From 15ade97f88757218ec3ec1f7add96f2526179edd Mon Sep 17 00:00:00 2001 From: Jason Meridth Date: Sat, 6 May 2023 05:17:19 -0500 Subject: [PATCH 01/11] chore(github): Add deps pr title scope for dependabot PRs (#2013) Signed-off-by: jmeridth --- .github/workflows/pr-title.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/pr-title.yml b/.github/workflows/pr-title.yml index a636b08b..f7281443 100644 --- a/.github/workflows/pr-title.yml +++ b/.github/workflows/pr-title.yml @@ -31,6 +31,7 @@ jobs: argo-workflows argocd-image-updater argocd-apps + deps github # Configure that a scope must always be provided. requireScope: true From 2762902b1fc4d3217db257db146ca4d9e99acbe9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 6 May 2023 19:23:23 +0900 Subject: [PATCH 02/11] chore(deps): bump actions/upload-artifact from 3.1.0 to 3.1.2 (#2012) Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 3.1.0 to 3.1.2. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/3cea5372237819ed00197afe530f5a7ea3e805c8...0b7f8abb1508181956e8e162db84b466c27e18ce) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index c5ec1159..2ab79857 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -59,7 +59,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # v3.1.0 + uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 with: name: SARIF file path: results.sarif From 0b965f93572534ae8cf1d8f6f540a62673dc34d2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 6 May 2023 19:27:47 +0900 Subject: [PATCH 03/11] chore(deps): bump ossf/scorecard-action from 2.1.2 to 2.1.3 (#2011) Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.1.2 to 2.1.3. - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](https://github.com/ossf/scorecard-action/compare/e38b1902ae4f44df626f11ba0734b14fb91f8f86...80e868c13c90f172d68d1f4501dee99e2479f7af) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Aikawa --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 2ab79857..99fb2945 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -37,7 +37,7 @@ jobs: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@e38b1902ae4f44df626f11ba0734b14fb91f8f86 # v2.1.2 + uses: ossf/scorecard-action@80e868c13c90f172d68d1f4501dee99e2479f7af # v2.1.3 with: results_file: results.sarif results_format: sarif From 6cf01708d36fe7d7bf997a2f77425763bceaf31d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 6 May 2023 19:35:03 +0900 Subject: [PATCH 04/11] chore(deps): bump github/codeql-action from 2.2.4 to 2.3.3 (#2010) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.2.4 to 2.3.3. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/17573ee1cc1b9d061760f3a006fc4aac4f944fd5...29b1f65c5e92e24fe6b6647da1eaabe529cec70f) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Aikawa --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 99fb2945..66e1d5ee 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -67,6 +67,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@17573ee1cc1b9d061760f3a006fc4aac4f944fd5 # v2.2.4 + uses: github/codeql-action/upload-sarif@29b1f65c5e92e24fe6b6647da1eaabe529cec70f # v2.3.3 with: sarif_file: results.sarif From 430aaea83c06e08e88c7d479d02252822fcf5520 Mon Sep 17 00:00:00 2001 From: Cyril Jouve Date: Sat, 6 May 2023 13:18:22 +0200 Subject: [PATCH 05/11] feat(argo-events): allow extraObjects to contain string template (#1994) [argo-event] allow extraObjects to contain string template Signed-off-by: Cyril Jouve Co-authored-by: Jason Meridth --- charts/argo-events/Chart.yaml | 6 +++--- charts/argo-events/templates/extra-manifests.yaml | 6 +++++- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/charts/argo-events/Chart.yaml b/charts/argo-events/Chart.yaml index a9f379e7..2adfec2b 100644 --- a/charts/argo-events/Chart.yaml +++ b/charts/argo-events/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v1.7.6 description: A Helm chart for Argo Events, the event-driven workflow automation framework name: argo-events -version: 2.2.0 +version: 2.3.0 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-events/assets/logo.png keywords: @@ -15,5 +15,5 @@ maintainers: url: https://argoproj.github.io/ annotations: artifacthub.io/changes: | - - kind: fixed - description: add namespace field for namespace scoped resources + - kind: added + description: Allow extraObjects to contain string templates diff --git a/charts/argo-events/templates/extra-manifests.yaml b/charts/argo-events/templates/extra-manifests.yaml index a9bb3b6b..f17b1a93 100644 --- a/charts/argo-events/templates/extra-manifests.yaml +++ b/charts/argo-events/templates/extra-manifests.yaml @@ -1,4 +1,8 @@ {{ range .Values.extraObjects }} --- -{{ tpl (toYaml .) $ }} +{{- if typeIs "string" . }} + {{- tpl . $ }} +{{- else }} + {{- tpl (toYaml .) $ }} +{{- end }} {{ end }} From 80d5a6a65d309385a442a5d523f7a5d023390f32 Mon Sep 17 00:00:00 2001 From: Cyril Jouve Date: Sat, 6 May 2023 13:31:50 +0200 Subject: [PATCH 06/11] feat(argo-rollouts): allow extraObjects to contain string template (#1996) [argo-event] allow extraObjects to contain string template Signed-off-by: Cyril Jouve Co-authored-by: Jason Meridth Co-authored-by: Aikawa --- charts/argo-rollouts/Chart.yaml | 4 ++-- charts/argo-rollouts/templates/extra-manifests.yaml | 6 +++++- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index bb95a986..46ca6ba7 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v1.4.1 description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 2.26.1 +version: 2.27.0 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-rollouts/assets/logo.png keywords: @@ -16,4 +16,4 @@ maintainers: annotations: artifacthub.io/changes: | - kind: added - description: Missing permissions to leases under coordination api group + description: Allow extraObjects to contain string templates diff --git a/charts/argo-rollouts/templates/extra-manifests.yaml b/charts/argo-rollouts/templates/extra-manifests.yaml index a9bb3b6b..f17b1a93 100644 --- a/charts/argo-rollouts/templates/extra-manifests.yaml +++ b/charts/argo-rollouts/templates/extra-manifests.yaml @@ -1,4 +1,8 @@ {{ range .Values.extraObjects }} --- -{{ tpl (toYaml .) $ }} +{{- if typeIs "string" . }} + {{- tpl . $ }} +{{- else }} + {{- tpl (toYaml .) $ }} +{{- end }} {{ end }} From f40c1d81ca379f93ca19726639444a94a07c8e7d Mon Sep 17 00:00:00 2001 From: Jason Meridth Date: Sat, 6 May 2023 08:18:37 -0500 Subject: [PATCH 07/11] fix(github): fix error in codeowners file and update README about security (#2015) This is a follow-up of #2006. We cleared out users who have not contributed in the last year and moved them to EMERITUS.md We also created SECURITY.md Signed-off-by: jmeridth --- CODEOWNERS | 2 +- README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/CODEOWNERS b/CODEOWNERS index bd5df3d0..9b0a95c5 100644 --- a/CODEOWNERS +++ b/CODEOWNERS @@ -2,7 +2,7 @@ * @mkilchhofer @jmeridth # Argo Workflows -/charts/argo-workflows/ @vladlosev @yann-soubeyrand @jmeridth @yu-croco +/charts/argo-workflows/ @vladlosev @jmeridth @yu-croco # Argo CD /charts/argo-cd/ @mbevc1 @mkilchhofer @yu-croco @jmeridth @pdrastil diff --git a/README.md b/README.md index e8544439..b29bb3d1 100644 --- a/README.md +++ b/README.md @@ -36,7 +36,7 @@ kubectl apply -k "https://github.com/argoproj/argo-cd/manifests/crds?ref=v2.4.9" ### Security Policy -If you have a security concern relating to either this project repo or an individual helm chart, please [open an issue](https://github.com/argoproj/argo-helm/issues/new/choose) or [start a discussion](https://github.com/argoproj/argo-helm/discussions/new). +Please refer to [SECURITY.md](SECURITY.md) for details on how to report security issues. ### Changelog From 5cff9158985f9daa8eb7f00719bba532d0e4aea6 Mon Sep 17 00:00:00 2001 From: Jason Meridth Date: Sat, 6 May 2023 11:20:18 -0500 Subject: [PATCH 08/11] fix(argo-workflows): change chart icon to match other charts (#2018) fix(argo-workflows): change chart image to match other charts This will make the charts all look nice when you go to https://artifacthub.io/packages/search?repo=argo&sort=relevance&page=1 Signed-off-by: jmeridth --- charts/argo-workflows/Chart.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index 443bffb7..3eb787b8 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,8 +3,8 @@ appVersion: v3.4.7 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.26.0 -icon: https://raw.githubusercontent.com/argoproj/argo-workflows/master/docs/assets/argo.png +version: 0.26.1 +icon: https://argoproj.github.io/argo-workflows/assets/logo.png home: https://github.com/argoproj/argo-helm sources: - https://github.com/argoproj/argo-workflows @@ -13,5 +13,5 @@ maintainers: url: https://argoproj.github.io/ annotations: artifacthub.io/changes: | - - kind: fix - description: Drop .Values.useDefaultArtifactRepo flag to simplify usage + - kind: chore + description: Update Chart icon From 2a480226c43b3656a15b4a9691d76f791903c385 Mon Sep 17 00:00:00 2001 From: Jason Meridth Date: Sun, 7 May 2023 09:18:39 -0500 Subject: [PATCH 09/11] chore(argo-events): Update chart icon to standard image (#2020) This will make the charts all look nice when you go to https://artifacthub.io/packages/search?repo=argo&sort=relevance&page=1 Signed-off-by: jmeridth --- charts/argo-events/Chart.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/argo-events/Chart.yaml b/charts/argo-events/Chart.yaml index 2adfec2b..b763af57 100644 --- a/charts/argo-events/Chart.yaml +++ b/charts/argo-events/Chart.yaml @@ -2,9 +2,9 @@ apiVersion: v2 appVersion: v1.7.6 description: A Helm chart for Argo Events, the event-driven workflow automation framework name: argo-events -version: 2.3.0 +version: 2.3.1 home: https://github.com/argoproj/argo-helm -icon: https://argoproj.github.io/argo-events/assets/logo.png +icon: https://avatars.githubusercontent.com/u/30269780?s=200&v=4 keywords: - argoproj - argo-events @@ -15,5 +15,5 @@ maintainers: url: https://argoproj.github.io/ annotations: artifacthub.io/changes: | - - kind: added - description: Allow extraObjects to contain string templates + - kind: chore + description: Update chart icon From ebae3d2462f754fac64bde0d88901c3451ae84dd Mon Sep 17 00:00:00 2001 From: Marco Kilchhofer Date: Sun, 7 May 2023 16:57:01 +0200 Subject: [PATCH 10/11] chore(deps): Pin all workflow deps (#2021) --- .github/workflows/lint-and-test.yml | 10 +++++----- .github/workflows/pr-sizing.yml | 4 ++-- .github/workflows/pr-title.yml | 2 +- .github/workflows/publish.yml | 6 +++--- .github/workflows/stale.yml | 2 +- 5 files changed, 12 insertions(+), 12 deletions(-) diff --git a/.github/workflows/lint-and-test.yml b/.github/workflows/lint-and-test.yml index 97684b86..1f75294a 100644 --- a/.github/workflows/lint-and-test.yml +++ b/.github/workflows/lint-and-test.yml @@ -10,23 +10,23 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 with: fetch-depth: 0 - name: Set up Helm - uses: azure/setup-helm@v3 + uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3.5 with: version: v3.10.1 # Also update in publish.yaml - name: Set up python - uses: actions/setup-python@v4 + uses: actions/setup-python@57ded4d7d5e986d7296eab16560982c6dd7c923b # v4.6.0 with: python-version: 3.9 - name: Setup Chart Linting id: lint - uses: helm/chart-testing-action@v2.4.0 + uses: helm/chart-testing-action@e8788873172cb653a90ca2e819d79d65a66d4e76 # v2.4.0 with: # Note: Also update in scripts/lint.sh version: v3.7.1 @@ -58,7 +58,7 @@ jobs: fi - name: Create kind cluster - uses: helm/kind-action@v1.5.0 + uses: helm/kind-action@d8ccf8fb623ce1bb360ae2f45f323d9d5c5e9f00 # v1.5.0 if: steps.list-changed.outputs.changed == 'true' with: config: .github/configs/kind-config.yaml diff --git a/.github/workflows/pr-sizing.yml b/.github/workflows/pr-sizing.yml index bcdfc440..fa9c4c97 100644 --- a/.github/workflows/pr-sizing.yml +++ b/.github/workflows/pr-sizing.yml @@ -12,7 +12,7 @@ jobs: triage: runs-on: ubuntu-latest steps: - - uses: actions/labeler@v4 + - uses: actions/labeler@ba790c862c380240c6d5e7427be5ace9a05c754b # v4.0.3 with: configuration-path: ".github/configs/labeler.yaml" repo-token: "${{ secrets.GITHUB_TOKEN }}" @@ -22,6 +22,6 @@ jobs: runs-on: ubuntu-latest steps: - name: size-label - uses: "pascalgn/size-label-action@v0.4.3" + uses: "pascalgn/size-label-action@1619680c5ac1ef360b944bb56a57587ba4aa2af8 # v0.4.3" env: GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" diff --git a/.github/workflows/pr-title.yml b/.github/workflows/pr-title.yml index f7281443..2d45de12 100644 --- a/.github/workflows/pr-title.yml +++ b/.github/workflows/pr-title.yml @@ -19,7 +19,7 @@ jobs: name: Validate PR title runs-on: ubuntu-latest steps: - - uses: amannn/action-semantic-pull-request@v5 + - uses: amannn/action-semantic-pull-request@c3cd5d1ea3580753008872425915e343e351ab54 # v5.2.0 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index cb56596b..e104fde2 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -15,12 +15,12 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 with: fetch-depth: 0 - name: Install Helm - uses: azure/setup-helm@v3 + uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3.5 with: version: v3.10.1 # Also update in lint-and-test.yaml @@ -39,7 +39,7 @@ jobs: git checkout origin/gh-pages index.yaml - name: Run chart-releaser - uses: helm/chart-releaser-action@v1.5.0 + uses: helm/chart-releaser-action@be16258da8010256c6e82849661221415f031968 # v1.5.0 with: config: "./.github/configs/cr.yaml" env: diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index 9b4053bb..b0356dc7 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -14,7 +14,7 @@ jobs: pull-requests: write # for actions/stale to close stale PRs runs-on: ubuntu-latest steps: - - uses: actions/stale@v8 + - uses: actions/stale@1160a2240286f5da8ec72b1c0816ce2481aabf84 # v8.0.0 with: repo-token: ${{ secrets.GITHUB_TOKEN }} # Number of days of inactivity before an issue becomes stale From a99b021f153c793a2f0b66eff483c756a41cfa39 Mon Sep 17 00:00:00 2001 From: Marco Kilchhofer Date: Mon, 8 May 2023 02:39:28 +0200 Subject: [PATCH 11/11] fix(github): Remove quotes in `uses` statement (#2022) Signed-off-by: Marco Kilchhofer --- .github/workflows/pr-sizing.yml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/.github/workflows/pr-sizing.yml b/.github/workflows/pr-sizing.yml index fa9c4c97..f75d7f82 100644 --- a/.github/workflows/pr-sizing.yml +++ b/.github/workflows/pr-sizing.yml @@ -1,8 +1,12 @@ ## Reference: https://github.com/pascalgn/size-label-action name: 'PR Labeling' + on: pull_request_target: - types: [opened, synchronize, reopened] + types: + - opened + - synchronize + - reopened permissions: contents: read @@ -21,7 +25,6 @@ jobs: size-label: runs-on: ubuntu-latest steps: - - name: size-label - uses: "pascalgn/size-label-action@1619680c5ac1ef360b944bb56a57587ba4aa2af8 # v0.4.3" + - uses: pascalgn/size-label-action@1619680c5ac1ef360b944bb56a57587ba4aa2af8 # v0.4.3 env: GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"