Merge branch 'main' into chore/notifications-logging

Signed-off-by: Josh Baird <jbaird@galileo.io>
2023-06-26 08:34:10 -04:00 · 2023-06-26 08:34:10 -04:00 · 3c996651a4
commit 3c996651a4
parent 97d326f2c3 f1526ec558
8 changed files with 71 additions and 23 deletions
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@ -38,7 +38,7 @@ jobs:
          persist-credentials: false
      - name: "Run analysis"
-        uses: ossf/scorecard-action@80e868c13c90f172d68d1f4501dee99e2479f7af # v2.1.3
+        uses: ossf/scorecard-action@08b4669551908b1024bb425080c797723083c031 # v2.2.0
        with:
          results_file: results.sarif
          results_format: sarif
--- a/charts/argo-cd/README.md
+++ b/charts/argo-cd/README.md
@ -1044,7 +1044,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide
 | applicationSet.certificate.privateKey.size | int | `2048` | Key bit size of the private key. If algorithm is set to `Ed25519`, size is ignored. |
 | applicationSet.certificate.renewBefore | string | `""` (defaults to 360h = 15d if not specified) | How long before the expiry a certificate should be renewed. |
 | applicationSet.certificate.secretName | string | `"argocd-application-controller-tls"` | The name of the Secret that will be automatically created and managed by this Certificate resource |
-| applicationSet.containerPorts.metrics | int | `8085` | Metrics container port |
+| applicationSet.containerPorts.metrics | int | `8080` | Metrics container port |
 | applicationSet.containerPorts.probe | int | `8081` | Probe container port |
 | applicationSet.containerPorts.webhook | int | `7000` | Webhook container port |
 | applicationSet.containerSecurityContext | object | See [values.yaml] | ApplicationSet controller container-level security context |
@ -1075,7 +1075,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide
 | applicationSet.metrics.service.clusterIP | string | `""` | Metrics service clusterIP. `None` makes a "headless service" (no virtual IP) |
 | applicationSet.metrics.service.labels | object | `{}` | Metrics service labels |
 | applicationSet.metrics.service.portName | string | `"http-metrics"` | Metrics service port name |
-| applicationSet.metrics.service.servicePort | int | `8085` | Metrics service port |
+| applicationSet.metrics.service.servicePort | int | `8080` | Metrics service port |
 | applicationSet.metrics.service.type | string | `"ClusterIP"` | Metrics service type |
 | applicationSet.metrics.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels |
 | applicationSet.metrics.serviceMonitor.annotations | object | `{}` | Prometheus ServiceMonitor annotations |
--- a/charts/argo-cd/values.yaml
+++ b/charts/argo-cd/values.yaml
@ -2433,7 +2433,7 @@ applicationSet:
      # -- Metrics service labels
      labels: {}
      # -- Metrics service port
-      servicePort: 8085
+      servicePort: 8080
      # -- Metrics service port name
      portName: http-metrics
    serviceMonitor:
@ -2506,7 +2506,7 @@ applicationSet:
  # ApplicationSet controller container ports
  containerPorts:
    # -- Metrics container port
-    metrics: 8085
+    metrics: 8080
    # -- Probe container port
    probe: 8081
    # -- Webhook container port
--- a/charts/argo-workflows/Chart.yaml
+++ b/charts/argo-workflows/Chart.yaml
@ -3,7 +3,7 @@ appVersion: v3.4.8
 name: argo-workflows
 description: A Helm chart for Argo Workflows
 type: application
-version: 0.29.2
+version: 0.30.0
 icon: https://argoproj.github.io/argo-workflows/assets/logo.png
 home: https://github.com/argoproj/argo-helm
 sources:
@ -16,5 +16,5 @@ annotations:
    fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252
    url: https://argoproj.github.io/argo-helm/pgp_keys.asc
  artifacthub.io/changes: |
-    - kind: added
+    - kind: fixed
-      description: Add support for UI columns configuration
+      description: artifactRepository will not be configured by default
--- a/charts/argo-workflows/ci/enable-artifact-repo-values.yaml
+++ b/charts/argo-workflows/ci/enable-artifact-repo-values.yaml
@ -0,0 +1,46 @@
 # Test with artifact repository
 crds:
  keep: false
 useStaticCredentials: true
 artifactRepository:
  archiveLogs: false
  s3:
    accessKeySecret:
      name: "{{ .Release.Name }}-minio"
      key: accesskey
    secretKeySecret:
      name: "{{ .Release.Name }}-minio"
      key: secretkey
    insecure: false
    bucket:
    endpoint:
    region:
    roleARN:
    useSDKCreds: true
    encryptionOptions:
      enableEncryption: true
  gcs:
    bucket: project-argo
    keyFormat: "{{ `{{workflow.namespace}}/{{workflow.name}}/{{pod.name}}` }}"
    serviceAccountKeySecret:
      name: my-gcs-credentials
      key: serviceAccountKey
  azure:
    endpoint: https://mystorageaccountname.blob.core.windows.net
    container: my-container-name
    blobNameFormat: path/in/container
    useSDKCreds: true
    accountKeySecret:
      name: my-azure-storage-credentials
      key: account-access-key
 customArtifactRepository:
  artifactory:
    repoUrl: https://artifactory.example.com/raw
    usernameSecret:
      name: artifactory-creds
      key: username
    passwordSecret:
      name: artifactory-creds
      key: password
--- a/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml
+++ b/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml
@ -55,6 +55,7 @@ data:
      securityContext: {{- toYaml . | nindent 8 }}
      {{- end }}
    {{- end }}
    {{- if or .Values.artifactRepository.s3 .Values.artifactRepository.gcs .Values.artifactRepository.azure .Values.customArtifactRepository }}
    artifactRepository:
      {{- if .Values.artifactRepository.archiveLogs }}
      archiveLogs: {{ .Values.artifactRepository.archiveLogs }}
@ -65,7 +66,7 @@ data:
      {{- with .Values.artifactRepository.azure }}
      azure: {{- tpl (toYaml .) $ | nindent 8 }}
      {{- end }}
-      {{- if and  (not .Values.artifactRepository.gcs) (not .Values.artifactRepository.azure) }}
+      {{- if .Values.artifactRepository.s3 }}
      s3:
        {{- if .Values.useStaticCredentials }}
        accessKeySecret:
@ -98,6 +99,7 @@ data:
      {{- if .Values.customArtifactRepository }}
      {{- toYaml .Values.customArtifactRepository | nindent 6 }}
      {{- end }}
    {{- end }}
    {{- if .Values.controller.metricsConfig.enabled }}
    metricsConfig:
      enabled: {{ .Values.controller.metricsConfig.enabled }}
--- a/charts/argo-workflows/templates/server/server-crb.yaml
+++ b/charts/argo-workflows/templates/server/server-crb.yaml
@ -1,4 +1,4 @@
-{{- if and .Values.server.enabled .Values.server.serviceAccount.create .Values.server.rbac.create -}}
+{{- if and .Values.server.enabled .Values.server.rbac.create -}}
 apiVersion: rbac.authorization.k8s.io/v1
 {{- if .Values.singleNamespace }}
 kind: RoleBinding
--- a/charts/argo-workflows/values.yaml
+++ b/charts/argo-workflows/values.yaml
@ -705,17 +705,17 @@ artifactRepository:
  archiveLogs: false
  # -- Store artifact in a S3-compliant object store
  # @default -- See [values.yaml]
-  s3:
+  s3: {}
-    # Note the `key` attribute is not the actual secret, it's the PATH to
+    # # Note the `key` attribute is not the actual secret, it's the PATH to
-    # the contents in the associated secret, as defined by the `name` attribute.
+    # # the contents in the associated secret, as defined by the `name` attribute.
-    accessKeySecret:
+    # accessKeySecret:
-      name: "{{ .Release.Name }}-minio"
+    #   name: "{{ .Release.Name }}-minio"
-      key: accesskey
+    #   key: accesskey
-    secretKeySecret:
+    # secretKeySecret:
-      name: "{{ .Release.Name }}-minio"
+    #   name: "{{ .Release.Name }}-minio"
-      key: secretkey
+    #   key: secretkey
-    # insecure will disable TLS. Primarily used for minio installs not configured with TLS
+    # # insecure will disable TLS. Primarily used for minio installs not configured with TLS
-    insecure: false
+    # insecure: false
    # bucket:
    # endpoint:
    # region: