Merge remote-tracking branch 'origin/feat/monorepo-selfheal-support' …

…into feat/monorepo-selfheal-support

.github/workflows/ci-build.yaml

@@ -31,7 +31,7 @@ jobs:
       docs: ${{ steps.filter.outputs.docs_any_changed }}
     steps:
       - uses: actions/checkout@8410ad0602e1e429cee44a835ae9f77f654a6694 # v4.0.0
-      - uses: tj-actions/changed-files@c65cd883420fd2eb864698a825fc4162dd94482c # v44.5.7
+      - uses: tj-actions/changed-files@e9772d140489982e0e3704fea5ee93d536f1e275 # v45.0.1
         id: filter
         with:
           # Any file which is not under docs/, ui/ or is not a markdown file is counted as a backend file

.github/workflows/init-release.yaml

@@ -64,7 +64,7 @@ jobs:
           git stash pop
 
       - name: Create pull request
-        uses: peter-evans/create-pull-request@4320041ed380b20e97d388d56a7fb4f9b8c20e79  # v7.0.0
+        uses: peter-evans/create-pull-request@8867c4aba1b742c39f8d0ba35429c2dfa4b6cb20  # v7.0.1
         with:
           commit-message: "Bump version to ${{ inputs.TARGET_VERSION }}"
           title: "Bump version to ${{ inputs.TARGET_VERSION }} on ${{ inputs.TARGET_BRANCH }} branch"

.github/workflows/release.yaml

@@ -295,7 +295,7 @@ jobs:
         if: ${{ env.UPDATE_VERSION == 'true' }}
 
       - name: Create PR to update VERSION on master branch
-        uses: peter-evans/create-pull-request@4320041ed380b20e97d388d56a7fb4f9b8c20e79 # v7.0.0
+        uses: peter-evans/create-pull-request@8867c4aba1b742c39f8d0ba35429c2dfa4b6cb20 # v7.0.1
         with:
           commit-message: Bump version in master
           title: "chore: Bump version in master"

USERS.md

@@ -207,6 +207,7 @@ Currently, the following organizations are **officially** using Argo CD:
 1. [Moengage](https://www.moengage.com/)
 1. [Money Forward](https://corp.moneyforward.com/en/)
 1. [MOO Print](https://www.moo.com/)
+1. [Mozilla](https://www.mozilla.org)
 1. [MTN Group](https://www.mtn.com/)
 1. [Municipality of The Hague](https://www.denhaag.nl/)
 1. [My Job Glasses](https://myjobglasses.com)

docs/developer-guide/index.md

@@ -15,7 +15,7 @@
 Need help? Start with the [Contributors FAQ](faq/)
 
 ## Contributing to the Documentation
-* [Building and Running Documentation Site Locally](site/)
+* [Building and Running Documentation Site Locally](docs-site/)
 
 ## Extensions and Third-Party Applications
 * [UI Extensions](ui-extensions/)

docs/proposals/resource-deletion-with-approval.md

@@ -0,0 +1,171 @@
+---
+title: Neat-enhancement-idea
+authors:
+- "@alexmt"
+  sponsors:
+- TBD
+  reviewers:
+- "@jessesuen"
+- TBD
+  approvers:
+- "@jessesuen"
+- TBD
+
+creation-date: 2020-04-19
+last-updated: 2020-04-19
+
+---
+# Neat Enhancement Idea
+
+Support manual approval for pruning and deleting Kubernetes resources during application syncing/deletion.
+
+## Summary
+
+Introduce Kubernetes resource-level annotations that require manual user approval using Argo CD UI/CLI/API before the
+resource is pruned or deleted. The annotations should be respected while Argo CD attempts to synchronize or delete the
+application.
+
+## Motivation
+
+We’ve seen cases where Argo CD deleted Kubernetes resources due to a bug or misconfiguration.​ Examples include [corrupted
+data](https://github.com/argoproj/argo-cd/issues/4423) in Redis, user errors
+([1](https://github.com/argoproj/argo-cd/issues/9093), [2](https://github.com/argoproj/argo-cd/issues/4844))
+and [bug](https://github.com/argoproj/argo-cd/issues/3473) in the automation on top of Argo CD. These examples don’t
+mean Argo CD is not reliable; however, there are cases where misbehavior is catastrophic, and erroneous deletion is not
+acceptable. Examples include the app-of-apps pattern where Argo CD is used to manage itself, or namespaces in production
+clusters.
+
+### Goals
+
+The goals of a proposal ares:
+
+#### Allow developers to mark resources that require manual approval before application deletion.
+
+Developers should be able to add an annotation to resources that require manual approval before deletion. The annotation
+should be respected by Argo CD when it attempts to delete the application.
+
+#### Allow developers to mark resources that require manual approval before pruning
+
+Developers should be able to add an annotation to resources that require manual approval before pruning. The annotation
+should be respected by Argo CD when it attempts to prune extra resources while syncing the application.
+
+### Non-Goals
+
+#### Implement automatic self check while deleting resources
+
+We've made our best effort to implement corrected behavior, and as of now, we are not aware of any bugs that cause
+erroneous deletion. The goal of this proposal is to provide a safety net for cases where deletion is not acceptable.
+
+## Proposal
+
+It is proposed to introduce two new sync options for Argo CD applications: `Prune=confirm` and `Delete=confirm`. Options would
+protect resources from accidental deletion during cascading application deletion as well as during sync operations.
+
+### Introduce `confirm` option for Prune sync option.
+
+Argo CD already supports `argocd.argoproj.io/sync-options: Prune=false` sync option that prevents resource deletion while syncing
+the application. This, however, is not ideal since it prevents implementing fully automated workflows that include resource deletion.
+
+In order to improve the situation, we propose to introduce `confirm` option for Prune sync option. When `confirm` option is set, Argo CD should pause the sync operation
+**before deleting any app resources** and wait for the user to confirm the deletion. The confirmation can be done in a very friendly way using Argo CD UI, CLI or API.
+
+* **Sync Operation status**. I suggest not to introduce new sync operation states to avoid disturbing the existing automation around syncing (CI pipelines, scripts etc). 
+  If Argo CD is waiting for the operation state should remain `Progressing`. Once the user confirms the deletion, the operation should resume.
+* **Sync Waves**. The sync wave shuold be "paused" while Argo CD is waiting for the user to confirm the deletion. No difference from waiting for the resource to became healthy.
+
+### Introduce `confirm` option for Delete sync option.
+
+Similarly to `Prune` sync option we need to introduce `confirm` value for `Delete` sync option: `argocd.argoproj.io/sync-options: Delete=confirm`. The `confirm` option
+should pause the sync operation **before deleting any app resources** and wait for the user to confirm the deletion. The confirmation can be done in a very friendly way
+using Argo CD UI, CLI or API.
+
+
+### Friendly prunning/deletion manual approval
+
+Since we know Argo CD is often used to implement fully automated developer workflows that include resource deletion, the
+deletion approval process should be as painless as possible. This way, platform administrators can instruct end users to
+apply the new prune/delete option to resources that require special care without significantly disturbing the developer
+experience.
+
+In both cases where Argo CD requires manual approval, the user should be able to approve the deletion using Argo CD UI,
+CLI, or API. The approval process should be as simple as possible and should not require the user to understand the
+internals of Argo CD.
+
+#### New `requiresDeletionApproval` resource field in application status
+
+A new field `requiresDeletionApproval` should be added to the `status.resources` list items. The field should be set to `true` when the resource deletion approval is required.
+
+```yaml
+  - health:
+      status: Healthy
+    kind: Service
+    name: guestbook-ui
+    namespace: default
+    status: OutOfSync
+    version: v1
+    requiresPruning: true
+    requiresDeletionApproval: true # new field that indicates that deletion approval is required
+```
+
+The Argo CD UI, CLI should visualize the `requiresDeletionApproval` field so that the user can easily discover which resources require manual approval.
+
+#### Approve deletion resource action
+
+The Argo CD UI, CLI should bundle the `Approve Deletion` [resource action](https://argo-cd.readthedocs.io/en/stable/operator-manual/resource_actions/)
+that would allow the user to approve the deletion. The action should patch the resource with the `argocd.argoproj.io/deletion-approved: true` annotation.
+Once annotation is applied the Argo CD should proceed with the deletion.
+
+The main reason to use the action is that we can reuse existing [RBAC](https://argo-cd.readthedocs.io/en/stable/operator-manual/rbac/) to control who can approve the deletion.
+
+#### UI/CLI Convinience to approve all resources
+
+The Argo CD UI should provide a convinient way to approve resources that require manual approval. The existing user interface will provide a button that allows end user
+execute the `Approve Deletion` action and approve resources one by one. In addition to the single resource approval, the UI should provide a way to approve all resources
+that require manual approval. The new button should execute the `Approve Deletion` action for all resources that require manual approval.
+
+Argo CD CLI would no need changes since existing `argocd app actions run` command allows to execute an action against multiple resources.
+
+#### Require deletion approval notification
+
+The default Argo CD notification catalog should include a trigger and notification template that notifies the user when
+deletion approval is required. The notification template should include a list of resources that require approval.
+
+
+#### Declarative approval
+
+The user should be able to approve resource deletion without using the UI or CLI by manually adding the `argocd.argoproj.io/deletion-approved: true` annotation to the resource.
+
+### Use cases
+
+Add a list of detailed use cases this enhancement intends to take care of.
+
+## Use case 1:
+
+As a developer, I would like to mark resources that require manual pruning approval so I can prevent the accidental deletion of critical resources.
+
+## Use case 2:
+
+As a developer, I would like to mark resources that require manual deletion approval so I can prevent the accidental deletion of critical resources.
+
+
+### Security Considerations
+
+The resource approval would require a mechanism to control who can approve the deletion. The proposal to use
+resource-level actions solves this problem and allows us to reuse the existing RBAC model.
+
+### Risks and Mitigations
+
+None.
+
+### Upgrade / Downgrade Strategy
+
+In case of rollback to the previous version the sync option would be ignored and the resources would be deleted as before.
+
+## Open Issues
+
+The proposal would require end users to learn about the new behavior and adjust their workflows. It includes a set of
+enhancements aimed at minimizing the impact on end users.
+
+## Alternatives
+
+None.

go.mod

@@ -83,10 +83,10 @@ require (
 	go.opentelemetry.io/otel v1.29.0
 	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.27.0
 	go.opentelemetry.io/otel/sdk v1.29.0
-	golang.org/x/crypto v0.26.0
+	golang.org/x/crypto v0.27.0
 	golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1
-	golang.org/x/net v0.28.0
-	golang.org/x/oauth2 v0.22.0
+	golang.org/x/net v0.29.0
+	golang.org/x/oauth2 v0.23.0
 	golang.org/x/sync v0.8.0
 	golang.org/x/term v0.24.0
 	golang.org/x/time v0.6.0
@@ -151,7 +151,7 @@ require (
 	go.starlark.net v0.0.0-20230525235612-a134d8f9ddca // indirect
 	golang.org/x/mod v0.17.0 // indirect
 	golang.org/x/sys v0.25.0 // indirect
-	golang.org/x/text v0.17.0 // indirect
+	golang.org/x/text v0.18.0 // indirect
 	golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d // indirect
 	google.golang.org/api v0.132.0 // indirect
 	google.golang.org/genproto v0.0.0-20230822172742-b8732ec3820d // indirect

go.sum

@@ -1040,8 +1040,8 @@ golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOM
 golang.org/x/crypto v0.22.0/go.mod h1:vr6Su+7cTlO45qkww3VDJlzDn0ctJvRgYbC2NvXHt+M=
 golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8=
 golang.org/x/crypto v0.24.0/go.mod h1:Z1PMYSOR5nyMcyAVAIQSKCDwalqy85Aqn1x3Ws4L5DM=
-golang.org/x/crypto v0.26.0 h1:RrRspgV4mU+YwB4FYnuBoKsUapNIL5cohGAmSH3azsw=
-golang.org/x/crypto v0.26.0/go.mod h1:GY7jblb9wI+FOo5y8/S2oY4zWP07AkOJ4+jxCqdqn54=
+golang.org/x/crypto v0.27.0 h1:GXm2NjJrPaiv/h1tb2UH8QfgC/hOf/+z0p6PT8o1w7A=
+golang.org/x/crypto v0.27.0/go.mod h1:1Xngt8kV6Dvbssa53Ziq6Eqn0HqbZi5Z6R0ZpwQzt70=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20200331195152-e8c3332aa8e5/go.mod h1:4M0jN8W1tt0AVLNr8HDosyJCDCDuyL9N9+3m7wDWgKw=
@@ -1125,16 +1125,16 @@ golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg=
 golang.org/x/net v0.24.0/go.mod h1:2Q7sJY5mzlzWjKtYUEXSlBWCdyaioyXzRB2RtU8KVE8=
 golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM=
 golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE=
-golang.org/x/net v0.28.0 h1:a9JDOJc5GMUJ0+UDqmLT86WiEy7iWyIhz8gz8E4e5hE=
-golang.org/x/net v0.28.0/go.mod h1:yqtgsTWOOnlGLG9GFRrK3++bGOUEkNBoHZc8MEDWPNg=
+golang.org/x/net v0.29.0 h1:5ORfpBpCs4HzDYoodCDBbwHzdR5UrLBZ3sOnUJmFoHo=
+golang.org/x/net v0.29.0/go.mod h1:gLkgy8jTGERgjzMic6DS9+SP0ajcu6Xu3Orq/SpETg0=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.20.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
 golang.org/x/oauth2 v0.21.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
-golang.org/x/oauth2 v0.22.0 h1:BzDx2FehcG7jJwgWLELCdmLuxk2i+x9UDpSiss2u0ZA=
-golang.org/x/oauth2 v0.22.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
+golang.org/x/oauth2 v0.23.0 h1:PbgcYx2W7i4LvjJWEbf0ngHV6qJYr86PkAV3bXdLEbs=
+golang.org/x/oauth2 v0.23.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -1269,8 +1269,8 @@ golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI=
-golang.org/x/text v0.17.0 h1:XtiM5bkSOt+ewxlOE/aE/AKEHibwj/6gvWMl9Rsh0Qc=
-golang.org/x/text v0.17.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
+golang.org/x/text v0.18.0 h1:XvMDiNzPAl0jr17s6W9lcaIhGUfUORdGCNsuLmPG224=
+golang.org/x/text v0.18.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
 golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=

ui/src/app/applications/components/application-details/application-details.tsx

@@ -842,6 +842,7 @@ export class ApplicationDetails extends React.Component<RouteComponentProps<{app
                                                 isAppSelected={isAppSelected}
                                                 updateApp={(app: models.Application, query: {validate?: boolean}) => this.updateApp(app, query)}
                                                 selectedNode={selectedNode}
+                                                appCxt={this.context}
                                                 tab={tab}
                                             />
                                         </SlidingPanel>

ui/src/app/applications/components/application-parameters/application-parameters-source.tsx

@@ -24,8 +24,10 @@ export interface ApplicationParametersPanelProps<T> {
     viewBottom?: string | React.ReactNode;
     editTop?: (formApi: FormApi) => React.ReactNode;
     editBottom?: (formApi: FormApi) => React.ReactNode;
+    numberOfSources?: number;
     noReadonlyMode?: boolean;
     collapsible?: boolean;
+    deleteSource: () => void;
 }
 
 interface ApplicationParametersPanelState {
@@ -64,9 +66,11 @@ export class ApplicationParametersSource<T = {}> extends React.Component<Applica
                                 ctx={ctx}
                                 isTopSection={true}
                                 disabledState={this.state.editTop || this.state.editTop === null}
+                                disabledDelete={this.props.numberOfSources <= 1}
                                 updateButtons={editClicked => {
                                     this.setState({editBottom: editClicked});
                                 }}
+                                deleteSource={this.props.deleteSource}
                             />
                         </React.Fragment>
                         {this.props.itemsTop && (

ui/src/app/applications/components/application-parameters/application-parameters.scss

@@ -42,6 +42,10 @@
         right: 1em;
     }
 
+    .source-panel-buttons {
+        margin-bottom: 10px;
+    }
+
     .argo-field {
         line-height: 1.15;
     }