fix: upgrade slsa-github-generator (#15173 )

Signed-off-by: Justin Marquis <34fathombelow@protonmail.com>
fix(ui): code lint (#15150 ) (#15161 )
2026-03-11 10:58:47 +01:00 · 2023-08-22 18:17:50 -04:00 · 2023-08-22 14:20:53 -04:00 · 2023-08-22 13:08:32 -04:00 · 2023-08-21 16:29:04 -04:00 · 2023-08-21 16:15:09 -04:00
34 changed files with 406 additions and 64 deletions
--- a/.github/workflows/image.yaml
+++ b/.github/workflows/image.yaml
@@ -85,7 +85,7 @@ jobs:
      packages: write # for uploading attestations. (https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/container/README.md#known-issues)
    if: ${{ github.repository == 'argoproj/argo-cd' && github.event_name == 'push' }}
    # Must be refernced by a tag. https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/container/README.md#referencing-the-slsa-generator
-    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v1.5.0
+    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v1.8.0
    with:
      image: quay.io/argoproj/argocd
      digest: ${{ needs.build-and-publish.outputs.image-digest }}
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -38,7 +38,7 @@ jobs:
        packages: write # for uploading attestations. (https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/container/README.md#known-issues)
      # Must be refernced by a tag. https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/container/README.md#referencing-the-slsa-generator
      if: github.repository == 'argoproj/argo-cd'
-      uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v1.5.0
+      uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v1.8.0
      with:
        image: quay.io/argoproj/argocd
        digest: ${{ needs.argocd-image.outputs.image-digest }}
@@ -120,7 +120,7 @@ jobs:
      contents: write #  Needed for release uploads
    if: github.repository == 'argoproj/argo-cd'
    # Must be refernced by a tag. https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/container/README.md#referencing-the-slsa-generator
-    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.5.0
+    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.8.0
    with:
      base64-subjects: "${{ needs.goreleaser.outputs.hashes }}"
      provenance-name: "argocd-cli.intoto.jsonl"
--- a/2
+++ b/2
@@ -1,4 +1,4 @@
-ARG BASE_IMAGE=docker.io/library/ubuntu:22.04@sha256:ac58ff7fe25edc58bdf0067ca99df00014dbd032e2246d30a722fa348fd799a5
+ARG BASE_IMAGE=docker.io/library/ubuntu:22.04@sha256:0bced47fffa3361afa981854fcabcd4577cd43cebbb808cea2b1f33a3dd7f508
 ####################################################################################################
 # Builder image
 # Initial stage which pulls prepares build dependencies and CLI tooling we need for our final image
--- a/2
+++ b/2
@@ -1 +1 @@
-2.7.10
+2.7.12
--- a/cmpserver/plugin/plugin.go
+++ b/cmpserver/plugin/plugin.go
@@ -97,6 +97,14 @@ func runCommand(ctx context.Context, command Command, path string, env []string)
 		<-ctx.Done()
 		// Kill by group ID to make sure child processes are killed. The - tells `kill` that it's a group ID.
 		// Since we didn't set Pgid in SysProcAttr, the group ID is the same as the process ID. https://pkg.go.dev/syscall#SysProcAttr
+
+		// Sending a TERM signal first to allow any potential cleanup if needed, and then sending a KILL signal
+		_ = sysCallTerm(-cmd.Process.Pid)
+
+		// modify cleanup timeout to allow process to cleanup
+		cleanupTimeout := 5 * time.Second
+		time.Sleep(cleanupTimeout)
+
 		_ = sysCallKill(-cmd.Process.Pid)
 	}()

--- a/cmpserver/plugin/plugin_test.go
+++ b/cmpserver/plugin/plugin_test.go
@@ -369,6 +369,28 @@ func TestRunCommandEmptyCommand(t *testing.T) {
 	assert.ErrorContains(t, err, "Command is empty")
 }

+// TestRunCommandContextTimeoutWithGracefulTermination makes sure that the process is given enough time to cleanup before sending SIGKILL.
+func TestRunCommandContextTimeoutWithCleanup(t *testing.T) {
+	ctx, cancel := context.WithTimeout(context.Background(), 900*time.Millisecond)
+	defer cancel()
+
+	// Use a subshell so there's a child command.
+	// This command sleeps for 4 seconds which is currently less than the 5 second delay between SIGTERM and SIGKILL signal and then exits successfully.
+	command := Command{
+		Command: []string{"sh", "-c"},
+		Args:    []string{`(trap 'echo "cleanup completed"; exit' TERM; sleep 4)`},
+	}
+
+	before := time.Now()
+	output, err := runCommand(ctx, command, "", []string{})
+	after := time.Now()
+
+	assert.Error(t, err) // The command should time out, causing an error.
+	assert.Less(t, after.Sub(before), 1*time.Second)
+	// The command should still have completed the cleanup after termination.
+	assert.Contains(t, output, "cleanup completed")
+}
+
 func Test_getParametersAnnouncement_empty_command(t *testing.T) {
 	staticYAML := `
 - name: static-a
--- a/cmpserver/plugin/plugin_unix.go
+++ b/cmpserver/plugin/plugin_unix.go
@@ -14,3 +14,7 @@ func newSysProcAttr(setpgid bool) *syscall.SysProcAttr {
 func sysCallKill(pid int) error {
 	return syscall.Kill(pid, syscall.SIGKILL)
 }
+
+func sysCallTerm(pid int) error {
+	return syscall.Kill(pid, syscall.SIGTERM)
+}
--- a/cmpserver/plugin/plugin_windows.go
+++ b/cmpserver/plugin/plugin_windows.go
@@ -14,3 +14,7 @@ func newSysProcAttr(setpgid bool) *syscall.SysProcAttr {
 func sysCallKill(pid int) error {
 	return nil
 }
+
+func sysCallTerm(pid int) error {
+	return nil
+}
--- a/docs/operator-manual/application.yaml
+++ b/docs/operator-manual/application.yaml
@@ -172,6 +172,7 @@ spec:
    - CreateNamespace=true # Namespace Auto-Creation ensures that namespace specified as the application destination exists in the destination cluster.
    - PrunePropagationPolicy=foreground # Supported policies are background, foreground and orphan.
    - PruneLast=true # Allow the ability for resource pruning to happen as a final, implicit wave of a sync operation
+    - RespectIgnoreDifferences=true # When syncing changes, respect fields ignored by the ignoreDifferences configuration
    managedNamespaceMetadata: # Sets the metadata for the application namespace. Only valid if CreateNamespace=true (see above), otherwise it's a no-op.
      labels: # The labels to set on the application namespace
        any: label
@@ -190,7 +191,7 @@ spec:
        maxDuration: 3m # the maximum amount of time allowed for the backoff strategy

  # Will ignore differences between live and desired states during the diff. Note that these configurations are not
-  # used during the sync process.
+  # used during the sync process unless the `RespectIgnoreDifferences=true` sync option is enabled.
  ignoreDifferences:
  # for the specified json pointers
  - group: apps
@@ -202,6 +203,9 @@ spec:
    kind: "*"
    managedFieldsManagers:
    - kube-controller-manager
+    # Name and namespace are optional. If specified, they must match exactly, these are not glob patterns.
+    name: my-deployment
+    namespace: my-namespace

  # RevisionHistoryLimit limits the number of items kept in the application's revision history, which is used for
  # informational purposes as well as for rollbacks to previous versions. This should only be changed in exceptional
--- a/docs/operator-manual/applicationset/Generators-Git.md
+++ b/docs/operator-manual/applicationset/Generators-Git.md
@@ -153,7 +153,7 @@ Or, a shorter way (using [path.Match](https://golang.org/pkg/path/#Match) syntax

 ```yaml
 - path: /d/*
- path: /d/[f|g]
+- path: /d/[fg]
  exclude: true
 ```

--- a/docs/operator-manual/applicationset/Generators.md
+++ b/docs/operator-manual/applicationset/Generators.md
@@ -6,7 +6,7 @@ Generators are primarily based on the data source that they use to generate the

 As of this writing there are eight generators:

- [List generator](Generators-List.md): The List generator allows you to target Argo CD Applications to clusters based on a fixed list of cluster name/URL values.
+- [List generator](Generators-List.md): The List generator allows you to target Argo CD Applications to clusters based on a fixed list of any chosen key/value element pairs.
 - [Cluster generator](Generators-Cluster.md): The Cluster generator allows you to target Argo CD Applications to clusters, based on the list of clusters defined within (and managed by) Argo CD (which includes automatically responding to cluster addition/removal events from Argo CD).
 - [Git generator](Generators-Git.md): The Git generator allows you to create Applications based on files within a Git repository, or based on the directory structure of a Git repository.
 - [Matrix generator](Generators-Matrix.md): The Matrix generator may be used to combine the generated parameters of two separate generators.
--- a/docs/operator-manual/applicationset/Progressive-Syncs.md
+++ b/docs/operator-manual/applicationset/Progressive-Syncs.md
@@ -15,7 +15,7 @@ As an experimental feature, progressive syncs must be explicitly enabled, in one

 1. Pass `--enable-progressive-syncs` to the ApplicationSet controller args.
 1. Set `ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_PROGRESSIVE_SYNCS=true` in the ApplicationSet controller environment variables.
-1. Set `applicationsetcontroller.enable.progressive.syncs: true` in the Argo CD ConfigMap.
+1. Set `applicationsetcontroller.enable.progressive.syncs: true` in the Argo CD `argocd-cmd-params-cm` ConfigMap.

 ## Strategies

--- a/docs/operator-manual/project.yaml
+++ b/docs/operator-manual/project.yaml
@@ -86,3 +86,8 @@ spec:
    clusters:
      - in-cluster
      - cluster1
+
+  # By default, apps may sync to any cluster specified under the `destinations` field, even if they are not
+  # scoped to this project. Set the following field to `true` to restrict apps in this cluster to only clusters
+  # scoped to this project.
+  permitOnlyProjectScopedClusters: false
--- a/docs/user-guide/annotations-and-labels.md
+++ b/docs/user-guide/annotations-and-labels.md
@@ -0,0 +1,26 @@
+# Annotations and Labels used by Argo CD
+
+## Annotations
+
+| Annotation key                             | Target resource(es) | Possible values                                                                                   | Description                                                                                                                                                                                                  |
+|--------------------------------------------|---------------------|---------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| argocd.argoproj.io/application-set-refresh | ApplicationSet      | `"true"`                                                                                          | Added when an ApplicationSet is requested to be refreshed by a webhook. The ApplicationSet controller will remove this annotation at the end of reconciliation.                                              |
+| argocd.argoproj.io/compare-options         | any                 | [see compare options docs](compare-options.md)                                                    | Configures how an app's current state is compared to its desired state.                                                                                                                                      |
+| argocd.argoproj.io/hook                    | any                 | [see resource hooks docs](resource_hooks.md)                                                      | Used to configure [resource hooks](resource_hooks.md).                                                                                                                                                       |
+| argocd.argoproj.io/hook-delete-policy      | any                 | [see resource hooks docs](resource_hooks.md#hook-deletion-policies)                               | Used to set a [resource hook's deletion policy](resource_hooks.md#hook-deletion-policies).                                                                                                                   |
+| argocd.argoproj.io/manifest-generate-paths | Application         | [see scaling docs](../operator-manual/high_availability.md#webhook-and-manifest-paths-annotation) | Used to avoid unnecessary Application refreshes, especially in mono-repos.                                                                                                                                   |
+| argocd.argoproj.io/refresh                 | Application         | `normal`, `hard`                                                                                  | Indicates that app needs to be refreshed. Removed by application controller after app is refreshed. Value `"hard"` means manifest cache and target cluster state cache should be invalidated before refresh. |
+| argocd.argoproj.io/skip-reconcile          | Application         | `"true"`                                                                                          | Indicates to the Argo CD application controller that the Application should not be reconciled. See the [skip reconcile documentation](skip_reconcile.md) for use cases.                                      |
+| argocd.argoproj.io/sync-options            | any                 | [see sync options docs](sync-options.md)                                                          | Provides a variety of settings to determine how an Application's resources are synced.                                                                                                                       |
+| argocd.argoproj.io/sync-wave               | any                 | [see sync waves docs](sync-waves.md)                                                              |                                                                                                                                                                                                              |
+| argocd.argoproj.io/tracking-id             | any                 | any                                                                                               | Used by Argo CD to track resources it manages. See [resource tracking docs](resource_tracking.md) for details.                                                                                               |
+| link.argocd.argoproj.io/{some link name}   | any                 | An http(s) URL                                                                                    | Adds a link to the Argo CD UI for the resource. See [external URL docs](external-url.md) for details.                                                                                                        |
+| pref.argocd.argoproj.io/default-pod-sort   | Application         | [see UI customization docs](../operator-manual/ui-customization.md)                               | Sets the Application's default grouping mechanism.                                                                                                                                                           |
+| pref.argocd.argoproj.io/default-view       | Application         | [see UI customization docs](../operator-manual/ui-customization.md)                               | Sets the Application's default view mode (e.g. "tree" or "list")                                                                                                                                             |
+
+## Labels
+
+| Label key                      | Target resource(es) | Possible values                       | Description                                                                                                                                                     |
+|--------------------------------|---------------------|---------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| argocd.argoproj.io/instance    | Application         | any                                   | Recommended tracking label to [avoid conflicts with other tools which use `app.kubernetes.io/instance`](../faq.md#why-is-my-app-out-of-sync-even-after-syncing. |
+| argocd.argoproj.io/secret-type | Secret              | `cluster`, `repository`, `repo-creds` | Identifies certain types of Secrets used by Argo CD. See the [Declarative Setup docs](../operator-manual/declarative-setup.md) for details.                     |
--- a/docs/user-guide/private-repositories.md
+++ b/docs/user-guide/private-repositories.md
@@ -279,7 +279,7 @@ It is possible to add and remove TLS certificates using the ArgoCD web UI:

 ### Managing TLS certificates using declarative configuration

-You can also manage TLS certificates in a declarative, self-managed ArgoCD setup. All TLS certificates are stored in the ConfigMap object `argocd-tls-cert-cm`.
+You can also manage TLS certificates in a declarative, self-managed ArgoCD setup. All TLS certificates are stored in the ConfigMap object `argocd-tls-certs-cm`.
 Please refer to the [Operator Manual](../../operator-manual/declarative-setup/#repositories-using-self-signed-tls-certificates-or-are-signed-by-custom-ca) for more information.

 ## Unknown SSH Hosts
--- a/docs/user-guide/sync-kubectl.md
+++ b/docs/user-guide/sync-kubectl.md
@@ -0,0 +1,144 @@
+# Sync Applications with Kubectl
+
+You can use "kubectl" to ask Argo CD to synchronize applications the same way you can use the CLI or UI. Many configurations like "force", "prune", "apply" and even synchronize a specific list of resources are equally supported. This is done by applying or patching the Argo CD application with a document that defines an "operation".
+
+This "operation" defines how a synchronization should be done and for what resources these synchronization is to be done.
+
+There are many configuration options that can be added to the "operation". Next, a few of them are explained. For more details, you can have a look at the CRD [applications.argoproj.io](https://github.com/argoproj/argo-cd/blob/master/manifests/crds/application-crd.yaml). Some of them are required, whereas others are optional.
+
+To ask Argo CD to synchronize all resources of a given application, we can do:
+
+```yaml
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: <app-name>
+  namespace: <namespace>
+spec:
+  ...
+operation:
+  initiatedBy:
+    username: <username>
+  sync:
+    syncStrategy:
+      hook: {}
+```
+
+```bash
+$ kubectl apply -f <apply-file>
+```
+
+The most important part is the "sync" definition in the "operation" field. You can pass optional information like "info" or "initiatedBy". "info" allows you to add information about the operation in the form of a list. "initiatedBy" contains information about who initiated the operation request.
+
+Or if you prefer, you also can patch:
+
+```yaml
+operation:
+  initiatedBy:
+    username: <username>
+  sync:
+    syncStrategy:
+    hook: {}
+```
+
+```bash
+$ kubectl patch -n <namespace> app <app-name> --patch-file <patch-file> --type merge
+```
+
+Be aware that patches, specially with merge strategies, may not work the way you expect especially if you change sync strategies or options.
+In these cases, "kubectl apply" gives better results.
+
+Either with a "kubectl patch" or "kubectl apply", the state of the synchronization is reported in the "operationState" field in the application object.
+
+```bash
+$ kubectl get -n <namespace> get app <app-name> -o yaml
+...
+status:
+  operationState:
+    finishedAt: "2023-08-03T11:16:17Z"
+    message: successfully synced (all tasks run)
+    phase: Succeeded
+```
+
+# Apply and Hook synchronization strategies
+
+There are two types of synchronization strategies: "hook", which is the default value, and "apply".
+
+An "apply" sync strategy tells Argo CD to "kubectl apply", whereas a "hook" sync strategy informs Argo CD to submit any resource that's referenced in the operation. This way the synchronization of these resources will take into consideration any hook the resource has been annotated with.
+
+```yaml
+operation:
+  sync:
+    syncStrategy:
+      apply: {}
+```
+
+```yaml
+operation:
+  sync:
+    syncStrategy:
+      hook: {}
+```
+
+Both strategies support "force". However, you need to be aware that a force operation deletes the resource when patch encounters a conflict after having retried 5 times.
+
+```yaml
+operation:
+  sync:
+    syncStrategy:
+      apply:
+        force: true
+```
+
+```yaml
+operation:
+  sync:
+    syncStrategy:
+      hook:
+        force: true
+```
+
+# Prune
+
+If you want to prune your resources before applying, you can instruct Argo CD to do so:
+
+```yaml
+operation:
+  sync:
+    prune: true
+```
+
+# List of resources
+
+There's always the possibility to pass a list of resources. This list can be all resources the application manages or only a subset, for example resources that remained out of sync for some reason.
+
+Only "kind" and "name" are required fields when referencing resources, but the fields "groups" and "namespace" can also be defined:
+
+```yaml
+operation:
+  sync:
+    resources:
+      - kind: Namespace
+        name: namespace-name
+      - kind: ServiceAccount
+        name: service-account-name
+        namespace: namespace-name
+      - group: networking.k8s.io
+        kind: NetworkPolicy
+        name: network-policy-name
+        namespace: namespace-name
+```
+
+# Sync Options
+
+In an operation, you can also pass sync-options. Each of these options is passed as "name=value" pairs. For example:
+
+```yaml
+operations:
+  sync:
+    syncOptions:
+      - Validate=false
+      - Prune=false
+```
+
+For more information about sync options, please refer to [sync-options](https://argo-cd.readthedocs.io/en/stable/user-guide/sync-options/)
--- a/manifests/base/kustomization.yaml
+++ b/manifests/base/kustomization.yaml
@@ -5,7 +5,7 @@ kind: Kustomization
 images:
 - name: quay.io/argoproj/argocd
  newName: quay.io/argoproj/argocd
-  newTag: v2.7.10
+  newTag: v2.7.12
 resources:
 - ./application-controller
 - ./dex
--- a/manifests/core-install.yaml
+++ b/manifests/core-install.yaml
@@ -16706,7 +16706,7 @@ spec:
              key: applicationsetcontroller.enable.progressive.syncs
              name: argocd-cmd-params-cm
              optional: true
-        image: quay.io/argoproj/argocd:v2.7.10
+        image: quay.io/argoproj/argocd:v2.7.12
        imagePullPolicy: Always
        name: argocd-applicationset-controller
        ports:
@@ -16968,7 +16968,7 @@ spec:
          value: /helm-working-dir
        - name: HELM_DATA_HOME
          value: /helm-working-dir
-        image: quay.io/argoproj/argocd:v2.7.10
+        image: quay.io/argoproj/argocd:v2.7.12
        imagePullPolicy: Always
        livenessProbe:
          failureThreshold: 3
@@ -17020,7 +17020,7 @@ spec:
        - -n
        - /usr/local/bin/argocd
        - /var/run/argocd/argocd-cmp-server
-        image: quay.io/argoproj/argocd:v2.7.10
+        image: quay.io/argoproj/argocd:v2.7.12
        name: copyutil
        securityContext:
          allowPrivilegeEscalation: false
@@ -17233,7 +17233,7 @@ spec:
              key: controller.kubectl.parallelism.limit
              name: argocd-cmd-params-cm
              optional: true
-        image: quay.io/argoproj/argocd:v2.7.10
+        image: quay.io/argoproj/argocd:v2.7.12
        imagePullPolicy: Always
        name: argocd-application-controller
        ports:
--- a/manifests/core-install/kustomization.yaml
+++ b/manifests/core-install/kustomization.yaml
@@ -12,4 +12,4 @@ resources:
 images:
 - name: quay.io/argoproj/argocd
  newName: quay.io/argoproj/argocd
-  newTag: v2.7.10
+  newTag: v2.7.12
--- a/manifests/ha/base/kustomization.yaml
+++ b/manifests/ha/base/kustomization.yaml
@@ -12,7 +12,7 @@ patches:
 images:
 - name: quay.io/argoproj/argocd
  newName: quay.io/argoproj/argocd
-  newTag: v2.7.10
+  newTag: v2.7.12
 resources:
 - ../../base/application-controller
 - ../../base/applicationset-controller
--- a/manifests/ha/install.yaml
+++ b/manifests/ha/install.yaml
@@ -17927,7 +17927,7 @@ spec:
              key: applicationsetcontroller.enable.progressive.syncs
              name: argocd-cmd-params-cm
              optional: true
-        image: quay.io/argoproj/argocd:v2.7.10
+        image: quay.io/argoproj/argocd:v2.7.12
        imagePullPolicy: Always
        name: argocd-applicationset-controller
        ports:
@@ -18037,7 +18037,7 @@ spec:
        - -n
        - /usr/local/bin/argocd
        - /shared/argocd-dex
-        image: quay.io/argoproj/argocd:v2.7.10
+        image: quay.io/argoproj/argocd:v2.7.12
        imagePullPolicy: Always
        name: copyutil
        securityContext:
@@ -18094,7 +18094,7 @@ spec:
      containers:
      - args:
        - /usr/local/bin/argocd-notifications
-        image: quay.io/argoproj/argocd:v2.7.10
+        image: quay.io/argoproj/argocd:v2.7.12
        imagePullPolicy: Always
        livenessProbe:
          tcpSocket:
@@ -18399,7 +18399,7 @@ spec:
          value: /helm-working-dir
        - name: HELM_DATA_HOME
          value: /helm-working-dir
-        image: quay.io/argoproj/argocd:v2.7.10
+        image: quay.io/argoproj/argocd:v2.7.12
        imagePullPolicy: Always
        livenessProbe:
          failureThreshold: 3
@@ -18451,7 +18451,7 @@ spec:
        - -n
        - /usr/local/bin/argocd
        - /var/run/argocd/argocd-cmp-server
-        image: quay.io/argoproj/argocd:v2.7.10
+        image: quay.io/argoproj/argocd:v2.7.12
        name: copyutil
        securityContext:
          allowPrivilegeEscalation: false
@@ -18733,7 +18733,7 @@ spec:
              key: server.enable.proxy.extension
              name: argocd-cmd-params-cm
              optional: true
-        image: quay.io/argoproj/argocd:v2.7.10
+        image: quay.io/argoproj/argocd:v2.7.12
        imagePullPolicy: Always
        livenessProbe:
          httpGet:
@@ -18978,7 +18978,7 @@ spec:
              key: controller.kubectl.parallelism.limit
              name: argocd-cmd-params-cm
              optional: true
-        image: quay.io/argoproj/argocd:v2.7.10
+        image: quay.io/argoproj/argocd:v2.7.12
        imagePullPolicy: Always
        name: argocd-application-controller
        ports:
--- a/manifests/ha/namespace-install.yaml
+++ b/manifests/ha/namespace-install.yaml
@@ -1587,7 +1587,7 @@ spec:
              key: applicationsetcontroller.enable.progressive.syncs
              name: argocd-cmd-params-cm
              optional: true
-        image: quay.io/argoproj/argocd:v2.7.10
+        image: quay.io/argoproj/argocd:v2.7.12
        imagePullPolicy: Always
        name: argocd-applicationset-controller
        ports:
@@ -1697,7 +1697,7 @@ spec:
        - -n
        - /usr/local/bin/argocd
        - /shared/argocd-dex
-        image: quay.io/argoproj/argocd:v2.7.10
+        image: quay.io/argoproj/argocd:v2.7.12
        imagePullPolicy: Always
        name: copyutil
        securityContext:
@@ -1754,7 +1754,7 @@ spec:
      containers:
      - args:
        - /usr/local/bin/argocd-notifications
-        image: quay.io/argoproj/argocd:v2.7.10
+        image: quay.io/argoproj/argocd:v2.7.12
        imagePullPolicy: Always
        livenessProbe:
          tcpSocket:
@@ -2059,7 +2059,7 @@ spec:
          value: /helm-working-dir
        - name: HELM_DATA_HOME
          value: /helm-working-dir
-        image: quay.io/argoproj/argocd:v2.7.10
+        image: quay.io/argoproj/argocd:v2.7.12
        imagePullPolicy: Always
        livenessProbe:
          failureThreshold: 3
@@ -2111,7 +2111,7 @@ spec:
        - -n
        - /usr/local/bin/argocd
        - /var/run/argocd/argocd-cmp-server
-        image: quay.io/argoproj/argocd:v2.7.10
+        image: quay.io/argoproj/argocd:v2.7.12
        name: copyutil
        securityContext:
          allowPrivilegeEscalation: false
@@ -2393,7 +2393,7 @@ spec:
              key: server.enable.proxy.extension
              name: argocd-cmd-params-cm
              optional: true
-        image: quay.io/argoproj/argocd:v2.7.10
+        image: quay.io/argoproj/argocd:v2.7.12
        imagePullPolicy: Always
        livenessProbe:
          httpGet:
@@ -2638,7 +2638,7 @@ spec:
              key: controller.kubectl.parallelism.limit
              name: argocd-cmd-params-cm
              optional: true
-        image: quay.io/argoproj/argocd:v2.7.10
+        image: quay.io/argoproj/argocd:v2.7.12
        imagePullPolicy: Always
        name: argocd-application-controller
        ports:
--- a/manifests/install.yaml
+++ b/manifests/install.yaml
@@ -17044,7 +17044,7 @@ spec:
              key: applicationsetcontroller.enable.progressive.syncs
              name: argocd-cmd-params-cm
              optional: true
-        image: quay.io/argoproj/argocd:v2.7.10
+        image: quay.io/argoproj/argocd:v2.7.12
        imagePullPolicy: Always
        name: argocd-applicationset-controller
        ports:
@@ -17154,7 +17154,7 @@ spec:
        - -n
        - /usr/local/bin/argocd
        - /shared/argocd-dex
-        image: quay.io/argoproj/argocd:v2.7.10
+        image: quay.io/argoproj/argocd:v2.7.12
        imagePullPolicy: Always
        name: copyutil
        securityContext:
@@ -17211,7 +17211,7 @@ spec:
      containers:
      - args:
        - /usr/local/bin/argocd-notifications
-        image: quay.io/argoproj/argocd:v2.7.10
+        image: quay.io/argoproj/argocd:v2.7.12
        imagePullPolicy: Always
        livenessProbe:
          tcpSocket:
@@ -17468,7 +17468,7 @@ spec:
          value: /helm-working-dir
        - name: HELM_DATA_HOME
          value: /helm-working-dir
-        image: quay.io/argoproj/argocd:v2.7.10
+        image: quay.io/argoproj/argocd:v2.7.12
        imagePullPolicy: Always
        livenessProbe:
          failureThreshold: 3
@@ -17520,7 +17520,7 @@ spec:
        - -n
        - /usr/local/bin/argocd
        - /var/run/argocd/argocd-cmp-server
-        image: quay.io/argoproj/argocd:v2.7.10
+        image: quay.io/argoproj/argocd:v2.7.12
        name: copyutil
        securityContext:
          allowPrivilegeEscalation: false
@@ -17795,7 +17795,7 @@ spec:
              key: server.enable.proxy.extension
              name: argocd-cmd-params-cm
              optional: true
-        image: quay.io/argoproj/argocd:v2.7.10
+        image: quay.io/argoproj/argocd:v2.7.12
        imagePullPolicy: Always
        livenessProbe:
          httpGet:
@@ -18035,7 +18035,7 @@ spec:
              key: controller.kubectl.parallelism.limit
              name: argocd-cmd-params-cm
              optional: true
-        image: quay.io/argoproj/argocd:v2.7.10
+        image: quay.io/argoproj/argocd:v2.7.12
        imagePullPolicy: Always
        name: argocd-application-controller
        ports:
--- a/manifests/namespace-install.yaml
+++ b/manifests/namespace-install.yaml
@@ -704,7 +704,7 @@ spec:
              key: applicationsetcontroller.enable.progressive.syncs
              name: argocd-cmd-params-cm
              optional: true
-        image: quay.io/argoproj/argocd:v2.7.10
+        image: quay.io/argoproj/argocd:v2.7.12
        imagePullPolicy: Always
        name: argocd-applicationset-controller
        ports:
@@ -814,7 +814,7 @@ spec:
        - -n
        - /usr/local/bin/argocd
        - /shared/argocd-dex
-        image: quay.io/argoproj/argocd:v2.7.10
+        image: quay.io/argoproj/argocd:v2.7.12
        imagePullPolicy: Always
        name: copyutil
        securityContext:
@@ -871,7 +871,7 @@ spec:
      containers:
      - args:
        - /usr/local/bin/argocd-notifications
-        image: quay.io/argoproj/argocd:v2.7.10
+        image: quay.io/argoproj/argocd:v2.7.12
        imagePullPolicy: Always
        livenessProbe:
          tcpSocket:
@@ -1128,7 +1128,7 @@ spec:
          value: /helm-working-dir
        - name: HELM_DATA_HOME
          value: /helm-working-dir
-        image: quay.io/argoproj/argocd:v2.7.10
+        image: quay.io/argoproj/argocd:v2.7.12
        imagePullPolicy: Always
        livenessProbe:
          failureThreshold: 3
@@ -1180,7 +1180,7 @@ spec:
        - -n
        - /usr/local/bin/argocd
        - /var/run/argocd/argocd-cmp-server
-        image: quay.io/argoproj/argocd:v2.7.10
+        image: quay.io/argoproj/argocd:v2.7.12
        name: copyutil
        securityContext:
          allowPrivilegeEscalation: false
@@ -1455,7 +1455,7 @@ spec:
              key: server.enable.proxy.extension
              name: argocd-cmd-params-cm
              optional: true
-        image: quay.io/argoproj/argocd:v2.7.10
+        image: quay.io/argoproj/argocd:v2.7.12
        imagePullPolicy: Always
        livenessProbe:
          httpGet:
@@ -1695,7 +1695,7 @@ spec:
              key: controller.kubectl.parallelism.limit
              name: argocd-cmd-params-cm
              optional: true
-        image: quay.io/argoproj/argocd:v2.7.10
+        image: quay.io/argoproj/argocd:v2.7.12
        imagePullPolicy: Always
        name: argocd-application-controller
        ports:
--- a/mkdocs.yml
+++ b/mkdocs.yml
@@ -157,6 +157,7 @@ nav:
  - user-guide/selective_sync.md
  - user-guide/sync-waves.md
  - user-guide/sync_windows.md
+  - user-guide/sync-kubectl.md
  - user-guide/skip_reconcile.md
  - Generating Applications with ApplicationSet: user-guide/application-set.md
  - user-guide/ci_automation.md
@@ -166,6 +167,7 @@ nav:
  - user-guide/external-url.md
  - user-guide/extra_info.md
  - Notification subscriptions: user-guide/subscriptions.md
+  - user-guide/annotations-and-labels.md
  - Command Reference: user-guide/commands/argocd.md
 - Developer Guide:
  - developer-guide/index.md
--- a/server/application/application.go
+++ b/server/application/application.go
@@ -1389,7 +1389,7 @@ func (s *Server) ManagedResources(ctx context.Context, q *application.ResourcesQ
 	res := &application.ManagedResourcesResponse{}
 	for i := range items {
 		item := items[i]
-		if isMatchingResource(q, kube.ResourceKey{Name: item.Name, Namespace: item.Namespace, Kind: item.Kind, Group: item.Group}) {
+		if !item.Hook && isMatchingResource(q, kube.ResourceKey{Name: item.Name, Namespace: item.Namespace, Kind: item.Kind, Group: item.Group}) {
 			res.Items = append(res.Items, item)
 		}
 	}
--- a/server/application/terminal.go
+++ b/server/application/terminal.go
@@ -5,6 +5,7 @@ import (
 	"io"
 	"net/http"

+	util_session "github.com/argoproj/argo-cd/v2/util/session"
 	"github.com/argoproj/gitops-engine/pkg/utils/kube"
 	log "github.com/sirupsen/logrus"
 	v1 "k8s.io/api/core/v1"
@@ -36,11 +37,12 @@ type terminalHandler struct {
 	allowedShells     []string
 	namespace         string
 	enabledNamespaces []string
+	sessionManager    util_session.SessionManager
 }

 // NewHandler returns a new terminal handler.
 func NewHandler(appLister applisters.ApplicationLister, namespace string, enabledNamespaces []string, db db.ArgoDB, enf *rbac.Enforcer, cache *servercache.Cache,
-	appResourceTree AppResourceTreeFn, allowedShells []string) *terminalHandler {
+	appResourceTree AppResourceTreeFn, allowedShells []string, sessionManager util_session.SessionManager) *terminalHandler {
 	return &terminalHandler{
 		appLister:         appLister,
 		db:                db,
@@ -50,6 +52,7 @@ func NewHandler(appLister applisters.ApplicationLister, namespace string, enable
 		allowedShells:     allowedShells,
 		namespace:         namespace,
 		enabledNamespaces: enabledNamespaces,
+		sessionManager:    sessionManager,
 	}
 }

@@ -221,7 +224,7 @@ func (s *terminalHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {

 	fieldLog.Info("terminal session starting")

-	session, err := newTerminalSession(w, r, nil)
+	session, err := newTerminalSession(w, r, nil, s.sessionManager)
 	if err != nil {
 		http.Error(w, "Failed to start terminal session", http.StatusBadRequest)
 		return
@@ -277,6 +280,11 @@ type TerminalMessage struct {
 	Cols      uint16 `json:"cols"`
 }

+// TerminalCommand is the struct for websocket commands,For example you need ask client to reconnect
+type TerminalCommand struct {
+	Code int
+}
+
 // startProcess executes specified commands in the container and connects it up with the ptyHandler (a session)
 func startProcess(k8sClient kubernetes.Interface, cfg *rest.Config, namespace, podName, containerName string, cmd []string, ptyHandler PtyHandler) error {
 	req := k8sClient.CoreV1().RESTClient().Post().
--- a/server/application/websocket.go
+++ b/server/application/websocket.go
@@ -3,6 +3,9 @@ package application
 import (
 	"encoding/json"
 	"fmt"
+	"github.com/argoproj/argo-cd/v2/common"
+	httputil "github.com/argoproj/argo-cd/v2/util/http"
+	util_session "github.com/argoproj/argo-cd/v2/util/session"
 	"net/http"
 	"sync"
 	"time"
@@ -12,6 +15,11 @@ import (
 	"k8s.io/client-go/tools/remotecommand"
 )

+const (
+	ReconnectCode    = 1
+	ReconnectMessage = "\nReconnect because the token was refreshed...\n"
+)
+
 var upgrader = func() websocket.Upgrader {
 	upgrader := websocket.Upgrader{}
 	upgrader.HandshakeTimeout = time.Second * 2
@@ -23,25 +31,40 @@ var upgrader = func() websocket.Upgrader {

 // terminalSession implements PtyHandler
 type terminalSession struct {
-	wsConn    *websocket.Conn
-	sizeChan  chan remotecommand.TerminalSize
-	doneChan  chan struct{}
-	tty       bool
-	readLock  sync.Mutex
-	writeLock sync.Mutex
+	wsConn         *websocket.Conn
+	sizeChan       chan remotecommand.TerminalSize
+	doneChan       chan struct{}
+	tty            bool
+	readLock       sync.Mutex
+	writeLock      sync.Mutex
+	sessionManager util_session.SessionManager
+	token          *string
+}
+
+// getToken get auth token from web socket request
+func getToken(r *http.Request) (string, error) {
+	cookies := r.Cookies()
+	return httputil.JoinCookies(common.AuthCookieName, cookies)
 }

 // newTerminalSession create terminalSession
-func newTerminalSession(w http.ResponseWriter, r *http.Request, responseHeader http.Header) (*terminalSession, error) {
+func newTerminalSession(w http.ResponseWriter, r *http.Request, responseHeader http.Header, sessionManager util_session.SessionManager) (*terminalSession, error) {
+	token, err := getToken(r)
+	if err != nil {
+		return nil, err
+	}
+
 	conn, err := upgrader.Upgrade(w, r, responseHeader)
 	if err != nil {
 		return nil, err
 	}
 	session := &terminalSession{
-		wsConn:   conn,
-		tty:      true,
-		sizeChan: make(chan remotecommand.TerminalSize),
-		doneChan: make(chan struct{}),
+		wsConn:         conn,
+		tty:            true,
+		sizeChan:       make(chan remotecommand.TerminalSize),
+		doneChan:       make(chan struct{}),
+		sessionManager: sessionManager,
+		token:          &token,
 	}
 	return session, nil
 }
@@ -61,8 +84,40 @@ func (t *terminalSession) Next() *remotecommand.TerminalSize {
 	}
 }

+// reconnect send reconnect code to client and ask them init new ws session
+func (t *terminalSession) reconnect() (int, error) {
+	reconnectCommand, _ := json.Marshal(TerminalCommand{
+		Code: ReconnectCode,
+	})
+	reconnectMessage, _ := json.Marshal(TerminalMessage{
+		Operation: "stdout",
+		Data:      ReconnectMessage,
+	})
+	t.writeLock.Lock()
+	err := t.wsConn.WriteMessage(websocket.TextMessage, reconnectMessage)
+	if err != nil {
+		log.Errorf("write message err: %v", err)
+		return 0, err
+	}
+	err = t.wsConn.WriteMessage(websocket.TextMessage, reconnectCommand)
+	if err != nil {
+		log.Errorf("write message err: %v", err)
+		return 0, err
+	}
+	t.writeLock.Unlock()
+	return 0, nil
+}
+
 // Read called in a loop from remotecommand as long as the process is running
 func (t *terminalSession) Read(p []byte) (int, error) {
+	// check if token still valid
+	_, newToken, err := t.sessionManager.VerifyToken(*t.token)
+	// err in case if token is revoked, newToken in case if refresh happened
+	if err != nil || newToken != "" {
+		// need to send reconnect code in case if token was refreshed
+		return t.reconnect()
+	}
+
 	t.readLock.Lock()
 	_, message, err := t.wsConn.ReadMessage()
 	t.readLock.Unlock()
--- a/server/application/websocket_test.go
+++ b/server/application/websocket_test.go
@@ -0,0 +1,46 @@
+package application
+
+import (
+	"encoding/json"
+	"github.com/gorilla/websocket"
+	"github.com/stretchr/testify/assert"
+	"net/http"
+	"net/http/httptest"
+	"strings"
+	"testing"
+)
+
+func reconnect(w http.ResponseWriter, r *http.Request) {
+	var upgrader = websocket.Upgrader{}
+	c, err := upgrader.Upgrade(w, r, nil)
+	if err != nil {
+		return
+	}
+
+	ts := terminalSession{wsConn: c}
+	_, _ = ts.reconnect()
+}
+
+func TestReconnect(t *testing.T) {
+
+	s := httptest.NewServer(http.HandlerFunc(reconnect))
+	defer s.Close()
+
+	u := "ws" + strings.TrimPrefix(s.URL, "http")
+
+	// Connect to the server
+	ws, _, err := websocket.DefaultDialer.Dial(u, nil)
+	assert.NoError(t, err)
+
+	defer ws.Close()
+
+	_, p, _ := ws.ReadMessage()
+
+	var message TerminalMessage
+
+	err = json.Unmarshal(p, &message)
+
+	assert.NoError(t, err)
+	assert.Equal(t, message.Data, ReconnectMessage)
+
+}
--- a/server/server.go
+++ b/server/server.go
@@ -962,7 +962,7 @@ func (a *ArgoCDServer) newHTTPServer(ctx context.Context, port int, grpcWebHandl
 	}
 	mux.Handle("/api/", handler)

-	terminal := application.NewHandler(a.appLister, a.Namespace, a.ApplicationNamespaces, a.db, a.enf, a.Cache, appResourceTreeFn, a.settings.ExecShells).
+	terminal := application.NewHandler(a.appLister, a.Namespace, a.ApplicationNamespaces, a.db, a.enf, a.Cache, appResourceTreeFn, a.settings.ExecShells, *a.sessionMgr).
 		WithFeatureFlagMiddleware(a.settingsMgr.GetSettings)
 	th := util_session.WithAuthMiddleware(a.DisableAuth, a.sessionMgr, terminal)
 	mux.Handle("/terminal", th)
@@ -975,6 +975,7 @@ func (a *ArgoCDServer) newHTTPServer(ctx context.Context, port int, grpcWebHandl
 		// will be added in mux.
 		registerExtensions(mux, a)
 	}
+
 	mustRegisterGWHandler(versionpkg.RegisterVersionServiceHandler, ctx, gwmux, conn)
 	mustRegisterGWHandler(clusterpkg.RegisterClusterServiceHandler, ctx, gwmux, conn)
 	mustRegisterGWHandler(applicationpkg.RegisterApplicationServiceHandler, ctx, gwmux, conn)
--- a/test/container/Dockerfile
+++ b/test/container/Dockerfile
@@ -14,7 +14,7 @@ FROM docker.io/library/registry:2.8@sha256:41f413c22d6156587e2a51f3e80c09808b8c7

 FROM docker.io/bitnami/kubectl:1.26@sha256:90d54ce960bf00b6d06cf1c69075a120d88e9f3237096b237c0a5efcacd5ed0b as kubectl

-FROM docker.io/library/ubuntu:22.04@sha256:ac58ff7fe25edc58bdf0067ca99df00014dbd032e2246d30a722fa348fd799a5
+FROM docker.io/library/ubuntu:22.04@sha256:0bced47fffa3361afa981854fcabcd4577cd43cebbb808cea2b1f33a3dd7f508

 ENV DEBIAN_FRONTEND=noninteractive
 RUN  apt-get update && apt-get install --fix-missing -y \
--- a/ui/src/app/applications/components/pod-logs-viewer/since-seconds-selector.tsx
+++ b/ui/src/app/applications/components/pod-logs-viewer/since-seconds-selector.tsx
@@ -4,7 +4,14 @@ import {Tooltip} from 'argo-ui';
 // SinceSelector is a component that renders a dropdown menu of time ranges
 export const SinceSecondsSelector = ({sinceSeconds, setSinceSeconds}: {sinceSeconds: number; setSinceSeconds: (value: number) => void}) => (
    <Tooltip content='Show logs since a given time'>
-        <select className='argo-field' style={{marginRight: '1em'}} value={sinceSeconds} onChange={e => setSinceSeconds(parseInt(e.target.value, 10))}>
+        <select
+            className='argo-field'
+            style={{marginRight: '1em'}}
+            value={sinceSeconds}
+            onChange={e => {
+                const v = parseInt(e.target.value, 10);
+                setSinceSeconds(!isNaN(v) ? v : null);
+            }}>
            <option value='60'>1m ago</option>
            <option value='300'>5m ago</option>
            <option value='600'>10m ago</option>
--- a/ui/src/app/applications/components/pod-terminal-viewer/pod-terminal-viewer.tsx
+++ b/ui/src/app/applications/components/pod-terminal-viewer/pod-terminal-viewer.tsx
@@ -72,7 +72,13 @@ export const PodTerminalViewer: React.FC<PodTerminalViewerProps> = ({

    const onConnectionMessage = (e: MessageEvent) => {
        const msg = JSON.parse(e.data);
-        connSubject.next(msg);
+        if (!msg?.Code) {
+            connSubject.next(msg);
+        } else {
+            // Do reconnect due to refresh token event
+            onConnectionClose();
+            setupConnection();
+        }
    };

    const onConnectionOpen = () => {
--- a/ui/src/app/shared/components/version-info/version-info-panel.tsx
+++ b/ui/src/app/shared/components/version-info/version-info-panel.tsx
@@ -105,7 +105,7 @@ export class VersionPanel extends React.Component<VersionPanelProps, {copyState:
    }

    private async onCopy(version: VersionMessage): Promise<void> {
-        const stringifiedVersion = JSON.stringify(version, undefined, 4);
+        const stringifiedVersion = JSON.stringify(version, undefined, 4) + '\n';
        try {
            await navigator.clipboard.writeText(stringifiedVersion);
            this.setState({copyState: 'success'});
Author	SHA1	Message	Date
Justin Marquis	685040cf82	fix: upgrade slsa-github-generator (#15173 ) Signed-off-by: Justin Marquis <34fathombelow@protonmail.com>	2023-08-22 18:17:50 -04:00
gcp-cherry-pick-bot[bot]	2333b048f9	fix(ui): code lint (#15150 ) (#15161 ) Signed-off-by: ebuildy <ebuildy@gmail.com> Co-authored-by: Thomas Decaux <ebuildy@gmail.com>	2023-08-22 14:20:53 -04:00
gcp-cherry-pick-bot[bot]	7a353a55c8	fix: windows build (#15154 ) (#15157 ) Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>	2023-08-22 13:08:32 -04:00
github-actions[bot]	521c99e05f	Bump version to 2.7.12 (#15140 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: crenshaw-dev <crenshaw-dev@users.noreply.github.com>	2023-08-21 16:29:04 -04:00
pasha-codefresh	003d6d1da5	Merge pull request from GHSA-c8xw-vjgf-94hr Signed-off-by: pashakostohrys <pavel@codefresh.io>	2023-08-21 16:15:09 -04:00
gcp-cherry-pick-bot[bot]	7e3572f373	docs(progressive syncs): specify which ConfigMap to use (#15119 ) (#15134 ) Signed-off-by: Gaël Jourdan-Weil <gjourdanweil@gmail.com> Co-authored-by: Gaël Jourdan-Weil <gjourdanweil@gmail.com>	2023-08-21 16:13:48 -04:00
gcp-cherry-pick-bot[bot]	580966ce85	docs: ✏️ fix typo on configmap name for private certs (#9596 ) (#15132 ) Signed-off-by: Gaël Jourdan-Weil <gael.jourdan-weil@kelkoogroup.com> Co-authored-by: Gaël Jourdan-Weil <gael.jourdan-weil@kelkoogroup.com>	2023-08-21 16:13:19 -04:00
gcp-cherry-pick-bot[bot]	693ea664ff	docs: add docs for various annotations and labels (#14020 ) (#15113 ) * docs: add docs for various annotations * more info * more docs --------- Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>	2023-08-18 11:22:49 -04:00
gcp-cherry-pick-bot[bot]	2ff6e5178e	docs: kubectl to synchronize argocd apps (#14881 ) (#15086 ) We can use kubectl to synchronize argocd applications the same way we can use the argocd cli or ui, however there's no documentation. This PR adds documentation for kubectl. Signed-off-by: Jordi Grant Esteve <jgrant.esteve@gmail.com> Co-authored-by: selaci <selaci@users.noreply.github.com>	2023-08-18 11:19:53 -04:00
gcp-cherry-pick-bot[bot]	6e6d6e01e2	docs: fix typo (#15083 ) (#15089 ) Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>	2023-08-18 11:18:44 -04:00
gcp-cherry-pick-bot[bot]	af202bc7ef	docs: document permitOnlyProjectScopedClusters field (#15076 ) (#15081 ) Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>	2023-08-16 15:44:13 -04:00
gcp-cherry-pick-bot[bot]	849b5a6344	fix: bump ubuntu base image (#15020 ) (#15021 ) (#15024 ) Latest version of the ubuntu image addresses CVE-2023-38408. https://ubuntu.com/security/notices/USN-6242-1 https://github.com/docker-library/repo-info/blob/master/repos/ubuntu/remote/22.04.md resolves #15020 Signed-off-by: Mason Cole <macole@beyondtrust.com> Co-authored-by: Mason Cole <117116981+bt-macole@users.noreply.github.com>	2023-08-11 15:47:35 -04:00
gcp-cherry-pick-bot[bot]	2d483a4c2f	fix(cmp): send sigterm to cmp commands before sigkill to allow for potential cleanup (#9180 ) (#14955 ) (#14959 ) * fix: send sigterm to cmp commands before sigkill to allow for potential cleanup * fix: unit test for runCommand in cmpserver to test cleanup modified * fix: change unit test for plugin/runCommand to avoid bad trap along with lint fix --------- Signed-off-by: Ashin Sabu <ashin.sabu@harness.io> Co-authored-by: Ashin Sabu <139749674+ashinsabu3@users.noreply.github.com>	2023-08-08 11:38:11 -04:00
gcp-cherry-pick-bot[bot]	fcdaf9b4b6	fix(ui): COPY JSON for ArgoCD version should include trailing newline (#5117 ) (#14917 ) (#14939 ) Signed-off-by: Vipin M S <vipinachar2016@gmail.com> Co-authored-by: Vipin M S <40431065+vipinachar@users.noreply.github.com>	2023-08-07 11:02:59 -04:00
gcp-cherry-pick-bot[bot]	990ab0ef81	docs: Update Generators-Git.md (#14921 ) (#14935 ) Remove a misleading symbol from the pattern for the path.Match function. The pipe symbol doesn't have any special meaning. Signed-off-by: German Lashevich <german.lashevich@gmail.com> Co-authored-by: German Lashevich <design.ber@gmail.com>	2023-08-07 10:48:47 -04:00
github-actions[bot]	ec195adad8	Bump version to 2.7.11 (#14933 ) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: crenshaw-dev <crenshaw-dev@users.noreply.github.com>	2023-08-07 10:01:25 -04:00
gcp-cherry-pick-bot[bot]	743334ec1d	docs: add ignoreDifferences name and namespace fields (#14741 ) (#14806 ) * Update application.yaml * Update docs/operator-manual/application.yaml --------- Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>	2023-08-03 10:28:35 -04:00
gcp-cherry-pick-bot[bot]	97ddc4b245	docs: Update application.yaml (#14742 ) (#14810 ) Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>	2023-08-03 10:27:10 -04:00
gcp-cherry-pick-bot[bot]	89c30d8d34	docs: Change Generator docs for List Generator to note any key/value pairs can be used (#14825 ) (#14833 ) This is no longer limited to cluster/url value pairs. Signed-off-by: JesseBot <jessebot@linux.com> Co-authored-by: JesseBot <jessebot@linux.com>	2023-08-01 13:56:11 -04:00
gcp-cherry-pick-bot[bot]	c56d7e7bc6	fix: ManagedResources API should not return diff for hooks (#14816 ) (#14829 ) Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com> Co-authored-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>	2023-08-01 09:07:37 -07:00
gcp-cherry-pick-bot[bot]	9b6892c467	fix: Correct broken `forever` option in pod logs viewer. Fixes #14762 (#14763 ) (#14804 ) Signed-off-by: Alex Collins <alex_collins@intuit.com> Co-authored-by: Alex Collins <alexec@users.noreply.github.com>	2023-07-31 19:27:11 -04:00
@@ -1 +1 @@
 .7.10
 .7.12