codefresh-io · danielm-codefresh · Jun 25, 2024 · May 30, 2024 · May 30, 2024 · May 30, 2024
@@ -1,8 +1,8 @@
 apiVersion: v2
-appVersion: 0.1.49
+appVersion: 0.1.50
 description: A Helm chart for Codefresh gitops runtime
 name: gitops-runtime
-version: 0.7.1
+version: 0.7.2
 home: https://github.com/codefresh-io/gitops-runtime-helm
 icon: https://avatars1.githubusercontent.com/u/11412079?v=3
 keywords:
@@ -15,19 +15,19 @@ annotations:
   artifacthub.io/alternativeName: "codefresh-gitops-runtime"
   artifacthub.io/changes: |
     - kind: changed
-      description: "update codefresh-gitops-operator chart to 1.0.17 to allow missing promotion flow label"
+      description: "removed promotion-related notifications from argocd-notifications-controller"
     - kind: changed
-      description: "updated cap-app-proxy to 1.2835.0"
-    - kind: added
-      description: garage as optional dependency for Argo workflows artifact and log storage
-    - kind: fixed
-      description: multiarch image for installer image used in hooks
-    - kind: fixed
-      description: multiarch frpc (codefresh-tunnel-client) image
+      description: "update gitops operator and switch gitops operator to library mode - set ArgoCD image for notifications controller to match other ArgoCD components and set correct workflows url from chart values, stop suspend workflow wrappers in case of degraded apps, and add omitted condition to wrapper workflow"
+    - kind: changed
+      description: "updated cap-app-proxy to 1.2875.0, including skipping PAT scopes permissions validations for git providers: BitBucket, BitBucket Server and GitLab; new query promotablePropertiesPreview"
+    - kind: security
+      description: "update tunnel client image to a new in-support alpine version"
+    - kind: changed
+      description: "update argo-cd to 6.7.18-4-cap-2.10-2024.6.17-77e06d0f6 with v2 event-reporter support of CA cert"
 dependencies:
 - name: argo-cd
   repository: https://codefresh-io.github.io/argo-helm
-  version: 6.7.18-3-cap-2.10-2024.5.14-9315e75e1
+  version: 6.7.18-4-cap-2.10-2024.6.17-77e06d0f6
 - name: argo-events
   repository: https://codefresh-io.github.io/argo-helm
   version: 2.0.9-1-cap-CR-19893
@@ -44,12 +44,12 @@ dependencies:
   version: 2.14.1
 - name: codefresh-tunnel-client
   repository: oci://quay.io/codefresh/charts
-  version: 0.1.16
+  version: 0.1.17
   alias: tunnel-client
   condition: tunnel-client.enabled
 - name: codefresh-gitops-operator
   repository: oci://quay.io/codefresh/charts
-  version: 1.0.17
+  version: 1.0.24
   alias: gitops-operator
   condition: gitops-operator.enabled
 - name: garage

@@ -1,5 +1,5 @@
 ## Codefresh gitops runtime
-![Version: 0.7.1](https://img.shields.io/badge/Version-0.7.1-informational?style=flat-square) ![AppVersion: 0.1.49](https://img.shields.io/badge/AppVersion-0.1.49-informational?style=flat-square)
+![Version: 0.7.2](https://img.shields.io/badge/Version-0.7.2-informational?style=flat-square) ![AppVersion: 0.1.50](https://img.shields.io/badge/AppVersion-0.1.50-informational?style=flat-square)
 
 ## Prerequisites
 
@@ -27,7 +27,7 @@ We have created a helper utility to resolve this issue:
 The utility is packaged in a container image. Below are instructions on executing the utility using Docker:
 
 ```
-docker run -v <output_dir>:/output quay.io/codefresh/gitops-runtime-private-registry-utils:0.7.1 <local_registry>
+docker run -v <output_dir>:/output quay.io/codefresh/gitops-runtime-private-registry-utils:0.7.2 <local_registry>
 ```
 `output_dir` - is a local directory where the utility will output files. <br>
 `local_registry` - is your local registry where you want to mirror the images to
@@ -100,14 +100,14 @@ sealed-secrets:
 | app-proxy.image-enrichment.serviceAccount.name | string | `"codefresh-image-enrichment-sa"` | Name of the service account to create or the name of the existing one to use |
 | app-proxy.image.pullPolicy | string | `"IfNotPresent"` |  |
 | app-proxy.image.repository | string | `"quay.io/codefresh/cap-app-proxy"` |  |
-| app-proxy.image.tag | string | `"1.2835.0"` |  |
+| app-proxy.image.tag | string | `"1.2875.0"` |  |
 | app-proxy.imagePullSecrets | list | `[]` |  |
 | app-proxy.initContainer.command[0] | string | `"./init.sh"` |  |
 | app-proxy.initContainer.env | object | `{}` |  |
 | app-proxy.initContainer.extraVolumeMounts | list | `[]` | Extra volume mounts for init container |
 | app-proxy.initContainer.image.pullPolicy | string | `"IfNotPresent"` |  |
 | app-proxy.initContainer.image.repository | string | `"quay.io/codefresh/cap-app-proxy-init"` |  |
-| app-proxy.initContainer.image.tag | string | `"1.2835.0"` |  |
+| app-proxy.initContainer.image.tag | string | `"1.2875.0"` |  |
 | app-proxy.initContainer.resources.limits.cpu | string | `"1"` |  |
 | app-proxy.initContainer.resources.limits.memory | string | `"512Mi"` |  |
 | app-proxy.initContainer.resources.requests.cpu | string | `"0.2"` |  |
@@ -156,16 +156,6 @@ sealed-secrets:
 | argo-cd.eventReporter.replicas | int | `3` | Amount of shards to handle applications events |
 | argo-cd.eventReporter.version | string | `"v2"` | Switches between old and new reporter version. Possible values: v1, v2. For v2 `argo-cd.eventReporter.enabled=true` is required |
 | argo-cd.fullnameOverride | string | `"argo-cd"` |  |
-| argo-cd.notifications.bots.slack | object | `{}` |  |
-| argo-cd.notifications.enabled | bool | `true` |  |
-| argo-cd.notifications.notifiers."service.webhook.cf-promotion-app-revision-changed-notifier" | string | `"url: http://gitops-operator:8082/app-revision-changed\nheaders:\n- name: Content-Type\n  value: application/json\n"` |  |
-| argo-cd.notifications.subscriptions[0].recipients[0] | string | `"cf-promotion-app-revision-changed-notifier"` |  |
-| argo-cd.notifications.subscriptions[0].triggers[0] | string | `"cf-promotion-on-deployed-trigger"` |  |
-| argo-cd.notifications.subscriptions[1].recipients[0] | string | `"cf-promotion-app-revision-changed-notifier"` |  |
-| argo-cd.notifications.subscriptions[1].triggers[0] | string | `"cf-promotion-on-out-of-sync-trigger"` |  |
-| argo-cd.notifications.templates."template.cf-promotion-app-revision-changed-template" | string | `"webhook:\n  cf-promotion-app-revision-changed-notifier:\n    method: POST\n    body: |\n      {\n        \"APP_NAMESPACE\": {{ .app.metadata.namespace | quote }},\n        \"APP_NAME\": {{ .app.metadata.name | quote }},\n        \"REPO_URL\": {{ call .repo.RepoURLToHTTPS .app.spec.source.repoURL | quote }},\n        \"BRANCH\": {{ .app.spec.source.targetRevision | quote }},\n        \"PATH\": {{ .app.spec.source.path | quote }},\n        \"PREV_COMMIT_SHA\": {{ (index .app.status.history (sub (len .app.status.history) 2)).revision | quote }},\n        \"CURRENT_COMMIT_SHA\": {{ .app.status.operationState.syncResult.revision | quote }}\n      }\n"` |  |
-| argo-cd.notifications.triggers."trigger.cf-promotion-on-deployed-trigger" | string | `"- description: Application is synced and healthy. Triggered once per commit.\n  when: get(app.spec.syncPolicy, \"automated\") != nil && app.status.sync.status == \"Synced\" && app.status.health.status == \"Healthy\" && app.status.operationState.syncResult.revision != nil\n  oncePer: app.status.operationState.syncResult.revision\n  send:\n  - cf-promotion-app-revision-changed-template\n"` |  |
-| argo-cd.notifications.triggers."trigger.cf-promotion-on-out-of-sync-trigger" | string | `"- description: Application is out of sync (when autoHeal is off). Triggered once per commit.\n  when: get(app.spec.syncPolicy, \"automated\") == nil && app.status.sync.status == \"OutOfSync\" && app.status.operationState.syncResult.revision != nil\n  oncePer: app.status.operationState.syncResult.revision\n  send:\n  - cf-promotion-app-revision-changed-template\n"` |  |
 | argo-events.crds.install | bool | `false` |  |
 | argo-events.fullnameOverride | string | `"argo-events"` |  |
 | argo-rollouts.controller.replicas | int | `1` |  |
@@ -241,6 +231,10 @@ sealed-secrets:
 | garage-workflows-artifact-storage.persistence.meta.storageClass | string | `""` | When empty value empty the default storage class for the cluster will be used |
 | garage-workflows-artifact-storage.resources | object | `{}` | Resources for garage pods. For smaller deployments at least 100m CPU and 1024Mi memory is reccommended. For larger deployments double this size. |
 | gitops-operator.affinity | object | `{}` |  |
+| gitops-operator.argoCdNotifications | object | `{"image":{},"imageOverride":false,"resources":{}}` | Builtin notifications controller used by gitops-operator for promotion related notifications |
+| gitops-operator.argoCdNotifications.image | object | `{}` | Set image.repository and image.tag notifications image used by the gitops operator. Ignored unless imageOverride is set to true. |
+| gitops-operator.argoCdNotifications.imageOverride | bool | `false` | If set to true allows to override notifications image used by the gitops operator. When set to false the version of ArgoCD will be set to the version used for all other ArgoCD components. |
+| gitops-operator.argoCdNotifications.resources | object | `{}` | Resources for notifications controller used by gitops-operator. |
 | gitops-operator.crds | object | `{"additionalLabels":{},"annotations":{},"install":true,"keep":false}` | Codefresh gitops operator crds |
 | gitops-operator.crds.additionalLabels | object | `{}` | Additional labels for gitops operator CRDs |
 | gitops-operator.crds.annotations | object | `{}` | Annotations on gitops operator CRDs |
@@ -258,6 +252,7 @@ sealed-secrets:
 | gitops-operator.kube-rbac-proxy.resources.requests.memory | string | `"64Mi"` |  |
 | gitops-operator.kube-rbac-proxy.securityContext.allowPrivilegeEscalation | bool | `false` |  |
 | gitops-operator.kube-rbac-proxy.securityContext.capabilities.drop[0] | string | `"ALL"` |  |
+| gitops-operator.libraryMode | bool | `true` | Do not change unless instructed otherwise by Codefresh support |
 | gitops-operator.nameOverride | string | `""` |  |
 | gitops-operator.nodeSelector | object | `{}` |  |
 | gitops-operator.podAnnotations | object | `{}` |  |

@@ -80,6 +80,22 @@ Determine argocd server service name. Must be called with chart root context
 {{- template "argo-cd.server.fullname" (dict "Values" (get .Values "argo-cd")) }}
 {{- end }}
 
+{{/*
+Determine argocd repo server service name. Must be called with chart root context
+*/}}
+{{- define "codefresh-gitops-runtime.argocd.reposerver.servicename" -}}
+{{/* For now use template from ArgoCD chart until better approach */}}
+{{- template "argo-cd.repoServer.fullname" (dict "Values" (get .Values "argo-cd")) }}
+{{- end }}
+
+{{/*
+Determine argocd argocd repo server port
+*/}}
+{{- define "codefresh-gitops-runtime.argocd.reposerver.serviceport" -}}
+{{/* For now use template from ArgoCD chart until better approach */}}
+  {{- index .Values "argo-cd" "repoServer" "service" "port" }}
+{{- end }}
+
 {{/*
 Determine argocd servicename. Must be called with chart root context
 */}}
@@ -283,4 +299,4 @@ valueFrom:
     key: {{ include "codefresh-gitops-runtime.runtime-gitcreds.password.secretkey" . }}
     optional: true
 {{- end }}
-# ------------------------------------------------------------------------------------------------------------
+# ------------------------------------------------------------------------------------------------------------
@@ -0,0 +1,30 @@
+{{- if index (get .Values "gitops-operator") "libraryMode" }}
+  {{- $gitopsOperatorContext := (index .Subcharts "gitops-operator")}}
+  {{- $argoCDImageDict := index .Subcharts "argo-cd" "Values" "global" "image" }}
+  {{- if not $argoCDImageDict.tag }}
+    {{- $_ := set $argoCDImageDict "tag" (get .Subcharts "argo-cd").Chart.AppVersion }}
+  {{- end }}
+
+
+  {{/* Set ArgoCD image */}}
+  {{- if not (index .Values "gitops-operator" "argoCdNotifications.imageOverride") }}
+    {{- $_ := set $gitopsOperatorContext.Values.argoCdNotifications.image "repository" $argoCDImageDict.repository }}
+    {{- $_ := set $gitopsOperatorContext.Values.argoCdNotifications.image "tag" $argoCDImageDict.tag }}
+  {{- end }}
+
+  {{/* Set repo server service and port */}}
+  {{- $_ := set $gitopsOperatorContext.Values.argoCdNotifications.argocd.repoServer "fullname" (include "codefresh-gitops-runtime.argocd.reposerver.servicename" . ) }}
+  {{- $_ := set $gitopsOperatorContext.Values.argoCdNotifications.argocd.repoServer "port" (include "codefresh-gitops-runtime.argocd.reposerver.serviceport" . ) }}
+
+
+  {{/* Set workflows url */}}
+  {{- if index .Values "argo-workflows" "enabled" }}
+    {{- if not $gitopsOperatorContext.Values.env.ARGO_WF_URL }}
+      {{- $argoWorkflowsUrl := include "codefresh-gitops-runtime.argo-workflows.server.url" . }}
+      {{- $_ := set $gitopsOperatorContext.Values.env "ARGO_WF_URL" $argoWorkflowsUrl }}
+    {{- end }}
+  {{- end}}
+
+  {{- include "gitops-operator.resources" $gitopsOperatorContext}}
+
+{{- end }}
@@ -1,11 +1,13 @@
 suite: misc tests on gitops-operator templates generation
 templates:
-  - charts/gitops-operator/templates/deployment.yaml
-  - charts/gitops-operator/templates/sa.yaml
-  - charts/gitops-operator/templates/rbac.yaml
+  - "gitops-operator.yaml"
+  - charts/gitops-operator/*
 tests:
 - it: override both images works
-  template: 'charts/gitops-operator/templates/deployment.yaml'
+  template: gitops-operator.yaml
+  documentSelector:
+    path: kind
+    value: Deployment
   values:
   - ./values/mandatory-values.yaml
   set:
@@ -26,20 +28,25 @@ tests:
       value: example.com/repo:0.0.1
 
 - it: override service account name - sa object
-  template: 'charts/gitops-operator/templates/sa.yaml'
+  template: gitops-operator.yaml
   values:
   - ./values/mandatory-values.yaml
   set:
     gitops-operator.serviceAccount.name: sa-name
   asserts:
-  - equal:
-      path: metadata.name
-      value: sa-name
+  - containsDocument:
+      kind: ServiceAccount
+      apiVersion: v1
+      name: sa-name
+      any: true
 
 - it: override service account name - deployment
-  template: 'charts/gitops-operator/templates/deployment.yaml'
+  template: 'gitops-operator.yaml'
   values:
   - ./values/mandatory-values.yaml
+  documentSelector:
+    path: kind
+    value: Deployment
   set:
     gitops-operator.serviceAccount.name: sa-name
   asserts:
@@ -48,7 +55,10 @@ tests:
       value: sa-name
 
 - it: overriding of environment variables on main container
-  template: 'charts/gitops-operator/templates/deployment.yaml'
+  template: 'gitops-operator.yaml'
+  documentSelector:
+    path: kind
+    value: Deployment
   values:
   - ./values/mandatory-values.yaml
   set:
@@ -59,8 +69,12 @@ tests:
       content:
         name: PORT
         value: "8787"
+
 - it: adding environment variables on main container
-  template: 'charts/gitops-operator/templates/deployment.yaml'
+  template: 'gitops-operator.yaml'
+  documentSelector:
+    path: kind
+    value: Deployment
   values:
   - ./values/mandatory-values.yaml
   set:
@@ -71,8 +85,12 @@ tests:
       content:
         name: SOME_ENV
         value: test
+
 - it: setting security context on main container
-  template: 'charts/gitops-operator/templates/deployment.yaml'
+  template: 'gitops-operator.yaml'
+  documentSelector:
+    path: kind
+    value: Deployment
   values:
   - ./values/mandatory-values.yaml
   set:
@@ -81,8 +99,12 @@ tests:
   - equal:
       path: spec.template.spec.containers[1].securityContext.runAsUser
       value: 1000
+
 - it: override readiness and liveness probes values
-  template: 'charts/gitops-operator/templates/deployment.yaml'
+  template: 'gitops-operator.yaml'
+  documentSelector:
+    path: kind
+    value: Deployment
   values:
   - ./values/mandatory-values.yaml
   set:
@@ -127,8 +149,12 @@ tests:
   - equal:
       path: spec.template.spec.containers[1].livenessProbe.failureThreshold
       value: 1
+
 - it: setting node selector
-  template: 'charts/gitops-operator/templates/deployment.yaml'
+  template: 'gitops-operator.yaml'
+  documentSelector:
+    path: kind
+    value: Deployment
   values:
   - ./values/mandatory-values.yaml
   set:
@@ -141,7 +167,10 @@ tests:
         test.io/node: "test"
 
 - it: setting tolerations
-  template: 'charts/gitops-operator/templates/deployment.yaml'
+  template: 'gitops-operator.yaml'
+  documentSelector:
+    path: kind
+    value: Deployment
   values:
   - ./values/mandatory-values.yaml
   set:
@@ -160,7 +189,10 @@ tests:
         effect: "NoSchedule"
 
 - it: setting affinity
-  template: 'charts/gitops-operator/templates/deployment.yaml'
+  template: 'gitops-operator.yaml'
+  documentSelector:
+    path: kind
+    value: Deployment
   values:
   - ./values/mandatory-values.yaml
   set:
@@ -189,7 +221,7 @@ tests:
                 - antarctica-west1
 
 - it: contains all expected roles and role bindings
-  template: charts/gitops-operator/templates/rbac.yaml
+  template: gitops-operator.yaml
   values:
   - ./values/mandatory-values.yaml
   asserts:
@@ -248,3 +280,61 @@ tests:
         apiVersion: rbac.authorization.k8s.io/v1
         name: leader-election
         any: true
+
+- it: argocd and workflows overrides for notifications controller
+  template: gitops-operator.yaml
+  documentSelector:
+    path: kind
+    value: Deployment
+  values:
+  - ./values/mandatory-values.yaml
+  set:
+    argo-cd.global.image:
+      repository: "argocd/test"
+      tag: "test"
+    argo-cd.fullnameOverride: myargocd
+    argo-cd.repoServer.service.port: 9080
+    argo-workflows.enabled: true
+    argo-workflows.fullnameOverride: argo-test
+    argo-workflows.server.secure: false
+  asserts:
+  - equal:
+      path: spec.template.spec.containers[2].image
+      value: argocd/test:test
+  - contains:
+      path: spec.template.spec.containers[2].args
+      content: --argocd-repo-server=myargocd-repo-server:9080
+  - contains:
+      path: spec.template.spec.containers[1].env
+      content:
+        name: ARGO_WF_URL
+        value: http://argo-test-server:2746
+
+- it: contains all resources for notifications controller
+  template: gitops-operator.yaml
+  values:
+  - ./values/mandatory-values.yaml
+  set:
+    gitops-operator.argoCdNotifications.cm.name: "test-notifications-cm"
+    gitops-operator.argoCdNotifications.secret.name: "test-notifications-secret"
+  asserts:
+    - containsDocument:
+        kind: ConfigMap
+        apiVersion: v1
+        name: test-notifications-cm
+        any: true
+    - containsDocument:
+        kind: Secret
+        apiVersion: v1
+        name: test-notifications-secret
+        any: true
+    - containsDocument:
+        kind: ClusterRole
+        apiVersion: rbac.authorization.k8s.io/v1
+        name: codefresh-gitops-operator-notifications
+        any: true
+    - containsDocument:
+        kind: ClusterRoleBinding
+        apiVersion: rbac.authorization.k8s.io/v1
+        name: codefresh-gitops-operator-notifications
+        any: true