diff --git a/.github/workflows/ci-build.yaml b/.github/workflows/ci-build.yaml index 9659589a4c36f..67240f6793d1f 100644 --- a/.github/workflows/ci-build.yaml +++ b/.github/workflows/ci-build.yaml @@ -14,7 +14,7 @@ on: env: # Golang version to use across CI steps # renovate: datasource=golang-version packageName=golang - GOLANG_VERSION: '1.24.1' + GOLANG_VERSION: '1.24.2' concurrency: group: ${{ github.workflow }}-${{ github.ref }} diff --git a/.github/workflows/image.yaml b/.github/workflows/image.yaml index 525f52ab25874..ccb8df9f1b7b1 100644 --- a/.github/workflows/image.yaml +++ b/.github/workflows/image.yaml @@ -53,7 +53,7 @@ jobs: with: # Note: cannot use env variables to set go-version (https://docs.github.com/en/actions/using-workflows/reusing-workflows#limitations) # renovate: datasource=golang-version packageName=golang - go-version: 1.24.1 + go-version: 1.24.2 platforms: ${{ needs.set-vars.outputs.platforms }} push: false @@ -70,7 +70,7 @@ jobs: ghcr_image_name: ghcr.io/argoproj/argo-cd/argocd:${{ needs.set-vars.outputs.image-tag }} # Note: cannot use env variables to set go-version (https://docs.github.com/en/actions/using-workflows/reusing-workflows#limitations) # renovate: datasource=golang-version packageName=golang - go-version: 1.24.1 + go-version: 1.24.2 platforms: ${{ needs.set-vars.outputs.platforms }} push: true secrets: diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index ac3f7ded892dc..6f0d4d16ccbb0 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -11,7 +11,7 @@ permissions: {} env: # renovate: datasource=golang-version packageName=golang - GOLANG_VERSION: '1.24.1' # Note: go-version must also be set in job argocd-image.with.go-version + GOLANG_VERSION: '1.24.2' # Note: go-version must also be set in job argocd-image.with.go-version jobs: argocd-image: @@ -25,7 +25,7 @@ jobs: quay_image_name: quay.io/argoproj/argocd:${{ github.ref_name }} # Note: cannot use env variables to set go-version (https://docs.github.com/en/actions/using-workflows/reusing-workflows#limitations) # renovate: datasource=golang-version packageName=golang - go-version: 1.24.1 + go-version: 1.24.2 platforms: linux/amd64,linux/arm64,linux/s390x,linux/ppc64le push: true secrets: diff --git a/.github/workflows/vulncheck.yaml b/.github/workflows/vulncheck.yaml new file mode 100644 index 0000000000000..1a2efe33f3285 --- /dev/null +++ b/.github/workflows/vulncheck.yaml @@ -0,0 +1,38 @@ +name: vulncheck + +on: + push: + branches: + - 'master' + - 'release-*' + - '!release-1.4' + - '!release-1.5' + pull_request: + branches: + - 'master' + - 'release-*' + +env: + # Golang version to use across CI steps + # renovate: datasource=golang-version packageName=golang + GOLANG_VERSION: '1.24.2' + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +permissions: + contents: read + +jobs: + vulncheck: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@8410ad0602e1e429cee44a835ae9f77f654a6694 # v4.0.0 + + - name: Run govulncheck + uses: golang/govulncheck-action@v1 + with: + go-version-input: ${{ env.GOLANG_VERSION }} + repo-checkout: false diff --git a/go.mod b/go.mod index 0541d44bb8f61..740977660a0b1 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/argoproj/argo-cd/v3 -go 1.24.1 +go 1.24.2 require ( code.gitea.io/sdk/gitea v0.20.0 @@ -293,6 +293,7 @@ require ( ) replace ( + github.com/argoproj/gitops-engine => github.com/sivchari/gitops-engine v0.0.0-20250311160727-70181af58e7f github.com/golang/protobuf => github.com/golang/protobuf v1.5.4 github.com/grpc-ecosystem/grpc-gateway => github.com/grpc-ecosystem/grpc-gateway v1.16.0 diff --git a/go.sum b/go.sum index d44436e36897a..e9016e4ce6ec6 100644 --- a/go.sum +++ b/go.sum @@ -114,8 +114,6 @@ github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFI github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod h1:ySMOLuWl6zY27l47sB3qLNK6tF2fkHG55UZxx8oIVo4= github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= github.com/appscode/go v0.0.0-20191119085241-0887d8ec2ecc/go.mod h1:OawnOmAL4ZX3YaPdN+8HTNwBveT1jMsqP74moa9XUbE= -github.com/argoproj/gitops-engine v0.7.1-0.20250314164314-7258614f5041 h1:2QuxuGZ7ZLokBqmwr02MHhI2N3ffShms/IxSbvaFtVM= -github.com/argoproj/gitops-engine v0.7.1-0.20250314164314-7258614f5041/go.mod h1:4KL2HCRSGA/yLM8nOCcv+NbFsYohxmT9Lb47kWFhWYw= github.com/argoproj/notifications-engine v0.4.1-0.20250309174002-87bf0576a872 h1:ADGAdyN9ty0+RmTT/yn+xV9vwkqvLn9O1ccqeP0Zeas= github.com/argoproj/notifications-engine v0.4.1-0.20250309174002-87bf0576a872/go.mod h1:d1RazGXWvKRFv9//rg4MRRR7rbvbE7XLgTSMT5fITTE= github.com/argoproj/pkg v0.13.7-0.20250305113207-cbc37dc61de5 h1:YBoLSjpoaJXaXAldVvBRKJuOPvIXz9UOv6S96gMJM/Q= @@ -745,6 +743,8 @@ github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrf github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= +github.com/sivchari/gitops-engine v0.0.0-20250311160727-70181af58e7f h1:erOOKpbZ+y4KpT+l42N0pFO3KpGq38q7RYyQpbvE4zo= +github.com/sivchari/gitops-engine v0.0.0-20250311160727-70181af58e7f/go.mod h1:dnS9k8GrPE4kFAwt1K4+1d8WUAi95j3Jnkov44XNt9E= github.com/skeema/knownhosts v1.3.1 h1:X2osQ+RAjK76shCbvhHHHVl3ZlgDm8apHEHFqRjnBY8= github.com/skeema/knownhosts v1.3.1/go.mod h1:r7KTdC8l4uxWRyK2TpQZ/1o5HaSzh06ePQNxPwTcfiY= github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966 h1:JIAuq3EEf9cgbU6AtGPK4CTG3Zf6CKMNqf0MHTggAUA=