Merge branch 'main' into chore/notifications-logging

Signed-off-by: Josh Baird <jbaird@galileo.io>

.github/workflows/scorecard.yml

@@ -38,7 +38,7 @@ jobs:
           persist-credentials: false
 
       - name: "Run analysis"
-        uses: ossf/scorecard-action@80e868c13c90f172d68d1f4501dee99e2479f7af # v2.1.3
+        uses: ossf/scorecard-action@08b4669551908b1024bb425080c797723083c031 # v2.2.0
         with:
           results_file: results.sarif
           results_format: sarif

charts/argo-cd/README.md

@@ -1044,7 +1044,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide
 | applicationSet.certificate.privateKey.size | int | `2048` | Key bit size of the private key. If algorithm is set to `Ed25519`, size is ignored. |
 | applicationSet.certificate.renewBefore | string | `""` (defaults to 360h = 15d if not specified) | How long before the expiry a certificate should be renewed. |
 | applicationSet.certificate.secretName | string | `"argocd-application-controller-tls"` | The name of the Secret that will be automatically created and managed by this Certificate resource |
-| applicationSet.containerPorts.metrics | int | `8085` | Metrics container port |
+| applicationSet.containerPorts.metrics | int | `8080` | Metrics container port |
 | applicationSet.containerPorts.probe | int | `8081` | Probe container port |
 | applicationSet.containerPorts.webhook | int | `7000` | Webhook container port |
 | applicationSet.containerSecurityContext | object | See [values.yaml] | ApplicationSet controller container-level security context |
@@ -1075,7 +1075,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide
 | applicationSet.metrics.service.clusterIP | string | `""` | Metrics service clusterIP. `None` makes a "headless service" (no virtual IP) |
 | applicationSet.metrics.service.labels | object | `{}` | Metrics service labels |
 | applicationSet.metrics.service.portName | string | `"http-metrics"` | Metrics service port name |
-| applicationSet.metrics.service.servicePort | int | `8085` | Metrics service port |
+| applicationSet.metrics.service.servicePort | int | `8080` | Metrics service port |
 | applicationSet.metrics.service.type | string | `"ClusterIP"` | Metrics service type |
 | applicationSet.metrics.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels |
 | applicationSet.metrics.serviceMonitor.annotations | object | `{}` | Prometheus ServiceMonitor annotations |

charts/argo-cd/values.yaml

@@ -2433,7 +2433,7 @@ applicationSet:
       # -- Metrics service labels
       labels: {}
       # -- Metrics service port
-      servicePort: 8085
+      servicePort: 8080
       # -- Metrics service port name
       portName: http-metrics
     serviceMonitor:
@@ -2506,7 +2506,7 @@ applicationSet:
   # ApplicationSet controller container ports
   containerPorts:
     # -- Metrics container port
-    metrics: 8085
+    metrics: 8080
     # -- Probe container port
     probe: 8081
     # -- Webhook container port

charts/argo-workflows/Chart.yaml

@@ -3,7 +3,7 @@ appVersion: v3.4.8
 name: argo-workflows
 description: A Helm chart for Argo Workflows
 type: application
-version: 0.29.2
+version: 0.30.0
 icon: https://argoproj.github.io/argo-workflows/assets/logo.png
 home: https://github.com/argoproj/argo-helm
 sources:
@@ -16,5 +16,5 @@ annotations:
     fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252
     url: https://argoproj.github.io/argo-helm/pgp_keys.asc
   artifacthub.io/changes: |
-    - kind: added
-      description: Add support for UI columns configuration
+    - kind: fixed
+      description: artifactRepository will not be configured by default

charts/argo-workflows/ci/enable-artifact-repo-values.yaml

@@ -0,0 +1,46 @@
+# Test with artifact repository
+crds:
+  keep: false
+
+useStaticCredentials: true
+artifactRepository:
+  archiveLogs: false
+  s3:
+    accessKeySecret:
+      name: "{{ .Release.Name }}-minio"
+      key: accesskey
+    secretKeySecret:
+      name: "{{ .Release.Name }}-minio"
+      key: secretkey
+    insecure: false
+    bucket:
+    endpoint:
+    region:
+    roleARN:
+    useSDKCreds: true
+    encryptionOptions:
+      enableEncryption: true
+  gcs:
+    bucket: project-argo
+    keyFormat: "{{ `{{workflow.namespace}}/{{workflow.name}}/{{pod.name}}` }}"
+    serviceAccountKeySecret:
+      name: my-gcs-credentials
+      key: serviceAccountKey
+  azure:
+    endpoint: https://mystorageaccountname.blob.core.windows.net
+    container: my-container-name
+    blobNameFormat: path/in/container
+    useSDKCreds: true
+    accountKeySecret:
+      name: my-azure-storage-credentials
+      key: account-access-key
+
+customArtifactRepository:
+  artifactory:
+    repoUrl: https://artifactory.example.com/raw
+    usernameSecret:
+      name: artifactory-creds
+      key: username
+    passwordSecret:
+      name: artifactory-creds
+      key: password

charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml

@@ -55,6 +55,7 @@ data:
       securityContext: {{- toYaml . | nindent 8 }}
       {{- end }}
     {{- end }}
+    {{- if or .Values.artifactRepository.s3 .Values.artifactRepository.gcs .Values.artifactRepository.azure .Values.customArtifactRepository }}
     artifactRepository:
       {{- if .Values.artifactRepository.archiveLogs }}
       archiveLogs: {{ .Values.artifactRepository.archiveLogs }}
@@ -65,7 +66,7 @@ data:
       {{- with .Values.artifactRepository.azure }}
       azure: {{- tpl (toYaml .) $ | nindent 8 }}
       {{- end }}
-      {{- if and  (not .Values.artifactRepository.gcs) (not .Values.artifactRepository.azure) }}
+      {{- if .Values.artifactRepository.s3 }}
       s3:
         {{- if .Values.useStaticCredentials }}
         accessKeySecret:
@@ -95,8 +96,9 @@ data:
           {{- toYaml . | nindent 10 }}
         {{- end }}
       {{- end }}
-    {{- if .Values.customArtifactRepository }}
-    {{- toYaml .Values.customArtifactRepository | nindent 6 }}
+      {{- if .Values.customArtifactRepository }}
+      {{- toYaml .Values.customArtifactRepository | nindent 6 }}
+      {{- end }}
     {{- end }}
     {{- if .Values.controller.metricsConfig.enabled }}
     metricsConfig:

charts/argo-workflows/templates/server/server-crb.yaml

@@ -1,4 +1,4 @@
-{{- if and .Values.server.enabled .Values.server.serviceAccount.create .Values.server.rbac.create -}}
+{{- if and .Values.server.enabled .Values.server.rbac.create -}}
 apiVersion: rbac.authorization.k8s.io/v1
 {{- if .Values.singleNamespace }}
 kind: RoleBinding

charts/argo-workflows/values.yaml

@@ -705,17 +705,17 @@ artifactRepository:
   archiveLogs: false
   # -- Store artifact in a S3-compliant object store
   # @default -- See [values.yaml]
-  s3:
-    # Note the `key` attribute is not the actual secret, it's the PATH to
-    # the contents in the associated secret, as defined by the `name` attribute.
-    accessKeySecret:
-      name: "{{ .Release.Name }}-minio"
-      key: accesskey
-    secretKeySecret:
-      name: "{{ .Release.Name }}-minio"
-      key: secretkey
-    # insecure will disable TLS. Primarily used for minio installs not configured with TLS
-    insecure: false
+  s3: {}
+    # # Note the `key` attribute is not the actual secret, it's the PATH to
+    # # the contents in the associated secret, as defined by the `name` attribute.
+    # accessKeySecret:
+    #   name: "{{ .Release.Name }}-minio"
+    #   key: accesskey
+    # secretKeySecret:
+    #   name: "{{ .Release.Name }}-minio"
+    #   key: secretkey
+    # # insecure will disable TLS. Primarily used for minio installs not configured with TLS
+    # insecure: false
     # bucket:
     # endpoint:
     # region: