nginx
diff --git a/‎.github/data/matrix-smoke-oss.json
Lines changed: 2 additions & 2 deletions b/‎.github/data/matrix-smoke-oss.json
Lines changed: 2 additions & 2 deletions
diff --git a/‎.github/data/matrix-smoke-plus.json
Lines changed: 2 additions & 2 deletions b/‎.github/data/matrix-smoke-plus.json
Lines changed: 2 additions & 2 deletions
diff --git a/‎.github/scripts/variables.sh
Lines changed: 14 additions & 1 deletion b/‎.github/scripts/variables.sh
Lines changed: 14 additions & 1 deletion
diff --git a/‎.github/workflows/ci.yml
Lines changed: 36 additions & 22 deletions b/‎.github/workflows/ci.yml
Lines changed: 36 additions & 22 deletions
diff --git a/‎.github/workflows/dependency-review.yml
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/dependency-review.yml
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/image-promotion.yml
Lines changed: 7 additions & 5 deletions b/‎.github/workflows/image-promotion.yml
Lines changed: 7 additions & 5 deletions
diff --git a/‎.github/workflows/lint-format.yml
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/lint-format.yml
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/scorecards.yml
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/scorecards.yml
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/setup-smoke.yml
Lines changed: 8 additions & 2 deletions b/‎.github/workflows/setup-smoke.yml
Lines changed: 8 additions & 2 deletions
@@ -39,14 +39,14 @@
       "label": "policies 1/2",
       "image": "alpine",
       "type": "oss",
-      "marker": "'policies and not policies_rl and not policies_ac and not policies_jwt and not policies_mtls'",
+      "marker": "'policies and not policies_rl and not policies_ac and not policies_jwt and not policies_mtls and not policies_cache'",
       "platforms": "linux/arm64, linux/amd64"
     },
     {
       "label": "policies 2/2",
       "image": "alpine",
       "type": "oss",
-      "marker": "'policies_rl or policies_ac or policies_jwt or policies_mtls or otel'",
+      "marker": "'policies_rl or policies_ac or policies_jwt or policies_mtls or policies_cache or otel'",
       "platforms": "linux/arm64, linux/amd64"
     },
     {
 
@@ -67,7 +67,7 @@
       "label": "policies 1/3",
       "image": "ubi-9-plus",
       "type": "plus",
-      "marker": "'policies and not policies_ac and not policies_jwt and not policies_mtls and not policies_rl'",
+      "marker": "'policies and not policies_ac and not policies_jwt and not policies_mtls and not policies_rl and not policies_cache'",
       "platforms": "linux/arm64, linux/amd64"
     },
     {
@@ -81,7 +81,7 @@
       "label": "policies 3/3",
       "image": "ubi-9-plus",
       "type": "plus",
-      "marker": "policies_rl",
+      "marker": "'policies_rl or policies_cache'",
       "platforms": "linux/arm64, linux/amd64"
     },
     {
 
@@ -26,7 +26,7 @@ get_tests_md5() {
 }
 
 get_chart_md5() {
-  find charts .github/data/version.txt -type f -exec md5sum {} + | LC_ALL=C sort  | md5sum | awk '{ print $1 }'
+  find charts .github/data/version.txt config/crd/bases -type f -exec md5sum {} + | LC_ALL=C sort  | md5sum | awk '{ print $1 }'
 }
 
 get_actions_md5() {
@@ -49,6 +49,15 @@ get_stable_tag() {
   echo "$(get_build_tag) $(get_tests_md5) $(get_chart_md5) $(get_actions_md5)" | md5sum | awk '{ print $1 }'
 }
 
+get_additional_tag() {
+  if [[ ${REF} =~ /merge$ ]]; then
+    pr=${REF%*/merge}
+    echo "pr-${pr##*/}"
+  else
+    echo "${REF//\//-}"
+  fi
+}
+
 case $INPUT in
   docker_md5)
     echo "docker_md5=$(get_docker_md5)"
@@ -66,6 +75,10 @@ case $INPUT in
     echo "stable_tag=s-$(get_stable_tag)"
     ;;
 
+  additional_tag)
+    echo "additional_tag=$(get_additional_tag)"
+    ;;
+
   *)
     echo "ERROR: option not found"
     exit 2
 
@@ -56,6 +56,7 @@ jobs:
       image_matrix_oss: ${{ steps.vars.outputs.image_matrix_oss }}
       image_matrix_plus: ${{ steps.vars.outputs.image_matrix_plus }}
       image_matrix_nap: ${{ steps.vars.outputs.image_matrix_nap }}
+      docker_build: ${{ steps.docker_build.outputs.docker_build }}
     steps:
       - name: Checkout Repository
         uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
@@ -83,7 +84,7 @@ jobs:
         with:
           go-version-file: go.mod
 
-      - name: Output Variables
+      - name: Configure pipeline Variables
         id: vars
         run: |
           kindest_latest=$(curl -s "https://hub.docker.com/v2/repositories/kindest/node/tags" \
@@ -110,13 +111,7 @@ jobs:
           ./.github/scripts/variables.sh docker_md5 >> $GITHUB_OUTPUT
           ./.github/scripts/variables.sh build_tag >> $GITHUB_OUTPUT
           ./.github/scripts/variables.sh stable_tag >> $GITHUB_OUTPUT
-          ref=${{ github.ref_name }}
-          if [[ $ref =~ merge ]]; then
-            additional_tag="pr-${ref%*/merge}"
-          else
-            additional_tag="${ref//\//-}"
-          fi
-          echo "additional_tag=${additional_tag}" >> $GITHUB_OUTPUT
+          REF=${{ github.ref_name }} ./.github/scripts/variables.sh additional_tag >> $GITHUB_OUTPUT
           echo "image_matrix_oss=$(cat .github/data/matrix-images-oss.json | jq -c)" >> $GITHUB_OUTPUT
           echo "image_matrix_plus=$(cat .github/data/matrix-images-plus.json | jq -c)" >> $GITHUB_OUTPUT
           echo "image_matrix_nap=$(cat .github/data/matrix-images-nap.json | jq -c)" >> $GITHUB_OUTPUT
@@ -150,11 +145,26 @@ jobs:
       - name: Check if stable image exists
         id: stable_exists
         run: |
+          exists=false
           if docker pull gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-ingress:${{ steps.vars.outputs.stable_tag }}; then
-            echo "exists=true" >> $GITHUB_OUTPUT
+            exists=true
           fi
+          echo "exists=${exists}" >> $GITHUB_OUTPUT
         if: ${{ steps.vars.outputs.forked_workflow == 'false' }}
 
+      - name: Check if docker build is needed
+        id: docker_build
+        run: |
+          docker_build="false"
+          if [ "${{ inputs.force }}" = "true" ]; then
+            docker_build="true"
+          elif [ "$forked_workflow" = "true" ] && [ "${{ steps.docs.outputs.docs_only }}" = "false" ]; then
+            docker_build="true"
+          elif [ "$forked_workflow" = "false" ] && [ "${{ steps.docs.outputs.docs_only }}" = "false" ] && [ "${{ steps.stable_exists.outputs.exists }}" = "false" ]; then
+            docker_build="true"
+          fi
+          echo "docker_build=${docker_build}" >> $GITHUB_OUTPUT
+
       - name: Output variables
         run: |
           echo docs_only: ${{ github.event.pull_request && steps.docs.outputs.docs_only == 'true' }}
@@ -173,6 +183,7 @@ jobs:
           echo 'image_matrix_oss: ${{ steps.vars.outputs.image_matrix_oss }}'
           echo 'image_matrix_plus: ${{ steps.vars.outputs.image_matrix_plus }}'
           echo 'image_matrix_nap: ${{ steps.vars.outputs.image_matrix_nap }}'
+          echo 'docker_build: ${{ steps.docker_build.outputs.docker_build }}'
 
   verify-codegen:
     name: Verify generated code
@@ -200,7 +211,7 @@ jobs:
               password ${{ secrets.ARTIFACTORY_TOKEN }}
           EOF
           chmod 600 $HOME/.netrc
-        if: ${{ needs.checks.outputs.binary_cache_hit != 'true' && needs.checks.outputs.forked_workflow != 'true' }}
+        if: ${{ inputs.force || (needs.checks.outputs.binary_cache_hit != 'true' && needs.checks.outputs.forked_workflow != 'true') }}
 
       - name: Check if go.mod and go.sum are up to date
         run: go mod tidy && git diff --exit-code -- go.mod go.sum
@@ -251,7 +262,7 @@ jobs:
               password ${{ secrets.ARTIFACTORY_TOKEN }}
           EOF
           chmod 600 $HOME/.netrc
-        if: ${{ needs.checks.outputs.binary_cache_hit != 'true' && needs.checks.outputs.forked_workflow != 'true' }}
+        if: ${{ inputs.force || (needs.checks.outputs.binary_cache_hit != 'true' && needs.checks.outputs.forked_workflow != 'true') }}
 
       - name: Run Tests
         run: make cover
@@ -289,7 +300,7 @@ jobs:
         uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
         with:
           go-version-file: go.mod
-        if: ${{ (inputs.force && inputs.force || false) || needs.checks.outputs.binary_cache_hit != 'true' }}
+        if: ${{ inputs.force || needs.checks.outputs.binary_cache_hit != 'true' }}
 
       - name: Setup netrc
         run: |
@@ -299,7 +310,7 @@ jobs:
               password ${{ secrets.ARTIFACTORY_TOKEN }}
           EOF
           chmod 600 $HOME/.netrc
-        if: ${{ needs.checks.outputs.binary_cache_hit != 'true' && needs.checks.outputs.forked_workflow != 'true' }}
+        if: ${{ inputs.force || (needs.checks.outputs.binary_cache_hit != 'true' && needs.checks.outputs.forked_workflow != 'true') }}
 
       - name: Build binaries
         uses: goreleaser/goreleaser-action@e435ccd777264be153ace6237001ef4d979d3a7a # v6.4.0
@@ -319,14 +330,14 @@ jobs:
           AWS_NAP_WAF_DOS_PRODUCT_CODE: ${{ secrets.AWS_NAP_WAF_DOS_PRODUCT_CODE }}
           AWS_NAP_WAF_DOS_PUB_KEY: ${{ secrets.AWS_NAP_WAF_DOS_PUB_KEY }}
           GORELEASER_CURRENT_TAG: "v${{ needs.checks.outputs.ic_version }}"
-        if: ${{ (inputs.force && inputs.force || false) || needs.checks.outputs.binary_cache_hit != 'true' }}
+        if: ${{ inputs.force || needs.checks.outputs.binary_cache_hit != 'true' }}
 
       - name: Store Artifacts in Cache
         uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
         with:
           path: ${{ github.workspace }}/dist
           key: nginx-ingress-${{ needs.checks.outputs.go_code_md5 }}
-        if: ${{ (inputs.force && inputs.force || false) || needs.checks.outputs.binary_cache_hit != 'true' }}
+        if: ${{ inputs.force || needs.checks.outputs.binary_cache_hit != 'true' }}
 
   build-docker:
     name: Build Docker OSS
@@ -341,7 +352,7 @@ jobs:
       go-md5: ${{ needs.checks.outputs.go_code_md5 }}
       base-image-md5: ${{ needs.checks.outputs.docker_md5 }}
       authenticated: ${{ needs.checks.outputs.forked_workflow != 'true' }}
-      full-build: ${{ inputs.force && inputs.force || false }}
+      full-build: ${{ inputs.force }}
       tag: ${{ needs.checks.outputs.build_tag }}
       branch: ${{ (github.head_ref && needs.checks.outputs.forked_workflow != 'true') && github.head_ref || github.ref }}
       ic-version: ${{ needs.checks.outputs.ic_version }}
@@ -352,7 +363,7 @@ jobs:
       packages: write
       pull-requests: write # for scout report
     secrets: inherit
-    if: ${{ inputs.force || (needs.checks.outputs.forked_workflow == 'true' && needs.checks.outputs.docs_only == 'false') || (needs.checks.outputs.forked_workflow == 'false' && needs.checks.outputs.stable_image_exists != 'true' && needs.checks.outputs.docs_only == 'false') }}
+    if: ${{ needs.checks.outputs.docker_build == 'true' }}
 
   build-docker-plus:
     name: Build Docker Plus
@@ -370,14 +381,14 @@ jobs:
       branch: ${{ (github.head_ref && needs.checks.outputs.forked_workflow != 'true') && github.head_ref || github.ref }}
       tag: ${{ needs.checks.outputs.build_tag }}
       authenticated: ${{ needs.checks.outputs.forked_workflow != 'true' }}
-      full-build: ${{ inputs.force && inputs.force || false }}
+      full-build: ${{ inputs.force }}
       ic-version: ${{ needs.checks.outputs.ic_version }}
     permissions:
       contents: read
       id-token: write
       pull-requests: write # for scout report
     secrets: inherit
-    if: ${{ inputs.force || (needs.checks.outputs.forked_workflow == 'true' && needs.checks.outputs.docs_only == 'false') || (needs.checks.outputs.forked_workflow == 'false' && needs.checks.outputs.stable_image_exists != 'true' && needs.checks.outputs.docs_only == 'false') }}
+    if: ${{ needs.checks.outputs.docker_build == 'true' }}
 
   build-docker-nap:
     name: Build Docker NAP
@@ -396,14 +407,14 @@ jobs:
       tag: ${{ needs.checks.outputs.build_tag }}
       nap-modules: ${{ matrix.nap_modules }}
       authenticated: ${{ needs.checks.outputs.forked_workflow != 'true' }}
-      full-build: ${{ inputs.force && inputs.force || false }}
+      full-build: ${{ inputs.force }}
       ic-version: ${{ needs.checks.outputs.ic_version }}
     permissions:
       contents: read
       id-token: write # gcr login
       pull-requests: write # for scout report
     secrets: inherit
-    if: ${{ inputs.force || (needs.checks.outputs.forked_workflow == 'true' && needs.checks.outputs.docs_only == 'false') || (needs.checks.outputs.forked_workflow == 'false' && needs.checks.outputs.stable_image_exists != 'true' && needs.checks.outputs.docs_only == 'false') }}
+    if: ${{ needs.checks.outputs.docker_build == 'true' }}
 
   tag-target:
     name: Tag untested image with PR number
@@ -706,6 +717,7 @@ jobs:
       stable-tag: ${{ needs.checks.outputs.stable_tag }}
       authenticated: ${{ needs.checks.outputs.forked_workflow != 'true' }}
       k8s-version: ${{ matrix.k8s }}
+      force: ${{ inputs.run_tests }}
 
   smoke-tests-plus:
     if: ${{ inputs.force || (inputs.run_tests && inputs.run_tests || true) || needs.checks.outputs.docs_only != 'true' }}
@@ -733,6 +745,7 @@ jobs:
       stable-tag: ${{ needs.checks.outputs.stable_tag }}
       authenticated: ${{ needs.checks.outputs.forked_workflow != 'true' }}
       k8s-version: ${{ matrix.k8s }}
+      force: ${{ inputs.run_tests }}
 
   smoke-tests-nap:
     if: ${{ inputs.force || (inputs.run_tests && inputs.run_tests || true) || needs.checks.outputs.docs_only != 'true' }}
@@ -760,6 +773,7 @@ jobs:
       stable-tag: ${{ needs.checks.outputs.stable_tag }}
       authenticated: ${{ needs.checks.outputs.forked_workflow != 'true' }}
       k8s-version: ${{ matrix.k8s }}
+      force: ${{ inputs.run_tests }}
 
   tag-stable:
     name: Tag tested image as stable
@@ -835,4 +849,4 @@ jobs:
       pull-requests: write # for scout report
     uses: ./.github/workflows/image-promotion.yml
     secrets: inherit
-    if: ${{ inputs.force && inputs.force || false }}
+    if: ${{ inputs.force }}
@@ -24,7 +24,7 @@ jobs:
         uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
 
       - name: "Dependency Review"
-        uses: actions/dependency-review-action@da24556b548a50705dd671f47852072ea4c105d9 # v4.7.1
+        uses: actions/dependency-review-action@bc41886e18ea39df68b1b1245f4184881938e050 # v4.7.2
         with:
           config-file: "nginx/k8s-common/dependency-review-config.yml@main"
           base-ref: ${{ github.event.pull_request.base.sha || github.event.repository.default_branch }}
 
@@ -47,6 +47,7 @@ jobs:
       image_matrix_oss: ${{ steps.vars.outputs.image_matrix_oss }}
       image_matrix_plus: ${{ steps.vars.outputs.image_matrix_plus }}
       image_matrix_nap: ${{ steps.vars.outputs.image_matrix_nap }}
+      additional_tag: ${{ steps.vars.outputs.additional_tag }}
     steps:
       - name: Checkout Repository
         uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
@@ -71,6 +72,7 @@ jobs:
           echo "image_matrix_oss=$(cat .github/data/matrix-images-oss.json | jq -c)" >> $GITHUB_OUTPUT
           echo "image_matrix_plus=$(cat .github/data/matrix-images-plus.json | jq -c)" >> $GITHUB_OUTPUT
           echo "image_matrix_nap=$(cat .github/data/matrix-images-nap.json | jq -c)" >> $GITHUB_OUTPUT
+          REF=${{ github.ref_name }} ./.github/scripts/variables.sh additional_tag >> $GITHUB_OUTPUT
 
       - name: Fetch Cached Binary Artifacts
         id: binary-cache
@@ -158,7 +160,7 @@ jobs:
           fi
 
       - name: Upload SARIF file
-        uses: github/codeql-action/upload-sarif@df559355d593797519d70b90fc8edd5db049e7a2 # v3.29.9
+        uses: github/codeql-action/upload-sarif@96f518a34f7a870018057716cc4d7a5c014bd61c # v3.29.10
         if: steps.check-sarif.outputs.sarif_has_results == 'true'
         with:
           sarif_file: govulncheck.sarif
@@ -328,7 +330,7 @@ jobs:
     uses: ./.github/workflows/retag-images.yml
     with:
       source_tag: ${{ needs.checks.outputs.stable_tag }}
-      target_tag: ${{ github.ref_name == github.event.repository.default_branch && 'edge' || github.ref_name }}
+      target_tag: ${{ github.ref_name == github.event.repository.default_branch && 'edge' || needs.checks.outputs.additional_tag }}
       dry_run: false
     secrets: inherit
     if: ${{ !cancelled() && !failure() }}
@@ -494,7 +496,7 @@ jobs:
           overwrite: true
 
       - name: Upload Scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@df559355d593797519d70b90fc8edd5db049e7a2 # v3.29.9
+        uses: github/codeql-action/upload-sarif@96f518a34f7a870018057716cc4d7a5c014bd61c # v3.29.10
         with:
           sarif_file: "${{ steps.directory.outputs.directory }}/"
 
@@ -583,7 +585,7 @@ jobs:
           overwrite: true
 
       - name: Upload Scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@df559355d593797519d70b90fc8edd5db049e7a2 # v3.29.9
+        uses: github/codeql-action/upload-sarif@96f518a34f7a870018057716cc4d7a5c014bd61c # v3.29.10
         with:
           sarif_file: "${{ steps.directory.outputs.directory }}/"
 
@@ -679,7 +681,7 @@ jobs:
           overwrite: true
 
       - name: Upload Scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@df559355d593797519d70b90fc8edd5db049e7a2 # v3.29.9
+        uses: github/codeql-action/upload-sarif@96f518a34f7a870018057716cc4d7a5c014bd61c # v3.29.10
         with:
           sarif_file: "${{ steps.directory.outputs.directory }}/"
         continue-on-error: true
 
@@ -63,7 +63,7 @@ jobs:
       - name: Checkout Repository
         uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
 
-      - uses: reviewdog/action-actionlint@50b75b9513baa71e6a1899a1ebaa9ac9851cf16c # v1.66.0
+      - uses: reviewdog/action-actionlint@e37e2ca68a70112d21e135229272da28ce2d0d5a # v1.66.1
         with:
           actionlint_flags: -shellcheck ""
 
 
@@ -57,6 +57,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@df559355d593797519d70b90fc8edd5db049e7a2 # v3.29.9
+        uses: github/codeql-action/upload-sarif@96f518a34f7a870018057716cc4d7a5c014bd61c # v3.29.10
         with:
           sarif_file: results.sarif
@@ -33,6 +33,9 @@ on:
       k8s-version:
         required: true
         type: string
+      force:
+        required: true
+        type: boolean
 
 defaults:
   run:
@@ -81,6 +84,9 @@ jobs:
           if docker pull ${{ steps.image_details.outputs.name }}:${{ steps.image_details.outputs.stable_tag }}; then
             echo "exists=true" >> $GITHUB_OUTPUT
           fi
+          if [ "${{ inputs.force }}" = "true" ]; then
+            echo "exists=false" >> $GITHUB_OUTPUT
+          fi
         if: ${{ inputs.authenticated }}
 
       - name: NAP modules
@@ -103,15 +109,15 @@ jobs:
           fail-on-cache-miss: true
         if: ${{ !inputs.authenticated }}
 
-      - name: Check if test image exists
+      - name: Check if pytest image exists
         id: check-image
         run: |
           docker manifest inspect "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/test-runner:${{ hashFiles('./tests/requirements.txt', './tests/Dockerfile') || 'latest' }}"
         shell: bash
         continue-on-error: true
         if: ${{ inputs.authenticated  }}
 
-      - name: Build Test-Runner Container
+      - name: Build Pytest-Runner Container
         uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
         with:
           file: tests/Dockerfile