sibling of 76104da

argoproj · Oct 18, 2024 · 9fc06ff · 9fc06ff
1 parent e7e6f5b
commit 9fc06ff
Show file tree

Hide file tree

Showing 730 changed files with 8,321 additions and 38,378 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -31,11 +31,6 @@ updates:
  directory: "/"
  schedule:
  interval: "daily"
- ignore:
- # We use consistent go and node versions across a lot of different files, and updating via dependabot would cause
- # drift among those files, instead we let renovate bot handle them.
- - dependency-name: "library/golang"
- - dependency-name: "library/node"
 
  - package-ecosystem: "docker"
  directory: "/test/container/"

diff --git a/.github/workflows/ci-build.yaml b/.github/workflows/ci-build.yaml
@@ -13,8 +13,7 @@ on:
 
 env:
  # Golang version to use across CI steps
- # renovate: datasource=golang-version packageName=golang
- GOLANG_VERSION: '1.23.2'
+ GOLANG_VERSION: '1.22'
 
 concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
@@ -32,7 +31,7 @@ jobs:
  docs: ${{ steps.filter.outputs.docs_any_changed }}
  steps:
  - uses: actions/checkout@8410ad0602e1e429cee44a835ae9f77f654a6694 # v4.0.0
- - uses: tj-actions/changed-files@c3a1bb2c992d77180ae65be6ae6c166cf40f857c # v45.0.3
+ - uses: tj-actions/changed-files@e9772d140489982e0e3704fea5ee93d536f1e275 # v45.0.1
  id: filter
  with:
  # Any file which is not under docs/, ui/ or is not a markdown file is counted as a backend file
@@ -82,7 +81,7 @@ jobs:
  with:
  go-version: ${{ env.GOLANG_VERSION }}
  - name: Restore go build cache
- uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1
+ uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
  with:
  path: ~/.cache/go-build
  key: ${{ runner.os }}-go-build-v1-${{ github.run_id }}
@@ -109,10 +108,9 @@ jobs:
  with:
  go-version: ${{ env.GOLANG_VERSION }}
  - name: Run golangci-lint
- uses: golangci/golangci-lint-action@971e284b6050e8a5849b72094c50ab08da042db8 # v6.1.1
+ uses: golangci/golangci-lint-action@aaa42aa0628b4ae2578232a66b541047968fac86 # v6.1.0
  with:
- # renovate: datasource=go packageName=github.com/golangci/golangci-lint versioning=regex:^v(?<major>\d+)\.(?<minor>\d+)\.(?<patch>\d+)?$
- version: v1.61.0
+ version: v1.58.2
  args: --verbose
 
  test-go:
@@ -153,7 +151,7 @@ jobs:
  run: |
  echo "/usr/local/bin" >> $GITHUB_PATH
  - name: Restore go build cache
- uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1
+ uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
  with:
  path: ~/.cache/go-build
  key: ${{ runner.os }}-go-build-v1-${{ github.run_id }}
@@ -174,7 +172,7 @@ jobs:
  - name: Run all unit tests
  run: make test-local
  - name: Generate test results artifacts
- uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
+ uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
  with:
  name: test-results
  path: test-results
@@ -217,7 +215,7 @@ jobs:
  run: |
  echo "/usr/local/bin" >> $GITHUB_PATH
  - name: Restore go build cache
- uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1
+ uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
  with:
  path: ~/.cache/go-build
  key: ${{ runner.os }}-go-build-v1-${{ github.run_id }}
@@ -238,7 +236,7 @@ jobs:
  - name: Run all unit tests
  run: make test-race-local
  - name: Generate test results artifacts
- uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
+ uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
  with:
  name: race-results
  path: test-results/
@@ -305,13 +303,12 @@ jobs:
  - name: Checkout code
  uses: actions/checkout@8410ad0602e1e429cee44a835ae9f77f654a6694 # v4.0.0
  - name: Setup NodeJS
- uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4
+ uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3
  with:
- # renovate: datasource=node-version packageName=node versioning=node
- node-version: '22.9.0'
+ node-version: '21.6.1'
  - name: Restore node dependency cache
  id: cache-dependencies
- uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1
+ uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
  with:
  path: ui/node_modules
  key: ${{ runner.os }}-node-dep-v2-${{ hashFiles('**/yarn.lock') }}
@@ -351,7 +348,7 @@ jobs:
  fetch-depth: 0
  - name: Restore node dependency cache
  id: cache-dependencies
- uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1
+ uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
  with:
  path: ui/node_modules
  key: ${{ runner.os }}-node-dep-v2-${{ hashFiles('**/yarn.lock') }}
@@ -376,15 +373,15 @@ jobs:
  run: |
  go tool covdata percent -i=test-results,e2e-code-coverage/applicationset-controller,e2e-code-coverage/repo-server,e2e-code-coverage/app-controller -o test-results/full-coverage.out
  - name: Upload code coverage information to codecov.io
- uses: codecov/codecov-action@b9fd7d16f6d7d1b5d2bec1a2887e65ceed900238 # v4.6.0
+ uses: codecov/codecov-action@e28ff129e5465c2c0dcc6f003fc735cb6ae0c673 # v4.5.0
  with:
  file: test-results/full-coverage.out
  fail_ci_if_error: true
  env:
  CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
  - name: Upload test results to Codecov
  if: github.ref == 'refs/heads/master' && github.event_name == 'push' && github.repository == 'argoproj/argo-cd'
- uses: codecov/test-results-action@9739113ad922ea0a9abb4b2c0f8bf6a4aa8ef820 # v1.0.1
+ uses: codecov/test-results-action@1b5b448b98e58ba90d1a1a1d9fcb72ca2263be46 # v1.0.0
  with:
  file: test-results/junit.xml
  fail_ci_if_error: true
@@ -393,7 +390,7 @@ jobs:
  env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
- uses: SonarSource/sonarqube-scan-action@884b79409bbd464b2a59edc326a4b77dc56b2195 # v2.2
+ uses: SonarSource/sonarqube-scan-action@aecaf43ae57e412bd97d70ef9ce6076e672fe0a9 # v2.2
  if: env.sonar_secret != ''
  test-e2e:
  name: Run end-to-end tests
@@ -403,14 +400,14 @@ jobs:
  fail-fast: false
  matrix:
  k3s:
- - version: v1.31.0
+ - version: v1.30.2
  # We designate the latest version because we only collect code coverage for that version.
  latest: true
- - version: v1.30.4
+ - version: v1.29.6
  latest: false
- - version: v1.29.8
+ - version: v1.28.11
  latest: false
- - version: v1.28.13
+ - version: v1.27.15
  latest: false
  needs:
  - build-go
@@ -451,7 +448,7 @@ jobs:
  sudo chmod go-r $HOME/.kube/config
  kubectl version
  - name: Restore go build cache
- uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1
+ uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
  with:
  path: ~/.cache/go-build
  key: ${{ runner.os }}-go-build-v1-${{ github.run_id }}
@@ -509,13 +506,13 @@ jobs:
  goreman run stop-all || echo "goreman trouble"
  sleep 30
  - name: Upload e2e coverage report
- uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
+ uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
  with:
  name: e2e-code-coverage
  path: /tmp/coverage
  if: ${{ matrix.k3s.latest }}
  - name: Upload e2e-server logs
- uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
+ uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
  with:
  name: e2e-server-k8s${{ matrix.k3s.version }}.log
  path: /tmp/e2e-server.log

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -23,7 +23,7 @@ jobs:
  actions: read # for github/codeql-action/init to get workflow details
  contents: read # for actions/checkout to fetch code
  security-events: write # for github/codeql-action/autobuild to send a status report
- if: github.repository == 'argoproj/argo-cd' || vars.enable_codeql
+ if: github.repository == 'argoproj/argo-cd'
 
  # CodeQL runs on ubuntu-latest and windows-latest
  runs-on: ubuntu-22.04

diff --git a/.github/workflows/image-reuse.yaml b/.github/workflows/image-reuse.yaml
@@ -74,10 +74,10 @@ jobs:
  go-version: ${{ inputs.go-version }}
 
  - name: Install cosign
- uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # v3.7.0
+ uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382 # v3.6.0
 
  - uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0
- - uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1
+ - uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1
 
  - name: Setup tags for container image as a CSV type
  run: |
@@ -143,7 +143,7 @@ jobs:
 
  - name: Build and push container image
  id: image
- uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 #v6.9.0
+ uses: docker/build-push-action@5cd11c3a4ced054e52742c5fd54dca954e0edd85 #v6.7.0
  with:
  context: .
  platforms: ${{ inputs.platforms }}

diff --git a/.github/workflows/image.yaml b/.github/workflows/image.yaml
@@ -52,8 +52,7 @@ jobs:
  uses: ./.github/workflows/image-reuse.yaml
  with:
  # Note: cannot use env variables to set go-version (https://docs.github.com/en/actions/using-workflows/reusing-workflows#limitations)
- # renovate: datasource=golang-version packageName=golang
- go-version: 1.23.2
+ go-version: 1.22
  platforms: ${{ needs.set-vars.outputs.platforms }}
  push: false
 
@@ -69,8 +68,7 @@ jobs:
  quay_image_name: quay.io/argoproj/argocd:latest
  ghcr_image_name: ghcr.io/argoproj/argo-cd/argocd:${{ needs.set-vars.outputs.image-tag }}
  # Note: cannot use env variables to set go-version (https://docs.github.com/en/actions/using-workflows/reusing-workflows#limitations)
- # renovate: datasource=golang-version packageName=golang
- go-version: 1.23.2
+ go-version: 1.22
  platforms: ${{ needs.set-vars.outputs.platforms }}
  push: true
  secrets:

diff --git a/.github/workflows/init-release.yaml b/.github/workflows/init-release.yaml
@@ -64,7 +64,7 @@ jobs:
  git stash pop
 
  - name: Create pull request
- uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f # v7.0.5
+ uses: peter-evans/create-pull-request@d121e62763d8cc35b5fb1710e887d6e69a52d3a4 # v7.0.2
  with:
  commit-message: "Bump version to ${{ inputs.TARGET_VERSION }}"
  title: "Bump version to ${{ inputs.TARGET_VERSION }} on ${{ inputs.TARGET_BRANCH }} branch"

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -10,8 +10,7 @@ on:
 permissions: {}
 
 env:
- # renovate: datasource=golang-version packageName=golang
- GOLANG_VERSION: '1.23.2' # Note: go-version must also be set in job argocd-image.with.go-version
+ GOLANG_VERSION: '1.22' # Note: go-version must also be set in job argocd-image.with.go-version
 
 jobs:
  argocd-image:
@@ -24,8 +23,7 @@ jobs:
  with:
  quay_image_name: quay.io/argoproj/argocd:${{ github.ref_name }}
  # Note: cannot use env variables to set go-version (https://docs.github.com/en/actions/using-workflows/reusing-workflows#limitations)
- # renovate: datasource=golang-version packageName=golang
- go-version: 1.23.2
+ go-version: 1.22
  platforms: linux/amd64,linux/arm64,linux/s390x,linux/ppc64le
  push: true
  secrets:
@@ -69,16 +67,20 @@ jobs:
  - name: Fetch all tags
  run: git fetch --force --tags
 
+ - name: Set GORELEASER_PREVIOUS_TAG # Workaround, GoReleaser uses 'git-describe' to determine a previous tag. Our tags are created in realease branches.
+ run: |
+ set -xue
+ if echo ${{ github.ref_name }} | grep -E -- '-rc1+$';then
+ echo "GORELEASER_PREVIOUS_TAG=$(git -c 'versionsort.suffix=-rc' tag --list --sort=version:refname | tail -n 2 | head -n 1)" >> $GITHUB_ENV
+ else
+ echo "This is not the first release on the branch, Using GoReleaser defaults"
+ fi
+
  - name: Setup Golang
  uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
  with:
  go-version: ${{ env.GOLANG_VERSION }}
 
- - name: Set GORELEASER_PREVIOUS_TAG # Workaround, GoReleaser uses 'git-describe' to determine a previous tag. Our tags are created in release branches.
- run: |
- set -xue
- echo "GORELEASER_PREVIOUS_TAG=$(go run hack/get-previous-release/get-previous-version-for-release-notes.go ${{ github.ref_name }})" >> $GITHUB_ENV
-
  - name: Set environment variables for ldflags
  id: set_ldflag
  run: |
@@ -101,7 +103,7 @@ jobs:
  args: release --clean --timeout 55m
  env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- KUBECTL_VERSION: ${{ env.KUBECTL_VERSION }}
+ KUBECTL_VERSION: ${{ env.KUBECTL_VERSION }} 
  GIT_TREE_STATE: ${{ env.GIT_TREE_STATE }}
 
  - name: Generate subject for provenance
@@ -184,7 +186,7 @@ jobs:
  fi
 
  cd /tmp && tar -zcf sbom.tar.gz *.spdx
-
+ 
  - name: Generate SBOM hash
  shell: bash
  id: sbom-hash
@@ -193,29 +195,29 @@ jobs:
  # base64 -w0 encodes to base64 and outputs on a single line.
  # sha256sum /tmp/sbom.tar.gz ... | base64 -w0
  echo "hashes=$(sha256sum /tmp/sbom.tar.gz | base64 -w0)" >> "$GITHUB_OUTPUT"
-
+ 
  - name: Upload SBOM
  uses: softprops/action-gh-release@c062e08bd532815e2082a85e87e3ef29c3e6d191 # v2.0.8
  env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  with:
  files: |
  /tmp/sbom.tar.gz
-
+ 
  sbom-provenance:
  needs: [generate-sbom]
  permissions:
  actions: read # for detecting the Github Actions environment
  id-token: write # Needed for provenance signing and ID
  contents: write # Needed for release uploads
  if: github.repository == 'argoproj/argo-cd'
- # Must be referenced by a tag. https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/container/README.md#referencing-the-slsa-generator
+ # Must be refernced by a tag. https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/container/README.md#referencing-the-slsa-generator
  uses: slsa-framework/slsa-github-generator/.github/workflows/[email protected]
  with:
  base64-subjects: "${{ needs.generate-sbom.outputs.hashes }}"
  provenance-name: "argocd-sbom.intoto.jsonl"
  upload-assets: true
-
+ 
  post-release:
  needs:
  - argocd-image
@@ -293,7 +295,7 @@ jobs:
  if: ${{ env.UPDATE_VERSION == 'true' }}
 
  - name: Create PR to update VERSION on master branch
- uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f # v7.0.5
+ uses: peter-evans/create-pull-request@d121e62763d8cc35b5fb1710e887d6e69a52d3a4 # v7.0.2
  with:
  commit-message: Bump version in master
  title: "chore: Bump version in master"

diff --git a/.github/workflows/scorecard.yaml b/.github/workflows/scorecard.yaml
@@ -54,7 +54,7 @@ jobs:
  # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
  # format to the repository Actions tab.
  - name: "Upload artifact"
- uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
+ uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
  with:
  name: SARIF file
  path: results.sarif

diff --git a/.golangci.yaml b/.golangci.yaml
@@ -20,10 +20,8 @@ linters:
  - misspell
  - staticcheck
  - testifylint
- - thelper
  - unparam
  - unused
- - usestdlibvars
  - whitespace 
 linters-settings:
  gocritic:

diff --git a/.readthedocs.yaml b/.readthedocs.yaml
@@ -8,4 +8,4 @@ python:
 build:
  os: "ubuntu-22.04"
  tools:
- python: "3.12"
+ python: "3.7"