fix: Correctly verify signatures when targetRevision is a branch name (cherry-pick #14214) #14237
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* chore: sign container images by digest Signed-off-by: Justin Marquis <34fathombelow@protonmail.com> * use sha hash Signed-off-by: Justin Marquis <34fathombelow@protonmail.com> Signed-off-by: Justin Marquis <34fathombelow@protonmail.com>
Signed-off-by: Yixing Yan <yixingyan@gmail.com> Signed-off-by: Yixing Yan <yixingyan@gmail.com>
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3.4.0 to 3.5.0. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](actions/setup-go@d0a58c1...6edd440) Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
It's unclear if all or any of the labels need to exist. This clarifies that all of the labels must exist. Signed-off-by: Nicholas Morey <nicholas@morey.tech> Signed-off-by: Nicholas Morey <nicholas@morey.tech>
…1753) * fix: ssa e2e test failing after updating to kubectl 1.26 Signed-off-by: Leonardo Luz Almeida <leonardo_almeida@intuit.com> * Remove pinned kubectl version Signed-off-by: Leonardo Luz Almeida <leonardo_almeida@intuit.com> * Cleaner approach to fix e2e test Signed-off-by: Leonardo Luz Almeida <leonardo_almeida@intuit.com> * Fix Signed-off-by: Leonardo Luz Almeida <leonardo_almeida@intuit.com> Signed-off-by: Leonardo Luz Almeida <leonardo_almeida@intuit.com>
The latest tag hasn't been updated in almost a year, and as a result, the ubuntu repositories are out of date and are throwing errors. This updates the example to use a fixed version, which are updated much more frequently. Signed-off-by: Phil Wright- Christie <philwc@gmail.com> Signed-off-by: Phil Wright- Christie <philwc@gmail.com> Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Signed-off-by: toyamagu2021@gmail.com <toyamagu2021@gmail.com> Signed-off-by: toyamagu2021@gmail.com <toyamagu2021@gmail.com>
Signed-off-by: ishitasequeira <ishiseq29@gmail.com> Signed-off-by: ishitasequeira <ishiseq29@gmail.com>
…s-cm` (argoproj#11776) * fix(applicationset): use consistent syntax for env vars Signed-off-by: Nicholas Morey <nicholas@morey.tech> * fix(manifests): add new appset env var from configmap Signed-off-by: Nicholas Morey <nicholas@morey.tech> Signed-off-by: Nicholas Morey <nicholas@morey.tech>
Signed-off-by: toyamagu2021@gmail.com <toyamagu2021@gmail.com> Signed-off-by: toyamagu2021@gmail.com <toyamagu2021@gmail.com>
Clarify that it's possible to reference clusters by `cluster` or by `name`. Signed-off-by: Gaël Jourdan-Weil <gjourdanweil@gmail.com> Signed-off-by: Gaël Jourdan-Weil <gjourdanweil@gmail.com> Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
* chore: get image digest in seperate step Signed-off-by: Justin Marquis <34fathombelow@protonmail.com> * Retrigger CI pipeline Signed-off-by: Justin Marquis <34fathombelow@protonmail.com> Signed-off-by: Justin Marquis <34fathombelow@protonmail.com>
Signed-off-by: Justin Marquis <34fathombelow@protonmail.com> Signed-off-by: Justin Marquis <34fathombelow@protonmail.com>
…ple sources (argoproj#11756) (argoproj#11774) * set Path as '' if path is not specified for a source in multiple sources Signed-off-by: ishitasequeira <ishiseq29@gmail.com> * update check for not setting value of path Signed-off-by: ishitasequeira <ishiseq29@gmail.com> * cleanup Signed-off-by: ishitasequeira <ishiseq29@gmail.com> * address comments Signed-off-by: ishitasequeira <ishiseq29@gmail.com> * fix lint Signed-off-by: ishitasequeira <ishiseq29@gmail.com> * fix lint Signed-off-by: ishitasequeira <ishiseq29@gmail.com> * Update ui/src/app/shared/components/revision.tsx Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Signed-off-by: Ishita Sequeira <46771830+ishitasequeira@users.noreply.github.com> Signed-off-by: ishitasequeira <ishiseq29@gmail.com> Signed-off-by: Ishita Sequeira <46771830+ishitasequeira@users.noreply.github.com> Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
…1777) The bullet list in the example format was rendering inline in the paragraph on the doc site rather than showing a bulleted list. This also makes the rest of the doc follow the same convention. Signed-off-by: Chris Reilly <chris@chris-reilly.com> Signed-off-by: Chris Reilly <chris@chris-reilly.com> Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
…#11785) * disble rollback button for apps with multiple sources Signed-off-by: ishitasequeira <ishiseq29@gmail.com> * fix lint errors Signed-off-by: ishitasequeira <ishiseq29@gmail.com> * disble rollback button for apps with multiple sources Signed-off-by: ishitasequeira <ishiseq29@gmail.com> Signed-off-by: ishitasequeira <ishiseq29@gmail.com>
…#11400) * fix: web terminal outside argocd namespace (argoproj#11166) Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * reorganize Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * fix reference Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * move things around, fix stuff maybe Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * tests Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Bumps [actions/cache](https://github.com/actions/cache) from 3.0.11 to 3.2.0. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](actions/cache@9b0c1fc...c17f4bf) Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> --- updated-dependencies: - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…of "Progressing" (argoproj#11603) (argoproj#11626) * fix: add suspended condition Signed-off-by: ashutosh16 <11219262+ashutosh16@users.noreply.github.com> * fix: add suspended condition Signed-off-by: ashutosh16 <11219262+ashutosh16@users.noreply.github.com> * Update go.sum Signed-off-by: asingh <11219262+ashutosh16@users.noreply.github.com> * fix: add suspended condition Signed-off-by: ashutosh16 <11219262+ashutosh16@users.noreply.github.com> * fix: add suspended condition Signed-off-by: ashutosh16 <11219262+ashutosh16@users.noreply.github.com> * Update go.sum Signed-off-by: asingh <11219262+ashutosh16@users.noreply.github.com> * upgrade notes for 2.6 Signed-off-by: ashutosh16 <11219262+ashutosh16@users.noreply.github.com> Signed-off-by: ashutosh16 <11219262+ashutosh16@users.noreply.github.com> Signed-off-by: asingh <11219262+ashutosh16@users.noreply.github.com> Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Signed-off-by: Leonardo Luz Almeida <leonardo_almeida@intuit.com> Signed-off-by: Leonardo Luz Almeida <leonardo_almeida@intuit.com>
* docs: note risks of secret-injection plugins Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * grammar tweaks Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * grammar tweaks Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
…proj#11894) Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 3.0.1 to 3.0.2. - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](actions/download-artifact@9782bd6...9bc31d5) Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> --- updated-dependencies: - dependency-name: actions/download-artifact dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [actions/cache](https://github.com/actions/cache) from 3.2.0 to 3.2.2. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](actions/cache@c17f4bf...4723a57) Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> --- updated-dependencies: - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* fix: upgrade qs to avoid CVE-2022-24999 Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * don't explicitly add dependency Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
* docs: added deep links doc Signed-off-by: Soumya Ghosh Dastidar <gdsoumya@gmail.com> * refactor: resolved review comments Signed-off-by: Soumya Ghosh Dastidar <gdsoumya@gmail.com> * refactor: moved cmp and deep links doc to operator manual Signed-off-by: Soumya Ghosh Dastidar <gdsoumya@gmail.com> * feat: add warning for templates Signed-off-by: Soumya Ghosh Dastidar <gdsoumya@gmail.com> * feat: add note for secret data fields being redacted Signed-off-by: Soumya Ghosh Dastidar <gdsoumya@gmail.com> Signed-off-by: Soumya Ghosh Dastidar <gdsoumya@gmail.com>
…3779) The Helm section of the user guide is missing an example of using `source.helm.values`. Signed-off-by: Nicholas Morey <nicholas@morey.tech> Co-authored-by: Nicholas Morey <nicholas@morey.tech>
… (argoproj#13112) Signed-off-by: jannfis <jann@mistrust.net> Co-authored-by: jannfis <jann@mistrust.net>
Signed-off-by: michaelkot97 <michael.kot97@gmail.com> Co-authored-by: Michael Kotelnikov <36506417+michaelkotelnikov@users.noreply.github.com>
This test came with the previous cherry-pick, but should not be present for 2.5 - 2.7. Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com>
…ner registry (argoproj#13520) (argoproj#13791) ArgoCD docker images are being used from `quay.io` registry. Updated document to reflect that in the `bash` commands. Signed-off-by: Divyang Patel <divyang.jp@gmail.com> Co-authored-by: Divyang Patel <divyang.jp@gmail.com>
Signed-off-by: Samir-NT <133138781+Samir-NT@users.noreply.github.com> Co-authored-by: Samir-NT <133138781+Samir-NT@users.noreply.github.com>
…rgoproj#13687) (argoproj#13796) * fix: Stop using the deprecated url format for gitlab instances The legacy URLs format has been deprecated since february 2023 and now gitlab is make these urls invalid. Ref: https://docs.gitlab.com/ee/update/deprecations.html#legacy-urls-replaced-or-removed * docs: Add Urbantz to the list of organizations using argo-cd --------- (cherry picked from commit 5662367) Signed-off-by: Miguel Sacristán Izcue <miguel_tete17@hotmail.com>
…in CLI output (argoproj#13428) (argoproj#13809) * tests: ensure `InheritedCreds` is propagated via repo API endpoints * fix: ensure `InheritedCreds` is propagated via repo API endpoints * tests: add e2e test for `argocd repo get` with inherited credentials * fix(cli): prioritise value of `InheritedCreds` over `HasCredentials()` Since the API does not return sensitive information `HasCredentials()` will return false for all scenarios except when username/password is used as credentials. Given the current logic this means that the code will never even check `InheritedCreds` resulting in an output of `false` for `CREDS` column (in the case of inherited credentials). Note: There remains a bug in this code in that any repo that has explicit (sensitive) credentials (e.g. SSH private key) will still be displayed as `CREDS = false`. --------- Signed-off-by: OneMatchFox <878612+onematchfox@users.noreply.github.com>
…y-pick argoproj#13584) (argoproj#13823) * fix(appset): Post selector with Go templates in ApplicationSet (argoproj#13584) * fixes argoproj#12524 Signed-off-by: Lewis Marsden-Lambert <lewis.lambert@zserve.co.uk> * refactor keepOnlyStringLabels function into more generic map flattening function Signed-off-by: Lewis Marsden-Lambert <lewis.lambert@zserve.co.uk> * updated USERS.md Signed-off-by: Lewis Marsden-Lambert <lewis.marsden-lambert@smartpension.co.uk> * use flatten library to replace custom flatten function Signed-off-by: Lewis Marsden-Lambert <lewis.marsden-lambert@smartpension.co.uk> --------- Signed-off-by: Lewis Marsden-Lambert <lewis.lambert@zserve.co.uk> Signed-off-by: Lewis Marsden-Lambert <lewis.marsden-lambert@smartpension.co.uk> * fixed tests Signed-off-by: Lewis Marsden-Lambert <lewis.lambert@zserve.co.uk> --------- Signed-off-by: Lewis Marsden-Lambert <lewis.lambert@zserve.co.uk> Signed-off-by: Lewis Marsden-Lambert <lewis.marsden-lambert@smartpension.co.uk>
…oj#13841) Signed-off-by: Geoffrey Muselli <geoffrey.muselli@gmail.com> Co-authored-by: Geoffrey MUSELLI <geoffrey.muselli@gmail.com>
Signed-off-by: Geoffrey Muselli <geoffrey.muselli@gmail.com> Co-authored-by: Geoffrey MUSELLI <geoffrey.muselli@gmail.com>
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
…roj#14052) Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
…rgoproj#14055) * docs: add documentation for child elements of path When using go templating, the parent `{{ path }}` becomes `{{ .path.path }}, however, the other values are not at `{{ .path.path.* }}`, but at `{{ .path.* }}`. This documentation update seeks to make this easier to understand since we just ran into this. * Update docs/operator-manual/applicationset/GoTemplate.md --------- Signed-off-by: Morre <mmeyer@anaconda.com> Signed-off-by: Morre <morre@mor.re> Co-authored-by: Morre <morre@mor.re> Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
…argoproj#13978) (argoproj#13980) (argoproj#14062) Closes argoproj#13978. Signed-off-by: mugioka <okamugi0722@gmail.com> Co-authored-by: mugi <62197019+mugioka@users.noreply.github.com>
) (argoproj#14087) Signed-off-by: Jorge Turrado <jorge.turrado@scrm.lidl> Co-authored-by: Jorge Turrado Ferrero <Jorge_turrado@hotmail.es>
…oproj#13946) (argoproj#14085) * fix(cmp): discover plugins relative to app path (argoproj#13940) * securejoin * intuitive constant names * comments * add missing import --------- Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
…roj#14108) (argoproj#14113) (argoproj#14136) * fix: retain order of revisions for multi source apps (argoproj#14108) * fix: retain revision for multi source app with ref-repos * calculate commitSHA before quitting manifest generation --------- Signed-off-by: Lukas Wöhrl <lukas.woehrl@plentymarkets.com> Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Co-authored-by: Lukas Wöhrl <lukas@woehrl.net>
) (argoproj#14150) Signed-off-by: toyamagu2021@gmail.com <toyamagu2021@gmail.com> Co-authored-by: toyamagu <83329336+toyamagu-2021@users.noreply.github.com>
…erly detect a successful sync (argoproj#13926) (argoproj#14201) Signed-off-by: wmgroot <wmgroot@gmail.com> Co-authored-by: wmgroot <wmgroot@gmail.com>
…argoproj#14214) * fix: Correctly verify signatures when targetRevision is a branch name Signed-off-by: jannfis <jann@mistrust.net> * Add more e2e tests Signed-off-by: jannfis <jann@mistrust.net> * Fix a bug and add unit test Signed-off-by: jannfis <jann@mistrust.net> --------- Signed-off-by: jannfis <jann@mistrust.net>
|
Oops. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Cherry-picks #14214 into release-2.6
Note on DCO:
If the DCO action in the integration test fails, one or more of your commits are not signed off. Please click on the Details link next to the DCO action for instructions on how to resolve this.
Checklist:
Please see Contribution FAQs if you have questions about your pull-request.