Bump version to 2.6.9

fix(ui): Patch Resource missing appNamespace (#13839 ) (#13841 )
2026-03-09 01:48:49 +01:00 · 2023-06-05 18:44:10 +00:00 · 2023-06-05 18:44:04 +00:00 · 2023-06-01 09:58:09 -04:00 · 2023-06-01 09:56:24 -04:00 · 2023-05-29 10:23:55 -04:00
545 changed files with 30028 additions and 43184 deletions
--- a/.dockerignore
+++ b/.dockerignore
@@ -11,17 +11,3 @@ cmd/**/debug
 debug.test
 coverage.out
 ui/node_modules/
-test-results/
-test/
-manifests/
-hack/
-docs/
-examples/
-.github/
-!test/fixture
-!test/container
-!hack/installers
-!hack/gpg-wrapper.sh
-!hack/git-verify-wrapper.sh
-!hack/tool-versions.sh
-!hack/install.sh
--- a/.github/cherry-pick-bot.yml
+++ b/.github/cherry-pick-bot.yml
@@ -1,3 +0,0 @@
-enabled: true
-preservePullRequestTitle: true
-
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -16,28 +16,3 @@ updates:
    directory: "/ui/"
    schedule:
      interval: "daily"
-
-  - package-ecosystem: "docker"
-    directory: "/"
-    schedule:
-      interval: "daily"
-
-  - package-ecosystem: "docker"
-    directory: "/test/container/"
-    schedule:
-      interval: "daily"
-
-  - package-ecosystem: "docker"
-    directory: "/test/e2e/multiarch-container/"
-    schedule:
-      interval: "daily"
-
-  - package-ecosystem: "docker"
-    directory: "/test/remote/"
-    schedule:
-      interval: "daily"
-
-  - package-ecosystem: "docker"
-    directory: "/ui-test/"
-    schedule:
-      interval: "daily"
--- a/.github/pull_request_template.md
+++ b/.github/pull_request_template.md
@@ -11,10 +11,7 @@ Checklist:
 * [ ] Does this PR require documentation updates?
 * [ ] I've updated documentation as required by this PR.
 * [ ] Optional. My organization is added to USERS.md.
-* [ ] I have signed off all my commits as required by [DCO](https://github.com/argoproj/argoproj/blob/master/community/CONTRIBUTING.md#legal)
+* [ ] I have signed off all my commits as required by [DCO](https://github.com/argoproj/argoproj/tree/master/community#contributing-to-argo)
 * [ ] I have written unit and/or e2e tests for my change. PRs without these are unlikely to be merged.
 * [ ] My build is green ([troubleshooting builds](https://argo-cd.readthedocs.io/en/latest/developer-guide/ci/)). 
-* [ ] My new feature complies with the [feature status](https://github.com/argoproj/argoproj/blob/master/community/feature-status.md) guidelines.
-* [ ] I have added a brief description of why this PR is necessary and/or what this PR solves.

-Please see [Contribution FAQs](https://argo-cd.readthedocs.io/en/latest/developer-guide/faq/) if you have questions about your pull-request.
--- a/.github/workflows/README.md
+++ b/.github/workflows/README.md
@@ -1,38 +0,0 @@
-# Workflows
-
-| Workflow           | Description                                                    |
-|--------------------|----------------------------------------------------------------|
-| ci-build.yaml      | Build, lint, test, codegen, build-ui, analyze, e2e-test        |
-| codeql.yaml        | CodeQL analysis                                                |
-| image-reuse.yaml   | Build, push, and Sign container images                         |
-| image.yaml         | Build container image for PR's & publish for push events       |
-| pr-title-check.yaml| Lint PR for semantic information                               |
-| init-release.yaml  | Build manifests and version then create a PR for release branch|
-| release.yaml       | Build images, cli-binaries, provenances, and post actions      |
-| update-snyk.yaml   | Scheduled snyk reports                                         |
-
-# Reusable workflows
-
-## image-reuse.yaml
-
- The resuable workflow can be used to publish or build images with multiple container registries(Quay,GHCR, dockerhub), and then sign them with cosign when an image is published.
- A GO version `must` be specified e.g. 1.20
- The image name for each registry *must* contain the tag. Note: multiple tags are allowed for each registry using a CSV type.
- Multiple platforms can be specified e.g. linux/amd64,linux/arm64
- Images are not published by default. A boolean value must be set to `true` to push images.
- An optional target can be specified.
-
-| Inputs            | Description                         | Type        | Required | Defaults        |
-|-------------------|-------------------------------------|-------------|----------|-----------------|
-| go-version        | Version of Go to be used            | string      | true     | none            |
-| quay_image_name   | Full image name and tag             | CSV, string | false    | none            |
-| ghcr_image_name   | Full image name and tag             | CSV, string | false    | none            |
-| docker_image_name | Full image name and tag             | CSV, string | false    | none            |
-| platforms         | Platforms to build (linux/amd64)    | CSV, string | false    | linux/amd64     |
-| push              | Whether to push image/s to registry | boolean     | false    | false           |
-| target            | Target build stage                  | string      | false    | none            |
-
-| Outputs     | Description                              | Type  |
-|-------------|------------------------------------------|-------|
-|image-digest | Image digest of image container created  | string|
-
--- a/.github/workflows/ci-build.yaml
+++ b/.github/workflows/ci-build.yaml
@@ -13,7 +13,7 @@ on:

 env:
  # Golang version to use across CI steps
-  GOLANG_VERSION: '1.20'
+  GOLANG_VERSION: '1.19.7'

 concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
@@ -78,7 +78,7 @@ jobs:
      - name: Run golangci-lint
        uses: golangci/golangci-lint-action@0ad9a0988b3973e851ab0a07adf248ec2e100376 # v3.3.1
        with:
-          version: v1.51.0
+          version: v1.46.2
          args: --timeout 10m --exclude SA5011 --verbose

  test-go:
@@ -267,7 +267,7 @@ jobs:
      - name: Setup NodeJS
        uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
        with:
-          node-version: '18.15.0'
+          node-version: '12.18.4'
      - name: Restore node dependency cache
        id: cache-dependencies
        uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1
@@ -361,7 +361,7 @@ jobs:
    runs-on: ubuntu-22.04
    strategy:
      matrix:
-        k3s-version: [v1.26.0, v1.25.4, v1.24.3, v1.23.3]
+        k3s-version: [v1.24.3, v1.23.3, v1.22.6]
    needs: 
      - build-go
    env:
@@ -425,9 +425,9 @@ jobs:
          git config --global user.email "john.doe@example.com"
      - name: Pull Docker image required for tests
        run: |
-          docker pull ghcr.io/dexidp/dex:v2.37.0
+          docker pull ghcr.io/dexidp/dex:v2.36.0
          docker pull argoproj/argo-cd-ci-builder:v1.0.0
-          docker pull redis:7.0.14-alpine
+          docker pull redis:7.0.11-alpine
      - name: Create target directory for binaries in the build-process
        run: |
          mkdir -p dist
--- a/.github/workflows/image-reuse.yaml
+++ b/.github/workflows/image-reuse.yaml
@@ -1,151 +0,0 @@
-name: Publish and Sign Container Image
-on:
-  workflow_call:
-    inputs:
-      go-version:
-        required: true
-        type: string
-      quay_image_name:
-        required: false
-        type: string
-      ghcr_image_name:
-        required: false
-        type: string
-      docker_image_name:
-        required: false
-        type: string
-      platforms:
-        required: true
-        type: string
-        default: linux/amd64
-      push:
-        required: true
-        type: boolean
-        default: false
-      target:
-        required: false
-        type: string
-
-    secrets:
-      quay_username:
-        required: false
-      quay_password:
-        required: false
-      ghcr_username:
-        required: false
-      ghcr_password:
-        required: false
-      docker_username:
-        required: false
-      docker_password:
-        required: false
-
-    outputs:
-      image-digest:
-        description: "sha256 digest of container image"
-        value: ${{ jobs.publish.outputs.image-digest }}
-
-permissions: {}
-
-jobs:
-  publish:
-    permissions:
-      contents: read
-      packages: write # Used to push images to `ghcr.io` if used.
-      id-token: write # Needed to create an OIDC token for keyless signing
-    runs-on: ubuntu-22.04
-    outputs:
-      image-digest: ${{ steps.image.outputs.digest }}
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.3.0
-        with:
-          fetch-depth: 0
-          token: ${{ secrets.GITHUB_TOKEN }}
-        if: ${{ github.ref_type == 'tag'}}
-
-      - name: Checkout code
-        uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
-        if: ${{ github.ref_type != 'tag'}}
-
-      - name: Setup Golang
-        uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0
-        with:
-          go-version: ${{ inputs.go-version }}
-
-      - name: Install cosign
-        uses: sigstore/cosign-installer@e1523de7571e31dbe865fd2e80c5c7c23ae71eb4 # v3.4.0
-
-      - uses: docker/setup-qemu-action@e81a89b1732b9c48d79cd809d8d81d79c4647a18 # v2.1.0
-      - uses: docker/setup-buildx-action@4b4e9c3e2d4531116a6f8ba8e71fc6e2cb6e6c8c # v2.5.0
-
-      - name: Setup tags for container image as a CSV type
-        run: |
-          IMAGE_TAGS=$(for str in \
-            ${{ inputs.quay_image_name }} \
-            ${{ inputs.ghcr_image_name }} \
-            ${{ inputs.docker_image_name}}; do
-            echo -n "${str}",;done | sed 's/,$//')
-
-          echo $IMAGE_TAGS
-          echo "TAGS=$IMAGE_TAGS" >> $GITHUB_ENV
-
-      - name: Setup image namespace for signing, strip off the tag
-        run: |
-          TAGS=$(for tag in \
-            ${{ inputs.quay_image_name }} \
-            ${{ inputs.ghcr_image_name }} \
-            ${{ inputs.docker_image_name}}; do
-            echo -n "${tag}" | awk -F ":" '{print $1}' -;done)
-          
-            echo $TAGS
-            echo 'SIGNING_TAGS<<EOF' >> $GITHUB_ENV
-            echo $TAGS >> $GITHUB_ENV
-            echo 'EOF' >> $GITHUB_ENV
-
-      - name: Login to Quay.io
-        uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # v2.1.0
-        with:
-          registry: quay.io
-          username: ${{ secrets.quay_username }}
-          password: ${{ secrets.quay_password }}
-        if: ${{ inputs.quay_image_name && inputs.push }}
-
-      - name: Login to GitHub Container Registry
-        uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # v2.1.0
-        with:
-          registry: ghcr.io
-          username: ${{ secrets.ghcr_username }}
-          password: ${{ secrets.ghcr_password }}
-        if: ${{ inputs.ghcr_image_name && inputs.push }}
-
-      - name: Login to dockerhub Container Registry
-        uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # v2.1.0
-        with:
-          username: ${{ secrets.docker_username }}
-          password: ${{ secrets.docker_password }}
-        if: ${{ inputs.docker_image_name && inputs.push }}
-
-      - name: Build and push container image
-        id: image
-        uses: docker/build-push-action@3b5e8027fcad23fda98b2e3ac259d8d67585f671 #v4.0.0
-        with:
-          context: .
-          platforms: ${{ inputs.platforms }}
-          push: ${{ inputs.push }}
-          tags: ${{ env.TAGS }}
-          target: ${{ inputs.target }}
-          provenance: false
-          sbom: false
- 
-      - name: Sign container images
-        run: |
-          for signing_tag in $SIGNING_TAGS; do
-            cosign sign \
-            -a "repo=${{ github.repository }}" \
-            -a "workflow=${{ github.workflow }}" \
-            -a "sha=${{ github.sha }}" \
-            -y \
-            "$signing_tag"@${{ steps.image.outputs.digest }}
-          done
-        if: ${{ inputs.push }}
--- a/.github/workflows/image.yaml
+++ b/.github/workflows/image.yaml
@@ -9,108 +9,97 @@ on:
      - master
    types: [ labeled, unlabeled, opened, synchronize, reopened ]

+env:
+  GOLANG_VERSION: '1.19.7'
+
 concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

-permissions: {}
+permissions:
+  contents: read

 jobs:
-  set-vars:
+  publish:
    permissions:
-      contents: read
+      contents: write  # for git to push upgrade commit if not already deployed
+      packages: write  # for pushing packages to GHCR, which is used by cd.apps.argoproj.io to avoid polluting Quay with tags
    if: github.repository == 'argoproj/argo-cd'
    runs-on: ubuntu-22.04
-    outputs:
-      image-tag: ${{ steps.image.outputs.tag}}
-      platforms: ${{ steps.platforms.outputs.platforms }}
+    env:
+      GOPATH: /home/runner/work/argo-cd/argo-cd
    steps:
+      - uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v4.0.0
+        with:
+          go-version: ${{ env.GOLANG_VERSION }}
      - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0
+        with:
+          path: src/github.com/argoproj/argo-cd

-      - name: Set image tag for ghcr
-        run: echo "tag=$(cat ./VERSION)-${GITHUB_SHA::8}" >> $GITHUB_OUTPUT
+      # get image tag
+      - run: echo "tag=$(cat ./VERSION)-${GITHUB_SHA::8}" >> $GITHUB_OUTPUT
+        working-directory: ./src/github.com/argoproj/argo-cd
        id: image

-      - name: Determine image platforms to use
-        id: platforms
-        run: |
+      # login
+      - run: |
+          docker login ghcr.io --username $USERNAME --password-stdin <<< "$PASSWORD"
+          docker login quay.io --username "$DOCKER_USERNAME" --password-stdin <<< "$DOCKER_TOKEN"
+        if: github.event_name == 'push'
+        env:
+          USERNAME: ${{ github.actor }}
+          PASSWORD: ${{ secrets.GITHUB_TOKEN }}
+          DOCKER_USERNAME: ${{ secrets.RELEASE_QUAY_USERNAME }}
+          DOCKER_TOKEN: ${{ secrets.RELEASE_QUAY_TOKEN }}
+
+      # build
+      - uses: docker/setup-qemu-action@e81a89b1732b9c48d79cd809d8d81d79c4647a18 # v2.1.0
+      - uses: docker/setup-buildx-action@f03ac48505955848960e80bbb68046aa35c7b9e7 # v2.4.1
+      - run: |
          IMAGE_PLATFORMS=linux/amd64
-          if [[ "${{ github.event_name }}" == "push" || "${{ contains(github.event.pull_request.labels.*.name, 'test-multi-image') }}" == "true" ]]
+          if [[ "${{ github.event_name }}" == "push" || "${{ contains(github.event.pull_request.labels.*.name, 'test-arm-image') }}" == "true" ]]
          then
            IMAGE_PLATFORMS=linux/amd64,linux/arm64,linux/s390x,linux/ppc64le
          fi
          echo "Building image for platforms: $IMAGE_PLATFORMS"
-          echo "platforms=$IMAGE_PLATFORMS" >> $GITHUB_OUTPUT
+          docker buildx build --platform $IMAGE_PLATFORMS --sbom=false --provenance=false --push="${{ github.event_name == 'push' }}" \
+            -t ghcr.io/argoproj/argo-cd/argocd:${{ steps.image.outputs.tag }} \
+            -t quay.io/argoproj/argocd:latest .
+        working-directory: ./src/github.com/argoproj/argo-cd

-  build-only:
-    needs: [set-vars]
-    permissions:
-      contents: read
-      packages: write  # for pushing packages to GHCR, which is used by cd.apps.argoproj.io to avoid polluting Quay with tags
-      id-token: write # for creating OIDC tokens for signing.
-    if: ${{ github.repository == 'argoproj/argo-cd' && github.event_name != 'push' }}
-    uses: ./.github/workflows/image-reuse.yaml
-    with:
-      # Note: cannot use env variables to set go-version (https://docs.github.com/en/actions/using-workflows/reusing-workflows#limitations)
-      go-version: 1.20
-      platforms: ${{ needs.set-vars.outputs.platforms }}
-      push: false
+      # sign container images
+      - name: Install cosign
+        uses: sigstore/cosign-installer@c3667d99424e7e6047999fb6246c0da843953c65 # v3.0.1
+        with:
+          cosign-release: 'v1.13.1'

-  build-and-publish:
-    needs: [set-vars]
-    permissions:
-      contents: read
-      packages: write  # for pushing packages to GHCR, which is used by cd.apps.argoproj.io to avoid polluting Quay with tags
-      id-token: write # for creating OIDC tokens for signing.
-    if: ${{ github.repository == 'argoproj/argo-cd' && github.event_name == 'push' }}
-    uses: ./.github/workflows/image-reuse.yaml
-    with:
-      quay_image_name: quay.io/argoproj/argocd:latest
-      ghcr_image_name: ghcr.io/argoproj/argo-cd/argocd:${{ needs.set-vars.outputs.image-tag }}
-      # Note: cannot use env variables to set go-version (https://docs.github.com/en/actions/using-workflows/reusing-workflows#limitations)
-      go-version: 1.20
-      platforms: ${{ needs.set-vars.outputs.platforms }}
-      push: true
-    secrets:
-      quay_username: ${{ secrets.RELEASE_QUAY_USERNAME }}
-      quay_password: ${{ secrets.RELEASE_QUAY_TOKEN }}
-      ghcr_username: ${{ github.actor }}
-      ghcr_password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Install crane to get digest of image
+        uses: imjasonh/setup-crane@00c9e93efa4e1138c9a7a5c594acd6c75a2fbf0c

-  build-and-publish-provenance:
-    needs: [build-and-publish]
-    permissions:
-      actions: read # for detecting the Github Actions environment.
-      id-token: write # for creating OIDC tokens for signing.
-      packages: write # for uploading attestations. (https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/container/README.md#known-issues)
-    if: ${{ github.repository == 'argoproj/argo-cd' && github.event_name == 'push' }}
-    # Must be refernced by a tag. https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/container/README.md#referencing-the-slsa-generator
-    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v1.10.0
-    with:
-      image: quay.io/argoproj/argocd
-      digest: ${{ needs.build-and-publish.outputs.image-digest }}
-    secrets:
-      registry-username: ${{ secrets.RELEASE_QUAY_USERNAME }}
-      registry-password: ${{ secrets.RELEASE_QUAY_TOKEN }}
+      - name: Get digest of image
+        run: |
+          echo "IMAGE_DIGEST=$(crane digest quay.io/argoproj/argocd:latest)" >> $GITHUB_ENV

-  Deploy:
-    needs:
-      - build-and-publish
-      - set-vars
-    permissions:
-      contents: write  # for git to push upgrade commit if not already deployed
-      packages: write  # for pushing packages to GHCR, which is used by cd.apps.argoproj.io to avoid polluting Quay with tags
-    if: ${{ github.repository == 'argoproj/argo-cd' && github.event_name == 'push' }}
-    runs-on: ubuntu-22.04
-    steps:
-      - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
+      - name: Sign Argo CD latest image
+        run: |
+          cosign sign --key env://COSIGN_PRIVATE_KEY quay.io/argoproj/argocd@${{ env.IMAGE_DIGEST }}
+          # Displays the public key to share.
+          cosign public-key --key env://COSIGN_PRIVATE_KEY
+        env:
+          COSIGN_PRIVATE_KEY: ${{secrets.COSIGN_PRIVATE_KEY}}
+          COSIGN_PASSWORD: ${{secrets.COSIGN_PASSWORD}}
+        if: ${{ github.event_name == 'push' }}
+
+      # deploy
      - run: git clone "https://$TOKEN@github.com/argoproj/argoproj-deployments"
+        if: github.event_name == 'push'
        env:
          TOKEN: ${{ secrets.TOKEN }}
      - run: |
-          docker run -u $(id -u):$(id -g) -v $(pwd):/src -w /src --rm -t ghcr.io/argoproj/argo-cd/argocd:${{ needs.set-vars.outputs.image-tag }} kustomize edit set image quay.io/argoproj/argocd=ghcr.io/argoproj/argo-cd/argocd:${{ needs.set-vars.outputs.image-tag }}
+          docker run -u $(id -u):$(id -g) -v $(pwd):/src -w /src --rm -t ghcr.io/argoproj/argo-cd/argocd:${{ steps.image.outputs.tag }} kustomize edit set image quay.io/argoproj/argocd=ghcr.io/argoproj/argo-cd/argocd:${{ steps.image.outputs.tag }}
          git config --global user.email 'ci@argoproj.com'
          git config --global user.name 'CI'
-          git diff --exit-code && echo 'Already deployed' || (git commit -am 'Upgrade argocd to ${{ needs.set-vars.outputs.image-tag }}' && git push)
+          git diff --exit-code && echo 'Already deployed' || (git commit -am 'Upgrade argocd to ${{ steps.image.outputs.tag }}' && git push)
+        if: github.event_name == 'push'
        working-directory: argoproj-deployments/argocd
-
+      # TODO: clean up old images once github supports it: https://github.community/t5/How-to-use-Git-and-GitHub/Deleting-images-from-GitHub-Package-Registry/m-p/41202/thread-id/9811
--- a/.github/workflows/init-release.yaml
+++ b/.github/workflows/init-release.yaml
@@ -1,70 +0,0 @@
-name: Init ArgoCD Release
-on:
-  workflow_dispatch:
-    inputs:
-      TARGET_BRANCH:
-        description: 'TARGET_BRANCH to checkout (e.g. release-2.5)'
-        required: true
-        type: string
-
-      TARGET_VERSION:
-        description: 'TARGET_VERSION to build manifests (e.g. 2.5.0-rc1) Note: the `v` prefix is not used'
-        required: true
-        type: string
-
-permissions: {}
-
-jobs:
-  prepare-release:
-    permissions:
-      contents: write  # for peter-evans/create-pull-request to create branch
-      pull-requests: write  # for peter-evans/create-pull-request to create a PR
-    name: Automatically generate version and manifests on ${{ inputs.TARGET_BRANCH }}
-    runs-on: ubuntu-22.04
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b  # v3.2.0
-        with:
-          fetch-depth: 0
-          token: ${{ secrets.GITHUB_TOKEN }}
-          ref: ${{ inputs.TARGET_BRANCH }}
-
-      - name: Check if TARGET_VERSION is well formed.
-        run: |
-          set -xue
-          # Target version must not contain 'v' prefix
-          if echo "${{ inputs.TARGET_VERSION }}" | grep -e '^v'; then
-            echo "::error::Target version '${{ inputs.TARGET_VERSION }}' should not begin with a 'v' prefix, refusing to continue." >&2
-            exit 1
-          fi
-
-      - name: Create VERSION information
-        run: |
-          set -ue
-          echo "Bumping version from $(cat VERSION) to ${{ inputs.TARGET_VERSION }}"
-          echo "${{ inputs.TARGET_VERSION }}" > VERSION
-
-        # We install kustomize in the dist directory
-      - name: Add dist to PATH
-        run: |
-          echo "/home/runner/work/argo-cd/argo-cd/dist" >> $GITHUB_PATH
-
-      - name: Generate new set of manifests
-        run: |
-          set -ue
-          make install-codegen-tools-local
-          make manifests-local VERSION=${{ inputs.TARGET_VERSION }}
-          git diff
-
-      - name: Create pull request
-        uses: peter-evans/create-pull-request@38e0b6e68b4c852a5500a94740f0e535e0d7ba54  # v4.2.4
-        with:
-          commit-message: "Bump version to ${{ inputs.TARGET_VERSION }}"
-          title: "Bump version to ${{ inputs.TARGET_VERSION }} on ${{ inputs.TARGET_BRANCH }} branch"
-          body: Updating VERSION and manifests to ${{ inputs.TARGET_VERSION }}
-          branch: update-version
-          branch-suffix: random
-          signoff: true
-          labels: release
-
-
--- a/.github/workflows/pr-title-check.yml
+++ b/.github/workflows/pr-title-check.yml
@@ -1,41 +0,0 @@
-name: "Lint PR"
-
-on:
-  pull_request_target:
-    types:
-      - opened
-      - edited
-      - synchronize
-
-# IMPORTANT: No checkout actions, scripts, or builds should be added to this workflow. Permissions should always be used
-# with extreme caution.
-permissions:
-  contents: read
-
-# PR updates can happen in quick succession leading to this
-# workflow being trigger a number of times. This limits it
-# to one run per PR.
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-
-jobs:
-  main:
-    permissions:
-      pull-requests: read  # for amannn/action-semantic-pull-request to analyze PRs
-      statuses: write  # for amannn/action-semantic-pull-request to mark status of analyzed PR
-    name: Validate PR title
-    runs-on: ubuntu-latest
-    steps:
-      # IMPORTANT: Carefully review changes when updating this action. Using the pull_request_target event requires caution.
-      - uses: amannn/action-semantic-pull-request@b6bca70dcd3e56e896605356ce09b76f7e1e0d39 # v5.1.0
-        with:
-          types: |
-            feat
-            fix
-            docs
-            test
-            ci
-            chore
-            [Bot] docs
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -1,62 +1,46 @@
-name: Publish ArgoCD Release
+name: Create ArgoCD release
 on:
  push:
    tags:
-      - 'v*'
-      - '!v2.4*'
-      - '!v2.5*'
-      - '!v2.6*'
-
-permissions: {}
+      - "release-v*"
+      - "!release-v1.5*"
+      - "!release-v1.4*"
+      - "!release-v1.3*"
+      - "!release-v1.2*"
+      - "!release-v1.1*"
+      - "!release-v1.0*"
+      - "!release-v0*"

 env:
-  GOLANG_VERSION: '1.20' # Note: go-version must also be set in job argocd-image.with.go-version
+  GOLANG_VERSION: '1.19.7'
+
+permissions:
+  contents: read

 jobs:
-  argocd-image:
+  prepare-release:
    permissions:
-      contents: read
-      id-token: write # for creating OIDC tokens for signing.
-      packages: write # used to push images to `ghcr.io` if used.
-    if: github.repository == 'argoproj/argo-cd'
-    uses: ./.github/workflows/image-reuse.yaml
-    with:
-      quay_image_name: quay.io/argoproj/argocd:${{ github.ref_name }}
-      # Note: cannot use env variables to set go-version (https://docs.github.com/en/actions/using-workflows/reusing-workflows#limitations)
-      go-version: 1.20
-      platforms: linux/amd64,linux/arm64,linux/s390x,linux/ppc64le
-      push: true
-    secrets:
-      quay_username: ${{ secrets.RELEASE_QUAY_USERNAME }}
-      quay_password: ${{ secrets.RELEASE_QUAY_TOKEN }}
-
-  argocd-image-provenance:
-      needs: [argocd-image]
-      permissions:
-        actions: read # for detecting the Github Actions environment.
-        id-token: write # for creating OIDC tokens for signing.
-        packages: write # for uploading attestations. (https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/container/README.md#known-issues)
-      # Must be refernced by a tag. https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/container/README.md#referencing-the-slsa-generator
-      if: github.repository == 'argoproj/argo-cd'
-      uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v1.10.0
-      with:
-        image: quay.io/argoproj/argocd
-        digest: ${{ needs.argocd-image.outputs.image-digest }}
-      secrets:
-        registry-username: ${{ secrets.RELEASE_QUAY_USERNAME }}
-        registry-password: ${{ secrets.RELEASE_QUAY_TOKEN }}
-
-  goreleaser:
-    needs:
-      - argocd-image
-      - argocd-image-provenance
-    permissions:
-      contents: write # used for uploading assets
+      contents: write # To push changes to release branch
+    name: Perform automatic release on trigger ${{ github.ref }}
    if: github.repository == 'argoproj/argo-cd'
    runs-on: ubuntu-22.04
-    outputs:
-      hashes: ${{ steps.hash.outputs.hashes }}
-
+    env:
+      # The name of the tag as supplied by the GitHub event
+      SOURCE_TAG: ${{ github.ref }}
+      # The image namespace where Docker image will be published to
+      IMAGE_NAMESPACE: quay.io/argoproj
+      # Whether to create & push image and release assets
+      DRY_RUN: false
+      # Whether a draft release should be created, instead of public one
+      DRAFT_RELEASE: false
+      # Whether to update homebrew with this release as well
+      # Set RELEASE_HOMEBREW_TOKEN secret in repository for this to work - needs
+      # access to public repositories
+      UPDATE_HOMEBREW: false
+      # Name of the GitHub user for Git config
+      GIT_USERNAME: argo-bot
+      # E-Mail of the GitHub user for Git config
+      GIT_EMAIL: argoproj@gmail.com
    steps:
      - name: Checkout code
        uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0
@@ -64,94 +48,223 @@ jobs:
          fetch-depth: 0
          token: ${{ secrets.GITHUB_TOKEN }}

-      - name: Fetch all tags
-        run: git fetch --force --tags
-
-      - name: Set GORELEASER_PREVIOUS_TAG # Workaround, GoReleaser uses 'git-describe' to determine a previous tag. Our tags are created in realease branches.
+      - name: Check if the published tag is well formed and setup vars
        run: |
          set -xue
-          if echo ${{ github.ref_name }} | grep -E -- '-rc1+$';then
-            echo "GORELEASER_PREVIOUS_TAG=$(git -c 'versionsort.suffix=-rc' tag --list --sort=version:refname | tail -n 2 | head -n 1)" >> $GITHUB_ENV
-          else
-            echo "This is not the first release on the branch, Using GoReleaser defaults"
+          # Target version must match major.minor.patch and optional -rcX suffix
+          # where X must be a number.
+          TARGET_VERSION=${SOURCE_TAG#*release-v}
+          if ! echo "${TARGET_VERSION}" | egrep '^[0-9]+\.[0-9]+\.[0-9]+(-rc[0-9]+)*$'; then
+            echo "::error::Target version '${TARGET_VERSION}' is malformed, refusing to continue." >&2
+            exit 1
          fi

+          # Target branch is the release branch we're going to operate on
+          # Its name is 'release-<major>.<minor>'
+          TARGET_BRANCH="release-${TARGET_VERSION%\.[0-9]*}"
+
+          # The release tag is the source tag, minus the release- prefix
+          RELEASE_TAG="${SOURCE_TAG#*release-}"
+
+          # Whether this is a pre-release (indicated by -rc suffix)
+          PRE_RELEASE=false
+          if echo "${RELEASE_TAG}" | egrep -- '-rc[0-9]+$'; then
+            PRE_RELEASE=true
+          fi
+
+          # We must not have a release trigger within the same release branch,
+          # because that means a release for this branch is already running.
+          if git tag -l | grep "release-v${TARGET_VERSION%\.[0-9]*}" | grep -v "release-v${TARGET_VERSION}"; then
+            echo "::error::Another release for branch ${TARGET_BRANCH} is currently in progress."
+            exit 1
+          fi
+
+          # Ensure that release do not yet exist
+          if git rev-parse ${RELEASE_TAG}; then
+            echo "::error::Release tag ${RELEASE_TAG} already exists in repository. Refusing to continue."
+            exit 1
+          fi
+
+          # Make the variables available in follow-up steps
+          echo "TARGET_VERSION=${TARGET_VERSION}" >> $GITHUB_ENV
+          echo "TARGET_BRANCH=${TARGET_BRANCH}" >> $GITHUB_ENV
+          echo "RELEASE_TAG=${RELEASE_TAG}" >> $GITHUB_ENV
+          echo "PRE_RELEASE=${PRE_RELEASE}" >> $GITHUB_ENV
+
+      - name: Check if our release tag has a correct annotation
+        run: |
+          set -ue
+          # Fetch all tag information as well
+          git fetch --prune --tags --force
+
+          echo "=========== BEGIN COMMIT MESSAGE ============="
+          git show ${SOURCE_TAG}
+          echo "============ END COMMIT MESSAGE =============="
+
+          # Quite dirty hack to get the release notes from the annotated tag
+          # into a temporary file.
+          RELEASE_NOTES=$(mktemp -p /tmp release-notes.XXXXXX)
+
+          prefix=true
+          begin=false
+          git show ${SOURCE_TAG} | while read line; do
+            # Whatever is in commit history for the tag, we only want that
+            # annotation from our tag. We discard everything else.
+            if test "$begin" = "false"; then
+              if echo "$line" | grep -q "tag ${SOURCE_TAG#refs/tags/}"; then begin="true"; fi
+              continue
+            fi
+            if test "$prefix" = "true"; then
+                  if test -z "$line"; then prefix=false; fi
+            else
+                  if echo "$line" | egrep -q '^commit [0-9a-f]+'; then
+                          break
+                  fi
+                  echo "$line" >> ${RELEASE_NOTES}
+            fi
+          done
+
+          # For debug purposes
+          echo "============BEGIN RELEASE NOTES================="
+          cat ${RELEASE_NOTES}
+          echo "=============END RELEASE NOTES=================="
+
+          # Too short release notes are suspicious. We need at least 100 bytes.
+          relNoteLen=$(stat -c '%s' $RELEASE_NOTES)
+          if test $relNoteLen -lt 100; then
+            echo "::error::No release notes provided in tag annotation (or tag is not annotated)"
+            exit 1
+          fi
+
+          # Check for magic string '## Quick Start' in head of release notes
+          if ! head -2 ${RELEASE_NOTES} | grep -iq '## Quick Start'; then
+            echo "::error::Release notes seem invalid, quick start section not found."
+            exit 1
+          fi
+
+          # We store path to temporary release notes file for later reading, we
+          # need it when creating release.
+          echo "RELEASE_NOTES=${RELEASE_NOTES}" >> $GITHUB_ENV
+
      - name: Setup Golang
        uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v4.0.0
        with:
          go-version: ${{ env.GOLANG_VERSION }}

-      - name: Set environment variables for ldflags
-        id: set_ldflag
+      - name: Setup Git author information
        run: |
-          echo "KUBECTL_VERSION=$(go list -m k8s.io/client-go | head -n 1 | rev | cut -d' ' -f1 | rev)" >> $GITHUB_ENV
-          echo "GIT_TREE_STATE=$(if [ -z "`git status --porcelain`" ]; then echo "clean" ; else echo "dirty"; fi)" >> $GITHUB_ENV
+          set -ue
+          git config --global user.email "${GIT_EMAIL}"
+          git config --global user.name "${GIT_USERNAME}"

-      - name: Run GoReleaser
-        uses: goreleaser/goreleaser-action@f82d6c1c344bcacabba2c841718984797f664a6b # v4.2.0
-        id: run-goreleaser
-        with:
-          version: latest
-          args: release --clean --timeout 55m
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          KUBECTL_VERSION: ${{ env.KUBECTL_VERSION }} 
-          GIT_TREE_STATE: ${{ env.GIT_TREE_STATE }}
-
-      - name: Generate subject for provenance
-        id: hash
-        env:
-          ARTIFACTS: "${{ steps.run-goreleaser.outputs.artifacts }}"
+      - name: Checkout corresponding release branch
        run: |
-          set -euo pipefail
-
-          hashes=$(echo $ARTIFACTS | jq --raw-output '.[] | {name, "digest": (.extra.Digest // .extra.Checksum)} | select(.digest) | {digest} + {name} | join("  ") | sub("^sha256:";"")' | base64 -w0)
-          if test "$hashes" = ""; then # goreleaser < v1.13.0
-            checksum_file=$(echo "$ARTIFACTS" | jq -r '.[] | select (.type=="Checksum") | .path')
-            hashes=$(cat $checksum_file | base64 -w0)
+          set -ue
+          echo "Switching to release branch '${TARGET_BRANCH}'"
+          if ! git checkout ${TARGET_BRANCH}; then
+            echo "::error::Checking out release branch '${TARGET_BRANCH}' for target version '${TARGET_VERSION}' (tagged '${RELEASE_TAG}') failed. Does it exist in repo?"
+            exit 1
          fi
-          echo "hashes=$hashes" >> $GITHUB_OUTPUT

-  goreleaser-provenance:
-    needs: [goreleaser]
-    permissions:
-      actions: read # for detecting the Github Actions environment
-      id-token: write # Needed for provenance signing and ID
-      contents: write #  Needed for release uploads
-    if: github.repository == 'argoproj/argo-cd'
-    # Must be refernced by a tag. https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/container/README.md#referencing-the-slsa-generator
-    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.10.0
-    with:
-      base64-subjects: "${{ needs.goreleaser.outputs.hashes }}"
-      provenance-name: "argocd-cli.intoto.jsonl"
-      upload-assets: true
+      - name: Create VERSION information
+        run: |
+          set -ue
+          echo "Bumping version from $(cat VERSION) to ${TARGET_VERSION}"
+          echo "${TARGET_VERSION}" > VERSION
+          git commit -m "Bump version to ${TARGET_VERSION}" VERSION

-  generate-sbom:
-    name: Create Sbom and sign assets
-    needs:
-      - argocd-image
-      - goreleaser
-    permissions:
-      contents: write # Needed for release uploads
-      id-token: write # Needed for signing Sbom
-    if: github.repository == 'argoproj/argo-cd'
-    runs-on: ubuntu-22.04
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0
-        with:
-          fetch-depth: 0
-          token: ${{ secrets.GITHUB_TOKEN }}
+      - name: Generate new set of manifests
+        run: |
+          set -ue
+          make install-codegen-tools-local
+          
+          # We install kustomize in the dist directory
+          echo "/home/runner/work/argo-cd/argo-cd/dist" >> $GITHUB_PATH
+          
+          make manifests-local VERSION=${TARGET_VERSION}
+          git diff
+          git commit manifests/ -m "Bump version to ${TARGET_VERSION}"

-      - name: Setup Golang
-        uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0
-        with:
-          go-version: ${{ env.GOLANG_VERSION }}
+      - name: Create the release tag
+        run: |
+          set -ue
+          echo "Creating release ${RELEASE_TAG}"
+          git tag ${RELEASE_TAG}
+
+      - name: Login to docker repositories
+        env:
+          DOCKER_USERNAME: ${{ secrets.RELEASE_DOCKERHUB_USERNAME }}
+          DOCKER_TOKEN: ${{ secrets.RELEASE_DOCKERHUB_TOKEN }}
+          QUAY_USERNAME: ${{ secrets.RELEASE_QUAY_USERNAME }}
+          QUAY_TOKEN: ${{ secrets.RELEASE_QUAY_TOKEN }}
+        run: |
+          set -ue
+          docker login quay.io --username "${QUAY_USERNAME}" --password-stdin <<< "${QUAY_TOKEN}"
+          # Remove the following when Docker Hub is gone
+          docker login --username "${DOCKER_USERNAME}" --password-stdin <<< "${DOCKER_TOKEN}"
+        if: ${{ env.DRY_RUN != 'true' }}
+
+      - uses: docker/setup-qemu-action@e81a89b1732b9c48d79cd809d8d81d79c4647a18 # v2.1.0
+      - uses: docker/setup-buildx-action@f03ac48505955848960e80bbb68046aa35c7b9e7 # v2.4.1
+      - name: Build and push Docker image for release
+        run: |
+          set -ue
+          git clean -fd
+          mkdir -p dist/
+          docker buildx build --platform linux/amd64,linux/arm64,linux/s390x,linux/ppc64le --sbom=false --provenance=false --push -t ${IMAGE_NAMESPACE}/argocd:v${TARGET_VERSION} -t argoproj/argocd:v${TARGET_VERSION} .
+          make release-cli
+          make checksums
+          chmod +x ./dist/argocd-linux-amd64
+          ./dist/argocd-linux-amd64 version --client
+        if: ${{ env.DRY_RUN != 'true' }}

      - name: Install cosign
-        uses: sigstore/cosign-installer@1fc5bd396d372bee37d608f955b336615edf79c8 # v3.2.0
+        uses: sigstore/cosign-installer@c3667d99424e7e6047999fb6246c0da843953c65 # v3.0.1
        with:
-          cosign-release: 'v2.2.1'
+          cosign-release: 'v1.13.1'
+
+      - name: Install crane to get digest of image
+        uses: imjasonh/setup-crane@00c9e93efa4e1138c9a7a5c594acd6c75a2fbf0c
+
+      - name: Get digest of image
+        run: |
+          echo "IMAGE_DIGEST=$(crane digest quay.io/argoproj/argocd:v${TARGET_VERSION})" >> $GITHUB_ENV
+
+      - name: Sign Argo CD container images and assets
+        run: |
+          cosign sign --key env://COSIGN_PRIVATE_KEY ${IMAGE_NAMESPACE}/argocd@${{ env.IMAGE_DIGEST }}
+          cosign sign-blob --key env://COSIGN_PRIVATE_KEY ./dist/argocd-${TARGET_VERSION}-checksums.txt > ./dist/argocd-${TARGET_VERSION}-checksums.sig
+          # Retrieves the public key to release as an asset
+          cosign public-key --key env://COSIGN_PRIVATE_KEY > ./dist/argocd-cosign.pub
+        env:
+          COSIGN_PRIVATE_KEY: ${{secrets.COSIGN_PRIVATE_KEY}}
+          COSIGN_PASSWORD: ${{secrets.COSIGN_PASSWORD}}
+        if: ${{ env.DRY_RUN != 'true' }}
+
+      - name: Read release notes file
+        id: release-notes
+        uses: juliangruber/read-file-action@02bbba9876a8f870efd4ad64e3b9088d3fb94d4b # v1.1.6
+        with:
+          path: ${{ env.RELEASE_NOTES }}
+
+      - name: Push changes to release branch
+        run: |
+          set -ue
+          git push origin ${TARGET_BRANCH}
+          git push origin ${RELEASE_TAG}
+
+      - name: Dry run GitHub release
+        uses: actions/create-release@0cb9c9b65d5d1901c1f53e5e66eaf4afd303e70e # v1.1.4
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        id: create_release
+        with:
+          tag_name: ${{ env.RELEASE_TAG }}
+          release_name: ${{ env.RELEASE_TAG }}
+          draft: ${{ env.DRAFT_RELEASE }}
+          prerelease: ${{ env.PRE_RELEASE }}
+          body: ${{ steps.release-notes.outputs.content }}
+        if: ${{ env.DRY_RUN == 'true' }}

      - name: Generate SBOM (spdx)
        id: spdx-builder
@@ -164,7 +277,7 @@ jobs:
          # managers (gomod, yarn, npm).
          PROJECT_FOLDERS: ".,./ui"
          # full qualified name of the docker image to be inspected
-          DOCKER_IMAGE: quay.io/argoproj/argocd:${{ github.ref_name }}
+          DOCKER_IMAGE: ${{env.IMAGE_NAMESPACE}}/argocd:v${{env.TARGET_VERSION}}
        run: |
          yarn install --cwd ./ui
          go install github.com/spdx/spdx-sbom-generator/cmd/generator@$SPDX_GEN_VERSION
@@ -182,115 +295,43 @@ jobs:
          fi

          cd /tmp && tar -zcf sbom.tar.gz *.spdx
+        if: ${{ env.DRY_RUN != 'true' }}

-      - name: Sign SBOM
+      - name: Sign sbom
        run: |
-          cosign sign-blob \
-            --output-certificate=/tmp/sbom.tar.gz.pem \
-            --output-signature=/tmp/sbom.tar.gz.sig \
-            -y \
-            /tmp/sbom.tar.gz
+          cosign sign-blob --key env://COSIGN_PRIVATE_KEY /tmp/sbom.tar.gz > /tmp/sbom.tar.gz.sig
+        env:
+          COSIGN_PRIVATE_KEY: ${{secrets.COSIGN_PRIVATE_KEY}}
+          COSIGN_PASSWORD: ${{secrets.COSIGN_PASSWORD}}
+        if: ${{ env.DRY_RUN != 'true' }}

-      - name: Upload SBOM and signature assets
+      - name: Create GitHub release
        uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v0.1.15
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        with:
+          name: ${{ env.RELEASE_TAG }}
+          tag_name: ${{ env.RELEASE_TAG }}
+          draft: ${{ env.DRAFT_RELEASE }}
+          prerelease: ${{ env.PRE_RELEASE }}
+          body: ${{ steps.release-notes.outputs.content }}  # Pre-pended to the generated notes
          files: |
+            dist/argocd-*
            /tmp/sbom.tar.gz
-  
-  sbom-provenance:
-    needs: [generate-sbom]
-    permissions:
-      actions: read # for detecting the Github Actions environment
-      id-token: write # Needed for provenance signing and ID
-      contents: write #  Needed for release uploads
-    if: github.repository == 'argoproj/argo-cd'
-    # Must be refernced by a tag. https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/container/README.md#referencing-the-slsa-generator
-    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.10.0
-    with:
-      base64-subjects: "${{ needs.generate-sbom.outputs.hashes }}"
-      provenance-name: "argocd-sbom.intoto.jsonl"
-      upload-assets: true
+            /tmp/sbom.tar.gz.sig
+        if: ${{ env.DRY_RUN != 'true' }}

-  post-release:
-    needs:
-      - argocd-image
-      - goreleaser
-      - generate-sbom
-    permissions:
-      contents: write # Needed to push commit to update stable tag
-      pull-requests: write # Needed to create PR for VERSION update.
-    if: github.repository == 'argoproj/argo-cd'
-    runs-on: ubuntu-22.04
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0
+      - name: Update homebrew formula
+        env:
+          HOMEBREW_TOKEN: ${{ secrets.RELEASE_HOMEBREW_TOKEN }}
+        uses: dawidd6/action-homebrew-bump-formula@02e79d9da43d79efa846d73695b6052cbbdbf48a # v3.8.3
        with:
-          fetch-depth: 0
-          token: ${{ secrets.GITHUB_TOKEN }}
+          token: ${{env.HOMEBREW_TOKEN}}
+          formula: argocd
+        if: ${{ env.HOMEBREW_TOKEN != '' && env.UPDATE_HOMEBREW == 'true' && env.PRE_RELEASE != 'true' }}

-      - name: Setup Git author information
+      - name: Delete original request tag from repository
        run: |
          set -ue
-          git config --global user.email 'ci@argoproj.com'
-          git config --global user.name 'CI'
-
-      - name: Check if tag is the latest version and not a pre-release
-        run: |
-          set -xue
-          # Fetch all tag information
-          git fetch --prune --tags --force
-
-          LATEST_TAG=$(git -c 'versionsort.suffix=-rc' tag --list --sort=version:refname | tail -n1)
-
-          PRE_RELEASE=false
-          # Check if latest tag is a pre-release
-          if echo $LATEST_TAG | grep -E -- '-rc[0-9]+$';then
-            PRE_RELEASE=true
-          fi
-
-          # Ensure latest tag matches github.ref_name & not a pre-release
-          if [[ $LATEST_TAG == ${{ github.ref_name }} ]] && [[ $PRE_RELEASE != 'true' ]];then
-            echo "TAG_STABLE=true" >> $GITHUB_ENV
-          else
-            echo "TAG_STABLE=false" >> $GITHUB_ENV
-          fi
-
-      - name: Update stable tag to latest version
-        run: |
-          git tag -f stable ${{ github.ref_name }}
-          git push -f origin stable
-        if: ${{ env.TAG_STABLE == 'true' }}
-
-      - name: Check to see if VERSION should be updated on master branch
-        run: |
-          set -xue
-          SOURCE_TAG=${{ github.ref_name }}
-          VERSION_REF="${SOURCE_TAG#*v}"
-          if echo "$VERSION_REF" | grep -E -- '^[0-9]+\.[0-9]+\.0$';then
-            VERSION=$(awk 'BEGIN {FS=OFS="."} {$2++; print}' <<< "${VERSION_REF}")
-            echo "Updating VERSION to: $VERSION"
-            echo "UPDATE_VERSION=true" >> $GITHUB_ENV
-            echo "NEW_VERSION=$VERSION" >> $GITHUB_ENV
-          else
-            echo "Not updating VERSION"
-            echo "UPDATE_VERSION=false" >> $GITHUB_ENV
-          fi
-
-      - name: Update VERSION on master branch
-        run: |
-          echo ${{ env.NEW_VERSION }} > VERSION
-        if: ${{ env.UPDATE_VERSION == 'true' }}
-
-      - name: Create PR to update VERSION on master branch
-        uses: peter-evans/create-pull-request@38e0b6e68b4c852a5500a94740f0e535e0d7ba54 # v4.2.4
-        with:
-          commit-message: Bump version in master
-          title: "chore: Bump version in master"
-          body: All images built from master should indicate which version we are on track for.
-          signoff: true
-          branch: update-version
-          branch-suffix: random
-          base: master
-        if: ${{ env.UPDATE_VERSION == 'true' }}
+          git push --delete origin ${SOURCE_TAG}
+        if: ${{ always() }}
--- a/.github/workflows/scorecard.yaml
+++ b/.github/workflows/scorecard.yaml
@@ -1,67 +0,0 @@
-name: Scorecards supply-chain security
-on:
-  # Only the default branch is supported.
-  branch_protection_rule:
-  schedule:
-    - cron: "39 9 * * 2"
-  push:
-    branches: ["master"]
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
-
-# Declare default permissions as read only.
-permissions: read-all
-
-jobs:
-  analysis:
-    name: Scorecards analysis
-    runs-on: ubuntu-22.04
-    permissions:
-      # Needed to upload the results to code-scanning dashboard.
-      security-events: write
-      # Used to receive a badge. (Upcoming feature)
-      id-token: write
-      # Needs for private repositories.
-      contents: read
-      actions: read
-    if: github.repository == 'argoproj/argo-cd'
-
-    steps:
-      - name: "Checkout code"
-        uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0
-        with:
-          persist-credentials: false
-
-      - name: "Run analysis"
-        uses: ossf/scorecard-action@e38b1902ae4f44df626f11ba0734b14fb91f8f86 # v2.1.2
-        with:
-          results_file: results.sarif
-          results_format: sarif
-          # (Optional) Read-only PAT token. Uncomment the `repo_token` line below if:
-          # - you want to enable the Branch-Protection check on a *public* repository, or
-          # - you are installing Scorecards on a *private* repository
-          # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-pat.
-          # repo_token: ${{ secrets.SCORECARD_READ_TOKEN }}
-
-          # Publish the results for public repositories to enable scorecard badges. For more details, see
-          # https://github.com/ossf/scorecard-action#publishing-results.
-          # For private repositories, `publish_results` will automatically be set to `false`, regardless
-          # of the value entered here.
-          publish_results: true
-
-      # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
-      # format to the repository Actions tab.
-      - name: "Upload artifact"
-        uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
-        with:
-          name: SARIF file
-          path: results.sarif
-          retention-days: 5
-
-      # Upload the results to GitHub's code scanning dashboard.
-      - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@3ebbd71c74ef574dbc558c82f70e52732c8b44fe # v2.2.1
-        with:
-          sarif_file: results.sarif
--- a/.github/workflows/update-snyk.yaml
+++ b/.github/workflows/update-snyk.yaml
@@ -31,6 +31,6 @@ jobs:
          git config --global user.email 'ci@argoproj.com'
          git config --global user.name 'CI'
          git add docs/snyk
-          git commit -m "[Bot] docs: Update Snyk reports" --signoff
+          git commit -m "[Bot] Update Snyk reports" --signoff
          git push --set-upstream origin "$pr_branch"
          gh pr create -B master -H "$pr_branch" --title '[Bot] docs: Update Snyk report' --body ''
--- a/.gitpod.Dockerfile
+++ b/.gitpod.Dockerfile
@@ -1,4 +1,4 @@
-FROM gitpod/workspace-full@sha256:d5787229cd062aceae91109f1690013d3f25062916492fb7f444d13de3186178
+FROM gitpod/workspace-full

 USER root

--- a/.goreleaser.yaml
+++ b/.goreleaser.yaml
@@ -1,120 +0,0 @@
-project_name: argocd
-
-before:
-  hooks:
-    - go mod download
-    - make build-ui
-
-builds:
-  - id: argocd-cli
-    main: ./cmd
-    binary: argocd-{{ .Os}}-{{ .Arch}}
-    env:
-      - CGO_ENABLED=0
-    flags:
-      - -v
-    ldflags:
-      - -X github.com/argoproj/argo-cd/v2/common.version={{ .Version }}
-      - -X github.com/argoproj/argo-cd/v2/common.buildDate={{ .Date }}
-      - -X github.com/argoproj/argo-cd/v2/common.gitCommit={{ .FullCommit }}
-      - -X github.com/argoproj/argo-cd/v2/common.gitTreeState={{ .Env.GIT_TREE_STATE }}
-      - -X github.com/argoproj/argo-cd/v2/common.kubectlVersion={{ .Env.KUBECTL_VERSION }}
-      - -extldflags="-static"
-    goos:
-      - linux
-      - darwin
-      - windows
-    goarch:
-      - amd64
-      - arm64
-      - s390x
-      - ppc64le
-    ignore:
-      - goos: darwin
-        goarch: s390x
-      - goos: darwin
-        goarch: ppc64le
-      - goos: windows
-        goarch: s390x
-      - goos: windows
-        goarch: ppc64le
-      - goos: windows
-        goarch: arm64
-
-archives:
-  - id: argocd-archive
-    builds:
-    - argocd-cli
-    name_template: |-
-      {{ .ProjectName }}-{{ .Os }}-{{ .Arch }}
-    format: binary
-
-checksum:
-  name_template: 'cli_checksums.txt'
-  algorithm: sha256
-
-release:
-  prerelease: auto
-  draft: false
-  header: |
-    ## Quick Start
-
-    ### Non-HA:
-
-    ```shell
-    kubectl create namespace argocd
-    kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/{{.Tag}}/manifests/install.yaml
-    ```
-
-    ### HA:
-
-    ```shell
-    kubectl create namespace argocd
-    kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/{{.Tag}}/manifests/ha/install.yaml
-    ```
-
-    ## Release Signatures and Provenance
-
-    All Argo CD container images are signed by cosign.  A Provenance is generated for container images and CLI binaries which meet the SLSA Level 3 specifications. See the [documentation](https://argo-cd.readthedocs.io/en/stable/operator-manual/signed-release-assets) on how to verify.
-
-
-    ## Upgrading
-
-    If upgrading from a different minor version, be sure to read the [upgrading](https://argo-cd.readthedocs.io/en/stable/operator-manual/upgrading/overview/) documentation.
-  footer: |
-    **Full Changelog**: https://github.com/argoproj/argo-cd/compare/{{ .PreviousTag }}...{{ .Tag }}
-    
-    <a href="https://argoproj.github.io/cd/"><img src="https://raw.githubusercontent.com/argoproj/argo-site/master/content/pages/cd/gitops-cd.png" width="25%" ></a>
-
-
-snapshot: #### To be removed for PR
-  name_template: "2.6.0"
-
-changelog:
-  use:
-    github
-  sort: asc
-  abbrev: 0
-  groups: # Regex use RE2 syntax as defined here: https://github.com/google/re2/wiki/Syntax.
-    - title: 'Features'
-      regexp: '^.*?feat(\([[:word:]]+\))??!?:.+$'
-      order: 100
-    - title: 'Bug fixes'
-      regexp: '^.*?fix(\([[:word:]]+\))??!?:.+$'
-      order: 200
-    - title: 'Documentation'
-      regexp: '^.*?docs(\([[:word:]]+\))??!?:.+$'
-      order: 300
-    - title: 'Dependency updates'
-      regexp: '^.*?(feat|fix|chore)\(deps?.+\)!?:.+$'
-      order: 400
-    - title: 'Other work'
-      order: 999
-  filters:
-    exclude:
-      - '^test:'
-      - '^.*?Bump(\([[:word:]]+\))?.+$'
-
-
-# yaml-language-server: $schema=https://goreleaser.com/static/schema.json
-
--- a/.readthedocs.yml
+++ b/.readthedocs.yml
@@ -4,8 +4,4 @@ mkdocs:
  fail_on_warning: false
 python:
  install:
-    - requirements: docs/requirements.txt
-build:
-  os: "ubuntu-22.04"
-  tools:
-    python: "3.7"
+    - requirements: docs/requirements.txt
--- a/11
+++ b/11
@@ -1,10 +1,10 @@
-ARG BASE_IMAGE=docker.io/library/ubuntu:22.04@sha256:0bced47fffa3361afa981854fcabcd4577cd43cebbb808cea2b1f33a3dd7f508
+ARG BASE_IMAGE=docker.io/library/ubuntu:22.04
 ####################################################################################################
 # Builder image
 # Initial stage which pulls prepares build dependencies and CLI tooling we need for our final image
 # Also used as the image in CI jobs so needs all dependencies
 ####################################################################################################
-FROM docker.io/library/golang:1.20.10@sha256:077ff85b374b23916b4b41835e242e5a3ddad9fc537ea7e980f230431747d245 AS builder
+FROM docker.io/library/golang:1.19.7 AS builder

 RUN echo 'deb http://deb.debian.org/debian buster-backports main' >> /etc/apt/sources.list

@@ -36,8 +36,6 @@ RUN ./install.sh helm-linux && \
 ####################################################################################################
 FROM $BASE_IMAGE AS argocd-base

-LABEL org.opencontainers.image.source="https://github.com/argoproj/argo-cd"
-
 USER root

 ENV ARGOCD_USER_ID=999
@@ -83,7 +81,7 @@ WORKDIR /home/argocd
 ####################################################################################################
 # Argo CD UI stage
 ####################################################################################################
-FROM --platform=$BUILDPLATFORM docker.io/library/node:18.15.0@sha256:8d9a875ee427897ef245302e31e2319385b092f1c3368b497e89790f240368f5 AS argocd-ui
+FROM --platform=$BUILDPLATFORM docker.io/library/node:12.18.4 AS argocd-ui

 WORKDIR /src
 COPY ["ui/package.json", "ui/yarn.lock", "./"]
@@ -101,7 +99,7 @@ RUN HOST_ARCH=$TARGETARCH NODE_ENV='production' NODE_ONLINE_ENV='online' NODE_OP
 ####################################################################################################
 # Argo CD Build stage which performs the actual build of Argo CD binaries
 ####################################################################################################
-FROM --platform=$BUILDPLATFORM docker.io/library/golang:1.20.10@sha256:077ff85b374b23916b4b41835e242e5a3ddad9fc537ea7e980f230431747d245 AS argocd-build
+FROM --platform=$BUILDPLATFORM docker.io/library/golang:1.19.7 AS argocd-build

 WORKDIR /go/src/github.com/argoproj/argo-cd

@@ -132,4 +130,3 @@ RUN ln -s /usr/local/bin/argocd /usr/local/bin/argocd-server && \
    ln -s /usr/local/bin/argocd /usr/local/bin/argocd-k8s-auth

 USER $ARGOCD_USER_ID
-ENTRYPOINT ["/usr/bin/tini", "--"]
--- a/97
+++ b/97
@@ -64,20 +64,13 @@ else
 DOCKER_SRC_MOUNT="$(PWD):/go/src/github.com/argoproj/argo-cd$(VOLUME_MOUNT)"
 endif

-# User and group IDs to map to the test container
-CONTAINER_UID=$(shell id -u)
-CONTAINER_GID=$(shell id -g)
-
-# Set SUDO to sudo to run privileged commands with sudo
-SUDO?=
-
 # Runs any command in the argocd-test-utils container in server mode
 # Server mode container will start with uid 0 and drop privileges during runtime
 define run-in-test-server
-	$(SUDO) docker run --rm -it \
+	docker run --rm -it \
 		--name argocd-test-server \
-		-u $(CONTAINER_UID):$(CONTAINER_GID) \
-		-e USER_ID=$(CONTAINER_UID) \
+		-u $(shell id -u):$(shell id -g) \
+		-e USER_ID=$(shell id -u) \
 		-e HOME=/home/user \
 		-e GOPATH=/go \
 		-e GOCACHE=/tmp/go-build-cache \
@@ -105,9 +98,9 @@ endef

 # Runs any command in the argocd-test-utils container in client mode
 define run-in-test-client
-	$(SUDO) docker run --rm -it \
+	docker run --rm -it \
 	  --name argocd-test-client \
-		-u $(CONTAINER_UID):$(CONTAINER_GID) \
+		-u $(shell id -u):$(shell id -g) \
 		-e HOME=/home/user \
 		-e GOPATH=/go \
 		-e ARGOCD_E2E_K3S=$(ARGOCD_E2E_K3S) \
@@ -126,7 +119,7 @@ endef

 #
 define exec-in-test-server
-	$(SUDO) docker exec -it -u $(CONTAINER_UID):$(CONTAINER_GID) -e ARGOCD_E2E_RECORD=$(ARGOCD_E2E_RECORD) -e ARGOCD_E2E_K3S=$(ARGOCD_E2E_K3S) argocd-test-server $(1)
+	docker exec -it -u $(shell id -u):$(shell id -g) -e ARGOCD_E2E_RECORD=$(ARGOCD_E2E_RECORD) -e ARGOCD_E2E_K3S=$(ARGOCD_E2E_K3S) argocd-test-server $(1)
 endef

 PATH:=$(PATH):$(PWD)/hack
@@ -219,7 +212,7 @@ clidocsgen: ensure-gopath


 .PHONY: codegen-local
-codegen-local: ensure-gopath mod-vendor-local gogen protogen clientgen openapigen clidocsgen manifests-local notification-docs notification-catalog
+codegen-local: ensure-gopath mod-vendor-local notification-docs notification-catalog gogen protogen clientgen openapigen clidocsgen manifests-local
 	rm -rf vendor/

 .PHONY: codegen
@@ -232,11 +225,11 @@ cli: test-tools-image

 .PHONY: cli-local
 cli-local: clean-debug
-	CGO_ENABLED=0 GODEBUG="tarinsecurepath=0,zipinsecurepath=0" go build -v -ldflags '${LDFLAGS}' -o ${DIST_DIR}/${CLI_NAME} ./cmd
+	CGO_ENABLED=0 go build -v -ldflags '${LDFLAGS}' -o ${DIST_DIR}/${CLI_NAME} ./cmd

 .PHONY: gen-resources-cli-local
 gen-resources-cli-local: clean-debug
-	CGO_ENABLED=0 GODEBUG="tarinsecurepath=0,zipinsecurepath=0" go build -v -ldflags '${LDFLAGS}' -o ${DIST_DIR}/${GEN_RESOURCES_CLI_NAME} ./hack/gen-resources/cmd
+	CGO_ENABLED=0 go build -v -ldflags '${LDFLAGS}' -o ${DIST_DIR}/${GEN_RESOURCES_CLI_NAME} ./hack/gen-resources/cmd

 .PHONY: release-cli
 release-cli: clean-debug build-ui
@@ -251,8 +244,8 @@ release-cli: clean-debug build-ui
 .PHONY: test-tools-image
 test-tools-image:
 ifndef SKIP_TEST_TOOLS_IMAGE
-	$(SUDO) docker build --build-arg UID=$(CONTAINER_UID) -t $(TEST_TOOLS_PREFIX)$(TEST_TOOLS_IMAGE) -f test/container/Dockerfile .
-	$(SUDO) docker tag $(TEST_TOOLS_PREFIX)$(TEST_TOOLS_IMAGE) $(TEST_TOOLS_PREFIX)$(TEST_TOOLS_IMAGE):$(TEST_TOOLS_TAG)
+	docker build --build-arg UID=$(shell id -u) -t $(TEST_TOOLS_PREFIX)$(TEST_TOOLS_IMAGE) -f test/container/Dockerfile .
+	docker tag $(TEST_TOOLS_PREFIX)$(TEST_TOOLS_IMAGE) $(TEST_TOOLS_PREFIX)$(TEST_TOOLS_IMAGE):$(TEST_TOOLS_TAG)
 endif

 .PHONY: manifests-local
@@ -266,19 +259,19 @@ manifests: test-tools-image
 # consolidated binary for cli, util, server, repo-server, controller
 .PHONY: argocd-all
 argocd-all: clean-debug
-	CGO_ENABLED=0 GOOS=${GOOS} GOARCH=${GOARCH} GODEBUG="tarinsecurepath=0,zipinsecurepath=0" go build -v -ldflags '${LDFLAGS}' -o ${DIST_DIR}/${BIN_NAME} ./cmd
+	CGO_ENABLED=0 GOOS=${GOOS} GOARCH=${GOARCH} go build -v -ldflags '${LDFLAGS}' -o ${DIST_DIR}/${BIN_NAME} ./cmd

 .PHONY: server
 server: clean-debug
-	CGO_ENABLED=0 GODEBUG="tarinsecurepath=0,zipinsecurepath=0" go build -v -ldflags '${LDFLAGS}' -o ${DIST_DIR}/argocd-server ./cmd
+	CGO_ENABLED=0 go build -v -ldflags '${LDFLAGS}' -o ${DIST_DIR}/argocd-server ./cmd

 .PHONY: repo-server
 repo-server:
-	CGO_ENABLED=0 GODEBUG="tarinsecurepath=0,zipinsecurepath=0" go build -v -ldflags '${LDFLAGS}' -o ${DIST_DIR}/argocd-repo-server ./cmd
+	CGO_ENABLED=0 go build -v -ldflags '${LDFLAGS}' -o ${DIST_DIR}/argocd-repo-server ./cmd

 .PHONY: controller
 controller:
-	CGO_ENABLED=0 GODEBUG="tarinsecurepath=0,zipinsecurepath=0" go build -v -ldflags '${LDFLAGS}' -o ${DIST_DIR}/argocd-application-controller ./cmd
+	CGO_ENABLED=0 go build -v -ldflags '${LDFLAGS}' -o ${DIST_DIR}/argocd-application-controller ./cmd

 .PHONY: build-ui
 build-ui:
@@ -294,7 +287,7 @@ ifeq ($(DEV_IMAGE), true)
 IMAGE_TAG="dev-$(shell git describe --always --dirty)"
 image: build-ui
 	DOCKER_BUILDKIT=1 docker build --platform=linux/amd64 -t argocd-base --target argocd-base .
-	CGO_ENABLED=0 GOOS=linux GOARCH=amd64 GODEBUG="tarinsecurepath=0,zipinsecurepath=0" go build -v -ldflags '${LDFLAGS}' -o ${DIST_DIR}/argocd ./cmd
+	CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -v -ldflags '${LDFLAGS}' -o ${DIST_DIR}/argocd ./cmd
 	ln -sfn ${DIST_DIR}/argocd ${DIST_DIR}/argocd-server
 	ln -sfn ${DIST_DIR}/argocd ${DIST_DIR}/argocd-application-controller
 	ln -sfn ${DIST_DIR}/argocd ${DIST_DIR}/argocd-repo-server
@@ -333,7 +326,7 @@ mod-vendor: test-tools-image
 mod-vendor-local: mod-download-local
 	go mod vendor

-# Deprecated - replace by install-tools-local
+# Deprecated - replace by install-local-tools
 .PHONY: install-lint-tools
 install-lint-tools:
 	./hack/install.sh lint-tools
@@ -368,7 +361,7 @@ build: test-tools-image
 # Build all Go code (local version)
 .PHONY: build-local
 build-local:
-	GODEBUG="tarinsecurepath=0,zipinsecurepath=0" go build -v `go list ./... | grep -v 'resource_customizations\|test/e2e'`
+	go build -v `go list ./... | grep -v 'resource_customizations\|test/e2e'`

 # Run all unit tests
 #
@@ -579,7 +572,7 @@ list:

 .PHONY: applicationset-controller
 applicationset-controller:
-	GODEBUG="tarinsecurepath=0,zipinsecurepath=0" CGO_ENABLED=0 go build -v -ldflags '${LDFLAGS}' -o ${DIST_DIR}/argocd-applicationset-controller ./cmd
+	CGO_ENABLED=0 go build -v -ldflags '${LDFLAGS}' -o ${DIST_DIR}/argocd-applicationset-controller ./cmd

 .PHONY: checksums
 checksums:
@@ -596,55 +589,3 @@ snyk-non-container-tests:
 .PHONY: snyk-report
 snyk-report:
 	./hack/snyk-report.sh $(target_branch)
-
-.PHONY: help
-help:
-	@echo 'Note: Generally an item w/ (-local) will run inside docker unless you use the -local variant'
-	@echo
-	@echo 'Common targets'
-	@echo
-	@echo 'all -- make cli and image'
-	@echo
-	@echo 'components:'
-	@echo '  applicationset-controller -- applicationset controller'
-	@echo '  cli(-local)               -- argocd cli program'
-	@echo '  controller                -- controller (orchestrator)'
-	@echo '  repo-server               -- repo server (manage repository instances)'
-	@echo '  server                    -- argocd web application'
-	@echo
-	@echo 'build:'
-	@echo '  image                     -- make image of the following items'
-	@echo '  build(-local)             -- compile go'
-	@echo '  build-docs(-local)        -- build docs'
-	@echo '  build-ui                  -- compile typescript'
-	@echo
-	@echo 'run:'
-	@echo '  run                       -- run the components locally'
-	@echo '  serve-docs(-local)        -- expose the documents for viewing in a browser'
-	@echo
-	@echo 'release:'
-	@echo '  release-cli'
-	@echo '  release-precheck'
-	@echo '  checksums'
-	@echo
-	@echo 'docs:'
-	@echo '  build-docs(-local)'
-	@echo '  serve-docs(-local)'
-	@echo '  notification-docs'
-	@echo '  clidocsgen'
-	@echo
-	@echo 'testing:'
-	@echo '  test(-local)'
-	@echo '  start-e2e(-local)'
-	@echo '  test-e2e(-local)'
-	@echo '  test-race(-local)'
-	@echo
-	@echo 'debug:'
-	@echo '  list -- list all make targets'
-	@echo '  install-tools-local -- install all the tools below'
-	@echo '  install-lint-tools(-local)'
-	@echo
-	@echo 'codegen:'
-	@echo '  codegen(-local) -- if using -local, run the following targets first'
-	@echo '  install-codegen-tools-local -- run this to install the codegen tools'
-	@echo '  install-go-tools-local -- run this to install go libraries for codegen'
--- a/1
+++ b/1
@@ -29,4 +29,3 @@ reviewers:
 - saumeya
 - zachaller
 - 34fathombelow
- alexef
--- a/14
+++ b/14
@@ -1,12 +1,12 @@
-controller: [ "$BIN_MODE" = 'true' ] && COMMAND=./dist/argocd || COMMAND='go run ./cmd/main.go' && sh -c "FORCE_LOG_COLORS=1 ARGOCD_FAKE_IN_CLUSTER=true ARGOCD_TLS_DATA_PATH=${ARGOCD_TLS_DATA_PATH:-/tmp/argocd-local/tls} ARGOCD_SSH_DATA_PATH=${ARGOCD_SSH_DATA_PATH:-/tmp/argocd-local/ssh} ARGOCD_BINARY_NAME=argocd-application-controller $COMMAND --loglevel debug --redis localhost:${ARGOCD_E2E_REDIS_PORT:-6379} --repo-server localhost:${ARGOCD_E2E_REPOSERVER_PORT:-8081} --otlp-address=${ARGOCD_OTLP_ADDRESS} --application-namespaces=${ARGOCD_APPLICATION_NAMESPACES:-''}"
-api-server: [ "$BIN_MODE" = 'true' ] && COMMAND=./dist/argocd || COMMAND='go run ./cmd/main.go' && sh -c "FORCE_LOG_COLORS=1 ARGOCD_FAKE_IN_CLUSTER=true ARGOCD_TLS_DATA_PATH=${ARGOCD_TLS_DATA_PATH:-/tmp/argocd-local/tls} ARGOCD_SSH_DATA_PATH=${ARGOCD_SSH_DATA_PATH:-/tmp/argocd-local/ssh} ARGOCD_BINARY_NAME=argocd-server $COMMAND --loglevel debug --redis localhost:${ARGOCD_E2E_REDIS_PORT:-6379} --disable-auth=${ARGOCD_E2E_DISABLE_AUTH:-'true'} --insecure --dex-server http://localhost:${ARGOCD_E2E_DEX_PORT:-5556} --repo-server localhost:${ARGOCD_E2E_REPOSERVER_PORT:-8081} --port ${ARGOCD_E2E_APISERVER_PORT:-8080} --otlp-address=${ARGOCD_OTLP_ADDRESS} --application-namespaces=${ARGOCD_APPLICATION_NAMESPACES:-''}"
+controller: [ "$BIN_MODE" == 'true' ] && COMMAND=./dist/argocd || COMMAND='go run ./cmd/main.go' && sh -c "FORCE_LOG_COLORS=1 ARGOCD_FAKE_IN_CLUSTER=true ARGOCD_TLS_DATA_PATH=${ARGOCD_TLS_DATA_PATH:-/tmp/argocd-local/tls} ARGOCD_SSH_DATA_PATH=${ARGOCD_SSH_DATA_PATH:-/tmp/argocd-local/ssh} ARGOCD_BINARY_NAME=argocd-application-controller $COMMAND --loglevel debug --redis localhost:${ARGOCD_E2E_REDIS_PORT:-6379} --repo-server localhost:${ARGOCD_E2E_REPOSERVER_PORT:-8081} --otlp-address=${ARGOCD_OTLP_ADDRESS} --application-namespaces=${ARGOCD_APPLICATION_NAMESPACES:-''}"
+api-server: [ "$BIN_MODE" == 'true' ] && COMMAND=./dist/argocd || COMMAND='go run ./cmd/main.go' && sh -c "FORCE_LOG_COLORS=1 ARGOCD_FAKE_IN_CLUSTER=true ARGOCD_TLS_DATA_PATH=${ARGOCD_TLS_DATA_PATH:-/tmp/argocd-local/tls} ARGOCD_SSH_DATA_PATH=${ARGOCD_SSH_DATA_PATH:-/tmp/argocd-local/ssh} ARGOCD_BINARY_NAME=argocd-server $COMMAND --loglevel debug --redis localhost:${ARGOCD_E2E_REDIS_PORT:-6379} --disable-auth=${ARGOCD_E2E_DISABLE_AUTH:-'true'} --insecure --dex-server http://localhost:${ARGOCD_E2E_DEX_PORT:-5556} --repo-server localhost:${ARGOCD_E2E_REPOSERVER_PORT:-8081} --port ${ARGOCD_E2E_APISERVER_PORT:-8080} --otlp-address=${ARGOCD_OTLP_ADDRESS} --application-namespaces=${ARGOCD_APPLICATION_NAMESPACES:-''}"
 dex: sh -c "ARGOCD_BINARY_NAME=argocd-dex go run github.com/argoproj/argo-cd/v2/cmd gendexcfg -o `pwd`/dist/dex.yaml && docker run --rm -p ${ARGOCD_E2E_DEX_PORT:-5556}:${ARGOCD_E2E_DEX_PORT:-5556} -v `pwd`/dist/dex.yaml:/dex.yaml ghcr.io/dexidp/dex:$(grep "image: ghcr.io/dexidp/dex" manifests/base/dex/argocd-dex-server-deployment.yaml | cut -d':' -f3) dex serve /dex.yaml"
-redis: bash -c "if [ \"$ARGOCD_REDIS_LOCAL\" = 'true' ]; then redis-server --save '' --appendonly no --port ${ARGOCD_E2E_REDIS_PORT:-6379}; else docker run --rm --name argocd-redis -i -p ${ARGOCD_E2E_REDIS_PORT:-6379}:${ARGOCD_E2E_REDIS_PORT:-6379} redis:$(grep "image: redis" manifests/base/redis/argocd-redis-deployment.yaml | cut -d':' -f3) --save '' --appendonly no --port ${ARGOCD_E2E_REDIS_PORT:-6379}; fi"
-repo-server: [ "$BIN_MODE" = 'true' ] && COMMAND=./dist/argocd || COMMAND='go run ./cmd/main.go' && sh -c "FORCE_LOG_COLORS=1 ARGOCD_FAKE_IN_CLUSTER=true ARGOCD_GNUPGHOME=${ARGOCD_GNUPGHOME:-/tmp/argocd-local/gpg/keys} ARGOCD_PLUGINSOCKFILEPATH=${ARGOCD_PLUGINSOCKFILEPATH:-./test/cmp}  ARGOCD_GPG_DATA_PATH=${ARGOCD_GPG_DATA_PATH:-/tmp/argocd-local/gpg/source} ARGOCD_TLS_DATA_PATH=${ARGOCD_TLS_DATA_PATH:-/tmp/argocd-local/tls} ARGOCD_SSH_DATA_PATH=${ARGOCD_SSH_DATA_PATH:-/tmp/argocd-local/ssh} ARGOCD_BINARY_NAME=argocd-repo-server ARGOCD_GPG_ENABLED=${ARGOCD_GPG_ENABLED:-false} $COMMAND --loglevel debug --port ${ARGOCD_E2E_REPOSERVER_PORT:-8081} --redis localhost:${ARGOCD_E2E_REDIS_PORT:-6379} --otlp-address=${ARGOCD_OTLP_ADDRESS}"
-cmp-server: [ "$ARGOCD_E2E_TEST" = 'true' ] && exit 0 || [ "$BIN_MODE" = 'true' ] && COMMAND=./dist/argocd || COMMAND='go run ./cmd/main.go' && sh -c "FORCE_LOG_COLORS=1 ARGOCD_FAKE_IN_CLUSTER=true ARGOCD_BINARY_NAME=argocd-cmp-server ARGOCD_PLUGINSOCKFILEPATH=${ARGOCD_PLUGINSOCKFILEPATH:-./test/cmp} $COMMAND --config-dir-path ./test/cmp --loglevel debug --otlp-address=${ARGOCD_OTLP_ADDRESS}"
+redis: bash -c "if [ \"$ARGOCD_REDIS_LOCAL\" == 'true' ]; then redis-server --save '' --appendonly no --port ${ARGOCD_E2E_REDIS_PORT:-6379}; else docker run --rm --name argocd-redis -i -p ${ARGOCD_E2E_REDIS_PORT:-6379}:${ARGOCD_E2E_REDIS_PORT:-6379} redis:$(grep "image: redis" manifests/base/redis/argocd-redis-deployment.yaml | cut -d':' -f3) --save '' --appendonly no --port ${ARGOCD_E2E_REDIS_PORT:-6379}; fi"
+repo-server: [ "$BIN_MODE" == 'true' ] && COMMAND=./dist/argocd || COMMAND='go run ./cmd/main.go' && sh -c "FORCE_LOG_COLORS=1 ARGOCD_FAKE_IN_CLUSTER=true ARGOCD_GNUPGHOME=${ARGOCD_GNUPGHOME:-/tmp/argocd-local/gpg/keys} ARGOCD_PLUGINSOCKFILEPATH=${ARGOCD_PLUGINSOCKFILEPATH:-./test/cmp}  ARGOCD_GPG_DATA_PATH=${ARGOCD_GPG_DATA_PATH:-/tmp/argocd-local/gpg/source} ARGOCD_TLS_DATA_PATH=${ARGOCD_TLS_DATA_PATH:-/tmp/argocd-local/tls} ARGOCD_SSH_DATA_PATH=${ARGOCD_SSH_DATA_PATH:-/tmp/argocd-local/ssh} ARGOCD_BINARY_NAME=argocd-repo-server ARGOCD_GPG_ENABLED=${ARGOCD_GPG_ENABLED:-false} $COMMAND --loglevel debug --port ${ARGOCD_E2E_REPOSERVER_PORT:-8081} --redis localhost:${ARGOCD_E2E_REDIS_PORT:-6379} --otlp-address=${ARGOCD_OTLP_ADDRESS}"
+cmp-server: [ "$ARGOCD_E2E_TEST" == 'true' ] && exit 0 || [ "$BIN_MODE" == 'true' ] && COMMAND=./dist/argocd || COMMAND='go run ./cmd/main.go' && sh -c "FORCE_LOG_COLORS=1 ARGOCD_FAKE_IN_CLUSTER=true ARGOCD_BINARY_NAME=argocd-cmp-server ARGOCD_PLUGINSOCKFILEPATH=${ARGOCD_PLUGINSOCKFILEPATH:-./test/cmp} $COMMAND --config-dir-path ./test/cmp --loglevel debug --otlp-address=${ARGOCD_OTLP_ADDRESS}"
 ui: sh -c 'cd ui && ${ARGOCD_E2E_YARN_CMD:-yarn} start'
 git-server: test/fixture/testrepos/start-git.sh
 helm-registry: test/fixture/testrepos/start-helm-registry.sh
 dev-mounter: [[ "$ARGOCD_E2E_TEST" != "true" ]] && go run hack/dev-mounter/main.go --configmap argocd-ssh-known-hosts-cm=${ARGOCD_SSH_DATA_PATH:-/tmp/argocd-local/ssh} --configmap argocd-tls-certs-cm=${ARGOCD_TLS_DATA_PATH:-/tmp/argocd-local/tls} --configmap argocd-gpg-keys-cm=${ARGOCD_GPG_DATA_PATH:-/tmp/argocd-local/gpg/source}
-applicationset-controller: [ "$BIN_MODE" = 'true' ] && COMMAND=./dist/argocd || COMMAND='go run ./cmd/main.go' && sh -c "FORCE_LOG_COLORS=4 ARGOCD_FAKE_IN_CLUSTER=true ARGOCD_TLS_DATA_PATH=${ARGOCD_TLS_DATA_PATH:-/tmp/argocd-local/tls} ARGOCD_ASK_PASS_SOCK=/tmp/applicationset-ask-pass.sock ARGOCD_SSH_DATA_PATH=${ARGOCD_SSH_DATA_PATH:-/tmp/argocd-local/ssh} ARGOCD_BINARY_NAME=argocd-applicationset-controller $COMMAND --loglevel debug --metrics-addr localhost:12345 --probe-addr localhost:12346 --argocd-repo-server localhost:${ARGOCD_E2E_REPOSERVER_PORT:-8081}"
-notification: [ "$BIN_MODE" = 'true' ] && COMMAND=./dist/argocd || COMMAND='go run ./cmd/main.go' && sh -c "FORCE_LOG_COLORS=4 ARGOCD_FAKE_IN_CLUSTER=true ARGOCD_TLS_DATA_PATH=${ARGOCD_TLS_DATA_PATH:-/tmp/argocd-local/tls} ARGOCD_BINARY_NAME=argocd-notifications $COMMAND --loglevel debug"
+applicationset-controller: [ "$BIN_MODE" == 'true' ] && COMMAND=./dist/argocd || COMMAND='go run ./cmd/main.go' && sh -c "FORCE_LOG_COLORS=4 ARGOCD_FAKE_IN_CLUSTER=true ARGOCD_TLS_DATA_PATH=${ARGOCD_TLS_DATA_PATH:-/tmp/argocd-local/tls} ARGOCD_ASK_PASS_SOCK=/tmp/applicationset-ask-pass.sock ARGOCD_SSH_DATA_PATH=${ARGOCD_SSH_DATA_PATH:-/tmp/argocd-local/ssh} ARGOCD_BINARY_NAME=argocd-applicationset-controller $COMMAND --loglevel debug --metrics-addr localhost:12345 --probe-addr localhost:12346 --argocd-repo-server localhost:${ARGOCD_E2E_REPOSERVER_PORT:-8081}"
+notification: [ "$BIN_MODE" == 'true' ] && COMMAND=./dist/argocd || COMMAND='go run ./cmd/main.go' && sh -c "FORCE_LOG_COLORS=4 ARGOCD_FAKE_IN_CLUSTER=true ARGOCD_TLS_DATA_PATH=${ARGOCD_TLS_DATA_PATH:-/tmp/argocd-local/tls} ARGOCD_BINARY_NAME=argocd-notifications $COMMAND --loglevel debug"
--- a/README.md
+++ b/README.md
@@ -1,18 +1,6 @@
-**Releases:**
-[![Release Version](https://img.shields.io/github/v/release/argoproj/argo-cd?label=argo-cd)](https://github.com/argoproj/argo-cd/releases/latest)
+[![Integration tests](https://github.com/argoproj/argo-cd/workflows/Integration%20tests/badge.svg?branch=master)](https://github.com/argoproj/argo-cd/actions?query=workflow%3A%22Integration+tests%22) [![slack](https://img.shields.io/badge/slack-argoproj-brightgreen.svg?logo=slack)](https://argoproj.github.io/community/join-slack) [![codecov](https://codecov.io/gh/argoproj/argo-cd/branch/master/graph/badge.svg)](https://codecov.io/gh/argoproj/argo-cd) [![Release Version](https://img.shields.io/github/v/release/argoproj/argo-cd?label=argo-cd)](https://github.com/argoproj/argo-cd/releases/latest) [![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/4486/badge)](https://bestpractices.coreinfrastructure.org/projects/4486) [![Twitter Follow](https://img.shields.io/twitter/follow/argoproj?style=social)](https://twitter.com/argoproj)
 [![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/argo-cd)](https://artifacthub.io/packages/helm/argo/argo-cd)

-**Code:** 
-[![Integration tests](https://github.com/argoproj/argo-cd/workflows/Integration%20tests/badge.svg?branch=master)](https://github.com/argoproj/argo-cd/actions?query=workflow%3A%22Integration+tests%22)
-[![codecov](https://codecov.io/gh/argoproj/argo-cd/branch/master/graph/badge.svg)](https://codecov.io/gh/argoproj/argo-cd)
-[![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/4486/badge)](https://bestpractices.coreinfrastructure.org/projects/4486)
-[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/argoproj/argo-cd/badge)](https://api.securityscorecards.dev/projects/github.com/argoproj/argo-cd)
-[![FOSSA Status](https://app.fossa.com/api/projects/git%2Bgithub.com%2Fargoproj%2Fargo-cd.svg?type=shield)](https://app.fossa.com/projects/git%2Bgithub.com%2Fargoproj%2Fargo-cd?ref=badge_shield)
-
-**Social:**
-[![Twitter Follow](https://img.shields.io/twitter/follow/argoproj?style=social)](https://twitter.com/argoproj)
-[![Slack](https://img.shields.io/badge/slack-argoproj-brightgreen.svg?logo=slack)](https://argoproj.github.io/community/join-slack)
-
 # Argo CD - Declarative Continuous Delivery for Kubernetes

 ## What is Argo CD?
@@ -81,7 +69,7 @@ Participation in the Argo CD project is governed by the [CNCF Code of Conduct](h
 1. [Applied GitOps with Argo CD](https://thenewstack.io/applied-gitops-with-argocd/)
 1. [Solving configuration drift using GitOps with Argo CD](https://www.cncf.io/blog/2020/12/17/solving-configuration-drift-using-gitops-with-argo-cd/)
 1. [Decentralized GitOps over environments](https://blogs.sap.com/2021/05/06/decentralized-gitops-over-environments/)
+1. [How GitOps and Operators mark the rise of Infrastructure-As-Software](https://paytmlabs.com/blog/2021/10/how-to-improve-operational-work-with-operators-and-gitops/)
 1. [Getting Started with ArgoCD for GitOps Deployments](https://youtu.be/AvLuplh1skA)
 1. [Using Argo CD & Datree for Stable Kubernetes CI/CD Deployments](https://youtu.be/17894DTru2Y)
-1. [How to create Argo CD Applications Automatically using ApplicationSet? "Automation of GitOps"](https://amralaayassen.medium.com/how-to-create-argocd-applications-automatically-using-applicationset-automation-of-the-gitops-59455eaf4f72)

--- a/SECURITY.md
+++ b/SECURITY.md
@@ -1,6 +1,6 @@
 # Security Policy for Argo CD

-Version: **v1.5 (2023-03-06)**
+Version: **v1.4 (2022-01-23)**

 ## Preface

@@ -35,11 +35,13 @@ impact on Argo CD before opening an issue at least roughly.

 ## Supported Versions

-We currently support the last 3 minor versions of Argo CD with security and bug fixes.
+We currently support the most recent release (`N`, e.g. `1.8`) and the release
+previous to the most recent one (`N-1`, e.g. `1.7`). With the release of
+`N+1`, `N-1` drops out of support and `N` becomes `N-1`.

 We regularly perform patch releases (e.g. `1.8.5` and `1.7.12`) for the
 supported versions, which will contain fixes for security vulnerabilities and
-important bugs. Prior releases might receive critical security fixes on best
+important bugs. Prior releases might receive critical security fixes on a best
 effort basis, however, it cannot be guaranteed that security fixes get
 back-ported to these unsupported versions.

@@ -59,28 +61,14 @@ and disclosure with you. Sometimes, it might take a little longer for us to
 react (e.g. out of office conditions), so please bear with us in these cases.

 We will publish security advisories using the
-[GitHub Security Advisories](https://github.com/argoproj/argo-cd/security/advisories)
-feature to keep our community well-informed, and will credit you for your
+[Git Hub Security Advisories](https://github.com/argoproj/argo-cd/security/advisories)
+feature to keep our community well informed, and will credit you for your
 findings (unless you prefer to stay anonymous, of course).

 Please report vulnerabilities by e-mail to the following address:

 * cncf-argo-security@lists.cncf.io

-## Internet Bug Bounty collaboration
-
-We're happy to announce that the Argo project is collaborating with the great
-folks over at
-[Hacker One](https://hackerone.com/) and their
-[Internet Bug Bounty program](https://hackerone.com/ibb)
-to reward the awesome people who find security vulnerabilities in the four
-main Argo projects (CD, Events, Rollouts and Workflows) and then work with
-us to fix and disclose them in a responsible manner.
-
-If you report a vulnerability to us as outlined in this security policy, we
-will work together with you to find out whether your finding is eligible for
-claiming a bounty, and also on how to claim it.
-
 ## Securing your Argo CD Instance

 See the [operator manual security page](docs/operator-manual/security.md) for
--- a/2
+++ b/2
@@ -1,7 +1,7 @@
 # Defined below are the security contacts for this repo.
 #
 # DO NOT REPORT SECURITY VULNERABILITIES DIRECTLY TO THESE NAMES, FOLLOW THE
-# INSTRUCTIONS AT https://github.com/argoproj/argo-cd/security/policy
+# INSTRUCTIONS AT https://argo-cd.readthedocs.io/en/latest/security_considerations/#reporting-vulnerabilities

 alexmt
 edlee2121
--- a/USERS.md
+++ b/USERS.md
@@ -11,7 +11,6 @@ Currently, the following organizations are **officially** using Argo CD:
 1. [Adevinta](https://www.adevinta.com/)
 1. [Adfinis](https://adfinis.com)
 1. [Adventure](https://jp.adventurekk.com/)
-1. [Adyen](https://www.adyen.com)
 1. [AirQo](https://airqo.net/)
 1. [Akuity](https://akuity.io/)
 1. [Alibaba Group](https://www.alibabagroup.com/)
@@ -24,7 +23,6 @@ Currently, the following organizations are **officially** using Argo CD:
 1. [Arctiq Inc.](https://www.arctiq.ca)
 1. [ARZ Allgemeines Rechenzentrum GmbH](https://www.arz.at/)
 1. [Axual B.V.](https://axual.com)
-1. [Back Market](https://www.backmarket.com)
 1. [Baloise](https://www.baloise.com)
 1. [BCDevExchange DevOps Platform](https://bcdevexchange.org/DevOpsPlatform)
 1. [Beat](https://thebeat.co/en/)
@@ -33,7 +31,6 @@ Currently, the following organizations are **officially** using Argo CD:
 1. [BigPanda](https://bigpanda.io)
 1. [BioBox Analytics](https://biobox.io)
 1. [BMW Group](https://www.bmwgroup.com/)
-1. [PT Boer Technology (Btech)](https://btech.id/)
 1. [Boozt](https://www.booztgroup.com/)
 1. [Boticario](https://www.boticario.com.br/)
 1. [Bulder Bank](https://bulderbank.no)
@@ -47,9 +44,7 @@ Currently, the following organizations are **officially** using Argo CD:
 1. [Chargetrip](https://chargetrip.com)
 1. [Chime](https://www.chime.com)
 1. [Cisco ET&I](https://eti.cisco.com/)
-1. [Cloud Posse](https://www.cloudposse.com/)
 1. [Cloud Scale](https://cloudscaleinc.com/)
-1. [Cloudmate](https://cloudmt.co.kr/)
 1. [Cobalt](https://www.cobalt.io/)
 1. [Codefresh](https://www.codefresh.io/)
 1. [Codility](https://www.codility.com/)
@@ -65,7 +60,6 @@ Currently, the following organizations are **officially** using Argo CD:
 1. [Deutsche Telekom AG](https://telekom.com)
 1. [Devopsi - Poland Software/DevOps Consulting](https://devopsi.pl/)
 1. [Devtron Labs](https://github.com/devtron-labs/devtron)
-1. [DigitalOcean](https://www.digitalocean.com)
 1. [Divistant](https://divistant.com)
 1. [Doximity](https://www.doximity.com/)
 1. [EDF Renewables](https://www.edf-re.com/)
@@ -78,7 +72,6 @@ Currently, the following organizations are **officially** using Argo CD:
 1. [Energisme](https://energisme.com/)
 1. [enigmo](https://enigmo.co.jp/)
 1. [Envoy](https://envoy.com/)
-1. [Farfetch](https://www.farfetch.com)
 1. [Faro](https://www.faro.com/)
 1. [Fave](https://myfave.com)
 1. [Flip](https://flip.id)
@@ -96,12 +89,10 @@ Currently, the following organizations are **officially** using Argo CD:
 1. [gloat](https://gloat.com/)
 1. [GLOBIS](https://globis.com)
 1. [Glovo](https://www.glovoapp.com)
-1. [GlueOps](https://glueops.dev)
 1. [GMETRI](https://gmetri.com/)
 1. [Gojek](https://www.gojek.io/)
 1. [Greenpass](https://www.greenpass.com.br/)
 1. [Gridfuse](https://gridfuse.com/)
-1. [Groww](https://groww.in)
 1. [Grupo MasMovil](https://grupomasmovil.com/en/)
 1. [Handelsbanken](https://www.handelsbanken.se)
 1. [Healy](https://www.healyworld.net)
@@ -138,7 +129,6 @@ Currently, the following organizations are **officially** using Argo CD:
 1. [Liatrio](https://www.liatrio.com)
 1. [Lightricks](https://www.lightricks.com/)
 1. [LINE](https://linecorp.com/en/)
-1. [Loom](https://www.loom.com/)
 1. [Lytt](https://www.lytt.co/)
 1. [Magic Leap](https://www.magicleap.com/)
 1. [Majid Al Futtaim](https://www.majidalfuttaim.com/)
@@ -164,19 +154,15 @@ Currently, the following organizations are **officially** using Argo CD:
 1. [Nextdoor](https://nextdoor.com/)
 1. [Nikkei](https://www.nikkei.co.jp/nikkeiinfo/en/)
 1. [Nitro](https://gonitro.com)
-1. [NYCU, CS IT Center](https://it.cs.nycu.edu.tw)
 1. [Objective](https://www.objective.com.br/)
 1. [OCCMundial](https://occ.com.mx)
 1. [Octadesk](https://octadesk.com)
 1. [omegaUp](https://omegaUp.com)
-1. [Omni](https://omni.se/)
 1. [openEuler](https://openeuler.org)
 1. [openGauss](https://opengauss.org/)
-1. [OpenGov](https://opengov.com)
 1. [openLooKeng](https://openlookeng.io)
 1. [OpenSaaS Studio](https://opensaas.studio)
 1. [Opensurvey](https://www.opensurvey.co.kr/)
-1. [OpsMx](https://opsmx.io)
 1. [OpsVerse](https://opsverse.io)
 1. [Optoro](https://www.optoro.com/)
 1. [Orbital Insight](https://orbitalinsight.com/)
@@ -187,11 +173,9 @@ Currently, the following organizations are **officially** using Argo CD:
 1. [Patreon](https://www.patreon.com/)
 1. [PayPay](https://paypay.ne.jp/)
 1. [Peloton Interactive](https://www.onepeloton.com/)
-1. [PGS](https://www.pgs.com)
 1. [Pigment](https://www.gopigment.com/)
 1. [Pipefy](https://www.pipefy.com/)
 1. [Pismo](https://pismo.io/)
-1. [Platform9 Systems](https://platform9.com/)
 1. [Polarpoint.io](https://polarpoint.io)
 1. [PostFinance](https://github.com/postfinance)
 1. [Preferred Networks](https://preferred.jp/en/)
@@ -205,7 +189,6 @@ Currently, the following organizations are **officially** using Argo CD:
 1. [Recreation.gov](https://www.recreation.gov/)
 1. [Red Hat](https://www.redhat.com/)
 1. [Redpill Linpro](https://www.redpill-linpro.com/)
-1. [Reenigne Cloud](https://reenigne.ca)
 1. [reev.com](https://www.reev.com/)
 1. [RightRev](https://rightrev.com/)
 1. [Rise](https://www.risecard.eu/)
@@ -215,14 +198,12 @@ Currently, the following organizations are **officially** using Argo CD:
 1. [Saildrone](https://www.saildrone.com/)
 1. [Saloodo! GmbH](https://www.saloodo.com)
 1. [Sap Labs](http://sap.com)
-1. [Sauce Labs](https://saucelabs.com/)
 1. [Schwarz IT](https://jobs.schwarz/it-mission)
 1. [SI Analytics](https://si-analytics.ai)
 1. [Skit](https://skit.ai/)
 1. [Skyscanner](https://www.skyscanner.net/)
 1. [Smart Pension](https://www.smartpension.co.uk/)
 1. [Smilee.io](https://smilee.io)
-1. [Smood.ch](https://www.smood.ch/)
 1. [Snapp](https://snapp.ir/)
 1. [Snyk](https://snyk.io/)
 1. [Softway Medical](https://www.softwaymedical.fr/)
@@ -260,7 +241,6 @@ Currently, the following organizations are **officially** using Argo CD:
 1. [Unifonic Inc](https://www.unifonic.com/)
 1. [Universidad Mesoamericana](https://www.umes.edu.gt/)
 1. [Urbantz](https://urbantz.com/)
-1. [Vectra](https://www.vectra.ai)
 1. [Viaduct](https://www.viaduct.ai/)
 1. [Vinted](https://vinted.com/)
 1. [Virtuo](https://www.govirtuo.com/)
--- a/2
+++ b/2
@@ -1 +1 @@
-2.7.18
+2.6.9
--- a/applicationset/controllers/applicationset_controller.go
+++ b/applicationset/controllers/applicationset_controller.go
@@ -17,7 +17,6 @@ package controllers
 import (
 	"context"
 	"fmt"
-	"reflect"
 	"time"

 	log "github.com/sirupsen/logrus"
@@ -30,12 +29,9 @@ import (
 	"k8s.io/client-go/kubernetes"
 	"k8s.io/client-go/tools/record"
 	ctrl "sigs.k8s.io/controller-runtime"
-	"sigs.k8s.io/controller-runtime/pkg/builder"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
-	"sigs.k8s.io/controller-runtime/pkg/event"
 	"sigs.k8s.io/controller-runtime/pkg/handler"
-	"sigs.k8s.io/controller-runtime/pkg/predicate"
 	"sigs.k8s.io/controller-runtime/pkg/source"

 	"github.com/argoproj/argo-cd/v2/applicationset/generators"
@@ -46,8 +42,6 @@ import (
 	argov1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
 	appclientset "github.com/argoproj/argo-cd/v2/pkg/client/clientset/versioned"
 	argoutil "github.com/argoproj/argo-cd/v2/util/argo"
-
-	"github.com/argoproj/argo-cd/v2/pkg/apis/application"
 )

 const (
@@ -59,7 +53,7 @@ const (
 )

 var (
-	defaultPreservedAnnotations = []string{
+	preservedAnnotations = []string{
 		NotifiedAnnotationKey,
 		argov1alpha1.AnnotationKeyRefresh,
 	}
@@ -148,30 +142,19 @@ func (r *ApplicationSetReconciler) Reconcile(ctx context.Context, req ctrl.Reque
 	// appSyncMap tracks which apps will be synced during this reconciliation.
 	appSyncMap := map[string]bool{}

-	if r.EnableProgressiveSyncs {
-		if applicationSetInfo.Spec.Strategy == nil && len(applicationSetInfo.Status.ApplicationStatus) > 0 {
-			// If appset used progressive sync but stopped, clean up the progressive sync application statuses
-			log.Infof("Removing %v unnecessary AppStatus entries from ApplicationSet %v", len(applicationSetInfo.Status.ApplicationStatus), applicationSetInfo.Name)
+	if r.EnableProgressiveSyncs && applicationSetInfo.Spec.Strategy != nil {
+		applications, err := r.getCurrentApplications(ctx, applicationSetInfo)
+		if err != nil {
+			return ctrl.Result{}, fmt.Errorf("failed to get current applications for application set: %w", err)
+		}

-			err := r.setAppSetApplicationStatus(ctx, &applicationSetInfo, []argov1alpha1.ApplicationSetApplicationStatus{})
-			if err != nil {
-				return ctrl.Result{}, fmt.Errorf("failed to clear previous AppSet application statuses for %v: %w", applicationSetInfo.Name, err)
-			}
-		} else if applicationSetInfo.Spec.Strategy != nil {
-			// appset uses progressive sync
-			applications, err := r.getCurrentApplications(ctx, applicationSetInfo)
-			if err != nil {
-				return ctrl.Result{}, fmt.Errorf("failed to get current applications for application set: %w", err)
-			}
+		for _, app := range applications {
+			appMap[app.Name] = app
+		}

-			for _, app := range applications {
-				appMap[app.Name] = app
-			}
-
-			appSyncMap, err = r.performProgressiveSyncs(ctx, applicationSetInfo, applications, desiredApplications, appMap)
-			if err != nil {
-				return ctrl.Result{}, fmt.Errorf("failed to perform progressive sync reconciliation for application set: %w", err)
-			}
+		appSyncMap, err = r.performProgressiveSyncs(ctx, applicationSetInfo, applications, desiredApplications, appMap)
+		if err != nil {
+			return ctrl.Result{}, fmt.Errorf("failed to perform progressive sync reconciliation for application set: %w", err)
 		}
 	}

@@ -288,6 +271,7 @@ func (r *ApplicationSetReconciler) Reconcile(ctx context.Context, req ctrl.Reque
 	}

 	requeueAfter := r.getMinRequeueAfter(&applicationSetInfo)
+	logCtx.WithField("requeueAfter", requeueAfter).Info("end reconcile")

 	if len(validateErrors) == 0 {
 		if err := r.setApplicationSetStatusCondition(ctx,
@@ -301,13 +285,8 @@ func (r *ApplicationSetReconciler) Reconcile(ctx context.Context, req ctrl.Reque
 		); err != nil {
 			return ctrl.Result{}, err
 		}
-	} else if requeueAfter == time.Duration(0) {
-		// Ensure that the request is requeued if there are validation errors.
-		requeueAfter = ReconcileRequeueOnValidationError
 	}

-	logCtx.WithField("requeueAfter", requeueAfter).Info("end reconcile")
-
 	return ctrl.Result{
 		RequeueAfter: requeueAfter,
 	}, nil
@@ -533,7 +512,7 @@ func (r *ApplicationSetReconciler) generateApplications(applicationSetInfo argov
 	return res, applicationSetReason, firstError
 }

-func (r *ApplicationSetReconciler) SetupWithManager(mgr ctrl.Manager, enableProgressiveSyncs bool) error {
+func (r *ApplicationSetReconciler) SetupWithManager(mgr ctrl.Manager) error {
 	if err := mgr.GetFieldIndexer().IndexField(context.TODO(), &argov1alpha1.Application{}, ".metadata.controller", func(rawObj client.Object) []string {
 		// grab the job object, extract the owner...
 		app := rawObj.(*argov1alpha1.Application)
@@ -552,11 +531,9 @@ func (r *ApplicationSetReconciler) SetupWithManager(mgr ctrl.Manager, enableProg
 		return fmt.Errorf("error setting up with manager: %w", err)
 	}

-	ownsHandler := getOwnsHandlerPredicates(enableProgressiveSyncs)
-
 	return ctrl.NewControllerManagedBy(mgr).
 		For(&argov1alpha1.ApplicationSet{}).
-		Owns(&argov1alpha1.Application{}, builder.WithPredicates(ownsHandler)).
+		Owns(&argov1alpha1.Application{}).
 		Watches(
 			&source.Kind{Type: &corev1.Secret{}},
 			&clusterSecretEventHandler{
@@ -580,16 +557,13 @@ func (r *ApplicationSetReconciler) createOrUpdateInCluster(ctx context.Context,
 		appLog := log.WithFields(log.Fields{"app": generatedApp.Name, "appSet": applicationSet.Name})
 		generatedApp.Namespace = applicationSet.Namespace

-		// Normalize to avoid fighting with the application controller.
-		generatedApp.Spec = *argoutil.NormalizeApplicationSpec(&generatedApp.Spec)
-
 		found := &argov1alpha1.Application{
 			ObjectMeta: metav1.ObjectMeta{
 				Name:      generatedApp.Name,
 				Namespace: generatedApp.Namespace,
 			},
 			TypeMeta: metav1.TypeMeta{
-				Kind:       application.ApplicationKind,
+				Kind:       "Application",
 				APIVersion: "argoproj.io/v1alpha1",
 			},
 		}
@@ -603,15 +577,9 @@ func (r *ApplicationSetReconciler) createOrUpdateInCluster(ctx context.Context,
 				found.Operation = generatedApp.Operation
 			}

-			preservedAnnotations := make([]string, 0)
-			if applicationSet.Spec.PreservedFields != nil {
-				preservedAnnotations = append(preservedAnnotations, applicationSet.Spec.PreservedFields.Annotations...)
-			}
 			// Preserve specially treated argo cd annotations:
 			// * https://github.com/argoproj/applicationset/issues/180
 			// * https://github.com/argoproj/argo-cd/issues/10500
-			preservedAnnotations = append(preservedAnnotations, defaultPreservedAnnotations...)
-
 			for _, key := range preservedAnnotations {
 				if state, exists := found.ObjectMeta.Annotations[key]; exists {
 					if generatedApp.Annotations == nil {
@@ -869,21 +837,45 @@ func (r *ApplicationSetReconciler) buildAppDependencyList(ctx context.Context, a

 			selected := true // default to true, assuming the current Application is a match for the given step matchExpression

+			allNotInMatched := true // needed to support correct AND behavior between multiple NotIn MatchExpressions
+			notInUsed := false      // since we default to allNotInMatched == true, track whether a NotIn expression was actually used
+
 			for _, matchExpression := range step.MatchExpressions {

-				if val, ok := app.Labels[matchExpression.Key]; ok {
-					valueMatched := labelMatchedExpression(val, matchExpression)
+				if matchExpression.Operator == "In" {
+					if val, ok := app.Labels[matchExpression.Key]; ok {
+						valueMatched := labelMatchedExpression(val, matchExpression)

-					if !valueMatched { // none of the matchExpression values was a match with the Application'ss labels
-						selected = false
+						if !valueMatched { // none of the matchExpression values was a match with the Application'ss labels
+							selected = false
+							break
+						}
+					} else {
+						selected = false // no matching label key with In means this Application will not be included in the current step
 						break
 					}
-				} else if matchExpression.Operator == "In" {
-					selected = false // no matching label key with "In" operator means this Application will not be included in the current step
+				} else if matchExpression.Operator == "NotIn" {
+					notInUsed = true // a NotIn selector was used in this matchExpression
+					if val, ok := app.Labels[matchExpression.Key]; ok {
+						valueMatched := labelMatchedExpression(val, matchExpression)
+
+						if !valueMatched { // none of the matchExpression values was a match with the Application's labels
+							allNotInMatched = false
+						}
+					} else {
+						allNotInMatched = false // no matching label key with NotIn means this Application may still be included in the current step
+					}
+				} else { // handle invalid operator selection
+					log.Warnf("skipping AppSet rollingUpdate step Application selection for %q, invalid matchExpression operator provided: %q ", applicationSet.Name, matchExpression.Operator)
+					selected = false
 					break
 				}
 			}

+			if notInUsed && allNotInMatched { // check if all NotIn Expressions matched, if so exclude this Application
+				selected = false
+			}
+
 			if selected {
 				appDependencyList[i] = append(appDependencyList[i], app.Name)
 				if val, ok := appStepMap[app.Name]; ok {
@@ -899,20 +891,11 @@ func (r *ApplicationSetReconciler) buildAppDependencyList(ctx context.Context, a
 }

 func labelMatchedExpression(val string, matchExpression argov1alpha1.ApplicationMatchExpression) bool {
-	if matchExpression.Operator != "In" && matchExpression.Operator != "NotIn" {
-		log.Errorf("skipping AppSet rollingUpdate step Application selection, invalid matchExpression operator provided: %q ", matchExpression.Operator)
-		return false
-	}
-
-	// if operator == In, default to false
-	// if operator == NotIn, default to true
-	valueMatched := matchExpression.Operator == "NotIn"
-
+	valueMatched := false
 	for _, value := range matchExpression.Values {
 		if val == value {
-			// first "In" match returns true
-			// first "NotIn" match returns false
-			return matchExpression.Operator == "In"
+			valueMatched = true
+			break
 		}
 	}
 	return valueMatched
@@ -1045,12 +1028,7 @@ func (r *ApplicationSetReconciler) updateApplicationSetApplicationStatus(ctx con
 		}

 		if currentAppStatus.Status == "Pending" {
-			// check for successful syncs started less than 10s before the Application transitioned to Pending
-			// this covers race conditions where syncs initiated by RollingSync miraculously have a sync time before the transition to Pending state occurred (could be a few seconds)
-			if operationPhaseString == "Succeeded" && app.Status.OperationState.StartedAt.Add(time.Duration(10)*time.Second).After(currentAppStatus.LastTransitionTime.Time) {
-				if !app.Status.OperationState.StartedAt.After(currentAppStatus.LastTransitionTime.Time) {
-					log.Warnf("Application %v was synced less than 10s prior to entering Pending status, we'll assume the AppSet controller triggered this sync and update its status to Progressing", app.Name)
-				}
+			if operationPhaseString == "Succeeded" && app.Status.OperationState.StartedAt.After(currentAppStatus.LastTransitionTime.Time) {
 				log.Infof("Application %v has completed a sync successfully, updating its ApplicationSet status to Progressing", app.Name)
 				currentAppStatus.LastTransitionTime = &now
 				currentAppStatus.Status = "Progressing"
@@ -1228,30 +1206,30 @@ func findApplicationStatusIndex(appStatuses []argov1alpha1.ApplicationSetApplica
 // with any new/changed Application statuses.
 func (r *ApplicationSetReconciler) setAppSetApplicationStatus(ctx context.Context, applicationSet *argov1alpha1.ApplicationSet, applicationStatuses []argov1alpha1.ApplicationSetApplicationStatus) error {
 	needToUpdateStatus := false
-
-	if len(applicationStatuses) != len(applicationSet.Status.ApplicationStatus) {
-		needToUpdateStatus = true
-	} else {
-		for i := range applicationStatuses {
-			appStatus := applicationStatuses[i]
-			idx := findApplicationStatusIndex(applicationSet.Status.ApplicationStatus, appStatus.Application)
-			if idx == -1 {
-				needToUpdateStatus = true
-				break
-			}
-			currentStatus := applicationSet.Status.ApplicationStatus[idx]
-			if currentStatus.Message != appStatus.Message || currentStatus.Status != appStatus.Status || currentStatus.Step != appStatus.Step {
-				needToUpdateStatus = true
-				break
-			}
+	for i := range applicationStatuses {
+		appStatus := applicationStatuses[i]
+		idx := findApplicationStatusIndex(applicationSet.Status.ApplicationStatus, appStatus.Application)
+		if idx == -1 {
+			needToUpdateStatus = true
+			break
+		}
+		currentStatus := applicationSet.Status.ApplicationStatus[idx]
+		if currentStatus.Message != appStatus.Message || currentStatus.Status != appStatus.Status {
+			needToUpdateStatus = true
+			break
 		}
 	}

 	if needToUpdateStatus {
+		// fetch updated Application Set object before updating it
 		namespacedName := types.NamespacedName{Namespace: applicationSet.Namespace, Name: applicationSet.Name}
+		if err := r.Get(ctx, namespacedName, applicationSet); err != nil {
+			if client.IgnoreNotFound(err) != nil {
+				return nil
+			}
+			return fmt.Errorf("error fetching updated application set: %v", err)
+		}

-		// rebuild ApplicationStatus from scratch, we don't need any previous status history
-		applicationSet.Status.ApplicationStatus = []argov1alpha1.ApplicationSetApplicationStatus{}
 		for i := range applicationStatuses {
 			applicationSet.Status.SetApplicationStatus(applicationStatuses[i])
 		}
@@ -1334,73 +1312,4 @@ func syncApplication(application argov1alpha1.Application, prune bool) (argov1al
 	return application, nil
 }

-func getOwnsHandlerPredicates(enableProgressiveSyncs bool) predicate.Funcs {
-	return predicate.Funcs{
-		CreateFunc: func(e event.CreateEvent) bool {
-			// if we are the owner and there is a create event, we most likely created it and do not need to
-			// re-reconcile
-			log.Debugln("received create event from owning an application")
-			return false
-		},
-		DeleteFunc: func(e event.DeleteEvent) bool {
-			log.Debugln("received delete event from owning an application")
-			return true
-		},
-		UpdateFunc: func(e event.UpdateEvent) bool {
-			log.Debugln("received update event from owning an application")
-			appOld, isApp := e.ObjectOld.(*argov1alpha1.Application)
-			if !isApp {
-				return false
-			}
-			appNew, isApp := e.ObjectNew.(*argov1alpha1.Application)
-			if !isApp {
-				return false
-			}
-			requeue := shouldRequeueApplicationSet(appOld, appNew, enableProgressiveSyncs)
-			log.Debugf("requeue: %t caused by application %s\n", requeue, appNew.Name)
-			return requeue
-		},
-		GenericFunc: func(e event.GenericEvent) bool {
-			log.Debugln("received generic event from owning an application")
-			return true
-		},
-	}
-}
-
-// shouldRequeueApplicationSet determines when we want to requeue an ApplicationSet for reconciling based on an owned
-// application change
-// The applicationset controller owns a subset of the Application CR.
-// We do not need to re-reconcile if parts of the application change outside the applicationset's control.
-// An example being, Application.ApplicationStatus.ReconciledAt which gets updated by the application controller.
-// Additionally, Application.ObjectMeta.ResourceVersion and Application.ObjectMeta.Generation which are set by K8s.
-func shouldRequeueApplicationSet(appOld *argov1alpha1.Application, appNew *argov1alpha1.Application, enableProgressiveSyncs bool) bool {
-	if appOld == nil || appNew == nil {
-		return false
-	}
-
-	// the applicationset controller owns the application spec, labels, annotations, and finalizers on the applications
-	if !reflect.DeepEqual(appOld.Spec, appNew.Spec) ||
-		!reflect.DeepEqual(appOld.ObjectMeta.GetAnnotations(), appNew.ObjectMeta.GetAnnotations()) ||
-		!reflect.DeepEqual(appOld.ObjectMeta.GetLabels(), appNew.ObjectMeta.GetLabels()) ||
-		!reflect.DeepEqual(appOld.ObjectMeta.GetFinalizers(), appNew.ObjectMeta.GetFinalizers()) {
-		return true
-	}
-
-	// progressive syncs use the application status for updates. if they differ, requeue to trigger the next progression
-	if enableProgressiveSyncs {
-		if appOld.Status.Health.Status != appNew.Status.Health.Status || appOld.Status.Sync.Status != appNew.Status.Sync.Status {
-			return true
-		}
-
-		if appOld.Status.OperationState != nil && appNew.Status.OperationState != nil {
-			if appOld.Status.OperationState.Phase != appNew.Status.OperationState.Phase ||
-				appOld.Status.OperationState.StartedAt != appNew.Status.OperationState.StartedAt {
-				return true
-			}
-		}
-	}
-
-	return false
-}
-
 var _ handler.EventHandler = &clusterSecretEventHandler{}
--- a/applicationset/controllers/applicationset_controller_test.go
+++ b/applicationset/controllers/applicationset_controller_test.go
--- a/applicationset/examples/list-generator/list-elementsYaml-example.yaml
+++ b/applicationset/examples/list-generator/list-elementsYaml-example.yaml
@@ -1,14 +0,0 @@
-key:
-  components:
-    - name: component1
-      chart: podinfo
-      version: "6.3.2"
-      releaseName: component1
-      repoUrl: "https://stefanprodan.github.io/podinfo"
-      namespace: component1
-    - name: component2
-      chart: podinfo
-      version: "6.3.3"
-      releaseName: component2
-      repoUrl: "ghcr.io/stefanprodan/charts"
-      namespace: component2
--- a/applicationset/generators/generator_spec_processor_test.go
+++ b/applicationset/generators/generator_spec_processor_test.go
@@ -75,9 +75,7 @@ func TestMatchValues(t *testing.T) {
 				ObjectMeta: metav1.ObjectMeta{
 					Name: "set",
 				},
-				Spec: argoprojiov1alpha1.ApplicationSetSpec{
-					GoTemplate: false,
-				},
+				Spec: argoprojiov1alpha1.ApplicationSetSpec{},
 			}

 			results, err := Transform(argoprojiov1alpha1.ApplicationSetGenerator{
@@ -172,6 +170,7 @@ func TestMatchValuesGoTemplate(t *testing.T) {
 				data,
 				emptyTemplate(),
 				&applicationSetInfo, nil)
+
 			assert.NoError(t, err)
 			assert.ElementsMatch(t, testCase.expected, results[0].Params)
 		})
--- a/applicationset/generators/git.go
+++ b/applicationset/generators/git.go
@@ -81,10 +81,10 @@ func (g *GitGenerator) generateParamsForGitDirectories(appSetGenerator *argoproj
 	}

 	log.WithFields(log.Fields{
-		"allPaths":        allPaths,
-		"total":           len(allPaths),
-		"repoURL":         appSetGenerator.Git.RepoURL,
-		"revision":        appSetGenerator.Git.Revision,
+		"allPaths": allPaths,
+		"total":    len(allPaths),
+		"repoURL":  appSetGenerator.Git.RepoURL,
+		"revision": appSetGenerator.Git.Revision,
 		"pathParamPrefix": appSetGenerator.Git.PathParamPrefix,
 	}).Info("applications result from the repo service")

@@ -127,7 +127,9 @@ func (g *GitGenerator) generateParamsForGitFiles(appSetGenerator *argoprojiov1al
 			return nil, fmt.Errorf("unable to process file '%s': %v", path, err)
 		}

-		res = append(res, paramsArray...)
+		for index := range paramsArray {
+			res = append(res, paramsArray[index])
+		}
 	}
 	return res, nil
 }
@@ -181,7 +183,7 @@ func (g *GitGenerator) generateParamsFromGitFile(filePath string, fileContent []
 			}
 			pathParamName := "path"
 			if pathParamPrefix != "" {
-				pathParamName = pathParamPrefix + "." + pathParamName
+				pathParamName = pathParamPrefix+"."+pathParamName
 			}
 			params[pathParamName] = path.Dir(filePath)
 			params[pathParamName+".basename"] = path.Base(params[pathParamName].(string))
@@ -249,7 +251,7 @@ func (g *GitGenerator) generateParamsFromApps(requestedApps []string, appSetGene
 		} else {
 			pathParamName := "path"
 			if appSetGenerator.Git.PathParamPrefix != "" {
-				pathParamName = appSetGenerator.Git.PathParamPrefix + "." + pathParamName
+				pathParamName = appSetGenerator.Git.PathParamPrefix+"."+pathParamName
 			}
 			params[pathParamName] = a
 			params[pathParamName+".basename"] = path.Base(a)
--- a/applicationset/generators/list.go
+++ b/applicationset/generators/list.go
@@ -6,7 +6,6 @@ import (
 	"time"

 	argoprojiov1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
-	"sigs.k8s.io/yaml"
 )

 var _ Generator = (*ListGenerator)(nil)
@@ -74,16 +73,5 @@ func (g *ListGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha1.Appli
 		}
 	}

-	// Append elements from ElementsYaml to the response
-	if len(appSetGenerator.List.ElementsYaml) > 0 {
-
-		var yamlElements []map[string]interface{}
-		err := yaml.Unmarshal([]byte(appSetGenerator.List.ElementsYaml), &yamlElements)
-		if err != nil {
-			return nil, fmt.Errorf("error unmarshling decoded ElementsYaml %v", err)
-		}
-		res = append(res, yamlElements...)	
-	}
-
 	return res, nil
 }
--- a/applicationset/generators/matrix_test.go
+++ b/applicationset/generators/matrix_test.go
@@ -837,174 +837,6 @@ func TestInterpolatedMatrixGenerateGoTemplate(t *testing.T) {
 	}
 }

-func TestMatrixGenerateListElementsYaml(t *testing.T) {
-
-	gitGenerator := &argoprojiov1alpha1.GitGenerator{
-		RepoURL:  "RepoURL",
-		Revision: "Revision",
-		Files: []argoprojiov1alpha1.GitFileGeneratorItem{
-			{Path: "config.yaml"},
-		},
-	}
-
-	listGenerator := &argoprojiov1alpha1.ListGenerator{
-		Elements: []apiextensionsv1.JSON{},
-		ElementsYaml: "{{ .foo.bar | toJson }}",
-	}
-
-	testCases := []struct {
-		name           string
-		baseGenerators []argoprojiov1alpha1.ApplicationSetNestedGenerator
-		expectedErr    error
-		expected       []map[string]interface{}
-	}{
-		{
-			name: "happy flow - generate params",
-			baseGenerators: []argoprojiov1alpha1.ApplicationSetNestedGenerator{
-				{
-					Git: gitGenerator,
-				},
-				{
-					List: listGenerator,
-				},
-			},
-			expected: []map[string]interface{}{
-				{
-					"chart":         "a",
-					"version":         "1",
-					"foo": map[string]interface{}{
-						"bar": []interface{}{
-							map[string]interface{}{
-								"chart": "a",
-								"version": "1",
-							},
-							map[string]interface{}{
-								"chart": "b",
-								"version": "2",
-							},
-						},
-					},
-					"path": map[string]interface{}{
-						"basename": "dir",
-						"basenameNormalized": "dir",
-						"filename": "file_name.yaml",
-						"filenameNormalized": "file-name.yaml",
-						"path": "path/dir",
-						"segments": []string {
-							"path",
-							"dir",
-						},
-					},
-				},
-				{
-					"chart":         "b",
-					"version":         "2",
-					"foo": map[string]interface{}{
-						"bar": []interface{}{
-							map[string]interface{}{
-								"chart": "a",
-								"version": "1",
-							},
-							map[string]interface{}{
-								"chart": "b",
-								"version": "2",
-							},
-						},
-					},
-					"path": map[string]interface{}{
-						"basename": "dir",
-						"basenameNormalized": "dir",
-						"filename": "file_name.yaml",
-						"filenameNormalized": "file-name.yaml",
-						"path": "path/dir",
-						"segments": []string {
-							"path",
-							"dir",
-						},
-					},
-				},
-
-			},
-		},
-	}
-
-	for _, testCase := range testCases {
-		testCaseCopy := testCase // Since tests may run in parallel
-
-		t.Run(testCaseCopy.name, func(t *testing.T) {
-			genMock := &generatorMock{}
-			appSet := &argoprojiov1alpha1.ApplicationSet{
-				ObjectMeta: metav1.ObjectMeta{
-					Name: "set",
-				},
-				Spec: argoprojiov1alpha1.ApplicationSetSpec{
-					GoTemplate: true,
-				},
-			}
-
-			for _, g := range testCaseCopy.baseGenerators {
-
-				gitGeneratorSpec := argoprojiov1alpha1.ApplicationSetGenerator{
-					Git:  g.Git,
-					List: g.List,
-				}
-				genMock.On("GenerateParams", mock.AnythingOfType("*v1alpha1.ApplicationSetGenerator"), appSet).Return([]map[string]any{{
-					"foo": map[string]interface{}{
-						"bar": []interface{}{
-							map[string]interface{}{
-								"chart": "a",
-								"version": "1",
-							},
-							map[string]interface{}{
-								"chart": "b",
-								"version": "2",
-							},
-						},
-					},
-					"path": map[string]interface{}{
-						"basename": "dir",
-						"basenameNormalized": "dir",
-						"filename": "file_name.yaml",
-						"filenameNormalized": "file-name.yaml",
-						"path": "path/dir",
-						"segments": []string {
-							"path",
-							"dir",
-						},
-					},
-
-				}}, nil)
-				genMock.On("GetTemplate", &gitGeneratorSpec).
-					Return(&argoprojiov1alpha1.ApplicationSetTemplate{})
-
-			}
-
-			var matrixGenerator = NewMatrixGenerator(
-				map[string]Generator{
-					"Git":  genMock,
-					"List": &ListGenerator{},
-				},
-			)
-
-			got, err := matrixGenerator.GenerateParams(&argoprojiov1alpha1.ApplicationSetGenerator{
-				Matrix: &argoprojiov1alpha1.MatrixGenerator{
-					Generators: testCaseCopy.baseGenerators,
-					Template:   argoprojiov1alpha1.ApplicationSetTemplate{},
-				},
-			}, appSet)
-
-			if testCaseCopy.expectedErr != nil {
-				assert.ErrorIs(t, err, testCaseCopy.expectedErr)
-			} else {
-				assert.NoError(t, err)
-				assert.Equal(t, testCaseCopy.expected, got)
-			}
-
-		})
-
-	}
-}
-
 type generatorMock struct {
 	mock.Mock
 }
--- a/applicationset/services/pull_request/bitbucket_server_test.go
+++ b/applicationset/services/pull_request/bitbucket_server_test.go
@@ -158,7 +158,7 @@ func TestListPullRequestBasicAuth(t *testing.T) {

 func TestListResponseError(t *testing.T) {
 	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		w.WriteHeader(http.StatusInternalServerError)
+		w.WriteHeader(500)
 	}))
 	defer ts.Close()
 	svc, _ := NewBitbucketServiceNoAuth(context.Background(), ts.URL, "PROJECT", "REPO")
--- a/applicationset/services/scm_provider/bitbucket_cloud.go
+++ b/applicationset/services/scm_provider/bitbucket_cloud.go
@@ -29,7 +29,7 @@ func (c *ExtendedClient) GetContents(repo *Repository, path string) (bool, error
 	urlStr += fmt.Sprintf("/repositories/%s/%s/src/%s/%s?format=meta", c.owner, repo.Repository, repo.SHA, path)
 	body := strings.NewReader("")

-	req, err := http.NewRequest(http.MethodGet, urlStr, body)
+	req, err := http.NewRequest("GET", urlStr, body)
 	if err != nil {
 		return false, err
 	}
--- a/applicationset/services/scm_provider/bitbucket_server.go
+++ b/applicationset/services/scm_provider/bitbucket_server.go
@@ -3,7 +3,6 @@ package scm_provider
 import (
 	"context"
 	"fmt"
-	"io"

 	"github.com/argoproj/argo-cd/v2/applicationset/utils"
 	bitbucketv1 "github.com/gfleury/go-bitbucket-v1"
@@ -184,9 +183,8 @@ func (b *BitbucketServerProvider) listBranches(repo *Repository) ([]bitbucketv1.

 func (b *BitbucketServerProvider) getDefaultBranch(org string, repo string) (*bitbucketv1.Branch, error) {
 	response, err := b.client.DefaultApi.GetDefaultBranch(org, repo)
-	// The API will return 404 if a default branch is set but doesn't exist. In case the repo is empty and default branch is unset,
-	// we will get an EOF and a nil response.
-	if (response != nil && response.StatusCode == 404) || (response == nil && err == io.EOF) {
+	if response != nil && response.StatusCode == 404 {
+		// There's no default branch i.e. empty repo, not an error
 		return nil, nil
 	}
 	if err != nil {
--- a/applicationset/services/scm_provider/bitbucket_server_test.go
+++ b/applicationset/services/scm_provider/bitbucket_server_test.go
@@ -347,7 +347,7 @@ func TestGetBranchesMissingDefault(t *testing.T) {
 		assert.Empty(t, r.Header.Get("Authorization"))
 		switch r.RequestURI {
 		case "/rest/api/1.0/projects/PROJECT/repos/REPO/branches/default":
-			http.Error(w, "Not found", http.StatusNotFound)
+			http.Error(w, "Not found", 404)
 		}
 		defaultHandler(t)(w, r)
 	}))
@@ -365,34 +365,12 @@ func TestGetBranchesMissingDefault(t *testing.T) {
 	assert.Empty(t, repos)
 }

-func TestGetBranchesEmptyRepo(t *testing.T) {
-	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		assert.Empty(t, r.Header.Get("Authorization"))
-		switch r.RequestURI {
-		case "/rest/api/1.0/projects/PROJECT/repos/REPO/branches/default":
-			return
-		}
-	}))
-	defer ts.Close()
-	provider, err := NewBitbucketServerProviderNoAuth(context.Background(), ts.URL, "PROJECT", false)
-	assert.NoError(t, err)
-	repos, err := provider.GetBranches(context.Background(), &Repository{
-		Organization: "PROJECT",
-		Repository:   "REPO",
-		URL:          "ssh://git@mycompany.bitbucket.org/PROJECT/REPO.git",
-		Labels:       []string{},
-		RepositoryId: 1,
-	})
-	assert.Empty(t, repos)
-	assert.NoError(t, err)
-}
-
 func TestGetBranchesErrorDefaultBranch(t *testing.T) {
 	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		assert.Empty(t, r.Header.Get("Authorization"))
 		switch r.RequestURI {
 		case "/rest/api/1.0/projects/PROJECT/repos/REPO/branches/default":
-			http.Error(w, "Internal server error", http.StatusInternalServerError)
+			http.Error(w, "Internal server error", 500)
 		}
 		defaultHandler(t)(w, r)
 	}))
@@ -464,7 +442,7 @@ func TestListReposMissingDefaultBranch(t *testing.T) {
 		assert.Empty(t, r.Header.Get("Authorization"))
 		switch r.RequestURI {
 		case "/rest/api/1.0/projects/PROJECT/repos/REPO/branches/default":
-			http.Error(w, "Not found", http.StatusNotFound)
+			http.Error(w, "Not found", 404)
 		}
 		defaultHandler(t)(w, r)
 	}))
@@ -481,7 +459,7 @@ func TestListReposErrorDefaultBranch(t *testing.T) {
 		assert.Empty(t, r.Header.Get("Authorization"))
 		switch r.RequestURI {
 		case "/rest/api/1.0/projects/PROJECT/repos/REPO/branches/default":
-			http.Error(w, "Internal server error", http.StatusInternalServerError)
+			http.Error(w, "Internal server error", 500)
 		}
 		defaultHandler(t)(w, r)
 	}))
@@ -538,17 +516,17 @@ func TestBitbucketServerHasPath(t *testing.T) {
 			_, err = io.WriteString(w, `{"type":"FILE"}`)

 		case "/rest/api/1.0/projects/PROJECT/repos/REPO/browse/anotherpkg/missing.txt?at=main&limit=100&type=true":
-			http.Error(w, "The path \"anotherpkg/missing.txt\" does not exist at revision \"main\"", http.StatusNotFound)
+			http.Error(w, "The path \"anotherpkg/missing.txt\" does not exist at revision \"main\"", 404)
 		case "/rest/api/1.0/projects/PROJECT/repos/REPO/browse/notathing?at=main&limit=100&type=true":
-			http.Error(w, "The path \"notathing\" does not exist at revision \"main\"", http.StatusNotFound)
+			http.Error(w, "The path \"notathing\" does not exist at revision \"main\"", 404)

 		case "/rest/api/1.0/projects/PROJECT/repos/REPO/browse/return-redirect?at=main&limit=100&type=true":
-			http.Redirect(w, r, "http://"+r.Host+"/rest/api/1.0/projects/PROJECT/repos/REPO/browse/redirected?at=main&limit=100&type=true", http.StatusMovedPermanently)
+			http.Redirect(w, r, "http://"+r.Host+"/rest/api/1.0/projects/PROJECT/repos/REPO/browse/redirected?at=main&limit=100&type=true", 301)
 		case "/rest/api/1.0/projects/PROJECT/repos/REPO/browse/redirected?at=main&limit=100&type=true":
 			_, err = io.WriteString(w, `{"type":"DIRECTORY"}`)

 		case "/rest/api/1.0/projects/PROJECT/repos/REPO/browse/unauthorized-response?at=main&limit=100&type=true":
-			http.Error(w, "Authentication failed", http.StatusUnauthorized)
+			http.Error(w, "Authentication failed", 401)

 		default:
 			t.Fail()
--- a/applicationset/services/scm_provider/gitea.go
+++ b/applicationset/services/scm_provider/gitea.go
@@ -47,7 +47,7 @@ func NewGiteaProvider(ctx context.Context, owner, token, url string, allBranches
 func (g *GiteaProvider) GetBranches(ctx context.Context, repo *Repository) ([]*Repository, error) {
 	if !g.allBranches {
 		branch, status, err := g.client.GetRepoBranch(g.owner, repo.Repository, repo.Branch)
-		if status.StatusCode == http.StatusNotFound {
+		if status.StatusCode == 404 {
 			return nil, fmt.Errorf("got 404 while getting default branch %q for repo %q - check your repo config: %w", repo.Branch, repo.Repository, err)
 		}
 		if err != nil {
--- a/applicationset/services/scm_provider/gitea_test.go
+++ b/applicationset/services/scm_provider/gitea_test.go
@@ -247,7 +247,7 @@ func giteaMockHandler(t *testing.T) func(http.ResponseWriter, *http.Request) {
 			_, err := io.WriteString(w, testdata.ReposGiteaGoSdkContentsGiteaResponse)
 			require.NoError(t, err)
 		case "/api/v1/repos/gitea/go-sdk/contents/notathing?ref=master":
-			w.WriteHeader(http.StatusNotFound)
+			w.WriteHeader(404)
 			_, err := io.WriteString(w, `{"errors":["object does not exist [id: , rel_path: notathing]"],"message":"GetContentsOrList","url":"https://gitea.com/api/swagger"}`)
 			require.NoError(t, err)
 		default:
--- a/applicationset/services/scm_provider/github.go
+++ b/applicationset/services/scm_provider/github.go
@@ -4,7 +4,6 @@ import (
 	"context"
 	"errors"
 	"fmt"
-	"net/http"
 	"os"

 	"github.com/google/go-github/v35/github"
@@ -124,7 +123,7 @@ func (g *GithubProvider) listBranches(ctx context.Context, repo *Repository) ([]
 		if err != nil {
 			var githubErrorResponse *github.ErrorResponse
 			if errors.As(err, &githubErrorResponse) {
-				if githubErrorResponse.Response.StatusCode == http.StatusNotFound {
+				if githubErrorResponse.Response.StatusCode == 404 {
 					// Default branch doesn't exist, so the repo is empty.
 					return []github.Branch{}, nil
 				}
--- a/applicationset/services/scm_provider/github_test.go
+++ b/applicationset/services/scm_provider/github_test.go
@@ -196,7 +196,7 @@ func githubMockHandler(t *testing.T) func(http.ResponseWriter, *http.Request) {
 				t.Fail()
 			}
 		default:
-			w.WriteHeader(http.StatusNotFound)
+			w.WriteHeader(404)
 		}
 	}
 }
--- a/applicationset/utils/utils.go
+++ b/applicationset/utils/utils.go
@@ -267,10 +267,7 @@ func (r *Render) Replace(tmpl string, replaceMap map[string]interface{}, useGoTe
 		return tmpl, nil
 	}

-	fstTmpl, err := fasttemplate.NewTemplate(tmpl, "{{", "}}")
-	if err != nil {
-		return "", fmt.Errorf("invalid template: %w", err)
-	}
+	fstTmpl := fasttemplate.New(tmpl, "{{", "}}")
 	replacedTmpl := fstTmpl.ExecuteFuncString(func(w io.Writer, tag string) (int, error) {
 		trimmedTag := strings.TrimSpace(tag)
 		replacement, ok := replaceMap[trimmedTag].(string)
--- a/applicationset/utils/utils_test.go
+++ b/applicationset/utils/utils_test.go
@@ -464,14 +464,6 @@ func TestRenderTemplateParamsGoTemplate(t *testing.T) {
 	}
 }

-func Test_Render_Replace_no_panic_on_missing_closing_brace(t *testing.T) {
-	r := &Render{}
-	assert.NotPanics(t, func() {
-		_, err := r.Replace("{{properly.closed}} {{improperly.closed}", nil, false)
-		assert.Error(t, err)
-	})
-}
-
 func TestRenderTemplateKeys(t *testing.T) {
 	t.Run("fasttemplate", func(t *testing.T) {
 		application := &argoappsv1.Application{
--- a/applicationset/webhook/webhook.go
+++ b/applicationset/webhook/webhook.go
@@ -133,7 +133,7 @@ func (h *WebhookHandler) Handler(w http.ResponseWriter, r *http.Request) {
 	if err != nil {
 		log.Infof("Webhook processing failed: %s", err)
 		status := http.StatusBadRequest
-		if r.Method != http.MethodPost {
+		if r.Method != "POST" {
 			status = http.StatusMethodNotAllowed
 		}
 		http.Error(w, fmt.Sprintf("Webhook processing failed: %s", html.EscapeString(err.Error())), status)
--- a/applicationset/webhook/webhook_test.go
+++ b/applicationset/webhook/webhook_test.go
@@ -177,7 +177,7 @@ func TestWebhookHandler(t *testing.T) {
 			h, err := NewWebhookHandler(namespace, set, fc, mockGenerators())
 			assert.Nil(t, err)

-			req := httptest.NewRequest(http.MethodPost, "/api/webhook", nil)
+			req := httptest.NewRequest("POST", "/api/webhook", nil)
 			req.Header.Set(test.headerKey, test.headerValue)
 			eventJSON, err := os.ReadFile(filepath.Join("testdata", test.payloadFile))
 			assert.NoError(t, err)
--- a/assets/swagger.json
+++ b/assets/swagger.json
@@ -5705,17 +5705,6 @@
        }
      }
    },
-    "v1alpha1ApplicationPreservedFields": {
-      "type": "object",
-      "properties": {
-        "annotations": {
-          "type": "array",
-          "items": {
-            "type": "string"
-          }
-        }
-      }
-    },
    "v1alpha1ApplicationSet": {
      "type": "object",
      "title": "ApplicationSet is a set of Application resources\n+genclient\n+genclient:noStatus\n+k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object\n+kubebuilder:resource:path=applicationsets,shortName=appset;appsets\n+kubebuilder:subresource:status",
@@ -5900,9 +5889,6 @@
        "goTemplate": {
          "type": "boolean"
        },
-        "preservedFields": {
-          "$ref": "#/definitions/v1alpha1ApplicationPreservedFields"
-        },
        "strategy": {
          "$ref": "#/definitions/v1alpha1ApplicationSetStrategy"
        },
@@ -6145,10 +6131,6 @@
            "type": "string"
          }
        },
-        "commonAnnotationsEnvsubst": {
-          "type": "boolean",
-          "title": "CommonAnnotationsEnvsubst specifies whether to apply env variables substitution for annotation values"
-        },
        "commonLabels": {
          "type": "object",
          "title": "CommonLabels is a list of additional labels to add to rendered manifests",
@@ -6179,17 +6161,6 @@
          "type": "string",
          "title": "NameSuffix is a suffix appended to resources for Kustomize apps"
        },
-        "namespace": {
-          "type": "string",
-          "title": "Namespace sets the namespace that Kustomize adds to all resources"
-        },
-        "replicas": {
-          "type": "array",
-          "title": "Replicas is a list of Kustomize Replicas override specifications",
-          "items": {
-            "$ref": "#/definitions/v1alpha1KustomizeReplica"
-          }
-        },
        "version": {
          "type": "string",
          "title": "Version controls which version of Kustomize to use for rendering manifests"
@@ -7022,18 +6993,6 @@
        }
      }
    },
-    "v1alpha1KustomizeReplica": {
-      "type": "object",
-      "properties": {
-        "count": {
-          "$ref": "#/definitions/intstrIntOrString"
-        },
-        "name": {
-          "type": "string",
-          "title": "Name of Deployment or StatefulSet"
-        }
-      }
-    },
    "v1alpha1ListGenerator": {
      "type": "object",
      "title": "ListGenerator include items info",
@@ -7044,9 +7003,6 @@
            "$ref": "#/definitions/v1JSON"
          }
        },
-        "elementsYaml": {
-          "type": "string"
-        },
        "template": {
          "$ref": "#/definitions/v1alpha1ApplicationSetTemplate"
        }
--- a/cmd/argocd-application-controller/commands/argocd_application_controller.go
+++ b/cmd/argocd-application-controller/commands/argocd_application_controller.go
@@ -7,7 +7,7 @@ import (
 	"time"

 	"github.com/argoproj/pkg/stats"
-	"github.com/redis/go-redis/v9"
+	"github.com/go-redis/redis/v8"
 	log "github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
 	"k8s.io/client-go/kubernetes"
@@ -188,7 +188,7 @@ func NewCommand() *cobra.Command {
 	command.Flags().IntVar(&metricsPort, "metrics-port", common.DefaultPortArgoCDMetrics, "Start metrics server on given port")
 	command.Flags().DurationVar(&metricsCacheExpiration, "metrics-cache-expiration", env.ParseDurationFromEnv("ARGOCD_APPLICATION_CONTROLLER_METRICS_CACHE_EXPIRATION", 0*time.Second, 0, math.MaxInt64), "Prometheus metrics cache expiration (disabled  by default. e.g. 24h0m0s)")
 	command.Flags().IntVar(&selfHealTimeoutSeconds, "self-heal-timeout-seconds", env.ParseNumFromEnv("ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_TIMEOUT_SECONDS", 5, 0, math.MaxInt32), "Specifies timeout between application self heal attempts")
-	command.Flags().Int64Var(&kubectlParallelismLimit, "kubectl-parallelism-limit", env.ParseInt64FromEnv("ARGOCD_APPLICATION_CONTROLLER_KUBECTL_PARALLELISM_LIMIT", 20, 0, math.MaxInt64), "Number of allowed concurrent kubectl fork/execs. Any value less than 1 means no limit.")
+	command.Flags().Int64Var(&kubectlParallelismLimit, "kubectl-parallelism-limit", 20, "Number of allowed concurrent kubectl fork/execs. Any value less the 1 means no limit.")
 	command.Flags().BoolVar(&repoServerPlaintext, "repo-server-plaintext", env.ParseBoolFromEnv("ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_PLAINTEXT", false), "Disable TLS on connections to repo server")
 	command.Flags().BoolVar(&repoServerStrictTLS, "repo-server-strict-tls", env.ParseBoolFromEnv("ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_STRICT_TLS", false), "Whether to use strict validation of the TLS cert presented by the repo server")
 	command.Flags().StringSliceVar(&metricsAplicationLabels, "metrics-application-labels", []string{}, "List of Application labels that will be added to the argocd_application_labels metric")
--- a/cmd/argocd-applicationset-controller/commands/applicationset_controller.go
+++ b/cmd/argocd-applicationset-controller/commands/applicationset_controller.go
@@ -30,6 +30,7 @@ import (
 	"k8s.io/client-go/tools/clientcmd"

 	"github.com/argoproj/argo-cd/v2/applicationset/services"
+	appsetv1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
 	appv1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
 	appclientset "github.com/argoproj/argo-cd/v2/pkg/client/clientset/versioned"
 	"github.com/argoproj/argo-cd/v2/util/cli"
@@ -59,6 +60,7 @@ func NewCommand() *cobra.Command {
 	)
 	scheme := runtime.NewScheme()
 	_ = clientgoscheme.AddToScheme(scheme)
+	_ = appsetv1alpha1.AddToScheme(scheme)
 	_ = appv1alpha1.AddToScheme(scheme)
 	var command = cobra.Command{
 		Use:   "controller",
@@ -177,7 +179,7 @@ func NewCommand() *cobra.Command {
 				KubeClientset:          k8sClient,
 				ArgoDB:                 argoCDDB,
 				EnableProgressiveSyncs: enableProgressiveSyncs,
-			}).SetupWithManager(mgr, enableProgressiveSyncs); err != nil {
+			}).SetupWithManager(mgr); err != nil {
 				log.Error(err, "unable to create controller", "controller", "ApplicationSet")
 				os.Exit(1)
 			}
--- a/cmd/argocd-cmp-server/commands/argocd_cmp_server.go
+++ b/cmd/argocd-cmp-server/commands/argocd_cmp_server.go
@@ -44,14 +44,6 @@ func NewCommand() *cobra.Command {
 			config, err := plugin.ReadPluginConfig(configFilePath)
 			errors.CheckError(err)

-			if !config.Spec.Discover.IsDefined() {
-				name := config.Metadata.Name
-				if config.Spec.Version != "" {
-					name = name + "-" + config.Spec.Version
-				}
-				log.Infof("No discovery configuration is defined for plugin %s. To use this plugin, specify %q in the Application's spec.source.plugin.name field.", config.Metadata.Name, name)
-			}
-
 			if otlpAddress != "" {
 				var closer func()
 				var err error
--- a/cmd/argocd-notification/commands/controller.go
+++ b/cmd/argocd-notification/commands/controller.go
@@ -55,7 +55,6 @@ func NewCommand() *cobra.Command {
 		argocdRepoServerStrictTLS bool
 		configMapName             string
 		secretName                string
-		applicationNamespaces     []string
 	)
 	var command = cobra.Command{
 		Use:   "controller",
@@ -139,7 +138,7 @@ func NewCommand() *cobra.Command {
 			log.Infof("serving metrics on port %d", metricsPort)
 			log.Infof("loading configuration %d", metricsPort)

-			ctrl := notificationscontroller.NewController(k8sClient, dynamicClient, argocdService, namespace, applicationNamespaces, appLabelSelector, registry, secretName, configMapName)
+			ctrl := notificationscontroller.NewController(k8sClient, dynamicClient, argocdService, namespace, appLabelSelector, registry, secretName, configMapName)
 			err = ctrl.Init(ctx)
 			if err != nil {
 				return err
@@ -157,11 +156,10 @@ func NewCommand() *cobra.Command {
 	command.Flags().StringVar(&logLevel, "loglevel", "info", "Set the logging level. One of: debug|info|warn|error")
 	command.Flags().StringVar(&logFormat, "logformat", "text", "Set the logging format. One of: text|json")
 	command.Flags().IntVar(&metricsPort, "metrics-port", defaultMetricsPort, "Metrics port")
-	command.Flags().StringVar(&argocdRepoServer, "argocd-repo-server", common.DefaultRepoServerAddr, "Argo CD repo server address")
+	command.Flags().StringVar(&argocdRepoServer, "argocd-repo-server", "argocd-repo-server:8081", "Argo CD repo server address")
 	command.Flags().BoolVar(&argocdRepoServerPlaintext, "argocd-repo-server-plaintext", false, "Use a plaintext client (non-TLS) to connect to repository server")
 	command.Flags().BoolVar(&argocdRepoServerStrictTLS, "argocd-repo-server-strict-tls", false, "Perform strict validation of TLS certificates when connecting to repo server")
 	command.Flags().StringVar(&configMapName, "config-map-name", "argocd-notifications-cm", "Set notifications ConfigMap name")
 	command.Flags().StringVar(&secretName, "secret-name", "argocd-notifications-secret", "Set notifications Secret name")
-	command.Flags().StringSliceVar(&applicationNamespaces, "application-namespaces", env.StringsFromEnv("ARGOCD_APPLICATION_NAMESPACES", []string{}, ","), "List of additional namespaces that this controller should send notifications for")
 	return &command
 }
--- a/cmd/argocd-repo-server/commands/argocd_repo_server.go
+++ b/cmd/argocd-repo-server/commands/argocd_repo_server.go
@@ -9,7 +9,7 @@ import (
 	"time"

 	"github.com/argoproj/pkg/stats"
-	"github.com/redis/go-redis/v9"
+	"github.com/go-redis/redis/v8"
 	log "github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
 	"google.golang.org/grpc/health/grpc_health_v1"
@@ -84,8 +84,6 @@ func NewCommand() *cobra.Command {
 		allowOutOfBoundsSymlinks          bool
 		streamedManifestMaxTarSize        string
 		streamedManifestMaxExtractedSize  string
-		helmManifestMaxExtractedSize      string
-		disableManifestMaxExtractedSize   bool
 	)
 	var command = cobra.Command{
 		Use:               cliName,
@@ -124,9 +122,6 @@ func NewCommand() *cobra.Command {
 			streamedManifestMaxExtractedSizeQuantity, err := resource.ParseQuantity(streamedManifestMaxExtractedSize)
 			errors.CheckError(err)

-			helmManifestMaxExtractedSizeQuantity, err := resource.ParseQuantity(helmManifestMaxExtractedSize)
-			errors.CheckError(err)
-
 			askPassServer := askpass.NewServer()
 			metricsServer := metrics.NewMetricsServer()
 			cacheutil.CollectMetrics(redisClient, metricsServer)
@@ -141,7 +136,6 @@ func NewCommand() *cobra.Command {
 				AllowOutOfBoundsSymlinks:                     allowOutOfBoundsSymlinks,
 				StreamedManifestMaxExtractedSize:             streamedManifestMaxExtractedSizeQuantity.ToDec().Value(),
 				StreamedManifestMaxTarSize:                   streamedManifestMaxTarSizeQuantity.ToDec().Value(),
-				HelmManifestMaxExtractedSize:                 helmManifestMaxExtractedSizeQuantity.ToDec().Value(),
 			}, askPassServer)
 			errors.CheckError(err)

@@ -222,8 +216,6 @@ func NewCommand() *cobra.Command {
 	command.Flags().BoolVar(&allowOutOfBoundsSymlinks, "allow-oob-symlinks", env.ParseBoolFromEnv("ARGOCD_REPO_SERVER_ALLOW_OUT_OF_BOUNDS_SYMLINKS", false), "Allow out-of-bounds symlinks in repositories (not recommended)")
 	command.Flags().StringVar(&streamedManifestMaxTarSize, "streamed-manifest-max-tar-size", env.StringFromEnv("ARGOCD_REPO_SERVER_STREAMED_MANIFEST_MAX_TAR_SIZE", "100M"), "Maximum size of streamed manifest archives")
 	command.Flags().StringVar(&streamedManifestMaxExtractedSize, "streamed-manifest-max-extracted-size", env.StringFromEnv("ARGOCD_REPO_SERVER_STREAMED_MANIFEST_MAX_EXTRACTED_SIZE", "1G"), "Maximum size of streamed manifest archives when extracted")
-	command.Flags().StringVar(&helmManifestMaxExtractedSize, "helm-manifest-max-extracted-size", env.StringFromEnv("ARGOCD_REPO_SERVER_HELM_MANIFEST_MAX_EXTRACTED_SIZE", "1G"), "Maximum size of helm manifest archives when extracted")
-	command.Flags().BoolVar(&disableManifestMaxExtractedSize, "disable-helm-manifest-max-extracted-size", env.ParseBoolFromEnv("ARGOCD_REPO_SERVER_DISABLE_HELM_MANIFEST_MAX_EXTRACTED_SIZE", false), "Disable maximum size of helm manifest archives when extracted")
 	tlsConfigCustomizerSrc = tls.AddTLSFlagsToCmd(&command)
 	cacheSrc = reposervercache.AddCacheFlagsToCmd(&command, func(client *redis.Client) {
 		redisClient = client
--- a/cmd/argocd-server/commands/argocd_server.go
+++ b/cmd/argocd-server/commands/argocd_server.go
@@ -4,11 +4,10 @@ import (
 	"context"
 	"fmt"
 	"math"
-	"strings"
 	"time"

 	"github.com/argoproj/pkg/stats"
-	"github.com/redis/go-redis/v9"
+	"github.com/go-redis/redis/v8"
 	log "github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
 	"k8s.io/client-go/kubernetes"
@@ -61,7 +60,6 @@ func NewCommand() *cobra.Command {
 		repoServerAddress        string
 		dexServerAddress         string
 		disableAuth              bool
-		contentTypes             string
 		enableGZip               bool
 		tlsConfigCustomizerSrc   func() (tls.ConfigCustomizer, error)
 		cacheSrc                 func() (*servercache.Cache, error)
@@ -166,11 +164,6 @@ func NewCommand() *cobra.Command {
 				baseHRef = rootPath
 			}

-			var contentTypesList []string
-			if contentTypes != "" {
-				contentTypesList = strings.Split(contentTypes, ";")
-			}
-
 			argoCDOpts := server.ArgoCDServerOpts{
 				Insecure:              insecure,
 				ListenPort:            listenPort,
@@ -184,7 +177,6 @@ func NewCommand() *cobra.Command {
 				DexServerAddr:         dexServerAddress,
 				DexTLSConfig:          dexTlsConfig,
 				DisableAuth:           disableAuth,
-				ContentTypes:          contentTypesList,
 				EnableGZip:            enableGZip,
 				TLSConfigCustomizer:   tlsConfigCustomizer,
 				Cache:                 cache,
@@ -233,7 +225,6 @@ func NewCommand() *cobra.Command {
 	command.Flags().StringVar(&dexServerAddress, "dex-server", env.StringFromEnv("ARGOCD_SERVER_DEX_SERVER", common.DefaultDexServerAddr), "Dex server address")
 	command.Flags().BoolVar(&disableAuth, "disable-auth", env.ParseBoolFromEnv("ARGOCD_SERVER_DISABLE_AUTH", false), "Disable client authentication")
 	command.Flags().BoolVar(&enableGZip, "enable-gzip", env.ParseBoolFromEnv("ARGOCD_SERVER_ENABLE_GZIP", false), "Enable GZIP compression")
-	command.Flags().StringVar(&contentTypes, "api-content-types", env.StringFromEnv("ARGOCD_API_CONTENT_TYPES", "application/json"), "Semicolon separated list of allowed content types for non GET api requests. Any content type is allowed if empty.")
 	command.AddCommand(cli.NewVersionCmd(cliName))
 	command.Flags().IntVar(&listenPort, "port", common.DefaultPortAPIServer, "Listen on given port")
 	command.Flags().IntVar(&metricsPort, "metrics-port", common.DefaultPortArgoCDAPIServerMetrics, "Start metrics on given port")
--- a/cmd/argocd/commands/admin/admin.go
+++ b/cmd/argocd/commands/admin/admin.go
@@ -17,8 +17,6 @@ import (
 	"github.com/argoproj/argo-cd/v2/common"
 	"github.com/argoproj/argo-cd/v2/util/errors"
 	"github.com/argoproj/argo-cd/v2/util/settings"
-
-	"github.com/argoproj/argo-cd/v2/pkg/apis/application"
 )

 const (
@@ -29,9 +27,9 @@ const (
 var (
 	configMapResource       = schema.GroupVersionResource{Group: "", Version: "v1", Resource: "configmaps"}
 	secretResource          = schema.GroupVersionResource{Group: "", Version: "v1", Resource: "secrets"}
-	applicationsResource    = schema.GroupVersionResource{Group: application.Group, Version: "v1alpha1", Resource: application.ApplicationPlural}
-	appprojectsResource     = schema.GroupVersionResource{Group: application.Group, Version: "v1alpha1", Resource: application.AppProjectPlural}
-	appplicationSetResource = schema.GroupVersionResource{Group: application.Group, Version: "v1alpha1", Resource: application.ApplicationSetPlural}
+	applicationsResource    = schema.GroupVersionResource{Group: "argoproj.io", Version: "v1alpha1", Resource: "applications"}
+	appprojectsResource     = schema.GroupVersionResource{Group: "argoproj.io", Version: "v1alpha1", Resource: "appprojects"}
+	appplicationSetResource = schema.GroupVersionResource{Group: "argoproj.io", Version: "v1alpha1", Resource: "applicationsets"}
 )

 // NewAdminCommand returns a new instance of an argocd command
@@ -195,11 +193,11 @@ func specsEqual(left, right unstructured.Unstructured) bool {
 		leftData, _, _ := unstructured.NestedMap(left.Object, "data")
 		rightData, _, _ := unstructured.NestedMap(right.Object, "data")
 		return reflect.DeepEqual(leftData, rightData)
-	case application.AppProjectKind:
+	case "AppProject":
 		leftSpec, _, _ := unstructured.NestedMap(left.Object, "spec")
 		rightSpec, _, _ := unstructured.NestedMap(right.Object, "spec")
 		return reflect.DeepEqual(leftSpec, rightSpec)
-	case application.ApplicationKind:
+	case "Application":
 		leftSpec, _, _ := unstructured.NestedMap(left.Object, "spec")
 		rightSpec, _, _ := unstructured.NestedMap(right.Object, "spec")
 		leftStatus, _, _ := unstructured.NestedMap(left.Object, "status")
--- a/cmd/argocd/commands/admin/backup.go
+++ b/cmd/argocd/commands/admin/backup.go
@@ -17,7 +17,6 @@ import (
 	"k8s.io/client-go/tools/clientcmd"

 	"github.com/argoproj/argo-cd/v2/common"
-	"github.com/argoproj/argo-cd/v2/pkg/apis/application"
 	"github.com/argoproj/argo-cd/v2/util/cli"
 	"github.com/argoproj/argo-cd/v2/util/errors"
 )
@@ -177,12 +176,12 @@ func NewImportCommand() *cobra.Command {
 			applications, err := acdClients.applications.List(ctx, v1.ListOptions{})
 			errors.CheckError(err)
 			for _, app := range applications.Items {
-				pruneObjects[kube.ResourceKey{Group: application.Group, Kind: application.ApplicationKind, Name: app.GetName()}] = app
+				pruneObjects[kube.ResourceKey{Group: "argoproj.io", Kind: "Application", Name: app.GetName()}] = app
 			}
 			projects, err := acdClients.projects.List(ctx, v1.ListOptions{})
 			errors.CheckError(err)
 			for _, proj := range projects.Items {
-				pruneObjects[kube.ResourceKey{Group: application.Group, Kind: application.AppProjectKind, Name: proj.GetName()}] = proj
+				pruneObjects[kube.ResourceKey{Group: "argoproj.io", Kind: "AppProject", Name: proj.GetName()}] = proj
 			}
 			applicationSets, err := acdClients.applicationSets.List(ctx, v1.ListOptions{})
 			if apierr.IsForbidden(err) || apierr.IsNotFound(err) {
@@ -192,7 +191,7 @@ func NewImportCommand() *cobra.Command {
 			}
 			if applicationSets != nil {
 				for _, appSet := range applicationSets.Items {
-					pruneObjects[kube.ResourceKey{Group: application.Group, Kind: application.ApplicationSetKind, Name: appSet.GetName()}] = appSet
+					pruneObjects[kube.ResourceKey{Group: "argoproj.io", Kind: "ApplicationSet", Name: appSet.GetName()}] = appSet
 				}
 			}

@@ -210,11 +209,11 @@ func NewImportCommand() *cobra.Command {
 					dynClient = acdClients.secrets
 				case "ConfigMap":
 					dynClient = acdClients.configMaps
-				case application.AppProjectKind:
+				case "AppProject":
 					dynClient = acdClients.projects
-				case application.ApplicationKind:
+				case "Application":
 					dynClient = acdClients.applications
-				case application.ApplicationSetKind:
+				case "ApplicationSet":
 					dynClient = acdClients.applicationSets
 				}
 				if !exists {
@@ -261,9 +260,9 @@ func NewImportCommand() *cobra.Command {
 					switch key.Kind {
 					case "Secret":
 						dynClient = acdClients.secrets
-					case application.AppProjectKind:
+					case "AppProject":
 						dynClient = acdClients.projects
-					case application.ApplicationKind:
+					case "Application":
 						dynClient = acdClients.applications
 						if !dryRun {
 							if finalizers := liveObj.GetFinalizers(); len(finalizers) > 0 {
@@ -275,7 +274,7 @@ func NewImportCommand() *cobra.Command {
 								}
 							}
 						}
-					case application.ApplicationSetKind:
+					case "ApplicationSet":
 						dynClient = acdClients.applicationSets
 					default:
 						log.Fatalf("Unexpected kind '%s' in prune list", key.Kind)
@@ -315,7 +314,7 @@ func checkAppHasNoNeedToStopOperation(liveObj unstructured.Unstructured, stopOpe
 		return true
 	}
 	switch liveObj.GetKind() {
-	case application.ApplicationKind:
+	case "Application":
 		return liveObj.Object["operation"] == nil
 	}
 	return true
@@ -354,9 +353,9 @@ func updateLive(bak, live *unstructured.Unstructured, stopOperation bool) *unstr
 	switch live.GetKind() {
 	case "Secret", "ConfigMap":
 		newLive.Object["data"] = bak.Object["data"]
-	case application.AppProjectKind:
+	case "AppProject":
 		newLive.Object["spec"] = bak.Object["spec"]
-	case application.ApplicationKind:
+	case "Application":
 		newLive.Object["spec"] = bak.Object["spec"]
 		if _, ok := bak.Object["status"]; ok {
 			newLive.Object["status"] = bak.Object["status"]
--- a/cmd/argocd/commands/admin/cluster.go
+++ b/cmd/argocd/commands/admin/cluster.go
@@ -11,7 +11,7 @@ import (
 	"time"

 	"github.com/argoproj/gitops-engine/pkg/utils/kube"
-	"github.com/redis/go-redis/v9"
+	"github.com/go-redis/redis/v8"
 	log "github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -265,7 +265,9 @@ func runClusterNamespacesCommand(ctx context.Context, clientConfig clientcmd.Cli
 					}
 				}
 			} else {
-				nsSet[app.Spec.Destination.Namespace] = true
+				if app.Spec.Destination.Server == cluster.Server {
+					nsSet[app.Spec.Destination.Namespace] = true
+				}
 			}
 		}
 		var namespaces []string
@@ -541,11 +543,6 @@ func NewGenClusterConfigCommand(pathOpts *clientcmd.PathOptions) *cobra.Command
 				return
 			}

-			if clusterOpts.InCluster && clusterOpts.ClusterEndpoint != "" {
-				log.Fatal("Can only use one of --in-cluster or --cluster-endpoint")
-				return
-			}
-
 			overrides := clientcmd.ConfigOverrides{
 				Context: *clstContext,
 			}
@@ -585,13 +582,9 @@ func NewGenClusterConfigCommand(pathOpts *clientcmd.PathOptions) *cobra.Command
 			errors.CheckError(err)

 			clst := cmdutil.NewCluster(contextName, clusterOpts.Namespaces, clusterOpts.ClusterResources, conf, bearerToken, awsAuthConf, execProviderConf, labelsMap, annotationsMap)
-			if clusterOpts.InClusterEndpoint() {
+			if clusterOpts.InCluster {
 				clst.Server = argoappv1.KubernetesInternalAPIServerAddr
 			}
-			if clusterOpts.ClusterEndpoint == string(cmdutil.KubePublicEndpoint) {
-				// Ignore `kube-public` cluster endpoints, since this command is intended to run without invoking any network connections.
-				log.Warn("kube-public cluster endpoints are not supported. Falling back to the endpoint listed in the kubconfig context.")
-			}
 			if clusterOpts.Shard >= 0 {
 				clst.Shard = &clusterOpts.Shard
 			}
--- a/cmd/argocd/commands/admin/notifications.go
+++ b/cmd/argocd/commands/admin/notifications.go
@@ -15,13 +15,12 @@ import (
 	settings "github.com/argoproj/argo-cd/v2/util/notification/settings"
 	"github.com/argoproj/argo-cd/v2/util/tls"

-	"github.com/argoproj/argo-cd/v2/pkg/apis/application"
 	"github.com/argoproj/notifications-engine/pkg/cmd"
 	"github.com/spf13/cobra"
 )

 var (
-	applications = schema.GroupVersionResource{Group: application.Group, Version: "v1alpha1", Resource: application.ApplicationPlural}
+	applications = schema.GroupVersionResource{Group: "argoproj.io", Version: "v1alpha1", Resource: "applications"}
 )

 func NewNotificationsCommand() *cobra.Command {
@@ -65,7 +64,7 @@ func NewNotificationsCommand() *cobra.Command {
 				log.Fatalf("Failed to initialize Argo CD service: %v", err)
 			}
 		})
-	toolsCommand.PersistentFlags().StringVar(&argocdRepoServer, "argocd-repo-server", common.DefaultRepoServerAddr, "Argo CD repo server address")
+	toolsCommand.PersistentFlags().StringVar(&argocdRepoServer, "argocd-repo-server", "argocd-repo-server:8081", "Argo CD repo server address")
 	toolsCommand.PersistentFlags().BoolVar(&argocdRepoServerPlaintext, "argocd-repo-server-plaintext", false, "Use a plaintext client (non-TLS) to connect to repository server")
 	toolsCommand.PersistentFlags().BoolVar(&argocdRepoServerStrictTLS, "argocd-repo-server-strict-tls", false, "Perform strict validation of TLS certificates when connecting to repo server")
 	return toolsCommand
--- a/cmd/argocd/commands/admin/project_allowlist.go
+++ b/cmd/argocd/commands/admin/project_allowlist.go
@@ -28,8 +28,6 @@ import (
 	_ "k8s.io/client-go/plugin/pkg/client/auth/oidc"
 	// load the azure plugin (required to authenticate with AKS clusters).
 	_ "k8s.io/client-go/plugin/pkg/client/auth/azure"
-
-	"github.com/argoproj/argo-cd/v2/pkg/apis/application"
 )

 // NewProjectAllowListGenCommand generates a project from clusterRole
@@ -153,7 +151,7 @@ func generateProjectAllowList(serverResources []*metav1.APIResourceList, cluster
 	}
 	globalProj := v1alpha1.AppProject{
 		TypeMeta: metav1.TypeMeta{
-			Kind:       application.AppProjectKind,
+			Kind:       "AppProject",
 			APIVersion: "argoproj.io/v1alpha1",
 		},
 		ObjectMeta: metav1.ObjectMeta{Name: projName},
--- a/cmd/argocd/commands/admin/settings_rbac.go
+++ b/cmd/argocd/commands/admin/settings_rbac.go
@@ -4,7 +4,6 @@ import (
 	"context"
 	"fmt"
 	"os"
-	"strings"

 	"github.com/ghodss/yaml"
 	log "github.com/sirupsen/logrus"
@@ -374,9 +373,6 @@ func resolveRBACResourceName(name string) string {

 // isValidRBACAction checks whether a given action is a valid RBAC action
 func isValidRBACAction(action string) bool {
-	if strings.HasPrefix(action, rbacpolicy.ActionAction+"/") {
-		return true
-	}
 	_, ok := validRBACActions[action]
 	return ok
 }
--- a/cmd/argocd/commands/admin/settings_rbac_test.go
+++ b/cmd/argocd/commands/admin/settings_rbac_test.go
@@ -27,11 +27,6 @@ func Test_isValidRBACAction(t *testing.T) {
 	})
 }

-func Test_isValidRBACAction_ActionAction(t *testing.T) {
-	ok := isValidRBACAction("action/apps/Deployment/restart")
-	assert.True(t, ok)
-}
-
 func Test_isValidRBACResource(t *testing.T) {
 	for k := range validRBACResources {
 		t.Run(k, func(t *testing.T) {
--- a/cmd/argocd/commands/app.go
+++ b/cmd/argocd/commands/app.go
@@ -645,9 +645,7 @@ type unsetOpts struct {
 	namePrefix              bool
 	nameSuffix              bool
 	kustomizeVersion        bool
-	kustomizeNamespace      bool
 	kustomizeImages         []string
-	kustomizeReplicas       []string
 	parameters              []string
 	valuesFiles             []string
 	valuesLiteral           bool
@@ -656,17 +654,6 @@ type unsetOpts struct {
 	passCredentials         bool
 }

-// IsZero returns true when the Application options for kustomize are considered empty
-func (o *unsetOpts) KustomizeIsZero() bool {
-	return o == nil ||
-		!o.namePrefix &&
-			!o.nameSuffix &&
-			!o.kustomizeVersion &&
-			!o.kustomizeNamespace &&
-			len(o.kustomizeImages) == 0 &&
-			len(o.kustomizeReplicas) == 0
-}
-
 // NewApplicationUnsetCommand returns a new instance of an `argocd app unset` command
 func NewApplicationUnsetCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command {
 	appOpts := cmdutil.AppOptions{}
@@ -723,9 +710,7 @@ func NewApplicationUnsetCommand(clientOpts *argocdclient.ClientOptions) *cobra.C
 	command.Flags().BoolVar(&opts.nameSuffix, "namesuffix", false, "Kustomize namesuffix")
 	command.Flags().BoolVar(&opts.namePrefix, "nameprefix", false, "Kustomize nameprefix")
 	command.Flags().BoolVar(&opts.kustomizeVersion, "kustomize-version", false, "Kustomize version")
-	command.Flags().BoolVar(&opts.kustomizeNamespace, "kustomize-namespace", false, "Kustomize namespace")
 	command.Flags().StringArrayVar(&opts.kustomizeImages, "kustomize-image", []string{}, "Kustomize images name (e.g. --kustomize-image node --kustomize-image mysql)")
-	command.Flags().StringArrayVar(&opts.kustomizeReplicas, "kustomize-replica", []string{}, "Kustomize replicas name (e.g. --kustomize-replica my-deployment --kustomize-replica my-statefulset)")
 	command.Flags().StringArrayVar(&opts.pluginEnvs, "plugin-env", []string{}, "Unset plugin env variables (e.g --plugin-env name)")
 	command.Flags().BoolVar(&opts.passCredentials, "pass-credentials", false, "Unset passCredentials")
 	return command
@@ -733,7 +718,7 @@ func NewApplicationUnsetCommand(clientOpts *argocdclient.ClientOptions) *cobra.C

 func unset(source *argoappv1.ApplicationSource, opts unsetOpts) (updated bool, nothingToUnset bool) {
 	if source.Kustomize != nil {
-		if opts.KustomizeIsZero() {
+		if !opts.namePrefix && !opts.nameSuffix && !opts.kustomizeVersion && len(opts.kustomizeImages) == 0 {
 			return false, true
 		}

@@ -752,11 +737,6 @@ func unset(source *argoappv1.ApplicationSource, opts unsetOpts) (updated bool, n
 			source.Kustomize.Version = ""
 		}

-		if opts.kustomizeNamespace && source.Kustomize.Namespace != "" {
-			updated = true
-			source.Kustomize.Namespace = ""
-		}
-
 		for _, kustomizeImage := range opts.kustomizeImages {
 			for i, item := range source.Kustomize.Images {
 				if argoappv1.KustomizeImage(kustomizeImage).Match(item) {
@@ -770,17 +750,6 @@ func unset(source *argoappv1.ApplicationSource, opts unsetOpts) (updated bool, n
 				}
 			}
 		}
-
-		for _, kustomizeReplica := range opts.kustomizeReplicas {
-			kustomizeReplicas := source.Kustomize.Replicas
-			for i, item := range kustomizeReplicas {
-				if kustomizeReplica == item.Name {
-					source.Kustomize.Replicas = append(kustomizeReplicas[0:i], kustomizeReplicas[i+1:]...)
-					updated = true
-					break
-				}
-			}
-		}
 	}
 	if source.Helm != nil {
 		if len(opts.parameters) == 0 && len(opts.valuesFiles) == 0 && !opts.valuesLiteral && !opts.ignoreMissingValueFiles && !opts.passCredentials {
@@ -1025,7 +994,7 @@ func findandPrintDiff(ctx context.Context, app *argoappv1.Application, resources
 	items := make([]objKeyLiveTarget, 0)
 	if diffOptions.local != "" {
 		localObjs := groupObjsByKey(getLocalObjects(ctx, app, diffOptions.local, diffOptions.localRepoRoot, argoSettings.AppLabelKey, diffOptions.cluster.Info.ServerVersion, diffOptions.cluster.Info.APIVersions, argoSettings.KustomizeOptions, argoSettings.ConfigManagementPlugins, argoSettings.TrackingMethod), liveObjs, app.Spec.Destination.Namespace)
-		items = groupObjsForDiff(resources, localObjs, items, argoSettings, app.InstanceName(argoSettings.ControllerNamespace), app.Spec.Destination.Namespace)
+		items = groupObjsForDiff(resources, localObjs, items, argoSettings, app.InstanceName(argoSettings.ControllerNamespace))
 	} else if diffOptions.revision != "" {
 		var unstructureds []*unstructured.Unstructured
 		for _, mfst := range diffOptions.res.Manifests {
@@ -1034,7 +1003,7 @@ func findandPrintDiff(ctx context.Context, app *argoappv1.Application, resources
 			unstructureds = append(unstructureds, obj)
 		}
 		groupedObjs := groupObjsByKey(unstructureds, liveObjs, app.Spec.Destination.Namespace)
-		items = groupObjsForDiff(resources, groupedObjs, items, argoSettings, app.InstanceName(argoSettings.ControllerNamespace), app.Spec.Destination.Namespace)
+		items = groupObjsForDiff(resources, groupedObjs, items, argoSettings, app.Name)
 	} else if diffOptions.serversideRes != nil {
 		var unstructureds []*unstructured.Unstructured
 		for _, mfst := range diffOptions.serversideRes.Manifests {
@@ -1043,7 +1012,7 @@ func findandPrintDiff(ctx context.Context, app *argoappv1.Application, resources
 			unstructureds = append(unstructureds, obj)
 		}
 		groupedObjs := groupObjsByKey(unstructureds, liveObjs, app.Spec.Destination.Namespace)
-		items = groupObjsForDiff(resources, groupedObjs, items, argoSettings, app.InstanceName(argoSettings.ControllerNamespace), app.Spec.Destination.Namespace)
+		items = groupObjsForDiff(resources, groupedObjs, items, argoSettings, app.Name)
 	} else {
 		for i := range resources.Items {
 			res := resources.Items[i]
@@ -1103,7 +1072,7 @@ func findandPrintDiff(ctx context.Context, app *argoappv1.Application, resources
 	return foundDiffs
 }

-func groupObjsForDiff(resources *application.ManagedResourcesResponse, objs map[kube.ResourceKey]*unstructured.Unstructured, items []objKeyLiveTarget, argoSettings *settings.Settings, appName, namespace string) []objKeyLiveTarget {
+func groupObjsForDiff(resources *application.ManagedResourcesResponse, objs map[kube.ResourceKey]*unstructured.Unstructured, items []objKeyLiveTarget, argoSettings *settings.Settings, appName string) []objKeyLiveTarget {
 	resourceTracking := argo.NewResourceTracking()
 	for _, res := range resources.Items {
 		var live = &unstructured.Unstructured{}
@@ -1118,7 +1087,7 @@ func groupObjsForDiff(resources *application.ManagedResourcesResponse, objs map[
 		}
 		if local, ok := objs[key]; ok || live != nil {
 			if local != nil && !kube.IsCRD(local) {
-				err = resourceTracking.SetAppInstance(local, argoSettings.AppLabelKey, appName, namespace, argoappv1.TrackingMethod(argoSettings.GetTrackingMethod()))
+				err = resourceTracking.SetAppInstance(local, argoSettings.AppLabelKey, appName, "", argoappv1.TrackingMethod(argoSettings.GetTrackingMethod()))
 				errors.CheckError(err)
 			}

@@ -1378,7 +1347,6 @@ const (
 	resourceFieldCount                  = 3
 	resourceFieldNamespaceDelimiter     = "/"
 	resourceFieldNameWithNamespaceCount = 2
-	resourceExcludeIndicator            = "!"
 )

 // resource is GROUP:KIND:NAMESPACE/NAME or GROUP:KIND:NAME
@@ -1403,12 +1371,6 @@ func parseSelectedResources(resources []string) ([]*argoappv1.SyncOperationResou
 	}

 	for _, resource := range resources {
-		isExcluded := false
-		// check if the resource flag starts with a '!'
-		if strings.HasPrefix(resource, resourceExcludeIndicator) {
-			resource = strings.TrimPrefix(resource, resourceExcludeIndicator)
-			isExcluded = true
-		}
 		fields := strings.Split(resource, resourceFieldDelimiter)
 		if len(fields) != resourceFieldCount {
 			return nil, fmt.Errorf("Resource should have GROUP%sKIND%sNAME, but instead got: %s", resourceFieldDelimiter, resourceFieldDelimiter, resource)
@@ -1422,7 +1384,6 @@ func parseSelectedResources(resources []string) ([]*argoappv1.SyncOperationResou
 			Kind:      fields[1],
 			Name:      name,
 			Namespace: namespace,
-			Exclude:   isExcluded,
 		})
 	}
 	return selectedResources, nil
@@ -1457,16 +1418,6 @@ func NewApplicationWaitCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co
  # Wait for multiple apps
  argocd app wait my-app other-app

-  # Wait for apps by resource
-  # Resource should be formatted as GROUP:KIND:NAME. If no GROUP is specified then :KIND:NAME.
-  argocd app wait my-app --resource :Service:my-service
-  argocd app wait my-app --resource argoproj.io:Rollout:my-rollout
-  argocd app wait my-app --resource '!apps:Deployment:my-service'
-  argocd app wait my-app --resource apps:Deployment:my-service --resource :Service:my-service
-  argocd app wait my-app --resource '!*:Service:*'
-  # Specify namespace if the application has resources with the same name in different namespaces
-  argocd app wait my-app --resource argoproj.io:Rollout:my-namespace/my-rollout
-
  # Wait for apps by label, in this example we waiting for apps that are children of another app (aka app-of-apps)
  argocd app wait -l app.kubernetes.io/instance=my-app
  argocd app wait -l app.kubernetes.io/instance!=my-app
@@ -1505,7 +1456,7 @@ func NewApplicationWaitCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co
 	command.Flags().BoolVar(&watch.suspended, "suspended", false, "Wait for suspended")
 	command.Flags().BoolVar(&watch.degraded, "degraded", false, "Wait for degraded")
 	command.Flags().StringVarP(&selector, "selector", "l", "", "Wait for apps by label. Supports '=', '==', '!=', in, notin, exists & not exists. Matching apps must satisfy all of the specified label constraints.")
-	command.Flags().StringArrayVar(&resources, "resource", []string{}, fmt.Sprintf("Sync only specific resources as GROUP%[1]sKIND%[1]sNAME or %[2]sGROUP%[1]sKIND%[1]sNAME. Fields may be blank and '*' can be used. This option may be specified repeatedly", resourceFieldDelimiter, resourceExcludeIndicator))
+	command.Flags().StringArrayVar(&resources, "resource", []string{}, fmt.Sprintf("Sync only specific resources as GROUP%sKIND%sNAME. Fields may be blank. This option may be specified repeatedly", resourceFieldDelimiter, resourceFieldDelimiter))
 	command.Flags().BoolVar(&watch.operation, "operation", false, "Wait for pending operations")
 	command.Flags().UintVar(&timeout, "timeout", defaultCheckTimeoutSeconds, "Time out after this many seconds")
 	return command
@@ -1565,9 +1516,6 @@ func NewApplicationSyncCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co
  # Resource should be formatted as GROUP:KIND:NAME. If no GROUP is specified then :KIND:NAME
  argocd app sync my-app --resource :Service:my-service
  argocd app sync my-app --resource argoproj.io:Rollout:my-rollout
-  argocd app sync my-app --resource '!apps:Deployment:my-service'
-  argocd app sync my-app --resource apps:Deployment:my-service --resource :Service:my-service
-  argocd app sync my-app --resource '!*:Service:*'
  # Specify namespace if the application has resources with the same name in different namespaces
  argocd app sync my-app --resource argoproj.io:Rollout:my-namespace/my-rollout`,
 		Run: func(c *cobra.Command, args []string) {
@@ -1659,23 +1607,8 @@ func NewApplicationSyncCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co
 				errors.CheckError(err)

 				if app.Spec.HasMultipleSources() {
-					if revision != "" {
-						log.Fatal("argocd cli does not work on multi-source app with --revision flag")
-						return
-					}
-
-					if local != "" {
-						log.Fatal("argocd cli does not work on multi-source app with --local flag")
-						return
-					}
-				}
-
-				// filters out only those resources that needs to be synced
-				filteredResources := filterAppResources(app, selectedResources)
-
-				// if resources are provided and no app resources match, then return error
-				if len(resources) > 0 && len(filteredResources) == 0 {
-					log.Fatalf("No matching app resources found for resource filter: %v", strings.Join(resources, ", "))
+					log.Fatal("argocd cli does not work on multi-source app")
+					return
 				}

 				if local != "" {
@@ -1724,7 +1657,7 @@ func NewApplicationSyncCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co
 					AppNamespace: &appNs,
 					DryRun:       &dryRun,
 					Revision:     &revision,
-					Resources:    filteredResources,
+					Resources:    selectedResources,
 					Prune:        &prune,
 					Manifests:    localObjsStrings,
 					Infos:        getInfos(infos),
@@ -1800,7 +1733,7 @@ func NewApplicationSyncCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co
 	command.Flags().BoolVar(&dryRun, "dry-run", false, "Preview apply without affecting cluster")
 	command.Flags().BoolVar(&prune, "prune", false, "Allow deleting unexpected resources")
 	command.Flags().StringVar(&revision, "revision", "", "Sync to a specific revision. Preserves parameter overrides")
-	command.Flags().StringArrayVar(&resources, "resource", []string{}, fmt.Sprintf("Sync only specific resources as GROUP%[1]sKIND%[1]sNAME or %[2]sGROUP%[1]sKIND%[1]sNAME. Fields may be blank and '*' can be used. This option may be specified repeatedly", resourceFieldDelimiter, resourceExcludeIndicator))
+	command.Flags().StringArrayVar(&resources, "resource", []string{}, fmt.Sprintf("Sync only specific resources as GROUP%sKIND%sNAME. Fields may be blank. This option may be specified repeatedly", resourceFieldDelimiter, resourceFieldDelimiter))
 	command.Flags().StringVarP(&selector, "selector", "l", "", "Sync apps that match this label. Supports '=', '==', '!=', in, notin, exists & not exists. Matching apps must satisfy all of the specified label constraints.")
 	command.Flags().StringArrayVar(&labels, "label", []string{}, "Sync only specific resources with a label. This option may be specified repeatedly.")
 	command.Flags().UintVar(&timeout, "timeout", defaultCheckTimeoutSeconds, "Time out after this many seconds")
@@ -1925,9 +1858,15 @@ func getResourceStates(app *argoappv1.Application, selectedResources []*argoappv
 	}
 	// filter out not selected resources
 	if len(selectedResources) > 0 {
+		r := []argoappv1.SyncOperationResource{}
+		for _, res := range selectedResources {
+			if res != nil {
+				r = append(r, *res)
+			}
+		}
 		for i := len(states) - 1; i >= 0; i-- {
 			res := states[i]
-			if !argo.IncludeResource(res.Name, res.Namespace, schema.GroupVersionKind{Group: res.Group, Kind: res.Kind}, selectedResources) {
+			if !argo.ContainsSyncResource(res.Name, res.Namespace, schema.GroupVersionKind{Group: res.Group, Kind: res.Kind}, r) {
 				states = append(states[:i], states[i+1:]...)
 			}
 		}
@@ -1935,26 +1874,6 @@ func getResourceStates(app *argoappv1.Application, selectedResources []*argoappv
 	return states
 }

-// filterAppResources selects the app resources that match atleast one of the resource filters.
-func filterAppResources(app *argoappv1.Application, selectedResources []*argoappv1.SyncOperationResource) []*argoappv1.SyncOperationResource {
-	var filteredResources []*argoappv1.SyncOperationResource
-	if app != nil && len(selectedResources) > 0 {
-		for i := range app.Status.Resources {
-			appResource := app.Status.Resources[i]
-			if (argo.IncludeResource(appResource.Name, appResource.Namespace,
-				schema.GroupVersionKind{Group: appResource.Group, Kind: appResource.Kind}, selectedResources)) {
-				filteredResources = append(filteredResources, &argoappv1.SyncOperationResource{
-					Group:     appResource.Group,
-					Kind:      appResource.Kind,
-					Name:      appResource.Name,
-					Namespace: appResource.Namespace,
-				})
-			}
-		}
-	}
-	return filteredResources
-}
-
 func groupResourceStates(app *argoappv1.Application, selectedResources []*argoappv1.SyncOperationResource) map[string]*resourceState {
 	resStates := make(map[string]*resourceState)
 	for _, result := range getResourceStates(app, selectedResources) {
@@ -2505,11 +2424,12 @@ func NewApplicationPatchCommand(clientOpts *argocdclient.ClientOptions) *cobra.C
 	command := cobra.Command{
 		Use:   "patch APPNAME",
 		Short: "Patch application",
-		Example: `  # Update an application's source path using json patch
-  argocd app patch myapplication --patch='[{"op": "replace", "path": "/spec/source/path", "value": "newPath"}]' --type json
+		Long: `Examples:
+	# Update an application's source path using json patch
+	argocd app patch myapplication --patch='[{"op": "replace", "path": "/spec/source/path", "value": "newPath"}]' --type json

-  # Update an application's repository target revision using merge patch
-  argocd app patch myapplication --patch '{"spec": { "source": { "targetRevision": "master" } }}' --type merge`,
+	# Update an application's repository target revision using merge patch
+	argocd app patch myapplication --patch '{"spec": { "source": { "targetRevision": "master" } }}' --type merge`,
 		Run: func(c *cobra.Command, args []string) {
 			ctx := c.Context()

--- a/cmd/argocd/commands/app_actions.go
+++ b/cmd/argocd/commands/app_actions.go
@@ -18,7 +18,6 @@ import (
 	"github.com/argoproj/argo-cd/v2/cmd/argocd/commands/headless"
 	argocdclient "github.com/argoproj/argo-cd/v2/pkg/apiclient"
 	applicationpkg "github.com/argoproj/argo-cd/v2/pkg/apiclient/application"
-	"github.com/argoproj/argo-cd/v2/pkg/apis/application"
 	v1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
 	"github.com/argoproj/argo-cd/v2/util/argo"
 	"github.com/argoproj/argo-cd/v2/util/errors"
@@ -203,7 +202,7 @@ func getActionableResourcesForApplication(appIf applicationpkg.ApplicationServic
 	if err != nil {
 		return nil, err
 	}
-	app.Kind = application.ApplicationKind
+	app.Kind = "Application"
 	app.APIVersion = "argoproj.io/v1alpha1"
 	appManifest, err := json.Marshal(app)
 	if err != nil {
--- a/cmd/argocd/commands/app_test.go
+++ b/cmd/argocd/commands/app_test.go
@@ -7,7 +7,6 @@ import (
 	"time"

 	argocdclient "github.com/argoproj/argo-cd/v2/pkg/apiclient"
-	"github.com/argoproj/argo-cd/v2/pkg/apis/application"
 	"github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
 	argoappv1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
 	"github.com/argoproj/gitops-engine/pkg/health"
@@ -17,7 +16,6 @@ import (
 	"github.com/stretchr/testify/assert"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
-	"k8s.io/apimachinery/pkg/util/intstr"
 )

 func Test_getInfos(t *testing.T) {
@@ -752,16 +750,6 @@ func Test_unset(t *testing.T) {
 				"old1=new:tag",
 				"old2=new:tag",
 			},
-			Replicas: []v1alpha1.KustomizeReplica{
-				{
-					Name:  "my-deployment",
-					Count: intstr.FromInt(2),
-				},
-				{
-					Name:  "my-statefulset",
-					Count: intstr.FromInt(4),
-				},
-			},
 		},
 	}

@@ -838,15 +826,6 @@ func Test_unset(t *testing.T) {
 	assert.False(t, updated)
 	assert.False(t, nothingToUnset)

-	assert.Equal(t, 2, len(kustomizeSource.Kustomize.Replicas))
-	updated, nothingToUnset = unset(kustomizeSource, unsetOpts{kustomizeReplicas: []string{"my-deployment"}})
-	assert.Equal(t, 1, len(kustomizeSource.Kustomize.Replicas))
-	assert.True(t, updated)
-	assert.False(t, nothingToUnset)
-	updated, nothingToUnset = unset(kustomizeSource, unsetOpts{kustomizeReplicas: []string{"my-deployment"}})
-	assert.False(t, updated)
-	assert.False(t, nothingToUnset)
-
 	assert.Equal(t, 2, len(helmSource.Helm.Parameters))
 	updated, nothingToUnset = unset(helmSource, unsetOpts{parameters: []string{"name-1"}})
 	assert.Equal(t, 1, len(helmSource.Helm.Parameters))
@@ -925,252 +904,22 @@ func Test_unset_nothingToUnset(t *testing.T) {
 	}
 }

-func TestFilterAppResources(t *testing.T) {
-	// App resources
-	var (
-		appReplicaSet1 = v1alpha1.ResourceStatus{
-			Group:     "apps",
-			Kind:      "ReplicaSet",
-			Namespace: "default",
-			Name:      "replicaSet-name1",
-		}
-		appReplicaSet2 = v1alpha1.ResourceStatus{
-			Group:     "apps",
-			Kind:      "ReplicaSet",
-			Namespace: "default",
-			Name:      "replicaSet-name2",
-		}
-		appJob = v1alpha1.ResourceStatus{
-			Group:     "batch",
-			Kind:      "Job",
-			Namespace: "default",
-			Name:      "job-name",
-		}
-		appService1 = v1alpha1.ResourceStatus{
-			Group:     "",
-			Kind:      "Service",
-			Namespace: "default",
-			Name:      "service-name1",
-		}
-		appService2 = v1alpha1.ResourceStatus{
-			Group:     "",
-			Kind:      "Service",
-			Namespace: "default",
-			Name:      "service-name2",
-		}
-		appDeployment = v1alpha1.ResourceStatus{
-			Group:     "apps",
-			Kind:      "Deployment",
-			Namespace: "default",
-			Name:      "deployment-name",
-		}
-	)
-	app := v1alpha1.Application{
-		Status: v1alpha1.ApplicationStatus{
-			Resources: []v1alpha1.ResourceStatus{
-				appReplicaSet1, appReplicaSet2, appJob, appService1, appService2, appDeployment},
-		},
-	}
-	// Resource filters
-	var (
-		blankValues = argoappv1.SyncOperationResource{
-			Group:     "",
-			Kind:      "",
-			Name:      "",
-			Namespace: "",
-			Exclude:   false}
-		// *:*:*
-		includeAllResources = argoappv1.SyncOperationResource{
-			Group:     "*",
-			Kind:      "*",
-			Name:      "*",
-			Namespace: "",
-			Exclude:   false}
-		// !*:*:*
-		excludeAllResources = argoappv1.SyncOperationResource{
-			Group:     "*",
-			Kind:      "*",
-			Name:      "*",
-			Namespace: "",
-			Exclude:   true}
-		// *:Service:*
-		includeAllServiceResources = argoappv1.SyncOperationResource{
-			Group:     "*",
-			Kind:      "Service",
-			Name:      "*",
-			Namespace: "",
-			Exclude:   false}
-		// !*:Service:*
-		excludeAllServiceResources = argoappv1.SyncOperationResource{
-			Group:     "*",
-			Kind:      "Service",
-			Name:      "*",
-			Namespace: "",
-			Exclude:   true}
-		// apps:ReplicaSet:replicaSet-name1
-		includeReplicaSet1Resource = argoappv1.SyncOperationResource{
-			Group:     "apps",
-			Kind:      "ReplicaSet",
-			Name:      "replicaSet-name1",
-			Namespace: "",
-			Exclude:   false}
-		// !apps:ReplicaSet:replicaSet-name2
-		excludeReplicaSet2Resource = argoappv1.SyncOperationResource{
-			Group:     "apps",
-			Kind:      "ReplicaSet",
-			Name:      "replicaSet-name2",
-			Namespace: "",
-			Exclude:   true}
-	)
-
-	// Filtered resources
-	var (
-		replicaSet1 = v1alpha1.SyncOperationResource{
-			Group:     "apps",
-			Kind:      "ReplicaSet",
-			Namespace: "default",
-			Name:      "replicaSet-name1",
-		}
-		replicaSet2 = v1alpha1.SyncOperationResource{
-			Group:     "apps",
-			Kind:      "ReplicaSet",
-			Namespace: "default",
-			Name:      "replicaSet-name2",
-		}
-		job = v1alpha1.SyncOperationResource{
-			Group:     "batch",
-			Kind:      "Job",
-			Namespace: "default",
-			Name:      "job-name",
-		}
-		service1 = v1alpha1.SyncOperationResource{
-			Group:     "",
-			Kind:      "Service",
-			Namespace: "default",
-			Name:      "service-name1",
-		}
-		service2 = v1alpha1.SyncOperationResource{
-			Group:     "",
-			Kind:      "Service",
-			Namespace: "default",
-			Name:      "service-name2",
-		}
-		deployment = v1alpha1.SyncOperationResource{
-			Group:     "apps",
-			Kind:      "Deployment",
-			Namespace: "default",
-			Name:      "deployment-name",
-		}
-	)
-	tests := []struct {
-		testName          string
-		selectedResources []*argoappv1.SyncOperationResource
-		expectedResult    []*argoappv1.SyncOperationResource
-	}{
-		//--resource apps:ReplicaSet:replicaSet-name1 --resource *:Service:*
-		{testName: "Include ReplicaSet replicaSet-name1 resouce and all service resources",
-			selectedResources: []*argoappv1.SyncOperationResource{&includeAllServiceResources, &includeReplicaSet1Resource},
-			expectedResult:    []*argoappv1.SyncOperationResource{&replicaSet1, &service1, &service2},
-		},
-		//--resource apps:ReplicaSet:replicaSet-name1 --resource !*:Service:*
-		{testName: "Include ReplicaSet replicaSet-name1 resouce and exclude all service resources",
-			selectedResources: []*argoappv1.SyncOperationResource{&excludeAllServiceResources, &includeReplicaSet1Resource},
-			expectedResult:    []*argoappv1.SyncOperationResource{&replicaSet1, &replicaSet2, &job, &deployment},
-		},
-		// --resource !apps:ReplicaSet:replicaSet-name2 --resource !*:Service:*
-		{testName: "Exclude ReplicaSet replicaSet-name2 resouce and all service resources",
-			selectedResources: []*argoappv1.SyncOperationResource{&excludeReplicaSet2Resource, &excludeAllServiceResources},
-			expectedResult:    []*argoappv1.SyncOperationResource{&replicaSet1, &replicaSet2, &job, &service1, &service2, &deployment},
-		},
-		// --resource !apps:ReplicaSet:replicaSet-name2
-		{testName: "Exclude ReplicaSet replicaSet-name2 resouce",
-			selectedResources: []*argoappv1.SyncOperationResource{&excludeReplicaSet2Resource},
-			expectedResult:    []*argoappv1.SyncOperationResource{&replicaSet1, &job, &service1, &service2, &deployment},
-		},
-		// --resource apps:ReplicaSet:replicaSet-name1
-		{testName: "Include ReplicaSet replicaSet-name1 resouce",
-			selectedResources: []*argoappv1.SyncOperationResource{&includeReplicaSet1Resource},
-			expectedResult:    []*argoappv1.SyncOperationResource{&replicaSet1},
-		},
-		// --resource !*:Service:*
-		{testName: "Exclude Service resouces",
-			selectedResources: []*argoappv1.SyncOperationResource{&excludeAllServiceResources},
-			expectedResult:    []*argoappv1.SyncOperationResource{&replicaSet1, &replicaSet2, &job, &deployment},
-		},
-		// --resource *:Service:*
-		{testName: "Include Service resouces",
-			selectedResources: []*argoappv1.SyncOperationResource{&includeAllServiceResources},
-			expectedResult:    []*argoappv1.SyncOperationResource{&service1, &service2},
-		},
-		// --resource !*:*:*
-		{testName: "Exclude all resouces",
-			selectedResources: []*argoappv1.SyncOperationResource{&excludeAllResources},
-			expectedResult:    nil,
-		},
-		// --resource *:*:*
-		{testName: "Include all resouces",
-			selectedResources: []*argoappv1.SyncOperationResource{&includeAllResources},
-			expectedResult:    []*argoappv1.SyncOperationResource{&replicaSet1, &replicaSet2, &job, &service1, &service2, &deployment},
-		},
-		{testName: "No Filters",
-			selectedResources: []*argoappv1.SyncOperationResource{&blankValues},
-			expectedResult:    nil,
-		},
-		{testName: "Empty Filter",
-			selectedResources: []*argoappv1.SyncOperationResource{},
-			expectedResult:    nil,
-		},
-	}
-
-	for _, test := range tests {
-		t.Run(test.testName, func(t *testing.T) {
-			filteredResources := filterAppResources(&app, test.selectedResources)
-			assert.Equal(t, test.expectedResult, filteredResources)
-		})
-	}
-}
-
 func TestParseSelectedResources(t *testing.T) {
-	resources := []string{"v1alpha:Application:test",
-		"v1alpha:Application:namespace/test",
-		"!v1alpha:Application:test",
-		"apps:Deployment:default/test",
-		"!*:*:*"}
+	resources := []string{"v1alpha:Application:test", "v1alpha:Application:namespace/test"}
 	operationResources, err := parseSelectedResources(resources)
 	assert.NoError(t, err)
-	assert.Len(t, operationResources, 5)
+	assert.Len(t, operationResources, 2)
 	assert.Equal(t, *operationResources[0], v1alpha1.SyncOperationResource{
 		Namespace: "",
 		Name:      "test",
-		Kind:      application.ApplicationKind,
+		Kind:      "Application",
 		Group:     "v1alpha",
 	})
 	assert.Equal(t, *operationResources[1], v1alpha1.SyncOperationResource{
 		Namespace: "namespace",
 		Name:      "test",
-		Kind:      application.ApplicationKind,
-		Group:     "v1alpha",
-	})
-	assert.Equal(t, *operationResources[2], v1alpha1.SyncOperationResource{
-		Namespace: "",
-		Name:      "test",
 		Kind:      "Application",
 		Group:     "v1alpha",
-		Exclude:   true,
-	})
-	assert.Equal(t, *operationResources[3], v1alpha1.SyncOperationResource{
-		Namespace: "default",
-		Name:      "test",
-		Kind:      "Deployment",
-		Group:     "apps",
-		Exclude:   false,
-	})
-	assert.Equal(t, *operationResources[4], v1alpha1.SyncOperationResource{
-		Namespace: "",
-		Name:      "*",
-		Kind:      "*",
-		Group:     "*",
-		Exclude:   true,
 	})
 }

--- a/cmd/argocd/commands/applicationset.go
+++ b/cmd/argocd/commands/applicationset.go
@@ -345,7 +345,7 @@ func printAppSetSummaryTable(appSet *arogappsetv1.ApplicationSet) {

 	var (
 		syncPolicyStr string
-		syncPolicy    = appSet.Spec.Template.Spec.SyncPolicy
+		syncPolicy = appSet.Spec.Template.Spec.SyncPolicy
 	)
 	if syncPolicy != nil && syncPolicy.Automated != nil {
 		syncPolicyStr = "Automated"
--- a/cmd/argocd/commands/applicationset_test.go
+++ b/cmd/argocd/commands/applicationset_test.go
@@ -1,7 +1,7 @@
 package commands

 import (
-	"io"
+	"io/ioutil"
 	"os"
 	"testing"

@@ -185,7 +185,7 @@ SyncPolicy:         Automated
 			printAppSetSummaryTable(tt.appSet)
 			w.Close()

-			out, err := io.ReadAll(r)
+			out, err := ioutil.ReadAll(r)
 			assert.NoError(t, err)
 			assert.Equal(t, tt.expectedOutput, string(out))
 		})
--- a/cmd/argocd/commands/cluster.go
+++ b/cmd/argocd/commands/cluster.go
@@ -27,17 +27,6 @@ import (
 	"github.com/argoproj/argo-cd/v2/util/text/label"
 )

-const (
-	// type of the cluster ID is 'name'
-	clusterIdTypeName = "name"
-	// cluster field is 'name'
-	clusterFieldName = "name"
-	// cluster field is 'namespaces'
-	clusterFieldNamespaces = "namespaces"
-	// indicates managing all namespaces
-	allNamespaces = "*"
-)
-
 // NewClusterCommand returns a new instance of an `argocd cluster` command
 func NewClusterCommand(clientOpts *argocdclient.ClientOptions, pathOpts *clientcmd.PathOptions) *cobra.Command {
 	var command = &cobra.Command{
@@ -58,10 +47,7 @@ func NewClusterCommand(clientOpts *argocdclient.ClientOptions, pathOpts *clientc

  # Remove a target cluster context from ArgoCD
  argocd cluster rm example-cluster
-
-  # Set a target cluster context from ArgoCD
-  argocd cluster set CLUSTER_NAME --name new-cluster-name --namespace '*'
-  argocd cluster set CLUSTER_NAME --name new-cluster-name --namespace namespace-one --namespace namespace-two`,
+`,
 	}

 	command.AddCommand(NewClusterAddCommand(clientOpts, pathOpts))
@@ -69,7 +55,6 @@ func NewClusterCommand(clientOpts *argocdclient.ClientOptions, pathOpts *clientc
 	command.AddCommand(NewClusterListCommand(clientOpts))
 	command.AddCommand(NewClusterRemoveCommand(clientOpts, pathOpts))
 	command.AddCommand(NewClusterRotateAuthCommand(clientOpts))
-	command.AddCommand(NewClusterSetCommand(clientOpts))
 	return command
 }

@@ -93,17 +78,9 @@ func NewClusterAddCommand(clientOpts *argocdclient.ClientOptions, pathOpts *clie
 				cmdutil.PrintKubeContexts(configAccess)
 				os.Exit(1)
 			}
-
-			if clusterOpts.InCluster && clusterOpts.ClusterEndpoint != "" {
-				log.Fatal("Can only use one of --in-cluster or --cluster-endpoint")
-				return
-			}
-
 			contextName := args[0]
 			conf, err := getRestConfig(pathOpts, contextName)
 			errors.CheckError(err)
-			clientset, err := kubernetes.NewForConfig(conf)
-			errors.CheckError(err)
 			managerBearerToken := ""
 			var awsAuthConf *argoappv1.AWSAuthConfig
 			var execProviderConf *argoappv1.ExecProviderConfig
@@ -122,10 +99,13 @@ func NewClusterAddCommand(clientOpts *argocdclient.ClientOptions, pathOpts *clie
 				}
 			} else {
 				// Install RBAC resources for managing the cluster
+				clientset, err := kubernetes.NewForConfig(conf)
+				errors.CheckError(err)
 				if clusterOpts.ServiceAccount != "" {
 					managerBearerToken, err = clusterauth.GetServiceAccountBearerToken(clientset, clusterOpts.SystemNamespace, clusterOpts.ServiceAccount, common.BearerTokenTimeout)
 				} else {
 					isTerminal := isatty.IsTerminal(os.Stdout.Fd()) || isatty.IsCygwinTerminal(os.Stdout.Fd())
+
 					if isTerminal && !skipConfirmation {
 						accessLevel := "cluster"
 						if len(clusterOpts.Namespaces) > 0 {
@@ -152,18 +132,9 @@ func NewClusterAddCommand(clientOpts *argocdclient.ClientOptions, pathOpts *clie
 				contextName = clusterOpts.Name
 			}
 			clst := cmdutil.NewCluster(contextName, clusterOpts.Namespaces, clusterOpts.ClusterResources, conf, managerBearerToken, awsAuthConf, execProviderConf, labelsMap, annotationsMap)
-			if clusterOpts.InClusterEndpoint() {
+			if clusterOpts.InCluster {
 				clst.Server = argoappv1.KubernetesInternalAPIServerAddr
-			} else if clusterOpts.ClusterEndpoint == string(cmdutil.KubePublicEndpoint) {
-				endpoint, err := cmdutil.GetKubePublicEndpoint(clientset)
-				if err != nil || len(endpoint) == 0 {
-					log.Warnf("Failed to find the cluster endpoint from kube-public data: %v", err)
-					log.Infof("Falling back to the endpoint '%s' as listed in the kubeconfig context", clst.Server)
-					endpoint = clst.Server
-				}
-				clst.Server = endpoint
 			}
-
 			if clusterOpts.Shard >= 0 {
 				clst.Shard = &clusterOpts.Shard
 			}
@@ -214,72 +185,6 @@ func getRestConfig(pathOpts *clientcmd.PathOptions, ctxName string) (*rest.Confi
 	return conf, nil
 }

-// NewClusterSetCommand returns a new instance of an `argocd cluster set` command
-func NewClusterSetCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command {
-	var (
-		clusterOptions cmdutil.ClusterOptions
-		clusterName    string
-	)
-	var command = &cobra.Command{
-		Use:   "set NAME",
-		Short: "Set cluster information",
-		Example: `  # Set cluster information
-  argocd cluster set CLUSTER_NAME --name new-cluster-name --namespace '*'
-  argocd cluster set CLUSTER_NAME --name new-cluster-name --namespace namespace-one --namespace namespace-two`,
-		Run: func(c *cobra.Command, args []string) {
-			ctx := c.Context()
-			if len(args) != 1 {
-				c.HelpFunc()(c, args)
-				os.Exit(1)
-			}
-			// name of the cluster whose fields have to be updated.
-			clusterName = args[0]
-			conn, clusterIf := headless.NewClientOrDie(clientOpts, c).NewClusterClientOrDie()
-			defer io.Close(conn)
-			// checks the fields that needs to be updated
-			updatedFields := checkFieldsToUpdate(clusterOptions)
-			namespaces := clusterOptions.Namespaces
-			// check if all namespaces have to be considered
-			if len(namespaces) == 1 && strings.EqualFold(namespaces[0], allNamespaces) {
-				namespaces[0] = ""
-			}
-			if updatedFields != nil {
-				clusterUpdateRequest := clusterpkg.ClusterUpdateRequest{
-					Cluster: &argoappv1.Cluster{
-						Name:       clusterOptions.Name,
-						Namespaces: namespaces,
-					},
-					UpdatedFields: updatedFields,
-					Id: &clusterpkg.ClusterID{
-						Type:  clusterIdTypeName,
-						Value: clusterName,
-					},
-				}
-				_, err := clusterIf.Update(ctx, &clusterUpdateRequest)
-				errors.CheckError(err)
-				fmt.Printf("Cluster '%s' updated.\n", clusterName)
-			} else {
-				fmt.Print("Specify the cluster field to be updated.\n")
-			}
-		},
-	}
-	command.Flags().StringVar(&clusterOptions.Name, "name", "", "Overwrite the cluster name")
-	command.Flags().StringArrayVar(&clusterOptions.Namespaces, "namespace", nil, "List of namespaces which are allowed to manage. Specify '*' to manage all namespaces")
-	return command
-}
-
-// checkFieldsToUpdate returns the fields that needs to be updated
-func checkFieldsToUpdate(clusterOptions cmdutil.ClusterOptions) []string {
-	var updatedFields []string
-	if clusterOptions.Name != "" {
-		updatedFields = append(updatedFields, clusterFieldName)
-	}
-	if clusterOptions.Namespaces != nil {
-		updatedFields = append(updatedFields, clusterFieldNamespaces)
-	}
-	return updatedFields
-}
-
 // NewClusterGetCommand returns a new instance of an `argocd cluster get` command
 func NewClusterGetCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command {
 	var (
--- a/cmd/argocd/commands/completion.go
+++ b/cmd/argocd/commands/completion.go
@@ -146,7 +146,6 @@ __argocd_custom_func() {
 			;;
 		argocd_cluster_get | \
 		argocd_cluster_rm | \
-		argocd_cluster_set | \
 		argocd_login | \
 		argocd_cluster_add)
 			__argocd_list_servers
@@ -204,13 +203,8 @@ To access completions in your current shell, run
 $ source <(argocd completion bash)
 Alternatively, write it to a file and source in .bash_profile

-For zsh, add the following to your ~/.zshrc file:
-source <(argocd completion zsh)
-compdef _argocd argocd
-
-Optionally, also add the following, in case you are getting errors involving compdef & compinit such as command not found: compdef:
-autoload -Uz compinit
-compinit 
+For zsh, output to a file in a directory referenced by the $fpath shell
+variable.
 `,
 		Run: func(cmd *cobra.Command, args []string) {
 			if len(args) != 1 {
--- a/cmd/argocd/commands/headless/headless.go
+++ b/cmd/argocd/commands/headless/headless.go
@@ -13,8 +13,8 @@ import (
 	"github.com/argoproj/argo-cd/v2/cmd/argocd/commands/initialize"

 	"github.com/alicebob/miniredis/v2"
+	"github.com/go-redis/redis/v8"
 	"github.com/golang/protobuf/ptypes/empty"
-	"github.com/redis/go-redis/v9"
 	log "github.com/sirupsen/logrus"
 	"github.com/spf13/pflag"
 	"k8s.io/apimachinery/pkg/util/runtime"
--- a/cmd/argocd/commands/login.go
+++ b/cmd/argocd/commands/login.go
@@ -12,7 +12,7 @@ import (
 	"strings"
 	"time"

-	"github.com/coreos/go-oidc/v3/oidc"
+	"github.com/coreos/go-oidc"
 	"github.com/golang-jwt/jwt/v4"
 	log "github.com/sirupsen/logrus"
 	"github.com/skratchdot/open-golang/open"
--- a/cmd/argocd/commands/relogin.go
+++ b/cmd/argocd/commands/relogin.go
@@ -4,7 +4,7 @@ import (
 	"fmt"
 	"os"

-	"github.com/coreos/go-oidc/v3/oidc"
+	"github.com/coreos/go-oidc"
 	log "github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"

--- a/cmd/argocd/commands/repo.go
+++ b/cmd/argocd/commands/repo.go
@@ -309,7 +309,7 @@ func NewRepoListCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command {
 		},
 	}
 	command.Flags().StringVarP(&output, "output", "o", "wide", "Output format. One of: json|yaml|wide|url")
-	command.Flags().StringVar(&refresh, "refresh", "", "Force a cache refresh on connection status , must be one of: 'hard'")
+	command.Flags().StringVar(&refresh, "refresh", "", "Force a cache refresh on connection status")
 	return command
 }

@@ -360,6 +360,6 @@ func NewRepoGetCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command {
 		},
 	}
 	command.Flags().StringVarP(&output, "output", "o", "wide", "Output format. One of: json|yaml|wide|url")
-	command.Flags().StringVar(&refresh, "refresh", "", "Force a cache refresh on connection status , must be one of: 'hard'")
+	command.Flags().StringVar(&refresh, "refresh", "", "Force a cache refresh on connection status")
 	return command
 }
--- a/cmd/util/app.go
+++ b/cmd/util/app.go
@@ -64,13 +64,11 @@ type AppOptions struct {
 	jsonnetExtVarCode               []string
 	jsonnetLibs                     []string
 	kustomizeImages                 []string
-	kustomizeReplicas               []string
 	kustomizeVersion                string
 	kustomizeCommonLabels           []string
 	kustomizeCommonAnnotations      []string
 	kustomizeForceCommonLabels      bool
 	kustomizeForceCommonAnnotations bool
-	kustomizeNamespace              string
 	pluginEnvs                      []string
 	Validate                        bool
 	directoryExclude                string
@@ -119,14 +117,12 @@ func AddAppFlags(command *cobra.Command, opts *AppOptions) {
 	command.Flags().StringArrayVar(&opts.jsonnetExtVarCode, "jsonnet-ext-var-code", []string{}, "Jsonnet ext var")
 	command.Flags().StringArrayVar(&opts.jsonnetLibs, "jsonnet-libs", []string{}, "Additional jsonnet libs (prefixed by repoRoot)")
 	command.Flags().StringArrayVar(&opts.kustomizeImages, "kustomize-image", []string{}, "Kustomize images (e.g. --kustomize-image node:8.15.0 --kustomize-image mysql=mariadb,alpine@sha256:24a0c4b4a4c0eb97a1aabb8e29f18e917d05abfe1b7a7c07857230879ce7d3d)")
-	command.Flags().StringArrayVar(&opts.kustomizeReplicas, "kustomize-replica", []string{}, "Kustomize replicas (e.g. --kustomize-replica my-development=2 --kustomize-replica my-statefulset=4)")
 	command.Flags().StringArrayVar(&opts.pluginEnvs, "plugin-env", []string{}, "Additional plugin envs")
 	command.Flags().BoolVar(&opts.Validate, "validate", true, "Validation of repo and cluster")
 	command.Flags().StringArrayVar(&opts.kustomizeCommonLabels, "kustomize-common-label", []string{}, "Set common labels in Kustomize")
 	command.Flags().StringArrayVar(&opts.kustomizeCommonAnnotations, "kustomize-common-annotation", []string{}, "Set common labels in Kustomize")
 	command.Flags().BoolVar(&opts.kustomizeForceCommonLabels, "kustomize-force-common-label", false, "Force common labels in Kustomize")
 	command.Flags().BoolVar(&opts.kustomizeForceCommonAnnotations, "kustomize-force-common-annotation", false, "Force common annotations in Kustomize")
-	command.Flags().StringVar(&opts.kustomizeNamespace, "kustomize-namespace", "", "Kustomize namespace")
 	command.Flags().StringVar(&opts.directoryExclude, "directory-exclude", "", "Set glob expression used to exclude files from application source path")
 	command.Flags().StringVar(&opts.directoryInclude, "directory-include", "", "Set glob expression used to include files from application source path")
 	command.Flags().Int64Var(&opts.retryLimit, "sync-retry-limit", 0, "Max number of allowed sync retries")
@@ -222,12 +218,8 @@ func SetAppSpecOptions(flags *pflag.FlagSet, spec *argoappv1.ApplicationSpec, ap
 			setKustomizeOpt(source, kustomizeOpts{nameSuffix: appOpts.nameSuffix})
 		case "kustomize-image":
 			setKustomizeOpt(source, kustomizeOpts{images: appOpts.kustomizeImages})
-		case "kustomize-replica":
-			setKustomizeOpt(source, kustomizeOpts{replicas: appOpts.kustomizeReplicas})
 		case "kustomize-version":
 			setKustomizeOpt(source, kustomizeOpts{version: appOpts.kustomizeVersion})
-		case "kustomize-namespace":
-			setKustomizeOpt(source, kustomizeOpts{namespace: appOpts.kustomizeNamespace})
 		case "kustomize-common-label":
 			parsedLabels, err := label.Parse(appOpts.kustomizeCommonLabels)
 			errors.CheckError(err)
@@ -336,13 +328,11 @@ type kustomizeOpts struct {
 	namePrefix             string
 	nameSuffix             string
 	images                 []string
-	replicas               []string
 	version                string
 	commonLabels           map[string]string
 	commonAnnotations      map[string]string
 	forceCommonLabels      bool
 	forceCommonAnnotations bool
-	namespace              string
 }

 func setKustomizeOpt(src *argoappv1.ApplicationSource, opts kustomizeOpts) {
@@ -358,9 +348,6 @@ func setKustomizeOpt(src *argoappv1.ApplicationSource, opts kustomizeOpts) {
 	if opts.nameSuffix != "" {
 		src.Kustomize.NameSuffix = opts.nameSuffix
 	}
-	if opts.namespace != "" {
-		src.Kustomize.Namespace = opts.namespace
-	}
 	if opts.commonLabels != nil {
 		src.Kustomize.CommonLabels = opts.commonLabels
 	}
@@ -376,14 +363,6 @@ func setKustomizeOpt(src *argoappv1.ApplicationSource, opts kustomizeOpts) {
 	for _, image := range opts.images {
 		src.Kustomize.MergeImage(argoappv1.KustomizeImage(image))
 	}
-	for _, replica := range opts.replicas {
-		r, err := argoappv1.NewKustomizeReplica(replica)
-		if err != nil {
-			log.Fatal(err)
-		}
-		src.Kustomize.MergeReplica(*r)
-	}
-
 	if src.Kustomize.IsZero() {
 		src.Kustomize = nil
 	}
--- a/cmd/util/app_test.go
+++ b/cmd/util/app_test.go
@@ -10,8 +10,6 @@ import (

 	"github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
 	argoappv1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
-
-	"k8s.io/apimachinery/pkg/util/intstr"
 )

 func Test_setHelmOpt(t *testing.T) {
@@ -88,32 +86,11 @@ func Test_setKustomizeOpt(t *testing.T) {
 		setKustomizeOpt(&src, kustomizeOpts{images: []string{"org/image:v1", "org/image:v2"}})
 		assert.Equal(t, &v1alpha1.ApplicationSourceKustomize{Images: v1alpha1.KustomizeImages{v1alpha1.KustomizeImage("org/image:v2")}}, src.Kustomize)
 	})
-	t.Run("Replicas", func(t *testing.T) {
-		src := v1alpha1.ApplicationSource{}
-		testReplicasString := []string{"my-deployment=2", "my-statefulset=4"}
-		testReplicas := v1alpha1.KustomizeReplicas{
-			{
-				Name:  "my-deployment",
-				Count: intstr.FromInt(2),
-			},
-			{
-				Name:  "my-statefulset",
-				Count: intstr.FromInt(4),
-			},
-		}
-		setKustomizeOpt(&src, kustomizeOpts{replicas: testReplicasString})
-		assert.Equal(t, &v1alpha1.ApplicationSourceKustomize{Replicas: testReplicas}, src.Kustomize)
-	})
 	t.Run("Version", func(t *testing.T) {
 		src := v1alpha1.ApplicationSource{}
 		setKustomizeOpt(&src, kustomizeOpts{version: "v0.1"})
 		assert.Equal(t, &v1alpha1.ApplicationSourceKustomize{Version: "v0.1"}, src.Kustomize)
 	})
-	t.Run("Namespace", func(t *testing.T) {
-		src := v1alpha1.ApplicationSource{}
-		setKustomizeOpt(&src, kustomizeOpts{namespace: "custom-namespace"})
-		assert.Equal(t, &v1alpha1.ApplicationSourceKustomize{Namespace: "custom-namespace"}, src.Kustomize)
-	})
 	t.Run("Common labels", func(t *testing.T) {
 		src := v1alpha1.ApplicationSource{}
 		setKustomizeOpt(&src, kustomizeOpts{commonLabels: map[string]string{"foo1": "bar1", "foo2": "bar2"}})
@@ -214,11 +191,6 @@ func Test_setAppSpecOptions(t *testing.T) {
 		assert.NoError(t, f.SetFlag("sync-retry-limit", "0"))
 		assert.Nil(t, f.spec.SyncPolicy.Retry)
 	})
-	t.Run("Kustomize", func(t *testing.T) {
-		assert.NoError(t, f.SetFlag("kustomize-replica", "my-deployment=2"))
-		assert.NoError(t, f.SetFlag("kustomize-replica", "my-statefulset=4"))
-		assert.Equal(t, f.spec.Source.Kustomize.Replicas, argoappv1.KustomizeReplicas{{Name: "my-deployment", Count: intstr.FromInt(2)}, {Name: "my-statefulset", Count: intstr.FromInt(4)}})
-	})
 }

 func Test_setAnnotations(t *testing.T) {
--- a/cmd/util/cluster.go
+++ b/cmd/util/cluster.go
@@ -1,33 +1,20 @@
 package util

 import (
-	"context"
 	"fmt"
 	"os"
 	"sort"
 	"strings"
 	"text/tabwriter"

-	"github.com/ghodss/yaml"
 	"github.com/spf13/cobra"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/client-go/kubernetes"
 	"k8s.io/client-go/rest"
 	"k8s.io/client-go/tools/clientcmd"
-	clientcmdapiv1 "k8s.io/client-go/tools/clientcmd/api/v1"

 	argoappv1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
 	"github.com/argoproj/argo-cd/v2/util/errors"
 )

-type ClusterEndpoint string
-
-const (
-	KubeConfigEndpoint   ClusterEndpoint = "kubeconfig"
-	KubePublicEndpoint   ClusterEndpoint = "kube-public"
-	KubeInternalEndpoint ClusterEndpoint = "internal"
-)
-
 func PrintKubeContexts(ca clientcmd.ConfigAccess) {
 	config, err := ca.GetStartingConfig()
 	errors.CheckError(err)
@@ -115,30 +102,6 @@ func NewCluster(name string, namespaces []string, clusterResources bool, conf *r
 	return &clst
 }

-// GetKubePublicEndpoint returns the kubernetes apiserver endpoint as published
-// in the kube-public.
-func GetKubePublicEndpoint(client kubernetes.Interface) (string, error) {
-	clusterInfo, err := client.CoreV1().ConfigMaps("kube-public").Get(context.TODO(), "cluster-info", metav1.GetOptions{})
-	if err != nil {
-		return "", err
-	}
-	kubeconfig, ok := clusterInfo.Data["kubeconfig"]
-	if !ok {
-		return "", fmt.Errorf("cluster-info does not contain a public kubeconfig")
-	}
-	// Parse Kubeconfig and get server address
-	config := &clientcmdapiv1.Config{}
-	err = yaml.Unmarshal([]byte(kubeconfig), config)
-	if err != nil {
-		return "", fmt.Errorf("failed to parse cluster-info kubeconfig: %v", err)
-	}
-	if len(config.Clusters) == 0 {
-		return "", fmt.Errorf("cluster-info kubeconfig does not have any clusters")
-	}
-
-	return config.Clusters[0].Cluster.Server, nil
-}
-
 type ClusterOptions struct {
 	InCluster               bool
 	Upsert                  bool
@@ -156,13 +119,6 @@ type ClusterOptions struct {
 	ExecProviderEnv         map[string]string
 	ExecProviderAPIVersion  string
 	ExecProviderInstallHint string
-	ClusterEndpoint         string
-}
-
-// InClusterEndpoint returns true if ArgoCD should reference the in-cluster
-// endpoint when registering the target cluster.
-func (o ClusterOptions) InClusterEndpoint() bool {
-	return o.InCluster || o.ClusterEndpoint == string(KubeInternalEndpoint)
 }

 func AddClusterFlags(command *cobra.Command, opts *ClusterOptions) {
@@ -179,5 +135,4 @@ func AddClusterFlags(command *cobra.Command, opts *ClusterOptions) {
 	command.Flags().StringToStringVar(&opts.ExecProviderEnv, "exec-command-env", nil, "Environment vars to set when running the --exec-command executable")
 	command.Flags().StringVar(&opts.ExecProviderAPIVersion, "exec-command-api-version", "", "Preferred input version of the ExecInfo for the --exec-command executable")
 	command.Flags().StringVar(&opts.ExecProviderInstallHint, "exec-command-install-hint", "", "Text shown to the user when the --exec-command executable doesn't seem to be present")
-	command.Flags().StringVar(&opts.ClusterEndpoint, "cluster-endpoint", "", "Cluster endpoint to use. Can be one of the following: 'kubeconfig', 'kube-public', or 'internal'.")
 }
--- a/cmd/util/cluster_test.go
+++ b/cmd/util/cluster_test.go
@@ -4,14 +4,8 @@ import (
 	"strings"
 	"testing"

-	"github.com/ghodss/yaml"
 	"github.com/stretchr/testify/assert"
-	corev1 "k8s.io/api/core/v1"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/apimachinery/pkg/runtime"
-	"k8s.io/client-go/kubernetes/fake"
 	"k8s.io/client-go/rest"
-	clientcmdapiv1 "k8s.io/client-go/tools/clientcmd/api/v1"

 	"github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
 )
@@ -75,109 +69,3 @@ func Test_newCluster(t *testing.T) {
 	assert.Nil(t, clusterWithBearerToken.Labels)
 	assert.Nil(t, clusterWithBearerToken.Annotations)
 }
-
-func TestGetKubePublicEndpoint(t *testing.T) {
-	cases := []struct {
-		name             string
-		clusterInfo      *corev1.ConfigMap
-		expectedEndpoint string
-		expectError      bool
-	}{
-		{
-			name: "has public endpoint",
-			clusterInfo: &corev1.ConfigMap{
-				ObjectMeta: metav1.ObjectMeta{
-					Namespace: "kube-public",
-					Name:      "cluster-info",
-				},
-				Data: map[string]string{
-					"kubeconfig": kubeconfigFixture("https://test-cluster:6443"),
-				},
-			},
-			expectedEndpoint: "https://test-cluster:6443",
-		},
-		{
-			name:        "no cluster-info",
-			expectError: true,
-		},
-		{
-			name: "no kubeconfig in cluster-info",
-			clusterInfo: &corev1.ConfigMap{
-				ObjectMeta: metav1.ObjectMeta{
-					Namespace: "kube-public",
-					Name:      "cluster-info",
-				},
-				Data: map[string]string{
-					"argo": "the project, not the movie",
-				},
-			},
-			expectError: true,
-		},
-		{
-			name: "no clusters in cluster-info kubeconfig",
-			clusterInfo: &corev1.ConfigMap{
-				ObjectMeta: metav1.ObjectMeta{
-					Namespace: "kube-public",
-					Name:      "cluster-info",
-				},
-				Data: map[string]string{
-					"kubeconfig": kubeconfigFixture(""),
-				},
-			},
-			expectError: true,
-		},
-		{
-			name: "can't parse kubeconfig",
-			clusterInfo: &corev1.ConfigMap{
-				ObjectMeta: metav1.ObjectMeta{
-					Namespace: "kube-public",
-					Name:      "cluster-info",
-				},
-				Data: map[string]string{
-					"kubeconfig": "this is not valid YAML",
-				},
-			},
-			expectError: true,
-		},
-	}
-
-	for _, tc := range cases {
-		t.Run(tc.name, func(t *testing.T) {
-			objects := []runtime.Object{}
-			if tc.clusterInfo != nil {
-				objects = append(objects, tc.clusterInfo)
-			}
-			clientset := fake.NewSimpleClientset(objects...)
-			endpoint, err := GetKubePublicEndpoint(clientset)
-			if err != nil && !tc.expectError {
-				t.Fatalf("unexpected error: %v", err)
-			}
-			if err == nil && tc.expectError {
-				t.Error("expected error to be returned, received none")
-			}
-			if endpoint != tc.expectedEndpoint {
-				t.Errorf("expected endpoint %s, got %s", tc.expectedEndpoint, endpoint)
-			}
-		})
-	}
-
-}
-
-func kubeconfigFixture(endpoint string) string {
-	kubeconfig := &clientcmdapiv1.Config{}
-	if len(endpoint) > 0 {
-		kubeconfig.Clusters = []clientcmdapiv1.NamedCluster{
-			{
-				Name: "test-kube",
-				Cluster: clientcmdapiv1.Cluster{
-					Server: endpoint,
-				},
-			},
-		}
-	}
-	configYAML, err := yaml.Marshal(kubeconfig)
-	if err != nil {
-		return ""
-	}
-	return string(configYAML)
-}
--- a/cmpserver/plugin/config.go
+++ b/cmpserver/plugin/config.go
@@ -22,24 +22,19 @@ type PluginConfig struct {
 }

 type PluginConfigSpec struct {
-	Version          string     `json:"version"`
-	Init             Command    `json:"init,omitempty"`
-	Generate         Command    `json:"generate"`
-	Discover         Discover   `json:"discover"`
-	Parameters       Parameters `yaml:"parameters"`
-	PreserveFileMode bool       `json:"preserveFileMode,omitempty"`
+	Version    string     `json:"version"`
+	Init       Command    `json:"init,omitempty"`
+	Generate   Command    `json:"generate"`
+	Discover   Discover   `json:"discover"`
+	Parameters Parameters `yaml:"parameters"`
 }

-// Discover holds find and fileName
+//Discover holds find and fileName
 type Discover struct {
 	Find     Find   `json:"find"`
 	FileName string `json:"fileName"`
 }

-func (d Discover) IsDefined() bool {
-	return d.FileName != "" || d.Find.Glob != "" || len(d.Find.Command.Command) > 0
-}
-
 // Command holds binary path and arguments list
 type Command struct {
 	Command []string `json:"command,omitempty"`
--- a/cmpserver/plugin/plugin.go
+++ b/cmpserver/plugin/plugin.go
@@ -24,7 +24,6 @@ import (
 	"github.com/argoproj/argo-cd/v2/util/io/files"

 	"github.com/argoproj/gitops-engine/pkg/utils/kube"
-	"github.com/cyphar/filepath-securejoin"
 	"github.com/mattn/go-zglob"
 	log "github.com/sirupsen/logrus"
 )
@@ -97,14 +96,6 @@ func runCommand(ctx context.Context, command Command, path string, env []string)
 		<-ctx.Done()
 		// Kill by group ID to make sure child processes are killed. The - tells `kill` that it's a group ID.
 		// Since we didn't set Pgid in SysProcAttr, the group ID is the same as the process ID. https://pkg.go.dev/syscall#SysProcAttr
-
-		// Sending a TERM signal first to allow any potential cleanup if needed, and then sending a KILL signal
-		_ = sysCallTerm(-cmd.Process.Pid)
-
-		// modify cleanup timeout to allow process to cleanup
-		cleanupTimeout := 5 * time.Second
-		time.Sleep(cleanupTimeout)
-
 		_ = sysCallKill(-cmd.Process.Pid)
 	}()

@@ -120,12 +111,6 @@ func runCommand(ctx context.Context, command Command, path string, env []string)
 		logCtx.Error(err.Error())
 		return strings.TrimSuffix(output, "\n"), err
 	}
-	if len(output) == 0 {
-		log.WithFields(log.Fields{
-			"stderr":  stderr.String(),
-			"command": command,
-		}).Warn("Plugin command returned zero output")
-	}

 	return strings.TrimSuffix(output, "\n"), nil
 }
@@ -191,7 +176,7 @@ func getTempDirMustCleanup(baseDir string) (workDir string, cleanup func(), err
 		if err := os.RemoveAll(workDir); err != nil {
 			log.WithFields(map[string]interface{}{
 				common.SecurityField:    common.SecurityHigh,
-				common.SecurityCWEField: common.SecurityCWEIncompleteCleanup,
+				common.SecurityCWEField: 459,
 			}).Errorf("Failed to clean up temp directory: %s", err)
 		}
 	}
@@ -222,7 +207,7 @@ func (s *Service) generateManifestGeneric(stream GenerateManifestStream) error {
 	}
 	defer cleanup()

-	metadata, err := cmp.ReceiveRepoStream(ctx, stream, workDir, s.initConstants.PluginConfig.Spec.PreserveFileMode)
+	metadata, err := cmp.ReceiveRepoStream(ctx, stream, workDir)
 	if err != nil {
 		return fmt.Errorf("generate manifest error receiving stream: %w", err)
 	}
@@ -306,12 +291,12 @@ func (s *Service) matchRepositoryGeneric(stream MatchRepositoryStream) error {
 	}
 	defer cleanup()

-	metadata, err := cmp.ReceiveRepoStream(bufferedCtx, stream, workDir, s.initConstants.PluginConfig.Spec.PreserveFileMode)
+	metadata, err := cmp.ReceiveRepoStream(bufferedCtx, stream, workDir)
 	if err != nil {
 		return fmt.Errorf("match repository error receiving stream: %w", err)
 	}

-	isSupported, isDiscoveryEnabled, err := s.matchRepository(bufferedCtx, workDir, metadata.GetEnv(), metadata.GetAppRelPath())
+	isSupported, isDiscoveryEnabled, err := s.matchRepository(bufferedCtx, workDir, metadata.GetEnv())
 	if err != nil {
 		return fmt.Errorf("match repository error: %w", err)
 	}
@@ -324,20 +309,12 @@ func (s *Service) matchRepositoryGeneric(stream MatchRepositoryStream) error {
 	return nil
 }

-func (s *Service) matchRepository(ctx context.Context, workdir string, envEntries []*apiclient.EnvEntry, appRelPath string) (isSupported bool, isDiscoveryEnabled bool, err error) {
+func (s *Service) matchRepository(ctx context.Context, workdir string, envEntries []*apiclient.EnvEntry) (isSupported bool, isDiscoveryEnabled bool, err error) {
 	config := s.initConstants.PluginConfig

-	appPath, err := securejoin.SecureJoin(workdir, appRelPath)
-	if err != nil {
-		log.WithFields(map[string]interface{}{
-			common.SecurityField:    common.SecurityHigh,
-			common.SecurityCWEField: common.SecurityCWEIncompleteCleanup,
-		}).Errorf("error joining workdir %q and appRelPath %q: %v", workdir, appRelPath, err)
-	}
-
 	if config.Spec.Discover.FileName != "" {
 		log.Debugf("config.Spec.Discover.FileName is provided")
-		pattern := filepath.Join(appPath, config.Spec.Discover.FileName)
+		pattern := filepath.Join(workdir, config.Spec.Discover.FileName)
 		matches, err := filepath.Glob(pattern)
 		if err != nil {
 			e := fmt.Errorf("error finding filename match for pattern %q: %w", pattern, err)
@@ -349,7 +326,7 @@ func (s *Service) matchRepository(ctx context.Context, workdir string, envEntrie

 	if config.Spec.Discover.Find.Glob != "" {
 		log.Debugf("config.Spec.Discover.Find.Glob is provided")
-		pattern := filepath.Join(appPath, config.Spec.Discover.Find.Glob)
+		pattern := filepath.Join(workdir, config.Spec.Discover.Find.Glob)
 		// filepath.Glob doesn't have '**' support hence selecting third-party lib
 		// https://github.com/golang/go/issues/11862
 		matches, err := zglob.Glob(pattern)
@@ -365,7 +342,7 @@ func (s *Service) matchRepository(ctx context.Context, workdir string, envEntrie
 	if len(config.Spec.Discover.Find.Command.Command) > 0 {
 		log.Debugf("Going to try runCommand.")
 		env := append(os.Environ(), environ(envEntries)...)
-		find, err := runCommand(ctx, config.Spec.Discover.Find.Command, appPath, env)
+		find, err := runCommand(ctx, config.Spec.Discover.Find.Command, workdir, env)
 		if err != nil {
 			return false, true, fmt.Errorf("error running find command: %w", err)
 		}
@@ -392,7 +369,7 @@ func (s *Service) GetParametersAnnouncement(stream apiclient.ConfigManagementPlu
 	}
 	defer cleanup()

-	metadata, err := cmp.ReceiveRepoStream(bufferedCtx, stream, workDir, s.initConstants.PluginConfig.Spec.PreserveFileMode)
+	metadata, err := cmp.ReceiveRepoStream(bufferedCtx, stream, workDir)
 	if err != nil {
 		return fmt.Errorf("parameters announcement error receiving stream: %w", err)
 	}
--- a/cmpserver/plugin/plugin_test.go
+++ b/cmpserver/plugin/plugin_test.go
@@ -100,7 +100,7 @@ func TestMatchRepository(t *testing.T) {
 		f := setup(t, withDiscover(d))

 		// when
-		match, discovery, err := f.service.matchRepository(context.Background(), f.path, f.env, ".")
+		match, discovery, err := f.service.matchRepository(context.Background(), f.path, f.env)

 		// then
 		assert.NoError(t, err)
@@ -115,7 +115,7 @@ func TestMatchRepository(t *testing.T) {
 		f := setup(t, withDiscover(d))

 		// when
-		match, discovery, err := f.service.matchRepository(context.Background(), f.path, f.env, ".")
+		match, discovery, err := f.service.matchRepository(context.Background(), f.path, f.env)

 		// then
 		assert.NoError(t, err)
@@ -130,7 +130,7 @@ func TestMatchRepository(t *testing.T) {
 		f := setup(t, withDiscover(d))

 		// when
-		_, _, err := f.service.matchRepository(context.Background(), f.path, f.env, ".")
+		_, _, err := f.service.matchRepository(context.Background(), f.path, f.env)

 		// then
 		assert.ErrorContains(t, err, "syntax error")
@@ -145,7 +145,7 @@ func TestMatchRepository(t *testing.T) {
 		f := setup(t, withDiscover(d))

 		// when
-		match, discovery, err := f.service.matchRepository(context.Background(), f.path, f.env, ".")
+		match, discovery, err := f.service.matchRepository(context.Background(), f.path, f.env)

 		// then
 		assert.NoError(t, err)
@@ -162,7 +162,7 @@ func TestMatchRepository(t *testing.T) {
 		f := setup(t, withDiscover(d))

 		// when
-		match, discovery, err := f.service.matchRepository(context.Background(), f.path, f.env, ".")
+		match, discovery, err := f.service.matchRepository(context.Background(), f.path, f.env)

 		// then
 		assert.NoError(t, err)
@@ -179,7 +179,7 @@ func TestMatchRepository(t *testing.T) {
 		f := setup(t, withDiscover(d))

 		// when
-		_, _, err := f.service.matchRepository(context.Background(), f.path, f.env, ".")
+		_, _, err := f.service.matchRepository(context.Background(), f.path, f.env)

 		// then
 		assert.ErrorContains(t, err, "error finding glob match for pattern")
@@ -196,7 +196,7 @@ func TestMatchRepository(t *testing.T) {
 		f := setup(t, withDiscover(d))

 		// when
-		match, discovery, err := f.service.matchRepository(context.Background(), f.path, f.env, ".")
+		match, discovery, err := f.service.matchRepository(context.Background(), f.path, f.env)

 		// then
 		assert.NoError(t, err)
@@ -215,7 +215,7 @@ func TestMatchRepository(t *testing.T) {
 		f := setup(t, withDiscover(d))

 		// when
-		match, discovery, err := f.service.matchRepository(context.Background(), f.path, f.env, ".")
+		match, discovery, err := f.service.matchRepository(context.Background(), f.path, f.env)
 		// then
 		assert.NoError(t, err)
 		assert.False(t, match)
@@ -233,7 +233,7 @@ func TestMatchRepository(t *testing.T) {
 		f := setup(t, withDiscover(d))

 		// when
-		match, discovery, err := f.service.matchRepository(context.Background(), f.path, f.env, ".")
+		match, discovery, err := f.service.matchRepository(context.Background(), f.path, f.env)

 		// then
 		assert.NoError(t, err)
@@ -253,7 +253,7 @@ func TestMatchRepository(t *testing.T) {
 		f := setup(t, withDiscover(d))

 		// when
-		match, discovery, err := f.service.matchRepository(context.Background(), f.path, f.env, ".")
+		match, discovery, err := f.service.matchRepository(context.Background(), f.path, f.env)

 		// then
 		assert.NoError(t, err)
@@ -272,7 +272,7 @@ func TestMatchRepository(t *testing.T) {
 		f := setup(t, withDiscover(d))

 		// when
-		match, discovery, err := f.service.matchRepository(context.Background(), f.path, f.env, ".")
+		match, discovery, err := f.service.matchRepository(context.Background(), f.path, f.env)

 		// then
 		assert.Error(t, err)
@@ -285,7 +285,7 @@ func TestMatchRepository(t *testing.T) {
 		f := setup(t, withDiscover(d))

 		// when
-		match, discovery, err := f.service.matchRepository(context.Background(), f.path, f.env, ".")
+		match, discovery, err := f.service.matchRepository(context.Background(), f.path, f.env)

 		// then
 		assert.NoError(t, err)
@@ -369,28 +369,6 @@ func TestRunCommandEmptyCommand(t *testing.T) {
 	assert.ErrorContains(t, err, "Command is empty")
 }

-// TestRunCommandContextTimeoutWithGracefulTermination makes sure that the process is given enough time to cleanup before sending SIGKILL.
-func TestRunCommandContextTimeoutWithCleanup(t *testing.T) {
-	ctx, cancel := context.WithTimeout(context.Background(), 900*time.Millisecond)
-	defer cancel()
-
-	// Use a subshell so there's a child command.
-	// This command sleeps for 4 seconds which is currently less than the 5 second delay between SIGTERM and SIGKILL signal and then exits successfully.
-	command := Command{
-		Command: []string{"sh", "-c"},
-		Args:    []string{`(trap 'echo "cleanup completed"; exit' TERM; sleep 4)`},
-	}
-
-	before := time.Now()
-	output, err := runCommand(ctx, command, "", []string{})
-	after := time.Now()
-
-	assert.Error(t, err) // The command should time out, causing an error.
-	assert.Less(t, after.Sub(before), 1*time.Second)
-	// The command should still have completed the cleanup after termination.
-	assert.Contains(t, output, "cleanup completed")
-}
-
 func Test_getParametersAnnouncement_empty_command(t *testing.T) {
 	staticYAML := `
 - name: static-a
--- a/cmpserver/plugin/plugin_unix.go
+++ b/cmpserver/plugin/plugin_unix.go
@@ -14,7 +14,3 @@ func newSysProcAttr(setpgid bool) *syscall.SysProcAttr {
 func sysCallKill(pid int) error {
 	return syscall.Kill(pid, syscall.SIGKILL)
 }
-
-func sysCallTerm(pid int) error {
-	return syscall.Kill(pid, syscall.SIGTERM)
-}
--- a/cmpserver/plugin/plugin_windows.go
+++ b/cmpserver/plugin/plugin_windows.go
@@ -14,7 +14,3 @@ func newSysProcAttr(setpgid bool) *syscall.SysProcAttr {
 func sysCallKill(pid int) error {
 	return nil
 }
-
-func sysCallTerm(pid int) error {
-	return nil
-}
--- a/common/common.go
+++ b/common/common.go
@@ -159,10 +159,6 @@ const (
 	// Ex: "http://grafana.example.com/d/yu5UH4MMz/deployments"
 	// Ex: "Go to Dashboard|http://grafana.example.com/d/yu5UH4MMz/deployments"
 	AnnotationKeyLinkPrefix = "link.argocd.argoproj.io/"
-
-	// AnnotationKeyAppSkipReconcile tells the Application to skip the Application controller reconcile.
-	// Skip reconcile when the value is "true" or any other string values that can be strconv.ParseBool() to be true.
-	AnnotationKeyAppSkipReconcile = "argocd.argoproj.io/skip-reconcile"
 )

 // Environment variables for tuning and debugging Argo CD
@@ -309,16 +305,13 @@ const (

 // Security severity logging
 const (
-	SecurityField = "security"
-	// SecurityCWEField is the logs field for the CWE associated with a log line. CWE stands for Common Weakness Enumeration. See https://cwe.mitre.org/
-	SecurityCWEField                          = "CWE"
-	SecurityCWEIncompleteCleanup              = 459
-	SecurityCWEMissingReleaseOfFileDescriptor = 775
-	SecurityEmergency                         = 5 // Indicates unmistakably malicious events that should NEVER occur accidentally and indicates an active attack (i.e. brute forcing, DoS)
-	SecurityCritical                          = 4 // Indicates any malicious or exploitable event that had a side effect (i.e. secrets being left behind on the filesystem)
-	SecurityHigh                              = 3 // Indicates likely malicious events but one that had no side effects or was blocked (i.e. out of bounds symlinks in repos)
-	SecurityMedium                            = 2 // Could indicate malicious events, but has a high likelihood of being user/system error (i.e. access denied)
-	SecurityLow                               = 1 // Unexceptional entries (i.e. successful access logs)
+	SecurityField     = "security"
+	SecurityCWEField  = "CWE"
+	SecurityEmergency = 5 // Indicates unmistakably malicious events that should NEVER occur accidentally and indicates an active attack (i.e. brute forcing, DoS)
+	SecurityCritical  = 4 // Indicates any malicious or exploitable event that had a side effect (i.e. secrets being left behind on the filesystem)
+	SecurityHigh      = 3 // Indicates likely malicious events but one that had no side effects or was blocked (i.e. out of bounds symlinks in repos)
+	SecurityMedium    = 2 // Could indicate malicious events, but has a high likelihood of being user/system error (i.e. access denied)
+	SecurityLow       = 1 // Unexceptional entries (i.e. successful access logs)
 )

 // Common error messages
--- a/controller/appcontroller.go
+++ b/controller/appcontroller.go
@@ -18,7 +18,6 @@ import (
 	"github.com/argoproj/gitops-engine/pkg/diff"
 	"github.com/argoproj/gitops-engine/pkg/health"
 	synccommon "github.com/argoproj/gitops-engine/pkg/sync/common"
-	resourceutil "github.com/argoproj/gitops-engine/pkg/sync/resource"
 	"github.com/argoproj/gitops-engine/pkg/utils/kube"
 	jsonpatch "github.com/evanphx/json-patch"
 	log "github.com/sirupsen/logrus"
@@ -38,7 +37,6 @@ import (
 	"k8s.io/client-go/tools/cache"
 	"k8s.io/client-go/util/workqueue"

-	"github.com/argoproj/argo-cd/v2/common"
 	statecache "github.com/argoproj/argo-cd/v2/controller/cache"
 	"github.com/argoproj/argo-cd/v2/controller/metrics"
 	"github.com/argoproj/argo-cd/v2/pkg/apis/application"
@@ -53,7 +51,6 @@ import (
 	"github.com/argoproj/argo-cd/v2/util/db"
 	"github.com/argoproj/argo-cd/v2/util/errors"
 	"github.com/argoproj/argo-cd/v2/util/glob"
-	"github.com/argoproj/argo-cd/v2/util/helm"
 	logutils "github.com/argoproj/argo-cd/v2/util/log"
 	settings_util "github.com/argoproj/argo-cd/v2/util/settings"
 )
@@ -420,7 +417,7 @@ func (ctrl *ApplicationController) getResourceTree(a *appv1.Application, managed
 	nodes := make([]appv1.ResourceNode, 0)
 	proj, err := ctrl.getAppProj(a)
 	if err != nil {
-		return nil, fmt.Errorf("failed to get project: %w", err)
+		return nil, err
 	}

 	orphanedNodesMap := make(map[kube.ResourceKey]appv1.ResourceNode)
@@ -428,7 +425,7 @@ func (ctrl *ApplicationController) getResourceTree(a *appv1.Application, managed
 	if proj.Spec.OrphanedResources != nil {
 		orphanedNodesMap, err = ctrl.stateCache.GetNamespaceTopLevelResources(a.Spec.Destination.Server, a.Spec.Destination.Namespace)
 		if err != nil {
-			return nil, fmt.Errorf("failed to get namespace top-level resources: %w", err)
+			return nil, err
 		}
 		warnOrphaned = proj.Spec.OrphanedResources.IsWarn()
 	}
@@ -438,12 +435,12 @@ func (ctrl *ApplicationController) getResourceTree(a *appv1.Application, managed
 		var live = &unstructured.Unstructured{}
 		err := json.Unmarshal([]byte(managedResource.LiveState), &live)
 		if err != nil {
-			return nil, fmt.Errorf("failed to unmarshal live state of managed resources: %w", err)
+			return nil, err
 		}
 		var target = &unstructured.Unstructured{}
 		err = json.Unmarshal([]byte(managedResource.TargetState), &target)
 		if err != nil {
-			return nil, fmt.Errorf("failed to unmarshal target state of managed resources: %w", err)
+			return nil, err
 		}

 		if live == nil {
@@ -459,11 +456,7 @@ func (ctrl *ApplicationController) getResourceTree(a *appv1.Application, managed
 		} else {
 			err := ctrl.stateCache.IterateHierarchy(a.Spec.Destination.Server, kube.GetResourceKey(live), func(child appv1.ResourceNode, appName string) bool {
 				permitted, _ := proj.IsResourcePermitted(schema.GroupKind{Group: child.ResourceRef.Group, Kind: child.ResourceRef.Kind}, child.Namespace, a.Spec.Destination, func(project string) ([]*appv1.Cluster, error) {
-					clusters, err := ctrl.db.GetProjectClusters(context.TODO(), project)
-					if err != nil {
-						return nil, fmt.Errorf("failed to get project clusters: %w", err)
-					}
-					return clusters, nil
+					return ctrl.db.GetProjectClusters(context.TODO(), project)
 				})
 				if !permitted {
 					return false
@@ -472,7 +465,7 @@ func (ctrl *ApplicationController) getResourceTree(a *appv1.Application, managed
 				return true
 			})
 			if err != nil {
-				return nil, fmt.Errorf("failed to iterate resource hierarchy: %w", err)
+				return nil, err
 			}
 		}
 	}
@@ -521,7 +514,7 @@ func (ctrl *ApplicationController) getResourceTree(a *appv1.Application, managed

 	hosts, err := ctrl.getAppHosts(a, nodes)
 	if err != nil {
-		return nil, fmt.Errorf("failed to get app hosts: %w", err)
+		return nil, err
 	}
 	return &appv1.ApplicationTree{Nodes: nodes, OrphanedNodes: orphanedNodes, Hosts: hosts}, nil
 }
@@ -840,7 +833,7 @@ func (ctrl *ApplicationController) processAppOperationQueueItem() (processNext b
 				Message: err.Error(),
 			})
 			message := fmt.Sprintf("Unable to delete application resources: %v", err.Error())
-			ctrl.auditLogger.LogAppEvent(app, argo.EventInfo{Reason: argo.EventReasonStatusRefreshed, Type: v1.EventTypeWarning}, message, "")
+			ctrl.auditLogger.LogAppEvent(app, argo.EventInfo{Reason: argo.EventReasonStatusRefreshed, Type: v1.EventTypeWarning}, message)
 		}
 	}
 	return
@@ -944,9 +937,7 @@ func (ctrl *ApplicationController) removeProjectFinalizer(proj *appv1.AppProject

 // shouldBeDeleted returns whether a given resource obj should be deleted on cascade delete of application app
 func (ctrl *ApplicationController) shouldBeDeleted(app *appv1.Application, obj *unstructured.Unstructured) bool {
-	return !kube.IsCRD(obj) && !isSelfReferencedApp(app, kube.GetObjectRef(obj)) &&
-		!resourceutil.HasAnnotationOption(obj, synccommon.AnnotationSyncOptions, synccommon.SyncOptionDisableDeletion) &&
-		!resourceutil.HasAnnotationOption(obj, helm.ResourcePolicyAnnotation, helm.ResourcePolicyKeep)
+	return !kube.IsCRD(obj) && !isSelfReferencedApp(app, kube.GetObjectRef(obj))
 }

 func (ctrl *ApplicationController) getPermittedAppLiveObjects(app *appv1.Application, proj *appv1.AppProject, projectClusters func(project string) ([]*appv1.Cluster, error)) (map[kube.ResourceKey]*unstructured.Unstructured, error) {
@@ -1240,44 +1231,40 @@ func (ctrl *ApplicationController) processRequestedAppOperation(app *appv1.Appli
 }

 func (ctrl *ApplicationController) setOperationState(app *appv1.Application, state *appv1.OperationState) {
-	logCtx := log.WithFields(log.Fields{"application": app.Name, "appNamespace": app.Namespace, "project": app.Spec.Project})
-
-	if state.Phase == "" {
-		// expose any bugs where we neglect to set phase
-		panic("no phase was set")
-	}
-	if state.Phase.Completed() {
-		now := metav1.Now()
-		state.FinishedAt = &now
-	}
-	patch := map[string]interface{}{
-		"status": map[string]interface{}{
-			"operationState": state,
-		},
-	}
-	if state.Phase.Completed() {
-		// If operation is completed, clear the operation field to indicate no operation is
-		// in progress.
-		patch["operation"] = nil
-	}
-	if reflect.DeepEqual(app.Status.OperationState, state) {
-		logCtx.Infof("No operation updates necessary to '%s'. Skipping patch", app.QualifiedName())
-		return
-	}
-	patchJSON, err := json.Marshal(patch)
-	if err != nil {
-		logCtx.Errorf("error marshaling json: %v", err)
-		return
-	}
-	if app.Status.OperationState != nil && app.Status.OperationState.FinishedAt != nil && state.FinishedAt == nil {
-		patchJSON, err = jsonpatch.MergeMergePatches(patchJSON, []byte(`{"status": {"operationState": {"finishedAt": null}}}`))
-		if err != nil {
-			logCtx.Errorf("error merging operation state patch: %v", err)
-			return
-		}
-	}
-
 	kube.RetryUntilSucceed(context.Background(), updateOperationStateTimeout, "Update application operation state", logutils.NewLogrusLogger(logutils.NewWithCurrentConfig()), func() error {
+		if state.Phase == "" {
+			// expose any bugs where we neglect to set phase
+			panic("no phase was set")
+		}
+		if state.Phase.Completed() {
+			now := metav1.Now()
+			state.FinishedAt = &now
+		}
+		patch := map[string]interface{}{
+			"status": map[string]interface{}{
+				"operationState": state,
+			},
+		}
+		if state.Phase.Completed() {
+			// If operation is completed, clear the operation field to indicate no operation is
+			// in progress.
+			patch["operation"] = nil
+		}
+		if reflect.DeepEqual(app.Status.OperationState, state) {
+			log.Infof("No operation updates necessary to '%s'. Skipping patch", app.QualifiedName())
+			return nil
+		}
+		patchJSON, err := json.Marshal(patch)
+		if err != nil {
+			return fmt.Errorf("error marshaling json: %w", err)
+		}
+		if app.Status.OperationState != nil && app.Status.OperationState.FinishedAt != nil && state.FinishedAt == nil {
+			patchJSON, err = jsonpatch.MergeMergePatches(patchJSON, []byte(`{"status": {"operationState": {"finishedAt": null}}}`))
+			if err != nil {
+				return fmt.Errorf("error merging operation state patch: %w", err)
+			}
+		}
+
 		appClient := ctrl.applicationClientset.ArgoprojV1alpha1().Applications(app.Namespace)
 		_, err = appClient.Patch(context.Background(), app.Name, types.MergePatchType, patchJSON, metav1.PatchOptions{})
 		if err != nil {
@@ -1285,36 +1272,32 @@ func (ctrl *ApplicationController) setOperationState(app *appv1.Application, sta
 			if apierr.IsNotFound(err) {
 				return nil
 			}
-			// kube.RetryUntilSucceed logs failed attempts at "debug" level, but we want to know if this fails. Log a
-			// warning.
-			logCtx.Warnf("error patching application with operation state: %v", err)
 			return fmt.Errorf("error patching application with operation state: %w", err)
 		}
+		log.Infof("updated '%s' operation (phase: %s)", app.QualifiedName(), state.Phase)
+		if state.Phase.Completed() {
+			eventInfo := argo.EventInfo{Reason: argo.EventReasonOperationCompleted}
+			var messages []string
+			if state.Operation.Sync != nil && len(state.Operation.Sync.Resources) > 0 {
+				messages = []string{"Partial sync operation"}
+			} else {
+				messages = []string{"Sync operation"}
+			}
+			if state.SyncResult != nil {
+				messages = append(messages, "to", state.SyncResult.Revision)
+			}
+			if state.Phase.Successful() {
+				eventInfo.Type = v1.EventTypeNormal
+				messages = append(messages, "succeeded")
+			} else {
+				eventInfo.Type = v1.EventTypeWarning
+				messages = append(messages, "failed:", state.Message)
+			}
+			ctrl.auditLogger.LogAppEvent(app, eventInfo, strings.Join(messages, " "))
+			ctrl.metricsServer.IncSync(app, state)
+		}
 		return nil
 	})
-
-	logCtx.Infof("updated '%s' operation (phase: %s)", app.QualifiedName(), state.Phase)
-	if state.Phase.Completed() {
-		eventInfo := argo.EventInfo{Reason: argo.EventReasonOperationCompleted}
-		var messages []string
-		if state.Operation.Sync != nil && len(state.Operation.Sync.Resources) > 0 {
-			messages = []string{"Partial sync operation"}
-		} else {
-			messages = []string{"Sync operation"}
-		}
-		if state.SyncResult != nil {
-			messages = append(messages, "to", state.SyncResult.Revision)
-		}
-		if state.Phase.Successful() {
-			eventInfo.Type = v1.EventTypeNormal
-			messages = append(messages, "succeeded")
-		} else {
-			eventInfo.Type = v1.EventTypeWarning
-			messages = append(messages, "failed:", state.Message)
-		}
-		ctrl.auditLogger.LogAppEvent(app, eventInfo, strings.Join(messages, " "), "")
-		ctrl.metricsServer.IncSync(app, state)
-	}
 }

 func (ctrl *ApplicationController) processAppRefreshQueueItem() (processNext bool) {
@@ -1373,7 +1356,7 @@ func (ctrl *ApplicationController) processAppRefreshQueueItem() (processNext boo
 		} else {
 			var tree *appv1.ApplicationTree
 			if tree, err = ctrl.getResourceTree(app, managedResources); err == nil {
-				app.Status.Summary = tree.GetSummary(app)
+				app.Status.Summary = tree.GetSummary()
 				if err := ctrl.cache.SetAppResourcesTree(app.InstanceName(ctrl.namespace), tree); err != nil {
 					logCtx.Errorf("Failed to cache resources tree: %v", err)
 					return
@@ -1447,7 +1430,7 @@ func (ctrl *ApplicationController) processAppRefreshQueueItem() (processNext boo
 	if err != nil {
 		logCtx.Errorf("Failed to cache app resources: %v", err)
 	} else {
-		app.Status.Summary = tree.GetSummary(app)
+		app.Status.Summary = tree.GetSummary()
 	}

 	if project.Spec.SyncWindows.Matches(app).CanSync(false) {
@@ -1490,7 +1473,7 @@ func currentSourceEqualsSyncedSource(app *appv1.Application) bool {
 	if app.Spec.HasMultipleSources() {
 		return app.Spec.Sources.Equals(app.Status.Sync.ComparedTo.Sources)
 	}
-	return app.Spec.Source.Equals(&app.Status.Sync.ComparedTo.Source)
+	return app.Spec.Source.Equals(app.Status.Sync.ComparedTo.Source)
 }

 // needRefreshAppStatus answers if application status needs to be refreshed.
@@ -1593,11 +1576,11 @@ func (ctrl *ApplicationController) persistAppStatus(orig *appv1.Application, new
 	logCtx := log.WithFields(log.Fields{"application": orig.QualifiedName()})
 	if orig.Status.Sync.Status != newStatus.Sync.Status {
 		message := fmt.Sprintf("Updated sync status: %s -> %s", orig.Status.Sync.Status, newStatus.Sync.Status)
-		ctrl.auditLogger.LogAppEvent(orig, argo.EventInfo{Reason: argo.EventReasonResourceUpdated, Type: v1.EventTypeNormal}, message, "")
+		ctrl.auditLogger.LogAppEvent(orig, argo.EventInfo{Reason: argo.EventReasonResourceUpdated, Type: v1.EventTypeNormal}, message)
 	}
 	if orig.Status.Health.Status != newStatus.Health.Status {
 		message := fmt.Sprintf("Updated health status: %s -> %s", orig.Status.Health.Status, newStatus.Health.Status)
-		ctrl.auditLogger.LogAppEvent(orig, argo.EventInfo{Reason: argo.EventReasonResourceUpdated, Type: v1.EventTypeNormal}, message, "")
+		ctrl.auditLogger.LogAppEvent(orig, argo.EventInfo{Reason: argo.EventReasonResourceUpdated, Type: v1.EventTypeNormal}, message)
 	}
 	var newAnnotations map[string]string
 	if orig.GetAnnotations() != nil {
@@ -1732,7 +1715,7 @@ func (ctrl *ApplicationController) autoSync(app *appv1.Application, syncStatus *
 		return &appv1.ApplicationCondition{Type: appv1.ApplicationConditionSyncError, Message: err.Error()}
 	}
 	message := fmt.Sprintf("Initiated automated sync to '%s'", desiredCommitSHA)
-	ctrl.auditLogger.LogAppEvent(app, argo.EventInfo{Reason: argo.EventReasonOperationStarted, Type: v1.EventTypeNormal}, message, "")
+	ctrl.auditLogger.LogAppEvent(app, argo.EventInfo{Reason: argo.EventReasonOperationStarted, Type: v1.EventTypeNormal}, message)
 	logCtx.Info(message)
 	return nil
 }
@@ -1802,20 +1785,6 @@ func (ctrl *ApplicationController) canProcessApp(obj interface{}) bool {
 		return false
 	}

-	if annotations := app.GetAnnotations(); annotations != nil {
-		if skipVal, ok := annotations[common.AnnotationKeyAppSkipReconcile]; ok {
-			logCtx := log.WithFields(log.Fields{"application": app.QualifiedName()})
-			if skipReconcile, err := strconv.ParseBool(skipVal); err == nil {
-				if skipReconcile {
-					logCtx.Debugf("Skipping Application reconcile based on annotation %s", common.AnnotationKeyAppSkipReconcile)
-					return false
-				}
-			} else {
-				logCtx.Debugf("Unable to determine if Application should skip reconcile based on annotation %s: %v", common.AnnotationKeyAppSkipReconcile, err)
-			}
-		}
-	}
-
 	if ctrl.clusterFilter != nil {
 		cluster, err := ctrl.db.GetCluster(context.Background(), app.Spec.Destination.Server)
 		if err != nil {
--- a/controller/appcontroller_test.go
+++ b/controller/appcontroller_test.go
@@ -3,11 +3,9 @@ package controller
 import (
 	"context"
 	"encoding/json"
-	"errors"
 	"testing"
 	"time"

-	"github.com/sirupsen/logrus"
 	"k8s.io/apimachinery/pkg/api/resource"

 	clustercache "github.com/argoproj/gitops-engine/pkg/cache"
@@ -52,7 +50,6 @@ type namespacedResource struct {
 type fakeData struct {
 	apps                   []runtime.Object
 	manifestResponse       *apiclient.ManifestResponse
-	manifestResponses      []*apiclient.ManifestResponse
 	managedLiveObjs        map[kube.ResourceKey]*unstructured.Unstructured
 	namespacedResources    map[kube.ResourceKey]namespacedResource
 	configMapData          map[string]string
@@ -68,15 +65,7 @@ func newFakeController(data *fakeData) *ApplicationController {

 	// Mock out call to GenerateManifest
 	mockRepoClient := mockrepoclient.RepoServerServiceClient{}
-
-	if len(data.manifestResponses) > 0 {
-		for _, response := range data.manifestResponses {
-			mockRepoClient.On("GenerateManifest", mock.Anything, mock.Anything).Return(response, nil).Once()
-		}
-	} else {
-		mockRepoClient.On("GenerateManifest", mock.Anything, mock.Anything).Return(data.manifestResponse, nil)
-	}
-
+	mockRepoClient.On("GenerateManifest", mock.Anything, mock.Anything).Return(data.manifestResponse, nil)
 	mockRepoClientset := mockrepoclient.Clientset{RepoServerServiceClient: &mockRepoClient}

 	secret := corev1.Secret{
@@ -234,14 +223,9 @@ spec:
  project: default
  sources:
  - path: some/path
-    helm:
-      valueFiles:
-      - $values_test/values.yaml
    repoURL: https://github.com/argoproj/argocd-example-apps.git
  - path: some/other/path
    repoURL: https://github.com/argoproj/argocd-example-apps-fake.git
-  - ref: values_test
-    repoURL: https://github.com/argoproj/argocd-example-apps-fake-ref.git
  syncPolicy:
    automated: {}
 status:
@@ -253,7 +237,6 @@ status:
        revisions:
        - HEAD
        - HEAD
-        - HEAD
    phase: Succeeded
    startedAt: 2018-09-21T23:50:25Z
    syncResult:
@@ -268,14 +251,11 @@ status:
      revisions: 
      - aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
      - bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb
-      - cccccccccccccccccccccccccccccccccccccccc
      sources:
      - path: some/path
        repoURL: https://github.com/argoproj/argocd-example-apps.git
      - path: some/other/path
        repoURL: https://github.com/argoproj/argocd-example-apps-fake.git
-      - path: some/other/path
-        repoURL: https://github.com/argoproj/argocd-example-apps-fake-ref.git
 `

 var fakeAppWithDestName = `
@@ -929,41 +909,6 @@ func TestSetOperationStateOnDeletedApp(t *testing.T) {
 	assert.True(t, patched)
 }

-type logHook struct {
-	entries []logrus.Entry
-}
-
-func (h *logHook) Levels() []logrus.Level {
-	return []logrus.Level{logrus.WarnLevel}
-}
-
-func (h *logHook) Fire(entry *logrus.Entry) error {
-	h.entries = append(h.entries, *entry)
-	return nil
-}
-
-func TestSetOperationStateLogRetries(t *testing.T) {
-	hook := logHook{}
-	logrus.AddHook(&hook)
-	t.Cleanup(func() {
-		logrus.StandardLogger().ReplaceHooks(logrus.LevelHooks{})
-	})
-	ctrl := newFakeController(&fakeData{apps: []runtime.Object{}})
-	fakeAppCs := ctrl.applicationClientset.(*appclientset.Clientset)
-	fakeAppCs.ReactionChain = nil
-	patched := false
-	fakeAppCs.AddReactor("patch", "*", func(action kubetesting.Action) (handled bool, ret runtime.Object, err error) {
-		if !patched {
-			patched = true
-			return true, nil, errors.New("fake error")
-		}
-		return true, nil, nil
-	})
-	ctrl.setOperationState(newFakeApp(), &v1alpha1.OperationState{Phase: synccommon.OperationSucceeded})
-	assert.True(t, patched)
-	assert.Contains(t, hook.entries[0].Message, "fake error")
-}
-
 func TestNeedRefreshAppStatus(t *testing.T) {
 	testCases := []struct {
 		name string
@@ -1541,52 +1486,3 @@ func Test_canProcessApp(t *testing.T) {
 		assert.False(t, canProcess)
 	})
 }
-
-func Test_canProcessAppSkipReconcileAnnotation(t *testing.T) {
-	appSkipReconcileInvalid := newFakeApp()
-	appSkipReconcileInvalid.Annotations = map[string]string{common.AnnotationKeyAppSkipReconcile: "invalid-value"}
-	appSkipReconcileFalse := newFakeApp()
-	appSkipReconcileFalse.Annotations = map[string]string{common.AnnotationKeyAppSkipReconcile: "false"}
-	appSkipReconcileTrue := newFakeApp()
-	appSkipReconcileTrue.Annotations = map[string]string{common.AnnotationKeyAppSkipReconcile: "true"}
-	ctrl := newFakeController(&fakeData{})
-	tests := []struct {
-		name     string
-		input    interface{}
-		expected bool
-	}{
-		{"No skip reconcile annotation", newFakeApp(), true},
-		{"Contains skip reconcile annotation ", appSkipReconcileInvalid, true},
-		{"Contains skip reconcile annotation value false", appSkipReconcileFalse, true},
-		{"Contains skip reconcile annotation value true", appSkipReconcileTrue, false},
-	}
-
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			assert.Equal(t, tt.expected, ctrl.canProcessApp(tt.input))
-		})
-	}
-}
-
-func Test_syncDeleteOption(t *testing.T) {
-	app := newFakeApp()
-	ctrl := newFakeController(&fakeData{apps: []runtime.Object{app}})
-	cm := newFakeCM()
-	t.Run("without delete option object is deleted", func(t *testing.T) {
-		cmObj := kube.MustToUnstructured(&cm)
-		delete := ctrl.shouldBeDeleted(app, cmObj)
-		assert.True(t, delete)
-	})
-	t.Run("with delete set to false object is retained", func(t *testing.T) {
-		cmObj := kube.MustToUnstructured(&cm)
-		cmObj.SetAnnotations(map[string]string{"argocd.argoproj.io/sync-options": "Delete=false"})
-		delete := ctrl.shouldBeDeleted(app, cmObj)
-		assert.False(t, delete)
-	})
-	t.Run("with delete set to false object is retained", func(t *testing.T) {
-		cmObj := kube.MustToUnstructured(&cm)
-		cmObj.SetAnnotations(map[string]string{"helm.sh/resource-policy": "keep"})
-		delete := ctrl.shouldBeDeleted(app, cmObj)
-		assert.False(t, delete)
-	})
-}
--- a/controller/cache/cache.go
+++ b/controller/cache/cache.go
@@ -221,10 +221,10 @@ func asResourceNode(r *clustercache.Resource) appv1.ResourceNode {
 		gv = schema.GroupVersion{}
 	}
 	parentRefs := make([]appv1.ResourceRef, len(r.OwnerRefs))
-	for i, ownerRef := range r.OwnerRefs {
+	for _, ownerRef := range r.OwnerRefs {
 		ownerGvk := schema.FromAPIVersionAndKind(ownerRef.APIVersion, ownerRef.Kind)
 		ownerKey := kube.NewResourceKey(ownerGvk.Group, ownerRef.Kind, r.Ref.Namespace, ownerRef.Name)
-		parentRefs[i] = appv1.ResourceRef{Name: ownerRef.Name, Kind: ownerKey.Kind, Namespace: r.Ref.Namespace, Group: ownerKey.Group, UID: string(ownerRef.UID)}
+		parentRefs[0] = appv1.ResourceRef{Name: ownerRef.Name, Kind: ownerKey.Kind, Namespace: r.Ref.Namespace, Group: ownerKey.Group, UID: string(ownerRef.UID)}
 	}
 	var resHealth *appv1.HealthStatus
 	resourceInfo := resInfo(r)
@@ -702,14 +702,12 @@ func (c *liveStateCache) handleModEvent(oldCluster *appv1.Cluster, newCluster *a
 }

 func (c *liveStateCache) handleDeleteEvent(clusterServer string) {
-	c.lock.RLock()
+	c.lock.Lock()
+	defer c.lock.Unlock()
 	cluster, ok := c.clusters[clusterServer]
-	c.lock.RUnlock()
 	if ok {
 		cluster.Invalidate()
-		c.lock.Lock()
 		delete(c.clusters, clusterServer)
-		c.lock.Unlock()
 	}
 }

--- a/controller/cache/cache_test.go
+++ b/controller/cache/cache_test.go
@@ -1,27 +1,21 @@
 package cache

 import (
-	"context"
 	"errors"
 	"net"
 	"net/url"
-	"sync"
 	"testing"
-	"time"
+
+	apierr "k8s.io/apimachinery/pkg/api/errors"
+	"k8s.io/apimachinery/pkg/runtime/schema"

 	"github.com/stretchr/testify/assert"
-	v1 "k8s.io/api/core/v1"
-	apierr "k8s.io/apimachinery/pkg/api/errors"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/apimachinery/pkg/runtime/schema"

 	"github.com/argoproj/gitops-engine/pkg/cache"
 	"github.com/argoproj/gitops-engine/pkg/cache/mocks"
 	"github.com/stretchr/testify/mock"
-	"k8s.io/client-go/kubernetes/fake"

 	appv1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
-	argosettings "github.com/argoproj/argo-cd/v2/util/settings"
 )

 type netError string
@@ -112,98 +106,6 @@ func TestHandleAddEvent_ClusterExcluded(t *testing.T) {
 	assert.Len(t, clustersCache.clusters, 0)
 }

-func TestHandleDeleteEvent_CacheDeadlock(t *testing.T) {
-	testCluster := &appv1.Cluster{
-		Server: "https://mycluster",
-		Config: appv1.ClusterConfig{Username: "bar"},
-	}
-	fakeClient := fake.NewSimpleClientset()
-	settingsMgr := argosettings.NewSettingsManager(context.TODO(), fakeClient, "argocd")
-	externalLockRef := sync.RWMutex{}
-	gitopsEngineClusterCache := &mocks.ClusterCache{}
-	clustersCache := liveStateCache{
-		clusters: map[string]cache.ClusterCache{
-			testCluster.Server: gitopsEngineClusterCache,
-		},
-		clusterFilter: func(cluster *appv1.Cluster) bool {
-			return true
-		},
-		settingsMgr: settingsMgr,
-		// Set the lock here so we can reference it later
-		// nolint We need to overwrite here to have access to the lock
-		lock: externalLockRef,
-	}
-	channel := make(chan string)
-	// Mocked lock held by the gitops-engine cluster cache
-	mockMutex := sync.RWMutex{}
-	// Locks to force trigger condition during test
-	// Condition order:
-	//   EnsuredSynced -> Locks gitops-engine
-	//   handleDeleteEvent -> Locks liveStateCache
-	//   EnsureSynced via sync, newResource, populateResourceInfoHandler -> attempts to Lock liveStateCache
-	//   handleDeleteEvent via cluster.Invalidate -> attempts to Lock gitops-engine
-	handleDeleteWasCalled := sync.Mutex{}
-	engineHoldsLock := sync.Mutex{}
-	handleDeleteWasCalled.Lock()
-	engineHoldsLock.Lock()
-	gitopsEngineClusterCache.On("EnsureSynced").Run(func(args mock.Arguments) {
-		// Held by EnsureSync calling into sync and watchEvents
-		mockMutex.Lock()
-		defer mockMutex.Unlock()
-		// Continue Execution of timer func
-		engineHoldsLock.Unlock()
-		// Wait for handleDeleteEvent to be called triggering the lock
-		// on the liveStateCache
-		handleDeleteWasCalled.Lock()
-		t.Logf("handleDelete was called, EnsureSynced continuing...")
-		handleDeleteWasCalled.Unlock()
-		// Try and obtain the lock on the liveStateCache
-		alreadyFailed := !externalLockRef.TryLock()
-		if alreadyFailed {
-			channel <- "DEADLOCKED -- EnsureSynced could not obtain lock on liveStateCache"
-			return
-		}
-		externalLockRef.Lock()
-		t.Logf("EnsureSynce was able to lock liveStateCache")
-		externalLockRef.Unlock()
-	}).Return(nil).Once()
-	gitopsEngineClusterCache.On("Invalidate").Run(func(args mock.Arguments) {
-		// If deadlock is fixed should be able to acquire lock here
-		alreadyFailed := !mockMutex.TryLock()
-		if alreadyFailed {
-			channel <- "DEADLOCKED -- Invalidate could not obtain lock on gitops-engine"
-			return
-		}
-		mockMutex.Lock()
-		t.Logf("Invalidate was able to lock gitops-engine cache")
-		mockMutex.Unlock()
-	}).Return()
-	go func() {
-		// Start the gitops-engine lock holds
-		go func() {
-			err := gitopsEngineClusterCache.EnsureSynced()
-			if err != nil {
-				assert.Fail(t, err.Error())
-			}
-		}()
-		// Wait for EnsureSynced to grab the lock for gitops-engine
-		engineHoldsLock.Lock()
-		t.Log("EnsureSynced has obtained lock on gitops-engine")
-		engineHoldsLock.Unlock()
-		// Run in background
-		go clustersCache.handleDeleteEvent(testCluster.Server)
-		// Allow execution to continue on clusters cache call to trigger lock
-		handleDeleteWasCalled.Unlock()
-		channel <- "PASSED"
-	}()
-	select {
-	case str := <-channel:
-		assert.Equal(t, "PASSED", str, str)
-	case <-time.After(5 * time.Second):
-		assert.Fail(t, "Ended up in deadlock")
-	}
-}
-
 func TestIsRetryableError(t *testing.T) {
 	var (
 		tlsHandshakeTimeoutErr net.Error = netError("net/http: TLS handshake timeout")
@@ -251,51 +153,3 @@ func TestIsRetryableError(t *testing.T) {
 		assert.True(t, isRetryableError(connectionReset))
 	})
 }
-
-func Test_asResourceNode_owner_refs(t *testing.T) {
-	resNode := asResourceNode(&cache.Resource{
-		ResourceVersion: "",
-		Ref: v1.ObjectReference{
-			APIVersion: "v1",
-		},
-		OwnerRefs: []metav1.OwnerReference{
-			{
-				APIVersion: "v1",
-				Kind:       "ConfigMap",
-				Name:       "cm-1",
-			},
-			{
-				APIVersion: "v1",
-				Kind:       "ConfigMap",
-				Name:       "cm-2",
-			},
-		},
-		CreationTimestamp: nil,
-		Info:              nil,
-		Resource:          nil,
-	})
-	expected := appv1.ResourceNode{
-		ResourceRef: appv1.ResourceRef{
-			Version: "v1",
-		},
-		ParentRefs: []appv1.ResourceRef{
-			{
-				Group: "",
-				Kind:  "ConfigMap",
-				Name:  "cm-1",
-			},
-			{
-				Group: "",
-				Kind:  "ConfigMap",
-				Name:  "cm-2",
-			},
-		},
-		Info:            nil,
-		NetworkingInfo:  nil,
-		ResourceVersion: "",
-		Images:          nil,
-		Health:          nil,
-		CreatedAt:       nil,
-	}
-	assert.Equal(t, expected, resNode)
-}
--- a/controller/clusterinfoupdater.go
+++ b/controller/clusterinfoupdater.go
@@ -2,13 +2,13 @@ package controller

 import (
 	"context"
+	"time"
 	"fmt"
 	"github.com/argoproj/gitops-engine/pkg/cache"
 	"github.com/argoproj/gitops-engine/pkg/utils/kube"
 	log "github.com/sirupsen/logrus"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/labels"
-	"time"

 	"github.com/argoproj/argo-cd/v2/controller/metrics"
 	appv1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
--- a/controller/health.go
+++ b/controller/health.go
@@ -1,13 +1,10 @@
 package controller

 import (
-	"fmt"
-
 	"github.com/argoproj/gitops-engine/pkg/health"
 	hookutil "github.com/argoproj/gitops-engine/pkg/sync/hook"
 	"github.com/argoproj/gitops-engine/pkg/sync/ignore"
 	kubeutil "github.com/argoproj/gitops-engine/pkg/utils/kube"
-	log "github.com/sirupsen/logrus"
 	"k8s.io/apimachinery/pkg/runtime/schema"

 	"github.com/argoproj/argo-cd/v2/pkg/apis/application"
@@ -18,7 +15,6 @@ import (
 // setApplicationHealth updates the health statuses of all resources performed in the comparison
 func setApplicationHealth(resources []managedResource, statuses []appv1.ResourceStatus, resourceOverrides map[string]appv1.ResourceOverride, app *appv1.Application, persistResourceHealth bool) (*appv1.HealthStatus, error) {
 	var savedErr error
-	var errCount uint
 	appHealth := appv1.HealthStatus{Status: health.HealthStatusHealthy}
 	for i, res := range resources {
 		if res.Target != nil && hookutil.Skip(res.Target) {
@@ -42,10 +38,7 @@ func setApplicationHealth(resources []managedResource, statuses []appv1.Resource
 			}
 			healthStatus, err = health.GetResourceHealth(res.Live, healthOverrides)
 			if err != nil && savedErr == nil {
-				errCount++
-				savedErr = fmt.Errorf("failed to get resource health for %q with name %q in namespace %q: %w", res.Live.GetKind(), res.Live.GetName(), res.Live.GetNamespace(), err)
-				// also log so we don't lose the message
-				log.WithField("application", app.QualifiedName()).Warn(savedErr)
+				savedErr = err
 			}
 		}

@@ -79,8 +72,5 @@ func setApplicationHealth(resources []managedResource, statuses []appv1.Resource
 	} else {
 		app.Status.ResourceHealthSource = appv1.ResourceHealthLocationAppTree
 	}
-	if savedErr != nil && errCount > 1 {
-		savedErr = fmt.Errorf("see applicaton-controller logs for %d other errors; most recent error was: %w", errCount-1, savedErr)
-	}
 	return &appHealth, savedErr
 }
--- a/controller/health_test.go
+++ b/controller/health_test.go
@@ -124,7 +124,7 @@ func newAppLiveObj(status health.HealthStatusCode) *unstructured.Unstructured {
 		},
 		TypeMeta: metav1.TypeMeta{
 			APIVersion: "argoproj.io/v1alpha1",
-			Kind:       application.ApplicationKind,
+			Kind:       "Application",
 		},
 		Status: appv1.ApplicationStatus{
 			Health: appv1.HealthStatus{
--- a/controller/metrics/metrics_test.go
+++ b/controller/metrics/metrics_test.go
@@ -207,7 +207,7 @@ func runTest(t *testing.T, cfg TestMetricServerConfig) {
 		metricsServ.registry.MustRegister(collector)
 	}

-	req, err := http.NewRequest(http.MethodGet, "/metrics", nil)
+	req, err := http.NewRequest("GET", "/metrics", nil)
 	assert.NoError(t, err)
 	rr := httptest.NewRecorder()
 	metricsServ.Handler.ServeHTTP(rr, req)
@@ -337,7 +337,7 @@ argocd_app_sync_total{dest_server="https://localhost:6443",name="my-app",namespa
 	metricsServ.IncSync(fakeApp, &argoappv1.OperationState{Phase: common.OperationSucceeded})
 	metricsServ.IncSync(fakeApp, &argoappv1.OperationState{Phase: common.OperationSucceeded})

-	req, err := http.NewRequest(http.MethodGet, "/metrics", nil)
+	req, err := http.NewRequest("GET", "/metrics", nil)
 	assert.NoError(t, err)
 	rr := httptest.NewRecorder()
 	metricsServ.Handler.ServeHTTP(rr, req)
@@ -391,7 +391,7 @@ argocd_app_reconcile_count{dest_server="https://localhost:6443",namespace="argoc
 	fakeApp := newFakeApp(fakeApp)
 	metricsServ.IncReconcile(fakeApp, 5*time.Second)

-	req, err := http.NewRequest(http.MethodGet, "/metrics", nil)
+	req, err := http.NewRequest("GET", "/metrics", nil)
 	assert.NoError(t, err)
 	rr := httptest.NewRecorder()
 	metricsServ.Handler.ServeHTTP(rr, req)
@@ -415,7 +415,7 @@ argocd_app_sync_total{dest_server="https://localhost:6443",name="my-app",namespa
 argocd_app_sync_total{dest_server="https://localhost:6443",name="my-app",namespace="argocd",phase="Succeeded",project="important-project"} 2
 `

-	req, err := http.NewRequest(http.MethodGet, "/metrics", nil)
+	req, err := http.NewRequest("GET", "/metrics", nil)
 	assert.NoError(t, err)
 	rr := httptest.NewRecorder()
 	metricsServ.Handler.ServeHTTP(rr, req)
@@ -426,7 +426,7 @@ argocd_app_sync_total{dest_server="https://localhost:6443",name="my-app",namespa
 	err = metricsServ.SetExpiration(time.Second)
 	assert.NoError(t, err)
 	time.Sleep(2 * time.Second)
-	req, err = http.NewRequest(http.MethodGet, "/metrics", nil)
+	req, err = http.NewRequest("GET", "/metrics", nil)
 	assert.NoError(t, err)
 	rr = httptest.NewRecorder()
 	metricsServ.Handler.ServeHTTP(rr, req)
--- a/controller/state.go
+++ b/controller/state.go
@@ -107,7 +107,7 @@ type appStateManager struct {
 	persistResourceHealth bool
 }

-func (m *appStateManager) getRepoObjs(app *v1alpha1.Application, sources []v1alpha1.ApplicationSource, appLabelKey string, revisions []string, noCache, noRevisionCache, verifySignature bool, proj *v1alpha1.AppProject) ([]*unstructured.Unstructured, []*apiclient.ManifestResponse, error) {
+func (m *appStateManager) getRepoObjs(app *v1alpha1.Application, sources []v1alpha1.ApplicationSource, appLabelKey string, revisions []string, noCache, noRevisionCache, verifySignature bool, proj *v1alpha1.AppProject) ([]*unstructured.Unstructured, map[*v1alpha1.ApplicationSource]*apiclient.ManifestResponse, error) {

 	ts := stats.NewTimingStats()
 	helmRepos, err := m.db.ListHelmRepositories(context.Background())
@@ -164,7 +164,7 @@ func (m *appStateManager) getRepoObjs(app *v1alpha1.Application, sources []v1alp
 	}
 	defer io.Close(conn)

-	manifestInfos := make([]*apiclient.ManifestResponse, 0)
+	manifestInfoMap := make(map[*v1alpha1.ApplicationSource]*apiclient.ManifestResponse)
 	targetObjs := make([]*unstructured.Unstructured, 0)

 	// Store the map of all sources having ref field into a map for applications with sources field
@@ -215,14 +215,20 @@ func (m *appStateManager) getRepoObjs(app *v1alpha1.Application, sources []v1alp
 			return nil, nil, err
 		}

+		// GenerateManifest can return empty ManifestResponse without error if app has multiple sources
+		// and if any of the source does not have path and chart field not specified.
+		// In that scenario, we continue to the next source
+		if app.Spec.HasMultipleSources() && len(manifestInfo.Manifests) == 0 {
+			continue
+		}
+
 		targetObj, err := unmarshalManifests(manifestInfo.Manifests)

 		if err != nil {
 			return nil, nil, err
 		}
 		targetObjs = append(targetObjs, targetObj...)
-
-		manifestInfos = append(manifestInfos, manifestInfo)
+		manifestInfoMap[&source] = manifestInfo
 	}

 	ts.AddCheckpoint("unmarshal_ms")
@@ -232,7 +238,7 @@ func (m *appStateManager) getRepoObjs(app *v1alpha1.Application, sources []v1alp
 	}
 	logCtx = logCtx.WithField("time_ms", time.Since(ts.StartTime).Milliseconds())
 	logCtx.Info("getRepoObjs stats")
-	return targetObjs, manifestInfos, nil
+	return targetObjs, manifestInfoMap, nil
 }

 func unmarshalManifests(manifests []string) ([]*unstructured.Unstructured, error) {
@@ -393,7 +399,7 @@ func (m *appStateManager) CompareAppState(app *v1alpha1.Application, project *ap
 	var targetObjs []*unstructured.Unstructured
 	now := metav1.Now()

-	var manifestInfos []*apiclient.ManifestResponse
+	var manifestInfoMap map[*v1alpha1.ApplicationSource]*apiclient.ManifestResponse

 	if len(localManifests) == 0 {
 		// If the length of revisions is not same as the length of sources,
@@ -405,7 +411,7 @@ func (m *appStateManager) CompareAppState(app *v1alpha1.Application, project *ap
 			}
 		}

-		targetObjs, manifestInfos, err = m.getRepoObjs(app, sources, appLabelKey, revisions, noCache, noRevisionCache, verifySignature, project)
+		targetObjs, manifestInfoMap, err = m.getRepoObjs(app, sources, appLabelKey, revisions, noCache, noRevisionCache, verifySignature, project)
 		if err != nil {
 			targetObjs = make([]*unstructured.Unstructured, 0)
 			conditions = append(conditions, v1alpha1.ApplicationCondition{Type: v1alpha1.ApplicationConditionComparisonError, Message: err.Error(), LastTransitionTime: &now})
@@ -428,7 +434,9 @@ func (m *appStateManager) CompareAppState(app *v1alpha1.Application, project *ap
 			}
 		}
 		// empty out manifestInfoMap
-		manifestInfos = make([]*apiclient.ManifestResponse, 0)
+		for as := range manifestInfoMap {
+			delete(manifestInfoMap, as)
+		}
 	}
 	ts.AddCheckpoint("git_ms")

@@ -508,12 +516,12 @@ func (m *appStateManager) CompareAppState(app *v1alpha1.Application, project *ap
 	}
 	manifestRevisions := make([]string, 0)

-	for _, manifestInfo := range manifestInfos {
+	for _, manifestInfo := range manifestInfoMap {
 		manifestRevisions = append(manifestRevisions, manifestInfo.Revision)
 	}

 	// restore comparison using cached diff result if previous comparison was performed for the same revision
-	revisionChanged := len(manifestInfos) != len(sources) || !reflect.DeepEqual(app.Status.Sync.Revisions, manifestRevisions)
+	revisionChanged := len(manifestInfoMap) != len(sources) || !reflect.DeepEqual(app.Status.Sync.Revisions, manifestRevisions)
 	specChanged := !reflect.DeepEqual(app.Status.Sync.ComparedTo, appv1.ComparedTo{Source: app.Spec.GetSource(), Destination: app.Spec.Destination, Sources: sources})

 	_, refreshRequested := app.IsRefreshRequested()
@@ -674,13 +682,13 @@ func (m *appStateManager) CompareAppState(app *v1alpha1.Application, project *ap

 	healthStatus, err := setApplicationHealth(managedResources, resourceSummaries, resourceOverrides, app, m.persistResourceHealth)
 	if err != nil {
-		conditions = append(conditions, appv1.ApplicationCondition{Type: v1alpha1.ApplicationConditionComparisonError, Message: fmt.Sprintf("error setting app health: %s", err.Error()), LastTransitionTime: &now})
+		conditions = append(conditions, appv1.ApplicationCondition{Type: v1alpha1.ApplicationConditionComparisonError, Message: err.Error(), LastTransitionTime: &now})
 	}

 	// Git has already performed the signature verification via its GPG interface, and the result is available
 	// in the manifest info received from the repository server. We now need to form our opinion about the result
 	// and stop processing if we do not agree about the outcome.
-	for _, manifestInfo := range manifestInfos {
+	for _, manifestInfo := range manifestInfoMap {
 		if gpg.IsGPGEnabled() && verifySignature && manifestInfo != nil {
 			conditions = append(conditions, verifyGnuPGSignature(manifestInfo.Revision, project, manifestInfo)...)
 		}
@@ -697,11 +705,11 @@ func (m *appStateManager) CompareAppState(app *v1alpha1.Application, project *ap
 	}

 	if hasMultipleSources {
-		for _, manifestInfo := range manifestInfos {
+		for _, manifestInfo := range manifestInfoMap {
 			compRes.appSourceTypes = append(compRes.appSourceTypes, appv1.ApplicationSourceType(manifestInfo.SourceType))
 		}
 	} else {
-		for _, manifestInfo := range manifestInfos {
+		for _, manifestInfo := range manifestInfoMap {
 			compRes.appSourceType = v1alpha1.ApplicationSourceType(manifestInfo.SourceType)
 			break
 		}
--- a/controller/state_test.go
+++ b/controller/state_test.go
@@ -233,74 +233,6 @@ func TestCompareAppStateExtraHook(t *testing.T) {
 	assert.Equal(t, 0, len(app.Status.Conditions))
 }

-// TestAppRevisions tests that revisions are properly propagated for a single source app
-func TestAppRevisionsSingleSource(t *testing.T) {
-	obj1 := NewPod()
-	obj1.SetNamespace(test.FakeDestNamespace)
-	data := fakeData{
-		manifestResponse: &apiclient.ManifestResponse{
-			Manifests: []string{toJSON(t, obj1)},
-			Namespace: test.FakeDestNamespace,
-			Server:    test.FakeClusterURL,
-			Revision:  "abc123",
-		},
-		managedLiveObjs: make(map[kube.ResourceKey]*unstructured.Unstructured),
-	}
-	ctrl := newFakeController(&data)
-
-	app := newFakeApp()
-	revisions := make([]string, 0)
-	revisions = append(revisions, "")
-	compRes := ctrl.appStateManager.CompareAppState(app, &defaultProj, revisions, app.Spec.GetSources(), false, false, nil, app.Spec.HasMultipleSources())
-	assert.NotNil(t, compRes)
-	assert.NotNil(t, compRes.syncStatus)
-	assert.NotEmpty(t, compRes.syncStatus.Revision)
-	assert.Len(t, compRes.syncStatus.Revisions, 0)
-
-}
-
-// TestAppRevisions tests that revisions are properly propagated for a multi source app
-func TestAppRevisionsMultiSource(t *testing.T) {
-	obj1 := NewPod()
-	obj1.SetNamespace(test.FakeDestNamespace)
-	data := fakeData{
-		manifestResponses: []*apiclient.ManifestResponse{
-			{
-				Manifests: []string{toJSON(t, obj1)},
-				Namespace: test.FakeDestNamespace,
-				Server:    test.FakeClusterURL,
-				Revision:  "abc123",
-			},
-			{
-				Manifests: []string{toJSON(t, obj1)},
-				Namespace: test.FakeDestNamespace,
-				Server:    test.FakeClusterURL,
-				Revision:  "def456",
-			},
-			{
-				Manifests: []string{},
-				Namespace: test.FakeDestNamespace,
-				Server:    test.FakeClusterURL,
-				Revision:  "ghi789",
-			},
-		},
-		managedLiveObjs: make(map[kube.ResourceKey]*unstructured.Unstructured),
-	}
-	ctrl := newFakeController(&data)
-
-	app := newFakeMultiSourceApp()
-	revisions := make([]string, 0)
-	revisions = append(revisions, "")
-	compRes := ctrl.appStateManager.CompareAppState(app, &defaultProj, revisions, app.Spec.GetSources(), false, false, nil, app.Spec.HasMultipleSources())
-	assert.NotNil(t, compRes)
-	assert.NotNil(t, compRes.syncStatus)
-	assert.Empty(t, compRes.syncStatus.Revision)
-	assert.Len(t, compRes.syncStatus.Revisions, 3)
-	assert.Equal(t, "abc123", compRes.syncStatus.Revisions[0])
-	assert.Equal(t, "def456", compRes.syncStatus.Revisions[1])
-	assert.Equal(t, "ghi789", compRes.syncStatus.Revisions[2])
-}
-
 func toJSON(t *testing.T, obj *unstructured.Unstructured) string {
 	data, err := json.Marshal(obj)
 	assert.NoError(t, err)
--- a/controller/sync.go
+++ b/controller/sync.go
@@ -2,6 +2,7 @@ package controller

 import (
 	"context"
+	"encoding/json"
 	"fmt"
 	"os"
 	"strconv"
@@ -9,7 +10,6 @@ import (
 	"time"

 	cdcommon "github.com/argoproj/argo-cd/v2/common"
-	"k8s.io/apimachinery/pkg/util/strategicpatch"

 	"github.com/argoproj/gitops-engine/pkg/sync"
 	"github.com/argoproj/gitops-engine/pkg/sync/common"
@@ -20,7 +20,6 @@ import (
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"k8s.io/apimachinery/pkg/util/managedfields"
-	"k8s.io/client-go/kubernetes/scheme"
 	"k8s.io/kubectl/pkg/util/openapi"

 	"github.com/argoproj/argo-cd/v2/controller/metrics"
@@ -323,25 +322,7 @@ func (m *appStateManager) SyncAppState(app *v1alpha1.Application, state *v1alpha
 	var resState []common.ResourceSyncResult
 	state.Phase, state.Message, resState = syncCtx.GetState()
 	state.SyncResult.Resources = nil
-
-	var apiVersion []kube.APIResourceInfo
 	for _, res := range resState {
-		augmentedMsg, err := argo.AugmentSyncMsg(res, func() ([]kube.APIResourceInfo, error) {
-			if apiVersion == nil {
-				_, apiVersion, err = m.liveStateCache.GetVersionsInfo(app.Spec.Destination.Server)
-				if err != nil {
-					return nil, fmt.Errorf("failed to get version info from the target cluster %q", app.Spec.Destination.Server)
-				}
-			}
-			return apiVersion, nil
-		})
-
-		if err != nil {
-			log.Errorf("using the original message since: %v", err)
-		} else {
-			res.Message = augmentedMsg
-		}
-
 		state.SyncResult.Resources = append(state.SyncResult.Resources, &v1alpha1.ResourceResult{
 			HookType:  res.HookType,
 			Group:     res.ResourceKey.Group,
@@ -367,10 +348,11 @@ func (m *appStateManager) SyncAppState(app *v1alpha1.Application, state *v1alpha
 	}
 }

-// normalizeTargetResources modifies target resources to ensure ignored fields are not touched during synchronization:
-//   - applies normalization to the target resources based on the live resources
-//   - copies ignored fields from the matching live resources: apply normalizer to the live resource,
-//     calculates the patch performed by normalizer and applies the patch to the target resource
+// normalizeTargetResources will apply the diff normalization in all live and target resources.
+// Then it calculates the merge patch between the normalized live and the current live resources.
+// Finally it applies the merge patch in the normalized target resources. This is done to ensure
+// that target resources have the same ignored diff fields values from live ones to avoid them to
+// be applied in the cluster. Returns the list of normalized target resources.
 func normalizeTargetResources(cr *comparisonResult) ([]*unstructured.Unstructured, error) {
 	// normalize live and target resources
 	normalized, err := diff.Normalize(cr.reconciliationResult.Live, cr.reconciliationResult.Target, cr.diffConfig)
@@ -389,35 +371,94 @@ func normalizeTargetResources(cr *comparisonResult) ([]*unstructured.Unstructure
 			patchedTargets = append(patchedTargets, originalTarget)
 			continue
 		}
+		// calculate targetPatch between normalized and target resource
+		targetPatch, err := getMergePatch(normalizedTarget, originalTarget)
+		if err != nil {
+			return nil, err
+		}

-		var lookupPatchMeta *strategicpatch.PatchMetaFromStruct
-		versionedObject, err := scheme.Scheme.New(normalizedTarget.GroupVersionKind())
-		if err == nil {
-			meta, err := strategicpatch.NewPatchMetaFromStruct(versionedObject)
+		// check if there is a patch to apply. An empty patch is identified by a '{}' string.
+		if len(targetPatch) > 2 {
+			livePatch, err := getMergePatch(normalized.Lives[idx], live)
 			if err != nil {
 				return nil, err
 			}
-			lookupPatchMeta = &meta
+			// generate a minimal patch that uses the fields from targetPatch (template)
+			// with livePatch values
+			patch, err := compilePatch(targetPatch, livePatch)
+			if err != nil {
+				return nil, err
+			}
+			normalizedTarget, err = applyMergePatch(normalizedTarget, patch)
+			if err != nil {
+				return nil, err
+			}
+		} else {
+			// if there is no patch just use the original target
+			normalizedTarget = originalTarget
 		}
-
-		livePatch, err := getMergePatch(normalized.Lives[idx], live, lookupPatchMeta)
-		if err != nil {
-			return nil, err
-		}
-
-		normalizedTarget, err = applyMergePatch(normalizedTarget, livePatch, versionedObject)
-		if err != nil {
-			return nil, err
-		}
-
 		patchedTargets = append(patchedTargets, normalizedTarget)
 	}
 	return patchedTargets, nil
 }

+// compilePatch will generate a patch using the fields from templatePatch with
+// the values from valuePatch.
+func compilePatch(templatePatch, valuePatch []byte) ([]byte, error) {
+	templateMap := make(map[string]interface{})
+	err := json.Unmarshal(templatePatch, &templateMap)
+	if err != nil {
+		return nil, err
+	}
+	valueMap := make(map[string]interface{})
+	err = json.Unmarshal(valuePatch, &valueMap)
+	if err != nil {
+		return nil, err
+	}
+	resultMap := intersectMap(templateMap, valueMap)
+	return json.Marshal(resultMap)
+}
+
+// intersectMap will return map with the fields intersection from the 2 provided
+// maps populated with the valueMap values.
+func intersectMap(templateMap, valueMap map[string]interface{}) map[string]interface{} {
+	result := make(map[string]interface{})
+	for k, v := range templateMap {
+		if innerTMap, ok := v.(map[string]interface{}); ok {
+			if innerVMap, ok := valueMap[k].(map[string]interface{}); ok {
+				result[k] = intersectMap(innerTMap, innerVMap)
+			}
+		} else if innerTSlice, ok := v.([]interface{}); ok {
+			if innerVSlice, ok := valueMap[k].([]interface{}); ok {
+				items := []interface{}{}
+				for idx, innerTSliceValue := range innerTSlice {
+					if idx < len(innerVSlice) {
+						if tSliceValueMap, ok := innerTSliceValue.(map[string]interface{}); ok {
+							if vSliceValueMap, ok := innerVSlice[idx].(map[string]interface{}); ok {
+								item := intersectMap(tSliceValueMap, vSliceValueMap)
+								items = append(items, item)
+							}
+						} else {
+							items = append(items, innerVSlice[idx])
+						}
+					}
+				}
+				if len(items) > 0 {
+					result[k] = items
+				}
+			}
+		} else {
+			if _, ok := valueMap[k]; ok {
+				result[k] = valueMap[k]
+			}
+		}
+	}
+	return result
+}
+
 // getMergePatch calculates and returns the patch between the original and the
 // modified unstructures.
-func getMergePatch(original, modified *unstructured.Unstructured, lookupPatchMeta *strategicpatch.PatchMetaFromStruct) ([]byte, error) {
+func getMergePatch(original, modified *unstructured.Unstructured) ([]byte, error) {
 	originalJSON, err := original.MarshalJSON()
 	if err != nil {
 		return nil, err
@@ -426,30 +467,20 @@ func getMergePatch(original, modified *unstructured.Unstructured, lookupPatchMet
 	if err != nil {
 		return nil, err
 	}
-	if lookupPatchMeta != nil {
-		return strategicpatch.CreateThreeWayMergePatch(modifiedJSON, modifiedJSON, originalJSON, lookupPatchMeta, true)
-	}
-
 	return jsonpatch.CreateMergePatch(originalJSON, modifiedJSON)
 }

 // applyMergePatch will apply the given patch in the obj and return the patched
 // unstructure.
-func applyMergePatch(obj *unstructured.Unstructured, patch []byte, versionedObject interface{}) (*unstructured.Unstructured, error) {
+func applyMergePatch(obj *unstructured.Unstructured, patch []byte) (*unstructured.Unstructured, error) {
 	originalJSON, err := obj.MarshalJSON()
 	if err != nil {
 		return nil, err
 	}
-	var patchedJSON []byte
-	if versionedObject == nil {
-		patchedJSON, err = jsonpatch.MergePatch(originalJSON, patch)
-	} else {
-		patchedJSON, err = strategicpatch.StrategicMergePatch(originalJSON, patch, versionedObject)
-	}
+	patchedJSON, err := jsonpatch.MergePatch(originalJSON, patch)
 	if err != nil {
 		return nil, err
 	}
-
 	patchedObj := &unstructured.Unstructured{}
 	_, _, err = unstructured.UnstructuredJSONScheme.Decode(patchedJSON, nil, patchedObj)
 	if err != nil {
--- a/controller/sync_test.go
+++ b/controller/sync_test.go
@@ -348,207 +348,3 @@ func TestNormalizeTargetResources(t *testing.T) {
 		assert.Equal(t, 2, len(containers))
 	})
 }
-
-func TestNormalizeTargetResourcesWithList(t *testing.T) {
-	type fixture struct {
-		comparisonResult *comparisonResult
-	}
-	setupHttpProxy := func(t *testing.T, ignores []v1alpha1.ResourceIgnoreDifferences) *fixture {
-		t.Helper()
-		dc, err := diff.NewDiffConfigBuilder().
-			WithDiffSettings(ignores, nil, true).
-			WithNoCache().
-			Build()
-		require.NoError(t, err)
-		live := test.YamlToUnstructured(testdata.LiveHTTPProxy)
-		target := test.YamlToUnstructured(testdata.TargetHTTPProxy)
-		return &fixture{
-			&comparisonResult{
-				reconciliationResult: sync.ReconciliationResult{
-					Live:   []*unstructured.Unstructured{live},
-					Target: []*unstructured.Unstructured{target},
-				},
-				diffConfig: dc,
-			},
-		}
-	}
-
-	t.Run("will properly ignore nested fields within arrays", func(t *testing.T) {
-		// given
-		ignores := []v1alpha1.ResourceIgnoreDifferences{
-			{
-				Group:             "projectcontour.io",
-				Kind:              "HTTPProxy",
-				JQPathExpressions: []string{".spec.routes[]"},
-				//JSONPointers: []string{"/spec/routes"},
-			},
-		}
-		f := setupHttpProxy(t, ignores)
-		target := test.YamlToUnstructured(testdata.TargetHTTPProxy)
-		f.comparisonResult.reconciliationResult.Target = []*unstructured.Unstructured{target}
-
-		// when
-		patchedTargets, err := normalizeTargetResources(f.comparisonResult)
-
-		// then
-		require.NoError(t, err)
-		require.Equal(t, 1, len(f.comparisonResult.reconciliationResult.Live))
-		require.Equal(t, 1, len(f.comparisonResult.reconciliationResult.Target))
-		require.Equal(t, 1, len(patchedTargets))
-
-		// live should have 1 entry
-		require.Len(t, dig(f.comparisonResult.reconciliationResult.Live[0].Object, []interface{}{"spec", "routes", 0, "rateLimitPolicy", "global", "descriptors"}), 1)
-		// assert some arbitrary field to show `entries[0]` is not an empty object
-		require.Equal(t, "sample-header", dig(f.comparisonResult.reconciliationResult.Live[0].Object, []interface{}{"spec", "routes", 0, "rateLimitPolicy", "global", "descriptors", 0, "entries", 0, "requestHeader", "headerName"}))
-
-		// target has 2 entries
-		require.Len(t, dig(f.comparisonResult.reconciliationResult.Target[0].Object, []interface{}{"spec", "routes", 0, "rateLimitPolicy", "global", "descriptors", 0, "entries"}), 2)
-		// assert some arbitrary field to show `entries[0]` is not an empty object
-		require.Equal(t, "sample-header", dig(f.comparisonResult.reconciliationResult.Target[0].Object, []interface{}{"spec", "routes", 0, "rateLimitPolicy", "global", "descriptors", 0, "entries", 0, "requestHeaderValueMatch", "headers", 0, "name"}))
-
-		// It should be *1* entries in the array
-		require.Len(t, dig(patchedTargets[0].Object, []interface{}{"spec", "routes", 0, "rateLimitPolicy", "global", "descriptors"}), 1)
-		// and it should NOT equal an empty object
-		require.Len(t, dig(patchedTargets[0].Object, []interface{}{"spec", "routes", 0, "rateLimitPolicy", "global", "descriptors", 0, "entries", 0}), 1)
-
-	})
-	t.Run("will correctly set array entries if new entries have been added", func(t *testing.T) {
-		// given
-		ignores := []v1alpha1.ResourceIgnoreDifferences{
-			{
-				Group:             "apps",
-				Kind:              "Deployment",
-				JQPathExpressions: []string{".spec.template.spec.containers[].env[] | select(.name == \"SOME_ENV_VAR\")"},
-			},
-		}
-		f := setupHttpProxy(t, ignores)
-		live := test.YamlToUnstructured(testdata.LiveDeploymentEnvVarsYaml)
-		target := test.YamlToUnstructured(testdata.TargetDeploymentEnvVarsYaml)
-		f.comparisonResult.reconciliationResult.Live = []*unstructured.Unstructured{live}
-		f.comparisonResult.reconciliationResult.Target = []*unstructured.Unstructured{target}
-
-		// when
-		targets, err := normalizeTargetResources(f.comparisonResult)
-
-		// then
-		require.NoError(t, err)
-		require.Equal(t, 1, len(targets))
-		containers, ok, err := unstructured.NestedSlice(targets[0].Object, "spec", "template", "spec", "containers")
-		require.NoError(t, err)
-		require.True(t, ok)
-		assert.Equal(t, 1, len(containers))
-
-		ports := containers[0].(map[string]interface{})["ports"].([]interface{})
-		assert.Equal(t, 1, len(ports))
-
-		env := containers[0].(map[string]interface{})["env"].([]interface{})
-		assert.Equal(t, 3, len(env))
-
-		first := env[0]
-		second := env[1]
-		third := env[2]
-
-		// Currently the defined order at this time is the insertion order of the target manifest.
-		assert.Equal(t, "SOME_ENV_VAR", first.(map[string]interface{})["name"])
-		assert.Equal(t, "some_value", first.(map[string]interface{})["value"])
-
-		assert.Equal(t, "SOME_OTHER_ENV_VAR", second.(map[string]interface{})["name"])
-		assert.Equal(t, "some_other_value", second.(map[string]interface{})["value"])
-
-		assert.Equal(t, "YET_ANOTHER_ENV_VAR", third.(map[string]interface{})["name"])
-		assert.Equal(t, "yet_another_value", third.(map[string]interface{})["value"])
-	})
-
-	t.Run("ignore-deployment-image-replicas-changes-additive", func(t *testing.T) {
-		// given
-
-		ignores := []v1alpha1.ResourceIgnoreDifferences{
-			{
-				Group:        "apps",
-				Kind:         "Deployment",
-				JSONPointers: []string{"/spec/replicas"},
-			}, {
-				Group:             "apps",
-				Kind:              "Deployment",
-				JQPathExpressions: []string{".spec.template.spec.containers[].image"},
-			},
-		}
-		f := setupHttpProxy(t, ignores)
-		live := test.YamlToUnstructured(testdata.MinimalImageReplicaDeploymentYaml)
-		target := test.YamlToUnstructured(testdata.AdditionalImageReplicaDeploymentYaml)
-		f.comparisonResult.reconciliationResult.Live = []*unstructured.Unstructured{live}
-		f.comparisonResult.reconciliationResult.Target = []*unstructured.Unstructured{target}
-
-		// when
-		targets, err := normalizeTargetResources(f.comparisonResult)
-
-		// then
-		require.NoError(t, err)
-		require.Equal(t, 1, len(targets))
-		metadata, ok, err := unstructured.NestedMap(targets[0].Object, "metadata")
-		require.NoError(t, err)
-		require.True(t, ok)
-		labels, ok := metadata["labels"].(map[string]interface{})
-		require.True(t, ok)
-		assert.Equal(t, 2, len(labels))
-		assert.Equal(t, "web", labels["appProcess"])
-
-		spec, ok, err := unstructured.NestedMap(targets[0].Object, "spec")
-		require.NoError(t, err)
-		require.True(t, ok)
-
-		assert.Equal(t, int64(1), spec["replicas"])
-
-		template, ok := spec["template"].(map[string]interface{})
-		require.True(t, ok)
-
-		tMetadata, ok := template["metadata"].(map[string]interface{})
-		require.True(t, ok)
-		tLabels, ok := tMetadata["labels"].(map[string]interface{})
-		require.True(t, ok)
-		assert.Equal(t, 2, len(tLabels))
-		assert.Equal(t, "web", tLabels["appProcess"])
-
-		tSpec, ok := template["spec"].(map[string]interface{})
-		require.True(t, ok)
-		containers, ok, err := unstructured.NestedSlice(tSpec, "containers")
-		require.NoError(t, err)
-		require.True(t, ok)
-		assert.Equal(t, 1, len(containers))
-
-		first := containers[0].(map[string]interface{})
-		assert.Equal(t, "alpine:3", first["image"])
-
-		resources, ok := first["resources"].(map[string]interface{})
-		require.True(t, ok)
-		requests, ok := resources["requests"].(map[string]interface{})
-		require.True(t, ok)
-		assert.Equal(t, "400m", requests["cpu"])
-
-		env, ok, err := unstructured.NestedSlice(first, "env")
-		require.NoError(t, err)
-		require.True(t, ok)
-		assert.Equal(t, 1, len(env))
-
-		env0 := env[0].(map[string]interface{})
-		assert.Equal(t, "EV", env0["name"])
-		assert.Equal(t, "here", env0["value"])
-	})
-}
-
-func dig(obj interface{}, path []interface{}) interface{} {
-	i := obj
-
-	for _, segment := range path {
-		switch segment.(type) {
-		case int:
-			i = i.([]interface{})[segment.(int)]
-		case string:
-			i = i.(map[string]interface{})[segment.(string)]
-		default:
-			panic("invalid path for object")
-		}
-	}
-
-	return i
-}
--- a/controller/testdata/additional-image-replicas-deployment.yaml
+++ b/controller/testdata/additional-image-replicas-deployment.yaml
@@ -1,28 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: client
-    appProcess: web
-  name: client
-spec:
-  replicas: 2
-  selector:
-    matchLabels:
-      app: client
-  strategy: {}
-  template:
-    metadata:
-      labels:
-        app: client
-        appProcess: web
-    spec:
-      containers:
-        - image: alpine:2
-          name: alpine
-          resources:
-            requests:
-              cpu: 400m
-          env:
-            - name: EV
-              value: here
--- a/controller/testdata/data.go
+++ b/controller/testdata/data.go
@@ -11,22 +11,4 @@ var (

 	//go:embed target-deployment-new-entries.yaml
 	TargetDeploymentNewEntries string
-
-	//go:embed live-httpproxy.yaml
-	LiveHTTPProxy string
-
-	//go:embed target-httpproxy.yaml
-	TargetHTTPProxy string
-
-	//go:embed live-deployment-env-vars.yaml
-	LiveDeploymentEnvVarsYaml string
-
-	//go:embed target-deployment-env-vars.yaml
-	TargetDeploymentEnvVarsYaml string
-
-	//go:embed minimal-image-replicas-deployment.yaml
-	MinimalImageReplicaDeploymentYaml string
-
-	//go:embed additional-image-replicas-deployment.yaml
-	AdditionalImageReplicaDeploymentYaml string
 )
--- a/controller/testdata/live-deployment-env-vars.yaml
+++ b/controller/testdata/live-deployment-env-vars.yaml
@@ -1,177 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  annotations:
-    argocd.argoproj.io/tracking-id: 'guestbook:apps/Deployment:default/kustomize-guestbook-ui'
-    deployment.kubernetes.io/revision: '9'
-    iksm-version: '2.0'
-    kubectl.kubernetes.io/last-applied-configuration: >
-      {"apiVersion":"apps/v1","kind":"Deployment","metadata":{"annotations":{"argocd.argoproj.io/tracking-id":"guestbook:apps/Deployment:default/kustomize-guestbook-ui","iksm-version":"2.0"},"name":"kustomize-guestbook-ui","namespace":"default"},"spec":{"replicas":4,"revisionHistoryLimit":3,"selector":{"matchLabels":{"app":"guestbook-ui"}},"template":{"metadata":{"labels":{"app":"guestbook-ui"}},"spec":{"containers":[{"env":[{"name":"SOME_ENV_VAR","value":"some_value"}],"image":"gcr.io/heptio-images/ks-guestbook-demo:0.1","name":"guestbook-ui","ports":[{"containerPort":80}],"resources":{"requests":{"cpu":"50m","memory":"100Mi"}}}]}}}}
-  creationTimestamp: '2022-01-05T15:45:21Z'
-  generation: 119
-  managedFields:
-    - apiVersion: apps/v1
-      fieldsType: FieldsV1
-      fieldsV1:
-        'f:metadata':
-          'f:annotations':
-            'f:iksm-version': {}
-      manager: janitor
-      operation: Apply
-      time: '2022-01-06T18:21:04Z'
-    - apiVersion: apps/v1
-      fieldsType: FieldsV1
-      fieldsV1:
-        'f:metadata':
-          'f:annotations':
-            .: {}
-            'f:argocd.argoproj.io/tracking-id': {}
-            'f:kubectl.kubernetes.io/last-applied-configuration': {}
-        'f:spec':
-          'f:progressDeadlineSeconds': {}
-          'f:replicas': {}
-          'f:revisionHistoryLimit': {}
-          'f:selector': {}
-          'f:strategy':
-            'f:rollingUpdate':
-              .: {}
-              'f:maxSurge': {}
-              'f:maxUnavailable': {}
-            'f:type': {}
-          'f:template':
-            'f:metadata':
-              'f:labels':
-                .: {}
-                'f:app': {}
-            'f:spec':
-              'f:containers':
-                'k:{"name":"guestbook-ui"}':
-                  .: {}
-                  'f:env':
-                    .: {}
-                    'k:{"name":"SOME_ENV_VAR"}':
-                      .: {}
-                      'f:name': {}
-                      'f:value': {}
-                  'f:image': {}
-                  'f:imagePullPolicy': {}
-                  'f:name': {}
-                  'f:ports':
-                    .: {}
-                    'k:{"containerPort":80,"protocol":"TCP"}':
-                      .: {}
-                      'f:containerPort': {}
-                      'f:protocol': {}
-                  'f:resources':
-                    .: {}
-                    'f:requests':
-                      .: {}
-                      'f:cpu': {}
-                      'f:memory': {}
-                  'f:terminationMessagePath': {}
-                  'f:terminationMessagePolicy': {}
-              'f:dnsPolicy': {}
-              'f:restartPolicy': {}
-              'f:schedulerName': {}
-              'f:securityContext': {}
-              'f:terminationGracePeriodSeconds': {}
-      manager: argocd
-      operation: Update
-      time: '2022-01-06T15:04:15Z'
-    - apiVersion: apps/v1
-      fieldsType: FieldsV1
-      fieldsV1:
-        'f:metadata':
-          'f:annotations':
-            'f:deployment.kubernetes.io/revision': {}
-        'f:status':
-          'f:availableReplicas': {}
-          'f:conditions':
-            .: {}
-            'k:{"type":"Available"}':
-              .: {}
-              'f:lastTransitionTime': {}
-              'f:lastUpdateTime': {}
-              'f:message': {}
-              'f:reason': {}
-              'f:status': {}
-              'f:type': {}
-            'k:{"type":"Progressing"}':
-              .: {}
-              'f:lastTransitionTime': {}
-              'f:lastUpdateTime': {}
-              'f:message': {}
-              'f:reason': {}
-              'f:status': {}
-              'f:type': {}
-          'f:observedGeneration': {}
-          'f:readyReplicas': {}
-          'f:replicas': {}
-          'f:updatedReplicas': {}
-      manager: kube-controller-manager
-      operation: Update
-      time: '2022-01-06T18:15:14Z'
-  name: kustomize-guestbook-ui
-  namespace: default
-  resourceVersion: '8289211'
-  uid: ef253575-ce44-4c5e-84ad-16e81d0df6eb
-spec:
-  progressDeadlineSeconds: 600
-  replicas: 4
-  revisionHistoryLimit: 3
-  selector:
-    matchLabels:
-      app: guestbook-ui
-  strategy:
-    rollingUpdate:
-      maxSurge: 25%
-      maxUnavailable: 25%
-    type: RollingUpdate
-  template:
-    metadata:
-      creationTimestamp: null
-      labels:
-        app: guestbook-ui
-    spec:
-      containers:
-        - env:
-            - name: SOME_ENV_VAR
-              value: some_value
-          image: 'gcr.io/heptio-images/ks-guestbook-demo:0.1'
-          imagePullPolicy: IfNotPresent
-          name: guestbook-ui
-          ports:
-            - containerPort: 80
-              protocol: TCP
-          resources:
-            requests:
-              cpu: 50m
-              memory: 100Mi
-          terminationMessagePath: /dev/termination-log
-          terminationMessagePolicy: File
-      dnsPolicy: ClusterFirst
-      restartPolicy: Always
-      schedulerName: default-scheduler
-      securityContext: {}
-      terminationGracePeriodSeconds: 30
-status:
-  availableReplicas: 4
-  conditions:
-    - lastTransitionTime: '2022-01-05T22:20:37Z'
-      lastUpdateTime: '2022-01-05T22:43:47Z'
-      message: >-
-        ReplicaSet "kustomize-guestbook-ui-6549d54677" has successfully
-        progressed.
-      reason: NewReplicaSetAvailable
-      status: 'True'
-      type: Progressing
-    - lastTransitionTime: '2022-01-06T18:15:14Z'
-      lastUpdateTime: '2022-01-06T18:15:14Z'
-      message: Deployment has minimum availability.
-      reason: MinimumReplicasAvailable
-      status: 'True'
-      type: Available
-  observedGeneration: 119
-  readyReplicas: 4
-  replicas: 4
-  updatedReplicas: 4
--- a/controller/testdata/live-httpproxy.yaml
+++ b/controller/testdata/live-httpproxy.yaml
@@ -1,14 +0,0 @@
-apiVersion: projectcontour.io/v1
-kind: HTTPProxy
-metadata:
-  name: my-http-proxy
-  namespace: default
-spec:
-  routes:
-    - rateLimitPolicy:
-        global:
-          descriptors:
-            - entries:
-                - requestHeader:
-                    descriptorKey: sample-key
-                    headerName: sample-header
--- a/controller/testdata/minimal-image-replicas-deployment.yaml
+++ b/controller/testdata/minimal-image-replicas-deployment.yaml
@@ -1,21 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: client
-  name: client
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: client
-  strategy: {}
-  template:
-    metadata:
-      labels:
-        app: client
-    spec:
-      containers:
-        - image: alpine:3
-          name: alpine
-          resources: {}
--- a/controller/testdata/target-deployment-env-vars.yaml
+++ b/controller/testdata/target-deployment-env-vars.yaml
@@ -1,35 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  annotations:
-    argocd.argoproj.io/tracking-id: 'guestbook:apps/Deployment:default/kustomize-guestbook-ui'
-    iksm-version: '1.0'
-  name: kustomize-guestbook-ui
-  namespace: default
-spec:
-  replicas: 1
-  revisionHistoryLimit: 3
-  selector:
-    matchLabels:
-      app: guestbook-ui
-  template:
-    metadata:
-      labels:
-        app: guestbook-ui
-    spec:
-      containers:
-        - env:
-            - name: SOME_OTHER_ENV_VAR
-              value: some_other_value
-            - name: YET_ANOTHER_ENV_VAR
-              value: yet_another_value
-            - name: SOME_ENV_VAR
-              value: different_value!
-          image: 'gcr.io/heptio-images/ks-guestbook-demo:0.1'
-          name: guestbook-ui
-          ports:
-            - containerPort: 80
-          resources:
-            requests:
-              cpu: 50m
-              memory: 100Mi
--- a/controller/testdata/target-httpproxy.yaml
+++ b/controller/testdata/target-httpproxy.yaml
@@ -1,23 +0,0 @@
-apiVersion: projectcontour.io/v1
-kind: HTTPProxy
-metadata:
-  name: my-http-proxy
-  namespace: default
-spec:
-  routes:
-    - rateLimitPolicy:
-        global:
-          descriptors:
-            - entries:
-                - requestHeaderValueMatch:
-                    headers:
-                      - contains: sample-key
-                        name: sample-header
-                    value: third
-                - requestHeader:
-                    descriptorKey: sample-key
-                    headerName: sample-header
-            - entries:
-                - requestHeader:
-                    descriptorKey: sample-key
-                    headerName: sample-header
--- a/docs/2.7-2.8.md
+++ b/docs/2.7-2.8.md
@@ -1,5 +0,0 @@
-# 2.7 to 2.8
-
-## Tini as entrypoint
-
-With the 2.8 release `entrypoint.sh` will be removed from the containers, because starting with 2.7, the implicit entrypoint is set to `tini` in the `Dockerfile` explicitly, and the kubernetes manifests has been updated to use it. Simply updating the containers without updating the deployment manifests will result in pod startup failures, as the old manifests are relying on `entrypoint.sh` instead of `tini`. Please make sure the manifests are updated properly before moving to 2.8.
--- a/docs/assets/argocd-arch-authn-authz.jpg
+++ b/docs/assets/argocd-arch-authn-authz.jpg
--- a/Show More
+++ b/Show More
@@ -1 +1 @@
 .7.18
 .6.9