Merge branch 'release-3.5' into cr-24608-sync-upstream-3.5.8

Author: ATGardner

.github/ISSUE_TEMPLATE/config.yml

@@ -4,8 +4,8 @@ contact_links:
   - name: Have you read the docs?
     url: https://argo-workflows.readthedocs.io/en/latest
     about: Much help can be found in the docs
-  - name: Ask a question
-    url: https://github.com/argoproj/argo-workflows/discussions/new
+  - name: Ask a question about Codefresh's Argo Worklfows
+    url: https://github.com/codefresh-io/argo-workflows/discussions/new
     about: Ask a question or start a discussion about workflows
   - name: Chat on Slack
     url: https://argoproj.github.io/community/join-slack

.github/workflows/ci-build.yaml

@@ -7,7 +7,8 @@ on:
       - "!release-2.8"
   pull_request:
     branches:
-      - "main"
+      - "master"
+      - "release-*"
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}

.github/workflows/default-branch-check.yaml

@@ -0,0 +1,18 @@
+name: PR check
+
+on:
+  pull_request:
+    branches:
+      - "release-*"
+
+jobs:
+  test-default-branch:
+    name: base branch is a default branch
+    runs-on: ubuntu-latest
+    steps:
+    - name: fail if base branch is not default branch
+      if: ${{ github.event.pull_request.base.ref != github.event.repository.default_branch }}
+      uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+      with:
+        script: |
+            core.setFailed("Base branch of the PR - ${{ github.event.pull_request.base.ref }} is not a default branch. Please reopen your PR to ${{ github.event.repository.default_branch }}")

.github/workflows/release.yaml

@@ -5,7 +5,8 @@ on:
     tags:
       - v*
     branches:
-      - main
+      - master
+      - release-*
       - dev-*
 
 concurrency:
@@ -20,13 +21,13 @@ permissions:
   contents: read
 
 jobs:
-  build-linux:
+  build-linux-amd64:
     name: Build & push linux
-    if: github.repository == 'argoproj/argo-workflows'
+    if: github.repository == 'codefresh-io/argo-workflows'
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        platform: [ linux/amd64, linux/arm64 ]
+        platform: [ linux/amd64 ]
         target: [ workflow-controller, argocli, argoexec ]
     steps:
       - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
@@ -48,12 +49,6 @@ jobs:
           restore-keys: |
             ${{ runner.os }}-${{ matrix.platform }}-${{ matrix.target }}-buildx-
 
-      - name: Docker Login
-        uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
-        with:
-          username: ${{ secrets.DOCKERIO_USERNAME }}
-          password: ${{ secrets.DOCKERIO_PASSWORD }}
-
       - name: Login to Quay
         uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
         with:
@@ -94,20 +89,15 @@ jobs:
 
   build-windows:
     name: Build & push windows
-    if: github.repository == 'argoproj/argo-workflows'
+    if: github.repository == 'codefresh-io/argo-workflows'
     runs-on: windows-2022
     steps:
       - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
-      - name: Docker Login
-        uses: Azure/docker-login@83efeb77770c98b620c73055fbb59b2847e17dc0 # v1.0.1
-        with:
-          username: ${{ secrets.DOCKERIO_USERNAME }}
-          password: ${{ secrets.DOCKERIO_PASSWORD }}
 
       - name: Login to Quay
         uses: Azure/docker-login@83efeb77770c98b620c73055fbb59b2847e17dc0 # v1.0.1
         with:
-          login-server: quay.io
+          registry: quay.io
           username: ${{ secrets.QUAYIO_USERNAME }}
           password: ${{ secrets.QUAYIO_PASSWORD }}
 
@@ -118,23 +108,16 @@ jobs:
           docker_org=$DOCKERIO_ORG
 
           tag=$(basename $GITHUB_REF)
-          if [ $tag = "main" ]; then
+          if [ $tag = "master" ]; then
             tag="latest"
           fi
 
           targets="argoexec"
           for target in $targets; do
             image_name="${docker_org}/${target}:${tag}-windows"
-            docker build \
-              --build-arg GIT_COMMIT=$tag \
-              --build-arg GIT_BRANCH=$branch \
-              --build-arg GIT_TREE_STATE=$tree_state \
-              --target $target \
-              -t $image_name \
-              -f Dockerfile.windows \
-              .
-
-            docker push $image_name
+            docker build --target $target -t $image_name -f Dockerfile.windows .
+            ## Codefresh - remove dockerhub
+            # docker push $image_name
 
             docker tag $image_name quay.io/$image_name
             docker push quay.io/$image_name
@@ -143,41 +126,29 @@ jobs:
 
   push-images:
     name: Push manifest with all images
-    if: github.repository == 'argoproj/argo-workflows'
+    if: github.repository == 'codefresh-io/argo-workflows'
     runs-on: ubuntu-latest
-    needs: [ build-linux, build-windows ]
+    needs: [ build-linux-amd64, build-linux-arm64, build-windows ]
     steps:
       - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
-      - name: Docker Login
-        uses: Azure/docker-login@83efeb77770c98b620c73055fbb59b2847e17dc0 # v1.0.1
-        with:
-          username: ${{ secrets.DOCKERIO_USERNAME }}
-          password: ${{ secrets.DOCKERIO_PASSWORD }}
 
       - name: Login to Quay
         uses: Azure/docker-login@83efeb77770c98b620c73055fbb59b2847e17dc0 # v1.0.1
         with:
-          login-server: quay.io
+          registry: quay.io
           username: ${{ secrets.QUAYIO_USERNAME }}
           password: ${{ secrets.QUAYIO_PASSWORD }}
 
-      - name: Install cosign
-        uses: sigstore/cosign-installer@e1523de7571e31dbe865fd2e80c5c7c23ae71eb4 # v3.4.0
-        with:
-          cosign-release: 'v2.2.3'
-
       - name: Push Multiarch Image
         env:
           DOCKERIO_ORG: ${{ secrets.DOCKERIO_ORG }}
-          COSIGN_PRIVATE_KEY: ${{secrets.COSIGN_PRIVATE_KEY}}
-          COSIGN_PASSWORD: ${{secrets.COSIGN_PASSWORD}}
         run: |
           echo $(jq -c '. + { "experimental": "enabled" }' ${DOCKER_CONFIG}/config.json) > ${DOCKER_CONFIG}/config.json
 
           docker_org=$DOCKERIO_ORG
 
           tag=$(basename $GITHUB_REF)
-          if [ $tag = "main" ]; then
+          if [ $tag = "master" ]; then
             tag="latest"
           fi
 
@@ -186,36 +157,30 @@ jobs:
             image_name="${docker_org}/${target}:${tag}"
 
             if [ $target = "argoexec" ]; then
-              docker manifest create $image_name ${image_name}-linux-arm64 ${image_name}-linux-amd64 ${image_name}-windows
+              ## Codefresh - remove dockerhub
+              # docker manifest create $image_name ${image_name}-linux-arm64 ${image_name}-linux-amd64 ${image_name}-windows
               docker manifest create quay.io/$image_name quay.io/${image_name}-linux-arm64 quay.io/${image_name}-linux-amd64 quay.io/${image_name}-windows
             else
-              docker manifest create $image_name ${image_name}-linux-arm64 ${image_name}-linux-amd64
+              ## Codefresh - remove dockerhub
+              # docker manifest create $image_name ${image_name}-linux-arm64 ${image_name}-linux-amd64
               docker manifest create quay.io/$image_name quay.io/${image_name}-linux-arm64 quay.io/${image_name}-linux-amd64
             fi
 
-            docker manifest push $image_name
+            ## Codefresh - remove dockerhub
+            # docker manifest push $image_name
             docker manifest push quay.io/$image_name
-
-            cosign sign -y --key env://COSIGN_PRIVATE_KEY quay.io/$image_name
-
           done
 
   test-images-linux-amd64:
     name: Try pulling linux/amd64
-    if: github.repository == 'argoproj/argo-workflows'
+    if: github.repository == 'codefresh-io/argo-workflows'
     runs-on: ubuntu-latest
     needs: [ push-images ]
     strategy:
       matrix:
         platform: [ linux/amd64 ]
         target: [ workflow-controller, argocli, argoexec ]
     steps:
-      - name: Docker Login
-        uses: Azure/docker-login@83efeb77770c98b620c73055fbb59b2847e17dc0 # v1.0.1
-        with:
-          username: ${{ secrets.DOCKERIO_USERNAME }}
-          password: ${{ secrets.DOCKERIO_PASSWORD }}
-
       - name: Login to Quay
         uses: Azure/docker-login@83efeb77770c98b620c73055fbb59b2847e17dc0 # v1.0.1
         with:
@@ -230,26 +195,19 @@ jobs:
           TARGET: ${{ matrix.target }}
         run: |
           tag=$(basename $GITHUB_REF)
-          if [ $tag = "main" ]; then
+          if [ $tag = "master" ]; then
             tag="latest"
           fi
 
           image_name="${DOCKERIO_ORG}/${TARGET}:${tag}"
-          docker pull $image_name
           docker pull quay.io/$image_name
 
   test-images-windows:
     name: Try pulling windows
-    if: github.repository == 'argoproj/argo-workflows'
+    if: github.repository == 'codefresh-io/argo-workflows'
     runs-on: windows-2022
     needs: [ push-images ]
     steps:
-      - name: Docker Login
-        uses: Azure/docker-login@83efeb77770c98b620c73055fbb59b2847e17dc0 # v1.0.1
-        with:
-          username: ${{ secrets.DOCKERIO_USERNAME }}
-          password: ${{ secrets.DOCKERIO_PASSWORD }}
-
       - name: Login to Quay
         uses: Azure/docker-login@83efeb77770c98b620c73055fbb59b2847e17dc0 # v1.0.1
         with:
@@ -262,27 +220,24 @@ jobs:
         run: |
           docker_org=$DOCKERIO_ORG
           tag=$(basename $GITHUB_REF)
-          if [ $tag = "main" ]; then
+          if [ $tag = "master" ]; then
             tag="latest"
           fi
 
           targets="argoexec"
           for target in $targets; do
             image_name="${docker_org}/${target}:${tag}"
-            docker pull $image_name
             docker pull quay.io/$image_name
           done
 
   publish-release:
     permissions:
       contents: write  # for softprops/action-gh-release to create GitHub release
     runs-on: ubuntu-latest
-    if: github.repository == 'argoproj/argo-workflows'
+    if: github.repository == 'codefresh-io/argo-workflows'
     needs: [ push-images, test-images-linux-amd64, test-images-windows ]
     env:
       NODE_OPTIONS: --max-old-space-size=4096
-      COSIGN_PRIVATE_KEY: ${{secrets.COSIGN_PRIVATE_KEY}}
-      COSIGN_PASSWORD: ${{secrets.COSIGN_PASSWORD}}
     steps:
       - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
       - uses: actions/setup-node@b39b52d1213e96004bfcb1c61a8a6fa8ab84f3e8 # v4.0.1
@@ -296,45 +251,28 @@ jobs:
         with:
           path: ui/node_modules
           key: ${{ runner.os }}-node-dep-v1-${{ hashFiles('**/yarn.lock') }}
-      - name: Install cosign
-        uses: sigstore/cosign-installer@e1523de7571e31dbe865fd2e80c5c7c23ae71eb4 # v3.4.0
+      - name: go build cache
+        uses: actions/cache@e12d46a63a90f2fae62d114769bbf2a179198b5c # v3.3.3
+        with:
+          path: /home/runner/.cache/go-build
+          key: GOCACHE-v2-${{ hashFiles('**/go.mod') }}
+      - name: go mod cache
+        uses: actions/cache@e12d46a63a90f2fae62d114769bbf2a179198b5c # v3.3.3
         with:
-          cosign-release: 'v2.2.3'
+          path: /home/runner/go/pkg/mod
+          key: GOMODCACHE-v2-${{ hashFiles('**/go.mod') }}
       # https://stackoverflow.com/questions/58033366/how-to-get-current-branch-within-github-actions
-      - run: |
-          if [ ${GITHUB_REF##*/} = main ]; then
-           echo "VERSION=latest" >> $GITHUB_ENV
-          else
-            echo "VERSION=${GITHUB_REF##*/}" >> $GITHUB_ENV
-          fi
-      - run: go install sigs.k8s.io/bom/cmd/[email protected]
-      - run: go install github.com/spdx/spdx-sbom-generator/cmd/[email protected]
-      - run: mkdir -p dist
-      - run: generator -o dist -p .
-      - run: yarn --cwd ui install
-      - run: generator -o dist -p ui
-      - run: bom generate --image quay.io/argoproj/workflow-controller:$VERSION -o dist/workflow-controller.spdx
-      - run: bom generate --image quay.io/argoproj/argocli:$VERSION -o dist/argocli.spdx
-      - run: bom generate --image quay.io/argoproj/argoexec:$VERSION -o dist/argoexec.spdx
-      # pack the boms into one file to make it easy to download
-      - run: tar -zcf dist/sbom.tar.gz dist/*.spdx
-      - run: make release-notes VERSION=$VERSION
+      - run: make release-notes VERSION=${GITHUB_REF##*/}
       - run: cat release-notes
-      - run: make manifests VERSION=$VERSION
+      - run: make manifests VERSION=${GITHUB_REF##*/}
       - name: Print image tag (please check it is not `:latest`)
         run: |
           grep image: dist/manifests/install.yaml
       - run: go mod download
-      - run: make clis STATIC_FILES=true VERSION=$VERSION
+      - run: make clis STATIC_FILES=true VERSION=${GITHUB_REF##*/}
       - name: Print version (please check it is not dirty)
         run: dist/argo-linux-amd64 version
       - run: make checksums
-      - name: Sign checksums and create public key for release assets
-        run: |
-          cosign sign-blob -y --key env://COSIGN_PRIVATE_KEY ./dist/argo-workflows-cli-checksums.txt > ./dist/argo-workflows-cli-checksums.sig
-          # Retrieves the public key to release as an asset
-          cosign public-key --key env://COSIGN_PRIVATE_KEY > ./dist/argo-workflows-cosign.pub
-
       # https://github.com/softprops/action-gh-release
       # This will publish the release and upload assets.
       # If a conflict occurs (because you are not on a tag), the release will not be updated. This is a short coming
@@ -347,10 +285,8 @@ jobs:
           body_path: release-notes
           files: |
             dist/argo-*.gz
-            dist/argo-workflows-cli-checksums.txt
-            dist/argo-workflows-cli-checksums.sig
+            dist/argo-*.gz.sha256
             dist/manifests/*.yaml
-            dist/argo-workflows-cosign.pub
             dist/sbom.tar.gz
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

README.md

@@ -149,9 +149,9 @@ Participation in Argo Workflows is governed by the [CNCF Code of Conduct](https:
 
 ## Project Resources
 
-* [Argo Project GitHub organization](https://github.com/argoproj)
-* [Argo Website](https://argoproj.github.io/)
-* [Argo Slack](https://argoproj.github.io/community/join-slack)
+* Codefresh Argo GitHub:  https://github.com/codefresh-io
+* Argo Website: https://argoproj.github.io/
+* Argo Slack:   [click here to join](https://argoproj.github.io/community/join-slack)
 
 ## Security