diff --git a/.github/workflows/build-base-images.yml b/.github/workflows/build-base-images.yml index dcb25cae0..ec1c6b782 100644 --- a/.github/workflows/build-base-images.yml +++ b/.github/workflows/build-base-images.yml @@ -20,7 +20,7 @@ permissions: jobs: checks: name: Checks and variables - runs-on: ubuntu-24.04 + runs-on: ubuntu-22.04 outputs: docker_md5: ${{ steps.vars.outputs.docker_md5 }} ic_version: ${{ steps.vars.outputs.ic_version }} @@ -44,7 +44,7 @@ jobs: build-oss: name: Build OSS base images - runs-on: ubuntu-24.04 + runs-on: ubuntu-22.04 needs: checks permissions: contents: read @@ -109,7 +109,7 @@ jobs: build-plus: name: Build Plus base images - runs-on: ubuntu-24.04 + runs-on: ubuntu-22.04 needs: checks permissions: contents: read @@ -177,7 +177,7 @@ jobs: build-plus-nap: name: Build Plus NAP base images - runs-on: ubuntu-24.04 + runs-on: ubuntu-22.04 needs: checks permissions: contents: read diff --git a/.github/workflows/build-oss.yml b/.github/workflows/build-oss.yml index bb833ec01..b0f1badd0 100644 --- a/.github/workflows/build-oss.yml +++ b/.github/workflows/build-oss.yml @@ -41,7 +41,7 @@ permissions: jobs: build: - runs-on: ubuntu-24.04 + runs-on: ubuntu-22.04 permissions: contents: read # for docker/build-push-action to read repo content id-token: write # for OIDC login to GCR diff --git a/.github/workflows/build-ot-dependency.yml b/.github/workflows/build-ot-dependency.yml index 61beb4059..c37cb4091 100644 --- a/.github/workflows/build-ot-dependency.yml +++ b/.github/workflows/build-ot-dependency.yml @@ -23,7 +23,7 @@ permissions: jobs: build-docker: name: Build Docker Image - runs-on: ubuntu-24.04 + runs-on: ubuntu-22.04 permissions: packages: write contents: read diff --git a/.github/workflows/build-plus.yml b/.github/workflows/build-plus.yml index 662bbdfc2..a4c0004f4 100644 --- a/.github/workflows/build-plus.yml +++ b/.github/workflows/build-plus.yml @@ -51,7 +51,7 @@ jobs: contents: read # for docker/build-push-action to read repo content id-token: write # for OIDC login to AWS pull-requests: write # for scout report - runs-on: ubuntu-24.04 + runs-on: ubuntu-22.04 steps: - name: Checkout Repository uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 diff --git a/.github/workflows/build-single-image.yml b/.github/workflows/build-single-image.yml index 60c0c3f22..79d9e09b5 100644 --- a/.github/workflows/build-single-image.yml +++ b/.github/workflows/build-single-image.yml @@ -42,7 +42,7 @@ jobs: permissions: contents: read # for docker/build-push-action to read repo content id-token: write # for login to GCP - runs-on: ubuntu-24.04 + runs-on: ubuntu-22.04 steps: - name: Checkout Repository uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 diff --git a/.github/workflows/build-test-image.yml b/.github/workflows/build-test-image.yml index cbc9823ed..53323a889 100644 --- a/.github/workflows/build-test-image.yml +++ b/.github/workflows/build-test-image.yml @@ -25,7 +25,7 @@ permissions: jobs: build: name: Build test image - runs-on: ubuntu-24.04 + runs-on: ubuntu-22.04 steps: - name: Checkout Repository uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 diff --git a/.github/workflows/build-ubi-dependency.yml b/.github/workflows/build-ubi-dependency.yml index 6248ab443..c45ac9b03 100644 --- a/.github/workflows/build-ubi-dependency.yml +++ b/.github/workflows/build-ubi-dependency.yml @@ -31,7 +31,7 @@ permissions: jobs: checks: name: Check versions - runs-on: ubuntu-24.04 + runs-on: ubuntu-22.04 permissions: packages: read contents: read @@ -81,7 +81,7 @@ jobs: name: Build Binary Container Image if: ${{ needs.checks.outputs.target_exists != 'true' || inputs.force }} needs: checks - runs-on: ubuntu-24.04 + runs-on: ubuntu-22.04 permissions: packages: write contents: read diff --git a/.github/workflows/cache-update.yml b/.github/workflows/cache-update.yml index 9b93935a9..eb81562d0 100644 --- a/.github/workflows/cache-update.yml +++ b/.github/workflows/cache-update.yml @@ -17,7 +17,7 @@ permissions: jobs: checks: name: Checks and variables - runs-on: ubuntu-24.04 + runs-on: ubuntu-22.04 outputs: go_code_md5: ${{ steps.vars.outputs.go_code_md5 }} docker_md5: ${{ steps.vars.outputs.docker_md5 }} diff --git a/.github/workflows/certify-ubi-image.yml b/.github/workflows/certify-ubi-image.yml index fd8a5aeac..cdffc92b2 100644 --- a/.github/workflows/certify-ubi-image.yml +++ b/.github/workflows/certify-ubi-image.yml @@ -33,7 +33,7 @@ permissions: jobs: certify-ubi-images: name: Certify OpenShift UBI images - runs-on: ubuntu-24.04 + runs-on: ubuntu-22.04 steps: - name: Checkout uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 diff --git a/.github/workflows/cherry-pick.yml b/.github/workflows/cherry-pick.yml index de97cb604..25713b447 100644 --- a/.github/workflows/cherry-pick.yml +++ b/.github/workflows/cherry-pick.yml @@ -13,7 +13,7 @@ jobs: permissions: contents: write pull-requests: write - runs-on: ubuntu-24.04 + runs-on: ubuntu-22.04 name: Cherry pick into release branch if: ${{ (contains(github.event.pull_request.labels.*.name, 'dependencies') || contains(github.event.pull_request.labels.*.name, 'needs cherry pick')) && github.event.pull_request.merged == true }} steps: diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 1afa8d865..ed9a38eaa 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -29,7 +29,7 @@ permissions: jobs: checks: name: Checks and variables - runs-on: ubuntu-24.04 + runs-on: ubuntu-22.04 permissions: contents: read id-token: write @@ -88,7 +88,7 @@ jobs: id: vars run: | kindest_latest=$(curl -s "https://hub.docker.com/v2/repositories/kindest/node/tags" \ - | jq -r .results.[].name \ + | jq -r '.results[].name' \ | grep -E '^v[0-9]+\.[0-9]+\.[0-9]+$' \ | sort -rV \ | grep -v v1.32.1 \ @@ -171,7 +171,7 @@ jobs: verify-codegen: name: Verify generated code - runs-on: ubuntu-24.04 + runs-on: ubuntu-22.04 permissions: contents: read needs: checks @@ -210,7 +210,7 @@ jobs: unit-tests: name: Unit Tests - runs-on: ubuntu-24.04 + runs-on: ubuntu-22.04 needs: checks steps: - name: Checkout Repository @@ -242,7 +242,7 @@ jobs: binaries: name: Build Binaries - runs-on: ubuntu-24.04 + runs-on: ubuntu-22.04 needs: [checks, unit-tests, verify-codegen] permissions: contents: write # for goreleaser/goreleaser-action to manage releases @@ -380,7 +380,7 @@ jobs: helm-tests: if: ${{ needs.checks.outputs.docs_only != 'true' }} name: Helm Tests ${{ matrix.base-os }} - runs-on: ubuntu-24.04 + runs-on: ubuntu-22.04 needs: [checks, binaries, build-docker, build-docker-plus] strategy: fail-fast: false @@ -519,7 +519,7 @@ jobs: setup-matrix: if: ${{ inputs.force || needs.checks.outputs.docs_only != 'true' }} name: Setup Matrix for Smoke Tests - runs-on: ubuntu-24.04 + runs-on: ubuntu-22.04 needs: [binaries, checks] permissions: contents: read @@ -675,7 +675,7 @@ jobs: final-results: if: ${{ !cancelled() }} - runs-on: ubuntu-24.04 + runs-on: ubuntu-22.04 name: Final CI Results needs: [tag-stable, build-docker, build-docker-plus, build-docker-nap, smoke-tests-oss, smoke-tests-plus, smoke-tests-nap] steps: diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 8c00bb3e7..e94e2a0d1 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -23,7 +23,7 @@ permissions: jobs: checks: name: Checks and variables - runs-on: ubuntu-24.04 + runs-on: ubuntu-22.04 outputs: docs_only: ${{ github.event.pull_request && steps.docs.outputs.docs_only == 'true' }} steps: @@ -53,7 +53,7 @@ jobs: contents: read # for actions/checkout to fetch code security-events: write # for github/codeql-action/autobuild to send a status report name: Analyze - runs-on: ubuntu-24.04 + runs-on: ubuntu-22.04 strategy: fail-fast: false diff --git a/.github/workflows/dependabot-auto-merge.yml b/.github/workflows/dependabot-auto-merge.yml index 9008df82d..74e35581a 100644 --- a/.github/workflows/dependabot-auto-merge.yml +++ b/.github/workflows/dependabot-auto-merge.yml @@ -6,7 +6,7 @@ permissions: jobs: dependabot: - runs-on: ubuntu-24.04 + runs-on: ubuntu-22.04 if: ${{ github.event.pull_request.user.login == 'dependabot[bot]' }} permissions: pull-requests: write diff --git a/.github/workflows/dependabot-hugo.yml b/.github/workflows/dependabot-hugo.yml index 93a6acc0f..89e26e307 100644 --- a/.github/workflows/dependabot-hugo.yml +++ b/.github/workflows/dependabot-hugo.yml @@ -16,7 +16,7 @@ defaults: jobs: build: if: ${{ github.event.pull_request.user.login == 'dependabot[bot]' }} - runs-on: ubuntu-24.04 + runs-on: ubuntu-22.04 permissions: contents: write pull-requests: read diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 3fb715275..5923f9912 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -15,7 +15,7 @@ permissions: jobs: dependency-review: - runs-on: ubuntu-24.04 + runs-on: ubuntu-22.04 permissions: contents: read # for actions/checkout pull-requests: write # for actions/dependency-review-action to post comments diff --git a/.github/workflows/dockerhub-description.yml b/.github/workflows/dockerhub-description.yml index 6522cdaac..84aa981d6 100644 --- a/.github/workflows/dockerhub-description.yml +++ b/.github/workflows/dockerhub-description.yml @@ -16,7 +16,7 @@ permissions: jobs: dockerHubDescription: - runs-on: ubuntu-24.04 + runs-on: ubuntu-22.04 if: ${{ github.event.repository.fork == false }} steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 diff --git a/.github/workflows/fossa.yml b/.github/workflows/fossa.yml index b063b9c93..737ed5fb4 100644 --- a/.github/workflows/fossa.yml +++ b/.github/workflows/fossa.yml @@ -19,7 +19,7 @@ permissions: jobs: scan: name: Fossa - runs-on: ubuntu-24.04 + runs-on: ubuntu-22.04 if: ${{ github.event.repository.fork == false }} steps: - name: Checkout Repository diff --git a/.github/workflows/image-promotion.yml b/.github/workflows/image-promotion.yml index e5d48cf71..0530b2d25 100644 --- a/.github/workflows/image-promotion.yml +++ b/.github/workflows/image-promotion.yml @@ -29,7 +29,7 @@ permissions: jobs: checks: name: Checks and variables - runs-on: ubuntu-24.04 + runs-on: ubuntu-22.04 permissions: contents: read id-token: write @@ -114,7 +114,7 @@ jobs: govulncheck: name: Run govulncheck - runs-on: ubuntu-24.04 + runs-on: ubuntu-22.04 permissions: contents: read security-events: write @@ -150,7 +150,7 @@ jobs: binaries: name: Build Binaries - runs-on: ubuntu-24.04 + runs-on: ubuntu-22.04 needs: [checks] permissions: contents: read @@ -368,7 +368,7 @@ jobs: certify-openshift-images: if: ${{ !cancelled() && !failure() && github.ref_name == github.event.repository.default_branch }} name: Certify OpenShift UBI images - runs-on: ubuntu-24.04 + runs-on: ubuntu-22.04 needs: [release-oss] steps: - name: Checkout Repository @@ -385,7 +385,7 @@ jobs: scan-docker-oss: name: Scan ${{ matrix.image }}-${{ matrix.target }} - runs-on: ubuntu-24.04 + runs-on: ubuntu-22.04 needs: [checks, tag-candidate] permissions: contents: read @@ -474,7 +474,7 @@ jobs: scan-docker-plus: name: Scan ${{ matrix.image }}-${{ matrix.target }} - runs-on: ubuntu-24.04 + runs-on: ubuntu-22.04 needs: [checks, tag-candidate] permissions: contents: read @@ -563,7 +563,7 @@ jobs: scan-docker-nap: name: Scan ${{ matrix.image }}-${{ matrix.target }}-${{ matrix.nap_modules }} - runs-on: ubuntu-24.04 + runs-on: ubuntu-22.04 needs: [checks, tag-candidate] permissions: contents: read @@ -660,7 +660,7 @@ jobs: update-release-draft: name: Update Release Draft - runs-on: ubuntu-24.04 + runs-on: ubuntu-22.04 needs: [checks] permissions: contents: write diff --git a/.github/workflows/issues.yaml b/.github/workflows/issues.yaml index 7473a41b5..02d49c809 100644 --- a/.github/workflows/issues.yaml +++ b/.github/workflows/issues.yaml @@ -11,7 +11,7 @@ jobs: comment: name: Issue comment if: ${{ !github.event.issue.pull_request }} - runs-on: ubuntu-24.04 + runs-on: ubuntu-22.04 permissions: contents: read issues: write # for actions/github-script to create comments diff --git a/.github/workflows/labeler.yml b/.github/workflows/labeler.yml index df4b9be6e..5f1561b80 100644 --- a/.github/workflows/labeler.yml +++ b/.github/workflows/labeler.yml @@ -10,7 +10,7 @@ jobs: permissions: contents: read pull-requests: write # for actions/labeler to add labels - runs-on: ubuntu-24.04 + runs-on: ubuntu-22.04 steps: - name: Checkout Repository uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 diff --git a/.github/workflows/lint-format.yml b/.github/workflows/lint-format.yml index b4a2e21fe..ed9d487c4 100644 --- a/.github/workflows/lint-format.yml +++ b/.github/workflows/lint-format.yml @@ -21,7 +21,7 @@ jobs: format: name: Format - runs-on: ubuntu-24.04 + runs-on: ubuntu-22.04 steps: - name: Checkout Repository uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 @@ -38,7 +38,7 @@ jobs: lint: name: Lint - runs-on: ubuntu-24.04 + runs-on: ubuntu-22.04 permissions: contents: read pull-requests: read # for golangci-lint-action @@ -58,7 +58,7 @@ jobs: actionlint: name: Actionlint - runs-on: ubuntu-24.04 + runs-on: ubuntu-22.04 steps: - name: Checkout Repository uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 @@ -69,7 +69,7 @@ jobs: chart-lint: name: Chart Lint - runs-on: ubuntu-24.04 + runs-on: ubuntu-22.04 steps: - name: Checkout Repository uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 @@ -79,7 +79,7 @@ jobs: markdown-lint: name: Markdown Lint - runs-on: ubuntu-24.04 + runs-on: ubuntu-22.04 steps: - name: Checkout Repository uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 diff --git a/.github/workflows/mend.yml b/.github/workflows/mend.yml index fce35daef..4de781172 100644 --- a/.github/workflows/mend.yml +++ b/.github/workflows/mend.yml @@ -29,7 +29,7 @@ permissions: jobs: scan: name: Mend - runs-on: ubuntu-24.04 + runs-on: ubuntu-22.04 steps: - name: Checkout Repository uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 diff --git a/.github/workflows/notifications.yml b/.github/workflows/notifications.yml index 36e780782..ab7304833 100644 --- a/.github/workflows/notifications.yml +++ b/.github/workflows/notifications.yml @@ -21,7 +21,7 @@ permissions: jobs: on-failure: - runs-on: ubuntu-24.04 + runs-on: ubuntu-22.04 if: ${{ github.event.workflow_run.conclusion == 'failure' && github.event.repository.fork == false }} permissions: contents: read diff --git a/.github/workflows/oss-release.yml b/.github/workflows/oss-release.yml index 4ecb44eb3..107ab6121 100644 --- a/.github/workflows/oss-release.yml +++ b/.github/workflows/oss-release.yml @@ -72,7 +72,7 @@ permissions: jobs: release-to-gcr-release-registry: name: Push images to the GCR Release Registry - runs-on: ubuntu-24.04 + runs-on: ubuntu-22.04 permissions: contents: read id-token: write @@ -110,7 +110,7 @@ jobs: release-oss-to-ecr-public-registry: name: Push OSS images to the AWS Public Registry - runs-on: ubuntu-24.04 + runs-on: ubuntu-22.04 permissions: contents: read id-token: write @@ -159,7 +159,7 @@ jobs: release-oss-to-dockerhub-public-registry: name: Push OSS images to the DockerHub Public Registry - runs-on: ubuntu-24.04 + runs-on: ubuntu-22.04 permissions: contents: read id-token: write @@ -203,7 +203,7 @@ jobs: release-oss-to-quay-public-registry: name: Push OSS images to the Quay Public Registry - runs-on: ubuntu-24.04 + runs-on: ubuntu-22.04 permissions: contents: read id-token: write @@ -248,7 +248,7 @@ jobs: release-oss-to-github-public-registry: name: Push OSS images to the GitHub Public Registry - runs-on: ubuntu-24.04 + runs-on: ubuntu-22.04 permissions: contents: read id-token: write diff --git a/.github/workflows/patch-image.yml b/.github/workflows/patch-image.yml index cb3a184d7..2dbef2a89 100644 --- a/.github/workflows/patch-image.yml +++ b/.github/workflows/patch-image.yml @@ -38,7 +38,7 @@ permissions: jobs: patch-image: name: Patch image - runs-on: ubuntu-24.04 + runs-on: ubuntu-22.04 permissions: contents: read id-token: write diff --git a/.github/workflows/plus-release.yml b/.github/workflows/plus-release.yml index 3012a9972..ab1089af2 100644 --- a/.github/workflows/plus-release.yml +++ b/.github/workflows/plus-release.yml @@ -72,7 +72,7 @@ permissions: jobs: release-to-gcr-release-registry: name: Push images to the GCR Release Registry - runs-on: ubuntu-24.04 + runs-on: ubuntu-22.04 permissions: contents: read id-token: write @@ -163,7 +163,7 @@ jobs: release-plus-to-gcr-marketplace-registry: name: Push Plus images to the GCR Marketplace Registry - runs-on: ubuntu-24.04 + runs-on: ubuntu-22.04 permissions: contents: read id-token: write @@ -204,7 +204,7 @@ jobs: release-plus-to-ecr-marketplace-registry: name: Push Plus images to the AWS Marketplace Registry - runs-on: ubuntu-24.04 + runs-on: ubuntu-22.04 permissions: contents: read id-token: write @@ -253,7 +253,7 @@ jobs: release-plus-to-azure-marketplace-registry: name: Push Plus images to the Azure Marketplace Registry - runs-on: ubuntu-24.04 + runs-on: ubuntu-22.04 permissions: contents: read id-token: write diff --git a/.github/workflows/publish-helm.yml b/.github/workflows/publish-helm.yml index 85bfda65f..b187d3596 100644 --- a/.github/workflows/publish-helm.yml +++ b/.github/workflows/publish-helm.yml @@ -52,7 +52,7 @@ permissions: jobs: publish-helm: name: Package and Publish Helm Chart - runs-on: ubuntu-24.04 + runs-on: ubuntu-22.04 permissions: contents: write # for pushing to Helm Charts repository packages: write # for helm to push to GHCR diff --git a/.github/workflows/regression.yml b/.github/workflows/regression.yml index 6d2ae13b6..48a98cf75 100644 --- a/.github/workflows/regression.yml +++ b/.github/workflows/regression.yml @@ -25,7 +25,7 @@ permissions: jobs: checks: name: Checks and variables - runs-on: ubuntu-24.04 + runs-on: ubuntu-22.04 permissions: contents: read id-token: write @@ -44,7 +44,7 @@ jobs: id: vars run: | kindest_latest=$(curl -s "https://hub.docker.com/v2/repositories/kindest/node/tags" \ - | jq -r .results.[].name \ + | jq -r '.results[].name' \ | grep -E '^v[0-9]+\.[0-9]+\.[0-9]+$' \ | sort -rV \ | grep -v v1.32.1 \ @@ -53,7 +53,7 @@ jobs: | tr -d '\n') echo "k8s_latest=$kindest_latest" >> $GITHUB_OUTPUT kindest_versions=$(curl -s "https://hub.docker.com/v2/repositories/kindest/node/tags/?page_size=50" \ - | jq -r .results.[].name \ + | jq -r '.results[].name' \ | grep -E '^v[0-9]+\.[0-9]+\.[0-9]+$' \ | sort -rV \ | grep -v v1.32.1 \ @@ -82,7 +82,7 @@ jobs: unit-tests: name: Unit Tests - runs-on: ubuntu-24.04 + runs-on: ubuntu-22.04 needs: [checks] steps: - name: Checkout Repository @@ -106,7 +106,7 @@ jobs: helm-tests: name: Helm Tests ${{ matrix.base-os }} - runs-on: ubuntu-24.04 + runs-on: ubuntu-22.04 needs: [checks] strategy: fail-fast: false @@ -198,7 +198,7 @@ jobs: setup-regression-matrix: name: Setup Matrix for Smoke Tests - runs-on: ubuntu-24.04 + runs-on: ubuntu-22.04 needs: [checks] permissions: contents: read @@ -217,7 +217,7 @@ jobs: regression-tests: name: ${{ matrix.images.label }} ${{ matrix.images.image }} ${{ matrix.k8s }} regression tests - runs-on: ubuntu-24.04 + runs-on: ubuntu-22.04 needs: [checks, setup-regression-matrix] strategy: fail-fast: false diff --git a/.github/workflows/release-pr.yml b/.github/workflows/release-pr.yml index df3025068..d9aeec353 100644 --- a/.github/workflows/release-pr.yml +++ b/.github/workflows/release-pr.yml @@ -47,7 +47,7 @@ jobs: release: permissions: contents: write - runs-on: ubuntu-24.04 + runs-on: ubuntu-22.04 steps: - name: Branch id: branch diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 7d65a365d..d5edfabc6 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -48,7 +48,7 @@ permissions: jobs: variables: name: Set Variables - runs-on: ubuntu-24.04 + runs-on: ubuntu-22.04 permissions: contents: read outputs: @@ -92,7 +92,7 @@ jobs: tag: name: Create Tag on release branch in NIC repo - runs-on: ubuntu-24.04 + runs-on: ubuntu-22.04 permissions: contents: write steps: @@ -286,7 +286,7 @@ jobs: certify-openshift-images: if: ${{ ! cancelled() && ! failure() && ! inputs.dry_run && ! contains(inputs.skip_step, 'certify-openshift-images') }} name: Certify OpenShift UBI images - runs-on: ubuntu-24.04 + runs-on: ubuntu-22.04 needs: [release-oss] steps: - name: Checkout Repository @@ -306,7 +306,7 @@ jobs: operator: if: ${{ ! cancelled() && ! failure() && ! inputs.dry_run && ! contains(inputs.skip_step, 'operator') && !contains(inputs.skip_step, 'publish-helm-chart') }} name: Trigger PR for Operator - runs-on: ubuntu-24.04 + runs-on: ubuntu-22.04 needs: [variables,publish-helm-chart] steps: - name: @@ -330,7 +330,7 @@ jobs: gcp-marketplace: if: ${{ ! cancelled() && ! failure() && ! inputs.dry_run && ! contains(inputs.skip_step, 'gcp-marketplace') }} name: Trigger PR for GCP Marketplace - runs-on: ubuntu-24.04 + runs-on: ubuntu-22.04 needs: [publish-helm-chart,release-plus-gcr-mktpl] steps: - name: @@ -351,7 +351,7 @@ jobs: azure-marketplace: if: ${{ ! cancelled() && ! failure() && ! inputs.dry_run && ! contains(inputs.skip_step, 'azure-marketplace') }} name: Trigger CNAB Build for Azure Marketplace - runs-on: ubuntu-24.04 + runs-on: ubuntu-22.04 needs: [publish-helm-chart,release-plus-azure-mktpl] steps: - name: @@ -374,7 +374,7 @@ jobs: aws-marketplace: if: ${{ ! cancelled() && ! failure() && ! inputs.dry_run && ! contains(inputs.skip_step, 'aws-marketplace') }} name: Publish to AWS Marketplace - runs-on: ubuntu-24.04 + runs-on: ubuntu-22.04 needs: [release-plus-aws-mktpl] permissions: contents: read @@ -421,7 +421,7 @@ jobs: binaries: name: Process Binaries - runs-on: ubuntu-24.04 + runs-on: ubuntu-22.04 needs: [variables] permissions: contents: read @@ -465,7 +465,7 @@ jobs: azure-upload: if: ${{ ! cancelled() && ! failure() && ! contains(inputs.skip_step, 'azure-upload') }} name: Upload packages to Azure - runs-on: ubuntu-24.04 + runs-on: ubuntu-22.04 needs: [variables, binaries] permissions: id-token: write @@ -508,7 +508,7 @@ jobs: github-release: if: ${{ ! cancelled() && ! failure() && ! contains(inputs.skip_step, 'github-release') }} name: Publish release to GitHub - runs-on: ubuntu-24.04 + runs-on: ubuntu-22.04 needs: [variables, binaries, release-oss, release-plus-gcr-nginx, azure-upload] permissions: contents: write # to modify the release @@ -613,7 +613,7 @@ jobs: release-image-notification: if: ${{ ! cancelled() && ! failure() && ! inputs.dry_run && ! contains(inputs.skip_step, 'release-image-notification') }} name: Notify Slack channels about image release - runs-on: ubuntu-24.04 + runs-on: ubuntu-22.04 needs: [variables, binaries, release-oss, release-plus-gcr-nginx] permissions: contents: read diff --git a/.github/workflows/retag-images.yml b/.github/workflows/retag-images.yml index 5243888e0..6f01efa14 100644 --- a/.github/workflows/retag-images.yml +++ b/.github/workflows/retag-images.yml @@ -34,7 +34,7 @@ permissions: jobs: copy-to-gcr-dev-registry: name: Re-tag images in GCR Dev Registry - runs-on: ubuntu-24.04 + runs-on: ubuntu-22.04 permissions: contents: read id-token: write diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index b0c46a907..7c8243a60 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -17,7 +17,7 @@ permissions: read-all jobs: analysis: name: Scorecard analysis - runs-on: ubuntu-24.04 + runs-on: ubuntu-22.04 permissions: # Needed to upload the results to code-scanning dashboard. security-events: write diff --git a/.github/workflows/setup-smoke.yml b/.github/workflows/setup-smoke.yml index aec5219ec..2504b0ed2 100644 --- a/.github/workflows/setup-smoke.yml +++ b/.github/workflows/setup-smoke.yml @@ -46,7 +46,7 @@ jobs: permissions: contents: read # for docker/build-push-action to read repo content id-token: write # for OIDC login to GCR - runs-on: ubuntu-24.04 + runs-on: ubuntu-22.04 steps: - name: Checkout Repository uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 diff --git a/.github/workflows/single-image-regression.yml b/.github/workflows/single-image-regression.yml index 3df6ad254..0f44590cf 100644 --- a/.github/workflows/single-image-regression.yml +++ b/.github/workflows/single-image-regression.yml @@ -70,7 +70,7 @@ permissions: jobs: checks: name: Run regression - runs-on: ubuntu-24.04 + runs-on: ubuntu-22.04 permissions: contents: read id-token: write diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index aef731a6f..9f70631a8 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -11,7 +11,7 @@ jobs: permissions: issues: write # for actions/stale to close stale issues pull-requests: write # for actions/stale to close stale PRs - runs-on: ubuntu-24.04 + runs-on: ubuntu-22.04 steps: - uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639 # v9.1.0 with: diff --git a/.github/workflows/update-docker-images.yml b/.github/workflows/update-docker-images.yml index fe65c8267..15e198c79 100644 --- a/.github/workflows/update-docker-images.yml +++ b/.github/workflows/update-docker-images.yml @@ -26,7 +26,7 @@ permissions: jobs: variables: name: Set variables for workflow - runs-on: ubuntu-24.04 + runs-on: ubuntu-22.04 outputs: tag: ${{ steps.kic.outputs.tag }} short_tag: ${{ steps.kic.outputs.short }} @@ -171,7 +171,7 @@ jobs: certify-openshift-images: name: Certify OpenShift UBI images - runs-on: ubuntu-24.04 + runs-on: ubuntu-22.04 needs: [variables, release-oss-public] steps: - name: Checkout Repository diff --git a/.github/workflows/update-docker-sha.yml b/.github/workflows/update-docker-sha.yml index 1eb277669..529923373 100644 --- a/.github/workflows/update-docker-sha.yml +++ b/.github/workflows/update-docker-sha.yml @@ -30,7 +30,7 @@ jobs: vars: permissions: contents: read - runs-on: ubuntu-24.04 + runs-on: ubuntu-22.04 outputs: source_branch: ${{ steps.vars.outputs.source_branch }} steps: @@ -46,7 +46,7 @@ jobs: update-docker-sha: permissions: contents: write - runs-on: ubuntu-24.04 + runs-on: ubuntu-22.04 needs: [vars] steps: - name: Checkout Repository diff --git a/.github/workflows/update-kubernetes-version.yml b/.github/workflows/update-kubernetes-version.yml index 8afa03edd..959a02119 100644 --- a/.github/workflows/update-kubernetes-version.yml +++ b/.github/workflows/update-kubernetes-version.yml @@ -16,7 +16,7 @@ permissions: jobs: update-k8s-version: - runs-on: ubuntu-24.04 + runs-on: ubuntu-22.04 steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 diff --git a/.github/workflows/update-release-draft.yml b/.github/workflows/update-release-draft.yml index f5648c100..c235d0f0b 100644 --- a/.github/workflows/update-release-draft.yml +++ b/.github/workflows/update-release-draft.yml @@ -22,7 +22,7 @@ permissions: jobs: variables: name: Set variables - runs-on: ubuntu-24.04 + runs-on: ubuntu-22.04 permissions: contents: read outputs: @@ -50,7 +50,7 @@ jobs: update-release-draft: name: Update Release Draft - runs-on: ubuntu-24.04 + runs-on: ubuntu-22.04 needs: [variables] permissions: contents: write diff --git a/.github/workflows/updates-notification.yml b/.github/workflows/updates-notification.yml index 0a757a47f..c6f09fafb 100644 --- a/.github/workflows/updates-notification.yml +++ b/.github/workflows/updates-notification.yml @@ -26,7 +26,7 @@ permissions: jobs: send-notifications: name: Send Notifications - runs-on: ubuntu-24.04 + runs-on: ubuntu-22.04 permissions: contents: read actions: read # for 8398a7/action-slack diff --git a/.github/workflows/version-bump.yml b/.github/workflows/version-bump.yml index d65682c83..8a0a4d6ee 100644 --- a/.github/workflows/version-bump.yml +++ b/.github/workflows/version-bump.yml @@ -27,7 +27,7 @@ jobs: version-bump: permissions: contents: write - runs-on: ubuntu-24.04 + runs-on: ubuntu-22.04 steps: - name: Checkout Repository uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 diff --git a/build/Dockerfile b/build/Dockerfile index 67332f01d..ef467446b 100644 --- a/build/Dockerfile +++ b/build/Dockerfile @@ -300,7 +300,7 @@ RUN --mount=type=secret,id=nginx-repo.crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode && apt-get update \ && if [ "${NGINX_AGENT}" = "true" ]; then apt-get install --no-install-recommends --no-install-suggests -y nginx-agent; fi \ && if [ -z "${NAP_MODULES##*waf*}" ]; then \ - apt-get install --no-install-recommends --no-install-suggests -y app-protect-module-plus=33+5.210*; \ + apt-get install --no-install-recommends --no-install-suggests -y app-protect-module-plus=33+5.210* nginx-plus-module-appprotect=33+5.210*; \ rm -f /etc/apt/sources.list.d/app-protect.sources; \ nap-waf.sh; \ fi \