Skip to content

Build WAF image in pipeline #3606

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: feat/nap-waf
Choose a base branch
from
Open

Build WAF image in pipeline #3606

wants to merge 1 commit into from
+62 −24

Conversation

ciarams87
Copy link
Contributor

Proposed changes

Problem: The NGINX Plus NAP WAF image is not being built in the pipeline

Solution: Extend the workflow to build the image in the pipeline

Partially implements #3452

Checklist

Before creating a PR, run through this checklist and mark each as complete.

  • I have read the CONTRIBUTING doc
  • I have added tests that prove my fix is effective or that my feature works
  • I have checked that all unit tests pass after adding my changes
  • I have updated necessary documentation
  • I have rebased my branch onto main
  • I will ensure my PR is targeting the main branch and pulling from my branch from my own fork

Release notes

If this PR introduces a change that affects users and needs to be mentioned in the release notes,
please add a brief note that summarizes the change.

NONE

@ciarams87 ciarams87 requested a review from a team as a code owner July 9, 2025 13:37
@github-actions github-actions bot added documentation Improvements or additions to documentation chore Pull requests for routine tasks labels Jul 9, 2025
sjberman
sjberman reviewed Jul 9, 2025
View reviewed changes
README.md
| 1.0.0 | 0.8.1 | 1.23+ | 1.25.2 | n/a | --- |
| NGINX Gateway Fabric | Gateway API | Kubernetes | NGINX OSS | NGINX Plus | NGINX Agent | NGINX NAP WAF |
|----------------------|-------------|------------|-----------|------------|-------------|---------------|
| Edge | 1.3.0 | 1.25+ | 1.28.0 | R34 | v3.0.3 | 5.7.0. |
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
| Edge | 1.3.0 | 1.25+ | 1.28.0 | R34 | v3.0.3 | 5.7.0. |
| Edge | 1.3.0 | 1.25+ | 1.28.0 | R34 | v3.0.3 | 5.7.0 |

.github/workflows/build.yml
secrets: |
${{ contains(inputs.image, 'plus') && format('"nginx-repo.crt={0}"', secrets.NGINX_CRT) || '' }}
${{ contains(inputs.image, 'plus') && format('"nginx-repo.key={0}"', secrets.NGINX_KEY) || '' }}

- name: Inspect SBOM and output manifest
run: |
if [[ "${{ inputs.image }}" == "plus-waf" ]]; then
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  1. Why does the docker buildx method not work for this?
  2. Should we make this more structured, and have a Download Syft step (like in ci.yml) for this image, rather than too much scripting?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  1. I think including a non open source package causes issues with the inspection. An error like ERROR: template: :1:9: executing "" at <index .SBOM "linux/amd64">: error calling index: can't index item of type imagetools.sbomStub occurs - see https://github.com/nginx/nginx-gateway-fabric/actions/runs/15971343514/job/45043600174
  2. Yeah that makes sense!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sjberman sjberman sjberman left review comments

Assignees
No one assigned
Labels
chore Pull requests for routine tasks documentation Improvements or additions to documentation
Projects
NGINX Gateway Fabric
Status: 🆕 New
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ciarams87 @sjberman