      - name: Test HTTP
-        run: |
-          . tests/ci-files/helm-http-test.sh ${{ env.HELM_TEST_RETRIES }} ${{ env.NGINX_HTTP_PORT }}
-      - name: Test HTTPS
-        run: |
-          . tests/ci-files/helm-http-test.sh ${{ env.HELM_TEST_RETRIES }} ${{ env.NGINX_HTTPS_PORT }} ${{ env.HELM_HTTP_POSTFIX }}
-
   build-binaries:
     name: Build Binaries
     runs-on: ubuntu-20.04
@@ -306,6 +327,11 @@ jobs:
           GOPATH: ${{ needs.checks.outputs.go_path }}
           AWS_PRODUCT_CODE: ${{ secrets.AWS_PRODUCT_CODE }}
           AWS_PUB_KEY: ${{ secrets.AWS_PUB_KEY }}
+          SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_COMMUNITY }}
+          AZURE_STORAGE_ACCOUNT: ${{ secrets.AZURE_STORAGE_ACCOUNT }}
+          AZURE_STORAGE_KEY: ${{ secrets.AZURE_STORAGE_KEY }}
+          AZURE_BUCKET_NAME: ${{ secrets.AZURE_BUCKET_NAME }}
+
       - name: Store Artifacts in Cache
         uses: actions/cache@v3
         with:
@@ -509,7 +535,9 @@ jobs:
             name=gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/release/nginx-ic${{ contains(matrix.image, 'nap') && '-dos' || '' }}/nginx-plus-ingress,enable=${{ startsWith(github.ref, 'refs/tags/') }}
             name=gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/staging/nginx-ic${{ contains(matrix.image, 'nap') && '-dos' || '' }}/nginx-plus-ingress,enable=${{ startsWith(github.ref, 'refs/heads/release') }}
             name=709825985650.dkr.ecr.us-east-1.amazonaws.com/nginx/nginx-plus-ingress,enable=${{ startsWith(github.ref, 'refs/tags/') && contains(matrix.target, 'aws') }}
-          flavor: suffix=${{ contains(matrix.image, 'ubi') && '-ubi' || '' }}${{ contains(matrix.image, 'alpine') && '-alpine' || '' }}${{ contains(matrix.target, 'aws') && '-mktpl' || '' }},onlatest=true
+          flavor: |
+            suffix=${{ contains(matrix.image, 'ubi') && '-ubi' || '' }}${{ contains(matrix.image, 'alpine') && '-alpine' || '' }}${{ contains(matrix.target, 'aws') && '-mktpl' || '' }},onlatest=true
+            latest=${{ contains(matrix.target, 'aws') && 'false' || 'auto' }}
           tags: |
             type=edge
             type=ref,event=branch,enable=${{ startsWith(github.ref, 'refs/heads/release') }}
 
@@ -0,0 +1,14 @@
+name: "Pull Request Labeler"
+on:
+  - pull_request_target
+
+jobs:
+  triage:
+    permissions:
+      contents: read
+      pull-requests: write
+    runs-on: ubuntu-latest
+    steps:
+    - uses: joshdales/labeler@4c74e8446142eeec7aa182f52ea24306a5479850 # if https://github.com/actions/labeler/pull/203 is merged, use the official action actions/labeler
+      with:
+        repo-token: "${{ secrets.GITHUB_TOKEN }}"
@@ -7,7 +7,7 @@ jobs:
   stale:
     runs-on: ubuntu-20.04
     steps:
-      - uses: actions/stale@v5
+      - uses: actions/stale@v6
         with:
           repo-token: ${{ secrets.GITHUB_TOKEN }}
           stale-issue-message: 'This issue is stale because it has been open 90 days with no activity. Remove stale label or comment or this will be closed in 10 days.'
 
@@ -44,7 +44,6 @@ builds:
 
 archives:
   - id: kubernetes-ingress
-    format: binary
     builds: [kubernetes-ingress]
 
 changelog:
@@ -54,13 +53,23 @@ checksum:
   name_template: 'checksums.txt'
 
 sboms:
-  - artifacts: binary
+  - artifacts: archive
     ids: [kubernetes-ingress]
 
 release:
   ids: [kubernetes-ingress]
-  extra_files:
-    - glob: ./dist/**.sbom
+
+blobs:
+  - provider: azblob
+    bucket: '{{.Env.AZURE_BUCKET_NAME}}'
+    extra_files:
+      - glob: ./dist/**.sbom
 
 milestones:
   - close: true
+
+announce:
+  slack:
+    enabled: true
+    channel: '#announcements'
+    message_template: 'NGINX Ingress Controller {{ .Tag }} is out! Check it out: {{ .ReleaseURL }}'
@@ -1,5 +1,11 @@
 # Changelog
 
+### 2.3.1
+
+An automatically generated list of changes can be found on GitHub at: [2.3.1 Release](https://github.com/nginxinc/kubernetes-ingress/releases/tag/v2.3.1)
+
+A curated list of changes can be found on the [Releases](http://docs.nginx.com/nginx-ingress-controller/releases/) page on the NGINX Documentation website.
+
 ### 2.3.0
 
 An automatically generated list of changes can be found on GitHub at: [2.3.0 Release](https://github.com/nginxinc/kubernetes-ingress/releases/tag/v2.3.0)
 
@@ -10,9 +10,10 @@ PREFIX = nginx/nginx-ingress## The name of the image. For example, nginx/nginx-i
 TAG = $(VERSION:v%=%)## The tag of the image. For example, 2.0.0
 TARGET ?= local## The target of the build. Possible values: local, container and download
 override DOCKER_BUILD_OPTIONS += --build-arg IC_VERSION=$(VERSION) --build-arg GIT_COMMIT=$(GIT_COMMIT)## The options for the docker build command. For example, --pull.
+ARCH ?= amd64## The architecture of the image or binary. For example: amd64, arm64, ppc64le, s390x. Not all architectures are supported for all targets.
 
 # final docker build command
-DOCKER_CMD = docker build $(strip $(DOCKER_BUILD_OPTIONS)) --target $(strip $(TARGET)) -f build/Dockerfile -t $(strip $(PREFIX)):$(strip $(TAG)) .
+DOCKER_CMD = docker build --platform linux/$(ARCH) $(strip $(DOCKER_BUILD_OPTIONS)) --target $(strip $(TARGET)) -f build/Dockerfile -t $(strip $(PREFIX)):$(strip $(TAG)) .
 
 export DOCKER_BUILDKIT = 1
 
@@ -71,7 +72,7 @@ build: ## Build Ingress Controller binary
 	@docker -v || (code=$$?; printf "\033[0;31mError\033[0m: there was a problem with Docker\n"; exit $$code)
 ifeq (${TARGET},local)
 	@go version || (code=$$?; printf "\033[0;31mError\033[0m: unable to build locally, try using the parameter TARGET=container or TARGET=download\n"; exit $$code)
-	CGO_ENABLED=0 GOOS=linux go build -trimpath -ldflags "-s -w -X main.version=${VERSION}" -o nginx-ingress github.com/nginxinc/kubernetes-ingress/cmd/nginx-ingress
+	CGO_ENABLED=0 GOOS=linux GOARCH=$(ARCH) go build -trimpath -ldflags "-s -w -X main.version=${VERSION}" -o nginx-ingress github.com/nginxinc/kubernetes-ingress/cmd/nginx-ingress
 else ifeq (${TARGET},download)
 	@$(MAKE) download-binary-docker
 endif
@@ -89,7 +90,7 @@ endif
 .PHONY: build-goreleaser
 build-goreleaser: ## Build Ingress Controller binary using GoReleaser
 	@goreleaser -v || (code=$$?; printf "\033[0;31mError\033[0m: there was a problem with GoReleaser. Follow the docs to install it https://goreleaser.com/install\n"; exit $$code)
-	GOOS=linux GOPATH=$(shell go env GOPATH) goreleaser build --rm-dist --debug --snapshot --id kubernetes-ingress --single-target
+	GOOS=linux GOPATH=$(shell go env GOPATH) GOARCH=$(ARCH) goreleaser build --rm-dist --debug --snapshot --id kubernetes-ingress --single-target
 
 .PHONY: debian-image
 debian-image: build ## Create Docker image for Ingress Controller (Debian)