From fb6c3d0b801063851561ae5ae61501fba40169b0 Mon Sep 17 00:00:00 2001 From: shuangkun tian <72060326+shuangkun@users.noreply.github.com> Date: Tue, 2 Apr 2024 11:34:47 +0800 Subject: [PATCH 1/6] fix: make sure Finalizers has chance to be removed. Fixes: #12836 (#12831) Signed-off-by: shuangkun --- test/e2e/fixtures/when.go | 1 + workflow/controller/operator.go | 4 ++++ 2 files changed, 5 insertions(+) diff --git a/test/e2e/fixtures/when.go b/test/e2e/fixtures/when.go index c65b3668e6e7..88dfc134efc0 100644 --- a/test/e2e/fixtures/when.go +++ b/test/e2e/fixtures/when.go @@ -347,6 +347,7 @@ func (w *When) WaitForWorkflowList(listOptions metav1.ListOptions, condition fun return w } } + time.Sleep(time.Second) } } diff --git a/workflow/controller/operator.go b/workflow/controller/operator.go index dd7f8b1fd929..8a425d28d882 100644 --- a/workflow/controller/operator.go +++ b/workflow/controller/operator.go @@ -806,6 +806,10 @@ func (woc *wfOperationCtx) persistUpdates(ctx context.Context) { woc.log.WithError(err).Warn("failed to delete task-results") } } + // If Finalizer exists, requeue to make sure Finalizer can be removed. + if woc.wf.Status.Fulfilled() && len(wf.GetFinalizers()) > 0 { + woc.requeueAfter(5 * time.Second) + } // It is important that we *never* label pods as completed until we successfully updated the workflow // Failing to do so means we can have inconsistent state. From cd0c58e05a088946d0e01e0275b27e43a23ba080 Mon Sep 17 00:00:00 2001 From: shuangkun tian <72060326+shuangkun@users.noreply.github.com> Date: Tue, 2 Apr 2024 17:19:11 +0800 Subject: [PATCH 2/6] fix: remove completed taskset status before update workflow. Fixes: #12832 (#12835) Signed-off-by: shuangkun --- workflow/controller/operator.go | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/workflow/controller/operator.go b/workflow/controller/operator.go index 8a425d28d882..0e93b2a9b397 100644 --- a/workflow/controller/operator.go +++ b/workflow/controller/operator.go @@ -747,6 +747,12 @@ func (woc *wfOperationCtx) persistUpdates(ctx context.Context) { } } + // Remove completed taskset status before update workflow. + err = woc.removeCompletedTaskSetStatus(ctx) + if err != nil { + woc.log.WithError(err).Warn("error updating taskset") + } + wf, err := wfClient.Update(ctx, woc.wf, metav1.UpdateOptions{}) if err != nil { woc.log.Warnf("Error updating workflow: %v %s", err, apierr.ReasonForError(err)) @@ -794,12 +800,6 @@ func (woc *wfOperationCtx) persistUpdates(ctx context.Context) { time.Sleep(1 * time.Second) } - err = woc.removeCompletedTaskSetStatus(ctx) - - if err != nil { - woc.log.WithError(err).Warn("error updating taskset") - } - // Make sure the workflow completed. if woc.wf.Status.Fulfilled() { if err := woc.deleteTaskResults(ctx); err != nil { From 74eb722539869a5e32c2f31e52e6fd16730aca70 Mon Sep 17 00:00:00 2001 From: mahdi alizadeh <79321261+alizademhdi@users.noreply.github.com> Date: Wed, 3 Apr 2024 23:23:55 +0330 Subject: [PATCH 3/6] feat(ui): display line numbers in object-editor. Fixes #12807. (#12873) Signed-off-by: alizademhdi --- ui/src/app/shared/components/object-editor.tsx | 1 - 1 file changed, 1 deletion(-) diff --git a/ui/src/app/shared/components/object-editor.tsx b/ui/src/app/shared/components/object-editor.tsx index 4929d4802fb1..ea79be418e83 100644 --- a/ui/src/app/shared/components/object-editor.tsx +++ b/ui/src/app/shared/components/object-editor.tsx @@ -121,7 +121,6 @@ export function ObjectEditor({type, value, buttons, onChange}: Props) { options={{ readOnly: onChange === null, minimap: {enabled: false}, - lineNumbers: 'off', guides: { indentation: false }, From 23927c5a64d06373b51024f6e3e0aeaeeedbafbb Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 4 Apr 2024 00:19:09 +0000 Subject: [PATCH 4/6] build(deps): bump github.com/docker/docker from 24.0.0+incompatible to 24.0.9+incompatible (#12878) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index a6f584affc3e..a0a8cbe209c4 100644 --- a/go.mod +++ b/go.mod @@ -175,7 +175,7 @@ require ( github.com/dimchansky/utfbom v1.1.1 // indirect github.com/docker/cli v24.0.7+incompatible // indirect github.com/docker/distribution v2.8.2+incompatible // indirect - github.com/docker/docker v24.0.0+incompatible // indirect + github.com/docker/docker v24.0.9+incompatible // indirect github.com/docker/docker-credential-helpers v0.7.0 // indirect github.com/dustin/go-humanize v1.0.1 // indirect github.com/emicklei/go-restful/v3 v3.10.0 // indirect diff --git a/go.sum b/go.sum index 66d56f1ae64f..b51cf0f944ae 100644 --- a/go.sum +++ b/go.sum @@ -220,8 +220,8 @@ github.com/docker/cli v24.0.7+incompatible h1:wa/nIwYFW7BVTGa7SWPVyyXU9lgORqUb1x github.com/docker/cli v24.0.7+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= github.com/docker/distribution v2.8.2+incompatible h1:T3de5rq0dB1j30rp0sA2rER+m322EBzniBPB6ZIzuh8= github.com/docker/distribution v2.8.2+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= -github.com/docker/docker v24.0.0+incompatible h1:z4bf8HvONXX9Tde5lGBMQ7yCJgNahmJumdrStZAbeY4= -github.com/docker/docker v24.0.0+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= +github.com/docker/docker v24.0.9+incompatible h1:HPGzNmwfLZWdxHqK9/II92pyi1EpYKsAqcl4G0Of9v0= +github.com/docker/docker v24.0.9+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker-credential-helpers v0.6.4/go.mod h1:ofX3UI0Gz1TteYBjtgs07O36Pyasyp66D2uKT7H8W1c= github.com/docker/docker-credential-helpers v0.7.0 h1:xtCHsjxogADNZcdv1pKUHXryefjlVRqWqIhk/uXJp0A= github.com/docker/docker-credential-helpers v0.7.0/go.mod h1:rETQfLdHNT3foU5kuNkFR1R1V12OJRRO5lzt2D1b5X0= From adb6d5d31c46e8cb45107decf4c9f95d323fc495 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 4 Apr 2024 00:29:57 +0000 Subject: [PATCH 5/6] build(deps): bump github.com/go-jose/go-jose/v3 from 3.0.1 to 3.0.3 (#12879) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 5 ++--- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/go.mod b/go.mod index a0a8cbe209c4..eff84de5ea9b 100644 --- a/go.mod +++ b/go.mod @@ -22,7 +22,7 @@ require ( github.com/expr-lang/expr v1.16.0 github.com/gavv/httpexpect/v2 v2.16.0 github.com/go-git/go-git/v5 v5.11.0 - github.com/go-jose/go-jose/v3 v3.0.1 + github.com/go-jose/go-jose/v3 v3.0.3 github.com/go-openapi/jsonreference v0.20.4 github.com/go-sql-driver/mysql v1.7.1 github.com/gogo/protobuf v1.3.2 diff --git a/go.sum b/go.sum index b51cf0f944ae..ea6b59f100d1 100644 --- a/go.sum +++ b/go.sum @@ -292,8 +292,8 @@ github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399/go.mod github.com/go-git/go-git/v5 v5.11.0 h1:XIZc1p+8YzypNr34itUfSvYJcv+eYdTnTvOZ2vD3cA4= github.com/go-git/go-git/v5 v5.11.0/go.mod h1:6GFcX2P3NM7FPBfpePbpLd21XxsgdAt+lKqXmCUiUCY= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= -github.com/go-jose/go-jose/v3 v3.0.1 h1:pWmKFVtt+Jl0vBZTIpz/eAKwsm6LkIxDVVbFHKkchhA= -github.com/go-jose/go-jose/v3 v3.0.1/go.mod h1:RNkWWRld676jZEYoV3+XK8L2ZnNSvIsxFMht0mSX+u8= +github.com/go-jose/go-jose/v3 v3.0.3 h1:fFKWeig/irsp7XD2zBxvnmA/XaRWp5V3CBsZXJF7G7k= +github.com/go-jose/go-jose/v3 v3.0.3/go.mod h1:5b+7YgP7ZICgJDBdfjZaIt+H/9L9T/YQrVfLAMboGkQ= github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY= github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= @@ -867,7 +867,6 @@ golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACk golang.org/x/crypto v0.0.0-20190411191339-88737f569e3a/go.mod h1:WFFai1msRO1wXaEeE5yQxYXgSfI8pQAWXbQop6sCtWE= golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190820162420-60c769a6c586/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20190911031432-227b76d455e7/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200220183623-bac4c82f6975/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= From f521c30bdca1278dedd74860274d6acc3b74dea5 Mon Sep 17 00:00:00 2001 From: Anton Gilgur <4970083+agilgur5@users.noreply.github.com> Date: Wed, 3 Apr 2024 20:39:54 -0400 Subject: [PATCH 6/6] docs(security): add Draft GHSA option (#12747) Signed-off-by: Anton Gilgur --- SECURITY.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index 02136b30d74c..96d668b849eb 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -6,9 +6,10 @@ If you find a security related bug in Argo Workflows, we kindly ask you for resp disclosure and for giving us appropriate time to react, analyze and develop a fix to mitigate the found security vulnerability. -Please report vulnerabilities by e-mail to the following address: +Please report vulnerabilities by: -* cncf-argo-security@lists.cncf.io +* Opening a draft GitHub Security Advisory: https://github.com/argoproj/argo-workflows/security/advisories/new +* Sending an e-mail to the following address: cncf-argo-security@lists.cncf.io All vulnerabilities and associated information will be treated with full confidentiality.