* build: add build-args for git-commit etc
Add the ability to specify `GIT_TAG`, `GIT_COMMIT`, `BUILD_DATE` and
`GIT_TREE_STATE` as optional build-args. As well as resolving #13683
(which was caused by #12620), this has the bonus of making the
`docker build` slightly more deterministic (since we now have the
ability to specify the same inputs into the docker build which was
hitherto computed on every `docker build`).
Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com>
* Update .github/workflows/image-reuse.yaml
Co-authored-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com>
---------
Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com>
Co-authored-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* Add additonal field to set Extra Build Information while building argocd by vendors
Signed-off-by: ishitasequeira <ishiseq29@gmail.com>
* Include spaces in extra build info
Signed-off-by: ishitasequeira <ishiseq29@gmail.com>
* Address comments
Signed-off-by: ishitasequeira <ishiseq29@gmail.com>
---------
Signed-off-by: ishitasequeira <ishiseq29@gmail.com>
* Add support for apple sillicon build machines
When building the docker image on my M1 laptop, I noticed the produced builds are not usable in our Kubernetes cluster (running on x86 nodes).
By passing the DOCKER_PLATFORM build argument to `docker build` I am able to overcome this and build x86 images locally.
Signed-off-by: Alex Eftimie <alex.eftimie@getyourguide.com>
* Hardcode platform in dev build (same as we hardcode GOOS and GOARCH)
Signed-off-by: Alex Eftimie <alex.eftimie@getyourguide.com>
* Drop platform from build-ui target
It is only used to produce app/dist, not relevant
Signed-off-by: Alex Eftimie <alex.eftimie@getyourguide.com>
Signed-off-by: Alex Eftimie <alex.eftimie@getyourguide.com>
* chore: generate Snyk reports
Signed-off-by: Michael Crenshaw <michael@crenshaw.dev>
sarif
Signed-off-by: Michael Crenshaw <michael@crenshaw.dev>
dashboard
Signed-off-by: Michael Crenshaw <michael@crenshaw.dev>
cron job
Signed-off-by: Michael Crenshaw <michael@crenshaw.dev>
more consistent formatting
Signed-off-by: Michael Crenshaw <michael@crenshaw.dev>
clarification
Signed-off-by: Michael Crenshaw <michael@crenshaw.dev>
sarif files
Signed-off-by: Michael Crenshaw <michael@crenshaw.dev>
fix naming, fix doc get text
Signed-off-by: Michael Crenshaw <michael@crenshaw.dev>
apply suggestions
Signed-off-by: Michael Crenshaw <michael@crenshaw.dev>
apply suggestions
Signed-off-by: Michael Crenshaw <michael@crenshaw.dev>
blarn
Signed-off-by: CI <michael@crenshaw.dev>
ignore errors due to vulns
Signed-off-by: CI <michael@crenshaw.dev>
specify target branch in script
Signed-off-by: CI <michael@crenshaw.dev>
don't checkout before running script
Signed-off-by: CI <michael@crenshaw.dev>
make sure dest dir exists
Signed-off-by: CI <michael@crenshaw.dev>
fix workflow
Signed-off-by: CI <michael@crenshaw.dev>
* update scans
Signed-off-by: CI <michael@crenshaw.dev>
* update reports
Signed-off-by: CI <michael@crenshaw.dev>
* use latest ignore rules
Signed-off-by: CI <michael@crenshaw.dev>
* update reports
Signed-off-by: CI <michael@crenshaw.dev>
* update reports
Signed-off-by: CI <michael@crenshaw.dev>
* update reports, add link to latest, push to master instead of stable
Signed-off-by: CI <michael@crenshaw.dev>
* fix for double-digit patch versions
Signed-off-by: CI <michael@crenshaw.dev>
* clean up testing changes
Signed-off-by: CI <michael@crenshaw.dev>
feat: Add cli support for additional linux based architectures, s390x + ppc64le (#8991)
Signed-off-by: David J. M. Karlsen <david@davidkarlsen.com>
* add more architectures for linux
Signed-off-by: David J. M. Karlsen <david@davidkarlsen.com>
* drop aix arch as it won't compile
Signed-off-by: David J. M. Karlsen <david@davidkarlsen.com>
Co-authored-by: Michael Crenshaw <michael@crenshaw.dev>
Co-authored-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>
* chore: remove helm2
Reorder test/container/Dockerfile to mitigate issue of being unable to create
.gitconfig since the homedir is not present
chore: cleanup helm2 and tests related to it
Remove helm2 init. Fix unused import
Use helm 3 structure for CRDs
Remove helm2-dependency testdata
Address PR comments
Add back values-production and value.yaml on helm tests
Remove helm2 from openapi.
Signed-off-by: Shyukri Shyukriev <shyukri.shyukriev@mariadb.com>
modified: util/helm/cmd_test.go
* fix: generated openapi
Signed-off-by: Michael Crenshaw <michael@crenshaw.dev>
Co-authored-by: Michael Crenshaw <michael@crenshaw.dev>
* chore: update dependencies before starting e2e server
The e2e test server will show errors if there are irregular vendor and UI dependencies. This PR updates the Makefile to update the dependencies before starting the e2e server.
Signed-off-by: Chetan Banavikalmutt <chetanrns1997@gmail.com>
* increase timeout while checking for e2e server
Signed-off-by: Chetan Banavikalmutt <chetanrns1997@gmail.com>
* build: Support image building on Mac ARM
Signed-off-by: Yuan Tang <terrytangyuan@gmail.com>
* Pass GOOS and GOARCH explicitly
Signed-off-by: Yuan Tang <terrytangyuan@gmail.com>
* Retrigger CI pipeline
Signed-off-by: Yuan Tang <terrytangyuan@gmail.com>
* Remove windows and mac binaries in the image
Signed-off-by: Yuan Tang <terrytangyuan@gmail.com>
* Update download handler registration
Signed-off-by: Yuan Tang <terrytangyuan@gmail.com>
* Inject arch to env var via webpack
Signed-off-by: Yuan Tang <terrytangyuan@gmail.com>
* Fix lint
Signed-off-by: Yuan Tang <terrytangyuan@gmail.com>
* Add BUILD_ALL_CLIS env flag for make release-cli
Signed-off-by: Yuan Tang <terrytangyuan@gmail.com>
* Run in release-cli target directly
Signed-off-by: Yuan Tang <terrytangyuan@gmail.com>
* feat: add --headless flag to Argo CD CLI command
Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>
* docs: add headless installation manifests and documentation
Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>
* Apply reviewer notes
Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>
* Remove port forwarding logs
Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>
* initial draft of adding tests for OCI
Signed-off-by: May Zhang <may_zhang@intuit.com>
* fix: initial draft of adding tests for OCI
Signed-off-by: May Zhang <may_zhang@intuit.com>
* bring up registry for tests
Signed-off-by: May Zhang <may_zhang@intuit.com>
* bring up registry for tests
Signed-off-by: May Zhang <may_zhang@intuit.com>
* bring up registry for tests
Signed-off-by: May Zhang <may_zhang@intuit.com>
* fix: just to test if PR is working
Signed-off-by: May Zhang <may_zhang@intuit.com>
* adding additional helm oci dependencies tests
Signed-off-by: May Zhang <may_zhang@intuit.com>
* feat: Dockerized *-docs Makefile commands
Signed-off-by: ishitasequeira <isequeir@redhat.com>
* removed the deprecated target(publish-docs) and added a local build and serve target
Signed-off-by: ishitasequeira <isequeir@redhat.com>
* chore: Add a GitHub action that runs unit tests with -race to CI build (#4774)
Signed-off-by: Jonathan West <jonwest@redhat.com>
* chore: Add a GitHub action that runs unit tests with -race to CI build (#4774)
Signed-off-by: Jonathan West <jonwest@redhat.com>
* Add "chown" to gpg/keys in "start-local" target that so that repo-server can access gpg keys.
* * Set -u uid:gid in the docker run commands so that test images are run under the current user.
* test Procfile processes will not need to perform "su" to default user (which has the current user's uid/gid)
* Remove chown in start-e2e-local
* clean up, remove "bash -c"
* Test containers are run as uid 0 which allows uid_entrypoint.sh to perform some user setup. uid_entrypoint.sh creates a non-root user (default) and enables passwordless sudo for that user. The container entry point command is run as the non-root user. "goreman start" does "sudo" to to the processes that need root permission including sshd, fcgiwrap, and nginix. The other processes are running as the non-root user.
* use /bin/bash
* change back to sh
* Docker image to create unpriveleged testuser and enable passwordless sudo for that user
* Use kustomize v3 to build ArgoCD manifests
* Update to test-tools-image v0.3.0
* Reorder patches so Kustomize v3 will properly find targets
* adding back these changes
* Use the generated files.
* changed the namespace
* changed kustomize version to 3.8.1 to be in sync with the one in tool-version.sh
* revert changes in makefile
* Re-run codegen
Co-authored-by: Zhang <may_zhang@intuit.com>
Co-authored-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>
* fix: Do not use -i flag when building CLI
* Debug output
* re-disable CGO
* increase timeout
* correctly create dist directory before e2e server
* Revert
* chore: make make cli use virtualized toolchain
Signed-off-by: darshanime <deathbullet@gmail.com>
* chore: use cli-local in Dockerfile
Signed-off-by: darshanime <deathbullet@gmail.com>
* chore: use cli-local in Dockerfile
Signed-off-by: darshanime <deathbullet@gmail.com>
* Add initial primitives and tests for GPG related operations
* More tests and test documentation
* Move gpg primitives to own module
* Add initial primitives for running git verify-commit and tests
* Improve and better comment test
* Implement VerifyCommitSignature() primitive for metrics wrapper
* More commentary
* Make reposerver verify gpg signatures when generating manifests
* Make signature validation optional
* Forbid use of local manifests when signature verification is enabled
* Introduce new signatureKeys field in project CRD
* Initial support for only syncing against signed revisions
* Updates to GnuPG primitives and more test cases
* Move signature verification to correct place and add tests
* Add signature verification result to revision metadata and display it in UI
* Add more primitives and move out some stuff to common module
* Add more testdata
* Add key management primitives to ArgoDB
* Move type GnuPGPublicKey to appsv1 package
* Add const ArgoCDGPGKeysConfigMapName
* Handle key operations with appsv1.GnuPGPublicKey
* Add initial API for managing GPG keys
* Remove deprecated code
* Add primitives for adding public keys to configuration
* Change semantics of ValidateGPGKeys to return more key information
* Add key import functionality to public key API
* Fix code quirks reported by linter
* More code quirks fixes
* Fix test
* Add primitives for deleting keys from configuration
* Add delete key operation to API and CLI
* Cosmetics
* Implement logic to sync configuration to keyring in repo-server
* Add IsGPGEnabled() primitive and also update trustdb on ownertrust changes
* Use gpg.IsGPGEnabled() instead of custom test
* Remove all keyring manipulating methods from DB
* Cosmetics/comments
* Require grpc methods from argoproj pkg
* Enable setting config path via ARGOCD_GPG_DATA_PATH
* Allow "no" and any cases in ARGOCD_GPG_ENABLED
* Enable GPG feature on start and start-e2e and set required environment
* Cosmetics/comments
* Cosmetics and commentary
* Update API documentation
* Fix comment
* Only run GPG related operations if GPG is enabled
* Allow setting ARGOCD_GPG_ENABLE from the environment
* Create GPG ConfigMap resource during installation
* Use function instead of constant to get the watcher path
* Re-watch source path in case it gets recreated. Also, error on finish
* Add End-to-End tests for GPG commit verification
* Introduce SignatureKey type for AppProject CRD
* Fix merge error from previous commit
* Adapt test for additional manifest (argocd-gpg-keys-cm.yaml)
* Fix linter issues
* Adapt CircleCI configuration to enable running tests
* Add wrapper scripts for git and gpg
* Sigh.
* Display gpg version in CircleCI
* Install gnupg2 and link it to gpg in CI
* Try to install gnupg2 in CircleCI image
* More CircleCI tweaks
* # This is a combination of 10 commits.
# This is the 1st commit message:
Containerize tests - test cycle
# This is the commit message #2:
adapt working directory
# This is the commit message #3:
Build before running tests (so we might have a cache)
# This is the commit message #4:
Test limiting parallelism
# This is the commit message #5:
Remove unbound variable
# This is the commit message #6:
Decrease parallelism to find out limit
# This is the commit message #7:
Use correct flag
# This is the commit message #8:
Update Docker image
# This is the commit message #9:
Remove build phase and increase parallelism
# This is the commit message #10:
Further increase parallelism
* Dockerize toolchain
* Add new targets to Makefile
* Codegen
* Properly handle permissions for E2E tests
* Remove gnupg2 installation from CircleCI configuration
* Limit parallelism of build
* Fix Yarn lint
* Retrigger CI for possible flaky test
* Codegen
* Remove duplicate target in Makefile
* Pull in pager from dep ensure -v
* Adapt to gitops-engine changes and codegen
* Use new health package for health status constants
* Add GPG methods to ArgoDB mock module
* Fix possible nil pointer dereference
* Fix linter issue in imports
* Introduce RBAC resource type 'gpgkeys' and adapt policies
* Use ARGOCD_GNUPGHOME instead of GNUPGHOME for subsystem configuration
Also remove some deprecated unit tests.
* Also register GPG keys API with gRPC-GW
* Update from codegen
* Update GPG key API
* Add web UI to manage GPG keys
* Lint updates
* Change wording
* Add some plausibility checks for supplied data on key creation
* Update from codegen
* Re-allow binary keys and move check for ASCII armoured to UI
* Make yarn lint happy
* Add editing signature keys for projects in UI
* Add ability to configure signature keys for project in CLI
* Change default value to use for GNUPGHOME
* Do not include data section in default gpg keys CM
* Adapt Docker image for GnuPG feature
* Add required configuration to installation manifests
* Add add-signature-key and remove-signature-key commands to project CLI
* Fix typo
* Add initial user documentation for GnuPG verification
* Fix role name - oops
* Mention required RBAC roles in docs
* Support GPG verification of git annotated tags as well
* Ensure CLI can build succesfully
* Better support verification on tags
* Print key type in upper case
* Update user documentation
* Correctly disable GnuPG verification if ARGOCD_GPG_ENABLE=false
* Clarify that this feature is only available with Git repositories
* codegen
* Move verification code to own function
* Remove deprecated check
* Make things more developer friendly when running locally
* Enable GPG feature by default, and don't require ARGOCD_GNUPGHOME to be set
* Revert changes to manifests to reflect default enable state
* Codegen
* chore: Migrate CI to GitHub actions
* Do not install golangci-lint, we use the action
* Integrate codecov.io upload
* Use some better names for analyze job & steps
* go mod tidy
* Update tools
* Disable CircleCI completely
* Satisfy CircleCI with a dummy step until it's disabled
* chore: Migrate to Go modules
* Update CircleCI config
* Fix path
* Attach vendor for test step correctly
* restore_vendor -> attach_vendor
* Update cache path
* Checkout code before attaching vendor
* Move checkout to even earlier in job
* Don't restore cache for e2e step
* .
* Explicitly set GOPATH
* Restore Build cache
* Fix permissions
* Set correct environment for docker env
* Uncache everything
* Fix permissions
* Use workspace for caching Go code
* .
* go mod tidy
* Try to speed up builds
* Make mod target implicit dependencies
* Do not call make mod-download or mod-vendor
* Fix permissions
* Don't have modules dependendencies on test-e2e-local
* Fix confgi
* Bye bye
* Remove test parallelism
* Get max test parallelism back in, but with lower value
