diff --git a/.dockerignore b/.dockerignore index 81e5902bc6147..074bb9f43d8a4 100644 --- a/.dockerignore +++ b/.dockerignore @@ -17,6 +17,8 @@ manifests/ hack/ docs/ examples/ +.dockerignore +.git/ .github/ !test/fixture !test/container diff --git a/.github/workflows/ci-build.yaml b/.github/workflows/ci-build.yaml index c7f8d3b768e8f..899d56afbc3cc 100644 --- a/.github/workflows/ci-build.yaml +++ b/.github/workflows/ci-build.yaml @@ -28,9 +28,9 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: Setup Golang - uses: actions/setup-go@v3 + uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 with: go-version: ${{ env.GOLANG_VERSION }} - name: Download all Go modules @@ -46,13 +46,13 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: Setup Golang - uses: actions/setup-go@v3 + uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 with: go-version: ${{ env.GOLANG_VERSION }} - name: Restore go build cache - uses: actions/cache@v3 + uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1 with: path: ~/.cache/go-build key: ${{ runner.os }}-go-build-v1-${{ github.run_id }} @@ -67,13 +67,13 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v2 + uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0 - name: Setup Golang - uses: actions/setup-go@v1 + uses: actions/setup-go@0caeaed6fd66a828038c2da3c0f662a42862658f # v1.1.3 with: go-version: ${{ env.GOLANG_VERSION }} - name: Run golangci-lint - uses: golangci/golangci-lint-action@v3 + uses: golangci/golangci-lint-action@639cd343e1d3b897ff35927a75193d57cfcba299 # v3.6.0 with: version: v1.46.2 args: --timeout 10m --exclude SA5011 --verbose @@ -90,11 +90,11 @@ jobs: - name: Create checkout directory run: mkdir -p ~/go/src/github.com/argoproj - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: Create symlink in GOPATH run: ln -s $(pwd) ~/go/src/github.com/argoproj/argo-cd - name: Setup Golang - uses: actions/setup-go@v3 + uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 with: go-version: ${{ env.GOLANG_VERSION }} - name: Install required packages @@ -114,7 +114,7 @@ jobs: run: | echo "/usr/local/bin" >> $GITHUB_PATH - name: Restore go build cache - uses: actions/cache@v3 + uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1 with: path: ~/.cache/go-build key: ${{ runner.os }}-go-build-v1-${{ github.run_id }} @@ -131,12 +131,12 @@ jobs: - name: Run all unit tests run: make test-local - name: Generate code coverage artifacts - uses: actions/upload-artifact@v2 + uses: actions/upload-artifact@82c141cc518b40d92cc801eee768e7aafc9c2fa2 # v2.3.1 with: name: code-coverage path: coverage.out - name: Generate test results artifacts - uses: actions/upload-artifact@v2 + uses: actions/upload-artifact@82c141cc518b40d92cc801eee768e7aafc9c2fa2 # v2.3.1 with: name: test-results path: test-results/ @@ -153,11 +153,11 @@ jobs: - name: Create checkout directory run: mkdir -p ~/go/src/github.com/argoproj - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: Create symlink in GOPATH run: ln -s $(pwd) ~/go/src/github.com/argoproj/argo-cd - name: Setup Golang - uses: actions/setup-go@v3 + uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 with: go-version: ${{ env.GOLANG_VERSION }} - name: Install required packages @@ -177,7 +177,7 @@ jobs: run: | echo "/usr/local/bin" >> $GITHUB_PATH - name: Restore go build cache - uses: actions/cache@v3 + uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1 with: path: ~/.cache/go-build key: ${{ runner.os }}-go-build-v1-${{ github.run_id }} @@ -194,7 +194,7 @@ jobs: - name: Run all unit tests run: make test-race-local - name: Generate test results artifacts - uses: actions/upload-artifact@v2 + uses: actions/upload-artifact@82c141cc518b40d92cc801eee768e7aafc9c2fa2 # v2.3.1 with: name: race-results path: test-results/ @@ -204,9 +204,9 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: Setup Golang - uses: actions/setup-go@v3 + uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 with: go-version: ${{ env.GOLANG_VERSION }} - name: Create symlink in GOPATH @@ -248,14 +248,14 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: Setup NodeJS - uses: actions/setup-node@v1 + uses: actions/setup-node@f1f314fca9dfce2769ece7d933488f076716723e # v1.4.6 with: node-version: "12.18.4" - name: Restore node dependency cache id: cache-dependencies - uses: actions/cache@v3 + uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1 with: path: ui/node_modules key: ${{ runner.os }}-node-dep-v2-${{ hashFiles('**/yarn.lock') }} @@ -285,12 +285,12 @@ jobs: sonar_secret: ${{ secrets.SONAR_TOKEN }} steps: - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 with: fetch-depth: 0 - name: Restore node dependency cache id: cache-dependencies - uses: actions/cache@v3 + uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1 with: path: ui/node_modules key: ${{ runner.os }}-node-dep-v2-${{ hashFiles('**/yarn.lock') }} @@ -301,16 +301,16 @@ jobs: run: | mkdir -p test-results - name: Get code coverage artifiact - uses: actions/download-artifact@v2 + uses: actions/download-artifact@cbed621e49e4c01b044d60f6c80ea4ed6328b281 # v2.1.1 with: name: code-coverage - name: Get test result artifact - uses: actions/download-artifact@v2 + uses: actions/download-artifact@cbed621e49e4c01b044d60f6c80ea4ed6328b281 # v2.1.1 with: name: test-results path: test-results - name: Upload code coverage information to codecov.io - uses: codecov/codecov-action@v1 + uses: codecov/codecov-action@29386c70ef20e286228c72b668a06fd0e8399192 # v1.5.2 with: file: coverage.out - name: Perform static code analysis using SonarCloud diff --git a/.github/workflows/default-branch-check.yaml b/.github/workflows/default-branch-check.yaml index 5e4ac0a54aa25..ebcd313d8850b 100644 --- a/.github/workflows/default-branch-check.yaml +++ b/.github/workflows/default-branch-check.yaml @@ -12,7 +12,7 @@ jobs: steps: - name: fail if base branch is not default branch if: ${{ github.event.pull_request.base.ref != github.event.repository.default_branch }} - uses: actions/github-script@v3 + uses: actions/github-script@ffc2c79a5b2490bd33e0a41c1de74b877714d736 # v3.2.0 with: script: | core.setFailed("Base branch of the PR - ${{ github.event.pull_request.base.ref }} is not a default branch. Please reopen your PR to ${{ github.event.repository.default_branch }}") diff --git a/.github/workflows/image.yaml b/.github/workflows/image.yaml index 1e82ffd31fa64..ef90d4edda993 100644 --- a/.github/workflows/image.yaml +++ b/.github/workflows/image.yaml @@ -14,10 +14,10 @@ jobs: env: GOPATH: /home/runner/work/argo-cd/argo-cd steps: - - uses: actions/setup-go@v1 + - uses: actions/setup-go@0caeaed6fd66a828038c2da3c0f662a42862658f # v1.1.3 with: go-version: ${{ env.GOLANG_VERSION }} - - uses: actions/checkout@master + - uses: actions/checkout@61b9e3751b92087fd0b06925ba6dd6314e06f089 # master with: path: src/github.com/argoproj/argo-cd @@ -58,4 +58,4 @@ jobs: git config --global user.name 'CI-Codefresh' git diff --exit-code && echo 'Already deployed' || (git commit -am 'Upgrade argocd to ${{ steps.image.outputs.tag }}' && git push) if: github.event_name == 'push' - working-directory: argoproj-deployments/argocd \ No newline at end of file + working-directory: argoproj-deployments/argocd diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index e761d7a3f95c9..e807edc0dcce6 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -13,46 +13,57 @@ on: env: GOLANG_VERSION: "1.19" + # The name of the tag as supplied by the GitHub event + SOURCE_TAG: ${{ github.ref }} + # The image namespace where Docker image will be published to + IMAGE_NAMESPACE: quay.io/codefresh + # Whether to create & push image and release assets + DRY_RUN: false + # Whether a draft release should be created, instead of public one + DRAFT_RELEASE: false + # Whether to update homebrew with this release as well + # Set RELEASE_HOMEBREW_TOKEN secret in repository for this to work - needs + # access to public repositories + UPDATE_HOMEBREW: false + # Name of the GitHub user for Git config + GIT_USERNAME: CI-Codefresh + # E-Mail of the GitHub user for Git config + GIT_EMAIL: integration@codefresh.io jobs: prepare-release: - name: Perform automatic release on trigger ${{ github.ref }} + name: Perform release metadata for ${{ github.ref }} runs-on: ubuntu-latest env: - # The name of the tag as supplied by the GitHub event - SOURCE_TAG: ${{ github.ref }} - # The image namespace where Docker image will be published to - IMAGE_NAMESPACE: quay.io/codefresh - # Whether to create & push image and release assets - DRY_RUN: false - # Whether a draft release should be created, instead of public one - DRAFT_RELEASE: false - # Whether to update homebrew with this release as well - # Set RELEASE_HOMEBREW_TOKEN secret in repository for this to work - needs - # access to public repositories - UPDATE_HOMEBREW: false - # Name of the GitHub user for Git config - GIT_USERNAME: CI-Codefresh - # E-Mail of the GitHub user for Git config - GIT_EMAIL: integration@codefresh.io + ARTIFACT_NAME: release-notes + outputs: + TARGET_VERSION: ${{ steps.setup-vars.outputs.TARGET_VERSION }} + TARGET_BRANCH: ${{ steps.setup-vars.outputs.TARGET_BRANCH }} + PRE_RELEASE: ${{ steps.setup-vars.outputs.PRE_RELEASE }} + RELEASE_TAG: ${{ steps.setup-vars.outputs.RELEASE_TAG }} + RELEASE_NOTES: ${{ steps.release-notes.outputs.RELEASE_NOTES }} + steps: - name: Checkout code - uses: actions/checkout@v2 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 with: fetch-depth: 0 token: ${{ secrets.GITHUB_TOKEN }} - name: Check if the published tag is well formed and setup vars + id: setup-vars run: | set -xue # Target version must match major.minor.patch and optional -rcX suffix # where X must be a number. TARGET_VERSION=${SOURCE_TAG#*release-v} + # Codefresh change: add to filter below a check for `-cf.*` postfix if ! echo "${TARGET_VERSION}" | egrep '^[0-9]+\.[0-9]+\.[0-9]+((-rc[0-9]+)|(-cap-.*))*$'; then echo "::error::Target version '${TARGET_VERSION}' is malformed, refusing to continue." >&2 exit 1 fi + # Target branch is the release branch we're going to operate on # Its name is 'release-.' TARGET_BRANCH="release-${TARGET_VERSION%\.[0-9]*}" @@ -63,6 +74,7 @@ jobs: if echo "${RELEASE_TAG}" | egrep -- '-rc[0-9]+$'; then PRE_RELEASE=true fi + # We must not have a release trigger within the same release branch, # because that means a release for this branch is already running. if git tag -l | grep "release-v${TARGET_VERSION%\.[0-9]*}" | grep -v "release-v${TARGET_VERSION}"; then @@ -74,12 +86,15 @@ jobs: echo "::error::Release tag ${RELEASE_TAG} already exists in repository. Refusing to continue." exit 1 fi + # Make the variables available in follow-up steps - echo "TARGET_VERSION=${TARGET_VERSION}" >> $GITHUB_ENV - echo "TARGET_BRANCH=${TARGET_BRANCH}" >> $GITHUB_ENV - echo "RELEASE_TAG=${RELEASE_TAG}" >> $GITHUB_ENV - echo "PRE_RELEASE=${PRE_RELEASE}" >> $GITHUB_ENV - - name: Check if our release tag has a correct annotation + echo "TARGET_VERSION=${TARGET_VERSION}" >> $GITHUB_OUTPUT + echo "TARGET_BRANCH=${TARGET_BRANCH}" >> $GITHUB_OUTPUT + echo "RELEASE_TAG=${RELEASE_TAG}" >> $GITHUB_OUTPUT + echo "PRE_RELEASE=${PRE_RELEASE}" >> $GITHUB_OUTPUT + + - name: Create release notes + id: release-notes run: | set -ue # Fetch all tag information as well @@ -124,14 +139,131 @@ jobs: # echo "::error::Release notes seem invalid, quick start section not found." # exit 1 # fi - # We store path to temporary release notes file for later reading, we - # need it when creating release. - echo "RELEASE_NOTES=${RELEASE_NOTES}" >> $GITHUB_ENV + + # https://github.com/github/docs/issues/21529#issue-1418590935 + echo "RELEASE_NOTES<> $GITHUB_OUTPUT + cat ${RELEASE_NOTES} >> $GITHUB_OUTPUT + echo "EOF" >> $GITHUB_OUTPUT + + binaries: + name: Build Binaries for Release + runs-on: ubuntu-latest + needs: + - prepare-release + env: + ARTIFACT_NAME: binaries + outputs: + ARTIFACT_NAME: ${{ env.ARTIFACT_NAME }} + steps: + - name: Checkout code + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 + with: + fetch-depth: 0 + token: ${{ secrets.GITHUB_TOKEN }} + - name: Setup Golang - uses: actions/setup-go@v2 + uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1 with: go-version: ${{ env.GOLANG_VERSION }} + - name: Build release binaries + run: | + set -ue + mkdir -p dist/ + make release-cli + chmod +x ./dist/argocd-* + if: ${{ env.DRY_RUN != 'true' }} + + - name: Upload binaries artifact + uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 + with: + name: ${{ env.ARTIFACT_NAME }} + path: ./dist/argocd-* + if: ${{ env.DRY_RUN != 'true' }} + + container-image: + name: Build and Push Container Images for Release + runs-on: ubuntu-latest + permissions: + contents: read + id-token: write # Needed to create an OIDC token for keyless signing + needs: + - prepare-release + env: + TARGET_VERSION: ${{ needs.prepare-release.outputs.TARGET_VERSION }} + steps: + - name: Checkout code + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 + with: + fetch-depth: 0 + token: ${{ secrets.GITHUB_TOKEN }} + + - name: Login to quay.io + uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0 + with: + registry: quay.io + username: ${{ secrets.RELEASE_QUAY_USERNAME }} + password: ${{ secrets.RELEASE_QUAY_TOKEN }} + + - uses: docker/setup-qemu-action@2b82ce82d56a2a04d2637cd93a637ae1b359c0a7 # v2.2.0 + - uses: docker/setup-buildx-action@4c0219f9ac95b02789c1075625400b2acbff50b1 # v2.9.1 + + - name: Build and push container image + id: image + uses: docker/build-push-action@2eb1c1961a95fc15694676618e422e8ba1d63825 #v4.1.1 + with: + context: . + platforms: linux/amd64,linux/arm64 + push: ${{ env.DRY_RUN != 'true' }} + tags: ${{ env.IMAGE_NAMESPACE }}/argocd:v${{ env.TARGET_VERSION }} + provenance: false + sbom: false + # Cached layers will only be re-used when building the same image. This can only happen when: + # + # * The release workflow fails and is then retried. + # * The same release tag is deleted and then re-pushed. + # + # A global layer cache for the entire repository cannot be used. This is because in the context of runs triggered by tag pushes, + # runs for two different tags cannot access the same cache. Hence, we limit the cache scope to the image tag. + # + # See: https://docs.github.com/en/actions/using-workflows/caching-dependencies-to-speed-up-workflows#restrictions-for-accessing-a-cache + cache-from: type=gha,scope=v${{ env.TARGET_VERSION }} + cache-to: type=gha,mode=max,scope=v${{ env.TARGET_VERSION }} + + - name: Install cosign + uses: sigstore/cosign-installer@6e04d228eb30da1757ee4e1dd75a0ec73a653e06 # v3.1.1 + with: + cosign-release: 'v2.1.1' + + - name: Sign container image + run: | + cosign sign \ + -a "repo=${{ github.repository }}" \ + -a "workflow=${{ github.workflow }}" \ + -a "sha=${{ github.sha }}" \ + -y \ + "${{ env.IMAGE_NAMESPACE }}/argocd@${{ steps.image.outputs.digest }}" + if: ${{ env.DRY_RUN != 'true' }} + + release: + name: Create Release + runs-on: ubuntu-latest + env: + TARGET_BRANCH: ${{ needs.prepare-release.outputs.TARGET_BRANCH }} + TARGET_VERSION: ${{ needs.prepare-release.outputs.TARGET_VERSION }} + RELEASE_TAG: ${{ needs.prepare-release.outputs.RELEASE_TAG }} + RELEASE_NOTES: ${{ needs.prepare-release.outputs.RELEASE_NOTES }} + needs: + - prepare-release + - binaries + - container-image + steps: + - name: Checkout code + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 + with: + fetch-depth: 0 + token: ${{ secrets.GITHUB_TOKEN }} + - name: Setup Git author information run: | set -ue @@ -145,54 +277,12 @@ jobs: echo "::error::Checking out release branch '${TARGET_BRANCH}' for target version '${TARGET_VERSION}' (tagged '${RELEASE_TAG}') failed. Does it exist in repo?" exit 1 fi - ## Codefresh change - # - name: Create VERSION information - # run: | - # set -ue - # echo "Bumping version from $(cat VERSION) to ${TARGET_VERSION}" - # echo "${TARGET_VERSION}" > VERSION - # git commit -m "Bump version to ${TARGET_VERSION}" VERSION - - # - name: Generate new set of manifests - # run: | - # set -ue - # make install-codegen-tools-local - # helm2 init --client-only - # make manifests-local VERSION=${TARGET_VERSION} - # git diff - # git commit manifests/ -m "Bump version to ${TARGET_VERSION}" - name: Create the release tag run: | set -ue echo "Creating release ${RELEASE_TAG}" git tag ${RELEASE_TAG} - - name: Build Docker image for release - run: | - set -ue - git clean -fd - mkdir -p dist/ - make image IMAGE_TAG="v${TARGET_VERSION}" DOCKER_PUSH=false - make release-cli - chmod +x ./dist/argocd-linux-amd64 - ./dist/argocd-linux-amd64 version --client - if: ${{ env.DRY_RUN != 'true' }} - - - name: Push docker image to repository - env: - QUAY_USERNAME: ${{ secrets.RELEASE_QUAY_USERNAME }} - QUAY_TOKEN: ${{ secrets.RELEASE_QUAY_TOKEN }} - run: | - set -ue - docker login quay.io --username "${QUAY_USERNAME}" --password "${QUAY_TOKEN}" - docker push ${{ env.IMAGE_NAMESPACE }}/argocd:v${TARGET_VERSION} - if: ${{ env.DRY_RUN != 'true' }} - - - name: Read release notes file - id: release-notes - uses: juliangruber/read-file-action@v1 - with: - path: ${{ env.RELEASE_NOTES }} - name: Push changes to release branch run: | @@ -200,72 +290,11 @@ jobs: # Codefresh change # git push origin ${TARGET_BRANCH} git push origin ${RELEASE_TAG} - - name: Create GitHub release - uses: actions/create-release@v1 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - id: create_release - with: - tag_name: ${{ env.RELEASE_TAG }} - release_name: ${{ env.RELEASE_TAG }} - draft: ${{ env.DRAFT_RELEASE }} - prerelease: ${{ env.PRE_RELEASE }} - body: ${{ steps.release-notes.outputs.content }} - - - name: Upload argocd-linux-amd64 binary to release assets - uses: actions/upload-release-asset@v1 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - upload_url: ${{ steps.create_release.outputs.upload_url }} - asset_path: ./dist/argocd-linux-amd64 - asset_name: argocd-linux-amd64 - asset_content_type: application/octet-stream - if: ${{ env.DRY_RUN != 'true' }} - - name: Upload argocd-linux-arm64 binary to release assets - uses: actions/upload-release-asset@v1 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - upload_url: ${{ steps.create_release.outputs.upload_url }} - asset_path: ./dist/argocd-linux-arm64 - asset_name: argocd-linux-arm64 - asset_content_type: application/octet-stream - if: ${{ env.DRY_RUN != 'true' }} - - - name: Upload argocd-darwin-amd64 binary to release assets - uses: actions/upload-release-asset@v1 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - upload_url: ${{ steps.create_release.outputs.upload_url }} - asset_path: ./dist/argocd-darwin-amd64 - asset_name: argocd-darwin-amd64 - asset_content_type: application/octet-stream - if: ${{ env.DRY_RUN != 'true' }} - - - name: Upload argocd-darwin-arm64 binary to release assets - uses: actions/upload-release-asset@v1 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - upload_url: ${{ steps.create_release.outputs.upload_url }} - asset_path: ./dist/argocd-darwin-arm64 - asset_name: argocd-darwin-arm64 - asset_content_type: application/octet-stream - if: ${{ env.DRY_RUN != 'true' }} - - - name: Upload argocd-windows-amd64 binary to release assets - uses: actions/upload-release-asset@v1 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + - name: Setup Golang + uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1 with: - upload_url: ${{ steps.create_release.outputs.upload_url }} - asset_path: ./dist/argocd-windows-amd64.exe - asset_name: argocd-windows-amd64.exe - asset_content_type: application/octet-stream - if: ${{ env.DRY_RUN != 'true' }} + go-version: ${{ env.GOLANG_VERSION }} - name: Generate SBOM (spdx) id: spdx-builder @@ -295,21 +324,29 @@ jobs: cd /tmp && tar -zcf sbom.tar.gz *.spdx if: ${{ env.DRY_RUN != 'true' }} - - name: Upload SBOM to release assets - uses: actions/upload-release-asset@v1 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 with: - upload_url: ${{ steps.create_release.outputs.upload_url }} - asset_path: /tmp/sbom.tar.gz - asset_name: sbom.tar.gz - asset_content_type: application/octet-stream - if: ${{ env.DRY_RUN != 'true' }} + name: ${{ needs.binaries.outputs.ARTIFACT_NAME }} + + - name: Release + id: create_release + uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v0.1.15 + if: startsWith(github.ref, 'refs/tags/') + with: + token: ${{ secrets.GITHUB_TOKEN }} + name: ${{ env.RELEASE_TAG }} + files: | + argocd-* + /tmp/sbom.tar.gz + tag_name: ${{ env.RELEASE_TAG }} + draft: ${{ env.DRAFT_RELEASE }} + prerelease: ${{ needs.prepare-release.outputs.PRE_RELEASE }} + body: ${{ needs.prepare-release.outputs.RELEASE_NOTES }} - name: Update homebrew formula env: HOMEBREW_TOKEN: ${{ secrets.RELEASE_HOMEBREW_TOKEN }} - uses: dawidd6/action-homebrew-bump-formula@v3 + uses: dawidd6/action-homebrew-bump-formula@d3667e5ae14df19579e4414897498e3e88f2f458 # v3.10.0 with: token: ${{env.HOMEBREW_TOKEN}} formula: argocd @@ -319,4 +356,4 @@ jobs: run: | set -ue git push --delete origin ${SOURCE_TAG} - if: ${{ always() }} \ No newline at end of file + if: ${{ always() }} diff --git a/Dockerfile b/Dockerfile index 514f4a017eae2..30b01f33f6076 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,10 +1,10 @@ -ARG BASE_IMAGE=docker.io/library/ubuntu:22.04@sha256:9a0bdde4188b896a372804be2384015e90e3f84906b750c1a53539b585fbbe7f +ARG BASE_IMAGE=docker.io/library/ubuntu:22.04@sha256:ac58ff7fe25edc58bdf0067ca99df00014dbd032e2246d30a722fa348fd799a5 #################################################################################################### # Builder image # Initial stage which pulls prepares build dependencies and CLI tooling we need for our final image # Also used as the image in CI jobs so needs all dependencies #################################################################################################### -FROM docker.io/library/golang:1.19.6@sha256:7ce31d15a3a4dbf20446cccffa4020d3a2974ad2287d96123f55caf22c7adb71 AS builder +FROM docker.io/library/golang:1.20.6@sha256:8e5a0067e6b387263a01d06b91ef1a983f90e9638564f6e25392fd2695f7ab6c AS builder RUN echo 'deb http://deb.debian.org/debian buster-backports main' >> /etc/apt/sources.list