From f606cb34bc045063f516934181846a2c47b80c53 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 31 Oct 2022 15:50:27 +0000 Subject: [PATCH 1/7] chore(deps): bump actions/upload-artifact from 2 to 3 (#1973) Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 2 to 3. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v2...v3) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: toann --- .github/workflows/e2e.yaml | 6 +++--- .github/workflows/go.yml | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/e2e.yaml b/.github/workflows/e2e.yaml index 8b9b291f2d..e248cc28a2 100644 --- a/.github/workflows/e2e.yaml +++ b/.github/workflows/e2e.yaml @@ -29,7 +29,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Upload - uses: actions/upload-artifact@v2 + uses: actions/upload-artifact@v3 with: name: Event File path: ${{ github.event_path }} @@ -83,13 +83,13 @@ jobs: [[ -f rerunreport.txt ]] && cat rerunreport.txt || echo "No rerun report found" - name: Upload E2E Test Results if: always() - uses: actions/upload-artifact@v2 + uses: actions/upload-artifact@v3 with: name: E2E Test Results (k8s ${{ matrix.kubernetes-minor-version }}) path: | junit.xml - name: Upload e2e-controller logs - uses: actions/upload-artifact@v2 + uses: actions/upload-artifact@v3 with: name: e2e-controller-k8s-${{ matrix.kubernetes-minor-version }}.log path: /tmp/e2e-controller.log diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml index 955bc796c5..04de398b9c 100644 --- a/.github/workflows/go.yml +++ b/.github/workflows/go.yml @@ -24,7 +24,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Upload - uses: actions/upload-artifact@v2 + uses: actions/upload-artifact@v3 with: name: Event File path: ${{ github.event_path }} @@ -77,14 +77,14 @@ jobs: - name: Upload Unit Test Results if: always() - uses: actions/upload-artifact@v2 + uses: actions/upload-artifact@v3 with: name: Unit Test Results path: | junit.xml - name: Generate code coverage artifacts - uses: actions/upload-artifact@v2 + uses: actions/upload-artifact@v3 with: name: code-coverage path: coverage.out From 80f09c77454e07577f487239f0da9fcf9b76c82b Mon Sep 17 00:00:00 2001 From: Justin Marquis <34fathombelow@protonmail.com> Date: Tue, 1 Nov 2022 08:50:41 -0700 Subject: [PATCH 2/7] chore: sign container images and checksum assets (#2334) Signed-off-by: Justin Marquis <34fathombelow@protonmail.com> Signed-off-by: toann --- .github/workflows/docker-publish.yml | 52 +++++++++++++++++++++++++++- .github/workflows/release.yaml | 36 +++++++++++++++++++ 2 files changed, 87 insertions(+), 1 deletion(-) diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index c96f45c77f..47875b478e 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -94,4 +94,54 @@ jobs: target: kubectl-argo-rollouts platforms: ${{ steps.platform-matrix.outputs.platform-matrix }} push: ${{ github.event_name != 'pull_request' }} - tags: ${{ steps.plugin-meta.outputs.tags }} \ No newline at end of file + tags: ${{ steps.plugin-meta.outputs.tags }} + + - name: Install cosign + uses: sigstore/cosign-installer@main + with: + cosign-release: 'v1.13.1' + + - name: Install crane to get digest of image + uses: imjasonh/setup-crane@v0.1 + + - name: Get digest of controller-image + run: | + if [[ "${{ github.ref == 'refs/heads/master' }}" ]] + then + echo "CONTROLLER_DIGEST=$(crane digest quay.io/argoproj/argo-rollouts:latest)" >> $GITHUB_ENV + fi + if [[ "${{ github.ref != 'refs/heads/master' }}" ]] + then + echo "CONTROLLER_DIGEST=$(crane digest ${{ steps.controller-meta.outputs.tags }})" >> $GITHUB_ENV + fi + if: github.event_name != 'pull_request' + + - name: Get digest of plugin-image + run: | + if [[ "${{ github.ref == 'refs/heads/master' }}" ]] + then + echo "PLUGIN_DIGEST=$(crane digest quay.io/argoproj/kubectl-argo-rollouts:latest)" >> $GITHUB_ENV + fi + if [[ "${{ github.ref != 'refs/heads/master' }}" ]] + then + echo "PLUGIN_DIGEST=$(crane digest ${{ steps.plugin-meta.outputs.tags }})" >> $GITHUB_ENV + fi + if: github.event_name != 'pull_request' + + - name: Sign Argo Rollouts Images + run: | + cosign sign --key env://COSIGN_PRIVATE_KEY quay.io/argoproj/argo-rollouts@${{ env.CONTROLLER_DIGEST }} + cosign sign --key env://COSIGN_PRIVATE_KEY quay.io/argoproj/kubectl-argo-rollouts@${{ env.PLUGIN_DIGEST }} + env: + COSIGN_PRIVATE_KEY: ${{secrets.COSIGN_PRIVATE_KEY}} + COSIGN_PASSWORD: ${{secrets.COSIGN_PASSWORD}} + if: ${{ github.event_name == 'push' }} + + - name: Display the public key to share. + run: | + # Displays the public key to share + cosign public-key --key env://COSIGN_PRIVATE_KEY + env: + COSIGN_PRIVATE_KEY: ${{secrets.COSIGN_PRIVATE_KEY}} + COSIGN_PASSWORD: ${{secrets.COSIGN_PASSWORD}} + if: ${{ github.event_name == 'push' }} diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index f24bf75caf..43f5d6e908 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -149,6 +149,40 @@ jobs: cd /tmp && tar -zcf sbom.tar.gz *.spdx + - name: Install cosign + uses: sigstore/cosign-installer@main + with: + cosign-release: 'v1.13.1' + + - name: Install crane to get digest of image + uses: imjasonh/setup-crane@v0.1 + + - name: Get digest of controller-image + run: | + echo "CONTROLLER_DIGEST=$(crane digest ${{ steps.controller-meta.outputs.tags }})" >> $GITHUB_ENV + + - name: Get digest of plugin-image + run: | + echo "PLUGIN_DIGEST=$(crane digest ${{ steps.plugin-meta.outputs.tags }})" >> $GITHUB_ENV + + - name: Sign Argo Rollouts Images + run: | + cosign sign --key env://COSIGN_PRIVATE_KEY quay.io/argoproj/argo-rollouts@${{ env.CONTROLLER_DIGEST }} + cosign sign --key env://COSIGN_PRIVATE_KEY quay.io/argoproj/kubectl-argo-rollouts@${{ env.PLUGIN_DIGEST }} + env: + COSIGN_PRIVATE_KEY: ${{secrets.COSIGN_PRIVATE_KEY}} + COSIGN_PASSWORD: ${{secrets.COSIGN_PASSWORD}} + + - name: Sign checksums and create public key for release assets + run: | + cosign sign-blob --key env://COSIGN_PRIVATE_KEY dist/argo-rollouts-checksums.txt > dist/argo-rollouts-checksums.sig + cosign public-key --key env://COSIGN_PRIVATE_KEY > ./dist/argo-rollouts-cosign.pub + # Displays the public key to share. + cosign public-key --key env://COSIGN_PRIVATE_KEY + env: + COSIGN_PRIVATE_KEY: ${{secrets.COSIGN_PRIVATE_KEY}} + COSIGN_PASSWORD: ${{secrets.COSIGN_PASSWORD}} + - name: Draft release uses: softprops/action-gh-release@v1 with: @@ -161,6 +195,8 @@ jobs: dist/kubectl-argo-rollouts-darwin-arm64 dist/kubectl-argo-rollouts-windows-amd64 dist/argo-rollouts-checksums.txt + dist/argo-rollouts-checksums.sig + dist/argo-rollouts-cosign.pub manifests/dashboard-install.yaml manifests/install.yaml manifests/namespace-install.yaml From de8584141e3618126b38dd872a6cb5923e14b493 Mon Sep 17 00:00:00 2001 From: Zach Aller Date: Tue, 1 Nov 2022 14:13:13 -0500 Subject: [PATCH 3/7] chore(deps): upgrade ui deps to fix high security cve's (#2345) * ui: upgrade deps to fix high security cve's Signed-off-by: zachaller * github trigger re-run Signed-off-by: zachaller Signed-off-by: zachaller Signed-off-by: toann --- ui/package.json | 2 +- ui/src/app/components/pods/pods.tsx | 2 +- ui/yarn.lock | 42 +++++++++++++++++++++++++++-- 3 files changed, 42 insertions(+), 4 deletions(-) diff --git a/ui/package.json b/ui/package.json index 15627c8da8..4822da2b68 100644 --- a/ui/package.json +++ b/ui/package.json @@ -6,7 +6,7 @@ "argo-ui": "git+https://github.com/argoproj/argo-ui.git", "classnames": "2.2.6", "isomorphic-fetch": "^3.0.0", - "moment": "^2.29.1", + "moment": "^2.29.4", "moment-timezone": "^0.5.33", "portable-fetch": "^3.0.0", "react": "^17.0.1", diff --git a/ui/src/app/components/pods/pods.tsx b/ui/src/app/components/pods/pods.tsx index b45bd2e168..c9be978570 100644 --- a/ui/src/app/components/pods/pods.tsx +++ b/ui/src/app/components/pods/pods.tsx @@ -115,7 +115,7 @@ export const ReplicaSet = (props: {rs: RolloutReplicaSetInfo; showRevision?: boo
{(now) => { - const time = moment(props.rs.scaleDownDeadline).diff(now, 'second'); + const time = moment(props.rs.scaleDownDeadline).diff(now.toDate(), 'second'); return time <= 0 ? null : ( = 2.9.0" -"moment@>= 2.9.0", moment@^2.20.1, moment@^2.29.1: +"moment@>= 2.9.0", moment@^2.20.1: version "2.29.1" resolved "https://registry.yarnpkg.com/moment/-/moment-2.29.1.tgz#b2be769fa31940be9eeea6469c075e35006fa3d3" integrity sha512-kHmoybcPV8Sqy59DwNDY3Jefr64lK/by/da0ViFcuA4DH0vQg5Q6Ze5VimxkfQNSC+Mls/Kx53s7TjP1RhFEDQ== +moment@^2.29.4: + version "2.29.4" + resolved "https://registry.yarnpkg.com/moment/-/moment-2.29.4.tgz#3dbe052889fe7c1b2ed966fcb3a77328964ef108" + integrity sha512-5LC9SOxjSc2HF6vO2CyuTDNivEdoz2IvyJJGj6X8DJ0eFyfszE0QiEd+iXmBvUP3WHxSjFH/vIsA0EN00cgr8w== + move-concurrently@^1.0.1: version "1.0.1" resolved "https://registry.yarnpkg.com/move-concurrently/-/move-concurrently-1.0.1.tgz#be2c005fda32e0b29af1f05d7c4b33214c701f92" @@ -7835,6 +7848,13 @@ node-fetch@^1.0.1: encoding "^0.1.11" is-stream "^1.0.1" +node-fetch@^2.6.1: + version "2.6.7" + resolved "https://registry.yarnpkg.com/node-fetch/-/node-fetch-2.6.7.tgz#24de9fba827e3b4ae44dc8b20256a379160052ad" + integrity sha512-ZjMPFEfVx5j+y2yF35Kzx5sF7kDzxuDj6ziH4FFbOp87zKDZNx8yExJIb05OGF4Nlt9IHFIMBkRl41VdvcNdbQ== + dependencies: + whatwg-url "^5.0.0" + node-forge@^0.10.0: version "0.10.0" resolved "https://registry.yarnpkg.com/node-forge/-/node-forge-0.10.0.tgz#32dea2afb3e9926f02ee5ce8794902691a676bf3" @@ -11342,6 +11362,11 @@ tr46@^2.0.2: dependencies: punycode "^2.1.1" +tr46@~0.0.3: + version "0.0.3" + resolved "https://registry.yarnpkg.com/tr46/-/tr46-0.0.3.tgz#8184fd347dac9cdc185992f3a6622e14b9d9ab6a" + integrity sha512-N3WMsuqV66lT30CrXNbEjx4GEwlow3v6rr4mCcv6prnfwhS01rkgyFdjPNBYd9br7LpXV1+Emh01fHnq2Gdgrw== + tryer@^1.0.1: version "1.0.1" resolved "https://registry.yarnpkg.com/tryer/-/tryer-1.0.1.tgz#f2c85406800b9b0f74c9f7465b81eaad241252f8" @@ -11801,6 +11826,11 @@ web-vitals@^1.0.1: resolved "https://registry.yarnpkg.com/web-vitals/-/web-vitals-1.1.2.tgz#06535308168986096239aa84716e68b4c6ae6d1c" integrity sha512-PFMKIY+bRSXlMxVAQ+m2aw9c/ioUYfDgrYot0YUa+/xa0sakubWhSDyxAKwzymvXVdF4CZI71g06W+mqhzu6ig== +webidl-conversions@^3.0.0: + version "3.0.1" + resolved "https://registry.yarnpkg.com/webidl-conversions/-/webidl-conversions-3.0.1.tgz#24534275e2a7bc6be7bc86611cc16ae0a5654871" + integrity sha512-2JAn3z8AR6rjK8Sm8orRC0h/bcl/DqL7tRPdGZ4I1CjdF+EaMLmYxBHyXuKL849eucPFhvBoxMsflfOb8kxaeQ== + webidl-conversions@^5.0.0: version "5.0.0" resolved "https://registry.yarnpkg.com/webidl-conversions/-/webidl-conversions-5.0.0.tgz#ae59c8a00b121543a2acc65c0434f57b0fc11aff" @@ -12028,6 +12058,14 @@ whatwg-mimetype@^2.3.0: resolved "https://registry.yarnpkg.com/whatwg-mimetype/-/whatwg-mimetype-2.3.0.tgz#3d4b1e0312d2079879f826aff18dbeeca5960fbf" integrity sha512-M4yMwr6mAnQz76TbJm914+gPpB/nCwvZbJU28cUD6dR004SAxDLOOSUaB1JDRqLtaOV/vi0IC5lEAGFgrjGv/g== +whatwg-url@^5.0.0: + version "5.0.0" + resolved "https://registry.yarnpkg.com/whatwg-url/-/whatwg-url-5.0.0.tgz#966454e8765462e37644d3626f6742ce8b70965d" + integrity sha512-saE57nupxk6v3HY35+jzBwYa0rKSy0XR8JSxZPwgLr7ys0IBzhGviA1/TUGJLmSVqs8pb9AnvICXEuOHLprYTw== + dependencies: + tr46 "~0.0.3" + webidl-conversions "^3.0.0" + whatwg-url@^8.0.0, whatwg-url@^8.5.0: version "8.5.0" resolved "https://registry.yarnpkg.com/whatwg-url/-/whatwg-url-8.5.0.tgz#7752b8464fc0903fec89aa9846fc9efe07351fd3" @@ -12381,4 +12419,4 @@ yargs@^15.4.1: yocto-queue@^0.1.0: version "0.1.0" resolved "https://registry.yarnpkg.com/yocto-queue/-/yocto-queue-0.1.0.tgz#0294eb3dee05028d31ee1a5fa2c556a6aaf10a1b" - integrity sha512-rVksvsnNCdJ/ohGc6xgPwyN8eheCxsiLM8mxuE/t/mOVqJewPuO1miLpTHQiRgTKCLexL4MeAFVagts7HmNZ2Q== \ No newline at end of file + integrity sha512-rVksvsnNCdJ/ohGc6xgPwyN8eheCxsiLM8mxuE/t/mOVqJewPuO1miLpTHQiRgTKCLexL4MeAFVagts7HmNZ2Q== From b859c9673bc24db9c476759f91c2ae5232d68eca Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 2 Nov 2022 00:02:37 +0000 Subject: [PATCH 4/7] chore(deps): bump imjasonh/setup-crane from 0.1 to 0.2 (#2387) Bumps [imjasonh/setup-crane](https://github.com/imjasonh/setup-crane) from 0.1 to 0.2. - [Release notes](https://github.com/imjasonh/setup-crane/releases) - [Commits](https://github.com/imjasonh/setup-crane/compare/v0.1...v0.2) --- updated-dependencies: - dependency-name: imjasonh/setup-crane dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: toann --- .github/workflows/docker-publish.yml | 2 +- .github/workflows/release.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index 47875b478e..2c7c565e2d 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -102,7 +102,7 @@ jobs: cosign-release: 'v1.13.1' - name: Install crane to get digest of image - uses: imjasonh/setup-crane@v0.1 + uses: imjasonh/setup-crane@v0.2 - name: Get digest of controller-image run: | diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 43f5d6e908..28f787bb04 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -155,7 +155,7 @@ jobs: cosign-release: 'v1.13.1' - name: Install crane to get digest of image - uses: imjasonh/setup-crane@v0.1 + uses: imjasonh/setup-crane@v0.2 - name: Get digest of controller-image run: | From dc34d0827e59f7bcca36699b884d884d16079d28 Mon Sep 17 00:00:00 2001 From: toann Date: Wed, 2 Nov 2022 15:10:05 +0700 Subject: [PATCH 5/7] docs: Fix the case that autoPromotionSeconds feature is ignored Signed-off-by: Toan Nguyen Signed-off-by: toann --- docs/features/bluegreen.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/features/bluegreen.md b/docs/features/bluegreen.md index afb2d2f158..1cded0d86a 100644 --- a/docs/features/bluegreen.md +++ b/docs/features/bluegreen.md @@ -93,7 +93,7 @@ The AutoPromotionEnabled will make the rollout automatically promote the new Rep Defaults to true ### autoPromotionSeconds -The AutoPromotionSeconds will make the rollout automatically promote the new ReplicaSet to active Service after the AutoPromotionSeconds time has passed since the rollout has entered a paused state. If the `AutoPromotionEnabled` field is set to true, this field will be ignored +The AutoPromotionSeconds will make the rollout automatically promote the new ReplicaSet to active Service after the AutoPromotionSeconds time has passed since the rollout has entered a paused state. If the `AutoPromotionEnabled` field is set to false, this field will be ignored Defaults to nil From 30de7fe1358d552933933716ae9f129d2fc894e7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 3 Nov 2022 00:05:22 +0000 Subject: [PATCH 6/7] chore(deps): bump dependabot/fetch-metadata from 1.3.4 to 1.3.5 (#2390) Bumps [dependabot/fetch-metadata](https://github.com/dependabot/fetch-metadata) from 1.3.4 to 1.3.5. - [Release notes](https://github.com/dependabot/fetch-metadata/releases) - [Commits](https://github.com/dependabot/fetch-metadata/compare/v1.3.4...v1.3.5) --- updated-dependencies: - dependency-name: dependabot/fetch-metadata dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: toann --- .github/workflows/dependabot_automerge.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/dependabot_automerge.yml b/.github/workflows/dependabot_automerge.yml index 2bdab7b838..54e5b114ff 100644 --- a/.github/workflows/dependabot_automerge.yml +++ b/.github/workflows/dependabot_automerge.yml @@ -15,7 +15,7 @@ jobs: steps: - name: Dependabot metadata id: metadata - uses: dependabot/fetch-metadata@v1.3.4 + uses: dependabot/fetch-metadata@v1.3.5 with: github-token: "${{ secrets.GITHUB_TOKEN }}" - name: Approve PR From 2463fd43941ea0889fcbfbae4527ae6373fbbb66 Mon Sep 17 00:00:00 2001 From: T Nguyen <55384763+itsme2980@users.noreply.github.com> Date: Thu, 12 Jan 2023 15:35:00 +0700 Subject: [PATCH 7/7] Update docs/features/bluegreen.md Co-authored-by: Rohit Agrawal --- docs/features/bluegreen.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/features/bluegreen.md b/docs/features/bluegreen.md index 1cded0d86a..4744443374 100644 --- a/docs/features/bluegreen.md +++ b/docs/features/bluegreen.md @@ -93,7 +93,7 @@ The AutoPromotionEnabled will make the rollout automatically promote the new Rep Defaults to true ### autoPromotionSeconds -The AutoPromotionSeconds will make the rollout automatically promote the new ReplicaSet to active Service after the AutoPromotionSeconds time has passed since the rollout has entered a paused state. If the `AutoPromotionEnabled` field is set to false, this field will be ignored +Setting a positive non-zero value here would make the rollout automatically promote the new `ReplicaSet` to active Service after this much time has been elapsed since the rollout has entered a paused state. If the `AutoPromotionEnabled` field is set to **false**, this field would be ignored. Defaults to nil