Compare commits

...

15 Commits

Author SHA1 Message Date
github-actions[bot]
3ae374ce22 Bump version to 3.0.0-rc4 on release-3.0 branch (#22756)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: crenshaw-dev <350466+crenshaw-dev@users.noreply.github.com>
2025-04-22 08:25:30 -07:00
gcp-cherry-pick-bot[bot]
3d2c010dbe feat(hydrator): handle sourceHydrator fields from webhook (#19397) (cherry-pick #22485) (#22753)
Signed-off-by: daengdaengLee <gunho1020@gmail.com>
Signed-off-by: Alexy Mantha <alexy@mantha.dev>
Co-authored-by: Alexy Mantha <alexy.mantha@goto.com>
Co-authored-by: Kunho Lee <gunho1020@gmail.com>
2025-04-22 08:21:13 -07:00
gcp-cherry-pick-bot[bot]
b6e6104dbc fix(ui): avoid spurious error on hydration (#22506) (cherry-pick #22711) (#22715)
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2025-04-17 16:40:54 -07:00
gcp-cherry-pick-bot[bot]
a8ce6772b8 fix(controller): always set health.status.lastTransitionTime (#22665) (cherry-pick #22666) (#22667)
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2025-04-14 12:50:58 -07:00
gcp-cherry-pick-bot[bot]
5d131c5251 fix: do not exclude APIService resources (cherry-pick #22586) (#22587)
Signed-off-by: Alexandre Gaudreault <alexandre_gaudreault@intuit.com>
Co-authored-by: Alexandre Gaudreault <alexandre_gaudreault@intuit.com>
2025-04-07 12:24:48 +01:00
gcp-cherry-pick-bot[bot]
d6a04a3642 fix: Check for semver constraint matching in application webhook handler (cherry-pick #21648) (#22507)
Signed-off-by: eadred <eadred77@googlemail.com>
Co-authored-by: Eadred <eadred77@googlemail.com>
2025-03-27 11:27:26 -04:00
github-actions[bot]
4f37dd880a Bump version to 3.0.0-rc3 on release-3.0 branch (#22468)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: crenshaw-dev <350466+crenshaw-dev@users.noreply.github.com>
2025-03-24 15:38:58 -04:00
Michael Crenshaw
20f0fc6786 chore(deps): bump github.com/golang-jwt/jwt to 4.5.2/5.2.2 (#22464)
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2025-03-24 14:06:45 -04:00
github-actions[bot]
4ced513335 Bump version to 3.0.0-rc2 on release-3.0 branch (#22411)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: crenshaw-dev <350466+crenshaw-dev@users.noreply.github.com>
2025-03-19 13:04:03 -04:00
gcp-cherry-pick-bot[bot]
0d2471b3f9 fix: Enable service account token automount for haproxy (#22226) (cherry-pick #22353) (#22406)
Signed-off-by: Andrii Korotkov <andrii.korotkov@verkada.com>
Co-authored-by: Andrii Korotkov <137232734+andrii-korotkov-verkada@users.noreply.github.com>
2025-03-19 10:53:20 -04:00
gcp-cherry-pick-bot[bot]
226a670fe6 chore(ci): improve previous-version script readability, fix bug (cherry-pick #22378) (#22381)
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2025-03-17 15:18:27 -04:00
gcp-cherry-pick-bot[bot]
2933154a5c fix(ci): get correct previous version, fail workflow if not (cherry-pick #22376) (#22377)
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2025-03-17 20:01:18 +02:00
github-actions[bot]
ba866bfc16 Bump version to 3.0.0-rc1 on release-3.0 branch (#22374)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: reggie-k <19544836+reggie-k@users.noreply.github.com>
2025-03-17 17:48:35 +02:00
gcp-cherry-pick-bot[bot]
6e4c8fd53d fix(ci): use tags instead of branches (cherry-pick #22372) (#22373)
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2025-03-17 17:43:57 +02:00
gcp-cherry-pick-bot[bot]
15046b992e fix(ci): handle major versions in compatibility table generator (cherry-pick #22370) (#22371)
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2025-03-17 17:17:55 +02:00
30 changed files with 331 additions and 230 deletions

View File

@@ -77,7 +77,8 @@ jobs:
- name: Set GORELEASER_PREVIOUS_TAG # Workaround, GoReleaser uses 'git-describe' to determine a previous tag. Our tags are created in release branches.
run: |
set -xue
echo "GORELEASER_PREVIOUS_TAG=$(go run hack/get-previous-release/get-previous-version-for-release-notes.go ${{ github.ref_name }})" >> $GITHUB_ENV
GORELEASER_PREVIOUS_TAG=$(go run hack/get-previous-release/get-previous-version-for-release-notes.go ${{ github.ref_name }}) || exit 1
echo "GORELEASER_PREVIOUS_TAG=$GORELEASER_PREVIOUS_TAG" >> $GITHUB_ENV
- name: Set environment variables for ldflags
id: set_ldflag

View File

@@ -1 +1 @@
3.0.0
3.0.0-rc4

View File

@@ -80,15 +80,15 @@ func setApplicationHealth(resources []managedResource, statuses []appv1.Resource
appHealth.Status = healthStatus.Status
}
}
// if the status didn't change, don't update the timestamp
if app.Status.Health.Status == appHealth.Status && app.Status.Health.LastTransitionTime != nil {
appHealth.LastTransitionTime = app.Status.Health.LastTransitionTime
} else {
now := metav1.Now()
appHealth.LastTransitionTime = &now
}
if persistResourceHealth {
app.Status.ResourceHealthSource = appv1.ResourceHealthLocationInline
// if the status didn't change, don't update the timestamp
if app.Status.Health.Status == appHealth.Status && app.Status.Health.LastTransitionTime != nil {
appHealth.LastTransitionTime = app.Status.Health.LastTransitionTime
} else {
now := metav1.Now()
appHealth.LastTransitionTime = &now
}
} else {
app.Status.ResourceHealthSource = appv1.ResourceHealthLocationAppTree
}

View File

@@ -109,6 +109,7 @@ func TestSetApplicationHealth_ResourceHealthNotPersisted(t *testing.T) {
healthStatus, err := setApplicationHealth(resources, resourceStatuses, lua.ResourceHealthOverrides{}, app, false)
require.NoError(t, err)
assert.Equal(t, health.HealthStatusDegraded, healthStatus.Status)
assert.NotNil(t, healthStatus.LastTransitionTime)
assert.Nil(t, resourceStatuses[0].Health)
}

View File

@@ -1,2 +1,5 @@
This page is populated for released Argo CD versions. Use the version selector to view this table for a specific
version.
| Argo CD version | Kubernetes versions |
|-----------------|---------------------|
| 3.0 | v1.32, v1.31, v1.30, v1.29 |
| 2.14 | v1.31, v1.30, v1.29, v1.28 |
| 2.13 | v1.30, v1.29, v1.28, v1.27 |

View File

@@ -35,25 +35,27 @@ Starting from 3.0, this flag is removed and the logs RBAC is enforced by default
#### Detection
Users who have `server.rbac.log.enforce.enable: "true"` in their `argocd-cm` ConfigMap, are unaffected by this change.
Users who have `server.rbac.log.enforce.enable: "true"` in their `argocd-cm` ConfigMap, are unaffected by this change.
Users who have `policy.default: role:readonly` or `policy.default: role:admin` in their `argocd-rbac-cm` ConfigMap, are unaffected.
Users who have `policy.default: role:readonly` or `policy.default: role:admin` in their `argocd-rbac-cm` ConfigMap, are unaffected.
Users who don't have a `policy.default` in their `argocd-rbac-cm` ConfigMap, and either have `server.rbac.log.enforce.enable` set to `false` or don't have this setting at all in their `argocd-cm` ConfigMap are affected and should perform the below remediation steps.
Users who don't have a `policy.default` in their `argocd-rbac-cm` ConfigMap, and either have `server.rbac.log.enforce.enable` set to `false` or don't have this setting at all in their `argocd-cm` ConfigMap are affected and should perform the below remediation steps.
After the upgrade, it is recommended to remove the setting `server.rbac.log.enforce.enable` from `argocd-cm` ConfigMap, if it was there before the upgrade.
After the upgrade, it is recommended to remove the setting `server.rbac.log.enforce.enable` from `argocd-cm` ConfigMap, if it was there before the upgrade.
#### Remediation
##### Quick remediation (global change)
For users with an existing default policy with a custom role, add this policy to `policy.csv` for your custom role: `p, role:<YOUR_DEFAULT_ROLE>, logs, get, */*, allow`.
For users without a default policy, add this policy to `policy.csv`: `p, role:global-log-viewer, logs, get, */*, allow` and add the default policy for this role: `policy.default: role:global-log-viewer`
##### Quick remediation (global change)
For users with an existing default policy with a custom role, add this policy to `policy.csv` for your custom role: `p, role:<YOUR_DEFAULT_ROLE>, logs, get, */*, allow`.
For users without a default policy, add this policy to `policy.csv`: `p, role:global-log-viewer, logs, get, */*, allow` and add the default policy for this role: `policy.default: role:global-log-viewer`
##### Recommended remediation (per-policy change)
Explicitly add a `logs, get` policy to every role that has a policy for `applications, get` or for `applications, *`.
This is the recommended way to maintain the principle of least privilege.
Similar to the way access to Applications are currently managed, access to logs can be either granted on a Project scope level (Project resource) or on the `argocd-rbac-cm` ConfigMap level.
See this [example](../upgrading/2.3-2.4.md#example-1) for more details.
Explicitly add a `logs, get` policy to every role that has a policy for `applications, get` or for `applications, *`.
This is the recommended way to maintain the principle of least privilege.
Similar to the way access to Applications are currently managed, access to logs can be either granted on a Project scope level (Project resource) or on the `argocd-rbac-cm` ConfigMap level.
See this [example](../upgrading/2.3-2.4.md#example-1) for more details.
### Default `resource.exclusions` configurations
@@ -63,7 +65,7 @@ which we exclude for performance reasons, reducing connections and load to the K
The excluded Kinds are:
- **Kubernetes Resources**: `Endpoints`, `EndpointSlice`, `APIService`, `Lease`, `SelfSubjectReview`, `TokenReview`, `LocalSubjectAccessReview`, `SelfSubjectAccessReview`, `SelfSubjectRulesReview`, `SubjectAccessReview`, `CertificateSigningRequest`, `PolicyReport` and `ClusterPolicyReport`.
- **Kubernetes Resources**: `Endpoints`, `EndpointSlice`, `Lease`, `SelfSubjectReview`, `TokenReview`, `LocalSubjectAccessReview`, `SelfSubjectAccessReview`, `SelfSubjectRulesReview`, `SubjectAccessReview`, `CertificateSigningRequest`, `PolicyReport` and `ClusterPolicyReport`.
- **Cert Manager**: `CertificateRequest`.
- **Kyverno**: `EphemeralReport`, `ClusterEphemeralReport`, `AdmissionReport`, `ClusterAdmissionReport`, `BackgroundScanReport`, `ClusterBackgroundScanReport` and `UpdateRequest`.
- **Cilium**: `CiliumIdentity`, `CiliumEndpoint` and `CiliumEndpointSlice`.
@@ -216,26 +218,28 @@ spec:
namespace: guestbook
```
### Upgraded Helm version with breaking changes
Helm was upgraded to 3.17.1.
This may require changing your `values.yaml` files for subcharts, if the `values.yaml` contain a section with a `null` object.
See related issue in [Helm GitHub repository](https://github.com/helm/helm/issues/12469)
See Helm 3.17.1 [release notes](https://github.com/helm/helm/releases/tag/v3.17.1)
Example of such a [problem and resolution](https://github.com/argoproj/argo-cd/pull/22035/files)
### Upgraded Helm version with breaking changes
Helm was upgraded to 3.17.1.
This may require changing your `values.yaml` files for subcharts, if the `values.yaml` contain a section with a `null` object.
See related issue in [Helm GitHub repository](https://github.com/helm/helm/issues/12469)
See Helm 3.17.1 [release notes](https://github.com/helm/helm/releases/tag/v3.17.1)
Example of such a [problem and resolution](https://github.com/argoproj/argo-cd/pull/22035/files)
Explanation:
- Prior to Helm 3.17.1, `null` object in `values.yaml` resulted in a warning: `cannot overwrite table with non table` upon performing `helm template`, and the resulting K8s object was not overridden with the invalid `null` value.
- In Helm 3.17.1, this behavior changed and `null` object in `values.yaml` still results in this warning upon performing `helm template`, but the resulting K8s object will be overridden with the invalid `null` value.
- To resolve the issue, identify `values.yaml` with `null` object values, and remove those `null` values.
- To resolve the issue, identify `values.yaml` with `null` object values, and remove those `null` values.
### Use Annotation-Based Tracking by Default
The default behavior for [tracking resources](../../user-guide/resource_tracking.md) has changed to use annotation-based
tracking instead of label-based tracking. Annotation-based tracking is more reliable and less prone to errors caused by
The default behavior for [tracking resources](../../user-guide/resource_tracking.md) has changed to use annotation-based
tracking instead of label-based tracking. Annotation-based tracking is more reliable and less prone to errors caused by
external code copying tracking labels from one resource to another.
#### Detection
To detect if you are impacted, check the `argocd-cm` ConfigMap for the `application.resourceTrackingMethod` field. If it
To detect if you are impacted, check the `argocd-cm` ConfigMap for the `application.resourceTrackingMethod` field. If it
unset or is set to `label`, you are using label-based tracking. If it is set to `annotation`, you are already using
annotation-based tracking and are not impacted by this change.
@@ -315,6 +319,7 @@ Example of a status field in the Application CR persisting health:
status:
health:
status: Healthy
lastTransitionTime: "2025-01-01T00:00:00Z"
resources:
- group: apps
health:
@@ -334,6 +339,7 @@ Example of a status field in the Application CR _not_ persisting health:
status:
health:
status: Healthy
lastTransitionTime: "2025-01-01T00:00:00Z"
resourceHealthSource: appTree
resources:
- group: apps

4
go.mod
View File

@@ -42,7 +42,7 @@ require (
github.com/gobwas/glob v0.2.3
github.com/gogits/go-gogs-client v0.0.0-20210131175652-1d7215cd8d85
github.com/gogo/protobuf v1.3.2
github.com/golang-jwt/jwt/v5 v5.2.1
github.com/golang-jwt/jwt/v5 v5.2.2
github.com/golang/protobuf v1.5.4
github.com/google/btree v1.1.3
github.com/google/go-cmp v0.7.0
@@ -185,7 +185,7 @@ require (
github.com/go-openapi/strfmt v0.23.0 // indirect
github.com/go-openapi/swag v0.23.0 // indirect
github.com/go-openapi/validate v0.24.0 // indirect
github.com/golang-jwt/jwt/v4 v4.5.1 // indirect
github.com/golang-jwt/jwt/v4 v4.5.2 // indirect
github.com/golang/glog v1.2.4 // indirect
github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 // indirect
github.com/google/gnostic-models v0.6.9 // indirect

8
go.sum
View File

@@ -362,10 +362,10 @@ github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
github.com/golang-jwt/jwt/v4 v4.0.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg=
github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
github.com/golang-jwt/jwt/v4 v4.5.1 h1:JdqV9zKUdtaa9gdPlywC3aeoEsR681PlKC+4F5gQgeo=
github.com/golang-jwt/jwt/v4 v4.5.1/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
github.com/golang-jwt/jwt/v5 v5.2.1 h1:OuVbFODueb089Lh128TAcimifWaLhJwVflnrgM17wHk=
github.com/golang-jwt/jwt/v5 v5.2.1/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
github.com/golang-jwt/jwt/v4 v4.5.2 h1:YtQM7lnr8iZ+j5q71MGKkNw9Mn7AjHM68uc9g5fXeUI=
github.com/golang-jwt/jwt/v4 v4.5.2/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
github.com/golang-jwt/jwt/v5 v5.2.2 h1:Rl4B7itRWVtYIHFrSNd7vhTiz9UpLdi6gZhZ3wEeDy8=
github.com/golang-jwt/jwt/v5 v5.2.2/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
github.com/golang/glog v1.2.4 h1:CNNw5U8lSiiBk7druxtSHHTsRWcxKoac6kZKm2peBBc=
github.com/golang/glog v1.2.4/go.mod h1:6AhwSGph0fcJtXVM/PEHPqZlFeoLxhs7/t5UDAwmO+w=

View File

@@ -6,7 +6,6 @@ import (
"os"
"os/exec"
"regexp"
"strconv"
"strings"
)
@@ -52,61 +51,59 @@ func extractPatchAndRC(tag string) (string, string, error) {
return patch, rc, nil
}
func findPreviousTag(proposedTag string, tags []string) (string, error) {
var previousTag string
proposedMajor := semver.Major(proposedTag)
proposedMinor := semver.MajorMinor(proposedTag)
proposedPatch, proposedRC, err := extractPatchAndRC(proposedTag)
if err != nil {
return "", err
}
// If the current tag is a .0 patch release or a 1 release candidate, adjust to the previous minor release series.
if (proposedPatch == "0" && proposedRC == "0") || proposedRC == "1" {
proposedMinorInt, err := strconv.Atoi(strings.TrimPrefix(proposedMinor, proposedMajor+"."))
if err != nil {
return "", fmt.Errorf("invalid minor version: %v", err)
}
if proposedMinorInt > 0 {
proposedMinor = fmt.Sprintf("%s.%d", proposedMajor, proposedMinorInt-1)
}
}
func removeInvalidTags(tags []string) []string {
var validTags []string
for _, tag := range tags {
if tag == proposedTag {
continue
}
tagMajor := semver.Major(tag)
tagMinor := semver.MajorMinor(tag)
tagPatch, tagRC, err := extractPatchAndRC(tag)
if err != nil {
continue
}
// Only bother considering tags with the same major and minor version.
if tagMajor == proposedMajor && tagMinor == proposedMinor {
// If it's a non-RC release...
if proposedRC == "0" {
// Only consider non-RC tags.
if tagRC == "0" {
if semver.Compare(tag, previousTag) > 0 {
previousTag = tag
}
}
} else {
if tagRC != "0" && tagPatch == proposedPatch {
if semver.Compare(tag, previousTag) > 0 {
previousTag = tag
}
} else if tagRC == "0" {
if semver.Compare(tag, previousTag) > 0 {
previousTag = tag
}
}
}
if _, _, err := extractPatchAndRC(tag); err == nil {
validTags = append(validTags, tag)
}
}
return validTags
}
func removeNewerOrEqualTags(proposedTag string, tags []string) []string {
var validTags []string
for _, tag := range tags {
if semver.Compare(tag, proposedTag) < 0 {
validTags = append(validTags, tag)
}
}
return validTags
}
func removeTagsFromSameMinorSeries(proposedTag string, tags []string) []string {
var validTags []string
proposedMinor := semver.MajorMinor(proposedTag)
for _, tag := range tags {
if semver.MajorMinor(tag) != proposedMinor {
validTags = append(validTags, tag)
}
}
return validTags
}
func getMostRecentTag(tags []string) string {
var mostRecentTag string
for _, tag := range tags {
if mostRecentTag == "" || semver.Compare(tag, mostRecentTag) > 0 {
mostRecentTag = tag
}
}
return mostRecentTag
}
func findPreviousTag(proposedTag string, tags []string) (string, error) {
tags = removeInvalidTags(tags)
tags = removeNewerOrEqualTags(proposedTag, tags)
proposedPatch, proposedRC, _ := extractPatchAndRC(proposedTag) // Ignore the error, we already filtered out invalid tags.
if proposedRC == "0" && proposedPatch == "0" {
// If we're cutting the first patch of a new minor release series, don't consider tags in the same minor release
// series. We want to compare to the latest tag in the previous minor release series.
tags = removeTagsFromSameMinorSeries(proposedTag, tags)
}
previousTag := getMostRecentTag(tags)
if previousTag == "" {
return "", fmt.Errorf("no matching tag found for tags: " + strings.Join(tags, ", "))
}

View File

@@ -76,6 +76,13 @@ func TestFindPreviousTagRules(t *testing.T) {
{"Rule 3: 1 release candidate", "v2.14.0-rc1", "v2.13.0-rc3", false},
// Rule 4: If we're releasing a non-1 release candidate, get the most recent rc tag on the current minor release series.
{"Rule 4: non-1 release candidate", "v2.13.0-rc4", "v2.13.0-rc3", false},
// Rule 5: If we're releasing a major version RC, get the most recent tag on the previous major release series.
{"Rule 5: major version RC", "v3.0.0-rc1", "v2.13.0-rc3", false},
// Rule 6: If we're releasing a major version, get the most recent tag on the previous major release series,
// even if it's an RC.
{"Rule 6: major version", "v3.0.0", "v2.13.0-rc3", false},
// Rule 7: If the proposed tag already exists, don't return it.
{"Rule 7: proposed tag already exists", "v2.12.5", "v2.12.4", false},
}
for _, test := range tests {

View File

@@ -7,8 +7,9 @@ argocd_minor_version=$(git rev-parse --abbrev-ref HEAD | sed 's/release-//')
argocd_major_version_num=$(echo "$argocd_minor_version" | sed -E 's/\.[0-9]+//')
argocd_minor_version_num=$(echo "$argocd_minor_version" | sed -E 's/[0-9]+\.//')
for n in 0 1 2; do
minor_version_num=$((argocd_minor_version_num - n))
minor_version_decrement=0
for _ in {1..3}; do
minor_version_num=$((argocd_minor_version_num - minor_version_decrement))
minor_version="${argocd_major_version_num}.${minor_version_num}"
git checkout "release-$minor_version" > /dev/null || exit 1
@@ -19,9 +20,22 @@ for n in 0 1 2; do
jq --arg minor_version "$minor_version" --raw-input --slurp --raw-output \
'split("\n")[:-1] | map(sub("\\.[0-9]+$"; "")) | join(", ") | "| \($minor_version) | \(.) |"')
out+="$line\n"
minor_version_decrement=$((minor_version_decrement + 1))
# If we're at minor version 0, there's no further version back in this series. Instead, move to the latest version in
# the previous major release series.
if [ "$argocd_minor_version_num" -eq 0 ]; then
argocd_major_version_num=$((argocd_major_version_num - 1))
# Get the latest minor version in the previous series.
argocd_minor_version_num=$(git tag -l "v$argocd_major_version_num.*" | sort -V | tail -n 1 | sed -E 's/\.[0-9]+$//' | sed -E 's/^v[0-9]+\.//')
# Don't decrement the minor version, since we're switching to the previous major release series. We want the latest
# minor version in that series.
minor_version_decrement=0
fi
done
git checkout "release-$argocd_minor_version"
printf "$out" > docs/operator-manual/tested-kubernetes-versions.md

View File

@@ -70,10 +70,6 @@ data:
- Endpoints
- EndpointSlice
### Internal Kubernetes resources excluded reduce the number of watched events
- apiGroups:
- apiregistration.k8s.io
kinds:
- APIService
- apiGroups:
- coordination.k8s.io
kinds:

View File

@@ -5,7 +5,7 @@ kind: Kustomization
images:
- name: quay.io/argoproj/argocd
newName: quay.io/argoproj/argocd
newTag: latest
newTag: v3.0.0-rc4
resources:
- ./application-controller
- ./dex

View File

@@ -24217,10 +24217,6 @@ data:
- Endpoints
- EndpointSlice
### Internal Kubernetes resources excluded reduce the number of watched events
- apiGroups:
- apiregistration.k8s.io
kinds:
- APIService
- apiGroups:
- coordination.k8s.io
kinds:
@@ -24613,7 +24609,7 @@ spec:
key: applicationsetcontroller.requeue.after
name: argocd-cmd-params-cm
optional: true
image: quay.io/argoproj/argocd:latest
image: quay.io/argoproj/argocd:v3.0.0-rc4
imagePullPolicy: Always
name: argocd-applicationset-controller
ports:
@@ -24889,7 +24885,7 @@ spec:
- argocd
- admin
- redis-initial-password
image: quay.io/argoproj/argocd:latest
image: quay.io/argoproj/argocd:v3.0.0-rc4
imagePullPolicy: IfNotPresent
name: secret-init
securityContext:
@@ -25162,7 +25158,7 @@ spec:
value: /helm-working-dir
- name: HELM_DATA_HOME
value: /helm-working-dir
image: quay.io/argoproj/argocd:latest
image: quay.io/argoproj/argocd:v3.0.0-rc4
imagePullPolicy: Always
livenessProbe:
failureThreshold: 3
@@ -25214,7 +25210,7 @@ spec:
- -n
- /usr/local/bin/argocd
- /var/run/argocd/argocd-cmp-server
image: quay.io/argoproj/argocd:latest
image: quay.io/argoproj/argocd:v3.0.0-rc4
name: copyutil
securityContext:
allowPrivilegeEscalation: false
@@ -25544,7 +25540,7 @@ spec:
optional: true
- name: KUBECACHEDIR
value: /tmp/kubecache
image: quay.io/argoproj/argocd:latest
image: quay.io/argoproj/argocd:v3.0.0-rc4
imagePullPolicy: Always
name: argocd-application-controller
ports:

View File

@@ -24208,10 +24208,6 @@ data:
- Endpoints
- EndpointSlice
### Internal Kubernetes resources excluded reduce the number of watched events
- apiGroups:
- apiregistration.k8s.io
kinds:
- APIService
- apiGroups:
- coordination.k8s.io
kinds:
@@ -24581,7 +24577,7 @@ spec:
key: applicationsetcontroller.requeue.after
name: argocd-cmd-params-cm
optional: true
image: quay.io/argoproj/argocd:latest
image: quay.io/argoproj/argocd:v3.0.0-rc4
imagePullPolicy: Always
name: argocd-applicationset-controller
ports:
@@ -24701,7 +24697,7 @@ spec:
- argocd
- admin
- redis-initial-password
image: quay.io/argoproj/argocd:latest
image: quay.io/argoproj/argocd:v3.0.0-rc4
imagePullPolicy: IfNotPresent
name: secret-init
securityContext:
@@ -24974,7 +24970,7 @@ spec:
value: /helm-working-dir
- name: HELM_DATA_HOME
value: /helm-working-dir
image: quay.io/argoproj/argocd:latest
image: quay.io/argoproj/argocd:v3.0.0-rc4
imagePullPolicy: Always
livenessProbe:
failureThreshold: 3
@@ -25026,7 +25022,7 @@ spec:
- -n
- /usr/local/bin/argocd
- /var/run/argocd/argocd-cmp-server
image: quay.io/argoproj/argocd:latest
image: quay.io/argoproj/argocd:v3.0.0-rc4
name: copyutil
securityContext:
allowPrivilegeEscalation: false
@@ -25356,7 +25352,7 @@ spec:
optional: true
- name: KUBECACHEDIR
value: /tmp/kubecache
image: quay.io/argoproj/argocd:latest
image: quay.io/argoproj/argocd:v3.0.0-rc4
imagePullPolicy: Always
name: argocd-application-controller
ports:

View File

@@ -12,4 +12,4 @@ resources:
images:
- name: quay.io/argoproj/argocd
newName: quay.io/argoproj/argocd
newTag: latest
newTag: v3.0.0-rc4

View File

@@ -12,7 +12,7 @@ patches:
images:
- name: quay.io/argoproj/argocd
newName: quay.io/argoproj/argocd
newTag: latest
newTag: v3.0.0-rc4
resources:
- ../../base/application-controller
- ../../base/applicationset-controller

View File

@@ -1101,7 +1101,7 @@ spec:
fsGroup: 99
runAsNonRoot: true
runAsUser: 99
automountServiceAccountToken: false
automountServiceAccountToken: true
nodeSelector:
{}
tolerations:

View File

@@ -21,6 +21,8 @@ redis-ha:
checkInterval: 3s
metrics:
enabled: true
serviceAccount:
automountToken: true
image:
tag: 7.2.7-alpine
sentinel:

View File

@@ -24626,10 +24626,6 @@ data:
- Endpoints
- EndpointSlice
### Internal Kubernetes resources excluded reduce the number of watched events
- apiGroups:
- apiregistration.k8s.io
kinds:
- APIService
- apiGroups:
- coordination.k8s.io
kinds:
@@ -25978,7 +25974,7 @@ spec:
key: applicationsetcontroller.requeue.after
name: argocd-cmd-params-cm
optional: true
image: quay.io/argoproj/argocd:latest
image: quay.io/argoproj/argocd:v3.0.0-rc4
imagePullPolicy: Always
name: argocd-applicationset-controller
ports:
@@ -26277,7 +26273,7 @@ spec:
- -n
- /usr/local/bin/argocd
- /shared/argocd-dex
image: quay.io/argoproj/argocd:latest
image: quay.io/argoproj/argocd:v3.0.0-rc4
imagePullPolicy: Always
name: copyutil
securityContext:
@@ -26373,7 +26369,7 @@ spec:
key: notificationscontroller.repo.server.plaintext
name: argocd-cmd-params-cm
optional: true
image: quay.io/argoproj/argocd:latest
image: quay.io/argoproj/argocd:v3.0.0-rc4
imagePullPolicy: Always
livenessProbe:
tcpSocket:
@@ -26448,7 +26444,7 @@ spec:
matchLabels:
app.kubernetes.io/name: argocd-redis-ha-haproxy
topologyKey: kubernetes.io/hostname
automountServiceAccountToken: false
automountServiceAccountToken: true
containers:
- env:
- name: AUTH
@@ -26497,7 +26493,7 @@ spec:
- argocd
- admin
- redis-initial-password
image: quay.io/argoproj/argocd:latest
image: quay.io/argoproj/argocd:v3.0.0-rc4
imagePullPolicy: IfNotPresent
name: secret-init
securityContext:
@@ -26796,7 +26792,7 @@ spec:
value: /helm-working-dir
- name: HELM_DATA_HOME
value: /helm-working-dir
image: quay.io/argoproj/argocd:latest
image: quay.io/argoproj/argocd:v3.0.0-rc4
imagePullPolicy: Always
livenessProbe:
failureThreshold: 3
@@ -26848,7 +26844,7 @@ spec:
- -n
- /usr/local/bin/argocd
- /var/run/argocd/argocd-cmp-server
image: quay.io/argoproj/argocd:latest
image: quay.io/argoproj/argocd:v3.0.0-rc4
name: copyutil
securityContext:
allowPrivilegeEscalation: false
@@ -27222,7 +27218,7 @@ spec:
key: server.sync.replace.allowed
name: argocd-cmd-params-cm
optional: true
image: quay.io/argoproj/argocd:latest
image: quay.io/argoproj/argocd:v3.0.0-rc4
imagePullPolicy: Always
livenessProbe:
httpGet:
@@ -27588,7 +27584,7 @@ spec:
optional: true
- name: KUBECACHEDIR
value: /tmp/kubecache
image: quay.io/argoproj/argocd:latest
image: quay.io/argoproj/argocd:v3.0.0-rc4
imagePullPolicy: Always
name: argocd-application-controller
ports:

View File

@@ -24617,10 +24617,6 @@ data:
- Endpoints
- EndpointSlice
### Internal Kubernetes resources excluded reduce the number of watched events
- apiGroups:
- apiregistration.k8s.io
kinds:
- APIService
- apiGroups:
- coordination.k8s.io
kinds:
@@ -25948,7 +25944,7 @@ spec:
key: applicationsetcontroller.requeue.after
name: argocd-cmd-params-cm
optional: true
image: quay.io/argoproj/argocd:latest
image: quay.io/argoproj/argocd:v3.0.0-rc4
imagePullPolicy: Always
name: argocd-applicationset-controller
ports:
@@ -26091,7 +26087,7 @@ spec:
- -n
- /usr/local/bin/argocd
- /shared/argocd-dex
image: quay.io/argoproj/argocd:latest
image: quay.io/argoproj/argocd:v3.0.0-rc4
imagePullPolicy: Always
name: copyutil
securityContext:
@@ -26187,7 +26183,7 @@ spec:
key: notificationscontroller.repo.server.plaintext
name: argocd-cmd-params-cm
optional: true
image: quay.io/argoproj/argocd:latest
image: quay.io/argoproj/argocd:v3.0.0-rc4
imagePullPolicy: Always
livenessProbe:
tcpSocket:
@@ -26262,7 +26258,7 @@ spec:
matchLabels:
app.kubernetes.io/name: argocd-redis-ha-haproxy
topologyKey: kubernetes.io/hostname
automountServiceAccountToken: false
automountServiceAccountToken: true
containers:
- env:
- name: AUTH
@@ -26311,7 +26307,7 @@ spec:
- argocd
- admin
- redis-initial-password
image: quay.io/argoproj/argocd:latest
image: quay.io/argoproj/argocd:v3.0.0-rc4
imagePullPolicy: IfNotPresent
name: secret-init
securityContext:
@@ -26610,7 +26606,7 @@ spec:
value: /helm-working-dir
- name: HELM_DATA_HOME
value: /helm-working-dir
image: quay.io/argoproj/argocd:latest
image: quay.io/argoproj/argocd:v3.0.0-rc4
imagePullPolicy: Always
livenessProbe:
failureThreshold: 3
@@ -26662,7 +26658,7 @@ spec:
- -n
- /usr/local/bin/argocd
- /var/run/argocd/argocd-cmp-server
image: quay.io/argoproj/argocd:latest
image: quay.io/argoproj/argocd:v3.0.0-rc4
name: copyutil
securityContext:
allowPrivilegeEscalation: false
@@ -27036,7 +27032,7 @@ spec:
key: server.sync.replace.allowed
name: argocd-cmd-params-cm
optional: true
image: quay.io/argoproj/argocd:latest
image: quay.io/argoproj/argocd:v3.0.0-rc4
imagePullPolicy: Always
livenessProbe:
httpGet:
@@ -27402,7 +27398,7 @@ spec:
optional: true
- name: KUBECACHEDIR
value: /tmp/kubecache
image: quay.io/argoproj/argocd:latest
image: quay.io/argoproj/argocd:v3.0.0-rc4
imagePullPolicy: Always
name: argocd-application-controller
ports:

View File

@@ -513,10 +513,6 @@ data:
- Endpoints
- EndpointSlice
### Internal Kubernetes resources excluded reduce the number of watched events
- apiGroups:
- apiregistration.k8s.io
kinds:
- APIService
- apiGroups:
- coordination.k8s.io
kinds:
@@ -1865,7 +1861,7 @@ spec:
key: applicationsetcontroller.requeue.after
name: argocd-cmd-params-cm
optional: true
image: quay.io/argoproj/argocd:latest
image: quay.io/argoproj/argocd:v3.0.0-rc4
imagePullPolicy: Always
name: argocd-applicationset-controller
ports:
@@ -2164,7 +2160,7 @@ spec:
- -n
- /usr/local/bin/argocd
- /shared/argocd-dex
image: quay.io/argoproj/argocd:latest
image: quay.io/argoproj/argocd:v3.0.0-rc4
imagePullPolicy: Always
name: copyutil
securityContext:
@@ -2260,7 +2256,7 @@ spec:
key: notificationscontroller.repo.server.plaintext
name: argocd-cmd-params-cm
optional: true
image: quay.io/argoproj/argocd:latest
image: quay.io/argoproj/argocd:v3.0.0-rc4
imagePullPolicy: Always
livenessProbe:
tcpSocket:
@@ -2335,7 +2331,7 @@ spec:
matchLabels:
app.kubernetes.io/name: argocd-redis-ha-haproxy
topologyKey: kubernetes.io/hostname
automountServiceAccountToken: false
automountServiceAccountToken: true
containers:
- env:
- name: AUTH
@@ -2384,7 +2380,7 @@ spec:
- argocd
- admin
- redis-initial-password
image: quay.io/argoproj/argocd:latest
image: quay.io/argoproj/argocd:v3.0.0-rc4
imagePullPolicy: IfNotPresent
name: secret-init
securityContext:
@@ -2683,7 +2679,7 @@ spec:
value: /helm-working-dir
- name: HELM_DATA_HOME
value: /helm-working-dir
image: quay.io/argoproj/argocd:latest
image: quay.io/argoproj/argocd:v3.0.0-rc4
imagePullPolicy: Always
livenessProbe:
failureThreshold: 3
@@ -2735,7 +2731,7 @@ spec:
- -n
- /usr/local/bin/argocd
- /var/run/argocd/argocd-cmp-server
image: quay.io/argoproj/argocd:latest
image: quay.io/argoproj/argocd:v3.0.0-rc4
name: copyutil
securityContext:
allowPrivilegeEscalation: false
@@ -3109,7 +3105,7 @@ spec:
key: server.sync.replace.allowed
name: argocd-cmd-params-cm
optional: true
image: quay.io/argoproj/argocd:latest
image: quay.io/argoproj/argocd:v3.0.0-rc4
imagePullPolicy: Always
livenessProbe:
httpGet:
@@ -3475,7 +3471,7 @@ spec:
optional: true
- name: KUBECACHEDIR
value: /tmp/kubecache
image: quay.io/argoproj/argocd:latest
image: quay.io/argoproj/argocd:v3.0.0-rc4
imagePullPolicy: Always
name: argocd-application-controller
ports:

View File

@@ -504,10 +504,6 @@ data:
- Endpoints
- EndpointSlice
### Internal Kubernetes resources excluded reduce the number of watched events
- apiGroups:
- apiregistration.k8s.io
kinds:
- APIService
- apiGroups:
- coordination.k8s.io
kinds:
@@ -1835,7 +1831,7 @@ spec:
key: applicationsetcontroller.requeue.after
name: argocd-cmd-params-cm
optional: true
image: quay.io/argoproj/argocd:latest
image: quay.io/argoproj/argocd:v3.0.0-rc4
imagePullPolicy: Always
name: argocd-applicationset-controller
ports:
@@ -1978,7 +1974,7 @@ spec:
- -n
- /usr/local/bin/argocd
- /shared/argocd-dex
image: quay.io/argoproj/argocd:latest
image: quay.io/argoproj/argocd:v3.0.0-rc4
imagePullPolicy: Always
name: copyutil
securityContext:
@@ -2074,7 +2070,7 @@ spec:
key: notificationscontroller.repo.server.plaintext
name: argocd-cmd-params-cm
optional: true
image: quay.io/argoproj/argocd:latest
image: quay.io/argoproj/argocd:v3.0.0-rc4
imagePullPolicy: Always
livenessProbe:
tcpSocket:
@@ -2149,7 +2145,7 @@ spec:
matchLabels:
app.kubernetes.io/name: argocd-redis-ha-haproxy
topologyKey: kubernetes.io/hostname
automountServiceAccountToken: false
automountServiceAccountToken: true
containers:
- env:
- name: AUTH
@@ -2198,7 +2194,7 @@ spec:
- argocd
- admin
- redis-initial-password
image: quay.io/argoproj/argocd:latest
image: quay.io/argoproj/argocd:v3.0.0-rc4
imagePullPolicy: IfNotPresent
name: secret-init
securityContext:
@@ -2497,7 +2493,7 @@ spec:
value: /helm-working-dir
- name: HELM_DATA_HOME
value: /helm-working-dir
image: quay.io/argoproj/argocd:latest
image: quay.io/argoproj/argocd:v3.0.0-rc4
imagePullPolicy: Always
livenessProbe:
failureThreshold: 3
@@ -2549,7 +2545,7 @@ spec:
- -n
- /usr/local/bin/argocd
- /var/run/argocd/argocd-cmp-server
image: quay.io/argoproj/argocd:latest
image: quay.io/argoproj/argocd:v3.0.0-rc4
name: copyutil
securityContext:
allowPrivilegeEscalation: false
@@ -2923,7 +2919,7 @@ spec:
key: server.sync.replace.allowed
name: argocd-cmd-params-cm
optional: true
image: quay.io/argoproj/argocd:latest
image: quay.io/argoproj/argocd:v3.0.0-rc4
imagePullPolicy: Always
livenessProbe:
httpGet:
@@ -3289,7 +3285,7 @@ spec:
optional: true
- name: KUBECACHEDIR
value: /tmp/kubecache
image: quay.io/argoproj/argocd:latest
image: quay.io/argoproj/argocd:v3.0.0-rc4
imagePullPolicy: Always
name: argocd-application-controller
ports:

View File

@@ -24577,10 +24577,6 @@ data:
- Endpoints
- EndpointSlice
### Internal Kubernetes resources excluded reduce the number of watched events
- apiGroups:
- apiregistration.k8s.io
kinds:
- APIService
- apiGroups:
- coordination.k8s.io
kinds:
@@ -25073,7 +25069,7 @@ spec:
key: applicationsetcontroller.requeue.after
name: argocd-cmd-params-cm
optional: true
image: quay.io/argoproj/argocd:latest
image: quay.io/argoproj/argocd:v3.0.0-rc4
imagePullPolicy: Always
name: argocd-applicationset-controller
ports:
@@ -25372,7 +25368,7 @@ spec:
- -n
- /usr/local/bin/argocd
- /shared/argocd-dex
image: quay.io/argoproj/argocd:latest
image: quay.io/argoproj/argocd:v3.0.0-rc4
imagePullPolicy: Always
name: copyutil
securityContext:
@@ -25468,7 +25464,7 @@ spec:
key: notificationscontroller.repo.server.plaintext
name: argocd-cmd-params-cm
optional: true
image: quay.io/argoproj/argocd:latest
image: quay.io/argoproj/argocd:v3.0.0-rc4
imagePullPolicy: Always
livenessProbe:
tcpSocket:
@@ -25570,7 +25566,7 @@ spec:
- argocd
- admin
- redis-initial-password
image: quay.io/argoproj/argocd:latest
image: quay.io/argoproj/argocd:v3.0.0-rc4
imagePullPolicy: IfNotPresent
name: secret-init
securityContext:
@@ -25843,7 +25839,7 @@ spec:
value: /helm-working-dir
- name: HELM_DATA_HOME
value: /helm-working-dir
image: quay.io/argoproj/argocd:latest
image: quay.io/argoproj/argocd:v3.0.0-rc4
imagePullPolicy: Always
livenessProbe:
failureThreshold: 3
@@ -25895,7 +25891,7 @@ spec:
- -n
- /usr/local/bin/argocd
- /var/run/argocd/argocd-cmp-server
image: quay.io/argoproj/argocd:latest
image: quay.io/argoproj/argocd:v3.0.0-rc4
name: copyutil
securityContext:
allowPrivilegeEscalation: false
@@ -26267,7 +26263,7 @@ spec:
key: server.sync.replace.allowed
name: argocd-cmd-params-cm
optional: true
image: quay.io/argoproj/argocd:latest
image: quay.io/argoproj/argocd:v3.0.0-rc4
imagePullPolicy: Always
livenessProbe:
httpGet:
@@ -26633,7 +26629,7 @@ spec:
optional: true
- name: KUBECACHEDIR
value: /tmp/kubecache
image: quay.io/argoproj/argocd:latest
image: quay.io/argoproj/argocd:v3.0.0-rc4
imagePullPolicy: Always
name: argocd-application-controller
ports:

20
manifests/install.yaml generated
View File

@@ -24568,10 +24568,6 @@ data:
- Endpoints
- EndpointSlice
### Internal Kubernetes resources excluded reduce the number of watched events
- apiGroups:
- apiregistration.k8s.io
kinds:
- APIService
- apiGroups:
- coordination.k8s.io
kinds:
@@ -25041,7 +25037,7 @@ spec:
key: applicationsetcontroller.requeue.after
name: argocd-cmd-params-cm
optional: true
image: quay.io/argoproj/argocd:latest
image: quay.io/argoproj/argocd:v3.0.0-rc4
imagePullPolicy: Always
name: argocd-applicationset-controller
ports:
@@ -25184,7 +25180,7 @@ spec:
- -n
- /usr/local/bin/argocd
- /shared/argocd-dex
image: quay.io/argoproj/argocd:latest
image: quay.io/argoproj/argocd:v3.0.0-rc4
imagePullPolicy: Always
name: copyutil
securityContext:
@@ -25280,7 +25276,7 @@ spec:
key: notificationscontroller.repo.server.plaintext
name: argocd-cmd-params-cm
optional: true
image: quay.io/argoproj/argocd:latest
image: quay.io/argoproj/argocd:v3.0.0-rc4
imagePullPolicy: Always
livenessProbe:
tcpSocket:
@@ -25382,7 +25378,7 @@ spec:
- argocd
- admin
- redis-initial-password
image: quay.io/argoproj/argocd:latest
image: quay.io/argoproj/argocd:v3.0.0-rc4
imagePullPolicy: IfNotPresent
name: secret-init
securityContext:
@@ -25655,7 +25651,7 @@ spec:
value: /helm-working-dir
- name: HELM_DATA_HOME
value: /helm-working-dir
image: quay.io/argoproj/argocd:latest
image: quay.io/argoproj/argocd:v3.0.0-rc4
imagePullPolicy: Always
livenessProbe:
failureThreshold: 3
@@ -25707,7 +25703,7 @@ spec:
- -n
- /usr/local/bin/argocd
- /var/run/argocd/argocd-cmp-server
image: quay.io/argoproj/argocd:latest
image: quay.io/argoproj/argocd:v3.0.0-rc4
name: copyutil
securityContext:
allowPrivilegeEscalation: false
@@ -26079,7 +26075,7 @@ spec:
key: server.sync.replace.allowed
name: argocd-cmd-params-cm
optional: true
image: quay.io/argoproj/argocd:latest
image: quay.io/argoproj/argocd:v3.0.0-rc4
imagePullPolicy: Always
livenessProbe:
httpGet:
@@ -26445,7 +26441,7 @@ spec:
optional: true
- name: KUBECACHEDIR
value: /tmp/kubecache
image: quay.io/argoproj/argocd:latest
image: quay.io/argoproj/argocd:v3.0.0-rc4
imagePullPolicy: Always
name: argocd-application-controller
ports:

View File

@@ -464,10 +464,6 @@ data:
- Endpoints
- EndpointSlice
### Internal Kubernetes resources excluded reduce the number of watched events
- apiGroups:
- apiregistration.k8s.io
kinds:
- APIService
- apiGroups:
- coordination.k8s.io
kinds:
@@ -960,7 +956,7 @@ spec:
key: applicationsetcontroller.requeue.after
name: argocd-cmd-params-cm
optional: true
image: quay.io/argoproj/argocd:latest
image: quay.io/argoproj/argocd:v3.0.0-rc4
imagePullPolicy: Always
name: argocd-applicationset-controller
ports:
@@ -1259,7 +1255,7 @@ spec:
- -n
- /usr/local/bin/argocd
- /shared/argocd-dex
image: quay.io/argoproj/argocd:latest
image: quay.io/argoproj/argocd:v3.0.0-rc4
imagePullPolicy: Always
name: copyutil
securityContext:
@@ -1355,7 +1351,7 @@ spec:
key: notificationscontroller.repo.server.plaintext
name: argocd-cmd-params-cm
optional: true
image: quay.io/argoproj/argocd:latest
image: quay.io/argoproj/argocd:v3.0.0-rc4
imagePullPolicy: Always
livenessProbe:
tcpSocket:
@@ -1457,7 +1453,7 @@ spec:
- argocd
- admin
- redis-initial-password
image: quay.io/argoproj/argocd:latest
image: quay.io/argoproj/argocd:v3.0.0-rc4
imagePullPolicy: IfNotPresent
name: secret-init
securityContext:
@@ -1730,7 +1726,7 @@ spec:
value: /helm-working-dir
- name: HELM_DATA_HOME
value: /helm-working-dir
image: quay.io/argoproj/argocd:latest
image: quay.io/argoproj/argocd:v3.0.0-rc4
imagePullPolicy: Always
livenessProbe:
failureThreshold: 3
@@ -1782,7 +1778,7 @@ spec:
- -n
- /usr/local/bin/argocd
- /var/run/argocd/argocd-cmp-server
image: quay.io/argoproj/argocd:latest
image: quay.io/argoproj/argocd:v3.0.0-rc4
name: copyutil
securityContext:
allowPrivilegeEscalation: false
@@ -2154,7 +2150,7 @@ spec:
key: server.sync.replace.allowed
name: argocd-cmd-params-cm
optional: true
image: quay.io/argoproj/argocd:latest
image: quay.io/argoproj/argocd:v3.0.0-rc4
imagePullPolicy: Always
livenessProbe:
httpGet:
@@ -2520,7 +2516,7 @@ spec:
optional: true
- name: KUBECACHEDIR
value: /tmp/kubecache
image: quay.io/argoproj/argocd:latest
image: quay.io/argoproj/argocd:v3.0.0-rc4
imagePullPolicy: Always
name: argocd-application-controller
ports:

View File

@@ -455,10 +455,6 @@ data:
- Endpoints
- EndpointSlice
### Internal Kubernetes resources excluded reduce the number of watched events
- apiGroups:
- apiregistration.k8s.io
kinds:
- APIService
- apiGroups:
- coordination.k8s.io
kinds:
@@ -928,7 +924,7 @@ spec:
key: applicationsetcontroller.requeue.after
name: argocd-cmd-params-cm
optional: true
image: quay.io/argoproj/argocd:latest
image: quay.io/argoproj/argocd:v3.0.0-rc4
imagePullPolicy: Always
name: argocd-applicationset-controller
ports:
@@ -1071,7 +1067,7 @@ spec:
- -n
- /usr/local/bin/argocd
- /shared/argocd-dex
image: quay.io/argoproj/argocd:latest
image: quay.io/argoproj/argocd:v3.0.0-rc4
imagePullPolicy: Always
name: copyutil
securityContext:
@@ -1167,7 +1163,7 @@ spec:
key: notificationscontroller.repo.server.plaintext
name: argocd-cmd-params-cm
optional: true
image: quay.io/argoproj/argocd:latest
image: quay.io/argoproj/argocd:v3.0.0-rc4
imagePullPolicy: Always
livenessProbe:
tcpSocket:
@@ -1269,7 +1265,7 @@ spec:
- argocd
- admin
- redis-initial-password
image: quay.io/argoproj/argocd:latest
image: quay.io/argoproj/argocd:v3.0.0-rc4
imagePullPolicy: IfNotPresent
name: secret-init
securityContext:
@@ -1542,7 +1538,7 @@ spec:
value: /helm-working-dir
- name: HELM_DATA_HOME
value: /helm-working-dir
image: quay.io/argoproj/argocd:latest
image: quay.io/argoproj/argocd:v3.0.0-rc4
imagePullPolicy: Always
livenessProbe:
failureThreshold: 3
@@ -1594,7 +1590,7 @@ spec:
- -n
- /usr/local/bin/argocd
- /var/run/argocd/argocd-cmp-server
image: quay.io/argoproj/argocd:latest
image: quay.io/argoproj/argocd:v3.0.0-rc4
name: copyutil
securityContext:
allowPrivilegeEscalation: false
@@ -1966,7 +1962,7 @@ spec:
key: server.sync.replace.allowed
name: argocd-cmd-params-cm
optional: true
image: quay.io/argoproj/argocd:latest
image: quay.io/argoproj/argocd:v3.0.0-rc4
imagePullPolicy: Always
livenessProbe:
httpGet:
@@ -2332,7 +2328,7 @@ spec:
optional: true
- name: KUBECACHEDIR
value: /tmp/kubecache
image: quay.io/argoproj/argocd:latest
image: quay.io/argoproj/argocd:v3.0.0-rc4
imagePullPolicy: Always
name: argocd-application-controller
ports:

View File

@@ -117,13 +117,15 @@ export const ApplicationStatusPanel = ({application, showDiff, showOperation, sh
<div className='application-status-panel__item-name'>{application.status.sourceHydrator.currentOperation.message}</div>
)}
<div className='application-status-panel__item-name'>
<RevisionMetadataPanel
appName={application.metadata.name}
appNamespace={application.metadata.namespace}
type={''}
revision={application.status.sourceHydrator.currentOperation.drySHA}
versionId={utils.getAppCurrentVersion(application)}
/>
{application.status.sourceHydrator.currentOperation.drySHA && (
<RevisionMetadataPanel
appName={application.metadata.name}
appNamespace={application.metadata.namespace}
type={''}
revision={application.status.sourceHydrator.currentOperation.drySHA}
versionId={utils.getAppCurrentVersion(application)}
/>
)}
</div>
</div>
)}

View File

@@ -11,6 +11,7 @@ import (
"strings"
"sync"
"github.com/Masterminds/semver/v3"
"github.com/go-playground/webhooks/v6/azuredevops"
"github.com/go-playground/webhooks/v6/bitbucket"
bitbucketserver "github.com/go-playground/webhooks/v6/bitbucket-server"
@@ -306,6 +307,22 @@ func (a *ArgoCDWebhookHandler) HandleEvent(payload any) {
continue
}
for _, app := range filteredApps {
if app.Spec.SourceHydrator != nil {
drySource := app.Spec.SourceHydrator.GetDrySource()
if sourceRevisionHasChanged(drySource, revision, touchedHead) && sourceUsesURL(drySource, webURL, repoRegexp) {
refreshPaths := path.GetAppRefreshPaths(&app)
if path.AppFilesHaveChanged(refreshPaths, changedFiles) {
namespacedAppInterface := a.appClientset.ArgoprojV1alpha1().Applications(app.ObjectMeta.Namespace)
log.Infof("webhook trigger refresh app to hydrate '%s'", app.ObjectMeta.Name)
_, err = argo.RefreshApp(namespacedAppInterface, app.ObjectMeta.Name, v1alpha1.RefreshTypeNormal, true)
if err != nil {
log.Warnf("Failed to hydrate app '%s' for controller reprocessing: %v", app.ObjectMeta.Name, err)
continue
}
}
}
}
for _, source := range app.Spec.GetSources() {
if sourceRevisionHasChanged(source, revision, touchedHead) && sourceUsesURL(source, webURL, repoRegexp) {
refreshPaths := path.GetAppRefreshPaths(&app)
@@ -413,11 +430,33 @@ func sourceRevisionHasChanged(source v1alpha1.ApplicationSource, revision string
targetRevisionHasPrefixList := []string{"refs/heads/", "refs/tags/"}
for _, prefix := range targetRevisionHasPrefixList {
if strings.HasPrefix(source.TargetRevision, prefix) {
return revision == targetRev
return compareRevisions(revision, targetRev)
}
}
return source.TargetRevision == revision
return compareRevisions(revision, source.TargetRevision)
}
func compareRevisions(revision string, targetRevision string) bool {
if revision == targetRevision {
return true
}
// If basic equality checking fails, it might be that the target revision is
// a semver version constraint
constraint, err := semver.NewConstraint(targetRevision)
if err != nil {
// The target revision is not a constraint
return false
}
version, err := semver.NewVersion(revision)
if err != nil {
// The new revision is not a valid semver version, so it can't match the constraint.
return false
}
return constraint.Check(version)
}
func sourceUsesURL(source v1alpha1.ApplicationSource, webURL string, repoRegexp *regexp.Regexp) bool {

View File

@@ -276,6 +276,72 @@ func TestGitHubCommitEvent_AppsInOtherNamespaces(t *testing.T) {
hook.Reset()
}
// TestGitHubCommitEvent_Hydrate makes sure that a webhook will hydrate an app when dry source changed.
func TestGitHubCommitEvent_Hydrate(t *testing.T) {
hook := test.NewGlobal()
var patched bool
reaction := func(action kubetesting.Action) (handled bool, ret runtime.Object, err error) {
patchAction := action.(kubetesting.PatchAction)
assert.Equal(t, "app-to-hydrate", patchAction.GetName())
patched = true
return true, nil, nil
}
h := NewMockHandler(&reactorDef{"patch", "applications", reaction}, []string{}, &v1alpha1.Application{
ObjectMeta: metav1.ObjectMeta{
Name: "app-to-hydrate",
Namespace: "argocd",
},
Spec: v1alpha1.ApplicationSpec{
SourceHydrator: &v1alpha1.SourceHydrator{
DrySource: v1alpha1.DrySource{
RepoURL: "https://github.com/jessesuen/test-repo",
TargetRevision: "HEAD",
Path: ".",
},
SyncSource: v1alpha1.SyncSource{
TargetBranch: "environments/dev",
Path: ".",
},
HydrateTo: nil,
},
},
}, &v1alpha1.Application{
ObjectMeta: metav1.ObjectMeta{
Name: "app-to-ignore",
},
Spec: v1alpha1.ApplicationSpec{
Sources: v1alpha1.ApplicationSources{
{
RepoURL: "https://github.com/some/unrelated-repo",
Path: ".",
},
},
},
},
)
req := httptest.NewRequest(http.MethodPost, "/api/webhook", nil)
req.Header.Set("X-GitHub-Event", "push")
eventJSON, err := os.ReadFile("testdata/github-commit-event.json")
require.NoError(t, err)
req.Body = io.NopCloser(bytes.NewReader(eventJSON))
w := httptest.NewRecorder()
h.Handler(w, req)
close(h.queue)
h.Wait()
assert.Equal(t, http.StatusOK, w.Code)
assert.True(t, patched)
logMessages := make([]string, 0, len(hook.Entries))
for _, entry := range hook.Entries {
logMessages = append(logMessages, entry.Message)
}
assert.Contains(t, logMessages, "webhook trigger refresh app to hydrate 'app-to-hydrate'")
assert.NotContains(t, logMessages, "webhook trigger refresh app to hydrate 'app-to-ignore'")
hook.Reset()
}
func TestGitHubTagEvent(t *testing.T) {
hook := test.NewGlobal()
h := NewMockHandler(nil, []string{})
@@ -466,8 +532,15 @@ func TestAppRevisionHasChanged(t *testing.T) {
{"dev target revision, dev, did not touch head", getSource("dev"), "dev", false, true},
{"refs/heads/dev target revision, master, touched head", getSource("refs/heads/dev"), "master", true, false},
{"refs/heads/dev target revision, dev, did not touch head", getSource("refs/heads/dev"), "dev", false, true},
{"refs/tags/dev target revision, dev, did not touch head", getSource("refs/tags/dev"), "dev", false, true},
{"env/test target revision, env/test, did not touch head", getSource("env/test"), "env/test", false, true},
{"refs/heads/env/test target revision, env/test, did not touch head", getSource("refs/heads/env/test"), "env/test", false, true},
{"refs/tags/env/test target revision, env/test, did not touch head", getSource("refs/tags/env/test"), "env/test", false, true},
{"three/part/rev target revision, rev, did not touch head", getSource("three/part/rev"), "rev", false, false},
{"1.* target revision (matching), 1.1.0, did not touch head", getSource("1.*"), "1.1.0", false, true},
{"refs/tags/1.* target revision (matching), 1.1.0, did not touch head", getSource("refs/tags/1.*"), "1.1.0", false, true},
{"1.* target revision (not matching), 2.0.0, did not touch head", getSource("1.*"), "2.0.0", false, false},
{"1.* target revision, dev (not semver), did not touch head", getSource("1.*"), "dev", false, false},
}
for _, tc := range testCases {