Merge branch 'main' into fix-13057

.devcontainer/devcontainer.json

@@ -3,15 +3,15 @@
   "appPort": 8080,
   "features": {
     "ghcr.io/devcontainers/features/go:1": {
-      "version": "1.21"
+      "version": "1.22"
     },
     "ghcr.io/devcontainers/features/node:1": {
       "version": "20"
     },
     "ghcr.io/devcontainers/features/docker-in-docker:2": {},
     "ghcr.io/devcontainers/features/python:1": {}
   },
-  "forwardPorts": [9000, 9090, 2746, 8080],
+  "forwardPorts": [9000, 9001, 9090, 2746, 8080, 5556, 6060, 9091, 3306, 5432, 10000],
   "hostRequirements": {
     "cpus": 4
   },

.devcontainer/pre-build.sh

@@ -20,7 +20,9 @@ sudo apt update
 sudo apt install -y protobuf-compiler
 
 # Make sure go path is owned by vscode
-sudo chown -R vscode:vscode /home/vscode/go || true
+sudo chown vscode:vscode /home/vscode/go || true
+sudo chown vscode:vscode /home/vscode/go/src || true
+sudo chown vscode:vscode /home/vscode/go/src/github.com || true
 
 # download dependencies and do first-pass compile
 CI=1 kit pre-up

.github/ISSUE_TEMPLATE/bug_report.yaml

@@ -17,20 +17,22 @@ body:
   - type: textarea
     id: description
     attributes:
-      label: What happened/what did you expect to happen?
+      label: What happened? What did you expect to happen?
     validations:
       required: true
   - type: input
     id: version
     attributes:
-      label: Version
-      placeholder: e.g. v3.3.8 or latest
+      label: Version(s)
+      description: What versions did you experience this on? Please provide all versions. When testing `:latest`, please provide a SHA
+      placeholder: v3.5.7, v3.5.8, 3ece3b30f0c445204fec468fd437e77283cab913
     validations:
       required: true
   - type: textarea
     id: failing-workflow
     attributes:
-      label: Paste a small workflow that reproduces the issue. We must be able to run the workflow; don't enter a workflows that uses private images.
+      label: Paste a minimal workflow that reproduces the issue. We must be able to run the workflow; don't enter a workflows that uses private images.
+      description: A [minimal reproduction](https://stackoverflow.com/help/minimal-reproducible-example) is essential to debugging and prioritizing your issue
       render: YAML
     validations:
       required: true

.github/ISSUE_TEMPLATE/regression.yaml

@@ -18,20 +18,22 @@ body:
   - type: textarea
     id: description
     attributes:
-      label: What happened/what you expected to happen?
+      label: What happened? What did you expect to happen?
     validations:
       required: true
   - type: input
     id: version
     attributes:
-      label: Version
-      placeholder: e.g. v3.3.8 or latest
+      label: Version(s)
+      description: What versions did you experience this on? Please provide all versions. When testing `:latest`, please provide a SHA
+      placeholder: v3.5.7, v3.5.8, 3ece3b30f0c445204fec468fd437e77283cab913
     validations:
       required: true
   - type: textarea
     id: failing-workflow
     attributes:
-      label: Paste a small workflow that reproduces the issue. We must be able to run the workflow; don't enter a workflows that uses private images.
+      label: Paste a minimal workflow that reproduces the issue. We must be able to run the workflow; don't enter a workflows that uses private images.
+      description: A [minimal reproduction](https://stackoverflow.com/help/minimal-reproducible-example) is essential to debugging and prioritizing your issue
       render: YAML
     validations:
       required: true

.github/dependabot.yml

@@ -74,4 +74,4 @@ updates:
       - type/dependencies
       - github_actions
     commit-message:
-      prefix: chore(deps)
+      prefix: chore(deps-dev)

.github/workflows/changelog.yaml

@@ -28,7 +28,7 @@ jobs:
       - run: ./hack/changelog.sh > CHANGELOG.md
       - uses: peter-evans/create-pull-request@a4f52f8033a6168103c2538976c07b467e8163bc # v6.0.1
         with:
-          title: 'docs: updated CHANGELOG.md'
-          commit-message: 'docs: updated CHANGELOG.md'
+          title: 'docs: update CHANGELOG.md for ${{ github.ref_name }}'
+          commit-message: 'docs: update CHANGELOG.md for ${{ github.ref_name }}'
           branch: create-pull-request/changelog
           signoff: true

.github/workflows/ci-build.yaml

@@ -114,7 +114,7 @@ jobs:
       - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
       - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
         with:
-          go-version: "1.21"
+          go-version: "1.22"
           cache: true
       - run: make test STATIC_FILES=false GOTEST='go test -p 20 -covermode=atomic -coverprofile=coverage.out'
       - name: Upload coverage report
@@ -136,7 +136,7 @@ jobs:
       - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
       - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
         with:
-          go-version: "1.21"
+          go-version: "1.22"
           cache: true
       # windows run does not use makefile target because it does a lot more than just testing and is not cross-platform compatible
       - run: go test -p 20 -covermode=atomic -coverprofile='coverage.out' $(go list ./... | select-string -Pattern 'github.com/argoproj/argo-workflows/v3/workflow/controller' , 'github.com/argoproj/argo-workflows/v3/server' -NotMatch)
@@ -215,21 +215,21 @@ jobs:
           - test: test-python-sdk
             profile: minimal
           - test: test-executor
-            install_k3s_version: v1.26.15+k3s1
+            install_k3s_version: v1.28.11+k3s1
             profile: minimal
           - test: test-corefunctional
-            install_k3s_version: v1.26.15+k3s1
+            install_k3s_version: v1.28.11+k3s1
             profile: minimal
           - test: test-functional
-            install_k3s_version: v1.26.15+k3s1
+            install_k3s_version: v1.28.11+k3s1
             profile: minimal
     steps:
       - name: Install socat (needed by Kubernetes)
         run: sudo apt-get -y install socat
       - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
       - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
         with:
-          go-version: "1.21"
+          go-version: "1.22"
           cache: true
       - name: Install Java for the SDK
         if: ${{matrix.test == 'test-java-sdk'}}
@@ -247,7 +247,7 @@ jobs:
       - name: Install and start K3S
         run: |
           if ! echo "${{ matrix.install_k3s_version }}" | egrep '^v[0-9]+\.[0-9]+\.[0-9]+\+k3s1$'; then
-            export INSTALL_K3S_VERSION=v1.29.3+k3s1
+            export INSTALL_K3S_VERSION=v1.30.2+k3s1
           else
             export INSTALL_K3S_VERSION=${{ matrix.install_k3s_version }}
           fi
@@ -328,9 +328,9 @@ jobs:
           set -eux
           kubectl get pods -l workflows.argoproj.io/workflow
           kubectl describe pods -l workflows.argoproj.io/workflow
-      - name: Failure debug - Wait container logs
+      - name: Failure debug - Workflow Pod logs
         if: ${{ failure() }}
-        run: kubectl logs -c wait -l workflows.argoproj.io/workflow --prefix
+        run: kubectl logs --all-containers -l workflows.argoproj.io/workflow --prefix
 
   # workaround for status checks -- check this one job instead of each individual E2E job in the matrix
   # this allows us to skip the entire matrix when it doesn't need to run while still having accurate status checks
@@ -362,7 +362,7 @@ jobs:
       - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
       - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
         with:
-          go-version: "1.21"
+          go-version: "1.22"
           cache: true
       - name: Install protoc
         run: |
@@ -399,7 +399,7 @@ jobs:
       - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
       - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
         with:
-          go-version: "1.21"
+          go-version: "1.22"
           cache: true
       - run: make lint STATIC_FILES=false
       # if lint makes changes that are not in the PR, fail the build

.github/workflows/docs.yaml

@@ -25,7 +25,7 @@ jobs:
           python-version: 3.9
       - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
         with:
-          go-version: '1.21'
+          go-version: '1.22'
       - uses: actions/setup-node@b39b52d1213e96004bfcb1c61a8a6fa8ab84f3e8 # v4.0.1
         with:
           node-version: "19"

.github/workflows/release.yaml

@@ -291,7 +291,7 @@ jobs:
           node-version: "20" # change in all GH Workflows
       - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
         with:
-          go-version: "1.21"
+          go-version: "1.22"
       - name: Restore node packages cache
         uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1
         with:

.github/workflows/retest.yaml

@@ -1,14 +1,15 @@
 name: Detect and Trigger Retest
 on:
   issue_comment:
-    types: [created, edited]
+    types: [created]
 
 permissions:
   contents: read
 
 jobs:
   retest:
-    if: github.event.comment.author_association == 'MEMBER' && github.event.comment.body == '/retest'
+    # PR comments where a Member types "/retest" exactly
+    if: github.event.issue.pull_request && github.event.comment.author_association == 'MEMBER' && github.event.comment.body == '/retest'
     permissions:
       actions: write # for re-running failed jobs: https://docs.github.com/en/rest/actions/workflow-runs?apiVersion=2022-11-28#re-run-a-job-from-a-workflow-run
     runs-on: ubuntu-latest

.snyk

@@ -0,0 +1,7 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities
+version: v1.25.0
+ignore:
+  SNYK-GOLANG-GITHUBCOMJACKCPGXV4-7416900:
+    - '*':
+        reason: "False Positive: vuln is for pgx/v5, not pgx/v4: https://pkg.go.dev/vuln/GO-2024-2567"
+        expires: 2024-09-01T11:11:11.001Z