0.24.0

Installation

To install this version of the gitops-runtime Helm chart, use the following command:

helm pull oci://quay.io/codefresh/gitops-runtime --version 0.24.0

⚠️ Important Upgrade Instructions

This release incorporates a security fix from Argo CD to address advisory GHSA-786q-9hcg-v9ff. The change removes sensitive information from the Project API response.

If you have automations or CLI commands that rely on credentials from project-scoped repositories and clusters previously returned by the Project API, you must update them to remove the logic that uses this data.

Chart Changes

This release includes the following notable changes:

• Security:

  • The Argo CD Project API response has been sanitized to remove sensitive information in accordance with GHSA-786q-9hcg-v9ff.

• Features:

  • Support for single-namespaced runtime installations has been added. This allows for a more granular and isolated setup.

• Dependency Updates:

  • The app-proxy image has been updated to version 1.3736.0 to support single-namespaced runtimes.
  • The gitops-operator image has been updated to disable the RGS controller when running in single-namespaced mode.

0.23.3

Installation

To get Helm chart for this release run:

helm pull oci://quay.io/codefresh/gitops-runtime --version 0.23.3

Chart changes

• update cli-v2 in installer - fix token validation code (#696)
• update cap-app-proxy image tags to 1.3727.0 (#692)

App-proxy changes

• fix: remote-cluster application fails to sync due to its project

Important Note

If the ISC repository already contains the resources/app-projects/cf-runtime-app-project.yaml file (created by runtime chart >=0.23 <0.23.3) - it should be manually updated:

...
spec:
  destinations:
  - namespace: '*'
    server: "*" # <-- replace 'https://kubernetes.default.svc' with "*" here
...

0.23.2

Installation

To get Helm chart for this release run:

helm pull oci://quay.io/codefresh/gitops-runtime --version 0.23.2

Chart changes

• updated changes
• updated nginx (#662)
• updated cli-v2, kubectl in runtime-installer (#661)
• using bitnamilegacy instead of bitnami (#653)
• chore(CR-30232): updated oauth2, golang.org/x/net, github.com/cloudflare (#639)
• updated cspd enrichers (#652)
• updated changes
• fix(app-proxy): update cap-app-proxy image tags to 1.3718.0 (#678)
• fix(app-proxy): update cap-app-proxy image tags to 1.3709.0 - simplify user cache (#673)

App-proxy changes

Introduced changes:

• fix: update EventSource import to default import syntax
• feat: simplify user cache
• feat: closing ha gaps in app-proxy

0.23.1

Installation

To get Helm chart for this release run:

helm pull oci://quay.io/codefresh/gitops-runtime --version 0.23.1

Chart changes

• bumped app-proxy to 1.3707.0 for HA support (#667)

App-proxy changes

Introduced changes:

• fix: "cannot lock ref" error while performing a promotion

0.23.0

Quick install

helm pull oci://quay.io/codefresh/gitops-runtime --version 0.23.0

What’s new (highlights)

• Eventing: optional JetStream eventbus support + fixes for eventBusName.
• Argo CD 3.x compatibility: updated sub-charts (Argo CD, argo-rollouts) and a fix for out-of-sync CRDs; Helm & go-git bumps; Redis chart bump.
• Access control: ABAC for deployment actions (pause, resume, restart).
• Networking/ops: global proxy env vars and app-proxy now uses them for Git operations.
• Stability & resilience: many operator fixes (better error handling, safer resume logic, bounded curl timeouts, thread-safety, smarter requeues).

---

Component & chart updates

• cap-app-proxy: 1.3702.0
• codefresh-gitops-operator: 0.10.1
• argo-rollotus sub-chart: 2.37.3-6-v1.7.2-cap-CR-29629 (fixes out-of-sync CRDs on Argo CD v3)
• argo-cd sub-chart: 8.0.6-6-cap-v3.0.2-2025-07-06-e9fc72a9 (Helm & go-git bump; Redis version bump)

---

Detailed changes

Helm chart

• update cap-app-proxy to 1.3702.0
• update codefresh-gitops-operator to 0.10.1
• update argo-rollotus sub-chart to 2.37.3-6-v1.7.2-cap-CR-29629 (solve out-of-sync CRDs on Argo CD v3) (#630)
• update argo-cd sub-chart to 8.0.6-6-cap-v3.0.2-2025-07-06-e9fc72a9 (Helm & go-git bump) (#599); Redis version bump (#631)
• feat: add gitops-operator and argocd-extras templates (#591)
• feat: JetStream eventbus (#589)
• feat: added global proxy variables (#573)
• fix: support bring-your-own Argo CD < 3.1 (#576)
• fix: retries for Argo Events Sensors (#593)

app-proxy

• Allow concurrent reading of Git repo file content (#585)
• Update cf-git-providers to ^0.15.2 (#590)
• Return pushed commit SHA on push (#628)
• Fix eventBusName when using JetStream (#636)
• Use proxy env vars for Git operations (#646)
• Runtime application labels handling

codefresh-gitops-operator

• Fail release if app sync fails (#645)
• Stop attempting to resume a non-running workflow (#584)
• Change Git log look-back to 2 hours (#586)
• Broad error-handling improvements following 0.22.0 (#595)
• Cap curl on action node at 5 minutes; update Workflows.Resume (remove loop); make maps used in multithreaded code thread-safe; add requeue workaround for degraded rollout apps (#624)
• Update workflow submission logic & improve error handling (#65)
• Don’t requeue on known release creation failures (#655)

event-reporter

• Update cf-argocd-extras to 0.5.12 (dependency list fixes) (#616)
• Handle applications from a specific Argo CD instance (#618)

Other notable repo changes

• Add proxy env vars to COMMON_ENV_VARS
• Configurable refresh-permissions interval
• Fetch inactive applications only in app-proxy runtime
• Change ISC default app project to cf-app-project
• Add @types/jest dependency to multiple packages
• Update NestJS version

0.22.2

Installation

To get Helm chart for this release run:

helm pull oci://quay.io/codefresh/gitops-runtime --version 0.22.2

Chart changes

• Update gitops-oeprator to 0.8.6-832833c - optimize and batch calls to gitLog
• Update app-proxy to 1.3636.0-6119302 - fix caching of github users info, interduce new env variable to control permissions and token checks

App-proxy changes

No changes in this release

0.22.1

Installation

To fetch the Helm chart for this release, run:

helm pull oci://quay.io/codefresh/gitops-runtime --version 0.22.1

---

⚠️ Important Upgrade Considerations

Argo CD 3.0 Upgrade

This release includes an upgrade to Argo CD 3.0. While we haven't identified any breaking changes for standard Codefresh deployments, please note:

• If you have customized any default Argo CD values beyond what Codefresh distributes, you may be affected by Argo CD 3.0 changes
• Review the Argo CD 3.0 migration guide if you have custom configurations
• Test the upgrade in a non-production environment first if you have made extensive customizations

---

🚀 Chart Changes

Added

• feat: replaced EventBus implementation to jetstream (#589, #612) - ⚠️ See upgrade considerations above
• feat: GitHub‑API metrics exporter and upgraded Ubuntu base image for all service containers (#553)
• test: Initial component‑test framework for chart validation (#567)

Changed

• chore: codefresh‑gitops‑operator → v0.8.6

  • Includes workflow‑resume guard, and multiple bug‑fixes (#595, #586, #584, #582, #575)

• chore: argo‑cd Helm dependency → 8.0.6‑4‑cap‑v3.0.2‑2025‑07‑06‑e9fc72a9 (Argo CD 3.0 compatibility) (#563)

• chore: app‑proxy images → 1.3636.0

  • Adds GitHub‑rate‑limit mitigation, log filtering/live‑stream, and Argo CD 3.1 runResourceAction support (#570, #566, #564)

• chore: cf‑argocd‑extras bumped to 0.5.7 (#561)

• chore: Argo Rollouts upgraded to v1.7.2 (includes critical security patches) (#562)

• chore: Image‑enrichment service bumped to 1.1.14 (#558)

• fix: Updated REQUIRED_VERSION_CONSTRAINT for Argo CD 3.1+ (#576)

Fixed

• fix: validate-values script no longer fails when custom values are omitted (#560)

Removed

• chore: Dropped unused environment variable from app‑proxy deployment (#565)

Security

• security: Patched critical CVEs in Argo Rollouts 1.7.2 (#562)
• security: Upgraded nats‑exporter to resolve high‑severity vulnerabilities (#543)

---

🔧 App‑Proxy Changes

Added

• Reduced GitHub‑API requests to stay within rate limits
• Git‑operation cache for faster repository interactions
• Log filtering plus live‑mode switching in the UI
• Support for Argo CD 3.1 runResourceAction API

Fixed

• Lower test‑log volume and resolved open‑handler leaks
• Improved memory usage when working with very large repositories

0.21.1

Installation

To get Helm chart for this release run:

helm pull oci://quay.io/codefresh/gitops-runtime --version 0.21.1

Chart changes

• create release 0.21.1
• chore(CR-29827): upd cli-v2 for installer (#568)
• fix: bump cf-argocd-extras to 0.5.7 (#561)
• feat: security fixes for Argo Rollouts 1.7.2 (#562)
• chore(CR-29160): security upd nats exporter (#543)

App-proxy changes

No changes in this release

0.21.0

Installation

To fetch the Helm chart for this release, run:

helm pull oci://quay.io/codefresh/gitops-runtime --version 0.21.0

🚀 Chart Changes

Added

• feat: sources-server integration in app-proxy for manifest validation to support v2 events (#545)
• feat: app-proxy improvements for Git source creation/deletion (#524)
• feat: app-proxy applyIntegration fix (#534)
• feat: support for custom TLS certificates from the platform (#519)
• feat: OAuth2 GitHub fix in app-proxy (#516)
• feat: app-proxy: promotion flows now use the standard commit drawer (#latest)

Changed

• chore: bumped Argo CD Helm to 7.8.23-9-cap-v2.14.9-2025-06-08-8821b48e (#531)
• chore: upgraded Argo Workflows to 0.45.15-v3.6.7-cap-CR-28355 (#517)
• chore: bumped gitops-operator through several versions up to v0.7.24 (#528, #540, #550, #551, #556, #559)
• chore: bumped app-proxy to 1.3591.0 for improved performance and reduced memory usage (#549)
• chore: upgraded Argo Events to patch multiple security vulnerabilities (#541)
• chore: reverted event reporter changes for stability (#533)
• chore: updated README.md
• chore: update image enrichment images to 1.1.14 (#558)

Fixed

• fix: Argo Workflows artifact and log storage issue (#547)
• fix: promotion retries in GitOps operator (#537)
• fix: endless recursion in git-source detection (#520)
• fix: invalid ConfigMap reference in Argo CD root path retrieval (#514)
• fix: update of service labels in event-reporter (#515)

---

🔧 App-Proxy Changes

Added

• feat: pipeline configuration via source-sources
• feat: apply integration powered by sources-server (for runtimes >= 0.21.0)
• feat: git-source creation/deletion enhancements
• feat: Git promotion workflows drawer integration
• feat: cf-telemetry upgrade across all internal services

Changed

• chore: updated helm, octokit, multer, and fastify dependencies
• chore: improved cluster deletion logic

Fixed

• fix: OAuth2 GitHub flow (#516)
• fix: return empty response for Git providers not supporting searchMergedPullRequestByCommitSha

0.20.1

Installation

To get Helm chart for this release run:

helm pull oci://quay.io/codefresh/gitops-runtime --version 0.20.1

Chart changes

• fix: Argo-workflows artifact and log storage example (#547)
• fix: bump gitops operator chart to fix promotion retries (#537)
• bumped gitops-operator and app-proxy version to make github enterprise promotions work (#535)

App-proxy changes

Introduced changes:

• fix: returned empty response for providers which don't support searchMergedPullRequestByCommitSha