NODE-5787 Sync with upstream controller v1.11.3

.github/dependabot.yml

@@ -1,7 +1,15 @@
----
 version: 2
 updates:
   - package-ecosystem: "github-actions"
     directory: "/"
     schedule:
-        interval: "weekly"
+      interval: "weekly"
+    labels:
+      - "area/dependency"
+      - "release-note-none"
+      - "ok-to-test"
+    groups:
+      actions:
+        update-types:
+          - "minor"
+          - "patch"

.github/workflows/ci.yaml

@@ -126,7 +126,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        k8s: [v1.23.13, v1.27.1]
+        k8s: [v1.26.15, v1.30.0]
         ARCH: [amd64, arm64]
         include:
           - ARCH: amd64
@@ -254,7 +254,7 @@ jobs:
           password: ${{ steps.secrets.outputs.DOCKERHUB_PASSWORD }}
 
       - name: Create cluster
-        run: kind create cluster --image=kindest/node:v1.25.8 --config test/e2e/kind.yaml
+        run: kind create cluster --image=kindest/node:v1.26.15 --config test/e2e/kind.yaml
 
       - name: Run chart testing ${{ matrix.method }}
         env:
@@ -313,7 +313,7 @@ jobs:
           password: ${{ steps.secrets.outputs.DOCKERHUB_PASSWORD }}
 
       - name: Create cluster
-        run: kind create cluster --image=kindest/node:v1.25.8 --config test/e2e/kind.yaml
+        run: kind create cluster --image=kindest/node:v1.26.15 --config test/e2e/kind.yaml
 
       - name: Run e2e tests
         env:
@@ -340,9 +340,9 @@ jobs:
     env:
       ARCH: amd64
     strategy:
-      fail-fast: true
+      fail-fast: false
       matrix:
-        k8s: [v1.24.12, v1.25.8, v1.26.3,v1.27.1, v1.28.0]
+        k8s: [v1.26.15, v1.27.13, v1.28.9, v1.29.4, v1.30.0]
 
     steps:
       - name: Import secrets
@@ -393,7 +393,7 @@ jobs:
           DOCKERHUB_PASSWORD: ${{ steps.secrets.outputs.DOCKERHUB_PASSWORD }}
         run: |
           kind get kubeconfig > $HOME/.kube/kind-config-kind
-          make E2E_NODES=7 kind-e2e-test
+          make E2E_NODES=5 kind-e2e-test
 
 
 

.github/workflows/depreview.yaml

@@ -9,6 +9,6 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: 'Checkout Repository'
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
       - name: 'Dependency Review'
-        uses: actions/dependency-review-action@72eb03d02c7872a771aacd928f3123ac62ad6d3a # v4.3.3
+        uses: actions/dependency-review-action@5a2ce3f5b92ee19cbb1541a4984c76d921601d7c # v4.3.4

.github/workflows/golangci-lint.yml

@@ -2,13 +2,9 @@ name: golangci-lint
 
 on:
   pull_request:
-  push:
-    branches:
-      - main
-    paths-ignore:
-      - 'docs/**'
-      - 'deploy/**'
-      - '**.md'
+    paths:
+      - '**/*.go'
+      - '.github/workflows/golangci-lint.yml'
 
 permissions:
   contents: read
@@ -19,16 +15,19 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-
+        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+
+      - name: Get go version
+        run: echo "GOLANG_VERSION=$(cat GOLANG_VERSION)" >> $GITHUB_ENV
+
       - name: Set up Go
         id: go
-        uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
+        uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
         with:
-          go-version: '1.21.11'
+          go-version: ${{ env.GOLANG_VERSION }}
           check-latest: true
-      
+
       - name: golangci-lint
-        uses: golangci/golangci-lint-action@a4f60bb28d35aeee14e6880718e0c85ff1882e64 # v6.0.1
+        uses: golangci/golangci-lint-action@971e284b6050e8a5849b72094c50ab08da042db8 # v6.1.1
         with:
-          version: v1.55.2
+          version: v1.56

.github/workflows/perftest.yaml

@@ -19,7 +19,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
 
       - name: Install K6
         run: |

.github/workflows/scorecards.yml

@@ -27,12 +27,12 @@ jobs:
 
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
         with:
           persist-credentials: false
 
       - name: "Run analysis"
-        uses: ossf/scorecard-action@dc50aa9510b46c811795eb24b2f1ba02a914e534 # v2.3.3
+        uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0
         with:
           results_file: results.sarif
           results_format: sarif
@@ -51,14 +51,14 @@ jobs:
       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
       # format to the repository Actions tab.
       - name: "Upload artifact"
-        uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6
+        uses: actions/upload-artifact@604373da6381bf24206979c74d06a550515601b9 # v4.4.1
         with:
           name: SARIF file
           path: results.sarif
           retention-days: 5
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@429e1977040da7a23b6822b13c129cd1ba93dbb2 # v2.1.37
+        uses: github/codeql-action/upload-sarif@c36620d31ac7c881962c3d9dd939c40ec9434f2b # v3.26.12
         with:
           sarif_file: results.sarif

.github/workflows/vulnerability-scans.yaml

@@ -22,7 +22,7 @@ jobs:
       tag: ${{ steps.version.outputs.tag }}
     steps:
       - name: Checkout code
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
+        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
         with:
           fetch-depth: 0
 
@@ -32,22 +32,22 @@ jobs:
         run: |
           TAG=$(cat TAG)
           echo "TAG: ${TAG}"
-          echo "::set-output name=tag::${TAG}"
+          echo "tag=${TAG}" >> $GITHUB_OUTPUT
 
   scan:
     runs-on: ubuntu-latest
     needs: version
     steps:
     - name: Checkout code
-      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
+      uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
 
     - shell: bash
       id: test
-      run: echo "Scanning registry.k8s.io/ingress-nginx/controller@${{ needs.version.outputs.tag }}"
+      run: echo "Scanning docker.io/wallarm/ingress-controller@${{ needs.version.outputs.tag }}"
 
     - name: Scan image with AquaSec/Trivy
       id: scan
-      uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 #v0.5.1
+      uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 # v0.24.0
       with:
         image-ref: docker.io/wallarm/ingress-controller:${{ needs.version.outputs.tag }}
         format: 'sarif'
@@ -62,7 +62,7 @@ jobs:
 
     # This step checks out a copy of your repository.
     - name: Upload SARIF file
-      uses: github/codeql-action/upload-sarif@429e1977040da7a23b6822b13c129cd1ba93dbb2 # v2.1.37
+      uses: github/codeql-action/upload-sarif@c36620d31ac7c881962c3d9dd939c40ec9434f2b # v3.26.12
       with:
         token: ${{ github.token }}
         # Path to SARIF file relative to the root of the repository
@@ -74,6 +74,6 @@ jobs:
         TRIVY_COUNT=$(cat ${{ github.workspace }}/trivy-results-${{ needs.version.outputs.tag }}.sarif | jq '.runs[0].results | length')
         echo "TRIVY_COUNT: $TRIVY_COUNT"
         echo "Image Vulnerability scan output" >> $GITHUB_STEP_SUMMARY
-        echo "Image ID: registry.k8s.io/ingress-nginx/controller@${{ needs.version.outputs.tag }}" >> $GITHUB_STEP_SUMMARY
+        echo "Image ID: docker.io/wallarm/ingress-controller@${{ needs.version.outputs.tag }}" >> $GITHUB_STEP_SUMMARY
         echo "" >> $GITHUB_STEP_SUMMARY
         echo "Trivy Count: $TRIVY_COUNT" >> $GITHUB_STEP_SUMMARY

.gitignore

@@ -1,4 +1,3 @@
-helm-docs
 # OSX
 ._*
 .DS_Store

.golangci.yml

@@ -200,9 +200,7 @@ linters-settings:
       - stringConcatSimplify
       - stringsCompare
       - switchTrue
-      - timeCmpSimplify
       - timeExprSimplify
-      - todoCommentWithoutDetail
       - tooManyResultsChecker
       - typeAssertChain
       - typeDefFirst

AIO_BASE

@@ -1 +1 @@
-5.1.0
+5.1.1-rcingress