Skip to content

Commit

Permalink
Cr 19893 sync 1.7.3 (#297)
Browse files Browse the repository at this point in the history
* chore(deps): bump github.com/nats-io/nats.go from 1.16.0 to 1.17.0 (argoproj#2197)

Bumps [github.com/nats-io/nats.go](https://github.com/nats-io/nats.go) from 1.16.0 to 1.17.0.
- [Release notes](https://github.com/nats-io/nats.go/releases)
- [Commits](nats-io/nats.go@v1.16.0...v1.17.0)

Signed-off-by: Derek Wang <[email protected]>

---
updated-dependencies:
- dependency-name: github.com/nats-io/nats.go
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* fix: Emissary executor reads and writes to WorkflowTaskResults, not Pods (argoproj#2189)

Signed-off-by: Julie Vogelman <[email protected]>

Signed-off-by: Julie Vogelman <[email protected]>

* fix filter for github sensor example (argoproj#2188)

Signed-off-by: Matthieu Simon <[email protected]>

Signed-off-by: Matthieu Simon <[email protected]>

* chore: enable jetstream 2.9 (argoproj#2205)

Signed-off-by: Derek Wang <[email protected]>

* chore: fix examples to drop deprecated fields (argoproj#2204)

Signed-off-by: Derek Wang <[email protected]>

* chore(deps): bump github.com/aws/aws-sdk-go from 1.44.81 to 1.44.105 (argoproj#2208)

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps): bump google.golang.org/api from 0.93.0 to 0.97.0 (argoproj#2211)

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps): bump actions/stale from 5 to 6 (argoproj#2213)

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* feat: Kafka es discontinues processing if eb publishing fails (argoproj#2214)

Signed-off-by: Derek Wang <[email protected]>

* Make port configurable in webhook, default is set to 443 (argoproj#2215)

Signed-off-by: Nir Shtein <[email protected]>

* chore: enable argo v3.4 and nats 2.9.1 (argoproj#2216)

Signed-off-by: Derek Wang <[email protected]>

* Update manifests to v1.7.3

Signed-off-by: Derek Wang <[email protected]>

* update versions

* fix compile errors

* use quay.io/denis_codefresh/argo-events

* Revert "use quay.io/denis_codefresh/argo-events"

This reverts commit 9fcb428.

* fix release

* change image across manifests

* quay.io/denis_codefresh/argo-events

* Revert "quay.io/denis_codefresh/argo-events"

This reverts commit 624f792.

---------

Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: Julie Vogelman <[email protected]>
Signed-off-by: Matthieu Simon <[email protected]>
Signed-off-by: Derek Wang <[email protected]>
Signed-off-by: Nir Shtein <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Julie Vogelman <[email protected]>
Co-authored-by: Matthieu Simon <[email protected]>
Co-authored-by: Derek Wang <[email protected]>
Co-authored-by: Nir Shtein <[email protected]>
  • Loading branch information
6 people authored Aug 28, 2023
1 parent 06ebc56 commit 12293bc
Show file tree
Hide file tree
Showing 122 changed files with 907 additions and 955 deletions.
12 changes: 6 additions & 6 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -104,7 +104,7 @@ jobs:
- env:
VERSION: ${{ steps.version.outputs.VERSION }}
run:
bom generate --scan-images=false --image quay.io/${{ secrets.QUAYIO_ORG }}/argo-events:$VERSION -o dist/argo-events.spdx
bom generate --scan-images=false --image quay.io/${{ secrets.QUAYIO_ORG }}/argo-events:$VERSION -o /tmp/argo-events.spdx
# pack the boms into one file to make it easy to download
- run: tar -zcf sbom.tar.gz dist/*.spdx
- uses: actions/upload-artifact@v3
Expand All @@ -116,7 +116,7 @@ jobs:
runs-on: ubuntu-latest
needs: [ build-push-linux-multi, bom ]
permissions:
contents: read
contents: write
id-token: write # Needed to create an OIDC token for keyless signing
steps:
- name: Download binaries
Expand All @@ -127,7 +127,7 @@ jobs:
- uses: actions/download-artifact@v3
with:
name: sbom.tar.gz
path: dist/
path: /tmp

- name: Registry Login
uses: docker/login-action@v2
Expand Down Expand Up @@ -157,7 +157,7 @@ jobs:
run: |
cosign sign -y quay.io/${{ secrets.QUAYIO_ORG }}/argo-events@$IMAGE_DIGEST
cosign sign-blob -y ./dist/argo-events-checksums.txt > ./dist/argo-events-checksums.sig
cosign sign-blob -y ./dist/sbom.tar.gz > ./dist/sbom.tar.gz.sig
cosign sign-blob -y /tmp/sbom.tar.gz > /tmp/sbom.tar.gz.sig
- name: Release binaries
uses: softprops/action-gh-release@v1
Expand All @@ -168,7 +168,7 @@ jobs:
dist/argo-events-checksums.txt
dist/argo-events-checksums.sig
manifests/*.yaml
dist/sbom.tar.gz
dist/sbom.tar.gz.sig
/tmp/sbom.tar.gz
/tmp/sbom.tar.gz.sig
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
2 changes: 1 addition & 1 deletion .github/workflows/stale.yml
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ jobs:
stale:
runs-on: 'ubuntu-latest'
steps:
- uses: 'actions/stale@v5'
- uses: 'actions/stale@v6'
with:
stale-issue-message: |-
This issue has been automatically marked as stale because it has not had
Expand Down
2 changes: 1 addition & 1 deletion Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ RUN apk update && apk upgrade && \
apk add ca-certificates && \
apk --no-cache add tzdata

ENV ARGO_VERSION=v3.3.2
ENV ARGO_VERSION=v3.4.0

RUN wget -q https://github.com/argoproj/argo-workflows/releases/download/${ARGO_VERSION}/argo-linux-${ARCH}.gz
RUN gunzip -f argo-linux-${ARCH}.gz
Expand Down
4 changes: 2 additions & 2 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -16,8 +16,8 @@ EXECUTABLES = curl docker gzip go
# docker image publishing options
DOCKER_PUSH?=false
IMAGE_NAMESPACE?=quay.io/argoproj
VERSION?=v1.7.2-cap-CR-14600
BASE_VERSION:=v1.7.2-cap-CR-14600
VERSION?=v1.7.3-cap-CR-19893
BASE_VERSION:=v1.7.3-cap-CR-19893

override LDFLAGS += \
-X ${PACKAGE}.version=${VERSION} \
Expand Down
2 changes: 1 addition & 1 deletion api/openapi-spec/swagger.json

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion codefresh/codefresh.go
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ const (
cfAuthSecretKey = "token"
)

var withRetry = common.Connect // alias
var withRetry = common.DoWithRetry // alias

var eventTypesToReportWhitelist = map[apicommon.EventSourceType]bool{
apicommon.GithubEvent: true,
Expand Down
4 changes: 2 additions & 2 deletions common/common.go
Original file line number Diff line number Diff line change
Expand Up @@ -17,9 +17,9 @@ limitations under the License.
package common

import (
"fmt"
"reflect"

"github.com/pkg/errors"
corev1 "k8s.io/api/core/v1"
)

Expand Down Expand Up @@ -110,7 +110,7 @@ const (
)

var (
ErrNilEventSource = errors.New("event source can't be nil")
ErrNilEventSource = fmt.Errorf("event source can't be nil")
)

// Miscellaneous Labels
Expand Down
8 changes: 4 additions & 4 deletions common/leaderelection/leaderelection.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,11 +3,11 @@ package leaderelection
import (
"context"
"crypto/tls"
"fmt"

"github.com/fsnotify/fsnotify"
"github.com/nats-io/graft"
nats "github.com/nats-io/nats.go"
"github.com/pkg/errors"
"github.com/spf13/viper"
"go.uber.org/zap"

Expand Down Expand Up @@ -40,7 +40,7 @@ func NewEventBusElector(ctx context.Context, eventBusConfig eventbusv1alpha1.Bus
eventBusType = apicommon.EventBusJetStream
eventBusAuth = &eventbusv1alpha1.AuthStrategyBasic
default:
return nil, errors.New("invalid event bus")
return nil, fmt.Errorf("invalid event bus")
}

var auth *eventbuscommon.Auth
Expand All @@ -56,7 +56,7 @@ func NewEventBusElector(ctx context.Context, eventBusConfig eventbusv1alpha1.Bus
v.AddConfigPath(common.EventBusAuthFileMountPath)
err := v.ReadInConfig()
if err != nil {
return nil, errors.Errorf("failed to load auth.yaml. err: %+v", err)
return nil, fmt.Errorf("failed to load auth.yaml. err: %w", err)
}
err = v.Unmarshal(cred)
if err != nil {
Expand Down Expand Up @@ -91,7 +91,7 @@ func NewEventBusElector(ctx context.Context, eventBusConfig eventbusv1alpha1.Bus
auth: auth,
}
default:
return nil, errors.New("invalid eventbus type")
return nil, fmt.Errorf("invalid eventbus type")
}
return elector, nil
}
Expand Down
5 changes: 2 additions & 3 deletions common/retry.go
Original file line number Diff line number Diff line change
Expand Up @@ -94,7 +94,7 @@ func Convert2WaitBackoff(backoff *apicommon.Backoff) (*wait.Backoff, error) {
return &result, nil
}

func Connect(backoff *apicommon.Backoff, conn func() error) error {
func DoWithRetry(backoff *apicommon.Backoff, f func() error) error {
if backoff == nil {
backoff = &DefaultBackoff
}
Expand All @@ -103,8 +103,7 @@ func Connect(backoff *apicommon.Backoff, conn func() error) error {
return fmt.Errorf("invalid backoff configuration, %w", err)
}
_ = wait.ExponentialBackoff(*b, func() (bool, error) {
if err = conn(); err != nil {
// return "false, err" will cover waitErr
if err = f(); err != nil {
return false, nil
}
return true, nil
Expand Down
10 changes: 5 additions & 5 deletions common/retry_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -43,13 +43,13 @@ func TestRetryableKubeAPIError(t *testing.T) {
}

func TestConnect(t *testing.T) {
err := Connect(nil, func() error {
err := DoWithRetry(nil, func() error {
return fmt.Errorf("new error")
})
assert.NotNil(t, err)
assert.True(t, strings.Contains(err.Error(), "new error"))

err = Connect(nil, func() error {
err = DoWithRetry(nil, func() error {
return nil
})
assert.Nil(t, err)
Expand All @@ -58,7 +58,7 @@ func TestConnect(t *testing.T) {
func TestConnectDurationString(t *testing.T) {
start := time.Now()
count := 2
err := Connect(nil, func() error {
err := DoWithRetry(nil, func() error {
if count == 0 {
return nil
} else {
Expand All @@ -85,7 +85,7 @@ func TestConnectRetry(t *testing.T) {
}
count := 2
start := time.Now()
err := Connect(&backoff, func() error {
err := DoWithRetry(&backoff, func() error {
if count == 0 {
return nil
} else {
Expand All @@ -110,7 +110,7 @@ func TestRetryFailure(t *testing.T) {
Jitter: &jitter,
Steps: 2,
}
err := Connect(&backoff, func() error {
err := DoWithRetry(&backoff, func() error {
return fmt.Errorf("this is an error")
})
assert.NotNil(t, err)
Expand Down
17 changes: 8 additions & 9 deletions common/tls/tls.go
Original file line number Diff line number Diff line change
Expand Up @@ -6,17 +6,16 @@ import (
"crypto/x509"
"crypto/x509/pkix"
"encoding/pem"
"fmt"
"math/big"
"time"

"github.com/pkg/errors"
)

func certTemplate(org string, hosts []string, notAfter time.Time) (*x509.Certificate, error) {
serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128)
serialNumber, err := rand.Int(rand.Reader, serialNumberLimit)
if err != nil {
return nil, errors.Wrap(err, "failed to generate serial number")
return nil, fmt.Errorf("failed to generate serial number, %w", err)
}
return &x509.Certificate{
SerialNumber: serialNumber,
Expand Down Expand Up @@ -61,17 +60,17 @@ func createCert(template, parent *x509.Certificate, pub, parentPriv interface{})
func createCA(org string, hosts []string, notAfter time.Time) (*rsa.PrivateKey, *x509.Certificate, []byte, error) {
rootKey, err := rsa.GenerateKey(rand.Reader, 2048)
if err != nil {
return nil, nil, nil, errors.Wrap(err, "failed to generate random key")
return nil, nil, nil, fmt.Errorf("failed to generate random key, %w", err)
}

rootCertTmpl, err := createCACertTemplate(org, hosts, notAfter)
if err != nil {
return nil, nil, nil, errors.Wrap(err, "failed to generate CA cert")
return nil, nil, nil, fmt.Errorf("failed to generate CA cert, %w", err)
}

rootCert, rootCertPEM, err := createCert(rootCertTmpl, rootCertTmpl, &rootKey.PublicKey, rootKey)
if err != nil {
return nil, nil, nil, errors.Wrap(err, "failed to sign CA cert")
return nil, nil, nil, fmt.Errorf("failed to sign CA cert, %w", err)
}
return rootKey, rootCert, rootCertPEM, nil
}
Expand All @@ -82,7 +81,7 @@ func createCA(org string, hosts []string, notAfter time.Time) (*rsa.PrivateKey,
// can generate for both server and client but at least one must be specified
func CreateCerts(org string, hosts []string, notAfter time.Time, server bool, client bool) (serverKey, serverCert, caCert []byte, err error) {
if !server && !client {
return nil, nil, nil, errors.Wrap(err, "CreateCerts() must specify either server or client")
return nil, nil, nil, fmt.Errorf("CreateCerts() must specify either server or client")
}

// Create a CA certificate and private key
Expand All @@ -94,7 +93,7 @@ func CreateCerts(org string, hosts []string, notAfter time.Time, server bool, cl
// Create the private key
privateKey, err := rsa.GenerateKey(rand.Reader, 2048)
if err != nil {
return nil, nil, nil, errors.Wrap(err, "failed to generate random key")
return nil, nil, nil, fmt.Errorf("failed to generate random key, %w", err)
}
var cert *x509.Certificate

Expand All @@ -113,7 +112,7 @@ func CreateCerts(org string, hosts []string, notAfter time.Time, server bool, cl
// create a certificate wrapping the public key, sign it with the CA private key
_, certPEM, err := createCert(cert, caCertificate, &privateKey.PublicKey, caKey)
if err != nil {
return nil, nil, nil, errors.Wrap(err, "failed to sign server cert")
return nil, nil, nil, fmt.Errorf("failed to sign server cert, %w", err)
}
privateKeyPEM := pem.EncodeToMemory(&pem.Block{
Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(privateKey),
Expand Down
8 changes: 4 additions & 4 deletions common/tls/tls_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,10 +3,10 @@ package tls
import (
"crypto/x509"
"encoding/pem"
"fmt"
"testing"
"time"

"github.com/pkg/errors"
"github.com/stretchr/testify/assert"
)

Expand Down Expand Up @@ -35,14 +35,14 @@ func validCertificate(cert []byte, t *testing.T) (*x509.Certificate, error) {
const certificate = "CERTIFICATE"
caCert, _ := pem.Decode(cert)
if caCert.Type != certificate {
return nil, errors.Errorf("CERT type mismatch, got %s, want: %s", caCert.Type, certificate)
return nil, fmt.Errorf("CERT type mismatch, got %s, want: %s", caCert.Type, certificate)
}
parsedCert, err := x509.ParseCertificate(caCert.Bytes)
if err != nil {
return nil, errors.Wrap(err, "failed to parse cert")
return nil, fmt.Errorf("failed to parse cert, %w", err)
}
if parsedCert.SignatureAlgorithm != x509.SHA256WithRSA {
return nil, errors.Errorf("signature not match. Got: %s, want: %s", parsedCert.SignatureAlgorithm, x509.SHA256WithRSA)
return nil, fmt.Errorf("signature not match. Got: %s, want: %s", parsedCert.SignatureAlgorithm, x509.SHA256WithRSA)
}
return parsedCert, nil
}
20 changes: 10 additions & 10 deletions common/util.go
Original file line number Diff line number Diff line change
Expand Up @@ -132,7 +132,7 @@ func GetSecretValue(ctx context.Context, client kubernetes.Interface, namespace
}
val, ok := secret.Data[selector.Key]
if !ok {
return "", errors.Errorf("secret '%s' does not have the key '%s'", selector.Name, selector.Key)
return "", fmt.Errorf("secret '%s' does not have the key '%s'", selector.Name, selector.Key)
}
return string(val), nil
}
Expand Down Expand Up @@ -164,7 +164,7 @@ func GetSecretFromVolume(selector *v1.SecretKeySelector) (string, error) {
}
data, err := os.ReadFile(filePath)
if err != nil {
return "", errors.Wrapf(err, "failed to get secret value of name: %s, key: %s", selector.Name, selector.Key)
return "", fmt.Errorf("failed to get secret value of name: %s, key: %s, %w", selector.Name, selector.Key, err)
}
// Secrets edited by tools like "vim" always have an extra invisible "\n" in the end,
// and it's often neglected, but it makes differences for some of the applications.
Expand All @@ -174,7 +174,7 @@ func GetSecretFromVolume(selector *v1.SecretKeySelector) (string, error) {
// GetSecretVolumePath returns the path of the mounted secret
func GetSecretVolumePath(selector *v1.SecretKeySelector) (string, error) {
if selector == nil {
return "", errors.New("secret key selector is nil")
return "", fmt.Errorf("secret key selector is nil")
}
return fmt.Sprintf("/argo-events/secrets/%s/%s", selector.Name, selector.Key), nil
}
Expand All @@ -188,7 +188,7 @@ func GetConfigMapFromVolume(selector *v1.ConfigMapKeySelector) (string, error) {
}
data, err := os.ReadFile(filePath)
if err != nil {
return "", errors.Wrapf(err, "failed to get configMap value of name: %s, key: %s", selector.Name, selector.Key)
return "", fmt.Errorf("failed to get configMap value of name: %s, key: %s, %w", selector.Name, selector.Key, err)
}
// Contents edied by tools like "vim" always have an extra invisible "\n" in the end,
// and it's often negleted, but it makes differences for some of the applications.
Expand All @@ -198,7 +198,7 @@ func GetConfigMapFromVolume(selector *v1.ConfigMapKeySelector) (string, error) {
// GetConfigMapVolumePath returns the path of the mounted configmap
func GetConfigMapVolumePath(selector *v1.ConfigMapKeySelector) (string, error) {
if selector == nil {
return "", errors.New("configmap key selector is nil")
return "", fmt.Errorf("configmap key selector is nil")
}
return fmt.Sprintf("/argo-events/config/%s/%s", selector.Name, selector.Key), nil
}
Expand Down Expand Up @@ -236,7 +236,7 @@ func GenerateEnvFromConfigMapSpec(selector *v1.ConfigMapKeySelector) v1.EnvFromS
// GetTLSConfig returns a tls configuration for given cert and key or skips the certs if InsecureSkipVerify is true.
func GetTLSConfig(config *apicommon.TLSConfig) (*tls.Config, error) {
if config == nil {
return nil, errors.New("TLSConfig is nil")
return nil, fmt.Errorf("TLSConfig is nil")
}

if config.InsecureSkipVerify {
Expand Down Expand Up @@ -272,19 +272,19 @@ func GetTLSConfig(config *apicommon.TLSConfig) (*tls.Config, error) {

if len(caCertPath)+len(clientCertPath)+len(clientKeyPath) == 0 {
// None of 3 is configured
return nil, errors.New("invalid tls config, neither of caCertSecret, clientCertSecret and clientKeySecret is configured")
return nil, fmt.Errorf("invalid tls config, neither of caCertSecret, clientCertSecret and clientKeySecret is configured")
}

if len(clientCertPath)+len(clientKeyPath) > 0 && len(clientCertPath)*len(clientKeyPath) == 0 {
// Only one of clientCertSecret and clientKeySecret is configured
return nil, errors.New("invalid tls config, both of clientCertSecret and clientKeySecret need to be configured")
return nil, fmt.Errorf("invalid tls config, both of clientCertSecret and clientKeySecret need to be configured")
}

c := &tls.Config{}
if len(caCertPath) > 0 {
caCert, err := os.ReadFile(caCertPath)
if err != nil {
return nil, errors.Wrapf(err, "failed to read ca cert file %s", caCertPath)
return nil, fmt.Errorf("failed to read ca cert file %s, %w", caCertPath, err)
}
pool := x509.NewCertPool()
pool.AppendCertsFromPEM(caCert)
Expand All @@ -294,7 +294,7 @@ func GetTLSConfig(config *apicommon.TLSConfig) (*tls.Config, error) {
if len(clientCertPath) > 0 && len(clientKeyPath) > 0 {
clientCert, err := tls.LoadX509KeyPair(clientCertPath, clientKeyPath)
if err != nil {
return nil, errors.Wrapf(err, "failed to load client cert key pair %s", caCertPath)
return nil, fmt.Errorf("failed to load client cert key pair %s, %w", caCertPath, err)
}
c.Certificates = []tls.Certificate{clientCert}
}
Expand Down
Loading

0 comments on commit 12293bc

Please sign in to comment.