Bump version to 2.2.9

Signed-off-by: jannfis <jann@mistrust.net>

Co-authored-by: Michael Crenshaw <michael@crenshaw.dev>

Co-authored-by: Michael Crenshaw <michael@crenshaw.dev>

.codecov.yml

@@ -7,8 +7,6 @@ ignore:
 - "pkg/apis/client/.*"
 - "pkg/client/.*"
 - "vendor/.*"
-- "test/.*"
-- "**/mocks/*"
 coverage:
   status:
     # we've found this not to be useful

.dockerignore

@@ -11,19 +11,3 @@ cmd/**/debug
 debug.test
 coverage.out
 ui/node_modules/
-test-results/
-test/
-manifests/
-hack/
-docs/
-examples/
-.github/
-!test/container
-!test/e2e/testdata
-!test/fixture
-!test/remote
-!hack/installers
-!hack/gpg-wrapper.sh
-!hack/git-verify-wrapper.sh
-!hack/tool-versions.sh
-!hack/install.sh

.gitattributes

@@ -1,18 +0,0 @@
-**/*.pb.go linguist-generated=true
-**/mocks/*.go linguist-generated=true
-assets/swagger.json linguist-generated=true
-docs/operator-manual/resource_actions_builtin.md linguist-generated=true
-docs/operator-manual/server-commands/argocd-*.md linguist-generated=true
-docs/user-guide/commands/argocd_*.md linguist-generated=true
-manifests/core-install.yaml linguist-generated=true
-manifests/core-install-with-hydrator.yaml linguist-generated=true
-manifests/crds/*-crd.yaml linguist-generated=true
-manifests/ha/install.yaml linguist-generated=true
-manifests/ha/install-with-hydrator.yaml linguist-generated=true
-manifests/ha/namespace-install.yaml linguist-generated=true
-manifests/ha/namespace-install-with-hydrator.yaml linguist-generated=true
-manifests/install.yaml linguist-generated=true
-manifests/install-with-hydrator.yaml linguist-generated=true
-manifests/namespace-install.yaml linguist-generated=true
-manifests/namespace-install-with-hydrator.yaml linguist-generated=true
-pkg/apis/api-rules/violation_exceptions.list linguist-generated=true

.github/ISSUE_TEMPLATE/bug_report.md

@@ -2,33 +2,33 @@
 name: Bug report
 about: Create a report to help us improve
 title: ''
-labels: ['bug', 'triage/pending']
+labels: 'bug'
 assignees: ''
 ---
 
-<!-- If you are trying to resolve an environment-specific issue or have a one-off question about the edge case that does not require a feature then please consider asking a question in argocd slack [channel](https://argoproj.github.io/community/join-slack). -->
+If you are trying to resolve an environment-specific issue or have a one-off question about the edge case that does not require a feature then please consider asking a question in argocd slack [channel](https://argoproj.github.io/community/join-slack).
 
 Checklist:
 
-- [ ] I've searched in the docs and FAQ for my answer: https://bit.ly/argocd-faq.
-- [ ] I've included steps to reproduce the bug.
-- [ ] I've pasted the output of `argocd version`.
+* [ ] I've searched in the docs and FAQ for my answer: https://bit.ly/argocd-faq.
+* [ ] I've included steps to reproduce the bug.
+* [ ] I've pasted the output of `argocd version`.
 
 **Describe the bug**
 
-<!-- A clear and concise description of what the bug is. -->
+A clear and concise description of what the bug is.
 
 **To Reproduce**
 
-<!-- A list of the steps required to reproduce the issue. Best of all, give us the URL to a repository that exhibits this issue. -->
+A list of the steps required to reproduce the issue. Best of all, give us the URL to a repository that exhibits this issue.
 
 **Expected behavior**
 
-<!-- A clear and concise description of what you expected to happen. -->
+A clear and concise description of what you expected to happen.
 
 **Screenshots**
 
-<!-- If applicable, add screenshots to help explain your problem. -->
+If applicable, add screenshots to help explain your problem.
 
 **Version**
 

.github/ISSUE_TEMPLATE/enhancement_proposal.md

@@ -2,10 +2,9 @@
 name: Enhancement proposal
 about: Propose an enhancement for this project
 title: ''
-labels: ['enhancement', 'triage/pending']
+labels: 'enhancement'
 assignees: ''
 ---
-
 # Summary
 
 What change you think needs making.
@@ -16,4 +15,4 @@ Please give examples of your use case, e.g. when would you use this.
 
 # Proposal
 
-How do you think this should be implemented?
+How do you think this should be implemented?

.github/ISSUE_TEMPLATE/new_dev_tool.md

@@ -1,43 +0,0 @@
----
-name: New Dev Tool Request
-about: This is a request for adding a new tool for setting up a dev environment.
-title: ''
-labels: ['component:dev-env', 'triage/pending']
-assignees: ''
----
-
-Checklist:
-
-- [ ] I am willing to maintain this tool, or have another Argo CD maintainer who is.
-- [ ] I have another Argo CD maintainer who is willing to help maintain this tool (there needs to be at least two maintainers willing to maintain this tool)
-- [ ] I have a lead sponsor who is a core Argo CD maintainer
-- [ ] There is a PR which adds said tool - this is so that the maintainers can assess the impact of having this in the tree
-- [ ] I have given a motivation why this should be added
-
-### The proposer
-
-<-- The username(s) of the person(s) proposing the tool -->
-
-### The proposed tool
-
-<!-- The tool itself, with a link to the tool’s website -->
-
-### Motivation
-
-<!-- Why this tool would be useful to have in the tree. -->
-
-### Link to PR (Optional)
-
-<!-- A PR adding the tool to the tree -->
-
-### Lead Sponsor(s)
-
-Final approval requires sponsorship from at least one core maintainer.
-
-- @<sponsor-1>
-
-### Co-sponsors
-
-These will be the co-maintainers of the specified tool.
-
-- @<sponsor-1>

.github/ISSUE_TEMPLATE/release.md

@@ -1,87 +0,0 @@
----
-name: Argo CD Release
-about: Used by our Release Champion to track progress of a minor release
-title: 'Argo CD Release vX.X'
-labels: 'release'
-assignees: ''
----
-
-Target RC1 date: ___. __, ____
-Target GA date: ___. __, ____
-
-## RC1 Release Checklist
-
- - [ ] 1wk before feature freeze post in #argo-contributors that PRs must be merged by DD-MM-YYYY to be included in the release - ask approvers to drop items from milestone they can't merge
- - [ ] At least two days before RC1 date, draft RC blog post and submit it for review (or delegate this task)
- - [ ] Create new release branch (or delegate this task to an Approver)
-    - [ ] Add the release branch to ReadTheDocs
- - [ ] Cut RC1 (or delegate this task to an Approver and coordinate timing)
-    - [ ] Run the [Init ArgoCD Release workflow](https://github.com/argoproj/argo-cd/actions/workflows/init-release.yaml) from the release branch
-    - [ ] Review and merge the generated version bump PR
-    - [ ] Run `./hack/trigger-release.sh` to push the release tag
-    - [ ] Monitor the [Publish ArgoCD Release workflow](https://github.com/argoproj/argo-cd/actions/workflows/release.yaml)
-    - [ ] Verify the release on [GitHub releases](https://github.com/argoproj/argo-cd/releases)
-    - [ ] Verify the container image on [Quay.io](https://quay.io/repository/argoproj/argocd?tab=tags)
-    - [ ] Confirm the new version appears in [Read the Docs](https://argo-cd.readthedocs.io/)
-    - [ ] Verify the docs release build in https://app.readthedocs.org/projects/argo-cd/ succeeded and retry if failed (requires an Approver with admin creds to readthedocs)
- - [ ] Announce RC1 release
-   - [ ] Confirm that tweet and blog post are ready
-   - [ ] Publish tweet and blog post
-   - [ ] Post in #argo-cd and #argo-announcements requesting help testing:
-     ```
-     :mega: Argo CD v{MAJOR}.{MINOR}.{PATCH}-rc{RC_NUMBER} is OUT NOW! :argocd::tada:
-     
-     Please go through the following resources to know more about the release:
-     
-     Release notes: https://github.com/argoproj/argo-cd/releases/tag/v{VERSION}
-     Blog: {BLOG_POST_URL}
-     
-     We'd love your help testing this release candidate! Please try it out in your environments and report any issues you find. This helps us ensure a stable GA release.
-     
-     Thanks to all the folks who spent their time contributing to this release in any way possible!
-     ```
- - [ ] Monitor support channels for issues, cherry-picking bugfixes and docs fixes as appropriate during the RC period (or delegate this task to an Approver and coordinate timing)
- - [ ] After creating the RC, open a documentation PR for the next minor version using [this](../../docs/operator-manual/templates/minor_version_upgrade.md) template.
-
-## GA Release Checklist
-
- - [ ] At GA release date, evaluate if any bugs justify delaying the release
- - [ ] Prepare for EOL version (version that is 3 releases old)
-    - [ ] If unreleased changes are on the release branch for {current minor version minus 3}, cut a final patch release for that series (or delegate this task to an Approver and coordinate timing)
-    - [ ] Edit the final patch release on GitHub and add the following notice at the top:
-     ```markdown
-     > [!IMPORTANT]
-     > **END OF LIFE NOTICE**
-     > 
-     > This is the final release of the {EOL_SERIES} release series. As of {GA_DATE}, this version has reached end of life and will no longer receive bug fixes or security updates.
-     > 
-     > **Action Required**: Please upgrade to a [supported version](https://argo-cd.readthedocs.io/en/stable/operator-manual/upgrading/overview/) (v{SUPPORTED_VERSION_1}, v{SUPPORTED_VERSION_2}, or v{NEW_VERSION}).
-     ```
- - [ ] Cut GA release (or delegate this task to an Approver and coordinate timing)
-    - [ ] Run the [Init ArgoCD Release workflow](https://github.com/argoproj/argo-cd/actions/workflows/init-release.yaml) from the release branch
-    - [ ] Review and merge the generated version bump PR
-    - [ ] Run `./hack/trigger-release.sh` to push the release tag
-    - [ ] Monitor the [Publish ArgoCD Release workflow](https://github.com/argoproj/argo-cd/actions/workflows/release.yaml)
-    - [ ] Verify the release on [GitHub releases](https://github.com/argoproj/argo-cd/releases)
-    - [ ] Verify the container image on [Quay.io](https://quay.io/repository/argoproj/argocd?tab=tags)
-    - [ ] Verify the `stable` tag has been updated
-    - [ ] Confirm the new version appears in [Read the Docs](https://argo-cd.readthedocs.io/)
-    - [ ] Verify the docs release build in https://app.readthedocs.org/projects/argo-cd/ succeeded and retry if failed (requires an Approver with admin creds to readthedocs)
- - [ ] Announce GA release with EOL notice
-   - [ ] Confirm that tweet and blog post are ready
-   - [ ] Publish tweet and blog post
-   - [ ] Post in #argo-cd and #argo-announcements announcing the release and EOL:
-     ```
-     :mega: Argo CD v{MAJOR}.{MINOR} is OUT NOW! :argocd::tada:
-     
-     Please go through the following resources to know more about the release:
-     
-     Upgrade instructions: https://argo-cd.readthedocs.io/en/latest/operator-manual/upgrading/{PREV_MINOR}-{MAJOR}.{MINOR}/
-     Blog: {BLOG_POST_URL}
-     
-     :warning: IMPORTANT: With the release of Argo CD v{MAJOR}.{MINOR}, support for Argo CD v{EOL_VERSION} has officially reached End of Life (EOL).
-     
-     Thanks to all the folks who spent their time contributing to this release in any way possible!
-     ```
- - [ ] (For the next release champion) Review the [items scheduled for the next release](https://github.com/orgs/argoproj/projects/25). If any item does not have an assignee who can commit to finish the feature, move it to the next release.
- - [ ] (For the next release champion) Schedule a time mid-way through the release cycle to review items again.

.github/ISSUE_TEMPLATE/security_logs.md

@@ -1,19 +0,0 @@
----
-name: Security log
-about: Propose adding security-related logs or tagging existing logs with security fields
-title: 'seclog: [Event Description]'
-labels: ['security', 'triage/pending']
-assignees: ''
----
-
-# Event to be logged
-
-Specify the event that needs to be logged or existing logs that need to be tagged.
-
-# Proposed level
-
-What security level should these events be logged under? Refer to https://argo-cd.readthedocs.io/en/latest/operator-manual/security/#security-field for more info.
-
-# Common Weakness Enumeration
-
-Is there an associated [CWE](https://cwe.mitre.org/) that could be tagged as well?

.github/configs/renovate-config.js

@@ -1,16 +0,0 @@
-module.exports = {
-    platform: 'github',
-    gitAuthor: 'renovate[bot] <renovate[bot]@users.noreply.github.com>',
-    autodiscover: false,
-    allowPostUpgradeCommandTemplating: true,
-    allowedPostUpgradeCommands: ["make mockgen"],
-    binarySource: 'install',
-    extends: [
-        "github>argoproj/argo-cd//renovate-presets/commons.json5",
-        "github>argoproj/argo-cd//renovate-presets/custom-managers/shell.json5",
-        "github>argoproj/argo-cd//renovate-presets/custom-managers/yaml.json5",
-        "github>argoproj/argo-cd//renovate-presets/fix/disable-all-updates.json5",
-        "github>argoproj/argo-cd//renovate-presets/devtool.json5",
-        "github>argoproj/argo-cd//renovate-presets/docs.json5"
-    ]
-}

.github/dependabot.yml

@@ -1,60 +0,0 @@
-version: 2
-updates:
-  - package-ecosystem: "gomod"
-    directory: "/"
-    schedule:
-      interval: "daily"
-    open-pull-requests-limit: 20
-    ignore:
-    - dependency-name: k8s.io/*
-    groups:
-      otel:
-        patterns:
-          - "go.opentelemetry.io/*"
-
-  - package-ecosystem: "github-actions"
-    directory: "/"
-    schedule:
-      interval: "daily"
-
-  - package-ecosystem: "npm"
-    directory: "/ui/"
-    schedule:
-      interval: "daily"
-
-# Disabled since this code is rarely used.
-#  - package-ecosystem: "npm"
-#    directory: "/ui-test/"
-#    schedule:
-#      interval: "daily"
-
-  - package-ecosystem: "docker"
-    directory: "/"
-    schedule:
-      interval: "daily"
-    ignore:
-      # We use consistent go and node versions across a lot of different files, and updating via dependabot would cause
-      # drift among those files, instead we let renovate bot handle them.
-      - dependency-name: "library/golang"
-      - dependency-name: "library/node"
-
-  - package-ecosystem: "docker"
-    directory: "/test/container/"
-    schedule:
-      interval: "daily"
-
-  - package-ecosystem: "docker"
-    directory: "/test/e2e/multiarch-container/"
-    schedule:
-      interval: "daily"
-
-  - package-ecosystem: "docker"
-    directory: "/test/remote/"
-    schedule:
-      interval: "daily"
-
-# Disabled since this code is rarely used.
-#  - package-ecosystem: "docker"
-#    directory: "/ui-test/"
-#    schedule:
-#      interval: "daily"

.github/pr-title-checker-config.json

@@ -1,15 +0,0 @@
-{
-  "LABEL": {
-    "name": "title needs formatting",
-    "color": "EEEEEE"
-  },
-  "CHECKS": {
-    "prefixes": ["[Bot] docs: "],
-    "regexp": "^(refactor|feat|fix|docs|test|ci|chore)!?(\\(.*\\))?!?:.*"
-  },
-  "MESSAGES": {
-    "success": "PR title is valid",
-    "failure": "PR title is invalid",
-    "notice": "PR Title needs to pass regex '^(refactor|feat|fix|docs|test|ci|chore)!?(\\(.*\\))?!?:.*"
-  }
-}

.github/pull_request_template.md

@@ -1,24 +1,17 @@
-<!--
 Note on DCO:
 
 If the DCO action in the integration test fails, one or more of your commits are not signed off. Please click on the *Details* link next to the DCO action for instructions on how to resolve this.
--->
 
 Checklist:
 
 * [ ] Either (a) I've created an [enhancement proposal](https://github.com/argoproj/argo-cd/issues/new/choose) and discussed it with the community, (b) this is a bug fix, or (c) this does not need to be in the release notes.
 * [ ] The title of the PR states what changed and the related issues number (used for the release note).
-* [ ] The title of the PR conforms to the [Title of the PR](https://argo-cd.readthedocs.io/en/latest/developer-guide/submit-your-pr/#title-of-the-pr)
 * [ ] I've included "Closes [ISSUE #]" or "Fixes [ISSUE #]" in the description to automatically close the associated issue.
 * [ ] I've updated both the CLI and UI to expose my feature, or I plan to submit a second PR with them.
 * [ ] Does this PR require documentation updates?
 * [ ] I've updated documentation as required by this PR.
-* [ ] I have signed off all my commits as required by [DCO](https://github.com/argoproj/argoproj/blob/master/community/CONTRIBUTING.md#legal)
-* [ ] I have written unit and/or e2e tests for my change. PRs without these are unlikely to be merged.
-* [ ] My build is green ([troubleshooting builds](https://argo-cd.readthedocs.io/en/latest/developer-guide/ci/)).
-* [ ] My new feature complies with the [feature status](https://github.com/argoproj/argoproj/blob/master/community/feature-status.md) guidelines.
-* [ ] I have added a brief description of why this PR is necessary and/or what this PR solves.
 * [ ] Optional. My organization is added to USERS.md.
-* [ ] Optional. For bug fixes, I've indicated what older releases this fix should be cherry-picked into (this may or may not happen depending on risk/complexity).
+* [ ] I have signed off all my commits as required by [DCO](https://github.com/argoproj/argoproj/tree/master/community#contributing-to-argo)
+* [ ] I have written unit and/or e2e tests for my change. PRs without these are unlikely to be merged.
+* [ ] My build is green ([troubleshooting builds](https://argo-cd.readthedocs.io/en/latest/developer-guide/ci/)). 
 
-<!-- Please see [Contribution FAQs](https://argo-cd.readthedocs.io/en/latest/developer-guide/faq/) if you have questions about your pull-request. -->

.github/workflows/README.md

@@ -1,40 +0,0 @@
-# Workflows
-
-| Workflow           | Description                                                    |
-|--------------------|----------------------------------------------------------------|
-| ci-build.yaml      | Build, lint, test, codegen, build-ui, analyze, e2e-test        |
-| codeql.yaml        | CodeQL analysis                                                |
-| image-reuse.yaml   | Build, push, and Sign container images                         |
-| image.yaml         | Build container image for PR's & publish for push events       |
-| init-release.yaml  | Build manifests and version then create a PR for release branch|
-| pr-title-check.yaml| Lint PR for semantic information                               |
-| release.yaml       | Build images, cli-binaries, provenances, and post actions      |
-| scorecard.yaml     | Generate scorecard for supply-chain security                   |
-| update-snyk.yaml   | Scheduled snyk reports                                         |
-| stale.yaml         | Labels stale issues and PRs                                    |
-
-# Reusable workflows
-
-## image-reuse.yaml
-
-- The reusable workflow can be used to publish or build images with multiple container registries(Quay,GHCR, dockerhub), and then sign them with cosign when an image is published.
-- A GO version `must` be specified e.g. 1.21
-- The image name for each registry *must* contain the tag. Note: multiple tags are allowed for each registry using a CSV type.
-- Multiple platforms can be specified e.g. linux/amd64,linux/arm64
-- Images are not published by default. A boolean value must be set to `true` to push images.
-- An optional target can be specified.
-
-| Inputs            | Description                         | Type        | Required | Defaults        |
-|-------------------|-------------------------------------|-------------|----------|-----------------|
-| go-version        | Version of Go to be used            | string      | true     | none            |
-| quay_image_name   | Full image name and tag             | CSV, string | false    | none            |
-| ghcr_image_name   | Full image name and tag             | CSV, string | false    | none            |
-| docker_image_name | Full image name and tag             | CSV, string | false    | none            |
-| platforms         | Platforms to build (linux/amd64)    | CSV, string | false    | linux/amd64     |
-| push              | Whether to push image/s to registry | boolean     | false    | false           |
-| target            | Target build stage                  | string      | false    | none            |
-
-| Outputs     | Description                              | Type  |
-|-------------|------------------------------------------|-------|
-|image-digest | Image digest of image container created  | string|
-

.github/workflows/bump-major-version.yaml

@@ -1,89 +0,0 @@
-name: Bump major version
-on:
-  workflow_dispatch: {}
-
-permissions: {}
-
-jobs:
-  prepare-release:
-    permissions:
-      contents: write  # for peter-evans/create-pull-request to create branch
-      pull-requests: write  # for peter-evans/create-pull-request to create a PR
-    name: Automatically update major version
-    runs-on: ubuntu-24.04
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd  # v6.0.2
-        with:
-          fetch-depth: 0
-          token: ${{ secrets.GITHUB_TOKEN }}
-
-      # Get the current major version from go.mod and save it as a variable.
-      - name: Get target version
-        id: get-target-version
-        run: |
-          set -ue
-          CURRENT_VERSION=$(grep 'module github.com/argoproj/argo-cd' go.mod | awk '{print $2}' | sed 's/.*\/v//')
-          echo "TARGET_VERSION=$((CURRENT_VERSION + 1))" >> $GITHUB_OUTPUT
-
-      - name: Copy source code to GOPATH
-        run: |
-          mkdir -p ~/go/src/github.com/argoproj
-          cp -a ../argo-cd ~/go/src/github.com/argoproj
-
-      - name: Run script to bump the version
-        run: |
-          hack/bump-major-version.sh
-        working-directory: /home/runner/go/src/github.com/argoproj/argo-cd
-
-      - name: Setup Golang
-        uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0
-        with:
-          go-version: ${{ env.GOLANG_VERSION }}
-      - name: Add ~/go/bin to PATH
-        run: |
-          echo "/home/runner/go/bin" >> $GITHUB_PATH
-      - name: Add /usr/local/bin to PATH
-        run: |
-          echo "/usr/local/bin" >> $GITHUB_PATH
-      - name: Download & vendor dependencies
-        run: |
-          # We need to vendor go modules for codegen yet
-          go mod download
-          go mod vendor -v
-        working-directory: /home/runner/go/src/github.com/argoproj/argo-cd
-      - name: Install toolchain for codegen
-        run: |
-          make install-codegen-tools-local
-          make install-go-tools-local
-        working-directory: /home/runner/go/src/github.com/argoproj/argo-cd
-        # We install kustomize in the dist directory
-      - name: Add dist to PATH
-        run: |
-          echo "/home/runner/work/argo-cd/argo-cd/dist" >> $GITHUB_PATH
-      - name: Run codegen
-        run: |
-          set -x
-          export GOPATH=$(go env GOPATH)
-          make codegen-local
-        working-directory: /home/runner/go/src/github.com/argoproj/argo-cd
-
-      - name: Copy changes back
-        run: |
-          # Copy the contents back, but skip the .git directory
-          rsync -a --exclude=.git /home/runner/go/src/github.com/argoproj/argo-cd/ ../argo-cd
-
-      - name: Create pull request
-        uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0  # v8.1.0
-        with:
-          commit-message: "Bump major version to ${{ steps.get-target-version.outputs.TARGET_VERSION }}"
-          title: "Bump major version to ${{ steps.get-target-version.outputs.TARGET_VERSION }}"
-          body: |
-            Congrats! You've just bumped the major version to ${{ steps.get-target-version.outputs.TARGET_VERSION }}.
-            
-            Next steps:
-            - [ ] Merge this PR
-            - [ ] Add an upgrade guide to the docs for this version
-          branch: bump-major-version
-          branch-suffix: random
-          signoff: true

.github/workflows/cherry-pick-single.yml

@@ -1,121 +0,0 @@
-name: Cherry Pick Single
-
-on:
-  workflow_call:
-    inputs:
-      merge_commit_sha:
-        required: true
-        type: string
-        description: "The merge commit SHA to cherry-pick"
-      version_number:
-        required: true
-        type: string
-        description: "The version number (from cherry-pick/ label)"
-      pr_number:
-        required: true
-        type: string
-        description: "The original PR number"
-      pr_title:
-        required: true
-        type: string
-        description: "The original PR title"
-    secrets:
-      CHERRYPICK_APP_ID:
-        required: true
-      CHERRYPICK_APP_PRIVATE_KEY:
-        required: true
-
-jobs:
-  cherry-pick:
-    name: Cherry Pick to ${{ inputs.version_number }}
-    runs-on: ubuntu-24.04
-    steps:
-      - name: Generate a token
-        id: generate-token
-        uses: actions/create-github-app-token@a8d616148505b5069dccd32f177bb87d7f39123b # v2.1.1
-        with:
-          app-id: ${{ secrets.CHERRYPICK_APP_ID }}
-          private-key: ${{ secrets.CHERRYPICK_APP_PRIVATE_KEY }}
-
-      - name: Checkout repository
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd  # v6.0.2
-        with:
-          fetch-depth: 0
-          token: ${{ steps.generate-token.outputs.token }}
-
-      - name: Configure Git
-        run: |
-          git config --global user.name "github-actions[bot]"
-          git config --global user.email "github-actions[bot]@users.noreply.github.com"
-
-      - name: Cherry pick commit
-        id: cherry-pick
-        run: |
-          set -e
-
-          MERGE_COMMIT="${{ inputs.merge_commit_sha }}"
-          TARGET_BRANCH="release-${{ inputs.version_number }}"
-
-          echo "🍒 Cherry-picking commit $MERGE_COMMIT to branch $TARGET_BRANCH"
-
-          # Check if target branch exists
-          if ! git show-ref --verify --quiet "refs/remotes/origin/$TARGET_BRANCH"; then
-            echo "❌ Target branch '$TARGET_BRANCH' does not exist"
-            exit 1
-          fi
-
-          # Create new branch for cherry-pick
-          CHERRY_PICK_BRANCH="cherry-pick-${{ inputs.pr_number }}-to-${TARGET_BRANCH}"
-          git checkout -b "$CHERRY_PICK_BRANCH" "origin/$TARGET_BRANCH"
-
-          # Perform cherry-pick
-          if git cherry-pick -m 1 "$MERGE_COMMIT"; then
-            echo "✅ Cherry-pick successful"
-
-            # Extract Signed-off-by from the cherry-pick commit
-            SIGNOFF=$(git log -1 --pretty=format:"%B" | grep -E '^Signed-off-by:' || echo "")
-
-            # Push the new branch
-            git push origin "$CHERRY_PICK_BRANCH"
-
-            # Save data for PR creation
-            echo "branch_name=$CHERRY_PICK_BRANCH" >> "$GITHUB_OUTPUT"
-            echo "signoff=$SIGNOFF" >> "$GITHUB_OUTPUT"
-            echo "target_branch=$TARGET_BRANCH" >> "$GITHUB_OUTPUT"
-          else
-            echo "❌ Cherry-pick failed due to conflicts"
-            git cherry-pick --abort
-            exit 1
-          fi
-
-      - name: Create Pull Request
-        run: |
-          # Create cherry-pick PR
-          TITLE="${PR_TITLE} (cherry-pick #${{ inputs.pr_number }} for ${{ inputs.version_number }})"
-          BODY=$(cat <<EOF
-          Cherry-picked ${PR_TITLE} (#${{ inputs.pr_number }})
-
-          ${{ steps.cherry-pick.outputs.signoff }}
-          EOF
-          )
-
-          gh pr create \
-            --title "$TITLE" \
-            --body "$BODY" \
-            --base "${{ steps.cherry-pick.outputs.target_branch }}" \
-            --head "${{ steps.cherry-pick.outputs.branch_name }}"
-
-          # Comment on original PR
-          gh pr comment ${{ inputs.pr_number }} \
-            --body "🍒 Cherry-pick PR created for ${{ inputs.version_number }}: #$(gh pr list --head ${{ steps.cherry-pick.outputs.branch_name }} --json number --jq '.[0].number')"
-        env:
-          PR_TITLE: ${{ inputs.pr_title }}
-          GH_TOKEN: ${{ steps.generate-token.outputs.token }}
-
-      - name: Comment on failure
-        if: failure()
-        run: |
-          gh pr comment ${{ inputs.pr_number }} \
-            --body "❌ Cherry-pick failed for ${{ inputs.version_number }}. Please check the [workflow logs](https://github.com/argoproj/argo-cd/actions/runs/${{ github.run_id }}) for details."
-        env:
-          GH_TOKEN: ${{ steps.generate-token.outputs.token }}

.github/workflows/cherry-pick.yml

@@ -1,53 +0,0 @@
-name: Cherry Pick
-
-on:
-  pull_request_target:
-    branches:
-      - master
-    types: ["labeled", "closed"]
-
-jobs:
-  find-labels:
-    name: Find Cherry Pick Labels
-    if: |
-      github.event.pull_request.merged == true && (
-        (github.event.action == 'labeled' && startsWith(github.event.label.name, 'cherry-pick/')) ||
-        (github.event.action == 'closed' && contains(toJSON(github.event.pull_request.labels.*.name), 'cherry-pick/'))
-      )
-    runs-on: ubuntu-24.04
-    outputs:
-      labels: ${{ steps.extract-labels.outputs.labels }}
-    steps:
-      - name: Extract cherry-pick labels
-        id: extract-labels
-        run: |
-          if [[ "${{ github.event.action }}" == "labeled" ]]; then
-            # Label was just added - use it directly
-            LABEL_NAME="${{ github.event.label.name }}"
-            VERSION="${LABEL_NAME#cherry-pick/}"
-            CHERRY_PICK_DATA='[{"label":"'$LABEL_NAME'","version":"'$VERSION'"}]'
-          else
-            # PR was closed - find all cherry-pick labels
-            CHERRY_PICK_DATA=$(echo '${{ toJSON(github.event.pull_request.labels) }}' | jq -c '[.[] | select(.name | startswith("cherry-pick/")) | {label: .name, version: (.name | sub("cherry-pick/"; ""))}]')
-          fi
-
-          echo "labels=$CHERRY_PICK_DATA" >> "$GITHUB_OUTPUT"
-          echo "Found cherry-pick data: $CHERRY_PICK_DATA"
-
-  cherry-pick:
-    name: Cherry Pick
-    needs: find-labels
-    if: needs.find-labels.outputs.labels != '[]'
-    strategy:
-      matrix:
-        include: ${{ fromJSON(needs.find-labels.outputs.labels) }}
-      fail-fast: false
-    uses: ./.github/workflows/cherry-pick-single.yml
-    with:
-      merge_commit_sha: ${{ github.event.pull_request.merge_commit_sha }}
-      version_number: ${{ matrix.version }}
-      pr_number: ${{ github.event.pull_request.number }}
-      pr_title: ${{ github.event.pull_request.title }}
-    secrets:
-      CHERRYPICK_APP_ID: ${{ vars.CHERRYPICK_APP_ID }}
-      CHERRYPICK_APP_PRIVATE_KEY: ${{ secrets.CHERRYPICK_APP_PRIVATE_KEY }}

.github/workflows/ci-build.yaml

@@ -1,5 +1,5 @@
 name: Integration tests
-on:
+on: 
   push:
     branches:
       - 'master'
@@ -13,75 +13,49 @@ on:
 
 env:
   # Golang version to use across CI steps
-  # renovate: datasource=golang-version packageName=golang
-  GOLANG_VERSION: '1.26.0'
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: ${{ github.ref != 'refs/heads/master' }}
-
-permissions:
-  contents: read
+  GOLANG_VERSION: '1.16.11'
 
 jobs:
-  changes:
-    runs-on: ubuntu-24.04
-    outputs:
-      backend: ${{ steps.filter.outputs.backend_any_changed }}
-      frontend: ${{ steps.filter.outputs.frontend_any_changed }}
-      docs: ${{ steps.filter.outputs.docs_any_changed }}
-    steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-      - uses: tj-actions/changed-files@7dee1b0c1557f278e5c7dc244927139d78c0e22a # v47.0.4
-        id: filter
-        with:
-          # Any file which is not under docs/, ui/ or is not a markdown file is counted as a backend file
-          files_yaml: |
-            backend:
-              - '!ui/**'
-              - '!**.md'
-              - '!**/*.md'
-              - '!docs/**'
-            frontend:
-              - 'ui/**'
-              - Dockerfile
-            docs:
-              - 'docs/**'
-  check-go:
-    name: Ensure Go modules synchronicity
-    if: ${{ needs.changes.outputs.backend == 'true' }}
-    runs-on: ubuntu-24.04
-    needs:
-      - changes
+  build-docker:
+    name: Build Docker image
+    runs-on: ubuntu-latest
+    if: github.head_ref != ''
     steps:
       - name: Checkout code
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@v2
+      - name: Build Docker image
+        run: |
+          make image
+  check-go:
+    name: Ensure Go modules synchronicity
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
       - name: Setup Golang
-        uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0
+        uses: actions/setup-go@v1
         with:
           go-version: ${{ env.GOLANG_VERSION }}
       - name: Download all Go modules
         run: |
           go mod download
-      - name: Check for tidiness of go.mod and go.sum
+      - name: Check for tidyness of go.mod and go.sum
         run: |
           go mod tidy
           git diff --exit-code -- .
+
   build-go:
     name: Build & cache Go code
-    if: ${{ needs.changes.outputs.backend == 'true' }}
-    runs-on: ubuntu-24.04
-    needs:
-      - changes
+    runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@v2
       - name: Setup Golang
-        uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0
+        uses: actions/setup-go@v1
         with:
           go-version: ${{ env.GOLANG_VERSION }}
       - name: Restore go build cache
-        uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3
+        uses: actions/cache@v1
         with:
           path: ~/.cache/go-build
           key: ${{ runner.os }}-go-build-v1-${{ github.run_id }}
@@ -92,47 +66,31 @@ jobs:
         run: make build-local
 
   lint-go:
-    permissions:
-      contents: read # for actions/checkout to fetch code
-      pull-requests: read # for golangci/golangci-lint-action to fetch pull requests
     name: Lint Go code
-    if: ${{ needs.changes.outputs.backend == 'true' }}
-    runs-on: ubuntu-24.04
-    needs:
-      - changes
+    runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-      - name: Setup Golang
-        uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0
-        with:
-          go-version: ${{ env.GOLANG_VERSION }}
+        uses: actions/checkout@v2
       - name: Run golangci-lint
-        uses: golangci/golangci-lint-action@1e7e51e771db61008b38414a730f564565cf7c20 # v9.2.0
+        uses: golangci/golangci-lint-action@v2
         with:
-          # renovate: datasource=go packageName=github.com/golangci/golangci-lint/v2 versioning=regex:^v(?<major>\d+)\.(?<minor>\d+)\.(?<patch>\d+)?$
-          version: v2.9.0
-          args: --verbose
+          version: v1.38.0
+          args: --timeout 10m --exclude SA5011
 
   test-go:
     name: Run unit tests for Go packages
-    if: ${{ needs.changes.outputs.backend == 'true' }}
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-latest
     needs:
       - build-go
-      - changes
-    env:
-      GITHUB_TOKEN: ${{ secrets.E2E_TEST_GITHUB_TOKEN || secrets.GITHUB_TOKEN }}
-      GITLAB_TOKEN: ${{ secrets.E2E_TEST_GITLAB_TOKEN }}
     steps:
       - name: Create checkout directory
         run: mkdir -p ~/go/src/github.com/argoproj
       - name: Checkout code
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@v2
       - name: Create symlink in GOPATH
         run: ln -s $(pwd) ~/go/src/github.com/argoproj/argo-cd
       - name: Setup Golang
-        uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0
+        uses: actions/setup-go@v1
         with:
           go-version: ${{ env.GOLANG_VERSION }}
       - name: Install required packages
@@ -152,17 +110,13 @@ jobs:
         run: |
           echo "/usr/local/bin" >> $GITHUB_PATH
       - name: Restore go build cache
-        uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3
+        uses: actions/cache@v1
         with:
           path: ~/.cache/go-build
           key: ${{ runner.os }}-go-build-v1-${{ github.run_id }}
       - name: Install all tools required for building & testing
         run: |
           make install-test-tools-local
-        # We install kustomize in the dist directory
-      - name: Add dist to PATH
-        run: |
-          echo "/home/runner/work/argo-cd/argo-cd/dist" >> $GITHUB_PATH
       - name: Setup git username and email
         run: |
           git config --global user.name "John Doe"
@@ -172,31 +126,31 @@ jobs:
           go mod download
       - name: Run all unit tests
         run: make test-local
+      - name: Generate code coverage artifacts
+        uses: actions/upload-artifact@v2
+        with:
+          name: code-coverage
+          path: coverage.out
       - name: Generate test results artifacts
-        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
+        uses: actions/upload-artifact@v2
         with:
           name: test-results
-          path: test-results
+          path: test-results/
 
   test-go-race:
-    name: Run unit tests with -race for Go packages
-    if: ${{ needs.changes.outputs.backend == 'true' }}
-    runs-on: ubuntu-24.04
+    name: Run unit tests with -race, for Go packages
+    runs-on: ubuntu-latest
     needs:
       - build-go
-      - changes
-    env:
-      GITHUB_TOKEN: ${{ secrets.E2E_TEST_GITHUB_TOKEN || secrets.GITHUB_TOKEN }}
-      GITLAB_TOKEN: ${{ secrets.E2E_TEST_GITLAB_TOKEN }}
     steps:
       - name: Create checkout directory
         run: mkdir -p ~/go/src/github.com/argoproj
       - name: Checkout code
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@v2
       - name: Create symlink in GOPATH
         run: ln -s $(pwd) ~/go/src/github.com/argoproj/argo-cd
       - name: Setup Golang
-        uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0
+        uses: actions/setup-go@v1
         with:
           go-version: ${{ env.GOLANG_VERSION }}
       - name: Install required packages
@@ -216,17 +170,13 @@ jobs:
         run: |
           echo "/usr/local/bin" >> $GITHUB_PATH
       - name: Restore go build cache
-        uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3
+        uses: actions/cache@v1
         with:
           path: ~/.cache/go-build
           key: ${{ runner.os }}-go-build-v1-${{ github.run_id }}
       - name: Install all tools required for building & testing
         run: |
           make install-test-tools-local
-        # We install kustomize in the dist directory
-      - name: Add dist to PATH
-        run: |
-          echo "/home/runner/work/argo-cd/argo-cd/dist" >> $GITHUB_PATH
       - name: Setup git username and email
         run: |
           git config --global user.name "John Doe"
@@ -237,29 +187,25 @@ jobs:
       - name: Run all unit tests
         run: make test-race-local
       - name: Generate test results artifacts
-        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
+        uses: actions/upload-artifact@v2
         with:
           name: race-results
           path: test-results/
 
   codegen:
     name: Check changes to generated code
-    if: ${{ needs.changes.outputs.backend == 'true' || needs.changes.outputs.docs == 'true'}}
-    runs-on: ubuntu-24.04
-    needs:
-      - changes
+    runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@v2
       - name: Setup Golang
-        uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0
+        uses: actions/setup-go@v1
         with:
           go-version: ${{ env.GOLANG_VERSION }}
       - name: Create symlink in GOPATH
-        # generalizing repo name for forks:  ${{ github.event.repository.name }}
         run: |
           mkdir -p ~/go/src/github.com/argoproj
-          cp -a ../${{ github.event.repository.name }} ~/go/src/github.com/argoproj
+          cp -a ../argo-cd ~/go/src/github.com/argoproj
       - name: Add ~/go/bin to PATH
         run: |
           echo "/home/runner/go/bin" >> $GITHUB_PATH
@@ -271,51 +217,41 @@ jobs:
           # We need to vendor go modules for codegen yet
           go mod download
           go mod vendor -v
-        # generalizing repo name for forks:  ${{ github.event.repository.name }}
-        working-directory: /home/runner/go/src/github.com/argoproj/${{ github.event.repository.name }}
+        working-directory: /home/runner/go/src/github.com/argoproj/argo-cd
       - name: Install toolchain for codegen
         run: |
           make install-codegen-tools-local
           make install-go-tools-local
-        # generalizing repo name for forks:  ${{ github.event.repository.name }}
-        working-directory: /home/runner/go/src/github.com/argoproj/${{ github.event.repository.name }}
-        # We install kustomize in the dist directory
-      - name: Add dist to PATH
+        working-directory: /home/runner/go/src/github.com/argoproj/argo-cd
+      - name: Initialize local Helm
         run: |
-          echo "/home/runner/work/argo-cd/argo-cd/dist" >> $GITHUB_PATH
+          helm2 init --client-only
       - name: Run codegen
         run: |
           set -x
           export GOPATH=$(go env GOPATH)
           git checkout -- go.mod go.sum
           make codegen-local
-        # generalizing repo name for forks:  ${{ github.event.repository.name }}
-        working-directory: /home/runner/go/src/github.com/argoproj/${{ github.event.repository.name }}
+        working-directory: /home/runner/go/src/github.com/argoproj/argo-cd
       - name: Check nothing has changed
         run: |
           set -xo pipefail
           git diff --exit-code -- . ':!go.sum' ':!go.mod' ':!assets/swagger.json' | tee codegen.patch
-        # generalizing repo name for forks:  ${{ github.event.repository.name }}
-        working-directory: /home/runner/go/src/github.com/argoproj/${{ github.event.repository.name }}
+        working-directory: /home/runner/go/src/github.com/argoproj/argo-cd
 
   build-ui:
     name: Build, test & lint UI code
-    # We run UI logic for backend changes so that we have a complete set of coverage documents to send to codecov.
-    if: ${{ needs.changes.outputs.backend == 'true' || needs.changes.outputs.frontend == 'true' }}
-    runs-on: ubuntu-24.04
-    needs:
-      - changes
+    runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@v2
       - name: Setup NodeJS
-        uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
+        uses: actions/setup-node@v1
         with:
-          # renovate: datasource=node-version packageName=node versioning=node
-          node-version: '22.9.0'
+          node-version: '12.18.4'
       - name: Restore node dependency cache
         id: cache-dependencies
-        uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3
+        uses: actions/cache@v1
         with:
           path: ui/node_modules
           key: ${{ runner.os }}-node-dep-v2-${{ hashFiles('**/yarn.lock') }}
@@ -329,170 +265,131 @@ jobs:
         env:
           NODE_ENV: production
           NODE_ONLINE_ENV: online
-          HOST_ARCH: amd64
-          # If we're on the master branch, set the codecov token so that we upload bundle analysis
-          CODECOV_TOKEN: ${{ github.ref == 'refs/heads/master' && secrets.CODECOV_TOKEN || '' }}
         working-directory: ui/
       - name: Run ESLint
         run: yarn lint
         working-directory: ui/
 
-  shellcheck:
-    runs-on: ubuntu-24.04
-    steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-      - run: |
-          sudo apt-get install shellcheck
-          shellcheck -e SC2059 -e SC2154 -e SC2034 -e SC2016 -e SC1091 $(find . -type f -name '*.sh' | grep -v './ui/node_modules') | tee sc.log
-          test ! -s sc.log
-
   analyze:
     name: Process & analyze test artifacts
-    if: ${{ needs.changes.outputs.backend == 'true' || needs.changes.outputs.frontend == 'true' }}
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-latest
     needs:
       - test-go
       - build-ui
-      - changes
-      - test-e2e
     env:
       sonar_secret: ${{ secrets.SONAR_TOKEN }}
-      codecov_secret: ${{ secrets.CODECOV_TOKEN }}
     steps:
       - name: Checkout code
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@v2
         with:
           fetch-depth: 0
       - name: Restore node dependency cache
         id: cache-dependencies
-        uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3
+        uses: actions/cache@v1
         with:
           path: ui/node_modules
           key: ${{ runner.os }}-node-dep-v2-${{ hashFiles('**/yarn.lock') }}
       - name: Remove other node_modules directory
         run: |
           rm -rf ui/node_modules/argo-ui/node_modules
-      - name: Get e2e code coverage
-        uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
+      - name: Create test-results directory
+        run: |
+          mkdir -p test-results
+      - name: Get code coverage artifiact
+        uses: actions/download-artifact@v2
         with:
-          name: e2e-code-coverage
-          path: e2e-code-coverage
-      - name: Get unit test code coverage
-        uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
+          name: code-coverage
+      - name: Get test result artifact
+        uses: actions/download-artifact@v2
         with:
           name: test-results
           path: test-results
-      - name: combine-go-coverage
-        # We generate coverage reports for all Argo CD components, but only the applicationset-controller,
-        # app-controller, repo-server, and commit-server report contain coverage data. The other components currently
-        # don't shut down gracefully, so no coverage data is produced. Once those components are fixed, we can add
-        # references to their coverage output directories.
-        run: |
-          go tool covdata percent -i=test-results,e2e-code-coverage/applicationset-controller,e2e-code-coverage/repo-server,e2e-code-coverage/app-controller,e2e-code-coverage/commit-server -o test-results/full-coverage.out
       - name: Upload code coverage information to codecov.io
-        # Only run when the workflow is for upstream (PR target or push is in argoproj/argo-cd).
-        if: github.repository == 'argoproj/argo-cd'
-        uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5.5.2
+        uses: codecov/codecov-action@v1
         with:
-          files: test-results/full-coverage.out
-          fail_ci_if_error: true
-        env:
-          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
-      - name: Upload test results to Codecov
-        # Codecov uploads test results to Codecov.io on upstream master branch.
-        if: github.repository == 'argoproj/argo-cd' && github.ref == 'refs/heads/master' && github.event_name == 'push'
-        uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5.5.2
-        with:
-          files: test-results/junit.xml
-          fail_ci_if_error: true
-          token: ${{ secrets.CODECOV_TOKEN }}
-          report_type: test_results
+          file: coverage.out
       - name: Perform static code analysis using SonarCloud
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
-        uses: SonarSource/sonarqube-scan-action@a31c9398be7ace6bbfaf30c0bd5d415f843d45e9 # v7.0.0
+          SCANNER_VERSION: 4.2.0.1873
+          SCANNER_PATH: /tmp/cache/scanner
+          OS: linux
+        run: |
+            # We do not use the provided action, because it does contain an old
+            # version of the scanner, and also takes time to build.
+            set -e
+            mkdir -p ${SCANNER_PATH}
+            export SONAR_USER_HOME=${SCANNER_PATH}/.sonar
+            if [[ ! -x "${SCANNER_PATH}/sonar-scanner-${SCANNER_VERSION}-${OS}/bin/sonar-scanner" ]]; then
+              curl -Ol https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-${SCANNER_VERSION}-${OS}.zip
+              unzip -qq -o sonar-scanner-cli-${SCANNER_VERSION}-${OS}.zip -d ${SCANNER_PATH}
+            fi
+
+            chmod +x ${SCANNER_PATH}/sonar-scanner-${SCANNER_VERSION}-${OS}/bin/sonar-scanner
+            chmod +x ${SCANNER_PATH}/sonar-scanner-${SCANNER_VERSION}-${OS}/jre/bin/java
+
+            # Explicitly set NODE_MODULES
+            export NODE_MODULES=${PWD}/ui/node_modules
+            export NODE_PATH=${PWD}/ui/node_modules
+
+            ${SCANNER_PATH}/sonar-scanner-${SCANNER_VERSION}-${OS}/bin/sonar-scanner
         if: env.sonar_secret != ''
+
   test-e2e:
     name: Run end-to-end tests
-    if: ${{ needs.changes.outputs.backend == 'true' }}
-    runs-on: ${{ github.repository == 'argoproj/argo-cd' && 'oracle-vm-16cpu-64gb-x86-64' || 'ubuntu-24.04' }}
+    runs-on: ubuntu-latest
     strategy:
-      fail-fast: false
       matrix:
-        # latest: true means that this version mush upload the coverage report to codecov.io
-        # We designate the latest version because we only collect code coverage for that version.
-        k3s:
-          - version: v1.35.0
-            latest: true
-          - version: v1.34.2
-            latest: false
-          - version: v1.33.1
-            latest: false
-          - version: v1.32.1
-            latest: false
-    needs:
+        k3s-version: [v1.21.2, v1.20.2, v1.19.2, v1.18.9, v1.17.11]
+    needs: 
       - build-go
-      - changes
     env:
-      ARGOCD_FAKE_IN_CLUSTER: 'true'
-      ARGOCD_E2E_K3S: 'true'
-      ARGOCD_IN_CI: 'true'
-      ARGOCD_E2E_APISERVER_PORT: '8088'
-      ARGOCD_APPLICATION_NAMESPACES: 'argocd-e2e-external,argocd-e2e-external-2'
-      ARGOCD_SERVER: '127.0.0.1:8088'
-      GITHUB_TOKEN: ${{ secrets.E2E_TEST_GITHUB_TOKEN || secrets.GITHUB_TOKEN }}
-      GITLAB_TOKEN: ${{ secrets.E2E_TEST_GITLAB_TOKEN }}
+      GOPATH: /home/runner/go
+      ARGOCD_FAKE_IN_CLUSTER: "true"
+      ARGOCD_SSH_DATA_PATH: "/tmp/argo-e2e/app/config/ssh"
+      ARGOCD_TLS_DATA_PATH: "/tmp/argo-e2e/app/config/tls"
+      ARGOCD_E2E_SSH_KNOWN_HOSTS: "../fixture/certs/ssh_known_hosts"
+      ARGOCD_E2E_K3S: "true"
+      ARGOCD_IN_CI: "true"
+      ARGOCD_E2E_APISERVER_PORT: "8088"
+      ARGOCD_SERVER: "127.0.0.1:8088"
     steps:
-      - name: Free Disk Space (Ubuntu)
-        uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be
-        with:
-          large-packages: false
-          docker-images: false
-          swap-storage: false
-          tool-cache: false
       - name: Checkout code
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@v2
       - name: Setup Golang
-        uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0
+        uses: actions/setup-go@v1
         with:
           go-version: ${{ env.GOLANG_VERSION }}
-      - name: Set GOPATH
-        run: |
-          echo "GOPATH=$HOME/go" >> $GITHUB_ENV
       - name: GH actions workaround - Kill XSP4 process
         run: |
           sudo pkill mono || true
       - name: Install K3S
         env:
-          INSTALL_K3S_VERSION: ${{ matrix.k3s.version }}+k3s1
+          INSTALL_K3S_VERSION: ${{ matrix.k3s-version }}+k3s1
         run: |
           set -x
           curl -sfL https://get.k3s.io | sh -
           sudo chmod -R a+rw /etc/rancher/k3s
-          sudo mkdir -p $HOME/.kube && sudo chown -R $(whoami) $HOME/.kube
+          sudo mkdir -p $HOME/.kube && sudo chown -R runner $HOME/.kube
           sudo k3s kubectl config view --raw > $HOME/.kube/config
-          sudo chown $(whoami) $HOME/.kube/config
-          sudo chmod go-r $HOME/.kube/config
+          sudo chown runner $HOME/.kube/config
           kubectl version
       - name: Restore go build cache
-        uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3
+        uses: actions/cache@v1
         with:
           path: ~/.cache/go-build
           key: ${{ runner.os }}-go-build-v1-${{ github.run_id }}
       - name: Add ~/go/bin to PATH
         run: |
-          echo "$HOME/go/bin" >> $GITHUB_PATH
+          echo "/home/runner/go/bin" >> $GITHUB_PATH
       - name: Add /usr/local/bin to PATH
         run: |
           echo "/usr/local/bin" >> $GITHUB_PATH
-      - name: Add ./dist to PATH
-        run: |
-          echo "$(pwd)/dist" >> $GITHUB_PATH
       - name: Download Go dependencies
         run: |
           go mod download
-          go install github.com/mattn/goreman@latest
+          go get github.com/mattn/goreman
       - name: Install all tools required for building & testing
         run: |
           make install-test-tools-local
@@ -502,13 +399,13 @@ jobs:
           git config --global user.email "john.doe@example.com"
       - name: Pull Docker image required for tests
         run: |
-          docker pull ghcr.io/dexidp/dex:v2.44.0
+          docker pull quay.io/dexidp/dex:v2.25.0
           docker pull argoproj/argo-cd-ci-builder:v1.0.0
-          docker pull redis:8.2.3-alpine
+          docker pull redis:6.2.6-alpine
       - name: Create target directory for binaries in the build-process
         run: |
           mkdir -p dist
-          chown $(whoami) dist
+          chown runner dist
       - name: Run E2E server and wait for it being available
         timeout-minutes: 30
         run: |
@@ -517,11 +414,11 @@ jobs:
           # port 8080 which is not visible in netstat -tulpen, but still there
           # with a HTTP listener. We have API server listening on port 8088
           # instead.
-          make start-e2e-local COVERAGE_ENABLED=true 2>&1 | sed -r "s/[[:cntrl:]]\[[0-9]{1,3}m//g" > /tmp/e2e-server.log &
+          make start-e2e-local 2>&1 | sed -r "s/[[:cntrl:]]\[[0-9]{1,3}m//g" > /tmp/e2e-server.log &
           count=1
           until curl -f http://127.0.0.1:8088/healthz; do
             sleep 10;
-            if test $count -ge 180; then
+            if test $count -ge 60; then
               echo "Timeout"
               exit 1
             fi
@@ -531,40 +428,9 @@ jobs:
         run: |
           set -x
           make test-e2e-local
-          goreman run stop-all || echo "goreman trouble"
-          sleep 30
-      - name: Upload e2e coverage report
-        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
-        with:
-          name: e2e-code-coverage
-          path: /tmp/coverage
-        if: ${{ matrix.k3s.latest }}
       - name: Upload e2e-server logs
-        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
+        uses: actions/upload-artifact@v2
         with:
-          name: e2e-server-k8s${{ matrix.k3s.version }}.log
+          name: e2e-server-k8s${{ matrix.k3s-version }}.log
           path: /tmp/e2e-server.log
         if: ${{ failure() }}
-
-  # workaround for status checks -- check this one job instead of each individual E2E job in the matrix
-  # this allows us to skip the entire matrix when it doesn't need to run while still having accurate status checks
-  # see:
-  # https://github.com/argoproj/argo-workflows/pull/12006
-  # https://github.com/orgs/community/discussions/9141#discussioncomment-2296809
-  # https://github.com/orgs/community/discussions/26822#discussioncomment-3305794
-  test-e2e-composite-result:
-    name: E2E Tests - Composite result
-    if: ${{ always() }}
-    needs:
-      - test-e2e
-      - changes
-    runs-on: ubuntu-24.04
-    steps:
-      - run: |
-          result="${{ needs.test-e2e.result }}"
-          # mark as successful even if skipped
-          if [[ $result == "success" || $result == "skipped" ]]; then
-            exit 0
-          else
-            exit 1
-          fi

.github/workflows/codeql.yml

@@ -2,44 +2,32 @@ name: "Code scanning - action"
 
 on:
   push:
-    # Secrets aren't available for dependabot on push. https://docs.github.com/en/enterprise-cloud@latest/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/troubleshooting-the-codeql-workflow#error-403-resource-not-accessible-by-integration-when-using-dependabot
-    branches-ignore:
-      - 'dependabot/**'
-      - 'cherry-pick-*'
   pull_request:
   schedule:
     - cron: '0 19 * * 0'
 
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
-
-permissions:
-  contents: read
-
 jobs:
   CodeQL-Build:
-    permissions:
-      actions: read  # for github/codeql-action/init to get workflow details
-      contents: read  # for actions/checkout to fetch code
-      security-events: write  # for github/codeql-action/autobuild to send a status report
-    if: github.repository == 'argoproj/argo-cd' || vars.enable_codeql
 
     # CodeQL runs on ubuntu-latest and windows-latest
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-latest
+
     steps:
     - name: Checkout repository
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-
-    # Use correct go version. https://github.com/github/codeql-action/issues/1842#issuecomment-1704398087
-    - name: Setup Golang
-      uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0
+      uses: actions/checkout@v2
       with:
-        go-version-file: go.mod
+        # We must fetch at least the immediate parents so that if this is
+        # a pull request then we can checkout the head.
+        fetch-depth: 2
+
+    # If this run was triggered by a pull request event, then checkout
+    # the head of the pull request instead of the merge commit.
+    - run: git checkout HEAD^2
+      if: ${{ github.event_name == 'pull_request' }}
       
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@8fcfedf57053e09257688fce7a0beeb18b1b9ae3 # v2.17.2
+      uses: github/codeql-action/init@v1
       # Override language selection by uncommenting this and choosing your languages
       # with:
       #   languages: go, javascript, csharp, python, cpp, java
@@ -47,7 +35,7 @@ jobs:
     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
-      uses: github/codeql-action/autobuild@8fcfedf57053e09257688fce7a0beeb18b1b9ae3 # v2.17.2
+      uses: github/codeql-action/autobuild@v1
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 https://git.io/JvXDl
@@ -61,4 +49,4 @@ jobs:
     #   make release
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@8fcfedf57053e09257688fce7a0beeb18b1b9ae3 # v2.17.2
+      uses: github/codeql-action/analyze@v1

.github/workflows/gh-pages.yaml

@@ -0,0 +1,23 @@
+name: Deploy
+
+on:
+  push:
+    branches:
+      - master
+  pull_request:
+    branches:
+      - 'master'
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v1
+      - name: Setup Python
+        uses: actions/setup-python@v1
+        with:
+          python-version: 3.9.8
+      - name: build
+        run: |
+          pip install -r docs/requirements.txt
+          mkdocs build

.github/workflows/image-reuse.yaml

@@ -1,170 +0,0 @@
-name: Publish and Sign Container Image
-on:
-  workflow_call:
-    inputs:
-      go-version:
-        required: true
-        type: string
-      quay_image_name:
-        required: false
-        type: string
-      ghcr_image_name:
-        required: false
-        type: string
-      docker_image_name:
-        required: false
-        type: string
-      platforms:
-        required: true
-        type: string
-      push:
-        required: true
-        type: boolean
-      target:
-        required: false
-        type: string
-
-    secrets:
-      quay_username:
-        required: false
-      quay_password:
-        required: false
-      ghcr_username:
-        required: false
-      ghcr_password:
-        required: false
-      docker_username:
-        required: false
-      docker_password:
-        required: false
-
-    outputs:
-      image-digest:
-        description: "sha256 digest of container image"
-        value: ${{ jobs.publish.outputs.image-digest }}
-
-permissions: {}
-
-jobs:
-  publish:
-    permissions:
-      contents: read
-      packages: write # Used to push images to `ghcr.io` if used.
-      id-token: write # Needed to create an OIDC token for keyless signing
-    runs-on: ubuntu-24.04
-    outputs:  
-      image-digest: ${{ steps.image.outputs.digest }}
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-        with:
-          fetch-depth: 0
-          token: ${{ secrets.GITHUB_TOKEN }}
-        if: ${{ github.ref_type == 'tag'}}
-
-      - name: Checkout code
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-        if: ${{ github.ref_type != 'tag'}}
-
-      - name: Setup Golang
-        uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0
-        with:
-          go-version: ${{ inputs.go-version }}
-          cache: false
-
-      - name: Install cosign
-        uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0
-
-      - uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0
-      - uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0
-
-      - name: Setup tags for container image as a CSV type
-        run: |
-          IMAGE_TAGS=$(for str in \
-            ${{ inputs.quay_image_name }} \
-            ${{ inputs.ghcr_image_name }} \
-            ${{ inputs.docker_image_name}}; do
-            echo -n "${str}",;done | sed 's/,$//')
-
-          echo $IMAGE_TAGS
-          echo "TAGS=$IMAGE_TAGS" >> $GITHUB_ENV
-
-      - name: Setup image namespace for signing, strip off the tag
-        run: |
-          TAGS=$(for tag in \
-            ${{ inputs.quay_image_name }} \
-            ${{ inputs.ghcr_image_name }} \
-            ${{ inputs.docker_image_name}}; do
-            echo -n "${tag}" | awk -F ":" '{print $1}' -;done)
-          
-            echo $TAGS
-            echo 'SIGNING_TAGS<<EOF' >> $GITHUB_ENV
-            echo $TAGS >> $GITHUB_ENV
-            echo 'EOF' >> $GITHUB_ENV
-
-      - name: Login to Quay.io
-        uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0
-        with:
-          registry: quay.io
-          username: ${{ secrets.quay_username }}
-          password: ${{ secrets.quay_password }}
-        if: ${{ inputs.quay_image_name && inputs.push }}
-
-      - name: Login to GitHub Container Registry
-        uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0
-        with:
-          registry: ghcr.io
-          username: ${{ secrets.ghcr_username }}
-          password: ${{ secrets.ghcr_password }}
-        if: ${{ inputs.ghcr_image_name && inputs.push }}
-
-      - name: Login to dockerhub Container Registry
-        uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0
-        with:
-          username: ${{ secrets.docker_username }}
-          password: ${{ secrets.docker_password }}
-        if: ${{ inputs.docker_image_name && inputs.push }}
-
-      - name: Set up build args for container image
-        run: |
-            echo "GIT_TAG=$(if [ -z "`git status --porcelain`" ]; then git describe --exact-match --tags HEAD 2>/dev/null; fi)" >> $GITHUB_ENV
-            echo "GIT_COMMIT=$(git rev-parse HEAD)" >> $GITHUB_ENV
-            echo "BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_ENV
-            echo "GIT_TREE_STATE=$(if [ -z "`git status --porcelain`" ]; then echo "clean" ; else echo "dirty"; fi)" >> $GITHUB_ENV
-
-      - name: Free Disk Space (Ubuntu)
-        uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be
-        with:
-          large-packages: false
-          docker-images: false
-          swap-storage: false
-          tool-cache: false
-
-      - name: Build and push container image
-        id: image
-        uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 #v6.19.2
-        with:
-          context: .
-          platforms: ${{ inputs.platforms }}
-          push: ${{ inputs.push }}
-          tags: ${{ env.TAGS }}
-          target: ${{ inputs.target }}
-          provenance: false
-          sbom: false
-          build-args: |
-            GIT_TAG=${{env.GIT_TAG}}
-            GIT_COMMIT=${{env.GIT_COMMIT}}
-            BUILD_DATE=${{env.BUILD_DATE}}
-            GIT_TREE_STATE=${{env.GIT_TREE_STATE}}
-
-      - name: Sign container images
-        run: |
-          for signing_tag in $SIGNING_TAGS; do
-            cosign sign \
-            -a "repo=${{ github.repository }}" \
-            -a "workflow=${{ github.workflow }}" \
-            -a "sha=${{ github.sha }}" \
-            -y \
-            "$signing_tag"@${{ steps.image.outputs.digest }}
-          done
-        if: ${{ inputs.push }}

.github/workflows/image.yaml

@@ -4,149 +4,56 @@ on:
   push:
     branches:
       - master
-  pull_request:
-    branches:
-      - master
-    types: [labeled, unlabeled, opened, synchronize, reopened]
 
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
-
-permissions: {}
+env:
+  GOLANG_VERSION: '1.16.11'
 
 jobs:
-  set-vars:
-    permissions:
-      contents: read
-    # Always run to calculate variables - other jobs check outputs
-    runs-on: ubuntu-24.04
-    outputs:
-      image-tag: ${{ steps.image.outputs.tag}}
-      platforms: ${{ steps.platforms.outputs.platforms }}
-      image_namespace: ${{ steps.image.outputs.image_namespace }}
-      image_repository: ${{ steps.image.outputs.image_repository }}
-      quay_image_name: ${{ steps.image.outputs.quay_image_name }}
-      ghcr_image_name: ${{ steps.image.outputs.ghcr_image_name }}
-      ghcr_provenance_image: ${{ steps.image.outputs.ghcr_provenance_image }}
-      allow_ghcr_publish: ${{ steps.image.outputs.allow_ghcr_publish }}
+  publish:
+    runs-on: ubuntu-latest
+    env:
+      GOPATH: /home/runner/work/argo-cd/argo-cd
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: actions/setup-go@v1
+        with:
+          go-version: ${{ env.GOLANG_VERSION }}
+      - uses: actions/checkout@master
+        with:
+          path: src/github.com/argoproj/argo-cd
 
-      - name: Set image tag and names
-        run: |
-          # Calculate image tag
-          TAG="$(cat ./VERSION)-${GITHUB_SHA::8}"
-          echo "tag=$TAG" >> $GITHUB_OUTPUT
-          
-          # Calculate image names with defaults
-          IMAGE_NAMESPACE="${{ vars.IMAGE_NAMESPACE || 'argoproj' }}"
-          IMAGE_REPOSITORY="${{ vars.IMAGE_REPOSITORY || 'argocd' }}"
-          GHCR_NAMESPACE="${{ vars.GHCR_NAMESPACE || github.repository }}"
-          GHCR_REPOSITORY="${{ vars.GHCR_REPOSITORY || 'argocd' }}"
-          
-          echo "image_namespace=$IMAGE_NAMESPACE" >> $GITHUB_OUTPUT
-          echo "image_repository=$IMAGE_REPOSITORY" >> $GITHUB_OUTPUT
-          
-          # Construct image name
-          echo "quay_image_name=quay.io/$IMAGE_NAMESPACE/$IMAGE_REPOSITORY:latest" >> $GITHUB_OUTPUT
-          
-          ALLOW_GHCR_PUBLISH=false
-          if [[ "${{ github.repository }}" == "argoproj/argo-cd" || "$GHCR_NAMESPACE" != argoproj/* ]]; then
-            ALLOW_GHCR_PUBLISH=true
-            echo "ghcr_image_name=ghcr.io/$GHCR_NAMESPACE/$GHCR_REPOSITORY:$TAG" >> $GITHUB_OUTPUT
-            echo "ghcr_provenance_image=ghcr.io/$GHCR_NAMESPACE/$GHCR_REPOSITORY" >> $GITHUB_OUTPUT
-          else
-            echo "GhCR publish skipped: refusing to push to namespace '$GHCR_NAMESPACE'. Please override GHCR_* for forks." >&2
-            echo "ghcr_image_name=" >> $GITHUB_OUTPUT
-            echo "ghcr_provenance_image=" >> $GITHUB_OUTPUT
-          fi
-          echo "allow_ghcr_publish=$ALLOW_GHCR_PUBLISH" >> $GITHUB_OUTPUT
+      # get image tag
+      - run: echo ::set-output name=tag::$(cat ./VERSION)-${GITHUB_SHA::8}
+        working-directory: ./src/github.com/argoproj/argo-cd
         id: image
 
-      - name: Determine image platforms to use
-        id: platforms
-        run: |
-          IMAGE_PLATFORMS=linux/amd64
-          if [[ "${{ github.event_name }}" == "push" || "${{ contains(github.event.pull_request.labels.*.name, 'test-multi-image') }}" == "true" ]]
-          then
-            IMAGE_PLATFORMS=linux/amd64,linux/arm64,linux/s390x,linux/ppc64le
-          fi
-          echo "Building image for platforms: $IMAGE_PLATFORMS"
-          echo "platforms=$IMAGE_PLATFORMS" >> $GITHUB_OUTPUT
+      # build
+      - run: |
+          docker images -a --format "{{.ID}}" | xargs -I {} docker rmi {}
+          make image DEV_IMAGE=true DOCKER_PUSH=false IMAGE_NAMESPACE=ghcr.io/argoproj IMAGE_TAG=${{ steps.image.outputs.tag }}
+        working-directory: ./src/github.com/argoproj/argo-cd
 
-  build-only:
-    needs: [set-vars]
-    permissions:
-      contents: read
-      packages: write # for pushing packages to GHCR, which is used by cd.apps.argoproj.io to avoid polluting Quay with tags
-      id-token: write # for creating OIDC tokens for signing.
-    if: ${{ (github.repository == 'argoproj/argo-cd' || needs.set-vars.outputs.image_namespace != 'argoproj') && github.event_name != 'push' }}
-    uses: ./.github/workflows/image-reuse.yaml
-    with:
-      # Note: cannot use env variables to set go-version (https://docs.github.com/en/actions/using-workflows/reusing-workflows#limitations)
-      # renovate: datasource=golang-version packageName=golang
-      go-version: 1.26.0
-      platforms: ${{ needs.set-vars.outputs.platforms }}
-      push: false
+      # publish
+      - run: |
+          docker login ghcr.io --username $USERNAME --password $PASSWORD
+          docker push ghcr.io/argoproj/argocd:${{ steps.image.outputs.tag }}
 
-  build-and-publish:
-    needs: [set-vars]
-    permissions:
-      contents: read
-      packages: write # for pushing packages to GHCR, which is used by cd.apps.argoproj.io to avoid polluting Quay with tags
-      id-token: write # for creating OIDC tokens for signing.
-    if: ${{ (github.repository == 'argoproj/argo-cd' || needs.set-vars.outputs.image_namespace != 'argoproj') && github.event_name == 'push' }}
-    uses: ./.github/workflows/image-reuse.yaml
-    with:
-      quay_image_name: ${{ needs.set-vars.outputs.quay_image_name }}
-      ghcr_image_name: ${{ needs.set-vars.outputs.ghcr_image_name }}
-      # Note: cannot use env variables to set go-version (https://docs.github.com/en/actions/using-workflows/reusing-workflows#limitations)
-      # renovate: datasource=golang-version packageName=golang
-      go-version: 1.26.0
-      platforms: ${{ needs.set-vars.outputs.platforms }}
-      push: true
-    secrets:
-      quay_username: ${{ secrets.RELEASE_QUAY_USERNAME }}
-      quay_password: ${{ secrets.RELEASE_QUAY_TOKEN }}
-      ghcr_username: ${{ github.actor }}
-      ghcr_password: ${{ secrets.GITHUB_TOKEN }}
+          docker login --username "${DOCKER_USERNAME}" --password "${DOCKER_TOKEN}"
+          docker tag ghcr.io/argoproj/argocd:${{ steps.image.outputs.tag }} argoproj/argocd:latest
+          docker push argoproj/argocd:latest
+        env:
+          USERNAME: ${{ secrets.USERNAME }}
+          PASSWORD: ${{ secrets.TOKEN }}
+          DOCKER_USERNAME: ${{ secrets.RELEASE_DOCKERHUB_USERNAME }}
+          DOCKER_TOKEN: ${{ secrets.RELEASE_DOCKERHUB_TOKEN }}
 
-  build-and-publish-provenance: # Push attestations to GHCR, latest image is polluting quay.io
-    needs:
-      - set-vars
-      - build-and-publish
-    permissions:
-      actions: read # for detecting the Github Actions environment.
-      id-token: write # for creating OIDC tokens for signing.
-      packages: write # for uploading attestations. (https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/container/README.md#known-issues)
-    if: ${{ (github.repository == 'argoproj/argo-cd' || needs.set-vars.outputs.image_namespace != 'argoproj') && github.event_name == 'push' && needs.set-vars.outputs.allow_ghcr_publish == 'true'}}
-    # Must be refernced by a tag. https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/container/README.md#referencing-the-slsa-generator
-    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v2.1.0
-    with:
-      image: ${{ needs.set-vars.outputs.ghcr_provenance_image }}
-      digest: ${{ needs.build-and-publish.outputs.image-digest }}
-      registry-username: ${{ github.actor }}
-    secrets:
-      registry-password: ${{ secrets.GITHUB_TOKEN }}
-
-  Deploy:
-    needs:
-      - build-and-publish
-      - set-vars
-    permissions:
-      contents: write # for git to push upgrade commit if not already deployed
-      packages: write # for pushing packages to GHCR, which is used by cd.apps.argoproj.io to avoid polluting Quay with tags
-    if: ${{ github.repository == 'argoproj/argo-cd' && github.event_name == 'push' }}
-    runs-on: ubuntu-24.04
-    steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      # deploy
       - run: git clone "https://$TOKEN@github.com/argoproj/argoproj-deployments"
         env:
           TOKEN: ${{ secrets.TOKEN }}
       - run: |
-          docker run -u $(id -u):$(id -g) -v $(pwd):/src -w /src --rm -t ghcr.io/argoproj/argo-cd/argocd:${{ needs.set-vars.outputs.image-tag }} kustomize edit set image quay.io/argoproj/argocd=ghcr.io/argoproj/argo-cd/argocd:${{ needs.set-vars.outputs.image-tag }}
+          docker run -u $(id -u):$(id -g) -v $(pwd):/src -w /src --rm -t ghcr.io/argoproj/argocd:${{ steps.image.outputs.tag }} kustomize edit set image quay.io/argoproj/argocd=ghcr.io/argoproj/argocd:${{ steps.image.outputs.tag }}
           git config --global user.email 'ci@argoproj.com'
           git config --global user.name 'CI'
-          git diff --exit-code && echo 'Already deployed' || (git commit -am 'Upgrade argocd to ${{ needs.set-vars.outputs.image-tag }}' && git push)
+          git diff --exit-code && echo 'Already deployed' || (git commit -am 'Upgrade argocd to ${{ steps.image.outputs.tag }}' && git push)
         working-directory: argoproj-deployments/argocd
+      # TODO: clean up old images once github supports it: https://github.community/t5/How-to-use-Git-and-GitHub/Deleting-images-from-GitHub-Package-Registry/m-p/41202/thread-id/9811

.github/workflows/init-release.yaml

@@ -1,83 +0,0 @@
-name: Init ArgoCD Release
-on:
-  workflow_dispatch:
-    inputs:
-      TARGET_BRANCH:
-        description: 'TARGET_BRANCH to checkout (e.g. release-2.5)'
-        required: true
-        type: string
-
-      TARGET_VERSION:
-        description: 'TARGET_VERSION to build manifests (e.g. 2.5.0-rc1) Note: the `v` prefix is not used'
-        required: true
-        type: string
-
-permissions: {}
-
-jobs:
-  prepare-release:
-    permissions:
-      contents: write  # for peter-evans/create-pull-request to create branch
-      pull-requests: write  # for peter-evans/create-pull-request to create a PR
-    name: Automatically generate version and manifests on ${{ inputs.TARGET_BRANCH }}
-    runs-on: ubuntu-24.04
-    env:
-      # Calculate image names with defaults, this will be used in the make manifests-local command
-      # to generate the correct image name in the manifests
-      IMAGE_REGISTRY: ${{ vars.IMAGE_REGISTRY || 'quay.io' }}
-      IMAGE_NAMESPACE: ${{ vars.IMAGE_NAMESPACE || 'argoproj' }}
-      IMAGE_REPOSITORY: ${{ vars.IMAGE_REPOSITORY || 'argocd' }}
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd  # v6.0.2
-        with:
-          fetch-depth: 0
-          token: ${{ secrets.GITHUB_TOKEN }}
-          ref: ${{ inputs.TARGET_BRANCH }}
-
-      - name: Check if TARGET_VERSION is well formed.
-        run: |
-          set -xue
-          # Target version must not contain 'v' prefix
-          if echo "${{ inputs.TARGET_VERSION }}" | grep -e '^v'; then
-            echo "::error::Target version '${{ inputs.TARGET_VERSION }}' should not begin with a 'v' prefix, refusing to continue." >&2
-            exit 1
-          fi
-
-      - name: Create VERSION information
-        run: |
-          set -ue
-          echo "Bumping version from $(cat VERSION) to ${{ inputs.TARGET_VERSION }}"
-          echo "${{ inputs.TARGET_VERSION }}" > VERSION
-
-        # We install kustomize in the dist directory
-      - name: Add dist to PATH
-        run: |
-          echo "/home/runner/work/argo-cd/argo-cd/dist" >> $GITHUB_PATH
-
-      - name: Generate new set of manifests
-        run: |
-          set -ue
-          make install-codegen-tools-local
-          make manifests-local VERSION=${{ inputs.TARGET_VERSION }}
-          git diff
-
-      - name: Generate version compatibility table
-        run: |
-          git stash
-          bash hack/update-supported-versions.sh
-          git add -u .
-          git stash pop
-
-      - name: Create pull request
-        uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0  # v8.1.0
-        with:
-          commit-message: "Bump version to ${{ inputs.TARGET_VERSION }}"
-          title: "Bump version to ${{ inputs.TARGET_VERSION }} on ${{ inputs.TARGET_BRANCH }} branch"
-          body: Updating VERSION and manifests to ${{ inputs.TARGET_VERSION }}
-          branch: update-version
-          branch-suffix: random
-          signoff: true
-          labels: release
-
-

.github/workflows/pr-title-check.yml

@@ -1,29 +0,0 @@
-name: "Lint PR"
-
-on:
-  pull_request_target:
-    types: [opened, edited, reopened, synchronize]
-
-# IMPORTANT: No checkout actions, scripts, or builds should be added to this workflow. Permissions should always be used
-# with extreme caution. https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request_target
-permissions: {}
-
-# PR updates can happen in quick succession leading to this
-# workflow being trigger a number of times. This limits it
-# to one run per PR.
-concurrency:
-  group: ${{ github.workflow }}-${{ github.head_ref }}
-  cancel-in-progress: true
-
-jobs:
-  validate:
-    permissions:
-      contents: read
-      pull-requests: read
-    name: Validate PR Title
-    runs-on: ubuntu-24.04
-    steps:
-      - uses: thehanimo/pr-title-checker@7fbfe05602bdd86f926d3fb3bccb6f3aed43bc70 # v1.4.3
-        with:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          configuration_path: ".github/pr-title-checker-config.json"

.github/workflows/release.yaml

@@ -1,356 +1,282 @@
-name: Publish ArgoCD Release
+name: Create ArgoCD release
 on:
   push:
     tags:
-      - 'v*'
-      - '!v2.4*'
-      - '!v2.5*'
-      - '!v2.6*'
-
-permissions: {}
+      - 'release-v*'
+      - '!release-v1.5*'
+      - '!release-v1.4*'
+      - '!release-v1.3*'
+      - '!release-v1.2*'
+      - '!release-v1.1*'
+      - '!release-v1.0*'
+      - '!release-v0*'
 
 env:
-  # renovate: datasource=golang-version packageName=golang
-  GOLANG_VERSION: '1.26.0' # Note: go-version must also be set in job argocd-image.with.go-version
+    GOLANG_VERSION: '1.16.11'
 
 jobs:
-  argocd-image:
-    needs: [setup-variables]
-    permissions:
-      contents: read
-      id-token: write # for creating OIDC tokens for signing.
-      packages: write # used to push images to `ghcr.io` if used.
-    if: github.repository == 'argoproj/argo-cd' || needs.setup-variables.outputs.allow_fork_release == 'true'
-    uses: ./.github/workflows/image-reuse.yaml
-    with:
-      quay_image_name: ${{ needs.setup-variables.outputs.quay_image_name }}
-      # Note: cannot use env variables to set go-version (https://docs.github.com/en/actions/using-workflows/reusing-workflows#limitations)
-      # renovate: datasource=golang-version packageName=golang
-      go-version: 1.26.0
-      platforms: linux/amd64,linux/arm64,linux/s390x,linux/ppc64le
-      push: true
-    secrets:
-      quay_username: ${{ secrets.RELEASE_QUAY_USERNAME }}
-      quay_password: ${{ secrets.RELEASE_QUAY_TOKEN }}
-
-  setup-variables:
-    name: Setup Release Variables
-    if: github.repository == 'argoproj/argo-cd' || (github.repository_owner != 'argoproj' && vars.ENABLE_FORK_RELEASES == 'true' && vars.IMAGE_NAMESPACE && vars.IMAGE_NAMESPACE != 'argoproj')
-    runs-on: ubuntu-24.04
-    outputs:
-      is_pre_release: ${{ steps.var.outputs.is_pre_release }}
-      is_latest_release: ${{ steps.var.outputs.is_latest_release }}
-      enable_fork_releases: ${{ steps.var.outputs.enable_fork_releases }}
-      image_namespace: ${{ steps.var.outputs.image_namespace }}
-      image_repository: ${{ steps.var.outputs.image_repository }}
-      quay_image_name: ${{ steps.var.outputs.quay_image_name }}
-      provenance_image: ${{ steps.var.outputs.provenance_image }}
-      allow_fork_release: ${{ steps.var.outputs.allow_fork_release }}
+  prepare-release:
+    name: Perform automatic release on trigger ${{ github.ref }}
+    runs-on: ubuntu-latest
+    env:
+      # The name of the tag as supplied by the GitHub event
+      SOURCE_TAG: ${{ github.ref }}
+      # The image namespace where Docker image will be published to
+      IMAGE_NAMESPACE: quay.io/argoproj
+      # Whether to create & push image and release assets
+      DRY_RUN: false
+      # Whether a draft release should be created, instead of public one
+      DRAFT_RELEASE: false
+      # Whether to update homebrew with this release as well
+      # Set RELEASE_HOMEBREW_TOKEN secret in repository for this to work - needs
+      # access to public repositories
+      UPDATE_HOMEBREW: false
+      # Name of the GitHub user for Git config
+      GIT_USERNAME: argo-bot
+      # E-Mail of the GitHub user for Git config
+      GIT_EMAIL: argoproj@gmail.com
     steps:
       - name: Checkout code
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@v2
         with:
           fetch-depth: 0
           token: ${{ secrets.GITHUB_TOKEN }}
-      - name: Setup variables
-        id: var
+
+      - name: Check if the published tag is well formed and setup vars
         run: |
           set -xue
-          # Fetch all tag information
-          git fetch --prune --tags --force
+          # Target version must match major.minor.patch and optional -rcX suffix
+          # where X must be a number.
+          TARGET_VERSION=${SOURCE_TAG#*release-v}
+          if ! echo "${TARGET_VERSION}" | egrep '^[0-9]+\.[0-9]+\.[0-9]+(-rc[0-9]+)*$'; then
+            echo "::error::Target version '${TARGET_VERSION}' is malformed, refusing to continue." >&2
+            exit 1
+          fi
 
-          LATEST_RELEASE_TAG=$(git -c 'versionsort.suffix=-rc' tag --list --sort=version:refname | grep -v '-' | tail -n1)
+          # Target branch is the release branch we're going to operate on
+          # Its name is 'release-<major>.<minor>'
+          TARGET_BRANCH="release-${TARGET_VERSION%\.[0-9]*}"
 
+          # The release tag is the source tag, minus the release- prefix
+          RELEASE_TAG="${SOURCE_TAG#*release-}"
+
+          # Whether this is a pre-release (indicated by -rc suffix)
           PRE_RELEASE=false
-          # Check if latest tag is a pre-release
-          if echo ${{ github.ref_name }} | grep -E -- '-rc[0-9]+$';then
+          if echo "${RELEASE_TAG}" | egrep -- '-rc[0-9]+$'; then
             PRE_RELEASE=true
           fi
 
-          IS_LATEST=false
-          # Ensure latest release tag matches github.ref_name
-          if [[ $LATEST_RELEASE_TAG == ${{ github.ref_name }} ]];then
-            IS_LATEST=true
+          # We must not have a release trigger within the same release branch,
+          # because that means a release for this branch is already running.
+          if git tag -l | grep "release-v${TARGET_VERSION%\.[0-9]*}" | grep -v "release-v${TARGET_VERSION}"; then
+            echo "::error::Another release for branch ${TARGET_BRANCH} is currently in progress."
+            exit 1
           fi
-          echo "is_pre_release=$PRE_RELEASE" >> $GITHUB_OUTPUT
-          echo "is_latest_release=$IS_LATEST" >> $GITHUB_OUTPUT
-          
-          # Calculate configuration with defaults
-          ENABLE_FORK_RELEASES="${{ vars.ENABLE_FORK_RELEASES || 'false' }}"
-          IMAGE_NAMESPACE="${{ vars.IMAGE_NAMESPACE || 'argoproj' }}"
-          IMAGE_REPOSITORY="${{ vars.IMAGE_REPOSITORY || 'argocd' }}"
-          
-          echo "enable_fork_releases=$ENABLE_FORK_RELEASES" >> $GITHUB_OUTPUT
-          
-          echo "image_namespace=$IMAGE_NAMESPACE" >> $GITHUB_OUTPUT
-          echo "image_repository=$IMAGE_REPOSITORY" >> $GITHUB_OUTPUT
-          echo "quay_image_name=quay.io/$IMAGE_NAMESPACE/$IMAGE_REPOSITORY:${{ github.ref_name }}" >> $GITHUB_OUTPUT
-          echo "provenance_image=quay.io/$IMAGE_NAMESPACE/$IMAGE_REPOSITORY" >> $GITHUB_OUTPUT
-          
-          ALLOW_FORK_RELEASE=false
-          if [[ "${{ github.repository_owner }}" != "argoproj" && "$ENABLE_FORK_RELEASES" == "true" && "$IMAGE_NAMESPACE" != "argoproj" && "${{ github.ref }}" == refs/tags/* ]]; then
-            ALLOW_FORK_RELEASE=true
+
+          # Ensure that release do not yet exist
+          if git rev-parse ${RELEASE_TAG}; then
+            echo "::error::Release tag ${RELEASE_TAG} already exists in repository. Refusing to continue."
+            exit 1
           fi
-          echo "allow_fork_release=$ALLOW_FORK_RELEASE" >> $GITHUB_OUTPUT
 
-  argocd-image-provenance:
-    needs: [setup-variables, argocd-image]
-    permissions:
-      actions: read # for detecting the Github Actions environment.
-      id-token: write # for creating OIDC tokens for signing.
-      packages: write # for uploading attestations. (https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/container/README.md#known-issues)
-    # Must be refernced by a tag. https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/container/README.md#referencing-the-slsa-generator
-    if: github.repository == 'argoproj/argo-cd' || needs.setup-variables.outputs.allow_fork_release == 'true'
-    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v2.1.0
-    with:
-      image: ${{ needs.setup-variables.outputs.provenance_image }}
-      digest: ${{ needs.argocd-image.outputs.image-digest }}
-    secrets:
-      registry-username: ${{ secrets.RELEASE_QUAY_USERNAME }}
-      registry-password: ${{ secrets.RELEASE_QUAY_TOKEN }}
+          # Make the variables available in follow-up steps
+          echo "TARGET_VERSION=${TARGET_VERSION}" >> $GITHUB_ENV
+          echo "TARGET_BRANCH=${TARGET_BRANCH}" >> $GITHUB_ENV
+          echo "RELEASE_TAG=${RELEASE_TAG}" >> $GITHUB_ENV
+          echo "PRE_RELEASE=${PRE_RELEASE}" >> $GITHUB_ENV
 
-  goreleaser:
-    needs:
-      - setup-variables
-      - argocd-image
-      - argocd-image-provenance
-    permissions:
-      contents: write # used for uploading assets
-    if: github.repository == 'argoproj/argo-cd' || needs.setup-variables.outputs.allow_fork_release == 'true'
-    runs-on: ubuntu-24.04
-    env:
-      GORELEASER_MAKE_LATEST: ${{ needs.setup-variables.outputs.is_latest_release }}
-    outputs:
-      hashes: ${{ steps.hash.outputs.hashes }}
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-        with:
-          fetch-depth: 0
-          token: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Fetch all tags
-        run: git fetch --force --tags
-
-      - name: Setup Golang
-        uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0
-        with:
-          go-version: ${{ env.GOLANG_VERSION }}
-          cache: false
-
-      - name: Set GORELEASER_PREVIOUS_TAG # Workaround, GoReleaser uses 'git-describe' to determine a previous tag. Our tags are created in release branches.
+      - name: Check if our release tag has a correct annotation
         run: |
-          set -xue
-          GORELEASER_PREVIOUS_TAG=$(go run hack/get-previous-release/get-previous-version-for-release-notes.go ${{ github.ref_name }}) || exit 1
-          echo "GORELEASER_PREVIOUS_TAG=$GORELEASER_PREVIOUS_TAG" >> $GITHUB_ENV
+          set -ue
+          # Fetch all tag information as well
+          git fetch --prune --tags --force
 
-      - name: Set environment variables for ldflags
-        id: set_ldflag
-        run: |
-          echo "KUBECTL_VERSION=$(go list -m k8s.io/client-go | head -n 1 | rev | cut -d' ' -f1 | rev)" >> $GITHUB_ENV
-          echo "GIT_TREE_STATE=$(if [ -z "`git status --porcelain`" ]; then echo "clean" ; else echo "dirty"; fi)" >> $GITHUB_ENV
+          echo "=========== BEGIN COMMIT MESSAGE ============="
+          git show ${SOURCE_TAG}
+          echo "============ END COMMIT MESSAGE =============="
+          
+          # Quite dirty hack to get the release notes from the annotated tag
+          # into a temporary file.
+          RELEASE_NOTES=$(mktemp -p /tmp release-notes.XXXXXX)
 
-      - name: Free Disk Space (Ubuntu)
-        uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be
-        with:
-          large-packages: false
-          docker-images: false
-          swap-storage: false
-          tool-cache: false
-
-      - name: Run GoReleaser
-        uses: goreleaser/goreleaser-action@e435ccd777264be153ace6237001ef4d979d3a7a # v6.4.0
-        id: run-goreleaser
-        with:
-          version: latest
-          args: release --clean --timeout 55m
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          KUBECTL_VERSION: ${{ env.KUBECTL_VERSION }}
-          GIT_TREE_STATE: ${{ env.GIT_TREE_STATE }}
-          # Used to determine the current repository in the goreleaser config to display correct manifest links
-          GORELEASER_CURRENT_REPOSITORY: ${{ github.repository }}
-
-      - name: Generate subject for provenance
-        id: hash
-        env:
-          ARTIFACTS: '${{ steps.run-goreleaser.outputs.artifacts }}'
-        run: |
-          set -euo pipefail
-
-          hashes=$(echo $ARTIFACTS | jq --raw-output '.[] | {name, "digest": (.extra.Digest // .extra.Checksum)} | select(.digest) | {digest} + {name} | join("  ") | sub("^sha256:";"")' | base64 -w0)
-          if test "$hashes" = ""; then # goreleaser < v1.13.0
-            checksum_file=$(echo "$ARTIFACTS" | jq -r '.[] | select (.type=="Checksum") | .path')
-            hashes=$(cat $checksum_file | base64 -w0)
-          fi
-          echo "hashes=$hashes" >> $GITHUB_OUTPUT
-
-  goreleaser-provenance:
-    needs: [goreleaser, setup-variables]
-    permissions:
-      actions: read # for detecting the Github Actions environment
-      id-token: write # Needed for provenance signing and ID
-      contents: write #  Needed for release uploads
-    if: github.repository == 'argoproj/argo-cd' || needs.setup-variables.outputs.allow_fork_release == 'true'
-    # Must be refernced by a tag. https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/container/README.md#referencing-the-slsa-generator
-    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.1.0
-    with:
-      base64-subjects: '${{ needs.goreleaser.outputs.hashes }}'
-      provenance-name: 'argocd-cli.intoto.jsonl'
-      upload-assets: true
-
-  generate-sbom:
-    name: Create SBOM and generate hash
-    needs:
-      - argocd-image
-      - goreleaser
-      - setup-variables
-    permissions:
-      contents: write # Needed for release uploads
-    outputs:
-      hashes: ${{ steps.sbom-hash.outputs.hashes }}
-    if: github.repository == 'argoproj/argo-cd' || needs.setup-variables.outputs.allow_fork_release == 'true'
-    runs-on: ubuntu-24.04
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-        with:
-          fetch-depth: 0
-          token: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Setup Golang
-        uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0
-        with:
-          go-version: ${{ env.GOLANG_VERSION }}
-          cache: false
-
-      - name: Generate SBOM (spdx)
-        id: spdx-builder
-        env:
-          # defines the spdx/spdx-sbom-generator version to use.
-          SPDX_GEN_VERSION: v0.0.13
-          # defines the sigs.k8s.io/bom version to use.
-          SIGS_BOM_VERSION: v0.2.1
-          # comma delimited list of project relative folders to inspect for package
-          # managers (gomod, yarn, npm).
-          PROJECT_FOLDERS: '.,./ui'
-          # full qualified name of the docker image to be inspected
-          DOCKER_IMAGE: ${{ needs.setup-variables.outputs.quay_image_name }}
-        run: |
-          yarn install --cwd ./ui
-          go install github.com/spdx/spdx-sbom-generator/cmd/generator@$SPDX_GEN_VERSION
-          go install sigs.k8s.io/bom/cmd/bom@$SIGS_BOM_VERSION
-
-          # Generate SPDX for project dependencies analyzing package managers
-          for folder in $(echo $PROJECT_FOLDERS | sed "s/,/ /g")
-          do
-            generator -p $folder -o /tmp
+          prefix=true
+          begin=false
+          git show ${SOURCE_TAG} | while read line; do
+            # Whatever is in commit history for the tag, we only want that
+            # annotation from our tag. We discard everything else.
+            if test "$begin" = "false"; then
+              if echo "$line" | grep -q "tag ${SOURCE_TAG#refs/tags/}"; then begin="true"; fi
+              continue
+            fi
+            if test "$prefix" = "true"; then
+                  if test -z "$line"; then prefix=false; fi
+            else
+                  if echo "$line" | egrep -q '^commit [0-9a-f]+'; then
+                          break
+                  fi
+                  echo "$line" >> ${RELEASE_NOTES}
+            fi
           done
 
-          # Generate SPDX for binaries analyzing the docker image
-          if [[ ! -z $DOCKER_IMAGE ]]; then
-            bom generate -o /tmp/bom-docker-image.spdx -i $DOCKER_IMAGE
+          # For debug purposes
+          echo "============BEGIN RELEASE NOTES================="
+          cat ${RELEASE_NOTES}
+          echo "=============END RELEASE NOTES=================="
+
+          # Too short release notes are suspicious. We need at least 100 bytes.
+          relNoteLen=$(stat -c '%s' $RELEASE_NOTES)
+          if test $relNoteLen -lt 100; then
+            echo "::error::No release notes provided in tag annotation (or tag is not annotated)"
+            exit 1
           fi
 
-          cd /tmp && tar -zcf sbom.tar.gz *.spdx
+          # Check for magic string '## Quick Start' in head of release notes
+          if ! head -2 ${RELEASE_NOTES} | grep -iq '## Quick Start'; then
+            echo "::error::Release notes seem invalid, quick start section not found."
+            exit 1
+          fi
 
-      - name: Generate SBOM hash
-        shell: bash
-        id: sbom-hash
-        run: |
-          # sha256sum generates sha256 hash for sbom.
-          # base64 -w0 encodes to base64 and outputs on a single line.
-          # sha256sum /tmp/sbom.tar.gz ... | base64 -w0
-          echo "hashes=$(sha256sum /tmp/sbom.tar.gz | base64 -w0)" >> "$GITHUB_OUTPUT"
+          # We store path to temporary release notes file for later reading, we
+          # need it when creating release.
+          echo "RELEASE_NOTES=${RELEASE_NOTES}" >> $GITHUB_ENV
 
-      - name: Upload SBOM
-        uses: softprops/action-gh-release@a06a81a03ee405af7f2048a818ed3f03bbf83c7b # v2.5.0
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      - name: Setup Golang
+        uses: actions/setup-go@v1
         with:
-          files: |
-            /tmp/sbom.tar.gz
-
-  sbom-provenance:
-    needs: [generate-sbom, setup-variables]
-    permissions:
-      actions: read # for detecting the Github Actions environment
-      id-token: write # Needed for provenance signing and ID
-      contents: write #  Needed for release uploads
-    if: github.repository == 'argoproj/argo-cd' || needs.setup-variables.outputs.allow_fork_release == 'true'
-    # Must be referenced by a tag. https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/container/README.md#referencing-the-slsa-generator
-    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.1.0
-    with:
-      base64-subjects: '${{ needs.generate-sbom.outputs.hashes }}'
-      provenance-name: 'argocd-sbom.intoto.jsonl'
-      upload-assets: true
-
-  post-release:
-    needs:
-      - setup-variables
-      - argocd-image
-      - goreleaser
-      - generate-sbom
-    permissions:
-      contents: write # Needed to push commit to update stable tag
-      pull-requests: write # Needed to create PR for VERSION update.
-    if: github.repository == 'argoproj/argo-cd' || needs.setup-variables.outputs.allow_fork_release == 'true'
-    runs-on: ubuntu-24.04
-    env:
-      TAG_STABLE: ${{ needs.setup-variables.outputs.is_latest_release }}
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-        with:
-          fetch-depth: 0
-          token: ${{ secrets.GITHUB_TOKEN }}
+          go-version: ${{ env.GOLANG_VERSION }}
 
       - name: Setup Git author information
         run: |
           set -ue
-          git config --global user.email 'ci@argoproj.com'
-          git config --global user.name 'CI'
+          git config --global user.email "${GIT_EMAIL}"
+          git config --global user.name "${GIT_USERNAME}"
 
-      - name: Update stable tag to latest version
+      - name: Checkout corresponding release branch
         run: |
-          git tag -f stable ${{ github.ref_name }}
-          git push -f origin stable
-        if: ${{ env.TAG_STABLE == 'true' }}
-
-      - name: Check to see if VERSION should be updated on master branch
-        run: |
-          set -xue
-          SOURCE_TAG=${{ github.ref_name }}
-          VERSION_REF="${SOURCE_TAG#*v}"
-          COMMIT_HASH=$(git rev-parse HEAD)
-          if echo "$VERSION_REF" | grep -E -- '^[0-9]+\.[0-9]+\.0-rc1';then
-            VERSION=$(awk 'BEGIN {FS=OFS="."} {$2++; print}' <<< "${VERSION_REF%-rc1}")
-            echo "Updating VERSION to: $VERSION"
-            echo "UPDATE_VERSION=true" >> $GITHUB_ENV
-            echo "NEW_VERSION=$VERSION" >> $GITHUB_ENV
-            echo "COMMIT_HASH=$COMMIT_HASH" >> $GITHUB_ENV
-          else
-            echo "Not updating VERSION"
-            echo "UPDATE_VERSION=false" >> $GITHUB_ENV
+          set -ue
+          echo "Switching to release branch '${TARGET_BRANCH}'"
+          if ! git checkout ${TARGET_BRANCH}; then
+            echo "::error::Checking out release branch '${TARGET_BRANCH}' for target version '${TARGET_VERSION}' (tagged '${RELEASE_TAG}') failed. Does it exist in repo?"
+            exit 1
           fi
 
-      - name: Update VERSION on master branch
+      - name: Create VERSION information
         run: |
-          echo ${{ env.NEW_VERSION }} > VERSION
-          # Replace the 'project-release: vX.X.X-rcX' line in SECURITY-INSIGHTS.yml
-          sed -i "s/project-release: v.*$/project-release: v${{ env.NEW_VERSION }}/" SECURITY-INSIGHTS.yml
-          # Update the 'commit-hash: XXXXXXX' line in SECURITY-INSIGHTS.yml
-          sed -i "s/commit-hash: .*/commit-hash: ${{ env.COMMIT_HASH }}/" SECURITY-INSIGHTS.yml
-        if: ${{ env.UPDATE_VERSION == 'true' }}
+          set -ue
+          echo "Bumping version from $(cat VERSION) to ${TARGET_VERSION}"
+          echo "${TARGET_VERSION}" > VERSION
+          git commit -m "Bump version to ${TARGET_VERSION}" VERSION
 
-      - name: Create PR to update VERSION on master branch
-        uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v8.1.0
+      - name: Generate new set of manifests
+        run: |
+          set -ue
+          make install-codegen-tools-local
+          helm2 init --client-only
+          make manifests-local VERSION=${TARGET_VERSION}
+          git diff
+          git commit manifests/ -m "Bump version to ${TARGET_VERSION}"
+
+      - name: Create the release tag
+        run: |
+          set -ue
+          echo "Creating release ${RELEASE_TAG}"
+          git tag ${RELEASE_TAG}
+
+      - name: Build Docker image for release
+        run: |
+          set -ue
+          git clean -fd
+          mkdir -p dist/
+          make image IMAGE_TAG="${TARGET_VERSION}" DOCKER_PUSH=false
+          make release-cli
+          chmod +x ./dist/argocd-linux-amd64
+          ./dist/argocd-linux-amd64 version --client
+        if: ${{ env.DRY_RUN != 'true' }}
+
+      - name: Push docker image to repository
+        env:
+          DOCKER_USERNAME: ${{ secrets.RELEASE_DOCKERHUB_USERNAME }}
+          DOCKER_TOKEN: ${{ secrets.RELEASE_DOCKERHUB_TOKEN }}
+          QUAY_USERNAME: ${{ secrets.RELEASE_QUAY_USERNAME }}
+          QUAY_TOKEN: ${{ secrets.RELEASE_QUAY_TOKEN }}
+        run: |
+          set -ue
+          docker login quay.io --username "${QUAY_USERNAME}" --password "${QUAY_TOKEN}"
+          docker push ${IMAGE_NAMESPACE}/argocd:v${TARGET_VERSION}
+          # Remove the following when Docker Hub is gone
+          docker login --username "${DOCKER_USERNAME}" --password "${DOCKER_TOKEN}"
+          docker tag ${IMAGE_NAMESPACE}/argocd:v${TARGET_VERSION} argoproj/argocd:v${TARGET_VERSION}
+          docker push argoproj/argocd:v${TARGET_VERSION}
+        if: ${{ env.DRY_RUN != 'true' }}
+
+      - name: Read release notes file
+        id: release-notes
+        uses: juliangruber/read-file-action@v1
+        with: 
+          path: ${{ env.RELEASE_NOTES }}
+
+      - name: Push changes to release branch
+        run: |
+          set -ue
+          git push origin ${TARGET_BRANCH}
+          git push origin ${RELEASE_TAG}
+
+      - name: Create GitHub release
+        uses: actions/create-release@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        id: create_release
         with:
-          commit-message: Bump version in master
-          title: 'chore: Bump version in master'
-          body: All images built from master should indicate which version we are on track for.
-          signoff: true
-          branch: update-version
-          branch-suffix: random
-          base: master
-        if: ${{ env.UPDATE_VERSION == 'true' }}
+          tag_name: ${{ env.RELEASE_TAG }}
+          release_name: ${{ env.RELEASE_TAG }}
+          draft: ${{ env.DRAFT_RELEASE }}
+          prerelease: ${{ env.PRE_RELEASE }}
+          body: ${{ steps.release-notes.outputs.content }}
+
+      - name: Upload argocd-linux-amd64 binary to release assets
+        uses: actions/upload-release-asset@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          upload_url: ${{ steps.create_release.outputs.upload_url }}
+          asset_path: ./dist/argocd-linux-amd64
+          asset_name: argocd-linux-amd64
+          asset_content_type: application/octet-stream
+        if: ${{ env.DRY_RUN != 'true' }}
+
+      - name: Upload argocd-darwin-amd64 binary to release assets
+        uses: actions/upload-release-asset@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          upload_url: ${{ steps.create_release.outputs.upload_url }}
+          asset_path: ./dist/argocd-darwin-amd64
+          asset_name: argocd-darwin-amd64
+          asset_content_type: application/octet-stream
+        if: ${{ env.DRY_RUN != 'true' }}
+
+      - name: Upload argocd-windows-amd64 binary to release assets
+        uses: actions/upload-release-asset@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          upload_url: ${{ steps.create_release.outputs.upload_url }}
+          asset_path: ./dist/argocd-windows-amd64.exe
+          asset_name: argocd-windows-amd64.exe
+          asset_content_type: application/octet-stream
+        if: ${{ env.DRY_RUN != 'true' }}
+
+      - name: Update homebrew formula
+        env:
+          HOMEBREW_TOKEN: ${{ secrets.RELEASE_HOMEBREW_TOKEN }}
+        uses: dawidd6/action-homebrew-bump-formula@v3
+        with:
+          token: ${{env.HOMEBREW_TOKEN}}
+          formula: argocd
+        if: ${{ env.HOMEBREW_TOKEN != '' && env.UPDATE_HOMEBREW == 'true' && env.PRE_RELEASE != 'true' }}
+
+      - name: Delete original request tag from repository
+        run: |
+          set -ue
+          git push --delete origin ${SOURCE_TAG}
+        if: ${{ always() }}

.github/workflows/renovate.yaml

@@ -1,32 +0,0 @@
-name: Renovate
-on:
-  schedule:
-    - cron: '0 * * * *'
-  workflow_dispatch: {}
-
-permissions:
-  contents: read
-
-jobs:
-  renovate:
-    runs-on: ubuntu-24.04
-    if: github.repository == 'argoproj/argo-cd'
-    steps:
-      - name: Get token
-        id: get_token
-        uses: actions/create-github-app-token@d72941d797fd3113feb6b93fd0dec494b13a2547 # v1
-        with:
-          app-id: ${{ vars.RENOVATE_APP_ID }}
-          private-key: ${{ secrets.RENOVATE_APP_PRIVATE_KEY }}
-
-      - name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # 6.0.2
-
-      - name: Self-hosted Renovate
-        uses: renovatebot/github-action@d65ef9e20512193cc070238b49c3873a361cd50c #46.1.1
-        with:
-          configurationFile: .github/configs/renovate-config.js
-          token: '${{ steps.get_token.outputs.token }}'
-        env:
-          LOG_LEVEL: 'debug'
-          RENOVATE_REPOSITORIES: '${{ github.repository }}'

.github/workflows/scorecard.yaml

@@ -1,67 +0,0 @@
-name: Scorecards supply-chain security
-on:
-  # Only the default branch is supported.
-  branch_protection_rule:
-  schedule:
-    - cron: "39 9 * * 2"
-  push:
-    branches: ["master"]
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
-
-# Declare default permissions as read only.
-permissions: read-all
-
-jobs:
-  analysis:
-    name: Scorecards analysis
-    runs-on: ubuntu-24.04
-    permissions:
-      # Needed to upload the results to code-scanning dashboard.
-      security-events: write
-      # Used to receive a badge. (Upcoming feature)
-      id-token: write
-      # Needs for private repositories.
-      contents: read
-      actions: read
-    if: github.repository == 'argoproj/argo-cd'
-
-    steps:
-      - name: "Checkout code"
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-        with:
-          persist-credentials: false
-
-      - name: "Run analysis"
-        uses: ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a # v2.4.3
-        with:
-          results_file: results.sarif
-          results_format: sarif
-          # (Optional) Read-only PAT token. Uncomment the `repo_token` line below if:
-          # - you want to enable the Branch-Protection check on a *public* repository, or
-          # - you are installing Scorecards on a *private* repository
-          # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-pat.
-          # repo_token: ${{ secrets.SCORECARD_READ_TOKEN }}
-
-          # Publish the results for public repositories to enable scorecard badges. For more details, see
-          # https://github.com/ossf/scorecard-action#publishing-results.
-          # For private repositories, `publish_results` will automatically be set to `false`, regardless
-          # of the value entered here.
-          publish_results: true
-
-      # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
-      # format to the repository Actions tab.
-      - name: "Upload artifact"
-        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
-        with:
-          name: SARIF file
-          path: results.sarif
-          retention-days: 5
-
-      # Upload the results to GitHub's code scanning dashboard.
-      - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@8fcfedf57053e09257688fce7a0beeb18b1b9ae3 # v2.17.2
-        with:
-          sarif_file: results.sarif

.github/workflows/stale.yaml

@@ -1,33 +0,0 @@
-name: "Label stale issues and PRs"
-on:
-  schedule:
-    - cron: "0 0 * * *" #Runs midnight 12AM UTC
-
-#Added Recommended permissions
-permissions:
-  issues: write
-  pull-requests: write
-
-jobs:
-  stale:
-    runs-on: ubuntu-24.04
-    steps:
-      - uses: actions/stale@b5d41d4e1d5dceea10e7104786b73624c18a190f # v10.2.0
-        with:
-          repo-token: ${{ secrets.GITHUB_TOKEN }}
-
-          stale-issue-message: >
-            This issue has been marked as stale because it has had no activity for 90 days. Please comment if this is still relevant.
-
-          stale-pr-message: >
-            This pull request has been marked as stale because it has had no activity for 90 days. Please comment if this is still relevant.
-
-          days-before-stale: 90
-          days-before-close: -1   # Auto-close diabled
-
-          exempt-issue-labels: >
-            bug, security, breaking/high, breaking/medium, breaking/low
-
-          # General configuration
-          operations-per-run: 200
-          remove-stale-when-updated: true #Remove stale label when issue/pr is updated

.github/workflows/update-snyk.yaml

@@ -1,36 +0,0 @@
-name: Snyk report update
-on:
-  workflow_dispatch: {}
-  schedule:
-    - cron: '0 0 * * 0' # midnight every Sunday
-
-permissions:
-  contents: read
-
-jobs:
-  snyk-report:
-    permissions:
-      contents: write
-      pull-requests: write
-    if: github.repository == 'argoproj/argo-cd'
-    name: Update Snyk report in the docs directory
-    runs-on: ubuntu-24.04
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-        with:
-          token: ${{ secrets.GITHUB_TOKEN }}
-      - name: Build reports
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
-        run: |
-          make snyk-report
-          pr_branch="snyk-update-$(echo $RANDOM | md5sum | head -c 20)"
-          git checkout -b "$pr_branch"
-          git config --global user.email 'ci@argoproj.com'
-          git config --global user.name 'CI'
-          git add docs/snyk
-          git commit -m "[Bot] docs: Update Snyk reports" --signoff
-          git push --set-upstream origin "$pr_branch"
-          gh pr create -B master -H "$pr_branch" --title '[Bot] docs: Update Snyk report' --body ''

.gitignore

@@ -1,14 +1,12 @@
 .vscode/
 .idea/
 .DS_Store
-.run/
 vendor/
 dist/*
 ui/dist/app/*
 !ui/dist/app/gitkeep
 site/
 *.iml
-.tilt-bin/
 # delve debug binaries
 cmd/**/debug
 debug.test
@@ -18,17 +16,9 @@ test-results
 .scratch
 node_modules/
 .kube/
-./test/cmp/*.sock
-.envrc.remote
-.mirrord/
-.*.swp
-rerunreport.txt
 
 # ignore built binaries
 cmd/argocd/argocd
 cmd/argocd-application-controller/argocd-application-controller
 cmd/argocd-repo-server/argocd-repo-server
-cmd/argocd-server/argocd-server
-
-# ignore generated `.argocd-helm-dep-up` marker file; this should not be committed to git
-reposerver/repository/testdata/**/.argocd-helm-dep-up
+cmd/argocd-server/argocd-server

.gitpod.Dockerfile

@@ -0,0 +1,17 @@
+FROM gitpod/workspace-full
+
+USER root
+
+RUN curl -o /usr/local/bin/kubectl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" && \
+    chmod +x /usr/local/bin/kubectl
+
+RUN curl -L https://go.kubebuilder.io/dl/2.3.1/$(go env GOOS)/$(go env GOARCH) | \
+    tar -xz -C /tmp/ && mv /tmp/kubebuilder_2.3.1_$(go env GOOS)_$(go env GOARCH) /usr/local/kubebuilder
+
+RUN apt-get install redis-server -y
+RUN go get github.com/mattn/goreman
+
+USER gitpod
+
+ENV ARGOCD_REDIS_LOCAL=true
+ENV KUBECONFIG=/tmp/kubeconfig

.gitpod.yml

@@ -0,0 +1,6 @@
+image:
+  file: .gitpod.Dockerfile
+
+tasks:
+  - init: make mod-download-local dep-ui-local && GO111MODULE=off go get github.com/mattn/goreman
+    command: make start-test-k8s

.golangci.yaml

@@ -1,261 +0,0 @@
-formatters:
-  enable:
-    - gofumpt
-    - goimports
-
-  settings:
-    goimports:
-      local-prefixes:
-        - github.com/argoproj/argo-cd/v3
-
-issues:
-  max-issues-per-linter: 0
-
-  max-same-issues: 0
-
-linters:
-  enable:
-    - errorlint
-    - exptostd
-    - gocritic
-    - gomodguard
-    - govet
-    - importas
-    - misspell
-    - modernize
-    - noctx
-    - perfsprint
-    - revive
-    - staticcheck
-    - testifylint
-    - thelper
-    - tparallel
-    - unparam
-    - usestdlibvars
-    - usetesting
-    - whitespace
-
-  exclusions:
-    rules:
-      - linters:
-          - unparam
-        path: (.+)_test\.go
-
-    presets:
-      - comments
-      - common-false-positives
-      - legacy
-      - std-error-handling
-
-    warn-unused: true
-
-  settings:
-    gocritic:
-      enable-all: true
-      # Most of these should probably be enabled one-by-one.
-      disabled-checks:
-        - appendAssign
-        - appendCombine # Leave disabled, multi-line assigns can be more readable.
-        - assignOp # Leave disabled, assign operations can be more confusing than helpful.
-        - commentedOutCode
-        - deferInLoop
-        - exitAfterDefer
-        - hugeParam
-        - importShadow
-        - paramTypeCombine # Leave disabled, there are too many failures to be worth fixing.
-        - rangeValCopy
-        - tooManyResultsChecker
-        - unnamedResult
-        - whyNoLint
-
-    gomodguard:
-      blocked:
-        modules:
-          - github.com/golang-jwt/jwt/v4:
-              recommendations:
-                - github.com/golang-jwt/jwt/v5
-
-          - github.com/imdario/mergo:
-              recommendations:
-                - dario.cat/mergo
-              reason: '`github.com/imdario/mergo` has been renamed.'
-
-          - github.com/pkg/errors:
-              recommendations:
-                - errors
-
-    govet:
-      disable:
-        - fieldalignment
-        - shadow
-      enable-all: true
-
-    importas:
-      alias:
-        - pkg: github.com/golang-jwt/jwt/v5
-          alias: jwtgo
-
-        - pkg: k8s.io/api/apps/v1
-          alias: appsv1
-
-        - pkg: k8s.io/api/core/v1
-          alias: corev1
-
-        - pkg: k8s.io/api/rbac/v1
-          alias: rbacv1
-
-        - pkg: k8s.io/apimachinery/pkg/api/errors
-          alias: apierrors
-
-        - pkg: k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1
-          alias: apiextensionsv1
-
-        - pkg: k8s.io/apimachinery/pkg/apis/meta/v1
-          alias: metav1
-
-        - pkg: k8s.io/client-go/informers/core/v1
-          alias: informersv1
-
-        - pkg: errors
-          alias: stderrors
-
-        - pkg: github.com/argoproj/argo-cd/v3/util/io
-          alias: utilio
-
-    modernize:
-      disable:
-        # Suggest replacing omitempty with omitzero for struct fields.
-        - omitzero
-        # Simplify code by using go1.26's new(expr). - generates lots of false positives.
-        - newexpr
-
-    nolintlint:
-      require-specific: true
-
-    perfsprint:
-      # Optimizes even if it requires an int or uint type cast.
-      int-conversion: true
-      # Optimizes into `err.Error()` even if it is only equivalent for non-nil errors.
-      err-error: true
-      # Optimizes `fmt.Errorf`.
-      errorf: true
-      # Optimizes `fmt.Sprintf` with only one argument.
-      sprintf1: true
-      # Optimizes into strings concatenation.
-      strconcat: true
-
-    revive:
-      # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md
-      rules:
-        - name: bool-literal-in-expr
-
-        - name: blank-imports
-          disabled: true
-
-        - name: context-as-argument
-          arguments:
-            - allowTypesBefore: '*testing.T,testing.TB'
-
-        - name: context-keys-type
-          disabled: true
-
-        - name: dot-imports
-          disabled: true
-
-        - name: duplicated-imports
-
-        - name: early-return
-          arguments:
-            - preserveScope
-
-        - name: empty-block
-          disabled: true
-
-        - name: error-naming
-          disabled: true
-
-        - name: error-return
-
-        - name: error-strings
-          disabled: true
-
-        - name: errorf
-
-        - name: identical-branches
-
-        - name: if-return
-
-        - name: increment-decrement
-
-        - name: indent-error-flow
-          arguments:
-            - preserveScope
-
-        - name: modifies-parameter
-
-        - name: optimize-operands-order
-
-        - name: range
-
-        - name: receiver-naming
-
-        - name: redefines-builtin-id
-          disabled: true
-
-        - name: redundant-import-alias
-
-        - name: superfluous-else
-          arguments:
-            - preserveScope
-
-        - name: time-equal
-
-        - name: time-naming
-          disabled: true
-
-        - name: unexported-return
-          disabled: true
-
-        - name: unnecessary-stmt
-
-        - name: unreachable-code
-
-        - name: unused-parameter
-
-        - name: use-any
-
-        - name: useless-break
-
-        - name: var-declaration
-
-        - name: var-naming
-          arguments:
-            - - ID
-            - - VM
-            - - skipPackageNameChecks: true
-                upperCaseConst: true
-
-    staticcheck:
-      checks:
-        - all
-        - -SA5011
-        - -ST1003
-        - -ST1016
-
-    testifylint:
-      enable-all: true
-
-      disable:
-        - go-require
-
-    unused:
-      field-writes-are-uses: false
-      exported-fields-are-used: false
-
-    usetesting:
-      os-mkdir-temp: false
-
-output:
-  show-stats: false
-
-version: "2"

.golangci.yml

@@ -0,0 +1,22 @@
+run:
+  timeout: 2m
+  skip-files:
+    - ".*\\.pb\\.go"
+  skip-dirs:
+    - pkg/client/
+    - vendor/
+linters:
+  enable:
+    - vet
+    - deadcode
+    - goimports
+    - varcheck
+    - structcheck
+    - ineffassign
+    - unconvert
+    - unparam
+linters-settings:
+  goimports:
+    local-prefixes: github.com/argoproj/argo-cd
+service:
+  golangci-lint-version: 1.21.0

.goreleaser.yaml

@@ -1,124 +0,0 @@
-version: 2
-
-project_name: argocd
-
-before:
-  hooks:
-    - go mod download
-    - make build-ui
-
-builds:
-  - id: argocd-cli
-    main: ./cmd
-    binary: argocd-{{ .Os}}-{{ .Arch}}
-    env:
-      - CGO_ENABLED=0
-    flags:
-      - -v
-    ldflags:
-      - -X github.com/argoproj/argo-cd/v3/common.version={{ .Version }}
-      - -X github.com/argoproj/argo-cd/v3/common.buildDate={{ .Date }}
-      - -X github.com/argoproj/argo-cd/v3/common.gitCommit={{ .FullCommit }}
-      - -X github.com/argoproj/argo-cd/v3/common.gitTreeState={{ .Env.GIT_TREE_STATE }}
-      - -X github.com/argoproj/argo-cd/v3/common.kubectlVersion={{ .Env.KUBECTL_VERSION }}
-      - -extldflags="-static"
-    goos:
-      - linux
-      - windows
-      - darwin
-    goarch:
-      - amd64
-      - arm64
-      - s390x
-      - ppc64le
-    ignore:
-      - goos: darwin
-        goarch: s390x
-      - goos: darwin
-        goarch: ppc64le
-      - goos: windows
-        goarch: s390x
-      - goos: windows
-        goarch: ppc64le
-      - goos: windows
-        goarch: arm64
-
-archives:
-  - id: argocd-archive
-    ids:
-      - argocd-cli
-    name_template: |-
-      {{ .ProjectName }}-{{ .Os }}-{{ .Arch }}
-    formats: [binary]
-
-checksum:
-  name_template: 'cli_checksums.txt'
-  algorithm: sha256
-
-release:
-  make_latest: '{{ .Env.GORELEASER_MAKE_LATEST }}'
-  prerelease: auto
-  draft: false
-  header: |
-    ## Quick Start
-
-    ### Non-HA:
-
-    ```shell
-    kubectl create namespace argocd
-    kubectl apply -n argocd --server-side --force-conflicts -f https://raw.githubusercontent.com/{{ .Env.GORELEASER_CURRENT_REPOSITORY }}/{{.Tag}}/manifests/install.yaml
-    ```
-
-    ### HA:
-
-    ```shell
-    kubectl create namespace argocd
-    kubectl apply -n argocd --server-side --force-conflicts -f https://raw.githubusercontent.com/{{ .Env.GORELEASER_CURRENT_REPOSITORY }}/{{.Tag}}/manifests/ha/install.yaml
-    ```
-
-    ## Release Signatures and Provenance
-
-    All Argo CD container images are signed by cosign.  A Provenance is generated for container images and CLI binaries which meet the SLSA Level 3 specifications. See the [documentation](https://argo-cd.readthedocs.io/en/stable/operator-manual/signed-release-assets) on how to verify.
-
-    ## Release Notes Blog Post
-    For a detailed breakdown of the key changes and improvements in this release, check out the [official blog post](https://blog.argoproj.io/argo-cd-v3-0-release-candidate-a0b933f4e58f)
-
-    ## Upgrading
-
-    If upgrading from a different minor version, be sure to read the [upgrading](https://argo-cd.readthedocs.io/en/stable/operator-manual/upgrading/overview/) documentation.
-  footer: |
-    **Full Changelog**: https://github.com/{{ .Env.GORELEASER_CURRENT_REPOSITORY }}/compare/{{ .PreviousTag }}...{{ .Tag }}
-
-    <a href="https://argoproj.github.io/cd/"><img src="https://raw.githubusercontent.com/argoproj/argo-site/master/content/pages/cd/gitops-cd.png" width="25%" ></a>
-
-snapshot: #### To be removed for PR
-  version_template: '2.6.0'
-
-changelog:
-  use: github
-  sort: asc
-  abbrev: 0
-  groups: # Regex use RE2 syntax as defined here: https://github.com/google/re2/wiki/Syntax.
-    - title: 'Breaking Changes'
-      regexp: '^.*?(\([[:word:]]+\))??!:.+$'
-      order: 0
-    - title: 'Features'
-      regexp: '^.*?feat(\([[:word:]]+\))??!?:.+$'
-      order: 100
-    - title: 'Bug fixes'
-      regexp: '^.*?fix(\([[:word:]]+\))??!?:.+$'
-      order: 200
-    - title: 'Documentation'
-      regexp: '^.*?docs(\([[:word:]]+\))??!?:.+$'
-      order: 300
-    - title: 'Dependency updates'
-      regexp: '^.*?(feat|fix|chore)\(deps?.+\)!?:.+$'
-      order: 400
-    - title: 'Other work'
-      order: 999
-  filters:
-    exclude:
-      - '^test:'
-      - '^.*?Bump(\([[:word:]]+\))?.+$'
-      - '^.*?\[Bot\](\([[:word:]]+\))?.+$'
-# yaml-language-server: $schema=https://goreleaser.com/static/schema.json

.mockery.yaml

@@ -1,96 +0,0 @@
-dir: '{{.InterfaceDir}}/mocks'
-filename: '{{.InterfaceName}}.go'
-include-auto-generated: true # Needed since mockery 3.6.1
-packages:
-  github.com/argoproj/argo-cd/v3/applicationset/generators:
-    interfaces:
-      Generator: {}
-  github.com/argoproj/argo-cd/v3/applicationset/services:
-    interfaces:
-      Repos: {}
-  github.com/argoproj/argo-cd/v3/applicationset/services/scm_provider:
-    interfaces:
-      AWSCodeCommitClient: {}
-      AWSTaggingClient: {}
-      AzureDevOpsClientFactory: {}
-  github.com/argoproj/argo-cd/v3/applicationset/utils:
-    interfaces:
-      Renderer: {}
-  github.com/argoproj/argo-cd/v3/commitserver/apiclient:
-    interfaces:
-      CommitServiceClient: {}
-  github.com/argoproj/argo-cd/v3/commitserver/commit:
-    interfaces:
-      RepoClientFactory: {}
-  github.com/argoproj/argo-cd/v3/controller/cache:
-    interfaces:
-      LiveStateCache: {}
-  github.com/argoproj/argo-cd/v3/controller/hydrator:
-    interfaces:
-      Dependencies: {}
-      RepoGetter: {}
-  github.com/argoproj/argo-cd/v3/pkg/apiclient/cluster:
-    interfaces:
-      ClusterServiceServer: {}
-  github.com/argoproj/argo-cd/v3/pkg/apiclient/project:
-    interfaces:
-      ProjectServiceClient: {}
-  github.com/argoproj/argo-cd/v3/pkg/apiclient/session:
-    interfaces:
-      SessionServiceClient: {}
-      SessionServiceServer: {}
-  github.com/argoproj/argo-cd/v3/pkg/client/clientset/versioned/typed/application/v1alpha1:
-    interfaces:
-      AppProjectInterface: {}
-  github.com/argoproj/argo-cd/v3/reposerver/apiclient:
-    interfaces:
-      RepoServerServiceClient: {}
-      RepoServerService_GenerateManifestWithFilesClient: {}
-  github.com/argoproj/argo-cd/v3/server/application:
-    interfaces:
-      Broadcaster: {}
-  github.com/argoproj/argo-cd/v3/server/extension:
-    interfaces:
-      ApplicationGetter: {}
-      ExtensionMetricsRegistry: {}
-      ProjectGetter: {}
-      RbacEnforcer: {}
-      SettingsGetter: {}
-      UserGetter: {}
-  github.com/argoproj/argo-cd/v3/util/db:
-    interfaces:
-      ArgoDB: {}
-      RepoCredsDB: {}
-  github.com/argoproj/argo-cd/v3/util/git:
-    interfaces:
-      Client: {}
-  github.com/argoproj/argo-cd/v3/util/helm:
-    interfaces:
-      Client: {}
-  github.com/argoproj/argo-cd/v3/util/io:
-    interfaces:
-      TempPaths: {}
-  github.com/argoproj/argo-cd/v3/util/notification/argocd:
-    interfaces:
-      Service: {}
-  github.com/argoproj/argo-cd/v3/util/oci:
-    interfaces:
-      Client: {}
-  github.com/argoproj/argo-cd/v3/util/workloadidentity:
-    interfaces:
-      TokenProvider: {}
-  github.com/argoproj/argo-cd/gitops-engine/pkg/cache:
-    interfaces:
-      ClusterCache: {}
-  github.com/argoproj/argo-cd/gitops-engine/pkg/diff:
-    interfaces:
-      ServerSideDryRunner: {}
-  github.com/microsoft/azure-devops-go-api/azuredevops/v7/git:
-    config:
-      dir: applicationset/services/scm_provider/azure_devops/git/mocks
-    interfaces:
-      Client: {}
-pkgname: mocks
-structname: '{{.InterfaceName}}'
-template-data:
-  unroll-variadic: true

.readthedocs.yaml

@@ -1,12 +0,0 @@
-version: 2
-formats: all
-mkdocs:
-  fail_on_warning: false
-  configuration: mkdocs.yml
-python:
-  install:
-    - requirements: docs/requirements.txt
-build:
-  os: "ubuntu-22.04"
-  tools:
-    python: "3.12"

.readthedocs.yml

@@ -0,0 +1,7 @@
+version: 2
+formats: all
+mkdocs:
+  fail_on_warning: false
+python:
+  install:
+    - requirements: docs/requirements.txt

.snyk

@@ -1,40 +0,0 @@
-# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
-version: v1.22.1
-# ignores vulnerabilities until expiry date; change duration by modifying expiry date
-ignore:
-  SNYK-JS-ANSIREGEX-1583908:
-    - '*':
-        reason: >-
-          Code is only run client-side in the swagger-ui endpoint. No risk of
-          server-side DoS.
-  SNYK-CC-K8S-44:
-    - 'manifests/core-install.yaml > *':
-        reason: >-
-          Argo CD needs wide permissions to manage resources.
-    - 'manifests/install.yaml > *':
-        reason: >-
-          Argo CD needs wide permissions to manage resources.
-  SNYK-JS-MOMENT-2440688:
-    - '*':
-        reason: >-
-          Code is only run client-side. No risk of directory traversal.
-  SNYK-GOLANG-GITHUBCOMEMICKLEIGORESTFUL-2435653:
-    - '*':
-        reason: >-
-          Argo CD uses go-restful as a transitive dependency of kube-openapi. kube-openapi is used to generate openapi
-          specs. We do not use go-restul at runtime and are therefore not vulnerable to this CORS misconfiguration
-          issue in go-restful.
-  SNYK-JS-FORMIDABLE-2838956:
-    - '*':
-        reason: >-
-          Code is only run client-side. No risk of arbitrary file upload.
-  SNYK-JS-PARSEPATH-2936439:
-    - '*':
-        reason: >-
-          The issue is that, for specific URLs, parse-path may incorrectly identify the "resource" (domain name)
-          portion. For example, in "http://127.0.0.1#@example.com", it identifies "example.com" as the "resource".
-
-          We use parse-path on the client side, but permissions for git URLs are checked server-side. This is a
-          potential usability issue, but it is not a security issue.
-patch: {}
-

CHANGELOG.md

@@ -1,841 +1,5 @@
 # Changelog
 
-## v2.4.8 (2022-07-29)
-
-### Bug fixes
-
-- feat: support application level extensions (#9923)
-- feat: support multiple extensions per resource group/kind (#9834)
-- fix: extensions is not loading for ConfigMap/Pods (#10010)
-- fix: upgrade moment from 2.29.2 to 2.29.3 (#9330)
-- fix: skip redirect url validation when it's the base href (#10058) (#10116)
-- fix: avoid CVE-2022-28948 (#10093)
-- fix: Set HOST_ARCH for yarn build from platform (#10018)
-
-### Other changes
-
-- chore(deps): bump moment from 2.29.3 to 2.29.4 in /ui (#9897)
-- docs: add OpenSSH breaking change notes (#10104)
-- chore: update parse-url (#10101)
-- docs: add api field example in the appset security doc (#10087)
-- chore: update redis to 7.0.4 avoid CVE-2022-30065 (#10059)
-- docs: add argocd-server grpc metric usage (#10007)
-- chore: upgrade Dex to 2.32.0 (#10036) (#10042)
-- chore: update redis to avoid CVE-2022-2097 (#10031)
-- chore: update haproxy to 2.0.29 for redis-ha (#10045)
-
-## v2.4.7 (2022-07-18)
-
-### Bug fixes
-
-fix: Support files in argocd.argoproj.io/manifest-generate-paths annotation (#9908)
-fix: terminal websocket write lock to avoid races (#10011)
-fix: updated all a tags to Link tags in app summary (#9777)
-fix: e2e test to use func from clusterauth instead creating one with old logic (#9989)
-fix: add missing download CLI tool URL response for ppc64le, s390x (#9983)
-
-### Other
-
-chore: upgrade parse-url to avoid SNYK-JS-PARSEURL-2936249 (#9826)
-docs: use quotes to emphasize that ConfigMap value is a string (#9995)
-docs: document directory app include/exclude fields (#9997)
-docs: simplify Docker toolchain docs (#9966) (#10006)
-docs: supported versions (#9876)
-
-## v2.4.6 (2022-07-12)
-
-### Features
-
-* feat: Treat connection reset as a retryable error (#9739)
-
-### Bug fixes
-
-* fix: 'unexpected reserved bits' breaking web terminal (#9605) (#9895)
-* fix: argocd login just hangs on 2.4.0 #9679 (#9935)
-* fix: CMP manifest generation fails with ENHANCE_YOUR_CALM if over 40s (#9922)
-* fix: NotAfter is not set when ValidFor is set (#9911)
-* fix: add missing download CLI tool link for ppc64le, s390x (#9649)
-* fix: Check tracking annotation for being self-referencing (#9791)
-* fix: Make change of tracking method work at runtime (#9820)
-* fix: argo-cd git submodule is using SSH auth instead of HTTPs (#3118) (#9821)
-
-### Other
-
-* docs: fix typo in Generators-Git.md (#9949)
-* docs: add terminal documentation (#9948)
-* test: Use dedicated multi-arch workloads in e2e tests (#9921)
-* docs: Adding blank line so list is formatted correctly (#9880)
-* docs: small fix for plugin stream filtering (#9871)
-* docs: Document the possibility of rendering Helm charts with Kustomize (#9841)
-* docs: getting started notes on self-signed cert (#9429) (#9784)
-* test: check for error messages from CI env (#9953)
-
-## v2.4.5 (2022-07-12)
-
-### Security fixes
-
-* HIGH: Certificate verification is skipped for connections to OIDC providers ([GHSA-7943-82jg-wmw5](https://github.com/argoproj/argo-cd/security/advisories/GHSA-7943-82jg-wmw5))
-* LOW: A leaked API server encryption key can allow XSS for SSO users ([GHSA-pmjg-52h9-72qv](https://github.com/argoproj/argo-cd/security/advisories/GHSA-pmjg-52h9-72qv))
-
-### Potentially-breaking changes
-
-The fix for GHSA-7943-82jg-wmw5 enables TLS certificate validation by default for connections to OIDC providers. If
-connections to your OIDC provider fails validation, SSO will be broken for your Argo CD instance. You should test 2.4.5
-before upgrading it to production. From the new documentation:
-
-> By default, all connections made by the API server to OIDC providers (either external providers or the bundled Dex
-> instance) must pass certificate validation. These connections occur when getting the OIDC provider's well-known
-> configuration, when getting the OIDC provider's keys, and  when exchanging an authorization code or verifying an ID
-> token as part of an OIDC login flow.
->
-> Disabling certificate verification might make sense if:
-> * You are using the bundled Dex instance **and** your Argo CD instance has TLS configured with a self-signed certificate
-    >   **and** you understand and accept the risks of skipping OIDC provider cert verification.
-> * You are using an external OIDC provider **and** that provider uses an invalid certificate **and** you cannot solve
-    >   the problem by setting `oidcConfig.rootCA` **and** you understand and accept the risks of skipping OIDC provider cert
-    >   verification.
->
-> If either of those two applies, then you can disable OIDC provider certificate verification by setting
-> `oidc.tls.insecure.skip.verify` to `"true"` in the `argocd-cm` ConfigMap.
-
-### Bug fixes
-
-* fix: webhook typo in case of error in GetManifests (#9671)
-
-## v2.4.4 (2022-07-07)
-
-### Bug fixes
-
-- fix: missing path segments for git file generator (#9839)
-- fix: make sure api server informer does not stop after setting change (#9842)
-- fix: support resource logs and exec (#9833)
-- fix: configurable CMP tar exclusions (#9675) (#9789)
-- fix: prune any deleted refs before fetching (#9504)
-
-### Other
-
-- test: Remove circular symlinks from testdata (#9886)
-- docs: custom secret must be labeled (#9835)
-- docs: update archlinux install with official package (#9718)
-- docs: explain rightmost git generator path parameter behavior (#9799)
-
-## v2.4.3 (2022-06-27)
-
-### Bug fixes
-
-- fix: respect OIDC providers' supported token signing algorithms (#9433) (#9761)
-- fix websockets for terminal not working on subPath (#9795)
-- fix: avoid closing and re-opening port of api server settings change (#9778)
-- fix: [ArgoCD] Fixing webhook typo in case of error in GetManifests (#9671)
-- fix: overrides should not appear in the manifest cache key (#9601)
-
-## v2.4.2 (2022-06-21)
-
-### Bug fixes
-
-* fix: project filter (#9651) (#9709)
-* fix: broken symlink in Dockerfile (#9674)
-* fix: updated baseHRefRegex to perform lazy match (#9724)
-* fix: updated config file permission requirements for windows (#9666)
-
-### Other
-
-* docs: Update sync-options.md (#9687)
-* test/remote: Allow override of base image (#9734)
-
-## v2.4.1 (2022-06-21)
-
-### Security fixes
-
-* CRITICAL: External URLs for Deployments can include javascript ([GHSA-h4w9-6x78-8vrj](https://github.com/argoproj/argo-cd/security/advisories/GHSA-h4w9-6x78-8vrj))
-* HIGH: Insecure entropy in PKCE/Oauth2/OIDC params ([GHSA-2m7h-86qq-fp4v](https://github.com/argoproj/argo-cd/security/advisories/GHSA-2m7h-86qq-fp4v))
-* MODERATE: DoS through large directory app manifest files ([GHSA-jhqp-vf4w-rpwq](https://github.com/argoproj/argo-cd/security/advisories/GHSA-jhqp-vf4w-rpwq))
-* MODERATE: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server ([GHSA-q4w5-4gq2-98vm](https://github.com/argoproj/argo-cd/security/advisories/GHSA-q4w5-4gq2-98vm))
-
-### Potentially-breaking changes
-
-From the [GHSA-2m7h-86qq-fp4v](https://github.com/argoproj/argo-cd/security/advisories/GHSA-2m7h-86qq-fp4v) description:
-
-> The patch introduces a new `reposerver.max.combined.directory.manifests.size` config parameter, which you should tune before upgrading in production. It caps the maximum total file size of .yaml/.yml/.json files in directory-type (raw manifest) Applications. The default max is 10M per Application. This max is designed to keep any single app from consuming more than 3G of memory in the repo-server (manifests consume more space in memory than on disk). The 300x ratio assumes a maliciously-crafted manifest file. If you only want to protect against accidental excessive memory use, it is probably safe to use a smaller ratio.
->
-> If your organization uses directory-type Applications with very many manifests or very large manifests then check the size of those manifests and tune the config parameter before deploying this change to production. When testing, make sure to do a "hard refresh" in either the CLI or UI to test your directory-type App. That will make sure you're using the new max logic instead of relying on cached manifest responses from Redis.
-
-### Other
-
-* test: directory app manifest generation (#9503)
-* chore: Implement tests to validate aws auth retry (#9627)
-* chore: Implement a retry in aws auth command (#9618)
-* test: Remove temp directories from repo server tests (#9501)
-* test: Make context tests idempodent (#9502)
-* test: fix plugin var test for OSX (#9590)
-* docs: Document how to deploy from the root of the git repository (#9632)
-* docs: added environment variables documentation (#8680)
-
-## v2.4.0 (2022-06-10)
-
-### Web Terminal In Argo CD UI
-
-Feature enables engineers to start a shell in the running application container without leaving the web interface. Just find the required Kubernetes
-Pod using the Application Details page, click on it and select the Terminal tab. The shell starts automatically and enables you to execute the required
-commands, and helps to troubleshoot the application state.
-
-### Access Control For Pod Logs & Web Terminal
-
-Argo CD is used to manage the critical infrastructure of multiple organizations, which makes security the top priority of the project. We've listened to
-your feedback and introduced additional access control settings that control access to Kubernetes Pod logs and the new Web Terminal feature.
-
-#### Pod Logs UI
-
-Since 2.4.9, the LOGS tab in pod view is visible in the UI only for users with explicit allow get logs policy.
-
-#### Known pod logs UI issue prior to 2.4.9
-
-Upon pressing the "LOGS" tab in pod view by users who don't have an explicit allow get logs policy, the red "unable to load data: Internal error" is received in the bottom of the screen, and "Failed to load data, please try again" is displayed.
-
-### OpenTelemetry Tracing Integration
-
-The new feature allows emitting richer telemetry data that might make identifying performance bottlenecks easier. The new feature is available for argocd-server
-and argocd-repo-server components and can be enabled using the --otlp-address flag.
-
-### Power PC and IBM Z Support
-
-The list of supported architectures has been expanded, and now includes IBM Z (s390x) and PowerPC (ppc64le). Starting with the v2.4 release the official quay.io
-repository is going to have images for amd64, arm64, ppc64le, and s390x architectures.
-
-### Other Notable Changes
-
-Overall v2.4 release includes more than 300 hundred commits from nearly 90 contributors. Here is a short sample of the contributions:
-
-* Enforce the deployment to remote clusters only
-* Native support of GCP authentication for GKE
-* Secured Redis connection
-* ApplicationSet Gitea support
-
-## v2.3.7 (2022-07-29)
-
-### Notes
-
-This is mainly a security related release and updates compatibility with Kubernetes 1.24.
-
-**Attention:** The base image for 2.3.x reached end-of-life on July 14, 2022. This release upgraded the base image to Ubuntu 22.04 LTS. The change should have no effect on the majority of users. But if any of your git providers only supports now-deprecated key hash algorithms, then Application syncing might break. See the [2.2-to-2.3 upgrade notes](https://argo-cd.readthedocs.io/en/latest/operator-manual/upgrading/2.2-2.3/#support-for-private-repo-ssh-keys-using-the-sha-1-signature-hash-algorithm-is-removed-in-237) for details and workaround instructions.
-
-### Bug fixes
-
-- fix: skip redirect url validation when it's the base href (#10058) (#10116)
-- fix: upgrade moment from 2.29.2 to 2.29.3 (#9330)
-- fix: avoid CVE-2022-28948 (#10093)
-- fix: use serviceaccount name instead of struct (#9614)
-- fix: create serviceaccount token for v1.24 clusters (#9546)
-
-### Other changes
-
-- test: Remove cluster e2e tests not intended for release-2.3
-- test: Remove circular symlinks from testdata (#9886)
-- chore(deps): bump moment from 2.29.3 to 2.29.4 in /ui (#9897)
-- chore: upgrade moment to latest version to fix CVE (#9005)
-- chore: move dependencies to dev dependencies (#8541)
-- docs: add OpenSSH breaking change notes (#10104)
-- chore: update parse-url (#10101)
-- chore: upgrade base image to 22.04 (#10103)
-- docs: simplify Docker toolchain docs (#9966) (#10006)
-- chore: update redis to 6.2.7 avoid CVE-2022-30065/CVE-2022-2097 (#10062)
-- chore: upgrade Dex to 2.32.0 (#10036) (#10042)
-- chore: update haproxy to 2.0.29 for redis-ha (#10045)
-- test: check for error messages from CI env (#9953)
-
-## v2.3.6 (2022-07-12)
-
-### Security fixes
-
-* HIGH: Certificate verification is skipped for connections to OIDC providers ([GHSA-7943-82jg-wmw5](https://github.com/argoproj/argo-cd/security/advisories/GHSA-7943-82jg-wmw5))
-* LOW: A leaked API server encryption key can allow XSS for SSO users ([GHSA-pmjg-52h9-72qv](https://github.com/argoproj/argo-cd/security/advisories/GHSA-pmjg-52h9-72qv))
-
-### Potentially-breaking changes
-
-The fix for GHSA-7943-82jg-wmw5 enables TLS certificate validation by default for connections to OIDC providers. If
-connections to your OIDC provider fails validation, SSO will be broken for your Argo CD instance. You should test 2.3.6
-before upgrading it to production. From the new documentation:
-
-> By default, all connections made by the API server to OIDC providers (either external providers or the bundled Dex
-> instance) must pass certificate validation. These connections occur when getting the OIDC provider's well-known
-> configuration, when getting the OIDC provider's keys, and  when exchanging an authorization code or verifying an ID
-> token as part of an OIDC login flow.
->
-> Disabling certificate verification might make sense if:
-> * You are using the bundled Dex instance **and** your Argo CD instance has TLS configured with a self-signed certificate
-    >   **and** you understand and accept the risks of skipping OIDC provider cert verification.
-> * You are using an external OIDC provider **and** that provider uses an invalid certificate **and** you cannot solve
-    >   the problem by setting `oidcConfig.rootCA` **and** you understand and accept the risks of skipping OIDC provider cert
-    >   verification.
->
-> If either of those two applies, then you can disable OIDC provider certificate verification by setting
-> `oidc.tls.insecure.skip.verify` to `"true"` in the `argocd-cm` ConfigMap.
-
-### Bug fixes
-
-* fix: webhook typo in case of error in GetManifests (#9671)
-
-## v2.3.5 (2022-06-21)
-
-### Security fixes
-
-* CRITICAL: External URLs for Deployments can include javascript ([GHSA-h4w9-6x78-8vrj](https://github.com/argoproj/argo-cd/security/advisories/GHSA-h4w9-6x78-8vrj))
-* HIGH: Insecure entropy in PKCE/Oauth2/OIDC params ([GHSA-2m7h-86qq-fp4v](https://github.com/argoproj/argo-cd/security/advisories/GHSA-2m7h-86qq-fp4v))
-* MODERATE: DoS through large directory app manifest files ([GHSA-jhqp-vf4w-rpwq](https://github.com/argoproj/argo-cd/security/advisories/GHSA-jhqp-vf4w-rpwq))
-* MODERATE: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server ([GHSA-q4w5-4gq2-98vm](https://github.com/argoproj/argo-cd/security/advisories/GHSA-q4w5-4gq2-98vm))
-
-### Potentially-breaking changes
-
-From the [GHSA-2m7h-86qq-fp4v](https://github.com/argoproj/argo-cd/security/advisories/GHSA-2m7h-86qq-fp4v) description:
-
-> The patch introduces a new `reposerver.max.combined.directory.manifests.size` config parameter, which you should tune before upgrading in production. It caps the maximum total file size of .yaml/.yml/.json files in directory-type (raw manifest) Applications. The default max is 10M per Application. This max is designed to keep any single app from consuming more than 3G of memory in the repo-server (manifests consume more space in memory than on disk). The 300x ratio assumes a maliciously-crafted manifest file. If you only want to protect against accidental excessive memory use, it is probably safe to use a smaller ratio.
->
-> If your organization uses directory-type Applications with very many manifests or very large manifests then check the size of those manifests and tune the config parameter before deploying this change to production. When testing, make sure to do a "hard refresh" in either the CLI or UI to test your directory-type App. That will make sure you're using the new max logic instead of relying on cached manifest responses from Redis.
-
-### Bug fixes
-
-* fix: missing Helm params (#9565) (#9566)
-
-### Other
-
-* test: directory app manifest generation (#9503)
-* chore: eliminate go-mpatch dependency (#9045)
-* chore: Make unit tests run on platforms other than amd64 (#8995)
-* chore: remove obsolete repo-server unit test (#9559)
-* chore: update golangci-lint (#8988)
-* fix: test race (#9469)
-* chore: upgrade golangci-lint to v1.46.2 (#9448)
-* test: fix ErrorContains (#9445)
-
-## v2.3.4 (2022-05-18)
-
-### Security fixes
-
-- CRITICAL: Argo CD will trust invalid JWT claims if anonymous access is enabled (https://github.com/argoproj/argo-cd/security/advisories/GHSA-r642-gv9p-2wjj)
-- LOW: Login screen allows message spoofing if SSO is enabled (https://github.com/argoproj/argo-cd/security/advisories/GHSA-xmg8-99r8-jc2j)
-- MODERATE: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server (https://github.com/argoproj/argo-cd/security/advisories/GHSA-6gcg-hp2x-q54h)
-
-### Bug Fixes
-
-- fix: Fix docs build error (#8895)
-- fix: fix broken monaco editor collapse icons (#8709)
-- chore: upgrade to go 1.17.8 (#8866) (#9004)
-- fix: allow cli/ui to follow logs (#8987) (#9065)
-
-## v2.3.3 (2022-03-29)
-
-- fix: prevent excessive repo-server disk usage for large repos (#8845) (#8897)
-- fix: Set QPS and burst rate for resource ops client (#8915)
-
-## v2.3.2 (2022-03-22)
-
-- fix: application resource APIs must enforce project restrictions
-
-## v2.3.1 (2022-03-10)
-
-- fix: Retry checkbox unchecked unexpectedly; Sync up with YAML (#8682) (#8720)
-- chore: Bump stable version of application set addon (#8744)
-- fix: correct jsonnet paths resolution (#8721)
-- fix(ui): Applications page incorrectly resets to tiles view. Fixes #8702 (#8718)
-
-## v2.3.0 (2022-03-05)
-
-### Argo CD ApplicationSet and Notifications are now part of Argo CD
-
-Two popular [Argoproj Labs](https://github.com/argoproj-labs) projects [Argo CD ApplicationSet](https://github.com/argoproj/applicationset) and
-[Argo CD Notifications](https://github.com/argoproj-labs/argocd-notifications) are now part of Argo CD! The default Argo CD installation manifests now
-bundle both projects out of the box. Going forward you can expect more tightened integration of these projects into Argo CD.
-
-### New sync and diff strategies
-
-Users can now configure the Application resource to instruct Argo CD to consider the ignore difference setup during the sync process.
-In order to do so, add the new sync option RespectIgnoreDifferences=true in the Application resource. Once the sync option is added,
-Argo CD won't change ignored fields during the syncing process.
-
-Configuring ignored fields is also easier now. Instead of listing fields one by one users can now leverage the 
-managedFields metadata to instruct Argo CD about trusted managers and automatically ignore any fields owned by them. A new diff customization
-(managedFieldsManagers) is now available allowing users to specify managers the application should trust and to ignore all fields owned by those managers.
-Read more about these changes at [New sync and diff strategies in ArgoCD](https://blog.argoproj.io/new-sync-and-diff-strategies-in-argocd-44195d3f8b8c) blog post.
-
-### ARM Images
-
-An officially supported ARM 64 image is now available. Enjoy running Argo CD on your Raspberry Pi! Additionally, the image size was reduced by nearly ~50%
-and is only 200MB now. The ARM version of `argocd` CLI is also available and published as a Github release artifact.
-
-### Compact Tree View And Click Application Navigation
-
-The application details page now supports compact application resources tree visualization. Using the "Group Nodes" button, you can collapse the similar resources
-into a single group node to remove the clutter and make it easier to understand the state of application resources. You still can get detailed information about the collapsed resources by clicking on the group node. The list of collapsed resources will be available in a sliding panel. Compact resource tree is still too big?
-You can use the zoom in and zoom out feature to make it smaller - or even larger!
-
-You no longer need to move back and forth between the application details page and the application list page. Instead you can navigate directly to the required application by clicking the search icon in the application details page title.
-
-### Upgraded Config Management Tools
-
-Both bundled Helm and Kustomize binaries have been upgraded to the latest versions. Kustomize has been upgraded from 4.2.0 to 4.4.1 and Helm has been upgraded from 3.7.1 to 3.8.0.
-
-### Bug Fixes and Performance Enhancements
-
-* Config management tools enhancements:
-* The skipCrds flag and ability to ignore missing values files for Helm (#8012, #8003)
-* Additional environment variables for Kustomize (#8096)
-* Argo CD CLI follows the XDG Base directory standard (#7638)
-* Redis is no longer used during SSO login (#8241)
-
-
-### Features
-
-- feat: Add app list and details page views to navigation history (#7776) (#7937)
-- feat: Add skipCrds flag for helm charts (#8012)
-- feat: Add visual indicator for newly created pods (#8006)
-- feat: Added a new Helm option ignoreMissingValueFiles (#7767) (#8003)
-- feat: Allow configuring system wide ignore differences for all resources (#8224)
-- feat: Allow escaping dollar in Envsubst (#7961)
-- feat: Allow external links on Application (#3487) (#8231)
-- feat: Allow selecting application on detail page (#8176)
-- feat: Bundle applicationset-controller with argocd (#8148)
-- feat: Enable specifying root ca for oidc (#6712)
-- feat: Expose ARGOCD_APP_NAME to the `kustomize build` command (#8096)
-- feat: Ignore differences owned by trusted managers from managedFields (#7869)
-- feat: New sync option to use ignore diff configs during sync (#8078)
-- feat: Provide address flag for admin dashboard command (#8095)
-- feat: Store "Group Nodes" button state in application details preferences (#8036)
-- feat: Support specifying cluster by name in addition to API server URL in Cluster API (#8077)
-- feat: Support XDG Base directory standard (#7638) (#7791)
-- feat: Use encrypted cookie to store OAuth2 state nonce (instead of redis) (#8241)
-- feat: Build images on PR and conditionally build arm64 image on push (#8108)
-
-### Bug Fixes
-
-- fix: Add "Restarting MinIO" status to MiniO Tenant health check (#8191)
-- fix: Add all resources in list view (#7295)
-- fix: Adding pagination to grouped nodes sliding panel#7837 (#7915)
-- fix: Allow all resources to add external links (#7923)
-- fix: Always call ValidateDestination (#7976)
-- fix: Application exist panic when execute api call (#8188)
-- fix: Application-icons-alignment (#8054)
-- fix: Controller panics if resource manifest has incorrect annotation (#8022)
-- fix: Correctly handle project field during partial cluster update (#7994)
-- fix: Default value for retry validation #8055 (#8064)
-- fix: Fix a possible crash when parsing RBAC (#8165)
-- fix: Grouped node list missing resources on Compact resources view #8014 (#8018)
-- fix: Issue with headless installation (#7958)
-- fix: Issue with project scoped resources (#8048)
-- fix: Kubernetes labels normalization for Prometheus  (#7925)
-- fix: Nested Refresh dropdown does not work on Application Details page #1524 (#7950)
-- fix: Network line colors and menu icon alignment (#8059)
-- fix: Opening app details shows UI error on some apps (#8016) (#8019)
-- fix: Parse to correct uint32 type (#8177)
-- fix: Prevent possible nil-pointer deref in normalizer (#8185)
-- fix: Prevent possible out-of-bounds access when loading policies (#8186)
-- fix: Provide a semantic version parsed version for KUBE_VERSION (#8250)
-- fix: Refreshing label toast (#7979)
-- fix: Resource details page crashes when resource is not deployed and hide managed fields is selected (#7971)
-- fix: Retry disabled text (#8004)
-- fix: Route health check stuck in 'Progressing' (#8170)
-- fix: Sync window panel is crashed if resource name not contain letters (#8053)
-- fix: Targetervision compatible without prefix refs/heads or refs/tags (#7939)
-- fix: Trailing line in Filter Dropdown Menus #7821 (#8001)
-- fix: Webhook URL matching edge cases (#7981)
-- fix(ui): Use consistent case for diff modes (#7945)
-- fix: Use gRPC timeout for sidecar CMPs (#8131) (#8236)
-
-### Other
-
-- chore: Bump go-jsonnet to v0.18.0 (#8011)
-- chore: Escape proj in regex (#7985)
-- chore: Exclude argocd-server rbac for core-install (#8234)
-- chore: Log out the resource triggering reconciliation (#8192)
-- chore: Migrate to use golang-jwt/jwt v4.2.0 (#8136)
-- chore: Move resolveRevision from api-server to repo-server (#7966)
-- chore: Update notifications version (#8267)
-- chore: Update slack version (#8299)
-- chore: Update to Redis 6.2.4 (#8157)
-- chore: Upgrade awscli to 2.4.6 and remove python deps (#7947)
-- chore: Upgrade base image to ubuntu:21.10 (#8230)
-- chore: Upgrade dex to v2.30.2 (https://github.com/dexidp/dex/issues/2326) (#8237)
-- chore: Upgrade gitops engine (#8288)
-- chore: Upgrade golang to 1.17.6 (#8229)
-- chore: Upgrade helm to most recent version (v3.7.2) (#8226)
-- chore: Upgrade k8s client to v1.23 (#8213)
-- chore: Upgrade kustomize to most recent version (v4.4.1) (#8227)
-- refactor: Introduce 'byClusterName' secret index to speedup cluster server URL lookup (#8133)
-- refactor: Move project filtering to server side (#8102)
-
-## v2.2.12 (2022-07-29)
-
-### Notes
-
-This is mainly a security related release and updates compatibility with Kubernetes 1.24.
-
-**Attention:** The base image for 2.2.x reached end-of-life on January 20, 2022. This release upgraded the base image to Ubuntu 22.04 LTS. The change should have no effect on the majority of users. But if any of your git providers only supports now-deprecated key hash algorithms, then Application syncing might break. See the [2.1-to-2.2 upgrade notes](https://argo-cd.readthedocs.io/en/latest/operator-manual/upgrading/2.1-2.2/#support-for-private-repo-ssh-keys-using-the-sha-1-signature-hash-algorithm-is-removed-in-2212) for details and workaround instructions.
-
-### Bug fixes
-
-- fix: create serviceaccount token for v1.24 clusters (#9546)
-- fix: upgrade moment from 2.29.2 to 2.29.3 (#9330)
-- fix: avoid CVE-2022-28948 (#10093)
-
-### Other changes
-
-- chore: Remove deprecated K8s versions from test matrix
-- chore: Go mod tidy
-- test: Remove circular symlinks from testdata (#9886)
-- test: Fix e2e tests for release-2.2 branch
-- chore: bump redoc vesion to avoid CVE-2021-23820 (#8604)
-- chore(deps): bump moment from 2.29.3 to 2.29.4 in /ui (#9897)
-- chore: upgrade moment to latest version to fix CVE (#9005)
-- chore: move dependencies to dev dependencies (#8541)
-- docs: add OpenSSH breaking change notes (#10104)
-- chore: update parse-url (#10101)
-- chore: fix codegen
-- chore: fix codegen
-- chore: upgrade base image to 22.04 (#10105)
-- docs: simplify Docker toolchain docs (#9966) (#10006)
-- chore: update redis to 6.2.7 avoid CVE-2022-30065/CVE-2022-2097 (#10068)
-- chore: upgrade Dex to 2.32.0 (#10036) (#10042)
-- chore: update haproxy to 2.0.29 for redis-ha (#10045)
-- test: check for error messages from CI env (#9953)
-
-## v2.2.11 (2022-07-12)
-
-### Security fixes
-
-* HIGH: Certificate verification is skipped for connections to OIDC providers ([GHSA-7943-82jg-wmw5](https://github.com/argoproj/argo-cd/security/advisories/GHSA-7943-82jg-wmw5))
-* LOW: A leaked API server encryption key can allow XSS for SSO users ([GHSA-pmjg-52h9-72qv](https://github.com/argoproj/argo-cd/security/advisories/GHSA-pmjg-52h9-72qv))
-
-### Potentially-breaking changes
-
-The fix for GHSA-7943-82jg-wmw5 enables TLS certificate validation by default for connections to OIDC providers. If
-connections to your OIDC provider fails validation, SSO will be broken for your Argo CD instance. You should test 2.2.11
-before upgrading it to production. From the new documentation:
-
-> By default, all connections made by the API server to OIDC providers (either external providers or the bundled Dex
-> instance) must pass certificate validation. These connections occur when getting the OIDC provider's well-known
-> configuration, when getting the OIDC provider's keys, and  when exchanging an authorization code or verifying an ID
-> token as part of an OIDC login flow.
->
-> Disabling certificate verification might make sense if:
-> * You are using the bundled Dex instance **and** your Argo CD instance has TLS configured with a self-signed certificate
-    >   **and** you understand and accept the risks of skipping OIDC provider cert verification.
-> * You are using an external OIDC provider **and** that provider uses an invalid certificate **and** you cannot solve
-    >   the problem by setting `oidcConfig.rootCA` **and** you understand and accept the risks of skipping OIDC provider cert
-    >   verification.
->
-> If either of those two applies, then you can disable OIDC provider certificate verification by setting
-> `oidc.tls.insecure.skip.verify` to `"true"` in the `argocd-cm` ConfigMap.
-
-### Features
-
-* feat: enable specifying root ca for oidc (#6712)
-
-### Bug fixes
-
-* fix: webhook typo in case of error in GetManifests (#9671)
-
-## v2.2.10 (2022-06-21)
-
-### Security fixes
-
-* CRITICAL: External URLs for Deployments can include javascript ([GHSA-h4w9-6x78-8vrj](https://github.com/argoproj/argo-cd/security/advisories/GHSA-h4w9-6x78-8vrj))
-* HIGH: Insecure entropy in PKCE/Oauth2/OIDC params ([GHSA-2m7h-86qq-fp4v](https://github.com/argoproj/argo-cd/security/advisories/GHSA-2m7h-86qq-fp4v))
-* MODERATE: DoS through large directory app manifest files ([GHSA-jhqp-vf4w-rpwq](https://github.com/argoproj/argo-cd/security/advisories/GHSA-jhqp-vf4w-rpwq))
-* MODERATE: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server ([GHSA-q4w5-4gq2-98vm](https://github.com/argoproj/argo-cd/security/advisories/GHSA-q4w5-4gq2-98vm))
-
-### Potentially-breaking changes
-
-From the [GHSA-2m7h-86qq-fp4v](https://github.com/argoproj/argo-cd/security/advisories/GHSA-2m7h-86qq-fp4v) description:
-
-> The patch introduces a new `reposerver.max.combined.directory.manifests.size` config parameter, which you should tune before upgrading in production. It caps the maximum total file size of .yaml/.yml/.json files in directory-type (raw manifest) Applications. The default max is 10M per Application. This max is designed to keep any single app from consuming more than 3G of memory in the repo-server (manifests consume more space in memory than on disk). The 300x ratio assumes a maliciously-crafted manifest file. If you only want to protect against accidental excessive memory use, it is probably safe to use a smaller ratio.
->
-> If your organization uses directory-type Applications with very many manifests or very large manifests then check the size of those manifests and tune the config parameter before deploying this change to production. When testing, make sure to do a "hard refresh" in either the CLI or UI to test your directory-type App. That will make sure you're using the new max logic instead of relying on cached manifest responses from Redis.
-
-### Bug fixes
-
-* fix: missing Helm params (#9565) (#9566)
-
-### Other
-
-* test: directory app manifest generation (#9503)
-* test: fix erroneous test change
-* chore: eliminate go-mpatch dependency (#9045)
-* chore: Make unit tests run on platforms other than amd64 (#8995)
-* chore: remove obsolete repo-server unit test (#9559)
-* chore: upgrade golangci-lint to v1.46.2 (#9448)
-* chore: update golangci-lint (#8988)
-
-## v2.2.9 (2022-05-18)
-
-### Notes
-
-This is a security release. We urge all users of the 2.2.z branch to update as soon as possible. Please refer to the _Security fixes_ section below for more details.
-
-### Security fixes
-
-- CRITICAL: Argo CD will trust invalid JWT claims if anonymous access is enabled (https://github.com/argoproj/argo-cd/security/advisories/GHSA-r642-gv9p-2wjj)
-- LOW: Login screen allows message spoofing if SSO is enabled (https://github.com/argoproj/argo-cd/security/advisories/GHSA-xmg8-99r8-jc2j)
-- MODERATE: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server (https://github.com/argoproj/argo-cd/security/advisories/GHSA-6gcg-hp2x-q54h)
-
-## v2.2.8 (2022-03-22)
-
-### Special notes
-
-This release contains the fix for a security issue with critical severity. We recommend users on the 2.2 release branch to update to this release as soon as possible.
-
-More information can be found in the related
-[security advisory](https://github.com/argoproj/argo-cd/security/advisories/GHSA-2f5v-8r3f-8pww).
-
-### Changes
-
-As part of the security fix, the Argo CD UI no longer automatically presents child resources of allow-listed resources unless the child resources are also allow-listed. For example, Pods are not going to show up if only Deployment is added to the allow-list.
-
-If you have [projects](https://argo-cd.readthedocs.io/en/stable/user-guide/projects/) configured with allow-lists, make sure the allow-lists include all the resources you want users to be able to view/manage through the UI. For example, if your project allows `Deployments`, you would add `ReplicaSets` and `Pods`.
-
-#### Bug Fixes
-
-- fix: application resource APIs must enforce project restrictions
-
-## v2.2.7 (2022-03-08)
-
-### Bug Fixes
-
-- fix: correct jsonnet paths resolution (#8721)
-
-## v2.2.6 (2022-03-06)
-
-### Bug Fixes
-
-- fix: prevent file traversal using helm file values param and application details api (#8606)
-- fix!: enforce app create/update privileges when getting repo details (#8558)
-- feat: support custom helm values file schemes (#8535)
-
-## v2.2.5 (2022-02-04)
-
-- fix: Resolve symlinked value files correctly (#8387)
-
-## v2.2.4 (2022-02-03)
-
-### Special notes
-
-This release contains the fix for a security issue with high severity. We recommend users on the 2.2 release branch to update to this release as soon as possible.
-
-More information can be found in the related
-[security advisory](https://github.com/argoproj/argo-cd/security/advisories/GHSA-63qx-x74g-jcr7)
-
-### Bug Fixes
-
-- fix: Prevent value files outside repository root
-
-### Other changes
-
-- chore: upgrade dex to v2.30.2 (backport of #8237) (#8257)
-
-## v2.2.3 (2022-01-18)
-
-- fix: Application exist panic when execute api call (#8188)
-- fix: Route health check stuck in 'Progressing' (#8170)
-- refactor: Introduce 'byClusterName' secret index to speedup cluster server URL lookup (#8133)
-- chore: Update to Redis 6.2.4 (#8157) (#8158)
-
-## v2.2.2 (2021-12-31)
-
-- fix: Issue with project scoped resources (#8048)
-- fix: Escape proj in regex (#7985)
-- fix: Default value for retry validation #8055 (#8064)
-- fix: Sync window panel is crashed if resource name not contain letters (#8053)
-- fix: Upgrade github.com/argoproj/gitops-engine to v0.5.2
-- fix: Retry disabled text (#8004)
-- fix: Opening app details shows UI error on some apps (#8016) (#8019)
-- fix: Correctly handle project field during partial cluster update (#7994)
-- fix: Cluster API does not support updating labels and annotations (#7901)
-
-## v2.2.1 (2021-12-16)
-
-- fix: Resource details page crashes when resource is not deployed and hide managed fields is selected (#7971)
-- fix: Issue with headless installation (#7958)
-- fix: Nil pointer (#7905)
-
-## v2.2.0 (2021-12-14)
-
-> [Upgrade instructions](./docs/operator-manual/upgrading/2.1-2.2.md)
-
-### Project Scoped repositories and clusters
-
-The project scoped repositories and clusters is a feature that simplifies registering the repositories and cluster credentials.
-Instead of requiring operators to set up in advance all clusters and git repositories that can be used, developers can now do
-this on their own in a self-service manner.
-
-### Config Management Plugins V2
-
-The Config Management Plugins V2 is set of enhancement of the existing config management plugins feature.
-The list includes improved installation experience, ability to package plugin into a separate image and
-improved plugin manifests discovery.
-
-### Resource tracking
-
-Argo CD has traditionally tracked the resources it manages by the well-known "app.kubernetes.io/instance" property.
-While using this property works ok in simple scenarios, it also has several limitations. ArgoCD now allows you to use
-a new annotation (argocd.argoproj.io/tracking-id) for tracking your resources. Using this annotation is a much more flexible approach
-as there are no conflicts with other Kubernetes tools, and you can easily install multiple Argo CD instances on the same clusters.
-
-### Bug Fixes and Performance Enhancements
-
-* Argo CD API server caches RBAC checks that significantly improves the GET /api/v1/applications API performance (#7587)
-* Argo CD RBAC supports regex matches (#7165)
-* Health check support for KubeVirt (#7176), Cassandra (#7017), Openshift Route (#7112), DeploymentConfig (#7114), Confluent (#6957) and SparkApplication (#7434) CRDs.
-* Persistent banner (#7312) with custom positioning (#7462)
-* Cluster name support in project destinations (#7198)
-* around 30 more features and a total of 84 bug fixes
-
-## v2.1.16 (2022-06-21)
-
-### Security fixes
-
-* CRITICAL: External URLs for Deployments can include javascript ([GHSA-h4w9-6x78-8vrj](https://github.com/argoproj/argo-cd/security/advisories/GHSA-h4w9-6x78-8vrj))
-* HIGH: Insecure entropy in PKCE/Oauth2/OIDC params ([GHSA-2m7h-86qq-fp4v](https://github.com/argoproj/argo-cd/security/advisories/GHSA-2m7h-86qq-fp4v))
-* MODERATE: DoS through large directory app manifest files ([GHSA-jhqp-vf4w-rpwq](https://github.com/argoproj/argo-cd/security/advisories/GHSA-jhqp-vf4w-rpwq))
-* MODERATE: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server ([GHSA-q4w5-4gq2-98vm](https://github.com/argoproj/argo-cd/security/advisories/GHSA-q4w5-4gq2-98vm))
-
-**Note:** This will be the last security fix release in the 2.1.x series. Please [upgrade to a newer minor version](https://argo-cd.readthedocs.io/en/latest/operator-manual/upgrading/overview/) to continue to get security fixes.
-
-### Potentially-breaking changes
-
-From the [GHSA-2m7h-86qq-fp4v](https://github.com/argoproj/argo-cd/security/advisories/GHSA-2m7h-86qq-fp4v) description:
-
-> The patch introduces a new `reposerver.max.combined.directory.manifests.size` config parameter, which you should tune before upgrading in production. It caps the maximum total file size of .yaml/.yml/.json files in directory-type (raw manifest) Applications. The default max is 10M per Application. This max is designed to keep any single app from consuming more than 3G of memory in the repo-server (manifests consume more space in memory than on disk). The 300x ratio assumes a maliciously-crafted manifest file. If you only want to protect against accidental excessive memory use, it is probably safe to use a smaller ratio.
->
-> If your organization uses directory-type Applications with very many manifests or very large manifests then check the size of those manifests and tune the config parameter before deploying this change to production. When testing, make sure to do a "hard refresh" in either the CLI or UI to test your directory-type App. That will make sure you're using the new max logic instead of relying on cached manifest responses from Redis.
-
-### Bug fixes
-
-* fix: missing Helm params (#9565) (#9566)
-
-### Other
-
-* test: directory app manifest generation (#9503)
-* test: fix erroneous test change
-* chore: eliminate go-mpatch dependency (#9045)
-* chore: Make unit tests run on platforms other than amd64 (#8995)
-* chore: remove obsolete repo-server unit test (#9559)
-* chore: upgrade golangci-lint to v1.46.2 (#9448)
-* chore: update golangci-lint (#8988)
-* test: fix ErrorContains (#9445)
-
-## v2.1.15 (2022-05-18)
-
-### Notes
-
-This is a security release. We urge all users of the 2.1.z branch to update as soon as possible. Please refer to the _Security fixes_ section below for more details.
-
-### Security fixes
-
-- CRITICAL: Argo CD will trust invalid JWT claims if anonymous access is enabled (https://github.com/argoproj/argo-cd/security/advisories/GHSA-r642-gv9p-2wjj)
-- LOW: Login screen allows message spoofing if SSO is enabled (https://github.com/argoproj/argo-cd/security/advisories/GHSA-xmg8-99r8-jc2j)
-- MODERATE: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server (https://github.com/argoproj/argo-cd/security/advisories/GHSA-6gcg-hp2x-q54h)
-
-## v2.1.14 (2022-03-22)
-
-### Special notes
-
-This release contains the fix for a security issue with critical severity. We recommend users on the 2.1 release branch to update to this release as soon as possible.
-
-More information can be found in the related
-[security advisory](https://github.com/argoproj/argo-cd/security/advisories/GHSA-2f5v-8r3f-8pww).
-
-### Changes
-
-As part of the security fix, the Argo CD UI no longer automatically presents child resources of allow-listed resources unless the child resources are also allow-listed. For example, Pods are not going to show up if only Deployment is added to the allow-list.
-
-If you have [projects](https://argo-cd.readthedocs.io/en/stable/user-guide/projects/) configured with allow-lists, make sure the allow-lists include all the resources you want users to be able to view/manage through the UI. For example, if your project allows `Deployments`, you would add `ReplicaSets` and `Pods`.
-
-#### Bug Fixes
-
-- fix: application resource APIs must enforce project restrictions
-
-## v2.1.13 (2022-03-22)
-
-Unused release number.
-
-## v2.1.12 (2022-03-08)
-
-### Bug Fixes
-
-- fix: correct jsonnet paths resolution (#8721)
-
-## v2.1.11 (2022-03-06)
-
-### Bug Fixes
-
-- fix: prevent file traversal using helm file values param and application details api (#8606)
-- fix!: enforce app create/update privileges when getting repo details (#8558)
-- feat: support custom helm values file schemes (#8535)
-
-## v2.1.10 (2022-02-04)
-
-### Bug Fixes
-
-- fix: Resolve symlinked value files correctly (#8387)
-
-## v2.1.9 (2022-02-03)
-
-### Special notes
-
-This release contains the fix for a security issue with high severity. We recommend users on the 2.1 release branch to update to this release as soon as possible.
-
-More information can be found in the related
-[security advisory](https://github.com/argoproj/argo-cd/security/advisories/GHSA-63qx-x74g-jcr7)
-
-### Bug Fixes
-
-- fix: Prevent value files outside repository root
-
-## v2.1.8 (2021-12-13)
-
-### Bug Fixes
-
-- fix: issue with keepalive (#7861)
-- fix nil pointer dereference error (#7905)
-- fix: env vars to tune cluster cache were broken (#7779)
-- fix: upgraded gitops engine to v0.4.2 (fixes #7561)
-
-## v2.1.7 (2021-12-14)
-
-- fix: issue with keepalive (#7861)
-- fix nil pointer dereference error (#7905)
-- fix: env vars to tune cluster cache were broken (#7779)
-- fix: upgraded gitops engine to v0.4.2 (fixes #7561)
-
-
-## v2.1.6 (2021-11-16)
-
-- fix: don't use revision caching during app creation (#7508)
-- fix: supporting OCI dependencies. Fixes #6062 (#6994)
-
-## v2.1.5 (2021-11-16)
-
-- fix: Invalid memory address or nil pointer dereference in processRequestedAppOperation (#7501)
-
-## v2.1.4 (2021-11-15)
-
-- fix: Operation has completed with phase: Running (#7482)
-- fix: Application status panel shows Syncing instead of Deleting (#7486)
-- fix(ui): Add Error Boundary around Extensions and comply with new Extensions API (#7215)
-
-
-## v2.1.3 (2021-10-29)
-
-- fix: core-install.yaml always refers to latest argocd image (#7321)
-- fix: handle applicationset backup forbidden error (#7306)
-- fix: Argo CD should not use cached git/helm revision during app creation/update validation (#7244)
-
-## v2.1.2 (2021-10-02)
-
-- fix: cluster filter popping out of box (#7135)
-- fix: gracefully shutdown metrics server when dex config changes (#7138)
-- fix: upgrade gitops engine version to v0.4.1 (#7088)
-- fix: repository name already exists when multiple helm dependencies  (#7096)
-
-
 ## v2.1.1 (2021-08-25)
 
 ### Bug Fixes
@@ -1008,7 +172,7 @@ resources, you will have to adapt your cluster resources allow lists to explicit
 ## v1.8.4 (2021-02-05)
 
 - feat: set X-XSS-Protection while serving static content (#5412)
-- fix: version info should be available if anonymous access is enabled (#5422)
+- fix: version info should be avaialble if anonymous access is enabled (#5422)
 - fix: disable jwt claim audience validation #5381 (#5413)
 - fix: /api/version should not return tools version for unauthenticated requests (#5415)
 - fix: account tokens should be rejected if required capability is disabled (#5414)
@@ -1589,7 +753,7 @@ More documentation and tools are coming in patch releases.
 The Argo CD deletes all **in-flight** hooks if you terminate running sync operation. The hook state assessment change implemented in this release the Argo CD enables detection of 
 an in-flight state for all Kubernetes resources including `Deployment`, `PVC`, `StatefulSet`, `ReplicaSet` etc. So if you terminate the sync operation that has, for example,
 `StatefulSet` hook that is `Progressing` it will be deleted. The long-running jobs are not supposed to be used as a sync hook and you should consider using
-[Sync Waves](https://argo-cd.readthedocs.io/en/stable/user-guide/sync-waves/) instead.
+[Sync Waves](https://argoproj.github.io/argo-cd/user-guide/sync-waves/) instead.
 
 #### Enhancements
 * feat: Add custom health checks for cert-manager v0.11.0 (#2689) 

CODEOWNERS

@@ -1,20 +0,0 @@
-# All
-** @argoproj/argocd-approvers
-
-# Docs
-/docs/**     @argoproj/argocd-approvers @argoproj/argocd-approvers-docs
-/USERS.md    @argoproj/argocd-approvers @argoproj/argocd-approvers-docs
-/README.md   @argoproj/argocd-approvers @argoproj/argocd-approvers-docs
-/mkdocs.yml  @argoproj/argocd-approvers @argoproj/argocd-approvers-docs
-
-# CI
-/.codecov.yml             @argoproj/argocd-approvers @argoproj/argocd-approvers-ci
-/.github/**               @argoproj/argocd-approvers @argoproj/argocd-approvers-ci
-/.goreleaser.yaml         @argoproj/argocd-approvers @argoproj/argocd-approvers-ci
-/sonar-project.properties @argoproj/argocd-approvers @argoproj/argocd-approvers-ci
-
-# CLI
-/cmd/argocd/** @argoproj/argocd-approvers @argoproj/argocd-approvers-cli
-/cmd/main.go @argoproj/argocd-approvers @argoproj/argocd-approvers-cli
-# Also include @argoproj/argocd-approvers-docs to avoid requiring CLI approvers for docs-only PRs.
-/docs/operator-manual/ @argoproj/argocd-approvers @argoproj/argocd-approvers-docs @argoproj/argocd-approvers-cli

CONTRIBUTING.md

@@ -1 +0,0 @@
-Please refer to [the Contribution Guide](https://argo-cd.readthedocs.io/en/latest/developer-guide/code-contributions/)

Dockerfile

@@ -1,21 +1,19 @@
-ARG BASE_IMAGE=docker.io/library/ubuntu:25.10@sha256:4a9232cc47bf99defcc8860ef6222c99773330367fcecbf21ba2edb0b810a31e
+ARG BASE_IMAGE=docker.io/library/ubuntu:21.04
 ####################################################################################################
 # Builder image
 # Initial stage which pulls prepares build dependencies and CLI tooling we need for our final image
 # Also used as the image in CI jobs so needs all dependencies
 ####################################################################################################
-FROM docker.io/library/golang:1.26.0@sha256:c83e68f3ebb6943a2904fa66348867d108119890a2c6a2e6f07b38d0eb6c25c5 AS builder
+FROM docker.io/library/golang:1.16.11 as builder
 
-WORKDIR /tmp
+RUN echo 'deb http://deb.debian.org/debian buster-backports main' >> /etc/apt/sources.list
 
-RUN echo 'deb http://archive.debian.org/debian buster-backports main' >> /etc/apt/sources.list
-
-RUN apt-get update && apt-get install --no-install-recommends -y \
+RUN apt-get update && apt-get install -y \
     openssh-server \
     nginx \
-    unzip \
     fcgiwrap \
     git \
+    git-lfs \
     make \
     wget \
     gcc \
@@ -24,135 +22,116 @@ RUN apt-get update && apt-get install --no-install-recommends -y \
     apt-get clean && \
     rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
 
-COPY hack/install.sh hack/tool-versions.sh ./
-COPY hack/installers installers
+WORKDIR /tmp
 
-RUN ./install.sh helm && \
-    INSTALL_PATH=/usr/local/bin ./install.sh kustomize && \
-    ./install.sh git-lfs
+ADD hack/install.sh .
+ADD hack/installers installers
+ADD hack/tool-versions.sh .
+
+RUN ./install.sh ksonnet-linux
+RUN ./install.sh helm2-linux
+RUN ./install.sh helm-linux
+RUN ./install.sh kustomize-linux
 
 ####################################################################################################
 # Argo CD Base - used as the base for both the release and dev argocd images
 ####################################################################################################
-FROM $BASE_IMAGE AS argocd-base
-
-LABEL org.opencontainers.image.source="https://github.com/argoproj/argo-cd"
+FROM $BASE_IMAGE as argocd-base
 
 USER root
 
-ENV ARGOCD_USER_ID=999 \
-    DEBIAN_FRONTEND=noninteractive
+ENV DEBIAN_FRONTEND=noninteractive
 
-RUN groupadd -g $ARGOCD_USER_ID argocd && \
-    useradd -r -u $ARGOCD_USER_ID -g argocd argocd && \
+RUN groupadd -g 999 argocd && \
+    useradd -r -u 999 -g argocd argocd && \
     mkdir -p /home/argocd && \
     chown argocd:0 /home/argocd && \
     chmod g=u /home/argocd && \
     apt-get update && \
     apt-get dist-upgrade -y && \
-    apt-get install --no-install-recommends -y \
-    git tini ca-certificates gpg gpg-agent tzdata connect-proxy openssh-client && \
+    apt-get install -y git git-lfs python3-pip tini gpg tzdata && \
     apt-get clean && \
-    rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /usr/share/doc/*
+    pip3 install awscli==1.18.80 && \
+    rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
 
-COPY hack/gpg-wrapper.sh \
-    hack/git-verify-wrapper.sh \
-    entrypoint.sh \
-    /usr/local/bin/
+COPY hack/git-ask-pass.sh /usr/local/bin/git-ask-pass.sh
+COPY hack/gpg-wrapper.sh /usr/local/bin/gpg-wrapper.sh
+COPY hack/git-verify-wrapper.sh /usr/local/bin/git-verify-wrapper.sh
+COPY --from=builder /usr/local/bin/ks /usr/local/bin/ks
+COPY --from=builder /usr/local/bin/helm2 /usr/local/bin/helm2
 COPY --from=builder /usr/local/bin/helm /usr/local/bin/helm
 COPY --from=builder /usr/local/bin/kustomize /usr/local/bin/kustomize
-COPY --from=builder /usr/local/bin/git-lfs /usr/local/bin/git-lfs
-
+COPY entrypoint.sh /usr/local/bin/entrypoint.sh
 # keep uid_entrypoint.sh for backward compatibility
 RUN ln -s /usr/local/bin/entrypoint.sh /usr/local/bin/uid_entrypoint.sh
 
 # support for mounting configuration from a configmap
-WORKDIR /app/config/ssh
-RUN touch ssh_known_hosts && \
-    ln -s /app/config/ssh/ssh_known_hosts /etc/ssh/ssh_known_hosts
+RUN mkdir -p /app/config/ssh && \
+    touch /app/config/ssh/ssh_known_hosts && \
+    ln -s /app/config/ssh/ssh_known_hosts /etc/ssh/ssh_known_hosts 
 
-WORKDIR /app/config
-RUN mkdir -p tls && \
-    mkdir -p gpg/source && \
-    mkdir -p gpg/keys && \
-    chown argocd gpg/keys && \
-    chmod 0700 gpg/keys
+RUN mkdir -p /app/config/tls
+RUN mkdir -p /app/config/gpg/source && \
+    mkdir -p /app/config/gpg/keys && \
+    chown argocd /app/config/gpg/keys && \
+    chmod 0700 /app/config/gpg/keys
 
+# workaround ksonnet issue https://github.com/ksonnet/ksonnet/issues/298
 ENV USER=argocd
 
-# Disable gRPC service config lookups via DNS TXT records to prevent excessive
-# DNS queries for _grpc_config.<hostname> which can cause timeouts in dual-stack
-# environments. This can be overridden via argocd-cmd-params-cm ConfigMap.
-# See https://github.com/argoproj/argo-cd/issues/24991
-ENV GRPC_ENABLE_TXT_SERVICE_CONFIG=false
-
-USER $ARGOCD_USER_ID
+USER 999
 WORKDIR /home/argocd
 
 ####################################################################################################
 # Argo CD UI stage
 ####################################################################################################
-FROM --platform=$BUILDPLATFORM docker.io/library/node:23.0.0@sha256:9d09fa506f5b8465c5221cbd6f980e29ae0ce9a3119e2b9bc0842e6a3f37bb59 AS argocd-ui
+FROM docker.io/library/node:12.18.4 as argocd-ui
 
 WORKDIR /src
-COPY ["ui/package.json", "ui/yarn.lock", "./"]
+ADD ["ui/package.json", "ui/yarn.lock", "./"]
 
-RUN yarn install --network-timeout 200000 && \
-    yarn cache clean
+RUN yarn install
 
-COPY ["ui/", "."]
+ADD ["ui/", "."]
 
 ARG ARGO_VERSION=latest
 ENV ARGO_VERSION=$ARGO_VERSION
-ARG TARGETARCH
-RUN HOST_ARCH=$TARGETARCH NODE_ENV='production' NODE_ONLINE_ENV='online' NODE_OPTIONS=--max_old_space_size=8192 yarn build
+RUN NODE_ENV='production' NODE_ONLINE_ENV='online' yarn build
 
 ####################################################################################################
 # Argo CD Build stage which performs the actual build of Argo CD binaries
 ####################################################################################################
-FROM --platform=$BUILDPLATFORM docker.io/library/golang:1.26.0@sha256:c83e68f3ebb6943a2904fa66348867d108119890a2c6a2e6f07b38d0eb6c25c5 AS argocd-build
+FROM docker.io/library/golang:1.16.11 as argocd-build
 
 WORKDIR /go/src/github.com/argoproj/argo-cd
 
-COPY go.* ./
-RUN mkdir -p gitops-engine
-COPY gitops-engine/go.* ./gitops-engine
+COPY go.mod go.mod
+COPY go.sum go.sum
+
 RUN go mod download
 
 # Perform the build
 COPY . .
 COPY --from=argocd-ui /src/dist/app /go/src/github.com/argoproj/argo-cd/ui/dist/app
-ARG TARGETOS \
-    TARGETARCH
-# These build args are optional; if not specified the defaults will be taken from the Makefile
-ARG GIT_TAG \
-    BUILD_DATE \
-    GIT_TREE_STATE \
-    GIT_COMMIT
-RUN GIT_COMMIT=$GIT_COMMIT \
-    GIT_TREE_STATE=$GIT_TREE_STATE \
-    GIT_TAG=$GIT_TAG \
-    BUILD_DATE=$BUILD_DATE \
-    GOOS=$TARGETOS \
-    GOARCH=$TARGETARCH \
-    make argocd-all
+RUN make argocd-all
+
+ARG BUILD_ALL_CLIS=true
+RUN if [ "$BUILD_ALL_CLIS" = "true" ] ; then \
+    make BIN_NAME=argocd-darwin-amd64 GOOS=darwin argocd-all && \
+    make BIN_NAME=argocd-windows-amd64.exe GOOS=windows argocd-all \
+    ; fi
 
 ####################################################################################################
 # Final image
 ####################################################################################################
 FROM argocd-base
-ENTRYPOINT ["/usr/bin/tini", "--"]
 COPY --from=argocd-build /go/src/github.com/argoproj/argo-cd/dist/argocd* /usr/local/bin/
 
 USER root
-RUN ln -s /usr/local/bin/argocd /usr/local/bin/argocd-server && \
-    ln -s /usr/local/bin/argocd /usr/local/bin/argocd-repo-server && \
-    ln -s /usr/local/bin/argocd /usr/local/bin/argocd-cmp-server && \
-    ln -s /usr/local/bin/argocd /usr/local/bin/argocd-application-controller && \
-    ln -s /usr/local/bin/argocd /usr/local/bin/argocd-dex && \
-    ln -s /usr/local/bin/argocd /usr/local/bin/argocd-notifications && \
-    ln -s /usr/local/bin/argocd /usr/local/bin/argocd-applicationset-controller && \
-    ln -s /usr/local/bin/argocd /usr/local/bin/argocd-k8s-auth && \
-    ln -s /usr/local/bin/argocd /usr/local/bin/argocd-commit-server
+RUN ln -s /usr/local/bin/argocd /usr/local/bin/argocd-server
+RUN ln -s /usr/local/bin/argocd /usr/local/bin/argocd-repo-server
+RUN ln -s /usr/local/bin/argocd /usr/local/bin/argocd-cmp-server
+RUN ln -s /usr/local/bin/argocd /usr/local/bin/argocd-application-controller
+RUN ln -s /usr/local/bin/argocd /usr/local/bin/argocd-dex
 
-USER $ARGOCD_USER_ID
+USER 999

Dockerfile.dev

@@ -3,13 +3,12 @@
 ####################################################################################################
 FROM argocd-base
 COPY argocd /usr/local/bin/
+COPY argocd-darwin-amd64 /usr/local/bin/
+COPY argocd-windows-amd64.exe /usr/local/bin/
 
 USER root
-RUN ln -s /usr/local/bin/argocd /usr/local/bin/argocd-server && \
-    ln -s /usr/local/bin/argocd /usr/local/bin/argocd-repo-server && \
-    ln -s /usr/local/bin/argocd /usr/local/bin/argocd-application-controller && \
-    ln -s /usr/local/bin/argocd /usr/local/bin/argocd-dex && \
-    ln -s /usr/local/bin/argocd /usr/local/bin/argocd-notifications && \
-    ln -s /usr/local/bin/argocd /usr/local/bin/argocd-applicationset-controller
-
+RUN ln -s /usr/local/bin/argocd /usr/local/bin/argocd-server
+RUN ln -s /usr/local/bin/argocd /usr/local/bin/argocd-repo-server
+RUN ln -s /usr/local/bin/argocd /usr/local/bin/argocd-application-controller
+RUN ln -s /usr/local/bin/argocd /usr/local/bin/argocd-dex
 USER 999

Dockerfile.tilt

@@ -1,62 +0,0 @@
-FROM docker.io/library/golang:1.26.0@sha256:c83e68f3ebb6943a2904fa66348867d108119890a2c6a2e6f07b38d0eb6c25c5
-
-ENV DEBIAN_FRONTEND=noninteractive
-
-RUN echo 'deb http://archive.debian.org/debian buster-backports main' >> /etc/apt/sources.list
-
-RUN apt-get update && apt-get install --no-install-recommends -y \
-    curl \
-    openssh-server \
-    nginx \
-    unzip \
-    fcgiwrap \
-    git \
-    make \
-    wget \
-    gcc \
-    sudo \
-    zip \
-    tini \
-    gpg \
-    tzdata \
-    connect-proxy
-
-RUN go install github.com/go-delve/delve/cmd/dlv@latest
-
-COPY hack/install.sh hack/tool-versions.sh ./
-COPY hack/installers installers
-
-RUN ./install.sh helm && \
-    INSTALL_PATH=/usr/local/bin ./install.sh kustomize && \
-    ./install.sh git-lfs
-
-COPY hack/gpg-wrapper.sh \
-    hack/git-verify-wrapper.sh \
-    entrypoint.sh \
-    /usr/local/bin/
-
-# support for mounting configuration from a configmap
-WORKDIR /app/config/ssh
-RUN touch ssh_known_hosts && \
-    ln -s /app/config/ssh/ssh_known_hosts /etc/ssh/ssh_known_hosts
-
-WORKDIR /app/config
-RUN mkdir -p tls && \
-    mkdir -p gpg/source && \
-    mkdir -p gpg/keys 
-
-COPY .tilt-bin/argocd_linux /usr/local/bin/argocd
-
-RUN ln -s /usr/local/bin/argocd /usr/local/bin/argocd-server && \
-    ln -s /usr/local/bin/argocd /usr/local/bin/argocd-repo-server && \
-    ln -s /usr/local/bin/argocd /usr/local/bin/argocd-application-controller && \
-    ln -s /usr/local/bin/argocd /usr/local/bin/argocd-dex && \
-    ln -s /usr/local/bin/argocd /usr/local/bin/argocd-notifications && \
-    ln -s /usr/local/bin/argocd /usr/local/bin/argocd-applicationset-controller && \
-    ln -s /usr/local/bin/argocd /usr/local/bin/argocd-commit-server
-
-# directory for Tilt restart file
-RUN mkdir -p /tilt
-
-# overridden by Tiltfile
-ENTRYPOINT ["/usr/bin/tini", "-s", "--", "dlv", "exec", "--continue", "--accept-multiclient", "--headless", "--listen=:2345", "--api-version=2"]

Dockerfile.ui.tilt

@@ -1,9 +0,0 @@
-FROM node:20
-
-WORKDIR /app/ui
-
-COPY ui /app/ui
-
-RUN yarn install
-
-ENTRYPOINT ["yarn", "start"]

MAINTAINERS.md

@@ -1,43 +0,0 @@
-# Argo CD Maintainers
-
-This document lists the maintainers of the Argo CD project.
-
-## Maintainers
-
-| Maintainer                | GitHub ID                                               | Project Roles        | Affiliation                                     |
-|---------------------------|---------------------------------------------------------|----------------------|-------------------------------------------------|
-| Zach Aller                | [zachaller](https://github.com/zachaller)               | Reviewer             | [Intuit](https://www.github.com/intuit/)        |
-| Leonardo Luz Almeida      | [leoluz](https://github.com/leoluz)                     | Approver             | [Intuit](https://www.github.com/intuit/)        |
-| Chetan Banavikalmutt      | [chetan-rns](https://github.com/chetan-rns)             | Reviewer             | [Red Hat](https://redhat.com/)                  |
-| Keith Chong               | [keithchong](https://github.com/keithchong)             | Approver             | [Red Hat](https://redhat.com/)                  |
-| Alex Collins              | [alexec](https://github.com/alexec)                     | Approver             | [Intuit](https://www.github.com/intuit/)        |
-| Michael Crenshaw          | [crenshaw-dev](https://github.com/crenshaw-dev)         | Lead                 | [Intuit](https://www.github.com/intuit/)        |
-| Soumya Ghosh Dastidar     | [gdsoumya](https://github.com/gdsoumya)                 | Approver             | [Akuity](https://akuity.io/)                    |
-| Eugene Doudine              | [dudinea](https://github.com/dudinea)                 | Reviewer             | [Octopus Deploy](https://octopus.com/)          |
-| Jann Fischer              | [jannfis](https://github.com/jannfis)                   | Approver             | [Red Hat](https://redhat.com/)                  |
-| Dan Garfield              | [todaywasawesome](https://github.com/todaywasawesome)   | Approver(docs)       | [Octopus Deploy](https://octopus.com/)          |
-| Alexandre Gaudreault      | [agaudreault](https://github.com/agaudreault)           | Approver             | [Intuit](https://www.github.com/intuit/)        |
-| Christian Hernandez       | [christianh814](https://github.com/christianh814)       | Reviewer(docs)       | [Akuity](https://akuity.io/)                    |
-| Peter Jiang               | [pjiang-dev](https://github.com/pjiang-dev)             | Approver(docs)       | [Intuit](https://www.intuit.com/)               |
-| Andrii Korotkov           | [andrii-korotkov](https://github.com/andrii-korotkov)   | Reviewer             | [Verkada](https://www.verkada.com/)             |
-| Pasha Kostohrys           | [pasha-codefresh](https://github.com/pasha-codefresh)   | Approver             | [Codefresh](https://www.github.com/codefresh/)  |
-| Nitish Kumar              | [nitishfy](https://github.com/nitishfy)                 | Approver(cli,docs)   | [Akuity](https://akuity.io/)                    |
-| Justin Marquis            | [34fathombelow](https://github.com/34fathombelow)       | Approver(docs/ci)    | [Akuity](https://akuity.io/)                    |
-| Alexander Matyushentsev   | [alexmt](https://github.com/alexmt)                     | Lead                 | [Akuity](https://akuity.io/)                    |
-| Nicholas Morey            | [morey-tech](https://github.com/morey-tech)             | Reviewer(docs)       | [Akuity](https://akuity.io/)                    |
-| Papapetrou Patroklos      | [ppapapetrou76](https://github.com/ppapapetrou76)       | Approver(docs,cli)   | [Octopus Deploy](https://octopus.com/)          |
-| Blake Pettersson          | [blakepettersson](https://github.com/blakepettersson)   | Approver             | [Akuity](https://akuity.io/)                    |
-| Ishita Sequeira           | [ishitasequeira](https://github.com/ishitasequeira)     | Approver             | [Red Hat](https://redhat.com/)                  |
-| Ashutosh Singh            | [ashutosh16](https://github.com/ashutosh16)             | Approver(docs)       | [Intuit](https://www.github.com/intuit/)        |
-| Linghao Su                | [linghaoSu](https://github.com/linghaoSu)               | Reviewer             | [DaoCloud](https://daocloud.io)                 |
-| Jesse Suen                | [jessesuen](https://github.com/jessesuen)               | Approver             | [Akuity](https://akuity.io/)                    |
-| Yuan Tang                 | [terrytangyuan](https://github.com/terrytangyuan)       | Reviewer             | [Red Hat](https://redhat.com/)                  |
-| William Tam               | [wtam2018](https://github.com/wtam2018)                 | Reviewer             | [Red Hat](https://redhat.com/)                  |
-| Ryan Umstead              | [rumstead](https://github.com/rumstead)                 | Approver             | [Black Rock](https://www.github.com/blackrock/) |
-| Regina Voloshin           | [reggie-k](https://github.com/reggie-k)                 | Approver             | [Octopus Deploy](https://octopus.com/)          |
-| Hong Wang                 | [wanghong230](https://github.com/wanghong230)           | Reviewer             | [Akuity](https://akuity.io/)                    |
-| Jonathan West             | [jgwest](https://github.com/jgwest)                     | Approver             | [Red Hat](https://redhat.com/)                  |
-| Jaewoo Choi               | [choejwoo](https://github.com/choejwoo)                 | Reviewer             | [Hyundai-Autoever](https://www.hyundai-autoever.com/eng/)        |
-| Alexy Mantha              | [alexymantha](https://github.com/alexymantha)           | Reviewer             | GoTo                                                              |
-| Kanika Rana               | [ranakan19](https://github.com/ranakan19)               | Reviewer             | [Red Hat](https://redhat.com/)                                    |
-| Jonathan Winters          | [jwinters01](https://github.com/jwinters01)             | Reviewer             | [Intuit](https://www.github.com/intuit/)                          |

Makefile

@@ -1,63 +1,31 @@
-PACKAGE=github.com/argoproj/argo-cd/v3/common
+PACKAGE=github.com/argoproj/argo-cd/v2/common
 CURRENT_DIR=$(shell pwd)
 DIST_DIR=${CURRENT_DIR}/dist
 CLI_NAME=argocd
 BIN_NAME=argocd
 
-UNAME_S:=$(shell uname)
-IS_DARWIN:=$(if $(filter Darwin, $(UNAME_S)),true,false)
-
-# When using OSX/Darwin, you might need to enable CGO for local builds
-DEFAULT_CGO_FLAG:=0
-ifeq ($(IS_DARWIN),true)
-    DEFAULT_CGO_FLAG:=1
-endif
-CGO_FLAG?=${DEFAULT_CGO_FLAG}
-
-GEN_RESOURCES_CLI_NAME=argocd-resources-gen
-
 HOST_OS:=$(shell go env GOOS)
 HOST_ARCH:=$(shell go env GOARCH)
 
-TARGET_ARCH?=linux/amd64
-
 VERSION=$(shell cat ${CURRENT_DIR}/VERSION)
-BUILD_DATE:=$(if $(BUILD_DATE),$(BUILD_DATE),$(shell date -u +'%Y-%m-%dT%H:%M:%SZ'))
-GIT_COMMIT:=$(if $(GIT_COMMIT),$(GIT_COMMIT),$(shell git rev-parse HEAD))
-GIT_TAG:=$(if $(GIT_TAG),$(GIT_TAG),$(shell if [ -z "`git status --porcelain`" ]; then git describe --exact-match --tags HEAD 2>/dev/null; fi))
-GIT_TREE_STATE:=$(if $(GIT_TREE_STATE),$(GIT_TREE_STATE),$(shell if [ -z "`git status --porcelain`" ]; then echo "clean" ; else echo "dirty"; fi))
+BUILD_DATE=$(shell date -u +'%Y-%m-%dT%H:%M:%SZ')
+GIT_COMMIT=$(shell git rev-parse HEAD)
+GIT_TAG=$(shell if [ -z "`git status --porcelain`" ]; then git describe --exact-match --tags HEAD 2>/dev/null; fi)
+GIT_TREE_STATE=$(shell if [ -z "`git status --porcelain`" ]; then echo "clean" ; else echo "dirty"; fi)
 VOLUME_MOUNT=$(shell if test "$(go env GOOS)" = "darwin"; then echo ":delegated"; elif test selinuxenabled; then echo ":delegated"; else echo ""; fi)
-KUBECTL_VERSION=$(shell go list -m k8s.io/client-go | head -n 1 | rev | cut -d' ' -f1 | rev)
+KUBECTL_VERSION=$(shell go list -m all | grep k8s.io/client-go | cut -d ' ' -f5)
 
 GOPATH?=$(shell if test -x `which go`; then go env GOPATH; else echo "$(HOME)/go"; fi)
 GOCACHE?=$(HOME)/.cache/go-build
 
-# Docker command to use
-DOCKER?=docker
-ifeq ($(DOCKER),podman)
-PODMAN_ARGS=--userns keep-id
-else
-PODMAN_ARGS=
-endif
-
 DOCKER_SRCDIR?=$(GOPATH)/src
 DOCKER_WORKDIR?=/go/src/github.com/argoproj/argo-cd
 
-# Allows you to control which Docker network the test-util containers attach to.
-# This is particularly useful if you are running Kubernetes in Docker (e.g., k3d)
-# and want the test containers to reach the Kubernetes API via an already-existing Docker network.
-DOCKER_NETWORK ?= default
-
-ifneq ($(DOCKER_NETWORK),default)
-DOCKER_NETWORK_ARG := --network $(DOCKER_NETWORK)
-else
-DOCKER_NETWORK_ARG :=
-endif
-
 ARGOCD_PROCFILE?=Procfile
 
-# pointing to python 3.12 to match https://github.com/argoproj/argo-cd/blob/master/.readthedocs.yaml
-MKDOCS_DOCKER_IMAGE?=python:3.12-alpine
+# Strict mode has been disabled in latest versions of mkdocs-material. 
+# Thus pointing to the older image of mkdocs-material matching the version used by argo-cd.
+MKDOCS_DOCKER_IMAGE?=squidfunk/mkdocs-material:4.1.1
 MKDOCS_RUN_ARGS?=
 
 # Configuration for building argocd-test-tools image
@@ -76,14 +44,13 @@ ARGOCD_E2E_REDIS_PORT?=6379
 ARGOCD_E2E_DEX_PORT?=5556
 ARGOCD_E2E_YARN_HOST?=localhost
 ARGOCD_E2E_DISABLE_AUTH?=
-ARGOCD_E2E_DIR?=/tmp/argo-e2e
 
-ARGOCD_E2E_TEST_TIMEOUT?=90m
-ARGOCD_E2E_RERUN_FAILS?=5
+ARGOCD_E2E_TEST_TIMEOUT?=20m
 
 ARGOCD_IN_CI?=false
 ARGOCD_TEST_E2E?=true
-ARGOCD_BIN_MODE?=true
+
+ARGOCD_LINT_GOGC?=20
 
 # Depending on where we are (legacy or non-legacy pwd), we need to use
 # different Docker volume mounts for our source tree
@@ -94,20 +61,13 @@ else
 DOCKER_SRC_MOUNT="$(PWD):/go/src/github.com/argoproj/argo-cd$(VOLUME_MOUNT)"
 endif
 
-# User and group IDs to map to the test container
-CONTAINER_UID=$(shell id -u)
-CONTAINER_GID=$(shell id -g)
-
-# Set SUDO to sudo to run privileged commands with sudo
-SUDO?=
-
 # Runs any command in the argocd-test-utils container in server mode
 # Server mode container will start with uid 0 and drop privileges during runtime
 define run-in-test-server
-	$(SUDO) $(DOCKER) run --rm -it \
+	docker run --rm -it \
 		--name argocd-test-server \
-		-u $(CONTAINER_UID):$(CONTAINER_GID) \
-		-e USER_ID=$(CONTAINER_UID) \
+		-u $(shell id -u):$(shell id -g) \
+		-e USER_ID=$(shell id -u) \
 		-e HOME=/home/user \
 		-e GOPATH=/go \
 		-e GOCACHE=/tmp/go-build-cache \
@@ -118,46 +78,42 @@ define run-in-test-server
 		-e ARGOCD_TLS_DATA_PATH=${ARGOCD_TLS_DATA_PATH:-/tmp/argocd-local/tls} \
 		-e ARGOCD_SSH_DATA_PATH=${ARGOCD_SSH_DATA_PATH:-/tmp/argocd-local/ssh} \
 		-e ARGOCD_GPG_DATA_PATH=${ARGOCD_GPG_DATA_PATH:-/tmp/argocd-local/gpg/source} \
-		-e ARGOCD_APPLICATION_NAMESPACES \
-		-e GITHUB_TOKEN \
 		-v ${DOCKER_SRC_MOUNT} \
 		-v ${GOPATH}/pkg/mod:/go/pkg/mod${VOLUME_MOUNT} \
 		-v ${GOCACHE}:/tmp/go-build-cache${VOLUME_MOUNT} \
 		-v ${HOME}/.kube:/home/user/.kube${VOLUME_MOUNT} \
+		-v /tmp:/tmp${VOLUME_MOUNT} \
 		-w ${DOCKER_WORKDIR} \
 		-p ${ARGOCD_E2E_APISERVER_PORT}:8080 \
 		-p 4000:4000 \
 		-p 5000:5000 \
-		$(DOCKER_NETWORK_ARG)\
-		$(PODMAN_ARGS) \
 		$(TEST_TOOLS_PREFIX)$(TEST_TOOLS_IMAGE):$(TEST_TOOLS_TAG) \
 		bash -c "$(1)"
 endef
 
 # Runs any command in the argocd-test-utils container in client mode
 define run-in-test-client
-	$(SUDO) $(DOCKER) run --rm -it \
+	docker run --rm -it \
 	  --name argocd-test-client \
-		-u $(CONTAINER_UID):$(CONTAINER_GID) \
+		-u $(shell id -u):$(shell id -g) \
 		-e HOME=/home/user \
 		-e GOPATH=/go \
 		-e ARGOCD_E2E_K3S=$(ARGOCD_E2E_K3S) \
-		-e GITHUB_TOKEN \
 		-e GOCACHE=/tmp/go-build-cache \
+		-e ARGOCD_LINT_GOGC=$(ARGOCD_LINT_GOGC) \
 		-v ${DOCKER_SRC_MOUNT} \
 		-v ${GOPATH}/pkg/mod:/go/pkg/mod${VOLUME_MOUNT} \
 		-v ${GOCACHE}:/tmp/go-build-cache${VOLUME_MOUNT} \
 		-v ${HOME}/.kube:/home/user/.kube${VOLUME_MOUNT} \
+		-v /tmp:/tmp${VOLUME_MOUNT} \
 		-w ${DOCKER_WORKDIR} \
-		$(DOCKER_NETWORK_ARG)\
-		$(PODMAN_ARGS) \
 		$(TEST_TOOLS_PREFIX)$(TEST_TOOLS_IMAGE):$(TEST_TOOLS_TAG) \
 		bash -c "$(1)"
 endef
 
-#
+# 
 define exec-in-test-server
-	$(SUDO) $(DOCKER) exec -it -u $(CONTAINER_UID):$(CONTAINER_GID) -e ARGOCD_E2E_RECORD=$(ARGOCD_E2E_RECORD) -e ARGOCD_E2E_K3S=$(ARGOCD_E2E_K3S) argocd-test-server $(1)
+	docker exec -it -u $(shell id -u):$(shell id -g) -e ARGOCD_E2E_K3S=$(ARGOCD_E2E_K3S) argocd-test-server $(1)
 endef
 
 PATH:=$(PATH):$(PWD)/hack
@@ -166,30 +122,19 @@ PATH:=$(PATH):$(PWD)/hack
 DOCKER_PUSH?=false
 IMAGE_NAMESPACE?=
 # perform static compilation
-DEFAULT_STATIC_BUILD:=true
-ifeq ($(IS_DARWIN),true)
-    DEFAULT_STATIC_BUILD:=false
-endif
-STATIC_BUILD?=${DEFAULT_STATIC_BUILD}
+STATIC_BUILD?=true
 # build development images
 DEV_IMAGE?=false
 ARGOCD_GPG_ENABLED?=true
 ARGOCD_E2E_APISERVER_PORT?=8080
 
-ifeq (${COVERAGE_ENABLED}, true)
-# We use this in the cli-local target to enable code coverage for e2e tests.
-COVERAGE_FLAG=-cover
-else
-COVERAGE_FLAG=
-endif
-
 override LDFLAGS += \
   -X ${PACKAGE}.version=${VERSION} \
   -X ${PACKAGE}.buildDate=${BUILD_DATE} \
   -X ${PACKAGE}.gitCommit=${GIT_COMMIT} \
   -X ${PACKAGE}.gitTreeState=${GIT_TREE_STATE}\
-  -X ${PACKAGE}.kubectlVersion=${KUBECTL_VERSION}\
-  -X "${PACKAGE}.extraBuildInfo=${EXTRA_BUILD_INFO}"
+  -X ${PACKAGE}.gitTreeState=${GIT_TREE_STATE}\
+  -X ${PACKAGE}.kubectlVersion=${KUBECTL_VERSION}
 
 ifeq (${STATIC_BUILD}, true)
 override LDFLAGS += -extldflags "-static"
@@ -197,101 +142,63 @@ endif
 
 ifneq (${GIT_TAG},)
 IMAGE_TAG=${GIT_TAG}
-override LDFLAGS += -X ${PACKAGE}.gitTag=${GIT_TAG}
+LDFLAGS += -X ${PACKAGE}.gitTag=${GIT_TAG}
 else
 IMAGE_TAG?=latest
 endif
 
-# defaults for building images and manifests
 ifeq (${DOCKER_PUSH},true)
 ifndef IMAGE_NAMESPACE
 $(error IMAGE_NAMESPACE must be set to push images (e.g. IMAGE_NAMESPACE=argoproj))
 endif
 endif
 
-# Consruct prefix for docker image
-# Note: keeping same logic as in hacks/update_manifests.sh
-ifdef IMAGE_REGISTRY
 ifdef IMAGE_NAMESPACE
-IMAGE_PREFIX=${IMAGE_REGISTRY}/${IMAGE_NAMESPACE}/
-else
-$(error IMAGE_NAMESPACE must be set when IMAGE_REGISTRY is set (e.g. IMAGE_NAMESPACE=argoproj))
-endif
-else
-ifdef IMAGE_NAMESPACE
-# for backwards compatibility with the old way like IMAGE_NAMESPACE='quay.io/argoproj'
 IMAGE_PREFIX=${IMAGE_NAMESPACE}/
-else
-# Neither namespace nor registry given - apply the default values
-IMAGE_REGISTRY="quay.io"
-IMAGE_NAMESPACE="argoproj"
-IMAGE_PREFIX=${IMAGE_REGISTRY}/${IMAGE_NAMESPACE}/
-endif
-endif
-
-ifndef IMAGE_REPOSITORY
-IMAGE_REPOSITORY=argocd
 endif
 
 .PHONY: all
 all: cli image
 
-.PHONY: mockgen
-mockgen:
-	./hack/generate-mock.sh
+# We have some legacy requirements for being checked out within $GOPATH.
+# The ensure-gopath target can be used as dependency to ensure we are running
+# within these boundaries.
+.PHONY: ensure-gopath
+ensure-gopath:
+ifneq ("$(PWD)","$(LEGACY_PATH)")
+	@echo "Due to legacy requirements for codegen, repository needs to be checked out within \$$GOPATH"
+	@echo "Location of this repo should be '$(LEGACY_PATH)' but is '$(PWD)'"
+	@exit 1
+endif
 
 .PHONY: gogen
-gogen:
+gogen: ensure-gopath
 	export GO111MODULE=off
-	go generate ./...
+	go generate ./util/argo/...
 
 .PHONY: protogen
-protogen: mod-vendor-local protogen-fast
-
-.PHONY: protogen-fast
-protogen-fast:
+protogen: ensure-gopath
 	export GO111MODULE=off
 	./hack/generate-proto.sh
 
 .PHONY: openapigen
-openapigen:
+openapigen: ensure-gopath
 	export GO111MODULE=off
 	./hack/update-openapi.sh
 
-.PHONY: notification-catalog
-notification-catalog:
-	go run ./hack/gen-catalog catalog
-
-.PHONY: notification-docs
-notification-docs:
-	go run ./hack/gen-docs
-	go run ./hack/gen-catalog docs
-
-
 .PHONY: clientgen
-clientgen:
+clientgen: ensure-gopath
 	export GO111MODULE=off
 	./hack/update-codegen.sh
 
 .PHONY: clidocsgen
-clidocsgen:
-	go run tools/cmd-docs/main.go
-
-.PHONY: actionsdocsgen
-actionsdocsgen:
-	hack/generate-actions-list.sh
-
-.PHONY: resourceiconsgen
-resourceiconsgen:
-	hack/generate-icons-typescript.sh
+clidocsgen: ensure-gopath
+	go run tools/cmd-docs/main.go	
 
 .PHONY: codegen-local
-codegen-local: mod-vendor-local mockgen gogen protogen clientgen openapigen clidocsgen actionsdocsgen resourceiconsgen manifests-local notification-docs notification-catalog
+codegen-local: ensure-gopath mod-vendor-local gogen protogen clientgen openapigen clidocsgen manifests-local
 	rm -rf vendor/
 
-.PHONY: codegen-local-fast
-codegen-local-fast: mockgen gogen protogen-fast clientgen openapigen clidocsgen manifests-local notification-docs notification-catalog
-
 .PHONY: codegen
 codegen: test-tools-image
 	$(call run-in-test-client,make codegen-local)
@@ -302,58 +209,45 @@ cli: test-tools-image
 
 .PHONY: cli-local
 cli-local: clean-debug
-	CGO_ENABLED=${CGO_FLAG} GODEBUG="tarinsecurepath=0,zipinsecurepath=0" go build -gcflags="all=-N -l" $(COVERAGE_FLAG) -v -ldflags '${LDFLAGS}' -o ${DIST_DIR}/${CLI_NAME} ./cmd
-
-.PHONY: gen-resources-cli-local
-gen-resources-cli-local: clean-debug
-	CGO_ENABLED=${CGO_FLAG} GODEBUG="tarinsecurepath=0,zipinsecurepath=0" go build -v -ldflags '${LDFLAGS}' -o ${DIST_DIR}/${GEN_RESOURCES_CLI_NAME} ./hack/gen-resources/cmd
+	CGO_ENABLED=0 go build -v -ldflags '${LDFLAGS}' -o ${DIST_DIR}/${CLI_NAME} ./cmd
 
 .PHONY: release-cli
-release-cli: clean-debug build-ui
-	make BIN_NAME=argocd-darwin-amd64 GOOS=darwin argocd-all
-	make BIN_NAME=argocd-darwin-arm64 GOOS=darwin GOARCH=arm64 argocd-all
-	make BIN_NAME=argocd-linux-amd64 GOOS=linux argocd-all
-	make BIN_NAME=argocd-linux-arm64 GOOS=linux GOARCH=arm64 argocd-all
-	make BIN_NAME=argocd-linux-ppc64le GOOS=linux GOARCH=ppc64le argocd-all
-	make BIN_NAME=argocd-linux-s390x GOOS=linux GOARCH=s390x argocd-all
-	make BIN_NAME=argocd-windows-amd64.exe GOOS=windows argocd-all
+release-cli: clean-debug image
+	docker create --name tmp-argocd-linux $(IMAGE_PREFIX)argocd:$(IMAGE_TAG)
+	docker cp tmp-argocd-linux:/usr/local/bin/argocd ${DIST_DIR}/argocd-linux-amd64
+	docker cp tmp-argocd-linux:/usr/local/bin/argocd-darwin-amd64 ${DIST_DIR}/argocd-darwin-amd64
+	docker cp tmp-argocd-linux:/usr/local/bin/argocd-windows-amd64.exe ${DIST_DIR}/argocd-windows-amd64.exe
+	docker rm tmp-argocd-linux
 
 .PHONY: test-tools-image
 test-tools-image:
-ifndef SKIP_TEST_TOOLS_IMAGE
-	$(SUDO) $(DOCKER) build --build-arg UID=$(CONTAINER_UID) -t $(TEST_TOOLS_PREFIX)$(TEST_TOOLS_IMAGE) -f test/container/Dockerfile .
-	$(SUDO) $(DOCKER) tag $(TEST_TOOLS_PREFIX)$(TEST_TOOLS_IMAGE) $(TEST_TOOLS_PREFIX)$(TEST_TOOLS_IMAGE):$(TEST_TOOLS_TAG)
-endif
+	docker build --build-arg UID=$(shell id -u) -t $(TEST_TOOLS_PREFIX)$(TEST_TOOLS_IMAGE) -f test/container/Dockerfile .
+	docker tag $(TEST_TOOLS_PREFIX)$(TEST_TOOLS_IMAGE) $(TEST_TOOLS_PREFIX)$(TEST_TOOLS_IMAGE):$(TEST_TOOLS_TAG)
 
 .PHONY: manifests-local
 manifests-local:
 	./hack/update-manifests.sh
+
 .PHONY: manifests
 manifests: test-tools-image
-	$(call run-in-test-client,make manifests-local IMAGE_REGISTRY='${IMAGE_REGISTRY}' IMAGE_NAMESPACE='${IMAGE_NAMESPACE}' IMAGE_REPOSITORY='${IMAGE_REPOSITORY}' IMAGE_TAG='${IMAGE_TAG}')
-# consolidated binary for cli, util, server, repo-server, controller
+	$(call run-in-test-client,make manifests-local IMAGE_NAMESPACE='${IMAGE_NAMESPACE}' IMAGE_TAG='${IMAGE_TAG}')
 
+# consolidated binary for cli, util, server, repo-server, controller
 .PHONY: argocd-all
 argocd-all: clean-debug
-	CGO_ENABLED=${CGO_FLAG} GOOS=${GOOS} GOARCH=${GOARCH} GODEBUG="tarinsecurepath=0,zipinsecurepath=0" go build -v -ldflags '${LDFLAGS}' -o ${DIST_DIR}/${BIN_NAME} ./cmd
+	CGO_ENABLED=0 go build -v -ldflags '${LDFLAGS}' -o ${DIST_DIR}/${BIN_NAME} ./cmd
 
 .PHONY: server
 server: clean-debug
-	CGO_ENABLED=${CGO_FLAG} GODEBUG="tarinsecurepath=0,zipinsecurepath=0" go build -v -ldflags '${LDFLAGS}' -o ${DIST_DIR}/argocd-server ./cmd
+	CGO_ENABLED=0 go build -v -ldflags '${LDFLAGS}' -o ${DIST_DIR}/argocd-server ./cmd
 
 .PHONY: repo-server
 repo-server:
-	CGO_ENABLED=${CGO_FLAG} GODEBUG="tarinsecurepath=0,zipinsecurepath=0" go build -v -ldflags '${LDFLAGS}' -o ${DIST_DIR}/argocd-repo-server ./cmd
+	CGO_ENABLED=0 go build -v -ldflags '${LDFLAGS}' -o ${DIST_DIR}/argocd-repo-server ./cmd
 
 .PHONY: controller
 controller:
-	CGO_ENABLED=${CGO_FLAG} GODEBUG="tarinsecurepath=0,zipinsecurepath=0" go build -v -ldflags '${LDFLAGS}' -o ${DIST_DIR}/argocd-application-controller ./cmd
-
-.PHONY: build-ui
-build-ui:
-	DOCKER_BUILDKIT=1 $(DOCKER) build -t argocd-ui --platform=$(TARGET_ARCH) --target argocd-ui .
-	find ./ui/dist -type f -not -name gitkeep -delete
-	$(DOCKER) run -u $(CONTAINER_UID):$(CONTAINER_GID) -v ${CURRENT_DIR}/ui/dist/app:/tmp/app --rm -t argocd-ui sh -c 'cp -r ./dist/app/* /tmp/app/'
+	CGO_ENABLED=0 go build -v -ldflags '${LDFLAGS}' -o ${DIST_DIR}/argocd-application-controller ./cmd
 
 .PHONY: image
 ifeq ($(DEV_IMAGE), true)
@@ -361,30 +255,37 @@ ifeq ($(DEV_IMAGE), true)
 # which speeds up builds. Dockerfile.dev needs to be copied into dist to perform the build, since
 # the dist directory is under .dockerignore.
 IMAGE_TAG="dev-$(shell git describe --always --dirty)"
-image: build-ui
-	DOCKER_BUILDKIT=1 $(DOCKER) build --platform=$(TARGET_ARCH) -t argocd-base --target argocd-base .
-	GOOS=linux GOARCH=$(TARGET_ARCH:linux/%=%) GODEBUG="tarinsecurepath=0,zipinsecurepath=0" go build -v -ldflags '${LDFLAGS}' -o ${DIST_DIR}/argocd ./cmd
+image:
+	docker build -t argocd-base --target argocd-base .
+	docker build -t argocd-ui --target argocd-ui .
+	find ./ui/dist -type f -not -name gitkeep -delete
+	docker run -v ${CURRENT_DIR}/ui/dist/app:/tmp/app --rm -t argocd-ui sh -c 'cp -r ./dist/app/* /tmp/app/'
+	CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -v -ldflags '${LDFLAGS}' -o ${DIST_DIR}/argocd ./cmd
+	CGO_ENABLED=0 GOOS=darwin GOARCH=amd64 go build -v -ldflags '${LDFLAGS}' -o ${DIST_DIR}/argocd-darwin-amd64 ./cmd
+	CGO_ENABLED=0 GOOS=windows GOARCH=amd64 go build -v -ldflags '${LDFLAGS}' -o ${DIST_DIR}/argocd-windows-amd64.exe ./cmd
 	ln -sfn ${DIST_DIR}/argocd ${DIST_DIR}/argocd-server
 	ln -sfn ${DIST_DIR}/argocd ${DIST_DIR}/argocd-application-controller
 	ln -sfn ${DIST_DIR}/argocd ${DIST_DIR}/argocd-repo-server
 	ln -sfn ${DIST_DIR}/argocd ${DIST_DIR}/argocd-cmp-server
 	ln -sfn ${DIST_DIR}/argocd ${DIST_DIR}/argocd-dex
 	cp Dockerfile.dev dist
-	DOCKER_BUILDKIT=1 $(DOCKER) build --platform=$(TARGET_ARCH) -t $(IMAGE_PREFIX)$(IMAGE_REPOSITORY):$(IMAGE_TAG) -f dist/Dockerfile.dev dist
+	docker build -t $(IMAGE_PREFIX)argocd:$(IMAGE_TAG) -f dist/Dockerfile.dev dist
 else
 image:
-	DOCKER_BUILDKIT=1 $(DOCKER) build -t $(IMAGE_PREFIX)$(IMAGE_REPOSITORY):$(IMAGE_TAG) --platform=$(TARGET_ARCH) .
+	docker build -t $(IMAGE_PREFIX)argocd:$(IMAGE_TAG) .
 endif
-	@if [ "$(DOCKER_PUSH)" = "true" ] ; then $(DOCKER) push $(IMAGE_PREFIX)$(IMAGE_REPOSITORY):$(IMAGE_TAG) ; fi
+	@if [ "$(DOCKER_PUSH)" = "true" ] ; then docker push $(IMAGE_PREFIX)argocd:$(IMAGE_TAG) ; fi
 
 .PHONY: armimage
+# The "BUILD_ALL_CLIS" argument is to skip building the CLIs for darwin and windows
+# which would take a really long time.
 armimage:
-	$(DOCKER) build -t $(IMAGE_PREFIX)(IMAGE_REPOSITORY):$(IMAGE_TAG)-arm .
+	docker build -t $(IMAGE_PREFIX)argocd:$(IMAGE_TAG)-arm . --build-arg BUILD_ALL_CLIS="false"
 
 .PHONY: builder-image
 builder-image:
-	$(DOCKER) build  -t $(IMAGE_PREFIX)argo-cd-ci-builder:$(IMAGE_TAG) --target builder .
-	@if [ "$(DOCKER_PUSH)" = "true" ] ; then $(DOCKER) push $(IMAGE_PREFIX)argo-cd-ci-builder:$(IMAGE_TAG) ; fi
+	docker build  -t $(IMAGE_PREFIX)argo-cd-ci-builder:$(IMAGE_TAG) --target builder .
+	@if [ "$(DOCKER_PUSH)" = "true" ] ; then docker push $(IMAGE_PREFIX)argo-cd-ci-builder:$(IMAGE_TAG) ; fi
 
 .PHONY: mod-download
 mod-download: test-tools-image
@@ -402,6 +303,11 @@ mod-vendor: test-tools-image
 mod-vendor-local: mod-download-local
 	go mod vendor
 
+# Deprecated - replace by install-local-tools
+.PHONY: install-lint-tools
+install-lint-tools:
+	./hack/install.sh lint-tools
+
 # Run linter on the code
 .PHONY: lint
 lint: test-tools-image
@@ -411,7 +317,9 @@ lint: test-tools-image
 .PHONY: lint-local
 lint-local:
 	golangci-lint --version
-	golangci-lint run --fix --verbose
+	# NOTE: If you get a "Killed" OOM message, try reducing the value of GOGC
+	# See https://github.com/golangci/golangci-lint#memory-usage-of-golangci-lint
+	GOGC=$(ARGOCD_LINT_GOGC) GOMAXPROCS=2 golangci-lint run --fix --verbose --timeout 300s
 
 .PHONY: lint-ui
 lint-ui: test-tools-image
@@ -430,7 +338,7 @@ build: test-tools-image
 # Build all Go code (local version)
 .PHONY: build-local
 build-local:
-	GODEBUG="tarinsecurepath=0,zipinsecurepath=0" go build -v `go list ./... | grep -v 'resource_customizations\|test/e2e'`
+	go build -v `go list ./... | grep -v 'resource_customizations\|test/e2e'`
 
 # Run all unit tests
 #
@@ -443,24 +351,12 @@ test: test-tools-image
 
 # Run all unit tests (local version)
 .PHONY: test-local
-test-local: test-gitops-engine
-# run if TEST_MODULE is empty or does not point to gitops-engine tests
-ifneq ($(if $(TEST_MODULE),,ALL)$(filter-out github.com/argoproj/argo-cd/gitops-engine% ./gitops-engine%,$(TEST_MODULE)),)
+test-local:
 	if test "$(TEST_MODULE)" = ""; then \
-		DIST_DIR=${DIST_DIR} RERUN_FAILS=0 PACKAGES=`go list ./... | grep -v 'test/e2e'` ./hack/test.sh -args -test.gocoverdir="$(PWD)/test-results"; \
+		./hack/test.sh -coverprofile=coverage.out `go list ./... | grep -v 'test/e2e'`; \
 	else \
-		DIST_DIR=${DIST_DIR} RERUN_FAILS=0 PACKAGES="$(TEST_MODULE)" ./hack/test.sh -args -test.gocoverdir="$(PWD)/test-results" "$(TEST_MODULE)"; \
+		./hack/test.sh -coverprofile=coverage.out "$(TEST_MODULE)"; \
 	fi
-endif
-
-# Run gitops-engine unit tests
-.PHONY: test-gitops-engine
-test-gitops-engine:
-# run if TEST_MODULE is empty or points to gitops-engine tests
-ifneq ($(if $(TEST_MODULE),,ALL)$(filter github.com/argoproj/argo-cd/gitops-engine% ./gitops-engine%,$(TEST_MODULE)),)
-	mkdir -p $(PWD)/test-results
-	cd gitops-engine && go test -race -cover ./... -args -test.gocoverdir="$(PWD)/test-results"
-endif
 
 .PHONY: test-race
 test-race: test-tools-image
@@ -471,9 +367,9 @@ test-race: test-tools-image
 .PHONY: test-race-local
 test-race-local:
 	if test "$(TEST_MODULE)" = ""; then \
-		DIST_DIR=${DIST_DIR} RERUN_FAILS=0 PACKAGES=`go list ./... | grep -v 'test/e2e'` ./hack/test.sh -race -args -test.gocoverdir="$(PWD)/test-results"; \
+		./hack/test.sh -race -coverprofile=coverage.out `go list ./... | grep -v 'test/e2e'`; \
 	else \
-		DIST_DIR=${DIST_DIR} RERUN_FAILS=0 PACKAGES="$(TEST_MODULE)" ./hack/test.sh -race -args -test.gocoverdir="$(PWD)/test-results"; \
+		./hack/test.sh -race -coverprofile=coverage.out "$(TEST_MODULE)"; \
 	fi
 
 # Run the E2E test suite. E2E test servers (see start-e2e target) must be
@@ -487,7 +383,7 @@ test-e2e:
 test-e2e-local: cli-local
 	# NO_PROXY ensures all tests don't go out through a proxy if one is configured on the test system
 	export GO111MODULE=off
-	DIST_DIR=${DIST_DIR} RERUN_FAILS=$(ARGOCD_E2E_RERUN_FAILS) PACKAGES="./test/e2e" ARGOCD_E2E_RECORD=${ARGOCD_E2E_RECORD} ARGOCD_CONFIG_DIR=$(HOME)/.config/argocd-e2e ARGOCD_GPG_ENABLED=true NO_PROXY=* ./hack/test.sh -timeout $(ARGOCD_E2E_TEST_TIMEOUT) -v -args -test.gocoverdir="$(PWD)/test-results"
+	ARGOCD_GPG_ENABLED=true NO_PROXY=* ./hack/test.sh -timeout $(ARGOCD_E2E_TEST_TIMEOUT) -v ./test/e2e
 
 # Spawns a shell in the test server container for debugging purposes
 debug-test-server: test-tools-image
@@ -500,59 +396,38 @@ debug-test-client: test-tools-image
 # Starts e2e server in a container
 .PHONY: start-e2e
 start-e2e: test-tools-image
-	$(DOCKER) version
+	docker version
 	mkdir -p ${GOCACHE}
 	$(call run-in-test-server,make ARGOCD_PROCFILE=test/container/Procfile start-e2e-local)
 
 # Starts e2e server locally (or within a container)
 .PHONY: start-e2e-local
-start-e2e-local: mod-vendor-local dep-ui-local cli-local
+start-e2e-local:
 	kubectl create ns argocd-e2e || true
-	kubectl create ns argocd-e2e-external || true
-	kubectl create ns argocd-e2e-external-2 || true
 	kubectl config set-context --current --namespace=argocd-e2e
-	kustomize build test/manifests/base | kubectl apply --server-side --force-conflicts -f -
-	kubectl apply -f https://raw.githubusercontent.com/open-cluster-management/api/a6845f2ebcb186ec26b832f60c988537a58f3859/cluster/v1alpha1/0000_04_clusters.open-cluster-management.io_placementdecisions.crd.yaml
+	kustomize build test/manifests/base | kubectl apply -f -
 	# Create GPG keys and source directories
-	if test -d $(ARGOCD_E2E_DIR)/app/config/gpg; then rm -rf $(ARGOCD_E2E_DIR)/app/config/gpg/*; fi
-	mkdir -p $(ARGOCD_E2E_DIR)/app/config/gpg/keys && chmod 0700 $(ARGOCD_E2E_DIR)/app/config/gpg/keys
-	mkdir -p $(ARGOCD_E2E_DIR)/app/config/gpg/source && chmod 0700 $(ARGOCD_E2E_DIR)/app/config/gpg/source
-	mkdir -p $(ARGOCD_E2E_DIR)/app/config/plugin && chmod 0700 $(ARGOCD_E2E_DIR)/app/config/plugin
-	# create folders to hold go coverage results for each component
-	mkdir -p /tmp/coverage/app-controller
-	mkdir -p /tmp/coverage/api-server
-	mkdir -p /tmp/coverage/repo-server
-	mkdir -p /tmp/coverage/applicationset-controller
-	mkdir -p /tmp/coverage/notification
-	mkdir -p /tmp/coverage/commit-server
+	if test -d /tmp/argo-e2e/app/config/gpg; then rm -rf /tmp/argo-e2e/app/config/gpg/*; fi
+	mkdir -p /tmp/argo-e2e/app/config/gpg/keys && chmod 0700 /tmp/argo-e2e/app/config/gpg/keys
+	mkdir -p /tmp/argo-e2e/app/config/gpg/source && chmod 0700 /tmp/argo-e2e/app/config/gpg/source
+	mkdir -p /tmp/argo-e2e/app/config/plugin && chmod 0700 /tmp/argo-e2e/app/config/plugin
 	# set paths for locally managed ssh known hosts and tls certs data
-	ARGOCD_E2E_DIR=$(ARGOCD_E2E_DIR) \
-	ARGOCD_SSH_DATA_PATH=$(ARGOCD_E2E_DIR)/app/config/ssh \
-	ARGOCD_TLS_DATA_PATH=$(ARGOCD_E2E_DIR)/app/config/tls \
-	ARGOCD_GPG_DATA_PATH=$(ARGOCD_E2E_DIR)/app/config/gpg/source \
-	ARGOCD_GNUPGHOME=$(ARGOCD_E2E_DIR)/app/config/gpg/keys \
+	ARGOCD_SSH_DATA_PATH=/tmp/argo-e2e/app/config/ssh \
+	ARGOCD_TLS_DATA_PATH=/tmp/argo-e2e/app/config/tls \
+	ARGOCD_GPG_DATA_PATH=/tmp/argo-e2e/app/config/gpg/source \
+	ARGOCD_GNUPGHOME=/tmp/argo-e2e/app/config/gpg/keys \
 	ARGOCD_GPG_ENABLED=$(ARGOCD_GPG_ENABLED) \
-	ARGOCD_PLUGINCONFIGFILEPATH=$(ARGOCD_E2E_DIR)/app/config/plugin \
-	ARGOCD_PLUGINSOCKFILEPATH=$(ARGOCD_E2E_DIR)/app/config/plugin \
-	ARGOCD_GIT_CONFIG=$(PWD)/test/e2e/fixture/gitconfig \
+	ARGOCD_PLUGINCONFIGFILEPATH=/tmp/argo-e2e/app/config/plugin \
 	ARGOCD_E2E_DISABLE_AUTH=false \
 	ARGOCD_ZJWT_FEATURE_FLAG=always \
 	ARGOCD_IN_CI=$(ARGOCD_IN_CI) \
-	BIN_MODE=$(ARGOCD_BIN_MODE) \
-	ARGOCD_APPLICATION_NAMESPACES=argocd-e2e-external,argocd-e2e-external-2 \
-	ARGOCD_APPLICATIONSET_CONTROLLER_NAMESPACES=argocd-e2e-external,argocd-e2e-external-2 \
-	ARGOCD_APPLICATIONSET_CONTROLLER_TOKENREF_STRICT_MODE=true \
-	ARGOCD_APPLICATIONSET_CONTROLLER_ALLOWED_SCM_PROVIDERS=http://127.0.0.1:8341,http://127.0.0.1:8342,http://127.0.0.1:8343,http://127.0.0.1:8344 \
 	ARGOCD_E2E_TEST=true \
-	ARGOCD_HYDRATOR_ENABLED=true \
-	ARGOCD_CLUSTER_CACHE_EVENTS_PROCESSING_INTERVAL=1ms \
 		goreman -f $(ARGOCD_PROCFILE) start ${ARGOCD_START}
-	ls -lrt /tmp/coverage
 
 # Cleans VSCode debug.test files from sub-dirs to prevent them from being included in by golang embed
 .PHONY: clean-debug
 clean-debug:
-	-find ${CURRENT_DIR} -name debug.test -exec rm -f {} +
+	-find ${CURRENT_DIR} -name debug.test | xargs rm -f
 
 .PHONY: clean
 clean: clean-debug
@@ -560,12 +435,12 @@ clean: clean-debug
 
 .PHONY: start
 start: test-tools-image
-	$(DOCKER) version
+	docker version
 	$(call run-in-test-server,make ARGOCD_PROCFILE=test/container/Procfile start-local ARGOCD_START=${ARGOCD_START})
 
 # Starts a local instance of ArgoCD
 .PHONY: start-local
-start-local: mod-vendor-local dep-ui-local cli-local
+start-local: mod-vendor-local dep-ui-local
 	# check we can connect to Docker to start Redis
 	killall goreman || true
 	kubectl create ns argocd || true
@@ -573,13 +448,10 @@ start-local: mod-vendor-local dep-ui-local cli-local
 	mkdir -p /tmp/argocd-local
 	mkdir -p /tmp/argocd-local/gpg/keys && chmod 0700 /tmp/argocd-local/gpg/keys
 	mkdir -p /tmp/argocd-local/gpg/source
-	REDIS_PASSWORD=$(shell kubectl get secret argocd-redis -o jsonpath='{.data.auth}' | base64 -d) \
 	ARGOCD_ZJWT_FEATURE_FLAG=always \
 	ARGOCD_IN_CI=false \
 	ARGOCD_GPG_ENABLED=$(ARGOCD_GPG_ENABLED) \
-	BIN_MODE=$(ARGOCD_BIN_MODE) \
 	ARGOCD_E2E_TEST=false \
-	ARGOCD_APPLICATION_NAMESPACES=$(ARGOCD_APPLICATION_NAMESPACES) \
 		goreman -f $(ARGOCD_PROCFILE) start ${ARGOCD_START}
 
 # Run goreman start with exclude option , provide exclude env variable with list of services
@@ -611,7 +483,7 @@ build-docs-local:
 
 .PHONY: build-docs
 build-docs:
-	$(DOCKER) run ${MKDOCS_RUN_ARGS} --rm -it -v ${CURRENT_DIR}:/docs -w /docs --entrypoint "" ${MKDOCS_DOCKER_IMAGE} sh -c 'pip install -r docs/requirements.txt; mkdocs build'
+	docker run ${MKDOCS_RUN_ARGS} --rm -it -p 8000:8000 -v ${CURRENT_DIR}:/docs ${MKDOCS_DOCKER_IMAGE} build
 
 .PHONY: serve-docs-local
 serve-docs-local:
@@ -619,7 +491,12 @@ serve-docs-local:
 
 .PHONY: serve-docs
 serve-docs:
-	$(DOCKER) run ${MKDOCS_RUN_ARGS} --rm -it -p 8000:8000 -v ${CURRENT_DIR}:/docs -w /docs --entrypoint "" ${MKDOCS_DOCKER_IMAGE} sh -c 'pip install -r docs/requirements.txt; mkdocs serve -a $$(ip route get 1 | awk '\''{print $$7}'\''):8000'
+	docker run ${MKDOCS_RUN_ARGS} --rm -it -p 8000:8000 -v ${CURRENT_DIR}:/docs ${MKDOCS_DOCKER_IMAGE} serve -a 0.0.0.0:8000
+
+.PHONY: lint-docs
+lint-docs:
+	#  https://github.com/dkhamsing/awesome_bot
+	find docs -name '*.md' -exec grep -l http {} + | xargs docker run --rm -v $(PWD):/mnt:ro dkhamsing/awesome_bot -t 3 --allow-dupe --allow-redirect --white-list `cat white-list | grep -v "#" | tr "\n" ','` --skip-save-results --
 
 # Verify that kubectl can connect to your K8s cluster from Docker
 .PHONY: verify-kube-connect
@@ -641,22 +518,20 @@ install-tools-local: install-test-tools-local install-codegen-tools-local instal
 # Installs all tools required for running unit & end-to-end tests (Linux packages)
 .PHONY: install-test-tools-local
 install-test-tools-local:
-	./hack/install.sh kustomize
-	./hack/install.sh helm
-	./hack/install.sh gotestsum
-	./hack/install.sh oras
+	./hack/install.sh kustomize-linux
+	./hack/install.sh ksonnet-linux
+	./hack/install.sh helm2-linux
+	./hack/install.sh helm-linux
 
 # Installs all tools required for running codegen (Linux packages)
 .PHONY: install-codegen-tools-local
 install-codegen-tools-local:
 	./hack/install.sh codegen-tools
-	./hack/install.sh codegen-go-tools
 
 # Installs all tools required for running codegen (Go packages)
 .PHONY: install-go-tools-local
 install-go-tools-local:
 	./hack/install.sh codegen-go-tools
-	./hack/install.sh lint-tools
 
 .PHONY: dep-ui
 dep-ui: test-tools-image
@@ -667,78 +542,3 @@ dep-ui-local:
 
 start-test-k8s:
 	go run ./hack/k8s
-
-.PHONY: list
-list:
-	@LC_ALL=C $(MAKE) -pRrq -f $(lastword $(MAKEFILE_LIST)) : 2>/dev/null | awk -v RS= -F: '/^# File/,/^# Finished Make data base/ {if ($$1 !~ "^[#.]") {print $$1}}' | sort | egrep -v -e '^[^[:alnum:]]' -e '^$@$$'
-
-.PHONY: applicationset-controller
-applicationset-controller:
-	GODEBUG="tarinsecurepath=0,zipinsecurepath=0" CGO_ENABLED=${CGO_FLAG} go build -v -ldflags '${LDFLAGS}' -o ${DIST_DIR}/argocd-applicationset-controller ./cmd
-
-.PHONY: checksums
-checksums:
-	sha256sum ./dist/$(BIN_NAME)-* | awk -F './dist/' '{print $$1 $$2}' > ./dist/$(BIN_NAME)-$(TARGET_VERSION)-checksums.txt
-
-.PHONY: snyk-container-tests
-snyk-container-tests:
-	./hack/snyk-container-tests.sh
-
-.PHONY: snyk-non-container-tests
-snyk-non-container-tests:
-	./hack/snyk-non-container-tests.sh
-
-.PHONY: snyk-report
-snyk-report:
-	./hack/snyk-report.sh $(target_branch)
-
-.PHONY: help
-help:
-	@echo 'Note: Generally an item w/ (-local) will run inside docker unless you use the -local variant'
-	@echo
-	@echo 'Common targets'
-	@echo
-	@echo 'all -- make cli and image'
-	@echo
-	@echo 'components:'
-	@echo '  applicationset-controller -- applicationset controller'
-	@echo '  cli(-local)               -- argocd cli program'
-	@echo '  controller                -- controller (orchestrator)'
-	@echo '  repo-server               -- repo server (manage repository instances)'
-	@echo '  server                    -- argocd web application'
-	@echo
-	@echo 'build:'
-	@echo '  image                     -- make image of the following items'
-	@echo '  build(-local)             -- compile go'
-	@echo '  build-docs(-local)        -- build docs'
-	@echo '  build-ui                  -- compile typescript'
-	@echo
-	@echo 'run:'
-	@echo '  run                       -- run the components locally'
-	@echo '  serve-docs(-local)        -- expose the documents for viewing in a browser'
-	@echo
-	@echo 'release:'
-	@echo '  release-cli'
-	@echo '  release-precheck'
-	@echo '  checksums'
-	@echo
-	@echo 'docs:'
-	@echo '  build-docs(-local)'
-	@echo '  serve-docs(-local)'
-	@echo '  notification-docs'
-	@echo '  clidocsgen'
-	@echo
-	@echo 'testing:'
-	@echo '  test(-local)'
-	@echo '  start-e2e(-local)'
-	@echo '  test-e2e(-local)'
-	@echo '  test-race(-local)'
-	@echo
-	@echo 'debug:'
-	@echo '  list -- list all make targets'
-	@echo '  install-tools-local -- install all the tools below'
-	@echo
-	@echo 'codegen:'
-	@echo '  codegen(-local) -- if using -local, run the following targets first'
-	@echo '  install-codegen-tools-local -- run this to install the codegen tools'
-	@echo '  install-go-tools-local -- run this to install go libraries for codegen'

OWNERS

@@ -1,34 +1,23 @@
 owners:
 - alexmt
-- crenshaw-dev
 - jessesuen
 
 approvers:
 - alexec
 - alexmt
-- gdsoumya
 - jannfis
 - jessesuen
 - jgwest
-- keithchong
 - mayzhang2000
 - rbreeze
-- leoluz
-- crenshaw-dev
-- pasha-codefresh
 
 reviewers:
 - dthomson25
 - tetchel
-- terrytangyuan
 - wtam2018
 - ishitasequeira
 - reginapizza
 - hblixt
 - chetan-rns
 - wanghong230
-- ciiay
-- saumeya
-- zachaller
-- 34fathombelow
-- alexef
+- pasha-codefresh

Procfile

@@ -1,14 +1,9 @@
-controller: [ "$BIN_MODE" = 'true' ] && COMMAND=./dist/argocd || COMMAND='go run ./cmd/main.go' && sh -c "GOCOVERDIR=${ARGOCD_COVERAGE_DIR:-/tmp/coverage/app-controller} HOSTNAME=testappcontroller-1  FORCE_LOG_COLORS=1 ARGOCD_FAKE_IN_CLUSTER=true ARGOCD_TLS_DATA_PATH=${ARGOCD_TLS_DATA_PATH:-/tmp/argocd-local/tls} ARGOCD_SSH_DATA_PATH=${ARGOCD_SSH_DATA_PATH:-/tmp/argocd-local/ssh} ARGOCD_BINARY_NAME=argocd-application-controller $COMMAND --loglevel debug --redis localhost:${ARGOCD_E2E_REDIS_PORT:-6379} --repo-server localhost:${ARGOCD_E2E_REPOSERVER_PORT:-8081} --commit-server localhost:${ARGOCD_E2E_COMMITSERVER_PORT:-8086} --otlp-address=${ARGOCD_OTLP_ADDRESS} --application-namespaces=${ARGOCD_APPLICATION_NAMESPACES:-''} --server-side-diff-enabled=${ARGOCD_APPLICATION_CONTROLLER_SERVER_SIDE_DIFF:-'false'} --hydrator-enabled=${ARGOCD_HYDRATOR_ENABLED:='false'}"
-api-server: [ "$BIN_MODE" = 'true' ] && COMMAND=./dist/argocd || COMMAND='go run ./cmd/main.go' && sh -c "GOCOVERDIR=${ARGOCD_COVERAGE_DIR:-/tmp/coverage/api-server} FORCE_LOG_COLORS=1 ARGOCD_FAKE_IN_CLUSTER=true ARGOCD_TLS_DATA_PATH=${ARGOCD_TLS_DATA_PATH:-/tmp/argocd-local/tls} ARGOCD_SSH_DATA_PATH=${ARGOCD_SSH_DATA_PATH:-/tmp/argocd-local/ssh} ARGOCD_BINARY_NAME=argocd-server $COMMAND --loglevel debug --redis localhost:${ARGOCD_E2E_REDIS_PORT:-6379} --disable-auth=${ARGOCD_E2E_DISABLE_AUTH:-'true'} --insecure --dex-server http://localhost:${ARGOCD_E2E_DEX_PORT:-5556} --repo-server localhost:${ARGOCD_E2E_REPOSERVER_PORT:-8081} --port ${ARGOCD_E2E_APISERVER_PORT:-8080} --otlp-address=${ARGOCD_OTLP_ADDRESS} --application-namespaces=${ARGOCD_APPLICATION_NAMESPACES:-''} --hydrator-enabled=${ARGOCD_HYDRATOR_ENABLED:='false'}"
-dex: sh -c "ARGOCD_BINARY_NAME=argocd-dex go run github.com/argoproj/argo-cd/v3/cmd gendexcfg -o `pwd`/dist/dex.yaml && (test -f dist/dex.yaml || { echo 'Failed to generate dex configuration'; exit 1; }) && docker run --rm -p ${ARGOCD_E2E_DEX_PORT:-5556}:${ARGOCD_E2E_DEX_PORT:-5556} -v `pwd`/dist/dex.yaml:/dex.yaml ghcr.io/dexidp/dex:$(grep "image: ghcr.io/dexidp/dex" manifests/base/dex/argocd-dex-server-deployment.yaml | cut -d':' -f3) dex serve /dex.yaml"
-redis: hack/start-redis-with-password.sh
-repo-server: [ "$BIN_MODE" = 'true' ] && COMMAND=./dist/argocd || COMMAND='go run ./cmd/main.go' && sh -c "export PATH=./dist:\$PATH && [ -n \"\$ARGOCD_GIT_CONFIG\" ] && export GIT_CONFIG_GLOBAL=\$ARGOCD_GIT_CONFIG && export GIT_CONFIG_NOSYSTEM=1; GOCOVERDIR=${ARGOCD_COVERAGE_DIR:-/tmp/coverage/repo-server} FORCE_LOG_COLORS=1 ARGOCD_FAKE_IN_CLUSTER=true ARGOCD_GNUPGHOME=${ARGOCD_GNUPGHOME:-/tmp/argocd-local/gpg/keys} ARGOCD_PLUGINSOCKFILEPATH=${ARGOCD_PLUGINSOCKFILEPATH:-./test/cmp}  ARGOCD_GPG_DATA_PATH=${ARGOCD_GPG_DATA_PATH:-/tmp/argocd-local/gpg/source} ARGOCD_TLS_DATA_PATH=${ARGOCD_TLS_DATA_PATH:-/tmp/argocd-local/tls} ARGOCD_SSH_DATA_PATH=${ARGOCD_SSH_DATA_PATH:-/tmp/argocd-local/ssh} ARGOCD_BINARY_NAME=argocd-repo-server ARGOCD_GPG_ENABLED=${ARGOCD_GPG_ENABLED:-false} $COMMAND --loglevel debug --port ${ARGOCD_E2E_REPOSERVER_PORT:-8081} --redis localhost:${ARGOCD_E2E_REDIS_PORT:-6379} --otlp-address=${ARGOCD_OTLP_ADDRESS}"
-cmp-server: [ "$ARGOCD_E2E_TEST" = 'true' ] && exit 0 || [ "$BIN_MODE" = 'true' ] && COMMAND=./dist/argocd || COMMAND='go run ./cmd/main.go' && sh -c "FORCE_LOG_COLORS=1 ARGOCD_FAKE_IN_CLUSTER=true ARGOCD_BINARY_NAME=argocd-cmp-server ARGOCD_PLUGINSOCKFILEPATH=${ARGOCD_PLUGINSOCKFILEPATH:-./test/cmp} $COMMAND --config-dir-path ./test/cmp --loglevel debug --otlp-address=${ARGOCD_OTLP_ADDRESS}"
-commit-server: [ "$BIN_MODE" = 'true' ] && COMMAND=./dist/argocd || COMMAND='go run ./cmd/main.go' && sh -c "GOCOVERDIR=${ARGOCD_COVERAGE_DIR:-/tmp/coverage/commit-server} FORCE_LOG_COLORS=1 ARGOCD_BINARY_NAME=argocd-commit-server $COMMAND --loglevel debug --port ${ARGOCD_E2E_COMMITSERVER_PORT:-8086}"
+controller: sh -c "FORCE_LOG_COLORS=1 ARGOCD_FAKE_IN_CLUSTER=true ARGOCD_TLS_DATA_PATH=${ARGOCD_TLS_DATA_PATH:-/tmp/argocd-local/tls} ARGOCD_SSH_DATA_PATH=${ARGOCD_SSH_DATA_PATH:-/tmp/argocd-local/ssh} ARGOCD_BINARY_NAME=argocd-application-controller go run ./cmd/main.go --loglevel debug --redis localhost:${ARGOCD_E2E_REDIS_PORT:-6379} --repo-server localhost:${ARGOCD_E2E_REPOSERVER_PORT:-8081}"
+api-server: sh -c "FORCE_LOG_COLORS=1 ARGOCD_FAKE_IN_CLUSTER=true ARGOCD_TLS_DATA_PATH=${ARGOCD_TLS_DATA_PATH:-/tmp/argocd-local/tls} ARGOCD_SSH_DATA_PATH=${ARGOCD_SSH_DATA_PATH:-/tmp/argocd-local/ssh} ARGOCD_BINARY_NAME=argocd-server go run ./cmd/main.go --loglevel debug --redis localhost:${ARGOCD_E2E_REDIS_PORT:-6379} --disable-auth=${ARGOCD_E2E_DISABLE_AUTH:-'true'} --insecure --dex-server http://localhost:${ARGOCD_E2E_DEX_PORT:-5556} --repo-server localhost:${ARGOCD_E2E_REPOSERVER_PORT:-8081} --port ${ARGOCD_E2E_APISERVER_PORT:-8080} "
+dex: sh -c "ARGOCD_BINARY_NAME=argocd-dex go run github.com/argoproj/argo-cd/v2/cmd gendexcfg -o `pwd`/dist/dex.yaml && docker run --rm -p ${ARGOCD_E2E_DEX_PORT:-5556}:${ARGOCD_E2E_DEX_PORT:-5556} -v `pwd`/dist/dex.yaml:/dex.yaml ghcr.io/dexidp/dex:v2.30.2 dex serve /dex.yaml"
+redis: bash -c "if [ \"$ARGOCD_REDIS_LOCAL\" == 'true' ]; then redis-server --save '' --appendonly no --port ${ARGOCD_E2E_REDIS_PORT:-6379}; else docker run --rm --name argocd-redis -i -p ${ARGOCD_E2E_REDIS_PORT:-6379}:${ARGOCD_E2E_REDIS_PORT:-6379} redis:6.2.6-alpine --save '' --appendonly no --port ${ARGOCD_E2E_REDIS_PORT:-6379}; fi"
+repo-server: sh -c "FORCE_LOG_COLORS=1 ARGOCD_FAKE_IN_CLUSTER=true ARGOCD_GNUPGHOME=${ARGOCD_GNUPGHOME:-/tmp/argocd-local/gpg/keys} ARGOCD_PLUGINSOCKFILEPATH=${ARGOCD_PLUGINSOCKFILEPATH:-/tmp/argo-e2e/app/config/plugin}  ARGOCD_GPG_DATA_PATH=${ARGOCD_GPG_DATA_PATH:-/tmp/argocd-local/gpg/source} ARGOCD_TLS_DATA_PATH=${ARGOCD_TLS_DATA_PATH:-/tmp/argocd-local/tls} ARGOCD_SSH_DATA_PATH=${ARGOCD_SSH_DATA_PATH:-/tmp/argocd-local/ssh} ARGOCD_BINARY_NAME=argocd-repo-server ARGOCD_GPG_ENABLED=${ARGOCD_GPG_ENABLED:-false} go run ./cmd/main.go --loglevel debug --port ${ARGOCD_E2E_REPOSERVER_PORT:-8081} --redis localhost:${ARGOCD_E2E_REDIS_PORT:-6379}"
 ui: sh -c 'cd ui && ${ARGOCD_E2E_YARN_CMD:-yarn} start'
 git-server: test/fixture/testrepos/start-git.sh
 helm-registry: test/fixture/testrepos/start-helm-registry.sh
-oci-registry: test/fixture/testrepos/start-authenticated-helm-registry.sh
-dev-mounter: [ "$ARGOCD_E2E_TEST" != "true" ] && go run hack/dev-mounter/main.go --configmap argocd-ssh-known-hosts-cm=${ARGOCD_SSH_DATA_PATH:-/tmp/argocd-local/ssh} --configmap argocd-tls-certs-cm=${ARGOCD_TLS_DATA_PATH:-/tmp/argocd-local/tls} --configmap argocd-gpg-keys-cm=${ARGOCD_GPG_DATA_PATH:-/tmp/argocd-local/gpg/source}
-applicationset-controller: [ "$BIN_MODE" = 'true' ] && COMMAND=./dist/argocd || COMMAND='go run ./cmd/main.go' && sh -c "GOCOVERDIR=${ARGOCD_COVERAGE_DIR:-/tmp/coverage/applicationset-controller} FORCE_LOG_COLORS=4 ARGOCD_FAKE_IN_CLUSTER=true ARGOCD_TLS_DATA_PATH=${ARGOCD_TLS_DATA_PATH:-/tmp/argocd-local/tls} ARGOCD_SSH_DATA_PATH=${ARGOCD_SSH_DATA_PATH:-/tmp/argocd-local/ssh} ARGOCD_BINARY_NAME=argocd-applicationset-controller $COMMAND --loglevel debug --metrics-addr localhost:12345 --probe-addr localhost:12346 --argocd-repo-server localhost:${ARGOCD_E2E_REPOSERVER_PORT:-8081}"
-notification: [ "$BIN_MODE" = 'true' ] && COMMAND=./dist/argocd || COMMAND='go run ./cmd/main.go' && sh -c "GOCOVERDIR=${ARGOCD_COVERAGE_DIR:-/tmp/coverage/notification} FORCE_LOG_COLORS=4 ARGOCD_FAKE_IN_CLUSTER=true ARGOCD_TLS_DATA_PATH=${ARGOCD_TLS_DATA_PATH:-/tmp/argocd-local/tls} ARGOCD_BINARY_NAME=argocd-notifications $COMMAND --loglevel debug --application-namespaces=${ARGOCD_APPLICATION_NAMESPACES:-''} --self-service-notification-enabled=${ARGOCD_NOTIFICATION_CONTROLLER_SELF_SERVICE_NOTIFICATION_ENABLED:-'false'}"
+dev-mounter: [[ "$ARGOCD_E2E_TEST" != "true" ]] && go run hack/dev-mounter/main.go --configmap argocd-ssh-known-hosts-cm=${ARGOCD_SSH_DATA_PATH:-/tmp/argocd-local/ssh} --configmap argocd-tls-certs-cm=${ARGOCD_TLS_DATA_PATH:-/tmp/argocd-local/tls} --configmap argocd-gpg-keys-cm=${ARGOCD_GPG_DATA_PATH:-/tmp/argocd-local/gpg/source}

README.md

@@ -1,19 +1,8 @@
-**Releases:**
-[![Release Version](https://img.shields.io/github/v/release/argoproj/argo-cd?label=argo-cd)](https://github.com/argoproj/argo-cd/releases/latest)
-[![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/argo-cd)](https://artifacthub.io/packages/helm/argo/argo-cd)
-[![SLSA 3](https://slsa.dev/images/gh-badge-level3.svg)](https://slsa.dev)
-
-**Code:** 
 [![Integration tests](https://github.com/argoproj/argo-cd/workflows/Integration%20tests/badge.svg?branch=master)](https://github.com/argoproj/argo-cd/actions?query=workflow%3A%22Integration+tests%22)
+[![slack](https://img.shields.io/badge/slack-argoproj-brightgreen.svg?logo=slack)](https://argoproj.github.io/community/join-slack)
 [![codecov](https://codecov.io/gh/argoproj/argo-cd/branch/master/graph/badge.svg)](https://codecov.io/gh/argoproj/argo-cd)
+[![Release Version](https://img.shields.io/github/v/release/argoproj/argo-cd?label=argo-cd)](https://github.com/argoproj/argo-cd/releases/latest)
 [![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/4486/badge)](https://bestpractices.coreinfrastructure.org/projects/4486)
-[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/argoproj/argo-cd/badge)](https://scorecard.dev/viewer/?uri=github.com/argoproj/argo-cd)
-
-**Social:**
-[![Twitter Follow](https://img.shields.io/twitter/follow/argoproj?style=social)](https://twitter.com/argoproj)
-[![Slack](https://img.shields.io/badge/slack-argoproj-brightgreen.svg?logo=slack)](https://argoproj.github.io/community/join-slack)
-[![LinkedIn](https://img.shields.io/badge/LinkedIn-argoproj-blue.svg?logo=linkedin)](https://www.linkedin.com/company/argoproj/)
-[![Bluesky](https://img.shields.io/badge/Bluesky-argoproj-blue.svg?style=social&logo=bluesky)](https://bsky.app/profile/argoproj.bsky.social)
 
 # Argo CD - Declarative Continuous Delivery for Kubernetes
 
@@ -47,8 +36,8 @@ Check live demo at https://cd.apps.argoproj.io/.
 
 * Q & A : [Github Discussions](https://github.com/argoproj/argo-cd/discussions)
 * Chat : [The #argo-cd Slack channel](https://argoproj.github.io/community/join-slack)
-* Contributors Office Hours: [Every Thursday](https://calendar.google.com/calendar/u/0/embed?src=argoproj@gmail.com) | [Agenda](https://docs.google.com/document/d/1xkoFkVviB70YBzSEa4bDnu-rUZ1sIFtwKKG1Uw8XsY8)
-* User Community meeting: [First Wednesday of the month](https://calendar.google.com/calendar/u/0/embed?src=argoproj@gmail.com) | [Agenda](https://docs.google.com/document/d/1ttgw98MO45Dq7ZUHpIiOIEfbyeitKHNfMjbY5dLLMKQ)
+* Contributors Office Hours: [Every Thursday](https://calendar.google.com/calendar/u/0/embed?src=argoproj@gmail.com) | [Agenda](https://docs.google.com/document/d/1ttgw98MO45Dq7ZUHpIiOIEfbyeitKHNfMjbY5dLLMKQ)
+* User Community meeting: [Every other Wednesday](https://calendar.google.com/calendar/u/0/embed?src=argoproj@gmail.com) | [Agenda](https://docs.google.com/document/d/1xkoFkVviB70YBzSEa4bDnu-rUZ1sIFtwKKG1Uw8XsY8)
 
 
 Participation in the Argo CD project is governed by the [CNCF Code of Conduct](https://github.com/cncf/foundation/blob/master/code-of-conduct.md)
@@ -57,7 +46,6 @@ Participation in the Argo CD project is governed by the [CNCF Code of Conduct](h
 ### Blogs and Presentations
 
 1. [Awesome-Argo: A Curated List of Awesome Projects and Resources Related to Argo](https://github.com/terrytangyuan/awesome-argo)
-1. [Unveil the Secret Ingredients of Continuous Delivery at Enterprise Scale with Argo CD](https://akuity.io/blog/secret-ingredients-of-continuous-delivery-at-enterprise-scale-with-argocd/)
 1. [GitOps Without Pipelines With ArgoCD Image Updater](https://youtu.be/avPUQin9kzU)
 1. [Combining Argo CD (GitOps), Crossplane (Control Plane), And KubeVela (OAM)](https://youtu.be/eEcgn_gU3SM)
 1. [How to Apply GitOps to Everything - Combining Argo CD and Crossplane](https://youtu.be/yrj4lmScKHQ)
@@ -83,8 +71,4 @@ Participation in the Argo CD project is governed by the [CNCF Code of Conduct](h
 1. [Applied GitOps with Argo CD](https://thenewstack.io/applied-gitops-with-argocd/)
 1. [Solving configuration drift using GitOps with Argo CD](https://www.cncf.io/blog/2020/12/17/solving-configuration-drift-using-gitops-with-argo-cd/)
 1. [Decentralized GitOps over environments](https://blogs.sap.com/2021/05/06/decentralized-gitops-over-environments/)
-1. [Getting Started with ArgoCD for GitOps Deployments](https://youtu.be/AvLuplh1skA)
-1. [Using Argo CD & Datree for Stable Kubernetes CI/CD Deployments](https://youtu.be/17894DTru2Y)
-1. [How to create Argo CD Applications Automatically using ApplicationSet? "Automation of GitOps"](https://amralaayassen.medium.com/how-to-create-argocd-applications-automatically-using-applicationset-automation-of-the-gitops-59455eaf4f72)
-1. [Progressive Delivery with Service Mesh – Argo Rollouts with Istio](https://www.cncf.io/blog/2022/12/16/progressive-delivery-with-service-mesh-argo-rollouts-with-istio/)
-
+1. [How GitOps and Operators mark the rise of Infrastructure-As-Software](https://paytmlabs.com/blog/2021/10/how-to-improve-operational-work-with-operators-and-gitops/)

SECURITY-INSIGHTS.yml

@@ -1,128 +0,0 @@
-header:
-  schema-version: 1.0.0
-  expiration-date: '2024-10-31T00:00:00.000Z' # One year from initial release.
-  last-updated: '2023-10-27'
-  last-reviewed: '2023-10-27'
-  commit-hash: 814db444c36503851dc3d45cf9c44394821ca1a4
-  project-url: https://github.com/argoproj/argo-cd
-  project-release: v3.4.0
-  changelog: https://github.com/argoproj/argo-cd/releases
-  license: https://github.com/argoproj/argo-cd/blob/master/LICENSE
-project-lifecycle:
-  status: active
-  roadmap: https://github.com/orgs/argoproj/projects/25
-  bug-fixes-only: false
-  core-maintainers:
-    - https://github.com/argoproj/argoproj/blob/master/MAINTAINERS.md
-  release-cycle: https://argo-cd.readthedocs.io/en/stable/developer-guide/release-process-and-cadence/
-  release-process: https://argo-cd.readthedocs.io/en/stable/developer-guide/release-process-and-cadence/#release-process
-contribution-policy:
-  accepts-pull-requests: true
-  accepts-automated-pull-requests: true
-  automated-tools-list:
-    - automated-tool: dependabot
-      action: allowed
-      path:
-        - /
-    - automated-tool: snyk-report
-      action: allowed
-      path:
-        - docs/snyk
-      comment: |
-        This tool runs Snyk and generates a report of vulnerabilities in the project's dependencies. The report is 
-        placed in the project's documentation. The workflow is defined here:
-        https://github.com/argoproj/argo-cd/blob/master/.github/workflows/update-snyk.yaml
-  contributing-policy: https://argo-cd.readthedocs.io/en/stable/developer-guide/code-contributions/
-  code-of-conduct: https://github.com/cncf/foundation/blob/master/code-of-conduct.md
-documentation:
-  - https://argo-cd.readthedocs.io/
-distribution-points:
-  - https://github.com/argoproj/argo-cd/releases
-  - https://quay.io/repository/argoproj/argocd
-security-artifacts:
-  threat-model:
-    threat-model-created: true
-    evidence-url:
-      - https://github.com/argoproj/argoproj/blob/master/docs/argo_threat_model.pdf
-      - https://github.com/argoproj/argoproj/blob/master/docs/end_user_threat_model.pdf
-  self-assessment:
-    self-assessment-created: false
-    comment: |
-      An extensive self-assessment was performed for CNCF graduation. Because the self-assessment process was evolving
-      at the time, no standardized document has been published.
-security-testing:
-  - tool-type: sca
-    tool-name: Dependabot
-    tool-version: "2"
-    tool-url: https://github.com/dependabot
-    integration:
-      ad-hoc: false
-      ci: false
-      before-release: false
-    tool-rulesets:
-      - https://github.com/argoproj/argo-cd/blob/master/.github/dependabot.yml
-  - tool-type: sca
-    tool-name: Snyk
-    tool-version: latest
-    tool-url: https://snyk.io/
-    integration:
-      ad-hoc: true
-      ci: true
-      before-release: false
-  - tool-type: sast
-    tool-name: CodeQL
-    tool-version: latest
-    tool-url: https://codeql.github.com/
-    integration:
-      ad-hoc: false
-      ci: true
-      before-release: false
-    comment: |
-      We use the default configuration with the latest version.
-security-assessments:
-  - auditor-name: Trail of Bits
-    auditor-url: https://trailofbits.com
-    auditor-report: https://github.com/argoproj/argoproj/blob/master/docs/argo_security_final_report.pdf
-    report-year: 2021
-  - auditor-name: Ada Logics
-    auditor-url: https://adalogics.com
-    auditor-report: https://github.com/argoproj/argoproj/blob/master/docs/argo_security_audit_2022.pdf
-    report-year: 2022
-  - auditor-name: Ada Logics
-    auditor-url: https://adalogics.com
-    auditor-report: https://github.com/argoproj/argoproj/blob/master/docs/audit_fuzzer_adalogics_2022.pdf
-    report-year: 2022
-    comment: |
-      Part of the audit was performed by Ada Logics, focussed on fuzzing.
-  - auditor-name: Chainguard
-    auditor-url: https://chainguard.dev
-    auditor-report: https://github.com/argoproj/argoproj/blob/master/docs/software_supply_chain_slsa_assessment_chainguard_2023.pdf
-    report-year: 2023
-    comment: |
-      Confirmed the project's release process as achieving SLSA (v0.1) level 3.
-security-contacts:
-  - type: email
-    value: cncf-argo-security@lists.cncf.io
-    primary: true
-vulnerability-reporting:
-  accepts-vulnerability-reports: true
-  email-contact: cncf-argo-security@lists.cncf.io
-  security-policy: https://github.com/argoproj/argo-cd/security/policy
-  bug-bounty-available: true
-  bug-bounty-url: https://hackerone.com/ibb/policy_scopes
-  out-scope:
-    - vulnerable and outdated components # See https://github.com/argoproj/argo-cd/blob/master/SECURITY.md#a-word-about-security-scanners
-    - security logging and monitoring failures
-dependencies:
-  third-party-packages: true
-  dependencies-lists:
-    - https://github.com/argoproj/argo-cd/blob/master/go.mod
-    - https://github.com/argoproj/argo-cd/blob/master/Dockerfile
-    - https://github.com/argoproj/argo-cd/blob/master/ui/package.json
-  sbom:
-    - sbom-file: https://github.com/argoproj/argo-cd/releases # Every release's assets include SBOMs.
-      sbom-format: SPDX
-  dependencies-lifecycle:
-    policy-url: https://argo-cd.readthedocs.io/en/stable/developer-guide/release-process-and-cadence/#dependencies-lifecycle-policy
-  env-dependencies-policy:
-    policy-url: https://argo-cd.readthedocs.io/en/stable/developer-guide/release-process-and-cadence/#dependencies-lifecycle-policy

SECURITY.md

@@ -1,12 +1,12 @@
 # Security Policy for Argo CD
 
-Version: **v1.5 (2023-03-06)**
+Version: **v1.2 (2020-08-07)**
 
 ## Preface
 
 As a deployment tool, Argo CD needs to have production access which makes
 security a very important topic. The Argoproj team takes security very
-seriously and is continuously working on improving it.
+seriously and is continuously working on improving it. 
 
 ## A word about security scanners
 
@@ -26,20 +26,18 @@ are well aware of the issues that may affect Argo CD and are constantly
 working on the remediation of those that affect Argo CD and our users.
 
 If you believe that we might have missed an issue that we should take a look
-at (that can happen), then please discuss it with us. If there is a CVE
-assigned to the issue, please do open an issue on our GitHub tracker instead
-of writing to the security contact e-mail, since things reported by scanners
-are public already and the discussion that might emerge is of benefit to the
-general community. However, please validate your scanner results and its
-impact on Argo CD before opening an issue at least roughly.
+at (that can happen), then please discuss it with us. But please, do validate
+that assumption before at least roughly.
 
 ## Supported Versions
 
-We currently support the last 3 minor versions of Argo CD with security and bug fixes.
+We currently support the most recent release (`N`, e.g. `1.8`) and the release
+previous to the most recent one (`N-1`, e.g. `1.7`). With the release of
+`N+1`, `N-1` drops out of support and `N` becomes `N-1`.
 
 We regularly perform patch releases (e.g. `1.8.5` and `1.7.12`) for the
 supported versions, which will contain fixes for security vulnerabilities and
-important bugs. Prior releases might receive critical security fixes on best
+important bugs. Prior releases might receive critical security fixes on a best
 effort basis, however, it cannot be guaranteed that security fixes get
 back-ported to these unsupported versions.
 
@@ -50,7 +48,7 @@ of releasing it within a patch branch for the currently supported releases.
 
 ## Reporting a Vulnerability
 
-If you find a security related bug in Argo CD, we kindly ask you for responsible
+If you find a security related bug in ArgoCD, we kindly ask you for responsible
 disclosure and for giving us appropriate time to react, analyze and develop a
 fix to mitigate the found security vulnerability.
 
@@ -58,32 +56,11 @@ We will do our best to react quickly on your inquiry, and to coordinate a fix
 and disclosure with you. Sometimes, it might take a little longer for us to
 react (e.g. out of office conditions), so please bear with us in these cases.
 
-We will publish security advisories using the
-[GitHub Security Advisories](https://github.com/argoproj/argo-cd/security/advisories)
-feature to keep our community well-informed, and will credit you for your
+We will publish security advisiories using the
+[Git Hub Security Advisories](https://github.com/argoproj/argo-cd/security/advisories)
+feature to keep our community well informed, and will credit you for your
 findings (unless you prefer to stay anonymous, of course).
 
-There are two ways to report a vulnerability to the Argo CD team:
+Please report vulnerabilities by e-mail to the following address: 
 
-* By opening a draft GitHub security advisory: https://github.com/argoproj/argo-cd/security/advisories/new
-* By e-mail to the following address: cncf-argo-security@lists.cncf.io
-
-## Internet Bug Bounty collaboration
-
-We're happy to announce that the Argo project is collaborating with the great
-folks over at
-[Hacker One](https://hackerone.com/) and their
-[Internet Bug Bounty program](https://hackerone.com/ibb)
-to reward the awesome people who find security vulnerabilities in the four
-main Argo projects (CD, Events, Rollouts and Workflows) and then work with
-us to fix and disclose them in a responsible manner.
-
-If you report a vulnerability to us as outlined in this security policy, we
-will work together with you to find out whether your finding is eligible for
-claiming a bounty, and also on how to claim it.
-
-## Securing your Argo CD Instance
-
-See the [operator manual security page](docs/operator-manual/security.md) for
-additional information about Argo CD's security features and how to make your
-Argo CD production ready.
+* cncf-argo-security@lists.cncf.io

SECURITY_CONTACTS

@@ -1,7 +1,7 @@
 # Defined below are the security contacts for this repo.
 #
 # DO NOT REPORT SECURITY VULNERABILITIES DIRECTLY TO THESE NAMES, FOLLOW THE
-# INSTRUCTIONS AT https://github.com/argoproj/argo-cd/security/policy
+# INSTRUCTIONS AT https://argo-cd.readthedocs.io/en/latest/security_considerations/#reporting-vulnerabilities
 
 alexmt
 edlee2121

Tiltfile

@@ -1,314 +0,0 @@
-load('ext://restart_process', 'docker_build_with_restart')
-load('ext://uibutton', 'cmd_button', 'location')
-
-# add ui button in web ui to run make codegen-local (top nav)
-cmd_button(
-    'make codegen-local',
-    argv=['sh', '-c', 'make codegen-local'],
-    location=location.NAV,
-    icon_name='terminal',
-    text='make codegen-local',
-)
-
-cmd_button(
-    'make test-local',
-    argv=['sh', '-c', 'make test-local'],
-    location=location.NAV,
-    icon_name='science',
-    text='make test-local',
-)
-
-# add ui button in web ui to run make codegen-local (top nav)
-cmd_button(
-    'make cli-local',
-    argv=['sh', '-c', 'make cli-local'],
-    location=location.NAV,
-    icon_name='terminal',
-    text='make cli-local',
-)
-
-# detect cluster architecture for build
-cluster_version = decode_yaml(local('kubectl version -o yaml'))
-platform = cluster_version['serverVersion']['platform']
-arch = platform.split('/')[1]
-
-# build the argocd binary on code changes
-code_deps = [
-    'applicationset',
-    'cmd',
-    'cmpserver',
-    'commitserver',
-    'common',
-    'controller',
-    'notification-controller',
-    'pkg',
-    'reposerver',
-    'server',
-    'util',
-    'go.mod',
-    'go.sum',
-]
-local_resource(
-    'build',
-    'CGO_ENABLED=0 GOOS=linux GOARCH=' + arch + ' go build -gcflags="all=-N -l" -mod=readonly -o .tilt-bin/argocd_linux cmd/main.go',
-    deps = code_deps,
-    allow_parallel=True,
-)
-
-# deploy the argocd manifests
-k8s_yaml(kustomize('manifests/dev-tilt'))
-
-# build dev image
-docker_build_with_restart(
-    'quay.io/argoproj/argocd:latest', 
-    context='.',
-    dockerfile='Dockerfile.tilt',
-    entrypoint=[
-        "/usr/bin/tini",
-        "-s",
-        "--",
-        "dlv",
-        "exec",
-        "--continue",
-        "--accept-multiclient",
-        "--headless",
-        "--listen=:2345",
-        "--api-version=2"
-    ],
-    platform=platform,
-    live_update=[
-        sync('.tilt-bin/argocd_linux', '/usr/local/bin/argocd'),
-    ],
-    only=[
-        '.tilt-bin',
-        'hack',
-        'entrypoint.sh',
-    ],
-    restart_file='/tilt/.restart-proc'
-)
-
-# build image for argocd-cli jobs
-docker_build(
-    'argocd-job', 
-    context='.',
-    dockerfile='Dockerfile.tilt',
-    platform=platform,
-    only=[
-        '.tilt-bin',
-        'hack',
-        'entrypoint.sh',
-    ]
-)
-
-# track argocd-server resources and port forward
-k8s_resource(
-    workload='argocd-server',
-    objects=[
-        'argocd-server:serviceaccount',
-        'argocd-server:role',
-        'argocd-server:rolebinding',
-        'argocd-cm:configmap',
-        'argocd-cmd-params-cm:configmap',
-        'argocd-gpg-keys-cm:configmap',
-        'argocd-rbac-cm:configmap',
-        'argocd-ssh-known-hosts-cm:configmap',
-        'argocd-tls-certs-cm:configmap',
-        'argocd-secret:secret',
-        'argocd-server-network-policy:networkpolicy',
-        'argocd-server:clusterrolebinding',
-        'argocd-server:clusterrole',
-    ],
-    port_forwards=[
-        '8080:8080',
-        '9345:2345',
-        '8083:8083'
-    ],
-    resource_deps=['build']
-)
-
-# track crds
-k8s_resource(
-    new_name='cluster-resources',
-    objects=[
-        'applications.argoproj.io:customresourcedefinition',
-        'applicationsets.argoproj.io:customresourcedefinition',
-        'appprojects.argoproj.io:customresourcedefinition',
-        'argocd:namespace'
-    ]
-)
-
-# track argocd-repo-server resources and port forward
-k8s_resource(
-    workload='argocd-repo-server',
-    objects=[
-        'argocd-repo-server:serviceaccount',
-        'argocd-repo-server-network-policy:networkpolicy',
-    ],
-    port_forwards=[
-        '8081:8081',
-        '9346:2345',
-        '8084:8084'
-    ],
-    resource_deps=['build']
-)
-
-# track argocd-redis resources and port forward
-k8s_resource(
-    workload='argocd-redis',
-    objects=[
-        'argocd-redis:serviceaccount',
-        'argocd-redis:role',
-        'argocd-redis:rolebinding',
-        'argocd-redis-network-policy:networkpolicy',
-    ],
-    port_forwards=[
-        '6379:6379',
-    ],
-    resource_deps=['build']
-)
-
-# track argocd-applicationset-controller resources
-k8s_resource(
-    workload='argocd-applicationset-controller',
-    objects=[
-        'argocd-applicationset-controller:serviceaccount',
-        'argocd-applicationset-controller-network-policy:networkpolicy',
-        'argocd-applicationset-controller:role',
-        'argocd-applicationset-controller:rolebinding',
-        'argocd-applicationset-controller:clusterrolebinding',
-        'argocd-applicationset-controller:clusterrole',
-    ],
-    port_forwards=[
-        '9347:2345',
-        '8085:8080',
-        '7000:7000'
-    ],
-    resource_deps=['build']
-)
-
-# track argocd-application-controller resources
-k8s_resource(
-    workload='argocd-application-controller',
-    objects=[
-        'argocd-application-controller:serviceaccount',
-        'argocd-application-controller-network-policy:networkpolicy',
-        'argocd-application-controller:role',
-        'argocd-application-controller:rolebinding',
-        'argocd-application-controller:clusterrolebinding',
-        'argocd-application-controller:clusterrole',
-    ],
-    port_forwards=[
-        '9348:2345',
-        '8086:8082',
-    ],
-    resource_deps=['build']
-)
-
-# track argocd-notifications-controller resources
-k8s_resource(
-    workload='argocd-notifications-controller',
-    objects=[
-        'argocd-notifications-controller:serviceaccount',
-        'argocd-notifications-controller-network-policy:networkpolicy',
-        'argocd-notifications-controller:role',
-        'argocd-notifications-controller:rolebinding',
-        'argocd-notifications-cm:configmap',
-        'argocd-notifications-secret:secret',
-    ],
-    port_forwards=[
-        '9349:2345',
-        '8087:9001',
-    ],
-    resource_deps=['build']
-)
-
-# track argocd-dex-server resources
-k8s_resource(
-    workload='argocd-dex-server',
-    objects=[
-        'argocd-dex-server:serviceaccount',
-        'argocd-dex-server-network-policy:networkpolicy',
-        'argocd-dex-server:role',
-        'argocd-dex-server:rolebinding',
-    ],
-    resource_deps=['build']
-)
-
-# track argocd-commit-server resources
-k8s_resource(
-    workload='argocd-commit-server',
-    objects=[
-        'argocd-commit-server:serviceaccount',
-        'argocd-commit-server-network-policy:networkpolicy',
-    ],
-    port_forwards=[
-        '9350:2345',
-        '8088:8087',
-        '8089:8086',
-    ],
-    resource_deps=['build']
-)
-
-# ui dependencies
-local_resource(
-    'node-modules',
-    'yarn',
-    dir='ui',
-    deps = [
-        'ui/package.json',
-        'ui/yarn.lock',
-    ],
-    allow_parallel=True,
-)
-
-# docker for ui
-docker_build(
-    'argocd-ui',
-    context='.',
-    dockerfile='Dockerfile.ui.tilt',
-    entrypoint=['sh', '-c', 'cd /app/ui && yarn start'], 
-    only=['ui'],
-    live_update=[
-        sync('ui', '/app/ui'),
-        run('sh -c "cd /app/ui && yarn install"', trigger=['/app/ui/package.json', '/app/ui/yarn.lock']),
-    ],
-)
-
-# track argocd-ui resources and port forward
-k8s_resource(
-    workload='argocd-ui',
-    port_forwards=[
-        '4000:4000',
-    ],
-    resource_deps=['node-modules'],
-)
-
-# linting
-local_resource(
-    'lint',
-    'make lint-local',
-    deps = code_deps,
-    allow_parallel=True,
-    resource_deps=['vendor']
-)
-
-local_resource(
-    'lint-ui',
-    'make lint-ui-local',
-    deps = [
-        'ui',
-    ],
-    allow_parallel=True,
-    resource_deps=['node-modules'],
-)
-
-local_resource(
-    'vendor',
-    'go mod vendor',
-    deps = [
-        'go.mod',
-        'go.sum',
-    ],
-    allow_parallel=True,
-)
-

USERS.md

@@ -1,440 +1,180 @@
 ## Who uses Argo CD?
 
-As the Argo Community grows, we'd like to keep track of our users. Please send a
-PR with your organization name if you are using Argo CD.
+As the Argo Community grows, we'd like to keep track of our users. Please send a PR with your organization name if you are using Argo CD.
 
 Currently, the following organizations are **officially** using Argo CD:
 
-1. [100ms](https://www.100ms.ai/)
 1. [127Labs](https://127labs.com/)
 1. [3Rein](https://www.3rein.com/)
-1. [42 School](https://42.fr/)
-1. [4data](https://4data.ch/)
 1. [7shifts](https://www.7shifts.com/)
 1. [Adevinta](https://www.adevinta.com/)
-1. [Adfinis](https://adfinis.com)
-1. [Adobe](https://www.adobe.com/)
 1. [Adventure](https://jp.adventurekk.com/)
-1. [Adyen](https://www.adyen.com)
-1. [AirQo](https://airqo.net/)
 1. [Akuity](https://akuity.io/)
-1. [Alarm.com](https://alarm.com/)
-1. [Alauda](https://alauda.io/)
-1. [Albert Heijn](https://ah.nl/)
 1. [Alibaba Group](https://www.alibabagroup.com/)
-1. [Allianz Direct](https://www.allianzdirect.de/)
-1. [AlphaSense](https://www.alpha-sense.com/)
-1. [Amadeus IT Group](https://amadeus.com/)
 1. [Ambassador Labs](https://www.getambassador.io/)
-1. [Ancestry](https://www.ancestry.com/)
-1. [Andgo Systems](https://www.andgosystems.com/)
-1. [ANSTO - Australian Synchrotron](https://www.synchrotron.org.au/)
 1. [Ant Group](https://www.antgroup.com/)
+1. [ANSTO - Australian Synchrotron](https://www.synchrotron.org.au/)
 1. [AppDirect](https://www.appdirect.com)
-1. [Arcadia](https://www.arcadia.io)
 1. [Arctiq Inc.](https://www.arctiq.ca)
-1. [Artemis Health by Nomi Health](https://www.artemishealth.com/)
-1. [Arturia](https://www.arturia.com)
-1. [ARZ Allgemeines Rechenzentrum GmbH](https://www.arz.at/)
-1. [Augury](https://www.augury.com/)
-1. [Autodesk](https://www.autodesk.com)
-1. [Axians ACSP](https://www.axians.fr)
+1. [ARZ Allgemeines Rechenzentrum GmbH ](https://www.arz.at/)
 1. [Axual B.V.](https://axual.com)
-1. [Back Market](https://www.backmarket.com)
-1. [Bajaj Finserv Health Ltd.](https://www.bajajfinservhealth.in)
 1. [Baloise](https://www.baloise.com)
-1. [Batumbu](https://batumbu.id)
 1. [BCDevExchange DevOps Platform](https://bcdevexchange.org/DevOpsPlatform)
 1. [Beat](https://thebeat.co/en/)
 1. [Beez Innovation Labs](https://www.beezlabs.com/)
-1. [Bedag Informatik AG](https://www.bedag.ch/)
-1. [Beleza Na Web](https://www.belezanaweb.com.br/)
-1. [Believable Bots](https://believablebots.io)
-1. [Bayer AG](https://bayer.com)
-1. [BigPanda](https://bigpanda.io)
 1. [BioBox Analytics](https://biobox.io)
+1. [BigPanda](https://bigpanda.io)
 1. [BMW Group](https://www.bmwgroup.com/)
-1. [Boozt](https://www.booztgroup.com/)
-1. [Bosch](https://www.bosch.com/)
-1. [Boticario](https://www.boticario.com.br/)
-1. [Broker Consulting, a.s.](https://www.bcas.cz/en/)
-1. [Bulder Bank](https://bulderbank.no)
-1. [Cabify](https://cabify.com/en)
-1. [CAM](https://cam-inc.co.jp)
 1. [Camptocamp](https://camptocamp.com)
-1. [Candis](https://www.candis.io)
 1. [Capital One](https://www.capitalone.com)
-1. [Capptain LTD](https://capptain.co/)
-1. [CARFAX Europe](https://www.carfax.eu)
 1. [CARFAX](https://www.carfax.com)
-1. [Carrefour Group](https://www.carrefour.com)
-1. [Casavo](https://casavo.com)
 1. [Celonis](https://www.celonis.com/)
-1. [CERN](https://home.cern/)
-1. [Chainnodes](https://chainnodes.org)
-1. [Chargetrip](https://chargetrip.com)
 1. [Chime](https://www.chime.com)
-1. [Chronicle Labs](https://chroniclelabs.org)
-1. [Cisco ET&I](https://eti.cisco.com/)
-1. [Close](https://www.close.com/)
-1. [Cloud Posse](https://www.cloudposse.com/)
-1. [Cloud Scale](https://cloudscaleinc.com/)
-1. [CloudScript](https://www.cloudscript.com.br/)
-1. [CloudGeometry](https://www.cloudgeometry.io/)
-1. [Cloudmate](https://cloudmt.co.kr/)
-1. [Cloudogu](https://cloudogu.com/)
-1. [Cobalt](https://www.cobalt.io/)
 1. [Codefresh](https://www.codefresh.io/)
 1. [Codility](https://www.codility.com/)
-1. [Cognizant](https://www.cognizant.com/)
-1. [Collins Aerospace](https://www.collinsaerospace.com/)
 1. [Commonbond](https://commonbond.co/)
-1. [Compatio.AI](https://compatio.ai/)
-1. [Contlo](https://contlo.com/)
-1. [Coralogix](https://coralogix.com/)
 1. [Crédit Agricole CIB](https://www.ca-cib.com)
 1. [CROZ d.o.o.](https://croz.net/)
 1. [CyberAgent](https://www.cyberagent.co.jp/en/)
 1. [Cybozu](https://cybozu-global.com)
+1. [Chargetrip](https://chargetrip.com)
 1. [D2iQ](https://www.d2iq.com)
-1. [DaoCloud](https://daocloud.io/)
-1. [Datarisk](https://www.datarisk.io/)
-1. [Daydream](https://daydream.ing)
-1. [Deloitte](https://www.deloitte.com/)
-1. [Dematic](https://www.dematic.com)
-1. [Deutsche Telekom AG](https://telekom.com)
-1. [Deutsche Bank AG](https://www.deutsche-bank.de/)
-1. [Devopsi - Poland Software/DevOps Consulting](https://devopsi.pl/)
 1. [Devtron Labs](https://github.com/devtron-labs/devtron)
-1. [DigitalEd](https://www.digitaled.com)
-1. [DigitalOcean](https://www.digitalocean.com)
-1. [Divar](https://divar.ir)
-1. [Divistant](https://divistant.com)
-2. [DocNetwork](https://docnetwork.org/)
-1. [Dott](https://ridedott.com)
-1. [Doubble](https://www.doubble.app)
-1. [Doximity](https://www.doximity.com/)
 1. [EDF Renewables](https://www.edf-re.com/)
 1. [edX](https://edx.org)
-1. [Elastic](https://elastic.co/)
-1. [Electronic Arts Inc.](https://www.ea.com)
-1. [Elementor](https://elementor.com/)
+1. [Electronic Arts Inc. ](https://www.ea.com)
 1. [Elium](https://www.elium.com)
 1. [END.](https://www.endclothing.com/)
 1. [Energisme](https://energisme.com/)
-1. [enigmo](https://enigmo.co.jp/)
-1. [Envoy](https://envoy.com/)
-1. [eSave](https://esave.es/)
-1. [Expedia](https://www.expedia.com)
-1. [Factorial](https://factorialhr.com/)
-1. [Farfetch](https://www.farfetch.com)
-1. [Faro](https://www.faro.com/)
 1. [Fave](https://myfave.com)
-1. [Flexport](https://www.flexport.com/)
-1. [Flip](https://flip.id)
-1. [Fly Security](https://www.flysecurity.com.br/)
-1. [Fonoa](https://www.fonoa.com/)
-1. [Fortra](https://www.fortra.com)
-1. [freee](https://corp.freee.co.jp/en/company/)
-1. [Freshop, Inc](https://www.freshop.com/)
 1. [Future PLC](https://www.futureplc.com/)
-1. [Flagler Health](https://www.flaglerhealth.io/)
-1. [G DATA CyberDefense AG](https://www.gdata-software.com/)
-1. [G-Research](https://www.gresearch.com/teams/open-source-software/)
 1. [Garner](https://www.garnercorp.com)
+1. [G DATA CyberDefense AG](https://www.gdata-software.com/)
 1. [Generali Deutschland AG](https://www.generali.de/)
-1. [Gepardec](https://gepardec.com/)
-1. [Getir](https://getir.com)
-1. [GetYourGuide](https://www.getyourguide.com/)
 1. [Gitpod](https://www.gitpod.io)
-1. [Gllue](https://gllue.com)
-1. [gloat](https://gloat.com/)
-1. [GLOBIS](https://globis.com)
 1. [Glovo](https://www.glovoapp.com)
-1. [GlueOps](https://glueops.dev)
 1. [GMETRI](https://gmetri.com/)
 1. [Gojek](https://www.gojek.io/)
-1. [GoTo Financial](https://gotofinancial.com/)
-1. [GoTo](https://www.goto.com/)
 1. [Greenpass](https://www.greenpass.com.br/)
-1. [Gridfuse](https://gridfuse.com/)
-1. [Groww](https://groww.in)
-1. [Grupo MasMovil](https://grupomasmovil.com/en/)
 1. [Handelsbanken](https://www.handelsbanken.se)
-1. [Hazelcast](https://hazelcast.com/)
 1. [Healy](https://www.healyworld.net)
-1. [Helio](https://helio.exchange)
-1. [hetao101](https://www.hetao101.com/)
-1. [Hetki](https://hetki.ai)
 1. [hipages](https://hipages.com.au/)
 1. [Hiya](https://hiya.com)
 1. [Honestbank](https://honestbank.com)
-1. [Hostinger](https://www.hostinger.com)
-1. [Hotjar](https://www.hotjar.com)
-1. [IABAI](https://www.iab.ai)
 1. [IBM](https://www.ibm.com/)
-1. [Ibotta](https://home.ibotta.com)
-1. [Icelandair](https://www.icelandair.com)
-1. [IFS](https://www.ifs.com)
 1. [IITS-Consulting](https://iits-consulting.de)
-1. [IllumiDesk](https://www.illumidesk.com)
-1. [Imagine Learning](https://www.imaginelearning.com/)
-1. [imaware](https://imaware.health)
-1. [Indeed](https://indeed.com)
 1. [Index Exchange](https://www.indexexchange.com/)
-1. [Info Support](https://www.infosupport.com/)
 1. [InsideBoard](https://www.insideboard.com)
-1. [Instruqt](https://www.instruqt.com)
-1. [Intel](https://www.intel.com)
 1. [Intuit](https://www.intuit.com/)
-1. [IQVIA](https://www.iqvia.com/)
-1. [Jellysmack](https://www.jellysmack.com)
 1. [Joblift](https://joblift.com/)
 1. [JovianX](https://www.jovianx.com/)
-1. [Kaltura](https://corp.kaltura.com/)
-1. [Kandji](https://www.kandji.io/)
 1. [Karrot](https://www.daangn.com/)
 1. [KarrotPay](https://www.daangnpay.com/)
 1. [Kasa](https://kasa.co.kr/)
-1. [Kave Home](https://kavehome.com)
-1. [Keeeb](https://www.keeeb.com/)
-1. [KelkooGroup](https://www.kelkoogroup.com)
 1. [Keptn](https://keptn.sh)
 1. [Kinguin](https://www.kinguin.net/)
 1. [KintoHub](https://www.kintohub.com/)
 1. [KompiTech GmbH](https://www.kompitech.com/)
-1. [Kong Inc.](https://konghq.com/)
-1. [KPMG](https://kpmg.com/uk)
-1. [KubeSphere](https://github.com/kubesphere)
-1. [Kurly](https://www.kurly.com/)
-1. [Kvist](https://kvistsolutions.com)
-1. [Kyriba](https://www.kyriba.com/)
-1. [Lattice](https://lattice.com)
-1. [LeFigaro](https://www.lefigaro.fr/)
-1. [Lely](https://www.lely.com/)
 1. [LexisNexis](https://www.lexisnexis.com/)
-1. [Lian Chu Securities](https://lczq.com)
-1. [Liatrio](https://www.liatrio.com)
-1. [Lightricks](https://www.lightricks.com/)
-1. [Loom](https://www.loom.com/)
-1. [Lucid Motors](https://www.lucidmotors.com/)
+1. [LINE](https://linecorp.com/en/)
 1. [Lytt](https://www.lytt.co/)
-1. [LY Corporation](https://www.lycorp.co.jp/en/)
-1. [Magic Leap](https://www.magicleap.com/)
-1. [Majid Al Futtaim](https://www.majidalfuttaim.com/)
 1. [Major League Baseball](https://mlb.com)
 1. [Mambu](https://www.mambu.com/)
-1. [MariaDB](https://mariadb.com)
 1. [Mattermost](https://www.mattermost.com)
 1. [Max Kelsen](https://www.maxkelsen.com/)
-1. [MeDirect](https://medirect.com.mt/)
-1. [Meican](https://meican.com/)
-1. [Meilleurs Agents](https://www.meilleursagents.com/)
-1. [Mercedes-Benz Tech Innovation](https://www.mercedes-benz-techinnovation.com/)
-1. [Mercedes-Benz.io](https://www.mercedes-benz.io/)
-1. [Metacore Games](https://metacoregames.com/)
-1. [Metanet](http://www.metanet.co.kr/en/)
 1. [MindSpore](https://mindspore.cn)
 1. [Mirantis](https://mirantis.com/)
-1. [Mission Lane](https://missionlane.com)
 1. [mixi Group](https://mixi.co.jp/)
 1. [Moengage](https://www.moengage.com/)
 1. [Money Forward](https://corp.moneyforward.com/en/)
-1. [MongoDB](https://www.mongodb.com/)
 1. [MOO Print](https://www.moo.com/)
-1. [Mozilla](https://www.mozilla.org)
 1. [MTN Group](https://www.mtn.com/)
-1. [Municipality of The Hague](https://www.denhaag.nl/)
-1. [My Job Glasses](https://myjobglasses.com)
 1. [Natura &Co](https://naturaeco.com/)
-1. [Netease Cloud Music](https://music.163.com/)
-1. [Nethopper](https://nethopper.io)
 1. [New Relic](https://newrelic.com/)
-1. [Nextbasket](https://nextbasket.com)
 1. [Nextdoor](https://nextdoor.com/)
-1. [Next Fit Sistemas](https://nextfit.com.br/)
 1. [Nikkei](https://www.nikkei.co.jp/nikkeiinfo/en/)
-1. [Nitro](https://gonitro.com)
-1. [NYCU, CS IT Center](https://it.cs.nycu.edu.tw)
-1. [Objective](https://www.objective.com.br/)
-1. [OCCMundial](https://occ.com.mx)
 1. [Octadesk](https://octadesk.com)
-1. [Octopus Deploy](https://octopus.com)
-1. [Olfeo](https://www.olfeo.com/)
-1. [omegaUp](https://omegaUp.com)
-1. [Omni](https://omni.se/)
-1. [Oncourse Home Solutions](https://oncoursehome.com/)
-1. [Open Analytics](https://openanalytics.eu)
 1. [openEuler](https://openeuler.org)
 1. [openGauss](https://opengauss.org/)
-1. [OpenGov](https://opengov.com)
 1. [openLooKeng](https://openlookeng.io)
 1. [OpenSaaS Studio](https://opensaas.studio)
 1. [Opensurvey](https://www.opensurvey.co.kr/)
-1. [OpsMx](https://opsmx.io)
-1. [OpsVerse](https://opsverse.io)
 1. [Optoro](https://www.optoro.com/)
 1. [Orbital Insight](https://orbitalinsight.com/)
-1. [Oscar Health Insurance](https://hioscar.com/)
-1. [Outpost24](https://outpost24.com/)
-1. [p3r](https://www.p3r.one/)
 1. [Packlink](https://www.packlink.com/)
-1. [PagerDuty](https://www.pagerduty.com/)
-1. [Pandosearch](https://www.pandosearch.com/en/home)
-1. [Patreon](https://www.patreon.com/)
-1. [PayIt](https://payitgov.com/)
 1. [PayPay](https://paypay.ne.jp/)
-1. [Paystack](https://paystack.com/)
 1. [Peloton Interactive](https://www.onepeloton.com/)
-1. [Percona](https://percona.com/)
-1. [PGS](https://www.pgs.com)
-1. [Pigment](https://www.gopigment.com/)
-1. [Pipedrive](https://www.pipedrive.com/)
 1. [Pipefy](https://www.pipefy.com/)
-1. [Pipekit](https://pipekit.io/)
-1. [Pismo](https://pismo.io/)
-1. [PITS Globale Datenrettungsdienste](https://www.pitsdatenrettung.de/)
-1. [Platform9 Systems](https://platform9.com/)
 1. [Polarpoint.io](https://polarpoint.io)
-1. [Pollinate](https://www.pollinate.global)
-1. [PostFinance](https://github.com/postfinance)
 1. [Preferred Networks](https://preferred.jp/en/)
-1. [Previder BV](https://previder.nl)
-1. [Priceline](https://priceline.com)
-1. [Procore](https://www.procore.com)
-1. [Productboard](https://www.productboard.com/)
 1. [Prudential](https://prudential.com.sg)
-1. [PT Boer Technology (Btech)](https://btech.id/)
 1. [PUBG](https://www.pubg.com)
-1. [Puzzle ITC](https://www.puzzle.ch/)
-1. [Pvotal Technologies](https://pvotal.tech/)
 1. [Qonto](https://qonto.com)
 1. [QuintoAndar](https://quintoandar.com.br)
 1. [Quipper](https://www.quipper.com/)
-1. [RapidAPI](https://www.rapidapi.com/)
-1. [rebuy](https://www.rebuy.de/)
+1. [Recreation.gov](https://www.recreation.gov/)
 1. [Red Hat](https://www.redhat.com/)
-1. [Redpill Linpro](https://www.redpill-linpro.com/)
-1. [Reenigne Cloud](https://reenigne.ca)
-1. [reev.com](https://www.reev.com/)
-1. [Relex Solutions](https://www.relexsolutions.com/)
-1. [RightRev](https://rightrev.com/)
-1. [Rijkswaterstaat](https://www.rijkswaterstaat.nl/en)
-1. Rise
-1. [RISK IDENT](https://riskident.com/)
 1. [Riskified](https://www.riskified.com/)
 1. [Robotinfra](https://www.robotinfra.com)
-1. [Rocket.Chat](https://rocket.chat)
-1. [Rogo](https://rogodata.com)
-1. [Rubin Observatory](https://www.lsst.org)
 1. [Saildrone](https://www.saildrone.com/)
-1. [Salad Technologies](https://salad.com/)
 1. [Saloodo! GmbH](https://www.saloodo.com)
-1. [Sap Labs](http://sap.com)
-1. [SAP Signavio](https://www.signavio.com)
-1. [Sauce Labs](https://saucelabs.com/)
-1. [Schneider Electric](https://www.se.com)
 1. [Schwarz IT](https://jobs.schwarz/it-mission)
-1. [SCRM Lidl International Hub](https://scrm.lidl)
-1. [SEEK](https://seek.com.au)
-1. [SEKAI](https://www.sekai.io/)
-1. [Semgrep](https://semgrep.com)
-1. [Seznam.cz](https://o-seznam.cz/)
-1. [Shield](https://shield.com)
-1. [Shipfox](https://www.shipfox.io)
-1. [Shock Media](https://www.shockmedia.nl)
-1. [SI Analytics](https://si-analytics.ai)
-1. [Sidewalk Entertainment](https://sidewalkplay.com/)
-1. [Skit](https://skit.ai/)
-1. [Skribble](https://skribble.com)
-1. [Skyscanner](https://www.skyscanner.net/)
-1. [Smart Pension](https://www.smartpension.co.uk/)
-1. [Smilee.io](https://smilee.io)
-1. [Smilegate Stove](https://www.onstove.com/)
-1. [Smood.ch](https://www.smood.ch/)
-1. [Snapp](https://snapp.ir/)
 1. [Snyk](https://snyk.io/)
-1. [Softway Medical](https://www.softwaymedical.fr/)
-1. [Sophotech](https://sopho.tech)
-1. [South China Morning Post (SCMP)](https://www.scmp.com/)
 1. [Speee](https://speee.jp/)
 1. [Spendesk](https://spendesk.com/)
-1. [Splunk](https://splunk.com/)
-1. [Spores Labs](https://spores.app)
-1. [Statsig](https://statsig.com)
-1. [SternumIOT](https://sternumiot.com)
-1. [StreamNative](https://streamnative.io)
-1. [Stuart](https://stuart.com/)
 1. [Sumo Logic](https://sumologic.com/)
 1. [Sutpc](http://www.sutpc.com/)
-1. [Swiss Post](https://github.com/swisspost)
-1. [Swissblock Technologies](https://swissblock.net/)
 1. [Swisscom](https://www.swisscom.ch)
 1. [Swissquote](https://github.com/swissquote)
 1. [Syncier](https://syncier.com/)
-1. [Synergy](https://synergy.net.au)
-1. [Syself](https://syself.com)
-1. [T-ROC Global](https://trocglobal.com/)
 1. [TableCheck](https://tablecheck.com/)
 1. [Tailor Brands](https://www.tailorbrands.com)
-1. [Tamkeen Technologies](https://tamkeentech.sa/)
-1. [TBC Bank](https://tbcbank.ge/)
-1. [Techcombank](https://www.techcombank.com.vn/trang-chu)
-1. [Technacy](https://www.technacy.it/)
-1. [Telavita](https://www.telavita.com.br/)
 1. [Tesla](https://tesla.com/)
-1. [TextNow](https://www.textnow.com/)
-1. [The Scale Factory](https://www.scalefactory.com/)
 1. [ThousandEyes](https://www.thousandeyes.com/)
 1. [Ticketmaster](https://ticketmaster.com)
 1. [Tiger Analytics](https://www.tigeranalytics.com/)
 1. [Tigera](https://www.tigera.io/)
-1. [Topicus.Education](https://topicus.nl/en/sectors/education)
 1. [Toss](https://toss.im/en)
-1. [Trendyol](https://www.trendyol.com/)
 1. [tru.ID](https://tru.id)
-1. [Trusting Social](https://trustingsocial.com/)
-1. [Twilio Segment](https://segment.com/)
 1. [Twilio SendGrid](https://sendgrid.com)
 1. [tZERO](https://www.tzero.com/)
-1. [U.S. Veterans Affairs Department](https://www.va.gov/)
+1. [ungleich.ch](https://ungleich.ch/)
 1. [UBIO](https://ub.io/)
 1. [UFirstGroup](https://www.ufirstgroup.com/en/)
-1. [ungleich.ch](https://ungleich.ch/)
-1. [Unifonic Inc](https://www.unifonic.com/)
 1. [Universidad Mesoamericana](https://www.umes.edu.gt/)
-1. [Upsider Inc.](https://up-sider.com/lp/)
-1. [Urbantz](https://urbantz.com/)
-1. [Vectra](https://www.vectra.ai)
-1. [Veepee](https://www.veepee.com)
-1. [Verkada](https://www.verkada.com)
 1. [Viaduct](https://www.viaduct.ai/)
-1. [VietMoney](https://vietmoney.vn/)
-1. [Vinted](https://vinted.com/)
 1. [Virtuo](https://www.govirtuo.com/)
 1. [VISITS Technologies](https://visits.world/en)
-1. [Viya](https://viya.me)
 1. [Volvo Cars](https://www.volvocars.com/)
-1. [Voyager Digital](https://www.investvoyager.com/)
 1. [VSHN - The DevOps Company](https://vshn.ch/)
-1. [Wakacje.pl](https://www.wakacje.pl/)
 1. [Walkbase](https://www.walkbase.com/)
-1. [Webstores](https://www.webstores.nl)
 1. [Wehkamp](https://www.wehkamp.nl/)
-1. [WeMaintain](https://www.wemaintain.com/)
 1. [WeMo Scooter](https://www.wemoscooter.com/)
+1. [Webstores](https://www.webstores.nl)
 1. [Whitehat Berlin](https://whitehat.berlin) by Guido Maria Serra +Fenaroli
 1. [Witick](https://witick.io/)
-1. [Wolffun Game](https://www.wolffungame.com/)
 1. [WooliesX](https://wooliesx.com.au/)
 1. [Woolworths Group](https://www.woolworthsgroup.com.au/)
 1. [WSpot](https://www.wspot.com.br/)
-1. [X3M ads](https://x3mads.com)
 1. [Yieldlab](https://www.yieldlab.de/)
-1. [Youverify](https://youverify.co/)
-1. [Yubo](https://www.yubo.live/)
-1. [Yuno](https://y.uno/)
-1. [ZDF](https://www.zdf.de/)
 1. [Zimpler](https://www.zimpler.com/)
-1. [ZipRecruiter](https://www.ziprecruiter.com/)
-1. [ZOZO](https://corp.zozo.com/)
+1. [Sap Labs](http://sap.com)
+1. [Smilee.io](https://smilee.io)
+1. [Metanet](http://www.metanet.co.kr/en/)
+1. [Unifonic Inc](https://www.unifonic.com/)
+1. [Tamkeen Technologies](https://tamkeentech.sa/)
+1. [Kaltura](https://corp.kaltura.com/)
+1. [Boticario](https://www.boticario.com.br/)
+1. [Beleza Na Web](https://www.belezanaweb.com.br/)
+1. [MariaDB](https://mariadb.com)
+1. [Lightricks](https://www.lightricks.com/)
+1. [RightRev](https://rightrev.com/)
+1. [MeDirect](https://medirect.com.mt/)
+1. [Snapp](https://snapp.ir/)
+1. [Technacy](https://www.technacy.it/)
+1. [freee](https://corp.freee.co.jp/en/company/)
+1. [Youverify](https://youverify.co/)
+1. [Keeeb](https://www.keeeb.com/)
+1. [p3r](https://www.p3r.one/)
+1. [Faro](https://www.faro.com/)
+1. [Rise](https://www.risecard.eu/)

VERSION

@@ -1 +1 @@
-3.4.0
+2.2.9

applicationset/controllers/clustereventhandler.go

@@ -1,171 +0,0 @@
-package controllers
-
-import (
-	"context"
-	"fmt"
-
-	"sigs.k8s.io/controller-runtime/pkg/reconcile"
-
-	log "github.com/sirupsen/logrus"
-
-	"k8s.io/apimachinery/pkg/types"
-	"k8s.io/client-go/util/workqueue"
-	ctrl "sigs.k8s.io/controller-runtime"
-	"sigs.k8s.io/controller-runtime/pkg/client"
-	"sigs.k8s.io/controller-runtime/pkg/event"
-
-	"github.com/argoproj/argo-cd/v3/applicationset/utils"
-	"github.com/argoproj/argo-cd/v3/common"
-	argoprojiov1alpha1 "github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1"
-)
-
-// clusterSecretEventHandler is used when watching Secrets to check if they are ArgoCD Cluster Secrets, and if so
-// requeue any related ApplicationSets.
-type clusterSecretEventHandler struct {
-	// handler.EnqueueRequestForOwner
-	Log                      log.FieldLogger
-	Client                   client.Client
-	ApplicationSetNamespaces []string
-}
-
-func (h *clusterSecretEventHandler) Create(ctx context.Context, e event.CreateEvent, q workqueue.TypedRateLimitingInterface[reconcile.Request]) {
-	h.queueRelatedAppGenerators(ctx, q, e.Object)
-}
-
-func (h *clusterSecretEventHandler) Update(ctx context.Context, e event.UpdateEvent, q workqueue.TypedRateLimitingInterface[reconcile.Request]) {
-	h.queueRelatedAppGenerators(ctx, q, e.ObjectNew)
-}
-
-func (h *clusterSecretEventHandler) Delete(ctx context.Context, e event.DeleteEvent, q workqueue.TypedRateLimitingInterface[reconcile.Request]) {
-	h.queueRelatedAppGenerators(ctx, q, e.Object)
-}
-
-func (h *clusterSecretEventHandler) Generic(ctx context.Context, e event.GenericEvent, q workqueue.TypedRateLimitingInterface[reconcile.Request]) {
-	h.queueRelatedAppGenerators(ctx, q, e.Object)
-}
-
-// addRateLimitingInterface defines the Add method of workqueue.RateLimitingInterface, allow us to easily mock
-// it for testing purposes.
-type addRateLimitingInterface[T comparable] interface {
-	Add(item T)
-}
-
-func (h *clusterSecretEventHandler) queueRelatedAppGenerators(ctx context.Context, q addRateLimitingInterface[reconcile.Request], object client.Object) {
-	// Check for label, lookup all ApplicationSets that might match the cluster, queue them all
-	if object.GetLabels()[common.LabelKeySecretType] != common.LabelValueSecretTypeCluster {
-		return
-	}
-
-	h.Log.WithFields(log.Fields{
-		"namespace": object.GetNamespace(),
-		"name":      object.GetName(),
-	}).Info("processing event for cluster secret")
-
-	appSetList := &argoprojiov1alpha1.ApplicationSetList{}
-	err := h.Client.List(ctx, appSetList)
-	if err != nil {
-		h.Log.WithError(err).Error("unable to list ApplicationSets")
-		return
-	}
-
-	h.Log.WithField("count", len(appSetList.Items)).Info("listed ApplicationSets")
-	for _, appSet := range appSetList.Items {
-		if !utils.IsNamespaceAllowed(h.ApplicationSetNamespaces, appSet.GetNamespace()) {
-			// Ignore it as not part of the allowed list of namespaces in which to watch Appsets
-			continue
-		}
-		foundClusterGenerator := false
-		for _, generator := range appSet.Spec.Generators {
-			if generator.Clusters != nil {
-				foundClusterGenerator = true
-				break
-			}
-
-			if generator.Matrix != nil {
-				ok, err := nestedGeneratorsHaveClusterGenerator(generator.Matrix.Generators)
-				if err != nil {
-					h.Log.
-						WithFields(log.Fields{
-							"namespace": appSet.GetNamespace(),
-							"name":      appSet.GetName(),
-						}).
-						WithError(err).
-						Error("Unable to check if ApplicationSet matrix generators have cluster generator")
-				}
-				if ok {
-					foundClusterGenerator = true
-					break
-				}
-			}
-
-			if generator.Merge != nil {
-				ok, err := nestedGeneratorsHaveClusterGenerator(generator.Merge.Generators)
-				if err != nil {
-					h.Log.
-						WithFields(log.Fields{
-							"namespace": appSet.GetNamespace(),
-							"name":      appSet.GetName(),
-						}).
-						WithError(err).
-						Error("Unable to check if ApplicationSet merge generators have cluster generator")
-				}
-				if ok {
-					foundClusterGenerator = true
-					break
-				}
-			}
-		}
-		if foundClusterGenerator {
-			// TODO: only queue the AppGenerator if the labels match this cluster
-			req := ctrl.Request{NamespacedName: types.NamespacedName{Namespace: appSet.Namespace, Name: appSet.Name}}
-			q.Add(req)
-		}
-	}
-}
-
-// nestedGeneratorsHaveClusterGenerator iterate over provided nested generators to check if they have a cluster generator.
-func nestedGeneratorsHaveClusterGenerator(generators []argoprojiov1alpha1.ApplicationSetNestedGenerator) (bool, error) {
-	for _, generator := range generators {
-		if ok, err := nestedGeneratorHasClusterGenerator(generator); ok || err != nil {
-			return ok, err
-		}
-	}
-	return false, nil
-}
-
-// nestedGeneratorHasClusterGenerator checks if the provided generator has a cluster generator.
-func nestedGeneratorHasClusterGenerator(nested argoprojiov1alpha1.ApplicationSetNestedGenerator) (bool, error) {
-	if nested.Clusters != nil {
-		return true, nil
-	}
-
-	if nested.Matrix != nil {
-		nestedMatrix, err := argoprojiov1alpha1.ToNestedMatrixGenerator(nested.Matrix)
-		if err != nil {
-			return false, fmt.Errorf("unable to get nested matrix generator: %w", err)
-		}
-		if nestedMatrix != nil {
-			hasClusterGenerator, err := nestedGeneratorsHaveClusterGenerator(nestedMatrix.ToMatrixGenerator().Generators)
-			if err != nil {
-				return false, fmt.Errorf("error evaluating nested matrix generator: %w", err)
-			}
-			return hasClusterGenerator, nil
-		}
-	}
-
-	if nested.Merge != nil {
-		nestedMerge, err := argoprojiov1alpha1.ToNestedMergeGenerator(nested.Merge)
-		if err != nil {
-			return false, fmt.Errorf("unable to get nested merge generator: %w", err)
-		}
-		if nestedMerge != nil {
-			hasClusterGenerator, err := nestedGeneratorsHaveClusterGenerator(nestedMerge.ToMergeGenerator().Generators)
-			if err != nil {
-				return false, fmt.Errorf("error evaluating nested merge generator: %w", err)
-			}
-			return hasClusterGenerator, nil
-		}
-	}
-
-	return false, nil
-}

applicationset/controllers/clustereventhandler_test.go

@@ -1,660 +0,0 @@
-package controllers
-
-import (
-	"testing"
-
-	argocommon "github.com/argoproj/argo-cd/v3/common"
-
-	log "github.com/sirupsen/logrus"
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-	corev1 "k8s.io/api/core/v1"
-	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/apimachinery/pkg/runtime"
-	"k8s.io/apimachinery/pkg/types"
-	ctrl "sigs.k8s.io/controller-runtime"
-	"sigs.k8s.io/controller-runtime/pkg/client/fake"
-	"sigs.k8s.io/controller-runtime/pkg/reconcile"
-
-	argov1alpha1 "github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1"
-)
-
-type mockAddRateLimitingInterface struct {
-	addedItems []reconcile.Request
-}
-
-// Add checks the type, and adds it to the internal list of received additions
-func (obj *mockAddRateLimitingInterface) Add(item reconcile.Request) {
-	obj.addedItems = append(obj.addedItems, item)
-}
-
-func TestClusterEventHandler(t *testing.T) {
-	scheme := runtime.NewScheme()
-	err := argov1alpha1.AddToScheme(scheme)
-	require.NoError(t, err)
-
-	err = argov1alpha1.AddToScheme(scheme)
-	require.NoError(t, err)
-
-	tests := []struct {
-		name             string
-		items            []argov1alpha1.ApplicationSet
-		secret           corev1.Secret
-		expectedRequests []ctrl.Request
-	}{
-		{
-			name:  "no application sets should mean no requests",
-			items: []argov1alpha1.ApplicationSet{},
-			secret: corev1.Secret{
-				ObjectMeta: metav1.ObjectMeta{
-					Namespace: "argocd",
-					Name:      "my-secret",
-					Labels: map[string]string{
-						argocommon.LabelKeySecretType: argocommon.LabelValueSecretTypeCluster,
-					},
-				},
-			},
-			expectedRequests: []reconcile.Request{},
-		},
-		{
-			name: "a cluster generator should produce a request",
-			items: []argov1alpha1.ApplicationSet{
-				{
-					ObjectMeta: metav1.ObjectMeta{
-						Name:      "my-app-set",
-						Namespace: "argocd",
-					},
-					Spec: argov1alpha1.ApplicationSetSpec{
-						Generators: []argov1alpha1.ApplicationSetGenerator{
-							{
-								Clusters: &argov1alpha1.ClusterGenerator{},
-							},
-						},
-					},
-				},
-			},
-			secret: corev1.Secret{
-				ObjectMeta: metav1.ObjectMeta{
-					Namespace: "argocd",
-					Name:      "my-secret",
-					Labels: map[string]string{
-						argocommon.LabelKeySecretType: argocommon.LabelValueSecretTypeCluster,
-					},
-				},
-			},
-			expectedRequests: []reconcile.Request{{
-				NamespacedName: types.NamespacedName{Namespace: "argocd", Name: "my-app-set"},
-			}},
-		},
-		{
-			name: "multiple cluster generators should produce multiple requests",
-			items: []argov1alpha1.ApplicationSet{
-				{
-					ObjectMeta: metav1.ObjectMeta{
-						Name:      "my-app-set",
-						Namespace: "argocd",
-					},
-					Spec: argov1alpha1.ApplicationSetSpec{
-						Generators: []argov1alpha1.ApplicationSetGenerator{
-							{
-								Clusters: &argov1alpha1.ClusterGenerator{},
-							},
-						},
-					},
-				},
-				{
-					ObjectMeta: metav1.ObjectMeta{
-						Name:      "my-app-set2",
-						Namespace: "argocd",
-					},
-					Spec: argov1alpha1.ApplicationSetSpec{
-						Generators: []argov1alpha1.ApplicationSetGenerator{
-							{
-								Clusters: &argov1alpha1.ClusterGenerator{},
-							},
-						},
-					},
-				},
-			},
-			secret: corev1.Secret{
-				ObjectMeta: metav1.ObjectMeta{
-					Namespace: "argocd",
-					Name:      "my-secret",
-					Labels: map[string]string{
-						argocommon.LabelKeySecretType: argocommon.LabelValueSecretTypeCluster,
-					},
-				},
-			},
-			expectedRequests: []reconcile.Request{
-				{NamespacedName: types.NamespacedName{Namespace: "argocd", Name: "my-app-set"}},
-				{NamespacedName: types.NamespacedName{Namespace: "argocd", Name: "my-app-set2"}},
-			},
-		},
-		{
-			name: "non-cluster generator should not match",
-			items: []argov1alpha1.ApplicationSet{
-				{
-					ObjectMeta: metav1.ObjectMeta{
-						Name:      "my-app-set",
-						Namespace: "argocd",
-					},
-					Spec: argov1alpha1.ApplicationSetSpec{
-						Generators: []argov1alpha1.ApplicationSetGenerator{
-							{
-								Clusters: &argov1alpha1.ClusterGenerator{},
-							},
-						},
-					},
-				},
-				{
-					ObjectMeta: metav1.ObjectMeta{
-						Name:      "app-set-non-cluster",
-						Namespace: "argocd",
-					},
-					Spec: argov1alpha1.ApplicationSetSpec{
-						Generators: []argov1alpha1.ApplicationSetGenerator{
-							{
-								List: &argov1alpha1.ListGenerator{},
-							},
-						},
-					},
-				},
-			},
-			secret: corev1.Secret{
-				ObjectMeta: metav1.ObjectMeta{
-					Namespace: "argocd",
-					Name:      "my-secret",
-					Labels: map[string]string{
-						argocommon.LabelKeySecretType: argocommon.LabelValueSecretTypeCluster,
-					},
-				},
-			},
-			expectedRequests: []reconcile.Request{
-				{NamespacedName: types.NamespacedName{Namespace: "argocd", Name: "my-app-set"}},
-			},
-		},
-		{
-			name: "cluster generators in other namespaces should not match",
-			items: []argov1alpha1.ApplicationSet{
-				{
-					ObjectMeta: metav1.ObjectMeta{
-						Name:      "my-app-set",
-						Namespace: "my-namespace-not-allowed",
-					},
-					Spec: argov1alpha1.ApplicationSetSpec{
-						Generators: []argov1alpha1.ApplicationSetGenerator{
-							{
-								Clusters: &argov1alpha1.ClusterGenerator{},
-							},
-						},
-					},
-				},
-			},
-			secret: corev1.Secret{
-				ObjectMeta: metav1.ObjectMeta{
-					Namespace: "argocd",
-					Name:      "my-secret",
-					Labels: map[string]string{
-						argocommon.LabelKeySecretType: argocommon.LabelValueSecretTypeCluster,
-					},
-				},
-			},
-			expectedRequests: []reconcile.Request{},
-		},
-		{
-			name: "non-argo cd secret should not match",
-			items: []argov1alpha1.ApplicationSet{
-				{
-					ObjectMeta: metav1.ObjectMeta{
-						Name:      "my-app-set",
-						Namespace: "another-namespace",
-					},
-					Spec: argov1alpha1.ApplicationSetSpec{
-						Generators: []argov1alpha1.ApplicationSetGenerator{
-							{
-								Clusters: &argov1alpha1.ClusterGenerator{},
-							},
-						},
-					},
-				},
-			},
-			secret: corev1.Secret{
-				ObjectMeta: metav1.ObjectMeta{
-					Namespace: "argocd",
-					Name:      "my-non-argocd-secret",
-				},
-			},
-			expectedRequests: []reconcile.Request{},
-		},
-		{
-			name: "a matrix generator with a cluster generator should produce a request",
-			items: []argov1alpha1.ApplicationSet{
-				{
-					ObjectMeta: metav1.ObjectMeta{
-						Name:      "my-app-set",
-						Namespace: "argocd",
-					},
-					Spec: argov1alpha1.ApplicationSetSpec{
-						Generators: []argov1alpha1.ApplicationSetGenerator{
-							{
-								Matrix: &argov1alpha1.MatrixGenerator{
-									Generators: []argov1alpha1.ApplicationSetNestedGenerator{
-										{
-											Clusters: &argov1alpha1.ClusterGenerator{},
-										},
-									},
-								},
-							},
-						},
-					},
-				},
-			},
-			secret: corev1.Secret{
-				ObjectMeta: metav1.ObjectMeta{
-					Namespace: "argocd",
-					Name:      "my-secret",
-					Labels: map[string]string{
-						argocommon.LabelKeySecretType: argocommon.LabelValueSecretTypeCluster,
-					},
-				},
-			},
-			expectedRequests: []reconcile.Request{{
-				NamespacedName: types.NamespacedName{Namespace: "argocd", Name: "my-app-set"},
-			}},
-		},
-		{
-			name: "a matrix generator with non cluster generator should not match",
-			items: []argov1alpha1.ApplicationSet{
-				{
-					ObjectMeta: metav1.ObjectMeta{
-						Name:      "my-app-set",
-						Namespace: "argocd",
-					},
-					Spec: argov1alpha1.ApplicationSetSpec{
-						Generators: []argov1alpha1.ApplicationSetGenerator{
-							{
-								Matrix: &argov1alpha1.MatrixGenerator{
-									Generators: []argov1alpha1.ApplicationSetNestedGenerator{
-										{
-											List: &argov1alpha1.ListGenerator{},
-										},
-									},
-								},
-							},
-						},
-					},
-				},
-			},
-			secret: corev1.Secret{
-				ObjectMeta: metav1.ObjectMeta{
-					Namespace: "argocd",
-					Name:      "my-secret",
-					Labels: map[string]string{
-						argocommon.LabelKeySecretType: argocommon.LabelValueSecretTypeCluster,
-					},
-				},
-			},
-			expectedRequests: []reconcile.Request{},
-		},
-		{
-			name: "a matrix generator with a nested matrix generator containing a cluster generator should produce a request",
-			items: []argov1alpha1.ApplicationSet{
-				{
-					ObjectMeta: metav1.ObjectMeta{
-						Name:      "my-app-set",
-						Namespace: "argocd",
-					},
-					Spec: argov1alpha1.ApplicationSetSpec{
-						Generators: []argov1alpha1.ApplicationSetGenerator{
-							{
-								Matrix: &argov1alpha1.MatrixGenerator{
-									Generators: []argov1alpha1.ApplicationSetNestedGenerator{
-										{
-											Matrix: &apiextensionsv1.JSON{
-												Raw: []byte(
-													`{
-														"generators": [
-														  {
-															"clusters": {
-															  "selector": {
-																"matchLabels": {
-																  "argocd.argoproj.io/secret-type": "cluster"
-																}
-															  }
-															}
-														  }
-														]
-													  }`,
-												),
-											},
-										},
-									},
-								},
-							},
-						},
-					},
-				},
-			},
-			secret: corev1.Secret{
-				ObjectMeta: metav1.ObjectMeta{
-					Namespace: "argocd",
-					Name:      "my-secret",
-					Labels: map[string]string{
-						argocommon.LabelKeySecretType: argocommon.LabelValueSecretTypeCluster,
-					},
-				},
-			},
-			expectedRequests: []reconcile.Request{{
-				NamespacedName: types.NamespacedName{Namespace: "argocd", Name: "my-app-set"},
-			}},
-		},
-		{
-			name: "a matrix generator with a nested matrix generator containing non cluster generator should not match",
-			items: []argov1alpha1.ApplicationSet{
-				{
-					ObjectMeta: metav1.ObjectMeta{
-						Name:      "my-app-set",
-						Namespace: "argocd",
-					},
-					Spec: argov1alpha1.ApplicationSetSpec{
-						Generators: []argov1alpha1.ApplicationSetGenerator{
-							{
-								Matrix: &argov1alpha1.MatrixGenerator{
-									Generators: []argov1alpha1.ApplicationSetNestedGenerator{
-										{
-											Matrix: &apiextensionsv1.JSON{
-												Raw: []byte(
-													`{
-														"generators": [
-														  {
-															"list": {
-															  "elements": [
-																"a",
-																"b"
-															  ]
-															}
-														  }
-														]
-													  }`,
-												),
-											},
-										},
-									},
-								},
-							},
-						},
-					},
-				},
-			},
-			secret: corev1.Secret{
-				ObjectMeta: metav1.ObjectMeta{
-					Namespace: "argocd",
-					Name:      "my-secret",
-					Labels: map[string]string{
-						argocommon.LabelKeySecretType: argocommon.LabelValueSecretTypeCluster,
-					},
-				},
-			},
-			expectedRequests: []reconcile.Request{},
-		},
-		{
-			name: "a merge generator with a cluster generator should produce a request",
-			items: []argov1alpha1.ApplicationSet{
-				{
-					ObjectMeta: metav1.ObjectMeta{
-						Name:      "my-app-set",
-						Namespace: "argocd",
-					},
-					Spec: argov1alpha1.ApplicationSetSpec{
-						Generators: []argov1alpha1.ApplicationSetGenerator{
-							{
-								Merge: &argov1alpha1.MergeGenerator{
-									Generators: []argov1alpha1.ApplicationSetNestedGenerator{
-										{
-											Clusters: &argov1alpha1.ClusterGenerator{},
-										},
-									},
-								},
-							},
-						},
-					},
-				},
-			},
-			secret: corev1.Secret{
-				ObjectMeta: metav1.ObjectMeta{
-					Namespace: "argocd",
-					Name:      "my-secret",
-					Labels: map[string]string{
-						argocommon.LabelKeySecretType: argocommon.LabelValueSecretTypeCluster,
-					},
-				},
-			},
-			expectedRequests: []reconcile.Request{{
-				NamespacedName: types.NamespacedName{Namespace: "argocd", Name: "my-app-set"},
-			}},
-		},
-		{
-			name: "a matrix generator with non cluster generator should not match",
-			items: []argov1alpha1.ApplicationSet{
-				{
-					ObjectMeta: metav1.ObjectMeta{
-						Name:      "my-app-set",
-						Namespace: "argocd",
-					},
-					Spec: argov1alpha1.ApplicationSetSpec{
-						Generators: []argov1alpha1.ApplicationSetGenerator{
-							{
-								Merge: &argov1alpha1.MergeGenerator{
-									Generators: []argov1alpha1.ApplicationSetNestedGenerator{
-										{
-											List: &argov1alpha1.ListGenerator{},
-										},
-									},
-								},
-							},
-						},
-					},
-				},
-			},
-			secret: corev1.Secret{
-				ObjectMeta: metav1.ObjectMeta{
-					Namespace: "argocd",
-					Name:      "my-secret",
-					Labels: map[string]string{
-						argocommon.LabelKeySecretType: argocommon.LabelValueSecretTypeCluster,
-					},
-				},
-			},
-			expectedRequests: []reconcile.Request{},
-		},
-		{
-			name: "a merge generator with a nested merge generator containing a cluster generator should produce a request",
-			items: []argov1alpha1.ApplicationSet{
-				{
-					ObjectMeta: metav1.ObjectMeta{
-						Name:      "my-app-set",
-						Namespace: "argocd",
-					},
-					Spec: argov1alpha1.ApplicationSetSpec{
-						Generators: []argov1alpha1.ApplicationSetGenerator{
-							{
-								Merge: &argov1alpha1.MergeGenerator{
-									Generators: []argov1alpha1.ApplicationSetNestedGenerator{
-										{
-											Merge: &apiextensionsv1.JSON{
-												Raw: []byte(
-													`{
-														"generators": [
-														  {
-															"clusters": {
-															  "selector": {
-																"matchLabels": {
-																  "argocd.argoproj.io/secret-type": "cluster"
-																}
-															  }
-															}
-														  }
-														]
-													  }`,
-												),
-											},
-										},
-									},
-								},
-							},
-						},
-					},
-				},
-			},
-			secret: corev1.Secret{
-				ObjectMeta: metav1.ObjectMeta{
-					Namespace: "argocd",
-					Name:      "my-secret",
-					Labels: map[string]string{
-						argocommon.LabelKeySecretType: argocommon.LabelValueSecretTypeCluster,
-					},
-				},
-			},
-			expectedRequests: []reconcile.Request{{
-				NamespacedName: types.NamespacedName{Namespace: "argocd", Name: "my-app-set"},
-			}},
-		},
-		{
-			name: "a merge generator with a nested merge generator containing non cluster generator should not match",
-			items: []argov1alpha1.ApplicationSet{
-				{
-					ObjectMeta: metav1.ObjectMeta{
-						Name:      "my-app-set",
-						Namespace: "argocd",
-					},
-					Spec: argov1alpha1.ApplicationSetSpec{
-						Generators: []argov1alpha1.ApplicationSetGenerator{
-							{
-								Merge: &argov1alpha1.MergeGenerator{
-									Generators: []argov1alpha1.ApplicationSetNestedGenerator{
-										{
-											Merge: &apiextensionsv1.JSON{
-												Raw: []byte(
-													`{
-														"generators": [
-														  {
-															"list": {
-															  "elements": [
-																"a",
-																"b"
-															  ]
-															}
-														  }
-														]
-													  }`,
-												),
-											},
-										},
-									},
-								},
-							},
-						},
-					},
-				},
-			},
-			secret: corev1.Secret{
-				ObjectMeta: metav1.ObjectMeta{
-					Namespace: "argocd",
-					Name:      "my-secret",
-					Labels: map[string]string{
-						argocommon.LabelKeySecretType: argocommon.LabelValueSecretTypeCluster,
-					},
-				},
-			},
-			expectedRequests: []reconcile.Request{},
-		},
-	}
-
-	for _, test := range tests {
-		t.Run(test.name, func(t *testing.T) {
-			appSetList := argov1alpha1.ApplicationSetList{
-				Items: test.items,
-			}
-
-			fakeClient := fake.NewClientBuilder().WithScheme(scheme).WithLists(&appSetList).Build()
-
-			handler := &clusterSecretEventHandler{
-				Client:                   fakeClient,
-				Log:                      log.WithField("type", "createSecretEventHandler"),
-				ApplicationSetNamespaces: []string{"argocd"},
-			}
-
-			mockAddRateLimitingInterface := mockAddRateLimitingInterface{}
-
-			handler.queueRelatedAppGenerators(t.Context(), &mockAddRateLimitingInterface, &test.secret)
-
-			assert.ElementsMatch(t, mockAddRateLimitingInterface.addedItems, test.expectedRequests)
-		})
-	}
-}
-
-func TestNestedGeneratorHasClusterGenerator_NestedClusterGenerator(t *testing.T) {
-	nested := argov1alpha1.ApplicationSetNestedGenerator{
-		Clusters: &argov1alpha1.ClusterGenerator{},
-	}
-
-	hasClusterGenerator, err := nestedGeneratorHasClusterGenerator(nested)
-
-	require.NoError(t, err)
-	assert.True(t, hasClusterGenerator)
-}
-
-func TestNestedGeneratorHasClusterGenerator_NestedMergeGenerator(t *testing.T) {
-	nested := argov1alpha1.ApplicationSetNestedGenerator{
-		Merge: &apiextensionsv1.JSON{
-			Raw: []byte(
-				`{
-					"generators": [
-					  {
-						"clusters": {
-						  "selector": {
-							"matchLabels": {
-							  "argocd.argoproj.io/secret-type": "cluster"
-							}
-						  }
-						}
-					  }
-					]
-				  }`,
-			),
-		},
-	}
-
-	hasClusterGenerator, err := nestedGeneratorHasClusterGenerator(nested)
-
-	require.NoError(t, err)
-	assert.True(t, hasClusterGenerator)
-}
-
-func TestNestedGeneratorHasClusterGenerator_NestedMergeGeneratorWithInvalidJSON(t *testing.T) {
-	nested := argov1alpha1.ApplicationSetNestedGenerator{
-		Merge: &apiextensionsv1.JSON{
-			Raw: []byte(
-				`{
-					"generators": [
-					  {
-						"clusters": {
-						  "selector": {
-							"matchLabels": {
-							  "argocd.argoproj.io/secret-type": "cluster"
-							}
-						  }
-						}
-					  }
-					]
-				  `,
-			),
-		},
-	}
-
-	hasClusterGenerator, err := nestedGeneratorHasClusterGenerator(nested)
-
-	require.Error(t, err)
-	assert.False(t, hasClusterGenerator)
-}

applicationset/controllers/requeue_after_test.go

@@ -1,215 +0,0 @@
-package controllers
-
-import (
-	"testing"
-	"time"
-
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-	corev1 "k8s.io/api/core/v1"
-	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
-	"k8s.io/apimachinery/pkg/runtime"
-	"k8s.io/apimachinery/pkg/runtime/schema"
-	dynfake "k8s.io/client-go/dynamic/fake"
-	kubefake "k8s.io/client-go/kubernetes/fake"
-	"k8s.io/client-go/tools/record"
-	"sigs.k8s.io/controller-runtime/pkg/client/fake"
-
-	"github.com/argoproj/argo-cd/v3/applicationset/generators"
-	appsetmetrics "github.com/argoproj/argo-cd/v3/applicationset/metrics"
-	"github.com/argoproj/argo-cd/v3/applicationset/services/mocks"
-	argov1alpha1 "github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1"
-	"github.com/argoproj/argo-cd/v3/util/settings"
-)
-
-func TestRequeueAfter(t *testing.T) {
-	mockServer := &mocks.Repos{}
-	ctx := t.Context()
-	scheme := runtime.NewScheme()
-	err := argov1alpha1.AddToScheme(scheme)
-	require.NoError(t, err)
-	gvrToListKind := map[schema.GroupVersionResource]string{{
-		Group:    "mallard.io",
-		Version:  "v1",
-		Resource: "ducks",
-	}: "DuckList"}
-	appClientset := kubefake.NewSimpleClientset()
-	k8sClient := fake.NewClientBuilder().Build()
-	duckType := &unstructured.Unstructured{
-		Object: map[string]any{
-			"apiVersion": "v2quack",
-			"kind":       "Duck",
-			"metadata": map[string]any{
-				"name":      "mightyduck",
-				"namespace": "namespace",
-				"labels":    map[string]any{"duck": "all-species"},
-			},
-			"status": map[string]any{
-				"decisions": []any{
-					map[string]any{
-						"clusterName": "staging-01",
-					},
-					map[string]any{
-						"clusterName": "production-01",
-					},
-				},
-			},
-		},
-	}
-	fakeDynClient := dynfake.NewSimpleDynamicClientWithCustomListKinds(runtime.NewScheme(), gvrToListKind, duckType)
-	scmConfig := generators.NewSCMConfig("", []string{""}, true, true, nil, true)
-	clusterInformer, err := settings.NewClusterInformer(appClientset, "argocd")
-	require.NoError(t, err)
-
-	defer startAndSyncInformer(t, clusterInformer)()
-
-	terminalGenerators := map[string]generators.Generator{
-		"List":                    generators.NewListGenerator(),
-		"Clusters":                generators.NewClusterGenerator(k8sClient, "argocd"),
-		"Git":                     generators.NewGitGenerator(mockServer, "namespace"),
-		"SCMProvider":             generators.NewSCMProviderGenerator(fake.NewClientBuilder().WithObjects(&corev1.Secret{}).Build(), scmConfig),
-		"ClusterDecisionResource": generators.NewDuckTypeGenerator(ctx, fakeDynClient, appClientset, "argocd", clusterInformer),
-		"PullRequest":             generators.NewPullRequestGenerator(k8sClient, scmConfig),
-	}
-
-	nestedGenerators := map[string]generators.Generator{
-		"List":                    terminalGenerators["List"],
-		"Clusters":                terminalGenerators["Clusters"],
-		"Git":                     terminalGenerators["Git"],
-		"SCMProvider":             terminalGenerators["SCMProvider"],
-		"ClusterDecisionResource": terminalGenerators["ClusterDecisionResource"],
-		"PullRequest":             terminalGenerators["PullRequest"],
-		"Matrix":                  generators.NewMatrixGenerator(terminalGenerators),
-		"Merge":                   generators.NewMergeGenerator(terminalGenerators),
-	}
-
-	topLevelGenerators := map[string]generators.Generator{
-		"List":                    terminalGenerators["List"],
-		"Clusters":                terminalGenerators["Clusters"],
-		"Git":                     terminalGenerators["Git"],
-		"SCMProvider":             terminalGenerators["SCMProvider"],
-		"ClusterDecisionResource": terminalGenerators["ClusterDecisionResource"],
-		"PullRequest":             terminalGenerators["PullRequest"],
-		"Matrix":                  generators.NewMatrixGenerator(nestedGenerators),
-		"Merge":                   generators.NewMergeGenerator(nestedGenerators),
-	}
-
-	client := fake.NewClientBuilder().WithScheme(scheme).Build()
-	metrics := appsetmetrics.NewFakeAppsetMetrics()
-	r := ApplicationSetReconciler{
-		Client:     client,
-		Scheme:     scheme,
-		Recorder:   record.NewFakeRecorder(0),
-		Generators: topLevelGenerators,
-		Metrics:    metrics,
-	}
-
-	type args struct {
-		appset               *argov1alpha1.ApplicationSet
-		requeueAfterOverride string
-	}
-	tests := []struct {
-		name    string
-		args    args
-		want    time.Duration
-		wantErr assert.ErrorAssertionFunc
-	}{
-		{name: "Cluster", args: args{
-			appset: &argov1alpha1.ApplicationSet{
-				Spec: argov1alpha1.ApplicationSetSpec{
-					Generators: []argov1alpha1.ApplicationSetGenerator{{Clusters: &argov1alpha1.ClusterGenerator{}}},
-				},
-			}, requeueAfterOverride: "",
-		}, want: generators.NoRequeueAfter, wantErr: assert.NoError},
-		{name: "ClusterMergeNested", args: args{&argov1alpha1.ApplicationSet{
-			Spec: argov1alpha1.ApplicationSetSpec{
-				Generators: []argov1alpha1.ApplicationSetGenerator{
-					{Clusters: &argov1alpha1.ClusterGenerator{}},
-					{Merge: &argov1alpha1.MergeGenerator{
-						Generators: []argov1alpha1.ApplicationSetNestedGenerator{
-							{
-								Clusters: &argov1alpha1.ClusterGenerator{},
-								Git:      &argov1alpha1.GitGenerator{},
-							},
-						},
-					}},
-				},
-			},
-		}, ""}, want: generators.DefaultRequeueAfter, wantErr: assert.NoError},
-		{name: "ClusterMatrixNested", args: args{&argov1alpha1.ApplicationSet{
-			Spec: argov1alpha1.ApplicationSetSpec{
-				Generators: []argov1alpha1.ApplicationSetGenerator{
-					{Clusters: &argov1alpha1.ClusterGenerator{}},
-					{Matrix: &argov1alpha1.MatrixGenerator{
-						Generators: []argov1alpha1.ApplicationSetNestedGenerator{
-							{
-								Clusters: &argov1alpha1.ClusterGenerator{},
-								Git:      &argov1alpha1.GitGenerator{},
-							},
-						},
-					}},
-				},
-			},
-		}, ""}, want: generators.DefaultRequeueAfter, wantErr: assert.NoError},
-		{name: "ListGenerator", args: args{appset: &argov1alpha1.ApplicationSet{
-			Spec: argov1alpha1.ApplicationSetSpec{
-				Generators: []argov1alpha1.ApplicationSetGenerator{{List: &argov1alpha1.ListGenerator{}}},
-			},
-		}}, want: generators.NoRequeueAfter, wantErr: assert.NoError},
-		{name: "DuckGenerator", args: args{appset: &argov1alpha1.ApplicationSet{
-			Spec: argov1alpha1.ApplicationSetSpec{
-				Generators: []argov1alpha1.ApplicationSetGenerator{{ClusterDecisionResource: &argov1alpha1.DuckTypeGenerator{}}},
-			},
-		}}, want: generators.DefaultRequeueAfter, wantErr: assert.NoError},
-		{name: "OverrideRequeueDuck", args: args{
-			appset: &argov1alpha1.ApplicationSet{
-				Spec: argov1alpha1.ApplicationSetSpec{
-					Generators: []argov1alpha1.ApplicationSetGenerator{{ClusterDecisionResource: &argov1alpha1.DuckTypeGenerator{}}},
-				},
-			}, requeueAfterOverride: "1h",
-		}, want: 1 * time.Hour, wantErr: assert.NoError},
-		{name: "OverrideRequeueGit", args: args{&argov1alpha1.ApplicationSet{
-			Spec: argov1alpha1.ApplicationSetSpec{
-				Generators: []argov1alpha1.ApplicationSetGenerator{
-					{Git: &argov1alpha1.GitGenerator{}},
-				},
-			},
-		}, "1h"}, want: 1 * time.Hour, wantErr: assert.NoError},
-		{name: "OverrideRequeueMatrix", args: args{&argov1alpha1.ApplicationSet{
-			Spec: argov1alpha1.ApplicationSetSpec{
-				Generators: []argov1alpha1.ApplicationSetGenerator{
-					{Clusters: &argov1alpha1.ClusterGenerator{}},
-					{Merge: &argov1alpha1.MergeGenerator{
-						Generators: []argov1alpha1.ApplicationSetNestedGenerator{
-							{
-								Clusters: &argov1alpha1.ClusterGenerator{},
-								Git:      &argov1alpha1.GitGenerator{},
-							},
-						},
-					}},
-				},
-			},
-		}, "5m"}, want: 5 * time.Minute, wantErr: assert.NoError},
-		{name: "OverrideRequeueMerge", args: args{&argov1alpha1.ApplicationSet{
-			Spec: argov1alpha1.ApplicationSetSpec{
-				Generators: []argov1alpha1.ApplicationSetGenerator{
-					{Clusters: &argov1alpha1.ClusterGenerator{}},
-					{Merge: &argov1alpha1.MergeGenerator{
-						Generators: []argov1alpha1.ApplicationSetNestedGenerator{
-							{
-								Clusters: &argov1alpha1.ClusterGenerator{},
-								Git:      &argov1alpha1.GitGenerator{},
-							},
-						},
-					}},
-				},
-			},
-		}, "12s"}, want: 12 * time.Second, wantErr: assert.NoError},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			t.Setenv("ARGOCD_APPLICATIONSET_CONTROLLER_REQUEUE_AFTER", tt.args.requeueAfterOverride)
-			assert.Equalf(t, tt.want, r.getMinRequeueAfter(tt.args.appset), "getMinRequeueAfter(%v)", tt.args.appset)
-		})
-	}
-}

applicationset/controllers/template/patch.go

@@ -1,43 +0,0 @@
-package template
-
-import (
-	"encoding/json"
-	"fmt"
-
-	"k8s.io/apimachinery/pkg/util/strategicpatch"
-
-	"github.com/argoproj/argo-cd/v3/applicationset/utils"
-	appv1 "github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1"
-)
-
-func applyTemplatePatch(app *appv1.Application, templatePatch string) (*appv1.Application, error) {
-	appString, err := json.Marshal(app)
-	if err != nil {
-		return nil, fmt.Errorf("error while marhsalling Application %w", err)
-	}
-
-	convertedTemplatePatch, err := utils.ConvertYAMLToJSON(templatePatch)
-	if err != nil {
-		return nil, fmt.Errorf("error while converting template to json %q: %w", convertedTemplatePatch, err)
-	}
-
-	if err := json.Unmarshal([]byte(convertedTemplatePatch), &appv1.Application{}); err != nil {
-		return nil, fmt.Errorf("invalid templatePatch %q: %w", convertedTemplatePatch, err)
-	}
-
-	data, err := strategicpatch.StrategicMergePatch(appString, []byte(convertedTemplatePatch), appv1.Application{})
-	if err != nil {
-		return nil, fmt.Errorf("error while applying templatePatch template to json %q: %w", convertedTemplatePatch, err)
-	}
-
-	finalApp := appv1.Application{}
-	err = json.Unmarshal(data, &finalApp)
-	if err != nil {
-		return nil, fmt.Errorf("error while unmarhsalling patched application: %w", err)
-	}
-
-	// Prevent changes to the `project` field. This helps prevent malicious template patches
-	finalApp.Spec.Project = app.Spec.Project
-
-	return &finalApp, nil
-}

applicationset/controllers/template/patch_test.go

@@ -1,249 +0,0 @@
-package template
-
-import (
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-
-	appv1 "github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1"
-)
-
-func Test_ApplyTemplatePatch(t *testing.T) {
-	testCases := []struct {
-		name          string
-		appTemplate   *appv1.Application
-		templatePatch string
-		expectedApp   *appv1.Application
-	}{
-		{
-			name: "patch with JSON",
-			appTemplate: &appv1.Application{
-				TypeMeta: metav1.TypeMeta{
-					Kind:       "Application",
-					APIVersion: "argoproj.io/v1alpha1",
-				},
-				ObjectMeta: metav1.ObjectMeta{
-					Name:       "my-cluster-guestbook",
-					Namespace:  "namespace",
-					Finalizers: []string{appv1.ResourcesFinalizerName},
-				},
-				Spec: appv1.ApplicationSpec{
-					Project: "default",
-					Source: &appv1.ApplicationSource{
-						RepoURL:        "https://github.com/argoproj/argocd-example-apps.git",
-						TargetRevision: "HEAD",
-						Path:           "guestbook",
-					},
-					Destination: appv1.ApplicationDestination{
-						Server:    "https://kubernetes.default.svc",
-						Namespace: "guestbook",
-					},
-				},
-			},
-			templatePatch: `{
-				"metadata": {
-					"annotations": {
-						"annotation-some-key": "annotation-some-value"
-					}
-				},
-				"spec": {
-					"source": {
-						"helm": {
-							"valueFiles": [
-								"values.test.yaml",
-								"values.big.yaml"
-							]
-						}
-					},
-					"syncPolicy": {
-						"automated": {
-							"prune": true
-						}
-					}
-				}
-			}`,
-			expectedApp: &appv1.Application{
-				TypeMeta: metav1.TypeMeta{
-					Kind:       "Application",
-					APIVersion: "argoproj.io/v1alpha1",
-				},
-				ObjectMeta: metav1.ObjectMeta{
-					Name:       "my-cluster-guestbook",
-					Namespace:  "namespace",
-					Finalizers: []string{appv1.ResourcesFinalizerName},
-					Annotations: map[string]string{
-						"annotation-some-key": "annotation-some-value",
-					},
-				},
-				Spec: appv1.ApplicationSpec{
-					Project: "default",
-					Source: &appv1.ApplicationSource{
-						RepoURL:        "https://github.com/argoproj/argocd-example-apps.git",
-						TargetRevision: "HEAD",
-						Path:           "guestbook",
-						Helm: &appv1.ApplicationSourceHelm{
-							ValueFiles: []string{
-								"values.test.yaml",
-								"values.big.yaml",
-							},
-						},
-					},
-					Destination: appv1.ApplicationDestination{
-						Server:    "https://kubernetes.default.svc",
-						Namespace: "guestbook",
-					},
-					SyncPolicy: &appv1.SyncPolicy{
-						Automated: &appv1.SyncPolicyAutomated{
-							Prune: true,
-						},
-					},
-				},
-			},
-		},
-		{
-			name: "patch with YAML",
-			appTemplate: &appv1.Application{
-				TypeMeta: metav1.TypeMeta{
-					Kind:       "Application",
-					APIVersion: "argoproj.io/v1alpha1",
-				},
-				ObjectMeta: metav1.ObjectMeta{
-					Name:       "my-cluster-guestbook",
-					Namespace:  "namespace",
-					Finalizers: []string{appv1.ResourcesFinalizerName},
-				},
-				Spec: appv1.ApplicationSpec{
-					Project: "default",
-					Source: &appv1.ApplicationSource{
-						RepoURL:        "https://github.com/argoproj/argocd-example-apps.git",
-						TargetRevision: "HEAD",
-						Path:           "guestbook",
-					},
-					Destination: appv1.ApplicationDestination{
-						Server:    "https://kubernetes.default.svc",
-						Namespace: "guestbook",
-					},
-				},
-			},
-			templatePatch: `
-metadata:
-  annotations:
-    annotation-some-key: annotation-some-value
-spec:
-  source:
-    helm:
-      valueFiles:
-        - values.test.yaml
-        - values.big.yaml
-  syncPolicy:
-    automated:
-      prune: true`,
-			expectedApp: &appv1.Application{
-				TypeMeta: metav1.TypeMeta{
-					Kind:       "Application",
-					APIVersion: "argoproj.io/v1alpha1",
-				},
-				ObjectMeta: metav1.ObjectMeta{
-					Name:       "my-cluster-guestbook",
-					Namespace:  "namespace",
-					Finalizers: []string{appv1.ResourcesFinalizerName},
-					Annotations: map[string]string{
-						"annotation-some-key": "annotation-some-value",
-					},
-				},
-				Spec: appv1.ApplicationSpec{
-					Project: "default",
-					Source: &appv1.ApplicationSource{
-						RepoURL:        "https://github.com/argoproj/argocd-example-apps.git",
-						TargetRevision: "HEAD",
-						Path:           "guestbook",
-						Helm: &appv1.ApplicationSourceHelm{
-							ValueFiles: []string{
-								"values.test.yaml",
-								"values.big.yaml",
-							},
-						},
-					},
-					Destination: appv1.ApplicationDestination{
-						Server:    "https://kubernetes.default.svc",
-						Namespace: "guestbook",
-					},
-					SyncPolicy: &appv1.SyncPolicy{
-						Automated: &appv1.SyncPolicyAutomated{
-							Prune: true,
-						},
-					},
-				},
-			},
-		},
-		{
-			name: "project field isn't overwritten",
-			appTemplate: &appv1.Application{
-				TypeMeta: metav1.TypeMeta{
-					Kind:       "Application",
-					APIVersion: "argoproj.io/v1alpha1",
-				},
-				ObjectMeta: metav1.ObjectMeta{
-					Name:      "my-cluster-guestbook",
-					Namespace: "namespace",
-				},
-				Spec: appv1.ApplicationSpec{
-					Project: "default",
-					Source: &appv1.ApplicationSource{
-						RepoURL:        "https://github.com/argoproj/argocd-example-apps.git",
-						TargetRevision: "HEAD",
-						Path:           "guestbook",
-					},
-					Destination: appv1.ApplicationDestination{
-						Server:    "https://kubernetes.default.svc",
-						Namespace: "guestbook",
-					},
-				},
-			},
-			templatePatch: `
-spec:
-  project: my-project`,
-			expectedApp: &appv1.Application{
-				TypeMeta: metav1.TypeMeta{
-					Kind:       "Application",
-					APIVersion: "argoproj.io/v1alpha1",
-				},
-				ObjectMeta: metav1.ObjectMeta{
-					Name:      "my-cluster-guestbook",
-					Namespace: "namespace",
-				},
-				Spec: appv1.ApplicationSpec{
-					Project: "default",
-					Source: &appv1.ApplicationSource{
-						RepoURL:        "https://github.com/argoproj/argocd-example-apps.git",
-						TargetRevision: "HEAD",
-						Path:           "guestbook",
-					},
-					Destination: appv1.ApplicationDestination{
-						Server:    "https://kubernetes.default.svc",
-						Namespace: "guestbook",
-					},
-				},
-			},
-		},
-	}
-
-	for _, tc := range testCases {
-		tcc := tc
-		t.Run(tcc.name, func(t *testing.T) {
-			result, err := applyTemplatePatch(tcc.appTemplate, tcc.templatePatch)
-			require.NoError(t, err)
-			assert.Equal(t, *tcc.expectedApp, *result)
-		})
-	}
-}
-
-func TestError(t *testing.T) {
-	app := &appv1.Application{}
-
-	result, err := applyTemplatePatch(app, "hello world")
-	require.Error(t, err)
-	require.Nil(t, result)
-}

applicationset/controllers/template/template.go

@@ -1,101 +0,0 @@
-package template
-
-import (
-	"fmt"
-
-	"sigs.k8s.io/controller-runtime/pkg/client"
-
-	log "github.com/sirupsen/logrus"
-
-	"github.com/argoproj/argo-cd/v3/applicationset/generators"
-	"github.com/argoproj/argo-cd/v3/applicationset/utils"
-
-	argov1alpha1 "github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1"
-)
-
-func GenerateApplications(logCtx *log.Entry, applicationSetInfo argov1alpha1.ApplicationSet, g map[string]generators.Generator, renderer utils.Renderer, client client.Client) ([]argov1alpha1.Application, argov1alpha1.ApplicationSetReasonType, error) {
-	var res []argov1alpha1.Application
-
-	var firstError error
-	var applicationSetReason argov1alpha1.ApplicationSetReasonType
-
-	for _, requestedGenerator := range applicationSetInfo.Spec.Generators {
-		t, err := generators.Transform(requestedGenerator, g, applicationSetInfo.Spec.Template, &applicationSetInfo, map[string]any{}, client)
-		if err != nil {
-			logCtx.WithError(err).WithField("generator", requestedGenerator).
-				Error("error generating application from params")
-			if firstError == nil {
-				firstError = err
-				applicationSetReason = argov1alpha1.ApplicationSetReasonApplicationParamsGenerationError
-			}
-			continue
-		}
-
-		for _, a := range t {
-			tmplApplication := GetTempApplication(a.Template)
-
-			for _, p := range a.Params {
-				app, err := renderer.RenderTemplateParams(tmplApplication, applicationSetInfo.Spec.SyncPolicy, p, applicationSetInfo.Spec.GoTemplate, applicationSetInfo.Spec.GoTemplateOptions)
-				if err != nil {
-					logCtx.WithError(err).WithField("params", a.Params).WithField("generator", requestedGenerator).
-						Error("error generating application from params")
-
-					if firstError == nil {
-						firstError = err
-						applicationSetReason = argov1alpha1.ApplicationSetReasonRenderTemplateParamsError
-					}
-					continue
-				}
-
-				if applicationSetInfo.Spec.TemplatePatch != nil {
-					patchedApplication, err := renderTemplatePatch(renderer, app, applicationSetInfo, p)
-					if err != nil {
-						log.WithError(err).WithField("params", a.Params).WithField("generator", requestedGenerator).
-							Error("error generating application from params")
-
-						if firstError == nil {
-							firstError = err
-							applicationSetReason = argov1alpha1.ApplicationSetReasonRenderTemplateParamsError
-						}
-						continue
-					}
-
-					app = patchedApplication
-				}
-
-				// The app's namespace must be the same as the AppSet's namespace to preserve the appsets-in-any-namespace
-				// security boundary.
-				app.Namespace = applicationSetInfo.Namespace
-				res = append(res, *app)
-			}
-		}
-		if log.IsLevelEnabled(log.DebugLevel) {
-			logCtx.WithField("generator", requestedGenerator).Debugf("apps from generator: %+v", res)
-		} else {
-			logCtx.Infof("generated %d applications", len(res))
-		}
-	}
-
-	return res, applicationSetReason, firstError
-}
-
-func renderTemplatePatch(r utils.Renderer, app *argov1alpha1.Application, applicationSetInfo argov1alpha1.ApplicationSet, params map[string]any) (*argov1alpha1.Application, error) {
-	replacedTemplate, err := r.Replace(*applicationSetInfo.Spec.TemplatePatch, params, applicationSetInfo.Spec.GoTemplate, applicationSetInfo.Spec.GoTemplateOptions)
-	if err != nil {
-		return nil, fmt.Errorf("error replacing values in templatePatch: %w", err)
-	}
-
-	return applyTemplatePatch(app, replacedTemplate)
-}
-
-func GetTempApplication(applicationSetTemplate argov1alpha1.ApplicationSetTemplate) *argov1alpha1.Application {
-	var tmplApplication argov1alpha1.Application
-	tmplApplication.Annotations = applicationSetTemplate.Annotations
-	tmplApplication.Labels = applicationSetTemplate.Labels
-	tmplApplication.Namespace = applicationSetTemplate.Namespace
-	tmplApplication.Name = applicationSetTemplate.Name
-	tmplApplication.Spec = applicationSetTemplate.Spec
-	tmplApplication.Finalizers = applicationSetTemplate.Finalizers
-
-	return &tmplApplication
-}

applicationset/controllers/template/template_test.go

@@ -1,350 +0,0 @@
-package template
-
-import (
-	"errors"
-	"maps"
-	"testing"
-
-	"github.com/stretchr/testify/mock"
-	"github.com/stretchr/testify/require"
-
-	log "github.com/sirupsen/logrus"
-	"github.com/stretchr/testify/assert"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/apimachinery/pkg/runtime"
-
-	"github.com/argoproj/argo-cd/v3/applicationset/generators"
-	genmock "github.com/argoproj/argo-cd/v3/applicationset/generators/mocks"
-	"github.com/argoproj/argo-cd/v3/applicationset/utils"
-	rendmock "github.com/argoproj/argo-cd/v3/applicationset/utils/mocks"
-	"github.com/argoproj/argo-cd/v3/pkg/apis/application"
-	"github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1"
-)
-
-func TestGenerateApplications(t *testing.T) {
-	scheme := runtime.NewScheme()
-	err := v1alpha1.AddToScheme(scheme)
-	require.NoError(t, err)
-
-	err = v1alpha1.AddToScheme(scheme)
-	require.NoError(t, err)
-
-	for _, c := range []struct {
-		name                string
-		params              []map[string]any
-		template            v1alpha1.ApplicationSetTemplate
-		generateParamsError error
-		rendererError       error
-		expectErr           bool
-		expectedReason      v1alpha1.ApplicationSetReasonType
-	}{
-		{
-			name:   "Generate two applications",
-			params: []map[string]any{{"name": "app1"}, {"name": "app2"}},
-			template: v1alpha1.ApplicationSetTemplate{
-				ApplicationSetTemplateMeta: v1alpha1.ApplicationSetTemplateMeta{
-					Name:      "name",
-					Namespace: "namespace",
-					Labels:    map[string]string{"label_name": "label_value"},
-				},
-				Spec: v1alpha1.ApplicationSpec{},
-			},
-			expectedReason: "",
-		},
-		{
-			name:                "Handles error from the generator",
-			generateParamsError: errors.New("error"),
-			expectErr:           true,
-			expectedReason:      v1alpha1.ApplicationSetReasonApplicationParamsGenerationError,
-		},
-		{
-			name:   "Handles error from the render",
-			params: []map[string]any{{"name": "app1"}, {"name": "app2"}},
-			template: v1alpha1.ApplicationSetTemplate{
-				ApplicationSetTemplateMeta: v1alpha1.ApplicationSetTemplateMeta{
-					Name:      "name",
-					Namespace: "namespace",
-					Labels:    map[string]string{"label_name": "label_value"},
-				},
-				Spec: v1alpha1.ApplicationSpec{},
-			},
-			rendererError:  errors.New("error"),
-			expectErr:      true,
-			expectedReason: v1alpha1.ApplicationSetReasonRenderTemplateParamsError,
-		},
-	} {
-		cc := c
-		app := v1alpha1.Application{
-			ObjectMeta: metav1.ObjectMeta{
-				Name:      "test",
-				Namespace: "namespace",
-			},
-			TypeMeta: metav1.TypeMeta{
-				Kind:       application.ApplicationKind,
-				APIVersion: "argoproj.io/v1alpha1",
-			},
-		}
-
-		t.Run(cc.name, func(t *testing.T) {
-			generatorMock := &genmock.Generator{}
-			generator := v1alpha1.ApplicationSetGenerator{
-				List: &v1alpha1.ListGenerator{},
-			}
-
-			generatorMock.EXPECT().GenerateParams(&generator, mock.AnythingOfType("*v1alpha1.ApplicationSet"), mock.Anything).
-				Return(cc.params, cc.generateParamsError)
-
-			generatorMock.EXPECT().GetTemplate(&generator).
-				Return(&v1alpha1.ApplicationSetTemplate{})
-
-			rendererMock := &rendmock.Renderer{}
-
-			var expectedApps []v1alpha1.Application
-
-			if cc.generateParamsError == nil {
-				for _, p := range cc.params {
-					if cc.rendererError != nil {
-						rendererMock.EXPECT().RenderTemplateParams(GetTempApplication(cc.template), mock.AnythingOfType("*v1alpha1.ApplicationSetSyncPolicy"), p, false, []string(nil)).
-							Return(nil, cc.rendererError)
-					} else {
-						rendererMock.EXPECT().RenderTemplateParams(GetTempApplication(cc.template), mock.AnythingOfType("*v1alpha1.ApplicationSetSyncPolicy"), p, false, []string(nil)).
-							Return(&app, nil)
-						expectedApps = append(expectedApps, app)
-					}
-				}
-			}
-
-			generators := map[string]generators.Generator{
-				"List": generatorMock,
-			}
-			renderer := rendererMock
-
-			got, reason, err := GenerateApplications(log.NewEntry(log.StandardLogger()), v1alpha1.ApplicationSet{
-				ObjectMeta: metav1.ObjectMeta{
-					Name:      "name",
-					Namespace: "namespace",
-				},
-				Spec: v1alpha1.ApplicationSetSpec{
-					Generators: []v1alpha1.ApplicationSetGenerator{generator},
-					Template:   cc.template,
-				},
-			},
-				generators,
-				renderer,
-				nil,
-			)
-
-			if cc.expectErr {
-				require.Error(t, err)
-			} else {
-				require.NoError(t, err)
-			}
-			assert.Equal(t, expectedApps, got)
-			assert.Equal(t, cc.expectedReason, reason)
-			generatorMock.AssertNumberOfCalls(t, "GenerateParams", 1)
-
-			if cc.generateParamsError == nil {
-				rendererMock.AssertNumberOfCalls(t, "RenderTemplateParams", len(cc.params))
-			}
-		})
-	}
-}
-
-func TestMergeTemplateApplications(t *testing.T) {
-	for _, c := range []struct {
-		name             string
-		params           []map[string]any
-		template         v1alpha1.ApplicationSetTemplate
-		overrideTemplate v1alpha1.ApplicationSetTemplate
-		expectedMerged   v1alpha1.ApplicationSetTemplate
-		expectedApps     []v1alpha1.Application
-	}{
-		{
-			name:   "Generate app",
-			params: []map[string]any{{"name": "app1"}},
-			template: v1alpha1.ApplicationSetTemplate{
-				ApplicationSetTemplateMeta: v1alpha1.ApplicationSetTemplateMeta{
-					Name:      "name",
-					Namespace: "namespace",
-					Labels:    map[string]string{"label_name": "label_value"},
-				},
-				Spec: v1alpha1.ApplicationSpec{},
-			},
-			overrideTemplate: v1alpha1.ApplicationSetTemplate{
-				ApplicationSetTemplateMeta: v1alpha1.ApplicationSetTemplateMeta{
-					Name:   "test",
-					Labels: map[string]string{"foo": "bar"},
-				},
-				Spec: v1alpha1.ApplicationSpec{},
-			},
-			expectedMerged: v1alpha1.ApplicationSetTemplate{
-				ApplicationSetTemplateMeta: v1alpha1.ApplicationSetTemplateMeta{
-					Name:      "test",
-					Namespace: "namespace",
-					Labels:    map[string]string{"label_name": "label_value", "foo": "bar"},
-				},
-				Spec: v1alpha1.ApplicationSpec{},
-			},
-			expectedApps: []v1alpha1.Application{
-				{
-					ObjectMeta: metav1.ObjectMeta{
-						Name:      "test",
-						Namespace: "test",
-						Labels:    map[string]string{"foo": "bar"},
-					},
-					Spec: v1alpha1.ApplicationSpec{},
-				},
-			},
-		},
-	} {
-		cc := c
-
-		t.Run(cc.name, func(t *testing.T) {
-			generatorMock := &genmock.Generator{}
-			generator := v1alpha1.ApplicationSetGenerator{
-				List: &v1alpha1.ListGenerator{},
-			}
-
-			generatorMock.EXPECT().GenerateParams(&generator, mock.AnythingOfType("*v1alpha1.ApplicationSet"), mock.Anything).
-				Return(cc.params, nil)
-
-			generatorMock.EXPECT().GetTemplate(&generator).
-				Return(&cc.overrideTemplate)
-
-			rendererMock := &rendmock.Renderer{}
-
-			rendererMock.EXPECT().RenderTemplateParams(GetTempApplication(cc.expectedMerged), mock.AnythingOfType("*v1alpha1.ApplicationSetSyncPolicy"), cc.params[0], false, []string(nil)).
-				Return(&cc.expectedApps[0], nil)
-
-			generators := map[string]generators.Generator{
-				"List": generatorMock,
-			}
-			renderer := rendererMock
-
-			got, _, _ := GenerateApplications(log.NewEntry(log.StandardLogger()), v1alpha1.ApplicationSet{
-				ObjectMeta: metav1.ObjectMeta{
-					Name:      "name",
-					Namespace: "namespace",
-				},
-				Spec: v1alpha1.ApplicationSetSpec{
-					Generators: []v1alpha1.ApplicationSetGenerator{generator},
-					Template:   cc.template,
-				},
-			},
-				generators,
-				renderer,
-				nil,
-			)
-
-			assert.Equal(t, cc.expectedApps, got)
-		})
-	}
-}
-
-// Test app generation from a go template application set using a pull request generator
-func TestGenerateAppsUsingPullRequestGenerator(t *testing.T) {
-	for _, cases := range []struct {
-		name        string
-		params      []map[string]any
-		template    v1alpha1.ApplicationSetTemplate
-		expectedApp []v1alpha1.Application
-	}{
-		{
-			name: "Generate an application from a go template application set manifest using a pull request generator",
-			params: []map[string]any{
-				{
-					"number":                                "1",
-					"title":                                 "title1",
-					"branch":                                "branch1",
-					"branch_slug":                           "branchSlug1",
-					"head_sha":                              "089d92cbf9ff857a39e6feccd32798ca700fb958",
-					"head_short_sha":                        "089d92cb",
-					"branch_slugify_default":                "feat/a_really+long_pull_request_name_to_test_argo_slugification_and_branch_name_shortening_feature",
-					"branch_slugify_smarttruncate_disabled": "feat/areallylongpullrequestnametotestargoslugificationandbranchnameshorteningfeature",
-					"branch_slugify_smarttruncate_enabled":  "feat/testwithsmarttruncateenabledramdomlonglistofcharacters",
-					"labels":                                []string{"label1"},
-				},
-			},
-			template: v1alpha1.ApplicationSetTemplate{
-				ApplicationSetTemplateMeta: v1alpha1.ApplicationSetTemplateMeta{
-					Name: "AppSet-{{.branch}}-{{.number}}",
-					Labels: map[string]string{
-						"app1":         "{{index .labels 0}}",
-						"branch-test1": "AppSet-{{.branch_slugify_default | slugify }}",
-						"branch-test2": "AppSet-{{.branch_slugify_smarttruncate_disabled | slugify 49 false }}",
-						"branch-test3": "AppSet-{{.branch_slugify_smarttruncate_enabled | slugify 50 true }}",
-					},
-				},
-				Spec: v1alpha1.ApplicationSpec{
-					Source: &v1alpha1.ApplicationSource{
-						RepoURL:        "https://testurl/testRepo",
-						TargetRevision: "{{.head_short_sha}}",
-					},
-					Destination: v1alpha1.ApplicationDestination{
-						Server:    "https://kubernetes.default.svc",
-						Namespace: "AppSet-{{.branch_slug}}-{{.head_sha}}",
-					},
-				},
-			},
-			expectedApp: []v1alpha1.Application{
-				{
-					ObjectMeta: metav1.ObjectMeta{
-						Name: "AppSet-branch1-1",
-						Labels: map[string]string{
-							"app1":         "label1",
-							"branch-test1": "AppSet-feat-a-really-long-pull-request-name-to-test-argo",
-							"branch-test2": "AppSet-feat-areallylongpullrequestnametotestargoslugific",
-							"branch-test3": "AppSet-feat",
-						},
-					},
-					Spec: v1alpha1.ApplicationSpec{
-						Source: &v1alpha1.ApplicationSource{
-							RepoURL:        "https://testurl/testRepo",
-							TargetRevision: "089d92cb",
-						},
-						Destination: v1alpha1.ApplicationDestination{
-							Server:    "https://kubernetes.default.svc",
-							Namespace: "AppSet-branchSlug1-089d92cbf9ff857a39e6feccd32798ca700fb958",
-						},
-					},
-				},
-			},
-		},
-	} {
-		t.Run(cases.name, func(t *testing.T) {
-			generatorMock := &genmock.Generator{}
-			generator := v1alpha1.ApplicationSetGenerator{
-				PullRequest: &v1alpha1.PullRequestGenerator{},
-			}
-
-			generatorMock.EXPECT().GenerateParams(&generator, mock.AnythingOfType("*v1alpha1.ApplicationSet"), mock.Anything).
-				Return(cases.params, nil)
-
-			generatorMock.EXPECT().GetTemplate(&generator).
-				Return(&cases.template)
-
-			generators := map[string]generators.Generator{
-				"PullRequest": generatorMock,
-			}
-			renderer := &utils.Render{}
-
-			gotApp, _, _ := GenerateApplications(log.NewEntry(log.StandardLogger()), v1alpha1.ApplicationSet{
-				Spec: v1alpha1.ApplicationSetSpec{
-					GoTemplate: true,
-					Generators: []v1alpha1.ApplicationSetGenerator{{
-						PullRequest: &v1alpha1.PullRequestGenerator{},
-					}},
-					Template: cases.template,
-				},
-			},
-				generators,
-				renderer,
-				nil,
-			)
-			assert.Equal(t, cases.expectedApp[0].Name, gotApp[0].Name)
-			assert.Equal(t, cases.expectedApp[0].Spec.Source.TargetRevision, gotApp[0].Spec.Source.TargetRevision)
-			assert.Equal(t, cases.expectedApp[0].Spec.Destination.Namespace, gotApp[0].Spec.Destination.Namespace)
-			assert.True(t, maps.Equal(cases.expectedApp[0].Labels, gotApp[0].Labels))
-		})
-	}
-}

applicationset/examples/applications-sync-policies/create-only.yaml

@@ -1,35 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: ApplicationSet
-metadata:
-  name: guestbook
-spec:
-  goTemplate: true
-  generators:
-  - list:
-      elements:
-      - cluster: engineering-dev
-        url: https://kubernetes.default.svc
-        foo: bar
-      # Update foo value with foo: bar
-      # Application engineering-prod-guestbook labels will still be baz
-      # Delete this element
-      # Application engineering-prod-guestbook will be kept
-      - cluster: engineering-prod
-        url: https://kubernetes.default.svc
-        foo: baz
-  template:
-    metadata:
-      name: '{{.cluster}}-guestbook'
-      labels:
-        foo: '{{.foo}}'
-    spec:
-      project: default
-      source:
-        repoURL: https://github.com/argoproj/argo-cd.git
-        targetRevision: HEAD
-        path: applicationset/examples/list-generator/guestbook/{{.cluster}}
-      destination:
-        server: '{{.url}}'
-        namespace: guestbook
-  syncPolicy:
-    applicationsSync: create-only

applicationset/examples/applications-sync-policies/create-update.yaml

@@ -1,35 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: ApplicationSet
-metadata:
-  name: guestbook
-spec:
-  goTemplate: true
-  generators:
-  - list:
-      elements:
-      - cluster: engineering-dev
-        url: https://kubernetes.default.svc
-        foo: bar
-      # Update foo value with foo: bar
-      # Application engineering-prod-guestbook labels will change to foo: bar
-      # Delete this element
-      # Application engineering-prod-guestbook will be kept
-      - cluster: engineering-prod
-        url: https://kubernetes.default.svc
-        foo: baz
-  template:
-    metadata:
-      name: '{{.cluster}}-guestbook'
-      labels:
-        foo: '{{.foo}}'
-    spec:
-      project: default
-      source:
-        repoURL: https://github.com/argoproj/argo-cd.git
-        targetRevision: HEAD
-        path: applicationset/examples/list-generator/guestbook/{{.cluster}}
-      destination:
-        server: '{{.url}}'
-        namespace: guestbook
-  syncPolicy:
-    applicationsSync: create-update

applicationset/examples/applications-sync-policies/guestbook/engineering-dev/guestbook-ui-deployment.yaml

@@ -1,20 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: guestbook-ui
-spec:
-  replicas: 1
-  revisionHistoryLimit: 3
-  selector:
-    matchLabels:
-      app: guestbook-ui
-  template:
-    metadata:
-      labels:
-        app: guestbook-ui
-    spec:
-      containers:
-      - image: quay.io/argoprojlabs/argocd-e2e-container:0.2
-        name: guestbook-ui
-        ports:
-        - containerPort: 80

applicationset/examples/applications-sync-policies/guestbook/engineering-dev/guestbook-ui-svc.yaml

@@ -1,10 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: guestbook-ui
-spec:
-  ports:
-  - port: 80
-    targetPort: 80
-  selector:
-    app: guestbook-ui

applicationset/examples/applications-sync-policies/guestbook/engineering-prod/guestbook-ui-deployment.yaml

@@ -1,20 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: guestbook-ui
-spec:
-  replicas: 1
-  revisionHistoryLimit: 3
-  selector:
-    matchLabels:
-      app: guestbook-ui
-  template:
-    metadata:
-      labels:
-        app: guestbook-ui
-    spec:
-      containers:
-      - image: quay.io/argoprojlabs/argocd-e2e-container:0.2
-        name: guestbook-ui
-        ports:
-        - containerPort: 80

applicationset/examples/applications-sync-policies/guestbook/engineering-prod/guestbook-ui-svc.yaml

@@ -1,10 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: guestbook-ui
-spec:
-  ports:
-  - port: 80
-    targetPort: 80
-  selector:
-    app: guestbook-ui

applicationset/examples/cluster/cluster-example-fasttemplate.yaml

@@ -1,19 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: ApplicationSet
-metadata:
-  name: guestbook
-spec:
-  generators:
-  - clusters: {}
-  template:
-    metadata:
-      name: '{{name}}-guestbook'
-    spec:
-      project: "default"
-      source:
-        repoURL: https://github.com/argoproj/argocd-example-apps/
-        targetRevision: HEAD
-        path: guestbook
-      destination:
-        server: '{{server}}'
-        namespace: guestbook

applicationset/examples/cluster/cluster-example.yaml

@@ -1,21 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: ApplicationSet
-metadata:
-  name: guestbook
-spec:
-  goTemplate: true
-  goTemplateOptions: ["missingkey=error"]
-  generators:
-  - clusters: {}
-  template:
-    metadata:
-      name: '{{.name}}-guestbook'
-    spec:
-      project: "default"
-      source:
-        repoURL: https://github.com/argoproj/argocd-example-apps/
-        targetRevision: HEAD
-        path: guestbook
-      destination:
-        server: '{{.server}}'
-        namespace: guestbook

applicationset/examples/clusterDecisionResource/README.md

@@ -1,57 +0,0 @@
-# How the Cluster Decision Resource generator works for clusterDecisionResource
-1. The Cluster Decision Resource generator reads a configurable status format:
-```yaml
-status:
-  clusters:
-  - name: cluster-01
-  - name: cluster-02
-```
-This is a common status format.  Another format that could be read looks like this:
-```yaml
-status:
-  decisions:
-  - clusterName: cluster-01
-    namespace: cluster-01
-  - clusterName: cluster-02
-    namespace: cluster-02
-```
-2. Any resource that has a list of key / value pairs, where the value matches ArgoCD cluster names can be used.
-3. The key / value pairs found in each element of the list will be available to the template. As well, `name` and `server` will still be available to the template.
-4. The Service Account used by the ApplicationSet controller must have access to `Get` the resource you want to retrieve the duck type definition from
-5. A configMap is used to identify the resource to read status of generated ArgoCD clusters from. You can use multiple resources by creating a ConfigMap for each one in the ArgoCD namespace.
-```yaml
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: my-configmap
-data:
-  apiVersion: group.io/v1
-  kind: mykinds
-  statusListKey: clusters
-  matchKey: name
-```
-  * `apiVersion`    - This is the apiVersion of your resource
-  * `kind`          - This is the plural kind of your resource
-  * `statusListKey` - Default is 'clusters', this is the key found in your resource's status that is a list of ArgoCD clusters.
-  * `matchKey`      - Is the key name found in the cluster list, `name` and `clusterName` are the keys in the examples above.
-
-# Applying the example
-1. Connect to a cluster with the ApplicationSet controller running
-2. Edit the Role for the ApplicationSet service account, and grant it permission to `list` the `placementdecisions` resources, from apiGroups `cluster.open-cluster-management.io/v1alpha1`
-```yaml
-- apiGroups:
-  - "cluster.open-cluster-management.io/v1alpha1"
-  resources:
-  - placementdecisions
-  verbs:
-  - list
-```
-3. Apply the following controller and associated ManagedCluster CRD's:
-https://github.com/open-cluster-management/placement
-4. Now apply the PlacementDecision and an ApplicationSet:
-```bash
-kubectl apply -f ./placementdecision.yaml
-kubectl apply -f ./configMap.yaml
-kubectl apply -f ./ducktype-example.yaml
-```
-5. For now this won't do anything until you create a controller that populates the `Status.Decisions` array.

applicationset/examples/clusterDecisionResource/configMap.yaml

@@ -1,11 +0,0 @@
-# To generate a Status.Decisions from this CRD, requires https://github.com/open-cluster-management/multicloud-operators-placementrule be deployed
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: ocm-placement
-data:
-  apiVersion: apps.open-cluster-management.io/v1
-  kind: placementrules
-  statusListKey: decisions
-  matchKey: clusterName

applicationset/examples/clusterDecisionResource/ducktype-example-fasttemplate.yaml

@@ -1,27 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: ApplicationSet
-metadata:
-  name: book-import
-spec:
-  generators:
-    - clusterDecisionResource:
-        configMapRef: ocm-placement
-        name: test-placement
-        requeueAfterSeconds: 30
-  template:
-    metadata:
-      name: '{{clusterName}}-book-import'
-    spec:
-      project: "default"
-      source:
-        repoURL: https://github.com/open-cluster-management/application-samples.git
-        targetRevision: HEAD
-        path: book-import
-      destination:
-        name: '{{clusterName}}'
-        namespace: bookimport
-      syncPolicy:
-        automated:
-          prune: true
-        syncOptions:
-          - CreateNamespace=true

applicationset/examples/clusterDecisionResource/ducktype-example.yaml

@@ -1,29 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: ApplicationSet
-metadata:
-  name: book-import
-spec:
-  goTemplate: true
-  goTemplateOptions: ["missingkey=error"]
-  generators:
-    - clusterDecisionResource:
-        configMapRef: ocm-placement
-        name: test-placement
-        requeueAfterSeconds: 30
-  template:
-    metadata:
-      name: '{{.clusterName}}-book-import'
-    spec:
-      project: "default"
-      source:
-        repoURL: https://github.com/open-cluster-management/application-samples.git
-        targetRevision: HEAD
-        path: book-import
-      destination:
-        name: '{{.clusterName}}'
-        namespace: bookimport
-      syncPolicy:
-        automated:
-          prune: true
-        syncOptions:
-          - CreateNamespace=true

applicationset/examples/clusterDecisionResource/placementdecision.yaml

@@ -1,18 +0,0 @@
----
-apiVersion: apps.open-cluster-management.io/v1
-kind: PlacementRule
-metadata:
-  name: test-placement
-spec:
-  clusterReplicas: 1   # Availability choice, maximum number of clusters to provision at once
-  clusterSelector:
-    matchLabels:
-      'usage': 'development'
-  clusterConditions:
-    - type: ManagedClusterConditionAvailable
-      status: "True"
-# Below is sample output the generator can consume.
-status:
-  decisions:
-  - clusterName: cluster-01
-  - clusterName: cluster-02

applicationset/examples/design-doc/applicationset-fasttemplate.yaml

@@ -1,22 +0,0 @@
-# This is an example of a typical ApplicationSet which uses the cluster generator.
-# An ApplicationSet is comprised with two stanzas:
-#  - spec.generator - producer of a list of values supplied as arguments to an app template
-#  - spec.template - an application template, which has been parameterized
-apiVersion: argoproj.io/v1alpha1
-kind: ApplicationSet
-metadata:
-  name: guestbook
-spec:
-  generators:
-  - clusters: {}
-  template:
-    metadata:
-      name: '{{name}}-guestbook'
-    spec:
-      source:
-        repoURL: https://github.com/infra-team/cluster-deployments.git
-        targetRevision: HEAD
-        chart: guestbook
-      destination:
-        server: '{{server}}'
-        namespace: guestbook

applicationset/examples/design-doc/applicationset.yaml

@@ -1,24 +0,0 @@
-# This is an example of a typical ApplicationSet which uses the cluster generator.
-# An ApplicationSet is comprised with two stanzas:
-#  - spec.generator - producer of a list of values supplied as arguments to an app template
-#  - spec.template - an application template, which has been parameterized
-apiVersion: argoproj.io/v1alpha1
-kind: ApplicationSet
-metadata:
-  name: guestbook
-spec:
-  goTemplate: true
-  goTemplateOptions: ["missingkey=error"]
-  generators:
-  - clusters: {}
-  template:
-    metadata:
-      name: '{{.name}}-guestbook'
-    spec:
-      source:
-        repoURL: https://github.com/infra-team/cluster-deployments.git
-        targetRevision: HEAD
-        chart: guestbook
-      destination:
-        server: '{{.server}}'
-        namespace: guestbook

applicationset/examples/design-doc/clusters.yaml

@@ -1,33 +0,0 @@
-# The cluster generator produces an items list from all clusters registered to Argo CD.
-# It automatically provides the following fields as values to the app template:
-#  - name
-#  - server
-#  - metadata.labels.<key>
-#  - metadata.annotations.<key>
-#  - values.<key>
-apiVersion: argoproj.io/v1alpha1
-kind: ApplicationSet
-metadata:
-  name: guestbook
-spec:
-  generators:
-  - clusters:
-      selector:
-        matchLabels:
-          argocd.argoproj.io/secret-type: cluster
-      values:
-        project: default
-  template:
-    metadata:
-      name: '{{.name}}-guestbook'
-      labels:
-        environment: '{{.metadata.labels.environment}}'
-    spec:
-      project: '{{.values.project}}'
-      source:
-        repoURL: https://github.com/infra-team/cluster-deployments.git
-        targetRevision: HEAD
-        chart: guestbook
-      destination:
-        server: '{{.server}}'
-        namespace: guestbook

applicationset/examples/design-doc/git-directory-discovery-fasttemplate.yaml

@@ -1,44 +0,0 @@
-# This example demonstrates the git directory generator, which produces an items list 
-# based on discovery of directories in a git repo matching a specified pattern.
-# Git generators automatically provide {{path}} and {{path.basename}} as available
-# variables to the app template.
-#
-# Suppose the following git directory structure (note the use of different config tools):
-#
-# cluster-deployments
-# └── add-ons
-#     ├── argo-rollouts
-#     │   ├── all.yaml
-#     │   └── kustomization.yaml
-#     ├── argo-workflows
-#     │   └── install.yaml
-#     ├── grafana
-#     │   ├── Chart.yaml
-#     │   └── values.yaml
-#     └── prometheus-operator
-#         ├── Chart.yaml
-#         └── values.yaml
-#
-# The following ApplicationSet would produce four applications (in different namespaces),
-# using the directory basename as both the namespace and application name. 
-apiVersion: argoproj.io/v1alpha1
-kind: ApplicationSet
-metadata:
-  name: cluster-addons
-spec:
-  generators:
-  - git:
-      repoURL: https://github.com/infra-team/cluster-deployments.git
-      directories:
-      - path: add-ons/*
-  template:
-    metadata:
-      name: '{{path.basename}}'
-    spec:
-      source:
-        repoURL: https://github.com/infra-team/cluster-deployments.git
-        targetRevision: HEAD
-        path: '{{path}}'
-      destination:
-        server: http://kubernetes.default.svc
-        namespace: '{{path.basename}}'

applicationset/examples/design-doc/git-directory-discovery.yaml

@@ -1,46 +0,0 @@
-# This example demonstrates the git directory generator, which produces an items list 
-# based on discovery of directories in a git repo matching a specified pattern.
-# Git generators automatically provide {{path}} and {{path.basename}} as available
-# variables to the app template.
-#
-# Suppose the following git directory structure (note the use of different config tools):
-#
-# cluster-deployments
-# └── add-ons
-#     ├── argo-rollouts
-#     │   ├── all.yaml
-#     │   └── kustomization.yaml
-#     ├── argo-workflows
-#     │   └── install.yaml
-#     ├── grafana
-#     │   ├── Chart.yaml
-#     │   └── values.yaml
-#     └── prometheus-operator
-#         ├── Chart.yaml
-#         └── values.yaml
-#
-# The following ApplicationSet would produce four applications (in different namespaces),
-# using the directory basename as both the namespace and application name. 
-apiVersion: argoproj.io/v1alpha1
-kind: ApplicationSet
-metadata:
-  name: cluster-addons
-spec:
-  goTemplate: true
-  goTemplateOptions: ["missingkey=error"]
-  generators:
-  - git:
-      repoURL: https://github.com/infra-team/cluster-deployments.git
-      directories:
-      - path: add-ons/*
-  template:
-    metadata:
-      name: '{{.path.basename}}'
-    spec:
-      source:
-        repoURL: https://github.com/infra-team/cluster-deployments.git
-        targetRevision: HEAD
-        path: '{{.path.path}}'
-      destination:
-        server: http://kubernetes.default.svc
-        namespace: '{{.path.basename}}'

applicationset/examples/design-doc/git-files-discovery-fasttemplate.yaml

@@ -1,55 +0,0 @@
-# This example demonstrates a git file generator which traverses the directory structure of a git
-# repository to discover items based on a filename convention. For each file discovered, the
-# contents of the discovered files themselves, act as the set of inputs to the app template.
-#
-# Suppose the following git directory structure:
-#
-# cluster-deployments
-# ├── apps
-# │   └── guestbook
-# │       └── install.yaml
-# └── cluster-config
-#     ├── engineering
-#     │   ├── dev
-#     │   │   └── config.json
-#     │   └── prod
-#     │       └── config.json
-#     └── finance
-#         ├── dev
-#         │   └── config.json
-#         └── prod
-#             └── config.json
-#
-# The discovered files (e.g. config.json) files can be any structured data supplied to the
-# generated application. e.g.:
-# {
-#    "aws_account": "123456",
-#    "asset_id": "11223344"
-#    "cluster": {
-#        "owner": "Jesse_Suen@intuit.com",
-#        "name": "engineering-dev",
-#        "address": "http://1.2.3.4"
-#    }
-# }
-#
-apiVersion: argoproj.io/v1alpha1
-kind: ApplicationSet
-metadata:
-  name: guestbook
-spec:
-  generators:
-  - git:
-      repoURL: https://github.com/infra-team/cluster-deployments.git
-      files:
-      - path: "**/config.json"
-  template:
-    metadata:
-      name: '{{cluster.name}}-guestbook'
-    spec:
-      source:
-        repoURL: https://github.com/infra-team/cluster-deployments.git
-        targetRevision: HEAD
-        path: apps/guestbook
-      destination:
-        server: '{{cluster.address}}'
-        namespace: guestbook

applicationset/examples/design-doc/git-files-discovery.yaml

@@ -1,57 +0,0 @@
-# This example demonstrates a git file generator which traverses the directory structure of a git
-# repository to discover items based on a filename convention. For each file discovered, the
-# contents of the discovered files themselves, act as the set of inputs to the app template.
-#
-# Suppose the following git directory structure:
-#
-# cluster-deployments
-# ├── apps
-# │   └── guestbook
-# │       └── install.yaml
-# └── cluster-config
-#     ├── engineering
-#     │   ├── dev
-#     │   │   └── config.json
-#     │   └── prod
-#     │       └── config.json
-#     └── finance
-#         ├── dev
-#         │   └── config.json
-#         └── prod
-#             └── config.json
-#
-# The discovered files (e.g. config.json) files can be any structured data supplied to the
-# generated application. e.g.:
-# {
-#    "aws_account": "123456",
-#    "asset_id": "11223344"
-#    "cluster": {
-#        "owner": "Jesse_Suen@intuit.com",
-#        "name": "engineering-dev",
-#        "address": "http://1.2.3.4"
-#    }
-# }
-#
-apiVersion: argoproj.io/v1alpha1
-kind: ApplicationSet
-metadata:
-  name: guestbook
-spec:
-  goTemplate: true
-  goTemplateOptions: ["missingkey=error"]
-  generators:
-  - git:
-      repoURL: https://github.com/infra-team/cluster-deployments.git
-      files:
-      - path: "**/config.json"
-  template:
-    metadata:
-      name: '{{.cluster.name}}-guestbook'
-    spec:
-      source:
-        repoURL: https://github.com/infra-team/cluster-deployments.git
-        targetRevision: HEAD
-        path: apps/guestbook
-      destination:
-        server: '{{.cluster.address}}'
-        namespace: guestbook

applicationset/examples/design-doc/git-files-literal-fasttemplate.yaml

@@ -1,68 +0,0 @@
-# This example demonstrates a git file generator which produces its items based on one or
-# more files referenced in a git repo. The referenced files would contain a json/yaml list of
-# arbitrary structured objects. Each item of the list would become a set of parameters to a
-# generated application.
-#
-# Suppose the following git directory structure:
-#  
-# cluster-deployments
-# ├── apps
-# │   └── guestbook
-# │       ├── v1.0
-# │       │   └── install.yaml
-# │       └── v2.0
-# │           └── install.yaml
-# └── config
-#     └── clusters.json
-#
-# In this example, the `clusters.json` file is json list of structured data:
-# [
-#     {
-#         "account": "123456",
-#         "asset_id": "11223344",
-#         "cluster": {
-#             "owner": "Jesse_Suen@intuit.com",
-#             "name": "engineering-dev",
-#             "address": "http://1.2.3.4"
-#         },
-#         "appVersions": {
-#             "prometheus-operator": "v0.38",
-#             "guestbook": "v2.0"
-#         }
-#     },
-#     {
-#         "account": "456789",
-#         "asset_id": "55667788",
-#         "cluster": {
-#             "owner": "Alexander_Matyushentsev@intuit.com",
-#             "name": "engineering-prod",
-#             "address": "http://2.4.6.8"
-#         },
-#         "appVersions": {
-#             "prometheus-operator": "v0.38",
-#             "guestbook": "v1.0"
-#         }
-#     }
-# ]
-#
-apiVersion: argoproj.io/v1alpha1
-kind: ApplicationSet
-metadata:
-  name: guestbook
-spec:
-  generators:
-  - git:
-      repoURL: https://github.com/infra-team/cluster-deployments.git
-      files:
-      - path: config/clusters.json
-  template:
-    metadata:
-      name: '{{cluster.name}}-guestbook'
-    spec:
-      source:
-        repoURL: https://github.com/infra-team/cluster-deployments.git
-        targetRevision: HEAD
-        path: apps/guestbook/{{appVersions.guestbook}}
-      destination:
-        server: http://kubernetes.default.svc
-        namespace: guestbook

applicationset/examples/design-doc/git-files-literal.yaml

@@ -1,70 +0,0 @@
-# This example demonstrates a git file generator which produces its items based on one or
-# more files referenced in a git repo. The referenced files would contain a json/yaml list of
-# arbitrary structured objects. Each item of the list would become a set of parameters to a
-# generated application.
-#
-# Suppose the following git directory structure:
-#  
-# cluster-deployments
-# ├── apps
-# │   └── guestbook
-# │       ├── v1.0
-# │       │   └── install.yaml
-# │       └── v2.0
-# │           └── install.yaml
-# └── config
-#     └── clusters.json
-#
-# In this example, the `clusters.json` file is json list of structured data:
-# [
-#     {
-#         "account": "123456",
-#         "asset_id": "11223344",
-#         "cluster": {
-#             "owner": "Jesse_Suen@intuit.com",
-#             "name": "engineering-dev",
-#             "address": "http://1.2.3.4"
-#         },
-#         "appVersions": {
-#             "prometheus-operator": "v0.38",
-#             "guestbook": "v2.0"
-#         }
-#     },
-#     {
-#         "account": "456789",
-#         "asset_id": "55667788",
-#         "cluster": {
-#             "owner": "Alexander_Matyushentsev@intuit.com",
-#             "name": "engineering-prod",
-#             "address": "http://2.4.6.8"
-#         },
-#         "appVersions": {
-#             "prometheus-operator": "v0.38",
-#             "guestbook": "v1.0"
-#         }
-#     }
-# ]
-#
-apiVersion: argoproj.io/v1alpha1
-kind: ApplicationSet
-metadata:
-  name: guestbook
-spec:
-  goTemplate: true
-  goTemplateOptions: ["missingkey=error"]
-  generators:
-  - git:
-      repoURL: https://github.com/infra-team/cluster-deployments.git
-      files:
-      - path: config/clusters.json
-  template:
-    metadata:
-      name: '{{.cluster.name}}-guestbook'
-    spec:
-      source:
-        repoURL: https://github.com/infra-team/cluster-deployments.git
-        targetRevision: HEAD
-        path: apps/guestbook/{{.appVersions.guestbook}}
-      destination:
-        server: http://kubernetes.default.svc
-        namespace: guestbook

applicationset/examples/design-doc/list-fasttemplate.yaml

@@ -1,33 +0,0 @@
-# The list generator specifies a literal list of argument values to the app spec template.
-apiVersion: argoproj.io/v1alpha1
-kind: ApplicationSet
-metadata:
-  name: guestbook
-spec:
-  generators:
-  - list:
-      elements:
-      - cluster: engineering-dev
-        url: https://1.2.3.4
-        values:
-          project: dev
-      - cluster: engineering-prod
-        url: https://2.4.6.8
-        values:
-          project: prod
-      - cluster: finance-preprod
-        url: https://9.8.7.6
-        values:
-          project: preprod
-  template:
-    metadata:
-      name: '{{cluster}}-guestbook'
-    spec:
-      project: '{{values.project}}'
-      source:
-        repoURL: https://github.com/infra-team/cluster-deployments.git
-        targetRevision: HEAD
-        path: guestbook/{{cluster}}
-      destination:
-        server: '{{url}}'
-        namespace: guestbook

applicationset/examples/design-doc/list.yaml

@@ -1,35 +0,0 @@
-# The list generator specifies a literal list of argument values to the app spec template.
-apiVersion: argoproj.io/v1alpha1
-kind: ApplicationSet
-metadata:
-  name: guestbook
-spec:
-  goTemplate: true
-  goTemplateOptions: ["missingkey=error"]
-  generators:
-  - list:
-      elements:
-      - cluster: engineering-dev
-        url: https://1.2.3.4
-        values:
-          project: dev
-      - cluster: engineering-prod
-        url: https://2.4.6.8
-        values:
-          project: prod
-      - cluster: finance-preprod
-        url: https://9.8.7.6
-        values:
-          project: preprod
-  template:
-    metadata:
-      name: '{{.cluster}}-guestbook'
-    spec:
-      project: '{{.values.project}}'
-      source:
-        repoURL: https://github.com/infra-team/cluster-deployments.git
-        targetRevision: HEAD
-        path: guestbook/{{.cluster}}
-      destination:
-        server: '{{.url}}'
-        namespace: guestbook

applicationset/examples/design-doc/proposal/README.md

@@ -1,3 +0,0 @@
-# Proposal Examples
-This directory contains examples that are not yet implemented.
-They are part of the project to indicate future progress, and we are welcome any contribution that will add an implementation

applicationset/examples/design-doc/proposal/filters.yaml

@@ -1,48 +0,0 @@
-# For all generators, filters can be applied to reduce the generated items to a smaller subset.
-# A powerful set of filter expressions are supported using syntax provided by the
-# https://github.com/antonmedv/expr library. Examples expressions are demonstrated below
-apiVersion: argoproj.io/v1alpha1
-kind: ApplicationSet
-metadata:
-  name: guestbook
-spec:
-  generators:
-  # Match all clusters who meet ALL of the following conditions:
-  #  1. name matches the regex `sales-.*`
-  #  2. environment label is either 'staging' or 'prod'
-  - clusters:
-      filters:
-      - expr: '{{name}} matches "sales-.*"'
-      - expr: '{{metadata.labels.environment}} in [staging, prod]'
-      values:
-        version: '2.0.0'
-  # Filter items from `config/clusters.json` in the `cluster-deployments` git repo,
-  # to only those having the `cluster.enabled == true` property. e.g.:
-  # {
-  #    ...
-  #    "cluster": {
-  #        "enabled": true,
-  #        ...
-  #    }
-  # }
-  - git:
-      repoURL: https://github.com/infra-team/cluster-deployments.git
-      files:
-      - path: config/clusters.json
-      filters:
-      - expr: '{{cluster.enabled}} == true'
-  template:
-    metadata:
-      name: '{{name}}-guestbook'
-    spec:
-      source:
-        repoURL: https://github.com/infra-team/cluster-deployments.git
-        targetRevision: "{{values.version}}"
-        chart: guestbook
-        helm:
-          parameters:
-          - name: foo
-            value: "{{metadata.annotations.foo}}"
-      destination:
-        server: '{{server}}'
-        namespace: guestbook

applicationset/examples/design-doc/template-override-fasttemplate.yaml

@@ -1,48 +0,0 @@
-# App templates can also be defined as part of the generator's template stanza. Sometimes it is
-# useful to do this in order to override the spec.template stanza, and when simple string
-# parameterization are insufficient. In the below examples, the generators[].XXX.template is 
-# a partial definition, which overrides/patch the default template.
-apiVersion: argoproj.io/v1alpha1
-kind: ApplicationSet
-metadata:
-  name: guestbook
-spec:
-  generators:
-  - list:
-      elements:
-        - cluster: engineering-dev
-          url: https://1.2.3.4
-      template:
-        metadata: {}
-        spec:
-          project: "project"
-          source:
-            repoURL: https://github.com/infra-team/cluster-deployments.git
-            path: '{{cluster}}-override'
-          destination: {}
-
-  - list:
-      elements:
-        - cluster: engineering-prod
-          url: https://1.2.3.4
-      template:
-        metadata: {}
-        spec:
-          project: "project2"
-          source:
-            repoURL: https://github.com/infra-team/cluster-deployments.git
-            path: '{{cluster}}-override2'
-          destination: {}
-
-  template:
-    metadata:
-      name: '{{cluster}}-guestbook'
-    spec:
-      project: "project"
-      source:
-        repoURL: https://github.com/infra-team/cluster-deployments.git
-        targetRevision: HEAD
-        path: guestbook/{{cluster}}
-      destination:
-        server: '{{url}}'
-        namespace: guestbook

applicationset/examples/design-doc/template-override.yaml

@@ -1,50 +0,0 @@
-# App templates can also be defined as part of the generator's template stanza. Sometimes it is
-# useful to do this in order to override the spec.template stanza, and when simple string
-# parameterization are insufficient. In the below examples, the generators[].XXX.template is 
-# a partial definition, which overrides/patch the default template.
-apiVersion: argoproj.io/v1alpha1
-kind: ApplicationSet
-metadata:
-  name: guestbook
-spec:
-  goTemplate: true
-  goTemplateOptions: ["missingkey=error"]
-  generators:
-  - list:
-      elements:
-        - cluster: engineering-dev
-          url: https://1.2.3.4
-      template:
-        metadata: {}
-        spec:
-          project: "project"
-          source:
-            repoURL: https://github.com/infra-team/cluster-deployments.git
-            path: '{{.cluster}}-override'
-          destination: {}
-
-  - list:
-      elements:
-        - cluster: engineering-prod
-          url: https://1.2.3.4
-      template:
-        metadata: {}
-        spec:
-          project: "project2"
-          source:
-            repoURL: https://github.com/infra-team/cluster-deployments.git
-            path: '{{.cluster}}-override2'
-          destination: {}
-
-  template:
-    metadata:
-      name: '{{.cluster}}-guestbook'
-    spec:
-      project: "project"
-      source:
-        repoURL: https://github.com/infra-team/cluster-deployments.git
-        targetRevision: HEAD
-        path: guestbook/{{.cluster}}
-      destination:
-        server: '{{.url}}'
-        namespace: guestbook

applicationset/examples/git-generator-directory/cluster-addons/argo-workflows/kustomization.yaml

@@ -1,6 +0,0 @@
-#namePrefix: kustomize-
-
-resources:
-- https://github.com/argoproj/argo-workflows/releases/download/v3.4.0/namespace-install.yaml
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization

applicationset/examples/git-generator-directory/cluster-addons/prometheus-operator/Chart.yaml

@@ -1,14 +0,0 @@
-apiVersion: v2
-name: helm-prometheus-operator
-
-type: application
-
-# This is the chart version. This version number should be incremented each time you make changes
-# to the chart and its templates, including the app version.
-# Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.0
-
-# This is the version number of the application being deployed. This version number should be
-# incremented each time you make changes to the application. Versions are not expected to
-# follow Semantic Versioning. They should reflect the version the application is using.
-appVersion: "1.0"

applicationset/examples/git-generator-directory/cluster-addons/prometheus-operator/requirements.yaml

@@ -1,4 +0,0 @@
-dependencies:
-- name: kube-prometheus-stack
-  version: 40.5.0
-  repository: https://prometheus-community.github.io/helm-charts

applicationset/examples/git-generator-directory/cluster-addons/prometheus-operator/values.yaml

@@ -1 +0,0 @@
-# Blank values.yaml

applicationset/examples/git-generator-directory/excludes/cluster-addons/argo-workflows/kustomization.yaml

@@ -1,6 +0,0 @@
-#namePrefix: kustomize-
-
-resources:
-- https://github.com/argoproj/argo-workflows/releases/download/v3.4.0/namespace-install.yaml
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization

applicationset/examples/git-generator-directory/excludes/cluster-addons/exclude-helm-guestbook/Chart.yaml

@@ -1,23 +0,0 @@
-apiVersion: v2
-name: helm-guestbook
-description: A Helm chart for Kubernetes
-
-# A chart can be either an 'application' or a 'library' chart.
-#
-# Application charts are a collection of templates that can be packaged into versioned archives
-# to be deployed.
-#
-# Library charts provide useful utilities or functions for the chart developer. They're included as
-# a dependency of application charts to inject those utilities and functions into the rendering
-# pipeline. Library charts do not define any templates and therefore cannot be deployed.
-type: application
-
-# This is the chart version. This version number should be incremented each time you make changes
-# to the chart and its templates, including the app version.
-# Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.0
-
-# This is the version number of the application being deployed. This version number should be
-# incremented each time you make changes to the application. Versions are not expected to
-# follow Semantic Versioning. They should reflect the version the application is using.
-appVersion: "1.0"

applicationset/examples/git-generator-directory/excludes/cluster-addons/exclude-helm-guestbook/templates/NOTES.txt

@@ -1,19 +0,0 @@
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
-  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ . }}{{ $.Values.ingress.path }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
-  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "helm-guestbook.fullname" . }})
-  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
-  echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
-     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
-           You can watch the status of by running 'kubectl get svc -w {{ template "helm-guestbook.fullname" . }}'
-  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "helm-guestbook.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
-  echo http://$SERVICE_IP:{{ .Values.service.port }}
-{{- else if contains "ClusterIP" .Values.service.type }}
-  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "helm-guestbook.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
-  echo "Visit http://127.0.0.1:8080 to use your application"
-  kubectl port-forward $POD_NAME 8080:80
-{{- end }}