Bump version to 2.12.0 (#19383 )

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: ishitasequeira <46771830+ishitasequeira@users.noreply.github.com>
feat: Add custom health check for cluster-api AWSManagedControlPlane (#19304 ) (#19360 )
2026-02-22 10:38:51 +01:00 · 2024-08-05 09:24:37 -04:00 · 2024-08-02 10:55:46 -07:00 · 2024-08-01 19:24:32 -04:00 · 2024-08-01 16:11:47 -04:00 · 2024-08-01 10:37:55 -04:00
657 changed files with 11264 additions and 57805 deletions
--- a/.gitattributes
+++ b/.gitattributes
@@ -1,13 +0,0 @@
-**/*.pb.go linguist-generated=true
-**/mocks/*.go linguist-generated=true
-assets/swagger.json linguist-generated=true
-docs/operator-manual/resource_actions_builtin.md linguist-generated=true
-docs/operator-manual/server-commands/argocd-*.md linguist-generated=true
-docs/user-guide/commands/argocd_*.md linguist-generated=true
-manifests/core-install.yaml linguist-generated=true
-manifests/crds/*-crd.yaml linguist-generated=true
-manifests/ha/install.yaml linguist-generated=true
-manifests/ha/namespace-install.yaml linguist-generated=true
-manifests/install.yaml linguist-generated=true
-manifests/namespace-install.yaml linguist-generated=true
-pkg/apis/api-rules/violation_exceptions.list linguist-generated=true
--- a/.github/ISSUE_TEMPLATE/new_dev_tool.md
+++ b/.github/ISSUE_TEMPLATE/new_dev_tool.md
@@ -1,43 +0,0 @@
---
-name: New Dev Tool Request
-about: This is a request for adding a new tool for setting up a dev environment.
-title: ''
-labels: ''
-assignees: ''
---
-
-Checklist:
-
-* [ ] I am willing to maintain this tool, or have another Argo CD maintainer who is. 
-* [ ] I have another Argo CD maintainer who is willing to help maintain this tool (there needs to be at least two maintainers willing to maintain this tool)
-* [ ] I have a lead sponsor who is a core Argo CD maintainer
-* [ ] There is a PR which adds said tool - this is so that the maintainers can assess the impact of having this in the tree
-* [ ] I have given a motivation why this should be added
-
-### The proposer
-
-<-- The username(s) of the person(s) proposing the tool -->
-
-### The proposed tool
-
-<!-- The tool itself, with a link to the tool’s website -->
-
-### Motivation
-
-<!-- Why this tool would be useful to have in the tree. --> 
-
-### Link to PR (Optional)
-
-<!-- A PR adding the tool to the tree -->
-
-### Lead Sponsor(s)
-
-Final approval requires sponsorship from at least one core maintainer.
-
- @<sponsor-1>
-
-### Co-sponsors
-
-These will be the co-maintainers of the specified tool.
-
- @<sponsor-1>
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -4,13 +4,8 @@ updates:
    directory: "/"
    schedule:
      interval: "daily"
-    open-pull-requests-limit: 20
    ignore:
    - dependency-name: k8s.io/*
-    groups:
-      otel:
-        patterns:
-          - "^go.opentelemetry.io/.*"

  - package-ecosystem: "github-actions"
    directory: "/"
--- a/.github/workflows/ci-build.yaml
+++ b/.github/workflows/ci-build.yaml
@@ -31,7 +31,7 @@ jobs:
      docs: ${{ steps.filter.outputs.docs_any_changed }}
    steps:
      - uses: actions/checkout@8410ad0602e1e429cee44a835ae9f77f654a6694 # v4.0.0
-      - uses: tj-actions/changed-files@c65cd883420fd2eb864698a825fc4162dd94482c # v44.5.7
+      - uses: tj-actions/changed-files@d6babd6899969df1a11d14c368283ea4436bca78 # v44.5.2
        id: filter
        with:
          # Any file which is not under docs/, ui/ or is not a markdown file is counted as a backend file
@@ -56,7 +56,7 @@ jobs:
      - name: Checkout code
        uses: actions/checkout@8410ad0602e1e429cee44a835ae9f77f654a6694 # v4.0.0
      - name: Setup Golang
-        uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
+        uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
        with:
          go-version: ${{ env.GOLANG_VERSION }}
      - name: Download all Go modules
@@ -77,7 +77,7 @@ jobs:
      - name: Checkout code
        uses: actions/checkout@8410ad0602e1e429cee44a835ae9f77f654a6694 # v4.0.0
      - name: Setup Golang
-        uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
+        uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
        with:
          go-version: ${{ env.GOLANG_VERSION }}
      - name: Restore go build cache
@@ -104,11 +104,11 @@ jobs:
      - name: Checkout code
        uses: actions/checkout@8410ad0602e1e429cee44a835ae9f77f654a6694 # v4.0.0
      - name: Setup Golang
-        uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
+        uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
        with:
          go-version: ${{ env.GOLANG_VERSION }}
      - name: Run golangci-lint
-        uses: golangci/golangci-lint-action@aaa42aa0628b4ae2578232a66b541047968fac86 # v6.1.0
+        uses: golangci/golangci-lint-action@a4f60bb28d35aeee14e6880718e0c85ff1882e64 # v6.0.1
        with:
          version: v1.58.2
          args: --verbose
@@ -131,7 +131,7 @@ jobs:
      - name: Create symlink in GOPATH
        run: ln -s $(pwd) ~/go/src/github.com/argoproj/argo-cd
      - name: Setup Golang
-        uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
+        uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
        with:
          go-version: ${{ env.GOLANG_VERSION }}
      - name: Install required packages
@@ -172,7 +172,7 @@ jobs:
      - name: Run all unit tests
        run: make test-local
      - name: Generate test results artifacts
-        uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6
+        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
        with:
          name: test-results
          path: test-results
@@ -195,7 +195,7 @@ jobs:
      - name: Create symlink in GOPATH
        run: ln -s $(pwd) ~/go/src/github.com/argoproj/argo-cd
      - name: Setup Golang
-        uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
+        uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
        with:
          go-version: ${{ env.GOLANG_VERSION }}
      - name: Install required packages
@@ -236,7 +236,7 @@ jobs:
      - name: Run all unit tests
        run: make test-race-local
      - name: Generate test results artifacts
-        uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6
+        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
        with:
          name: race-results
          path: test-results/
@@ -251,7 +251,7 @@ jobs:
      - name: Checkout code
        uses: actions/checkout@8410ad0602e1e429cee44a835ae9f77f654a6694 # v4.0.0
      - name: Setup Golang
-        uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
+        uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
        with:
          go-version: ${{ env.GOLANG_VERSION }}
      - name: Create symlink in GOPATH
@@ -303,7 +303,7 @@ jobs:
      - name: Checkout code
        uses: actions/checkout@8410ad0602e1e429cee44a835ae9f77f654a6694 # v4.0.0
      - name: Setup NodeJS
-        uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3
+        uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
        with:
          node-version: '21.6.1'
      - name: Restore node dependency cache
@@ -354,22 +354,21 @@ jobs:
        run: |
          rm -rf ui/node_modules/argo-ui/node_modules
      - name: Get e2e code coverage
-        uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
+        uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
        with:
          name: e2e-code-coverage
          path: e2e-code-coverage
      - name: Get unit test code coverage
-        uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
+        uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
        with:
          name: test-results
          path: test-results
      - name: combine-go-coverage
-        # We generate coverage reports for all Argo CD components, but only the applicationset-controller,
-        # app-controller, repo-server, and commit-server report contain coverage data. The other components currently
-        # don't shut down gracefully, so no coverage data is produced. Once those components are fixed, we can add
-        # references to their coverage output directories.
+        # We generate coverage reports for all Argo CD components, but only the applicationset-controller report
+        # contains coverage data. The other components currently don't shut down gracefully, so no coverage data is
+        # produced. Once those components are fixed, we can add references to their coverage output directories.
        run: |
-          go tool covdata percent -i=test-results,e2e-code-coverage/applicationset-controller,e2e-code-coverage/repo-server,e2e-code-coverage/app-controller,e2e-code-coverage/commit-server -o test-results/full-coverage.out
+          go tool covdata percent -i=test-results,e2e-code-coverage/applicationset-controller -o test-results/full-coverage.out
      - name: Upload code coverage information to codecov.io
        uses: codecov/codecov-action@e28ff129e5465c2c0dcc6f003fc735cb6ae0c673 # v4.5.0
        with:
@@ -381,7 +380,7 @@ jobs:
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
-        uses: SonarSource/sonarqube-scan-action@aecaf43ae57e412bd97d70ef9ce6076e672fe0a9 # v2.2
+        uses: SonarSource/sonarqube-scan-action@540792c588b5c2740ad2bb4667db5cd46ae678f2 # v2.2
        if: env.sonar_secret != ''
  test-e2e:
    name: Run end-to-end tests
@@ -391,14 +390,14 @@ jobs:
      fail-fast: false
      matrix:
        k3s:
-          - version: v1.30.2
+          - version: v1.29.1
            # We designate the latest version because we only collect code coverage for that version.
            latest: true
-          - version: v1.29.6
+          - version: v1.28.6
            latest: false
-          - version: v1.28.11
+          - version: v1.27.10
            latest: false
-          - version: v1.27.15
+          - version: v1.26.13
            latest: false
    needs:
      - build-go
@@ -420,7 +419,7 @@ jobs:
      - name: Checkout code
        uses: actions/checkout@8410ad0602e1e429cee44a835ae9f77f654a6694 # v4.0.0
      - name: Setup Golang
-        uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
+        uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
        with:
          go-version: ${{ env.GOLANG_VERSION }}
      - name: GH actions workaround - Kill XSP4 process
@@ -465,7 +464,7 @@ jobs:
          git config --global user.email "john.doe@example.com"
      - name: Pull Docker image required for tests
        run: |
-          docker pull ghcr.io/dexidp/dex:v2.41.1
+          docker pull ghcr.io/dexidp/dex:v2.38.0
          docker pull argoproj/argo-cd-ci-builder:v1.0.0
          docker pull redis:7.0.15-alpine
      - name: Create target directory for binaries in the build-process
@@ -497,13 +496,13 @@ jobs:
          goreman run stop-all || echo "goreman trouble"
          sleep 30
      - name: Upload e2e coverage report
-        uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6
+        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
        with:
          name: e2e-code-coverage
          path: /tmp/coverage
        if: ${{ matrix.k3s.latest }}
      - name: Upload e2e-server logs
-        uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6
+        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
        with:
          name: e2e-server-k8s${{ matrix.k3s.version }}.log
          path: /tmp/e2e-server.log
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -33,7 +33,7 @@ jobs:

    # Use correct go version. https://github.com/github/codeql-action/issues/1842#issuecomment-1704398087
    - name: Setup Golang
-      uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
+      uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
      with:
        go-version-file: go.mod
      
--- a/.github/workflows/image-reuse.yaml
+++ b/.github/workflows/image-reuse.yaml
@@ -69,15 +69,15 @@ jobs:
        if: ${{ github.ref_type != 'tag'}}

      - name: Setup Golang
-        uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
+        uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
        with:
          go-version: ${{ inputs.go-version }}

      - name: Install cosign
-        uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382 # v3.6.0
+        uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 # v3.5.0

-      - uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0
-      - uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1
+      - uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0
+      - uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0

      - name: Setup tags for container image as a CSV type
        run: |
@@ -104,7 +104,7 @@ jobs:
            echo 'EOF' >> $GITHUB_ENV

      - name: Login to Quay.io
-        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
+        uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
        with:
          registry: quay.io
          username: ${{ secrets.quay_username }}
@@ -112,7 +112,7 @@ jobs:
        if: ${{ inputs.quay_image_name && inputs.push }}

      - name: Login to GitHub Container Registry
-        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
+        uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
        with:
          registry: ghcr.io
          username: ${{ secrets.ghcr_username }}
@@ -120,7 +120,7 @@ jobs:
        if: ${{ inputs.ghcr_image_name && inputs.push }}

      - name: Login to dockerhub Container Registry
-        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
+        uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
        with:
          username: ${{ secrets.docker_username }}
          password: ${{ secrets.docker_password }}
@@ -143,7 +143,7 @@ jobs:

      - name: Build and push container image
        id: image
-        uses: docker/build-push-action@16ebe778df0e7752d2cfcbd924afdbbd89c1a755 #v6.6.1
+        uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25 #v5.4.0
        with:
          context: .
          platforms: ${{ inputs.platforms }}
--- a/.github/workflows/init-release.yaml
+++ b/.github/workflows/init-release.yaml
@@ -64,7 +64,7 @@ jobs:
          git stash pop

      - name: Create pull request
-        uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c  # v6.1.0
+        uses: peter-evans/create-pull-request@6d6857d36972b65feb161a90e484f2984215f83e  # v6.0.5
        with:
          commit-message: "Bump version to ${{ inputs.TARGET_VERSION }}"
          title: "Bump version to ${{ inputs.TARGET_VERSION }} on ${{ inputs.TARGET_BRANCH }} branch"
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -77,7 +77,7 @@ jobs:
          fi

      - name: Setup Golang
-        uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
+        uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
        with:
          go-version: ${{ env.GOLANG_VERSION }}

@@ -153,7 +153,7 @@ jobs:
          token: ${{ secrets.GITHUB_TOKEN }}

      - name: Setup Golang
-        uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
+        uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
        with:
          go-version: ${{ env.GOLANG_VERSION }}

@@ -197,7 +197,7 @@ jobs:
          echo "hashes=$(sha256sum /tmp/sbom.tar.gz | base64 -w0)" >> "$GITHUB_OUTPUT"
      
      - name: Upload SBOM
-        uses: softprops/action-gh-release@c062e08bd532815e2082a85e87e3ef29c3e6d191 # v2.0.8
+        uses: softprops/action-gh-release@69320dbe05506a9a39fc8ae11030b214ec2d1f87 # v2.0.5
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        with:
@@ -291,11 +291,11 @@ jobs:
          # Replace the 'project-release: vX.X.X-rcX' line in SECURITY-INSIGHTS.yml
          sed -i "s/project-release: v.*$/project-release: v${{ env.NEW_VERSION }}/" SECURITY-INSIGHTS.yml
          # Update the 'commit-hash: XXXXXXX' line in SECURITY-INSIGHTS.yml
-          sed -i "s/commit-hash: .*/commit-hash: ${{ env.COMMIT_HASH }}/" SECURITY-INSIGHTS.yml
+          sed -i "s/commit-hash: .*/commit-hash: ${{ env.NEW_VERSION }}/" SECURITY-INSIGHTS.yml
        if: ${{ env.UPDATE_VERSION == 'true' }}

      - name: Create PR to update VERSION on master branch
-        uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c # v6.1.0
+        uses: peter-evans/create-pull-request@6d6857d36972b65feb161a90e484f2984215f83e # v6.0.5
        with:
          commit-message: Bump version in master
          title: "chore: Bump version in master"
--- a/.github/workflows/scorecard.yaml
+++ b/.github/workflows/scorecard.yaml
@@ -35,7 +35,7 @@ jobs:
          persist-credentials: false

      - name: "Run analysis"
-        uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0
+        uses: ossf/scorecard-action@dc50aa9510b46c811795eb24b2f1ba02a914e534 # v2.3.3
        with:
          results_file: results.sarif
          results_format: sarif
@@ -54,7 +54,7 @@ jobs:
      # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
      # format to the repository Actions tab.
      - name: "Upload artifact"
-        uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6
+        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
        with:
          name: SARIF file
          path: results.sarif
--- a/.gitpod.Dockerfile
+++ b/.gitpod.Dockerfile
@@ -1,4 +1,4 @@
-FROM gitpod/workspace-full@sha256:fbff2dce4236535b96de0e94622bbe9a44fba954ca064862004c34e3e08904df
+FROM gitpod/workspace-full@sha256:8dd34e72ae5b9e6f60d267dd6287befc2cf5ad1a11c64e9d93daa60c952a2154

 USER root

--- a/.golangci.yaml
+++ b/.golangci.yaml
@@ -36,6 +36,8 @@ linters-settings:
  testifylint:
    enable-all: true
    disable:
+      - error-is-as
+      - float-compare
      - go-require
 run:
  timeout: 50m
--- a/.mockery.yaml
+++ b/.mockery.yaml
@@ -1,75 +0,0 @@
-# global config
-filename: "{{.InterfaceName}}.go"
-dir: "{{.InterfaceDir}}/mocks"
-outpkg: "mocks"
-mockname: "{{.InterfaceName}}"
-with-expecter: false
-# individual interface config
-packages:
-  github.com/argoproj/argo-cd/v2/applicationset/generators:
-    interfaces:
-      Generator:
-  github.com/argoproj/argo-cd/v2/applicationset/services:
-    interfaces:
-      Repos:
-  github.com/argoproj/argo-cd/v2/applicationset/services/scm_provider:
-    config:
-      dir: "applicationset/services/scm_provider/aws_codecommit/mocks"
-    interfaces:
-      AWSCodeCommitClient:
-      AWSTaggingClient:
-  github.com/microsoft/azure-devops-go-api/azuredevops/git:
-    config:
-      dir: "applicationset/services/scm_provider/azure_devops/git/mocks"
-    interfaces:
-      Client:
-  github.com/argoproj/argo-cd/v2/applicationset/utils:
-    interfaces:
-      Renderer:
-  github.com/argoproj/argo-cd/v2/commitserver/commit:
-    interfaces:
-      RepoClientFactory:
-  github.com/argoproj/argo-cd/v2/commitserver/apiclient:
-    interfaces:
-      CommitServiceClient:
-      Clientset:
-  github.com/argoproj/argo-cd/v2/controller/cache:
-    interfaces:
-      LiveStateCache:
-  github.com/argoproj/argo-cd/v2/reposerver/apiclient:
-    interfaces:
-      RepoServerServiceClient:
-      RepoServerService_GenerateManifestWithFilesClient:
-  github.com/argoproj/argo-cd/v2/server/application:
-    interfaces:
-      Broadcaster:
-  github.com/argoproj/argo-cd/v2/server/extension:
-    interfaces:
-      ApplicationGetter:
-      ExtensionMetricsRegistry:
-      ProjectGetter:
-      RbacEnforcer:
-      SettingsGetter:
-  github.com/argoproj/argo-cd/v2/util/db:
-    interfaces:
-      ArgoDB:
-  github.com/argoproj/argo-cd/v2/util/git:
-    interfaces:
-      Client:
-  github.com/argoproj/argo-cd/v2/util/helm:
-    interfaces:
-      Client:
-  github.com/argoproj/argo-cd/v2/util/io:
-    interfaces:
-      TempPaths:
-  github.com/argoproj/argo-cd/v2/util/notification/argocd:
-    interfaces:
-      Service:
-  # These mocks are not currently used, but they are part of the public API of this package.      
-  github.com/argoproj/argo-cd/v2/pkg/apiclient/session:
-    interfaces:
-      SessionServiceServer:
-      SessionServiceClient:
-  github.com/argoproj/argo-cd/v2/pkg/apiclient/cluster:
-    interfaces:
-      ClusterServiceServer:
--- a/4
+++ b/4
@@ -4,7 +4,7 @@ ARG BASE_IMAGE=docker.io/library/ubuntu:24.04@sha256:3f85b7caad41a95462cf5b787d8
 # Initial stage which pulls prepares build dependencies and CLI tooling we need for our final image
 # Also used as the image in CI jobs so needs all dependencies
 ####################################################################################################
-FROM docker.io/library/golang:1.22.6@sha256:2bd56f00ff47baf33e64eae7996b65846c7cb5e0a46e0a882ef179fd89654afa AS builder
+FROM docker.io/library/golang:1.22.4@sha256:c2010b9c2342431a24a2e64e33d9eb2e484af49e72c820e200d332d214d5e61f AS builder

 RUN echo 'deb http://archive.debian.org/debian buster-backports main' >> /etc/apt/sources.list

@@ -101,7 +101,7 @@ RUN HOST_ARCH=$TARGETARCH NODE_ENV='production' NODE_ONLINE_ENV='online' NODE_OP
 ####################################################################################################
 # Argo CD Build stage which performs the actual build of Argo CD binaries
 ####################################################################################################
-FROM --platform=$BUILDPLATFORM docker.io/library/golang:1.22.6@sha256:2bd56f00ff47baf33e64eae7996b65846c7cb5e0a46e0a882ef179fd89654afa AS argocd-build
+FROM --platform=$BUILDPLATFORM docker.io/library/golang:1.22.4@sha256:c2010b9c2342431a24a2e64e33d9eb2e484af49e72c820e200d332d214d5e61f AS argocd-build

 WORKDIR /go/src/github.com/argoproj/argo-cd

--- a/12
+++ b/12
@@ -192,10 +192,6 @@ endif
 .PHONY: all
 all: cli image

-.PHONY: mockgen
-mockgen:
-	./hack/generate-mock.sh
-
 .PHONY: gogen
 gogen:
 	export GO111MODULE=off
@@ -233,16 +229,13 @@ clientgen:
 clidocsgen:
 	go run tools/cmd-docs/main.go

-.PHONY: actionsdocsgen
-actionsdocsgen:
-	hack/generate-actions-list.sh

 .PHONY: codegen-local
-codegen-local: mod-vendor-local mockgen gogen protogen clientgen openapigen clidocsgen actionsdocsgen manifests-local notification-docs notification-catalog
+codegen-local: mod-vendor-local gogen protogen clientgen openapigen clidocsgen manifests-local notification-docs notification-catalog
 	rm -rf vendor/

 .PHONY: codegen-local-fast
-codegen-local-fast: mockgen gogen protogen-fast clientgen openapigen clidocsgen manifests-local notification-docs notification-catalog
+codegen-local-fast: gogen protogen-fast clientgen openapigen clidocsgen manifests-local notification-docs notification-catalog

 .PHONY: codegen
 codegen: test-tools-image
@@ -472,7 +465,6 @@ start-e2e-local: mod-vendor-local dep-ui-local cli-local
 	mkdir -p /tmp/coverage/repo-server
 	mkdir -p /tmp/coverage/applicationset-controller
 	mkdir -p /tmp/coverage/notification
-	mkdir -p /tmp/coverage/commit-server
 	# set paths for locally managed ssh known hosts and tls certs data
 	ARGOCD_SSH_DATA_PATH=/tmp/argo-e2e/app/config/ssh \
 	ARGOCD_TLS_DATA_PATH=/tmp/argo-e2e/app/config/tls \
--- a/1
+++ b/1
@@ -1,6 +1,5 @@
 owners:
 - alexmt
- crenshaw-dev
 - jessesuen

 approvers:
--- a/4
+++ b/4
@@ -1,11 +1,9 @@
-controller: [ "$BIN_MODE" = 'true' ] && COMMAND=./dist/argocd || COMMAND='go run ./cmd/main.go' && sh -c "GOCOVERDIR=${ARGOCD_COVERAGE_DIR:-/tmp/coverage/app-controller} HOSTNAME=testappcontroller-1  FORCE_LOG_COLORS=1 ARGOCD_FAKE_IN_CLUSTER=true ARGOCD_TLS_DATA_PATH=${ARGOCD_TLS_DATA_PATH:-/tmp/argocd-local/tls} ARGOCD_SSH_DATA_PATH=${ARGOCD_SSH_DATA_PATH:-/tmp/argocd-local/ssh} ARGOCD_BINARY_NAME=argocd-application-controller $COMMAND --loglevel debug --redis localhost:${ARGOCD_E2E_REDIS_PORT:-6379} --repo-server localhost:${ARGOCD_E2E_REPOSERVER_PORT:-8081} --commit-server localhost:${ARGOCD_E2E_COMMITSERVER_PORT:-8086} --otlp-address=${ARGOCD_OTLP_ADDRESS} --application-namespaces=${ARGOCD_APPLICATION_NAMESPACES:-''} --server-side-diff-enabled=${ARGOCD_APPLICATION_CONTROLLER_SERVER_SIDE_DIFF:-'false'}"
+controller: [ "$BIN_MODE" = 'true' ] && COMMAND=./dist/argocd || COMMAND='go run ./cmd/main.go' && sh -c "GOCOVERDIR=${ARGOCD_COVERAGE_DIR:-/tmp/coverage/app-controller} HOSTNAME=testappcontroller-1  FORCE_LOG_COLORS=1 ARGOCD_FAKE_IN_CLUSTER=true ARGOCD_TLS_DATA_PATH=${ARGOCD_TLS_DATA_PATH:-/tmp/argocd-local/tls} ARGOCD_SSH_DATA_PATH=${ARGOCD_SSH_DATA_PATH:-/tmp/argocd-local/ssh} ARGOCD_BINARY_NAME=argocd-application-controller $COMMAND --loglevel debug --redis localhost:${ARGOCD_E2E_REDIS_PORT:-6379} --repo-server localhost:${ARGOCD_E2E_REPOSERVER_PORT:-8081} --otlp-address=${ARGOCD_OTLP_ADDRESS} --application-namespaces=${ARGOCD_APPLICATION_NAMESPACES:-''} --server-side-diff-enabled=${ARGOCD_APPLICATION_CONTROLLER_SERVER_SIDE_DIFF:-'false'}"
 api-server: [ "$BIN_MODE" = 'true' ] && COMMAND=./dist/argocd || COMMAND='go run ./cmd/main.go' && sh -c "GOCOVERDIR=${ARGOCD_COVERAGE_DIR:-/tmp/coverage/api-server} FORCE_LOG_COLORS=1 ARGOCD_FAKE_IN_CLUSTER=true ARGOCD_TLS_DATA_PATH=${ARGOCD_TLS_DATA_PATH:-/tmp/argocd-local/tls} ARGOCD_SSH_DATA_PATH=${ARGOCD_SSH_DATA_PATH:-/tmp/argocd-local/ssh} ARGOCD_BINARY_NAME=argocd-server $COMMAND --loglevel debug --redis localhost:${ARGOCD_E2E_REDIS_PORT:-6379} --disable-auth=${ARGOCD_E2E_DISABLE_AUTH:-'true'} --insecure --dex-server http://localhost:${ARGOCD_E2E_DEX_PORT:-5556} --repo-server localhost:${ARGOCD_E2E_REPOSERVER_PORT:-8081} --port ${ARGOCD_E2E_APISERVER_PORT:-8080} --otlp-address=${ARGOCD_OTLP_ADDRESS} --application-namespaces=${ARGOCD_APPLICATION_NAMESPACES:-''}"
 dex: sh -c "ARGOCD_BINARY_NAME=argocd-dex go run github.com/argoproj/argo-cd/v2/cmd gendexcfg -o `pwd`/dist/dex.yaml && (test -f dist/dex.yaml || { echo 'Failed to generate dex configuration'; exit 1; }) && docker run --rm -p ${ARGOCD_E2E_DEX_PORT:-5556}:${ARGOCD_E2E_DEX_PORT:-5556} -v `pwd`/dist/dex.yaml:/dex.yaml ghcr.io/dexidp/dex:$(grep "image: ghcr.io/dexidp/dex" manifests/base/dex/argocd-dex-server-deployment.yaml | cut -d':' -f3) dex serve /dex.yaml"
 redis: bash -c "if [ \"$ARGOCD_REDIS_LOCAL\" = 'true' ]; then redis-server --save '' --appendonly no --port ${ARGOCD_E2E_REDIS_PORT:-6379}; else docker run --rm --name argocd-redis -i -p ${ARGOCD_E2E_REDIS_PORT:-6379}:${ARGOCD_E2E_REDIS_PORT:-6379} docker.io/library/redis:$(grep "image: redis" manifests/base/redis/argocd-redis-deployment.yaml | cut -d':' -f3) --save '' --appendonly no --port ${ARGOCD_E2E_REDIS_PORT:-6379}; fi"
 repo-server: [ "$BIN_MODE" = 'true' ] && COMMAND=./dist/argocd || COMMAND='go run ./cmd/main.go' && sh -c "GOCOVERDIR=${ARGOCD_COVERAGE_DIR:-/tmp/coverage/repo-server} FORCE_LOG_COLORS=1 ARGOCD_FAKE_IN_CLUSTER=true ARGOCD_GNUPGHOME=${ARGOCD_GNUPGHOME:-/tmp/argocd-local/gpg/keys} ARGOCD_PLUGINSOCKFILEPATH=${ARGOCD_PLUGINSOCKFILEPATH:-./test/cmp}  ARGOCD_GPG_DATA_PATH=${ARGOCD_GPG_DATA_PATH:-/tmp/argocd-local/gpg/source} ARGOCD_TLS_DATA_PATH=${ARGOCD_TLS_DATA_PATH:-/tmp/argocd-local/tls} ARGOCD_SSH_DATA_PATH=${ARGOCD_SSH_DATA_PATH:-/tmp/argocd-local/ssh} ARGOCD_BINARY_NAME=argocd-repo-server ARGOCD_GPG_ENABLED=${ARGOCD_GPG_ENABLED:-false} $COMMAND --loglevel debug --port ${ARGOCD_E2E_REPOSERVER_PORT:-8081} --redis localhost:${ARGOCD_E2E_REDIS_PORT:-6379} --otlp-address=${ARGOCD_OTLP_ADDRESS}"
-commit-server: [ "$BIN_MODE" = 'true' ] && COMMAND=./dist/argocd || COMMAND='go run ./cmd/main.go' && sh -c "GOCOVERDIR=${ARGOCD_COVERAGE_DIR:-/tmp/coverage/commit-server} FORCE_LOG_COLORS=1 ARGOCD_BINARY_NAME=argocd-commit-server $COMMAND --loglevel debug --port ${ARGOCD_E2E_COMMITSERVER_PORT:-8086}"
 cmp-server: [ "$ARGOCD_E2E_TEST" = 'true' ] && exit 0 || [ "$BIN_MODE" = 'true' ] && COMMAND=./dist/argocd || COMMAND='go run ./cmd/main.go' && sh -c "FORCE_LOG_COLORS=1 ARGOCD_FAKE_IN_CLUSTER=true ARGOCD_BINARY_NAME=argocd-cmp-server ARGOCD_PLUGINSOCKFILEPATH=${ARGOCD_PLUGINSOCKFILEPATH:-./test/cmp} $COMMAND --config-dir-path ./test/cmp --loglevel debug --otlp-address=${ARGOCD_OTLP_ADDRESS}"
-commit-server: [ "$BIN_MODE" = 'true' ] && COMMAND=./dist/argocd || COMMAND='go run ./cmd/main.go' && sh -c "GOCOVERDIR=${ARGOCD_COVERAGE_DIR:-/tmp/coverage/commit-server} FORCE_LOG_COLORS=1 ARGOCD_BINARY_NAME=argocd-commit-server $COMMAND --loglevel debug --port ${ARGOCD_E2E_COMMITSERVER_PORT:-8086}"
 ui: sh -c 'cd ui && ${ARGOCD_E2E_YARN_CMD:-yarn} start'
 git-server: test/fixture/testrepos/start-git.sh
 helm-registry: test/fixture/testrepos/start-helm-registry.sh
--- a/README.md
+++ b/README.md
@@ -7,7 +7,7 @@
 [![Integration tests](https://github.com/argoproj/argo-cd/workflows/Integration%20tests/badge.svg?branch=master)](https://github.com/argoproj/argo-cd/actions?query=workflow%3A%22Integration+tests%22)
 [![codecov](https://codecov.io/gh/argoproj/argo-cd/branch/master/graph/badge.svg)](https://codecov.io/gh/argoproj/argo-cd)
 [![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/4486/badge)](https://bestpractices.coreinfrastructure.org/projects/4486)
-[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/argoproj/argo-cd/badge)](https://scorecard.dev/viewer/?uri=github.com/argoproj/argo-cd)
+[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/argoproj/argo-cd/badge)](https://api.securityscorecards.dev/projects/github.com/argoproj/argo-cd)
 [![FOSSA Status](https://app.fossa.com/api/projects/git%2Bgithub.com%2Fargoproj%2Fargo-cd.svg?type=shield)](https://app.fossa.com/projects/git%2Bgithub.com%2Fargoproj%2Fargo-cd?ref=badge_shield)

 **Social:**
--- a/SECURITY-INSIGHTS.yml
+++ b/SECURITY-INSIGHTS.yml
@@ -3,9 +3,9 @@ header:
  expiration-date: '2024-10-31T00:00:00.000Z' # One year from initial release.
  last-updated: '2023-10-27'
  last-reviewed: '2023-10-27'
-  commit-hash: fe606708859574b9b6102a505e260fac5d3fb14e
+  commit-hash: b71277c6beb949d0199d647a582bc25822b88838
  project-url: https://github.com/argoproj/argo-cd
-  project-release: v2.13.0
+  project-release: v2.9.0-rc3
  changelog: https://github.com/argoproj/argo-cd/releases
  license: https://github.com/argoproj/argo-cd/blob/master/LICENSE
 project-lifecycle:
--- a/USERS.md
+++ b/USERS.md
@@ -43,11 +43,9 @@ Currently, the following organizations are **officially** using Argo CD:
 1. [BioBox Analytics](https://biobox.io)
 1. [BMW Group](https://www.bmwgroup.com/)
 1. [Boozt](https://www.booztgroup.com/)
-1. [Bosch](https://www.bosch.com/)
 1. [Boticario](https://www.boticario.com.br/)
 1. [Broker Consulting, a.s.](https://www.bcas.cz/en/)
 1. [Bulder Bank](https://bulderbank.no)
-1. [Cabify](https://cabify.com/en)
 1. [CAM](https://cam-inc.co.jp)
 1. [Camptocamp](https://camptocamp.com)
 1. [Candis](https://www.candis.io)
@@ -64,14 +62,12 @@ Currently, the following organizations are **officially** using Argo CD:
 1. [Cisco ET&I](https://eti.cisco.com/)
 1. [Cloud Posse](https://www.cloudposse.com/)
 1. [Cloud Scale](https://cloudscaleinc.com/)
-1. [CloudScript](https://www.cloudscript.com.br/)
 1. [CloudGeometry](https://www.cloudgeometry.io/)
 1. [Cloudmate](https://cloudmt.co.kr/)
 1. [Cloudogu](https://cloudogu.com/)
 1. [Cobalt](https://www.cobalt.io/)
 1. [Codefresh](https://www.codefresh.io/)
 1. [Codility](https://www.codility.com/)
-1. [Cognizant](https://www.cognizant.com/)
 1. [Commonbond](https://commonbond.co/)
 1. [Contlo](https://contlo.com/)
 1. [Coralogix](https://coralogix.com/)
@@ -113,11 +109,9 @@ Currently, the following organizations are **officially** using Argo CD:
 1. [Freshop, Inc](https://www.freshop.com/)
 1. [Future PLC](https://www.futureplc.com/)
 1. [G DATA CyberDefense AG](https://www.gdata-software.com/)
-1. [G-Research](https://www.gresearch.com/teams/open-source-software/)
 1. [Garner](https://www.garnercorp.com)
 1. [Generali Deutschland AG](https://www.generali.de/)
 1. [Gepardec](https://gepardec.com/)
-1. [Getir](https://getir.com)
 1. [GetYourGuide](https://www.getyourguide.com/)
 1. [Gitpod](https://www.gitpod.io)
 1. [Gllue](https://gllue.com)
@@ -134,7 +128,6 @@ Currently, the following organizations are **officially** using Argo CD:
 1. [Groww](https://groww.in)
 1. [Grupo MasMovil](https://grupomasmovil.com/en/)
 1. [Handelsbanken](https://www.handelsbanken.se)
-1. [Hazelcast](https://hazelcast.com/)
 1. [Healy](https://www.healyworld.net)
 1. [Helio](https://helio.exchange)
 1. [Hetki](https://hetki.ai)
@@ -153,7 +146,6 @@ Currently, the following organizations are **officially** using Argo CD:
 1. [Index Exchange](https://www.indexexchange.com/)
 1. [Info Support](https://www.infosupport.com/)
 1. [InsideBoard](https://www.insideboard.com)
-1. [Instruqt](https://www.instruqt.com)
 1. [Intuit](https://www.intuit.com/)
 1. [Jellysmack](https://www.jellysmack.com)
 1. [Joblift](https://joblift.com/)
@@ -163,7 +155,6 @@ Currently, the following organizations are **officially** using Argo CD:
 1. [Karrot](https://www.daangn.com/)
 1. [KarrotPay](https://www.daangnpay.com/)
 1. [Kasa](https://kasa.co.kr/)
-1. [Kave Home](https://kavehome.com)
 1. [Keeeb](https://www.keeeb.com/)
 1. [KelkooGroup](https://www.kelkoogroup.com)
 1. [Keptn](https://keptn.sh)
@@ -176,8 +167,6 @@ Currently, the following organizations are **officially** using Argo CD:
 1. [Kurly](https://www.kurly.com/)
 1. [Kvist](https://kvistsolutions.com)
 1. [Kyriba](https://www.kyriba.com/)
-1. [LeFigaro](https://www.lefigaro.fr/)
-1. [Lely](https://www.lely.com/)
 1. [LexisNexis](https://www.lexisnexis.com/)
 1. [Lian Chu Securities](https://lczq.com)
 1. [Liatrio](https://www.liatrio.com)
@@ -208,14 +197,11 @@ Currently, the following organizations are **officially** using Argo CD:
 1. [Money Forward](https://corp.moneyforward.com/en/)
 1. [MOO Print](https://www.moo.com/)
 1. [MTN Group](https://www.mtn.com/)
-1. [Municipality of The Hague](https://www.denhaag.nl/)
-1. [My Job Glasses](https://myjobglasses.com)
 1. [Natura &Co](https://naturaeco.com/)
 1. [Nethopper](https://nethopper.io)
 1. [New Relic](https://newrelic.com/)
 1. [Nextbasket](https://nextbasket.com)
 1. [Nextdoor](https://nextdoor.com/)
-1. [Next Fit Sistemas](https://nextfit.com.br/)
 1. [Nikkei](https://www.nikkei.co.jp/nikkeiinfo/en/)
 1. [Nitro](https://gonitro.com)
 1. [NYCU, CS IT Center](https://it.cs.nycu.edu.tw)
@@ -227,7 +213,6 @@ Currently, the following organizations are **officially** using Argo CD:
 1. [omegaUp](https://omegaUp.com)
 1. [Omni](https://omni.se/)
 1. [Oncourse Home Solutions](https://oncoursehome.com/)
-1. [Open Analytics](https://openanalytics.eu)
 1. [openEuler](https://openeuler.org)
 1. [openGauss](https://opengauss.org/)
 1. [OpenGov](https://opengov.com)
@@ -260,7 +245,6 @@ Currently, the following organizations are **officially** using Argo CD:
 1. [PostFinance](https://github.com/postfinance)
 1. [Preferred Networks](https://preferred.jp/en/)
 1. [Previder BV](https://previder.nl)
-1. [Priceline](https://priceline.com)
 1. [Procore](https://www.procore.com)
 1. [Productboard](https://www.productboard.com/)
 1. [Prudential](https://prudential.com.sg)
@@ -276,7 +260,6 @@ Currently, the following organizations are **officially** using Argo CD:
 1. [Redpill Linpro](https://www.redpill-linpro.com/)
 1. [Reenigne Cloud](https://reenigne.ca)
 1. [reev.com](https://www.reev.com/)
-1. [Relex Solutions](https://www.relexsolutions.com/)
 1. [RightRev](https://rightrev.com/)
 1. [Rijkswaterstaat](https://www.rijkswaterstaat.nl/en)
 1. [Rise](https://www.risecard.eu/)
@@ -293,13 +276,10 @@ Currently, the following organizations are **officially** using Argo CD:
 1. [Schwarz IT](https://jobs.schwarz/it-mission)
 1. [SCRM Lidl International Hub](https://scrm.lidl)
 1. [SEEK](https://seek.com.au)
-1. [SEKAI](https://www.sekai.io/)
 1. [Semgrep](https://semgrep.com)
 1. [Shield](https://shield.com)
 1. [SI Analytics](https://si-analytics.ai)
-1. [Sidewalk Entertainment](https://sidewalkplay.com/)
 1. [Skit](https://skit.ai/)
-1. [Skribble](https://skribble.com) 
 1. [Skyscanner](https://www.skyscanner.net/)
 1. [Smart Pension](https://www.smartpension.co.uk/)
 1. [Smilee.io](https://smilee.io)
--- a/2
+++ b/2
@@ -1 +1 @@
-2.13.0
+2.12.0
--- a/applicationset/controllers/applicationset_controller.go
+++ b/applicationset/controllers/applicationset_controller.go
@@ -43,9 +43,7 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/handler"
 	"sigs.k8s.io/controller-runtime/pkg/predicate"

-	"github.com/argoproj/argo-cd/v2/applicationset/controllers/template"
 	"github.com/argoproj/argo-cd/v2/applicationset/generators"
-	"github.com/argoproj/argo-cd/v2/applicationset/status"
 	"github.com/argoproj/argo-cd/v2/applicationset/utils"
 	"github.com/argoproj/argo-cd/v2/common"
 	"github.com/argoproj/argo-cd/v2/util/db"
@@ -136,7 +134,7 @@ func (r *ApplicationSetReconciler) Reconcile(ctx context.Context, req ctrl.Reque
 	// Log a warning if there are unrecognized generators
 	_ = utils.CheckInvalidGenerators(&applicationSetInfo)
 	// desiredApplications is the main list of all expected Applications from all generators in this appset.
-	desiredApplications, applicationSetReason, err := template.GenerateApplications(logCtx, applicationSetInfo, r.Generators, r.Renderer, r.Client)
+	desiredApplications, applicationSetReason, err := r.generateApplications(logCtx, applicationSetInfo)
 	if err != nil {
 		_ = r.setApplicationSetStatusCondition(ctx,
 			&applicationSetInfo,
@@ -500,6 +498,88 @@ func (r *ApplicationSetReconciler) getMinRequeueAfter(applicationSetInfo *argov1
 	return res
 }

+func getTempApplication(applicationSetTemplate argov1alpha1.ApplicationSetTemplate) *argov1alpha1.Application {
+	var tmplApplication argov1alpha1.Application
+	tmplApplication.Annotations = applicationSetTemplate.Annotations
+	tmplApplication.Labels = applicationSetTemplate.Labels
+	tmplApplication.Namespace = applicationSetTemplate.Namespace
+	tmplApplication.Name = applicationSetTemplate.Name
+	tmplApplication.Spec = applicationSetTemplate.Spec
+	tmplApplication.Finalizers = applicationSetTemplate.Finalizers
+
+	return &tmplApplication
+}
+
+func (r *ApplicationSetReconciler) generateApplications(logCtx *log.Entry, applicationSetInfo argov1alpha1.ApplicationSet) ([]argov1alpha1.Application, argov1alpha1.ApplicationSetReasonType, error) {
+	var res []argov1alpha1.Application
+
+	var firstError error
+	var applicationSetReason argov1alpha1.ApplicationSetReasonType
+
+	for _, requestedGenerator := range applicationSetInfo.Spec.Generators {
+		t, err := generators.Transform(requestedGenerator, r.Generators, applicationSetInfo.Spec.Template, &applicationSetInfo, map[string]interface{}{}, r.Client)
+		if err != nil {
+			logCtx.WithError(err).WithField("generator", requestedGenerator).
+				Error("error generating application from params")
+			if firstError == nil {
+				firstError = err
+				applicationSetReason = argov1alpha1.ApplicationSetReasonApplicationParamsGenerationError
+			}
+			continue
+		}
+
+		for _, a := range t {
+			tmplApplication := getTempApplication(a.Template)
+
+			for _, p := range a.Params {
+				app, err := r.Renderer.RenderTemplateParams(tmplApplication, applicationSetInfo.Spec.SyncPolicy, p, applicationSetInfo.Spec.GoTemplate, applicationSetInfo.Spec.GoTemplateOptions)
+				if err != nil {
+					logCtx.WithError(err).WithField("params", a.Params).WithField("generator", requestedGenerator).
+						Error("error generating application from params")
+
+					if firstError == nil {
+						firstError = err
+						applicationSetReason = argov1alpha1.ApplicationSetReasonRenderTemplateParamsError
+					}
+					continue
+				}
+
+				if applicationSetInfo.Spec.TemplatePatch != nil {
+					patchedApplication, err := r.applyTemplatePatch(app, applicationSetInfo, p)
+					if err != nil {
+						log.WithError(err).WithField("params", a.Params).WithField("generator", requestedGenerator).
+							Error("error generating application from params")
+
+						if firstError == nil {
+							firstError = err
+							applicationSetReason = argov1alpha1.ApplicationSetReasonRenderTemplateParamsError
+						}
+						continue
+					}
+
+					app = patchedApplication
+				}
+
+				res = append(res, *app)
+			}
+		}
+
+		logCtx.WithField("generator", requestedGenerator).Infof("generated %d applications", len(res))
+		logCtx.WithField("generator", requestedGenerator).Debugf("apps from generator: %+v", res)
+	}
+
+	return res, applicationSetReason, firstError
+}
+
+func (r *ApplicationSetReconciler) applyTemplatePatch(app *argov1alpha1.Application, applicationSetInfo argov1alpha1.ApplicationSet, params map[string]interface{}) (*argov1alpha1.Application, error) {
+	replacedTemplate, err := r.Renderer.Replace(*applicationSetInfo.Spec.TemplatePatch, params, applicationSetInfo.Spec.GoTemplate, applicationSetInfo.Spec.GoTemplateOptions)
+	if err != nil {
+		return nil, fmt.Errorf("error replacing values in templatePatch: %w", err)
+	}
+
+	return applyTemplatePatch(app, replacedTemplate)
+}
+
 func ignoreNotAllowedNamespaces(namespaces []string) predicate.Predicate {
 	return predicate.Funcs{
 		CreateFunc: func(e event.CreateEvent) bool {
@@ -573,6 +653,10 @@ func (r *ApplicationSetReconciler) createOrUpdateInCluster(ctx context.Context,
 	var firstError error
 	// Creates or updates the application in appList
 	for _, generatedApp := range desiredApplications {
+		// The app's namespace must be the same as the AppSet's namespace to preserve the appsets-in-any-namespace
+		// security boundary.
+		generatedApp.Namespace = applicationSet.Namespace
+
 		appLog := logCtx.WithFields(log.Fields{"app": generatedApp.QualifiedName()})

 		// Normalize to avoid fighting with the application controller.
@@ -844,14 +928,14 @@ func (r *ApplicationSetReconciler) removeFinalizerOnInvalidDestination(ctx conte
 func (r *ApplicationSetReconciler) removeOwnerReferencesOnDeleteAppSet(ctx context.Context, applicationSet argov1alpha1.ApplicationSet) error {
 	applications, err := r.getCurrentApplications(ctx, applicationSet)
 	if err != nil {
-		return fmt.Errorf("error getting current applications for ApplicationSet: %w", err)
+		return err
 	}

 	for _, app := range applications {
 		app.SetOwnerReferences([]metav1.OwnerReference{})
 		err := r.Client.Update(ctx, &app)
 		if err != nil {
-			return fmt.Errorf("error updating application: %w", err)
+			return err
 		}
 	}

@@ -1298,8 +1382,8 @@ func (r *ApplicationSetReconciler) migrateStatus(ctx context.Context, appset *ar
 }

 func (r *ApplicationSetReconciler) updateResourcesStatus(ctx context.Context, logCtx *log.Entry, appset *argov1alpha1.ApplicationSet, apps []argov1alpha1.Application) error {
-	statusMap := status.GetResourceStatusMap(appset)
-	statusMap = status.BuildResourceStatus(statusMap, apps)
+	statusMap := getResourceStatusMap(appset)
+	statusMap = buildResourceStatus(statusMap, apps)

 	statuses := []argov1alpha1.ResourceStatus{}
 	for _, status := range statusMap {
@@ -1324,7 +1408,59 @@ func (r *ApplicationSetReconciler) updateResourcesStatus(ctx context.Context, lo
 	return nil
 }

-// setAppSetApplicationStatus updates the ApplicationSet's status field
+func buildResourceStatus(statusMap map[string]argov1alpha1.ResourceStatus, apps []argov1alpha1.Application) map[string]argov1alpha1.ResourceStatus {
+	appMap := map[string]argov1alpha1.Application{}
+	for _, app := range apps {
+		appCopy := app
+		appMap[app.Name] = app
+
+		gvk := app.GroupVersionKind()
+		// Create status if it does not exist
+		status, ok := statusMap[app.Name]
+		if !ok {
+			status = argov1alpha1.ResourceStatus{
+				Group:     gvk.Group,
+				Version:   gvk.Version,
+				Kind:      gvk.Kind,
+				Name:      app.Name,
+				Namespace: app.Namespace,
+				Status:    app.Status.Sync.Status,
+				Health:    &appCopy.Status.Health,
+			}
+		}
+
+		status.Group = gvk.Group
+		status.Version = gvk.Version
+		status.Kind = gvk.Kind
+		status.Name = app.Name
+		status.Namespace = app.Namespace
+		status.Status = app.Status.Sync.Status
+		status.Health = &appCopy.Status.Health
+
+		statusMap[app.Name] = status
+	}
+	cleanupDeletedApplicationStatuses(statusMap, appMap)
+
+	return statusMap
+}
+
+func getResourceStatusMap(appset *argov1alpha1.ApplicationSet) map[string]argov1alpha1.ResourceStatus {
+	statusMap := map[string]argov1alpha1.ResourceStatus{}
+	for _, status := range appset.Status.Resources {
+		statusMap[status.Name] = status
+	}
+	return statusMap
+}
+
+func cleanupDeletedApplicationStatuses(statusMap map[string]argov1alpha1.ResourceStatus, apps map[string]argov1alpha1.Application) {
+	for name := range statusMap {
+		if _, ok := apps[name]; !ok {
+			delete(statusMap, name)
+		}
+	}
+}
+
+// setApplicationSetApplicationStatus updates the ApplicationSet's status field
 // with any new/changed Application statuses.
 func (r *ApplicationSetReconciler) setAppSetApplicationStatus(ctx context.Context, logCtx *log.Entry, applicationSet *argov1alpha1.ApplicationSet, applicationStatuses []argov1alpha1.ApplicationSetApplicationStatus) error {
 	needToUpdateStatus := false
--- a/applicationset/controllers/applicationset_controller_test.go
+++ b/applicationset/controllers/applicationset_controller_test.go
@@ -9,6 +9,8 @@ import (
 	"testing"
 	"time"

+	"github.com/argoproj/argo-cd/v2/applicationset/generators/mocks"
+
 	log "github.com/sirupsen/logrus"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/mock"
@@ -25,6 +27,7 @@ import (
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/cache"
 	crtcache "sigs.k8s.io/controller-runtime/pkg/cache"
+	"sigs.k8s.io/controller-runtime/pkg/client"
 	crtclient "sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/client/fake"
 	"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
@@ -34,11 +37,11 @@ import (
 	"github.com/argoproj/gitops-engine/pkg/sync/common"

 	"github.com/argoproj/argo-cd/v2/applicationset/generators"
-	"github.com/argoproj/argo-cd/v2/applicationset/generators/mocks"
 	"github.com/argoproj/argo-cd/v2/applicationset/utils"

 	"github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
 	appclientset "github.com/argoproj/argo-cd/v2/pkg/client/clientset/versioned/fake"
+	"github.com/argoproj/argo-cd/v2/util/collections"
 	dbmocks "github.com/argoproj/argo-cd/v2/util/db/mocks"

 	"github.com/argoproj/argo-cd/v2/pkg/apis/application"
@@ -72,6 +75,287 @@ func (f *fakeCache) GetInformer(ctx context.Context, obj crtclient.Object, opt .
 	return &fakeInformer{}, nil
 }

+type generatorMock struct {
+	mock.Mock
+}
+
+func (g *generatorMock) GetTemplate(appSetGenerator *v1alpha1.ApplicationSetGenerator) *v1alpha1.ApplicationSetTemplate {
+	args := g.Called(appSetGenerator)
+
+	return args.Get(0).(*v1alpha1.ApplicationSetTemplate)
+}
+
+func (g *generatorMock) GenerateParams(appSetGenerator *v1alpha1.ApplicationSetGenerator, _ *v1alpha1.ApplicationSet, client client.Client) ([]map[string]interface{}, error) {
+	args := g.Called(appSetGenerator)
+
+	return args.Get(0).([]map[string]interface{}), args.Error(1)
+}
+
+func (g *generatorMock) Replace(tmpl string, replaceMap map[string]interface{}, useGoTemplate bool, goTemplateOptions []string) (string, error) {
+	args := g.Called(tmpl, replaceMap, useGoTemplate, goTemplateOptions)
+
+	return args.Get(0).(string), args.Error(1)
+}
+
+type rendererMock struct {
+	mock.Mock
+}
+
+func (g *generatorMock) GetRequeueAfter(appSetGenerator *v1alpha1.ApplicationSetGenerator) time.Duration {
+	args := g.Called(appSetGenerator)
+
+	return args.Get(0).(time.Duration)
+}
+
+func (r *rendererMock) RenderTemplateParams(tmpl *v1alpha1.Application, syncPolicy *v1alpha1.ApplicationSetSyncPolicy, params map[string]interface{}, useGoTemplate bool, goTemplateOptions []string) (*v1alpha1.Application, error) {
+	args := r.Called(tmpl, params, useGoTemplate, goTemplateOptions)
+
+	if args.Error(1) != nil {
+		return nil, args.Error(1)
+	}
+
+	return args.Get(0).(*v1alpha1.Application), args.Error(1)
+}
+
+func (r *rendererMock) Replace(tmpl string, replaceMap map[string]interface{}, useGoTemplate bool, goTemplateOptions []string) (string, error) {
+	args := r.Called(tmpl, replaceMap, useGoTemplate, goTemplateOptions)
+
+	return args.Get(0).(string), args.Error(1)
+}
+
+func TestExtractApplications(t *testing.T) {
+	scheme := runtime.NewScheme()
+	err := v1alpha1.AddToScheme(scheme)
+	require.NoError(t, err)
+
+	for _, c := range []struct {
+		name                string
+		params              []map[string]interface{}
+		template            v1alpha1.ApplicationSetTemplate
+		generateParamsError error
+		rendererError       error
+		expectErr           bool
+		expectedReason      v1alpha1.ApplicationSetReasonType
+	}{
+		{
+			name:   "Generate two applications",
+			params: []map[string]interface{}{{"name": "app1"}, {"name": "app2"}},
+			template: v1alpha1.ApplicationSetTemplate{
+				ApplicationSetTemplateMeta: v1alpha1.ApplicationSetTemplateMeta{
+					Name:      "name",
+					Namespace: "namespace",
+					Labels:    map[string]string{"label_name": "label_value"},
+				},
+				Spec: v1alpha1.ApplicationSpec{},
+			},
+			expectedReason: "",
+		},
+		{
+			name:                "Handles error from the generator",
+			generateParamsError: fmt.Errorf("error"),
+			expectErr:           true,
+			expectedReason:      v1alpha1.ApplicationSetReasonApplicationParamsGenerationError,
+		},
+		{
+			name:   "Handles error from the render",
+			params: []map[string]interface{}{{"name": "app1"}, {"name": "app2"}},
+			template: v1alpha1.ApplicationSetTemplate{
+				ApplicationSetTemplateMeta: v1alpha1.ApplicationSetTemplateMeta{
+					Name:      "name",
+					Namespace: "namespace",
+					Labels:    map[string]string{"label_name": "label_value"},
+				},
+				Spec: v1alpha1.ApplicationSpec{},
+			},
+			rendererError:  fmt.Errorf("error"),
+			expectErr:      true,
+			expectedReason: v1alpha1.ApplicationSetReasonRenderTemplateParamsError,
+		},
+	} {
+		cc := c
+		app := v1alpha1.Application{
+			ObjectMeta: metav1.ObjectMeta{
+				Name: "test",
+			},
+		}
+
+		t.Run(cc.name, func(t *testing.T) {
+			appSet := &v1alpha1.ApplicationSet{
+				ObjectMeta: metav1.ObjectMeta{
+					Name:      "name",
+					Namespace: "namespace",
+				},
+			}
+
+			client := fake.NewClientBuilder().WithScheme(scheme).WithObjects(appSet).Build()
+
+			generatorMock := generatorMock{}
+			generator := v1alpha1.ApplicationSetGenerator{
+				List: &v1alpha1.ListGenerator{},
+			}
+
+			generatorMock.On("GenerateParams", &generator).
+				Return(cc.params, cc.generateParamsError)
+
+			generatorMock.On("GetTemplate", &generator).
+				Return(&v1alpha1.ApplicationSetTemplate{})
+
+			rendererMock := rendererMock{}
+
+			var expectedApps []v1alpha1.Application
+
+			if cc.generateParamsError == nil {
+				for _, p := range cc.params {
+					if cc.rendererError != nil {
+						rendererMock.On("RenderTemplateParams", getTempApplication(cc.template), p, false, []string(nil)).
+							Return(nil, cc.rendererError)
+					} else {
+						rendererMock.On("RenderTemplateParams", getTempApplication(cc.template), p, false, []string(nil)).
+							Return(&app, nil)
+						expectedApps = append(expectedApps, app)
+					}
+				}
+			}
+
+			r := ApplicationSetReconciler{
+				Client:   client,
+				Scheme:   scheme,
+				Recorder: record.NewFakeRecorder(1),
+				Generators: map[string]generators.Generator{
+					"List": &generatorMock,
+				},
+				Renderer:      &rendererMock,
+				KubeClientset: kubefake.NewSimpleClientset(),
+				Cache:         &fakeCache{},
+			}
+
+			got, reason, err := r.generateApplications(log.NewEntry(log.StandardLogger()), v1alpha1.ApplicationSet{
+				ObjectMeta: metav1.ObjectMeta{
+					Name:      "name",
+					Namespace: "namespace",
+				},
+				Spec: v1alpha1.ApplicationSetSpec{
+					Generators: []v1alpha1.ApplicationSetGenerator{generator},
+					Template:   cc.template,
+				},
+			})
+
+			if cc.expectErr {
+				require.Error(t, err)
+			} else {
+				require.NoError(t, err)
+			}
+			assert.Equal(t, expectedApps, got)
+			assert.Equal(t, cc.expectedReason, reason)
+			generatorMock.AssertNumberOfCalls(t, "GenerateParams", 1)
+
+			if cc.generateParamsError == nil {
+				rendererMock.AssertNumberOfCalls(t, "RenderTemplateParams", len(cc.params))
+			}
+		})
+	}
+}
+
+func TestMergeTemplateApplications(t *testing.T) {
+	scheme := runtime.NewScheme()
+	_ = v1alpha1.AddToScheme(scheme)
+	_ = v1alpha1.AddToScheme(scheme)
+
+	client := fake.NewClientBuilder().WithScheme(scheme).Build()
+
+	for _, c := range []struct {
+		name             string
+		params           []map[string]interface{}
+		template         v1alpha1.ApplicationSetTemplate
+		overrideTemplate v1alpha1.ApplicationSetTemplate
+		expectedMerged   v1alpha1.ApplicationSetTemplate
+		expectedApps     []v1alpha1.Application
+	}{
+		{
+			name:   "Generate app",
+			params: []map[string]interface{}{{"name": "app1"}},
+			template: v1alpha1.ApplicationSetTemplate{
+				ApplicationSetTemplateMeta: v1alpha1.ApplicationSetTemplateMeta{
+					Name:      "name",
+					Namespace: "namespace",
+					Labels:    map[string]string{"label_name": "label_value"},
+				},
+				Spec: v1alpha1.ApplicationSpec{},
+			},
+			overrideTemplate: v1alpha1.ApplicationSetTemplate{
+				ApplicationSetTemplateMeta: v1alpha1.ApplicationSetTemplateMeta{
+					Name:   "test",
+					Labels: map[string]string{"foo": "bar"},
+				},
+				Spec: v1alpha1.ApplicationSpec{},
+			},
+			expectedMerged: v1alpha1.ApplicationSetTemplate{
+				ApplicationSetTemplateMeta: v1alpha1.ApplicationSetTemplateMeta{
+					Name:      "test",
+					Namespace: "namespace",
+					Labels:    map[string]string{"label_name": "label_value", "foo": "bar"},
+				},
+				Spec: v1alpha1.ApplicationSpec{},
+			},
+			expectedApps: []v1alpha1.Application{
+				{
+					ObjectMeta: metav1.ObjectMeta{
+						Name:      "test",
+						Namespace: "test",
+						Labels:    map[string]string{"foo": "bar"},
+					},
+					Spec: v1alpha1.ApplicationSpec{},
+				},
+			},
+		},
+	} {
+		cc := c
+
+		t.Run(cc.name, func(t *testing.T) {
+			generatorMock := generatorMock{}
+			generator := v1alpha1.ApplicationSetGenerator{
+				List: &v1alpha1.ListGenerator{},
+			}
+
+			generatorMock.On("GenerateParams", &generator).
+				Return(cc.params, nil)
+
+			generatorMock.On("GetTemplate", &generator).
+				Return(&cc.overrideTemplate)
+
+			rendererMock := rendererMock{}
+
+			rendererMock.On("RenderTemplateParams", getTempApplication(cc.expectedMerged), cc.params[0], false, []string(nil)).
+				Return(&cc.expectedApps[0], nil)
+
+			r := ApplicationSetReconciler{
+				Client:   client,
+				Scheme:   scheme,
+				Recorder: record.NewFakeRecorder(1),
+				Generators: map[string]generators.Generator{
+					"List": &generatorMock,
+				},
+				Renderer:      &rendererMock,
+				KubeClientset: kubefake.NewSimpleClientset(),
+			}
+
+			got, _, _ := r.generateApplications(log.NewEntry(log.StandardLogger()), v1alpha1.ApplicationSet{
+				ObjectMeta: metav1.ObjectMeta{
+					Name:      "name",
+					Namespace: "namespace",
+				},
+				Spec: v1alpha1.ApplicationSetSpec{
+					Generators: []v1alpha1.ApplicationSetGenerator{generator},
+					Template:   cc.template,
+				},
+			},
+			)
+
+			assert.Equal(t, cc.expectedApps, got)
+		})
+	}
+}
+
 func TestCreateOrUpdateInCluster(t *testing.T) {
 	scheme := runtime.NewScheme()
 	err := v1alpha1.AddToScheme(scheme)
@@ -104,10 +388,8 @@ func TestCreateOrUpdateInCluster(t *testing.T) {
 			desiredApps: []v1alpha1.Application{
 				{
 					ObjectMeta: metav1.ObjectMeta{
-						Name:      "app1",
-						Namespace: "namespace",
+						Name: "app1",
 					},
-					Spec: v1alpha1.ApplicationSpec{Project: "default"},
 				},
 			},
 			expected: []v1alpha1.Application{
@@ -159,8 +441,7 @@ func TestCreateOrUpdateInCluster(t *testing.T) {
 			desiredApps: []v1alpha1.Application{
 				{
 					ObjectMeta: metav1.ObjectMeta{
-						Name:      "app1",
-						Namespace: "namespace",
+						Name: "app1",
 					},
 					Spec: v1alpha1.ApplicationSpec{
 						Project: "project",
@@ -218,8 +499,7 @@ func TestCreateOrUpdateInCluster(t *testing.T) {
 			desiredApps: []v1alpha1.Application{
 				{
 					ObjectMeta: metav1.ObjectMeta{
-						Name:      "app2",
-						Namespace: "namespace",
+						Name: "app2",
 					},
 					Spec: v1alpha1.ApplicationSpec{
 						Project: "project",
@@ -278,7 +558,6 @@ func TestCreateOrUpdateInCluster(t *testing.T) {
 				{
 					ObjectMeta: metav1.ObjectMeta{
 						Name:        "app1",
-						Namespace:   "namespace",
 						Labels:      map[string]string{"label-key": "label-value"},
 						Annotations: map[string]string{"annot-key": "annot-value"},
 					},
@@ -342,8 +621,7 @@ func TestCreateOrUpdateInCluster(t *testing.T) {
 			desiredApps: []v1alpha1.Application{
 				{
 					ObjectMeta: metav1.ObjectMeta{
-						Name:      "app1",
-						Namespace: "namespace",
+						Name: "app1",
 					},
 					Spec: v1alpha1.ApplicationSpec{
 						Project: "project",
@@ -409,8 +687,7 @@ func TestCreateOrUpdateInCluster(t *testing.T) {
 			desiredApps: []v1alpha1.Application{
 				{
 					ObjectMeta: metav1.ObjectMeta{
-						Name:      "app1",
-						Namespace: "namespace",
+						Name: "app1",
 					},
 					Spec: v1alpha1.ApplicationSpec{
 						Project: "project",
@@ -483,7 +760,6 @@ func TestCreateOrUpdateInCluster(t *testing.T) {
 				{
 					ObjectMeta: metav1.ObjectMeta{
 						Name:        "app1",
-						Namespace:   "namespace",
 						Labels:      map[string]string{"label-key": "label-value"},
 						Annotations: map[string]string{"annot-key": "annot-value"},
 					},
@@ -561,8 +837,7 @@ func TestCreateOrUpdateInCluster(t *testing.T) {
 			desiredApps: []v1alpha1.Application{
 				{
 					ObjectMeta: metav1.ObjectMeta{
-						Name:      "app1",
-						Namespace: "namespace",
+						Name: "app1",
 					},
 					Spec: v1alpha1.ApplicationSpec{
 						Project: "project",
@@ -631,8 +906,7 @@ func TestCreateOrUpdateInCluster(t *testing.T) {
 			desiredApps: []v1alpha1.Application{
 				{
 					ObjectMeta: metav1.ObjectMeta{
-						Name:      "app1",
-						Namespace: "namespace",
+						Name: "app1",
 					},
 					Spec: v1alpha1.ApplicationSpec{
 						Project: "project",
@@ -682,8 +956,7 @@ func TestCreateOrUpdateInCluster(t *testing.T) {
 			desiredApps: []v1alpha1.Application{
 				{
 					ObjectMeta: metav1.ObjectMeta{
-						Name:      "app1",
-						Namespace: "namespace",
+						Name: "app1",
 					},
 					Spec: v1alpha1.ApplicationSpec{
 						Project: "project",
@@ -761,8 +1034,7 @@ func TestCreateOrUpdateInCluster(t *testing.T) {
 			desiredApps: []v1alpha1.Application{
 				{
 					ObjectMeta: metav1.ObjectMeta{
-						Name:      "app1",
-						Namespace: "namespace",
+						Name: "app1",
 					},
 					Spec: v1alpha1.ApplicationSpec{
 						Project: "project",
@@ -865,8 +1137,7 @@ func TestCreateOrUpdateInCluster(t *testing.T) {
 			desiredApps: []v1alpha1.Application{
 				{
 					ObjectMeta: metav1.ObjectMeta{
-						Name:      "app1",
-						Namespace: "namespace",
+						Name: "app1",
 					},
 					Spec: v1alpha1.ApplicationSpec{
 						Project: "project",
@@ -967,8 +1238,7 @@ func TestCreateOrUpdateInCluster(t *testing.T) {
 			desiredApps: []v1alpha1.Application{
 				{
 					ObjectMeta: metav1.ObjectMeta{
-						Name:      "app1",
-						Namespace: "namespace",
+						Name: "app1",
 					},
 					Spec: v1alpha1.ApplicationSpec{
 						Project: "project",
@@ -1049,8 +1319,7 @@ func TestCreateOrUpdateInCluster(t *testing.T) {
 			desiredApps: []v1alpha1.Application{
 				{
 					ObjectMeta: metav1.ObjectMeta{
-						Name:      "app1",
-						Namespace: "namespace",
+						Name: "app1",
 					},
 					Spec: v1alpha1.ApplicationSpec{
 						Project: "project",
@@ -1494,8 +1763,7 @@ func TestCreateApplications(t *testing.T) {
 			apps: []v1alpha1.Application{
 				{
 					ObjectMeta: metav1.ObjectMeta{
-						Name:      "app1",
-						Namespace: "namespace",
+						Name: "app1",
 					},
 				},
 			},
@@ -1550,8 +1818,7 @@ func TestCreateApplications(t *testing.T) {
 			apps: []v1alpha1.Application{
 				{
 					ObjectMeta: metav1.ObjectMeta{
-						Name:      "app1",
-						Namespace: "namespace",
+						Name: "app1",
 					},
 					Spec: v1alpha1.ApplicationSpec{
 						Project: "project",
@@ -1609,8 +1876,7 @@ func TestCreateApplications(t *testing.T) {
 			apps: []v1alpha1.Application{
 				{
 					ObjectMeta: metav1.ObjectMeta{
-						Name:      "app2",
-						Namespace: "namespace",
+						Name: "app2",
 					},
 					Spec: v1alpha1.ApplicationSpec{
 						Project: "project",
@@ -1842,15 +2108,15 @@ func TestGetMinRequeueAfter(t *testing.T) {
 		Clusters: &v1alpha1.ClusterGenerator{},
 	}

-	generatorMock0 := mocks.Generator{}
+	generatorMock0 := generatorMock{}
 	generatorMock0.On("GetRequeueAfter", &generator).
 		Return(generators.NoRequeueAfter)

-	generatorMock1 := mocks.Generator{}
+	generatorMock1 := generatorMock{}
 	generatorMock1.On("GetRequeueAfter", &generator).
 		Return(time.Duration(1) * time.Second)

-	generatorMock10 := mocks.Generator{}
+	generatorMock10 := generatorMock{}
 	generatorMock10.On("GetRequeueAfter", &generator).
 		Return(time.Duration(10) * time.Second)

@@ -2637,6 +2903,120 @@ func TestDeletePerformedWithSyncPolicyCreateOnlyAndAllowPolicyOverrideFalse(t *t
 	assert.Empty(t, apps.Items)
 }

+// Test app generation from a go template application set using a pull request generator
+func TestGenerateAppsUsingPullRequestGenerator(t *testing.T) {
+	scheme := runtime.NewScheme()
+	client := fake.NewClientBuilder().WithScheme(scheme).Build()
+
+	for _, cases := range []struct {
+		name        string
+		params      []map[string]interface{}
+		template    v1alpha1.ApplicationSetTemplate
+		expectedApp []v1alpha1.Application
+	}{
+		{
+			name: "Generate an application from a go template application set manifest using a pull request generator",
+			params: []map[string]interface{}{
+				{
+					"number":                                "1",
+					"branch":                                "branch1",
+					"branch_slug":                           "branchSlug1",
+					"head_sha":                              "089d92cbf9ff857a39e6feccd32798ca700fb958",
+					"head_short_sha":                        "089d92cb",
+					"branch_slugify_default":                "feat/a_really+long_pull_request_name_to_test_argo_slugification_and_branch_name_shortening_feature",
+					"branch_slugify_smarttruncate_disabled": "feat/areallylongpullrequestnametotestargoslugificationandbranchnameshorteningfeature",
+					"branch_slugify_smarttruncate_enabled":  "feat/testwithsmarttruncateenabledramdomlonglistofcharacters",
+					"labels":                                []string{"label1"},
+				},
+			},
+			template: v1alpha1.ApplicationSetTemplate{
+				ApplicationSetTemplateMeta: v1alpha1.ApplicationSetTemplateMeta{
+					Name: "AppSet-{{.branch}}-{{.number}}",
+					Labels: map[string]string{
+						"app1":         "{{index .labels 0}}",
+						"branch-test1": "AppSet-{{.branch_slugify_default | slugify }}",
+						"branch-test2": "AppSet-{{.branch_slugify_smarttruncate_disabled | slugify 49 false }}",
+						"branch-test3": "AppSet-{{.branch_slugify_smarttruncate_enabled | slugify 50 true }}",
+					},
+				},
+				Spec: v1alpha1.ApplicationSpec{
+					Source: &v1alpha1.ApplicationSource{
+						RepoURL:        "https://testurl/testRepo",
+						TargetRevision: "{{.head_short_sha}}",
+					},
+					Destination: v1alpha1.ApplicationDestination{
+						Server:    "https://kubernetes.default.svc",
+						Namespace: "AppSet-{{.branch_slug}}-{{.head_sha}}",
+					},
+				},
+			},
+			expectedApp: []v1alpha1.Application{
+				{
+					ObjectMeta: metav1.ObjectMeta{
+						Name: "AppSet-branch1-1",
+						Labels: map[string]string{
+							"app1":         "label1",
+							"branch-test1": "AppSet-feat-a-really-long-pull-request-name-to-test-argo",
+							"branch-test2": "AppSet-feat-areallylongpullrequestnametotestargoslugific",
+							"branch-test3": "AppSet-feat",
+						},
+					},
+					Spec: v1alpha1.ApplicationSpec{
+						Source: &v1alpha1.ApplicationSource{
+							RepoURL:        "https://testurl/testRepo",
+							TargetRevision: "089d92cb",
+						},
+						Destination: v1alpha1.ApplicationDestination{
+							Server:    "https://kubernetes.default.svc",
+							Namespace: "AppSet-branchSlug1-089d92cbf9ff857a39e6feccd32798ca700fb958",
+						},
+					},
+				},
+			},
+		},
+	} {
+		t.Run(cases.name, func(t *testing.T) {
+			generatorMock := generatorMock{}
+			generator := v1alpha1.ApplicationSetGenerator{
+				PullRequest: &v1alpha1.PullRequestGenerator{},
+			}
+
+			generatorMock.On("GenerateParams", &generator).
+				Return(cases.params, nil)
+
+			generatorMock.On("GetTemplate", &generator).
+				Return(&cases.template, nil)
+
+			appSetReconciler := ApplicationSetReconciler{
+				Client:   client,
+				Scheme:   scheme,
+				Recorder: record.NewFakeRecorder(1),
+				Cache:    &fakeCache{},
+				Generators: map[string]generators.Generator{
+					"PullRequest": &generatorMock,
+				},
+				Renderer:      &utils.Render{},
+				KubeClientset: kubefake.NewSimpleClientset(),
+			}
+
+			gotApp, _, _ := appSetReconciler.generateApplications(log.NewEntry(log.StandardLogger()), v1alpha1.ApplicationSet{
+				Spec: v1alpha1.ApplicationSetSpec{
+					GoTemplate: true,
+					Generators: []v1alpha1.ApplicationSetGenerator{{
+						PullRequest: &v1alpha1.PullRequestGenerator{},
+					}},
+					Template: cases.template,
+				},
+			},
+			)
+			assert.EqualValues(t, cases.expectedApp[0].ObjectMeta.Name, gotApp[0].ObjectMeta.Name)
+			assert.EqualValues(t, cases.expectedApp[0].Spec.Source.TargetRevision, gotApp[0].Spec.Source.TargetRevision)
+			assert.EqualValues(t, cases.expectedApp[0].Spec.Destination.Namespace, gotApp[0].Spec.Destination.Namespace)
+			assert.True(t, collections.StringMapsEqual(cases.expectedApp[0].ObjectMeta.Labels, gotApp[0].ObjectMeta.Labels))
+		})
+	}
+}
+
 func TestPolicies(t *testing.T) {
 	scheme := runtime.NewScheme()
 	err := v1alpha1.AddToScheme(scheme)
--- a/applicationset/controllers/requeue_after_test.go
+++ b/applicationset/controllers/requeue_after_test.go
@@ -56,14 +56,14 @@ func TestRequeueAfter(t *testing.T) {
 		},
 	}
 	fakeDynClient := dynfake.NewSimpleDynamicClientWithCustomListKinds(runtime.NewScheme(), gvrToListKind, duckType)
-	scmConfig := generators.NewSCMConfig("", []string{""}, true, nil)
+
 	terminalGenerators := map[string]generators.Generator{
 		"List":                    generators.NewListGenerator(),
 		"Clusters":                generators.NewClusterGenerator(k8sClient, ctx, appClientset, "argocd"),
 		"Git":                     generators.NewGitGenerator(mockServer),
-		"SCMProvider":             generators.NewSCMProviderGenerator(fake.NewClientBuilder().WithObjects(&corev1.Secret{}).Build(), scmConfig),
+		"SCMProvider":             generators.NewSCMProviderGenerator(fake.NewClientBuilder().WithObjects(&corev1.Secret{}).Build(), generators.SCMAuthProviders{}, "", []string{""}, true),
 		"ClusterDecisionResource": generators.NewDuckTypeGenerator(ctx, fakeDynClient, appClientset, "argocd"),
-		"PullRequest":             generators.NewPullRequestGenerator(k8sClient, scmConfig),
+		"PullRequest":             generators.NewPullRequestGenerator(k8sClient, generators.SCMAuthProviders{}, "", []string{""}, true),
 	}

 	nestedGenerators := map[string]generators.Generator{
--- a/applicationset/controllers/template/template.go
+++ b/applicationset/controllers/template/template.go
@@ -1,99 +0,0 @@
-package template
-
-import (
-	"fmt"
-
-	"sigs.k8s.io/controller-runtime/pkg/client"
-
-	log "github.com/sirupsen/logrus"
-
-	"github.com/argoproj/argo-cd/v2/applicationset/generators"
-	"github.com/argoproj/argo-cd/v2/applicationset/utils"
-
-	argov1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
-)
-
-func GenerateApplications(logCtx *log.Entry, applicationSetInfo argov1alpha1.ApplicationSet, g map[string]generators.Generator, renderer utils.Renderer, client client.Client) ([]argov1alpha1.Application, argov1alpha1.ApplicationSetReasonType, error) {
-	var res []argov1alpha1.Application
-
-	var firstError error
-	var applicationSetReason argov1alpha1.ApplicationSetReasonType
-
-	for _, requestedGenerator := range applicationSetInfo.Spec.Generators {
-		t, err := generators.Transform(requestedGenerator, g, applicationSetInfo.Spec.Template, &applicationSetInfo, map[string]interface{}{}, client)
-		if err != nil {
-			logCtx.WithError(err).WithField("generator", requestedGenerator).
-				Error("error generating application from params")
-			if firstError == nil {
-				firstError = err
-				applicationSetReason = argov1alpha1.ApplicationSetReasonApplicationParamsGenerationError
-			}
-			continue
-		}
-
-		for _, a := range t {
-			tmplApplication := GetTempApplication(a.Template)
-
-			for _, p := range a.Params {
-				app, err := renderer.RenderTemplateParams(tmplApplication, applicationSetInfo.Spec.SyncPolicy, p, applicationSetInfo.Spec.GoTemplate, applicationSetInfo.Spec.GoTemplateOptions)
-				if err != nil {
-					logCtx.WithError(err).WithField("params", a.Params).WithField("generator", requestedGenerator).
-						Error("error generating application from params")
-
-					if firstError == nil {
-						firstError = err
-						applicationSetReason = argov1alpha1.ApplicationSetReasonRenderTemplateParamsError
-					}
-					continue
-				}
-
-				if applicationSetInfo.Spec.TemplatePatch != nil {
-					patchedApplication, err := renderTemplatePatch(renderer, app, applicationSetInfo, p)
-					if err != nil {
-						log.WithError(err).WithField("params", a.Params).WithField("generator", requestedGenerator).
-							Error("error generating application from params")
-
-						if firstError == nil {
-							firstError = err
-							applicationSetReason = argov1alpha1.ApplicationSetReasonRenderTemplateParamsError
-						}
-						continue
-					}
-
-					app = patchedApplication
-				}
-
-				// The app's namespace must be the same as the AppSet's namespace to preserve the appsets-in-any-namespace
-				// security boundary.
-				app.Namespace = applicationSetInfo.Namespace
-				res = append(res, *app)
-			}
-		}
-
-		logCtx.WithField("generator", requestedGenerator).Infof("generated %d applications", len(res))
-		logCtx.WithField("generator", requestedGenerator).Debugf("apps from generator: %+v", res)
-	}
-
-	return res, applicationSetReason, firstError
-}
-
-func renderTemplatePatch(r utils.Renderer, app *argov1alpha1.Application, applicationSetInfo argov1alpha1.ApplicationSet, params map[string]interface{}) (*argov1alpha1.Application, error) {
-	replacedTemplate, err := r.Replace(*applicationSetInfo.Spec.TemplatePatch, params, applicationSetInfo.Spec.GoTemplate, applicationSetInfo.Spec.GoTemplateOptions)
-	if err != nil {
-		return nil, fmt.Errorf("error replacing values in templatePatch: %w", err)
-	}
-
-	return applyTemplatePatch(app, replacedTemplate)
-}
-
-func GetTempApplication(applicationSetTemplate argov1alpha1.ApplicationSetTemplate) *argov1alpha1.Application {
-	var tmplApplication argov1alpha1.Application
-	tmplApplication.Annotations = applicationSetTemplate.Annotations
-	tmplApplication.Labels = applicationSetTemplate.Labels
-	tmplApplication.Namespace = applicationSetTemplate.Namespace
-	tmplApplication.Name = applicationSetTemplate.Name
-	tmplApplication.Spec = applicationSetTemplate.Spec
-	tmplApplication.Finalizers = applicationSetTemplate.Finalizers
-
-	return &tmplApplication
-}
--- a/applicationset/controllers/template/template_test.go
+++ b/applicationset/controllers/template/template_test.go
@@ -1,350 +0,0 @@
-package template
-
-import (
-	"fmt"
-	"testing"
-
-	"github.com/stretchr/testify/mock"
-	"github.com/stretchr/testify/require"
-
-	log "github.com/sirupsen/logrus"
-	"github.com/stretchr/testify/assert"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/apimachinery/pkg/runtime"
-
-	"github.com/argoproj/argo-cd/v2/applicationset/generators"
-	genmock "github.com/argoproj/argo-cd/v2/applicationset/generators/mocks"
-	"github.com/argoproj/argo-cd/v2/applicationset/utils"
-	rendmock "github.com/argoproj/argo-cd/v2/applicationset/utils/mocks"
-	"github.com/argoproj/argo-cd/v2/pkg/apis/application"
-	"github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
-	"github.com/argoproj/argo-cd/v2/util/collections"
-)
-
-func TestGenerateApplications(t *testing.T) {
-	scheme := runtime.NewScheme()
-	err := v1alpha1.AddToScheme(scheme)
-	require.NoError(t, err)
-
-	err = v1alpha1.AddToScheme(scheme)
-	require.NoError(t, err)
-
-	for _, c := range []struct {
-		name                string
-		params              []map[string]interface{}
-		template            v1alpha1.ApplicationSetTemplate
-		generateParamsError error
-		rendererError       error
-		expectErr           bool
-		expectedReason      v1alpha1.ApplicationSetReasonType
-	}{
-		{
-			name:   "Generate two applications",
-			params: []map[string]interface{}{{"name": "app1"}, {"name": "app2"}},
-			template: v1alpha1.ApplicationSetTemplate{
-				ApplicationSetTemplateMeta: v1alpha1.ApplicationSetTemplateMeta{
-					Name:      "name",
-					Namespace: "namespace",
-					Labels:    map[string]string{"label_name": "label_value"},
-				},
-				Spec: v1alpha1.ApplicationSpec{},
-			},
-			expectedReason: "",
-		},
-		{
-			name:                "Handles error from the generator",
-			generateParamsError: fmt.Errorf("error"),
-			expectErr:           true,
-			expectedReason:      v1alpha1.ApplicationSetReasonApplicationParamsGenerationError,
-		},
-		{
-			name:   "Handles error from the render",
-			params: []map[string]interface{}{{"name": "app1"}, {"name": "app2"}},
-			template: v1alpha1.ApplicationSetTemplate{
-				ApplicationSetTemplateMeta: v1alpha1.ApplicationSetTemplateMeta{
-					Name:      "name",
-					Namespace: "namespace",
-					Labels:    map[string]string{"label_name": "label_value"},
-				},
-				Spec: v1alpha1.ApplicationSpec{},
-			},
-			rendererError:  fmt.Errorf("error"),
-			expectErr:      true,
-			expectedReason: v1alpha1.ApplicationSetReasonRenderTemplateParamsError,
-		},
-	} {
-		cc := c
-		app := v1alpha1.Application{
-			ObjectMeta: metav1.ObjectMeta{
-				Name:      "test",
-				Namespace: "namespace",
-			},
-			TypeMeta: metav1.TypeMeta{
-				Kind:       application.ApplicationKind,
-				APIVersion: "argoproj.io/v1alpha1",
-			},
-		}
-
-		t.Run(cc.name, func(t *testing.T) {
-			generatorMock := genmock.Generator{}
-			generator := v1alpha1.ApplicationSetGenerator{
-				List: &v1alpha1.ListGenerator{},
-			}
-
-			generatorMock.On("GenerateParams", &generator, mock.AnythingOfType("*v1alpha1.ApplicationSet"), mock.Anything).
-				Return(cc.params, cc.generateParamsError)
-
-			generatorMock.On("GetTemplate", &generator).
-				Return(&v1alpha1.ApplicationSetTemplate{})
-
-			rendererMock := rendmock.Renderer{}
-
-			var expectedApps []v1alpha1.Application
-
-			if cc.generateParamsError == nil {
-				for _, p := range cc.params {
-					if cc.rendererError != nil {
-						rendererMock.On("RenderTemplateParams", GetTempApplication(cc.template), mock.AnythingOfType("*v1alpha1.ApplicationSetSyncPolicy"), p, false, []string(nil)).
-							Return(nil, cc.rendererError)
-					} else {
-						rendererMock.On("RenderTemplateParams", GetTempApplication(cc.template), mock.AnythingOfType("*v1alpha1.ApplicationSetSyncPolicy"), p, false, []string(nil)).
-							Return(&app, nil)
-						expectedApps = append(expectedApps, app)
-					}
-				}
-			}
-
-			generators := map[string]generators.Generator{
-				"List": &generatorMock,
-			}
-			renderer := &rendererMock
-
-			got, reason, err := GenerateApplications(log.NewEntry(log.StandardLogger()), v1alpha1.ApplicationSet{
-				ObjectMeta: metav1.ObjectMeta{
-					Name:      "name",
-					Namespace: "namespace",
-				},
-				Spec: v1alpha1.ApplicationSetSpec{
-					Generators: []v1alpha1.ApplicationSetGenerator{generator},
-					Template:   cc.template,
-				},
-			},
-				generators,
-				renderer,
-				nil,
-			)
-
-			if cc.expectErr {
-				require.Error(t, err)
-			} else {
-				require.NoError(t, err)
-			}
-			assert.Equal(t, expectedApps, got)
-			assert.Equal(t, cc.expectedReason, reason)
-			generatorMock.AssertNumberOfCalls(t, "GenerateParams", 1)
-
-			if cc.generateParamsError == nil {
-				rendererMock.AssertNumberOfCalls(t, "RenderTemplateParams", len(cc.params))
-			}
-		})
-	}
-}
-
-func TestMergeTemplateApplications(t *testing.T) {
-	for _, c := range []struct {
-		name             string
-		params           []map[string]interface{}
-		template         v1alpha1.ApplicationSetTemplate
-		overrideTemplate v1alpha1.ApplicationSetTemplate
-		expectedMerged   v1alpha1.ApplicationSetTemplate
-		expectedApps     []v1alpha1.Application
-	}{
-		{
-			name:   "Generate app",
-			params: []map[string]interface{}{{"name": "app1"}},
-			template: v1alpha1.ApplicationSetTemplate{
-				ApplicationSetTemplateMeta: v1alpha1.ApplicationSetTemplateMeta{
-					Name:      "name",
-					Namespace: "namespace",
-					Labels:    map[string]string{"label_name": "label_value"},
-				},
-				Spec: v1alpha1.ApplicationSpec{},
-			},
-			overrideTemplate: v1alpha1.ApplicationSetTemplate{
-				ApplicationSetTemplateMeta: v1alpha1.ApplicationSetTemplateMeta{
-					Name:   "test",
-					Labels: map[string]string{"foo": "bar"},
-				},
-				Spec: v1alpha1.ApplicationSpec{},
-			},
-			expectedMerged: v1alpha1.ApplicationSetTemplate{
-				ApplicationSetTemplateMeta: v1alpha1.ApplicationSetTemplateMeta{
-					Name:      "test",
-					Namespace: "namespace",
-					Labels:    map[string]string{"label_name": "label_value", "foo": "bar"},
-				},
-				Spec: v1alpha1.ApplicationSpec{},
-			},
-			expectedApps: []v1alpha1.Application{
-				{
-					ObjectMeta: metav1.ObjectMeta{
-						Name:      "test",
-						Namespace: "test",
-						Labels:    map[string]string{"foo": "bar"},
-					},
-					Spec: v1alpha1.ApplicationSpec{},
-				},
-			},
-		},
-	} {
-		cc := c
-
-		t.Run(cc.name, func(t *testing.T) {
-			generatorMock := genmock.Generator{}
-			generator := v1alpha1.ApplicationSetGenerator{
-				List: &v1alpha1.ListGenerator{},
-			}
-
-			generatorMock.On("GenerateParams", &generator, mock.AnythingOfType("*v1alpha1.ApplicationSet"), mock.Anything).
-				Return(cc.params, nil)
-
-			generatorMock.On("GetTemplate", &generator).
-				Return(&cc.overrideTemplate)
-
-			rendererMock := rendmock.Renderer{}
-
-			rendererMock.On("RenderTemplateParams", GetTempApplication(cc.expectedMerged), mock.AnythingOfType("*v1alpha1.ApplicationSetSyncPolicy"), cc.params[0], false, []string(nil)).
-				Return(&cc.expectedApps[0], nil)
-
-			generators := map[string]generators.Generator{
-				"List": &generatorMock,
-			}
-			renderer := &rendererMock
-
-			got, _, _ := GenerateApplications(log.NewEntry(log.StandardLogger()), v1alpha1.ApplicationSet{
-				ObjectMeta: metav1.ObjectMeta{
-					Name:      "name",
-					Namespace: "namespace",
-				},
-				Spec: v1alpha1.ApplicationSetSpec{
-					Generators: []v1alpha1.ApplicationSetGenerator{generator},
-					Template:   cc.template,
-				},
-			},
-				generators,
-				renderer,
-				nil,
-			)
-
-			assert.Equal(t, cc.expectedApps, got)
-		})
-	}
-}
-
-// Test app generation from a go template application set using a pull request generator
-func TestGenerateAppsUsingPullRequestGenerator(t *testing.T) {
-	for _, cases := range []struct {
-		name        string
-		params      []map[string]interface{}
-		template    v1alpha1.ApplicationSetTemplate
-		expectedApp []v1alpha1.Application
-	}{
-		{
-			name: "Generate an application from a go template application set manifest using a pull request generator",
-			params: []map[string]interface{}{
-				{
-					"number":                                "1",
-					"title":                                 "title1",
-					"branch":                                "branch1",
-					"branch_slug":                           "branchSlug1",
-					"head_sha":                              "089d92cbf9ff857a39e6feccd32798ca700fb958",
-					"head_short_sha":                        "089d92cb",
-					"branch_slugify_default":                "feat/a_really+long_pull_request_name_to_test_argo_slugification_and_branch_name_shortening_feature",
-					"branch_slugify_smarttruncate_disabled": "feat/areallylongpullrequestnametotestargoslugificationandbranchnameshorteningfeature",
-					"branch_slugify_smarttruncate_enabled":  "feat/testwithsmarttruncateenabledramdomlonglistofcharacters",
-					"labels":                                []string{"label1"},
-				},
-			},
-			template: v1alpha1.ApplicationSetTemplate{
-				ApplicationSetTemplateMeta: v1alpha1.ApplicationSetTemplateMeta{
-					Name: "AppSet-{{.branch}}-{{.number}}",
-					Labels: map[string]string{
-						"app1":         "{{index .labels 0}}",
-						"branch-test1": "AppSet-{{.branch_slugify_default | slugify }}",
-						"branch-test2": "AppSet-{{.branch_slugify_smarttruncate_disabled | slugify 49 false }}",
-						"branch-test3": "AppSet-{{.branch_slugify_smarttruncate_enabled | slugify 50 true }}",
-					},
-				},
-				Spec: v1alpha1.ApplicationSpec{
-					Source: &v1alpha1.ApplicationSource{
-						RepoURL:        "https://testurl/testRepo",
-						TargetRevision: "{{.head_short_sha}}",
-					},
-					Destination: v1alpha1.ApplicationDestination{
-						Server:    "https://kubernetes.default.svc",
-						Namespace: "AppSet-{{.branch_slug}}-{{.head_sha}}",
-					},
-				},
-			},
-			expectedApp: []v1alpha1.Application{
-				{
-					ObjectMeta: metav1.ObjectMeta{
-						Name: "AppSet-branch1-1",
-						Labels: map[string]string{
-							"app1":         "label1",
-							"branch-test1": "AppSet-feat-a-really-long-pull-request-name-to-test-argo",
-							"branch-test2": "AppSet-feat-areallylongpullrequestnametotestargoslugific",
-							"branch-test3": "AppSet-feat",
-						},
-					},
-					Spec: v1alpha1.ApplicationSpec{
-						Source: &v1alpha1.ApplicationSource{
-							RepoURL:        "https://testurl/testRepo",
-							TargetRevision: "089d92cb",
-						},
-						Destination: v1alpha1.ApplicationDestination{
-							Server:    "https://kubernetes.default.svc",
-							Namespace: "AppSet-branchSlug1-089d92cbf9ff857a39e6feccd32798ca700fb958",
-						},
-					},
-				},
-			},
-		},
-	} {
-		t.Run(cases.name, func(t *testing.T) {
-			generatorMock := genmock.Generator{}
-			generator := v1alpha1.ApplicationSetGenerator{
-				PullRequest: &v1alpha1.PullRequestGenerator{},
-			}
-
-			generatorMock.On("GenerateParams", &generator, mock.AnythingOfType("*v1alpha1.ApplicationSet"), mock.Anything).
-				Return(cases.params, nil)
-
-			generatorMock.On("GetTemplate", &generator).
-				Return(&cases.template, nil)
-
-			generators := map[string]generators.Generator{
-				"PullRequest": &generatorMock,
-			}
-			renderer := &utils.Render{}
-
-			gotApp, _, _ := GenerateApplications(log.NewEntry(log.StandardLogger()), v1alpha1.ApplicationSet{
-				Spec: v1alpha1.ApplicationSetSpec{
-					GoTemplate: true,
-					Generators: []v1alpha1.ApplicationSetGenerator{{
-						PullRequest: &v1alpha1.PullRequestGenerator{},
-					}},
-					Template: cases.template,
-				},
-			},
-				generators,
-				renderer,
-				nil,
-			)
-			assert.EqualValues(t, cases.expectedApp[0].ObjectMeta.Name, gotApp[0].ObjectMeta.Name)
-			assert.EqualValues(t, cases.expectedApp[0].Spec.Source.TargetRevision, gotApp[0].Spec.Source.TargetRevision)
-			assert.EqualValues(t, cases.expectedApp[0].Spec.Destination.Namespace, gotApp[0].Spec.Destination.Namespace)
-			assert.True(t, collections.StringMapsEqual(cases.expectedApp[0].ObjectMeta.Labels, gotApp[0].ObjectMeta.Labels))
-		})
-	}
-}
--- a/applicationset/controllers/template/patch.go
+++ b/applicationset/controllers/template/patch.go
@@ -1,4 +1,4 @@
-package template
+package controllers

 import (
 	"encoding/json"
--- a/applicationset/controllers/template/patch_test.go
+++ b/applicationset/controllers/template/patch_test.go
@@ -1,4 +1,4 @@
-package template
+package controllers

 import (
 	"testing"
--- a/applicationset/generators/cluster.go
+++ b/applicationset/generators/cluster.go
@@ -85,7 +85,7 @@ func (g *ClusterGenerator) GenerateParams(appSetGenerator *argoappsetv1alpha1.Ap

 	clusterSecrets, err := g.getSecretsByClusterName(appSetGenerator)
 	if err != nil {
-		return nil, fmt.Errorf("error getting cluster secrets: %w", err)
+		return nil, err
 	}

 	res := []map[string]interface{}{}
@@ -106,7 +106,7 @@ func (g *ClusterGenerator) GenerateParams(appSetGenerator *argoappsetv1alpha1.Ap

 			err = appendTemplatedValues(appSetGenerator.Clusters.Values, params, appSet.Spec.GoTemplate, appSet.Spec.GoTemplateOptions)
 			if err != nil {
-				return nil, fmt.Errorf("error appending templated values for local cluster: %w", err)
+				return nil, err
 			}

 			res = append(res, params)
@@ -146,7 +146,7 @@ func (g *ClusterGenerator) GenerateParams(appSetGenerator *argoappsetv1alpha1.Ap

 		err = appendTemplatedValues(appSetGenerator.Clusters.Values, params, appSet.Spec.GoTemplate, appSet.Spec.GoTemplateOptions)
 		if err != nil {
-			return nil, fmt.Errorf("error appending templated values for cluster: %w", err)
+			return nil, err
 		}

 		res = append(res, params)
@@ -164,7 +164,7 @@ func (g *ClusterGenerator) getSecretsByClusterName(appSetGenerator *argoappsetv1
 	selector := metav1.AddLabelToSelector(&appSetGenerator.Clusters.Selector, ArgoCDSecretTypeLabel, ArgoCDSecretTypeCluster)
 	secretSelector, err := metav1.LabelSelectorAsSelector(selector)
 	if err != nil {
-		return nil, fmt.Errorf("error converting label selector: %w", err)
+		return nil, err
 	}

 	if err := g.Client.List(context.Background(), clusterSecretList, client.MatchingLabelsSelector{Selector: secretSelector}); err != nil {
--- a/applicationset/generators/cluster_test.go
+++ b/applicationset/generators/cluster_test.go
@@ -226,7 +226,7 @@ func TestGenerateParams(t *testing.T) {
 			values:        nil,
 			expected:      nil,
 			clientError:   true,
-			expectedError: fmt.Errorf("error getting cluster secrets: could not list Secrets"),
+			expectedError: fmt.Errorf("could not list Secrets"),
 		},
 	}

@@ -597,7 +597,7 @@ func TestGenerateParamsGoTemplate(t *testing.T) {
 			values:        nil,
 			expected:      nil,
 			clientError:   true,
-			expectedError: fmt.Errorf("error getting cluster secrets: could not list Secrets"),
+			expectedError: fmt.Errorf("could not list Secrets"),
 		},
 	}

--- a/applicationset/generators/duck_type.go
+++ b/applicationset/generators/duck_type.go
@@ -125,7 +125,7 @@ func (g *DuckTypeGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha1.A
 	duckResources, err := g.dynClient.Resource(duckGVR).Namespace(g.namespace).List(g.ctx, listOptions)
 	if err != nil {
 		log.WithField("GVK", duckGVR).Warning("resources were not found")
-		return nil, fmt.Errorf("failed to get dynamic resources: %w", err)
+		return nil, err
 	}

 	if len(duckResources.Items) == 0 {
--- a/applicationset/generators/interface.go
+++ b/applicationset/generators/interface.go
@@ -9,6 +9,8 @@ import (
 	argoprojiov1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
 )

+//go:generate go run github.com/vektra/mockery/v2@v2.40.2 --name=Generator
+
 // Generator defines the interface implemented by all ApplicationSet generators.
 type Generator interface {
 	// GenerateParams interprets the ApplicationSet and generates all relevant parameters for the application template.
--- a/applicationset/generators/matrix_test.go
+++ b/applicationset/generators/matrix_test.go
@@ -1073,7 +1073,7 @@ func TestGitGenerator_GenerateParams_list_x_git_matrix_generator(t *testing.T) {
 	// of that bug.

 	listGeneratorMock := &generatorMock{}
-	listGeneratorMock.On("GenerateParams", mock.AnythingOfType("*v1alpha1.ApplicationSetGenerator"), mock.AnythingOfType("*v1alpha1.ApplicationSet"), mock.Anything).Return([]map[string]interface{}{
+	listGeneratorMock.On("GenerateParams", mock.AnythingOfType("*v1alpha1.ApplicationSetGenerator"), mock.AnythingOfType("*v1alpha1.ApplicationSet")).Return([]map[string]interface{}{
 		{"some": "value"},
 	}, nil)
 	listGeneratorMock.On("GetTemplate", mock.AnythingOfType("*v1alpha1.ApplicationSetGenerator")).Return(&argoprojiov1alpha1.ApplicationSetTemplate{})
--- a/applicationset/generators/mocks/Generator.go
+++ b/applicationset/generators/mocks/Generator.go
@@ -1,4 +1,4 @@
-// Code generated by mockery v2.43.2. DO NOT EDIT.
+// Code generated by mockery v2.40.2. DO NOT EDIT.

 package mocks

--- a/applicationset/generators/pull_request.go
+++ b/applicationset/generators/pull_request.go
@@ -6,12 +6,12 @@ import (
 	"strconv"
 	"time"

+	corev1 "k8s.io/api/core/v1"
 	"sigs.k8s.io/controller-runtime/pkg/client"

 	"github.com/gosimple/slug"

 	pullrequest "github.com/argoproj/argo-cd/v2/applicationset/services/pull_request"
-	"github.com/argoproj/argo-cd/v2/applicationset/utils"
 	argoprojiov1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
 )

@@ -24,13 +24,19 @@ const (
 type PullRequestGenerator struct {
 	client                    client.Client
 	selectServiceProviderFunc func(context.Context, *argoprojiov1alpha1.PullRequestGenerator, *argoprojiov1alpha1.ApplicationSet) (pullrequest.PullRequestService, error)
-	SCMConfig
+	auth                      SCMAuthProviders
+	scmRootCAPath             string
+	allowedSCMProviders       []string
+	enableSCMProviders        bool
 }

-func NewPullRequestGenerator(client client.Client, scmConfig SCMConfig) Generator {
+func NewPullRequestGenerator(client client.Client, auth SCMAuthProviders, scmRootCAPath string, allowedScmProviders []string, enableSCMProviders bool) Generator {
 	g := &PullRequestGenerator{
-		client:    client,
-		SCMConfig: scmConfig,
+		client:              client,
+		auth:                auth,
+		scmRootCAPath:       scmRootCAPath,
+		allowedSCMProviders: allowedScmProviders,
+		enableSCMProviders:  enableSCMProviders,
 	}
 	g.selectServiceProviderFunc = g.selectServiceProvider
 	return g
@@ -97,7 +103,6 @@ func (g *PullRequestGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha

 		paramMap := map[string]interface{}{
 			"number":             strconv.Itoa(pull.Number),
-			"title":              pull.Title,
 			"branch":             pull.Branch,
 			"branch_slug":        slug.Make(pull.Branch),
 			"target_branch":      pull.TargetBranch,
@@ -105,7 +110,6 @@ func (g *PullRequestGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha
 			"head_sha":           pull.HeadSHA,
 			"head_short_sha":     pull.HeadSHA[:shortSHALength],
 			"head_short_sha_7":   pull.HeadSHA[:shortSHALength7],
-			"author":             pull.Author,
 		}

 		// PR lables will only be supported for Go Template appsets, since fasttemplate will be deprecated.
@@ -131,23 +135,15 @@ func (g *PullRequestGenerator) selectServiceProvider(ctx context.Context, genera
 	}
 	if generatorConfig.GitLab != nil {
 		providerConfig := generatorConfig.GitLab
-		var caCerts []byte
-		var prErr error
-		if providerConfig.CARef != nil {
-			caCerts, prErr = utils.GetConfigMapData(ctx, g.client, providerConfig.CARef, applicationSetInfo.Namespace)
-			if prErr != nil {
-				return nil, fmt.Errorf("error fetching CA certificates from ConfigMap: %w", prErr)
-			}
-		}
-		token, err := utils.GetSecretRef(ctx, g.client, providerConfig.TokenRef, applicationSetInfo.Namespace)
+		token, err := g.getSecretRef(ctx, providerConfig.TokenRef, applicationSetInfo.Namespace)
 		if err != nil {
 			return nil, fmt.Errorf("error fetching Secret token: %w", err)
 		}
-		return pullrequest.NewGitLabService(ctx, token, providerConfig.API, providerConfig.Project, providerConfig.Labels, providerConfig.PullRequestState, g.scmRootCAPath, providerConfig.Insecure, caCerts)
+		return pullrequest.NewGitLabService(ctx, token, providerConfig.API, providerConfig.Project, providerConfig.Labels, providerConfig.PullRequestState, g.scmRootCAPath, providerConfig.Insecure)
 	}
 	if generatorConfig.Gitea != nil {
 		providerConfig := generatorConfig.Gitea
-		token, err := utils.GetSecretRef(ctx, g.client, providerConfig.TokenRef, applicationSetInfo.Namespace)
+		token, err := g.getSecretRef(ctx, providerConfig.TokenRef, applicationSetInfo.Namespace)
 		if err != nil {
 			return nil, fmt.Errorf("error fetching Secret token: %w", err)
 		}
@@ -155,40 +151,26 @@ func (g *PullRequestGenerator) selectServiceProvider(ctx context.Context, genera
 	}
 	if generatorConfig.BitbucketServer != nil {
 		providerConfig := generatorConfig.BitbucketServer
-		var caCerts []byte
-		var prErr error
-		if providerConfig.CARef != nil {
-			caCerts, prErr = utils.GetConfigMapData(ctx, g.client, providerConfig.CARef, applicationSetInfo.Namespace)
-			if prErr != nil {
-				return nil, fmt.Errorf("error fetching CA certificates from ConfigMap: %w", prErr)
-			}
-		}
-		if providerConfig.BearerToken != nil {
-			appToken, err := utils.GetSecretRef(ctx, g.client, providerConfig.BearerToken.TokenRef, applicationSetInfo.Namespace)
-			if err != nil {
-				return nil, fmt.Errorf("error fetching Secret Bearer token: %w", err)
-			}
-			return pullrequest.NewBitbucketServiceBearerToken(ctx, providerConfig.API, appToken, providerConfig.Project, providerConfig.Repo, g.scmRootCAPath, providerConfig.Insecure, caCerts)
-		} else if providerConfig.BasicAuth != nil {
-			password, err := utils.GetSecretRef(ctx, g.client, providerConfig.BasicAuth.PasswordRef, applicationSetInfo.Namespace)
+		if providerConfig.BasicAuth != nil {
+			password, err := g.getSecretRef(ctx, providerConfig.BasicAuth.PasswordRef, applicationSetInfo.Namespace)
 			if err != nil {
 				return nil, fmt.Errorf("error fetching Secret token: %w", err)
 			}
-			return pullrequest.NewBitbucketServiceBasicAuth(ctx, providerConfig.BasicAuth.Username, password, providerConfig.API, providerConfig.Project, providerConfig.Repo, g.scmRootCAPath, providerConfig.Insecure, caCerts)
+			return pullrequest.NewBitbucketServiceBasicAuth(ctx, providerConfig.BasicAuth.Username, password, providerConfig.API, providerConfig.Project, providerConfig.Repo)
 		} else {
-			return pullrequest.NewBitbucketServiceNoAuth(ctx, providerConfig.API, providerConfig.Project, providerConfig.Repo, g.scmRootCAPath, providerConfig.Insecure, caCerts)
+			return pullrequest.NewBitbucketServiceNoAuth(ctx, providerConfig.API, providerConfig.Project, providerConfig.Repo)
 		}
 	}
 	if generatorConfig.Bitbucket != nil {
 		providerConfig := generatorConfig.Bitbucket
 		if providerConfig.BearerToken != nil {
-			appToken, err := utils.GetSecretRef(ctx, g.client, providerConfig.BearerToken.TokenRef, applicationSetInfo.Namespace)
+			appToken, err := g.getSecretRef(ctx, providerConfig.BearerToken.TokenRef, applicationSetInfo.Namespace)
 			if err != nil {
 				return nil, fmt.Errorf("error fetching Secret Bearer token: %w", err)
 			}
 			return pullrequest.NewBitbucketCloudServiceBearerToken(providerConfig.API, appToken, providerConfig.Owner, providerConfig.Repo)
 		} else if providerConfig.BasicAuth != nil {
-			password, err := utils.GetSecretRef(ctx, g.client, providerConfig.BasicAuth.PasswordRef, applicationSetInfo.Namespace)
+			password, err := g.getSecretRef(ctx, providerConfig.BasicAuth.PasswordRef, applicationSetInfo.Namespace)
 			if err != nil {
 				return nil, fmt.Errorf("error fetching Secret token: %w", err)
 			}
@@ -199,7 +181,7 @@ func (g *PullRequestGenerator) selectServiceProvider(ctx context.Context, genera
 	}
 	if generatorConfig.AzureDevOps != nil {
 		providerConfig := generatorConfig.AzureDevOps
-		token, err := utils.GetSecretRef(ctx, g.client, providerConfig.TokenRef, applicationSetInfo.Namespace)
+		token, err := g.getSecretRef(ctx, providerConfig.TokenRef, applicationSetInfo.Namespace)
 		if err != nil {
 			return nil, fmt.Errorf("error fetching Secret token: %w", err)
 		}
@@ -211,7 +193,7 @@ func (g *PullRequestGenerator) selectServiceProvider(ctx context.Context, genera
 func (g *PullRequestGenerator) github(ctx context.Context, cfg *argoprojiov1alpha1.PullRequestGeneratorGithub, applicationSetInfo *argoprojiov1alpha1.ApplicationSet) (pullrequest.PullRequestService, error) {
 	// use an app if it was configured
 	if cfg.AppSecretName != "" {
-		auth, err := g.GitHubApps.GetAuthSecret(ctx, cfg.AppSecretName)
+		auth, err := g.auth.GitHubApps.GetAuthSecret(ctx, cfg.AppSecretName)
 		if err != nil {
 			return nil, fmt.Errorf("error getting GitHub App secret: %w", err)
 		}
@@ -219,9 +201,33 @@ func (g *PullRequestGenerator) github(ctx context.Context, cfg *argoprojiov1alph
 	}

 	// always default to token, even if not set (public access)
-	token, err := utils.GetSecretRef(ctx, g.client, cfg.TokenRef, applicationSetInfo.Namespace)
+	token, err := g.getSecretRef(ctx, cfg.TokenRef, applicationSetInfo.Namespace)
 	if err != nil {
 		return nil, fmt.Errorf("error fetching Secret token: %w", err)
 	}
 	return pullrequest.NewGithubService(ctx, token, cfg.API, cfg.Owner, cfg.Repo, cfg.Labels)
 }
+
+// getSecretRef gets the value of the key for the specified Secret resource.
+func (g *PullRequestGenerator) getSecretRef(ctx context.Context, ref *argoprojiov1alpha1.SecretRef, namespace string) (string, error) {
+	if ref == nil {
+		return "", nil
+	}
+
+	secret := &corev1.Secret{}
+	err := g.client.Get(
+		ctx,
+		client.ObjectKey{
+			Name:      ref.SecretName,
+			Namespace: namespace,
+		},
+		secret)
+	if err != nil {
+		return "", fmt.Errorf("error fetching secret %s/%s: %w", namespace, ref.SecretName, err)
+	}
+	tokenBytes, ok := secret.Data[ref.Key]
+	if !ok {
+		return "", fmt.Errorf("key %q in secret %s/%s not found", ref.Key, namespace, ref.SecretName)
+	}
+	return string(tokenBytes), nil
+}
--- a/applicationset/generators/pull_request_test.go
+++ b/applicationset/generators/pull_request_test.go
@@ -7,7 +7,9 @@ import (

 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
+	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"sigs.k8s.io/controller-runtime/pkg/client/fake"

 	pullrequest "github.com/argoproj/argo-cd/v2/applicationset/services/pull_request"
 	argoprojiov1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
@@ -28,11 +30,9 @@ func TestPullRequestGithubGenerateParams(t *testing.T) {
 					[]*pullrequest.PullRequest{
 						{
 							Number:       1,
-							Title:        "title1",
 							Branch:       "branch1",
 							TargetBranch: "master",
 							HeadSHA:      "089d92cbf9ff857a39e6feccd32798ca700fb958",
-							Author:       "testName",
 						},
 					},
 					nil,
@@ -41,7 +41,6 @@ func TestPullRequestGithubGenerateParams(t *testing.T) {
 			expected: []map[string]interface{}{
 				{
 					"number":             "1",
-					"title":              "title1",
 					"branch":             "branch1",
 					"branch_slug":        "branch1",
 					"target_branch":      "master",
@@ -49,7 +48,6 @@ func TestPullRequestGithubGenerateParams(t *testing.T) {
 					"head_sha":           "089d92cbf9ff857a39e6feccd32798ca700fb958",
 					"head_short_sha":     "089d92cb",
 					"head_short_sha_7":   "089d92c",
-					"author":             "testName",
 				},
 			},
 			expectedErr: nil,
@@ -61,11 +59,9 @@ func TestPullRequestGithubGenerateParams(t *testing.T) {
 					[]*pullrequest.PullRequest{
 						{
 							Number:       2,
-							Title:        "title2",
 							Branch:       "feat/areally+long_pull_request_name_to_test_argo_slugification_and_branch_name_shortening_feature",
 							TargetBranch: "feat/anotherreally+long_pull_request_name_to_test_argo_slugification_and_branch_name_shortening_feature",
 							HeadSHA:      "9b34ff5bd418e57d58891eb0aa0728043ca1e8be",
-							Author:       "testName",
 						},
 					},
 					nil,
@@ -74,7 +70,6 @@ func TestPullRequestGithubGenerateParams(t *testing.T) {
 			expected: []map[string]interface{}{
 				{
 					"number":             "2",
-					"title":              "title2",
 					"branch":             "feat/areally+long_pull_request_name_to_test_argo_slugification_and_branch_name_shortening_feature",
 					"branch_slug":        "feat-areally-long-pull-request-name-to-test-argo",
 					"target_branch":      "feat/anotherreally+long_pull_request_name_to_test_argo_slugification_and_branch_name_shortening_feature",
@@ -82,7 +77,6 @@ func TestPullRequestGithubGenerateParams(t *testing.T) {
 					"head_sha":           "9b34ff5bd418e57d58891eb0aa0728043ca1e8be",
 					"head_short_sha":     "9b34ff5b",
 					"head_short_sha_7":   "9b34ff5",
-					"author":             "testName",
 				},
 			},
 			expectedErr: nil,
@@ -94,11 +88,9 @@ func TestPullRequestGithubGenerateParams(t *testing.T) {
 					[]*pullrequest.PullRequest{
 						{
 							Number:       1,
-							Title:        "title1",
 							Branch:       "a-very-short-sha",
 							TargetBranch: "master",
 							HeadSHA:      "abcd",
-							Author:       "testName",
 						},
 					},
 					nil,
@@ -107,7 +99,6 @@ func TestPullRequestGithubGenerateParams(t *testing.T) {
 			expected: []map[string]interface{}{
 				{
 					"number":             "1",
-					"title":              "title1",
 					"branch":             "a-very-short-sha",
 					"branch_slug":        "a-very-short-sha",
 					"target_branch":      "master",
@@ -115,7 +106,6 @@ func TestPullRequestGithubGenerateParams(t *testing.T) {
 					"head_sha":           "abcd",
 					"head_short_sha":     "abcd",
 					"head_short_sha_7":   "abcd",
-					"author":             "testName",
 				},
 			},
 			expectedErr: nil,
@@ -138,12 +128,10 @@ func TestPullRequestGithubGenerateParams(t *testing.T) {
 					[]*pullrequest.PullRequest{
 						{
 							Number:       1,
-							Title:        "title1",
 							Branch:       "branch1",
 							TargetBranch: "master",
 							HeadSHA:      "089d92cbf9ff857a39e6feccd32798ca700fb958",
 							Labels:       []string{"preview"},
-							Author:       "testName",
 						},
 					},
 					nil,
@@ -152,7 +140,6 @@ func TestPullRequestGithubGenerateParams(t *testing.T) {
 			expected: []map[string]interface{}{
 				{
 					"number":             "1",
-					"title":              "title1",
 					"branch":             "branch1",
 					"branch_slug":        "branch1",
 					"target_branch":      "master",
@@ -161,7 +148,6 @@ func TestPullRequestGithubGenerateParams(t *testing.T) {
 					"head_short_sha":     "089d92cb",
 					"head_short_sha_7":   "089d92c",
 					"labels":             []string{"preview"},
-					"author":             "testName",
 				},
 			},
 			expectedErr: nil,
@@ -179,12 +165,10 @@ func TestPullRequestGithubGenerateParams(t *testing.T) {
 					[]*pullrequest.PullRequest{
 						{
 							Number:       1,
-							Title:        "title1",
 							Branch:       "branch1",
 							TargetBranch: "master",
 							HeadSHA:      "089d92cbf9ff857a39e6feccd32798ca700fb958",
 							Labels:       []string{"preview"},
-							Author:       "testName",
 						},
 					},
 					nil,
@@ -193,7 +177,6 @@ func TestPullRequestGithubGenerateParams(t *testing.T) {
 			expected: []map[string]interface{}{
 				{
 					"number":             "1",
-					"title":              "title1",
 					"branch":             "branch1",
 					"branch_slug":        "branch1",
 					"target_branch":      "master",
@@ -201,7 +184,6 @@ func TestPullRequestGithubGenerateParams(t *testing.T) {
 					"head_sha":           "089d92cbf9ff857a39e6feccd32798ca700fb958",
 					"head_short_sha":     "089d92cb",
 					"head_short_sha_7":   "089d92c",
-					"author":             "testName",
 				},
 			},
 			expectedErr: nil,
@@ -232,10 +214,76 @@ func TestPullRequestGithubGenerateParams(t *testing.T) {
 	}
 }

+func TestPullRequestGetSecretRef(t *testing.T) {
+	secret := &corev1.Secret{
+		ObjectMeta: metav1.ObjectMeta{Name: "test-secret", Namespace: "test"},
+		Data: map[string][]byte{
+			"my-token": []byte("secret"),
+		},
+	}
+	gen := &PullRequestGenerator{client: fake.NewClientBuilder().WithObjects(secret).Build()}
+	ctx := context.Background()
+
+	cases := []struct {
+		name, namespace, token string
+		ref                    *argoprojiov1alpha1.SecretRef
+		hasError               bool
+	}{
+		{
+			name:      "valid ref",
+			ref:       &argoprojiov1alpha1.SecretRef{SecretName: "test-secret", Key: "my-token"},
+			namespace: "test",
+			token:     "secret",
+			hasError:  false,
+		},
+		{
+			name:      "nil ref",
+			ref:       nil,
+			namespace: "test",
+			token:     "",
+			hasError:  false,
+		},
+		{
+			name:      "wrong name",
+			ref:       &argoprojiov1alpha1.SecretRef{SecretName: "other", Key: "my-token"},
+			namespace: "test",
+			token:     "",
+			hasError:  true,
+		},
+		{
+			name:      "wrong key",
+			ref:       &argoprojiov1alpha1.SecretRef{SecretName: "test-secret", Key: "other-token"},
+			namespace: "test",
+			token:     "",
+			hasError:  true,
+		},
+		{
+			name:      "wrong namespace",
+			ref:       &argoprojiov1alpha1.SecretRef{SecretName: "test-secret", Key: "my-token"},
+			namespace: "other",
+			token:     "",
+			hasError:  true,
+		},
+	}
+
+	for _, c := range cases {
+		t.Run(c.name, func(t *testing.T) {
+			token, err := gen.getSecretRef(ctx, c.ref, c.namespace)
+			if c.hasError {
+				require.Error(t, err)
+			} else {
+				require.NoError(t, err)
+			}
+			assert.Equal(t, c.token, token)
+		})
+	}
+}
+
 func TestAllowedSCMProviderPullRequest(t *testing.T) {
 	cases := []struct {
 		name           string
 		providerConfig *argoprojiov1alpha1.PullRequestGenerator
+		expectedError  error
 	}{
 		{
 			name: "Error Github",
@@ -244,6 +292,7 @@ func TestAllowedSCMProviderPullRequest(t *testing.T) {
 					API: "https://myservice.mynamespace.svc.cluster.local",
 				},
 			},
+			expectedError: &ErrDisallowedSCMProvider{},
 		},
 		{
 			name: "Error Gitlab",
@@ -252,6 +301,7 @@ func TestAllowedSCMProviderPullRequest(t *testing.T) {
 					API: "https://myservice.mynamespace.svc.cluster.local",
 				},
 			},
+			expectedError: &ErrDisallowedSCMProvider{},
 		},
 		{
 			name: "Error Gitea",
@@ -260,6 +310,7 @@ func TestAllowedSCMProviderPullRequest(t *testing.T) {
 					API: "https://myservice.mynamespace.svc.cluster.local",
 				},
 			},
+			expectedError: &ErrDisallowedSCMProvider{},
 		},
 		{
 			name: "Error Bitbucket",
@@ -268,6 +319,7 @@ func TestAllowedSCMProviderPullRequest(t *testing.T) {
 					API: "https://myservice.mynamespace.svc.cluster.local",
 				},
 			},
+			expectedError: &ErrDisallowedSCMProvider{},
 		},
 	}

@@ -277,13 +329,13 @@ func TestAllowedSCMProviderPullRequest(t *testing.T) {
 		t.Run(testCaseCopy.name, func(t *testing.T) {
 			t.Parallel()

-			pullRequestGenerator := NewPullRequestGenerator(nil, NewSCMConfig("", []string{
+			pullRequestGenerator := NewPullRequestGenerator(nil, SCMAuthProviders{}, "", []string{
 				"github.myorg.com",
 				"gitlab.myorg.com",
 				"gitea.myorg.com",
 				"bitbucket.myorg.com",
 				"azuredevops.myorg.com",
-			}, true, nil))
+			}, true)

 			applicationSetInfo := argoprojiov1alpha1.ApplicationSet{
 				ObjectMeta: metav1.ObjectMeta{
@@ -299,14 +351,13 @@ func TestAllowedSCMProviderPullRequest(t *testing.T) {
 			_, err := pullRequestGenerator.GenerateParams(&applicationSetInfo.Spec.Generators[0], &applicationSetInfo, nil)

 			require.Error(t, err, "Must return an error")
-			var expectedError ErrDisallowedSCMProvider
-			assert.ErrorAs(t, err, &expectedError)
+			assert.ErrorAs(t, err, testCaseCopy.expectedError)
 		})
 	}
 }

 func TestSCMProviderDisabled_PRGenerator(t *testing.T) {
-	generator := NewPullRequestGenerator(nil, NewSCMConfig("", []string{}, false, nil))
+	generator := NewPullRequestGenerator(nil, SCMAuthProviders{}, "", []string{}, false)

 	applicationSetInfo := argoprojiov1alpha1.ApplicationSet{
 		ObjectMeta: metav1.ObjectMeta{
--- a/applicationset/generators/scm_provider.go
+++ b/applicationset/generators/scm_provider.go
@@ -7,6 +7,7 @@ import (
 	"strings"
 	"time"

+	corev1 "k8s.io/api/core/v1"
 	"sigs.k8s.io/controller-runtime/pkg/client"

 	log "github.com/sirupsen/logrus"
@@ -28,36 +29,29 @@ type SCMProviderGenerator struct {
 	client client.Client
 	// Testing hooks.
 	overrideProvider scm_provider.SCMProviderService
-	SCMConfig
-}
-type SCMConfig struct {
+	SCMAuthProviders
 	scmRootCAPath       string
 	allowedSCMProviders []string
 	enableSCMProviders  bool
-	GitHubApps          github_app_auth.Credentials
 }

-func NewSCMConfig(scmRootCAPath string, allowedSCMProviders []string, enableSCMProviders bool, gitHubApps github_app_auth.Credentials) SCMConfig {
-	return SCMConfig{
+type SCMAuthProviders struct {
+	GitHubApps github_app_auth.Credentials
+}
+
+func NewSCMProviderGenerator(client client.Client, providers SCMAuthProviders, scmRootCAPath string, allowedSCMProviders []string, enableSCMProviders bool) Generator {
+	return &SCMProviderGenerator{
+		client:              client,
+		SCMAuthProviders:    providers,
 		scmRootCAPath:       scmRootCAPath,
 		allowedSCMProviders: allowedSCMProviders,
 		enableSCMProviders:  enableSCMProviders,
-		GitHubApps:          gitHubApps,
-	}
-}
-
-func NewSCMProviderGenerator(client client.Client, scmConfig SCMConfig) Generator {
-	return &SCMProviderGenerator{
-		client:    client,
-		SCMConfig: scmConfig,
 	}
 }

 // Testing generator
 func NewTestSCMProviderGenerator(overrideProvider scm_provider.SCMProviderService) Generator {
-	return &SCMProviderGenerator{overrideProvider: overrideProvider, SCMConfig: SCMConfig{
-		enableSCMProviders: true,
-	}}
+	return &SCMProviderGenerator{overrideProvider: overrideProvider, enableSCMProviders: true}
 }

 func (g *SCMProviderGenerator) GetRequeueAfter(appSetGenerator *argoprojiov1alpha1.ApplicationSetGenerator) time.Duration {
@@ -145,25 +139,16 @@ func (g *SCMProviderGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha
 			return nil, fmt.Errorf("scm provider: %w", err)
 		}
 	} else if providerConfig.Gitlab != nil {
-		providerConfig := providerConfig.Gitlab
-		var caCerts []byte
-		var scmError error
-		if providerConfig.CARef != nil {
-			caCerts, scmError = utils.GetConfigMapData(ctx, g.client, providerConfig.CARef, applicationSetInfo.Namespace)
-			if scmError != nil {
-				return nil, fmt.Errorf("error fetching CA certificates from ConfigMap: %w", scmError)
-			}
-		}
-		token, err := utils.GetSecretRef(ctx, g.client, providerConfig.TokenRef, applicationSetInfo.Namespace)
+		token, err := g.getSecretRef(ctx, providerConfig.Gitlab.TokenRef, applicationSetInfo.Namespace)
 		if err != nil {
 			return nil, fmt.Errorf("error fetching Gitlab token: %w", err)
 		}
-		provider, err = scm_provider.NewGitlabProvider(ctx, providerConfig.Group, token, providerConfig.API, providerConfig.AllBranches, providerConfig.IncludeSubgroups, providerConfig.WillIncludeSharedProjects(), providerConfig.Insecure, g.scmRootCAPath, providerConfig.Topic, caCerts)
+		provider, err = scm_provider.NewGitlabProvider(ctx, providerConfig.Gitlab.Group, token, providerConfig.Gitlab.API, providerConfig.Gitlab.AllBranches, providerConfig.Gitlab.IncludeSubgroups, providerConfig.Gitlab.WillIncludeSharedProjects(), providerConfig.Gitlab.Insecure, g.scmRootCAPath, providerConfig.Gitlab.Topic)
 		if err != nil {
 			return nil, fmt.Errorf("error initializing Gitlab service: %w", err)
 		}
 	} else if providerConfig.Gitea != nil {
-		token, err := utils.GetSecretRef(ctx, g.client, providerConfig.Gitea.TokenRef, applicationSetInfo.Namespace)
+		token, err := g.getSecretRef(ctx, providerConfig.Gitea.TokenRef, applicationSetInfo.Namespace)
 		if err != nil {
 			return nil, fmt.Errorf("error fetching Gitea token: %w", err)
 		}
@@ -173,34 +158,21 @@ func (g *SCMProviderGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha
 		}
 	} else if providerConfig.BitbucketServer != nil {
 		providerConfig := providerConfig.BitbucketServer
-		var caCerts []byte
 		var scmError error
-		if providerConfig.CARef != nil {
-			caCerts, scmError = utils.GetConfigMapData(ctx, g.client, providerConfig.CARef, applicationSetInfo.Namespace)
-			if scmError != nil {
-				return nil, fmt.Errorf("error fetching CA certificates from ConfigMap: %w", scmError)
-			}
-		}
-		if providerConfig.BearerToken != nil {
-			appToken, err := utils.GetSecretRef(ctx, g.client, providerConfig.BearerToken.TokenRef, applicationSetInfo.Namespace)
-			if err != nil {
-				return nil, fmt.Errorf("error fetching Secret Bearer token: %w", err)
-			}
-			provider, scmError = scm_provider.NewBitbucketServerProviderBearerToken(ctx, appToken, providerConfig.API, providerConfig.Project, providerConfig.AllBranches, g.scmRootCAPath, providerConfig.Insecure, caCerts)
-		} else if providerConfig.BasicAuth != nil {
-			password, err := utils.GetSecretRef(ctx, g.client, providerConfig.BasicAuth.PasswordRef, applicationSetInfo.Namespace)
+		if providerConfig.BasicAuth != nil {
+			password, err := g.getSecretRef(ctx, providerConfig.BasicAuth.PasswordRef, applicationSetInfo.Namespace)
 			if err != nil {
 				return nil, fmt.Errorf("error fetching Secret token: %w", err)
 			}
-			provider, scmError = scm_provider.NewBitbucketServerProviderBasicAuth(ctx, providerConfig.BasicAuth.Username, password, providerConfig.API, providerConfig.Project, providerConfig.AllBranches, g.scmRootCAPath, providerConfig.Insecure, caCerts)
+			provider, scmError = scm_provider.NewBitbucketServerProviderBasicAuth(ctx, providerConfig.BasicAuth.Username, password, providerConfig.API, providerConfig.Project, providerConfig.AllBranches)
 		} else {
-			provider, scmError = scm_provider.NewBitbucketServerProviderNoAuth(ctx, providerConfig.API, providerConfig.Project, providerConfig.AllBranches, g.scmRootCAPath, providerConfig.Insecure, caCerts)
+			provider, scmError = scm_provider.NewBitbucketServerProviderNoAuth(ctx, providerConfig.API, providerConfig.Project, providerConfig.AllBranches)
 		}
 		if scmError != nil {
 			return nil, fmt.Errorf("error initializing Bitbucket Server service: %w", scmError)
 		}
 	} else if providerConfig.AzureDevOps != nil {
-		token, err := utils.GetSecretRef(ctx, g.client, providerConfig.AzureDevOps.AccessTokenRef, applicationSetInfo.Namespace)
+		token, err := g.getSecretRef(ctx, providerConfig.AzureDevOps.AccessTokenRef, applicationSetInfo.Namespace)
 		if err != nil {
 			return nil, fmt.Errorf("error fetching Azure Devops access token: %w", err)
 		}
@@ -209,7 +181,7 @@ func (g *SCMProviderGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha
 			return nil, fmt.Errorf("error initializing Azure Devops service: %w", err)
 		}
 	} else if providerConfig.Bitbucket != nil {
-		appPassword, err := utils.GetSecretRef(ctx, g.client, providerConfig.Bitbucket.AppPasswordRef, applicationSetInfo.Namespace)
+		appPassword, err := g.getSecretRef(ctx, providerConfig.Bitbucket.AppPasswordRef, applicationSetInfo.Namespace)
 		if err != nil {
 			return nil, fmt.Errorf("error fetching Bitbucket cloud appPassword: %w", err)
 		}
@@ -268,6 +240,29 @@ func (g *SCMProviderGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha
 	return paramsArray, nil
 }

+func (g *SCMProviderGenerator) getSecretRef(ctx context.Context, ref *argoprojiov1alpha1.SecretRef, namespace string) (string, error) {
+	if ref == nil {
+		return "", nil
+	}
+
+	secret := &corev1.Secret{}
+	err := g.client.Get(
+		ctx,
+		client.ObjectKey{
+			Name:      ref.SecretName,
+			Namespace: namespace,
+		},
+		secret)
+	if err != nil {
+		return "", fmt.Errorf("error fetching secret %s/%s: %w", namespace, ref.SecretName, err)
+	}
+	tokenBytes, ok := secret.Data[ref.Key]
+	if !ok {
+		return "", fmt.Errorf("key %q in secret %s/%s not found", ref.Key, namespace, ref.SecretName)
+	}
+	return string(tokenBytes), nil
+}
+
 func (g *SCMProviderGenerator) githubProvider(ctx context.Context, github *argoprojiov1alpha1.SCMProviderGeneratorGithub, applicationSetInfo *argoprojiov1alpha1.ApplicationSet) (scm_provider.SCMProviderService, error) {
 	if github.AppSecretName != "" {
 		auth, err := g.GitHubApps.GetAuthSecret(ctx, github.AppSecretName)
@@ -283,7 +278,7 @@ func (g *SCMProviderGenerator) githubProvider(ctx context.Context, github *argop
 		)
 	}

-	token, err := utils.GetSecretRef(ctx, g.client, github.TokenRef, applicationSetInfo.Namespace)
+	token, err := g.getSecretRef(ctx, github.TokenRef, applicationSetInfo.Namespace)
 	if err != nil {
 		return nil, fmt.Errorf("error fetching Github token: %w", err)
 	}
--- a/applicationset/generators/scm_provider_test.go
+++ b/applicationset/generators/scm_provider_test.go
@@ -1,16 +1,84 @@
 package generators

 import (
+	"context"
 	"testing"

 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
+	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"sigs.k8s.io/controller-runtime/pkg/client/fake"

 	"github.com/argoproj/argo-cd/v2/applicationset/services/scm_provider"
 	argoprojiov1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
 )

+func TestSCMProviderGetSecretRef(t *testing.T) {
+	secret := &corev1.Secret{
+		ObjectMeta: metav1.ObjectMeta{Name: "test-secret", Namespace: "test"},
+		Data: map[string][]byte{
+			"my-token": []byte("secret"),
+		},
+	}
+	gen := &SCMProviderGenerator{client: fake.NewClientBuilder().WithObjects(secret).Build()}
+	ctx := context.Background()
+
+	cases := []struct {
+		name, namespace, token string
+		ref                    *argoprojiov1alpha1.SecretRef
+		hasError               bool
+	}{
+		{
+			name:      "valid ref",
+			ref:       &argoprojiov1alpha1.SecretRef{SecretName: "test-secret", Key: "my-token"},
+			namespace: "test",
+			token:     "secret",
+			hasError:  false,
+		},
+		{
+			name:      "nil ref",
+			ref:       nil,
+			namespace: "test",
+			token:     "",
+			hasError:  false,
+		},
+		{
+			name:      "wrong name",
+			ref:       &argoprojiov1alpha1.SecretRef{SecretName: "other", Key: "my-token"},
+			namespace: "test",
+			token:     "",
+			hasError:  true,
+		},
+		{
+			name:      "wrong key",
+			ref:       &argoprojiov1alpha1.SecretRef{SecretName: "test-secret", Key: "other-token"},
+			namespace: "test",
+			token:     "",
+			hasError:  true,
+		},
+		{
+			name:      "wrong namespace",
+			ref:       &argoprojiov1alpha1.SecretRef{SecretName: "test-secret", Key: "my-token"},
+			namespace: "other",
+			token:     "",
+			hasError:  true,
+		},
+	}
+
+	for _, c := range cases {
+		t.Run(c.name, func(t *testing.T) {
+			token, err := gen.getSecretRef(ctx, c.ref, c.namespace)
+			if c.hasError {
+				require.Error(t, err)
+			} else {
+				require.NoError(t, err)
+			}
+			assert.Equal(t, c.token, token)
+		})
+	}
+}
+
 func TestSCMProviderGenerateParams(t *testing.T) {
 	cases := []struct {
 		name          string
@@ -106,7 +174,7 @@ func TestSCMProviderGenerateParams(t *testing.T) {
 			mockProvider := &scm_provider.MockProvider{
 				Repos: testCaseCopy.repos,
 			}
-			scmGenerator := &SCMProviderGenerator{overrideProvider: mockProvider, SCMConfig: SCMConfig{enableSCMProviders: true}}
+			scmGenerator := &SCMProviderGenerator{overrideProvider: mockProvider, enableSCMProviders: true}
 			applicationSetInfo := argoprojiov1alpha1.ApplicationSet{
 				ObjectMeta: metav1.ObjectMeta{
 					Name: "set",
@@ -136,6 +204,7 @@ func TestAllowedSCMProvider(t *testing.T) {
 	cases := []struct {
 		name           string
 		providerConfig *argoprojiov1alpha1.SCMProviderGenerator
+		expectedError  error
 	}{
 		{
 			name: "Error Github",
@@ -144,6 +213,7 @@ func TestAllowedSCMProvider(t *testing.T) {
 					API: "https://myservice.mynamespace.svc.cluster.local",
 				},
 			},
+			expectedError: &ErrDisallowedSCMProvider{},
 		},
 		{
 			name: "Error Gitlab",
@@ -152,6 +222,7 @@ func TestAllowedSCMProvider(t *testing.T) {
 					API: "https://myservice.mynamespace.svc.cluster.local",
 				},
 			},
+			expectedError: &ErrDisallowedSCMProvider{},
 		},
 		{
 			name: "Error Gitea",
@@ -160,6 +231,7 @@ func TestAllowedSCMProvider(t *testing.T) {
 					API: "https://myservice.mynamespace.svc.cluster.local",
 				},
 			},
+			expectedError: &ErrDisallowedSCMProvider{},
 		},
 		{
 			name: "Error Bitbucket",
@@ -168,6 +240,7 @@ func TestAllowedSCMProvider(t *testing.T) {
 					API: "https://myservice.mynamespace.svc.cluster.local",
 				},
 			},
+			expectedError: &ErrDisallowedSCMProvider{},
 		},
 		{
 			name: "Error AzureDevops",
@@ -176,6 +249,7 @@ func TestAllowedSCMProvider(t *testing.T) {
 					API: "https://myservice.mynamespace.svc.cluster.local",
 				},
 			},
+			expectedError: &ErrDisallowedSCMProvider{},
 		},
 	}

@@ -186,16 +260,14 @@ func TestAllowedSCMProvider(t *testing.T) {
 			t.Parallel()

 			scmGenerator := &SCMProviderGenerator{
-				SCMConfig: SCMConfig{
-					allowedSCMProviders: []string{
-						"github.myorg.com",
-						"gitlab.myorg.com",
-						"gitea.myorg.com",
-						"bitbucket.myorg.com",
-						"azuredevops.myorg.com",
-					},
-					enableSCMProviders: true,
+				allowedSCMProviders: []string{
+					"github.myorg.com",
+					"gitlab.myorg.com",
+					"gitea.myorg.com",
+					"bitbucket.myorg.com",
+					"azuredevops.myorg.com",
 				},
+				enableSCMProviders: true,
 			}

 			applicationSetInfo := argoprojiov1alpha1.ApplicationSet{
@@ -212,14 +284,13 @@ func TestAllowedSCMProvider(t *testing.T) {
 			_, err := scmGenerator.GenerateParams(&applicationSetInfo.Spec.Generators[0], &applicationSetInfo, nil)

 			require.Error(t, err, "Must return an error")
-			var expectedError ErrDisallowedSCMProvider
-			assert.ErrorAs(t, err, &expectedError)
+			assert.ErrorAs(t, err, testCaseCopy.expectedError)
 		})
 	}
 }

 func TestSCMProviderDisabled_SCMGenerator(t *testing.T) {
-	generator := &SCMProviderGenerator{SCMConfig: SCMConfig{enableSCMProviders: false}}
+	generator := &SCMProviderGenerator{enableSCMProviders: false}

 	applicationSetInfo := argoprojiov1alpha1.ApplicationSet{
 		ObjectMeta: metav1.ObjectMeta{
--- a/applicationset/generators/utils.go
+++ b/applicationset/generators/utils.go
@@ -1,49 +0,0 @@
-package generators
-
-import (
-	"context"
-
-	"k8s.io/client-go/dynamic"
-	"k8s.io/client-go/kubernetes"
-	"sigs.k8s.io/controller-runtime/pkg/client"
-
-	"github.com/argoproj/argo-cd/v2/applicationset/services"
-)
-
-func GetGenerators(ctx context.Context, c client.Client, k8sClient kubernetes.Interface, namespace string, argoCDService services.Repos, dynamicClient dynamic.Interface, scmConfig SCMConfig) map[string]Generator {
-	terminalGenerators := map[string]Generator{
-		"List":                    NewListGenerator(),
-		"Clusters":                NewClusterGenerator(c, ctx, k8sClient, namespace),
-		"Git":                     NewGitGenerator(argoCDService),
-		"SCMProvider":             NewSCMProviderGenerator(c, scmConfig),
-		"ClusterDecisionResource": NewDuckTypeGenerator(ctx, dynamicClient, k8sClient, namespace),
-		"PullRequest":             NewPullRequestGenerator(c, scmConfig),
-		"Plugin":                  NewPluginGenerator(c, ctx, k8sClient, namespace),
-	}
-
-	nestedGenerators := map[string]Generator{
-		"List":                    terminalGenerators["List"],
-		"Clusters":                terminalGenerators["Clusters"],
-		"Git":                     terminalGenerators["Git"],
-		"SCMProvider":             terminalGenerators["SCMProvider"],
-		"ClusterDecisionResource": terminalGenerators["ClusterDecisionResource"],
-		"PullRequest":             terminalGenerators["PullRequest"],
-		"Plugin":                  terminalGenerators["Plugin"],
-		"Matrix":                  NewMatrixGenerator(terminalGenerators),
-		"Merge":                   NewMergeGenerator(terminalGenerators),
-	}
-
-	topLevelGenerators := map[string]Generator{
-		"List":                    terminalGenerators["List"],
-		"Clusters":                terminalGenerators["Clusters"],
-		"Git":                     terminalGenerators["Git"],
-		"SCMProvider":             terminalGenerators["SCMProvider"],
-		"ClusterDecisionResource": terminalGenerators["ClusterDecisionResource"],
-		"PullRequest":             terminalGenerators["PullRequest"],
-		"Plugin":                  terminalGenerators["Plugin"],
-		"Matrix":                  NewMatrixGenerator(nestedGenerators),
-		"Merge":                   NewMergeGenerator(nestedGenerators),
-	}
-
-	return topLevelGenerators
-}
--- a/applicationset/services/internal/github_app/client.go
+++ b/applicationset/services/internal/github_app/client.go
@@ -5,7 +5,7 @@ import (
 	"net/http"

 	"github.com/bradleyfalzon/ghinstallation/v2"
-	"github.com/google/go-github/v63/github"
+	"github.com/google/go-github/v35/github"

 	"github.com/argoproj/argo-cd/v2/applicationset/services/github_app_auth"
 )
@@ -26,7 +26,7 @@ func Client(g github_app_auth.Authentication, url string) (*github.Client, error
 	} else {
 		rt.BaseURL = url
 		httpClient := http.Client{Transport: rt}
-		client, err = github.NewClient(&httpClient).WithEnterpriseURLs(url, url)
+		client, err = github.NewEnterpriseClient(url, url, &httpClient)
 		if err != nil {
 			return nil, fmt.Errorf("failed to create github enterprise client: %w", err)
 		}
--- a/applicationset/services/mocks/Repos.go
+++ b/applicationset/services/mocks/Repos.go
@@ -1,4 +1,4 @@
-// Code generated by mockery v2.43.2. DO NOT EDIT.
+// Code generated by mockery v2.40.2. DO NOT EDIT.

 package mocks

--- a/applicationset/services/pull_request/azure_devops.go
+++ b/applicationset/services/pull_request/azure_devops.go
@@ -95,11 +95,9 @@ func (a *AzureDevOpsService) List(ctx context.Context) ([]*PullRequest, error) {
 		if *pr.Repository.Name == a.repo {
 			pullRequests = append(pullRequests, &PullRequest{
 				Number:  *pr.PullRequestId,
-				Title:   *pr.Title,
 				Branch:  strings.Replace(*pr.SourceRefName, "refs/heads/", "", 1),
 				HeadSHA: *pr.LastMergeSourceCommit.CommitId,
 				Labels:  azureDevOpsLabels,
-				Author:  strings.Split(*pr.CreatedBy.UniqueName, "@")[0], // Get the part before the @ in the email-address
 			})
 		}
 	}
--- a/applicationset/services/pull_request/azure_devops_test.go
+++ b/applicationset/services/pull_request/azure_devops_test.go
@@ -4,8 +4,6 @@ import (
 	"context"
 	"testing"

-	"github.com/microsoft/azure-devops-go-api/azuredevops/webapi"
-
 	"github.com/microsoft/azure-devops-go-api/azuredevops/core"
 	git "github.com/microsoft/azure-devops-go-api/azuredevops/git"
 	"github.com/stretchr/testify/assert"
@@ -31,10 +29,6 @@ func createLabelsPtr(x []core.WebApiTagDefinition) *[]core.WebApiTagDefinition {
 	return &x
 }

-func createUniqueNamePtr(x string) *string {
-	return &x
-}
-
 type AzureClientFactoryMock struct {
 	mock *mock.Mock
 }
@@ -62,15 +56,12 @@ func TestListPullRequest(t *testing.T) {
 	teamProject := "myorg_project"
 	repoName := "myorg_project_repo"
 	pr_id := 123
-	pr_title := "feat(123)"
 	pr_head_sha := "cd4973d9d14a08ffe6b641a89a68891d6aac8056"
 	ctx := context.Background()
-	uniqueName := "testName"

 	pullRequestMock := []git.GitPullRequest{
 		{
 			PullRequestId: createIntPtr(pr_id),
-			Title:         createStringPtr(pr_title),
 			SourceRefName: createStringPtr("refs/heads/feature-branch"),
 			LastMergeSourceCommit: &git.GitCommitRef{
 				CommitId: createStringPtr(pr_head_sha),
@@ -79,9 +70,6 @@ func TestListPullRequest(t *testing.T) {
 			Repository: &git.GitRepository{
 				Name: createStringPtr(repoName),
 			},
-			CreatedBy: &webapi.IdentityRef{
-				UniqueName: createUniqueNamePtr(uniqueName + "@example.com"),
-			},
 		},
 	}

@@ -107,9 +95,7 @@ func TestListPullRequest(t *testing.T) {
 	assert.Len(t, list, 1)
 	assert.Equal(t, "feature-branch", list[0].Branch)
 	assert.Equal(t, pr_head_sha, list[0].HeadSHA)
-	assert.Equal(t, "feat(123)", list[0].Title)
 	assert.Equal(t, pr_id, list[0].Number)
-	assert.Equal(t, uniqueName, list[0].Author)
 }

 func TestConvertLabes(t *testing.T) {
--- a/applicationset/services/pull_request/bitbucket_cloud.go
+++ b/applicationset/services/pull_request/bitbucket_cloud.go
@@ -17,9 +17,7 @@ type BitbucketCloudService struct {

 type BitbucketCloudPullRequest struct {
 	ID     int                             `json:"id"`
-	Title  string                          `json:"title"`
 	Source BitbucketCloudPullRequestSource `json:"source"`
-	Author string                          `json:"author"`
 }

 type BitbucketCloudPullRequestSource struct {
@@ -131,10 +129,8 @@ func (b *BitbucketCloudService) List(_ context.Context) ([]*PullRequest, error)
 	for _, pull := range pulls {
 		pullRequests = append(pullRequests, &PullRequest{
 			Number:  pull.ID,
-			Title:   pull.Title,
 			Branch:  pull.Source.Branch.Name,
 			HeadSHA: pull.Source.Commit.Hash,
-			Author:  pull.Author,
 		})
 	}

--- a/applicationset/services/pull_request/bitbucket_cloud_test.go
+++ b/applicationset/services/pull_request/bitbucket_cloud_test.go
@@ -27,7 +27,6 @@ func defaultHandlerCloud(t *testing.T) func(http.ResponseWriter, *http.Request)
 					"values": [
 						{
 							"id": 101,
-							"title": "feat(foo-bar)",
 							"source": {
 								"branch": {
 									"name": "feature/foo-bar"
@@ -36,8 +35,7 @@ func defaultHandlerCloud(t *testing.T) func(http.ResponseWriter, *http.Request)
 									"type": "commit",
 									"hash": "1a8dd249c04a"
 								}
-							},
-							"author": "testName"
+							}
 						}
 					]
 				}`)
@@ -88,10 +86,8 @@ func TestListPullRequestBearerTokenCloud(t *testing.T) {
 	require.NoError(t, err)
 	assert.Len(t, pullRequests, 1)
 	assert.Equal(t, 101, pullRequests[0].Number)
-	assert.Equal(t, "feat(foo-bar)", pullRequests[0].Title)
 	assert.Equal(t, "feature/foo-bar", pullRequests[0].Branch)
 	assert.Equal(t, "1a8dd249c04a", pullRequests[0].HeadSHA)
-	assert.Equal(t, "testName", pullRequests[0].Author)
 }

 func TestListPullRequestNoAuthCloud(t *testing.T) {
@@ -106,10 +102,8 @@ func TestListPullRequestNoAuthCloud(t *testing.T) {
 	require.NoError(t, err)
 	assert.Len(t, pullRequests, 1)
 	assert.Equal(t, 101, pullRequests[0].Number)
-	assert.Equal(t, "feat(foo-bar)", pullRequests[0].Title)
 	assert.Equal(t, "feature/foo-bar", pullRequests[0].Branch)
 	assert.Equal(t, "1a8dd249c04a", pullRequests[0].HeadSHA)
-	assert.Equal(t, "testName", pullRequests[0].Author)
 }

 func TestListPullRequestBasicAuthCloud(t *testing.T) {
@@ -124,10 +118,8 @@ func TestListPullRequestBasicAuthCloud(t *testing.T) {
 	require.NoError(t, err)
 	assert.Len(t, pullRequests, 1)
 	assert.Equal(t, 101, pullRequests[0].Number)
-	assert.Equal(t, "feat(foo-bar)", pullRequests[0].Title)
 	assert.Equal(t, "feature/foo-bar", pullRequests[0].Branch)
 	assert.Equal(t, "1a8dd249c04a", pullRequests[0].HeadSHA)
-	assert.Equal(t, "testName", pullRequests[0].Author)
 }

 func TestListPullRequestPaginationCloud(t *testing.T) {
@@ -144,7 +136,6 @@ func TestListPullRequestPaginationCloud(t *testing.T) {
 				"values": [
 					{
 						"id": 101,
-						"title": "feat(101)",
 						"source": {
 							"branch": {
 								"name": "feature-101"
@@ -153,12 +144,10 @@ func TestListPullRequestPaginationCloud(t *testing.T) {
 								"type": "commit",
 								"hash": "1a8dd249c04a"
 							}
-						},
-						"author": "testName"
+						}
 					},
 					{
 						"id": 102,
-						"title": "feat(102)",
 						"source": {
 							"branch": {
 								"name": "feature-102"
@@ -167,8 +156,7 @@ func TestListPullRequestPaginationCloud(t *testing.T) {
 								"type": "commit",
 								"hash": "4cf807e67a6d"
 							}
-						},
-                        "author": "testName"
+						}
 					}
 				]
 			}`, r.Host))
@@ -181,7 +169,6 @@ func TestListPullRequestPaginationCloud(t *testing.T) {
 				"values": [
 					{
 						"id": 103,
-						"title": "feat(103)",
 						"source": {
 							"branch": {
 								"name": "feature-103"
@@ -190,8 +177,7 @@ func TestListPullRequestPaginationCloud(t *testing.T) {
 								"type": "commit",
 								"hash": "6344d9623e3b"
 							}
-						},
-						"author": "testName"
+						}
 					}
 				]
 			}`, r.Host))
@@ -210,24 +196,18 @@ func TestListPullRequestPaginationCloud(t *testing.T) {
 	assert.Len(t, pullRequests, 3)
 	assert.Equal(t, PullRequest{
 		Number:  101,
-		Title:   "feat(101)",
 		Branch:  "feature-101",
 		HeadSHA: "1a8dd249c04a",
-		Author:  "testName",
 	}, *pullRequests[0])
 	assert.Equal(t, PullRequest{
 		Number:  102,
-		Title:   "feat(102)",
 		Branch:  "feature-102",
 		HeadSHA: "4cf807e67a6d",
-		Author:  "testName",
 	}, *pullRequests[1])
 	assert.Equal(t, PullRequest{
 		Number:  103,
-		Title:   "feat(103)",
 		Branch:  "feature-103",
 		HeadSHA: "6344d9623e3b",
-		Author:  "testName",
 	}, *pullRequests[2])
 }

@@ -329,7 +309,6 @@ func TestListPullRequestBranchMatchCloud(t *testing.T) {
 				"values": [
 					{
 						"id": 101,
-						"title": "feat(101)",
 						"source": {
 							"branch": {
 								"name": "feature-101"
@@ -338,12 +317,10 @@ func TestListPullRequestBranchMatchCloud(t *testing.T) {
 								"type": "commit",
 								"hash": "1a8dd249c04a"
 							}
-						},
-						"author": "testName"
+						}
 					},
 					{
 						"id": 200,
-						"title": "feat(200)",
 						"source": {
 							"branch": {
 								"name": "feature-200"
@@ -352,8 +329,7 @@ func TestListPullRequestBranchMatchCloud(t *testing.T) {
 								"type": "commit",
 								"hash": "4cf807e67a6d"
 							}
-						},
-						"author": "testName"
+						}
 					}
 				]
 			}`, r.Host))
@@ -366,7 +342,6 @@ func TestListPullRequestBranchMatchCloud(t *testing.T) {
 				"values": [
 					{
 						"id": 102,
-						"title": "feat(102)",
 						"source": {
 							"branch": {
 								"name": "feature-102"
@@ -375,8 +350,7 @@ func TestListPullRequestBranchMatchCloud(t *testing.T) {
 								"type": "commit",
 								"hash": "6344d9623e3b"
 							}
-						},
-						"author": "testName"
+						}
 					}
 				]
 			}`, r.Host))
@@ -400,17 +374,13 @@ func TestListPullRequestBranchMatchCloud(t *testing.T) {
 	assert.Len(t, pullRequests, 2)
 	assert.Equal(t, PullRequest{
 		Number:  101,
-		Title:   "feat(101)",
 		Branch:  "feature-101",
 		HeadSHA: "1a8dd249c04a",
-		Author:  "testName",
 	}, *pullRequests[0])
 	assert.Equal(t, PullRequest{
 		Number:  102,
-		Title:   "feat(102)",
 		Branch:  "feature-102",
 		HeadSHA: "6344d9623e3b",
-		Author:  "testName",
 	}, *pullRequests[1])

 	regexp = `.*2$`
@@ -425,10 +395,8 @@ func TestListPullRequestBranchMatchCloud(t *testing.T) {
 	assert.Len(t, pullRequests, 1)
 	assert.Equal(t, PullRequest{
 		Number:  102,
-		Title:   "feat(102)",
 		Branch:  "feature-102",
 		HeadSHA: "6344d9623e3b",
-		Author:  "testName",
 	}, *pullRequests[0])

 	regexp = `[\d{2}`
--- a/applicationset/services/pull_request/bitbucket_server.go
+++ b/applicationset/services/pull_request/bitbucket_server.go
@@ -3,7 +3,6 @@ package pull_request
 import (
 	"context"
 	"fmt"
-	"net/http"

 	bitbucketv1 "github.com/gfleury/go-bitbucket-v1"
 	log "github.com/sirupsen/logrus"
@@ -21,7 +20,7 @@ type BitbucketService struct {

 var _ PullRequestService = (*BitbucketService)(nil)

-func NewBitbucketServiceBasicAuth(ctx context.Context, username, password, url, projectKey, repositorySlug string, scmRootCAPath string, insecure bool, caCerts []byte) (PullRequestService, error) {
+func NewBitbucketServiceBasicAuth(ctx context.Context, username, password, url, projectKey, repositorySlug string) (PullRequestService, error) {
 	bitbucketConfig := bitbucketv1.NewConfiguration(url)
 	// Avoid the XSRF check
 	bitbucketConfig.AddDefaultHeader("x-atlassian-token", "no-check")
@@ -31,29 +30,15 @@ func NewBitbucketServiceBasicAuth(ctx context.Context, username, password, url,
 		UserName: username,
 		Password: password,
 	})
-	return newBitbucketService(ctx, bitbucketConfig, projectKey, repositorySlug, scmRootCAPath, insecure, caCerts)
+	return newBitbucketService(ctx, bitbucketConfig, projectKey, repositorySlug)
 }

-func NewBitbucketServiceBearerToken(ctx context.Context, bearerToken, url, projectKey, repositorySlug string, scmRootCAPath string, insecure bool, caCerts []byte) (PullRequestService, error) {
-	bitbucketConfig := bitbucketv1.NewConfiguration(url)
-	// Avoid the XSRF check
-	bitbucketConfig.AddDefaultHeader("x-atlassian-token", "no-check")
-	bitbucketConfig.AddDefaultHeader("x-requested-with", "XMLHttpRequest")
-
-	ctx = context.WithValue(ctx, bitbucketv1.ContextAccessToken, bearerToken)
-	return newBitbucketService(ctx, bitbucketConfig, projectKey, repositorySlug, scmRootCAPath, insecure, caCerts)
+func NewBitbucketServiceNoAuth(ctx context.Context, url, projectKey, repositorySlug string) (PullRequestService, error) {
+	return newBitbucketService(ctx, bitbucketv1.NewConfiguration(url), projectKey, repositorySlug)
 }

-func NewBitbucketServiceNoAuth(ctx context.Context, url, projectKey, repositorySlug string, scmRootCAPath string, insecure bool, caCerts []byte) (PullRequestService, error) {
-	return newBitbucketService(ctx, bitbucketv1.NewConfiguration(url), projectKey, repositorySlug, scmRootCAPath, insecure, caCerts)
-}
-
-func newBitbucketService(ctx context.Context, bitbucketConfig *bitbucketv1.Configuration, projectKey, repositorySlug string, scmRootCAPath string, insecure bool, caCerts []byte) (PullRequestService, error) {
+func newBitbucketService(ctx context.Context, bitbucketConfig *bitbucketv1.Configuration, projectKey, repositorySlug string) (PullRequestService, error) {
 	bitbucketConfig.BasePath = utils.NormalizeBitbucketBasePath(bitbucketConfig.BasePath)
-	tlsConfig := utils.GetTlsConfig(scmRootCAPath, insecure, caCerts)
-	bitbucketConfig.HTTPClient = &http.Client{Transport: &http.Transport{
-		TLSClientConfig: tlsConfig,
-	}}
 	bitbucketClient := bitbucketv1.NewAPIClient(ctx, bitbucketConfig)

 	return &BitbucketService{
@@ -83,12 +68,10 @@ func (b *BitbucketService) List(_ context.Context) ([]*PullRequest, error) {
 		for _, pull := range pulls {
 			pullRequests = append(pullRequests, &PullRequest{
 				Number:       pull.ID,
-				Title:        pull.Title,
 				Branch:       pull.FromRef.DisplayID, // ID: refs/heads/main DisplayID: main
 				TargetBranch: pull.ToRef.DisplayID,
 				HeadSHA:      pull.FromRef.LatestCommit, // This is not defined in the official docs, but works in practice
 				Labels:       []string{},                // Not supported by library
-				Author:       pull.Author.User.Name,
 			})
 		}

--- a/applicationset/services/pull_request/bitbucket_server_test.go
+++ b/applicationset/services/pull_request/bitbucket_server_test.go
@@ -2,8 +2,6 @@ package pull_request

 import (
 	"context"
-	"crypto/x509"
-	"encoding/pem"
 	"io"
 	"net/http"
 	"net/http/httptest"
@@ -28,7 +26,6 @@ func defaultHandler(t *testing.T) func(http.ResponseWriter, *http.Request) {
 					"values": [
 						{
 							"id": 101,
-							"title": "feat(ABC) : 123",
 							"toRef": {
 								"latestCommit": "5b766e3564a3453808f3cd3dd3f2e5fad8ef0e7a",
 								"displayId": "master",
@@ -38,11 +35,6 @@ func defaultHandler(t *testing.T) func(http.ResponseWriter, *http.Request) {
 								"id": "refs/heads/feature-ABC-123",
 								"displayId": "feature-ABC-123",
 								"latestCommit": "cb3cf2e4d1517c83e720d2585b9402dbef71f992"
-							},
-							"author": {
-								"user": {
-									"name": "testName"
-								}
 							}
 						}
 					],
@@ -63,17 +55,15 @@ func TestListPullRequestNoAuth(t *testing.T) {
 		defaultHandler(t)(w, r)
 	}))
 	defer ts.Close()
-	svc, err := NewBitbucketServiceNoAuth(context.Background(), ts.URL, "PROJECT", "REPO", "", false, nil)
+	svc, err := NewBitbucketServiceNoAuth(context.Background(), ts.URL, "PROJECT", "REPO")
 	require.NoError(t, err)
 	pullRequests, err := ListPullRequests(context.Background(), svc, []v1alpha1.PullRequestGeneratorFilter{})
 	require.NoError(t, err)
 	assert.Len(t, pullRequests, 1)
 	assert.Equal(t, 101, pullRequests[0].Number)
-	assert.Equal(t, "feat(ABC) : 123", pullRequests[0].Title)
 	assert.Equal(t, "feature-ABC-123", pullRequests[0].Branch)
 	assert.Equal(t, "master", pullRequests[0].TargetBranch)
 	assert.Equal(t, "cb3cf2e4d1517c83e720d2585b9402dbef71f992", pullRequests[0].HeadSHA)
-	assert.Equal(t, "testName", pullRequests[0].Author)
 }

 func TestListPullRequestPagination(t *testing.T) {
@@ -89,7 +79,6 @@ func TestListPullRequestPagination(t *testing.T) {
 					"values": [
 						{
 							"id": 101,
-							"title": "feat(101)",
 							"toRef": {
 								"latestCommit": "5b766e3564a3453808f3cd3dd3f2e5fad8ef0e7a",
 								"displayId": "master",
@@ -99,16 +88,10 @@ func TestListPullRequestPagination(t *testing.T) {
 								"id": "refs/heads/feature-101",
 								"displayId": "feature-101",
 								"latestCommit": "ab3cf2e4d1517c83e720d2585b9402dbef71f992"
-							},
-							"author": {
-								"user": {
-									"name": "testName"
-								}
 							}
 						},
 						{
 							"id": 102,
-							"title": "feat(102)",
 							"toRef": {
 								"latestCommit": "5b766e3564a3453808f3cd3dd3f2e5fad8ef0e7a",
 								"displayId": "branch",
@@ -118,11 +101,6 @@ func TestListPullRequestPagination(t *testing.T) {
 								"id": "refs/heads/feature-102",
 								"displayId": "feature-102",
 								"latestCommit": "bb3cf2e4d1517c83e720d2585b9402dbef71f992"
-							},
-							"author": {
-								"user": {
-									"name": "testName"
-								}
 							}
 						}
 					],
@@ -136,7 +114,6 @@ func TestListPullRequestPagination(t *testing.T) {
 				"values": [
 					{
 						"id": 200,
-						"title": "feat(200)",
 						"toRef": {
 							"latestCommit": "5b766e3564a3453808f3cd3dd3f2e5fad8ef0e7a",
 							"displayId": "master",
@@ -146,11 +123,6 @@ func TestListPullRequestPagination(t *testing.T) {
 							"id": "refs/heads/feature-200",
 							"displayId": "feature-200",
 							"latestCommit": "cb3cf2e4d1517c83e720d2585b9402dbef71f992"
-						},
-						"author": {
-							"user": {
-								"name": "testName"
-							}
 						}
 					}
 				],
@@ -164,37 +136,31 @@ func TestListPullRequestPagination(t *testing.T) {
 		}
 	}))
 	defer ts.Close()
-	svc, err := NewBitbucketServiceNoAuth(context.Background(), ts.URL, "PROJECT", "REPO", "", false, nil)
+	svc, err := NewBitbucketServiceNoAuth(context.Background(), ts.URL, "PROJECT", "REPO")
 	require.NoError(t, err)
 	pullRequests, err := ListPullRequests(context.Background(), svc, []v1alpha1.PullRequestGeneratorFilter{})
 	require.NoError(t, err)
 	assert.Len(t, pullRequests, 3)
 	assert.Equal(t, PullRequest{
 		Number:       101,
-		Title:        "feat(101)",
 		Branch:       "feature-101",
 		TargetBranch: "master",
 		HeadSHA:      "ab3cf2e4d1517c83e720d2585b9402dbef71f992",
 		Labels:       []string{},
-		Author:       "testName",
 	}, *pullRequests[0])
 	assert.Equal(t, PullRequest{
 		Number:       102,
-		Title:        "feat(102)",
 		Branch:       "feature-102",
 		TargetBranch: "branch",
 		HeadSHA:      "bb3cf2e4d1517c83e720d2585b9402dbef71f992",
 		Labels:       []string{},
-		Author:       "testName",
 	}, *pullRequests[1])
 	assert.Equal(t, PullRequest{
 		Number:       200,
-		Title:        "feat(200)",
 		Branch:       "feature-200",
 		TargetBranch: "master",
 		HeadSHA:      "cb3cf2e4d1517c83e720d2585b9402dbef71f992",
 		Labels:       []string{},
-		Author:       "testName",
 	}, *pullRequests[2])
 }

@@ -206,7 +172,7 @@ func TestListPullRequestBasicAuth(t *testing.T) {
 		defaultHandler(t)(w, r)
 	}))
 	defer ts.Close()
-	svc, err := NewBitbucketServiceBasicAuth(context.Background(), "user", "password", ts.URL, "PROJECT", "REPO", "", false, nil)
+	svc, err := NewBitbucketServiceBasicAuth(context.Background(), "user", "password", ts.URL, "PROJECT", "REPO")
 	require.NoError(t, err)
 	pullRequests, err := ListPullRequests(context.Background(), svc, []v1alpha1.PullRequestGeneratorFilter{})
 	require.NoError(t, err)
@@ -216,97 +182,12 @@ func TestListPullRequestBasicAuth(t *testing.T) {
 	assert.Equal(t, "cb3cf2e4d1517c83e720d2585b9402dbef71f992", pullRequests[0].HeadSHA)
 }

-func TestListPullRequestBearerAuth(t *testing.T) {
-	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, "Bearer tolkien", r.Header.Get("Authorization"))
-		assert.Equal(t, "no-check", r.Header.Get("X-Atlassian-Token"))
-		defaultHandler(t)(w, r)
-	}))
-	defer ts.Close()
-	svc, err := NewBitbucketServiceBearerToken(context.Background(), "tolkien", ts.URL, "PROJECT", "REPO", "", false, nil)
-	require.NoError(t, err)
-	pullRequests, err := ListPullRequests(context.Background(), svc, []v1alpha1.PullRequestGeneratorFilter{})
-	require.NoError(t, err)
-	assert.Len(t, pullRequests, 1)
-	assert.Equal(t, 101, pullRequests[0].Number)
-	assert.Equal(t, "feat(ABC) : 123", pullRequests[0].Title)
-	assert.Equal(t, "feature-ABC-123", pullRequests[0].Branch)
-	assert.Equal(t, "cb3cf2e4d1517c83e720d2585b9402dbef71f992", pullRequests[0].HeadSHA)
-}
-
-func TestListPullRequestTLS(t *testing.T) {
-	tests := []struct {
-		name        string
-		tlsInsecure bool
-		passCerts   bool
-		requireErr  bool
-	}{
-		{
-			name:        "TLS Insecure: true, No Certs",
-			tlsInsecure: true,
-			passCerts:   false,
-			requireErr:  false,
-		},
-		{
-			name:        "TLS Insecure: true, With Certs",
-			tlsInsecure: true,
-			passCerts:   true,
-			requireErr:  false,
-		},
-		{
-			name:        "TLS Insecure: false, With Certs",
-			tlsInsecure: false,
-			passCerts:   true,
-			requireErr:  false,
-		},
-		{
-			name:        "TLS Insecure: false, No Certs",
-			tlsInsecure: false,
-			passCerts:   false,
-			requireErr:  true,
-		},
-	}
-
-	for _, test := range tests {
-		test := test
-		t.Run(test.name, func(t *testing.T) {
-			ts := httptest.NewTLSServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-				defaultHandler(t)(w, r)
-			}))
-			defer ts.Close()
-
-			var certs []byte
-			if test.passCerts == true {
-				for _, cert := range ts.TLS.Certificates {
-					for _, c := range cert.Certificate {
-						parsedCert, err := x509.ParseCertificate(c)
-						require.NoError(t, err, "Failed to parse certificate")
-						certs = append(certs, pem.EncodeToMemory(&pem.Block{
-							Type:  "CERTIFICATE",
-							Bytes: parsedCert.Raw,
-						})...)
-					}
-				}
-			}
-
-			svc, err := NewBitbucketServiceBasicAuth(context.Background(), "user", "password", ts.URL, "PROJECT", "REPO", "", test.tlsInsecure, certs)
-			require.NoError(t, err)
-			_, err = ListPullRequests(context.Background(), svc, []v1alpha1.PullRequestGeneratorFilter{})
-			if test.requireErr {
-				require.Error(t, err)
-			} else {
-				require.NoError(t, err)
-			}
-		})
-	}
-}
-
 func TestListResponseError(t *testing.T) {
 	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		w.WriteHeader(http.StatusInternalServerError)
 	}))
 	defer ts.Close()
-	svc, _ := NewBitbucketServiceNoAuth(context.Background(), ts.URL, "PROJECT", "REPO", "", false, nil)
+	svc, _ := NewBitbucketServiceNoAuth(context.Background(), ts.URL, "PROJECT", "REPO")
 	_, err := ListPullRequests(context.Background(), svc, []v1alpha1.PullRequestGeneratorFilter{})
 	require.Error(t, err)
 }
@@ -331,7 +212,7 @@ func TestListResponseMalformed(t *testing.T) {
 		}
 	}))
 	defer ts.Close()
-	svc, _ := NewBitbucketServiceNoAuth(context.Background(), ts.URL, "PROJECT", "REPO", "", false, nil)
+	svc, _ := NewBitbucketServiceNoAuth(context.Background(), ts.URL, "PROJECT", "REPO")
 	_, err := ListPullRequests(context.Background(), svc, []v1alpha1.PullRequestGeneratorFilter{})
 	require.Error(t, err)
 }
@@ -356,7 +237,7 @@ func TestListResponseEmpty(t *testing.T) {
 		}
 	}))
 	defer ts.Close()
-	svc, err := NewBitbucketServiceNoAuth(context.Background(), ts.URL, "PROJECT", "REPO", "", false, nil)
+	svc, err := NewBitbucketServiceNoAuth(context.Background(), ts.URL, "PROJECT", "REPO")
 	require.NoError(t, err)
 	pullRequests, err := ListPullRequests(context.Background(), svc, []v1alpha1.PullRequestGeneratorFilter{})
 	require.NoError(t, err)
@@ -376,7 +257,6 @@ func TestListPullRequestBranchMatch(t *testing.T) {
 					"values": [
 						{
 							"id": 101,
-							"title": "feat(101)",
 							"toRef": {
 								"latestCommit": "5b766e3564a3453808f3cd3dd3f2e5fad8ef0e7a",
 								"displayId": "master",
@@ -386,16 +266,10 @@ func TestListPullRequestBranchMatch(t *testing.T) {
 								"id": "refs/heads/feature-101",
 								"displayId": "feature-101",
 								"latestCommit": "ab3cf2e4d1517c83e720d2585b9402dbef71f992"
-							},
-							"author": {
-								"user": {
-									"name": "testName"
-								}
 							}
 						},
 						{
 							"id": 102,
-							"title": "feat(102)",
 							"toRef": {
 								"latestCommit": "5b766e3564a3453808f3cd3dd3f2e5fad8ef0e7a",
 								"displayId": "branch",
@@ -405,11 +279,6 @@ func TestListPullRequestBranchMatch(t *testing.T) {
 								"id": "refs/heads/feature-102",
 								"displayId": "feature-102",
 								"latestCommit": "bb3cf2e4d1517c83e720d2585b9402dbef71f992"
-							},
-							"author": {
-								"user": {
-									"name": "testName"
-								}
 							}
 						}
 					],
@@ -423,7 +292,6 @@ func TestListPullRequestBranchMatch(t *testing.T) {
 				"values": [
 					{
 						"id": 200,
-						"title": "feat(200)",
 						"toRef": {
 							"latestCommit": "5b766e3564a3453808f3cd3dd3f2e5fad8ef0e7a",
 							"displayId": "master",
@@ -433,11 +301,6 @@ func TestListPullRequestBranchMatch(t *testing.T) {
 							"id": "refs/heads/feature-200",
 							"displayId": "feature-200",
 							"latestCommit": "cb3cf2e4d1517c83e720d2585b9402dbef71f992"
-						},
-						"author": {
-							"user": {
-								"name": "testName"
-							}
 						}
 					}
 				],
@@ -452,7 +315,7 @@ func TestListPullRequestBranchMatch(t *testing.T) {
 	}))
 	defer ts.Close()
 	regexp := `feature-1[\d]{2}`
-	svc, err := NewBitbucketServiceNoAuth(context.Background(), ts.URL, "PROJECT", "REPO", "", false, nil)
+	svc, err := NewBitbucketServiceNoAuth(context.Background(), ts.URL, "PROJECT", "REPO")
 	require.NoError(t, err)
 	pullRequests, err := ListPullRequests(context.Background(), svc, []v1alpha1.PullRequestGeneratorFilter{
 		{
@@ -463,25 +326,21 @@ func TestListPullRequestBranchMatch(t *testing.T) {
 	assert.Len(t, pullRequests, 2)
 	assert.Equal(t, PullRequest{
 		Number:       101,
-		Title:        "feat(101)",
 		Branch:       "feature-101",
 		TargetBranch: "master",
 		HeadSHA:      "ab3cf2e4d1517c83e720d2585b9402dbef71f992",
 		Labels:       []string{},
-		Author:       "testName",
 	}, *pullRequests[0])
 	assert.Equal(t, PullRequest{
 		Number:       102,
-		Title:        "feat(102)",
 		Branch:       "feature-102",
 		TargetBranch: "branch",
 		HeadSHA:      "bb3cf2e4d1517c83e720d2585b9402dbef71f992",
 		Labels:       []string{},
-		Author:       "testName",
 	}, *pullRequests[1])

 	regexp = `.*2$`
-	svc, err = NewBitbucketServiceNoAuth(context.Background(), ts.URL, "PROJECT", "REPO", "", false, nil)
+	svc, err = NewBitbucketServiceNoAuth(context.Background(), ts.URL, "PROJECT", "REPO")
 	require.NoError(t, err)
 	pullRequests, err = ListPullRequests(context.Background(), svc, []v1alpha1.PullRequestGeneratorFilter{
 		{
@@ -492,16 +351,14 @@ func TestListPullRequestBranchMatch(t *testing.T) {
 	assert.Len(t, pullRequests, 1)
 	assert.Equal(t, PullRequest{
 		Number:       102,
-		Title:        "feat(102)",
 		Branch:       "feature-102",
 		TargetBranch: "branch",
 		HeadSHA:      "bb3cf2e4d1517c83e720d2585b9402dbef71f992",
 		Labels:       []string{},
-		Author:       "testName",
 	}, *pullRequests[0])

 	regexp = `[\d{2}`
-	svc, err = NewBitbucketServiceNoAuth(context.Background(), ts.URL, "PROJECT", "REPO", "", false, nil)
+	svc, err = NewBitbucketServiceNoAuth(context.Background(), ts.URL, "PROJECT", "REPO")
 	require.NoError(t, err)
 	_, err = ListPullRequests(context.Background(), svc, []v1alpha1.PullRequestGeneratorFilter{
 		{
--- a/applicationset/services/pull_request/gitea.go
+++ b/applicationset/services/pull_request/gitea.go
@@ -57,12 +57,10 @@ func (g *GiteaService) List(ctx context.Context) ([]*PullRequest, error) {
 	for _, pr := range prs {
 		list = append(list, &PullRequest{
 			Number:       int(pr.Index),
-			Title:        pr.Title,
 			Branch:       pr.Head.Ref,
 			TargetBranch: pr.Base.Ref,
 			HeadSHA:      pr.Head.Sha,
 			Labels:       getGiteaPRLabelNames(pr.Labels),
-			Author:       pr.Poster.UserName,
 		})
 	}
 	return list, nil
--- a/applicationset/services/pull_request/gitea_test.go
+++ b/applicationset/services/pull_request/gitea_test.go
@@ -256,11 +256,9 @@ func TestGiteaList(t *testing.T) {
 	require.NoError(t, err)
 	assert.Len(t, prs, 1)
 	assert.Equal(t, 1, prs[0].Number)
-	assert.Equal(t, "add an empty file", prs[0].Title)
 	assert.Equal(t, "test", prs[0].Branch)
 	assert.Equal(t, "main", prs[0].TargetBranch)
 	assert.Equal(t, "7bbaf62d92ddfafd9cc8b340c619abaec32bc09f", prs[0].HeadSHA)
-	assert.Equal(t, "graytshirt", prs[0].Author)
 }

 func TestGetGiteaPRLabelNames(t *testing.T) {
--- a/applicationset/services/pull_request/github.go
+++ b/applicationset/services/pull_request/github.go
@@ -5,7 +5,7 @@ import (
 	"fmt"
 	"os"

-	"github.com/google/go-github/v63/github"
+	"github.com/google/go-github/v35/github"
 	"golang.org/x/oauth2"
 )

@@ -35,7 +35,7 @@ func NewGithubService(ctx context.Context, token, url, owner, repo string, label
 		client = github.NewClient(httpClient)
 	} else {
 		var err error
-		client, err = github.NewClient(httpClient).WithEnterpriseURLs(url, url)
+		client, err = github.NewEnterpriseClient(url, url, httpClient)
 		if err != nil {
 			return nil, err
 		}
@@ -66,12 +66,10 @@ func (g *GithubService) List(ctx context.Context) ([]*PullRequest, error) {
 			}
 			pullRequests = append(pullRequests, &PullRequest{
 				Number:       *pull.Number,
-				Title:        *pull.Title,
 				Branch:       *pull.Head.Ref,
 				TargetBranch: *pull.Base.Ref,
 				HeadSHA:      *pull.Head.SHA,
 				Labels:       getGithubPRLabelNames(pull.Labels),
-				Author:       *pull.User.Login,
 			})
 		}
 		if resp.NextPage == 0 {
--- a/applicationset/services/pull_request/github_test.go
+++ b/applicationset/services/pull_request/github_test.go
@@ -3,7 +3,7 @@ package pull_request
 import (
 	"testing"

-	"github.com/google/go-github/v63/github"
+	"github.com/google/go-github/v35/github"
 	"github.com/stretchr/testify/assert"
 )

--- a/applicationset/services/pull_request/gitlab.go
+++ b/applicationset/services/pull_request/gitlab.go
@@ -21,7 +21,7 @@ type GitLabService struct {

 var _ PullRequestService = (*GitLabService)(nil)

-func NewGitLabService(ctx context.Context, token, url, project string, labels []string, pullRequestState string, scmRootCAPath string, insecure bool, caCerts []byte) (PullRequestService, error) {
+func NewGitLabService(ctx context.Context, token, url, project string, labels []string, pullRequestState string, scmRootCAPath string, insecure bool) (PullRequestService, error) {
 	var clientOptionFns []gitlab.ClientOptionFunc

 	// Set a custom Gitlab base URL if one is provided
@@ -34,7 +34,7 @@ func NewGitLabService(ctx context.Context, token, url, project string, labels []
 	}

 	tr := http.DefaultTransport.(*http.Transport).Clone()
-	tr.TLSClientConfig = utils.GetTlsConfig(scmRootCAPath, insecure, caCerts)
+	tr.TLSClientConfig = utils.GetTlsConfig(scmRootCAPath, insecure)

 	retryClient := retryablehttp.NewClient()
 	retryClient.HTTPClient.Transport = tr
@@ -56,11 +56,11 @@ func NewGitLabService(ctx context.Context, token, url, project string, labels []

 func (g *GitLabService) List(ctx context.Context) ([]*PullRequest, error) {
 	// Filter the merge requests on labels, if they are specified.
-	var labels *gitlab.LabelOptions
+	var labels *gitlab.Labels
 	if len(g.labels) > 0 {
-		var labelsList gitlab.LabelOptions = g.labels
-		labels = &labelsList
+		labels = (*gitlab.Labels)(&g.labels)
 	}
+
 	opts := &gitlab.ListProjectMergeRequestsOptions{
 		ListOptions: gitlab.ListOptions{
 			PerPage: 100,
@@ -81,12 +81,10 @@ func (g *GitLabService) List(ctx context.Context) ([]*PullRequest, error) {
 		for _, mr := range mrs {
 			pullRequests = append(pullRequests, &PullRequest{
 				Number:       mr.IID,
-				Title:        mr.Title,
 				Branch:       mr.SourceBranch,
 				TargetBranch: mr.TargetBranch,
 				HeadSHA:      mr.SHA,
 				Labels:       mr.Labels,
-				Author:       mr.Author.Username,
 			})
 		}
 		if resp.NextPage == 0 {
--- a/applicationset/services/pull_request/gitlab_test.go
+++ b/applicationset/services/pull_request/gitlab_test.go
@@ -2,8 +2,6 @@ package pull_request

 import (
 	"context"
-	"crypto/x509"
-	"encoding/pem"
 	"io"
 	"net/http"
 	"net/http/httptest"
@@ -37,7 +35,7 @@ func TestGitLabServiceCustomBaseURL(t *testing.T) {
 		writeMRListResponse(t, w)
 	})

-	svc, err := NewGitLabService(context.Background(), "", server.URL, "278964", nil, "", "", false, nil)
+	svc, err := NewGitLabService(context.Background(), "", server.URL, "278964", nil, "", "", false)
 	require.NoError(t, err)

 	_, err = svc.List(context.Background())
@@ -56,7 +54,7 @@ func TestGitLabServiceToken(t *testing.T) {
 		writeMRListResponse(t, w)
 	})

-	svc, err := NewGitLabService(context.Background(), "token-123", server.URL, "278964", nil, "", "", false, nil)
+	svc, err := NewGitLabService(context.Background(), "token-123", server.URL, "278964", nil, "", "", false)
 	require.NoError(t, err)

 	_, err = svc.List(context.Background())
@@ -75,18 +73,16 @@ func TestList(t *testing.T) {
 		writeMRListResponse(t, w)
 	})

-	svc, err := NewGitLabService(context.Background(), "", server.URL, "278964", []string{}, "", "", false, nil)
+	svc, err := NewGitLabService(context.Background(), "", server.URL, "278964", []string{}, "", "", false)
 	require.NoError(t, err)

 	prs, err := svc.List(context.Background())
 	require.NoError(t, err)
 	assert.Len(t, prs, 1)
 	assert.Equal(t, 15442, prs[0].Number)
-	assert.Equal(t, "Draft: Use structured logging for DB load balancer", prs[0].Title)
 	assert.Equal(t, "use-structured-logging-for-db-load-balancer", prs[0].Branch)
 	assert.Equal(t, "master", prs[0].TargetBranch)
 	assert.Equal(t, "2fc4e8b972ff3208ec63b6143e34ad67ff343ad7", prs[0].HeadSHA)
-	assert.Equal(t, "hfyngvason", prs[0].Author)
 }

 func TestListWithLabels(t *testing.T) {
@@ -101,7 +97,7 @@ func TestListWithLabels(t *testing.T) {
 		writeMRListResponse(t, w)
 	})

-	svc, err := NewGitLabService(context.Background(), "", server.URL, "278964", []string{"feature", "ready"}, "", "", false, nil)
+	svc, err := NewGitLabService(context.Background(), "", server.URL, "278964", []string{"feature", "ready"}, "", "", false)
 	require.NoError(t, err)

 	_, err = svc.List(context.Background())
@@ -120,77 +116,9 @@ func TestListWithState(t *testing.T) {
 		writeMRListResponse(t, w)
 	})

-	svc, err := NewGitLabService(context.Background(), "", server.URL, "278964", []string{}, "opened", "", false, nil)
+	svc, err := NewGitLabService(context.Background(), "", server.URL, "278964", []string{}, "opened", "", false)
 	require.NoError(t, err)

 	_, err = svc.List(context.Background())
 	require.NoError(t, err)
 }
-
-func TestListWithStateTLS(t *testing.T) {
-	tests := []struct {
-		name        string
-		tlsInsecure bool
-		passCerts   bool
-		requireErr  bool
-	}{
-		{
-			name:        "TLS Insecure: true, No Certs",
-			tlsInsecure: true,
-			passCerts:   false,
-			requireErr:  false,
-		},
-		{
-			name:        "TLS Insecure: true, With Certs",
-			tlsInsecure: true,
-			passCerts:   true,
-			requireErr:  false,
-		},
-		{
-			name:        "TLS Insecure: false, With Certs",
-			tlsInsecure: false,
-			passCerts:   true,
-			requireErr:  false,
-		},
-		{
-			name:        "TLS Insecure: false, No Certs",
-			tlsInsecure: false,
-			passCerts:   false,
-			requireErr:  true,
-		},
-	}
-
-	for _, test := range tests {
-		test := test
-		t.Run(test.name, func(t *testing.T) {
-			ts := httptest.NewTLSServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-				writeMRListResponse(t, w)
-			}))
-			defer ts.Close()
-
-			var certs []byte
-			if test.passCerts == true {
-				for _, cert := range ts.TLS.Certificates {
-					for _, c := range cert.Certificate {
-						parsedCert, err := x509.ParseCertificate(c)
-						require.NoError(t, err, "Failed to parse certificate")
-						certs = append(certs, pem.EncodeToMemory(&pem.Block{
-							Type:  "CERTIFICATE",
-							Bytes: parsedCert.Raw,
-						})...)
-					}
-				}
-			}
-
-			svc, err := NewGitLabService(context.Background(), "", ts.URL, "278964", []string{}, "opened", "", test.tlsInsecure, certs)
-			require.NoError(t, err)
-
-			_, err = svc.List(context.Background())
-			if test.requireErr {
-				require.Error(t, err)
-			} else {
-				require.NoError(t, err)
-			}
-		})
-	}
-}
--- a/applicationset/services/pull_request/interface.go
+++ b/applicationset/services/pull_request/interface.go
@@ -8,8 +8,6 @@ import (
 type PullRequest struct {
 	// Number is a number that will be the ID of the pull request.
 	Number int
-	// Title of the pull request.
-	Title string
 	// Branch is the name of the branch from which the pull request originated.
 	Branch string
 	// TargetBranch is the name of the target branch of the pull request.
@@ -18,8 +16,6 @@ type PullRequest struct {
 	HeadSHA string
 	// Labels of the pull request.
 	Labels []string
-	// Author is the author of the pull request.
-	Author string
 }

 type PullRequestService interface {
--- a/applicationset/services/pull_request/utils_test.go
+++ b/applicationset/services/pull_request/utils_test.go
@@ -20,11 +20,9 @@ func TestFilterBranchMatchBadRegexp(t *testing.T) {
 		[]*PullRequest{
 			{
 				Number:       1,
-				Title:        "PR branch1",
 				Branch:       "branch1",
 				TargetBranch: "master",
 				HeadSHA:      "089d92cbf9ff857a39e6feccd32798ca700fb958",
-				Author:       "name1",
 			},
 		},
 		nil,
@@ -44,35 +42,27 @@ func TestFilterBranchMatch(t *testing.T) {
 		[]*PullRequest{
 			{
 				Number:       1,
-				Title:        "PR one",
 				Branch:       "one",
 				TargetBranch: "master",
 				HeadSHA:      "189d92cbf9ff857a39e6feccd32798ca700fb958",
-				Author:       "name1",
 			},
 			{
 				Number:       2,
-				Title:        "PR two",
 				Branch:       "two",
 				TargetBranch: "master",
 				HeadSHA:      "289d92cbf9ff857a39e6feccd32798ca700fb958",
-				Author:       "name2",
 			},
 			{
 				Number:       3,
-				Title:        "PR three",
 				Branch:       "three",
 				TargetBranch: "master",
 				HeadSHA:      "389d92cbf9ff857a39e6feccd32798ca700fb958",
-				Author:       "name3",
 			},
 			{
 				Number:       4,
-				Title:        "PR four",
 				Branch:       "four",
 				TargetBranch: "master",
 				HeadSHA:      "489d92cbf9ff857a39e6feccd32798ca700fb958",
-				Author:       "name4",
 			},
 		},
 		nil,
@@ -94,35 +84,27 @@ func TestFilterTargetBranchMatch(t *testing.T) {
 		[]*PullRequest{
 			{
 				Number:       1,
-				Title:        "PR one",
 				Branch:       "one",
 				TargetBranch: "master",
 				HeadSHA:      "189d92cbf9ff857a39e6feccd32798ca700fb958",
-				Author:       "name1",
 			},
 			{
 				Number:       2,
-				Title:        "PR two",
 				Branch:       "two",
 				TargetBranch: "branch1",
 				HeadSHA:      "289d92cbf9ff857a39e6feccd32798ca700fb958",
-				Author:       "name2",
 			},
 			{
 				Number:       3,
-				Title:        "PR three",
 				Branch:       "three",
 				TargetBranch: "branch2",
 				HeadSHA:      "389d92cbf9ff857a39e6feccd32798ca700fb958",
-				Author:       "name3",
 			},
 			{
 				Number:       4,
-				Title:        "PR four",
 				Branch:       "four",
 				TargetBranch: "branch3",
 				HeadSHA:      "489d92cbf9ff857a39e6feccd32798ca700fb958",
-				Author:       "name4",
 			},
 		},
 		nil,
@@ -144,35 +126,27 @@ func TestMultiFilterOr(t *testing.T) {
 		[]*PullRequest{
 			{
 				Number:       1,
-				Title:        "PR one",
 				Branch:       "one",
 				TargetBranch: "master",
 				HeadSHA:      "189d92cbf9ff857a39e6feccd32798ca700fb958",
-				Author:       "name1",
 			},
 			{
 				Number:       2,
-				Title:        "PR two",
 				Branch:       "two",
 				TargetBranch: "master",
 				HeadSHA:      "289d92cbf9ff857a39e6feccd32798ca700fb958",
-				Author:       "name2",
 			},
 			{
 				Number:       3,
-				Title:        "PR three",
 				Branch:       "three",
 				TargetBranch: "master",
 				HeadSHA:      "389d92cbf9ff857a39e6feccd32798ca700fb958",
-				Author:       "name3",
 			},
 			{
 				Number:       4,
-				Title:        "PR four",
 				Branch:       "four",
 				TargetBranch: "master",
 				HeadSHA:      "489d92cbf9ff857a39e6feccd32798ca700fb958",
-				Author:       "name4",
 			},
 		},
 		nil,
@@ -199,35 +173,27 @@ func TestMultiFilterOrWithTargetBranchFilter(t *testing.T) {
 		[]*PullRequest{
 			{
 				Number:       1,
-				Title:        "PR one",
 				Branch:       "one",
 				TargetBranch: "master",
 				HeadSHA:      "189d92cbf9ff857a39e6feccd32798ca700fb958",
-				Author:       "name1",
 			},
 			{
 				Number:       2,
-				Title:        "PR two",
 				Branch:       "two",
 				TargetBranch: "branch1",
 				HeadSHA:      "289d92cbf9ff857a39e6feccd32798ca700fb958",
-				Author:       "name2",
 			},
 			{
 				Number:       3,
-				Title:        "PR three",
 				Branch:       "three",
 				TargetBranch: "branch2",
 				HeadSHA:      "389d92cbf9ff857a39e6feccd32798ca700fb958",
-				Author:       "name3",
 			},
 			{
 				Number:       4,
-				Title:        "PR four",
 				Branch:       "four",
 				TargetBranch: "branch3",
 				HeadSHA:      "489d92cbf9ff857a39e6feccd32798ca700fb958",
-				Author:       "name4",
 			},
 		},
 		nil,
@@ -255,19 +221,15 @@ func TestNoFilters(t *testing.T) {
 		[]*PullRequest{
 			{
 				Number:       1,
-				Title:        "PR one",
 				Branch:       "one",
 				TargetBranch: "master",
 				HeadSHA:      "189d92cbf9ff857a39e6feccd32798ca700fb958",
-				Author:       "name1",
 			},
 			{
 				Number:       2,
-				Title:        "PR two",
 				Branch:       "two",
 				TargetBranch: "master",
 				HeadSHA:      "289d92cbf9ff857a39e6feccd32798ca700fb958",
-				Author:       "name2",
 			},
 		},
 		nil,
--- a/applicationset/services/repo_service.go
+++ b/applicationset/services/repo_service.go
@@ -18,6 +18,8 @@ type argoCDService struct {
 	newFileGlobbingEnabled bool
 }

+//go:generate go run github.com/vektra/mockery/v2@v2.40.2 --name=Repos
+
 type Repos interface {
 	// GetFiles returns content of files (not directories) within the target repo
 	GetFiles(ctx context.Context, repoURL string, revision string, pattern string, noRevisionCache, verifyCommit bool) (map[string][]byte, error)
--- a/applicationset/services/repo_service_test.go
+++ b/applicationset/services/repo_service_test.go
@@ -191,6 +191,6 @@ func TestNewArgoCDService(t *testing.T) {
 	service, err := NewArgoCDService(func(ctx context.Context, url, project string) (*v1alpha1.Repository, error) {
 		return &v1alpha1.Repository{}, nil
 	}, false, &repo_mocks.Clientset{}, false)
-	require.NoError(t, err)
+	require.NoError(t, err, err)
 	assert.NotNil(t, service)
 }
--- a/applicationset/services/scm_provider/aws_codecommit/mocks/AWSCodeCommitClient.go
+++ b/applicationset/services/scm_provider/aws_codecommit/mocks/AWSCodeCommitClient.go
@@ -1,4 +1,4 @@
-// Code generated by mockery v2.43.2. DO NOT EDIT.
+// Code generated by mockery v2.26.1. DO NOT EDIT.

 package mocks

@@ -17,6 +17,14 @@ type AWSCodeCommitClient struct {
 	mock.Mock
 }

+type AWSCodeCommitClient_Expecter struct {
+	mock *mock.Mock
+}
+
+func (_m *AWSCodeCommitClient) EXPECT() *AWSCodeCommitClient_Expecter {
+	return &AWSCodeCommitClient_Expecter{mock: &_m.Mock}
+}
+
 // GetFolderWithContext provides a mock function with given fields: _a0, _a1, _a2
 func (_m *AWSCodeCommitClient) GetFolderWithContext(_a0 context.Context, _a1 *codecommit.GetFolderInput, _a2 ...request.Option) (*codecommit.GetFolderOutput, error) {
 	_va := make([]interface{}, len(_a2))
@@ -28,10 +36,6 @@ func (_m *AWSCodeCommitClient) GetFolderWithContext(_a0 context.Context, _a1 *co
 	_ca = append(_ca, _va...)
 	ret := _m.Called(_ca...)

-	if len(ret) == 0 {
-		panic("no return value specified for GetFolderWithContext")
-	}
-
 	var r0 *codecommit.GetFolderOutput
 	var r1 error
 	if rf, ok := ret.Get(0).(func(context.Context, *codecommit.GetFolderInput, ...request.Option) (*codecommit.GetFolderOutput, error)); ok {
@@ -54,6 +58,43 @@ func (_m *AWSCodeCommitClient) GetFolderWithContext(_a0 context.Context, _a1 *co
 	return r0, r1
 }

+// AWSCodeCommitClient_GetFolderWithContext_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'GetFolderWithContext'
+type AWSCodeCommitClient_GetFolderWithContext_Call struct {
+	*mock.Call
+}
+
+// GetFolderWithContext is a helper method to define mock.On call
+//   - _a0 context.Context
+//   - _a1 *codecommit.GetFolderInput
+//   - _a2 ...request.Option
+func (_e *AWSCodeCommitClient_Expecter) GetFolderWithContext(_a0 interface{}, _a1 interface{}, _a2 ...interface{}) *AWSCodeCommitClient_GetFolderWithContext_Call {
+	return &AWSCodeCommitClient_GetFolderWithContext_Call{Call: _e.mock.On("GetFolderWithContext",
+		append([]interface{}{_a0, _a1}, _a2...)...)}
+}
+
+func (_c *AWSCodeCommitClient_GetFolderWithContext_Call) Run(run func(_a0 context.Context, _a1 *codecommit.GetFolderInput, _a2 ...request.Option)) *AWSCodeCommitClient_GetFolderWithContext_Call {
+	_c.Call.Run(func(args mock.Arguments) {
+		variadicArgs := make([]request.Option, len(args)-2)
+		for i, a := range args[2:] {
+			if a != nil {
+				variadicArgs[i] = a.(request.Option)
+			}
+		}
+		run(args[0].(context.Context), args[1].(*codecommit.GetFolderInput), variadicArgs...)
+	})
+	return _c
+}
+
+func (_c *AWSCodeCommitClient_GetFolderWithContext_Call) Return(_a0 *codecommit.GetFolderOutput, _a1 error) *AWSCodeCommitClient_GetFolderWithContext_Call {
+	_c.Call.Return(_a0, _a1)
+	return _c
+}
+
+func (_c *AWSCodeCommitClient_GetFolderWithContext_Call) RunAndReturn(run func(context.Context, *codecommit.GetFolderInput, ...request.Option) (*codecommit.GetFolderOutput, error)) *AWSCodeCommitClient_GetFolderWithContext_Call {
+	_c.Call.Return(run)
+	return _c
+}
+
 // GetRepositoryWithContext provides a mock function with given fields: _a0, _a1, _a2
 func (_m *AWSCodeCommitClient) GetRepositoryWithContext(_a0 context.Context, _a1 *codecommit.GetRepositoryInput, _a2 ...request.Option) (*codecommit.GetRepositoryOutput, error) {
 	_va := make([]interface{}, len(_a2))
@@ -65,10 +106,6 @@ func (_m *AWSCodeCommitClient) GetRepositoryWithContext(_a0 context.Context, _a1
 	_ca = append(_ca, _va...)
 	ret := _m.Called(_ca...)

-	if len(ret) == 0 {
-		panic("no return value specified for GetRepositoryWithContext")
-	}
-
 	var r0 *codecommit.GetRepositoryOutput
 	var r1 error
 	if rf, ok := ret.Get(0).(func(context.Context, *codecommit.GetRepositoryInput, ...request.Option) (*codecommit.GetRepositoryOutput, error)); ok {
@@ -91,6 +128,43 @@ func (_m *AWSCodeCommitClient) GetRepositoryWithContext(_a0 context.Context, _a1
 	return r0, r1
 }

+// AWSCodeCommitClient_GetRepositoryWithContext_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'GetRepositoryWithContext'
+type AWSCodeCommitClient_GetRepositoryWithContext_Call struct {
+	*mock.Call
+}
+
+// GetRepositoryWithContext is a helper method to define mock.On call
+//   - _a0 context.Context
+//   - _a1 *codecommit.GetRepositoryInput
+//   - _a2 ...request.Option
+func (_e *AWSCodeCommitClient_Expecter) GetRepositoryWithContext(_a0 interface{}, _a1 interface{}, _a2 ...interface{}) *AWSCodeCommitClient_GetRepositoryWithContext_Call {
+	return &AWSCodeCommitClient_GetRepositoryWithContext_Call{Call: _e.mock.On("GetRepositoryWithContext",
+		append([]interface{}{_a0, _a1}, _a2...)...)}
+}
+
+func (_c *AWSCodeCommitClient_GetRepositoryWithContext_Call) Run(run func(_a0 context.Context, _a1 *codecommit.GetRepositoryInput, _a2 ...request.Option)) *AWSCodeCommitClient_GetRepositoryWithContext_Call {
+	_c.Call.Run(func(args mock.Arguments) {
+		variadicArgs := make([]request.Option, len(args)-2)
+		for i, a := range args[2:] {
+			if a != nil {
+				variadicArgs[i] = a.(request.Option)
+			}
+		}
+		run(args[0].(context.Context), args[1].(*codecommit.GetRepositoryInput), variadicArgs...)
+	})
+	return _c
+}
+
+func (_c *AWSCodeCommitClient_GetRepositoryWithContext_Call) Return(_a0 *codecommit.GetRepositoryOutput, _a1 error) *AWSCodeCommitClient_GetRepositoryWithContext_Call {
+	_c.Call.Return(_a0, _a1)
+	return _c
+}
+
+func (_c *AWSCodeCommitClient_GetRepositoryWithContext_Call) RunAndReturn(run func(context.Context, *codecommit.GetRepositoryInput, ...request.Option) (*codecommit.GetRepositoryOutput, error)) *AWSCodeCommitClient_GetRepositoryWithContext_Call {
+	_c.Call.Return(run)
+	return _c
+}
+
 // ListBranchesWithContext provides a mock function with given fields: _a0, _a1, _a2
 func (_m *AWSCodeCommitClient) ListBranchesWithContext(_a0 context.Context, _a1 *codecommit.ListBranchesInput, _a2 ...request.Option) (*codecommit.ListBranchesOutput, error) {
 	_va := make([]interface{}, len(_a2))
@@ -102,10 +176,6 @@ func (_m *AWSCodeCommitClient) ListBranchesWithContext(_a0 context.Context, _a1
 	_ca = append(_ca, _va...)
 	ret := _m.Called(_ca...)

-	if len(ret) == 0 {
-		panic("no return value specified for ListBranchesWithContext")
-	}
-
 	var r0 *codecommit.ListBranchesOutput
 	var r1 error
 	if rf, ok := ret.Get(0).(func(context.Context, *codecommit.ListBranchesInput, ...request.Option) (*codecommit.ListBranchesOutput, error)); ok {
@@ -128,6 +198,43 @@ func (_m *AWSCodeCommitClient) ListBranchesWithContext(_a0 context.Context, _a1
 	return r0, r1
 }

+// AWSCodeCommitClient_ListBranchesWithContext_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'ListBranchesWithContext'
+type AWSCodeCommitClient_ListBranchesWithContext_Call struct {
+	*mock.Call
+}
+
+// ListBranchesWithContext is a helper method to define mock.On call
+//   - _a0 context.Context
+//   - _a1 *codecommit.ListBranchesInput
+//   - _a2 ...request.Option
+func (_e *AWSCodeCommitClient_Expecter) ListBranchesWithContext(_a0 interface{}, _a1 interface{}, _a2 ...interface{}) *AWSCodeCommitClient_ListBranchesWithContext_Call {
+	return &AWSCodeCommitClient_ListBranchesWithContext_Call{Call: _e.mock.On("ListBranchesWithContext",
+		append([]interface{}{_a0, _a1}, _a2...)...)}
+}
+
+func (_c *AWSCodeCommitClient_ListBranchesWithContext_Call) Run(run func(_a0 context.Context, _a1 *codecommit.ListBranchesInput, _a2 ...request.Option)) *AWSCodeCommitClient_ListBranchesWithContext_Call {
+	_c.Call.Run(func(args mock.Arguments) {
+		variadicArgs := make([]request.Option, len(args)-2)
+		for i, a := range args[2:] {
+			if a != nil {
+				variadicArgs[i] = a.(request.Option)
+			}
+		}
+		run(args[0].(context.Context), args[1].(*codecommit.ListBranchesInput), variadicArgs...)
+	})
+	return _c
+}
+
+func (_c *AWSCodeCommitClient_ListBranchesWithContext_Call) Return(_a0 *codecommit.ListBranchesOutput, _a1 error) *AWSCodeCommitClient_ListBranchesWithContext_Call {
+	_c.Call.Return(_a0, _a1)
+	return _c
+}
+
+func (_c *AWSCodeCommitClient_ListBranchesWithContext_Call) RunAndReturn(run func(context.Context, *codecommit.ListBranchesInput, ...request.Option) (*codecommit.ListBranchesOutput, error)) *AWSCodeCommitClient_ListBranchesWithContext_Call {
+	_c.Call.Return(run)
+	return _c
+}
+
 // ListRepositoriesWithContext provides a mock function with given fields: _a0, _a1, _a2
 func (_m *AWSCodeCommitClient) ListRepositoriesWithContext(_a0 context.Context, _a1 *codecommit.ListRepositoriesInput, _a2 ...request.Option) (*codecommit.ListRepositoriesOutput, error) {
 	_va := make([]interface{}, len(_a2))
@@ -139,10 +246,6 @@ func (_m *AWSCodeCommitClient) ListRepositoriesWithContext(_a0 context.Context,
 	_ca = append(_ca, _va...)
 	ret := _m.Called(_ca...)

-	if len(ret) == 0 {
-		panic("no return value specified for ListRepositoriesWithContext")
-	}
-
 	var r0 *codecommit.ListRepositoriesOutput
 	var r1 error
 	if rf, ok := ret.Get(0).(func(context.Context, *codecommit.ListRepositoriesInput, ...request.Option) (*codecommit.ListRepositoriesOutput, error)); ok {
@@ -165,12 +268,50 @@ func (_m *AWSCodeCommitClient) ListRepositoriesWithContext(_a0 context.Context,
 	return r0, r1
 }

-// NewAWSCodeCommitClient creates a new instance of AWSCodeCommitClient. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations.
-// The first argument is typically a *testing.T value.
-func NewAWSCodeCommitClient(t interface {
+// AWSCodeCommitClient_ListRepositoriesWithContext_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'ListRepositoriesWithContext'
+type AWSCodeCommitClient_ListRepositoriesWithContext_Call struct {
+	*mock.Call
+}
+
+// ListRepositoriesWithContext is a helper method to define mock.On call
+//   - _a0 context.Context
+//   - _a1 *codecommit.ListRepositoriesInput
+//   - _a2 ...request.Option
+func (_e *AWSCodeCommitClient_Expecter) ListRepositoriesWithContext(_a0 interface{}, _a1 interface{}, _a2 ...interface{}) *AWSCodeCommitClient_ListRepositoriesWithContext_Call {
+	return &AWSCodeCommitClient_ListRepositoriesWithContext_Call{Call: _e.mock.On("ListRepositoriesWithContext",
+		append([]interface{}{_a0, _a1}, _a2...)...)}
+}
+
+func (_c *AWSCodeCommitClient_ListRepositoriesWithContext_Call) Run(run func(_a0 context.Context, _a1 *codecommit.ListRepositoriesInput, _a2 ...request.Option)) *AWSCodeCommitClient_ListRepositoriesWithContext_Call {
+	_c.Call.Run(func(args mock.Arguments) {
+		variadicArgs := make([]request.Option, len(args)-2)
+		for i, a := range args[2:] {
+			if a != nil {
+				variadicArgs[i] = a.(request.Option)
+			}
+		}
+		run(args[0].(context.Context), args[1].(*codecommit.ListRepositoriesInput), variadicArgs...)
+	})
+	return _c
+}
+
+func (_c *AWSCodeCommitClient_ListRepositoriesWithContext_Call) Return(_a0 *codecommit.ListRepositoriesOutput, _a1 error) *AWSCodeCommitClient_ListRepositoriesWithContext_Call {
+	_c.Call.Return(_a0, _a1)
+	return _c
+}
+
+func (_c *AWSCodeCommitClient_ListRepositoriesWithContext_Call) RunAndReturn(run func(context.Context, *codecommit.ListRepositoriesInput, ...request.Option) (*codecommit.ListRepositoriesOutput, error)) *AWSCodeCommitClient_ListRepositoriesWithContext_Call {
+	_c.Call.Return(run)
+	return _c
+}
+
+type mockConstructorTestingTNewAWSCodeCommitClient interface {
 	mock.TestingT
 	Cleanup(func())
-}) *AWSCodeCommitClient {
+}
+
+// NewAWSCodeCommitClient creates a new instance of AWSCodeCommitClient. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations.
+func NewAWSCodeCommitClient(t mockConstructorTestingTNewAWSCodeCommitClient) *AWSCodeCommitClient {
 	mock := &AWSCodeCommitClient{}
 	mock.Mock.Test(t)

--- a/applicationset/services/scm_provider/aws_codecommit/mocks/AWSTaggingClient.go
+++ b/applicationset/services/scm_provider/aws_codecommit/mocks/AWSTaggingClient.go
@@ -1,4 +1,4 @@
-// Code generated by mockery v2.43.2. DO NOT EDIT.
+// Code generated by mockery v2.26.1. DO NOT EDIT.

 package mocks

@@ -16,6 +16,14 @@ type AWSTaggingClient struct {
 	mock.Mock
 }

+type AWSTaggingClient_Expecter struct {
+	mock *mock.Mock
+}
+
+func (_m *AWSTaggingClient) EXPECT() *AWSTaggingClient_Expecter {
+	return &AWSTaggingClient_Expecter{mock: &_m.Mock}
+}
+
 // GetResourcesWithContext provides a mock function with given fields: _a0, _a1, _a2
 func (_m *AWSTaggingClient) GetResourcesWithContext(_a0 context.Context, _a1 *resourcegroupstaggingapi.GetResourcesInput, _a2 ...request.Option) (*resourcegroupstaggingapi.GetResourcesOutput, error) {
 	_va := make([]interface{}, len(_a2))
@@ -27,10 +35,6 @@ func (_m *AWSTaggingClient) GetResourcesWithContext(_a0 context.Context, _a1 *re
 	_ca = append(_ca, _va...)
 	ret := _m.Called(_ca...)

-	if len(ret) == 0 {
-		panic("no return value specified for GetResourcesWithContext")
-	}
-
 	var r0 *resourcegroupstaggingapi.GetResourcesOutput
 	var r1 error
 	if rf, ok := ret.Get(0).(func(context.Context, *resourcegroupstaggingapi.GetResourcesInput, ...request.Option) (*resourcegroupstaggingapi.GetResourcesOutput, error)); ok {
@@ -53,12 +57,50 @@ func (_m *AWSTaggingClient) GetResourcesWithContext(_a0 context.Context, _a1 *re
 	return r0, r1
 }

-// NewAWSTaggingClient creates a new instance of AWSTaggingClient. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations.
-// The first argument is typically a *testing.T value.
-func NewAWSTaggingClient(t interface {
+// AWSTaggingClient_GetResourcesWithContext_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'GetResourcesWithContext'
+type AWSTaggingClient_GetResourcesWithContext_Call struct {
+	*mock.Call
+}
+
+// GetResourcesWithContext is a helper method to define mock.On call
+//   - _a0 context.Context
+//   - _a1 *resourcegroupstaggingapi.GetResourcesInput
+//   - _a2 ...request.Option
+func (_e *AWSTaggingClient_Expecter) GetResourcesWithContext(_a0 interface{}, _a1 interface{}, _a2 ...interface{}) *AWSTaggingClient_GetResourcesWithContext_Call {
+	return &AWSTaggingClient_GetResourcesWithContext_Call{Call: _e.mock.On("GetResourcesWithContext",
+		append([]interface{}{_a0, _a1}, _a2...)...)}
+}
+
+func (_c *AWSTaggingClient_GetResourcesWithContext_Call) Run(run func(_a0 context.Context, _a1 *resourcegroupstaggingapi.GetResourcesInput, _a2 ...request.Option)) *AWSTaggingClient_GetResourcesWithContext_Call {
+	_c.Call.Run(func(args mock.Arguments) {
+		variadicArgs := make([]request.Option, len(args)-2)
+		for i, a := range args[2:] {
+			if a != nil {
+				variadicArgs[i] = a.(request.Option)
+			}
+		}
+		run(args[0].(context.Context), args[1].(*resourcegroupstaggingapi.GetResourcesInput), variadicArgs...)
+	})
+	return _c
+}
+
+func (_c *AWSTaggingClient_GetResourcesWithContext_Call) Return(_a0 *resourcegroupstaggingapi.GetResourcesOutput, _a1 error) *AWSTaggingClient_GetResourcesWithContext_Call {
+	_c.Call.Return(_a0, _a1)
+	return _c
+}
+
+func (_c *AWSTaggingClient_GetResourcesWithContext_Call) RunAndReturn(run func(context.Context, *resourcegroupstaggingapi.GetResourcesInput, ...request.Option) (*resourcegroupstaggingapi.GetResourcesOutput, error)) *AWSTaggingClient_GetResourcesWithContext_Call {
+	_c.Call.Return(run)
+	return _c
+}
+
+type mockConstructorTestingTNewAWSTaggingClient interface {
 	mock.TestingT
 	Cleanup(func())
-}) *AWSTaggingClient {
+}
+
+// NewAWSTaggingClient creates a new instance of AWSTaggingClient. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations.
+func NewAWSTaggingClient(t mockConstructorTestingTNewAWSTaggingClient) *AWSTaggingClient {
 	mock := &AWSTaggingClient{}
 	mock.Mock.Test(t)

--- a/applicationset/services/scm_provider/aws_codecommit_test.go
+++ b/applicationset/services/scm_provider/aws_codecommit_test.go
@@ -178,8 +178,8 @@ func TestAWSCodeCommitListRepos(t *testing.T) {
 				if repo.getRepositoryNilMetadata {
 					repoMetadata = nil
 				}
-				codeCommitClient.
-					On("GetRepositoryWithContext", ctx, &codecommit.GetRepositoryInput{RepositoryName: aws.String(repo.name)}).
+				codeCommitClient.EXPECT().
+					GetRepositoryWithContext(ctx, &codecommit.GetRepositoryInput{RepositoryName: aws.String(repo.name)}).
 					Return(&codecommit.GetRepositoryOutput{RepositoryMetadata: repoMetadata}, repo.getRepositoryError)
 				codecommitRepoNameIdPairs = append(codecommitRepoNameIdPairs, &codecommit.RepositoryNameIdPair{
 					RepositoryId:   aws.String(repo.id),
@@ -194,14 +194,14 @@ func TestAWSCodeCommitListRepos(t *testing.T) {
 			}

 			if testCase.expectListAtCodeCommit {
-				codeCommitClient.
-					On("ListRepositoriesWithContext", ctx, &codecommit.ListRepositoriesInput{}).
+				codeCommitClient.EXPECT().
+					ListRepositoriesWithContext(ctx, &codecommit.ListRepositoriesInput{}).
 					Return(&codecommit.ListRepositoriesOutput{
 						Repositories: codecommitRepoNameIdPairs,
 					}, testCase.listRepositoryError)
 			} else {
-				taggingClient.
-					On("GetResourcesWithContext", ctx, mock.MatchedBy(equalIgnoringTagFilterOrder(&resourcegroupstaggingapi.GetResourcesInput{
+				taggingClient.EXPECT().
+					GetResourcesWithContext(ctx, mock.MatchedBy(equalIgnoringTagFilterOrder(&resourcegroupstaggingapi.GetResourcesInput{
 						TagFilters:          testCase.expectTagFilters,
 						ResourceTypeFilters: aws.StringSlice([]string{resourceTypeCodeCommitRepository}),
 					}))).
@@ -351,8 +351,8 @@ func TestAWSCodeCommitRepoHasPath(t *testing.T) {
 			taggingClient := mocks.NewAWSTaggingClient(t)
 			ctx := context.Background()
 			if testCase.expectedGetFolderPath != "" {
-				codeCommitClient.
-					On("GetFolderWithContext", ctx, &codecommit.GetFolderInput{
+				codeCommitClient.EXPECT().
+					GetFolderWithContext(ctx, &codecommit.GetFolderInput{
 						CommitSpecifier: aws.String(branch),
 						FolderPath:      aws.String(testCase.expectedGetFolderPath),
 						RepositoryName:  aws.String(repoName),
@@ -424,14 +424,14 @@ func TestAWSCodeCommitGetBranches(t *testing.T) {
 			taggingClient := mocks.NewAWSTaggingClient(t)
 			ctx := context.Background()
 			if testCase.allBranches {
-				codeCommitClient.
-					On("ListBranchesWithContext", ctx, &codecommit.ListBranchesInput{
+				codeCommitClient.EXPECT().
+					ListBranchesWithContext(ctx, &codecommit.ListBranchesInput{
 						RepositoryName: aws.String(name),
 					}).
 					Return(&codecommit.ListBranchesOutput{Branches: aws.StringSlice(testCase.branches)}, testCase.apiError)
 			} else {
-				codeCommitClient.
-					On("GetRepositoryWithContext", ctx, &codecommit.GetRepositoryInput{RepositoryName: aws.String(name)}).
+				codeCommitClient.EXPECT().
+					GetRepositoryWithContext(ctx, &codecommit.GetRepositoryInput{RepositoryName: aws.String(name)}).
 					Return(&codecommit.GetRepositoryOutput{RepositoryMetadata: &codecommit.RepositoryMetadata{
 						AccountId:     aws.String(organization),
 						DefaultBranch: aws.String(defaultBranch),
--- a/applicationset/services/scm_provider/azure_devops/git/mocks/Client.go
+++ b/applicationset/services/scm_provider/azure_devops/git/mocks/Client.go
@@ -1,4 +1,4 @@
-// Code generated by mockery v2.43.2. DO NOT EDIT.
+// Code generated by mockery v2.40.2. DO NOT EDIT.

 package mocks

--- a/applicationset/services/scm_provider/azure_devops_test.go
+++ b/applicationset/services/scm_provider/azure_devops_test.go
@@ -17,6 +17,8 @@ import (
 	azureMock "github.com/argoproj/argo-cd/v2/applicationset/services/scm_provider/azure_devops/git/mocks"
 )

+//go:generate go run github.com/vektra/mockery/v2@v2.40.2 --srcpkg=github.com/microsoft/azure-devops-go-api/azuredevops/git --name=Client --output=azure_devops/git/mocks --outpkg=mocks
+
 func s(input string) *string {
 	return ptr.To(input)
 }
--- a/applicationset/services/scm_provider/bitbucket_server.go
+++ b/applicationset/services/scm_provider/bitbucket_server.go
@@ -5,7 +5,6 @@ import (
 	"errors"
 	"fmt"
 	"io"
-	"net/http"

 	bitbucketv1 "github.com/gfleury/go-bitbucket-v1"
 	log "github.com/sirupsen/logrus"
@@ -21,7 +20,7 @@ type BitbucketServerProvider struct {

 var _ SCMProviderService = &BitbucketServerProvider{}

-func NewBitbucketServerProviderBasicAuth(ctx context.Context, username, password, url, projectKey string, allBranches bool, scmRootCAPath string, insecure bool, caCerts []byte) (*BitbucketServerProvider, error) {
+func NewBitbucketServerProviderBasicAuth(ctx context.Context, username, password, url, projectKey string, allBranches bool) (*BitbucketServerProvider, error) {
 	bitbucketConfig := bitbucketv1.NewConfiguration(url)
 	// Avoid the XSRF check
 	bitbucketConfig.AddDefaultHeader("x-atlassian-token", "no-check")
@@ -31,29 +30,15 @@ func NewBitbucketServerProviderBasicAuth(ctx context.Context, username, password
 		UserName: username,
 		Password: password,
 	})
-	return newBitbucketServerProvider(ctx, bitbucketConfig, projectKey, allBranches, scmRootCAPath, insecure, caCerts)
+	return newBitbucketServerProvider(ctx, bitbucketConfig, projectKey, allBranches)
 }

-func NewBitbucketServerProviderBearerToken(ctx context.Context, bearerToken, url, projectKey string, allBranches bool, scmRootCAPath string, insecure bool, caCerts []byte) (*BitbucketServerProvider, error) {
-	bitbucketConfig := bitbucketv1.NewConfiguration(url)
-	// Avoid the XSRF check
-	bitbucketConfig.AddDefaultHeader("x-atlassian-token", "no-check")
-	bitbucketConfig.AddDefaultHeader("x-requested-with", "XMLHttpRequest")
-
-	ctx = context.WithValue(ctx, bitbucketv1.ContextAccessToken, bearerToken)
-	return newBitbucketServerProvider(ctx, bitbucketConfig, projectKey, allBranches, scmRootCAPath, insecure, caCerts)
+func NewBitbucketServerProviderNoAuth(ctx context.Context, url, projectKey string, allBranches bool) (*BitbucketServerProvider, error) {
+	return newBitbucketServerProvider(ctx, bitbucketv1.NewConfiguration(url), projectKey, allBranches)
 }

-func NewBitbucketServerProviderNoAuth(ctx context.Context, url, projectKey string, allBranches bool, scmRootCAPath string, insecure bool, caCerts []byte) (*BitbucketServerProvider, error) {
-	return newBitbucketServerProvider(ctx, bitbucketv1.NewConfiguration(url), projectKey, allBranches, scmRootCAPath, insecure, caCerts)
-}
-
-func newBitbucketServerProvider(ctx context.Context, bitbucketConfig *bitbucketv1.Configuration, projectKey string, allBranches bool, scmRootCAPath string, insecure bool, caCerts []byte) (*BitbucketServerProvider, error) {
+func newBitbucketServerProvider(ctx context.Context, bitbucketConfig *bitbucketv1.Configuration, projectKey string, allBranches bool) (*BitbucketServerProvider, error) {
 	bitbucketConfig.BasePath = utils.NormalizeBitbucketBasePath(bitbucketConfig.BasePath)
-	tlsConfig := utils.GetTlsConfig(scmRootCAPath, insecure, caCerts)
-	bitbucketConfig.HTTPClient = &http.Client{Transport: &http.Transport{
-		TLSClientConfig: tlsConfig,
-	}}
 	bitbucketClient := bitbucketv1.NewAPIClient(ctx, bitbucketConfig)

 	return &BitbucketServerProvider{
--- a/applicationset/services/scm_provider/bitbucket_server_test.go
+++ b/applicationset/services/scm_provider/bitbucket_server_test.go
@@ -2,8 +2,6 @@ package scm_provider

 import (
 	"context"
-	"crypto/x509"
-	"encoding/pem"
 	"io"
 	"net/http"
 	"net/http/httptest"
@@ -101,7 +99,7 @@ func TestListReposNoAuth(t *testing.T) {
 		defaultHandler(t)(w, r)
 	}))
 	defer ts.Close()
-	provider, err := NewBitbucketServerProviderNoAuth(context.Background(), ts.URL, "PROJECT", true, "", false, nil)
+	provider, err := NewBitbucketServerProviderNoAuth(context.Background(), ts.URL, "PROJECT", true)
 	require.NoError(t, err)
 	repos, err := provider.ListRepos(context.Background(), "ssh")
 	verifyDefaultRepo(t, err, repos)
@@ -193,7 +191,7 @@ func TestListReposPagination(t *testing.T) {
 		}
 	}))
 	defer ts.Close()
-	provider, err := NewBitbucketServerProviderNoAuth(context.Background(), ts.URL, "PROJECT", true, "", false, nil)
+	provider, err := NewBitbucketServerProviderNoAuth(context.Background(), ts.URL, "PROJECT", true)
 	require.NoError(t, err)
 	repos, err := provider.ListRepos(context.Background(), "ssh")
 	require.NoError(t, err)
@@ -270,7 +268,7 @@ func TestGetBranchesBranchPagination(t *testing.T) {
 		defaultHandler(t)(w, r)
 	}))
 	defer ts.Close()
-	provider, err := NewBitbucketServerProviderNoAuth(context.Background(), ts.URL, "PROJECT", true, "", false, nil)
+	provider, err := NewBitbucketServerProviderNoAuth(context.Background(), ts.URL, "PROJECT", true)
 	require.NoError(t, err)
 	repos, err := provider.GetBranches(context.Background(), &Repository{
 		Organization: "PROJECT",
@@ -323,7 +321,7 @@ func TestGetBranchesDefaultOnly(t *testing.T) {
 		defaultHandler(t)(w, r)
 	}))
 	defer ts.Close()
-	provider, err := NewBitbucketServerProviderNoAuth(context.Background(), ts.URL, "PROJECT", false, "", false, nil)
+	provider, err := NewBitbucketServerProviderNoAuth(context.Background(), ts.URL, "PROJECT", false)
 	require.NoError(t, err)
 	repos, err := provider.GetBranches(context.Background(), &Repository{
 		Organization: "PROJECT",
@@ -355,7 +353,7 @@ func TestGetBranchesMissingDefault(t *testing.T) {
 		defaultHandler(t)(w, r)
 	}))
 	defer ts.Close()
-	provider, err := NewBitbucketServerProviderNoAuth(context.Background(), ts.URL, "PROJECT", false, "", false, nil)
+	provider, err := NewBitbucketServerProviderNoAuth(context.Background(), ts.URL, "PROJECT", false)
 	require.NoError(t, err)
 	repos, err := provider.GetBranches(context.Background(), &Repository{
 		Organization: "PROJECT",
@@ -377,7 +375,7 @@ func TestGetBranchesEmptyRepo(t *testing.T) {
 		}
 	}))
 	defer ts.Close()
-	provider, err := NewBitbucketServerProviderNoAuth(context.Background(), ts.URL, "PROJECT", false, "", false, nil)
+	provider, err := NewBitbucketServerProviderNoAuth(context.Background(), ts.URL, "PROJECT", false)
 	require.NoError(t, err)
 	repos, err := provider.GetBranches(context.Background(), &Repository{
 		Organization: "PROJECT",
@@ -400,7 +398,7 @@ func TestGetBranchesErrorDefaultBranch(t *testing.T) {
 		defaultHandler(t)(w, r)
 	}))
 	defer ts.Close()
-	provider, err := NewBitbucketServerProviderNoAuth(context.Background(), ts.URL, "PROJECT", false, "", false, nil)
+	provider, err := NewBitbucketServerProviderNoAuth(context.Background(), ts.URL, "PROJECT", false)
 	require.NoError(t, err)
 	_, err = provider.GetBranches(context.Background(), &Repository{
 		Organization: "PROJECT",
@@ -412,73 +410,6 @@ func TestGetBranchesErrorDefaultBranch(t *testing.T) {
 	require.Error(t, err)
 }

-func TestListReposTLS(t *testing.T) {
-	tests := []struct {
-		name        string
-		tlsInsecure bool
-		passCerts   bool
-		requireErr  bool
-	}{
-		{
-			name:        "TLS Insecure: true, No Certs",
-			tlsInsecure: true,
-			passCerts:   false,
-			requireErr:  false,
-		},
-		{
-			name:        "TLS Insecure: true, With Certs",
-			tlsInsecure: true,
-			passCerts:   true,
-			requireErr:  false,
-		},
-		{
-			name:        "TLS Insecure: false, With Certs",
-			tlsInsecure: false,
-			passCerts:   true,
-			requireErr:  false,
-		},
-		{
-			name:        "TLS Insecure: false, No Certs",
-			tlsInsecure: false,
-			passCerts:   false,
-			requireErr:  true,
-		},
-	}
-
-	for _, test := range tests {
-		test := test
-		t.Run(test.name, func(t *testing.T) {
-			ts := httptest.NewTLSServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-				defaultHandler(t)(w, r)
-			}))
-			defer ts.Close()
-
-			var certs []byte
-			if test.passCerts == true {
-				for _, cert := range ts.TLS.Certificates {
-					for _, c := range cert.Certificate {
-						parsedCert, err := x509.ParseCertificate(c)
-						require.NoError(t, err, "Failed to parse certificate")
-						certs = append(certs, pem.EncodeToMemory(&pem.Block{
-							Type:  "CERTIFICATE",
-							Bytes: parsedCert.Raw,
-						})...)
-					}
-				}
-			}
-
-			provider, err := NewBitbucketServerProviderBasicAuth(context.Background(), "user", "password", ts.URL, "PROJECT", true, "", test.tlsInsecure, certs)
-			require.NoError(t, err)
-			_, err = provider.ListRepos(context.Background(), "ssh")
-			if test.requireErr {
-				require.Error(t, err)
-			} else {
-				require.NoError(t, err)
-			}
-		})
-	}
-}
-
 func TestListReposBasicAuth(t *testing.T) {
 	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		assert.Equal(t, "Basic dXNlcjpwYXNzd29yZA==", r.Header.Get("Authorization"))
@@ -486,20 +417,7 @@ func TestListReposBasicAuth(t *testing.T) {
 		defaultHandler(t)(w, r)
 	}))
 	defer ts.Close()
-	provider, err := NewBitbucketServerProviderBasicAuth(context.Background(), "user", "password", ts.URL, "PROJECT", true, "", false, nil)
-	require.NoError(t, err)
-	repos, err := provider.ListRepos(context.Background(), "ssh")
-	verifyDefaultRepo(t, err, repos)
-}
-
-func TestListReposBearerAuth(t *testing.T) {
-	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, "Bearer tolkien", r.Header.Get("Authorization"))
-		assert.Equal(t, "no-check", r.Header.Get("X-Atlassian-Token"))
-		defaultHandler(t)(w, r)
-	}))
-	defer ts.Close()
-	provider, err := NewBitbucketServerProviderBearerToken(context.Background(), "tolkien", ts.URL, "PROJECT", true, "", false, nil)
+	provider, err := NewBitbucketServerProviderBasicAuth(context.Background(), "user", "password", ts.URL, "PROJECT", true)
 	require.NoError(t, err)
 	repos, err := provider.ListRepos(context.Background(), "ssh")
 	verifyDefaultRepo(t, err, repos)
@@ -526,7 +444,7 @@ func TestListReposDefaultBranch(t *testing.T) {
 		defaultHandler(t)(w, r)
 	}))
 	defer ts.Close()
-	provider, err := NewBitbucketServerProviderNoAuth(context.Background(), ts.URL, "PROJECT", false, "", false, nil)
+	provider, err := NewBitbucketServerProviderNoAuth(context.Background(), ts.URL, "PROJECT", false)
 	require.NoError(t, err)
 	repos, err := provider.ListRepos(context.Background(), "ssh")
 	require.NoError(t, err)
@@ -552,7 +470,7 @@ func TestListReposMissingDefaultBranch(t *testing.T) {
 		defaultHandler(t)(w, r)
 	}))
 	defer ts.Close()
-	provider, err := NewBitbucketServerProviderNoAuth(context.Background(), ts.URL, "PROJECT", false, "", false, nil)
+	provider, err := NewBitbucketServerProviderNoAuth(context.Background(), ts.URL, "PROJECT", false)
 	require.NoError(t, err)
 	repos, err := provider.ListRepos(context.Background(), "ssh")
 	require.NoError(t, err)
@@ -569,7 +487,7 @@ func TestListReposErrorDefaultBranch(t *testing.T) {
 		defaultHandler(t)(w, r)
 	}))
 	defer ts.Close()
-	provider, err := NewBitbucketServerProviderNoAuth(context.Background(), ts.URL, "PROJECT", false, "", false, nil)
+	provider, err := NewBitbucketServerProviderNoAuth(context.Background(), ts.URL, "PROJECT", false)
 	require.NoError(t, err)
 	_, err = provider.ListRepos(context.Background(), "ssh")
 	require.Error(t, err)
@@ -581,7 +499,7 @@ func TestListReposCloneProtocol(t *testing.T) {
 		defaultHandler(t)(w, r)
 	}))
 	defer ts.Close()
-	provider, err := NewBitbucketServerProviderNoAuth(context.Background(), ts.URL, "PROJECT", true, "", false, nil)
+	provider, err := NewBitbucketServerProviderNoAuth(context.Background(), ts.URL, "PROJECT", true)
 	require.NoError(t, err)
 	repos, err := provider.ListRepos(context.Background(), "https")
 	require.NoError(t, err)
@@ -603,7 +521,7 @@ func TestListReposUnknownProtocol(t *testing.T) {
 		defaultHandler(t)(w, r)
 	}))
 	defer ts.Close()
-	provider, err := NewBitbucketServerProviderNoAuth(context.Background(), ts.URL, "PROJECT", true, "", false, nil)
+	provider, err := NewBitbucketServerProviderNoAuth(context.Background(), ts.URL, "PROJECT", true)
 	require.NoError(t, err)
 	_, errProtocol := provider.ListRepos(context.Background(), "http")
 	require.Error(t, errProtocol)
@@ -641,7 +559,7 @@ func TestBitbucketServerHasPath(t *testing.T) {
 		}
 	}))
 	defer ts.Close()
-	provider, err := NewBitbucketServerProviderNoAuth(context.Background(), ts.URL, "PROJECT", true, "", false, nil)
+	provider, err := NewBitbucketServerProviderNoAuth(context.Background(), ts.URL, "PROJECT", true)
 	require.NoError(t, err)
 	repo := &Repository{
 		Organization: "PROJECT",
--- a/applicationset/services/scm_provider/github.go
+++ b/applicationset/services/scm_provider/github.go
@@ -2,11 +2,12 @@ package scm_provider

 import (
 	"context"
+	"errors"
 	"fmt"
 	"net/http"
 	"os"

-	"github.com/google/go-github/v63/github"
+	"github.com/google/go-github/v35/github"
 	"golang.org/x/oauth2"
 )

@@ -35,7 +36,7 @@ func NewGithubProvider(ctx context.Context, organization string, token string, u
 		client = github.NewClient(httpClient)
 	} else {
 		var err error
-		client, err = github.NewClient(httpClient).WithEnterpriseURLs(url, url)
+		client, err = github.NewEnterpriseClient(url, url, httpClient)
 		if err != nil {
 			return nil, err
 		}
@@ -119,11 +120,14 @@ func (g *GithubProvider) RepoHasPath(ctx context.Context, repo *Repository, path
 func (g *GithubProvider) listBranches(ctx context.Context, repo *Repository) ([]github.Branch, error) {
 	// If we don't specifically want to query for all branches, just use the default branch and call it a day.
 	if !g.allBranches {
-		defaultBranch, resp, err := g.client.Repositories.GetBranch(ctx, repo.Organization, repo.Repository, repo.Branch, 0)
+		defaultBranch, _, err := g.client.Repositories.GetBranch(ctx, repo.Organization, repo.Repository, repo.Branch)
 		if err != nil {
-			if resp.StatusCode == http.StatusNotFound {
-				// Default branch doesn't exist, so the repo is empty.
-				return []github.Branch{}, nil
+			var githubErrorResponse *github.ErrorResponse
+			if errors.As(err, &githubErrorResponse) {
+				if githubErrorResponse.Response.StatusCode == http.StatusNotFound {
+					// Default branch doesn't exist, so the repo is empty.
+					return []github.Branch{}, nil
+				}
 			}
 			return nil, err
 		}
--- a/applicationset/services/scm_provider/gitlab.go
+++ b/applicationset/services/scm_provider/gitlab.go
@@ -24,7 +24,7 @@ type GitlabProvider struct {

 var _ SCMProviderService = &GitlabProvider{}

-func NewGitlabProvider(ctx context.Context, organization string, token string, url string, allBranches, includeSubgroups, includeSharedProjects, insecure bool, scmRootCAPath, topic string, caCerts []byte) (*GitlabProvider, error) {
+func NewGitlabProvider(ctx context.Context, organization string, token string, url string, allBranches, includeSubgroups, includeSharedProjects, insecure bool, scmRootCAPath, topic string) (*GitlabProvider, error) {
 	// Undocumented environment variable to set a default token, to be used in testing to dodge anonymous rate limits.
 	if token == "" {
 		token = os.Getenv("GITLAB_TOKEN")
@@ -32,7 +32,7 @@ func NewGitlabProvider(ctx context.Context, organization string, token string, u
 	var client *gitlab.Client

 	tr := http.DefaultTransport.(*http.Transport).Clone()
-	tr.TLSClientConfig = utils.GetTlsConfig(scmRootCAPath, insecure, caCerts)
+	tr.TLSClientConfig = utils.GetTlsConfig(scmRootCAPath, insecure)

 	retryClient := retryablehttp.NewClient()
 	retryClient.HTTPClient.Transport = tr
--- a/applicationset/services/scm_provider/gitlab_test.go
+++ b/applicationset/services/scm_provider/gitlab_test.go
@@ -2,8 +2,6 @@ package scm_provider

 import (
 	"context"
-	"crypto/x509"
-	"encoding/pem"
 	"fmt"
 	"io"
 	"net/http"
@@ -1123,7 +1121,7 @@ func TestGitlabListRepos(t *testing.T) {
 	}))
 	for _, c := range cases {
 		t.Run(c.name, func(t *testing.T) {
-			provider, _ := NewGitlabProvider(context.Background(), "test-argocd-proton", "", ts.URL, c.allBranches, c.includeSubgroups, c.includeSharedProjects, c.insecure, "", c.topic, nil)
+			provider, _ := NewGitlabProvider(context.Background(), "test-argocd-proton", "", ts.URL, c.allBranches, c.includeSubgroups, c.includeSharedProjects, c.insecure, "", c.topic)
 			rawRepos, err := ListRepos(context.Background(), provider, c.filters, c.proto)
 			if c.hasError {
 				require.Error(t, err)
@@ -1162,7 +1160,7 @@ func TestGitlabHasPath(t *testing.T) {
 	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		gitlabMockHandler(t)(w, r)
 	}))
-	host, _ := NewGitlabProvider(context.Background(), "test-argocd-proton", "", ts.URL, false, true, true, false, "", "", nil)
+	host, _ := NewGitlabProvider(context.Background(), "test-argocd-proton", "", ts.URL, false, true, true, false, "", "")
 	repo := &Repository{
 		Organization: "test-argocd-proton",
 		Repository:   "argocd",
@@ -1208,7 +1206,7 @@ func TestGitlabGetBranches(t *testing.T) {
 	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		gitlabMockHandler(t)(w, r)
 	}))
-	host, _ := NewGitlabProvider(context.Background(), "test-argocd-proton", "", ts.URL, false, true, true, false, "", "", nil)
+	host, _ := NewGitlabProvider(context.Background(), "test-argocd-proton", "", ts.URL, false, true, true, false, "", "")

 	repo := &Repository{
 		RepositoryId: 27084533,
@@ -1229,74 +1227,3 @@ func TestGitlabGetBranches(t *testing.T) {
 		require.NoError(t, err)
 	})
 }
-
-func TestGetBranchesTLS(t *testing.T) {
-	tests := []struct {
-		name        string
-		tlsInsecure bool
-		passCerts   bool
-		requireErr  bool
-	}{
-		{
-			name:        "TLS Insecure: true, No Certs",
-			tlsInsecure: true,
-			passCerts:   false,
-			requireErr:  false,
-		},
-		{
-			name:        "TLS Insecure: true, With Certs",
-			tlsInsecure: true,
-			passCerts:   true,
-			requireErr:  false,
-		},
-		{
-			name:        "TLS Insecure: false, With Certs",
-			tlsInsecure: false,
-			passCerts:   true,
-			requireErr:  false,
-		},
-		{
-			name:        "TLS Insecure: false, No Certs",
-			tlsInsecure: false,
-			passCerts:   false,
-			requireErr:  true,
-		},
-	}
-
-	for _, test := range tests {
-		test := test
-		t.Run(test.name, func(t *testing.T) {
-			ts := httptest.NewTLSServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-				gitlabMockHandler(t)(w, r)
-			}))
-			defer ts.Close()
-
-			var certs []byte
-			if test.passCerts == true {
-				for _, cert := range ts.TLS.Certificates {
-					for _, c := range cert.Certificate {
-						parsedCert, err := x509.ParseCertificate(c)
-						require.NoError(t, err, "Failed to parse certificate")
-						certs = append(certs, pem.EncodeToMemory(&pem.Block{
-							Type:  "CERTIFICATE",
-							Bytes: parsedCert.Raw,
-						})...)
-					}
-				}
-			}
-
-			host, err := NewGitlabProvider(context.Background(), "test-argocd-proton", "", ts.URL, false, true, true, test.tlsInsecure, "", "", certs)
-			require.NoError(t, err)
-			repo := &Repository{
-				RepositoryId: 27084533,
-				Branch:       "master",
-			}
-			_, err = host.GetBranches(context.Background(), repo)
-			if test.requireErr {
-				require.Error(t, err)
-			} else {
-				require.NoError(t, err)
-			}
-		})
-	}
-}
--- a/applicationset/status/resource_status.go
+++ b/applicationset/status/resource_status.go
@@ -1,57 +0,0 @@
-package status
-
-import (
-	argov1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
-)
-
-func BuildResourceStatus(statusMap map[string]argov1alpha1.ResourceStatus, apps []argov1alpha1.Application) map[string]argov1alpha1.ResourceStatus {
-	appMap := map[string]argov1alpha1.Application{}
-	for _, app := range apps {
-		appCopy := app
-		appMap[app.Name] = app
-
-		gvk := app.GroupVersionKind()
-		// Create status if it does not exist
-		status, ok := statusMap[app.Name]
-		if !ok {
-			status = argov1alpha1.ResourceStatus{
-				Group:     gvk.Group,
-				Version:   gvk.Version,
-				Kind:      gvk.Kind,
-				Name:      app.Name,
-				Namespace: app.Namespace,
-				Status:    app.Status.Sync.Status,
-				Health:    &appCopy.Status.Health,
-			}
-		}
-
-		status.Group = gvk.Group
-		status.Version = gvk.Version
-		status.Kind = gvk.Kind
-		status.Name = app.Name
-		status.Namespace = app.Namespace
-		status.Status = app.Status.Sync.Status
-		status.Health = &appCopy.Status.Health
-
-		statusMap[app.Name] = status
-	}
-	cleanupDeletedApplicationStatuses(statusMap, appMap)
-
-	return statusMap
-}
-
-func GetResourceStatusMap(appset *argov1alpha1.ApplicationSet) map[string]argov1alpha1.ResourceStatus {
-	statusMap := map[string]argov1alpha1.ResourceStatus{}
-	for _, status := range appset.Status.Resources {
-		statusMap[status.Name] = status
-	}
-	return statusMap
-}
-
-func cleanupDeletedApplicationStatuses(statusMap map[string]argov1alpha1.ResourceStatus, apps map[string]argov1alpha1.Application) {
-	for name := range statusMap {
-		if _, ok := apps[name]; !ok {
-			delete(statusMap, name)
-		}
-	}
-}
--- a/applicationset/utils/kubernetes.go
+++ b/applicationset/utils/kubernetes.go
@@ -1,54 +0,0 @@
-package utils
-
-import (
-	"context"
-	"fmt"
-
-	corev1 "k8s.io/api/core/v1"
-	"sigs.k8s.io/controller-runtime/pkg/client"
-
-	argoprojiov1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
-)
-
-// getSecretRef gets the value of the key for the specified Secret resource.
-func GetSecretRef(ctx context.Context, k8sClient client.Client, ref *argoprojiov1alpha1.SecretRef, namespace string) (string, error) {
-	if ref == nil {
-		return "", nil
-	}
-
-	secret := &corev1.Secret{}
-	err := k8sClient.Get(
-		ctx,
-		client.ObjectKey{
-			Name:      ref.SecretName,
-			Namespace: namespace,
-		},
-		secret)
-	if err != nil {
-		return "", fmt.Errorf("error fetching secret %s/%s: %w", namespace, ref.SecretName, err)
-	}
-	tokenBytes, ok := secret.Data[ref.Key]
-	if !ok {
-		return "", fmt.Errorf("key %q in secret %s/%s not found", ref.Key, namespace, ref.SecretName)
-	}
-	return string(tokenBytes), nil
-}
-
-func GetConfigMapData(ctx context.Context, k8sClient client.Client, ref *argoprojiov1alpha1.ConfigMapKeyRef, namespace string) ([]byte, error) {
-	if ref == nil {
-		return nil, nil
-	}
-
-	configMap := &corev1.ConfigMap{}
-	err := k8sClient.Get(ctx, client.ObjectKey{Name: ref.ConfigMapName, Namespace: namespace}, configMap)
-	if err != nil {
-		return nil, err
-	}
-
-	data, ok := configMap.Data[ref.Key]
-	if !ok {
-		return nil, fmt.Errorf("key %s not found in ConfigMap %s", ref.Key, configMap.Name)
-	}
-
-	return []byte(data), nil
-}
--- a/applicationset/utils/kubernetes_test.go
+++ b/applicationset/utils/kubernetes_test.go
@@ -1,146 +0,0 @@
-package utils
-
-import (
-	"context"
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-	corev1 "k8s.io/api/core/v1"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"sigs.k8s.io/controller-runtime/pkg/client/fake"
-
-	argoprojiov1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
-)
-
-func TestGetSecretRef(t *testing.T) {
-	secret := &corev1.Secret{
-		ObjectMeta: metav1.ObjectMeta{Name: "test-secret", Namespace: "test"},
-		Data: map[string][]byte{
-			"my-token": []byte("secret"),
-		},
-	}
-	client := fake.NewClientBuilder().WithObjects(secret).Build()
-	ctx := context.Background()
-
-	cases := []struct {
-		name, namespace, token string
-		ref                    *argoprojiov1alpha1.SecretRef
-		hasError               bool
-	}{
-		{
-			name:      "valid ref",
-			ref:       &argoprojiov1alpha1.SecretRef{SecretName: "test-secret", Key: "my-token"},
-			namespace: "test",
-			token:     "secret",
-			hasError:  false,
-		},
-		{
-			name:      "nil ref",
-			ref:       nil,
-			namespace: "test",
-			token:     "",
-			hasError:  false,
-		},
-		{
-			name:      "wrong name",
-			ref:       &argoprojiov1alpha1.SecretRef{SecretName: "other", Key: "my-token"},
-			namespace: "test",
-			token:     "",
-			hasError:  true,
-		},
-		{
-			name:      "wrong key",
-			ref:       &argoprojiov1alpha1.SecretRef{SecretName: "test-secret", Key: "other-token"},
-			namespace: "test",
-			token:     "",
-			hasError:  true,
-		},
-		{
-			name:      "wrong namespace",
-			ref:       &argoprojiov1alpha1.SecretRef{SecretName: "test-secret", Key: "my-token"},
-			namespace: "other",
-			token:     "",
-			hasError:  true,
-		},
-	}
-
-	for _, c := range cases {
-		t.Run(c.name, func(t *testing.T) {
-			token, err := GetSecretRef(ctx, client, c.ref, c.namespace)
-			if c.hasError {
-				require.Error(t, err)
-			} else {
-				require.NoError(t, err)
-			}
-			assert.Equal(t, c.token, token)
-		})
-	}
-}
-
-func TestGetConfigMapData(t *testing.T) {
-	configMap := &corev1.ConfigMap{
-		ObjectMeta: metav1.ObjectMeta{Name: "test-configmap", Namespace: "test"},
-		Data: map[string]string{
-			"my-data": "configmap-data",
-		},
-	}
-	client := fake.NewClientBuilder().WithObjects(configMap).Build()
-	ctx := context.Background()
-
-	cases := []struct {
-		name, namespace, data string
-		ref                   *argoprojiov1alpha1.ConfigMapKeyRef
-		hasError              bool
-	}{
-		{
-			name:      "valid ref",
-			ref:       &argoprojiov1alpha1.ConfigMapKeyRef{ConfigMapName: "test-configmap", Key: "my-data"},
-			namespace: "test",
-			data:      "configmap-data",
-			hasError:  false,
-		},
-		{
-			name:      "nil ref",
-			ref:       nil,
-			namespace: "test",
-			data:      "",
-			hasError:  false,
-		},
-		{
-			name:      "wrong name",
-			ref:       &argoprojiov1alpha1.ConfigMapKeyRef{ConfigMapName: "other", Key: "my-data"},
-			namespace: "test",
-			data:      "",
-			hasError:  true,
-		},
-		{
-			name:      "wrong key",
-			ref:       &argoprojiov1alpha1.ConfigMapKeyRef{ConfigMapName: "test-configmap", Key: "other-data"},
-			namespace: "test",
-			data:      "",
-			hasError:  true,
-		},
-		{
-			name:      "wrong namespace",
-			ref:       &argoprojiov1alpha1.ConfigMapKeyRef{ConfigMapName: "test-configmap", Key: "my-data"},
-			namespace: "other",
-			data:      "",
-			hasError:  true,
-		},
-	}
-
-	for _, c := range cases {
-		t.Run(c.name, func(t *testing.T) {
-			data, err := GetConfigMapData(ctx, client, c.ref, c.namespace)
-			if c.hasError {
-				require.Error(t, err)
-			} else {
-				require.NoError(t, err)
-			}
-			if !c.hasError {
-				assert.Equal(t, c.data, string(data))
-			}
-		})
-	}
-}
--- a/applicationset/utils/mocks/Renderer.go
+++ b/applicationset/utils/mocks/Renderer.go
@@ -1,86 +0,0 @@
-// Code generated by mockery v2.43.2. DO NOT EDIT.
-
-package mocks
-
-import (
-	mock "github.com/stretchr/testify/mock"
-
-	v1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
-)
-
-// Renderer is an autogenerated mock type for the Renderer type
-type Renderer struct {
-	mock.Mock
-}
-
-// RenderTemplateParams provides a mock function with given fields: tmpl, syncPolicy, params, useGoTemplate, goTemplateOptions
-func (_m *Renderer) RenderTemplateParams(tmpl *v1alpha1.Application, syncPolicy *v1alpha1.ApplicationSetSyncPolicy, params map[string]interface{}, useGoTemplate bool, goTemplateOptions []string) (*v1alpha1.Application, error) {
-	ret := _m.Called(tmpl, syncPolicy, params, useGoTemplate, goTemplateOptions)
-
-	if len(ret) == 0 {
-		panic("no return value specified for RenderTemplateParams")
-	}
-
-	var r0 *v1alpha1.Application
-	var r1 error
-	if rf, ok := ret.Get(0).(func(*v1alpha1.Application, *v1alpha1.ApplicationSetSyncPolicy, map[string]interface{}, bool, []string) (*v1alpha1.Application, error)); ok {
-		return rf(tmpl, syncPolicy, params, useGoTemplate, goTemplateOptions)
-	}
-	if rf, ok := ret.Get(0).(func(*v1alpha1.Application, *v1alpha1.ApplicationSetSyncPolicy, map[string]interface{}, bool, []string) *v1alpha1.Application); ok {
-		r0 = rf(tmpl, syncPolicy, params, useGoTemplate, goTemplateOptions)
-	} else {
-		if ret.Get(0) != nil {
-			r0 = ret.Get(0).(*v1alpha1.Application)
-		}
-	}
-
-	if rf, ok := ret.Get(1).(func(*v1alpha1.Application, *v1alpha1.ApplicationSetSyncPolicy, map[string]interface{}, bool, []string) error); ok {
-		r1 = rf(tmpl, syncPolicy, params, useGoTemplate, goTemplateOptions)
-	} else {
-		r1 = ret.Error(1)
-	}
-
-	return r0, r1
-}
-
-// Replace provides a mock function with given fields: tmpl, replaceMap, useGoTemplate, goTemplateOptions
-func (_m *Renderer) Replace(tmpl string, replaceMap map[string]interface{}, useGoTemplate bool, goTemplateOptions []string) (string, error) {
-	ret := _m.Called(tmpl, replaceMap, useGoTemplate, goTemplateOptions)
-
-	if len(ret) == 0 {
-		panic("no return value specified for Replace")
-	}
-
-	var r0 string
-	var r1 error
-	if rf, ok := ret.Get(0).(func(string, map[string]interface{}, bool, []string) (string, error)); ok {
-		return rf(tmpl, replaceMap, useGoTemplate, goTemplateOptions)
-	}
-	if rf, ok := ret.Get(0).(func(string, map[string]interface{}, bool, []string) string); ok {
-		r0 = rf(tmpl, replaceMap, useGoTemplate, goTemplateOptions)
-	} else {
-		r0 = ret.Get(0).(string)
-	}
-
-	if rf, ok := ret.Get(1).(func(string, map[string]interface{}, bool, []string) error); ok {
-		r1 = rf(tmpl, replaceMap, useGoTemplate, goTemplateOptions)
-	} else {
-		r1 = ret.Error(1)
-	}
-
-	return r0, r1
-}
-
-// NewRenderer creates a new instance of Renderer. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations.
-// The first argument is typically a *testing.T value.
-func NewRenderer(t interface {
-	mock.TestingT
-	Cleanup(func())
-}) *Renderer {
-	mock := &Renderer{}
-	mock.Mock.Test(t)
-
-	t.Cleanup(func() { mock.AssertExpectations(t) })
-
-	return mock
-}
--- a/applicationset/utils/utils.go
+++ b/applicationset/utils/utils.go
@@ -483,7 +483,7 @@ func SlugifyName(args ...interface{}) string {
 	return urlSlug
 }

-func getTlsConfigWithCACert(scmRootCAPath string, caCerts []byte) *tls.Config {
+func getTlsConfigWithCACert(scmRootCAPath string) *tls.Config {
 	tlsConfig := &tls.Config{}

 	if scmRootCAPath != "" {
@@ -497,12 +497,8 @@ func getTlsConfigWithCACert(scmRootCAPath string, caCerts []byte) *tls.Config {
 			log.Errorf("error reading certificate from file '%s', proceeding without custom rootCA : %s", scmRootCAPath, err)
 			return tlsConfig
 		}
-		caCerts = append(caCerts, rootCA...)
-	}
-
-	if len(caCerts) > 0 {
 		certPool := x509.NewCertPool()
-		ok := certPool.AppendCertsFromPEM(caCerts)
+		ok := certPool.AppendCertsFromPEM([]byte(rootCA))
 		if !ok {
 			log.Errorf("failed to append certificates from PEM: proceeding without custom rootCA")
 		} else {
@@ -512,8 +508,8 @@ func getTlsConfigWithCACert(scmRootCAPath string, caCerts []byte) *tls.Config {
 	return tlsConfig
 }

-func GetTlsConfig(scmRootCAPath string, insecure bool, caCerts []byte) *tls.Config {
-	tlsConfig := getTlsConfigWithCACert(scmRootCAPath, caCerts)
+func GetTlsConfig(scmRootCAPath string, insecure bool) *tls.Config {
+	tlsConfig := getTlsConfigWithCACert(scmRootCAPath)

 	if insecure {
 		tlsConfig.InsecureSkipVerify = true
--- a/applicationset/utils/utils_test.go
+++ b/applicationset/utils/utils_test.go
@@ -1260,8 +1260,11 @@ func TestSlugify(t *testing.T) {
 }

 func TestGetTLSConfig(t *testing.T) {
+	// certParsed, err := tls.X509KeyPair(test.Cert, test.PrivateKey)
+	// require.NoError(t, err)
+
 	temppath := t.TempDir()
-	certFromFile := `
+	cert := `
 -----BEGIN CERTIFICATE-----
 MIIFvTCCA6WgAwIBAgIUGrTmW3qc39zqnE08e3qNDhUkeWswDQYJKoZIhvcNAQEL
 BQAwbjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAklMMRAwDgYDVQQHDAdDaGljYWdv
@@ -1295,96 +1298,50 @@ NoB2rjufaB0GQi1azdboMvdGSOxhSCAR8otWT5yDrywCqVnEvjw0oxKmuRduNe2/
 r2AaraPFgrprnxUibP4L7jxdr+iiw5bWN9/B81PodrS7n5TNtnfnpZD6X6rThqOP
 xO7Tr5lAo74vNUkF2EHNaI28/RGnJPm2TIxZqy4rNH6L
 -----END CERTIFICATE-----
-`
-
-	certFromCM := `
-----BEGIN CERTIFICATE-----
-MIIDOTCCAiGgAwIBAgIQSRJrEpBGFc7tNb1fb5pKFzANBgkqhkiG9w0BAQsFADAS
-MRAwDgYDVQQKEwdBY21lIENvMCAXDTcwMDEwMTAwMDAwMFoYDzIwODQwMTI5MTYw
-MDAwWjASMRAwDgYDVQQKEwdBY21lIENvMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
-MIIBCgKCAQEA6Gba5tHV1dAKouAaXO3/ebDUU4rvwCUg/CNaJ2PT5xLD4N1Vcb8r
-bFSW2HXKq+MPfVdwIKR/1DczEoAGf/JWQTW7EgzlXrCd3rlajEX2D73faWJekD0U
-aUgz5vtrTXZ90BQL7WvRICd7FlEZ6FPOcPlumiyNmzUqtwGhO+9ad1W5BqJaRI6P
-YfouNkwR6Na4TzSj5BrqUfP0FwDizKSJ0XXmh8g8G9mtwxOSN3Ru1QFc61Xyeluk
-POGKBV/q6RBNklTNe0gI8usUMlYyoC7ytppNMW7X2vodAelSu25jgx2anj9fDVZu
-h7AXF5+4nJS4AAt0n1lNY7nGSsdZas8PbQIDAQABo4GIMIGFMA4GA1UdDwEB/wQE
-AwICpDATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHRMBAf8EBTADAQH/MB0GA1Ud
-DgQWBBStsdjh3/JCXXYlQryOrL4Sh7BW5TAuBgNVHREEJzAlggtleGFtcGxlLmNv
-bYcEfwAAAYcQAAAAAAAAAAAAAAAAAAAAATANBgkqhkiG9w0BAQsFAAOCAQEAxWGI
-5NhpF3nwwy/4yB4i/CwwSpLrWUa70NyhvprUBC50PxiXav1TeDzwzLx/o5HyNwsv
-cxv3HdkLW59i/0SlJSrNnWdfZ19oTcS+6PtLoVyISgtyN6DpkKpdG1cOkW3Cy2P2
-+tK/tKHRP1Y/Ra0RiDpOAmqn0gCOFGz8+lqDIor/T7MTpibL3IxqWfPrvfVRHL3B
-grw/ZQTTIVjjh4JBSW3WyWgNo/ikC1lrVxzl4iPUGptxT36Cr7Zk2Bsg0XqwbOvK
-5d+NTDREkSnUbie4GeutujmX3Dsx88UiV6UY/4lHJa6I5leHUNOHahRbpbWeOfs/
-WkBKOclmOV2xlTVuPw==
-----END CERTIFICATE-----
 `

 	rootCAPath := path.Join(temppath, "foo.example.com")
-	err := os.WriteFile(rootCAPath, []byte(certFromFile), 0o666)
+	err := os.WriteFile(rootCAPath, []byte(cert), 0o666)
 	if err != nil {
 		panic(err)
 	}

+	certPool := x509.NewCertPool()
+	ok := certPool.AppendCertsFromPEM([]byte(cert))
+	assert.True(t, ok)
+
 	testCases := []struct {
 		name                    string
 		scmRootCAPath           string
 		insecure                bool
-		caCerts                 []byte
 		validateCertInTlsConfig bool
 	}{
 		{
 			name:                    "Insecure mode configured, SCM Root CA Path not set",
 			scmRootCAPath:           "",
 			insecure:                true,
-			caCerts:                 nil,
 			validateCertInTlsConfig: false,
 		},
 		{
 			name:                    "SCM Root CA Path set, Insecure mode set to false",
 			scmRootCAPath:           rootCAPath,
 			insecure:                false,
-			caCerts:                 nil,
 			validateCertInTlsConfig: true,
 		},
 		{
 			name:                    "SCM Root CA Path set, Insecure mode set to true",
 			scmRootCAPath:           rootCAPath,
 			insecure:                true,
-			caCerts:                 nil,
-			validateCertInTlsConfig: true,
-		},
-		{
-			name:                    "Cert passed, Insecure mode set to false",
-			scmRootCAPath:           "",
-			insecure:                false,
-			caCerts:                 []byte(certFromCM),
-			validateCertInTlsConfig: true,
-		},
-		{
-			name:                    "SCM Root CA Path set, cert passed, Insecure mode set to false",
-			scmRootCAPath:           rootCAPath,
-			insecure:                false,
-			caCerts:                 []byte(certFromCM),
 			validateCertInTlsConfig: true,
 		},
 	}

 	for _, testCase := range testCases {
 		t.Run(testCase.name, func(t *testing.T) {
-			certPool := x509.NewCertPool()
-			tlsConfig := GetTlsConfig(testCase.scmRootCAPath, testCase.insecure, testCase.caCerts)
+			tlsConfig := GetTlsConfig(testCase.scmRootCAPath, testCase.insecure)
 			assert.Equal(t, testCase.insecure, tlsConfig.InsecureSkipVerify)
-			if testCase.caCerts != nil {
-				ok := certPool.AppendCertsFromPEM([]byte(certFromCM))
-				assert.True(t, ok)
-			}
-			if testCase.scmRootCAPath != "" {
-				ok := certPool.AppendCertsFromPEM([]byte(certFromFile))
-				assert.True(t, ok)
-			}
-			assert.NotNil(t, tlsConfig)
 			if testCase.validateCertInTlsConfig {
+				assert.NotNil(t, tlsConfig)
 				assert.True(t, tlsConfig.RootCAs.Equal(certPool))
 			}
 		})
--- a/applicationset/webhook/webhook.go
+++ b/applicationset/webhook/webhook.go
@@ -2,6 +2,7 @@ package webhook

 import (
 	"context"
+	"errors"
 	"fmt"
 	"html"
 	"net/http"
@@ -9,7 +10,6 @@ import (
 	"regexp"
 	"strconv"
 	"strings"
-	"sync"

 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/client-go/util/retry"
@@ -26,17 +26,16 @@ import (
 	log "github.com/sirupsen/logrus"
 )

-const payloadQueueSize = 50000
+var errBasicAuthVerificationFailed = errors.New("basic auth verification failed")

 type WebhookHandler struct {
-	sync.WaitGroup // for testing
-	namespace      string
-	github         *github.Webhook
-	gitlab         *gitlab.Webhook
-	azuredevops    *azuredevops.Webhook
-	client         client.Client
-	generators     map[string]generators.Generator
-	queue          chan interface{}
+	namespace              string
+	github                 *github.Webhook
+	gitlab                 *gitlab.Webhook
+	azuredevops            *azuredevops.Webhook
+	azuredevopsAuthHandler func(r *http.Request) error
+	client                 client.Client
+	generators             map[string]generators.Generator
 }

 type gitGeneratorInfo struct {
@@ -67,7 +66,7 @@ type prGeneratorGitlabInfo struct {
 	APIHostname string
 }

-func NewWebhookHandler(namespace string, webhookParallelism int, argocdSettingsMgr *argosettings.SettingsManager, client client.Client, generators map[string]generators.Generator) (*WebhookHandler, error) {
+func NewWebhookHandler(namespace string, argocdSettingsMgr *argosettings.SettingsManager, client client.Client, generators map[string]generators.Generator) (*WebhookHandler, error) {
 	// register the webhook secrets stored under "argocd-secret" for verifying incoming payloads
 	argocdSettings, err := argocdSettingsMgr.GetSettings()
 	if err != nil {
@@ -81,40 +80,29 @@ func NewWebhookHandler(namespace string, webhookParallelism int, argocdSettingsM
 	if err != nil {
 		return nil, fmt.Errorf("Unable to init GitLab webhook: %w", err)
 	}
-	azuredevopsHandler, err := azuredevops.New(azuredevops.Options.BasicAuth(argocdSettings.WebhookAzureDevOpsUsername, argocdSettings.WebhookAzureDevOpsPassword))
+	azuredevopsHandler, err := azuredevops.New()
 	if err != nil {
 		return nil, fmt.Errorf("Unable to init Azure DevOps webhook: %w", err)
 	}
-
-	webhookHandler := &WebhookHandler{
-		namespace:   namespace,
-		github:      githubHandler,
-		gitlab:      gitlabHandler,
-		azuredevops: azuredevopsHandler,
-		client:      client,
-		generators:  generators,
-		queue:       make(chan interface{}, payloadQueueSize),
-	}
-
-	webhookHandler.startWorkerPool(webhookParallelism)
-
-	return webhookHandler, nil
-}
-
-func (h *WebhookHandler) startWorkerPool(webhookParallelism int) {
-	for i := 0; i < webhookParallelism; i++ {
-		h.Add(1)
-		go func() {
-			defer h.Done()
-			for {
-				payload, ok := <-h.queue
-				if !ok {
-					return
-				}
-				h.HandleEvent(payload)
+	azuredevopsAuthHandler := func(r *http.Request) error {
+		if argocdSettings.WebhookAzureDevOpsUsername != "" && argocdSettings.WebhookAzureDevOpsPassword != "" {
+			username, password, ok := r.BasicAuth()
+			if !ok || username != argocdSettings.WebhookAzureDevOpsUsername || password != argocdSettings.WebhookAzureDevOpsPassword {
+				return errBasicAuthVerificationFailed
 			}
-		}()
+		}
+		return nil
 	}
+
+	return &WebhookHandler{
+		namespace:              namespace,
+		github:                 githubHandler,
+		gitlab:                 gitlabHandler,
+		azuredevops:            azuredevopsHandler,
+		azuredevopsAuthHandler: azuredevopsAuthHandler,
+		client:                 client,
+		generators:             generators,
+	}, nil
 }

 func (h *WebhookHandler) HandleEvent(payload interface{}) {
@@ -165,7 +153,13 @@ func (h *WebhookHandler) Handler(w http.ResponseWriter, r *http.Request) {
 	case r.Header.Get("X-Gitlab-Event") != "":
 		payload, err = h.gitlab.Parse(r, gitlab.PushEvents, gitlab.TagEvents, gitlab.MergeRequestEvents)
 	case r.Header.Get("X-Vss-Activityid") != "":
-		payload, err = h.azuredevops.Parse(r, azuredevops.GitPushEventType, azuredevops.GitPullRequestCreatedEventType, azuredevops.GitPullRequestUpdatedEventType, azuredevops.GitPullRequestMergedEventType)
+		if err = h.azuredevopsAuthHandler(r); err != nil {
+			if errors.Is(err, errBasicAuthVerificationFailed) {
+				log.WithField(common.SecurityField, common.SecurityHigh).Infof("Azure DevOps webhook basic auth verification failed")
+			}
+		} else {
+			payload, err = h.azuredevops.Parse(r, azuredevops.GitPushEventType, azuredevops.GitPullRequestCreatedEventType, azuredevops.GitPullRequestUpdatedEventType, azuredevops.GitPullRequestMergedEventType)
+		}
 	default:
 		log.Debug("Ignoring unknown webhook event")
 		http.Error(w, "Unknown webhook event", http.StatusBadRequest)
@@ -182,12 +176,7 @@ func (h *WebhookHandler) Handler(w http.ResponseWriter, r *http.Request) {
 		return
 	}

-	select {
-	case h.queue <- payload:
-	default:
-		log.Info("Queue is full, discarding webhook payload")
-		http.Error(w, "Queue is full, discarding webhook payload", http.StatusServiceUnavailable)
-	}
+	h.HandleEvent(payload)
 }

 func parseRevision(ref string) string {
--- a/applicationset/webhook/webhook_test.go
+++ b/applicationset/webhook/webhook_test.go
@@ -178,7 +178,6 @@ func TestWebhookHandler(t *testing.T) {
 	}

 	namespace := "test"
-	webhookParallelism := 10
 	fakeClient := newFakeClient(namespace)
 	scheme := runtime.NewScheme()
 	err := v1alpha1.AddToScheme(scheme)
@@ -207,7 +206,7 @@ func TestWebhookHandler(t *testing.T) {
 				fakeAppWithMergeAndNestedGitGenerator("merge-nested-git-github", namespace, "https://github.com/org/repo"),
 			).Build()
 			set := argosettings.NewSettingsManager(context.TODO(), fakeClient, namespace)
-			h, err := NewWebhookHandler(namespace, webhookParallelism, set, fc, mockGenerators())
+			h, err := NewWebhookHandler(namespace, set, fc, mockGenerators())
 			require.NoError(t, err)

 			req := httptest.NewRequest(http.MethodPost, "/api/webhook", nil)
@@ -218,8 +217,6 @@ func TestWebhookHandler(t *testing.T) {
 			w := httptest.NewRecorder()

 			h.Handler(w, req)
-			close(h.queue)
-			h.Wait()
 			assert.Equal(t, test.expectedStatusCode, w.Code)

 			list := &v1alpha1.ApplicationSetList{}
--- a/assets/builtin-policy.csv
+++ b/assets/builtin-policy.csv
@@ -1,10 +1,10 @@
 # Built-in policy which defines two roles: role:readonly and role:admin,
 # and additionally assigns the admin user to the role:admin role.
 # There are two policy formats:
-# 1. Applications, applicationsets, logs, and exec (which belong to a project):
-# p, <role/user/group>, <resource>, <action>, <project>/<object>, <allow/deny>
+# 1. Applications, logs, and exec (which belong to a project):
+# p, <user/group>, <resource>, <action>, <project>/<object>
 # 2. All other resources:
-# p, <role/user/group>, <resource>, <action>, <object>, <allow/deny>
+# p, <user/group>, <resource>, <action>, <object>

 p, role:readonly, applications, get, */*, allow
 p, role:readonly, certificates, get, *, allow
--- a/assets/swagger.json
+++ b/assets/swagger.json
@@ -1967,11 +1967,6 @@
            "type": "boolean",
            "name": "upsert",
            "in": "query"
-          },
-          {
-            "type": "boolean",
-            "name": "dryRun",
-            "in": "query"
          }
        ],
        "responses": {
@@ -3290,12 +3285,6 @@
            "description": "App project for query.",
            "name": "appProject",
            "in": "query"
-          },
-          {
-            "type": "string",
-            "description": "Type determines what kind of credential we're interacting with. It can be \"read\", \"write\", or \"both\". Default is\n\"read\".",
-            "name": "type",
-            "in": "query"
          }
        ],
        "responses": {
@@ -3340,12 +3329,6 @@
            "description": "Whether to operate on credential set instead of repository.",
            "name": "credsOnly",
            "in": "query"
-          },
-          {
-            "type": "boolean",
-            "description": "Write determines whether the credential will be stored as a read credential or a write credential.",
-            "name": "write",
-            "in": "query"
          }
        ],
        "responses": {
@@ -3386,12 +3369,6 @@
            "schema": {
              "$ref": "#/definitions/v1alpha1Repository"
            }
-          },
-          {
-            "type": "boolean",
-            "description": "Write determines whether the credential to be updated is a read credential or a write credential.",
-            "name": "write",
-            "in": "query"
          }
        ],
        "responses": {
@@ -3436,12 +3413,6 @@
            "description": "App project for query.",
            "name": "appProject",
            "in": "query"
-          },
-          {
-            "type": "string",
-            "description": "Type determines what kind of credential we're interacting with. It can be \"read\", \"write\", or \"both\". Default is\n\"read\".",
-            "name": "type",
-            "in": "query"
          }
        ],
        "responses": {
@@ -3484,12 +3455,6 @@
            "description": "App project for query.",
            "name": "appProject",
            "in": "query"
-          },
-          {
-            "type": "string",
-            "description": "Type determines what kind of credential we're interacting with. It can be \"read\", \"write\", or \"both\". Default is\n\"read\".",
-            "name": "type",
-            "in": "query"
          }
        ],
        "responses": {
@@ -3580,12 +3545,6 @@
            "description": "App project for query.",
            "name": "appProject",
            "in": "query"
-          },
-          {
-            "type": "string",
-            "description": "Type determines what kind of credential we're interacting with. It can be \"read\", \"write\", or \"both\". Default is\n\"read\".",
-            "name": "type",
-            "in": "query"
          }
        ],
        "responses": {
@@ -3629,12 +3588,6 @@
            "description": "App project for query.",
            "name": "appProject",
            "in": "query"
-          },
-          {
-            "type": "string",
-            "description": "Type determines what kind of credential we're interacting with. It can be \"read\", \"write\", or \"both\". Default is\n\"read\".",
-            "name": "type",
-            "in": "query"
          }
        ],
        "responses": {
@@ -5091,13 +5044,6 @@
    "repositoryManifestResponse": {
      "type": "object",
      "properties": {
-        "commands": {
-          "type": "array",
-          "title": "Commands is the list of commands used to hydrate the manifests",
-          "items": {
-            "type": "string"
-          }
-        },
        "manifests": {
          "type": "array",
          "items": {
@@ -6525,13 +6471,6 @@
      "type": "object",
      "title": "ApplicationSourceHelm holds helm specific options",
      "properties": {
-        "apiVersions": {
-          "description": "APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default,\nArgo CD uses the API versions of the target cluster. The format is [group/]version/kind.",
-          "type": "array",
-          "items": {
-            "type": "string"
-          }
-        },
        "fileParameters": {
          "type": "array",
          "title": "FileParameters are file parameters to the helm template",
@@ -6543,14 +6482,6 @@
          "type": "boolean",
          "title": "IgnoreMissingValueFiles prevents helm template from failing when valueFiles do not exist locally by not appending them to helm template --values"
        },
-        "kubeVersion": {
-          "description": "KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD\nuses the Kubernetes version of the target cluster.",
-          "type": "string"
-        },
-        "namespace": {
-          "description": "Namespace is an optional namespace to template with. If left empty, defaults to the app's destination namespace.",
-          "type": "string"
-        },
        "parameters": {
          "type": "array",
          "title": "Parameters is a list of Helm parameters which are passed to the helm template command upon manifest generation",
@@ -6621,13 +6552,6 @@
      "type": "object",
      "title": "ApplicationSourceKustomize holds options specific to an Application source specific to Kustomize",
      "properties": {
-        "apiVersions": {
-          "description": "APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default,\nArgo CD uses the API versions of the target cluster. The format is [group/]version/kind.",
-          "type": "array",
-          "items": {
-            "type": "string"
-          }
-        },
        "commonAnnotations": {
          "type": "object",
          "title": "CommonAnnotations is a list of additional annotations to add to rendered manifests",
@@ -6668,10 +6592,6 @@
            "type": "string"
          }
        },
-        "kubeVersion": {
-          "description": "KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD\nuses the Kubernetes version of the target cluster.",
-          "type": "string"
-        },
        "labelWithoutSelector": {
          "type": "boolean",
          "title": "LabelWithoutSelector specifies whether to apply common labels to resource selectors or not"
@@ -6789,9 +6709,6 @@
        "source": {
          "$ref": "#/definitions/v1alpha1ApplicationSource"
        },
-        "sourceHydrator": {
-          "$ref": "#/definitions/v1alpha1SourceHydrator"
-        },
        "sources": {
          "type": "array",
          "title": "Sources is a reference to the location of the application's manifests or chart",
@@ -6849,9 +6766,6 @@
            "$ref": "#/definitions/v1alpha1ResourceStatus"
          }
        },
-        "sourceHydrator": {
-          "$ref": "#/definitions/v1alpha1SourceHydratorStatus"
-        },
        "sourceType": {
          "type": "string",
          "title": "SourceType specifies the type of this application"
@@ -6962,15 +6876,6 @@
        }
      }
    },
-    "v1alpha1BearerTokenBitbucket": {
-      "description": "BearerTokenBitbucket defines the Bearer token for BitBucket AppToken auth.",
-      "type": "object",
-      "properties": {
-        "tokenRef": {
-          "$ref": "#/definitions/v1alpha1SecretRef"
-        }
-      }
-    },
    "v1alpha1BearerTokenBitbucketCloud": {
      "description": "BearerTokenBitbucketCloud defines the Bearer token for BitBucket AppToken auth.",
      "type": "object",
@@ -7055,7 +6960,7 @@
        },
        "serverVersion": {
          "type": "string",
-          "title": "Deprecated: use Info.ServerVersion field instead.\nThe server version"
+          "title": "DEPRECATED: use Info.ServerVersion field instead.\nThe server version"
        },
        "shard": {
          "description": "Shard contains optional shard number. Calculated on the fly by the application controller if not specified.",
@@ -7233,18 +7138,6 @@
        }
      }
    },
-    "v1alpha1ConfigMapKeyRef": {
-      "description": "Utility struct for a reference to a configmap key.",
-      "type": "object",
-      "properties": {
-        "configMapName": {
-          "type": "string"
-        },
-        "key": {
-          "type": "string"
-        }
-      }
-    },
    "v1alpha1ConnectionState": {
      "type": "object",
      "title": "ConnectionState contains information about remote resource connection state, currently used for clusters and repositories",
@@ -7262,24 +7155,6 @@
        }
      }
    },
-    "v1alpha1DrySource": {
-      "description": "DrySource specifies a location for dry \"don't repeat yourself\" manifest source information.",
-      "type": "object",
-      "properties": {
-        "path": {
-          "type": "string",
-          "title": "Path is a directory path within the Git repository where the manifests are located"
-        },
-        "repoURL": {
-          "type": "string",
-          "title": "RepoURL is the URL to the git repository that contains the application manifests"
-        },
-        "targetRevision": {
-          "type": "string",
-          "title": "TargetRevision defines the revision of the source to hydrate"
-        }
-      }
-    },
    "v1alpha1DuckTypeGenerator": {
      "description": "DuckType defines a generator to match against clusters registered with ArgoCD.",
      "type": "object",
@@ -7531,47 +7406,6 @@
        }
      }
    },
-    "v1alpha1HydrateOperation": {
-      "type": "object",
-      "title": "HydrateOperation contains information about the most recent hydrate operation",
-      "properties": {
-        "drySHA": {
-          "type": "string",
-          "title": "DrySHA holds the resolved revision (sha) of the dry source as of the most recent reconciliation"
-        },
-        "finishedAt": {
-          "$ref": "#/definitions/v1Time"
-        },
-        "hydratedSHA": {
-          "type": "string",
-          "title": "HydratedSHA holds the resolved revision (sha) of the hydrated source as of the most recent reconciliation"
-        },
-        "message": {
-          "type": "string",
-          "title": "Message contains a message describing the current status of the hydrate operation"
-        },
-        "phase": {
-          "type": "string",
-          "title": "Phase indicates the status of the hydrate operation"
-        },
-        "sourceHydrator": {
-          "$ref": "#/definitions/v1alpha1SourceHydrator"
-        },
-        "startedAt": {
-          "$ref": "#/definitions/v1Time"
-        }
-      }
-    },
-    "v1alpha1HydrateTo": {
-      "description": "HydrateTo specifies a location to which hydrated manifests should be pushed as a \"staging area\" before being moved to\nthe SyncSource. The RepoURL and Path are assumed based on the associated SyncSource config in the SourceHydrator.",
-      "type": "object",
-      "properties": {
-        "targetBranch": {
-          "type": "string",
-          "title": "TargetBranch is the branch to which hydrated manifests should be committed"
-        }
-      }
-    },
    "v1alpha1Info": {
      "type": "object",
      "properties": {
@@ -8128,16 +7962,6 @@
        "basicAuth": {
          "$ref": "#/definitions/v1alpha1BasicAuthBitbucketServer"
        },
-        "bearerToken": {
-          "$ref": "#/definitions/v1alpha1BearerTokenBitbucket"
-        },
-        "caRef": {
-          "$ref": "#/definitions/v1alpha1ConfigMapKeyRef"
-        },
-        "insecure": {
-          "type": "boolean",
-          "title": "Allow self-signed TLS / Certificates; default: false"
-        },
        "project": {
          "description": "Project to scan. Required.",
          "type": "string"
@@ -8168,9 +7992,6 @@
          "description": "The GitLab API URL to talk to. If blank, uses https://gitlab.com/.",
          "type": "string"
        },
-        "caRef": {
-          "$ref": "#/definitions/v1alpha1ConfigMapKeyRef"
-        },
        "insecure": {
          "type": "boolean",
          "title": "Skips validating the SCM provider's TLS certificate - useful for self-signed certificates.; default: false"
@@ -9048,16 +8869,6 @@
        "basicAuth": {
          "$ref": "#/definitions/v1alpha1BasicAuthBitbucketServer"
        },
-        "bearerToken": {
-          "$ref": "#/definitions/v1alpha1BearerTokenBitbucket"
-        },
-        "caRef": {
-          "$ref": "#/definitions/v1alpha1ConfigMapKeyRef"
-        },
-        "insecure": {
-          "type": "boolean",
-          "title": "Allow self-signed TLS / Certificates; default: false"
-        },
        "project": {
          "description": "Project to scan. Required.",
          "type": "string"
@@ -9158,9 +8969,6 @@
          "description": "The Gitlab API URL to talk to.",
          "type": "string"
        },
-        "caRef": {
-          "$ref": "#/definitions/v1alpha1ConfigMapKeyRef"
-        },
        "group": {
          "description": "Gitlab group to scan. Required.  You can use either the project id (recommended) or the full namespaced path.",
          "type": "string"
@@ -9208,50 +9016,6 @@
        }
      }
    },
-    "v1alpha1SourceHydrator": {
-      "description": "SourceHydrator specifies a dry \"don't repeat yourself\" source for manifests, a sync source from which to sync\nhydrated manifests, and an optional hydrateTo location to act as a \"staging\" aread for hydrated manifests.",
-      "type": "object",
-      "properties": {
-        "drySource": {
-          "$ref": "#/definitions/v1alpha1DrySource"
-        },
-        "hydrateTo": {
-          "$ref": "#/definitions/v1alpha1HydrateTo"
-        },
-        "syncSource": {
-          "$ref": "#/definitions/v1alpha1SyncSource"
-        }
-      }
-    },
-    "v1alpha1SourceHydratorStatus": {
-      "type": "object",
-      "title": "SourceHydratorStatus contains information about the current state of source hydration",
-      "properties": {
-        "currentOperation": {
-          "$ref": "#/definitions/v1alpha1HydrateOperation"
-        },
-        "lastSuccessfulOperation": {
-          "$ref": "#/definitions/v1alpha1SuccessfulHydrateOperation"
-        }
-      }
-    },
-    "v1alpha1SuccessfulHydrateOperation": {
-      "type": "object",
-      "title": "SuccessfulHydrateOperation contains information about the most recent successful hydrate operation",
-      "properties": {
-        "drySHA": {
-          "type": "string",
-          "title": "DrySHA holds the resolved revision (sha) of the dry source as of the most recent reconciliation"
-        },
-        "hydratedSHA": {
-          "type": "string",
-          "title": "HydratedSHA holds the resolved revision (sha) of the hydrated source as of the most recent reconciliation"
-        },
-        "sourceHydrator": {
-          "$ref": "#/definitions/v1alpha1SourceHydrator"
-        }
-      }
-    },
    "v1alpha1SyncOperation": {
      "description": "SyncOperation contains details about a sync operation.",
      "type": "object",
@@ -9406,20 +9170,6 @@
        }
      }
    },
-    "v1alpha1SyncSource": {
-      "description": "SyncSource specifies a location from which hydrated manifests may be synced. RepoURL is assumed based on the\nassociated DrySource config in the SourceHydrator.",
-      "type": "object",
-      "properties": {
-        "path": {
-          "description": "Path is a directory path within the git repository where hydrated manifests should be committed to and synced\nfrom. If hydrateTo is set, this is just the path from which hydrated manifests will be synced.",
-          "type": "string"
-        },
-        "targetBranch": {
-          "type": "string",
-          "title": "TargetBranch is the branch to which hydrated manifests should be committed"
-        }
-      }
-    },
    "v1alpha1SyncStatus": {
      "type": "object",
      "title": "SyncStatus contains information about the currently observed live and desired states of an application",
--- a/cmd/argocd-application-controller/commands/argocd_application_controller.go
+++ b/cmd/argocd-application-controller/commands/argocd_application_controller.go
@@ -4,9 +4,6 @@ import (
 	"context"
 	"fmt"
 	"math"
-	"os"
-	"os/signal"
-	"syscall"
 	"time"

 	"github.com/argoproj/pkg/stats"
@@ -17,7 +14,6 @@ import (
 	"k8s.io/client-go/tools/clientcmd"

 	cmdutil "github.com/argoproj/argo-cd/v2/cmd/util"
-	commitclient "github.com/argoproj/argo-cd/v2/commitserver/apiclient"
 	"github.com/argoproj/argo-cd/v2/common"
 	"github.com/argoproj/argo-cd/v2/controller"
 	"github.com/argoproj/argo-cd/v2/controller/sharding"
@@ -56,7 +52,6 @@ func NewCommand() *cobra.Command {
 		repoErrorGracePeriod             int64
 		repoServerAddress                string
 		repoServerTimeoutSeconds         int
-		commitServerAddress              string
 		selfHealTimeoutSeconds           int
 		statusProcessors                 int
 		operationProcessors              int
@@ -141,8 +136,6 @@ func NewCommand() *cobra.Command {

 			repoClientset := apiclient.NewRepoServerClientset(repoServerAddress, repoServerTimeoutSeconds, tlsConfig)

-			commitClientset := commitclient.NewCommitServerClientset(commitServerAddress)
-
 			cache, err := cacheSource()
 			errors.CheckError(err)
 			cache.Cache.SetClient(cacheutil.NewTwoLevelClient(cache.Cache.GetClient(), 10*time.Minute))
@@ -161,7 +154,6 @@ func NewCommand() *cobra.Command {
 				kubeClient,
 				appClient,
 				repoClientset,
-				commitClientset,
 				cache,
 				kubectl,
 				resyncDuration,
@@ -196,22 +188,10 @@ func NewCommand() *cobra.Command {
 				defer closeTracer()
 			}

-			// Graceful shutdown code
-			sigCh := make(chan os.Signal, 1)
-			signal.Notify(sigCh, os.Interrupt, syscall.SIGTERM)
-			go func() {
-				s := <-sigCh
-				log.Printf("got signal %v, attempting graceful shutdown", s)
-				cancel()
-			}()
-
 			go appController.Run(ctx, statusProcessors, operationProcessors)

-			<-ctx.Done()
-
-			log.Println("clean shutdown")
-
-			return nil
+			// Wait forever
+			select {}
 		},
 	}

@@ -222,7 +202,6 @@ func NewCommand() *cobra.Command {
 	command.Flags().Int64Var(&repoErrorGracePeriod, "repo-error-grace-period-seconds", int64(env.ParseDurationFromEnv("ARGOCD_REPO_ERROR_GRACE_PERIOD_SECONDS", defaultAppResyncPeriod*time.Second, 0, math.MaxInt64).Seconds()), "Grace period in seconds for ignoring consecutive errors while communicating with repo server.")
 	command.Flags().StringVar(&repoServerAddress, "repo-server", env.StringFromEnv("ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER", common.DefaultRepoServerAddr), "Repo server address.")
 	command.Flags().IntVar(&repoServerTimeoutSeconds, "repo-server-timeout-seconds", env.ParseNumFromEnv("ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_TIMEOUT_SECONDS", 60, 0, math.MaxInt64), "Repo server RPC call timeout seconds.")
-	command.Flags().StringVar(&commitServerAddress, "commit-server", env.StringFromEnv("ARGOCD_APPLICATION_CONTROLLER_COMMIT_SERVER", common.DefaultCommitServerAddr), "Commit server address.")
 	command.Flags().IntVar(&statusProcessors, "status-processors", env.ParseNumFromEnv("ARGOCD_APPLICATION_CONTROLLER_STATUS_PROCESSORS", 20, 0, math.MaxInt32), "Number of application status processors")
 	command.Flags().IntVar(&operationProcessors, "operation-processors", env.ParseNumFromEnv("ARGOCD_APPLICATION_CONTROLLER_OPERATION_PROCESSORS", 10, 0, math.MaxInt32), "Number of application operation processors")
 	command.Flags().StringVar(&cmdutil.LogFormat, "logformat", env.StringFromEnv("ARGOCD_APPLICATION_CONTROLLER_LOGFORMAT", "text"), "Set the logging format. One of: text|json")
--- a/cmd/argocd-applicationset-controller/commands/applicationset_controller.go
+++ b/cmd/argocd-applicationset-controller/commands/applicationset_controller.go
@@ -12,7 +12,6 @@ import (
 	ctrl "sigs.k8s.io/controller-runtime"

 	"github.com/argoproj/argo-cd/v2/reposerver/apiclient"
-	logutils "github.com/argoproj/argo-cd/v2/util/log"
 	"github.com/argoproj/argo-cd/v2/util/tls"

 	"github.com/argoproj/argo-cd/v2/applicationset/controllers"
@@ -70,7 +69,6 @@ func NewCommand() *cobra.Command {
 		globalPreservedAnnotations   []string
 		globalPreservedLabels        []string
 		enableScmProviders           bool
-		webhookParallelism           int
 	)
 	scheme := runtime.NewScheme()
 	_ = clientgoscheme.AddToScheme(scheme)
@@ -96,8 +94,6 @@ func NewCommand() *cobra.Command {
 			cli.SetLogFormat(cmdutil.LogFormat)
 			cli.SetLogLevel(cmdutil.LogLevel)

-			ctrl.SetLogger(logutils.NewLogrusLogger(logutils.NewWithCurrentConfig()))
-
 			restConfig, err := clientConfig.ClientConfig()
 			errors.CheckError(err)

@@ -130,14 +126,7 @@ func NewCommand() *cobra.Command {
 				}
 			}

-			cfg := ctrl.GetConfigOrDie()
-			err = appv1alpha1.SetK8SConfigDefaults(cfg)
-			if err != nil {
-				log.Error(err, "Unable to apply K8s REST config defaults")
-				os.Exit(1)
-			}
-
-			mgr, err := ctrl.NewManager(cfg, ctrl.Options{
+			mgr, err := ctrl.NewManager(ctrl.GetConfigOrDie(), ctrl.Options{
 				Scheme: scheme,
 				Metrics: metricsserver.Options{
 					BindAddress: metricsAddr,
@@ -163,7 +152,9 @@ func NewCommand() *cobra.Command {
 			appSetConfig := appclientset.NewForConfigOrDie(mgr.GetConfig())
 			argoCDDB := db.NewDB(namespace, argoSettingsMgr, k8sClient)

-			scmConfig := generators.NewSCMConfig(scmRootCAPath, allowedScmProviders, enableScmProviders, github_app.NewAuthCredentials(argoCDDB.(db.RepoCredsDB)))
+			scmAuth := generators.SCMAuthProviders{
+				GitHubApps: github_app.NewAuthCredentials(argoCDDB.(db.RepoCredsDB)),
+			}

 			tlsConfig := apiclient.TLSConfiguration{
 				DisableTLS:       repoServerPlaintext,
@@ -183,10 +174,42 @@ func NewCommand() *cobra.Command {
 			argoCDService, err := services.NewArgoCDService(argoCDDB.GetRepository, gitSubmoduleEnabled, repoClientset, enableNewGitFileGlobbing)
 			errors.CheckError(err)

-			topLevelGenerators := generators.GetGenerators(ctx, mgr.GetClient(), k8sClient, namespace, argoCDService, dynamicClient, scmConfig)
+			terminalGenerators := map[string]generators.Generator{
+				"List":                    generators.NewListGenerator(),
+				"Clusters":                generators.NewClusterGenerator(mgr.GetClient(), ctx, k8sClient, namespace),
+				"Git":                     generators.NewGitGenerator(argoCDService),
+				"SCMProvider":             generators.NewSCMProviderGenerator(mgr.GetClient(), scmAuth, scmRootCAPath, allowedScmProviders, enableScmProviders),
+				"ClusterDecisionResource": generators.NewDuckTypeGenerator(ctx, dynamicClient, k8sClient, namespace),
+				"PullRequest":             generators.NewPullRequestGenerator(mgr.GetClient(), scmAuth, scmRootCAPath, allowedScmProviders, enableScmProviders),
+				"Plugin":                  generators.NewPluginGenerator(mgr.GetClient(), ctx, k8sClient, namespace),
+			}
+
+			nestedGenerators := map[string]generators.Generator{
+				"List":                    terminalGenerators["List"],
+				"Clusters":                terminalGenerators["Clusters"],
+				"Git":                     terminalGenerators["Git"],
+				"SCMProvider":             terminalGenerators["SCMProvider"],
+				"ClusterDecisionResource": terminalGenerators["ClusterDecisionResource"],
+				"PullRequest":             terminalGenerators["PullRequest"],
+				"Plugin":                  terminalGenerators["Plugin"],
+				"Matrix":                  generators.NewMatrixGenerator(terminalGenerators),
+				"Merge":                   generators.NewMergeGenerator(terminalGenerators),
+			}
+
+			topLevelGenerators := map[string]generators.Generator{
+				"List":                    terminalGenerators["List"],
+				"Clusters":                terminalGenerators["Clusters"],
+				"Git":                     terminalGenerators["Git"],
+				"SCMProvider":             terminalGenerators["SCMProvider"],
+				"ClusterDecisionResource": terminalGenerators["ClusterDecisionResource"],
+				"PullRequest":             terminalGenerators["PullRequest"],
+				"Plugin":                  terminalGenerators["Plugin"],
+				"Matrix":                  generators.NewMatrixGenerator(nestedGenerators),
+				"Merge":                   generators.NewMergeGenerator(nestedGenerators),
+			}

 			// start a webhook server that listens to incoming webhook payloads
-			webhookHandler, err := webhook.NewWebhookHandler(namespace, webhookParallelism, argoSettingsMgr, mgr.GetClient(), topLevelGenerators)
+			webhookHandler, err := webhook.NewWebhookHandler(namespace, argoSettingsMgr, mgr.GetClient(), topLevelGenerators)
 			if err != nil {
 				log.Error(err, "failed to create webhook handler")
 			}
@@ -235,7 +258,7 @@ func NewCommand() *cobra.Command {
 			"Enabling this will ensure there is only one active controller manager.")
 	command.Flags().StringSliceVar(&applicationSetNamespaces, "applicationset-namespaces", env.StringsFromEnv("ARGOCD_APPLICATIONSET_CONTROLLER_NAMESPACES", []string{}, ","), "Argo CD applicationset namespaces")
 	command.Flags().StringVar(&argocdRepoServer, "argocd-repo-server", env.StringFromEnv("ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER", common.DefaultRepoServerAddr), "Argo CD repo server address")
-	command.Flags().StringVar(&policy, "policy", env.StringFromEnv("ARGOCD_APPLICATIONSET_CONTROLLER_POLICY", ""), "Modify how application is synced between the generator and the cluster. Default is '' (empty), which means AppSets default to 'sync', but they may override that default. Setting an explicit value prevents AppSet-level overrides, unless --allow-policy-override is enabled. Explicit options are: 'sync' (create & update & delete), 'create-only', 'create-update' (no deletion), 'create-delete' (no update)")
+	command.Flags().StringVar(&policy, "policy", env.StringFromEnv("ARGOCD_APPLICATIONSET_CONTROLLER_POLICY", ""), "Modify how application is synced between the generator and the cluster. Default is 'sync' (create & update & delete), options: 'create-only', 'create-update' (no deletion), 'create-delete' (no update)")
 	command.Flags().BoolVar(&enablePolicyOverride, "enable-policy-override", env.ParseBoolFromEnv("ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_POLICY_OVERRIDE", policy == ""), "For security reason if 'policy' is set, it is not possible to override it at applicationSet level. 'allow-policy-override' allows user to define their own policy")
 	command.Flags().BoolVar(&debugLog, "debug", env.ParseBoolFromEnv("ARGOCD_APPLICATIONSET_CONTROLLER_DEBUG", false), "Print debug logs. Takes precedence over loglevel")
 	command.Flags().StringVar(&cmdutil.LogFormat, "logformat", env.StringFromEnv("ARGOCD_APPLICATIONSET_CONTROLLER_LOGFORMAT", "text"), "Set the logging format. One of: text|json")
@@ -252,7 +275,6 @@ func NewCommand() *cobra.Command {
 	command.Flags().StringVar(&scmRootCAPath, "scm-root-ca-path", env.StringFromEnv("ARGOCD_APPLICATIONSET_CONTROLLER_SCM_ROOT_CA_PATH", ""), "Provide Root CA Path for self-signed TLS Certificates")
 	command.Flags().StringSliceVar(&globalPreservedAnnotations, "preserved-annotations", env.StringsFromEnv("ARGOCD_APPLICATIONSET_CONTROLLER_GLOBAL_PRESERVED_ANNOTATIONS", []string{}, ","), "Sets global preserved field values for annotations")
 	command.Flags().StringSliceVar(&globalPreservedLabels, "preserved-labels", env.StringsFromEnv("ARGOCD_APPLICATIONSET_CONTROLLER_GLOBAL_PRESERVED_LABELS", []string{}, ","), "Sets global preserved field values for labels")
-	command.Flags().IntVar(&webhookParallelism, "webhook-parallelism-limit", env.ParseNumFromEnv("ARGOCD_APPLICATIONSET_CONTROLLER_WEBHOOK_PARALLELISM_LIMIT", 50, 1, 1000), "Number of webhook requests processed concurrently")
 	return &command
 }

--- a/cmd/argocd-cmp-server/commands/argocd_cmp_server.go
+++ b/cmd/argocd-cmp-server/commands/argocd_cmp_server.go
@@ -81,8 +81,8 @@ func NewCommand() *cobra.Command {
 		},
 	}

-	command.Flags().StringVar(&cmdutil.LogFormat, "logformat", env.StringFromEnv("ARGOCD_CMP_SERVER_LOGFORMAT", "text"), "Set the logging format. One of: text|json")
-	command.Flags().StringVar(&cmdutil.LogLevel, "loglevel", env.StringFromEnv("ARGOCD_CMP_SERVER_LOGLEVEL", "info"), "Set the logging level. One of: trace|debug|info|warn|error")
+	command.Flags().StringVar(&cmdutil.LogFormat, "logformat", "text", "Set the logging format. One of: text|json")
+	command.Flags().StringVar(&cmdutil.LogLevel, "loglevel", "info", "Set the logging level. One of: debug|info|warn|error")
 	command.Flags().StringVar(&configFilePath, "config-dir-path", common.DefaultPluginConfigFilePath, "Config management plugin configuration file location, Default is '/home/argocd/cmp-server/config/'")
 	command.Flags().StringVar(&otlpAddress, "otlp-address", env.StringFromEnv("ARGOCD_CMP_SERVER_OTLP_ADDRESS", ""), "OpenTelemetry collector address to send traces to")
 	command.Flags().BoolVar(&otlpInsecure, "otlp-insecure", env.ParseBoolFromEnv("ARGOCD_CMP_SERVER_OTLP_INSECURE", true), "OpenTelemetry collector insecure mode")
--- a/cmd/argocd-commit-server/commands/argocd_commit_server.go
+++ b/cmd/argocd-commit-server/commands/argocd_commit_server.go
@@ -1,91 +0,0 @@
-package commands
-
-import (
-	"fmt"
-	"net"
-	"net/http"
-	"os"
-	"os/signal"
-	"sync"
-	"syscall"
-
-	log "github.com/sirupsen/logrus"
-
-	"github.com/spf13/cobra"
-
-	cmdutil "github.com/argoproj/argo-cd/v2/cmd/util"
-	"github.com/argoproj/argo-cd/v2/commitserver"
-	"github.com/argoproj/argo-cd/v2/commitserver/metrics"
-	"github.com/argoproj/argo-cd/v2/common"
-	"github.com/argoproj/argo-cd/v2/reposerver/askpass"
-	"github.com/argoproj/argo-cd/v2/util/cli"
-	"github.com/argoproj/argo-cd/v2/util/env"
-	"github.com/argoproj/argo-cd/v2/util/errors"
-)
-
-// NewCommand returns a new instance of an argocd-commit-server command
-func NewCommand() *cobra.Command {
-	var (
-		listenHost  string
-		listenPort  int
-		metricsPort int
-		metricsHost string
-	)
-	command := &cobra.Command{
-		Use:   "argocd-commit-server",
-		Short: "Run Argo CD Commit Server",
-		Long:  "Argo CD Commit Server is an internal service which commits and pushes hydrated manifests to git. This command runs Commit Server in the foreground.",
-		RunE: func(cmd *cobra.Command, args []string) error {
-			vers := common.GetVersion()
-			vers.LogStartupInfo(
-				"Argo CD Commit Server",
-				map[string]any{
-					"port": listenPort,
-				},
-			)
-
-			cli.SetLogFormat(cmdutil.LogFormat)
-			cli.SetLogLevel(cmdutil.LogLevel)
-
-			metricsServer := metrics.NewMetricsServer()
-			http.Handle("/metrics", metricsServer.GetHandler())
-			go func() { errors.CheckError(http.ListenAndServe(fmt.Sprintf("%s:%d", metricsHost, metricsPort), nil)) }()
-
-			askPassServer := askpass.NewServer(askpass.CommitServerSocketPath)
-			go func() { errors.CheckError(askPassServer.Run()) }()
-
-			server := commitserver.NewServer(askPassServer, metricsServer)
-			grpc := server.CreateGRPC()
-
-			listener, err := net.Listen("tcp", fmt.Sprintf("%s:%d", listenHost, listenPort))
-			errors.CheckError(err)
-
-			// Graceful shutdown code adapted from here: https://gist.github.com/embano1/e0bf49d24f1cdd07cffad93097c04f0a
-			sigCh := make(chan os.Signal, 1)
-			signal.Notify(sigCh, os.Interrupt, syscall.SIGTERM)
-			wg := sync.WaitGroup{}
-			wg.Add(1)
-			go func() {
-				s := <-sigCh
-				log.Printf("got signal %v, attempting graceful shutdown", s)
-				grpc.GracefulStop()
-				wg.Done()
-			}()
-
-			log.Println("starting grpc server")
-			err = grpc.Serve(listener)
-			errors.CheckError(err)
-			wg.Wait()
-			log.Println("clean shutdown")
-
-			return nil
-		},
-	}
-	command.Flags().StringVar(&cmdutil.LogFormat, "logformat", env.StringFromEnv("ARGOCD_COMMIT_SERVER_LOGFORMAT", "text"), "Set the logging format. One of: text|json")
-	command.Flags().StringVar(&cmdutil.LogLevel, "loglevel", env.StringFromEnv("ARGOCD_COMMIT_SERVER_LOGLEVEL", "info"), "Set the logging level. One of: debug|info|warn|error")
-	command.Flags().StringVar(&listenHost, "address", env.StringFromEnv("ARGOCD_COMMIT_SERVER_LISTEN_ADDRESS", common.DefaultAddressCommitServer), "Listen on given address for incoming connections")
-	command.Flags().IntVar(&listenPort, "port", common.DefaultPortCommitServer, "Listen on given port for incoming connections")
-	command.Flags().StringVar(&metricsHost, "metrics-address", env.StringFromEnv("ARGOCD_COMMIT_SERVER_METRICS_LISTEN_ADDRESS", common.DefaultAddressCommitServerMetrics), "Listen on given address for metrics")
-	command.Flags().IntVar(&metricsPort, "metrics-port", common.DefaultPortCommitServerMetrics, "Start metrics server on given port")
-	return command
-}
--- a/cmd/argocd-git-ask-pass/commands/argocd_git_ask_pass.go
+++ b/cmd/argocd-git-ask-pass/commands/argocd_git_ask_pass.go
@@ -5,6 +5,8 @@ import (
 	"os"
 	"strings"

+	"github.com/argoproj/argo-cd/v2/util/git"
+
 	"github.com/spf13/cobra"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/credentials/insecure"
@@ -31,9 +33,9 @@ func NewCommand() *cobra.Command {
 			if len(os.Args) != 2 {
 				errors.CheckError(fmt.Errorf("expected 1 argument, got %d", len(os.Args)-1))
 			}
-			nonce := os.Getenv(askpass.ASKPASS_NONCE_ENV)
+			nonce := os.Getenv(git.ASKPASS_NONCE_ENV)
 			if nonce == "" {
-				errors.CheckError(fmt.Errorf("%s is not set", askpass.ASKPASS_NONCE_ENV))
+				errors.CheckError(fmt.Errorf("%s is not set", git.ASKPASS_NONCE_ENV))
 			}
 			conn, err := grpc_util.BlockingDial(ctx, "unix", askpass.SocketPath, nil, grpc.WithTransportCredentials(insecure.NewCredentials()))
 			errors.CheckError(err)
--- a/cmd/argocd-repo-server/commands/argocd_repo_server.go
+++ b/cmd/argocd-repo-server/commands/argocd_repo_server.go
@@ -5,10 +5,6 @@ import (
 	"math"
 	"net"
 	"net/http"
-	"os"
-	"os/signal"
-	"sync"
-	"syscall"
 	"time"

 	"github.com/argoproj/pkg/stats"
@@ -119,7 +115,7 @@ func NewCommand() *cobra.Command {
 			helmRegistryMaxIndexSizeQuantity, err := resource.ParseQuantity(helmRegistryMaxIndexSize)
 			errors.CheckError(err)

-			askPassServer := askpass.NewServer(askpass.SocketPath)
+			askPassServer := askpass.NewServer()
 			metricsServer := metrics.NewMetricsServer()
 			cacheutil.CollectMetrics(redisClient, metricsServer)
 			server, err := reposerver.NewServer(metricsServer, cache, tlsConfigCustomizer, repository.RepoServerInitConstants{
@@ -177,7 +173,7 @@ func NewCommand() *cobra.Command {
 			})
 			http.Handle("/metrics", metricsServer.GetHandler())
 			go func() { errors.CheckError(http.ListenAndServe(fmt.Sprintf("%s:%d", metricsHost, metricsPort), nil)) }()
-			go func() { errors.CheckError(askPassServer.Run()) }()
+			go func() { errors.CheckError(askPassServer.Run(askpass.SocketPath)) }()

 			if gpg.IsGPGEnabled() {
 				log.Infof("Initializing GnuPG keyring at %s", common.GetGnuPGHomePath())
@@ -196,27 +192,8 @@ func NewCommand() *cobra.Command {
 			stats.RegisterStackDumper()
 			stats.StartStatsTicker(10 * time.Minute)
 			stats.RegisterHeapDumper("memprofile")
-
-			// Graceful shutdown code adapted from https://gist.github.com/embano1/e0bf49d24f1cdd07cffad93097c04f0a
-			sigCh := make(chan os.Signal, 1)
-			signal.Notify(sigCh, os.Interrupt, syscall.SIGTERM)
-			wg := sync.WaitGroup{}
-			wg.Add(1)
-			go func() {
-				s := <-sigCh
-				log.Printf("got signal %v, attempting graceful shutdown", s)
-				grpc.GracefulStop()
-				wg.Done()
-			}()
-
-			log.Println("starting grpc server")
 			err = grpc.Serve(listener)
-			if err != nil {
-				log.Fatalf("could not serve: %v", err)
-			}
-			wg.Wait()
-			log.Println("clean shutdown")
-
+			errors.CheckError(err)
 			return nil
 		},
 	}
--- a/cmd/argocd-server/commands/argocd_server.go
+++ b/cmd/argocd-server/commands/argocd_server.go
@@ -12,10 +12,8 @@ import (
 	"github.com/argoproj/pkg/stats"
 	log "github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
-	"k8s.io/client-go/dynamic"
 	"k8s.io/client-go/kubernetes"
 	"k8s.io/client-go/tools/clientcmd"
-	"sigs.k8s.io/controller-runtime/pkg/client"

 	cmdutil "github.com/argoproj/argo-cd/v2/cmd/util"
 	"github.com/argoproj/argo-cd/v2/common"
@@ -44,7 +42,6 @@ const (
 var (
 	failureRetryCount              = env.ParseNumFromEnv(failureRetryCountEnv, 0, 0, 10)
 	failureRetryPeriodMilliSeconds = env.ParseNumFromEnv(failureRetryPeriodMilliSecondsEnv, 100, 0, 1000)
-	gitSubmoduleEnabled            = env.ParseBoolFromEnv(common.EnvGitSubmoduleEnabled, true)
 )

 // NewCommand returns a new instance of an argocd command
@@ -82,13 +79,6 @@ func NewCommand() *cobra.Command {
 		staticAssetsDir          string
 		applicationNamespaces    []string
 		enableProxyExtension     bool
-		webhookParallelism       int
-
-		// ApplicationSet
-		enableNewGitFileGlobbing bool
-		scmRootCAPath            string
-		allowedScmProviders      []string
-		enableScmProviders       bool
 	)
 	command := &cobra.Command{
 		Use:               cliName,
@@ -140,12 +130,6 @@ func NewCommand() *cobra.Command {
 				StrictValidation: repoServerStrictTLS,
 			}

-			dynamicClient := dynamic.NewForConfigOrDie(config)
-
-			controllerClient, err := client.New(config, client.Options{})
-			errors.CheckError(err)
-			controllerClient = client.NewDryRunClient(controllerClient)
-
 			// Load CA information to use for validating connections to the
 			// repository server, if strict TLS validation was requested.
 			if !repoServerPlaintext && repoServerStrictTLS {
@@ -195,48 +179,37 @@ func NewCommand() *cobra.Command {
 			}

 			argoCDOpts := server.ArgoCDServerOpts{
-				Insecure:                insecure,
-				ListenPort:              listenPort,
-				ListenHost:              listenHost,
-				MetricsPort:             metricsPort,
-				MetricsHost:             metricsHost,
-				Namespace:               namespace,
-				BaseHRef:                baseHRef,
-				RootPath:                rootPath,
-				DynamicClientset:        dynamicClient,
-				KubeControllerClientset: controllerClient,
-				KubeClientset:           kubeclientset,
-				AppClientset:            appClientSet,
-				RepoClientset:           repoclientset,
-				DexServerAddr:           dexServerAddress,
-				DexTLSConfig:            dexTlsConfig,
-				DisableAuth:             disableAuth,
-				ContentTypes:            contentTypesList,
-				EnableGZip:              enableGZip,
-				TLSConfigCustomizer:     tlsConfigCustomizer,
-				Cache:                   cache,
-				RepoServerCache:         repoServerCache,
-				XFrameOptions:           frameOptions,
-				ContentSecurityPolicy:   contentSecurityPolicy,
-				RedisClient:             redisClient,
-				StaticAssetsDir:         staticAssetsDir,
-				ApplicationNamespaces:   applicationNamespaces,
-				EnableProxyExtension:    enableProxyExtension,
-				WebhookParallelism:      webhookParallelism,
-			}
-
-			appsetOpts := server.ApplicationSetOpts{
-				GitSubmoduleEnabled:      gitSubmoduleEnabled,
-				EnableNewGitFileGlobbing: enableNewGitFileGlobbing,
-				ScmRootCAPath:            scmRootCAPath,
-				AllowedScmProviders:      allowedScmProviders,
-				EnableScmProviders:       enableScmProviders,
+				Insecure:              insecure,
+				ListenPort:            listenPort,
+				ListenHost:            listenHost,
+				MetricsPort:           metricsPort,
+				MetricsHost:           metricsHost,
+				Namespace:             namespace,
+				BaseHRef:              baseHRef,
+				RootPath:              rootPath,
+				KubeClientset:         kubeclientset,
+				AppClientset:          appClientSet,
+				RepoClientset:         repoclientset,
+				DexServerAddr:         dexServerAddress,
+				DexTLSConfig:          dexTlsConfig,
+				DisableAuth:           disableAuth,
+				ContentTypes:          contentTypesList,
+				EnableGZip:            enableGZip,
+				TLSConfigCustomizer:   tlsConfigCustomizer,
+				Cache:                 cache,
+				RepoServerCache:       repoServerCache,
+				XFrameOptions:         frameOptions,
+				ContentSecurityPolicy: contentSecurityPolicy,
+				RedisClient:           redisClient,
+				StaticAssetsDir:       staticAssetsDir,
+				ApplicationNamespaces: applicationNamespaces,
+				EnableProxyExtension:  enableProxyExtension,
 			}

 			stats.RegisterStackDumper()
 			stats.StartStatsTicker(10 * time.Minute)
 			stats.RegisterHeapDumper("memprofile")
-			argocd := server.NewServer(ctx, argoCDOpts, appsetOpts)
+			argocd := server.NewServer(ctx, argoCDOpts)
 			argocd.Init(ctx)
 			lns, err := argocd.Listen()
 			errors.CheckError(err)
@@ -259,7 +232,7 @@ func NewCommand() *cobra.Command {
 		Example: templates.Examples(`
 			# Start the Argo CD API server with default settings
 			$ argocd-server
-
+				
 			# Start the Argo CD API server on a custom port and enable tracing
 			$ argocd-server --port 8888 --otlp-address localhost:4317
 		`),
@@ -296,14 +269,6 @@ func NewCommand() *cobra.Command {
 	command.Flags().BoolVar(&dexServerStrictTLS, "dex-server-strict-tls", env.ParseBoolFromEnv("ARGOCD_SERVER_DEX_SERVER_STRICT_TLS", false), "Perform strict validation of TLS certificates when connecting to dex server")
 	command.Flags().StringSliceVar(&applicationNamespaces, "application-namespaces", env.StringsFromEnv("ARGOCD_APPLICATION_NAMESPACES", []string{}, ","), "List of additional namespaces where application resources can be managed in")
 	command.Flags().BoolVar(&enableProxyExtension, "enable-proxy-extension", env.ParseBoolFromEnv("ARGOCD_SERVER_ENABLE_PROXY_EXTENSION", false), "Enable Proxy Extension feature")
-	command.Flags().IntVar(&webhookParallelism, "webhook-parallelism-limit", env.ParseNumFromEnv("ARGOCD_SERVER_WEBHOOK_PARALLELISM_LIMIT", 50, 1, 1000), "Number of webhook requests processed concurrently")
-
-	// Flags related to the applicationSet component.
-	command.Flags().StringVar(&scmRootCAPath, "appset-scm-root-ca-path", env.StringFromEnv("ARGOCD_APPLICATIONSET_CONTROLLER_SCM_ROOT_CA_PATH", ""), "Provide Root CA Path for self-signed TLS Certificates")
-	command.Flags().BoolVar(&enableScmProviders, "appset-enable-scm-providers", env.ParseBoolFromEnv("ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_SCM_PROVIDERS", true), "Enable retrieving information from SCM providers, used by the SCM and PR generators (Default: true)")
-	command.Flags().StringSliceVar(&allowedScmProviders, "appset-allowed-scm-providers", env.StringsFromEnv("ARGOCD_APPLICATIONSET_CONTROLLER_ALLOWED_SCM_PROVIDERS", []string{}, ","), "The list of allowed custom SCM provider API URLs. This restriction does not apply to SCM or PR generators which do not accept a custom API URL. (Default: Empty = all)")
-	command.Flags().BoolVar(&enableNewGitFileGlobbing, "appset-enable-new-git-file-globbing", env.ParseBoolFromEnv("ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_NEW_GIT_FILE_GLOBBING", false), "Enable new globbing in Git files generator.")
-
 	tlsConfigCustomizerSrc = tls.AddTLSFlagsToCmd(command)
 	cacheSrc = servercache.AddCacheFlagsToCmd(command, cacheutil.Options{
 		OnClientCreated: func(client *redis.Client) {
--- a/cmd/argocd/commands/admin/admin.go
+++ b/cmd/argocd/commands/admin/admin.go
@@ -218,3 +218,35 @@ func specsEqual(left, right unstructured.Unstructured) bool {
 	}
 	return false
 }
+
+func iterateStringFields(obj interface{}, callback func(name string, val string) string) {
+	if mapField, ok := obj.(map[string]interface{}); ok {
+		for field, val := range mapField {
+			if strVal, ok := val.(string); ok {
+				mapField[field] = callback(field, strVal)
+			} else {
+				iterateStringFields(val, callback)
+			}
+		}
+	} else if arrayField, ok := obj.([]interface{}); ok {
+		for i := range arrayField {
+			iterateStringFields(arrayField[i], callback)
+		}
+	}
+}
+
+func redactor(dirtyString string) string {
+	config := make(map[string]interface{})
+	err := yaml.Unmarshal([]byte(dirtyString), &config)
+	errors.CheckError(err)
+	iterateStringFields(config, func(name string, val string) string {
+		if name == "clientSecret" || name == "secret" || name == "bindPW" {
+			return "********"
+		} else {
+			return val
+		}
+	})
+	data, err := yaml.Marshal(config)
+	errors.CheckError(err)
+	return string(data)
+}
--- a/cmd/argocd/commands/admin/app.go
+++ b/cmd/argocd/commands/admin/app.go
@@ -78,7 +78,6 @@ func NewGenAppSpecCommand() *cobra.Command {
 		outputFormat string
 		annotations  []string
 		inline       bool
-		setFinalizer bool
 	)
 	command := &cobra.Command{
 		Use:   "generate-spec APPNAME",
@@ -113,9 +112,7 @@ func NewGenAppSpecCommand() *cobra.Command {
 				c.HelpFunc()(c, args)
 				os.Exit(1)
 			}
-			if setFinalizer {
-				app.Finalizers = append(app.Finalizers, "resources-finalizer.argocd.argoproj.io")
-			}
+
 			out, closer, err := getOutWriter(inline, fileURL)
 			errors.CheckError(err)
 			defer io.Close(closer)
@@ -129,7 +126,6 @@ func NewGenAppSpecCommand() *cobra.Command {
 	command.Flags().StringArrayVarP(&annotations, "annotations", "", []string{}, "Set metadata annotations (e.g. example=value)")
 	command.Flags().StringVarP(&outputFormat, "output", "o", "yaml", "Output format. One of: json|yaml")
 	command.Flags().BoolVarP(&inline, "inline", "i", false, "If set then generated resource is written back to the file specified in --file flag")
-	command.Flags().BoolVar(&setFinalizer, "set-finalizer", false, "Sets deletion finalizer on the application, application resources will be cascaded on deletion")

 	// Only complete files with appropriate extension.
 	err := command.Flags().SetAnnotation("file", cobra.BashCompFilenameExt, []string{"json", "yaml", "yml"})
--- a/cmd/argocd/commands/admin/cluster.go
+++ b/cmd/argocd/commands/admin/cluster.go
@@ -106,9 +106,14 @@ func loadClusters(ctx context.Context, kubeClient *kubernetes.Clientset, appClie
 		}

 		redisOptions := &redis.Options{Addr: fmt.Sprintf("localhost:%d", port)}
-		if err = common.SetOptionalRedisPasswordFromKubeConfig(ctx, kubeClient, namespace, redisOptions); err != nil {
-			log.Warnf("Failed to fetch & set redis password for namespace %s: %v", namespace, err)
+
+		secret, err := kubeClient.CoreV1().Secrets(namespace).Get(context.Background(), defaulRedisInitialPasswordSecretName, v1.GetOptions{})
+		if err == nil {
+			if _, ok := secret.Data[defaultResisInitialPasswordKey]; ok {
+				redisOptions.Password = string(secret.Data[defaultResisInitialPasswordKey])
+			}
 		}
+
 		client := redis.NewClient(redisOptions)
 		compressionType, err := cacheutil.CompressionTypeFromString(redisCompressionStr)
 		if err != nil {
--- a/cmd/argocd/commands/admin/project_allowlist_test.go
+++ b/cmd/argocd/commands/admin/project_allowlist_test.go
@@ -17,5 +17,5 @@ func TestProjectAllowListGen(t *testing.T) {

 	globalProj, err := generateProjectAllowList(resourceList, "testdata/test_clusterrole.yaml", "testproj")
 	require.NoError(t, err)
-	assert.NotEmpty(t, globalProj.Spec.NamespaceResourceWhitelist)
+	assert.Positive(t, len(globalProj.Spec.NamespaceResourceWhitelist))
 }
--- a/cmd/argocd/commands/admin/redis_initial_password.go
+++ b/cmd/argocd/commands/admin/redis_initial_password.go
@@ -6,18 +6,25 @@ import (
 	"fmt"
 	"math/big"

-	"github.com/spf13/cobra"
-	corev1 "k8s.io/api/core/v1"
 	apierr "k8s.io/apimachinery/pkg/api/errors"
+
+	"github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
+	"github.com/argoproj/argo-cd/v2/util/cli"
+
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/client-go/kubernetes"
 	"k8s.io/client-go/tools/clientcmd"

-	"github.com/argoproj/argo-cd/v2/common"
-	"github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
-	"github.com/argoproj/argo-cd/v2/util/cli"
 	"github.com/argoproj/argo-cd/v2/util/errors"
+
+	"github.com/spf13/cobra"
+	corev1 "k8s.io/api/core/v1"
+)
+
+const (
+	defaulRedisInitialPasswordSecretName = "argocd-redis"
+	defaultResisInitialPasswordKey       = "auth"
 )

 func generateRandomPassword() (string, error) {
@@ -45,8 +52,8 @@ func NewRedisInitialPasswordCommand() *cobra.Command {
 			namespace, _, err := clientConfig.Namespace()
 			errors.CheckError(err)

-			redisInitialPasswordSecretName := common.DefaultRedisInitialPasswordSecretName
-			redisInitialPasswordKey := common.DefaultRedisInitialPasswordKey
+			redisInitialPasswordSecretName := defaulRedisInitialPasswordSecretName
+			redisInitialPasswordKey := defaultResisInitialPasswordKey
 			fmt.Printf("Checking for initial Redis password in secret %s/%s at key %s. \n", namespace, redisInitialPasswordSecretName, redisInitialPasswordKey)

 			config, err := clientConfig.ClientConfig()
--- a/cmd/argocd/commands/admin/secrets_redactor_test.go
+++ b/cmd/argocd/commands/admin/secrets_redactor_test.go
@@ -0,0 +1,94 @@
+package admin
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+var textToRedact = `
+connectors:
+- config:
+    clientID: aabbccddeeff00112233
+    clientSecret: |
+      theSecret
+    orgs:
+    - name: your-github-org
+    redirectURI: https://argocd.example.com/api/dex/callback
+  id: github
+  name: GitHub
+  type: github
+- config:
+    bindDN: uid=serviceaccount,cn=users,dc=example,dc=com
+    bindPW: theSecret
+    host: ldap.example.com:636
+  id: ldap
+  name: LDAP
+  type: ldap
+grpc:
+  addr: 0.0.0.0:5557
+telemetry:
+  http: 0.0.0.0:5558
+issuer: https://argocd.example.com/api/dex
+oauth2:
+  skipApprovalScreen: true
+staticClients:
+- id: argo-cd
+  name: Argo CD
+  redirectURIs:
+  - https://argocd.example.com/auth/callback
+  secret: Dis9M-GA11oTwZVQQWdDklPQw-sWXZkWJFyyEhMs
+- id: argo-cd-cli
+  name: Argo CD CLI
+  public: true
+  redirectURIs:
+  - http://localhost
+storage:
+  type: memory
+web:
+  http: 0.0.0.0:5556`
+
+var expectedRedaction = `connectors:
+- config:
+    clientID: aabbccddeeff00112233
+    clientSecret: '********'
+    orgs:
+    - name: your-github-org
+    redirectURI: https://argocd.example.com/api/dex/callback
+  id: github
+  name: GitHub
+  type: github
+- config:
+    bindDN: uid=serviceaccount,cn=users,dc=example,dc=com
+    bindPW: '********'
+    host: ldap.example.com:636
+  id: ldap
+  name: LDAP
+  type: ldap
+grpc:
+  addr: 0.0.0.0:5557
+issuer: https://argocd.example.com/api/dex
+oauth2:
+  skipApprovalScreen: true
+staticClients:
+- id: argo-cd
+  name: Argo CD
+  redirectURIs:
+  - https://argocd.example.com/auth/callback
+  secret: '********'
+- id: argo-cd-cli
+  name: Argo CD CLI
+  public: true
+  redirectURIs:
+  - http://localhost
+storage:
+  type: memory
+telemetry:
+  http: 0.0.0.0:5558
+web:
+  http: 0.0.0.0:5556
+`
+
+func TestSecretsRedactor(t *testing.T) {
+	assert.Equal(t, expectedRedaction, redactor(textToRedact))
+}
--- a/cmd/argocd/commands/admin/settings_rbac.go
+++ b/cmd/argocd/commands/admin/settings_rbac.go
@@ -122,7 +122,7 @@ func NewRBACCommand() *cobra.Command {
 	return command
 }

-// NewRBACCanCommand is the command for 'rbac can-role'
+// NewRBACCanRoleCommand is the command for 'rbac can-role'
 func NewRBACCanCommand() *cobra.Command {
 	var (
 		policyFile   string
--- a/cmd/argocd/commands/app.go
+++ b/cmd/argocd/commands/app.go
@@ -108,7 +108,6 @@ type watchOpts struct {
 	suspended bool
 	degraded  bool
 	delete    bool
-	hydrated  bool
 }

 // NewApplicationCreateCommand returns a new instance of an `argocd app create` command
@@ -1763,7 +1762,6 @@ func NewApplicationWaitCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co
 	command.Flags().BoolVar(&watch.suspended, "suspended", false, "Wait for suspended")
 	command.Flags().BoolVar(&watch.degraded, "degraded", false, "Wait for degraded")
 	command.Flags().BoolVar(&watch.delete, "delete", false, "Wait for delete")
-	command.Flags().BoolVar(&watch.hydrated, "hydrated", false, "Wait for hydration operations")
 	command.Flags().StringVarP(&selector, "selector", "l", "", "Wait for apps by label. Supports '=', '==', '!=', in, notin, exists & not exists. Matching apps must satisfy all of the specified label constraints.")
 	command.Flags().StringArrayVar(&resources, "resource", []string{}, fmt.Sprintf("Sync only specific resources as GROUP%[1]sKIND%[1]sNAME or %[2]sGROUP%[1]sKIND%[1]sNAME. Fields may be blank and '*' can be used. This option may be specified repeatedly", resourceFieldDelimiter, resourceExcludeIndicator))
 	command.Flags().BoolVar(&watch.operation, "operation", false, "Wait for pending operations")
@@ -2169,7 +2167,7 @@ func getAppNamesBySelector(ctx context.Context, appIf application.ApplicationSer
 	return appNames, nil
 }

-// ResourceState tracks the state of a resource when waiting on an application status.
+// ResourceDiff tracks the state of a resource when waiting on an application status.
 type resourceState struct {
 	Group     string
 	Kind      string
@@ -2300,7 +2298,7 @@ func groupResourceStates(app *argoappv1.Application, selectedResources []*argoap
 }

 // check if resource health, sync and operation statuses matches watch options
-func checkResourceStatus(watch watchOpts, healthStatus string, syncStatus string, operationStatus *argoappv1.Operation, hydrationFinished bool) bool {
+func checkResourceStatus(watch watchOpts, healthStatus string, syncStatus string, operationStatus *argoappv1.Operation) bool {
 	if watch.delete {
 		return false
 	}
@@ -2330,8 +2328,7 @@ func checkResourceStatus(watch watchOpts, healthStatus string, syncStatus string

 	synced := !watch.sync || syncStatus == string(argoappv1.SyncStatusCodeSynced)
 	operational := !watch.operation || operationStatus == nil
-	hydration := !watch.hydrated || (watch.hydrated && hydrationFinished)
-	return synced && healthCheckPassed && operational && hydration
+	return synced && healthCheckPassed && operational
 }

 // resourceParentChild gets the latest state of the app and the latest state of the app's resource tree and then
@@ -2362,10 +2359,6 @@ func waitOnApplicationStatus(ctx context.Context, acdClient argocdclient.Client,
 	// time when the sync status lags behind when an operation completes
 	refresh := false

-	// printSummary controls whether we print the app summary table, OperationState, and ResourceState
-	// We don't want to print these when output type is json or yaml, as the output would become unparsable.
-	printSummary := output != "json" && output != "yaml"
-
 	appRealName, appNs := argo.ParseFromQualifiedName(appName, "")

 	printFinalStatus := func(app *argoappv1.Application) *argoappv1.Application {
@@ -2382,13 +2375,11 @@ func waitOnApplicationStatus(ctx context.Context, acdClient argocdclient.Client,
 			_ = conn.Close()
 		}

-		if printSummary {
-			fmt.Println()
-			printAppSummaryTable(app, appURL(ctx, acdClient, appName), nil)
-			fmt.Println()
-			if watch.operation {
-				printOperationResult(app.Status.OperationState)
-			}
+		fmt.Println()
+		printAppSummaryTable(app, appURL(ctx, acdClient, appName), nil)
+		fmt.Println()
+		if watch.operation {
+			printOperationResult(app.Status.OperationState)
 		}

 		switch output {
@@ -2403,13 +2394,13 @@ func waitOnApplicationStatus(ctx context.Context, acdClient argocdclient.Client,
 				_ = w.Flush()
 			}
 		case "tree":
-			mapUidToNode, mapParentToChild, parentNode, mapNodeNameToResourceState := resourceParentChild(ctx, acdClient, appRealName, appNs)
+			mapUidToNode, mapParentToChild, parentNode, mapNodeNameToResourceState := resourceParentChild(ctx, acdClient, appName, appNs)
 			if len(mapUidToNode) > 0 {
 				fmt.Println()
 				printTreeView(mapUidToNode, mapParentToChild, parentNode, mapNodeNameToResourceState)
 			}
 		case "tree=detailed":
-			mapUidToNode, mapParentToChild, parentNode, mapNodeNameToResourceState := resourceParentChild(ctx, acdClient, appRealName, appNs)
+			mapUidToNode, mapParentToChild, parentNode, mapNodeNameToResourceState := resourceParentChild(ctx, acdClient, appName, appNs)
 			if len(mapUidToNode) > 0 {
 				fmt.Println()
 				printTreeViewDetailed(mapUidToNode, mapParentToChild, parentNode, mapNodeNameToResourceState)
@@ -2428,26 +2419,17 @@ func waitOnApplicationStatus(ctx context.Context, acdClient argocdclient.Client,
 				AppNamespace: &appNs,
 			})
 			errors.CheckError(err)
-
-			if printSummary {
-				fmt.Println()
-				fmt.Println("This is the state of the app after `wait` timed out:")
-			}
-
+			fmt.Println()
+			fmt.Println("This is the state of the app after `wait` timed out:")
 			printFinalStatus(app)
 			cancel()
-
-			if printSummary {
-				fmt.Println()
-				fmt.Println("The command timed out waiting for the conditions to be met.")
-			}
+			fmt.Println()
+			fmt.Println("The command timed out waiting for the conditions to be met.")
 		})
 	}

 	w := tabwriter.NewWriter(os.Stdout, 5, 0, 2, ' ', 0)
-	if printSummary {
-		_, _ = fmt.Fprintf(w, waitFormatString, "TIMESTAMP", "GROUP", "KIND", "NAMESPACE", "NAME", "STATUS", "HEALTH", "HOOK", "MESSAGE")
-	}
+	_, _ = fmt.Fprintf(w, waitFormatString, "TIMESTAMP", "GROUP", "KIND", "NAMESPACE", "NAME", "STATUS", "HEALTH", "HOOK", "MESSAGE")

 	prevStates := make(map[string]*resourceState)
 	conn, appClient := acdClient.NewApplicationClientOrDie()
@@ -2495,15 +2477,13 @@ func waitOnApplicationStatus(ctx context.Context, acdClient argocdclient.Client,
 			}
 		}

-		hydrationFinished := app.Status.SourceHydrator.CurrentOperation != nil && app.Status.SourceHydrator.CurrentOperation.Phase == argoappv1.HydrateOperationPhaseHydrated && app.Status.SourceHydrator.CurrentOperation.SourceHydrator.DeepEquals(app.Status.SourceHydrator.LastSuccessfulOperation.SourceHydrator) && app.Status.SourceHydrator.CurrentOperation.DrySHA == app.Status.SourceHydrator.LastSuccessfulOperation.DrySHA
-
 		var selectedResourcesAreReady bool

 		// If selected resources are included, wait only on those resources, otherwise wait on the application as a whole.
 		if len(selectedResources) > 0 {
 			selectedResourcesAreReady = true
 			for _, state := range getResourceStates(app, selectedResources) {
-				resourceIsReady := checkResourceStatus(watch, state.Health, state.Status, appEvent.Application.Operation, hydrationFinished)
+				resourceIsReady := checkResourceStatus(watch, state.Health, state.Status, appEvent.Application.Operation)
 				if !resourceIsReady {
 					selectedResourcesAreReady = false
 					break
@@ -2511,7 +2491,7 @@ func waitOnApplicationStatus(ctx context.Context, acdClient argocdclient.Client,
 			}
 		} else {
 			// Wait on the application as a whole
-			selectedResourcesAreReady = checkResourceStatus(watch, string(app.Status.Health.Status), string(app.Status.Sync.Status), appEvent.Application.Operation, hydrationFinished)
+			selectedResourcesAreReady = checkResourceStatus(watch, string(app.Status.Health.Status), string(app.Status.Sync.Status), appEvent.Application.Operation)
 		}

 		if selectedResourcesAreReady && (!operationInProgress || !watch.operation) {
@@ -2533,7 +2513,7 @@ func waitOnApplicationStatus(ctx context.Context, acdClient argocdclient.Client,
 				prevStates[stateKey] = newState
 				doPrint = true
 			}
-			if doPrint && printSummary {
+			if doPrint {
 				_, _ = fmt.Fprintf(w, waitFormatString, prevStates[stateKey].FormatItems()...)
 			}
 		}
--- a/cmd/argocd/commands/app_test.go
+++ b/cmd/argocd/commands/app_test.go
@@ -2,25 +2,13 @@ package commands

 import (
 	"context"
-	"encoding/json"
 	"fmt"
 	"io"
 	"net/http"
 	"os"
-	"slices"
-	"strings"
 	"testing"
 	"time"

-	"google.golang.org/grpc"
-	"k8s.io/apimachinery/pkg/watch"
-
-	"github.com/argoproj/argo-cd/v2/reposerver/apiclient"
-
-	v1 "k8s.io/api/core/v1"
-
-	"sigs.k8s.io/yaml"
-
 	argocdclient "github.com/argoproj/argo-cd/v2/pkg/apiclient"
 	accountpkg "github.com/argoproj/argo-cd/v2/pkg/apiclient/account"
 	applicationpkg "github.com/argoproj/argo-cd/v2/pkg/apiclient/application"
@@ -1700,7 +1688,7 @@ func TestCheckResourceStatus(t *testing.T) {
 			suspended: true,
 			health:    true,
 			degraded:  true,
-		}, string(health.HealthStatusHealthy), string(v1alpha1.SyncStatusCodeSynced), &v1alpha1.Operation{}, true)
+		}, string(health.HealthStatusHealthy), string(v1alpha1.SyncStatusCodeSynced), &v1alpha1.Operation{})
 		assert.True(t, res)
 	})
 	t.Run("Degraded, Suspended and health status failed", func(t *testing.T) {
@@ -1708,57 +1696,57 @@ func TestCheckResourceStatus(t *testing.T) {
 			suspended: true,
 			health:    true,
 			degraded:  true,
-		}, string(health.HealthStatusProgressing), string(v1alpha1.SyncStatusCodeSynced), &v1alpha1.Operation{}, true)
+		}, string(health.HealthStatusProgressing), string(v1alpha1.SyncStatusCodeSynced), &v1alpha1.Operation{})
 		assert.False(t, res)
 	})
 	t.Run("Suspended and health status passed", func(t *testing.T) {
 		res := checkResourceStatus(watchOpts{
 			suspended: true,
 			health:    true,
-		}, string(health.HealthStatusHealthy), string(v1alpha1.SyncStatusCodeSynced), &v1alpha1.Operation{}, true)
+		}, string(health.HealthStatusHealthy), string(v1alpha1.SyncStatusCodeSynced), &v1alpha1.Operation{})
 		assert.True(t, res)
 	})
 	t.Run("Suspended and health status failed", func(t *testing.T) {
 		res := checkResourceStatus(watchOpts{
 			suspended: true,
 			health:    true,
-		}, string(health.HealthStatusProgressing), string(v1alpha1.SyncStatusCodeSynced), &v1alpha1.Operation{}, true)
+		}, string(health.HealthStatusProgressing), string(v1alpha1.SyncStatusCodeSynced), &v1alpha1.Operation{})
 		assert.False(t, res)
 	})
 	t.Run("Suspended passed", func(t *testing.T) {
 		res := checkResourceStatus(watchOpts{
 			suspended: true,
 			health:    false,
-		}, string(health.HealthStatusSuspended), string(v1alpha1.SyncStatusCodeSynced), &v1alpha1.Operation{}, true)
+		}, string(health.HealthStatusSuspended), string(v1alpha1.SyncStatusCodeSynced), &v1alpha1.Operation{})
 		assert.True(t, res)
 	})
 	t.Run("Suspended failed", func(t *testing.T) {
 		res := checkResourceStatus(watchOpts{
 			suspended: true,
 			health:    false,
-		}, string(health.HealthStatusProgressing), string(v1alpha1.SyncStatusCodeSynced), &v1alpha1.Operation{}, true)
+		}, string(health.HealthStatusProgressing), string(v1alpha1.SyncStatusCodeSynced), &v1alpha1.Operation{})
 		assert.False(t, res)
 	})
 	t.Run("Health passed", func(t *testing.T) {
 		res := checkResourceStatus(watchOpts{
 			suspended: false,
 			health:    true,
-		}, string(health.HealthStatusHealthy), string(v1alpha1.SyncStatusCodeSynced), &v1alpha1.Operation{}, true)
+		}, string(health.HealthStatusHealthy), string(v1alpha1.SyncStatusCodeSynced), &v1alpha1.Operation{})
 		assert.True(t, res)
 	})
 	t.Run("Health failed", func(t *testing.T) {
 		res := checkResourceStatus(watchOpts{
 			suspended: false,
 			health:    true,
-		}, string(health.HealthStatusProgressing), string(v1alpha1.SyncStatusCodeSynced), &v1alpha1.Operation{}, true)
+		}, string(health.HealthStatusProgressing), string(v1alpha1.SyncStatusCodeSynced), &v1alpha1.Operation{})
 		assert.False(t, res)
 	})
 	t.Run("Synced passed", func(t *testing.T) {
-		res := checkResourceStatus(watchOpts{}, string(health.HealthStatusProgressing), string(v1alpha1.SyncStatusCodeSynced), &v1alpha1.Operation{}, true)
+		res := checkResourceStatus(watchOpts{}, string(health.HealthStatusProgressing), string(v1alpha1.SyncStatusCodeSynced), &v1alpha1.Operation{})
 		assert.True(t, res)
 	})
 	t.Run("Synced failed", func(t *testing.T) {
-		res := checkResourceStatus(watchOpts{}, string(health.HealthStatusProgressing), string(v1alpha1.SyncStatusCodeOutOfSync), &v1alpha1.Operation{}, true)
+		res := checkResourceStatus(watchOpts{}, string(health.HealthStatusProgressing), string(v1alpha1.SyncStatusCodeOutOfSync), &v1alpha1.Operation{})
 		assert.True(t, res)
 	})
 	t.Run("Degraded passed", func(t *testing.T) {
@@ -1766,7 +1754,7 @@ func TestCheckResourceStatus(t *testing.T) {
 			suspended: false,
 			health:    false,
 			degraded:  true,
-		}, string(health.HealthStatusDegraded), string(v1alpha1.SyncStatusCodeSynced), &v1alpha1.Operation{}, true)
+		}, string(health.HealthStatusDegraded), string(v1alpha1.SyncStatusCodeSynced), &v1alpha1.Operation{})
 		assert.True(t, res)
 	})
 	t.Run("Degraded failed", func(t *testing.T) {
@@ -1774,7 +1762,7 @@ func TestCheckResourceStatus(t *testing.T) {
 			suspended: false,
 			health:    false,
 			degraded:  true,
-		}, string(health.HealthStatusProgressing), string(v1alpha1.SyncStatusCodeSynced), &v1alpha1.Operation{}, true)
+		}, string(health.HealthStatusProgressing), string(v1alpha1.SyncStatusCodeSynced), &v1alpha1.Operation{})
 		assert.False(t, res)
 	})
 }
@@ -1861,316 +1849,6 @@ func testApp(name, project string, labels map[string]string, annotations map[str
 	}
 }

-func TestWaitOnApplicationStatus_JSON_YAML_WideOutput(t *testing.T) {
-	acdClient := &customAcdClient{&fakeAcdClient{}}
-	ctx := context.Background()
-	var selectResource []*v1alpha1.SyncOperationResource
-	watch := watchOpts{
-		sync:      false,
-		health:    false,
-		operation: true,
-		suspended: false,
-	}
-	watch = getWatchOpts(watch)
-
-	output, err := captureOutput(func() error {
-		_, _, _ = waitOnApplicationStatus(ctx, acdClient, "app-name", 0, watch, selectResource, "json")
-		return nil
-	},
-	)
-	require.NoError(t, err)
-	assert.True(t, json.Valid([]byte(output)))
-
-	output, err = captureOutput(func() error {
-		_, _, _ = waitOnApplicationStatus(ctx, acdClient, "app-name", 0, watch, selectResource, "yaml")
-		return nil
-	})
-
-	require.NoError(t, err)
-	err = yaml.Unmarshal([]byte(output), &v1alpha1.Application{})
-	require.NoError(t, err)
-
-	output, _ = captureOutput(func() error {
-		_, _, _ = waitOnApplicationStatus(ctx, acdClient, "app-name", 0, watch, selectResource, "")
-		return nil
-	})
-	timeStr := time.Now().Format("2006-01-02T15:04:05-07:00")
-
-	expectation := `TIMESTAMP                  GROUP        KIND   NAMESPACE                  NAME    STATUS   HEALTH        HOOK  MESSAGE
-%s            Service     default         service-name1    Synced  Healthy              
-%s   apps  Deployment     default                  test    Synced  Healthy              
-
-Name:               argocd/test
-Project:            default
-Server:             local
-Namespace:          argocd
-URL:                http://localhost:8080/applications/app-name
-Source:
- Repo:             test
-  Target:           master
-  Path:             /test
-  Helm Values:      path1,path2
-  Name Prefix:      prefix
-SyncWindow:         Sync Allowed
-Sync Policy:        Automated (Prune)
-Sync Status:        OutOfSync from master
-Health Status:      Progressing (health-message)
-
-Operation:          Sync
-Sync Revision:      revision
-Phase:              
-Start:              0001-01-01 00:00:00 +0000 UTC
-Finished:           2020-11-10 23:00:00 +0000 UTC
-Duration:           2333448h16m18.871345152s
-Message:            test
-
-GROUP  KIND        NAMESPACE  NAME           STATUS  HEALTH   HOOK  MESSAGE
-       Service     default    service-name1  Synced  Healthy        
-apps   Deployment  default    test           Synced  Healthy        
-`
-	expectation = fmt.Sprintf(expectation, timeStr, timeStr)
-	expectationParts := strings.Split(expectation, "\n")
-	slices.Sort(expectationParts)
-	expectationSorted := strings.Join(expectationParts, "\n")
-	outputParts := strings.Split(output, "\n")
-	slices.Sort(outputParts)
-	outputSorted := strings.Join(outputParts, "\n")
-	// Need to compare sorted since map entries may not keep a specific order during serialization, leading to flakiness.
-	assert.Equalf(t, expectationSorted, outputSorted, "Incorrect output %q, should be %q (items order doesn't matter)", output, expectation)
-}
-
-type customAcdClient struct {
-	*fakeAcdClient
-}
-
-func (c *customAcdClient) WatchApplicationWithRetry(ctx context.Context, appName string, revision string) chan *v1alpha1.ApplicationWatchEvent {
-	appEventsCh := make(chan *v1alpha1.ApplicationWatchEvent)
-	_, appClient := c.NewApplicationClientOrDie()
-	app, _ := appClient.Get(ctx, &applicationpkg.ApplicationQuery{})
-
-	newApp := v1alpha1.Application{
-		TypeMeta:   app.TypeMeta,
-		ObjectMeta: app.ObjectMeta,
-		Spec:       app.Spec,
-		Status:     app.Status,
-		Operation:  app.Operation,
-	}
-
-	go func() {
-		appEventsCh <- &v1alpha1.ApplicationWatchEvent{
-			Type:        watch.Bookmark,
-			Application: newApp,
-		}
-		close(appEventsCh)
-	}()
-
-	return appEventsCh
-}
-
-func (c *customAcdClient) NewApplicationClientOrDie() (io.Closer, applicationpkg.ApplicationServiceClient) {
-	return &fakeConnection{}, &fakeAppServiceClient{}
-}
-
-func (c *customAcdClient) NewSettingsClientOrDie() (io.Closer, settingspkg.SettingsServiceClient) {
-	return &fakeConnection{}, &fakeSettingsServiceClient{}
-}
-
-type fakeConnection struct{}
-
-func (c *fakeConnection) Close() error {
-	return nil
-}
-
-type fakeSettingsServiceClient struct{}
-
-func (f fakeSettingsServiceClient) Get(ctx context.Context, in *settingspkg.SettingsQuery, opts ...grpc.CallOption) (*settingspkg.Settings, error) {
-	return &settingspkg.Settings{
-		URL: "http://localhost:8080",
-	}, nil
-}
-
-func (f fakeSettingsServiceClient) GetPlugins(ctx context.Context, in *settingspkg.SettingsQuery, opts ...grpc.CallOption) (*settingspkg.SettingsPluginsResponse, error) {
-	return nil, nil
-}
-
-type fakeAppServiceClient struct{}
-
-func (c *fakeAppServiceClient) Get(ctx context.Context, in *applicationpkg.ApplicationQuery, opts ...grpc.CallOption) (*v1alpha1.Application, error) {
-	time := metav1.Date(2020, time.November, 10, 23, 0, 0, 0, time.UTC)
-	return &v1alpha1.Application{
-		ObjectMeta: metav1.ObjectMeta{
-			Name:      "test",
-			Namespace: "argocd",
-		},
-		Spec: v1alpha1.ApplicationSpec{
-			SyncPolicy: &v1alpha1.SyncPolicy{
-				Automated: &v1alpha1.SyncPolicyAutomated{
-					Prune: true,
-				},
-			},
-			Project:     "default",
-			Destination: v1alpha1.ApplicationDestination{Server: "local", Namespace: "argocd"},
-			Source: &v1alpha1.ApplicationSource{
-				RepoURL:        "test",
-				TargetRevision: "master",
-				Path:           "/test",
-				Helm: &v1alpha1.ApplicationSourceHelm{
-					ValueFiles: []string{"path1", "path2"},
-				},
-				Kustomize: &v1alpha1.ApplicationSourceKustomize{NamePrefix: "prefix"},
-			},
-		},
-		Status: v1alpha1.ApplicationStatus{
-			Resources: []v1alpha1.ResourceStatus{
-				{
-					Group:     "",
-					Kind:      "Service",
-					Namespace: "default",
-					Name:      "service-name1",
-					Status:    "Synced",
-					Health: &v1alpha1.HealthStatus{
-						Status:  health.HealthStatusHealthy,
-						Message: "health-message",
-					},
-				},
-				{
-					Group:     "apps",
-					Kind:      "Deployment",
-					Namespace: "default",
-					Name:      "test",
-					Status:    "Synced",
-					Health: &v1alpha1.HealthStatus{
-						Status:  health.HealthStatusHealthy,
-						Message: "health-message",
-					},
-				},
-			},
-			OperationState: &v1alpha1.OperationState{
-				SyncResult: &v1alpha1.SyncOperationResult{
-					Revision: "revision",
-				},
-				FinishedAt: &time,
-				Message:    "test",
-			},
-			Sync: v1alpha1.SyncStatus{
-				Status: v1alpha1.SyncStatusCodeOutOfSync,
-			},
-			Health: v1alpha1.HealthStatus{
-				Status:  health.HealthStatusProgressing,
-				Message: "health-message",
-			},
-		},
-	}, nil
-}
-
-func (c *fakeAppServiceClient) List(ctx context.Context, in *applicationpkg.ApplicationQuery, opts ...grpc.CallOption) (*v1alpha1.ApplicationList, error) {
-	return nil, nil
-}
-
-func (c *fakeAppServiceClient) ListResourceEvents(ctx context.Context, in *applicationpkg.ApplicationResourceEventsQuery, opts ...grpc.CallOption) (*v1.EventList, error) {
-	return nil, nil
-}
-
-func (c *fakeAppServiceClient) Watch(ctx context.Context, in *applicationpkg.ApplicationQuery, opts ...grpc.CallOption) (applicationpkg.ApplicationService_WatchClient, error) {
-	return nil, nil
-}
-
-func (c *fakeAppServiceClient) Create(ctx context.Context, in *applicationpkg.ApplicationCreateRequest, opts ...grpc.CallOption) (*v1alpha1.Application, error) {
-	return nil, nil
-}
-
-func (c *fakeAppServiceClient) GetApplicationSyncWindows(ctx context.Context, in *applicationpkg.ApplicationSyncWindowsQuery, opts ...grpc.CallOption) (*applicationpkg.ApplicationSyncWindowsResponse, error) {
-	return nil, nil
-}
-
-func (c *fakeAppServiceClient) RevisionMetadata(ctx context.Context, in *applicationpkg.RevisionMetadataQuery, opts ...grpc.CallOption) (*v1alpha1.RevisionMetadata, error) {
-	return nil, nil
-}
-
-func (c *fakeAppServiceClient) RevisionChartDetails(ctx context.Context, in *applicationpkg.RevisionMetadataQuery, opts ...grpc.CallOption) (*v1alpha1.ChartDetails, error) {
-	return nil, nil
-}
-
-func (c *fakeAppServiceClient) GetManifests(ctx context.Context, in *applicationpkg.ApplicationManifestQuery, opts ...grpc.CallOption) (*apiclient.ManifestResponse, error) {
-	return nil, nil
-}
-
-func (c *fakeAppServiceClient) GetManifestsWithFiles(ctx context.Context, opts ...grpc.CallOption) (applicationpkg.ApplicationService_GetManifestsWithFilesClient, error) {
-	return nil, nil
-}
-
-func (c *fakeAppServiceClient) Update(ctx context.Context, in *applicationpkg.ApplicationUpdateRequest, opts ...grpc.CallOption) (*v1alpha1.Application, error) {
-	return nil, nil
-}
-
-func (c *fakeAppServiceClient) UpdateSpec(ctx context.Context, in *applicationpkg.ApplicationUpdateSpecRequest, opts ...grpc.CallOption) (*v1alpha1.ApplicationSpec, error) {
-	return nil, nil
-}
-
-func (c *fakeAppServiceClient) Patch(ctx context.Context, in *applicationpkg.ApplicationPatchRequest, opts ...grpc.CallOption) (*v1alpha1.Application, error) {
-	return nil, nil
-}
-
-func (c *fakeAppServiceClient) Delete(ctx context.Context, in *applicationpkg.ApplicationDeleteRequest, opts ...grpc.CallOption) (*applicationpkg.ApplicationResponse, error) {
-	return nil, nil
-}
-
-func (c *fakeAppServiceClient) Sync(ctx context.Context, in *applicationpkg.ApplicationSyncRequest, opts ...grpc.CallOption) (*v1alpha1.Application, error) {
-	return nil, nil
-}
-
-func (c *fakeAppServiceClient) ManagedResources(ctx context.Context, in *applicationpkg.ResourcesQuery, opts ...grpc.CallOption) (*applicationpkg.ManagedResourcesResponse, error) {
-	return nil, nil
-}
-
-func (c *fakeAppServiceClient) ResourceTree(ctx context.Context, in *applicationpkg.ResourcesQuery, opts ...grpc.CallOption) (*v1alpha1.ApplicationTree, error) {
-	return nil, nil
-}
-
-func (c *fakeAppServiceClient) WatchResourceTree(ctx context.Context, in *applicationpkg.ResourcesQuery, opts ...grpc.CallOption) (applicationpkg.ApplicationService_WatchResourceTreeClient, error) {
-	return nil, nil
-}
-
-func (c *fakeAppServiceClient) Rollback(ctx context.Context, in *applicationpkg.ApplicationRollbackRequest, opts ...grpc.CallOption) (*v1alpha1.Application, error) {
-	return nil, nil
-}
-
-func (c *fakeAppServiceClient) TerminateOperation(ctx context.Context, in *applicationpkg.OperationTerminateRequest, opts ...grpc.CallOption) (*applicationpkg.OperationTerminateResponse, error) {
-	return nil, nil
-}
-
-func (c *fakeAppServiceClient) GetResource(ctx context.Context, in *applicationpkg.ApplicationResourceRequest, opts ...grpc.CallOption) (*applicationpkg.ApplicationResourceResponse, error) {
-	return nil, nil
-}
-
-func (c *fakeAppServiceClient) PatchResource(ctx context.Context, in *applicationpkg.ApplicationResourcePatchRequest, opts ...grpc.CallOption) (*applicationpkg.ApplicationResourceResponse, error) {
-	return nil, nil
-}
-
-func (c *fakeAppServiceClient) ListResourceActions(ctx context.Context, in *applicationpkg.ApplicationResourceRequest, opts ...grpc.CallOption) (*applicationpkg.ResourceActionsListResponse, error) {
-	return nil, nil
-}
-
-func (c *fakeAppServiceClient) RunResourceAction(ctx context.Context, in *applicationpkg.ResourceActionRunRequest, opts ...grpc.CallOption) (*applicationpkg.ApplicationResponse, error) {
-	return nil, nil
-}
-
-func (c *fakeAppServiceClient) DeleteResource(ctx context.Context, in *applicationpkg.ApplicationResourceDeleteRequest, opts ...grpc.CallOption) (*applicationpkg.ApplicationResponse, error) {
-	return nil, nil
-}
-
-func (c *fakeAppServiceClient) PodLogs(ctx context.Context, in *applicationpkg.ApplicationPodLogsQuery, opts ...grpc.CallOption) (applicationpkg.ApplicationService_PodLogsClient, error) {
-	return nil, nil
-}
-
-func (c *fakeAppServiceClient) ListLinks(ctx context.Context, in *applicationpkg.ListAppLinksRequest, opts ...grpc.CallOption) (*applicationpkg.LinksResponse, error) {
-	return nil, nil
-}
-
-func (c *fakeAppServiceClient) ListResourceLinks(ctx context.Context, in *applicationpkg.ApplicationResourceRequest, opts ...grpc.CallOption) (*applicationpkg.LinksResponse, error) {
-	return nil, nil
-}
-
 type fakeAcdClient struct{}

 func (c *fakeAcdClient) ClientOptions() argocdclient.ClientOptions {
--- a/cmd/argocd/commands/applicationset.go
+++ b/cmd/argocd/commands/applicationset.go
@@ -114,17 +114,13 @@ func NewApplicationSetGetCommand(clientOpts *argocdclient.ClientOptions) *cobra.

 // NewApplicationSetCreateCommand returns a new instance of an `argocd appset create` command
 func NewApplicationSetCreateCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command {
-	var output string
-	var upsert, dryRun bool
+	var upsert bool
 	command := &cobra.Command{
 		Use:   "create",
 		Short: "Create one or more ApplicationSets",
 		Example: templates.Examples(`
 	# Create ApplicationSets
 	argocd appset create <filename or URL> (<filename or URL>...)
-
-	# Dry-run AppSet creation to see what applications would be managed
-	argocd appset create --dry-run <filename or URL> -o json | jq -r '.status.resources[].name' 
 		`),
 		Run: func(c *cobra.Command, args []string) {
 			ctx := c.Context()
@@ -161,16 +157,10 @@ func NewApplicationSetCreateCommand(clientOpts *argocdclient.ClientOptions) *cob
 				appSetCreateRequest := applicationset.ApplicationSetCreateRequest{
 					Applicationset: appset,
 					Upsert:         upsert,
-					DryRun:         dryRun,
 				}
 				created, err := appIf.Create(ctx, &appSetCreateRequest)
 				errors.CheckError(err)

-				dryRunMsg := ""
-				if dryRun {
-					dryRunMsg = " (dry-run)"
-				}
-
 				var action string
 				if existing == nil {
 					action = "created"
@@ -180,31 +170,11 @@ func NewApplicationSetCreateCommand(clientOpts *argocdclient.ClientOptions) *cob
 					action = "updated"
 				}

-				c.PrintErrf("ApplicationSet '%s' %s%s\n", created.ObjectMeta.Name, action, dryRunMsg)
-
-				switch output {
-				case "yaml", "json":
-					err := PrintResource(created, output)
-					errors.CheckError(err)
-				case "wide", "":
-					printAppSetSummaryTable(created)
-
-					if len(created.Status.Conditions) > 0 {
-						fmt.Println()
-						w := tabwriter.NewWriter(os.Stdout, 0, 0, 2, ' ', 0)
-						printAppSetConditions(w, created)
-						_ = w.Flush()
-						fmt.Println()
-					}
-				default:
-					errors.CheckError(fmt.Errorf("unknown output format: %s", output))
-				}
+				fmt.Printf("ApplicationSet '%s' %s\n", created.ObjectMeta.Name, action)
 			}
 		},
 	}
 	command.Flags().BoolVar(&upsert, "upsert", false, "Allows to override ApplicationSet with the same name even if supplied ApplicationSet spec is different from existing spec")
-	command.Flags().BoolVar(&dryRun, "dry-run", false, "Allows to evaluate the ApplicationSet template on the server to get a preview of the applications that would be created")
-	command.Flags().StringVarP(&output, "output", "o", "wide", "Output format. One of: json|yaml|wide")
 	return command
 }

@@ -219,7 +189,7 @@ func NewApplicationSetListCommand(clientOpts *argocdclient.ClientOptions) *cobra
 	command := &cobra.Command{
 		Use:   "list",
 		Short: "List ApplicationSets",
-		Example: templates.Examples(`
+		Example: templates.Examples(`  
 	# List all ApplicationSets
 	argocd appset list
 		`),
@@ -260,7 +230,7 @@ func NewApplicationSetDeleteCommand(clientOpts *argocdclient.ClientOptions) *cob
 	command := &cobra.Command{
 		Use:   "delete",
 		Short: "Delete one or more ApplicationSets",
-		Example: templates.Examples(`
+		Example: templates.Examples(`  
 	# Delete an applicationset
 	argocd appset delete APPSETNAME (APPSETNAME...)
 		`),
--- a/cmd/argocd/commands/headless/headless.go
+++ b/cmd/argocd/commands/headless/headless.go
@@ -8,23 +8,23 @@ import (
 	"sync"
 	"time"

+	"github.com/spf13/cobra"
+
+	"github.com/argoproj/argo-cd/v2/cmd/argocd/commands/initialize"
+	"github.com/argoproj/argo-cd/v2/common"
+
 	"github.com/alicebob/miniredis/v2"
 	"github.com/golang/protobuf/ptypes/empty"
 	"github.com/redis/go-redis/v9"
 	log "github.com/sirupsen/logrus"
-	"github.com/spf13/cobra"
 	"github.com/spf13/pflag"
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/util/runtime"
-	"k8s.io/client-go/dynamic"
 	"k8s.io/client-go/kubernetes"
 	cache2 "k8s.io/client-go/tools/cache"
 	"k8s.io/client-go/tools/clientcmd"
 	"k8s.io/utils/ptr"
-	"sigs.k8s.io/controller-runtime/pkg/client"

-	"github.com/argoproj/argo-cd/v2/cmd/argocd/commands/initialize"
-	"github.com/argoproj/argo-cd/v2/common"
 	"github.com/argoproj/argo-cd/v2/pkg/apiclient"
 	"github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
 	appclientset "github.com/argoproj/argo-cd/v2/pkg/client/clientset/versioned"
@@ -231,17 +231,6 @@ func MaybeStartLocalServer(ctx context.Context, clientOpts *apiclient.ClientOpti
 		return fmt.Errorf("error creating kubernetes clientset: %w", err)
 	}

-	dynamicClientset, err := dynamic.NewForConfig(restConfig)
-	if err != nil {
-		return fmt.Errorf("error creating kubernetes dynamic clientset: %w", err)
-	}
-
-	controllerClientset, err := client.New(restConfig, client.Options{})
-	if err != nil {
-		return fmt.Errorf("error creating kubernetes controller clientset: %w", err)
-	}
-	controllerClientset = client.NewDryRunClient(controllerClientset)
-
 	namespace, _, err := clientConfig.Namespace()
 	if err != nil {
 		return fmt.Errorf("error getting namespace: %w", err)
@@ -252,27 +241,20 @@ func MaybeStartLocalServer(ctx context.Context, clientOpts *apiclient.ClientOpti
 		return fmt.Errorf("error running miniredis: %w", err)
 	}
 	appstateCache := appstatecache.NewCache(cache.NewCache(&forwardCacheClient{namespace: namespace, context: ctxStr, compression: compression, redisHaProxyName: clientOpts.RedisHaProxyName, redisName: clientOpts.RedisName}), time.Hour)
-
-	redisOptions := &redis.Options{Addr: mr.Addr()}
-	if err = common.SetOptionalRedisPasswordFromKubeConfig(ctx, kubeClientset, namespace, redisOptions); err != nil {
-		log.Warnf("Failed to fetch & set redis password for namespace %s: %v", namespace, err)
-	}
 	srv := server.NewServer(ctx, server.ArgoCDServerOpts{
-		EnableGZip:              false,
-		Namespace:               namespace,
-		ListenPort:              *port,
-		AppClientset:            appClientset,
-		DisableAuth:             true,
-		RedisClient:             redis.NewClient(redisOptions),
-		Cache:                   servercache.NewCache(appstateCache, 0, 0, 0),
-		KubeClientset:           kubeClientset,
-		DynamicClientset:        dynamicClientset,
-		KubeControllerClientset: controllerClientset,
-		Insecure:                true,
-		ListenHost:              *address,
-		RepoClientset:           &forwardRepoClientset{namespace: namespace, context: ctxStr, repoServerName: clientOpts.RepoServerName, kubeClientset: kubeClientset},
-		EnableProxyExtension:    false,
-	}, server.ApplicationSetOpts{})
+		EnableGZip:           false,
+		Namespace:            namespace,
+		ListenPort:           *port,
+		AppClientset:         appClientset,
+		DisableAuth:          true,
+		RedisClient:          redis.NewClient(&redis.Options{Addr: mr.Addr()}),
+		Cache:                servercache.NewCache(appstateCache, 0, 0, 0),
+		KubeClientset:        kubeClientset,
+		Insecure:             true,
+		ListenHost:           *address,
+		RepoClientset:        &forwardRepoClientset{namespace: namespace, context: ctxStr, repoServerName: clientOpts.RepoServerName, kubeClientset: kubeClientset},
+		EnableProxyExtension: false,
+	})
 	srv.Init(ctx)

 	lns, err := srv.Listen()
--- a/cmd/argocd/commands/login.go
+++ b/cmd/argocd/commands/login.go
@@ -37,13 +37,12 @@ import (
 // NewLoginCommand returns a new instance of `argocd login` command
 func NewLoginCommand(globalClientOpts *argocdclient.ClientOptions) *cobra.Command {
 	var (
-		ctxName          string
-		username         string
-		password         string
-		sso              bool
-		ssoPort          int
-		skipTestTLS      bool
-		ssoLaunchBrowser bool
+		ctxName     string
+		username    string
+		password    string
+		sso         bool
+		ssoPort     int
+		skipTestTLS bool
 	)
 	command := &cobra.Command{
 		Use:   "login SERVER",
@@ -136,7 +135,7 @@ argocd login cd.argoproj.io --core`,
 					errors.CheckError(err)
 					oauth2conf, provider, err := acdClient.OIDCConfig(ctx, acdSet)
 					errors.CheckError(err)
-					tokenString, refreshToken = oauth2Login(ctx, ssoPort, acdSet.GetOIDCConfig(), oauth2conf, provider, ssoLaunchBrowser)
+					tokenString, refreshToken = oauth2Login(ctx, ssoPort, acdSet.GetOIDCConfig(), oauth2conf, provider)
 				}
 				parser := jwt.NewParser(jwt.WithoutClaimsValidation())
 				claims := jwt.MapClaims{}
@@ -185,7 +184,6 @@ argocd login cd.argoproj.io --core`,
 	command.Flags().IntVar(&ssoPort, "sso-port", DefaultSSOLocalPort, "Port to run local OAuth2 login application")
 	command.Flags().
 		BoolVar(&skipTestTLS, "skip-test-tls", false, "Skip testing whether the server is configured with TLS (this can help when the command hangs for no apparent reason)")
-	command.Flags().BoolVar(&ssoLaunchBrowser, "sso-launch-browser", true, "Automatically launch the system default browser when performing SSO login")
 	return command
 }

@@ -207,7 +205,6 @@ func oauth2Login(
 	oidcSettings *settingspkg.OIDCConfig,
 	oauth2conf *oauth2.Config,
 	provider *oidc.Provider,
-	ssoLaunchBrowser bool,
 ) (string, string) {
 	oauth2conf.RedirectURL = fmt.Sprintf("http://localhost:%d/auth/callback", port)
 	oidcConf, err := oidcutil.ParseConfig(provider)
@@ -307,6 +304,8 @@ func oauth2Login(
 	http.HandleFunc("/auth/callback", callbackHandler)

 	// Redirect user to login & consent page to ask for permission for the scopes specified above.
+	fmt.Printf("Opening browser for authentication\n")
+
 	var url string
 	var oidcconfig oidcconfig.OIDCConfig
 	grantType := oidcutil.InferGrantType(oidcConf)
@@ -331,7 +330,8 @@ func oauth2Login(
 	}
 	fmt.Printf("Performing %s flow login: %s\n", grantType, url)
 	time.Sleep(1 * time.Second)
-	ssoAuthFlow(url, ssoLaunchBrowser)
+	err = open.Start(url)
+	errors.CheckError(err)
 	go func() {
 		log.Debugf("Listen: %s", srv.Addr)
 		if err := srv.ListenAndServe(); err != http.ErrServerClosed {
@@ -363,13 +363,3 @@ func passwordLogin(ctx context.Context, acdClient argocdclient.Client, username,
 	errors.CheckError(err)
 	return createdSession.Token
 }
-
-func ssoAuthFlow(url string, ssoLaunchBrowser bool) {
-	if ssoLaunchBrowser {
-		fmt.Printf("Opening system default browser for authentication\n")
-		err := open.Start(url)
-		errors.CheckError(err)
-	} else {
-		fmt.Printf("To authenticate, copy-and-paste the following URL into your preferred browser: %s\n", url)
-	}
-}
--- a/cmd/argocd/commands/login_test.go
+++ b/cmd/argocd/commands/login_test.go
@@ -1,39 +1,12 @@
 package commands

 import (
-	"io"
-	"os"
 	"testing"

-	utils "github.com/argoproj/argo-cd/v2/util/io"
-
 	"github.com/golang-jwt/jwt/v4"
 	"github.com/stretchr/testify/assert"
 )

-func captureStdout(callback func()) (string, error) {
-	oldStdout := os.Stdout
-	oldStderr := os.Stderr
-	r, w, err := os.Pipe()
-	if err != nil {
-		return "", err
-	}
-	os.Stdout = w
-	defer func() {
-		os.Stdout = oldStdout
-		os.Stderr = oldStderr
-	}()
-
-	callback()
-	utils.Close(w)
-
-	data, err := io.ReadAll(r)
-	if err != nil {
-		return "", err
-	}
-	return string(data), err
-}
-
 func Test_userDisplayName_email(t *testing.T) {
 	claims := jwt.MapClaims{"iss": "qux", "sub": "foo", "email": "firstname.lastname@example.com", "groups": []string{"baz"}}
 	actualName := userDisplayName(claims)
@@ -54,11 +27,3 @@ func Test_userDisplayName_sub(t *testing.T) {
 	expectedName := "foo"
 	assert.Equal(t, expectedName, actualName)
 }
-
-func Test_ssoAuthFlow_ssoLaunchBrowser_false(t *testing.T) {
-	out, _ := captureStdout(func() {
-		ssoAuthFlow("http://test-sso-browser-flow.com", false)
-	})
-
-	assert.Contains(t, out, "To authenticate, copy-and-paste the following URL into your preferred browser: http://test-sso-browser-flow.com")
-}
--- a/cmd/argocd/commands/project.go
+++ b/cmd/argocd/commands/project.go
@@ -921,16 +921,6 @@ func printProject(p *v1alpha1.AppProject, scopedRepositories []*v1alpha1.Reposit
 		fmt.Printf(printProjFmtStr, "", p.Spec.SourceRepos[i])
 	}

-	// Print source namespaces
-	ns0 := "<none>"
-	if len(p.Spec.SourceNamespaces) > 0 {
-		ns0 = p.Spec.SourceNamespaces[0]
-	}
-	fmt.Printf(printProjFmtStr, "Source Namespaces:", ns0)
-	for i := 1; i < len(p.Spec.SourceNamespaces); i++ {
-		fmt.Printf(printProjFmtStr, "", p.Spec.SourceNamespaces[i])
-	}
-
 	// Print scoped repositories
 	scr0 := "<none>"
 	if len(scopedRepositories) > 0 {
--- a/cmd/argocd/commands/relogin.go
+++ b/cmd/argocd/commands/relogin.go
@@ -20,9 +20,8 @@ import (
 // NewReloginCommand returns a new instance of `argocd relogin` command
 func NewReloginCommand(globalClientOpts *argocdclient.ClientOptions) *cobra.Command {
 	var (
-		password         string
-		ssoPort          int
-		ssoLaunchBrowser bool
+		password string
+		ssoPort  int
 	)
 	command := &cobra.Command{
 		Use:   "relogin",
@@ -73,7 +72,7 @@ func NewReloginCommand(globalClientOpts *argocdclient.ClientOptions) *cobra.Comm
 				errors.CheckError(err)
 				oauth2conf, provider, err := acdClient.OIDCConfig(ctx, acdSet)
 				errors.CheckError(err)
-				tokenString, refreshToken = oauth2Login(ctx, ssoPort, acdSet.GetOIDCConfig(), oauth2conf, provider, ssoLaunchBrowser)
+				tokenString, refreshToken = oauth2Login(ctx, ssoPort, acdSet.GetOIDCConfig(), oauth2conf, provider)
 			}

 			localCfg.UpsertUser(localconfig.User{
@@ -100,6 +99,5 @@ argocd login cd.argoproj.io --core
 	}
 	command.Flags().StringVar(&password, "password", "", "The password of an account to authenticate")
 	command.Flags().IntVar(&ssoPort, "sso-port", DefaultSSOLocalPort, "Port to run local OAuth2 login application")
-	command.Flags().BoolVar(&ssoLaunchBrowser, "sso-launch-browser", true, "Automatically launch the default browser when performing SSO login")
 	return command
 }
--- a/cmd/main.go
+++ b/cmd/main.go
@@ -9,7 +9,6 @@ import (
 	appcontroller "github.com/argoproj/argo-cd/v2/cmd/argocd-application-controller/commands"
 	applicationset "github.com/argoproj/argo-cd/v2/cmd/argocd-applicationset-controller/commands"
 	cmpserver "github.com/argoproj/argo-cd/v2/cmd/argocd-cmp-server/commands"
-	commitserver "github.com/argoproj/argo-cd/v2/cmd/argocd-commit-server/commands"
 	dex "github.com/argoproj/argo-cd/v2/cmd/argocd-dex/commands"
 	gitaskpass "github.com/argoproj/argo-cd/v2/cmd/argocd-git-ask-pass/commands"
 	k8sauth "github.com/argoproj/argo-cd/v2/cmd/argocd-k8s-auth/commands"
@@ -41,8 +40,6 @@ func main() {
 		command = reposerver.NewCommand()
 	case "argocd-cmp-server":
 		command = cmpserver.NewCommand()
-	case "argocd-commit-server":
-		command = commitserver.NewCommand()
 	case "argocd-dex":
 		command = dex.NewCommand()
 	case "argocd-notifications":
--- a/cmd/util/app.go
+++ b/cmd/util/app.go
@@ -48,9 +48,6 @@ type AppOptions struct {
 	helmVersion                     string
 	helmPassCredentials             bool
 	helmSkipCrds                    bool
-	helmNamespace                   string
-	helmKubeVersion                 string
-	helmApiVersions                 []string
 	project                         string
 	syncPolicy                      string
 	syncOptions                     []string
@@ -75,8 +72,6 @@ type AppOptions struct {
 	kustomizeForceCommonLabels      bool
 	kustomizeForceCommonAnnotations bool
 	kustomizeNamespace              string
-	kustomizeKubeVersion            string
-	kustomizeApiVersions            []string
 	pluginEnvs                      []string
 	Validate                        bool
 	directoryExclude                string
@@ -86,12 +81,6 @@ type AppOptions struct {
 	retryBackoffMaxDuration         time.Duration
 	retryBackoffFactor              int64
 	ref                             string
-	drySourceRepo                   string
-	drySourceRevision               string
-	drySourcePath                   string
-	syncSourceBranch                string
-	syncSourcePath                  string
-	hydrateToBranch                 string
 }

 func AddAppFlags(command *cobra.Command, opts *AppOptions) {
@@ -100,12 +89,6 @@ func AddAppFlags(command *cobra.Command, opts *AppOptions) {
 	command.Flags().StringVar(&opts.chart, "helm-chart", "", "Helm Chart name")
 	command.Flags().StringVar(&opts.env, "env", "", "Application environment to monitor")
 	command.Flags().StringVar(&opts.revision, "revision", "", "The tracking source branch, tag, commit or Helm chart version the application will sync to")
-	command.Flags().StringVar(&opts.drySourceRepo, "dry-source-repo", "", "Repository URL of the app dry source")
-	command.Flags().StringVar(&opts.drySourceRevision, "dry-source-revision", "", "Revision of the app dry source")
-	command.Flags().StringVar(&opts.drySourcePath, "dry-source-path", "", "Path in repository to the app directory for the dry source")
-	command.Flags().StringVar(&opts.syncSourceBranch, "sync-source-branch", "", "The branch from which the app will sync")
-	command.Flags().StringVar(&opts.syncSourcePath, "sync-source-path", "", "The path in the repository from which the app will sync")
-	command.Flags().StringVar(&opts.hydrateToBranch, "hydrate-to-branch", "", "The branch to hydrate the app to")
 	command.Flags().IntVar(&opts.revisionHistoryLimit, "revision-history-limit", argoappv1.RevisionHistoryLimit, "How many items to keep in revision history")
 	command.Flags().StringVar(&opts.destServer, "dest-server", "", "K8s cluster URL (e.g. https://kubernetes.default.svc)")
 	command.Flags().StringVar(&opts.destName, "dest-name", "", "K8s cluster Name (e.g. minikube)")
@@ -121,9 +104,6 @@ func AddAppFlags(command *cobra.Command, opts *AppOptions) {
 	command.Flags().StringArrayVar(&opts.helmSetStrings, "helm-set-string", []string{}, "Helm set STRING values on the command line (can be repeated to set several values: --helm-set-string key1=val1 --helm-set-string key2=val2)")
 	command.Flags().StringArrayVar(&opts.helmSetFiles, "helm-set-file", []string{}, "Helm set values from respective files specified via the command line (can be repeated to set several values: --helm-set-file key1=path1 --helm-set-file key2=path2)")
 	command.Flags().BoolVar(&opts.helmSkipCrds, "helm-skip-crds", false, "Skip helm crd installation step")
-	command.Flags().StringVar(&opts.helmNamespace, "helm-namespace", "", "Helm namespace to use when running helm template. If not set, use app.spec.destination.namespace")
-	command.Flags().StringVar(&opts.helmKubeVersion, "helm-kube-version", "", "Helm kube-version to use when running helm template. If not set, use the kube version from the destination cluster")
-	command.Flags().StringArrayVar(&opts.helmApiVersions, "helm-api-versions", []string{}, "Helm api-versions (in format [group/]version/kind) to use when running helm template (Can be repeated to set several values: --helm-api-versions traefik.io/v1alpha1/TLSOption --helm-api-versions v1/Service). If not set, use the api-versions from the destination cluster")
 	command.Flags().StringVar(&opts.project, "project", "", "Application project name")
 	command.Flags().StringVar(&opts.syncPolicy, "sync-policy", "", "Set the sync policy (one of: manual (aliases of manual: none), automated (aliases of automated: auto, automatic))")
 	command.Flags().StringArrayVar(&opts.syncOptions, "sync-option", []string{}, "Add or remove a sync option, e.g add `Prune=false`. Remove using `!` prefix, e.g. `!Prune=false`")
@@ -150,8 +130,6 @@ func AddAppFlags(command *cobra.Command, opts *AppOptions) {
 	command.Flags().BoolVar(&opts.kustomizeForceCommonLabels, "kustomize-force-common-label", false, "Force common labels in Kustomize")
 	command.Flags().BoolVar(&opts.kustomizeForceCommonAnnotations, "kustomize-force-common-annotation", false, "Force common annotations in Kustomize")
 	command.Flags().StringVar(&opts.kustomizeNamespace, "kustomize-namespace", "", "Kustomize namespace")
-	command.Flags().StringVar(&opts.kustomizeKubeVersion, "kustomize-kube-version", "", "kube-version to use when running helm template. If not set, use the kube version from the destination cluster. Only applicable when Helm is enabled for Kustomize builds")
-	command.Flags().StringArrayVar(&opts.kustomizeApiVersions, "kustomize-api-versions", nil, "api-versions (in format [group/]version/kind) to use when running helm template (Can be repeated to set several values: --helm-api-versions traefik.io/v1alpha1/TLSOption --helm-api-versions v1/Service). If not set, use the api-versions from the destination cluster. Only applicable when Helm is enabled for Kustomize builds")
 	command.Flags().StringVar(&opts.directoryExclude, "directory-exclude", "", "Set glob expression used to exclude files from application source path")
 	command.Flags().StringVar(&opts.directoryInclude, "directory-include", "", "Set glob expression used to include files from application source path")
 	command.Flags().Int64Var(&opts.retryLimit, "sync-retry-limit", 0, "Max number of allowed sync retries")
@@ -166,28 +144,21 @@ func SetAppSpecOptions(flags *pflag.FlagSet, spec *argoappv1.ApplicationSpec, ap
 	if flags == nil {
 		return visited
 	}
-
-	var h *argoappv1.SourceHydrator
-	h, hasHydratorFlag := constructSourceHydrator(spec.SourceHydrator, *appOpts, flags)
-	if hasHydratorFlag {
-		spec.SourceHydrator = h
-	} else {
-		source := spec.GetSourcePtrByPosition(sourcePosition)
-		if source == nil {
-			source = &argoappv1.ApplicationSource{}
-		}
-		source, visited = ConstructSource(source, *appOpts, flags)
-		if spec.HasMultipleSources() {
-			if sourcePosition == 0 {
-				spec.Sources[sourcePosition] = *source
-			} else if sourcePosition > 0 {
-				spec.Sources[sourcePosition-1] = *source
-			} else {
-				spec.Sources = append(spec.Sources, *source)
-			}
+	source := spec.GetSourcePtrByPosition(sourcePosition)
+	if source == nil {
+		source = &argoappv1.ApplicationSource{}
+	}
+	source, visited = ConstructSource(source, *appOpts, flags)
+	if spec.HasMultipleSources() {
+		if sourcePosition == 0 {
+			spec.Sources[sourcePosition] = *source
+		} else if sourcePosition > 0 {
+			spec.Sources[sourcePosition-1] = *source
 		} else {
-			spec.Source = source
+			spec.Sources = append(spec.Sources, *source)
 		}
+	} else {
+		spec.Source = source
 	}
 	flags.Visit(func(f *pflag.Flag) {
 		visited++
@@ -295,8 +266,6 @@ type kustomizeOpts struct {
 	forceCommonLabels      bool
 	forceCommonAnnotations bool
 	namespace              string
-	kubeVersion            string
-	apiVersions            []string
 }

 func setKustomizeOpt(src *argoappv1.ApplicationSource, opts kustomizeOpts) {
@@ -315,12 +284,6 @@ func setKustomizeOpt(src *argoappv1.ApplicationSource, opts kustomizeOpts) {
 	if opts.namespace != "" {
 		src.Kustomize.Namespace = opts.namespace
 	}
-	if opts.kubeVersion != "" {
-		src.Kustomize.KubeVersion = opts.kubeVersion
-	}
-	if len(opts.apiVersions) > 0 {
-		src.Kustomize.APIVersions = opts.apiVersions
-	}
 	if opts.commonLabels != nil {
 		src.Kustomize.CommonLabels = opts.commonLabels
 	}
@@ -377,9 +340,6 @@ type helmOpts struct {
 	helmSetFiles            []string
 	passCredentials         bool
 	skipCrds                bool
-	namespace               string
-	kubeVersion             string
-	apiVersions             []string
 }

 func setHelmOpt(src *argoappv1.ApplicationSource, opts helmOpts) {
@@ -410,15 +370,6 @@ func setHelmOpt(src *argoappv1.ApplicationSource, opts helmOpts) {
 	if opts.skipCrds {
 		src.Helm.SkipCrds = opts.skipCrds
 	}
-	if opts.namespace != "" {
-		src.Helm.Namespace = opts.namespace
-	}
-	if opts.kubeVersion != "" {
-		src.Helm.KubeVersion = opts.kubeVersion
-	}
-	if len(opts.apiVersions) > 0 {
-		src.Helm.APIVersions = opts.apiVersions
-	}
 	for _, text := range opts.helmSets {
 		p, err := argoappv1.NewHelmParameter(text, false)
 		if err != nil {
@@ -582,7 +533,9 @@ func constructAppsBaseOnName(appName string, labels, annotations, args []string,
 			Name:      appName,
 			Namespace: appNs,
 		},
-		Spec: argoappv1.ApplicationSpec{},
+		Spec: argoappv1.ApplicationSpec{
+			Source: &argoappv1.ApplicationSource{},
+		},
 	}
 	SetAppSpecOptions(flags, &app.Spec, &appOpts, 0)
 	SetParameterOverrides(app, appOpts.Parameters, 0)
@@ -675,12 +628,6 @@ func ConstructSource(source *argoappv1.ApplicationSource, appOpts AppOptions, fl
 			setHelmOpt(source, helmOpts{helmSetFiles: appOpts.helmSetFiles})
 		case "helm-skip-crds":
 			setHelmOpt(source, helmOpts{skipCrds: appOpts.helmSkipCrds})
-		case "helm-namespace":
-			setHelmOpt(source, helmOpts{namespace: appOpts.helmNamespace})
-		case "helm-kube-version":
-			setHelmOpt(source, helmOpts{kubeVersion: appOpts.helmKubeVersion})
-		case "helm-api-versions":
-			setHelmOpt(source, helmOpts{apiVersions: appOpts.helmApiVersions})
 		case "directory-recurse":
 			if source.Directory != nil {
 				source.Directory.Recurse = appOpts.directoryRecurse
@@ -713,10 +660,6 @@ func ConstructSource(source *argoappv1.ApplicationSource, appOpts AppOptions, fl
 			setKustomizeOpt(source, kustomizeOpts{version: appOpts.kustomizeVersion})
 		case "kustomize-namespace":
 			setKustomizeOpt(source, kustomizeOpts{namespace: appOpts.kustomizeNamespace})
-		case "kustomize-kube-version":
-			setKustomizeOpt(source, kustomizeOpts{kubeVersion: appOpts.kustomizeKubeVersion})
-		case "kustomize-api-versions":
-			setKustomizeOpt(source, kustomizeOpts{apiVersions: appOpts.kustomizeApiVersions})
 		case "kustomize-common-label":
 			parsedLabels, err := label.Parse(appOpts.kustomizeCommonLabels)
 			errors.CheckError(err)
@@ -750,47 +693,6 @@ func ConstructSource(source *argoappv1.ApplicationSource, appOpts AppOptions, fl
 	return source, visited
 }

-// constructSourceHydrator constructs a source hydrator from the command line flags. It returns the modified source
-// hydrator and a boolean indicating if any hydrator flags were set. We return instead of just modifying the source
-// hydrator in place because the given hydrator `h` might be nil. In that case, we need to create a new source hydrator
-// and return it.
-func constructSourceHydrator(h *argoappv1.SourceHydrator, appOpts AppOptions, flags *pflag.FlagSet) (*argoappv1.SourceHydrator, bool) {
-	hasHydratorFlag := false
-	ensureNotNil := func(notEmpty bool) {
-		hasHydratorFlag = true
-		if notEmpty && h == nil {
-			h = &argoappv1.SourceHydrator{}
-		}
-	}
-	flags.Visit(func(f *pflag.Flag) {
-		switch f.Name {
-		case "dry-source-repo":
-			ensureNotNil(appOpts.drySourceRepo != "")
-			h.DrySource.RepoURL = appOpts.drySourceRepo
-		case "dry-source-path":
-			ensureNotNil(appOpts.drySourcePath != "")
-			h.DrySource.Path = appOpts.drySourcePath
-		case "dry-source-revision":
-			ensureNotNil(appOpts.drySourceRevision != "")
-			h.DrySource.TargetRevision = appOpts.drySourceRevision
-		case "sync-source-branch":
-			ensureNotNil(appOpts.syncSourceBranch != "")
-			h.SyncSource.TargetBranch = appOpts.syncSourceBranch
-		case "sync-source-path":
-			ensureNotNil(appOpts.syncSourcePath != "")
-			h.SyncSource.Path = appOpts.syncSourcePath
-		case "hydrate-to-branch":
-			ensureNotNil(appOpts.hydrateToBranch != "")
-			if appOpts.hydrateToBranch == "" {
-				h.HydrateTo = nil
-			} else {
-				h.HydrateTo = &argoappv1.HydrateTo{TargetBranch: appOpts.hydrateToBranch}
-			}
-		}
-	})
-	return h, hasHydratorFlag
-}
-
 func mergeLabels(app *argoappv1.Application, labels []string) {
 	mapLabels, err := label.Parse(labels)
 	errors.CheckError(err)
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
github-actions[bot]	ec30a48bce	Bump version to 2.12.0 (#19383 ) Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: ishitasequeira <46771830+ishitasequeira@users.noreply.github.com>	2024-08-05 09:24:37 -04:00
gcp-cherry-pick-bot[bot]	57e61b2d8a	feat: Add custom health check for cluster-api AWSManagedControlPlane (#19304 ) (#19360 ) * add custom health check for awsmanagedcontrolplane * chore(deps): bump github.com/aws/aws-sdk-go from 1.55.3 to 1.55.4 (#19295) Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.55.3 to 1.55.4. - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Commits](https://github.com/aws/aws-sdk-go/compare/v1.55.3...v1.55.4) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-patch ... * add new line at the end of health_test.yaml file --------- Signed-off-by: Iulian Taiatu <itaiatu@adobe.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: itaiatu <140485521+itaiatu@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-08-02 10:55:46 -07:00
github-actions[bot]	6f2ae0dd46	Bump version to 2.12.0-rc5 (#19349 ) Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: ishitasequeira <46771830+ishitasequeira@users.noreply.github.com>	2024-08-01 19:24:32 -04:00
gcp-cherry-pick-bot[bot]	3e31ce9470	fix: ArgoCD 2.11 - Loop of PATCH calls to Application objects (#19340 ) (#19343 ) Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com> Co-authored-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>	2024-08-01 16:11:47 -04:00
gcp-cherry-pick-bot[bot]	dee59f3002	feat(rbac): allow validation of fine-grained policy in project (#19338 ) (#19339 ) Signed-off-by: Alexandre Gaudreault <alexandre_gaudreault@intuit.com> Co-authored-by: Alexandre Gaudreault <alexandre_gaudreault@intuit.com>	2024-08-01 10:37:55 -04:00
pasha-codefresh	d6c37aab88	Merge commit from fork (#19330 )	2024-08-01 01:11:15 +03:00
pasha-codefresh	eaa1972e69	feat: webhook ddos -2.12 (#19329 )	2024-08-01 00:53:59 +03:00
gcp-cherry-pick-bot[bot]	004cabba47	fix(applicationset): ensure that older applicationStatus is updated with new required values (#19165 ) (#19216 ) Signed-off-by: wparr-circle <william.parr@circle.com> Co-authored-by: William Parr <william.parr@circle.com>	2024-07-25 10:12:31 -04:00
gcp-cherry-pick-bot[bot]	d9263101fc	chore: revert "feat: removed legacy app tracking label (#13203 )" (cherry-pick #19196 ) This reverts commit `4d8436b7e1`. Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>	2024-07-24 16:31:36 -04:00
Blake Pettersson	cec8504df2	fix: cherry-pick #18761 (v2.12) (#19109 ) * fix(applicationset): use requeue after if generate app errors out (#18761) The `GenerateApplications` can call to external resources like Github API for instance which might be rate limited or fail. If those requests somehow fail we should requeue them after some time like (same reason as `e98d3b2a87/applicationset/controllers/applicationset_controller.go (L154)`). For instance, in our environments we were rate limited by Github and the ArgoCD applicationset controller was logging the following error about every second or less for every application set using the pull request generator that we have: ``` time="2024-06-21T14:17:15Z" level=error msg="error generating params" error="error listing repos: error listing pull requests for LedgerHQ/xxx: GET https://api.github.com/repos/LedgerHQ/xxx/pulls?per_page=100: 403 API rate limit exceeded for installation ID xxx. If you reach out to GitHub Support for help, please include the request ID xxx and timestamp 2024-06-xx xxx UTC. [rate reset in 8m18s]" generator="&{0xc000d652c0 0x289a100 {0xc00087bdd0} [] true}" time="2024-06-21T14:17:15Z" level=error msg="error generating application from params" applicationset=argocd/xxx error="error listing repos: error listing pull requests for LedgerHQ/xxxx: GET https://api.github.com/repos/LedgerHQ/xxx/pulls?per_page=100: 403 API rate limit exceeded for installation ID xxx. If you reach out to GitHub Support for help, please include the request ID xxx and timestamp 2024-06-xx xxx UTC. [rate reset in 8m18s]" generator="{nil nil nil nil nil &PullRequestGenerator{Github:&PullRequestGeneratorGithub{Owner:LedgerHQ,Repo:xxx,API:,TokenRef:nil,AppSecretName:xxxx,Labels:[argocd/preview],},GitLab:nil,Gitea:nil,BitbucketServer:nil,Filters:[]PullRequestGeneratorFilter{},RequeueAfterSeconds:1800,Template:ApplicationSetTemplate{ApplicationSetTemplateMeta:ApplicationSetTemplateMeta{Name:,Namespace:,Labels:map[string]string{},Annotations:map[string]string{},Finalizers:[],},Spec:ApplicationSpec{Source:nil,Destination:ApplicationDestination{Server:,Namespace:,Name:,},Project:,SyncPolicy:nil,IgnoreDifferences:[]ResourceIgnoreDifferences{},Info:[]Info{},RevisionHistoryLimit:nil,Sources:[]ApplicationSource{},},},Bitbucket:nil,AzureDevOps:nil,} nil nil nil nil}" ``` Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@ledger.fr> test: cherry-pick fixes Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * chore: please the linter Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> --------- Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@ledger.fr> Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> Co-authored-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@ledger.fr>	2024-07-18 22:31:40 -04:00
github-actions[bot]	0704aa6506	Bump version to 2.12.0-rc4 (#19060 ) Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: crenshaw-dev <350466+crenshaw-dev@users.noreply.github.com>	2024-07-15 13:28:20 -04:00
Alexandre Gaudreault	511d6e371c	chore: bump gitops-engine (#19056 ) Signed-off-by: Alexandre Gaudreault <alexandre_gaudreault@intuit.com>	2024-07-15 12:08:15 -04:00
gcp-cherry-pick-bot[bot]	065f8494cf	fix(cli): Get Redis password from secret in `loadClusters()` (#18951 ) (#18955 ) * Get Redis password from secret in `loadClusters()` * feat: support redis password in admin stats command * Simplify code --------- Signed-off-by: David Wu <155603967+david-wu-octopus@users.noreply.github.com> Signed-off-by: pashakostohrys <pavel@codefresh.io> Co-authored-by: david-wu-octopus <155603967+david-wu-octopus@users.noreply.github.com> Co-authored-by: pashakostohrys <pavel@codefresh.io>	2024-07-05 11:12:24 -04:00
gcp-cherry-pick-bot[bot]	beacacc43d	fix(appset): missing permissions (#18829 ) (#18943 ) (#18944 )	2024-07-04 10:44:58 -04:00
gcp-cherry-pick-bot[bot]	81d454215d	remove unwanted updating of source-position in app set command (#18887 ) (#18897 ) Signed-off-by: ishitasequeira <ishiseq29@gmail.com> Co-authored-by: Ishita Sequeira <46771830+ishitasequeira@users.noreply.github.com>	2024-07-02 13:14:21 -04:00
github-actions[bot]	1237d4ea17	Bump version to 2.12.0-rc3 (#18893 ) Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: crenshaw-dev <350466+crenshaw-dev@users.noreply.github.com>	2024-07-02 13:04:14 -04:00
Michael Crenshaw	b211d3e038	chore: bump gitops-engine (#18871 ) Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>	2024-07-01 13:22:54 -04:00
gcp-cherry-pick-bot[bot]	50c32b53f0	docs: Fix .path to .path.segments go template (#18872 ) (#18873 ) Signed-off-by: Jaeseok Lee <devsunb@gmail.com> Co-authored-by: Jaeseok Lee <devsunb@gmail.com>	2024-07-01 10:52:36 -04:00
gcp-cherry-pick-bot[bot]	444d332d0a	fix: Handle nil health check in post-delete hooks (#18270 ) (#18767 ) (#18828 ) * fix: Handle nil health check in post-delete hooks * test: Validate deletion of RBAC resources for post-delete hook * Update appcontroller_test.go --------- Signed-off-by: Yonatan Sasson <yonatanxd7@gmail.com> Signed-off-by: Yonatan Sasson <107778824+Yuni-sa@users.noreply.github.com> Co-authored-by: Yonatan Sasson <107778824+Yuni-sa@users.noreply.github.com>	2024-06-26 17:21:19 +03:00
gcp-cherry-pick-bot[bot]	573c771d2b	fix(webhook): bitbucket and azure not triggering refresh (#18289 ) (#18765 ) (#18818 ) * fix(webhook): bitbucket and azure webhook not triggering refresh * update unit test * fix merge * adjust logic for reposerver using ls-remote --------- Signed-off-by: Alexandre Gaudreault <alexandre_gaudreault@intuit.com> Co-authored-by: Alexandre Gaudreault <alexandre_gaudreault@intuit.com>	2024-06-26 08:48:16 -04:00
Michael Crenshaw	e616dff2d1	fix(appset): revert "keep reconciling even when params error occurred" (#17062 ) (#18781 ) This reverts commit `86369ca71d`. Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>	2024-06-25 15:33:59 -04:00
gcp-cherry-pick-bot[bot]	e36e19de4e	chore(deps): bump github.com/hashicorp/go-retryablehttp (#18805 ) (#18811 ) Bumps [github.com/hashicorp/go-retryablehttp](https://github.com/hashicorp/go-retryablehttp) from 0.7.4 to 0.7.7. - [Changelog](https://github.com/hashicorp/go-retryablehttp/blob/main/CHANGELOG.md) - [Commits](https://github.com/hashicorp/go-retryablehttp/compare/v0.7.4...v0.7.7) --- updated-dependencies: - dependency-name: github.com/hashicorp/go-retryablehttp dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-06-25 11:29:12 -04:00
github-actions[bot]	bbfa79ad9e	Bump version to 2.12.0-rc2 (#18802 ) Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: crenshaw-dev <350466+crenshaw-dev@users.noreply.github.com>	2024-06-24 16:31:31 -04:00
gcp-cherry-pick-bot[bot]	00fc93b8b2	fix: Bug in edit support in Sources tab; Input to loader (#17588 ) (#18800 ) (#18801 ) Co-authored-by: Keith Chong <kykchong@redhat.com>	2024-06-24 14:02:06 -04:00
gcp-cherry-pick-bot[bot]	16c20a84b8	fix(server): could not find source for metadata revision (#18744 ) (#18763 ) (#18782 ) * fix(server): could not find source for metadata revision (#18744) * lint * the linter behaves poorly * fix test * share logic with chart endpoint * more intuitive check * remove debug line --------- Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>	2024-06-24 09:55:56 -04:00
gcp-cherry-pick-bot[bot]	2a9a62eeb7	fix(ui): set project to empty string if undefined (#18732 ) (#18733 ) There are some situations where the project will be `undefined`. When that happens, attempting to delete a repo won't be possible, since the backend will be looking for a project with the literal name `undefined`. To fix this, set an empty string for `undefined\|null` values. Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> Co-authored-by: Blake Pettersson <blake.pettersson@gmail.com>	2024-06-20 12:00:39 +03:00
github-actions[bot]	fe60670885	Bump version to 2.12.0-rc1 (#18716 ) Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: ishitasequeira <46771830+ishitasequeira@users.noreply.github.com>	2024-06-18 09:09:23 -04:00
@@ -1 +1 @@
 .13.0
 .12.0