Skip to content

Commit

Permalink
Merge branch 'release-3.5' into cr-24608-sync-upstream-3.5.7
Browse files Browse the repository at this point in the history
  • Loading branch information
ATGardner authored Jul 15, 2024
2 parents 503eef1 + 018b802 commit 0f415f4
Show file tree
Hide file tree
Showing 55 changed files with 58,923 additions and 1,081 deletions.
4 changes: 2 additions & 2 deletions .github/ISSUE_TEMPLATE/config.yml
Original file line number Diff line number Diff line change
Expand Up @@ -4,8 +4,8 @@ contact_links:
- name: Have you read the docs?
url: https://argo-workflows.readthedocs.io/en/latest
about: Much help can be found in the docs
- name: Ask a question
url: https://github.com/argoproj/argo-workflows/discussions/new
- name: Ask a question about Codefresh's Argo Worklfows
url: https://github.com/codefresh-io/argo-workflows/discussions/new
about: Ask a question or start a discussion about workflows
- name: Chat on Slack
url: https://argoproj.github.io/community/join-slack
Expand Down
3 changes: 2 additions & 1 deletion .github/workflows/ci-build.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,8 @@ on:
- "!release-2.8"
pull_request:
branches:
- "main"
- "master"
- "release-*"

concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
Expand Down
18 changes: 18 additions & 0 deletions .github/workflows/default-branch-check.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
name: PR check

on:
pull_request:
branches:
- "release-*"

jobs:
test-default-branch:
name: base branch is a default branch
runs-on: ubuntu-latest
steps:
- name: fail if base branch is not default branch
if: ${{ github.event.pull_request.base.ref != github.event.repository.default_branch }}
uses: actions/github-script@v3
with:
script: |
core.setFailed("Base branch of the PR - ${{ github.event.pull_request.base.ref }} is not a default branch. Please reopen your PR to ${{ github.event.repository.default_branch }}")
144 changes: 40 additions & 104 deletions .github/workflows/release.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,8 @@ on:
tags:
- v*
branches:
- main
- master
- release-*
- dev-*

concurrency:
Expand All @@ -20,13 +21,13 @@ permissions:
contents: read

jobs:
build-linux:
build-linux-amd64:
name: Build & push linux
if: github.repository == 'argoproj/argo-workflows'
if: github.repository == 'codefresh-io/argo-workflows'
runs-on: ubuntu-latest
strategy:
matrix:
platform: [ linux/amd64, linux/arm64 ]
platform: [ linux/amd64 ]
target: [ workflow-controller, argocli, argoexec ]
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
Expand All @@ -48,12 +49,6 @@ jobs:
restore-keys: |
${{ runner.os }}-${{ matrix.platform }}-${{ matrix.target }}-buildx-
- name: Docker Login
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
with:
username: ${{ secrets.DOCKERIO_USERNAME }}
password: ${{ secrets.DOCKERIO_PASSWORD }}

- name: Login to Quay
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
with:
Expand Down Expand Up @@ -94,20 +89,15 @@ jobs:
build-windows:
name: Build & push windows
if: github.repository == 'argoproj/argo-workflows'
if: github.repository == 'codefresh-io/argo-workflows'
runs-on: windows-2022
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Docker Login
uses: Azure/docker-login@83efeb77770c98b620c73055fbb59b2847e17dc0 # v1.0.1
with:
username: ${{ secrets.DOCKERIO_USERNAME }}
password: ${{ secrets.DOCKERIO_PASSWORD }}

- name: Login to Quay
uses: Azure/docker-login@83efeb77770c98b620c73055fbb59b2847e17dc0 # v1.0.1
with:
login-server: quay.io
registry: quay.io
username: ${{ secrets.QUAYIO_USERNAME }}
password: ${{ secrets.QUAYIO_PASSWORD }}

Expand All @@ -118,23 +108,16 @@ jobs:
docker_org=$DOCKERIO_ORG
tag=$(basename $GITHUB_REF)
if [ $tag = "main" ]; then
if [ $tag = "master" ]; then
tag="latest"
fi
targets="argoexec"
for target in $targets; do
image_name="${docker_org}/${target}:${tag}-windows"
docker build \
--build-arg GIT_COMMIT=$tag \
--build-arg GIT_BRANCH=$branch \
--build-arg GIT_TREE_STATE=$tree_state \
--target $target \
-t $image_name \
-f Dockerfile.windows \
.
docker push $image_name
docker build --target $target -t $image_name -f Dockerfile.windows .
## Codefresh - remove dockerhub
# docker push $image_name
docker tag $image_name quay.io/$image_name
docker push quay.io/$image_name
Expand All @@ -143,41 +126,29 @@ jobs:
push-images:
name: Push manifest with all images
if: github.repository == 'argoproj/argo-workflows'
if: github.repository == 'codefresh-io/argo-workflows'
runs-on: ubuntu-latest
needs: [ build-linux, build-windows ]
needs: [ build-linux-amd64, build-linux-arm64, build-windows ]
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Docker Login
uses: Azure/docker-login@83efeb77770c98b620c73055fbb59b2847e17dc0 # v1.0.1
with:
username: ${{ secrets.DOCKERIO_USERNAME }}
password: ${{ secrets.DOCKERIO_PASSWORD }}

- name: Login to Quay
uses: Azure/docker-login@83efeb77770c98b620c73055fbb59b2847e17dc0 # v1.0.1
with:
login-server: quay.io
registry: quay.io
username: ${{ secrets.QUAYIO_USERNAME }}
password: ${{ secrets.QUAYIO_PASSWORD }}

- name: Install cosign
uses: sigstore/cosign-installer@e1523de7571e31dbe865fd2e80c5c7c23ae71eb4 # v3.4.0
with:
cosign-release: 'v2.2.3'

- name: Push Multiarch Image
env:
DOCKERIO_ORG: ${{ secrets.DOCKERIO_ORG }}
COSIGN_PRIVATE_KEY: ${{secrets.COSIGN_PRIVATE_KEY}}
COSIGN_PASSWORD: ${{secrets.COSIGN_PASSWORD}}
run: |
echo $(jq -c '. + { "experimental": "enabled" }' ${DOCKER_CONFIG}/config.json) > ${DOCKER_CONFIG}/config.json
docker_org=$DOCKERIO_ORG
tag=$(basename $GITHUB_REF)
if [ $tag = "main" ]; then
if [ $tag = "master" ]; then
tag="latest"
fi
Expand All @@ -186,36 +157,30 @@ jobs:
image_name="${docker_org}/${target}:${tag}"
if [ $target = "argoexec" ]; then
docker manifest create $image_name ${image_name}-linux-arm64 ${image_name}-linux-amd64 ${image_name}-windows
## Codefresh - remove dockerhub
# docker manifest create $image_name ${image_name}-linux-arm64 ${image_name}-linux-amd64 ${image_name}-windows
docker manifest create quay.io/$image_name quay.io/${image_name}-linux-arm64 quay.io/${image_name}-linux-amd64 quay.io/${image_name}-windows
else
docker manifest create $image_name ${image_name}-linux-arm64 ${image_name}-linux-amd64
## Codefresh - remove dockerhub
# docker manifest create $image_name ${image_name}-linux-arm64 ${image_name}-linux-amd64
docker manifest create quay.io/$image_name quay.io/${image_name}-linux-arm64 quay.io/${image_name}-linux-amd64
fi
docker manifest push $image_name
## Codefresh - remove dockerhub
# docker manifest push $image_name
docker manifest push quay.io/$image_name
cosign sign -y --key env://COSIGN_PRIVATE_KEY quay.io/$image_name
done
test-images-linux-amd64:
name: Try pulling linux/amd64
if: github.repository == 'argoproj/argo-workflows'
if: github.repository == 'codefresh-io/argo-workflows'
runs-on: ubuntu-latest
needs: [ push-images ]
strategy:
matrix:
platform: [ linux/amd64 ]
target: [ workflow-controller, argocli, argoexec ]
steps:
- name: Docker Login
uses: Azure/docker-login@83efeb77770c98b620c73055fbb59b2847e17dc0 # v1.0.1
with:
username: ${{ secrets.DOCKERIO_USERNAME }}
password: ${{ secrets.DOCKERIO_PASSWORD }}

- name: Login to Quay
uses: Azure/docker-login@83efeb77770c98b620c73055fbb59b2847e17dc0 # v1.0.1
with:
Expand All @@ -230,26 +195,19 @@ jobs:
TARGET: ${{ matrix.target }}
run: |
tag=$(basename $GITHUB_REF)
if [ $tag = "main" ]; then
if [ $tag = "master" ]; then
tag="latest"
fi
image_name="${DOCKERIO_ORG}/${TARGET}:${tag}"
docker pull $image_name
docker pull quay.io/$image_name
test-images-windows:
name: Try pulling windows
if: github.repository == 'argoproj/argo-workflows'
if: github.repository == 'codefresh-io/argo-workflows'
runs-on: windows-2022
needs: [ push-images ]
steps:
- name: Docker Login
uses: Azure/docker-login@83efeb77770c98b620c73055fbb59b2847e17dc0 # v1.0.1
with:
username: ${{ secrets.DOCKERIO_USERNAME }}
password: ${{ secrets.DOCKERIO_PASSWORD }}

- name: Login to Quay
uses: Azure/docker-login@83efeb77770c98b620c73055fbb59b2847e17dc0 # v1.0.1
with:
Expand All @@ -262,27 +220,24 @@ jobs:
run: |
docker_org=$DOCKERIO_ORG
tag=$(basename $GITHUB_REF)
if [ $tag = "main" ]; then
if [ $tag = "master" ]; then
tag="latest"
fi
targets="argoexec"
for target in $targets; do
image_name="${docker_org}/${target}:${tag}"
docker pull $image_name
docker pull quay.io/$image_name
done
publish-release:
permissions:
contents: write # for softprops/action-gh-release to create GitHub release
runs-on: ubuntu-latest
if: github.repository == 'argoproj/argo-workflows'
if: github.repository == 'codefresh-io/argo-workflows'
needs: [ push-images, test-images-linux-amd64, test-images-windows ]
env:
NODE_OPTIONS: --max-old-space-size=4096
COSIGN_PRIVATE_KEY: ${{secrets.COSIGN_PRIVATE_KEY}}
COSIGN_PASSWORD: ${{secrets.COSIGN_PASSWORD}}
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- uses: actions/setup-node@b39b52d1213e96004bfcb1c61a8a6fa8ab84f3e8 # v4.0.1
Expand All @@ -296,45 +251,28 @@ jobs:
with:
path: ui/node_modules
key: ${{ runner.os }}-node-dep-v1-${{ hashFiles('**/yarn.lock') }}
- name: Install cosign
uses: sigstore/cosign-installer@e1523de7571e31dbe865fd2e80c5c7c23ae71eb4 # v3.4.0
- name: go build cache
uses: actions/cache@e12d46a63a90f2fae62d114769bbf2a179198b5c # v3.3.3
with:
path: /home/runner/.cache/go-build
key: GOCACHE-v2-${{ hashFiles('**/go.mod') }}
- name: go mod cache
uses: actions/cache@e12d46a63a90f2fae62d114769bbf2a179198b5c # v3.3.3
with:
cosign-release: 'v2.2.3'
path: /home/runner/go/pkg/mod
key: GOMODCACHE-v2-${{ hashFiles('**/go.mod') }}
# https://stackoverflow.com/questions/58033366/how-to-get-current-branch-within-github-actions
- run: |
if [ ${GITHUB_REF##*/} = main ]; then
echo "VERSION=latest" >> $GITHUB_ENV
else
echo "VERSION=${GITHUB_REF##*/}" >> $GITHUB_ENV
fi
- run: go install sigs.k8s.io/bom/cmd/[email protected]
- run: go install github.com/spdx/spdx-sbom-generator/cmd/[email protected]
- run: mkdir -p dist
- run: generator -o dist -p .
- run: yarn --cwd ui install
- run: generator -o dist -p ui
- run: bom generate --image quay.io/argoproj/workflow-controller:$VERSION -o dist/workflow-controller.spdx
- run: bom generate --image quay.io/argoproj/argocli:$VERSION -o dist/argocli.spdx
- run: bom generate --image quay.io/argoproj/argoexec:$VERSION -o dist/argoexec.spdx
# pack the boms into one file to make it easy to download
- run: tar -zcf dist/sbom.tar.gz dist/*.spdx
- run: make release-notes VERSION=$VERSION
- run: make release-notes VERSION=${GITHUB_REF##*/}
- run: cat release-notes
- run: make manifests VERSION=$VERSION
- run: make manifests VERSION=${GITHUB_REF##*/}
- name: Print image tag (please check it is not `:latest`)
run: |
grep image: dist/manifests/install.yaml
- run: go mod download
- run: make clis STATIC_FILES=true VERSION=$VERSION
- run: make clis STATIC_FILES=true VERSION=${GITHUB_REF##*/}
- name: Print version (please check it is not dirty)
run: dist/argo-linux-amd64 version
- run: make checksums
- name: Sign checksums and create public key for release assets
run: |
cosign sign-blob -y --key env://COSIGN_PRIVATE_KEY ./dist/argo-workflows-cli-checksums.txt > ./dist/argo-workflows-cli-checksums.sig
# Retrieves the public key to release as an asset
cosign public-key --key env://COSIGN_PRIVATE_KEY > ./dist/argo-workflows-cosign.pub
# https://github.com/softprops/action-gh-release
# This will publish the release and upload assets.
# If a conflict occurs (because you are not on a tag), the release will not be updated. This is a short coming
Expand All @@ -347,10 +285,8 @@ jobs:
body_path: release-notes
files: |
dist/argo-*.gz
dist/argo-workflows-cli-checksums.txt
dist/argo-workflows-cli-checksums.sig
dist/argo-*.gz.sha256
dist/manifests/*.yaml
dist/argo-workflows-cosign.pub
dist/sbom.tar.gz
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
6 changes: 3 additions & 3 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -149,9 +149,9 @@ Participation in Argo Workflows is governed by the [CNCF Code of Conduct](https:

## Project Resources

* [Argo Project GitHub organization](https://github.com/argoproj)
* [Argo Website](https://argoproj.github.io/)
* [Argo Slack](https://argoproj.github.io/community/join-slack)
* Codefresh Argo GitHub: https://github.com/codefresh-io
* Argo Website: https://argoproj.github.io/
* Argo Slack: [click here to join](https://argoproj.github.io/community/join-slack)

## Security

Expand Down
Loading

0 comments on commit 0f415f4

Please sign in to comment.