Merge pull request #329 from codefresh-io/CR-22243-sync-v3.5.4

feat: cr 22243 sync v3.5.4

.github/ISSUE_TEMPLATE/config.yml

@@ -4,8 +4,8 @@ contact_links:
   - name: Have you read the docs?
     url: https://argo-workflows.readthedocs.io/en/latest
     about: Much help can be found in the docs
-  - name: Ask a question
-    url: https://github.com/argoproj/argo-workflows/discussions/new
+  - name: Ask a question about Codefresh's Argo Worklfows
+    url: https://github.com/codefresh-io/argo-workflows/discussions/new
     about: Ask a question or start a discussion about workflows
   - name: Chat on Slack
     url: https://argoproj.github.io/community/join-slack

.github/workflows/ci-build.yaml

@@ -7,7 +7,8 @@ on:
       - "!release-2.8"
   pull_request:
     branches:
-      - "main"
+      - "master"
+      - "release-*"
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}

.github/workflows/default-branch-check.yaml

@@ -0,0 +1,18 @@
+name: PR check
+
+on:
+  pull_request:
+    branches:
+      - "release-*"
+
+jobs:
+  test-default-branch:
+    name: base branch is a default branch
+    runs-on: ubuntu-latest
+    steps:
+    - name: fail if base branch is not default branch
+      if: ${{ github.event.pull_request.base.ref != github.event.repository.default_branch }}
+      uses: actions/github-script@v3
+      with:
+        script: |
+            core.setFailed("Base branch of the PR - ${{ github.event.pull_request.base.ref }} is not a default branch. Please reopen your PR to ${{ github.event.repository.default_branch }}")

.github/workflows/release.yaml

@@ -5,7 +5,8 @@ on:
     tags:
       - v*
     branches:
-      - main
+      - master
+      - release-*
       - dev-*
 
 concurrency:
@@ -20,24 +21,94 @@ permissions:
   contents: read
 
 jobs:
-  build-linux:
-    name: Build & push linux
-    if: github.repository == 'argoproj/argo-workflows'
+  build-linux-amd64:
+    name: Build & push linux/amd64
+    if: github.repository == 'codefresh-io/argo-workflows'
     runs-on: ubuntu-latest
     strategy:
       matrix:
         platform: [ linux/amd64, linux/arm64 ]
         target: [ workflow-controller, argocli, argoexec ]
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+        with:
+          version: v0.9.1
+
+      - name: Cache Docker layers
+        uses: actions/cache@v3
+        id: cache
+        with:
+          path: /tmp/.buildx-cache
+          key: ${{ runner.os }}-${{ matrix.platform }}-${{ matrix.target }}-buildx-${{ github.sha }}
+          restore-keys: |
+            ${{ runner.os }}-${{ matrix.platform }}-${{ matrix.target }}-buildx-
+
+      ## Codefresh - remove dockerhub
+      # - name: Docker Login
+      #   uses: docker/login-action@v1
+      #   with:
+      #     username: ${{ secrets.DOCKERIO_USERNAME }}
+      #     password: ${{ secrets.DOCKERIO_PASSWORD }}
+
+      - name: Docker Login
+        uses: docker/login-action@v2
+        with:
+          registry: quay.io
+          username: ${{ secrets.QUAYIO_USERNAME }}
+          password: ${{ secrets.QUAYIO_PASSWORD }}
+
+      - name: Docker Buildx
+        env:
+          DOCKERIO_ORG: ${{ secrets.DOCKERIO_ORG }}
+          PLATFORM: ${{ matrix.platform }}
+          TARGET: ${{ matrix.target }}
+        run: |
+          tag=$(basename $GITHUB_REF)
+          if [ $tag = "master" ]; then
+            tag="latest"
+          fi
+
+          tag_suffix=$(echo $PLATFORM | sed -r "s/\//-/g")
+          image_name="${DOCKERIO_ORG}/${TARGET}:${tag}-${tag_suffix}"
+
+          ## Codefresh - remove dockerhub
+          # docker buildx build \
+          #   --cache-from "type=local,src=/tmp/.buildx-cache" \
+          #   --cache-to "type=local,dest=/tmp/.buildx-cache" \
+          #   --output "type=image,push=true" \
+          #   --platform="${PLATFORM}" \
+          #   --target $TARGET \
+          #   --tag $image_name .
+
+          docker buildx build \
+            --cache-from "type=local,src=/tmp/.buildx-cache" \
+            --cache-to "type=local,dest=/tmp/.buildx-cache" \
+            --output "type=image,push=true" \
+            --platform="${PLATFORM}" \
+            --target $TARGET \
+            --tag quay.io/$image_name .
+
+  build-linux-arm64:
+    name: Build & push linux/arm64
+    if: github.repository == 'codefresh-io/argo-workflows'
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        platform: [ linux/arm64 ]
+        target: [ workflow-controller, argocli, argoexec ]
+    steps:
+      - uses: actions/checkout@v3
 
       - name: Set up QEMU
         uses: docker/setup-qemu-action@v3
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
+        uses: docker/setup-buildx-action@v2
         with:
-          version: v0.10.4
+          version: v0.9.1
 
       - name: Cache Docker layers
         uses: actions/cache@v3
@@ -48,11 +119,12 @@ jobs:
           restore-keys: |
             ${{ runner.os }}-${{ matrix.platform }}-${{ matrix.target }}-buildx-
 
-      - name: Docker Login
-        uses: docker/login-action@v3
-        with:
-          username: ${{ secrets.DOCKERIO_USERNAME }}
-          password: ${{ secrets.DOCKERIO_PASSWORD }}
+      ## Codefresh - remove dockerhub
+      # - name: Docker Login
+      #   uses: docker/login-action@v1
+      #   with:
+      #     username: ${{ secrets.DOCKERIO_USERNAME }}
+      #     password: ${{ secrets.DOCKERIO_PASSWORD }}
 
       - name: Docker Login
         uses: docker/login-action@v3
@@ -79,30 +151,35 @@ jobs:
           tag_suffix=$(echo $PLATFORM | sed -r "s/\//-/g")
           image_name="${DOCKERIO_ORG}/${TARGET}:${tag}-${tag_suffix}"
 
+          ## Codefresh - remove dockerhub
+          # docker buildx build \
+          #   --cache-from "type=local,src=/tmp/.buildx-cache" \
+          #   --cache-to "type=local,dest=/tmp/.buildx-cache" \
+          #   --output "type=image,push=true" \
+          #   --platform="${PLATFORM}" \
+          #   --target $TARGET \
+          #   --tag $image_name .
+
           docker buildx build \
             --cache-from "type=local,src=/tmp/.buildx-cache" \
             --cache-to "type=local,dest=/tmp/.buildx-cache" \
             --output "type=image,push=true" \
-            --build-arg GIT_COMMIT=$GIT_COMMIT \
-            --build-arg GIT_TAG=$GIT_TAG \
-            --build-arg GIT_TREE_STATE=$GIT_TREE_STATE \
             --platform="${PLATFORM}" \
             --target $TARGET \
-            --provenance=false \
-            --tag $image_name \
             --tag quay.io/$image_name .
 
   build-windows:
     name: Build & push windows
-    if: github.repository == 'argoproj/argo-workflows'
+    if: github.repository == 'codefresh-io/argo-workflows'
     runs-on: windows-2022
     steps:
-      - uses: actions/checkout@v4
-      - name: Docker Login
-        uses: Azure/docker-login@v1
-        with:
-          username: ${{ secrets.DOCKERIO_USERNAME }}
-          password: ${{ secrets.DOCKERIO_PASSWORD }}
+      - uses: actions/checkout@v2
+      ## Codefresh - remove dockerhub
+      # - name: Docker Login
+      #   uses: Azure/docker-login@v1
+      #   with:
+      #     username: ${{ secrets.DOCKERIO_USERNAME }}
+      #     password: ${{ secrets.DOCKERIO_PASSWORD }}
 
       - name: Login to Quay
         uses: Azure/docker-login@v1
@@ -125,16 +202,9 @@ jobs:
           targets="argoexec"
           for target in $targets; do
             image_name="${docker_org}/${target}:${tag}-windows"
-            docker build \
-              --build-arg GIT_COMMIT=$tag \
-              --build-arg GIT_BRANCH=$branch \
-              --build-arg GIT_TREE_STATE=$tree_state \
-              --target $target \
-              -t $image_name \
-              -f Dockerfile.windows \
-              .
-
-            docker push $image_name
+            docker build --target $target -t $image_name -f Dockerfile.windows .
+            ## Codefresh - remove dockerhub
+            # docker push $image_name
 
             docker tag $image_name quay.io/$image_name
             docker push quay.io/$image_name
@@ -143,16 +213,17 @@ jobs:
 
   push-images:
     name: Push manifest with all images
-    if: github.repository == 'argoproj/argo-workflows'
+    if: github.repository == 'codefresh-io/argo-workflows'
     runs-on: ubuntu-latest
     needs: [ build-linux, build-windows ]
     steps:
-      - uses: actions/checkout@v4
-      - name: Docker Login
-        uses: Azure/docker-login@v1
-        with:
-          username: ${{ secrets.DOCKERIO_USERNAME }}
-          password: ${{ secrets.DOCKERIO_PASSWORD }}
+      - uses: actions/checkout@v2
+      ## Codefresh - remove dockerhub
+      # - name: Docker Login
+      #   uses: Azure/docker-login@v1
+      #   with:
+      #     username: ${{ secrets.DOCKERIO_USERNAME }}
+      #     password: ${{ secrets.DOCKERIO_PASSWORD }}
 
       - name: Login to Quay
         uses: Azure/docker-login@v1
@@ -186,14 +257,17 @@ jobs:
             image_name="${docker_org}/${target}:${tag}"
 
             if [ $target = "argoexec" ]; then
-              docker manifest create $image_name ${image_name}-linux-arm64 ${image_name}-linux-amd64 ${image_name}-windows
+              ## Codefresh - remove dockerhub
+              # docker manifest create $image_name ${image_name}-linux-arm64 ${image_name}-linux-amd64 ${image_name}-windows
               docker manifest create quay.io/$image_name quay.io/${image_name}-linux-arm64 quay.io/${image_name}-linux-amd64 quay.io/${image_name}-windows
             else
-              docker manifest create $image_name ${image_name}-linux-arm64 ${image_name}-linux-amd64
+              ## Codefresh - remove dockerhub
+              # docker manifest create $image_name ${image_name}-linux-arm64 ${image_name}-linux-amd64
               docker manifest create quay.io/$image_name quay.io/${image_name}-linux-arm64 quay.io/${image_name}-linux-amd64
             fi
 
-            docker manifest push $image_name
+            ## Codefresh - remove dockerhub
+            # docker manifest push $image_name
             docker manifest push quay.io/$image_name
 
             cosign sign --key env://COSIGN_PRIVATE_KEY quay.io/$image_name
@@ -202,19 +276,20 @@ jobs:
 
   test-images-linux-amd64:
     name: Try pulling linux/amd64
-    if: github.repository == 'argoproj/argo-workflows'
+    if: github.repository == 'codefresh-io/argo-workflows'
     runs-on: ubuntu-latest
     needs: [ push-images ]
     strategy:
       matrix:
         platform: [ linux/amd64 ]
         target: [ workflow-controller, argocli, argoexec ]
     steps:
-      - name: Docker Login
-        uses: Azure/docker-login@v1
-        with:
-          username: ${{ secrets.DOCKERIO_USERNAME }}
-          password: ${{ secrets.DOCKERIO_PASSWORD }}
+      ## Codefresh - remove dockerhub
+      # - name: Docker Login
+      #   uses: Azure/docker-login@v1
+      #   with:
+      #     username: ${{ secrets.DOCKERIO_USERNAME }}
+      #     password: ${{ secrets.DOCKERIO_PASSWORD }}
 
       - name: Login to Quay
         uses: Azure/docker-login@v1
@@ -235,20 +310,22 @@ jobs:
           fi
 
           image_name="${DOCKERIO_ORG}/${TARGET}:${tag}"
-          docker pull $image_name
+          ## Codefresh - remove dockerhub
+          # docker pull $image_name
           docker pull quay.io/$image_name
 
   test-images-windows:
     name: Try pulling windows
-    if: github.repository == 'argoproj/argo-workflows'
+    if: github.repository == 'codefresh-io/argo-workflows'
     runs-on: windows-2022
     needs: [ push-images ]
     steps:
-      - name: Docker Login
-        uses: Azure/docker-login@v1
-        with:
-          username: ${{ secrets.DOCKERIO_USERNAME }}
-          password: ${{ secrets.DOCKERIO_PASSWORD }}
+      ## Codefresh - remove dockerhub
+      # - name: Docker Login
+      #   uses: Azure/docker-login@v1
+      #   with:
+      #     username: ${{ secrets.DOCKERIO_USERNAME }}
+      #     password: ${{ secrets.DOCKERIO_PASSWORD }}
 
       - name: Login to Quay
         uses: Azure/docker-login@v1
@@ -269,15 +346,16 @@ jobs:
           targets="argoexec"
           for target in $targets; do
             image_name="${docker_org}/${target}:${tag}"
-            docker pull $image_name
+            ## Codefresh - remove dockerhub
+            # docker pull $image_name
             docker pull quay.io/$image_name
           done
 
   publish-release:
     permissions:
       contents: write  # for softprops/action-gh-release to create GitHub release
     runs-on: ubuntu-latest
-    if: github.repository == 'argoproj/argo-workflows'
+    if: github.repository == 'codefresh-io/argo-workflows'
     needs: [ push-images, test-images-linux-amd64, test-images-windows ]
     env:
       NODE_OPTIONS: --max-old-space-size=4096
@@ -301,31 +379,14 @@ jobs:
         with:
           cosign-release: 'v1.13.0'
       # https://stackoverflow.com/questions/58033366/how-to-get-current-branch-within-github-actions
-      - run: |
-          if [ ${GITHUB_REF##*/} = main ]; then
-           echo "VERSION=latest" >> $GITHUB_ENV
-          else
-            echo "VERSION=${GITHUB_REF##*/}" >> $GITHUB_ENV
-          fi
-      - run: go install sigs.k8s.io/bom/cmd/[email protected]
-      - run: go install github.com/spdx/spdx-sbom-generator/cmd/[email protected]
-      - run: mkdir -p dist
-      - run: generator -o dist -p .
-      - run: yarn --cwd ui install
-      - run: generator -o dist -p ui
-      - run: bom generate --image quay.io/argoproj/workflow-controller:$VERSION -o dist/workflow-controller.spdx
-      - run: bom generate --image quay.io/argoproj/argocli:$VERSION -o dist/argocli.spdx
-      - run: bom generate --image quay.io/argoproj/argoexec:$VERSION -o dist/argoexec.spdx
-      # pack the boms into one file to make it easy to download
-      - run: tar -zcf dist/sbom.tar.gz dist/*.spdx
-      - run: make release-notes VERSION=$VERSION
+      - run: make release-notes VERSION=${GITHUB_REF##*/}
       - run: cat release-notes
-      - run: make manifests VERSION=$VERSION
+      - run: make manifests VERSION=${GITHUB_REF##*/}
       - name: Print image tag (please check it is not `:latest`)
         run: |
           grep image: dist/manifests/install.yaml
       - run: go mod download
-      - run: make clis STATIC_FILES=true VERSION=$VERSION
+      - run: make clis STATIC_FILES=true VERSION=${GITHUB_REF##*/}
       - name: Print version (please check it is not dirty)
         run: dist/argo-linux-amd64 version
       - run: make checksums