fix(ui): support base HREF in dev environment

.spelling

@@ -215,6 +215,7 @@ params
 pprof
 pre-commit
 programmatically
+proxying
 pytorch
 qps
 ray
@@ -280,6 +281,7 @@ versioning
 webHDFS
 webhook
 webhooks
+webpack-dev-server
 workflow-controller-configmap
 workqueue
 yaml

Makefile

@@ -97,6 +97,23 @@ endif
 ifeq ($(UI),true)
 TASKS                 := controller server ui
 endif
+
+# -- SSO options
+# Need to rewrite the SSO redirect URL referenced in ConfigMaps when UI_SECURE and/or BASE_HREF is set.
+# Can't use "kustomize" or "kubectl patch" because the SSO config is a YAML string in those ConfigMaps.
+SSO_REDIRECT_URL   := http
+ifeq ($(UI_SECURE),true)
+SSO_REDIRECT_URL   := https
+endif
+ifeq ($(BASE_HREF),)
+BASE_HREF          := /
+else
+# Ensure base URL has a single trailing/leading slash to match the logic in getIndexData() in server/static/static.go
+override BASE_HREF := /$(BASE_HREF:/%=%)
+override BASE_HREF := $(BASE_HREF:%/=%)/
+endif
+SSO_REDIRECT_URL   := $(SSO_REDIRECT_URL)://localhost:8080$(BASE_HREF)oauth2/callback
+
 # Which mode to run in:
 # * `local` run the workflow–controller and argo-server as single replicas on the local machine (default)
 # * `kubernetes` run the workflow-controller and argo-server on the Kubernetes cluster
@@ -157,7 +174,7 @@ TOOL_MKDOCS                 := $(TOOL_MKDOCS_DIR)/bin/mkdocs
 print-variables: ## Print Makefile variables
 	@echo GIT_COMMIT=$(GIT_COMMIT) GIT_BRANCH=$(GIT_BRANCH) GIT_TAG=$(GIT_TAG) GIT_TREE_STATE=$(GIT_TREE_STATE) RELEASE_TAG=$(RELEASE_TAG) DEV_BRANCH=$(DEV_BRANCH) VERSION=$(VERSION)
 	@echo KUBECTX=$(KUBECTX) K3D=$(K3D) DOCKER_PUSH=$(DOCKER_PUSH) TARGET_PLATFORM=$(TARGET_PLATFORM)
-	@echo RUN_MODE=$(RUN_MODE) PROFILE=$(PROFILE) AUTH_MODE=$(AUTH_MODE) SECURE=$(SECURE) STATIC_FILES=$(STATIC_FILES) ALWAYS_OFFLOAD_NODE_STATUS=$(ALWAYS_OFFLOAD_NODE_STATUS) UPPERIO_DB_DEBUG=$(UPPERIO_DB_DEBUG) LOG_LEVEL=$(LOG_LEVEL) NAMESPACED=$(NAMESPACED)
+	@echo RUN_MODE=$(RUN_MODE) PROFILE=$(PROFILE) AUTH_MODE=$(AUTH_MODE) SECURE=$(SECURE) STATIC_FILES=$(STATIC_FILES) ALWAYS_OFFLOAD_NODE_STATUS=$(ALWAYS_OFFLOAD_NODE_STATUS) UPPERIO_DB_DEBUG=$(UPPERIO_DB_DEBUG) LOG_LEVEL=$(LOG_LEVEL) NAMESPACED=$(NAMESPACED) BASE_HREF=$(BASE_HREF)
 
 override LDFLAGS += \
   -X github.com/argoproj/argo-workflows/v3.version=$(VERSION) \
@@ -574,13 +591,11 @@ install: githooks ## Install Argo to the current Kubernetes cluster
 	kubectl kustomize --load-restrictor=LoadRestrictionsNone test/e2e/manifests/$(PROFILE) \
 		| sed 's|quay.io/argoproj/|$(IMAGE_NAMESPACE)/|' \
 		| sed 's/namespace: argo/namespace: $(KUBE_NAMESPACE)/' \
+		| sed 's|http://localhost:8080/oauth2/callback|$(SSO_REDIRECT_URL)|' \
 		| KUBECTL_APPLYSET=true kubectl -n $(KUBE_NAMESPACE) apply --applyset=configmaps/install --server-side --prune -f -
 ifeq ($(PROFILE),stress)
 	kubectl -n $(KUBE_NAMESPACE) apply -f test/stress/massive-workflow.yaml
 endif
-ifeq ($(UI_SECURE)$(PROFILE),truesso)
-	KUBE_NAMESPACE=$(KUBE_NAMESPACE) ./hack/update-sso-redirect-url.sh
-endif
 
 .PHONY: argosay
 argosay:
@@ -646,7 +661,7 @@ endif
 	grep '127.0.0.1.*postgres' /etc/hosts
 	grep '127.0.0.1.*mysql' /etc/hosts
 ifeq ($(RUN_MODE),local)
-	env DEFAULT_REQUEUE_TIME=$(DEFAULT_REQUEUE_TIME) ARGO_SECURE=$(SECURE) ALWAYS_OFFLOAD_NODE_STATUS=$(ALWAYS_OFFLOAD_NODE_STATUS) ARGO_LOGLEVEL=$(LOG_LEVEL) UPPERIO_DB_DEBUG=$(UPPERIO_DB_DEBUG) ARGO_AUTH_MODE=$(AUTH_MODE) ARGO_NAMESPACED=$(NAMESPACED) ARGO_NAMESPACE=$(KUBE_NAMESPACE) ARGO_MANAGED_NAMESPACE=$(MANAGED_NAMESPACE) ARGO_EXECUTOR_PLUGINS=$(PLUGINS) ARGO_POD_STATUS_CAPTURE_FINALIZER=$(POD_STATUS_CAPTURE_FINALIZER) ARGO_UI_SECURE=$(UI_SECURE) PROFILE=$(PROFILE) kit $(TASKS)
+	env DEFAULT_REQUEUE_TIME=$(DEFAULT_REQUEUE_TIME) ARGO_SECURE=$(SECURE) ALWAYS_OFFLOAD_NODE_STATUS=$(ALWAYS_OFFLOAD_NODE_STATUS) ARGO_LOGLEVEL=$(LOG_LEVEL) UPPERIO_DB_DEBUG=$(UPPERIO_DB_DEBUG) ARGO_AUTH_MODE=$(AUTH_MODE) ARGO_NAMESPACED=$(NAMESPACED) ARGO_NAMESPACE=$(KUBE_NAMESPACE) ARGO_MANAGED_NAMESPACE=$(MANAGED_NAMESPACE) ARGO_EXECUTOR_PLUGINS=$(PLUGINS) ARGO_POD_STATUS_CAPTURE_FINALIZER=$(POD_STATUS_CAPTURE_FINALIZER) ARGO_UI_SECURE=$(UI_SECURE) ARGO_BASE_HREF=$(BASE_HREF) PROFILE=$(PROFILE) kit $(TASKS)
 endif
 
 .PHONY: wait

docs/running-locally.md

@@ -157,6 +157,19 @@ To test SSO integration, use `PROFILE=sso`:
 make start UI=true PROFILE=sso
 ```
 
+### Proxying
+
+When using `UI=true`, `make start` will start [webpack-dev-server](https://github.com/webpack/webpack-dev-server) to serve requests to <http://localhost:8080>, while proxying API requests to the Argo Server at <http://localhost:2746>.
+
+Use `BASE_HREF` to customize the [base HREF](argo-server.md#base-href), which will cause webpack-dev-server to strip out the provided path when proxying requests to the Argo Server.
+For example, to make the UI accessible at <http://localhost:8080/argo/>:
+
+```bash
+make start UI=true BASE_HREF=/argo/
+```
+
+Note that if you're using `PROFILE=sso`, you may need to run `kubectl rollout restart deploy dex` to restart Dex after changing the base HREF.
+
 ### TLS
 
 By default, `make start` will start Argo in [plain text mode](tls.md#plain-text).

tasks.yaml

@@ -119,6 +119,7 @@ tasks:
     - "8080"
     watch:
     - package.json
+    - webpack.config.js
     workingDir: ui
   ui-deps:
     command:

ui/src/index.html

@@ -4,7 +4,6 @@
 <head>
     <meta charset="UTF-8">
     <title>Argo</title>
-    <base href="/">
     <meta name="viewport" content="width=device-width, initial-scale=1">
     <meta name="robots" content="noindex">
     <link rel="icon" type="image/png" href="assets/favicon/favicon-32x32.png" sizes="32x32">

ui/webpack.config.js

@@ -1,4 +1,4 @@
-'use strict;' /* eslint-env node */ /* eslint-disable @typescript-eslint/no-var-requires */;
+'use strict;' /* eslint-env node */
 
 const MonacoWebpackPlugin = require('monaco-editor-webpack-plugin');
 const CopyWebpackPlugin = require('copy-webpack-plugin');
@@ -7,6 +7,7 @@ const HtmlWebpackPlugin = require('html-webpack-plugin');
 const webpack = require('webpack');
 
 const isProd = process.env.NODE_ENV === 'production';
+const base = process.env.ARGO_BASE_HREF || '/';
 let proxyTarget = '';
 if (!isProd) {
     const isSecure = process.env.ARGO_SECURE === 'true';
@@ -22,7 +23,8 @@ const config = {
     },
     output: {
         filename: '[name].[contenthash].js',
-        path: __dirname + '/dist/app'
+        path: __dirname + '/dist/app',
+        publicPath: base,
     },
 
     devtool: isProd ? 'source-map' : 'eval',
@@ -70,7 +72,11 @@ const config = {
                 version: process.env.VERSION || 'latest'
             })
         }),
-        new HtmlWebpackPlugin({template: 'src/index.html'}),
+        new HtmlWebpackPlugin({
+            template: 'src/index.html',
+            // Inject <base href="..."> tag into <head> to support non-root base using "--base-href" or "ARGO_BASE_HREF"
+            base,
+        }),
         new CopyWebpackPlugin({
             patterns: [
                 {
@@ -107,17 +113,25 @@ const config = {
         server: process.env.ARGO_UI_SECURE === 'true' ? 'https' : 'http',
         // this needs to be disabled to allow EventSource to work
         compress: false,
+        // Docs: https://github.com/bripkens/connect-history-api-fallback
         historyApiFallback: {
-            disableDotRule: true
+            disableDotRule: true,
+            // Needed to fix 404s: https://github.com/webpack/webpack-dev-server/issues/1457#issuecomment-415527819
+            index: base
         },
         headers: {
             'X-Frame-Options': 'SAMEORIGIN'
         },
         proxy: [
             {
-                context: ['/api/v1', '/artifact-files', '/artifacts', '/input-artifacts', '/artifacts-by-uid', '/input-artifacts-by-uid', '/oauth2'],
+                // Proxy paths handled by the API server defined at https://github.com/argoproj/argo-workflows/blob/cb7ebd9393f3322abf455d906e39a3a976421b30/server/apiserver/argoserver.go#L413-L428
+                context: ['api/v1', 'artifact-files', 'artifacts', 'input-artifacts', 'artifacts-by-uid', 'input-artifacts-by-uid', 'oauth2']
+                    .map(path => `${base}${path}`),
                 target: proxyTarget,
                 secure: false,
+                // Rewrite the base href for non-root paths
+                // Docs: https://github.com/chimurai/http-proxy-middleware?tab=readme-ov-file#pathrewrite-objectfunction
+                pathRewrite: { [`^${base}`]: '' },
                 xfwd: true // add x-forwarded-* headers to simulate real-world reverse proxy servers
             }
         ]