Compare commits

...

42 Commits

Author SHA1 Message Date
argo-bot
41828a5fb1 Bump version to 2.2.16 2022-11-01 20:26:51 +00:00
argo-bot
18ced792ee Bump version to 2.2.16 2022-11-01 20:26:33 +00:00
Chromo-residuum-opec
80861b64bb docs: fix 'bellow' typos (#11038)
Signed-off-by: backfire-monism-net <development.0extl@simplelogin.com>

Signed-off-by: backfire-monism-net <development.0extl@simplelogin.com>
2022-10-22 20:16:36 -04:00
Michael Crenshaw
f1a8ebc224 chore: fix CI (#11022)
* chore: fix CI

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>

* no more set global

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2022-10-21 11:26:15 -04:00
Michael Crenshaw
f58059aed2 chore: fix e2e (#11005)
* chore: fix e2e

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>

* more config

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>

* global

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2022-10-21 11:26:15 -04:00
Alex Eftimie
57edeec3ef docs: mention that OCI helm does not support version ranges (#11026)
* docs: mention that OCI helm does not support version ranges

Signed-off-by: Alex Eftimie <alex.eftimie@getyourguide.com>

* Apply suggestions from code review

Signed-off-by: Alex Eftimie <alex.eftimie@getyourguide.com>

Signed-off-by: Alex Eftimie <alex.eftimie@getyourguide.com>
2022-10-21 11:19:24 -04:00
Allex
d025f7edc1 fix: Update custom health check for kiali.io/Kiali (#10995)
With Kiali v1.57.1 an additional status condition was added:
```
    - lastTransitionTime: '2022-10-14T11:56:24Z'
      message: ''
      reason: ''
      status: 'False'
      type: Failure
```

Based on the discussion in https://github.com/kiali/kiali/issues/5560 this should not lead to a degraded health state.

This will no longer return Degraded as a catch-all and use the `type` and `status` fields of the condition to determine the CR health.

Signed-off-by: Allex Veldman <allexveldman+github@gmail.com>

Signed-off-by: Allex Veldman <allexveldman+github@gmail.com>
2022-10-19 12:17:47 -04:00
Michael Crenshaw
ff19401bbf chore: upgrade actions/checkout to v3, i.e. Node.js 16 (#10947)
* chore: updgrade actions/checkout to v3, i.e. Node.js 16

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>

* more node 12

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2022-10-19 11:35:07 -04:00
argo-bot
b26224950a Bump version to 2.2.15 2022-10-18 21:49:38 +00:00
argo-bot
63b9f6975a Bump version to 2.2.15 2022-10-18 21:49:25 +00:00
Leonardo Luz Almeida
a381e704e2 chore: update actions/setup-go to v2 (#8349)
Signed-off-by: Leonardo Luz Almeida <leonardo_almeida@intuit.com>
2022-10-18 17:43:48 -04:00
Michael Crenshaw
e0a3009c1a Revert "Bump version to 2.2.15"
This reverts commit e71faec22c.

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2022-10-18 17:15:39 -04:00
Michael Crenshaw
06cc50d163 Revert "Bump version to 2.2.15"
This reverts commit 9a0033c305.

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2022-10-18 17:15:30 -04:00
Michael Crenshaw
fd7293bc7f chore: fix bad merge
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2022-10-18 17:10:31 -04:00
Leonardo Luz Almeida
de1836d3c3 chore: Use go install to add spdx-sbom-generator (#8346)
Signed-off-by: Leonardo Luz Almeida <leonardo_almeida@intuit.com>
2022-10-18 17:02:41 -04:00
Leonardo Luz Almeida
dbaa1f247b chore: generate sbom for the released docker image (#8338)
Signed-off-by: Leonardo Luz Almeida <leonardo_almeida@intuit.com>
2022-10-18 17:02:37 -04:00
Leonardo Luz Almeida
d1949d3f26 chore: generate and upload sbom during release (#8332)
Signed-off-by: Leonardo Luz Almeida <leonardo_almeida@intuit.com>
2022-10-18 17:02:30 -04:00
argo-bot
9a0033c305 Bump version to 2.2.15 2022-10-18 19:55:13 +00:00
argo-bot
e71faec22c Bump version to 2.2.15 2022-10-18 19:54:57 +00:00
Michael Crenshaw
4f92ad2448 chore: use one checksum file
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2022-10-18 15:43:35 -04:00
34FathomBelow
0aa414e875 chore: release signature of sbom (#10969)
Signed-off-by: Justin Marquis <34fathombelow@protonmail.com>

Signed-off-by: Justin Marquis <34fathombelow@protonmail.com>
2022-10-18 15:40:18 -04:00
Jessie Teng
cda32ec297 fix: Resource list in sync page msg style#10887 (#10970)
* fix: Resource list in sync page msg style#10887

Signed-off-by: Teng, Jessie <yilin.teng@fmr.com>

* fix: Resource list in sync page msg style#10887

Signed-off-by: Teng, Jessie <yilin.teng@fmr.com>

* fix: Resource list in sync page msg style#10887

Signed-off-by: Teng, Jessie <yilin.teng@fmr.com>

* fix: Resource list in sync page msg style#10887

Signed-off-by: Teng, Jessie <yilin.teng@fmr.com>

Signed-off-by: Teng, Jessie <yilin.teng@fmr.com>
2022-10-18 14:02:17 -04:00
34FathomBelow
7284f5a9a5 chore: provide checksums for cli-binaries (#9260)
Signed-off-by: Justin Marquis <34fathombelow@protonmail.com>
2022-10-17 15:20:51 -04:00
Alex Collins
da58f265a9 ci: Cancel redundant builds. Fixes #9222 (#9223)
Signed-off-by: Alex Collins <alex_collins@intuit.com>
2022-10-17 13:20:53 -04:00
34FathomBelow
f57fdec7fb chore: sign checksums file for release binaries (#10963)
Signed-off-by: Justin Marquis <34fathombelow@protonmail.com>

Signed-off-by: Justin Marquis <34fathombelow@protonmail.com>
2022-10-17 13:04:09 -04:00
34FathomBelow
ebfb31e53e chore: implement signed images (#10925)
* consolidate checksums into one file

Signed-off-by: Justin Marquis <34fathombelow@protonmail.com>

* sign container images

Signed-off-by: Justin Marquis <34fathombelow@protonmail.com>

* sign container images

Signed-off-by: Justin Marquis <34fathombelow@protonmail.com>

* remove id-token permissions

Signed-off-by: Justin Marquis <34fathombelow@protonmail.com>

Signed-off-by: Justin Marquis <34fathombelow@protonmail.com>
2022-10-17 13:02:43 -04:00
Michael Crenshaw
b12281728e chore: upgrade dex to v2.35.3 to avoid CVE-2022-27665 (#10939)
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2022-10-17 12:33:19 -04:00
Aiman Fatima
cd3de4afa7 fix: Display pointer on labels for resource names in sync panel (#10959)
Signed-off-by: Aiman Fatima <aimanfatimadl@gmail.com>

Signed-off-by: Aiman Fatima <aimanfatimadl@gmail.com>
2022-10-17 09:30:50 -04:00
Chris Davis
deb4829c77 fix: Use os.PathSeparator instead of hard-coded string to resolve local file paths (#10945) (#10946)
fix: Use os.PathSeparator instead of hard-coded string to resolve local file paths (#10945) (#10946)
2022-10-14 13:54:54 -07:00
Michael Crenshaw
f1c64b43fb docs: more docs for directory apps (#10879)
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2022-10-12 11:21:29 -04:00
Michael Crenshaw
e61b55fc7a docs: clarify how default RBAC policy works (#10896)
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2022-10-12 11:17:25 -04:00
Mayursinh Sarvaiya
7b0bb8d0de fix(ui): sync option label doesn't check corresponding box (#10863) (#10876)
* fix(ui): sync option label doesn't check corresponding box

Signed-off-by: Mayursinh Sarvaiya <marvinduff97@gmail.com>

* fix: lint

Signed-off-by: Mayursinh Sarvaiya <marvinduff97@gmail.com>

Signed-off-by: Mayursinh Sarvaiya <marvinduff97@gmail.com>
2022-10-10 14:59:42 -04:00
Nir Shtein
11213c6adf fix: clicking HEAD in bitbucket leads to a 404 page (#10862)
* Wrap error objects to include context

Signed-off-by: Nir Shtein <89006520+nirsht@users.noreply.github.com>

* fix: duplicate source namespace validation (#10853)

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Signed-off-by: Nir Shtein <89006520+nirsht@users.noreply.github.com>

* Fix CR

Signed-off-by: Nir Shtein <89006520+nirsht@users.noreply.github.com>

* Change 'branch' to 'src' when building url path

Signed-off-by: Nir Shtein <89006520+nirsht@users.noreply.github.com>

* Revert "Fix CR"

This reverts commit 4b92408412.

Signed-off-by: Nir Shtein <89006520+nirsht@users.noreply.github.com>

* Revert "Wrap error objects to include context"

This reverts commit d1789bd271.

Signed-off-by: Nir Shtein <89006520+nirsht@users.noreply.github.com>

Signed-off-by: Nir Shtein <89006520+nirsht@users.noreply.github.com>
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2022-10-09 12:11:31 -04:00
Sakshi Jain
2100fe80a9 fix: added css to change cursor to pointer on hover (#10864) (#10867)
* added css to change cursor to pointer on hover

Signed-off-by: Sakshi <sakshi.jain7597@gmail.com>

* moved cursor change to only label and input

Signed-off-by: Sakshi <sakshi.jain7597@gmail.com>

Signed-off-by: Sakshi <sakshi.jain7597@gmail.com>
2022-10-09 12:05:50 -04:00
Matt Morrison
4293085a39 fix: consider destination cluster name when validating destinations (#10594)
Signed-off-by: Matt Morrison <matt.morrison@zapier.com>

Signed-off-by: Matt Morrison <matt.morrison@zapier.com>
2022-10-07 16:50:45 -04:00
Minchao
ab46c6b53a docs: fix advice about preferred version in high availability (#10619)
* docs: fix advice about preferred version in high availability

Signed-off-by: Minchao <minchao.220@gmail.com>

* Update docs/operator-manual/high_availability.md

Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Signed-off-by: Minchao <minchao.220@gmail.com>

Signed-off-by: Minchao <minchao.220@gmail.com>
Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2022-10-07 16:11:11 -04:00
Lars Kellogg-Stedman
eef5148f4a docs: Correct grammar issues in docs on manifest path annotations (#10776)
The "Webhook and Manifest Paths Annotation" section of the documentation
contained a number of grammar and spelling issues as well as what appeared
to be some unintentionally pasted text.

This commit attempts to address these issues.

Signed-off-by: Lars Kellogg-Stedman <lars@oddbit.com>

Signed-off-by: Lars Kellogg-Stedman <lars@oddbit.com>
2022-10-07 15:35:30 -04:00
Denis Krivenko
b641828ea2 fix: Add missing statuses to MinIO Tenant health check (#10815)
Signed-off-by: dnskr <dnskrv88@gmail.com>

Signed-off-by: dnskr <dnskrv88@gmail.com>
2022-10-07 15:03:32 -04:00
Eddie Knight
b19fb7c514 chore: Added recommended permissions to github actions workflows (#10812)
* Added recommended permissions to 4 of 5 workflows

Signed-off-by: Eddie Knight <iv.eddieknight@gmail.com>

* Added release.yaml permissions... might need to add pagages:write

Signed-off-by: Eddie Knight <iv.eddieknight@gmail.com>

* Updated inline comments

Signed-off-by: Eddie Knight <iv.eddieknight@gmail.com>

Signed-off-by: Eddie Knight <iv.eddieknight@gmail.com>
2022-10-07 14:47:38 -04:00
argo-bot
4faaa02377 Bump version to 2.2.14 2022-10-05 17:02:26 +00:00
argo-bot
7ef987aef6 Bump version to 2.2.14 2022-10-05 17:02:10 +00:00
Michael Crenshaw
2da9044e5c chore: upgrade dex to v2.35.1 (#10797) (#10799)
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2022-10-05 11:45:50 -04:00
42 changed files with 548 additions and 148 deletions

View File

@@ -15,6 +15,13 @@ env:
# Golang version to use across CI steps
GOLANG_VERSION: '1.16.11'
permissions:
contents: read
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
build-docker:
name: Build Docker image
@@ -31,9 +38,9 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v2
uses: actions/checkout@v3
- name: Setup Golang
uses: actions/setup-go@v1
uses: actions/setup-go@v3
with:
go-version: ${{ env.GOLANG_VERSION }}
- name: Download all Go modules
@@ -49,13 +56,13 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v2
uses: actions/checkout@v3
- name: Setup Golang
uses: actions/setup-go@v1
uses: actions/setup-go@v3
with:
go-version: ${{ env.GOLANG_VERSION }}
- name: Restore go build cache
uses: actions/cache@v1
uses: actions/cache@v3
with:
path: ~/.cache/go-build
key: ${{ runner.os }}-go-build-v1-${{ github.run_id }}
@@ -66,11 +73,14 @@ jobs:
run: make build-local
lint-go:
permissions:
contents: read # for actions/checkout to fetch code
pull-requests: read # for golangci/golangci-lint-action to fetch pull requests
name: Lint Go code
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v2
uses: actions/checkout@v3
- name: Run golangci-lint
uses: golangci/golangci-lint-action@v3
with:
@@ -86,11 +96,11 @@ jobs:
- name: Create checkout directory
run: mkdir -p ~/go/src/github.com/argoproj
- name: Checkout code
uses: actions/checkout@v2
uses: actions/checkout@v3
- name: Create symlink in GOPATH
run: ln -s $(pwd) ~/go/src/github.com/argoproj/argo-cd
- name: Setup Golang
uses: actions/setup-go@v1
uses: actions/setup-go@v3
with:
go-version: ${{ env.GOLANG_VERSION }}
- name: Install required packages
@@ -110,7 +120,7 @@ jobs:
run: |
echo "/usr/local/bin" >> $GITHUB_PATH
- name: Restore go build cache
uses: actions/cache@v1
uses: actions/cache@v3
with:
path: ~/.cache/go-build
key: ${{ runner.os }}-go-build-v1-${{ github.run_id }}
@@ -146,11 +156,11 @@ jobs:
- name: Create checkout directory
run: mkdir -p ~/go/src/github.com/argoproj
- name: Checkout code
uses: actions/checkout@v2
uses: actions/checkout@v3
- name: Create symlink in GOPATH
run: ln -s $(pwd) ~/go/src/github.com/argoproj/argo-cd
- name: Setup Golang
uses: actions/setup-go@v1
uses: actions/setup-go@v3
with:
go-version: ${{ env.GOLANG_VERSION }}
- name: Install required packages
@@ -170,7 +180,7 @@ jobs:
run: |
echo "/usr/local/bin" >> $GITHUB_PATH
- name: Restore go build cache
uses: actions/cache@v1
uses: actions/cache@v3
with:
path: ~/.cache/go-build
key: ${{ runner.os }}-go-build-v1-${{ github.run_id }}
@@ -197,9 +207,9 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v2
uses: actions/checkout@v3
- name: Setup Golang
uses: actions/setup-go@v1
uses: actions/setup-go@v3
with:
go-version: ${{ env.GOLANG_VERSION }}
- name: Create symlink in GOPATH
@@ -244,14 +254,14 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v2
uses: actions/checkout@v3
- name: Setup NodeJS
uses: actions/setup-node@v1
with:
node-version: '12.18.4'
- name: Restore node dependency cache
id: cache-dependencies
uses: actions/cache@v1
uses: actions/cache@v3
with:
path: ui/node_modules
key: ${{ runner.os }}-node-dep-v2-${{ hashFiles('**/yarn.lock') }}
@@ -280,12 +290,12 @@ jobs:
sonar_secret: ${{ secrets.SONAR_TOKEN }}
steps:
- name: Checkout code
uses: actions/checkout@v2
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Restore node dependency cache
id: cache-dependencies
uses: actions/cache@v1
uses: actions/cache@v3
with:
path: ui/node_modules
key: ${{ runner.os }}-node-dep-v2-${{ hashFiles('**/yarn.lock') }}
@@ -356,9 +366,9 @@ jobs:
ARGOCD_SERVER: "127.0.0.1:8088"
steps:
- name: Checkout code
uses: actions/checkout@v2
uses: actions/checkout@v3
- name: Setup Golang
uses: actions/setup-go@v1
uses: actions/setup-go@v3
with:
go-version: ${{ env.GOLANG_VERSION }}
- name: GH actions workaround - Kill XSP4 process
@@ -376,7 +386,7 @@ jobs:
sudo chown runner $HOME/.kube/config
kubectl version
- name: Restore go build cache
uses: actions/cache@v1
uses: actions/cache@v3
with:
path: ~/.cache/go-build
key: ${{ runner.os }}-go-build-v1-${{ github.run_id }}
@@ -399,7 +409,7 @@ jobs:
git config --global user.email "john.doe@example.com"
- name: Pull Docker image required for tests
run: |
docker pull ghcr.io/dexidp/dex:v2.35.0-distroless
docker pull ghcr.io/dexidp/dex:v2.35.3-distroless
docker pull argoproj/argo-cd-ci-builder:v1.0.0
docker pull redis:6.2.7-alpine
- name: Create target directory for binaries in the build-process

View File

@@ -6,15 +6,27 @@ on:
schedule:
- cron: '0 19 * * 0'
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
permissions:
contents: read
jobs:
CodeQL-Build:
permissions:
actions: read # for github/codeql-action/init to get workflow details
contents: read # for actions/checkout to fetch code
security-events: write # for github/codeql-action/autobuild to send a status report
if: github.repository == 'argoproj/argo-cd'
# CodeQL runs on ubuntu-latest and windows-latest
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v2
uses: actions/checkout@v3
with:
# We must fetch at least the immediate parents so that if this is
# a pull request then we can checkout the head.
@@ -24,7 +36,7 @@ jobs:
# the head of the pull request instead of the merge commit.
- run: git checkout HEAD^2
if: ${{ github.event_name == 'pull_request' }}
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v1

View File

@@ -8,13 +8,23 @@ on:
env:
GOLANG_VERSION: '1.16.11'
permissions:
contents: read
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
publish:
permissions:
contents: write # for git to push upgrade commit if not already deployed
if: github.repository == 'argoproj/argo-cd'
runs-on: ubuntu-latest
env:
GOPATH: /home/runner/work/argo-cd/argo-cd
steps:
- uses: actions/setup-go@v1
- uses: actions/setup-go@v3
with:
go-version: ${{ env.GOLANG_VERSION }}
- uses: actions/checkout@master
@@ -46,6 +56,22 @@ jobs:
DOCKER_USERNAME: ${{ secrets.RELEASE_DOCKERHUB_USERNAME }}
DOCKER_TOKEN: ${{ secrets.RELEASE_DOCKERHUB_TOKEN }}
# sign container images
- name: Install cosign
uses: sigstore/cosign-installer@main
with:
cosign-release: 'v1.13.0'
- name: Sign Argo CD latest image
run: |
cosign sign --key env://COSIGN_PRIVATE_KEY quay.io/argoproj/argocd:latest
# Displays the public key to share.
cosign public-key --key env://COSIGN_PRIVATE_KEY
env:
COSIGN_PRIVATE_KEY: ${{secrets.COSIGN_PRIVATE_KEY}}
COSIGN_PASSWORD: ${{secrets.COSIGN_PASSWORD}}
if: ${{ github.event_name == 'push' }}
# deploy
- run: git clone "https://$TOKEN@github.com/argoproj/argoproj-deployments"
env:

View File

@@ -14,8 +14,13 @@ on:
env:
GOLANG_VERSION: '1.16.11'
permissions:
contents: read
jobs:
prepare-release:
permissions:
contents: write # To push changes to release branch
name: Perform automatic release on trigger ${{ github.ref }}
runs-on: ubuntu-latest
env:
@@ -37,7 +42,7 @@ jobs:
GIT_EMAIL: argoproj@gmail.com
steps:
- name: Checkout code
uses: actions/checkout@v2
uses: actions/checkout@v3
with:
fetch-depth: 0
token: ${{ secrets.GITHUB_TOKEN }}
@@ -94,7 +99,7 @@ jobs:
echo "=========== BEGIN COMMIT MESSAGE ============="
git show ${SOURCE_TAG}
echo "============ END COMMIT MESSAGE =============="
# Quite dirty hack to get the release notes from the annotated tag
# into a temporary file.
RELEASE_NOTES=$(mktemp -p /tmp release-notes.XXXXXX)
@@ -141,7 +146,7 @@ jobs:
echo "RELEASE_NOTES=${RELEASE_NOTES}" >> $GITHUB_ENV
- name: Setup Golang
uses: actions/setup-go@v1
uses: actions/setup-go@v3
with:
go-version: ${{ env.GOLANG_VERSION }}
@@ -207,12 +212,32 @@ jobs:
docker login --username "${DOCKER_USERNAME}" --password "${DOCKER_TOKEN}"
docker tag ${IMAGE_NAMESPACE}/argocd:v${TARGET_VERSION} argoproj/argocd:v${TARGET_VERSION}
docker push argoproj/argocd:v${TARGET_VERSION}
make release-cli
make checksums
chmod +x ./dist/argocd-linux-amd64
./dist/argocd-linux-amd64 version --client
if: ${{ env.DRY_RUN != 'true' }}
- name: Install cosign
uses: sigstore/cosign-installer@main
with:
cosign-release: 'v1.13.0'
- name: Sign Argo CD container images and assets
run: |
cosign sign --key env://COSIGN_PRIVATE_KEY ${IMAGE_NAMESPACE}/argocd:v${TARGET_VERSION}
cosign sign-blob --key env://COSIGN_PRIVATE_KEY ./dist/argocd-${TARGET_VERSION}-checksums.txt > ./dist/argocd-${TARGET_VERSION}-checksums.sig
# Retrieves the public key to release as an asset
cosign public-key --key env://COSIGN_PRIVATE_KEY > ./dist/argocd-cosign.pub
env:
COSIGN_PRIVATE_KEY: ${{secrets.COSIGN_PRIVATE_KEY}}
COSIGN_PASSWORD: ${{secrets.COSIGN_PASSWORD}}
if: ${{ env.DRY_RUN != 'true' }}
- name: Read release notes file
id: release-notes
uses: juliangruber/read-file-action@v1
with:
with:
path: ${{ env.RELEASE_NOTES }}
- name: Push changes to release branch
@@ -221,7 +246,7 @@ jobs:
git push origin ${TARGET_BRANCH}
git push origin ${RELEASE_TAG}
- name: Create GitHub release
- name: Dry run GitHub release
uses: actions/create-release@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -232,38 +257,61 @@ jobs:
draft: ${{ env.DRAFT_RELEASE }}
prerelease: ${{ env.PRE_RELEASE }}
body: ${{ steps.release-notes.outputs.content }}
if: ${{ env.DRY_RUN == 'true' }}
- name: Upload argocd-linux-amd64 binary to release assets
uses: actions/upload-release-asset@v1
- name: Generate SBOM (spdx)
id: spdx-builder
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_path: ./dist/argocd-linux-amd64
asset_name: argocd-linux-amd64
asset_content_type: application/octet-stream
# defines the spdx/spdx-sbom-generator version to use.
SPDX_GEN_VERSION: v0.0.13
# defines the sigs.k8s.io/bom version to use.
SIGS_BOM_VERSION: v0.2.1
# comma delimited list of project relative folders to inspect for package
# managers (gomod, yarn, npm).
PROJECT_FOLDERS: ".,./ui"
# full qualified name of the docker image to be inspected
DOCKER_IMAGE: ${{env.IMAGE_NAMESPACE}}/argocd:v${{env.TARGET_VERSION}}
run: |
yarn install --cwd ./ui
go install github.com/spdx/spdx-sbom-generator/cmd/generator@$SPDX_GEN_VERSION
go install sigs.k8s.io/bom/cmd/bom@$SIGS_BOM_VERSION
# Generate SPDX for project dependencies analyzing package managers
for folder in $(echo $PROJECT_FOLDERS | sed "s/,/ /g")
do
generator -p $folder -o /tmp
done
# Generate SPDX for binaries analyzing the docker image
if [[ ! -z $DOCKER_IMAGE ]]; then
bom generate -o /tmp/bom-docker-image.spdx -i $DOCKER_IMAGE
fi
cd /tmp && tar -zcf sbom.tar.gz *.spdx
if: ${{ env.DRY_RUN != 'true' }}
- name: Upload argocd-darwin-amd64 binary to release assets
uses: actions/upload-release-asset@v1
- name: Sign sbom
run: |
cosign sign-blob --key env://COSIGN_PRIVATE_KEY /tmp/sbom.tar.gz > /tmp/sbom.tar.gz.sig
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_path: ./dist/argocd-darwin-amd64
asset_name: argocd-darwin-amd64
asset_content_type: application/octet-stream
COSIGN_PRIVATE_KEY: ${{secrets.COSIGN_PRIVATE_KEY}}
COSIGN_PASSWORD: ${{secrets.COSIGN_PASSWORD}}
if: ${{ env.DRY_RUN != 'true' }}
- name: Upload argocd-windows-amd64 binary to release assets
uses: actions/upload-release-asset@v1
- name: Create GitHub release
uses: softprops/action-gh-release@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_path: ./dist/argocd-windows-amd64.exe
asset_name: argocd-windows-amd64.exe
asset_content_type: application/octet-stream
name: ${{ env.RELEASE_TAG }}
tag_name: ${{ env.RELEASE_TAG }}
draft: ${{ env.DRAFT_RELEASE }}
prerelease: ${{ env.PRE_RELEASE }}
body: ${{ steps.release-notes.outputs.content }}
files: |
dist/argocd-*
/tmp/sbom.tar.gz
/tmp/sbom.tar.gz.sig
if: ${{ env.DRY_RUN != 'true' }}
- name: Update homebrew formula
@@ -280,3 +328,4 @@ jobs:
set -ue
git push --delete origin ${SOURCE_TAG}
if: ${{ always() }}

View File

@@ -23,7 +23,7 @@ DOCKER_WORKDIR?=/go/src/github.com/argoproj/argo-cd
ARGOCD_PROCFILE?=Procfile
# Strict mode has been disabled in latest versions of mkdocs-material.
# Strict mode has been disabled in latest versions of mkdocs-material.
# Thus pointing to the older image of mkdocs-material matching the version used by argo-cd.
MKDOCS_DOCKER_IMAGE?=squidfunk/mkdocs-material:4.1.1
MKDOCS_RUN_ARGS?=
@@ -111,7 +111,7 @@ define run-in-test-client
bash -c "$(1)"
endef
#
#
define exec-in-test-server
docker exec -it -u $(shell id -u):$(shell id -g) -e ARGOCD_E2E_K3S=$(ARGOCD_E2E_K3S) argocd-test-server $(1)
endef
@@ -193,7 +193,7 @@ clientgen: ensure-gopath
.PHONY: clidocsgen
clidocsgen: ensure-gopath
go run tools/cmd-docs/main.go
go run tools/cmd-docs/main.go
.PHONY: codegen-local
codegen-local: ensure-gopath mod-vendor-local gogen protogen clientgen openapigen clidocsgen manifests-local
@@ -542,3 +542,6 @@ dep-ui-local:
start-test-k8s:
go run ./hack/k8s
checksums:
sha256sum ./dist/$(BIN_NAME)-* | awk -F './dist/' '{print $$1 $$2}' > ./dist/$(BIN_NAME)-$(TARGET_VERSION)-checksums.txt

View File

@@ -1 +1 @@
2.2.13
2.2.16

View File

@@ -82,6 +82,14 @@ spec:
- code: false
name: foo
value: bar
# Exclude contains a glob pattern to match paths against that should be explicitly excluded from being used during
# manifest generation. This takes precedence over the `include` field.
# To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{config.yaml,env-use2/*}'
exclude: 'config.yaml'
# Include contains a glob pattern to match paths against that should be explicitly included during manifest
# generation. If this field is set, only matching manifests will be included.
# To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{*.yml,*.yaml}'
include: '*.yaml'
# plugin specific config
plugin:

View File

@@ -61,7 +61,7 @@ number of allowed concurrent kubectl fork/execs.
* The controller uses Kubernetes watch APIs to maintain lightweight Kubernetes cluster cache. This allows to avoid querying Kubernetes during app reconciliation and significantly improve
performance. For performance reasons controller monitors and caches only preferred the version of a resource. During reconciliation, the controller might have to convert cached resource from
preferred version into a version of the resource stored in Git. If `kubectl convert` fails because conversion is not supported then controller falls back to Kubernetes API query which slows down
reconciliation. In this case advice user-preferred resource version in Git.
reconciliation. In this case, we advise you to use the preferred resource version in Git.
* The controller polls Git every 3m by default. You can increase this duration using `timeout.reconciliation` setting in the `argocd-cm` ConfigMap.
@@ -126,19 +126,17 @@ If the manifest generation has no side effects then requests are processed in pa
### Webhook and Manifest Paths Annotation
Argo CD aggressively caches generated manifests and uses repository commit SHA as a cache key. A new commit to the Git repository invalidates cache for all applications configured in the repository
that again negatively affect mono repositories with multiple applications. You might use [webhooks](https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/webhook.md) and `argocd.argoproj.io/manifest-generate-paths` Application
CRD annotation to solve this problem and improve performance.
Argo CD aggressively caches generated manifests and uses the repository commit SHA as a cache key. A new commit to the Git repository invalidates the cache for all applications configured in the repository.
This can negatively affect repositories with multiple applications. You can use [webhooks](https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/webhook.md) and the `argocd.argoproj.io/manifest-generate-paths` Application CRD annotation to solve this problem and improve performance.
The `argocd.argoproj.io/manifest-generate-paths` contains a semicolon-separated list of paths within the Git repository that are used during manifest generation. The webhook compares paths specified in the annotation
with the changed files specified in the webhook payload. If non of the changed files are located in the paths then webhook don't trigger application reconciliation and re-uses previously generated manifests cache for a new commit.
The `argocd.argoproj.io/manifest-generate-paths` annotation contains a semicolon-separated list of paths within the Git repository that are used during manifest generation. The webhook compares paths specified in the annotation with the changed files specified in the webhook payload. If no modified files match the paths specified in `argocd.argoproj.io/manifest-generate-paths`, then the webhook will not trigger application reconciliation and the existing cache will be considered valid for the new commit.
Installations that use a different repo for each app are **not** subject to this behavior and will likely get no benefit from using these annotations.
Installations that use a different repository for each application are **not** subject to this behavior and will likely get no benefit from using these annotations.
!!! note
Application manifest paths annotation support depends on the git provider used for the Application. It is currently only supported for GitHub, GitLab, and Gogs based repos
I'm using `.Second()` modifier to avoid distracting users who already rely on `--app-resync` flag.
* **Relative path** The annotation might contains relative path. In this case the path is considered relative to the path specified in the application source:
Application manifest paths annotation support depends on the git provider used for the Application. It is currently only supported for GitHub, GitLab, and Gogs based repos.
* **Relative path** The annotation might contain a relative path. In this case the path is considered relative to the path specified in the application source:
```yaml
apiVersion: argoproj.io/v1alpha1
@@ -156,7 +154,8 @@ spec:
path: guestbook
# ...
```
* **Absolute path** The annotation value might be an absolute path started from '/'. In this case path is considered as an absolute path within the Git repository:
* **Absolute path** The annotation value might be an absolute path starting with '/'. In this case path is considered as an absolute path within the Git repository:
```yaml
apiVersion: argoproj.io/v1alpha1

View File

@@ -9,7 +9,7 @@ Metrics about applications. Scraped at the `argocd-metrics:8082/metrics` endpoin
|--------|:----:|-------------|
| `argocd_app_info` | gauge | Information about Applications. It contains labels such as `sync_status` and `health_status` that reflect the application state in ArgoCD. |
| `argocd_app_k8s_request_total` | counter | Number of kubernetes requests executed during application reconciliation |
| `argocd_app_labels` | gauge | Argo Application labels converted to Prometheus labels. Disabled by default. See section bellow about how to enable it. |
| `argocd_app_labels` | gauge | Argo Application labels converted to Prometheus labels. Disabled by default. See section below about how to enable it. |
| `argocd_app_reconcile` | histogram | Application reconciliation performance. |
| `argocd_app_sync_total` | counter | Counter for application sync history |
| `argocd_cluster_api_resource_objects` | gauge | Number of k8s resource objects in the cache. |
@@ -41,7 +41,7 @@ Some examples are:
As the Application labels are specific to each company, this feature is disabled by default. To enable it, add the
`--metrics-application-labels` flag to the ArgoCD application controller.
The example bellow will expose the ArgoCD Application labels `team-name` and `business-unit` to Prometheus:
The example below will expose the ArgoCD Application labels `team-name` and `business-unit` to Prometheus:
containers:
- command:

View File

@@ -39,6 +39,10 @@ configures a custom role, named `org-admin`. The role is assigned to any user wh
`your-github-org:your-team` group. All other users get the default policy of `role:readonly`,
which cannot modify Argo CD settings.
!!! warning
All authenticated users get _at least_ the permissions granted by the default policy. This access cannot be blocked
by a `deny` rule. Instead, restrict the default policy and then grant permissions to individual roles as needed.
*ArgoCD ConfigMap `argocd-rbac-cm` Example:*
```yaml

View File

@@ -0,0 +1,129 @@
# Directory
A directory-type application loads plain manifest files from `.yml`, `.yaml`, and `.json` files. A directory-type
application may be created from the UI, CLI, or declaratively. This is the declarative syntax:
```yaml
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: guestbook
spec:
destination:
namespace: default
server: https://kubernetes.default.svc
project: default
source:
path: guestbook
repoURL: https://github.com/argoproj/argocd-example-apps.git
targetRevision: HEAD
```
It's unnecessary to explicitly add the `spec.source.directory` field except to add additional configuration options.
Argo CD will automatically detect that the source repository/path contains plain manifest files.
## Enabling Recursive Resource Detection
By default, directory applications will only include the files from the root of the configured repository/path.
To enable recursive resource detection, set the `recurse` option.
```bash
argocd app set guestbook --directory-recurse
```
To do the same thing declaratively, use this syntax:
```yaml
apiVersion: argoproj.io/v1alpha1
kind: Application
spec:
source:
directory:
recurse: true
```
## Including/Excluding Files
### Including Only Certain Files
To include only certain files/directories in a directory application, set the `include` option. The value is a glob
pattern.
For example, if you want to include only `.yaml` files, you can use this pattern:
```shell
argocd app set guestbook --directory-include "*.yaml"
```
!!! note
It is important to quote `*.yaml` so that the shell does not expand the pattern before sending it to Argo CD.
It is also possible to include multiple patterns. Wrap the patterns with `{}` and separate them with commas. To include
`.yml` and `.yaml` files, use this pattern:
```shell
argocd app set guestbook --directory-include "{*.yml,*.yaml}"
```
To include only a certain directory, use a pattern like this:
```shell
argocd app set guestbook --directory-include "some-directory/*"
```
To accomplish the same thing declaratively, use this syntax:
```yaml
apiVersion: argoproj.io/v1alpha1
kind: Application
spec:
source:
directory:
include: 'some-directory/*'
```
### Excluding Certain Files
It is possible to exclude files matching a pattern from directory applications. For example, in a repository containing
some manifests and also a non-manifest YAML file, you could exclude the config file like this:
```shell
argocd app set guestbook --directory-exclude "config.yaml"
```
It is possible to exclude more than one pattern. For example, a config file and an irrelevant directory:
```shell
argocd app set guestbook --directory-exclude "{config.yaml,env-use2/*}"
```
If both `include` and `exclude` are specified, then the Application will include all files which match the `include`
pattern and do not match the `exclude` pattern. For example, consider this source repository:
```
config.json
deployment.yaml
env-use2/
configmap.yaml
env-usw2/
configmap.yaml
```
To exclude `config.json` and the `env-usw2` directory, you could use this combination of patterns:
```shell
argocd app set guestbook --directory-include "*.yaml" --directory-exclude "{config.json,env-usw2/*}"
```
This would be the declarative syntax:
```yaml
apiVersion: argoproj.io/v1alpha1
kind: Application
spec:
source:
directory:
exclude: '{config.json,env-usw2/*}'
include: '*.yaml'
```

View File

@@ -20,6 +20,8 @@ For Helm, all versions are [Semantic Versions](https://semver.org/). As a result
| Track minor releases (e.g. in QA) | Use a range | `1.*` or `>=1.0.0 <2.0.0` |
| Use the latest (e.g. in local development) | Use star range | `*` or `>=0.0.0` |
**Note for OCI Helm repositories**: the only available strategy is "Pin to a version".
[Read about version ranges](https://www.telerik.com/blogs/the-mystical-magical-semver-ranges-used-by-npm-bower)
## Git

View File

@@ -28,7 +28,7 @@ spec:
name: dexconfig
containers:
- name: dex
image: ghcr.io/dexidp/dex:v2.35.0-distroless
image: ghcr.io/dexidp/dex:v2.35.3-distroless
imagePullPolicy: Always
command: [/shared/argocd-dex, rundex]
securityContext:

View File

@@ -5,7 +5,7 @@ kind: Kustomization
images:
- name: quay.io/argoproj/argocd
newName: quay.io/argoproj/argocd
newTag: v2.2.13
newTag: v2.2.16
resources:
- ./application-controller
- ./dex

View File

@@ -3024,7 +3024,7 @@ spec:
value: /helm-working-dir
- name: HELM_DATA_HOME
value: /helm-working-dir
image: quay.io/argoproj/argocd:v2.2.13
image: quay.io/argoproj/argocd:v2.2.16
imagePullPolicy: Always
livenessProbe:
failureThreshold: 3
@@ -3073,7 +3073,7 @@ spec:
- -n
- /usr/local/bin/argocd
- /var/run/argocd/argocd-cmp-server
image: quay.io/argoproj/argocd:v2.2.13
image: quay.io/argoproj/argocd:v2.2.16
name: copyutil
volumeMounts:
- mountPath: /var/run/argocd
@@ -3238,7 +3238,7 @@ spec:
key: controller.default.cache.expiration
name: argocd-cmd-params-cm
optional: true
image: quay.io/argoproj/argocd:v2.2.13
image: quay.io/argoproj/argocd:v2.2.16
imagePullPolicy: Always
livenessProbe:
httpGet:

View File

@@ -11,4 +11,4 @@ resources:
images:
- name: quay.io/argoproj/argocd
newName: quay.io/argoproj/argocd
newTag: v2.2.13
newTag: v2.2.16

View File

@@ -11,7 +11,7 @@ patchesStrategicMerge:
images:
- name: quay.io/argoproj/argocd
newName: quay.io/argoproj/argocd
newTag: v2.2.13
newTag: v2.2.16
resources:
- ../../base/application-controller
- ../../base/dex

View File

@@ -3687,7 +3687,7 @@ spec:
- command:
- /shared/argocd-dex
- rundex
image: ghcr.io/dexidp/dex:v2.35.0-distroless
image: ghcr.io/dexidp/dex:v2.35.3-distroless
imagePullPolicy: Always
name: dex
ports:
@@ -3709,7 +3709,7 @@ spec:
- -n
- /usr/local/bin/argocd
- /shared/argocd-dex
image: quay.io/argoproj/argocd:v2.2.13
image: quay.io/argoproj/argocd:v2.2.16
imagePullPolicy: Always
name: copyutil
volumeMounts:
@@ -3932,7 +3932,7 @@ spec:
value: /helm-working-dir
- name: HELM_DATA_HOME
value: /helm-working-dir
image: quay.io/argoproj/argocd:v2.2.13
image: quay.io/argoproj/argocd:v2.2.16
imagePullPolicy: Always
livenessProbe:
failureThreshold: 3
@@ -3981,7 +3981,7 @@ spec:
- -n
- /usr/local/bin/argocd
- /var/run/argocd/argocd-cmp-server
image: quay.io/argoproj/argocd:v2.2.13
image: quay.io/argoproj/argocd:v2.2.16
name: copyutil
volumeMounts:
- mountPath: /var/run/argocd
@@ -4208,7 +4208,7 @@ spec:
key: server.http.cookie.maxnumber
name: argocd-cmd-params-cm
optional: true
image: quay.io/argoproj/argocd:v2.2.13
image: quay.io/argoproj/argocd:v2.2.16
imagePullPolicy: Always
livenessProbe:
httpGet:
@@ -4404,7 +4404,7 @@ spec:
key: controller.default.cache.expiration
name: argocd-cmd-params-cm
optional: true
image: quay.io/argoproj/argocd:v2.2.13
image: quay.io/argoproj/argocd:v2.2.16
imagePullPolicy: Always
livenessProbe:
httpGet:

View File

@@ -1046,7 +1046,7 @@ spec:
- command:
- /shared/argocd-dex
- rundex
image: ghcr.io/dexidp/dex:v2.35.0-distroless
image: ghcr.io/dexidp/dex:v2.35.3-distroless
imagePullPolicy: Always
name: dex
ports:
@@ -1068,7 +1068,7 @@ spec:
- -n
- /usr/local/bin/argocd
- /shared/argocd-dex
image: quay.io/argoproj/argocd:v2.2.13
image: quay.io/argoproj/argocd:v2.2.16
imagePullPolicy: Always
name: copyutil
volumeMounts:
@@ -1291,7 +1291,7 @@ spec:
value: /helm-working-dir
- name: HELM_DATA_HOME
value: /helm-working-dir
image: quay.io/argoproj/argocd:v2.2.13
image: quay.io/argoproj/argocd:v2.2.16
imagePullPolicy: Always
livenessProbe:
failureThreshold: 3
@@ -1340,7 +1340,7 @@ spec:
- -n
- /usr/local/bin/argocd
- /var/run/argocd/argocd-cmp-server
image: quay.io/argoproj/argocd:v2.2.13
image: quay.io/argoproj/argocd:v2.2.16
name: copyutil
volumeMounts:
- mountPath: /var/run/argocd
@@ -1567,7 +1567,7 @@ spec:
key: server.http.cookie.maxnumber
name: argocd-cmd-params-cm
optional: true
image: quay.io/argoproj/argocd:v2.2.13
image: quay.io/argoproj/argocd:v2.2.16
imagePullPolicy: Always
livenessProbe:
httpGet:
@@ -1763,7 +1763,7 @@ spec:
key: controller.default.cache.expiration
name: argocd-cmd-params-cm
optional: true
image: quay.io/argoproj/argocd:v2.2.13
image: quay.io/argoproj/argocd:v2.2.16
imagePullPolicy: Always
livenessProbe:
httpGet:

View File

@@ -3057,7 +3057,7 @@ spec:
- command:
- /shared/argocd-dex
- rundex
image: ghcr.io/dexidp/dex:v2.35.0-distroless
image: ghcr.io/dexidp/dex:v2.35.3-distroless
imagePullPolicy: Always
name: dex
ports:
@@ -3079,7 +3079,7 @@ spec:
- -n
- /usr/local/bin/argocd
- /shared/argocd-dex
image: quay.io/argoproj/argocd:v2.2.13
image: quay.io/argoproj/argocd:v2.2.16
imagePullPolicy: Always
name: copyutil
volumeMounts:
@@ -3266,7 +3266,7 @@ spec:
value: /helm-working-dir
- name: HELM_DATA_HOME
value: /helm-working-dir
image: quay.io/argoproj/argocd:v2.2.13
image: quay.io/argoproj/argocd:v2.2.16
imagePullPolicy: Always
livenessProbe:
failureThreshold: 3
@@ -3315,7 +3315,7 @@ spec:
- -n
- /usr/local/bin/argocd
- /var/run/argocd/argocd-cmp-server
image: quay.io/argoproj/argocd:v2.2.13
image: quay.io/argoproj/argocd:v2.2.16
name: copyutil
volumeMounts:
- mountPath: /var/run/argocd
@@ -3538,7 +3538,7 @@ spec:
key: server.http.cookie.maxnumber
name: argocd-cmd-params-cm
optional: true
image: quay.io/argoproj/argocd:v2.2.13
image: quay.io/argoproj/argocd:v2.2.16
imagePullPolicy: Always
livenessProbe:
httpGet:
@@ -3728,7 +3728,7 @@ spec:
key: controller.default.cache.expiration
name: argocd-cmd-params-cm
optional: true
image: quay.io/argoproj/argocd:v2.2.13
image: quay.io/argoproj/argocd:v2.2.16
imagePullPolicy: Always
livenessProbe:
httpGet:

View File

@@ -416,7 +416,7 @@ spec:
- command:
- /shared/argocd-dex
- rundex
image: ghcr.io/dexidp/dex:v2.35.0-distroless
image: ghcr.io/dexidp/dex:v2.35.3-distroless
imagePullPolicy: Always
name: dex
ports:
@@ -438,7 +438,7 @@ spec:
- -n
- /usr/local/bin/argocd
- /shared/argocd-dex
image: quay.io/argoproj/argocd:v2.2.13
image: quay.io/argoproj/argocd:v2.2.16
imagePullPolicy: Always
name: copyutil
volumeMounts:
@@ -625,7 +625,7 @@ spec:
value: /helm-working-dir
- name: HELM_DATA_HOME
value: /helm-working-dir
image: quay.io/argoproj/argocd:v2.2.13
image: quay.io/argoproj/argocd:v2.2.16
imagePullPolicy: Always
livenessProbe:
failureThreshold: 3
@@ -674,7 +674,7 @@ spec:
- -n
- /usr/local/bin/argocd
- /var/run/argocd/argocd-cmp-server
image: quay.io/argoproj/argocd:v2.2.13
image: quay.io/argoproj/argocd:v2.2.16
name: copyutil
volumeMounts:
- mountPath: /var/run/argocd
@@ -897,7 +897,7 @@ spec:
key: server.http.cookie.maxnumber
name: argocd-cmd-params-cm
optional: true
image: quay.io/argoproj/argocd:v2.2.13
image: quay.io/argoproj/argocd:v2.2.16
imagePullPolicy: Always
livenessProbe:
httpGet:
@@ -1087,7 +1087,7 @@ spec:
key: controller.default.cache.expiration
name: argocd-cmd-params-cm
optional: true
image: quay.io/argoproj/argocd:v2.2.13
image: quay.io/argoproj/argocd:v2.2.16
imagePullPolicy: Always
livenessProbe:
httpGet:

View File

@@ -83,6 +83,7 @@ nav:
- user-guide/helm.md
- user-guide/ksonnet.md
- user-guide/jsonnet.md
- user-guide/directory.md
- user-guide/config-management-plugins.md
- user-guide/tool_detection.md
- user-guide/projects.md

View File

@@ -155,6 +155,10 @@ func (p *AppProject) ValidateProject() error {
destKeys := make(map[string]bool)
for _, dest := range p.Spec.Destinations {
key := fmt.Sprintf("%s/%s", dest.Server, dest.Namespace)
if dest.Server == "" && dest.Name != "" {
// destination cluster set using name instead of server endpoint
key = fmt.Sprintf("%s/%s", dest.Name, dest.Namespace)
}
if _, ok := destKeys[key]; ok {
return status.Errorf(codes.InvalidArgument, "destination '%s' already added", key)
}

View File

@@ -256,11 +256,75 @@ func TestAppProject_RemoveGroupFromRole(t *testing.T) {
func newTestProject() *AppProject {
p := AppProject{
ObjectMeta: metav1.ObjectMeta{Name: "my-proj"},
Spec: AppProjectSpec{Roles: []ProjectRole{{Name: "my-role"}}},
Spec: AppProjectSpec{Roles: []ProjectRole{{Name: "my-role"}}, Destinations: []ApplicationDestination{{}}},
}
return &p
}
// TestAppProject_ValidateDestinations tests for an invalid destination
func TestAppProject_ValidateDestinations(t *testing.T) {
p := newTestProject()
err := p.ValidateProject()
assert.NoError(t, err)
goodNamespaces := []string{
"*",
"some-namespace",
}
for _, goodNamespace := range goodNamespaces {
p.Spec.Destinations[0].Namespace = goodNamespace
err = p.ValidateProject()
assert.NoError(t, err)
}
goodServers := []string{
"*",
"some-server",
}
for _, badName := range goodServers {
p.Spec.Destinations[0].Server = badName
err = p.ValidateProject()
assert.NoError(t, err)
}
goodNames := []string{
"*",
"some-name",
}
for _, goodName := range goodNames {
p.Spec.Destinations[0].Name = goodName
err = p.ValidateProject()
assert.NoError(t, err)
}
validDestination := ApplicationDestination{
Server: "some-server",
Namespace: "some-namespace",
}
p.Spec.Destinations[0] = validDestination
err = p.ValidateProject()
assert.NoError(t, err)
//no duplicates allowed
p.Spec.Destinations = []ApplicationDestination{validDestination, validDestination}
err = p.ValidateProject()
assert.Error(t, err)
cluster1Destination := ApplicationDestination{
Name: "cluster1",
Namespace: "some-namespace",
}
cluster2Destination := ApplicationDestination{
Name: "cluster2",
Namespace: "some-namespace",
}
// allow multiple destinations with blank server, same namespace but unique cluster name
p.Spec.Destinations = []ApplicationDestination{cluster1Destination, cluster2Destination}
err = p.ValidateProject()
assert.NoError(t, err)
}
// TestValidateRoleName tests for an invalid role name
func TestAppProject_ValidateRoleName(t *testing.T) {
p := newTestProject()

View File

@@ -3,17 +3,21 @@ if obj.status ~= nil then
if obj.status.conditions ~= nil then
for i, condition in ipairs(obj.status.conditions) do
health_status.message = condition.message
if condition.reason == "Successful" then
if condition.type == "Successful" and condition.status == "True" then
health_status.status = "Healthy"
elseif condition.reason == "Running" then
health_status.status = "Progressing"
else
health_status.status = "Degraded"
return health_status
end
if condition.type == "Failure" and condition.status == "True" then
health_status.status = "Degraded"
return health_status
end
if condition.type == "Running" and condition.reason == "Running" then
health_status.status = "Progressing"
return health_status
end
return health_status
end
end
end
health_status.status = "Progressing"
health_status.message = "Waiting for Kiali"
return health_status
return health_status

View File

@@ -9,5 +9,5 @@ tests:
inputPath: testdata/degraded.yaml
- healthStatus:
status: Healthy
message: "Awaiting next reconciliation"
message: "Last reconciliation succeeded"
inputPath: testdata/healthy.yaml

View File

@@ -14,14 +14,24 @@ metadata:
spec: {}
status:
conditions:
- ansibleResult:
changed: 1
completion: 2020-06-08T13:41:20.133525
failures: 0
ok: 56
skipped: 82
lastTransitionTime: "2020-06-04T17:47:31Z"
message: Error Reconciling
reason: null
status: "True"
type: Running
- lastTransitionTime: '2022-10-19T09:44:32Z'
message: ''
reason: ''
status: 'False'
type: Failure
- ansibleResult:
changed: 18
completion: '2022-10-19T09:44:32.289505'
failures: 0
ok: 101
skipped: 101
lastTransitionTime: '2022-10-19T09:43:39Z'
message: Awaiting next reconciliation
reason: Successful
status: 'True'
type: Running
- lastTransitionTime: '2022-10-19T09:44:32Z'
message: Error Reconciling
reason: Failure
status: 'True'
type: Failure

View File

@@ -14,14 +14,24 @@ metadata:
spec: {}
status:
conditions:
- ansibleResult:
changed: 1
completion: 2020-06-08T13:41:20.133525
failures: 0
ok: 56
skipped: 82
lastTransitionTime: "2020-06-04T17:47:31Z"
message: Awaiting next reconciliation
reason: Successful
status: "True"
type: Running
- lastTransitionTime: '2022-10-19T09:44:32Z'
message: ''
reason: ''
status: 'False'
type: Failure
- ansibleResult:
changed: 18
completion: '2022-10-19T09:44:32.289505'
failures: 0
ok: 101
skipped: 101
lastTransitionTime: '2022-10-19T09:43:39Z'
message: Awaiting next reconciliation
reason: Successful
status: 'True'
type: Running
- lastTransitionTime: '2022-10-19T09:44:32Z'
message: Last reconciliation succeeded
reason: Successful
status: 'True'
type: Successful

View File

@@ -31,11 +31,21 @@ if obj.status ~= nil then
health_status.message = obj.status.currentState
return health_status
end
if obj.status.currentState == "Tenant credentials are not set properly" then
health_status.status = "Degraded"
health_status.message = obj.status.currentState
return health_status
end
if obj.status.currentState == "Different versions across MinIO Pools" then
health_status.status = "Degraded"
health_status.message = obj.status.currentState
return health_status
end
if obj.status.currentState == "Pool Decommissioning Not Allowed" then
health_status.status = "Degraded"
health_status.message = obj.status.currentState
return health_status
end
health_status.status = "Progressing"
health_status.message = obj.status.currentState
return health_status

View File

@@ -23,10 +23,18 @@ tests:
status: Degraded
message: "Another MinIO Tenant already exists in the namespace"
inputPath: testdata/another_tenant_exists.yaml
- healthStatus:
status: Degraded
message: "Tenant credentials are not set properly"
inputPath: testdata/incorrect_tenant_credentials.yaml
- healthStatus:
status: Degraded
message: "Different versions across MinIO Pools"
inputPath: testdata/versions_mismatch.yaml
- healthStatus:
status: Degraded
message: "Pool Decommissioning Not Allowed"
inputPath: testdata/pool_decommissioning_not_allowed.yaml
- healthStatus:
status: Progressing
message: "<unknown status message>"

View File

@@ -0,0 +1,13 @@
apiVersion: minio.min.io/v2
kind: Tenant
metadata:
name: minio-tenant
spec:
image: minio/minio:latest
pools:
- name: pool-0
servers: 1
volumesPerServer: 4
status:
revision: 0
currentState: Tenant credentials are not set properly

View File

@@ -0,0 +1,13 @@
apiVersion: minio.min.io/v2
kind: Tenant
metadata:
name: minio-tenant
spec:
image: minio/minio:latest
pools:
- name: pool-0
servers: 1
volumesPerServer: 4
status:
revision: 0
currentState: Pool Decommissioning Not Allowed

View File

@@ -706,6 +706,8 @@ func Declarative(filename string, values interface{}) (string, error) {
}
func CreateSubmoduleRepos(repoType string) {
oldEnv := os.Getenv("GIT_ALLOW_PROTOCOL")
CheckError(os.Setenv("GIT_ALLOW_PROTOCOL", "file"))
// set-up submodule repo
FailOnErr(Run("", "cp", "-Rf", "testdata/git-submodule/", submoduleDirectory()))
@@ -737,6 +739,8 @@ func CreateSubmoduleRepos(repoType string) {
FailOnErr(Run(submoduleParentDirectory(), "git", "remote", "add", "origin", os.Getenv("ARGOCD_E2E_GIT_SERVICE_SUBMODULE_PARENT")))
FailOnErr(Run(submoduleParentDirectory(), "git", "push", "origin", "master", "-f"))
}
CheckError(os.Setenv("GIT_ALLOW_PROTOCOL", oldEnv))
}
// RestartRepoServer performs a restart of the repo server deployment and waits

View File

@@ -36,6 +36,7 @@ $header: 120px;
&__warning {
font-size: 0.8em;
color: darken($argo-status-warning-color, 20%);
min-height: 1.2rem;
}
&__refreshing-label {

View File

@@ -79,7 +79,7 @@ export const ApplicationRetryForm = ({initValues, field = 'retryStrategy'}: {ini
);
};
export const ApplicationRetryOptions = ({formApi, initValues, field = 'retryStrategy'}: {formApi: FormApi; field?: string; initValues?: models.RetryStrategy}) => {
export const ApplicationRetryOptions = ({formApi, initValues, field = 'retryStrategy', id}: {formApi: FormApi; field?: string; initValues?: models.RetryStrategy; id?: string}) => {
const [retry, setRetry] = React.useState(!!initValues);
const toggleRetry = (value: boolean) => {
@@ -103,8 +103,8 @@ export const ApplicationRetryOptions = ({formApi, initValues, field = 'retryStra
return (
<div className='application-retry-options'>
<Checkbox id='retry' checked={retry} onChange={val => toggleRetry(val)} />
<label htmlFor='retry'>Retry</label>
<Checkbox id={`retry-${id}`} checked={retry} onChange={val => toggleRetry(val)} />
<label htmlFor={`retry-${id}`}>Retry</label>
{retry && <ApplicationRetryForm initValues={initValues} field={field} />}
</div>
);

View File

@@ -10,6 +10,7 @@ export const REPLACE_WARNING = `The resources will be synced using 'kubectl repl
export interface ApplicationSyncOptionProps {
options: string[];
onChanged: (updatedOptions: string[]) => any;
id?: string;
}
function selectOption(name: string, label: string, defaultVal: string, values: string[], props: ApplicationSyncOptionProps) {
@@ -46,7 +47,7 @@ function booleanOption(name: string, label: string, defaultVal: boolean, props:
return (
<React.Fragment>
<Checkbox
id={`sync-option-${name}`}
id={`sync-option-${name}-${props.id}`}
checked={checked}
onChange={(val: boolean) => {
if (index < 0) {
@@ -57,7 +58,7 @@ function booleanOption(name: string, label: string, defaultVal: boolean, props:
}
}}
/>
<label htmlFor={`sync-option-${name}`}>{label}</label>{' '}
<label htmlFor={`sync-option-${name}-${props.id}`}>{label}</label>{' '}
{warning && (
<>
<Tooltip content={warning}>
@@ -112,7 +113,7 @@ export const ApplicationSyncOptions = (props: ApplicationSyncOptionProps) => (
</div>
);
export const ApplicationManualSyncFlags = ReactForm.FormField((props: {fieldApi: ReactForm.FieldApi}) => {
export const ApplicationManualSyncFlags = ReactForm.FormField((props: {fieldApi: ReactForm.FieldApi; id?: string}) => {
const {
fieldApi: {getValue, setValue, setTouched}
} = props;
@@ -122,7 +123,7 @@ export const ApplicationManualSyncFlags = ReactForm.FormField((props: {fieldApi:
{Object.keys(ManualSyncFlags).map(flag => (
<React.Fragment key={flag}>
<Checkbox
id={`sync-option-${flag}`}
id={`sync-option-${flag}-${props.id}`}
checked={val[flag]}
onChange={(newVal: boolean) => {
setTouched(true);
@@ -131,7 +132,7 @@ export const ApplicationManualSyncFlags = ReactForm.FormField((props: {fieldApi:
setValue(update);
}}
/>
<label htmlFor={`sync-option-${flag}`}>{ManualSyncFlags[flag as keyof typeof ManualSyncFlags]}</label>{' '}
<label htmlFor={`sync-option-${flag}-${props.id}`}>{ManualSyncFlags[flag as keyof typeof ManualSyncFlags]}</label>{' '}
</React.Fragment>
))}
</div>

View File

@@ -8,6 +8,10 @@
display: inline-block;
margin-right: 0.3em;
label {
cursor: pointer;
}
label::before,
label::after {
vertical-align: middle;

View File

@@ -125,10 +125,15 @@ export const ApplicationSyncPanel = ({application, selectedResource, hide}: {app
formApi.setTouched('syncOptions', true);
formApi.setValue('syncOptions', opts);
}}
id='application-sync-panel'
/>
</div>
<ApplicationRetryOptions formApi={formApi} initValues={application.spec.syncPolicy ? application.spec.syncPolicy.retry : null} />
<ApplicationRetryOptions
id='application-sync-panel'
formApi={formApi}
initValues={application.spec.syncPolicy ? application.spec.syncPolicy.retry : null}
/>
<label>Synchronize resources:</label>
<div style={{float: 'right'}}>
@@ -164,9 +169,9 @@ export const ApplicationSyncPanel = ({application, selectedResource, hide}: {app
none
</a>
</div>
{!formApi.values.resources.every((item: boolean) => item) && (
<div className='application-details__warning'>WARNING: partial synchronization is not recorded in history</div>
)}
<div className='application-details__warning'>
{!formApi.values.resources.every((item: boolean) => item) && <div>WARNING: partial synchronization is not recorded in history</div>}
</div>
<div>
{application.status.resources
.filter(item => !item.hook)

View File

@@ -94,10 +94,11 @@ export const ApplicationsSyncPanel = ({show, apps, hide}: {show: boolean; apps:
formApi.setTouched('syncOptions', true);
formApi.setValue('syncOptions', opts);
}}
id='applications-sync-panel'
/>
</div>
<ApplicationRetryOptions formApi={formApi} />
<ApplicationRetryOptions id='applications-sync-panel' formApi={formApi} />
<label>
Apps (<a onClick={() => apps.forEach((_, i) => formApi.setValue('app/' + i, true))}>all</a>/

View File

@@ -11,6 +11,11 @@
label {
color: #6D7F8B;
font-size: 15px;
cursor: pointer;
}
input {
cursor: pointer;
}
}

View File

@@ -30,7 +30,7 @@ export function revisionUrl(url: string, revision: string): string {
let urlSubPath = isSHA(revision) ? 'commit' : 'tree';
if (url.indexOf('bitbucket') >= 0) {
urlSubPath = isSHA(revision) ? 'commits' : 'branch';
urlSubPath = isSHA(revision) ? 'commits' : 'src';
}
if (!supportedSource(parsed)) {

View File

@@ -35,7 +35,7 @@ func resolveSymbolicLinkRecursive(path string, maxDepth int) (string, error) {
// If we resolved to a relative symlink, make sure we use the absolute
// path for further resolving
if !strings.HasPrefix(resolved, "/") {
if !strings.HasPrefix(resolved, string(os.PathSeparator)) {
basePath := filepath.Dir(path)
resolved = filepath.Join(basePath, resolved)
}
@@ -146,8 +146,8 @@ func ResolveFilePath(appPath, repoRoot, valueFile string, allowedURLSchemes []st
// Ensure our root path has a trailing slash, otherwise the following check
// would return true if root is /foo and path would be /foo2
requiredRootPath := absRepoPath
if !strings.HasSuffix(requiredRootPath, "/") {
requiredRootPath += "/"
if !strings.HasSuffix(requiredRootPath, string(os.PathSeparator)) {
requiredRootPath += string(os.PathSeparator)
}
// Make sure that the resolved path to values file is within the repository's root path