Merge branch 'main' into derektbrown_rollout_config_restart_3118

.github/workflows/renovate.yaml

@@ -26,7 +26,7 @@ jobs:
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Self-hosted Renovate
-        uses: renovatebot/github-action@f24426972367551f3391720e34317783a92fd32b # v41.0.8
+        uses: renovatebot/github-action@3f10d7a25cf0aa7b37519aa771ed9143fcbb5da5 # v41.0.10
         with:
           configurationFile: .github/configs/renovate-config.js
           # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate

.github/workflows/scorecard.yml

@@ -60,7 +60,7 @@ jobs:
       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
       # format to the repository Actions tab.
       - name: "Upload artifact"
-        uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
+        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
         with:
           name: SARIF file
           path: results.sarif
@@ -68,6 +68,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0
+        uses: github/codeql-action/upload-sarif@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1
         with:
           sarif_file: results.sarif

charts/argo-cd/Chart.yaml

@@ -3,7 +3,7 @@ appVersion: v2.13.3
 kubeVersion: ">=1.25.0-0"
 description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes.
 name: argo-cd
-version: 7.7.14
+version: 7.7.17
 home: https://github.com/argoproj/argo-helm
 icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png
 sources:
@@ -26,5 +26,5 @@ annotations:
     fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252
     url: https://argoproj.github.io/argo-helm/pgp_keys.asc
   artifacthub.io/changes: |
-    - kind: added
+    - kind: fixed
-      description: Added `tpl` function support for `server.ingress`.
+      description: Address ingress regression of PR #3081, use toString before tpl function

charts/argo-cd/README.md

@@ -191,7 +191,7 @@ server:
       alb.ingress.kubernetes.io/scheme: internal
       alb.ingress.kubernetes.io/target-type: ip
       alb.ingress.kubernetes.io/backend-protocol: HTTP
-      alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":80}, {"HTTPS":443}]'
+      alb.ingress.kubernetes.io/listen-ports: '[{"HTTP":80}, {"HTTPS":443}]'
       alb.ingress.kubernetes.io/ssl-redirect: '443'
     aws:
       serviceType: ClusterIP # <- Used with target-type: ip
@@ -789,6 +789,7 @@ NAME: my-release
 | configs.styles | string | `""` (See [values.yaml]) | Define custom [CSS styles] for your argo instance. This setting will automatically mount the provided CSS and reference it in the argo configuration. |
 | configs.tls.annotations | object | `{}` | Annotations to be added to argocd-tls-certs-cm configmap |
 | configs.tls.certificates | object | `{}` (See [values.yaml]) | TLS certificates for Git repositories |
+| configs.tls.create | bool | `true` | Specifies if the argocd-tls-certs-cm configmap should be created by Helm. |
 
 ## Argo CD Controller
 

charts/argo-cd/README.md.gotmpl

@@ -190,7 +190,7 @@ server:
       alb.ingress.kubernetes.io/scheme: internal
       alb.ingress.kubernetes.io/target-type: ip
       alb.ingress.kubernetes.io/backend-protocol: HTTP
-      alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":80}, {"HTTPS":443}]'
+      alb.ingress.kubernetes.io/listen-ports: '[{"HTTP":80}, {"HTTPS":443}]'
       alb.ingress.kubernetes.io/ssl-redirect: '443'
     aws:
       serviceType: ClusterIP # <- Used with target-type: ip

charts/argo-cd/templates/argocd-configs/argocd-tls-certs-cm.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.configs.tls.create }}
 apiVersion: v1
 kind: ConfigMap
 metadata:
@@ -15,3 +16,4 @@ metadata:
 data:
   {{- toYaml . | nindent 2 }}
 {{- end }}
+{{- end }}

charts/argo-cd/templates/argocd-server/ingress.yaml

@@ -14,7 +14,7 @@ metadata:
   {{- with .Values.server.ingress.annotations }}
   annotations:
     {{- range $key, $value := . }}
-    {{ $key }}: {{ tpl $value $ | quote }}
+    {{ $key }}: {{ tpl (toString $value) $ | quote }}
     {{- end }}
   {{- end }}
 spec:

charts/argo-cd/values.yaml

@@ -412,6 +412,9 @@ configs:
       #   ...
       #   -----END CERTIFICATE-----
 
+    # -- Specifies if the argocd-tls-certs-cm configmap should be created by Helm.
+    create: true
+
   # ConfigMap for Config Management Plugins
   # Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/config-management-plugins/
   cmp:

charts/argo-events/Chart.yaml

@@ -1,8 +1,8 @@
 apiVersion: v2
-appVersion: v1.9.4
+appVersion: v1.9.5
 description: A Helm chart for Argo Events, the event-driven workflow automation framework
 name: argo-events
-version: 2.4.12
+version: 2.4.13
 home: https://github.com/argoproj/argo-helm
 icon: https://avatars.githubusercontent.com/u/30269780?s=200&v=4
 keywords:
@@ -19,4 +19,4 @@ annotations:
     url: https://argoproj.github.io/argo-helm/pgp_keys.asc
   artifacthub.io/changes: |
     - kind: changed
-      description: Bump argo-events to v1.9.4
+      description: Bump argo-events to v1.9.5

charts/argo-workflows/Chart.yaml

@@ -3,7 +3,7 @@ appVersion: v3.6.2
 name: argo-workflows
 description: A Helm chart for Argo Workflows
 type: application
-version: 0.45.3
+version: 0.45.4
 icon: https://argo-workflows.readthedocs.io/en/stable/assets/logo.png
 home: https://github.com/argoproj/argo-helm
 sources:
@@ -17,4 +17,4 @@ annotations:
     url: https://argoproj.github.io/argo-helm/pgp_keys.asc
   artifacthub.io/changes: |
     - kind: added
-      description: Support ephemeral credentials for s3 artifact repository
+      description: Support configuring workflow events in the controller

charts/argo-workflows/README.md

@@ -239,6 +239,7 @@ Fields to note:
 | controller.volumeMounts | list | `[]` | Additional volume mounts to the controller main container |
 | controller.volumes | list | `[]` | Additional volumes to the controller pod |
 | controller.workflowDefaults | object | `{}` | Default values that will apply to all Workflows from this controller, unless overridden on the Workflow-level. Only valid for 2.7+ |
+| controller.workflowEvents.enabled | bool | `true` | Enable to emit events on workflow status changes. |
 | controller.workflowNamespaces | list | `["default"]` | Specify all namespaces where this workflow controller instance will manage workflows. This controls where the service account and RBAC resources will be created. Only valid when singleNamespace is false. |
 | controller.workflowRestrictions | object | `{}` | Restricts the Workflows that the controller will process. Only valid for 2.9+ |
 | controller.workflowTTLWorkers | string | `nil` | Number of workflow TTL workers |

charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml

@@ -200,6 +200,8 @@ data:
     {{- end }}
     nodeEvents:
       enabled: {{ .Values.controller.nodeEvents.enabled }}
+    workflowEvents:
+      enabled: {{ .Values.controller.workflowEvents.enabled }}
     {{- with .Values.controller.kubeConfig }}
     kubeConfig: {{- toYaml . | nindent 6 }}
     {{- end }}

charts/argo-workflows/values.yaml

@@ -402,6 +402,12 @@ controller:
     ## "Unable to create audit event: etcdserver: mvcc: database space exceeded"
     enabled: true
 
+  workflowEvents:
+    # -- Enable to emit events on workflow status changes.
+    ## This can take up a lot of space in k8s (typically etcd), resulting in errors when trying to create new events:
+    ## "Unable to create audit event: etcdserver: mvcc: database space exceeded"
+    enabled: true
+
   # -- Configure when workflow controller runs in a different k8s cluster with the workflow workloads,
   # or needs to communicate with the k8s apiserver using an out-of-cluster kubeconfig secret.
   # @default -- `{}` (See [values.yaml])