Merge branch 'master' into rollout_phase

.github/workflows/dependabot_automerge.yml

@@ -15,7 +15,7 @@ jobs:
     steps:
       - name: Dependabot metadata
         id: metadata
-        uses: dependabot/[email protected].4
+        uses: dependabot/[email protected].5
         with:
           github-token: "${{ secrets.GITHUB_TOKEN }}"
       - name: Approve PR

.github/workflows/docker-publish.yml

@@ -94,4 +94,54 @@ jobs:
           target: kubectl-argo-rollouts
           platforms: ${{ steps.platform-matrix.outputs.platform-matrix }}
           push: ${{ github.event_name != 'pull_request' }}
-          tags: ${{ steps.plugin-meta.outputs.tags }}
+          tags: ${{ steps.plugin-meta.outputs.tags }}
+
+      - name: Install cosign
+        uses: sigstore/cosign-installer@main
+        with:
+          cosign-release: 'v1.13.1'
+
+      - name: Install crane to get digest of image
+        uses: imjasonh/[email protected]
+
+      - name: Get digest of controller-image
+        run: |
+          if [[ "${{ github.ref == 'refs/heads/master' }}" ]]
+          then
+            echo "CONTROLLER_DIGEST=$(crane digest quay.io/argoproj/argo-rollouts:latest)" >> $GITHUB_ENV
+          fi
+          if [[ "${{ github.ref != 'refs/heads/master' }}" ]]
+          then
+            echo "CONTROLLER_DIGEST=$(crane digest ${{ steps.controller-meta.outputs.tags }})" >> $GITHUB_ENV
+          fi
+        if: github.event_name != 'pull_request'
+
+      - name: Get digest of plugin-image
+        run: |
+          if [[ "${{ github.ref == 'refs/heads/master' }}" ]]
+          then
+            echo "PLUGIN_DIGEST=$(crane digest quay.io/argoproj/kubectl-argo-rollouts:latest)" >> $GITHUB_ENV
+          fi
+          if [[ "${{ github.ref != 'refs/heads/master' }}" ]]
+          then
+            echo "PLUGIN_DIGEST=$(crane digest ${{ steps.plugin-meta.outputs.tags }})" >> $GITHUB_ENV
+          fi
+        if: github.event_name != 'pull_request'
+
+      - name: Sign Argo Rollouts Images
+        run: |
+          cosign sign --key env://COSIGN_PRIVATE_KEY quay.io/argoproj/argo-rollouts@${{ env.CONTROLLER_DIGEST }}
+          cosign sign --key env://COSIGN_PRIVATE_KEY quay.io/argoproj/kubectl-argo-rollouts@${{ env.PLUGIN_DIGEST }}
+        env:
+          COSIGN_PRIVATE_KEY: ${{secrets.COSIGN_PRIVATE_KEY}}
+          COSIGN_PASSWORD: ${{secrets.COSIGN_PASSWORD}}
+        if: ${{ github.event_name == 'push' }}
+
+      - name: Display the public key to share.
+        run: |
+          # Displays the public key to share
+          cosign public-key --key env://COSIGN_PRIVATE_KEY
+        env:
+          COSIGN_PRIVATE_KEY: ${{secrets.COSIGN_PRIVATE_KEY}}
+          COSIGN_PASSWORD: ${{secrets.COSIGN_PASSWORD}}
+        if: ${{ github.event_name == 'push' }}

.github/workflows/e2e.yaml

@@ -29,11 +29,17 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Upload
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v3
         with:
           name: Event File
           path: ${{ github.event_path }}
   test-e2e:
+    strategy:
+      fail-fast: false
+      matrix:
+        kubernetes-minor-version:
+          - 1.23
+          - 1.24
     name: Run end-to-end tests
     runs-on: ubuntu-latest
     steps:
@@ -43,6 +49,8 @@ jobs:
           go-version: 1.19
       - uses: actions/[email protected]
       - name: Setup k3s
+        env:
+          INSTALL_K3S_CHANNEL: v${{ matrix.kubernetes-minor-version }}
         run: |
           curl -sfL https://get.k3s.io | sh -
           sudo mkdir ~/.kube
@@ -75,14 +83,14 @@ jobs:
           [[ -f rerunreport.txt ]] && cat rerunreport.txt || echo "No rerun report found"
       - name: Upload E2E Test Results
         if: always()
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v3
         with:
-          name: E2E Test Results
+          name: E2E Test Results (k8s ${{ matrix.kubernetes-minor-version }})
           path: |
             junit.xml
       - name: Upload e2e-controller logs
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v3
         with:
-          name: e2e-controller-k8s.log
+          name: e2e-controller-k8s-${{ matrix.kubernetes-minor-version }}.log
           path: /tmp/e2e-controller.log
         if: ${{ failure() }}

.github/workflows/go.yml

@@ -24,7 +24,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Upload
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v3
         with:
           name: Event File
           path: ${{ github.event_path }}
@@ -77,14 +77,14 @@ jobs:
 
       - name: Upload Unit Test Results
         if: always()
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v3
         with:
           name: Unit Test Results
           path: |
             junit.xml
 
       - name: Generate code coverage artifacts
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v3
         with:
           name: code-coverage
           path: coverage.out

.github/workflows/release.yaml

@@ -149,6 +149,40 @@ jobs:
 
           cd /tmp && tar -zcf sbom.tar.gz *.spdx
 
+      - name: Install cosign
+        uses: sigstore/cosign-installer@main
+        with:
+          cosign-release: 'v1.13.1'
+
+      - name: Install crane to get digest of image
+        uses: imjasonh/[email protected]
+
+      - name: Get digest of controller-image
+        run: |
+          echo "CONTROLLER_DIGEST=$(crane digest ${{ steps.controller-meta.outputs.tags }})" >> $GITHUB_ENV
+
+      - name: Get digest of plugin-image
+        run: |
+          echo "PLUGIN_DIGEST=$(crane digest ${{ steps.plugin-meta.outputs.tags }})" >> $GITHUB_ENV
+
+      - name: Sign Argo Rollouts Images
+        run: |
+          cosign sign --key env://COSIGN_PRIVATE_KEY quay.io/argoproj/argo-rollouts@${{ env.CONTROLLER_DIGEST }}
+          cosign sign --key env://COSIGN_PRIVATE_KEY quay.io/argoproj/kubectl-argo-rollouts@${{ env.PLUGIN_DIGEST }}
+        env:
+          COSIGN_PRIVATE_KEY: ${{secrets.COSIGN_PRIVATE_KEY}}
+          COSIGN_PASSWORD: ${{secrets.COSIGN_PASSWORD}}
+
+      - name: Sign checksums and create public key for release assets
+        run: |
+          cosign sign-blob --key env://COSIGN_PRIVATE_KEY dist/argo-rollouts-checksums.txt > dist/argo-rollouts-checksums.sig
+          cosign public-key --key env://COSIGN_PRIVATE_KEY > ./dist/argo-rollouts-cosign.pub
+          # Displays the public key to share.
+          cosign public-key --key env://COSIGN_PRIVATE_KEY
+        env:
+          COSIGN_PRIVATE_KEY: ${{secrets.COSIGN_PRIVATE_KEY}}
+          COSIGN_PASSWORD: ${{secrets.COSIGN_PASSWORD}}
+
       - name: Draft release
         uses: softprops/action-gh-release@v1
         with:
@@ -161,6 +195,8 @@ jobs:
             dist/kubectl-argo-rollouts-darwin-arm64
             dist/kubectl-argo-rollouts-windows-amd64
             dist/argo-rollouts-checksums.txt
+            dist/argo-rollouts-checksums.sig
+            dist/argo-rollouts-cosign.pub
             manifests/dashboard-install.yaml
             manifests/install.yaml
             manifests/namespace-install.yaml

Makefile

@@ -23,6 +23,7 @@ E2E_INSTANCE_ID ?= argo-rollouts-e2e
 E2E_TEST_OPTIONS ?= 
 E2E_PARALLEL ?= 1
 E2E_WAIT_TIMEOUT ?= 120
+GOPATH ?= $(shell go env GOPATH)
 
 override LDFLAGS += \
   -X ${PACKAGE}/utils/version.version=${VERSION} \
@@ -111,6 +112,8 @@ k8s-proto: go-mod-vendor $(TYPES)
 		--proto-import $(CURDIR)/vendor \
 		--proto-import=${DIST_DIR}/protoc-include
 	touch pkg/apis/rollouts/v1alpha1/generated.proto
+	cp -R ${GOPATH}/src/github.com/argoproj/argo-rollouts/pkg . | true
+
 
 # generates *.pb.go, *.pb.gw.go, swagger from .proto files
 .PHONY: api-proto

USERS.md

@@ -14,6 +14,7 @@ Organizations below are **officially** using Argo Rollouts. Please send a PR wit
 1. [Devtron Labs](https://github.com/devtron-labs/devtron)
 1. [Farfetch](https://www.farfetch.com/)
 1. [Flipkart](https://flipkart.com)
+1. [GetYourGuide](https://www.getyourguide.com)
 1. [Gllue](https://gllue.com)
 1. [Ibotta](https://home.ibotta.com/)
 1. [Intuit](https://www.intuit.com/)

docs/features/ephemeral-metadata.md

@@ -53,6 +53,6 @@ and annotations under `stableMetadata`/`activeMetadata`. The Pods of the Replica
 updated _in place_ to use the stable metadata (without recreating the pods).
 
 !!! important
-In order for tooling to take advantage of this feature, they would need to recognize the change in
-labels and/or annotations that happen _after_ the Pod has already started. Not all tools may detect
-this.
+    In order for tooling to take advantage of this feature, they would need to recognize the change in
+    labels and/or annotations that happen _after_ the Pod has already started. Not all tools may detect
+    this.

docs/features/traffic-management/alb.md

@@ -343,7 +343,7 @@ The Rollout status object holds the value of who is currently the stable ping or
 And this way allows the rollout to use pod readiness gate injection as the
 services are not changing their labels at the end of the rollout progress.
 
-!!!important
+!!! important
 
     Ping-Pong feature available since Argo Rollouts v1.2
 

docs/installation.md

@@ -86,3 +86,12 @@ You can run it like any other Docker image or use it in any CI platform that sup
 docker run quay.io/argoproj/kubectl-argo-rollouts:master version
 ```
 
+## Supported versions
+
+At any point in time the officially supported version of Argo Rollouts is the latest released one, on Kubernetes versions N and N-1 (as supported by the Kubernetes project itself).
+
+For example if the latest minor version of Argo Rollouts is 1.2.1 and supported Kubernetes versions are 1.24, 1.23 and 1.22 then the following combinations are supported:
+
+* Argo Rollouts 1.2.1 on Kubernetes 1.24
+* Argo Rollouts 1.2.1 on Kubernetes 1.23
+

pkg/kubectl-argo-rollouts/cmd/dashboard/dashboard.go

@@ -10,6 +10,7 @@ import (
 
 func NewCmdDashboard(o *options.ArgoRolloutsOptions) *cobra.Command {
 	var rootPath string
+	var port int
 	var cmd = &cobra.Command{
 		Use:   "dashboard",
 		Short: "Start UI dashboard",
@@ -30,12 +31,13 @@ func NewCmdDashboard(o *options.ArgoRolloutsOptions) *cobra.Command {
 				ctx := context.Background()
 				ctx, cancel := context.WithCancel(ctx)
 				argorollouts := server.NewServer(opts)
-				argorollouts.Run(ctx, 3100, true)
+				argorollouts.Run(ctx, port, true)
 				cancel()
 			}
 		},
 	}
 	cmd.Flags().StringVar(&rootPath, "root-path", "rollouts", "changes the root path of the dashboard")
+	cmd.Flags().IntVarP(&port, "port", "p", 3100, "port to listen on")
 
 	return cmd
 }

ui/package.json

@@ -6,7 +6,7 @@
         "argo-ui": "git+https://github.com/argoproj/argo-ui.git",
         "classnames": "2.2.6",
         "isomorphic-fetch": "^3.0.0",
-        "moment": "^2.29.1",
+        "moment": "^2.29.4",
         "moment-timezone": "^0.5.33",
         "portable-fetch": "^3.0.0",
         "react": "^17.0.1",

ui/src/app/components/pods/pods.tsx

@@ -115,7 +115,7 @@ export const ReplicaSet = (props: {rs: RolloutReplicaSetInfo; showRevision?: boo
                         <div style={{marginLeft: 'auto'}}>
                             <Ticker>
                                 {(now) => {
-                                    const time = moment(props.rs.scaleDownDeadline).diff(now, 'second');
+                                    const time = moment(props.rs.scaleDownDeadline).diff(now.toDate(), 'second');
                                     return time <= 0 ? null : (
                                         <Tooltip
                                             content={

ui/yarn.lock

@@ -6530,6 +6530,14 @@ isobject@^3.0.0, isobject@^3.0.1:
   resolved "https://registry.yarnpkg.com/isobject/-/isobject-3.0.1.tgz#4e431e92b11a9731636aa1f9c8d1ccbcfdab78df"
   integrity sha1-TkMekrEalzFjaqH5yNHMvP2reN8=
 
+isomorphic-fetch@^3.0.0:
+  version "3.0.0"
+  resolved "https://registry.yarnpkg.com/isomorphic-fetch/-/isomorphic-fetch-3.0.0.tgz#0267b005049046d2421207215d45d6a262b8b8b4"
+  integrity sha512-qvUtwJ3j6qwsF3jLxkZ72qCgjMysPzDfeV240JHiGZsANBYd+EEuu35v7dfrJ9Up0Ak07D7GGSkGhCHTqg/5wA==
+  dependencies:
+    node-fetch "^2.6.1"
+    whatwg-fetch "^3.4.1"
+
 isstream@~0.1.2:
   version "0.1.2"
   resolved "https://registry.yarnpkg.com/isstream/-/isstream-0.1.2.tgz#47e63f7af55afa6f92e1500e690eb8b8529c099a"
@@ -7710,11 +7718,16 @@ moment-timezone@^0.5.33:
   dependencies:
     moment ">= 2.9.0"
 
-"moment@>= 2.9.0", moment@^2.20.1, moment@^2.29.1:
+"moment@>= 2.9.0", moment@^2.20.1:
   version "2.29.1"
   resolved "https://registry.yarnpkg.com/moment/-/moment-2.29.1.tgz#b2be769fa31940be9eeea6469c075e35006fa3d3"
   integrity sha512-kHmoybcPV8Sqy59DwNDY3Jefr64lK/by/da0ViFcuA4DH0vQg5Q6Ze5VimxkfQNSC+Mls/Kx53s7TjP1RhFEDQ==
 
+moment@^2.29.4:
+  version "2.29.4"
+  resolved "https://registry.yarnpkg.com/moment/-/moment-2.29.4.tgz#3dbe052889fe7c1b2ed966fcb3a77328964ef108"
+  integrity sha512-5LC9SOxjSc2HF6vO2CyuTDNivEdoz2IvyJJGj6X8DJ0eFyfszE0QiEd+iXmBvUP3WHxSjFH/vIsA0EN00cgr8w==
+
 move-concurrently@^1.0.1:
   version "1.0.1"
   resolved "https://registry.yarnpkg.com/move-concurrently/-/move-concurrently-1.0.1.tgz#be2c005fda32e0b29af1f05d7c4b33214c701f92"
@@ -7835,6 +7848,13 @@ node-fetch@^1.0.1:
     encoding "^0.1.11"
     is-stream "^1.0.1"
 
+node-fetch@^2.6.1:
+  version "2.6.7"
+  resolved "https://registry.yarnpkg.com/node-fetch/-/node-fetch-2.6.7.tgz#24de9fba827e3b4ae44dc8b20256a379160052ad"
+  integrity sha512-ZjMPFEfVx5j+y2yF35Kzx5sF7kDzxuDj6ziH4FFbOp87zKDZNx8yExJIb05OGF4Nlt9IHFIMBkRl41VdvcNdbQ==
+  dependencies:
+    whatwg-url "^5.0.0"
+
 node-forge@^0.10.0:
   version "0.10.0"
   resolved "https://registry.yarnpkg.com/node-forge/-/node-forge-0.10.0.tgz#32dea2afb3e9926f02ee5ce8794902691a676bf3"
@@ -11342,6 +11362,11 @@ tr46@^2.0.2:
   dependencies:
     punycode "^2.1.1"
 
+tr46@~0.0.3:
+  version "0.0.3"
+  resolved "https://registry.yarnpkg.com/tr46/-/tr46-0.0.3.tgz#8184fd347dac9cdc185992f3a6622e14b9d9ab6a"
+  integrity sha512-N3WMsuqV66lT30CrXNbEjx4GEwlow3v6rr4mCcv6prnfwhS01rkgyFdjPNBYd9br7LpXV1+Emh01fHnq2Gdgrw==
+
 tryer@^1.0.1:
   version "1.0.1"
   resolved "https://registry.yarnpkg.com/tryer/-/tryer-1.0.1.tgz#f2c85406800b9b0f74c9f7465b81eaad241252f8"
@@ -11801,6 +11826,11 @@ web-vitals@^1.0.1:
   resolved "https://registry.yarnpkg.com/web-vitals/-/web-vitals-1.1.2.tgz#06535308168986096239aa84716e68b4c6ae6d1c"
   integrity sha512-PFMKIY+bRSXlMxVAQ+m2aw9c/ioUYfDgrYot0YUa+/xa0sakubWhSDyxAKwzymvXVdF4CZI71g06W+mqhzu6ig==
 
+webidl-conversions@^3.0.0:
+  version "3.0.1"
+  resolved "https://registry.yarnpkg.com/webidl-conversions/-/webidl-conversions-3.0.1.tgz#24534275e2a7bc6be7bc86611cc16ae0a5654871"
+  integrity sha512-2JAn3z8AR6rjK8Sm8orRC0h/bcl/DqL7tRPdGZ4I1CjdF+EaMLmYxBHyXuKL849eucPFhvBoxMsflfOb8kxaeQ==
+
 webidl-conversions@^5.0.0:
   version "5.0.0"
   resolved "https://registry.yarnpkg.com/webidl-conversions/-/webidl-conversions-5.0.0.tgz#ae59c8a00b121543a2acc65c0434f57b0fc11aff"
@@ -12028,6 +12058,14 @@ whatwg-mimetype@^2.3.0:
   resolved "https://registry.yarnpkg.com/whatwg-mimetype/-/whatwg-mimetype-2.3.0.tgz#3d4b1e0312d2079879f826aff18dbeeca5960fbf"
   integrity sha512-M4yMwr6mAnQz76TbJm914+gPpB/nCwvZbJU28cUD6dR004SAxDLOOSUaB1JDRqLtaOV/vi0IC5lEAGFgrjGv/g==
 
+whatwg-url@^5.0.0:
+  version "5.0.0"
+  resolved "https://registry.yarnpkg.com/whatwg-url/-/whatwg-url-5.0.0.tgz#966454e8765462e37644d3626f6742ce8b70965d"
+  integrity sha512-saE57nupxk6v3HY35+jzBwYa0rKSy0XR8JSxZPwgLr7ys0IBzhGviA1/TUGJLmSVqs8pb9AnvICXEuOHLprYTw==
+  dependencies:
+    tr46 "~0.0.3"
+    webidl-conversions "^3.0.0"
+
 whatwg-url@^8.0.0, whatwg-url@^8.5.0:
   version "8.5.0"
   resolved "https://registry.yarnpkg.com/whatwg-url/-/whatwg-url-8.5.0.tgz#7752b8464fc0903fec89aa9846fc9efe07351fd3"
@@ -12381,4 +12419,4 @@ yargs@^15.4.1:
 yocto-queue@^0.1.0:
   version "0.1.0"
   resolved "https://registry.yarnpkg.com/yocto-queue/-/yocto-queue-0.1.0.tgz#0294eb3dee05028d31ee1a5fa2c556a6aaf10a1b"
-  integrity sha512-rVksvsnNCdJ/ohGc6xgPwyN8eheCxsiLM8mxuE/t/mOVqJewPuO1miLpTHQiRgTKCLexL4MeAFVagts7HmNZ2Q==
+  integrity sha512-rVksvsnNCdJ/ohGc6xgPwyN8eheCxsiLM8mxuE/t/mOVqJewPuO1miLpTHQiRgTKCLexL4MeAFVagts7HmNZ2Q==

utils/template/template.go

@@ -17,6 +17,7 @@ const (
 	openBracket               = "{{"
 	closeBracket              = "}}"
 	experimentPodTemplateHash = "templates.%s.podTemplateHash"
+	experimentReplicasetName  = "templates.%s.replicaset.name"
 	experimentAvailableAt     = "experiment.availableAt"
 	experimentEndsAt          = "experiment.finishedAt"
 )
@@ -41,6 +42,7 @@ func ResolveExperimentArgsValue(argTemplate string, ex *v1alpha1.Experiment, tem
 	for _, template := range ex.Spec.Templates {
 		if rs, ok := templateRSs[template.Name]; ok {
 			argsMap[fmt.Sprintf(experimentPodTemplateHash, template.Name)] = rs.Labels[v1alpha1.DefaultRolloutUniqueLabelKey]
+			argsMap[fmt.Sprintf(experimentReplicasetName, template.Name)] = rs.Name
 		}
 	}
 	return resolve(t, argsMap)