Merge remote-tracking branch 'origin/release-1.7' into CR-24605-sync-…

…v1.7.1

.github/workflows/default-branch-check.yaml

@@ -0,0 +1,18 @@
+name: PR check
+
+on:
+  pull_request:
+    branches:
+      - "release-*"
+
+jobs:
+  test-default-branch:
+    name: base branch is a default branch
+    runs-on: ubuntu-latest
+    steps:
+    - name: fail if base branch is not default branch
+      if: ${{ github.event.pull_request.base.ref != github.event.repository.default_branch }}
+      uses: actions/github-script@v3
+      with:
+        script: |
+            core.setFailed("Base branch of the PR - ${{ github.event.pull_request.base.ref }} is not a default branch. Please reopen your PR to ${{ github.event.repository.default_branch }}")

.github/workflows/docker-publish.yml

@@ -3,18 +3,12 @@ name: Docker
 on:
   push:
     branches:
-      - master
+      # - master  # commented due to Codefresh convention
       - release-*
 
   # Run tests for any PRs.
   pull_request:
 
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
-
-permissions: {}
-
 jobs:
   set-vars:
     permissions:
@@ -26,68 +20,98 @@ jobs:
       platforms: ${{ steps.platform-matrix.outputs.platform-matrix }}
 
     steps:
+      - name: Checkout
+        uses: actions/[email protected]
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+
+      - name: Cache Docker layers
+        uses: actions/cache@v2
+        with:
+          path: /tmp/.buildx-cache
+          key: ${{ runner.os }}-buildx-${{ github.sha }}
+          restore-keys: |
+            ${{ runner.os }}-buildx-
+
       - name: Docker meta (controller)
         id: controller-meta
         uses: docker/metadata-action@v5
         with:
           images: |
-            quay.io/argoproj/argo-rollouts
+            quay.io/codefresh/argo-rollouts
+          # ghcr.io/codefresh-io/argo-rollouts
           tags: |
-            type=ref,event=branch,enable=${{ github.ref != 'refs/heads/master'}}
-            type=raw,value=latest,enable=${{ github.ref == 'refs/heads/master' }}
+            type=ref,event=branch
+          # commented due to  Codefresh convention
+          # flavor: |
+          #   latest=${{ github.ref == 'refs/heads/master' }}
 
       - name: Docker meta (plugin)
         id: plugin-meta
         uses: docker/metadata-action@v5
         with:
           images: |
-            quay.io/argoproj/kubectl-argo-rollouts
+            quay.io/codefresh/kubectl-argo-rollouts
+          # ghcr.io/codefresh-io/kubectl-argo-rollouts
           tags: |
-            type=ref,event=branch,enable=${{ github.ref != 'refs/heads/master'}}
-            type=raw,value=latest,enable=${{ github.ref == 'refs/heads/master' }}
+            type=ref,event=branch
+          # commented due to  Codefresh convention
+          # flavor: |
+          #   latest=${{ github.ref == 'refs/heads/master' }}
+
+      # - name: Login to GitHub Container Registry
+      #   if: github.event_name != 'pull_request'
+      #   uses: docker/login-action@v1 
+      #   with:
+      #     registry: ghcr.io
+      #     username: ${{ github.repository_owner }}
+      #     password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Login to Quay.io
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@v2
+        with:
+          registry: quay.io
+          username: ${{ secrets.QUAY_USERNAME }}
+          password: ${{ secrets.QUAY_ROBOT_TOKEN }}
 
       # avoid building linux/arm64 for PRs since it takes so long
       - name: Set Platform Matrix
         id: platform-matrix
         run: |
           PLATFORM_MATRIX=linux/amd64
-          if [[ "${{ github.event_name }}" == "push" || "${{ contains(github.event.pull_request.labels.*.name, 'test-arm-image') }}" == "true" ]]
-          then
+          if [ ${{ github.event_name != 'pull_request' }} = true ]; then
             PLATFORM_MATRIX=$PLATFORM_MATRIX,linux/arm64
           fi
           echo "platform-matrix=$PLATFORM_MATRIX" >> $GITHUB_OUTPUT
 
-  build-and-push-controller-image:
-    needs: [set-vars]
-    permissions:
-      contents: read
-      packages: write  # for pushing packages to GHCR, which is used by cd.apps.argoproj.io to avoid polluting Quay with tags
-      id-token: write # for creating OIDC tokens for signing.
-    uses: ./.github/workflows/image-reuse.yaml
-    with:
-      quay_image_name: ${{ needs.set-vars.outputs.controller-meta-tags }}
-      # Note: cannot use env variables to set go-version (https://docs.github.com/en/actions/using-workflows/reusing-workflows#limitations)
-      go-version: '1.21'
-      platforms: ${{ needs.set-vars.outputs.platforms }}
-      push: ${{ github.event_name != 'pull_request' }}
-    secrets:
-      quay_username: ${{ secrets.QUAY_USERNAME }}
-      quay_password: ${{ secrets.QUAY_ROBOT_TOKEN }}
+      - name: Build and push (controller-image)
+        uses: docker/build-push-action@v3
+        with:
+          platforms: ${{ steps.platform-matrix.outputs.platform-matrix }}
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.controller-meta.outputs.tags }}
+          cache-from: type=local,src=/tmp/.buildx-cache
+          cache-to: type=local,dest=/tmp/.buildx-cache
 
-  build-and-push-plugin-image:
-    needs: [set-vars]
-    permissions:
-      contents: read
-      packages: write  # for pushing packages to GHCR, which is used by cd.apps.argoproj.io to avoid polluting Quay with tags
-      id-token: write # for creating OIDC tokens for signing.
-    uses: ./.github/workflows/image-reuse.yaml
-    with:
-      quay_image_name: ${{ needs.set-vars.outputs.plugin-meta-tags }}
-      # Note: cannot use env variables to set go-version (https://docs.github.com/en/actions/using-workflows/reusing-workflows#limitations)
-      go-version: '1.21'
-      platforms: ${{ needs.set-vars.outputs.platforms }}
-      push: ${{ github.event_name != 'pull_request' }}
-      target: kubectl-argo-rollouts
-    secrets:
-      quay_username: ${{ secrets.QUAY_USERNAME }}
-      quay_password: ${{ secrets.QUAY_ROBOT_TOKEN }}
+      - name: Build and push (plugin-image)
+        uses: docker/build-push-action@v3
+        with:
+          target: kubectl-argo-rollouts
+          platforms: ${{ steps.platform-matrix.outputs.platform-matrix }}
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.plugin-meta.outputs.tags }}
+          cache-from: type=local,src=/tmp/.buildx-cache
+          cache-to: type=local,dest=/tmp/.buildx-cache-new
+
+        # Temp fix
+        # https://github.com/docker/build-push-action/issues/252
+        # https://github.com/moby/buildkit/issues/1896
+      - name: Move cache
+        run: |
+          rm -rf /tmp/.buildx-cache
+          mv /tmp/.buildx-cache-new /tmp/.buildx-cache

.github/workflows/e2e.yaml

@@ -3,11 +3,11 @@ name: E2E Tests
 on:
   push:
     branches:
-      - 'master'
+      # - 'master' # commented due to Codefresh convention
       - 'release-*'
   pull_request:
     branches:
-      - 'master'
+      # - 'master' # commented due to Codefresh convention
       - 'release-*'
   workflow_dispatch:
     inputs:

.github/workflows/go.yml

@@ -2,10 +2,12 @@ name: Go
 on:
   push:
     branches:
-      - "master"
-      - "release-*"
+      # - "master"
+      - "release-*" # Codefresh convention
   pull_request:
     branches:
+      # - "master"
+      - "release-*" # Codefresh convention
       - "master"
 env:
   # Golang version to use across CI steps
@@ -29,9 +31,6 @@ jobs:
           name: Event File
           path: ${{ github.event_path }}
   lint-go:
-    permissions:
-      contents: read  # for actions/checkout to fetch code
-      pull-requests: read  # for golangci/golangci-lint-action to fetch pull requests
     name: Lint Go code
     runs-on: ubuntu-latest
     steps: