Bump version to 2.2.5

* fix: Resolve symlinked value files correctly

Signed-off-by: jannfis <jann@mistrust.net>

* fix: Resolve symlinked value files correctly

Signed-off-by: jannfis <jann@mistrust.net>

VERSION

@@ -1 +1 @@
-2.2.4
+2.2.5

manifests/base/kustomization.yaml

@@ -5,7 +5,7 @@ kind: Kustomization
 images:
 - name: quay.io/argoproj/argocd
   newName: quay.io/argoproj/argocd
-  newTag: v2.2.4
+  newTag: v2.2.5
 resources:
 - ./application-controller
 - ./dex

manifests/core-install.yaml

@@ -3018,7 +3018,7 @@ spec:
           value: /helm-working-dir
         - name: HELM_DATA_HOME
           value: /helm-working-dir
-        image: quay.io/argoproj/argocd:v2.2.4
+        image: quay.io/argoproj/argocd:v2.2.5
         imagePullPolicy: Always
         livenessProbe:
           failureThreshold: 3
@@ -3067,7 +3067,7 @@ spec:
         - -n
         - /usr/local/bin/argocd
         - /var/run/argocd/argocd-cmp-server
-        image: quay.io/argoproj/argocd:v2.2.4
+        image: quay.io/argoproj/argocd:v2.2.5
         name: copyutil
         volumeMounts:
         - mountPath: /var/run/argocd
@@ -3232,7 +3232,7 @@ spec:
               key: controller.default.cache.expiration
               name: argocd-cmd-params-cm
               optional: true
-        image: quay.io/argoproj/argocd:v2.2.4
+        image: quay.io/argoproj/argocd:v2.2.5
         imagePullPolicy: Always
         livenessProbe:
           httpGet:

manifests/core-install/kustomization.yaml

@@ -11,4 +11,4 @@ resources:
 images:
 - name: quay.io/argoproj/argocd
   newName: quay.io/argoproj/argocd
-  newTag: v2.2.4
+  newTag: v2.2.5

manifests/ha/base/kustomization.yaml

@@ -11,7 +11,7 @@ patchesStrategicMerge:
 images:
 - name: quay.io/argoproj/argocd
   newName: quay.io/argoproj/argocd
-  newTag: v2.2.4
+  newTag: v2.2.5
 resources:
 - ../../base/application-controller
 - ../../base/dex

manifests/ha/install.yaml

@@ -3709,7 +3709,7 @@ spec:
         - -n
         - /usr/local/bin/argocd
         - /shared/argocd-dex
-        image: quay.io/argoproj/argocd:v2.2.4
+        image: quay.io/argoproj/argocd:v2.2.5
         imagePullPolicy: Always
         name: copyutil
         volumeMounts:
@@ -3926,7 +3926,7 @@ spec:
           value: /helm-working-dir
         - name: HELM_DATA_HOME
           value: /helm-working-dir
-        image: quay.io/argoproj/argocd:v2.2.4
+        image: quay.io/argoproj/argocd:v2.2.5
         imagePullPolicy: Always
         livenessProbe:
           failureThreshold: 3
@@ -3975,7 +3975,7 @@ spec:
         - -n
         - /usr/local/bin/argocd
         - /var/run/argocd/argocd-cmp-server
-        image: quay.io/argoproj/argocd:v2.2.4
+        image: quay.io/argoproj/argocd:v2.2.5
         name: copyutil
         volumeMounts:
         - mountPath: /var/run/argocd
@@ -4202,7 +4202,7 @@ spec:
               key: server.http.cookie.maxnumber
               name: argocd-cmd-params-cm
               optional: true
-        image: quay.io/argoproj/argocd:v2.2.4
+        image: quay.io/argoproj/argocd:v2.2.5
         imagePullPolicy: Always
         livenessProbe:
           httpGet:
@@ -4398,7 +4398,7 @@ spec:
               key: controller.default.cache.expiration
               name: argocd-cmd-params-cm
               optional: true
-        image: quay.io/argoproj/argocd:v2.2.4
+        image: quay.io/argoproj/argocd:v2.2.5
         imagePullPolicy: Always
         livenessProbe:
           httpGet:

manifests/ha/namespace-install.yaml

@@ -1068,7 +1068,7 @@ spec:
         - -n
         - /usr/local/bin/argocd
         - /shared/argocd-dex
-        image: quay.io/argoproj/argocd:v2.2.4
+        image: quay.io/argoproj/argocd:v2.2.5
         imagePullPolicy: Always
         name: copyutil
         volumeMounts:
@@ -1285,7 +1285,7 @@ spec:
           value: /helm-working-dir
         - name: HELM_DATA_HOME
           value: /helm-working-dir
-        image: quay.io/argoproj/argocd:v2.2.4
+        image: quay.io/argoproj/argocd:v2.2.5
         imagePullPolicy: Always
         livenessProbe:
           failureThreshold: 3
@@ -1334,7 +1334,7 @@ spec:
         - -n
         - /usr/local/bin/argocd
         - /var/run/argocd/argocd-cmp-server
-        image: quay.io/argoproj/argocd:v2.2.4
+        image: quay.io/argoproj/argocd:v2.2.5
         name: copyutil
         volumeMounts:
         - mountPath: /var/run/argocd
@@ -1561,7 +1561,7 @@ spec:
               key: server.http.cookie.maxnumber
               name: argocd-cmd-params-cm
               optional: true
-        image: quay.io/argoproj/argocd:v2.2.4
+        image: quay.io/argoproj/argocd:v2.2.5
         imagePullPolicy: Always
         livenessProbe:
           httpGet:
@@ -1757,7 +1757,7 @@ spec:
               key: controller.default.cache.expiration
               name: argocd-cmd-params-cm
               optional: true
-        image: quay.io/argoproj/argocd:v2.2.4
+        image: quay.io/argoproj/argocd:v2.2.5
         imagePullPolicy: Always
         livenessProbe:
           httpGet:

manifests/install.yaml

@@ -3079,7 +3079,7 @@ spec:
         - -n
         - /usr/local/bin/argocd
         - /shared/argocd-dex
-        image: quay.io/argoproj/argocd:v2.2.4
+        image: quay.io/argoproj/argocd:v2.2.5
         imagePullPolicy: Always
         name: copyutil
         volumeMounts:
@@ -3260,7 +3260,7 @@ spec:
           value: /helm-working-dir
         - name: HELM_DATA_HOME
           value: /helm-working-dir
-        image: quay.io/argoproj/argocd:v2.2.4
+        image: quay.io/argoproj/argocd:v2.2.5
         imagePullPolicy: Always
         livenessProbe:
           failureThreshold: 3
@@ -3309,7 +3309,7 @@ spec:
         - -n
         - /usr/local/bin/argocd
         - /var/run/argocd/argocd-cmp-server
-        image: quay.io/argoproj/argocd:v2.2.4
+        image: quay.io/argoproj/argocd:v2.2.5
         name: copyutil
         volumeMounts:
         - mountPath: /var/run/argocd
@@ -3532,7 +3532,7 @@ spec:
               key: server.http.cookie.maxnumber
               name: argocd-cmd-params-cm
               optional: true
-        image: quay.io/argoproj/argocd:v2.2.4
+        image: quay.io/argoproj/argocd:v2.2.5
         imagePullPolicy: Always
         livenessProbe:
           httpGet:
@@ -3722,7 +3722,7 @@ spec:
               key: controller.default.cache.expiration
               name: argocd-cmd-params-cm
               optional: true
-        image: quay.io/argoproj/argocd:v2.2.4
+        image: quay.io/argoproj/argocd:v2.2.5
         imagePullPolicy: Always
         livenessProbe:
           httpGet:

manifests/namespace-install.yaml

@@ -438,7 +438,7 @@ spec:
         - -n
         - /usr/local/bin/argocd
         - /shared/argocd-dex
-        image: quay.io/argoproj/argocd:v2.2.4
+        image: quay.io/argoproj/argocd:v2.2.5
         imagePullPolicy: Always
         name: copyutil
         volumeMounts:
@@ -619,7 +619,7 @@ spec:
           value: /helm-working-dir
         - name: HELM_DATA_HOME
           value: /helm-working-dir
-        image: quay.io/argoproj/argocd:v2.2.4
+        image: quay.io/argoproj/argocd:v2.2.5
         imagePullPolicy: Always
         livenessProbe:
           failureThreshold: 3
@@ -668,7 +668,7 @@ spec:
         - -n
         - /usr/local/bin/argocd
         - /var/run/argocd/argocd-cmp-server
-        image: quay.io/argoproj/argocd:v2.2.4
+        image: quay.io/argoproj/argocd:v2.2.5
         name: copyutil
         volumeMounts:
         - mountPath: /var/run/argocd
@@ -891,7 +891,7 @@ spec:
               key: server.http.cookie.maxnumber
               name: argocd-cmd-params-cm
               optional: true
-        image: quay.io/argoproj/argocd:v2.2.4
+        image: quay.io/argoproj/argocd:v2.2.5
         imagePullPolicy: Always
         livenessProbe:
           httpGet:
@@ -1081,7 +1081,7 @@ spec:
               key: controller.default.cache.expiration
               name: argocd-cmd-params-cm
               optional: true
-        image: quay.io/argoproj/argocd:v2.2.4
+        image: quay.io/argoproj/argocd:v2.2.5
         imagePullPolicy: Always
         livenessProbe:
           httpGet:

reposerver/repository/repository.go

@@ -574,6 +574,13 @@ func resolveSymbolicLinkRecursive(path string, maxDepth int) (string, error) {
 		return "", fmt.Errorf("maximum nesting level reached")
 	}
 
+	// If we resolved to a relative symlink, make sure we use the absolute
+	// path for further resolving
+	if !strings.HasPrefix(resolved, "/") {
+		basePath := filepath.Dir(path)
+		resolved = filepath.Join(basePath, resolved)
+	}
+
 	return resolveSymbolicLinkRecursive(resolved, maxDepth-1)
 }
 

reposerver/repository/repository_test.go

@@ -731,6 +731,36 @@ func TestHelmManifestFromChartRepoWithValueFileOutsideRepo(t *testing.T) {
 	assert.Error(t, err)
 }
 
+func TestHelmManifestFromChartRepoWithValueFileLinks(t *testing.T) {
+	t.Run("Valid symlink", func(t *testing.T) {
+		service := newService("../..")
+		source := &argoappv1.ApplicationSource{
+			Chart:          "my-chart",
+			TargetRevision: ">= 1.0.0",
+			Helm: &argoappv1.ApplicationSourceHelm{
+				ValueFiles: []string{"my-chart-link.yaml"},
+			},
+		}
+		request := &apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: source, NoCache: true}
+		_, err := service.GenerateManifest(context.Background(), request)
+		assert.NoError(t, err)
+	})
+	t.Run("Symlink pointing to outside", func(t *testing.T) {
+		service := newService("../..")
+		source := &argoappv1.ApplicationSource{
+			Chart:          "my-chart",
+			TargetRevision: ">= 1.0.0",
+			Helm: &argoappv1.ApplicationSourceHelm{
+				ValueFiles: []string{"my-chart-outside-link.yaml"},
+			},
+		}
+		request := &apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: source, NoCache: true}
+		_, err := service.GenerateManifest(context.Background(), request)
+		assert.Error(t, err)
+		assert.Contains(t, err.Error(), "outside repository root")
+	})
+}
+
 func TestGenerateHelmWithURL(t *testing.T) {
 	service := newService("../..")
 
@@ -1618,40 +1648,34 @@ func Test_getHelmDependencyRepos(t *testing.T) {
 }
 
 func Test_resolveSymlinkRecursive(t *testing.T) {
-	cwd, err := os.Getwd()
-	require.NoError(t, err)
-	err = os.Chdir("testdata/symlinks")
-	require.NoError(t, err)
-	defer func() {
-		err := os.Chdir(cwd)
-		if err != nil {
-			panic(err)
-		}
-	}()
+	testsDir, err := filepath.Abs("./testdata/symlinks")
+	if err != nil {
+		panic(err)
+	}
 	t.Run("Resolve non-symlink", func(t *testing.T) {
-		r, err := resolveSymbolicLinkRecursive("foo", 2)
+		r, err := resolveSymbolicLinkRecursive(testsDir+"/foo", 2)
 		assert.NoError(t, err)
-		assert.Equal(t, "foo", r)
+		assert.Equal(t, testsDir+"/foo", r)
 	})
 	t.Run("Successfully resolve symlink", func(t *testing.T) {
-		r, err := resolveSymbolicLinkRecursive("bar", 2)
+		r, err := resolveSymbolicLinkRecursive(testsDir+"/bar", 2)
 		assert.NoError(t, err)
-		assert.Equal(t, "foo", r)
+		assert.Equal(t, testsDir+"/foo", r)
 	})
 	t.Run("Do not allow symlink at all", func(t *testing.T) {
-		r, err := resolveSymbolicLinkRecursive("bar", 0)
+		r, err := resolveSymbolicLinkRecursive(testsDir+"/bar", 0)
 		assert.Error(t, err)
 		assert.Equal(t, "", r)
 	})
 	t.Run("Error because too nested symlink", func(t *testing.T) {
-		r, err := resolveSymbolicLinkRecursive("bam", 2)
+		r, err := resolveSymbolicLinkRecursive(testsDir+"/bam", 2)
 		assert.Error(t, err)
 		assert.Equal(t, "", r)
 	})
 	t.Run("No such file or directory", func(t *testing.T) {
-		r, err := resolveSymbolicLinkRecursive("foobar", 2)
+		r, err := resolveSymbolicLinkRecursive(testsDir+"/foobar", 2)
 		assert.NoError(t, err)
-		assert.Equal(t, "foobar", r)
+		assert.Equal(t, testsDir+"/foobar", r)
 	})
 }
 

reposerver/repository/testdata/my-chart/my-chart-link.yaml

@@ -0,0 +1 @@
+my-chart-values.yaml

reposerver/repository/testdata/my-chart/my-chart-outside-link.yaml

@@ -0,0 +1 @@
+../my-chart-2/my-chart-2-values.yaml