reverted all changes done from upstream

Author: ATGardner

.github/workflows/ci-build.yaml

@@ -2,14 +2,14 @@ name: Integration tests
 on:
   push:
     branches:
-#      - 'master'
+      - 'master'
       - 'release-*'
       - '!release-1.4'
       - '!release-1.5'
   pull_request:
     branches:
-#      - 'master'
-      - 'release-*' # Codefresh change instead of `master`
+      - 'master'
+      - 'release-*'
 
 env:
   # Golang version to use across CI steps

.github/workflows/image.yaml

@@ -3,12 +3,11 @@ name: Image
 on:
   push:
     branches:
-      # - master
-      - "release-*" # Codefresh change instead of `master`
-  # pull_request:
-  #   branches:
-  #     - master
-  #   types: [ labeled, unlabeled, opened, synchronize, reopened ]
+      - master
+  pull_request:
+    branches:
+      - master
+    types: [ labeled, unlabeled, opened, synchronize, reopened ]
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
@@ -20,7 +19,7 @@ jobs:
   set-vars:
     permissions:
       contents: read
-    if: github.repository == 'codefresh-io/argo-cd'
+    if: github.repository == 'argoproj/argo-cd'
     runs-on: ubuntu-22.04
     outputs:
       image-tag: ${{ steps.image.outputs.tag}}
@@ -117,3 +116,4 @@ jobs:
           git config --global user.name 'CI'
           git diff --exit-code && echo 'Already deployed' || (git commit -am 'Upgrade argocd to ${{ needs.set-vars.outputs.image-tag }}' && git push)
         working-directory: argoproj-deployments/argocd
+

.github/workflows/release.yaml

@@ -1,15 +1,13 @@
-name: Create ArgoCD release
+name: Publish ArgoCD Release
 on:
   push:
     tags:
-      - "release-v**"
-      - "!release-v1.5*"
-      - "!release-v1.4*"
-      - "!release-v1.3*"
-      - "!release-v1.2*"
-      - "!release-v1.1*"
-      - "!release-v1.0*"
-      - "!release-v0*"
+      - 'v*'
+      - '!v2.4*'
+      - '!v2.5*'
+      - '!v2.6*'
+
+permissions: {}
 
 env:
   # renovate: datasource=golang-version packageName=golang
@@ -42,7 +40,7 @@ jobs:
         packages: write # for uploading attestations. (https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/container/README.md#known-issues)
       # Must be refernced by a tag. https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/container/README.md#referencing-the-slsa-generator
       if: github.repository == 'argoproj/argo-cd'
-      uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v1.9.0
+      uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v2.0.0
       with:
         image: quay.io/argoproj/argocd
         digest: ${{ needs.argocd-image.outputs.image-digest }}
@@ -58,14 +56,8 @@ jobs:
       contents: write # used for uploading assets
     if: github.repository == 'argoproj/argo-cd'
     runs-on: ubuntu-22.04
-    env:
-      ARTIFACT_NAME: release-notes
     outputs:
-      TARGET_VERSION: ${{ steps.setup-vars.outputs.TARGET_VERSION }}
-      TARGET_BRANCH: ${{ steps.setup-vars.outputs.TARGET_BRANCH }}
-      PRE_RELEASE: ${{ steps.setup-vars.outputs.PRE_RELEASE }}
-      RELEASE_TAG: ${{ steps.setup-vars.outputs.RELEASE_TAG }}
-      RELEASE_NOTES: ${{ steps.release-notes.outputs.RELEASE_NOTES }}
+      hashes: ${{ steps.hash.outputs.hashes }}
 
     steps:
       - name: Checkout code
@@ -93,6 +85,14 @@ jobs:
           echo "KUBECTL_VERSION=$(go list -m k8s.io/client-go | head -n 1 | rev | cut -d' ' -f1 | rev)" >> $GITHUB_ENV
           echo "GIT_TREE_STATE=$(if [ -z "`git status --porcelain`" ]; then echo "clean" ; else echo "dirty"; fi)" >> $GITHUB_ENV
 
+      - name: Free Disk Space (Ubuntu)
+        uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be
+        with:
+          large-packages: false
+          docker-images: false
+          swap-storage: false
+          tool-cache: false
+
       - name: Run GoReleaser
         uses: goreleaser/goreleaser-action@9ed2f89a662bf1735a48bc8557fd212fa902bebf # v6.1.0
         id: run-goreleaser
@@ -126,7 +126,7 @@ jobs:
       contents: write #  Needed for release uploads
     if: github.repository == 'argoproj/argo-cd'
     # Must be refernced by a tag. https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/container/README.md#referencing-the-slsa-generator
-    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.9.0
+    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.0.0
     with:
       base64-subjects: "${{ needs.goreleaser.outputs.hashes }}"
       provenance-name: "argocd-cli.intoto.jsonl"
@@ -135,43 +135,21 @@ jobs:
   generate-sbom:
     name: Create SBOM and generate hash
     needs:
-      - prepare-release
-      - binaries
-      - container-image
+      - argocd-image
+      - goreleaser
+    permissions:
+      contents: write # Needed for release uploads
+    outputs:
+      hashes: ${{ steps.sbom-hash.outputs.hashes}}
+    if: github.repository == 'argoproj/argo-cd'
+    runs-on: ubuntu-22.04
     steps:
       - name: Checkout code
         uses: actions/checkout@8410ad0602e1e429cee44a835ae9f77f654a6694 # v4.0.0
         with:
           fetch-depth: 0
           token: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Setup Git author information
-        run: |
-          set -ue
-          git config --global user.email "${GIT_EMAIL}"
-          git config --global user.name "${GIT_USERNAME}"
-      - name: Checkout corresponding release branch
-        run: |
-          set -ue
-          echo "Switching to release branch '${TARGET_BRANCH}'"
-          if ! git checkout ${TARGET_BRANCH}; then
-            echo "::error::Checking out release branch '${TARGET_BRANCH}' for target version '${TARGET_VERSION}' (tagged '${RELEASE_TAG}') failed. Does it exist in repo?"
-            exit 1
-          fi
-
-      - name: Create the release tag
-        run: |
-          set -ue
-          echo "Creating release ${RELEASE_TAG}"
-          git tag ${RELEASE_TAG}
-
-      - name: Push changes to release branch
-        run: |
-          set -ue
-          # Codefresh change
-          # git push origin ${TARGET_BRANCH}
-          git push origin ${RELEASE_TAG}
-
       - name: Setup Golang
         uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
         with:
@@ -188,7 +166,7 @@ jobs:
           # managers (gomod, yarn, npm).
           PROJECT_FOLDERS: ".,./ui"
           # full qualified name of the docker image to be inspected
-          DOCKER_IMAGE: ${{env.IMAGE_NAMESPACE}}/argocd:v${{env.TARGET_VERSION}}
+          DOCKER_IMAGE: quay.io/argoproj/argocd:${{ github.ref_name }}
         run: |
           yarn install --cwd ./ui
           go install github.com/spdx/spdx-sbom-generator/cmd/generator@$SPDX_GEN_VERSION
@@ -221,10 +199,7 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:
-          token: ${{ secrets.GITHUB_TOKEN }}
-          name: ${{ env.RELEASE_TAG }}
           files: |
-            argocd-*
             /tmp/sbom.tar.gz
 
   sbom-provenance:
@@ -253,13 +228,12 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       - name: Checkout code
-        uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
+        uses: actions/checkout@8410ad0602e1e429cee44a835ae9f77f654a6694 # v4.0.0
         with:
-          token: ${{env.HOMEBREW_TOKEN}}
-          formula: argocd
-        if: ${{ env.HOMEBREW_TOKEN != '' && env.UPDATE_HOMEBREW == 'true' && env.PRE_RELEASE != 'true' }}
+          fetch-depth: 0
+          token: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Delete original request tag from repository
+      - name: Setup Git author information
         run: |
           set -ue
           git config --global user.email 'ci@argoproj.com'
@@ -315,7 +289,7 @@ jobs:
           # Replace the 'project-release: vX.X.X-rcX' line in SECURITY-INSIGHTS.yml
           sed -i "s/project-release: v.*$/project-release: v${{ env.NEW_VERSION }}/" SECURITY-INSIGHTS.yml
           # Update the 'commit-hash: XXXXXXX' line in SECURITY-INSIGHTS.yml
-          sed -i "s/commit-hash: .*/commit-hash: ${{ env.NEW_VERSION }}/" SECURITY-INSIGHTS.yml
+          sed -i "s/commit-hash: .*/commit-hash: ${{ env.COMMIT_HASH }}/" SECURITY-INSIGHTS.yml
         if: ${{ env.UPDATE_VERSION == 'true' }}
 
       - name: Create PR to update VERSION on master branch

.github/workflows/update-snyk.yaml

@@ -1,5 +1,6 @@
 name: Snyk report update
 on:
+  workflow_dispatch: {}
   schedule:
     - cron: '0 0 * * 0' # midnight every Sunday
 
@@ -9,7 +10,8 @@ permissions:
 jobs:
   snyk-report:
     permissions:
-      contents: write  # To push snyk reports
+      contents: write
+      pull-requests: write
     if: github.repository == 'argoproj/argo-cd'
     name: Update Snyk report in the docs directory
     runs-on: ubuntu-22.04
@@ -20,9 +22,12 @@ jobs:
           token: ${{ secrets.GITHUB_TOKEN }}
       - name: Build reports
         env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
         run: |
           make snyk-report
+          pr_branch="snyk-update-$(echo $RANDOM | md5sum | head -c 20)"
+          git checkout -b "$pr_branch"
           git config --global user.email 'ci@argoproj.com'
           git config --global user.name 'CI'
           git add docs/snyk