Adding VersionStream for argo-cd-2.14

[octo-sts]

No description provided.

[octo-sts]

⚠️ EXPERIMENTAL

Please use 👍 or 👎 on this comment to indicate if you agree or disagree with the recommendation.

To provide more detailed feedback please comment on the recommendation prefixed with /ai-verify:

e.g. /ai-verify partially helpful but I also added bash to the build environment

Gen AI suggestions to solve the build error:

Based on the error output, I'll analyze and provide specific fixes:

• Detected Error:

Reversed (or previously applied) patch detected! Assume -R? [n]
...
2 out of 2 hunks ignored -- saving rejects to file cmd/argocd-k8s-auth/commands/azure.go.rej
...
Hunk #1 FAILED at 4.
1 out of 1 hunk FAILED -- saving rejects to file go.mod.rej

• Error Category: Build Configuration/Patch Application

• Failure Point: The patch step in the pipeline trying to apply GHSA-m5vv-6r4h-3vj9.patch

• Root Cause Analysis: The patch file appears to have been either:

1. Already applied to the source code
2. Created from a different base version
3. Contains reverse-order changes

• Suggested Fix:

1. Remove the patch step entirely since it appears to be already applied:

# Remove or comment out this section
  - uses: patch
    with:
      patches: GHSA-m5vv-6r4h-3vj9.patch

2. If the patch is still needed, verify the patch content and recreate it:

git diff --no-prefix origin/main...your-branch > GHSA-m5vv-6r4h-3vj9.patch

• Explanation:
The error suggests the patch cannot be applied because the changes are either already present in the source code or the patch was generated incorrectly. Since this is a security patch (GHSA prefix suggests a GitHub Security Advisory), it's likely these changes were already merged upstream in the 2.14.1 release.

• Additional Notes:

• The commit hash being checked out (3345d05a43d8edd7ec42ec71ffe8b5f95bc68dbe) may already include these changes
• You can verify if the changes are present by checking the files mentioned in the patch
• If building from v2.14.1 tag, check the release notes to confirm if this security fix was included

• References:

• GitHub Security Advisory: https://github.com/argoproj/argo-cd/security/advisories (specific GHSA)
• Argo CD v2.14.1 Release Notes: https://github.com/argoproj/argo-cd/releases/tag/v2.14.1

[kranurag7]

the patch from Jason is on main, we can unblock this by removing the patch block.

[OddBloke]

The detected CVE is a false positive: 2.14 was never affected by the CVE, as the fix for it landed in rc7: argoproj/argo-cd@d59c85c

[OddBloke]

I've opened wolfi-dev/advisories#11931 to add an advisory for this, which we can land once this PR lands.