Bump version to 3.0.6 on release-3.0 branch (#23336 )

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: crenshaw-dev <350466+crenshaw-dev@users.noreply.github.com>
fix(metrics): populate dest_server label (#23246 ) (#23269 ) (#23308 )
2026-02-20 09:38:49 +01:00 · 2025-06-09 17:25:10 -04:00 · 2025-06-06 16:53:06 -04:00 · 2025-06-06 15:38:45 -04:00 · 2025-06-06 15:14:19 +02:00 · 2025-06-06 12:49:12 +02:00
1773 changed files with 204634 additions and 81277 deletions
--- a/.gitattributes
+++ b/.gitattributes
@@ -5,9 +5,14 @@ docs/operator-manual/resource_actions_builtin.md linguist-generated=true
 docs/operator-manual/server-commands/argocd-*.md linguist-generated=true
 docs/user-guide/commands/argocd_*.md linguist-generated=true
 manifests/core-install.yaml linguist-generated=true
+manifests/core-install-with-hydrator.yaml linguist-generated=true
 manifests/crds/*-crd.yaml linguist-generated=true
 manifests/ha/install.yaml linguist-generated=true
+manifests/ha/install-with-hydrator.yaml linguist-generated=true
 manifests/ha/namespace-install.yaml linguist-generated=true
+manifests/ha/namespace-install-with-hydrator.yaml linguist-generated=true
 manifests/install.yaml linguist-generated=true
+manifests/install-with-hydrator.yaml linguist-generated=true
 manifests/namespace-install.yaml linguist-generated=true
+manifests/namespace-install-with-hydrator.yaml linguist-generated=true
 pkg/apis/api-rules/violation_exceptions.list linguist-generated=true
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -31,6 +31,11 @@ updates:
    directory: "/"
    schedule:
      interval: "daily"
+    ignore:
+      # We use consistent go and node versions across a lot of different files, and updating via dependabot would cause
+      # drift among those files, instead we let renovate bot handle them.
+      - dependency-name: "library/golang"
+      - dependency-name: "library/node"

  - package-ecosystem: "docker"
    directory: "/test/container/"
--- a/.github/workflows/bump-major-version.yaml
+++ b/.github/workflows/bump-major-version.yaml
@@ -0,0 +1,89 @@
+name: Bump major version
+on:
+  workflow_dispatch: {}
+
+permissions: {}
+
+jobs:
+  prepare-release:
+    permissions:
+      contents: write  # for peter-evans/create-pull-request to create branch
+      pull-requests: write  # for peter-evans/create-pull-request to create a PR
+    name: Automatically update major version
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@8410ad0602e1e429cee44a835ae9f77f654a6694  # v4.0.0
+        with:
+          fetch-depth: 0
+          token: ${{ secrets.GITHUB_TOKEN }}
+
+      # Get the current major version from go.mod and save it as a variable.
+      - name: Get target version
+        id: get-target-version
+        run: |
+          set -ue
+          CURRENT_VERSION=$(grep 'module github.com/argoproj/argo-cd' go.mod | awk '{print $2}' | sed 's/.*\/v//')
+          echo "TARGET_VERSION=$((CURRENT_VERSION + 1))" >> $GITHUB_OUTPUT
+
+      - name: Copy source code to GOPATH
+        run: |
+          mkdir -p ~/go/src/github.com/argoproj
+          cp -a ../argo-cd ~/go/src/github.com/argoproj
+
+      - name: Run script to bump the version
+        run: |
+          hack/bump-major-version.sh
+        working-directory: /home/runner/go/src/github.com/argoproj/argo-cd
+
+      - name: Setup Golang
+        uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
+        with:
+          go-version: ${{ env.GOLANG_VERSION }}
+      - name: Add ~/go/bin to PATH
+        run: |
+          echo "/home/runner/go/bin" >> $GITHUB_PATH
+      - name: Add /usr/local/bin to PATH
+        run: |
+          echo "/usr/local/bin" >> $GITHUB_PATH
+      - name: Download & vendor dependencies
+        run: |
+          # We need to vendor go modules for codegen yet
+          go mod download
+          go mod vendor -v
+        working-directory: /home/runner/go/src/github.com/argoproj/argo-cd
+      - name: Install toolchain for codegen
+        run: |
+          make install-codegen-tools-local
+          make install-go-tools-local
+        working-directory: /home/runner/go/src/github.com/argoproj/argo-cd
+        # We install kustomize in the dist directory
+      - name: Add dist to PATH
+        run: |
+          echo "/home/runner/work/argo-cd/argo-cd/dist" >> $GITHUB_PATH
+      - name: Run codegen
+        run: |
+          set -x
+          export GOPATH=$(go env GOPATH)
+          make codegen-local
+        working-directory: /home/runner/go/src/github.com/argoproj/argo-cd
+
+      - name: Copy changes back
+        run: |
+          # Copy the contents back, but skip the .git directory
+          rsync -a --exclude=.git /home/runner/go/src/github.com/argoproj/argo-cd/ ../argo-cd
+
+      - name: Create pull request
+        uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f  # v7.0.5
+        with:
+          commit-message: "Bump major version to ${{ steps.get-target-version.outputs.TARGET_VERSION }}"
+          title: "Bump major version to ${{ steps.get-target-version.outputs.TARGET_VERSION }}"
+          body: |
+            Congrats! You've just bumped the major version to ${{ steps.get-target-version.outputs.TARGET_VERSION }}.
+            
+            Next steps:
+            - [ ] Merge this PR
+            - [ ] Add an upgrade guide to the docs for this version
+          branch: bump-major-version
+          branch-suffix: random
+          signoff: true
--- a/.github/workflows/ci-build.yaml
+++ b/.github/workflows/ci-build.yaml
@@ -13,7 +13,8 @@ on:

 env:
  # Golang version to use across CI steps
-  GOLANG_VERSION: '1.22'
+  # renovate: datasource=golang-version packageName=golang
+  GOLANG_VERSION: '1.24.4'

 concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
@@ -31,14 +32,14 @@ jobs:
      docs: ${{ steps.filter.outputs.docs_any_changed }}
    steps:
      - uses: actions/checkout@8410ad0602e1e429cee44a835ae9f77f654a6694 # v4.0.0
-      - uses: tj-actions/changed-files@c65cd883420fd2eb864698a825fc4162dd94482c # v44.5.7
+      - uses: tj-actions/changed-files@bab30c2299617f6615ec02a68b9a40d10bd21366 # v45.0.5
        id: filter
        with:
          # Any file which is not under docs/, ui/ or is not a markdown file is counted as a backend file
          files_yaml: |
            backend:
              - '!ui/**'
-              - '!**.md'            
+              - '!**.md'
              - '!**/*.md'
              - '!docs/**'
            frontend:
@@ -56,7 +57,7 @@ jobs:
      - name: Checkout code
        uses: actions/checkout@8410ad0602e1e429cee44a835ae9f77f654a6694 # v4.0.0
      - name: Setup Golang
-        uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
+        uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
        with:
          go-version: ${{ env.GOLANG_VERSION }}
      - name: Download all Go modules
@@ -77,11 +78,11 @@ jobs:
      - name: Checkout code
        uses: actions/checkout@8410ad0602e1e429cee44a835ae9f77f654a6694 # v4.0.0
      - name: Setup Golang
-        uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
+        uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
        with:
          go-version: ${{ env.GOLANG_VERSION }}
      - name: Restore go build cache
-        uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
+        uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
        with:
          path: ~/.cache/go-build
          key: ${{ runner.os }}-go-build-v1-${{ github.run_id }}
@@ -93,8 +94,8 @@ jobs:

  lint-go:
    permissions:
-      contents: read  # for actions/checkout to fetch code
-      pull-requests: read  # for golangci/golangci-lint-action to fetch pull requests
+      contents: read # for actions/checkout to fetch code
+      pull-requests: read # for golangci/golangci-lint-action to fetch pull requests
    name: Lint Go code
    if: ${{ needs.changes.outputs.backend == 'true' }}
    runs-on: ubuntu-22.04
@@ -104,13 +105,14 @@ jobs:
      - name: Checkout code
        uses: actions/checkout@8410ad0602e1e429cee44a835ae9f77f654a6694 # v4.0.0
      - name: Setup Golang
-        uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
+        uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
        with:
          go-version: ${{ env.GOLANG_VERSION }}
      - name: Run golangci-lint
-        uses: golangci/golangci-lint-action@aaa42aa0628b4ae2578232a66b541047968fac86 # v6.1.0
+        uses: golangci/golangci-lint-action@971e284b6050e8a5849b72094c50ab08da042db8 # v6.1.1
        with:
-          version: v1.58.2
+          # renovate: datasource=go packageName=github.com/golangci/golangci-lint versioning=regex:^v(?<major>\d+)\.(?<minor>\d+)\.(?<patch>\d+)?$
+          version: v1.64.7
          args: --verbose

  test-go:
@@ -131,7 +133,7 @@ jobs:
      - name: Create symlink in GOPATH
        run: ln -s $(pwd) ~/go/src/github.com/argoproj/argo-cd
      - name: Setup Golang
-        uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
+        uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
        with:
          go-version: ${{ env.GOLANG_VERSION }}
      - name: Install required packages
@@ -151,7 +153,7 @@ jobs:
        run: |
          echo "/usr/local/bin" >> $GITHUB_PATH
      - name: Restore go build cache
-        uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
+        uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
        with:
          path: ~/.cache/go-build
          key: ${{ runner.os }}-go-build-v1-${{ github.run_id }}
@@ -172,7 +174,7 @@ jobs:
      - name: Run all unit tests
        run: make test-local
      - name: Generate test results artifacts
-        uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
        with:
          name: test-results
          path: test-results
@@ -195,7 +197,7 @@ jobs:
      - name: Create symlink in GOPATH
        run: ln -s $(pwd) ~/go/src/github.com/argoproj/argo-cd
      - name: Setup Golang
-        uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
+        uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
        with:
          go-version: ${{ env.GOLANG_VERSION }}
      - name: Install required packages
@@ -215,7 +217,7 @@ jobs:
        run: |
          echo "/usr/local/bin" >> $GITHUB_PATH
      - name: Restore go build cache
-        uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
+        uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
        with:
          path: ~/.cache/go-build
          key: ${{ runner.os }}-go-build-v1-${{ github.run_id }}
@@ -236,7 +238,7 @@ jobs:
      - name: Run all unit tests
        run: make test-race-local
      - name: Generate test results artifacts
-        uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
        with:
          name: race-results
          path: test-results/
@@ -251,7 +253,7 @@ jobs:
      - name: Checkout code
        uses: actions/checkout@8410ad0602e1e429cee44a835ae9f77f654a6694 # v4.0.0
      - name: Setup Golang
-        uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
+        uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
        with:
          go-version: ${{ env.GOLANG_VERSION }}
      - name: Create symlink in GOPATH
@@ -303,12 +305,13 @@ jobs:
      - name: Checkout code
        uses: actions/checkout@8410ad0602e1e429cee44a835ae9f77f654a6694 # v4.0.0
      - name: Setup NodeJS
-        uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
        with:
-          node-version: '21.6.1'
+          # renovate: datasource=node-version packageName=node versioning=node
+          node-version: '22.9.0'
      - name: Restore node dependency cache
        id: cache-dependencies
-        uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
+        uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
        with:
          path: ui/node_modules
          key: ${{ runner.os }}-node-dep-v2-${{ hashFiles('**/yarn.lock') }}
@@ -323,6 +326,8 @@ jobs:
          NODE_ENV: production
          NODE_ONLINE_ENV: online
          HOST_ARCH: amd64
+          # If we're on the master branch, set the codecov token so that we upload bundle analysis
+          CODECOV_TOKEN: ${{ github.ref == 'refs/heads/master' && secrets.CODECOV_TOKEN || '' }}
        working-directory: ui/
      - name: Run ESLint
        run: yarn lint
@@ -346,7 +351,7 @@ jobs:
          fetch-depth: 0
      - name: Restore node dependency cache
        id: cache-dependencies
-        uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
+        uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
        with:
          path: ui/node_modules
          key: ${{ runner.os }}-node-dep-v2-${{ hashFiles('**/yarn.lock') }}
@@ -365,23 +370,30 @@ jobs:
          path: test-results
      - name: combine-go-coverage
        # We generate coverage reports for all Argo CD components, but only the applicationset-controller,
-        # app-controller, and repo-server report contain coverage data. The other components currently don't shut down
-        # gracefully, so no coverage data is produced. Once those components are fixed, we can add references to their
-        # coverage output directories.
+        # app-controller, repo-server, and commit-server report contain coverage data. The other components currently
+        # don't shut down gracefully, so no coverage data is produced. Once those components are fixed, we can add
+        # references to their coverage output directories.
        run: |
-          go tool covdata percent -i=test-results,e2e-code-coverage/applicationset-controller,e2e-code-coverage/repo-server,e2e-code-coverage/app-controller -o test-results/full-coverage.out
+          go tool covdata percent -i=test-results,e2e-code-coverage/applicationset-controller,e2e-code-coverage/repo-server,e2e-code-coverage/app-controller,e2e-code-coverage/commit-server -o test-results/full-coverage.out
      - name: Upload code coverage information to codecov.io
-        uses: codecov/codecov-action@e28ff129e5465c2c0dcc6f003fc735cb6ae0c673 # v4.5.0
+        uses: codecov/codecov-action@b9fd7d16f6d7d1b5d2bec1a2887e65ceed900238 # v4.6.0
        with:
          file: test-results/full-coverage.out
          fail_ci_if_error: true
        env:
          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
+      - name: Upload test results to Codecov
+        if: github.ref == 'refs/heads/master' && github.event_name == 'push' && github.repository == 'argoproj/argo-cd'
+        uses: codecov/test-results-action@9739113ad922ea0a9abb4b2c0f8bf6a4aa8ef820 # v1.0.1
+        with:
+          file: test-results/junit.xml
+          fail_ci_if_error: true
+          token: ${{ secrets.CODECOV_TOKEN }}
      - name: Perform static code analysis using SonarCloud
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
-        uses: SonarSource/sonarqube-scan-action@aecaf43ae57e412bd97d70ef9ce6076e672fe0a9 # v2.2
+        uses: SonarSource/sonarqube-scan-action@bfd4e558cda28cda6b5defafb9232d191be8c203 # v4.2.1
        if: env.sonar_secret != ''
  test-e2e:
    name: Run end-to-end tests
@@ -390,37 +402,45 @@ jobs:
    strategy:
      fail-fast: false
      matrix:
+        # latest: true means that this version mush upload the coverage report to codecov.io
+        # We designate the latest version because we only collect code coverage for that version.
        k3s:
-          - version: v1.30.2
-            # We designate the latest version because we only collect code coverage for that version.
+          - version: v1.32.1
            latest: true
-          - version: v1.29.6
+          - version: v1.31.0
            latest: false
-          - version: v1.28.11
+          - version: v1.30.4
            latest: false
-          - version: v1.27.15
+          - version: v1.29.8
            latest: false
    needs:
      - build-go
      - changes
    env:
      GOPATH: /home/runner/go
-      ARGOCD_FAKE_IN_CLUSTER: "true"
-      ARGOCD_SSH_DATA_PATH: "/tmp/argo-e2e/app/config/ssh"
-      ARGOCD_TLS_DATA_PATH: "/tmp/argo-e2e/app/config/tls"
-      ARGOCD_E2E_SSH_KNOWN_HOSTS: "../fixture/certs/ssh_known_hosts"
-      ARGOCD_E2E_K3S: "true"
-      ARGOCD_IN_CI: "true"
-      ARGOCD_E2E_APISERVER_PORT: "8088"
-      ARGOCD_APPLICATION_NAMESPACES: "argocd-e2e-external,argocd-e2e-external-2"
-      ARGOCD_SERVER: "127.0.0.1:8088"
+      ARGOCD_FAKE_IN_CLUSTER: 'true'
+      ARGOCD_SSH_DATA_PATH: '/tmp/argo-e2e/app/config/ssh'
+      ARGOCD_TLS_DATA_PATH: '/tmp/argo-e2e/app/config/tls'
+      ARGOCD_E2E_SSH_KNOWN_HOSTS: '../fixture/certs/ssh_known_hosts'
+      ARGOCD_E2E_K3S: 'true'
+      ARGOCD_IN_CI: 'true'
+      ARGOCD_E2E_APISERVER_PORT: '8088'
+      ARGOCD_APPLICATION_NAMESPACES: 'argocd-e2e-external,argocd-e2e-external-2'
+      ARGOCD_SERVER: '127.0.0.1:8088'
      GITHUB_TOKEN: ${{ secrets.E2E_TEST_GITHUB_TOKEN || secrets.GITHUB_TOKEN }}
      GITLAB_TOKEN: ${{ secrets.E2E_TEST_GITLAB_TOKEN }}
    steps:
+      - name: Free Disk Space (Ubuntu)
+        uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be
+        with:
+          large-packages: false
+          docker-images: false
+          swap-storage: false
+          tool-cache: false
      - name: Checkout code
        uses: actions/checkout@8410ad0602e1e429cee44a835ae9f77f654a6694 # v4.0.0
      - name: Setup Golang
-        uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
+        uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
        with:
          go-version: ${{ env.GOLANG_VERSION }}
      - name: GH actions workaround - Kill XSP4 process
@@ -439,7 +459,7 @@ jobs:
          sudo chmod go-r $HOME/.kube/config
          kubectl version
      - name: Restore go build cache
-        uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
+        uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
        with:
          path: ~/.cache/go-build
          key: ${{ runner.os }}-go-build-v1-${{ github.run_id }}
@@ -467,7 +487,7 @@ jobs:
        run: |
          docker pull ghcr.io/dexidp/dex:v2.41.1
          docker pull argoproj/argo-cd-ci-builder:v1.0.0
-          docker pull redis:7.0.15-alpine
+          docker pull redis:7.2.7-alpine
      - name: Create target directory for binaries in the build-process
        run: |
          mkdir -p dist
@@ -497,13 +517,13 @@ jobs:
          goreman run stop-all || echo "goreman trouble"
          sleep 30
      - name: Upload e2e coverage report
-        uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
        with:
          name: e2e-code-coverage
          path: /tmp/coverage
        if: ${{ matrix.k3s.latest }}
      - name: Upload e2e-server logs
-        uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
        with:
          name: e2e-server-k8s${{ matrix.k3s.version }}.log
          path: /tmp/e2e-server.log
@@ -530,4 +550,4 @@ jobs:
            exit 0
          else
            exit 1
-          fi
+          fi
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -23,7 +23,7 @@ jobs:
      actions: read  # for github/codeql-action/init to get workflow details
      contents: read  # for actions/checkout to fetch code
      security-events: write  # for github/codeql-action/autobuild to send a status report
-    if: github.repository == 'argoproj/argo-cd'
+    if: github.repository == 'argoproj/argo-cd' || vars.enable_codeql

    # CodeQL runs on ubuntu-latest and windows-latest
    runs-on: ubuntu-22.04
@@ -33,7 +33,7 @@ jobs:

    # Use correct go version. https://github.com/github/codeql-action/issues/1842#issuecomment-1704398087
    - name: Setup Golang
-      uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
+      uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
      with:
        go-version-file: go.mod
      
--- a/.github/workflows/image-reuse.yaml
+++ b/.github/workflows/image-reuse.yaml
@@ -17,11 +17,9 @@ on:
      platforms:
        required: true
        type: string
-        default: linux/amd64
      push:
        required: true
        type: boolean
-        default: false
      target:
        required: false
        type: string
@@ -69,15 +67,15 @@ jobs:
        if: ${{ github.ref_type != 'tag'}}

      - name: Setup Golang
-        uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
+        uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
        with:
          go-version: ${{ inputs.go-version }}

      - name: Install cosign
-        uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382 # v3.6.0
+        uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # v3.7.0

      - uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0
-      - uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1
+      - uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0

      - name: Setup tags for container image as a CSV type
        run: |
@@ -143,7 +141,7 @@ jobs:

      - name: Build and push container image
        id: image
-        uses: docker/build-push-action@16ebe778df0e7752d2cfcbd924afdbbd89c1a755 #v6.6.1
+        uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 #v6.10.0
        with:
          context: .
          platforms: ${{ inputs.platforms }}
--- a/.github/workflows/image.yaml
+++ b/.github/workflows/image.yaml
@@ -7,7 +7,7 @@ on:
  pull_request:
    branches:
      - master
-    types: [ labeled, unlabeled, opened, synchronize, reopened ]
+    types: [labeled, unlabeled, opened, synchronize, reopened]

 concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
@@ -46,13 +46,14 @@ jobs:
    needs: [set-vars]
    permissions:
      contents: read
-      packages: write  # for pushing packages to GHCR, which is used by cd.apps.argoproj.io to avoid polluting Quay with tags
+      packages: write # for pushing packages to GHCR, which is used by cd.apps.argoproj.io to avoid polluting Quay with tags
      id-token: write # for creating OIDC tokens for signing.
    if: ${{ github.repository == 'argoproj/argo-cd' && github.event_name != 'push' }}
    uses: ./.github/workflows/image-reuse.yaml
    with:
      # Note: cannot use env variables to set go-version (https://docs.github.com/en/actions/using-workflows/reusing-workflows#limitations)
-      go-version: 1.22
+      # renovate: datasource=golang-version packageName=golang
+      go-version: 1.24.4
      platforms: ${{ needs.set-vars.outputs.platforms }}
      push: false

@@ -60,7 +61,7 @@ jobs:
    needs: [set-vars]
    permissions:
      contents: read
-      packages: write  # for pushing packages to GHCR, which is used by cd.apps.argoproj.io to avoid polluting Quay with tags
+      packages: write # for pushing packages to GHCR, which is used by cd.apps.argoproj.io to avoid polluting Quay with tags
      id-token: write # for creating OIDC tokens for signing.
    if: ${{ github.repository == 'argoproj/argo-cd' && github.event_name == 'push' }}
    uses: ./.github/workflows/image-reuse.yaml
@@ -68,7 +69,8 @@ jobs:
      quay_image_name: quay.io/argoproj/argocd:latest
      ghcr_image_name: ghcr.io/argoproj/argo-cd/argocd:${{ needs.set-vars.outputs.image-tag }}
      # Note: cannot use env variables to set go-version (https://docs.github.com/en/actions/using-workflows/reusing-workflows#limitations)
-      go-version: 1.22
+      # renovate: datasource=golang-version packageName=golang
+      go-version: 1.24.4
      platforms: ${{ needs.set-vars.outputs.platforms }}
      push: true
    secrets:
@@ -99,8 +101,8 @@ jobs:
      - build-and-publish
      - set-vars
    permissions:
-      contents: write  # for git to push upgrade commit if not already deployed
-      packages: write  # for pushing packages to GHCR, which is used by cd.apps.argoproj.io to avoid polluting Quay with tags
+      contents: write # for git to push upgrade commit if not already deployed
+      packages: write # for pushing packages to GHCR, which is used by cd.apps.argoproj.io to avoid polluting Quay with tags
    if: ${{ github.repository == 'argoproj/argo-cd' && github.event_name == 'push' }}
    runs-on: ubuntu-22.04
    steps:
@@ -114,4 +116,3 @@ jobs:
          git config --global user.name 'CI'
          git diff --exit-code && echo 'Already deployed' || (git commit -am 'Upgrade argocd to ${{ needs.set-vars.outputs.image-tag }}' && git push)
        working-directory: argoproj-deployments/argocd
-
--- a/.github/workflows/init-release.yaml
+++ b/.github/workflows/init-release.yaml
@@ -64,7 +64,7 @@ jobs:
          git stash pop

      - name: Create pull request
-        uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c  # v6.1.0
+        uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f  # v7.0.5
        with:
          commit-message: "Bump version to ${{ inputs.TARGET_VERSION }}"
          title: "Bump version to ${{ inputs.TARGET_VERSION }} on ${{ inputs.TARGET_BRANCH }} branch"
--- a/.github/workflows/pr-title-check.yml
+++ b/.github/workflows/pr-title-check.yml
@@ -12,8 +12,8 @@ permissions: {}
 # workflow being trigger a number of times. This limits it
 # to one run per PR.
 concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-
+  group: ${{ github.workflow }}-${{ github.head_ref }}
+  cancel-in-progress: true

 jobs:
  validate:
@@ -23,7 +23,7 @@ jobs:
    name: Validate PR Title
    runs-on: ubuntu-latest
    steps:
-      - uses: thehanimo/pr-title-checker@1d8cd483a2b73118406a187f54dca8a9415f1375 # v1.4.2
+      - uses: thehanimo/pr-title-checker@7fbfe05602bdd86f926d3fb3bccb6f3aed43bc70 # v1.4.3
        with:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          configuration_path: ".github/pr-title-checker-config.json"
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -10,7 +10,8 @@ on:
 permissions: {}

 env:
-  GOLANG_VERSION: '1.22' # Note: go-version must also be set in job argocd-image.with.go-version
+  # renovate: datasource=golang-version packageName=golang
+  GOLANG_VERSION: '1.24.4' # Note: go-version must also be set in job argocd-image.with.go-version

 jobs:
  argocd-image:
@@ -23,7 +24,8 @@ jobs:
    with:
      quay_image_name: quay.io/argoproj/argocd:${{ github.ref_name }}
      # Note: cannot use env variables to set go-version (https://docs.github.com/en/actions/using-workflows/reusing-workflows#limitations)
-      go-version: 1.22
+      # renovate: datasource=golang-version packageName=golang
+      go-version: 1.24.4
      platforms: linux/amd64,linux/arm64,linux/s390x,linux/ppc64le
      push: true
    secrets:
@@ -31,20 +33,20 @@ jobs:
      quay_password: ${{ secrets.RELEASE_QUAY_TOKEN }}

  argocd-image-provenance:
-      needs: [argocd-image]
-      permissions:
-        actions: read # for detecting the Github Actions environment.
-        id-token: write # for creating OIDC tokens for signing.
-        packages: write # for uploading attestations. (https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/container/README.md#known-issues)
-      # Must be refernced by a tag. https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/container/README.md#referencing-the-slsa-generator
-      if: github.repository == 'argoproj/argo-cd'
-      uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v2.0.0
-      with:
-        image: quay.io/argoproj/argocd
-        digest: ${{ needs.argocd-image.outputs.image-digest }}
-      secrets:
-        registry-username: ${{ secrets.RELEASE_QUAY_USERNAME }}
-        registry-password: ${{ secrets.RELEASE_QUAY_TOKEN }}
+    needs: [argocd-image]
+    permissions:
+      actions: read # for detecting the Github Actions environment.
+      id-token: write # for creating OIDC tokens for signing.
+      packages: write # for uploading attestations. (https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/container/README.md#known-issues)
+    # Must be refernced by a tag. https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/container/README.md#referencing-the-slsa-generator
+    if: github.repository == 'argoproj/argo-cd'
+    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v2.0.0
+    with:
+      image: quay.io/argoproj/argocd
+      digest: ${{ needs.argocd-image.outputs.image-digest }}
+    secrets:
+      registry-username: ${{ secrets.RELEASE_QUAY_USERNAME }}
+      registry-password: ${{ secrets.RELEASE_QUAY_TOKEN }}

  goreleaser:
    needs:
@@ -67,20 +69,17 @@ jobs:
      - name: Fetch all tags
        run: git fetch --force --tags

-      - name: Set GORELEASER_PREVIOUS_TAG # Workaround, GoReleaser uses 'git-describe' to determine a previous tag. Our tags are created in realease branches.
-        run: |
-          set -xue
-          if echo ${{ github.ref_name }} | grep -E -- '-rc1+$';then
-            echo "GORELEASER_PREVIOUS_TAG=$(git -c 'versionsort.suffix=-rc' tag --list --sort=version:refname | tail -n 2 | head -n 1)" >> $GITHUB_ENV
-          else
-            echo "This is not the first release on the branch, Using GoReleaser defaults"
-          fi
-
      - name: Setup Golang
-        uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
+        uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
        with:
          go-version: ${{ env.GOLANG_VERSION }}

+      - name: Set GORELEASER_PREVIOUS_TAG # Workaround, GoReleaser uses 'git-describe' to determine a previous tag. Our tags are created in release branches.
+        run: |
+          set -xue
+          GORELEASER_PREVIOUS_TAG=$(go run hack/get-previous-release/get-previous-version-for-release-notes.go ${{ github.ref_name }}) || exit 1
+          echo "GORELEASER_PREVIOUS_TAG=$GORELEASER_PREVIOUS_TAG" >> $GITHUB_ENV
+
      - name: Set environment variables for ldflags
        id: set_ldflag
        run: |
@@ -96,20 +95,20 @@ jobs:
          tool-cache: false

      - name: Run GoReleaser
-        uses: goreleaser/goreleaser-action@286f3b13b1b49da4ac219696163fb8c1c93e1200 # v6.0.0
+        uses: goreleaser/goreleaser-action@9ed2f89a662bf1735a48bc8557fd212fa902bebf # v6.1.0
        id: run-goreleaser
        with:
          version: latest
          args: release --clean --timeout 55m
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          KUBECTL_VERSION: ${{ env.KUBECTL_VERSION }} 
+          KUBECTL_VERSION: ${{ env.KUBECTL_VERSION }}
          GIT_TREE_STATE: ${{ env.GIT_TREE_STATE }}

      - name: Generate subject for provenance
        id: hash
        env:
-          ARTIFACTS: "${{ steps.run-goreleaser.outputs.artifacts }}"
+          ARTIFACTS: '${{ steps.run-goreleaser.outputs.artifacts }}'
        run: |
          set -euo pipefail

@@ -130,8 +129,8 @@ jobs:
    # Must be refernced by a tag. https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/container/README.md#referencing-the-slsa-generator
    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.0.0
    with:
-      base64-subjects: "${{ needs.goreleaser.outputs.hashes }}"
-      provenance-name: "argocd-cli.intoto.jsonl"
+      base64-subjects: '${{ needs.goreleaser.outputs.hashes }}'
+      provenance-name: 'argocd-cli.intoto.jsonl'
      upload-assets: true

  generate-sbom:
@@ -153,7 +152,7 @@ jobs:
          token: ${{ secrets.GITHUB_TOKEN }}

      - name: Setup Golang
-        uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
+        uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
        with:
          go-version: ${{ env.GOLANG_VERSION }}

@@ -166,7 +165,7 @@ jobs:
          SIGS_BOM_VERSION: v0.2.1
          # comma delimited list of project relative folders to inspect for package
          # managers (gomod, yarn, npm).
-          PROJECT_FOLDERS: ".,./ui"
+          PROJECT_FOLDERS: '.,./ui'
          # full qualified name of the docker image to be inspected
          DOCKER_IMAGE: quay.io/argoproj/argocd:${{ github.ref_name }}
        run: |
@@ -186,7 +185,7 @@ jobs:
          fi

          cd /tmp && tar -zcf sbom.tar.gz *.spdx
-          
+
      - name: Generate SBOM hash
        shell: bash
        id: sbom-hash
@@ -195,15 +194,15 @@ jobs:
          # base64 -w0 encodes to base64 and outputs on a single line.
          # sha256sum /tmp/sbom.tar.gz ... | base64 -w0
          echo "hashes=$(sha256sum /tmp/sbom.tar.gz | base64 -w0)" >> "$GITHUB_OUTPUT"
-      
+
      - name: Upload SBOM
-        uses: softprops/action-gh-release@c062e08bd532815e2082a85e87e3ef29c3e6d191 # v2.0.8
+        uses: softprops/action-gh-release@c95fe1489396fe8a9eb87c0abf8aa5b2ef267fda # v2.2.1
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        with:
          files: |
            /tmp/sbom.tar.gz
-  
+
  sbom-provenance:
    needs: [generate-sbom]
    permissions:
@@ -211,13 +210,13 @@ jobs:
      id-token: write # Needed for provenance signing and ID
      contents: write #  Needed for release uploads
    if: github.repository == 'argoproj/argo-cd'
-    # Must be refernced by a tag. https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/container/README.md#referencing-the-slsa-generator
+    # Must be referenced by a tag. https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/container/README.md#referencing-the-slsa-generator
    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.0.0
    with:
-      base64-subjects: "${{ needs.generate-sbom.outputs.hashes }}"
-      provenance-name: "argocd-sbom.intoto.jsonl"
+      base64-subjects: '${{ needs.generate-sbom.outputs.hashes }}'
+      provenance-name: 'argocd-sbom.intoto.jsonl'
      upload-assets: true
-      
+
  post-release:
    needs:
      - argocd-image
@@ -295,10 +294,10 @@ jobs:
        if: ${{ env.UPDATE_VERSION == 'true' }}

      - name: Create PR to update VERSION on master branch
-        uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c # v6.1.0
+        uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f # v7.0.5
        with:
          commit-message: Bump version in master
-          title: "chore: Bump version in master"
+          title: 'chore: Bump version in master'
          body: All images built from master should indicate which version we are on track for.
          signoff: true
          branch: update-version
--- a/.github/workflows/scorecard.yaml
+++ b/.github/workflows/scorecard.yaml
@@ -54,7 +54,7 @@ jobs:
      # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
      # format to the repository Actions tab.
      - name: "Upload artifact"
-        uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
        with:
          name: SARIF file
          path: results.sarif
--- a/.gitignore
+++ b/.gitignore
@@ -1,6 +1,7 @@
 .vscode/
 .idea/
 .DS_Store
+.run/
 vendor/
 dist/*
 ui/dist/app/*
--- a/.gitpod.Dockerfile
+++ b/.gitpod.Dockerfile
@@ -1,4 +1,4 @@
-FROM gitpod/workspace-full@sha256:fbff2dce4236535b96de0e94622bbe9a44fba954ca064862004c34e3e08904df
+FROM gitpod/workspace-full@sha256:a47a68ee7f9da10cd889ccce4661bc73f2c0d5a98d3d087e8bdfc0230b27964c

 USER root

--- a/.golangci.yaml
+++ b/.golangci.yaml
@@ -1,9 +1,12 @@
 issues:
  exclude:
-    - SA1019
    - SA5011
  max-issues-per-linter: 0
  max-same-issues: 0
+  exclude-rules:
+    - path: '(.+)_test\.go'
+      linters:
+        - unparam
 linters:
  enable:
    - errcheck
@@ -11,31 +14,143 @@ linters:
    - gocritic
    - gofumpt
    - goimports
+    - gomodguard
    - gosimple
    - govet
+    - importas
    - ineffassign
    - misspell
+    # Disabled because of https://github.com/argoproj/argo-cd/issues/21705
+    # - nolintlint
+    - perfsprint
+    - revive
    - staticcheck
    - testifylint
+    - thelper
+    - unparam
    - unused
-    - whitespace 
+    - usestdlibvars
+    - usetesting
+    - whitespace
 linters-settings:
  gocritic:
    disabled-checks:
      - appendAssign
-      - assignOp  # Keep it disabled for readability
-      - badCond
-      - commentFormatting
+      - assignOp # Keep it disabled for readability
      - exitAfterDefer
-      - ifElseChain
      - mapKey
-      - singleCaseSwitch
      - typeSwitchVar
  goimports:
-    local-prefixes: github.com/argoproj/argo-cd/v2
+    local-prefixes: github.com/argoproj/argo-cd/v3
+  gomodguard:
+    blocked:
+      modules:
+        - github.com/golang-jwt/jwt/v4:
+            recommendations:
+              - github.com/golang-jwt/jwt/v5
+        - github.com/imdario/mergo:
+            recommendations:
+              - dario.cat/mergo
+            reason: '`github.com/imdario/mergo` has been renamed.'
+        - github.com/pkg/errors:
+            recommendations:
+              - errors
+  importas:
+    alias:
+      - alias: jwtgo
+        pkg: github.com/golang-jwt/jwt/v5
+      - alias: appsv1
+        pkg: k8s.io/api/apps/v1
+      - alias: corev1
+        pkg: k8s.io/api/core/v1
+      - alias: rbacv1
+        pkg: k8s.io/api/rbac/v1
+      - alias: apierrors
+        pkg: k8s.io/apimachinery/pkg/api/errors
+      - alias: apiextensionsv1
+        pkg: k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1
+      - alias: metav1
+        pkg: k8s.io/apimachinery/pkg/apis/meta/v1
+      - alias: informersv1
+        pkg: k8s.io/client-go/informers/core/v1
+      - alias: stderrors
+        pkg: errors
+  nolintlint:
+    require-specific: true
+  perfsprint:
+    # Optimizes even if it requires an int or uint type cast.
+    int-conversion: true
+    # Optimizes into `err.Error()` even if it is only equivalent for non-nil errors.
+    err-error: true
+    # Optimizes `fmt.Errorf`.
+    errorf: true
+    # Optimizes `fmt.Sprintf` with only one argument.
+    sprintf1: true
+    # Optimizes into strings concatenation.
+    strconcat: true
+  revive:
+    # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md
+    rules:
+      - name: bool-literal-in-expr
+      - name: blank-imports
+        disabled: true
+      - name: context-as-argument
+        arguments:
+          - allowTypesBefore: '*testing.T,testing.TB'
+      - name: context-keys-type
+        disabled: true
+      - name: dot-imports
+        disabled: true
+      - name: duplicated-imports
+      - name: early-return
+        arguments:
+          - 'preserveScope'
+      - name: empty-block
+        disabled: true
+      - name: error-naming
+        disabled: true
+      - name: error-return
+      - name: error-strings
+        disabled: true
+      - name: errorf
+      - name: identical-branches
+      - name: if-return
+      - name: increment-decrement
+      - name: indent-error-flow
+        arguments:
+          - 'preserveScope'
+      - name: modifies-parameter
+      - name: optimize-operands-order
+      - name: range
+      - name: receiver-naming
+      - name: redefines-builtin-id
+        disabled: true
+      - name: redundant-import-alias
+      - name: superfluous-else
+        arguments:
+          - 'preserveScope'
+      - name: time-equal
+      - name: time-naming
+        disabled: true
+      - name: unexported-return
+        disabled: true
+      - name: unnecessary-stmt
+      - name: unreachable-code
+      - name: unused-parameter
+      - name: use-any
+      - name: useless-break
+      - name: var-declaration
+      - name: var-naming
+        arguments:
+          - ["ID"]
+          - ["VM"]
+          - - skipPackageNameChecks: true
+              upperCaseConst: true
  testifylint:
    enable-all: true
    disable:
      - go-require
+  usetesting:
+    os-mkdir-temp: false
 run:
  timeout: 50m
--- a/.goreleaser.yaml
+++ b/.goreleaser.yaml
@@ -16,11 +16,11 @@ builds:
    flags:
      - -v
    ldflags:
-      - -X github.com/argoproj/argo-cd/v2/common.version={{ .Version }}
-      - -X github.com/argoproj/argo-cd/v2/common.buildDate={{ .Date }}
-      - -X github.com/argoproj/argo-cd/v2/common.gitCommit={{ .FullCommit }}
-      - -X github.com/argoproj/argo-cd/v2/common.gitTreeState={{ .Env.GIT_TREE_STATE }}
-      - -X github.com/argoproj/argo-cd/v2/common.kubectlVersion={{ .Env.KUBECTL_VERSION }}
+      - -X github.com/argoproj/argo-cd/v3/common.version={{ .Version }}
+      - -X github.com/argoproj/argo-cd/v3/common.buildDate={{ .Date }}
+      - -X github.com/argoproj/argo-cd/v3/common.gitCommit={{ .FullCommit }}
+      - -X github.com/argoproj/argo-cd/v3/common.gitTreeState={{ .Env.GIT_TREE_STATE }}
+      - -X github.com/argoproj/argo-cd/v3/common.kubectlVersion={{ .Env.KUBECTL_VERSION }}
      - -extldflags="-static"
    goos:
      - linux
@@ -79,6 +79,8 @@ release:

    All Argo CD container images are signed by cosign.  A Provenance is generated for container images and CLI binaries which meet the SLSA Level 3 specifications. See the [documentation](https://argo-cd.readthedocs.io/en/stable/operator-manual/signed-release-assets) on how to verify.

+    ## Release Notes Blog Post
+    For a detailed breakdown of the key changes and improvements in this release, check out the [official blog post](https://blog.argoproj.io/argo-cd-v2-14-release-candidate-57a664791e2a)  

    ## Upgrading

--- a/.mockery.yaml
+++ b/.mockery.yaml
@@ -6,13 +6,13 @@ mockname: "{{.InterfaceName}}"
 with-expecter: false
 # individual interface config
 packages:
-  github.com/argoproj/argo-cd/v2/applicationset/generators:
+  github.com/argoproj/argo-cd/v3/applicationset/generators:
    interfaces:
      Generator:
-  github.com/argoproj/argo-cd/v2/applicationset/services:
+  github.com/argoproj/argo-cd/v3/applicationset/services:
    interfaces:
      Repos:
-  github.com/argoproj/argo-cd/v2/applicationset/services/scm_provider:
+  github.com/argoproj/argo-cd/v3/applicationset/services/scm_provider:
    config:
      dir: "applicationset/services/scm_provider/aws_codecommit/mocks"
    interfaces:
@@ -23,46 +23,60 @@ packages:
      dir: "applicationset/services/scm_provider/azure_devops/git/mocks"
    interfaces:
      Client:
-  github.com/argoproj/argo-cd/v2/applicationset/utils:
+  github.com/argoproj/argo-cd/v3/applicationset/utils:
    interfaces:
      Renderer:
-  github.com/argoproj/argo-cd/v2/controller/cache:
+  github.com/argoproj/argo-cd/v3/commitserver/commit:
+    interfaces:
+      RepoClientFactory:
+  github.com/argoproj/argo-cd/v3/commitserver/apiclient:
+    interfaces:
+      CommitServiceClient:
+      Clientset:
+  github.com/argoproj/argo-cd/v3/controller/cache:
    interfaces:
      LiveStateCache:
-  github.com/argoproj/argo-cd/v2/reposerver/apiclient:
+  github.com/argoproj/argo-cd/v3/reposerver/apiclient:
    interfaces:
      RepoServerServiceClient:
      RepoServerService_GenerateManifestWithFilesClient:
-  github.com/argoproj/argo-cd/v2/server/application:
+  github.com/argoproj/argo-cd/v3/server/application:
    interfaces:
      Broadcaster:
-  github.com/argoproj/argo-cd/v2/server/extension:
+  github.com/argoproj/argo-cd/v3/server/extension:
    interfaces:
      ApplicationGetter:
      ExtensionMetricsRegistry:
      ProjectGetter:
      RbacEnforcer:
      SettingsGetter:
-  github.com/argoproj/argo-cd/v2/util/db:
+      UserGetter:
+  github.com/argoproj/argo-cd/v3/util/db:
    interfaces:
      ArgoDB:
-  github.com/argoproj/argo-cd/v2/util/git:
+  github.com/argoproj/argo-cd/v3/util/git:
    interfaces:
      Client:
-  github.com/argoproj/argo-cd/v2/util/helm:
+  github.com/argoproj/argo-cd/v3/util/helm:
    interfaces:
      Client:
-  github.com/argoproj/argo-cd/v2/util/io:
+  github.com/argoproj/argo-cd/v3/util/io:
    interfaces:
      TempPaths:
-  github.com/argoproj/argo-cd/v2/util/notification/argocd:
+  github.com/argoproj/argo-cd/v3/util/notification/argocd:
    interfaces:
      Service:
+  github.com/argoproj/argo-cd/v3/util/workloadidentity:
+    interfaces:
+      TokenProvider:
  # These mocks are not currently used, but they are part of the public API of this package.      
-  github.com/argoproj/argo-cd/v2/pkg/apiclient/session:
+  github.com/argoproj/argo-cd/v3/pkg/apiclient/session:
    interfaces:
      SessionServiceServer:
      SessionServiceClient:
-  github.com/argoproj/argo-cd/v2/pkg/apiclient/cluster:
+  github.com/argoproj/argo-cd/v3/pkg/apiclient/cluster:
    interfaces:
-      ClusterServiceServer:
+      ClusterServiceServer:
+  github.com/argoproj/argo-cd/v3/pkg/client/clientset/versioned/typed/application/v1alpha1:
+    interfaces:
+      AppProjectInterface:
--- a/.readthedocs.yaml
+++ b/.readthedocs.yaml
@@ -2,10 +2,11 @@ version: 2
 formats: all
 mkdocs:
  fail_on_warning: false
+  configuration: mkdocs.yml
 python:
  install:
    - requirements: docs/requirements.txt
 build:
  os: "ubuntu-22.04"
  tools:
-    python: "3.7"
+    python: "3.12"
--- a/41
+++ b/41
@@ -1,10 +1,12 @@
-ARG BASE_IMAGE=docker.io/library/ubuntu:24.04@sha256:3f85b7caad41a95462cf5b787d8a04604c8262cdcdf9a472b8c52ef83375fe15
+ARG BASE_IMAGE=docker.io/library/ubuntu:24.04@sha256:80dd3c3b9c6cecb9f1667e9290b3bc61b78c2678c02cbdae5f0fea92cc6734ab
 ####################################################################################################
 # Builder image
 # Initial stage which pulls prepares build dependencies and CLI tooling we need for our final image
 # Also used as the image in CI jobs so needs all dependencies
 ####################################################################################################
-FROM docker.io/library/golang:1.22.6@sha256:2bd56f00ff47baf33e64eae7996b65846c7cb5e0a46e0a882ef179fd89654afa AS builder
+FROM docker.io/library/golang:1.24.4@sha256:db5d0afbfb4ab648af2393b92e87eaae9ad5e01132803d80caef91b5752d289c AS builder
+
+WORKDIR /tmp

 RUN echo 'deb http://archive.debian.org/debian buster-backports main' >> /etc/apt/sources.list

@@ -23,8 +25,6 @@ RUN apt-get update && apt-get install --no-install-recommends -y \
    apt-get clean && \
    rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*

-WORKDIR /tmp
-
 COPY hack/install.sh hack/tool-versions.sh ./
 COPY hack/installers installers

@@ -40,8 +40,8 @@ LABEL org.opencontainers.image.source="https://github.com/argoproj/argo-cd"

 USER root

-ENV ARGOCD_USER_ID=999
-ENV DEBIAN_FRONTEND=noninteractive
+ENV ARGOCD_USER_ID=999 \
+    DEBIAN_FRONTEND=noninteractive

 RUN groupadd -g $ARGOCD_USER_ID argocd && \
    useradd -r -u $ARGOCD_USER_ID -g argocd argocd && \
@@ -55,11 +55,13 @@ RUN groupadd -g $ARGOCD_USER_ID argocd && \
    apt-get clean && \
    rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*

-COPY hack/gpg-wrapper.sh /usr/local/bin/gpg-wrapper.sh
-COPY hack/git-verify-wrapper.sh /usr/local/bin/git-verify-wrapper.sh
+COPY hack/gpg-wrapper.sh \
+    hack/git-verify-wrapper.sh \
+    entrypoint.sh \
+    /usr/local/bin/
 COPY --from=builder /usr/local/bin/helm /usr/local/bin/helm
 COPY --from=builder /usr/local/bin/kustomize /usr/local/bin/kustomize
-COPY entrypoint.sh /usr/local/bin/entrypoint.sh
+
 # keep uid_entrypoint.sh for backward compatibility
 RUN ln -s /usr/local/bin/entrypoint.sh /usr/local/bin/uid_entrypoint.sh

@@ -83,7 +85,7 @@ WORKDIR /home/argocd
 ####################################################################################################
 # Argo CD UI stage
 ####################################################################################################
-FROM --platform=$BUILDPLATFORM docker.io/library/node:22.3.0@sha256:5e4044ff6001d06e7748e35bfa4f80c73cf5f5a7360a1b782995e038a01b0585 AS argocd-ui
+FROM --platform=$BUILDPLATFORM docker.io/library/node:23.0.0@sha256:e643c0b70dca9704dff42e12b17f5b719dbe4f95e6392fc2dfa0c5f02ea8044d AS argocd-ui

 WORKDIR /src
 COPY ["ui/package.json", "ui/yarn.lock", "./"]
@@ -101,7 +103,7 @@ RUN HOST_ARCH=$TARGETARCH NODE_ENV='production' NODE_ONLINE_ENV='online' NODE_OP
 ####################################################################################################
 # Argo CD Build stage which performs the actual build of Argo CD binaries
 ####################################################################################################
-FROM --platform=$BUILDPLATFORM docker.io/library/golang:1.22.6@sha256:2bd56f00ff47baf33e64eae7996b65846c7cb5e0a46e0a882ef179fd89654afa AS argocd-build
+FROM --platform=$BUILDPLATFORM docker.io/library/golang:1.24.4@sha256:db5d0afbfb4ab648af2393b92e87eaae9ad5e01132803d80caef91b5752d289c AS argocd-build

 WORKDIR /go/src/github.com/argoproj/argo-cd

@@ -111,13 +113,13 @@ RUN go mod download
 # Perform the build
 COPY . .
 COPY --from=argocd-ui /src/dist/app /go/src/github.com/argoproj/argo-cd/ui/dist/app
-ARG TARGETOS
-ARG TARGETARCH
+ARG TARGETOS \
+    TARGETARCH
 # These build args are optional; if not specified the defaults will be taken from the Makefile
-ARG GIT_TAG
-ARG BUILD_DATE
-ARG GIT_TREE_STATE
-ARG GIT_COMMIT
+ARG GIT_TAG \
+    BUILD_DATE \
+    GIT_TREE_STATE \
+    GIT_COMMIT
 RUN GIT_COMMIT=$GIT_COMMIT \
    GIT_TREE_STATE=$GIT_TREE_STATE \
    GIT_TAG=$GIT_TAG \
@@ -130,6 +132,7 @@ RUN GIT_COMMIT=$GIT_COMMIT \
 # Final image
 ####################################################################################################
 FROM argocd-base
+ENTRYPOINT ["/usr/bin/tini", "--"]
 COPY --from=argocd-build /go/src/github.com/argoproj/argo-cd/dist/argocd* /usr/local/bin/

 USER root
@@ -140,7 +143,7 @@ RUN ln -s /usr/local/bin/argocd /usr/local/bin/argocd-server && \
    ln -s /usr/local/bin/argocd /usr/local/bin/argocd-dex && \
    ln -s /usr/local/bin/argocd /usr/local/bin/argocd-notifications && \
    ln -s /usr/local/bin/argocd /usr/local/bin/argocd-applicationset-controller && \
-    ln -s /usr/local/bin/argocd /usr/local/bin/argocd-k8s-auth
+    ln -s /usr/local/bin/argocd /usr/local/bin/argocd-k8s-auth && \
+    ln -s /usr/local/bin/argocd /usr/local/bin/argocd-commit-server

 USER $ARGOCD_USER_ID
-ENTRYPOINT ["/usr/bin/tini", "--"]
--- a/21
+++ b/21
@@ -1,4 +1,4 @@
-PACKAGE=github.com/argoproj/argo-cd/v2/common
+PACKAGE=github.com/argoproj/argo-cd/v3/common
 CURRENT_DIR=$(shell pwd)
 DIST_DIR=${CURRENT_DIR}/dist
 CLI_NAME=argocd
@@ -254,7 +254,7 @@ cli: test-tools-image

 .PHONY: cli-local
 cli-local: clean-debug
-	CGO_ENABLED=${CGO_FLAG} GODEBUG="tarinsecurepath=0,zipinsecurepath=0" go build $(COVERAGE_FLAG) -v -ldflags '${LDFLAGS}' -o ${DIST_DIR}/${CLI_NAME} ./cmd
+	CGO_ENABLED=${CGO_FLAG} GODEBUG="tarinsecurepath=0,zipinsecurepath=0" go build -gcflags="all=-N -l" $(COVERAGE_FLAG) -v -ldflags '${LDFLAGS}' -o ${DIST_DIR}/${CLI_NAME} ./cmd

 .PHONY: gen-resources-cli-local
 gen-resources-cli-local: clean-debug
@@ -355,11 +355,6 @@ mod-vendor: test-tools-image
 mod-vendor-local: mod-download-local
 	go mod vendor

-# Deprecated - replace by install-tools-local
-.PHONY: install-lint-tools
-install-lint-tools:
-	./hack/install.sh lint-tools
-
 # Run linter on the code
 .PHONY: lint
 lint: test-tools-image
@@ -435,7 +430,7 @@ test-e2e:
 test-e2e-local: cli-local
 	# NO_PROXY ensures all tests don't go out through a proxy if one is configured on the test system
 	export GO111MODULE=off
-	DIST_DIR=${DIST_DIR} RERUN_FAILS=5 PACKAGES="./test/e2e" ARGOCD_E2E_RECORD=${ARGOCD_E2E_RECORD} ARGOCD_GPG_ENABLED=true NO_PROXY=* ./hack/test.sh -timeout $(ARGOCD_E2E_TEST_TIMEOUT) -v -args -test.gocoverdir="$(PWD)/test-results"
+	DIST_DIR=${DIST_DIR} RERUN_FAILS=5 PACKAGES="./test/e2e" ARGOCD_E2E_RECORD=${ARGOCD_E2E_RECORD} ARGOCD_CONFIG_DIR=$(HOME)/.config/argocd-e2e ARGOCD_GPG_ENABLED=true NO_PROXY=* ./hack/test.sh -timeout $(ARGOCD_E2E_TEST_TIMEOUT) -v -args -test.gocoverdir="$(PWD)/test-results"

 # Spawns a shell in the test server container for debugging purposes
 debug-test-server: test-tools-image
@@ -472,6 +467,7 @@ start-e2e-local: mod-vendor-local dep-ui-local cli-local
 	mkdir -p /tmp/coverage/repo-server
 	mkdir -p /tmp/coverage/applicationset-controller
 	mkdir -p /tmp/coverage/notification
+	mkdir -p /tmp/coverage/commit-server
 	# set paths for locally managed ssh known hosts and tls certs data
 	ARGOCD_SSH_DATA_PATH=/tmp/argo-e2e/app/config/ssh \
 	ARGOCD_TLS_DATA_PATH=/tmp/argo-e2e/app/config/tls \
@@ -486,8 +482,11 @@ start-e2e-local: mod-vendor-local dep-ui-local cli-local
 	BIN_MODE=$(ARGOCD_BIN_MODE) \
 	ARGOCD_APPLICATION_NAMESPACES=argocd-e2e-external,argocd-e2e-external-2 \
 	ARGOCD_APPLICATIONSET_CONTROLLER_NAMESPACES=argocd-e2e-external,argocd-e2e-external-2 \
+	ARGOCD_APPLICATIONSET_CONTROLLER_TOKENREF_STRICT_MODE=true \
 	ARGOCD_APPLICATIONSET_CONTROLLER_ALLOWED_SCM_PROVIDERS=http://127.0.0.1:8341,http://127.0.0.1:8342,http://127.0.0.1:8343,http://127.0.0.1:8344 \
 	ARGOCD_E2E_TEST=true \
+	ARGOCD_HYDRATOR_ENABLED=true \
+	ARGOCD_CLUSTER_CACHE_EVENTS_PROCESSING_INTERVAL=1ms \
 		goreman -f $(ARGOCD_PROCFILE) start ${ARGOCD_START}
 	ls -lrt /tmp/coverage

@@ -553,7 +552,7 @@ build-docs-local:

 .PHONY: build-docs
 build-docs:
-	$(DOCKER) run ${MKDOCS_RUN_ARGS} --rm -it -v ${CURRENT_DIR}:/docs -w /docs --entrypoint "" ${MKDOCS_DOCKER_IMAGE} sh -c 'pip install -r docs/requirements.txt; mkdocs build'
+	$(DOCKER) run ${MKDOCS_RUN_ARGS} --rm -it -v ${CURRENT_DIR}:/docs -w /docs --entrypoint "" ${MKDOCS_DOCKER_IMAGE} sh -c 'pip install mkdocs; pip install $$(mkdocs get-deps); mkdocs build'

 .PHONY: serve-docs-local
 serve-docs-local:
@@ -561,7 +560,7 @@ serve-docs-local:

 .PHONY: serve-docs
 serve-docs:
-	$(DOCKER) run ${MKDOCS_RUN_ARGS} --rm -it -p 8000:8000 -v ${CURRENT_DIR}:/docs -w /docs --entrypoint "" ${MKDOCS_DOCKER_IMAGE} sh -c 'pip install -r docs/requirements.txt; mkdocs serve -a $$(ip route get 1 | awk '\''{print $$7}'\''):8000'
+	$(DOCKER) run ${MKDOCS_RUN_ARGS} --rm -it -p 8000:8000 -v ${CURRENT_DIR}:/docs -w /docs --entrypoint "" ${MKDOCS_DOCKER_IMAGE} sh -c 'pip install mkdocs; pip install $$(mkdocs get-deps); mkdocs serve -a $$(ip route get 1 | awk '\''{print $$7}'\''):8000'

 # Verify that kubectl can connect to your K8s cluster from Docker
 .PHONY: verify-kube-connect
@@ -596,6 +595,7 @@ install-codegen-tools-local:
 .PHONY: install-go-tools-local
 install-go-tools-local:
 	./hack/install.sh codegen-go-tools
+	./hack/install.sh lint-tools

 .PHONY: dep-ui
 dep-ui: test-tools-image
@@ -676,7 +676,6 @@ help:
 	@echo 'debug:'
 	@echo '  list -- list all make targets'
 	@echo '  install-tools-local -- install all the tools below'
-	@echo '  install-lint-tools(-local)'
 	@echo
 	@echo 'codegen:'
 	@echo '  codegen(-local) -- if using -local, run the following targets first'
--- a/9
+++ b/9
@@ -1,9 +1,10 @@
-controller: [ "$BIN_MODE" = 'true' ] && COMMAND=./dist/argocd || COMMAND='go run ./cmd/main.go' && sh -c "GOCOVERDIR=${ARGOCD_COVERAGE_DIR:-/tmp/coverage/app-controller} HOSTNAME=testappcontroller-1  FORCE_LOG_COLORS=1 ARGOCD_FAKE_IN_CLUSTER=true ARGOCD_TLS_DATA_PATH=${ARGOCD_TLS_DATA_PATH:-/tmp/argocd-local/tls} ARGOCD_SSH_DATA_PATH=${ARGOCD_SSH_DATA_PATH:-/tmp/argocd-local/ssh} ARGOCD_BINARY_NAME=argocd-application-controller $COMMAND --loglevel debug --redis localhost:${ARGOCD_E2E_REDIS_PORT:-6379} --repo-server localhost:${ARGOCD_E2E_REPOSERVER_PORT:-8081} --otlp-address=${ARGOCD_OTLP_ADDRESS} --application-namespaces=${ARGOCD_APPLICATION_NAMESPACES:-''} --server-side-diff-enabled=${ARGOCD_APPLICATION_CONTROLLER_SERVER_SIDE_DIFF:-'false'}"
-api-server: [ "$BIN_MODE" = 'true' ] && COMMAND=./dist/argocd || COMMAND='go run ./cmd/main.go' && sh -c "GOCOVERDIR=${ARGOCD_COVERAGE_DIR:-/tmp/coverage/api-server} FORCE_LOG_COLORS=1 ARGOCD_FAKE_IN_CLUSTER=true ARGOCD_TLS_DATA_PATH=${ARGOCD_TLS_DATA_PATH:-/tmp/argocd-local/tls} ARGOCD_SSH_DATA_PATH=${ARGOCD_SSH_DATA_PATH:-/tmp/argocd-local/ssh} ARGOCD_BINARY_NAME=argocd-server $COMMAND --loglevel debug --redis localhost:${ARGOCD_E2E_REDIS_PORT:-6379} --disable-auth=${ARGOCD_E2E_DISABLE_AUTH:-'true'} --insecure --dex-server http://localhost:${ARGOCD_E2E_DEX_PORT:-5556} --repo-server localhost:${ARGOCD_E2E_REPOSERVER_PORT:-8081} --port ${ARGOCD_E2E_APISERVER_PORT:-8080} --otlp-address=${ARGOCD_OTLP_ADDRESS} --application-namespaces=${ARGOCD_APPLICATION_NAMESPACES:-''}"
-dex: sh -c "ARGOCD_BINARY_NAME=argocd-dex go run github.com/argoproj/argo-cd/v2/cmd gendexcfg -o `pwd`/dist/dex.yaml && (test -f dist/dex.yaml || { echo 'Failed to generate dex configuration'; exit 1; }) && docker run --rm -p ${ARGOCD_E2E_DEX_PORT:-5556}:${ARGOCD_E2E_DEX_PORT:-5556} -v `pwd`/dist/dex.yaml:/dex.yaml ghcr.io/dexidp/dex:$(grep "image: ghcr.io/dexidp/dex" manifests/base/dex/argocd-dex-server-deployment.yaml | cut -d':' -f3) dex serve /dex.yaml"
-redis: bash -c "if [ \"$ARGOCD_REDIS_LOCAL\" = 'true' ]; then redis-server --save '' --appendonly no --port ${ARGOCD_E2E_REDIS_PORT:-6379}; else docker run --rm --name argocd-redis -i -p ${ARGOCD_E2E_REDIS_PORT:-6379}:${ARGOCD_E2E_REDIS_PORT:-6379} docker.io/library/redis:$(grep "image: redis" manifests/base/redis/argocd-redis-deployment.yaml | cut -d':' -f3) --save '' --appendonly no --port ${ARGOCD_E2E_REDIS_PORT:-6379}; fi"
+controller: [ "$BIN_MODE" = 'true' ] && COMMAND=./dist/argocd || COMMAND='go run ./cmd/main.go' && sh -c "GOCOVERDIR=${ARGOCD_COVERAGE_DIR:-/tmp/coverage/app-controller} HOSTNAME=testappcontroller-1  FORCE_LOG_COLORS=1 ARGOCD_FAKE_IN_CLUSTER=true ARGOCD_TLS_DATA_PATH=${ARGOCD_TLS_DATA_PATH:-/tmp/argocd-local/tls} ARGOCD_SSH_DATA_PATH=${ARGOCD_SSH_DATA_PATH:-/tmp/argocd-local/ssh} ARGOCD_BINARY_NAME=argocd-application-controller $COMMAND --loglevel debug --redis localhost:${ARGOCD_E2E_REDIS_PORT:-6379} --repo-server localhost:${ARGOCD_E2E_REPOSERVER_PORT:-8081} --commit-server localhost:${ARGOCD_E2E_COMMITSERVER_PORT:-8086} --otlp-address=${ARGOCD_OTLP_ADDRESS} --application-namespaces=${ARGOCD_APPLICATION_NAMESPACES:-''} --server-side-diff-enabled=${ARGOCD_APPLICATION_CONTROLLER_SERVER_SIDE_DIFF:-'false'} --hydrator-enabled=${ARGOCD_HYDRATOR_ENABLED:='false'}"
+api-server: [ "$BIN_MODE" = 'true' ] && COMMAND=./dist/argocd || COMMAND='go run ./cmd/main.go' && sh -c "GOCOVERDIR=${ARGOCD_COVERAGE_DIR:-/tmp/coverage/api-server} FORCE_LOG_COLORS=1 ARGOCD_FAKE_IN_CLUSTER=true ARGOCD_TLS_DATA_PATH=${ARGOCD_TLS_DATA_PATH:-/tmp/argocd-local/tls} ARGOCD_SSH_DATA_PATH=${ARGOCD_SSH_DATA_PATH:-/tmp/argocd-local/ssh} ARGOCD_BINARY_NAME=argocd-server $COMMAND --loglevel debug --redis localhost:${ARGOCD_E2E_REDIS_PORT:-6379} --disable-auth=${ARGOCD_E2E_DISABLE_AUTH:-'true'} --insecure --dex-server http://localhost:${ARGOCD_E2E_DEX_PORT:-5556} --repo-server localhost:${ARGOCD_E2E_REPOSERVER_PORT:-8081} --port ${ARGOCD_E2E_APISERVER_PORT:-8080} --otlp-address=${ARGOCD_OTLP_ADDRESS} --application-namespaces=${ARGOCD_APPLICATION_NAMESPACES:-''} --hydrator-enabled=${ARGOCD_HYDRATOR_ENABLED:='false'}"
+dex: sh -c "ARGOCD_BINARY_NAME=argocd-dex go run github.com/argoproj/argo-cd/v3/cmd gendexcfg -o `pwd`/dist/dex.yaml && (test -f dist/dex.yaml || { echo 'Failed to generate dex configuration'; exit 1; }) && docker run --rm -p ${ARGOCD_E2E_DEX_PORT:-5556}:${ARGOCD_E2E_DEX_PORT:-5556} -v `pwd`/dist/dex.yaml:/dex.yaml ghcr.io/dexidp/dex:$(grep "image: ghcr.io/dexidp/dex" manifests/base/dex/argocd-dex-server-deployment.yaml | cut -d':' -f3) dex serve /dex.yaml"
+redis: hack/start-redis-with-password.sh
 repo-server: [ "$BIN_MODE" = 'true' ] && COMMAND=./dist/argocd || COMMAND='go run ./cmd/main.go' && sh -c "GOCOVERDIR=${ARGOCD_COVERAGE_DIR:-/tmp/coverage/repo-server} FORCE_LOG_COLORS=1 ARGOCD_FAKE_IN_CLUSTER=true ARGOCD_GNUPGHOME=${ARGOCD_GNUPGHOME:-/tmp/argocd-local/gpg/keys} ARGOCD_PLUGINSOCKFILEPATH=${ARGOCD_PLUGINSOCKFILEPATH:-./test/cmp}  ARGOCD_GPG_DATA_PATH=${ARGOCD_GPG_DATA_PATH:-/tmp/argocd-local/gpg/source} ARGOCD_TLS_DATA_PATH=${ARGOCD_TLS_DATA_PATH:-/tmp/argocd-local/tls} ARGOCD_SSH_DATA_PATH=${ARGOCD_SSH_DATA_PATH:-/tmp/argocd-local/ssh} ARGOCD_BINARY_NAME=argocd-repo-server ARGOCD_GPG_ENABLED=${ARGOCD_GPG_ENABLED:-false} $COMMAND --loglevel debug --port ${ARGOCD_E2E_REPOSERVER_PORT:-8081} --redis localhost:${ARGOCD_E2E_REDIS_PORT:-6379} --otlp-address=${ARGOCD_OTLP_ADDRESS}"
 cmp-server: [ "$ARGOCD_E2E_TEST" = 'true' ] && exit 0 || [ "$BIN_MODE" = 'true' ] && COMMAND=./dist/argocd || COMMAND='go run ./cmd/main.go' && sh -c "FORCE_LOG_COLORS=1 ARGOCD_FAKE_IN_CLUSTER=true ARGOCD_BINARY_NAME=argocd-cmp-server ARGOCD_PLUGINSOCKFILEPATH=${ARGOCD_PLUGINSOCKFILEPATH:-./test/cmp} $COMMAND --config-dir-path ./test/cmp --loglevel debug --otlp-address=${ARGOCD_OTLP_ADDRESS}"
+commit-server: [ "$BIN_MODE" = 'true' ] && COMMAND=./dist/argocd || COMMAND='go run ./cmd/main.go' && sh -c "GOCOVERDIR=${ARGOCD_COVERAGE_DIR:-/tmp/coverage/commit-server} FORCE_LOG_COLORS=1 ARGOCD_BINARY_NAME=argocd-commit-server $COMMAND --loglevel debug --port ${ARGOCD_E2E_COMMITSERVER_PORT:-8086}"
 ui: sh -c 'cd ui && ${ARGOCD_E2E_YARN_CMD:-yarn} start'
 git-server: test/fixture/testrepos/start-git.sh
 helm-registry: test/fixture/testrepos/start-helm-registry.sh
--- a/README.md
+++ b/README.md
@@ -8,7 +8,6 @@
 [![codecov](https://codecov.io/gh/argoproj/argo-cd/branch/master/graph/badge.svg)](https://codecov.io/gh/argoproj/argo-cd)
 [![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/4486/badge)](https://bestpractices.coreinfrastructure.org/projects/4486)
 [![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/argoproj/argo-cd/badge)](https://scorecard.dev/viewer/?uri=github.com/argoproj/argo-cd)
-[![FOSSA Status](https://app.fossa.com/api/projects/git%2Bgithub.com%2Fargoproj%2Fargo-cd.svg?type=shield)](https://app.fossa.com/projects/git%2Bgithub.com%2Fargoproj%2Fargo-cd?ref=badge_shield)

 **Social:**
 [![Twitter Follow](https://img.shields.io/twitter/follow/argoproj?style=social)](https://twitter.com/argoproj)
@@ -57,7 +56,7 @@ Participation in the Argo CD project is governed by the [CNCF Code of Conduct](h
 ### Blogs and Presentations

 1. [Awesome-Argo: A Curated List of Awesome Projects and Resources Related to Argo](https://github.com/terrytangyuan/awesome-argo)
-1. [Unveil the Secret Ingredients of Continuous Delivery at Enterprise Scale with Argo CD](https://akuity.io/blog/unveil-the-secret-ingredients-of-continuous-delivery-at-enterprise-scale-with-argocd-kubecon-china-2021/)
+1. [Unveil the Secret Ingredients of Continuous Delivery at Enterprise Scale with Argo CD](https://akuity.io/blog/secret-ingredients-of-continuous-delivery-at-enterprise-scale-with-argocd/)
 1. [GitOps Without Pipelines With ArgoCD Image Updater](https://youtu.be/avPUQin9kzU)
 1. [Combining Argo CD (GitOps), Crossplane (Control Plane), And KubeVela (OAM)](https://youtu.be/eEcgn_gU3SM)
 1. [How to Apply GitOps to Everything - Combining Argo CD and Crossplane](https://youtu.be/yrj4lmScKHQ)
--- a/SECURITY-INSIGHTS.yml
+++ b/SECURITY-INSIGHTS.yml
@@ -3,9 +3,9 @@ header:
  expiration-date: '2024-10-31T00:00:00.000Z' # One year from initial release.
  last-updated: '2023-10-27'
  last-reviewed: '2023-10-27'
-  commit-hash: fe606708859574b9b6102a505e260fac5d3fb14e
+  commit-hash: 74a367d10e7110209610ba3ec225539ebe5f7522
  project-url: https://github.com/argoproj/argo-cd
-  project-release: v2.13.0
+  project-release: v2.14.0
  changelog: https://github.com/argoproj/argo-cd/releases
  license: https://github.com/argoproj/argo-cd/blob/master/LICENSE
 project-lifecycle:
--- a/USERS.md
+++ b/USERS.md
@@ -11,10 +11,13 @@ Currently, the following organizations are **officially** using Argo CD:
 1. [7shifts](https://www.7shifts.com/)
 1. [Adevinta](https://www.adevinta.com/)
 1. [Adfinis](https://adfinis.com)
+1. [Adobe](https://www.adobe.com/)
 1. [Adventure](https://jp.adventurekk.com/)
 1. [Adyen](https://www.adyen.com)
 1. [AirQo](https://airqo.net/)
 1. [Akuity](https://akuity.io/)
+1. [Alarm.com](https://alarm.com/)
+1. [Alauda](https://alauda.io/)
 1. [Albert Heijn](https://ah.nl/)
 1. [Alibaba Group](https://www.alibabagroup.com/)
 1. [Allianz Direct](https://www.allianzdirect.de/)
@@ -27,18 +30,21 @@ Currently, the following organizations are **officially** using Argo CD:
 1. [Ant Group](https://www.antgroup.com/)
 1. [AppDirect](https://www.appdirect.com)
 1. [Arctiq Inc.](https://www.arctiq.ca)
-2. [Arturia](https://www.arturia.com)
+1. [Arturia](https://www.arturia.com)
 1. [ARZ Allgemeines Rechenzentrum GmbH](https://www.arz.at/)
+1. [Augury](https://www.augury.com/)
 1. [Autodesk](https://www.autodesk.com)
 1. [Axians ACSP](https://www.axians.fr)
 1. [Axual B.V.](https://axual.com)
 1. [Back Market](https://www.backmarket.com)
+1. [Bajaj Finserv Health Ltd.](https://www.bajajfinservhealth.in)
 1. [Baloise](https://www.baloise.com)
 1. [BCDevExchange DevOps Platform](https://bcdevexchange.org/DevOpsPlatform)
 1. [Beat](https://thebeat.co/en/)
 1. [Beez Innovation Labs](https://www.beezlabs.com/)
 1. [Bedag Informatik AG](https://www.bedag.ch/)
 1. [Beleza Na Web](https://www.belezanaweb.com.br/)
+1. [Believable Bots](https://believablebots.io)
 1. [BigPanda](https://bigpanda.io)
 1. [BioBox Analytics](https://biobox.io)
 1. [BMW Group](https://www.bmwgroup.com/)
@@ -73,6 +79,7 @@ Currently, the following organizations are **officially** using Argo CD:
 1. [Codility](https://www.codility.com/)
 1. [Cognizant](https://www.cognizant.com/)
 1. [Commonbond](https://commonbond.co/)
+1. [Compatio.AI](https://compatio.ai/)
 1. [Contlo](https://contlo.com/)
 1. [Coralogix](https://coralogix.com/)
 1. [Crédit Agricole CIB](https://www.ca-cib.com)
@@ -82,11 +89,13 @@ Currently, the following organizations are **officially** using Argo CD:
 1. [D2iQ](https://www.d2iq.com)
 1. [DaoCloud](https://daocloud.io/)
 1. [Datarisk](https://www.datarisk.io/)
+1. [Daydream](https://daydream.ing)
 1. [Deloitte](https://www.deloitte.com/)
 1. [Deutsche Telekom AG](https://telekom.com)
 1. [Devopsi - Poland Software/DevOps Consulting](https://devopsi.pl/)
 1. [Devtron Labs](https://github.com/devtron-labs/devtron)
 1. [DigitalOcean](https://www.digitalocean.com)
+1. [Divar](https://divar.ir)
 1. [Divistant](https://divistant.com)
 1. [Dott](https://ridedott.com)
 1. [Doximity](https://www.doximity.com/)
@@ -112,6 +121,7 @@ Currently, the following organizations are **officially** using Argo CD:
 1. [freee](https://corp.freee.co.jp/en/company/)
 1. [Freshop, Inc](https://www.freshop.com/)
 1. [Future PLC](https://www.futureplc.com/)
+1. [Flagler Health](https://www.flaglerhealth.io/)
 1. [G DATA CyberDefense AG](https://www.gdata-software.com/)
 1. [G-Research](https://www.gresearch.com/teams/open-source-software/)
 1. [Garner](https://www.garnercorp.com)
@@ -137,6 +147,7 @@ Currently, the following organizations are **officially** using Argo CD:
 1. [Hazelcast](https://hazelcast.com/)
 1. [Healy](https://www.healyworld.net)
 1. [Helio](https://helio.exchange)
+1. [hetao101](https://www.hetao101.com/)
 1. [Hetki](https://hetki.ai)
 1. [hipages](https://hipages.com.au/)
 1. [Hiya](https://hiya.com)
@@ -182,10 +193,10 @@ Currently, the following organizations are **officially** using Argo CD:
 1. [Lian Chu Securities](https://lczq.com)
 1. [Liatrio](https://www.liatrio.com)
 1. [Lightricks](https://www.lightricks.com/)
-1. [LINE](https://linecorp.com/en/)
 1. [Loom](https://www.loom.com/)
 1. [Lucid Motors](https://www.lucidmotors.com/)
 1. [Lytt](https://www.lytt.co/)
+1. [LY Corporation](https://www.lycorp.co.jp/en/)
 1. [Magic Leap](https://www.magicleap.com/)
 1. [Majid Al Futtaim](https://www.majidalfuttaim.com/)
 1. [Major League Baseball](https://mlb.com)
@@ -207,6 +218,7 @@ Currently, the following organizations are **officially** using Argo CD:
 1. [Moengage](https://www.moengage.com/)
 1. [Money Forward](https://corp.moneyforward.com/en/)
 1. [MOO Print](https://www.moo.com/)
+1. [Mozilla](https://www.mozilla.org)
 1. [MTN Group](https://www.mtn.com/)
 1. [Municipality of The Hague](https://www.denhaag.nl/)
 1. [My Job Glasses](https://myjobglasses.com)
@@ -239,6 +251,7 @@ Currently, the following organizations are **officially** using Argo CD:
 1. [Optoro](https://www.optoro.com/)
 1. [Orbital Insight](https://orbitalinsight.com/)
 1. [Oscar Health Insurance](https://hioscar.com/)
+1. [Outpost24](https://outpost24.com/)
 1. [p3r](https://www.p3r.one/)
 1. [Packlink](https://www.packlink.com/)
 1. [PagerDuty](https://www.pagerduty.com/)
@@ -257,6 +270,7 @@ Currently, the following organizations are **officially** using Argo CD:
 1. [PITS Globale Datenrettungsdienste](https://www.pitsdatenrettung.de/)
 1. [Platform9 Systems](https://platform9.com/)
 1. [Polarpoint.io](https://polarpoint.io)
+1. [Pollinate](https://www.pollinate.global)
 1. [PostFinance](https://github.com/postfinance)
 1. [Preferred Networks](https://preferred.jp/en/)
 1. [Previder BV](https://previder.nl)
@@ -267,6 +281,7 @@ Currently, the following organizations are **officially** using Argo CD:
 1. [PT Boer Technology (Btech)](https://btech.id/)
 1. [PUBG](https://www.pubg.com)
 1. [Puzzle ITC](https://www.puzzle.ch/)
+1. [Pvotal Technologies](https://pvotal.tech/)
 1. [Qonto](https://qonto.com)
 1. [QuintoAndar](https://quintoandar.com.br)
 1. [Quipper](https://www.quipper.com/)
@@ -303,6 +318,7 @@ Currently, the following organizations are **officially** using Argo CD:
 1. [Skyscanner](https://www.skyscanner.net/)
 1. [Smart Pension](https://www.smartpension.co.uk/)
 1. [Smilee.io](https://smilee.io)
+1. [Smilegate Stove](https://www.onstove.com/)
 1. [Smood.ch](https://www.smood.ch/)
 1. [Snapp](https://snapp.ir/)
 1. [Snyk](https://snyk.io/)
@@ -322,14 +338,17 @@ Currently, the following organizations are **officially** using Argo CD:
 1. [Swisscom](https://www.swisscom.ch)
 1. [Swissquote](https://github.com/swissquote)
 1. [Syncier](https://syncier.com/)
+1. [Synergy](https://synergy.net.au)
 1. [Syself](https://syself.com)
 1. [TableCheck](https://tablecheck.com/)
 1. [Tailor Brands](https://www.tailorbrands.com)
 1. [Tamkeen Technologies](https://tamkeentech.sa/)
+1. [TBC Bank](https://tbcbank.ge/)
 1. [Techcombank](https://www.techcombank.com.vn/trang-chu)
 1. [Technacy](https://www.technacy.it/)
 1. [Telavita](https://www.telavita.com.br/)
 1. [Tesla](https://tesla.com/)
+1. [TextNow](https://www.textnow.com/)
 1. [The Scale Factory](https://www.scalefactory.com/)
 1. [ThousandEyes](https://www.thousandeyes.com/)
 1. [Ticketmaster](https://ticketmaster.com)
@@ -358,6 +377,7 @@ Currently, the following organizations are **officially** using Argo CD:
 1. [Vinted](https://vinted.com/)
 1. [Virtuo](https://www.govirtuo.com/)
 1. [VISITS Technologies](https://visits.world/en)
+1. [Viya](https://viya.me)
 1. [Volvo Cars](https://www.volvocars.com/)
 1. [Voyager Digital](https://www.investvoyager.com/)
 1. [VSHN - The DevOps Company](https://vshn.ch/)
@@ -372,9 +392,12 @@ Currently, the following organizations are **officially** using Argo CD:
 1. [WooliesX](https://wooliesx.com.au/)
 1. [Woolworths Group](https://www.woolworthsgroup.com.au/)
 1. [WSpot](https://www.wspot.com.br/)
+1. [X3M ads](https://x3mads.com)
 1. [Yieldlab](https://www.yieldlab.de/)
 1. [Youverify](https://youverify.co/)
 1. [Yubo](https://www.yubo.live/)
 1. [ZDF](https://www.zdf.de/)
 1. [Zimpler](https://www.zimpler.com/)
+1. [ZipRecuiter](https://www.ziprecruiter.com/)
 1. [ZOZO](https://corp.zozo.com/)
+
--- a/2
+++ b/2
@@ -1 +1 @@
-2.13.0
+3.0.6
--- a/applicationset/controllers/applicationset_controller.go
+++ b/applicationset/controllers/applicationset_controller.go
@@ -18,6 +18,9 @@ import (
 	"context"
 	"fmt"
 	"reflect"
+	"runtime/debug"
+	"sort"
+	"strconv"
 	"strings"
 	"time"

@@ -25,17 +28,16 @@ import (
 	"github.com/google/go-cmp/cmp/cmpopts"
 	log "github.com/sirupsen/logrus"
 	corev1 "k8s.io/api/core/v1"
-	apierr "k8s.io/apimachinery/pkg/api/errors"
+	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/apimachinery/pkg/util/intstr"
 	"k8s.io/client-go/kubernetes"
-	k8scache "k8s.io/client-go/tools/cache"
 	"k8s.io/client-go/tools/record"
+	"k8s.io/client-go/util/retry"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/builder"
-	"sigs.k8s.io/controller-runtime/pkg/cache"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/controller"
 	"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
@@ -43,20 +45,19 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/handler"
 	"sigs.k8s.io/controller-runtime/pkg/predicate"

-	"github.com/argoproj/argo-cd/v2/applicationset/controllers/template"
-	"github.com/argoproj/argo-cd/v2/applicationset/generators"
-	"github.com/argoproj/argo-cd/v2/applicationset/status"
-	"github.com/argoproj/argo-cd/v2/applicationset/utils"
-	"github.com/argoproj/argo-cd/v2/common"
-	"github.com/argoproj/argo-cd/v2/util/db"
-	"github.com/argoproj/argo-cd/v2/util/glob"
+	"github.com/argoproj/argo-cd/v3/applicationset/controllers/template"
+	"github.com/argoproj/argo-cd/v3/applicationset/generators"
+	"github.com/argoproj/argo-cd/v3/applicationset/metrics"
+	"github.com/argoproj/argo-cd/v3/applicationset/status"
+	"github.com/argoproj/argo-cd/v3/applicationset/utils"
+	"github.com/argoproj/argo-cd/v3/common"
+	"github.com/argoproj/argo-cd/v3/util/db"

-	argov1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
-	appclientset "github.com/argoproj/argo-cd/v2/pkg/client/clientset/versioned"
-	argoutil "github.com/argoproj/argo-cd/v2/util/argo"
-	"github.com/argoproj/argo-cd/v2/util/argo/normalizers"
+	argov1alpha1 "github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1"
+	argoutil "github.com/argoproj/argo-cd/v3/util/argo"
+	"github.com/argoproj/argo-cd/v3/util/argo/normalizers"

-	"github.com/argoproj/argo-cd/v2/pkg/apis/application"
+	"github.com/argoproj/argo-cd/v3/pkg/apis/application"
 )

 const (
@@ -79,7 +80,6 @@ type ApplicationSetReconciler struct {
 	Recorder             record.EventRecorder
 	Generators           map[string]generators.Generator
 	ArgoDB               db.ArgoDB
-	ArgoAppClientset     appclientset.Interface
 	KubeClientset        kubernetes.Interface
 	Policy               argov1alpha1.ApplicationsSyncPolicy
 	EnablePolicyOverride bool
@@ -90,18 +90,31 @@ type ApplicationSetReconciler struct {
 	SCMRootCAPath              string
 	GlobalPreservedAnnotations []string
 	GlobalPreservedLabels      []string
-	Cache                      cache.Cache
+	Metrics                    *metrics.ApplicationsetMetrics
 }

 // +kubebuilder:rbac:groups=argoproj.io,resources=applicationsets,verbs=get;list;watch;create;update;patch;delete
 // +kubebuilder:rbac:groups=argoproj.io,resources=applicationsets/status,verbs=get;update;patch

-func (r *ApplicationSetReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {
+func (r *ApplicationSetReconciler) Reconcile(ctx context.Context, req ctrl.Request) (result ctrl.Result, err error) {
+	startReconcile := time.Now()
 	logCtx := log.WithField("applicationset", req.NamespacedName)

+	defer func() {
+		if rec := recover(); rec != nil {
+			logCtx.Errorf("Recovered from panic: %+v\n%s", rec, debug.Stack())
+			result = ctrl.Result{}
+			var ok bool
+			err, ok = rec.(error)
+			if !ok {
+				err = fmt.Errorf("%v", r)
+			}
+		}
+	}()
+
 	var applicationSetInfo argov1alpha1.ApplicationSet
 	parametersGenerated := false
-
+	startTime := time.Now()
 	if err := r.Get(ctx, req.NamespacedName, &applicationSetInfo); err != nil {
 		if client.IgnoreNotFound(err) != nil {
 			logCtx.WithError(err).Infof("unable to get ApplicationSet: '%v' ", err)
@@ -109,6 +122,10 @@ func (r *ApplicationSetReconciler) Reconcile(ctx context.Context, req ctrl.Reque
 		return ctrl.Result{}, client.IgnoreNotFound(err)
 	}

+	defer func() {
+		r.Metrics.ObserveReconcile(&applicationSetInfo, time.Since(startTime))
+	}()
+
 	// Do not attempt to further reconcile the ApplicationSet if it is being deleted.
 	if applicationSetInfo.ObjectMeta.DeletionTimestamp != nil {
 		appsetName := applicationSetInfo.ObjectMeta.Name
@@ -138,6 +155,7 @@ func (r *ApplicationSetReconciler) Reconcile(ctx context.Context, req ctrl.Reque
 	// desiredApplications is the main list of all expected Applications from all generators in this appset.
 	desiredApplications, applicationSetReason, err := template.GenerateApplications(logCtx, applicationSetInfo, r.Generators, r.Renderer, r.Client)
 	if err != nil {
+		logCtx.Errorf("unable to generate applications: %v", err)
 		_ = r.setApplicationSetStatusCondition(ctx,
 			&applicationSetInfo,
 			argov1alpha1.ApplicationSetCondition{
@@ -147,7 +165,8 @@ func (r *ApplicationSetReconciler) Reconcile(ctx context.Context, req ctrl.Reque
 				Status:  argov1alpha1.ApplicationSetConditionStatusTrue,
 			}, parametersGenerated,
 		)
-		return ctrl.Result{RequeueAfter: ReconcileRequeueOnValidationError}, err
+		// In order for the controller SDK to respect RequeueAfter, the error must be nil
+		return ctrl.Result{RequeueAfter: ReconcileRequeueOnValidationError}, nil
 	}

 	parametersGenerated = true
@@ -242,20 +261,8 @@ func (r *ApplicationSetReconciler) Reconcile(ctx context.Context, req ctrl.Reque

 	if r.EnableProgressiveSyncs {
 		// trigger appropriate application syncs if RollingSync strategy is enabled
-		if progressiveSyncsStrategyEnabled(&applicationSetInfo, "RollingSync") {
-			validApps, err = r.syncValidApplications(logCtx, &applicationSetInfo, appSyncMap, appMap, validApps)
-			if err != nil {
-				_ = r.setApplicationSetStatusCondition(ctx,
-					&applicationSetInfo,
-					argov1alpha1.ApplicationSetCondition{
-						Type:    argov1alpha1.ApplicationSetConditionErrorOccurred,
-						Message: err.Error(),
-						Reason:  argov1alpha1.ApplicationSetReasonSyncApplicationError,
-						Status:  argov1alpha1.ApplicationSetConditionStatusTrue,
-					}, parametersGenerated,
-				)
-				return ctrl.Result{}, err
-			}
+		if progressiveSyncsRollingSyncStrategyEnabled(&applicationSetInfo) {
+			validApps = r.syncValidApplications(logCtx, &applicationSetInfo, appSyncMap, appMap, validApps)
 		}
 	}

@@ -342,7 +349,7 @@ func (r *ApplicationSetReconciler) Reconcile(ctx context.Context, req ctrl.Reque
 		requeueAfter = ReconcileRequeueOnValidationError
 	}

-	logCtx.WithField("requeueAfter", requeueAfter).Info("end reconcile")
+	logCtx.WithField("requeueAfter", requeueAfter).Info("end reconcile in ", time.Since(startReconcile))

 	return ctrl.Result{
 		RequeueAfter: requeueAfter,
@@ -409,8 +416,21 @@ func (r *ApplicationSetReconciler) setApplicationSetStatusCondition(ctx context.
 	paramtersGeneratedCondition := getParametersGeneratedCondition(paramtersGenerated, condition.Message)
 	resourceUpToDateCondition := getResourceUpToDateCondition(errOccurred, condition.Message, condition.Reason)

+	evaluatedTypes := map[argov1alpha1.ApplicationSetConditionType]bool{
+		argov1alpha1.ApplicationSetConditionErrorOccurred:       true,
+		argov1alpha1.ApplicationSetConditionParametersGenerated: true,
+		argov1alpha1.ApplicationSetConditionResourcesUpToDate:   true,
+	}
 	newConditions := []argov1alpha1.ApplicationSetCondition{errOccurredCondition, paramtersGeneratedCondition, resourceUpToDateCondition}

+	if progressiveSyncsRollingSyncStrategyEnabled(applicationSet) {
+		evaluatedTypes[argov1alpha1.ApplicationSetConditionRolloutProgressing] = true
+
+		if condition.Type == argov1alpha1.ApplicationSetConditionRolloutProgressing {
+			newConditions = append(newConditions, condition)
+		}
+	}
+
 	needToUpdateConditions := false
 	for _, condition := range newConditions {
 		// do nothing if appset already has same condition
@@ -421,29 +441,33 @@ func (r *ApplicationSetReconciler) setApplicationSetStatusCondition(ctx context.
 			}
 		}
 	}
-	evaluatedTypes := map[argov1alpha1.ApplicationSetConditionType]bool{
-		argov1alpha1.ApplicationSetConditionErrorOccurred:       true,
-		argov1alpha1.ApplicationSetConditionParametersGenerated: true,
-		argov1alpha1.ApplicationSetConditionResourcesUpToDate:   true,
-	}

-	if needToUpdateConditions || len(applicationSet.Status.Conditions) < 3 {
+	if needToUpdateConditions || len(applicationSet.Status.Conditions) < len(newConditions) {
 		// fetch updated Application Set object before updating it
-		namespacedName := types.NamespacedName{Namespace: applicationSet.Namespace, Name: applicationSet.Name}
-		if err := r.Get(ctx, namespacedName, applicationSet); err != nil {
-			if client.IgnoreNotFound(err) != nil {
-				return nil
+		// DefaultRetry will retry 5 times with a backoff factor of 1, jitter of 0.1 and a duration of 10ms
+		err := retry.RetryOnConflict(retry.DefaultRetry, func() error {
+			namespacedName := types.NamespacedName{Namespace: applicationSet.Namespace, Name: applicationSet.Name}
+			updatedAppset := &argov1alpha1.ApplicationSet{}
+			if err := r.Get(ctx, namespacedName, updatedAppset); err != nil {
+				if client.IgnoreNotFound(err) != nil {
+					return nil
+				}
+				return fmt.Errorf("error fetching updated application set: %w", err)
 			}
-			return fmt.Errorf("error fetching updated application set: %w", err)
-		}

-		applicationSet.Status.SetConditions(
-			newConditions, evaluatedTypes,
-		)
+			updatedAppset.Status.SetConditions(
+				newConditions, evaluatedTypes,
+			)

-		// Update the newly fetched object with new set of conditions
-		err := r.Client.Status().Update(ctx, applicationSet)
-		if err != nil && !apierr.IsNotFound(err) {
+			// Update the newly fetched object with new set of conditions
+			err := r.Client.Status().Update(ctx, updatedAppset)
+			if err != nil {
+				return err
+			}
+			updatedAppset.DeepCopyInto(applicationSet)
+			return nil
+		})
+		if err != nil && !apierrors.IsNotFound(err) {
 			return fmt.Errorf("unable to set application set condition: %w", err)
 		}
 	}
@@ -457,22 +481,23 @@ func (r *ApplicationSetReconciler) validateGeneratedApplications(ctx context.Con
 	errorsByIndex := map[int]error{}
 	namesSet := map[string]bool{}
 	for i, app := range desiredApplications {
-		if !namesSet[app.Name] {
-			namesSet[app.Name] = true
-		} else {
+		if namesSet[app.Name] {
 			errorsByIndex[i] = fmt.Errorf("ApplicationSet %s contains applications with duplicate name: %s", applicationSetInfo.Name, app.Name)
 			continue
 		}
-		_, err := r.ArgoAppClientset.ArgoprojV1alpha1().AppProjects(r.ArgoCDNamespace).Get(ctx, app.Spec.GetProject(), metav1.GetOptions{})
+		namesSet[app.Name] = true
+
+		appProject := &argov1alpha1.AppProject{}
+		err := r.Client.Get(ctx, types.NamespacedName{Name: app.Spec.Project, Namespace: r.ArgoCDNamespace}, appProject)
 		if err != nil {
-			if apierr.IsNotFound(err) {
+			if apierrors.IsNotFound(err) {
 				errorsByIndex[i] = fmt.Errorf("application references project %s which does not exist", app.Spec.Project)
 				continue
 			}
 			return nil, err
 		}

-		if err := utils.ValidateDestination(ctx, &app.Spec.Destination, r.KubeClientset, r.ArgoCDNamespace); err != nil {
+		if _, err = argoutil.GetDestinationCluster(ctx, app.Spec.Destination, r.ArgoDB); err != nil {
 			errorsByIndex[i] = fmt.Errorf("application destination spec is invalid: %s", err.Error())
 			continue
 		}
@@ -501,11 +526,9 @@ func (r *ApplicationSetReconciler) getMinRequeueAfter(applicationSetInfo *argov1
 }

 func ignoreNotAllowedNamespaces(namespaces []string) predicate.Predicate {
-	return predicate.Funcs{
-		CreateFunc: func(e event.CreateEvent) bool {
-			return glob.MatchStringInList(namespaces, e.Object.GetNamespace(), false)
-		},
-	}
+	return predicate.NewPredicateFuncs(func(object client.Object) bool {
+		return utils.IsNamespaceAllowed(namespaces, object.GetNamespace())
+	})
 }

 func appControllerIndexer(rawObj client.Object) []string {
@@ -529,12 +552,13 @@ func (r *ApplicationSetReconciler) SetupWithManager(mgr ctrl.Manager, enableProg
 		return fmt.Errorf("error setting up with manager: %w", err)
 	}

-	ownsHandler := getOwnsHandlerPredicates(enableProgressiveSyncs)
+	appOwnsHandler := getApplicationOwnsHandler(enableProgressiveSyncs)
+	appSetOwnsHandler := getApplicationSetOwnsHandler()

 	return ctrl.NewControllerManagedBy(mgr).WithOptions(controller.Options{
 		MaxConcurrentReconciles: maxConcurrentReconciliations,
-	}).For(&argov1alpha1.ApplicationSet{}).
-		Owns(&argov1alpha1.Application{}, builder.WithPredicates(ownsHandler)).
+	}).For(&argov1alpha1.ApplicationSet{}, builder.WithPredicates(appSetOwnsHandler)).
+		Owns(&argov1alpha1.Application{}, builder.WithPredicates(appOwnsHandler)).
 		WithEventFilter(ignoreNotAllowedNamespaces(r.ApplicationSetNamespaces)).
 		Watches(
 			&corev1.Secret{},
@@ -542,29 +566,9 @@ func (r *ApplicationSetReconciler) SetupWithManager(mgr ctrl.Manager, enableProg
 				Client: mgr.GetClient(),
 				Log:    log.WithField("type", "createSecretEventHandler"),
 			}).
-		// TODO: also watch Applications and respond on changes if we own them.
 		Complete(r)
 }

-func (r *ApplicationSetReconciler) updateCache(ctx context.Context, obj client.Object, logger *log.Entry) {
-	informer, err := r.Cache.GetInformer(ctx, obj)
-	if err != nil {
-		logger.Errorf("failed to get informer: %v", err)
-		return
-	}
-	// The controller runtime abstract away informers creation
-	// so unfortunately could not find any other way to access informer store.
-	k8sInformer, ok := informer.(k8scache.SharedInformer)
-	if !ok {
-		logger.Error("informer is not a kubernetes informer")
-		return
-	}
-	if err := k8sInformer.GetStore().Update(obj); err != nil {
-		logger.Errorf("failed to update cache: %v", err)
-		return
-	}
-}
-
 // createOrUpdateInCluster will create / update application resources in the cluster.
 // - For new applications, it will call create
 // - For existing application, it will call update
@@ -662,7 +666,6 @@ func (r *ApplicationSetReconciler) createOrUpdateInCluster(ctx context.Context,
 			}
 			continue
 		}
-		r.updateCache(ctx, found, appLog)

 		if action != controllerutil.OperationResultNone {
 			// Don't pollute etcd with "unchanged Application" events
@@ -717,9 +720,6 @@ func (r *ApplicationSetReconciler) getCurrentApplications(ctx context.Context, a
 // deleteInCluster will delete Applications that are currently on the cluster, but not in appList.
 // The function must be called after all generators had been called and generated applications
 func (r *ApplicationSetReconciler) deleteInCluster(ctx context.Context, logCtx *log.Entry, applicationSet argov1alpha1.ApplicationSet, desiredApplications []argov1alpha1.Application) error {
-	// settingsMgr := settings.NewSettingsManager(context.TODO(), r.KubeClientset, applicationSet.Namespace)
-	// argoDB := db.NewDB(applicationSet.Namespace, settingsMgr, r.KubeClientset)
-	// clusterList, err := argoDB.ListClusters(ctx)
 	clusterList, err := utils.ListClusters(ctx, r.KubeClientset, r.ArgoCDNamespace)
 	if err != nil {
 		return fmt.Errorf("error listing clusters: %w", err)
@@ -770,7 +770,7 @@ func (r *ApplicationSetReconciler) deleteInCluster(ctx context.Context, logCtx *
 }

 // removeFinalizerOnInvalidDestination removes the Argo CD resources finalizer if the application contains an invalid target (eg missing cluster)
-func (r *ApplicationSetReconciler) removeFinalizerOnInvalidDestination(ctx context.Context, applicationSet argov1alpha1.ApplicationSet, app *argov1alpha1.Application, clusterList *argov1alpha1.ClusterList, appLog *log.Entry) error {
+func (r *ApplicationSetReconciler) removeFinalizerOnInvalidDestination(ctx context.Context, applicationSet argov1alpha1.ApplicationSet, app *argov1alpha1.Application, clusterList []utils.ClusterSpecifier, appLog *log.Entry) error {
 	// Only check if the finalizers need to be removed IF there are finalizers to remove
 	if len(app.Finalizers) == 0 {
 		return nil
@@ -779,21 +779,18 @@ func (r *ApplicationSetReconciler) removeFinalizerOnInvalidDestination(ctx conte
 	var validDestination bool

 	// Detect if the destination is invalid (name doesn't correspond to a matching cluster)
-	if err := utils.ValidateDestination(ctx, &app.Spec.Destination, r.KubeClientset, r.ArgoCDNamespace); err != nil {
+	if destCluster, err := argoutil.GetDestinationCluster(ctx, app.Spec.Destination, r.ArgoDB); err != nil {
 		appLog.Warnf("The destination cluster for %s couldn't be found: %v", app.Name, err)
 		validDestination = false
 	} else {
 		// Detect if the destination's server field does not match an existing cluster
-
 		matchingCluster := false
-		for _, cluster := range clusterList.Items {
-			// Server fields must match. Note that ValidateDestination ensures that the server field is set, if applicable.
-			if app.Spec.Destination.Server != cluster.Server {
+		for _, cluster := range clusterList {
+			if destCluster.Server != cluster.Server {
 				continue
 			}

-			// The name must match, if it is not empty
-			if app.Spec.Destination.Name != "" && cluster.Name != app.Spec.Destination.Name {
+			if destCluster.Name != cluster.Name {
 				continue
 			}

@@ -829,7 +826,6 @@ func (r *ApplicationSetReconciler) removeFinalizerOnInvalidDestination(ctx conte
 			if err := r.Client.Patch(ctx, updated, patch); err != nil {
 				return fmt.Errorf("error updating finalizers: %w", err)
 			}
-			r.updateCache(ctx, updated, appLog)
 			// Application must have updated list of finalizers
 			updated.DeepCopyInto(app)

@@ -859,12 +855,9 @@ func (r *ApplicationSetReconciler) removeOwnerReferencesOnDeleteAppSet(ctx conte
 }

 func (r *ApplicationSetReconciler) performProgressiveSyncs(ctx context.Context, logCtx *log.Entry, appset argov1alpha1.ApplicationSet, applications []argov1alpha1.Application, desiredApplications []argov1alpha1.Application, appMap map[string]argov1alpha1.Application) (map[string]bool, error) {
-	appDependencyList, appStepMap, err := r.buildAppDependencyList(logCtx, appset, desiredApplications)
-	if err != nil {
-		return nil, fmt.Errorf("failed to build app dependency list: %w", err)
-	}
+	appDependencyList, appStepMap := r.buildAppDependencyList(logCtx, appset, desiredApplications)

-	_, err = r.updateApplicationSetApplicationStatus(ctx, logCtx, &appset, applications, appStepMap)
+	_, err := r.updateApplicationSetApplicationStatus(ctx, logCtx, &appset, applications, appStepMap)
 	if err != nil {
 		return nil, fmt.Errorf("failed to update applicationset app status: %w", err)
 	}
@@ -874,34 +867,27 @@ func (r *ApplicationSetReconciler) performProgressiveSyncs(ctx context.Context,
 		logCtx.Infof("step %v: %+v", i+1, step)
 	}

-	appSyncMap, err := r.buildAppSyncMap(ctx, appset, appDependencyList, appMap)
-	if err != nil {
-		return nil, fmt.Errorf("failed to build app sync map: %w", err)
-	}
-
+	appSyncMap := r.buildAppSyncMap(appset, appDependencyList, appMap)
 	logCtx.Infof("Application allowed to sync before maxUpdate?: %+v", appSyncMap)

-	_, err = r.updateApplicationSetApplicationStatusProgress(ctx, logCtx, &appset, appSyncMap, appStepMap, appMap)
+	_, err = r.updateApplicationSetApplicationStatusProgress(ctx, logCtx, &appset, appSyncMap, appStepMap)
 	if err != nil {
 		return nil, fmt.Errorf("failed to update applicationset application status progress: %w", err)
 	}

-	_, err = r.updateApplicationSetApplicationStatusConditions(ctx, &appset)
-	if err != nil {
-		return nil, fmt.Errorf("failed to update applicationset application status conditions: %w", err)
-	}
+	_ = r.updateApplicationSetApplicationStatusConditions(ctx, &appset)

 	return appSyncMap, nil
 }

 // this list tracks which Applications belong to each RollingUpdate step
-func (r *ApplicationSetReconciler) buildAppDependencyList(logCtx *log.Entry, applicationSet argov1alpha1.ApplicationSet, applications []argov1alpha1.Application) ([][]string, map[string]int, error) {
+func (r *ApplicationSetReconciler) buildAppDependencyList(logCtx *log.Entry, applicationSet argov1alpha1.ApplicationSet, applications []argov1alpha1.Application) ([][]string, map[string]int) {
 	if applicationSet.Spec.Strategy == nil || applicationSet.Spec.Strategy.Type == "" || applicationSet.Spec.Strategy.Type == "AllAtOnce" {
-		return [][]string{}, map[string]int{}, nil
+		return [][]string{}, map[string]int{}
 	}

 	steps := []argov1alpha1.ApplicationSetRolloutStep{}
-	if progressiveSyncsStrategyEnabled(&applicationSet, "RollingSync") {
+	if progressiveSyncsRollingSyncStrategyEnabled(&applicationSet) {
 		steps = applicationSet.Spec.Strategy.RollingSync.Steps
 	}

@@ -942,7 +928,7 @@ func (r *ApplicationSetReconciler) buildAppDependencyList(logCtx *log.Entry, app
 		}
 	}

-	return appDependencyList, appStepMap, nil
+	return appDependencyList, appStepMap
 }

 func labelMatchedExpression(logCtx *log.Entry, val string, matchExpression argov1alpha1.ApplicationMatchExpression) bool {
@@ -966,7 +952,7 @@ func labelMatchedExpression(logCtx *log.Entry, val string, matchExpression argov
 }

 // this map is used to determine which stage of Applications are ready to be updated in the reconciler loop
-func (r *ApplicationSetReconciler) buildAppSyncMap(ctx context.Context, applicationSet argov1alpha1.ApplicationSet, appDependencyList [][]string, appMap map[string]argov1alpha1.Application) (map[string]bool, error) {
+func (r *ApplicationSetReconciler) buildAppSyncMap(applicationSet argov1alpha1.ApplicationSet, appDependencyList [][]string, appMap map[string]argov1alpha1.Application) map[string]bool {
 	appSyncMap := map[string]bool{}
 	syncEnabled := true

@@ -989,25 +975,24 @@ func (r *ApplicationSetReconciler) buildAppSyncMap(ctx context.Context, applicat
 			}

 			appStatus := applicationSet.Status.ApplicationStatus[idx]
-
-			if app, ok := appMap[appName]; ok {
-				syncEnabled = appSyncEnabledForNextStep(&applicationSet, app, appStatus)
-				if !syncEnabled {
-					break
-				}
-			} else {
+			app, ok := appMap[appName]
+			if !ok {
 				// application name not found in the list of applications managed by this ApplicationSet, maybe because it's being deleted
 				syncEnabled = false
 				break
 			}
+			syncEnabled = appSyncEnabledForNextStep(&applicationSet, app, appStatus)
+			if !syncEnabled {
+				break
+			}
 		}
 	}

-	return appSyncMap, nil
+	return appSyncMap
 }

 func appSyncEnabledForNextStep(appset *argov1alpha1.ApplicationSet, app argov1alpha1.Application, appStatus argov1alpha1.ApplicationSetApplicationStatus) bool {
-	if progressiveSyncsStrategyEnabled(appset, "RollingSync") {
+	if progressiveSyncsRollingSyncStrategyEnabled(appset) {
 		// we still need to complete the current step if the Application is not yet Healthy or there are still pending Application changes
 		return isApplicationHealthy(app) && appStatus.Status == "Healthy"
 	}
@@ -1015,16 +1000,8 @@ func appSyncEnabledForNextStep(appset *argov1alpha1.ApplicationSet, app argov1al
 	return true
 }

-func progressiveSyncsStrategyEnabled(appset *argov1alpha1.ApplicationSet, strategyType string) bool {
-	if appset.Spec.Strategy == nil || appset.Spec.Strategy.Type != strategyType {
-		return false
-	}
-
-	if strategyType == "RollingSync" && appset.Spec.Strategy.RollingSync == nil {
-		return false
-	}
-
-	return true
+func progressiveSyncsRollingSyncStrategyEnabled(appset *argov1alpha1.ApplicationSet) bool {
+	return appset.Spec.Strategy != nil && appset.Spec.Strategy.RollingSync != nil && appset.Spec.Strategy.Type == "RollingSync" && len(appset.Spec.Strategy.RollingSync.Steps) > 0
 }

 func isApplicationHealthy(app argov1alpha1.Application) bool {
@@ -1047,6 +1024,16 @@ func statusStrings(app argov1alpha1.Application) (string, string, string) {
 	return healthStatusString, syncStatusString, operationPhaseString
 }

+func getAppStep(appName string, appStepMap map[string]int) int {
+	// if an application is not selected by any match expression, it defaults to step -1
+	step := -1
+	if appStep, ok := appStepMap[appName]; ok {
+		// 1-based indexing
+		step = appStep + 1
+	}
+	return step
+}
+
 // check the status of each Application's status and promote Applications to the next status if needed
 func (r *ApplicationSetReconciler) updateApplicationSetApplicationStatus(ctx context.Context, logCtx *log.Entry, applicationSet *argov1alpha1.ApplicationSet, applications []argov1alpha1.Application, appStepMap map[string]int) ([]argov1alpha1.ApplicationSetApplicationStatus, error) {
 	now := metav1.Now()
@@ -1066,23 +1053,24 @@ func (r *ApplicationSetReconciler) updateApplicationSetApplicationStatus(ctx con
 				LastTransitionTime: &now,
 				Message:            "No Application status found, defaulting status to Waiting.",
 				Status:             "Waiting",
-				Step:               fmt.Sprint(appStepMap[app.Name] + 1),
-				TargetRevisions:    app.Status.GetRevisions(),
+				Step:               strconv.Itoa(getAppStep(app.Name, appStepMap)),
 			}
 		} else {
 			// we have an existing AppStatus
 			currentAppStatus = applicationSet.Status.ApplicationStatus[idx]
-
-			// upgrade any existing AppStatus that might have been set by an older argo-cd version
-			// note: currentAppStatus.TargetRevisions may be set to empty list earlier during migrations,
-			// to prevent other usage of r.Client.Status().Update to fail before reaching here.
-			if currentAppStatus.TargetRevisions == nil || len(currentAppStatus.TargetRevisions) == 0 {
-				currentAppStatus.TargetRevisions = app.Status.GetRevisions()
+			if !reflect.DeepEqual(currentAppStatus.TargetRevisions, app.Status.GetRevisions()) {
+				currentAppStatus.Message = "Application has pending changes, setting status to Waiting."
 			}
 		}
+		if !reflect.DeepEqual(currentAppStatus.TargetRevisions, app.Status.GetRevisions()) {
+			currentAppStatus.TargetRevisions = app.Status.GetRevisions()
+			currentAppStatus.Status = "Waiting"
+			currentAppStatus.LastTransitionTime = &now
+			currentAppStatus.Step = strconv.Itoa(getAppStep(currentAppStatus.Application, appStepMap))
+		}

 		appOutdated := false
-		if progressiveSyncsStrategyEnabled(applicationSet, "RollingSync") {
+		if progressiveSyncsRollingSyncStrategyEnabled(applicationSet) {
 			appOutdated = syncStatusString == "OutOfSync"
 		}

@@ -1091,32 +1079,22 @@ func (r *ApplicationSetReconciler) updateApplicationSetApplicationStatus(ctx con
 			currentAppStatus.LastTransitionTime = &now
 			currentAppStatus.Status = "Waiting"
 			currentAppStatus.Message = "Application has pending changes, setting status to Waiting."
-			currentAppStatus.Step = fmt.Sprint(appStepMap[currentAppStatus.Application] + 1)
-			currentAppStatus.TargetRevisions = app.Status.GetRevisions()
+			currentAppStatus.Step = strconv.Itoa(getAppStep(currentAppStatus.Application, appStepMap))
 		}

 		if currentAppStatus.Status == "Pending" {
-			if operationPhaseString == "Succeeded" {
-				revisions := []string{}
-				if len(app.Status.OperationState.SyncResult.Revisions) > 0 {
-					revisions = app.Status.OperationState.SyncResult.Revisions
-				} else if app.Status.OperationState.SyncResult.Revision != "" {
-					revisions = append(revisions, app.Status.OperationState.SyncResult.Revision)
-				}
-
-				if reflect.DeepEqual(currentAppStatus.TargetRevisions, revisions) {
-					logCtx.Infof("Application %v has completed a sync successfully, updating its ApplicationSet status to Progressing", app.Name)
-					currentAppStatus.LastTransitionTime = &now
-					currentAppStatus.Status = "Progressing"
-					currentAppStatus.Message = "Application resource completed a sync successfully, updating status from Pending to Progressing."
-					currentAppStatus.Step = fmt.Sprint(appStepMap[currentAppStatus.Application] + 1)
-				}
+			if !appOutdated && operationPhaseString == "Succeeded" {
+				logCtx.Infof("Application %v has completed a sync successfully, updating its ApplicationSet status to Progressing", app.Name)
+				currentAppStatus.LastTransitionTime = &now
+				currentAppStatus.Status = "Progressing"
+				currentAppStatus.Message = "Application resource completed a sync successfully, updating status from Pending to Progressing."
+				currentAppStatus.Step = strconv.Itoa(getAppStep(currentAppStatus.Application, appStepMap))
 			} else if operationPhaseString == "Running" || healthStatusString == "Progressing" {
 				logCtx.Infof("Application %v has entered Progressing status, updating its ApplicationSet status to Progressing", app.Name)
 				currentAppStatus.LastTransitionTime = &now
 				currentAppStatus.Status = "Progressing"
 				currentAppStatus.Message = "Application resource became Progressing, updating status from Pending to Progressing."
-				currentAppStatus.Step = fmt.Sprint(appStepMap[currentAppStatus.Application] + 1)
+				currentAppStatus.Step = strconv.Itoa(getAppStep(currentAppStatus.Application, appStepMap))
 			}
 		}

@@ -1125,7 +1103,7 @@ func (r *ApplicationSetReconciler) updateApplicationSetApplicationStatus(ctx con
 			currentAppStatus.LastTransitionTime = &now
 			currentAppStatus.Status = healthStatusString
 			currentAppStatus.Message = "Application resource is already Healthy, updating status from Waiting to Healthy."
-			currentAppStatus.Step = fmt.Sprint(appStepMap[currentAppStatus.Application] + 1)
+			currentAppStatus.Step = strconv.Itoa(getAppStep(currentAppStatus.Application, appStepMap))
 		}

 		if currentAppStatus.Status == "Progressing" && isApplicationHealthy(app) {
@@ -1133,7 +1111,7 @@ func (r *ApplicationSetReconciler) updateApplicationSetApplicationStatus(ctx con
 			currentAppStatus.LastTransitionTime = &now
 			currentAppStatus.Status = healthStatusString
 			currentAppStatus.Message = "Application resource became Healthy, updating status from Progressing to Healthy."
-			currentAppStatus.Step = fmt.Sprint(appStepMap[currentAppStatus.Application] + 1)
+			currentAppStatus.Step = strconv.Itoa(getAppStep(currentAppStatus.Application, appStepMap))
 		}

 		appStatuses = append(appStatuses, currentAppStatus)
@@ -1148,20 +1126,18 @@ func (r *ApplicationSetReconciler) updateApplicationSetApplicationStatus(ctx con
 }

 // check Applications that are in Waiting status and promote them to Pending if needed
-func (r *ApplicationSetReconciler) updateApplicationSetApplicationStatusProgress(ctx context.Context, logCtx *log.Entry, applicationSet *argov1alpha1.ApplicationSet, appSyncMap map[string]bool, appStepMap map[string]int, appMap map[string]argov1alpha1.Application) ([]argov1alpha1.ApplicationSetApplicationStatus, error) {
+func (r *ApplicationSetReconciler) updateApplicationSetApplicationStatusProgress(ctx context.Context, logCtx *log.Entry, applicationSet *argov1alpha1.ApplicationSet, appSyncMap map[string]bool, appStepMap map[string]int) ([]argov1alpha1.ApplicationSetApplicationStatus, error) {
 	now := metav1.Now()

 	appStatuses := make([]argov1alpha1.ApplicationSetApplicationStatus, 0, len(applicationSet.Status.ApplicationStatus))

 	// if we have no RollingUpdate steps, clear out the existing ApplicationStatus entries
-	if applicationSet.Spec.Strategy != nil && applicationSet.Spec.Strategy.Type != "" && applicationSet.Spec.Strategy.Type != "AllAtOnce" {
+	if progressiveSyncsRollingSyncStrategyEnabled(applicationSet) {
 		updateCountMap := []int{}
 		totalCountMap := []int{}

-		length := 0
-		if progressiveSyncsStrategyEnabled(applicationSet, "RollingSync") {
-			length = len(applicationSet.Spec.Strategy.RollingSync.Steps)
-		}
+		length := len(applicationSet.Spec.Strategy.RollingSync.Steps)
+
 		for s := 0; s < length; s++ {
 			updateCountMap = append(updateCountMap, 0)
 			totalCountMap = append(totalCountMap, 0)
@@ -1169,19 +1145,17 @@ func (r *ApplicationSetReconciler) updateApplicationSetApplicationStatusProgress

 		// populate updateCountMap with counts of existing Pending and Progressing Applications
 		for _, appStatus := range applicationSet.Status.ApplicationStatus {
-			totalCountMap[appStepMap[appStatus.Application]] += 1
+			totalCountMap[appStepMap[appStatus.Application]]++

-			if progressiveSyncsStrategyEnabled(applicationSet, "RollingSync") {
-				if appStatus.Status == "Pending" || appStatus.Status == "Progressing" {
-					updateCountMap[appStepMap[appStatus.Application]] += 1
-				}
+			if appStatus.Status == "Pending" || appStatus.Status == "Progressing" {
+				updateCountMap[appStepMap[appStatus.Application]]++
 			}
 		}

 		for _, appStatus := range applicationSet.Status.ApplicationStatus {
 			maxUpdateAllowed := true
 			maxUpdate := &intstr.IntOrString{}
-			if progressiveSyncsStrategyEnabled(applicationSet, "RollingSync") {
+			if progressiveSyncsRollingSyncStrategyEnabled(applicationSet) {
 				maxUpdate = applicationSet.Spec.Strategy.RollingSync.Steps[appStepMap[appStatus.Application]].MaxUpdate
 			}

@@ -1199,7 +1173,7 @@ func (r *ApplicationSetReconciler) updateApplicationSetApplicationStatusProgress

 				if updateCountMap[appStepMap[appStatus.Application]] >= maxUpdateVal {
 					maxUpdateAllowed = false
-					logCtx.Infof("Application %v is not allowed to update yet, %v/%v Applications already updating in step %v in AppSet %v", appStatus.Application, updateCountMap[appStepMap[appStatus.Application]], maxUpdateVal, appStepMap[appStatus.Application]+1, applicationSet.Name)
+					logCtx.Infof("Application %v is not allowed to update yet, %v/%v Applications already updating in step %v in AppSet %v", appStatus.Application, updateCountMap[appStepMap[appStatus.Application]], maxUpdateVal, getAppStep(appStatus.Application, appStepMap), applicationSet.Name)
 				}
 			}

@@ -1208,9 +1182,9 @@ func (r *ApplicationSetReconciler) updateApplicationSetApplicationStatusProgress
 				appStatus.LastTransitionTime = &now
 				appStatus.Status = "Pending"
 				appStatus.Message = "Application moved to Pending status, watching for the Application resource to start Progressing."
-				appStatus.Step = fmt.Sprint(appStepMap[appStatus.Application] + 1)
+				appStatus.Step = strconv.Itoa(getAppStep(appStatus.Application, appStepMap))

-				updateCountMap[appStepMap[appStatus.Application]] += 1
+				updateCountMap[appStepMap[appStatus.Application]]++
 			}

 			appStatuses = append(appStatuses, appStatus)
@@ -1225,7 +1199,7 @@ func (r *ApplicationSetReconciler) updateApplicationSetApplicationStatusProgress
 	return appStatuses, nil
 }

-func (r *ApplicationSetReconciler) updateApplicationSetApplicationStatusConditions(ctx context.Context, applicationSet *argov1alpha1.ApplicationSet) ([]argov1alpha1.ApplicationSetCondition, error) {
+func (r *ApplicationSetReconciler) updateApplicationSetApplicationStatusConditions(ctx context.Context, applicationSet *argov1alpha1.ApplicationSet) []argov1alpha1.ApplicationSetCondition {
 	appSetProgressing := false
 	for _, appStatus := range applicationSet.Status.ApplicationStatus {
 		if appStatus.Status != "Healthy" {
@@ -1250,7 +1224,7 @@ func (r *ApplicationSetReconciler) updateApplicationSetApplicationStatusConditio
 				Message: "ApplicationSet Rollout Rollout started",
 				Reason:  argov1alpha1.ApplicationSetReasonApplicationSetModified,
 				Status:  argov1alpha1.ApplicationSetConditionStatusTrue,
-			}, false,
+			}, true,
 		)
 	} else if !appSetProgressing && appSetConditionProgressing {
 		_ = r.setApplicationSetStatusCondition(ctx,
@@ -1260,11 +1234,11 @@ func (r *ApplicationSetReconciler) updateApplicationSetApplicationStatusConditio
 				Message: "ApplicationSet Rollout Rollout complete",
 				Reason:  argov1alpha1.ApplicationSetReasonApplicationSetRolloutComplete,
 				Status:  argov1alpha1.ApplicationSetConditionStatusFalse,
-			}, false,
+			}, true,
 		)
 	}

-	return applicationSet.Status.Conditions, nil
+	return applicationSet.Status.Conditions
 }

 func findApplicationStatusIndex(appStatuses []argov1alpha1.ApplicationSetApplicationStatus, application string) int {
@@ -1290,8 +1264,29 @@ func (r *ApplicationSetReconciler) migrateStatus(ctx context.Context, appset *ar
 	}

 	if update {
-		if err := r.Client.Status().Update(ctx, appset); err != nil {
-			return fmt.Errorf("unable to set application set status: %w", err)
+		// DefaultRetry will retry 5 times with a backoff factor of 1, jitter of 0.1 and a duration of 10ms
+		err := retry.RetryOnConflict(retry.DefaultRetry, func() error {
+			namespacedName := types.NamespacedName{Namespace: appset.Namespace, Name: appset.Name}
+			updatedAppset := &argov1alpha1.ApplicationSet{}
+			if err := r.Get(ctx, namespacedName, updatedAppset); err != nil {
+				if client.IgnoreNotFound(err) != nil {
+					return nil
+				}
+				return fmt.Errorf("error fetching updated application set: %w", err)
+			}
+
+			updatedAppset.Status.ApplicationStatus = appset.Status.ApplicationStatus
+
+			// Update the newly fetched object with new set of ApplicationStatus
+			err := r.Client.Status().Update(ctx, updatedAppset)
+			if err != nil {
+				return err
+			}
+			updatedAppset.DeepCopyInto(appset)
+			return nil
+		})
+		if err != nil && !apierrors.IsNotFound(err) {
+			return fmt.Errorf("unable to set application set condition: %w", err)
 		}
 	}
 	return nil
@@ -1305,22 +1300,35 @@ func (r *ApplicationSetReconciler) updateResourcesStatus(ctx context.Context, lo
 	for _, status := range statusMap {
 		statuses = append(statuses, status)
 	}
+	sort.Slice(statuses, func(i, j int) bool {
+		return statuses[i].Name < statuses[j].Name
+	})
 	appset.Status.Resources = statuses
+	// DefaultRetry will retry 5 times with a backoff factor of 1, jitter of 0.1 and a duration of 10ms
+	err := retry.RetryOnConflict(retry.DefaultRetry, func() error {
+		namespacedName := types.NamespacedName{Namespace: appset.Namespace, Name: appset.Name}
+		updatedAppset := &argov1alpha1.ApplicationSet{}
+		if err := r.Get(ctx, namespacedName, updatedAppset); err != nil {
+			if client.IgnoreNotFound(err) != nil {
+				return nil
+			}
+			return fmt.Errorf("error fetching updated application set: %w", err)
+		}

-	namespacedName := types.NamespacedName{Namespace: appset.Namespace, Name: appset.Name}
-	err := r.Client.Status().Update(ctx, appset)
+		updatedAppset.Status.Resources = appset.Status.Resources
+
+		// Update the newly fetched object with new status resources
+		err := r.Client.Status().Update(ctx, updatedAppset)
+		if err != nil {
+			return err
+		}
+		updatedAppset.DeepCopyInto(appset)
+		return nil
+	})
 	if err != nil {
 		logCtx.Errorf("unable to set application set status: %v", err)
 		return fmt.Errorf("unable to set application set status: %w", err)
 	}
-
-	if err := r.Get(ctx, namespacedName, appset); err != nil {
-		if client.IgnoreNotFound(err) != nil {
-			return nil
-		}
-		return fmt.Errorf("error fetching updated application set: %w", err)
-	}
-
 	return nil
 }

@@ -1355,26 +1363,36 @@ func (r *ApplicationSetReconciler) setAppSetApplicationStatus(ctx context.Contex
 		for i := range applicationStatuses {
 			applicationSet.Status.SetApplicationStatus(applicationStatuses[i])
 		}
+		// DefaultRetry will retry 5 times with a backoff factor of 1, jitter of 0.1 and a duration of 10ms
+		err := retry.RetryOnConflict(retry.DefaultRetry, func() error {
+			updatedAppset := &argov1alpha1.ApplicationSet{}
+			if err := r.Get(ctx, namespacedName, updatedAppset); err != nil {
+				if client.IgnoreNotFound(err) != nil {
+					return nil
+				}
+				return fmt.Errorf("error fetching updated application set: %w", err)
+			}

-		// Update the newly fetched object with new set of ApplicationStatus
-		err := r.Client.Status().Update(ctx, applicationSet)
+			updatedAppset.Status.ApplicationStatus = applicationSet.Status.ApplicationStatus
+
+			// Update the newly fetched object with new set of ApplicationStatus
+			err := r.Client.Status().Update(ctx, updatedAppset)
+			if err != nil {
+				return err
+			}
+			updatedAppset.DeepCopyInto(applicationSet)
+			return nil
+		})
 		if err != nil {
 			logCtx.Errorf("unable to set application set status: %v", err)
 			return fmt.Errorf("unable to set application set status: %w", err)
 		}
-
-		if err := r.Get(ctx, namespacedName, applicationSet); err != nil {
-			if client.IgnoreNotFound(err) != nil {
-				return nil
-			}
-			return fmt.Errorf("error fetching updated application set: %w", err)
-		}
 	}

 	return nil
 }

-func (r *ApplicationSetReconciler) syncValidApplications(logCtx *log.Entry, applicationSet *argov1alpha1.ApplicationSet, appSyncMap map[string]bool, appMap map[string]argov1alpha1.Application, validApps []argov1alpha1.Application) ([]argov1alpha1.Application, error) {
+func (r *ApplicationSetReconciler) syncValidApplications(logCtx *log.Entry, applicationSet *argov1alpha1.ApplicationSet, appSyncMap map[string]bool, appMap map[string]argov1alpha1.Application, validApps []argov1alpha1.Application) []argov1alpha1.Application {
 	rolloutApps := []argov1alpha1.Application{}
 	for i := range validApps {
 		pruneEnabled := false
@@ -1395,15 +1413,15 @@ func (r *ApplicationSetReconciler) syncValidApplications(logCtx *log.Entry, appl
 		// check appSyncMap to determine which Applications are ready to be updated and which should be skipped
 		if appSyncMap[validApps[i].Name] && appMap[validApps[i].Name].Status.Sync.Status == "OutOfSync" && appSetStatusPending {
 			logCtx.Infof("triggering sync for application: %v, prune enabled: %v", validApps[i].Name, pruneEnabled)
-			validApps[i], _ = syncApplication(validApps[i], pruneEnabled)
+			validApps[i] = syncApplication(validApps[i], pruneEnabled)
 		}
 		rolloutApps = append(rolloutApps, validApps[i])
 	}
-	return rolloutApps, nil
+	return rolloutApps
 }

 // used by the RollingSync Progressive Sync strategy to trigger a sync of a particular Application resource
-func syncApplication(application argov1alpha1.Application, prune bool) (argov1alpha1.Application, error) {
+func syncApplication(application argov1alpha1.Application, prune bool) argov1alpha1.Application {
 	operation := argov1alpha1.Operation{
 		InitiatedBy: argov1alpha1.OperationInitiator{
 			Username:  "applicationset-controller",
@@ -1429,10 +1447,10 @@ func syncApplication(application argov1alpha1.Application, prune bool) (argov1al
 	}
 	application.Operation = &operation

-	return application, nil
+	return application
 }

-func getOwnsHandlerPredicates(enableProgressiveSyncs bool) predicate.Funcs {
+func getApplicationOwnsHandler(enableProgressiveSyncs bool) predicate.Funcs {
 	return predicate.Funcs{
 		CreateFunc: func(e event.CreateEvent) bool {
 			// if we are the owner and there is a create event, we most likely created it and do not need to
@@ -1469,8 +1487,8 @@ func getOwnsHandlerPredicates(enableProgressiveSyncs bool) predicate.Funcs {
 			if !isApp {
 				return false
 			}
-			requeue := shouldRequeueApplicationSet(appOld, appNew, enableProgressiveSyncs)
-			logCtx.WithField("requeue", requeue).Debugf("requeue: %t caused by application %s\n", requeue, appNew.Name)
+			requeue := shouldRequeueForApplication(appOld, appNew, enableProgressiveSyncs)
+			logCtx.WithField("requeue", requeue).Debugf("requeue caused by application %s", appNew.Name)
 			return requeue
 		},
 		GenericFunc: func(e event.GenericEvent) bool {
@@ -1487,13 +1505,13 @@ func getOwnsHandlerPredicates(enableProgressiveSyncs bool) predicate.Funcs {
 	}
 }

-// shouldRequeueApplicationSet determines when we want to requeue an ApplicationSet for reconciling based on an owned
+// shouldRequeueForApplication determines when we want to requeue an ApplicationSet for reconciling based on an owned
 // application change
 // The applicationset controller owns a subset of the Application CR.
 // We do not need to re-reconcile if parts of the application change outside the applicationset's control.
 // An example being, Application.ApplicationStatus.ReconciledAt which gets updated by the application controller.
 // Additionally, Application.ObjectMeta.ResourceVersion and Application.ObjectMeta.Generation which are set by K8s.
-func shouldRequeueApplicationSet(appOld *argov1alpha1.Application, appNew *argov1alpha1.Application, enableProgressiveSyncs bool) bool {
+func shouldRequeueForApplication(appOld *argov1alpha1.Application, appNew *argov1alpha1.Application, enableProgressiveSyncs bool) bool {
 	if appOld == nil || appNew == nil {
 		return false
 	}
@@ -1526,4 +1544,81 @@ func shouldRequeueApplicationSet(appOld *argov1alpha1.Application, appNew *argov
 	return false
 }

+func getApplicationSetOwnsHandler() predicate.Funcs {
+	return predicate.Funcs{
+		CreateFunc: func(e event.CreateEvent) bool {
+			appSet, isApp := e.Object.(*argov1alpha1.ApplicationSet)
+			if !isApp {
+				return false
+			}
+			log.WithField("applicationset", appSet.QualifiedName()).Debugln("received create event")
+			// Always queue a new applicationset
+			return true
+		},
+		DeleteFunc: func(e event.DeleteEvent) bool {
+			appSet, isApp := e.Object.(*argov1alpha1.ApplicationSet)
+			if !isApp {
+				return false
+			}
+			log.WithField("applicationset", appSet.QualifiedName()).Debugln("received delete event")
+			// Always queue for the deletion of an applicationset
+			return true
+		},
+		UpdateFunc: func(e event.UpdateEvent) bool {
+			appSetOld, isAppSet := e.ObjectOld.(*argov1alpha1.ApplicationSet)
+			if !isAppSet {
+				return false
+			}
+			appSetNew, isAppSet := e.ObjectNew.(*argov1alpha1.ApplicationSet)
+			if !isAppSet {
+				return false
+			}
+			requeue := shouldRequeueForApplicationSet(appSetOld, appSetNew)
+			log.WithField("applicationset", appSetNew.QualifiedName()).
+				WithField("requeue", requeue).Debugln("received update event")
+			return requeue
+		},
+		GenericFunc: func(e event.GenericEvent) bool {
+			appSet, isApp := e.Object.(*argov1alpha1.ApplicationSet)
+			if !isApp {
+				return false
+			}
+			log.WithField("applicationset", appSet.QualifiedName()).Debugln("received generic event")
+			// Always queue for the generic of an applicationset
+			return true
+		},
+	}
+}
+
+// shouldRequeueForApplicationSet determines when we need to requeue an applicationset
+func shouldRequeueForApplicationSet(appSetOld, appSetNew *argov1alpha1.ApplicationSet) bool {
+	if appSetOld == nil || appSetNew == nil {
+		return false
+	}
+	// only compare the applicationset spec, annotations, labels and finalizers, specifically avoiding
+	// the status field. status is owned by the applicationset controller,
+	// and we do not need to requeue when it does bookkeeping
+	// NB: the ApplicationDestination comes from the ApplicationSpec being embedded
+	// in the ApplicationSetTemplate from the generators
+	if !cmp.Equal(appSetOld.Spec, appSetNew.Spec, cmpopts.EquateEmpty(), cmpopts.EquateComparable(argov1alpha1.ApplicationDestination{})) ||
+		!cmp.Equal(appSetOld.ObjectMeta.GetLabels(), appSetNew.ObjectMeta.GetLabels(), cmpopts.EquateEmpty()) ||
+		!cmp.Equal(appSetOld.ObjectMeta.GetFinalizers(), appSetNew.ObjectMeta.GetFinalizers(), cmpopts.EquateEmpty()) {
+		return true
+	}
+
+	// Requeue only when the refresh annotation is newly added to the ApplicationSet.
+	// Changes to other annotations made simultaneously might be missed, but such cases are rare.
+	if !cmp.Equal(appSetOld.ObjectMeta.GetAnnotations(), appSetNew.ObjectMeta.GetAnnotations(), cmpopts.EquateEmpty()) {
+		_, oldHasRefreshAnnotation := appSetOld.Annotations[common.AnnotationApplicationSetRefresh]
+		_, newHasRefreshAnnotation := appSetNew.Annotations[common.AnnotationApplicationSetRefresh]
+
+		if oldHasRefreshAnnotation && !newHasRefreshAnnotation {
+			return false
+		}
+		return true
+	}
+
+	return false
+}
+
 var _ handler.EventHandler = &clusterSecretEventHandler{}
--- a/applicationset/controllers/applicationset_controller_test.go
+++ b/applicationset/controllers/applicationset_controller_test.go
--- a/applicationset/controllers/clustereventhandler.go
+++ b/applicationset/controllers/clustereventhandler.go
@@ -4,6 +4,8 @@ import (
 	"context"
 	"fmt"

+	"sigs.k8s.io/controller-runtime/pkg/reconcile"
+
 	log "github.com/sirupsen/logrus"

 	"k8s.io/apimachinery/pkg/types"
@@ -12,8 +14,8 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/event"

-	"github.com/argoproj/argo-cd/v2/applicationset/generators"
-	argoprojiov1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
+	"github.com/argoproj/argo-cd/v3/common"
+	argoprojiov1alpha1 "github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1"
 )

 // clusterSecretEventHandler is used when watching Secrets to check if they are ArgoCD Cluster Secrets, and if so
@@ -24,31 +26,31 @@ type clusterSecretEventHandler struct {
 	Client client.Client
 }

-func (h *clusterSecretEventHandler) Create(ctx context.Context, e event.CreateEvent, q workqueue.RateLimitingInterface) {
+func (h *clusterSecretEventHandler) Create(ctx context.Context, e event.CreateEvent, q workqueue.TypedRateLimitingInterface[reconcile.Request]) {
 	h.queueRelatedAppGenerators(ctx, q, e.Object)
 }

-func (h *clusterSecretEventHandler) Update(ctx context.Context, e event.UpdateEvent, q workqueue.RateLimitingInterface) {
+func (h *clusterSecretEventHandler) Update(ctx context.Context, e event.UpdateEvent, q workqueue.TypedRateLimitingInterface[reconcile.Request]) {
 	h.queueRelatedAppGenerators(ctx, q, e.ObjectNew)
 }

-func (h *clusterSecretEventHandler) Delete(ctx context.Context, e event.DeleteEvent, q workqueue.RateLimitingInterface) {
+func (h *clusterSecretEventHandler) Delete(ctx context.Context, e event.DeleteEvent, q workqueue.TypedRateLimitingInterface[reconcile.Request]) {
 	h.queueRelatedAppGenerators(ctx, q, e.Object)
 }

-func (h *clusterSecretEventHandler) Generic(ctx context.Context, e event.GenericEvent, q workqueue.RateLimitingInterface) {
+func (h *clusterSecretEventHandler) Generic(ctx context.Context, e event.GenericEvent, q workqueue.TypedRateLimitingInterface[reconcile.Request]) {
 	h.queueRelatedAppGenerators(ctx, q, e.Object)
 }

 // addRateLimitingInterface defines the Add method of workqueue.RateLimitingInterface, allow us to easily mock
 // it for testing purposes.
-type addRateLimitingInterface interface {
-	Add(item interface{})
+type addRateLimitingInterface[T comparable] interface {
+	Add(item T)
 }

-func (h *clusterSecretEventHandler) queueRelatedAppGenerators(ctx context.Context, q addRateLimitingInterface, object client.Object) {
+func (h *clusterSecretEventHandler) queueRelatedAppGenerators(ctx context.Context, q addRateLimitingInterface[reconcile.Request], object client.Object) {
 	// Check for label, lookup all ApplicationSets that might match the cluster, queue them all
-	if object.GetLabels()[generators.ArgoCDSecretTypeLabel] != generators.ArgoCDSecretTypeCluster {
+	if object.GetLabels()[common.LabelKeySecretType] != common.LabelValueSecretTypeCluster {
 		return
 	}

--- a/applicationset/controllers/clustereventhandler_test.go
+++ b/applicationset/controllers/clustereventhandler_test.go
@@ -1,23 +1,23 @@
 package controllers

 import (
-	"context"
 	"testing"

+	argocommon "github.com/argoproj/argo-cd/v3/common"
+
 	log "github.com/sirupsen/logrus"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	corev1 "k8s.io/api/core/v1"
 	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
-	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/types"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client/fake"
 	"sigs.k8s.io/controller-runtime/pkg/reconcile"

-	"github.com/argoproj/argo-cd/v2/applicationset/generators"
-	argov1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
+	argov1alpha1 "github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1"
 )

 func TestClusterEventHandler(t *testing.T) {
@@ -38,11 +38,11 @@ func TestClusterEventHandler(t *testing.T) {
 			name:  "no application sets should mean no requests",
 			items: []argov1alpha1.ApplicationSet{},
 			secret: corev1.Secret{
-				ObjectMeta: v1.ObjectMeta{
+				ObjectMeta: metav1.ObjectMeta{
 					Namespace: "argocd",
 					Name:      "my-secret",
 					Labels: map[string]string{
-						generators.ArgoCDSecretTypeLabel: generators.ArgoCDSecretTypeCluster,
+						argocommon.LabelKeySecretType: argocommon.LabelValueSecretTypeCluster,
 					},
 				},
 			},
@@ -52,7 +52,7 @@ func TestClusterEventHandler(t *testing.T) {
 			name: "a cluster generator should produce a request",
 			items: []argov1alpha1.ApplicationSet{
 				{
-					ObjectMeta: v1.ObjectMeta{
+					ObjectMeta: metav1.ObjectMeta{
 						Name:      "my-app-set",
 						Namespace: "argocd",
 					},
@@ -66,11 +66,11 @@ func TestClusterEventHandler(t *testing.T) {
 				},
 			},
 			secret: corev1.Secret{
-				ObjectMeta: v1.ObjectMeta{
+				ObjectMeta: metav1.ObjectMeta{
 					Namespace: "argocd",
 					Name:      "my-secret",
 					Labels: map[string]string{
-						generators.ArgoCDSecretTypeLabel: generators.ArgoCDSecretTypeCluster,
+						argocommon.LabelKeySecretType: argocommon.LabelValueSecretTypeCluster,
 					},
 				},
 			},
@@ -82,7 +82,7 @@ func TestClusterEventHandler(t *testing.T) {
 			name: "multiple cluster generators should produce multiple requests",
 			items: []argov1alpha1.ApplicationSet{
 				{
-					ObjectMeta: v1.ObjectMeta{
+					ObjectMeta: metav1.ObjectMeta{
 						Name:      "my-app-set",
 						Namespace: "argocd",
 					},
@@ -95,7 +95,7 @@ func TestClusterEventHandler(t *testing.T) {
 					},
 				},
 				{
-					ObjectMeta: v1.ObjectMeta{
+					ObjectMeta: metav1.ObjectMeta{
 						Name:      "my-app-set2",
 						Namespace: "argocd",
 					},
@@ -109,11 +109,11 @@ func TestClusterEventHandler(t *testing.T) {
 				},
 			},
 			secret: corev1.Secret{
-				ObjectMeta: v1.ObjectMeta{
+				ObjectMeta: metav1.ObjectMeta{
 					Namespace: "argocd",
 					Name:      "my-secret",
 					Labels: map[string]string{
-						generators.ArgoCDSecretTypeLabel: generators.ArgoCDSecretTypeCluster,
+						argocommon.LabelKeySecretType: argocommon.LabelValueSecretTypeCluster,
 					},
 				},
 			},
@@ -126,7 +126,7 @@ func TestClusterEventHandler(t *testing.T) {
 			name: "non-cluster generator should not match",
 			items: []argov1alpha1.ApplicationSet{
 				{
-					ObjectMeta: v1.ObjectMeta{
+					ObjectMeta: metav1.ObjectMeta{
 						Name:      "my-app-set",
 						Namespace: "another-namespace",
 					},
@@ -139,7 +139,7 @@ func TestClusterEventHandler(t *testing.T) {
 					},
 				},
 				{
-					ObjectMeta: v1.ObjectMeta{
+					ObjectMeta: metav1.ObjectMeta{
 						Name:      "app-set-non-cluster",
 						Namespace: "argocd",
 					},
@@ -153,11 +153,11 @@ func TestClusterEventHandler(t *testing.T) {
 				},
 			},
 			secret: corev1.Secret{
-				ObjectMeta: v1.ObjectMeta{
+				ObjectMeta: metav1.ObjectMeta{
 					Namespace: "argocd",
 					Name:      "my-secret",
 					Labels: map[string]string{
-						generators.ArgoCDSecretTypeLabel: generators.ArgoCDSecretTypeCluster,
+						argocommon.LabelKeySecretType: argocommon.LabelValueSecretTypeCluster,
 					},
 				},
 			},
@@ -169,7 +169,7 @@ func TestClusterEventHandler(t *testing.T) {
 			name: "non-argo cd secret should not match",
 			items: []argov1alpha1.ApplicationSet{
 				{
-					ObjectMeta: v1.ObjectMeta{
+					ObjectMeta: metav1.ObjectMeta{
 						Name:      "my-app-set",
 						Namespace: "another-namespace",
 					},
@@ -183,7 +183,7 @@ func TestClusterEventHandler(t *testing.T) {
 				},
 			},
 			secret: corev1.Secret{
-				ObjectMeta: v1.ObjectMeta{
+				ObjectMeta: metav1.ObjectMeta{
 					Namespace: "argocd",
 					Name:      "my-non-argocd-secret",
 				},
@@ -194,7 +194,7 @@ func TestClusterEventHandler(t *testing.T) {
 			name: "a matrix generator with a cluster generator should produce a request",
 			items: []argov1alpha1.ApplicationSet{
 				{
-					ObjectMeta: v1.ObjectMeta{
+					ObjectMeta: metav1.ObjectMeta{
 						Name:      "my-app-set",
 						Namespace: "argocd",
 					},
@@ -214,11 +214,11 @@ func TestClusterEventHandler(t *testing.T) {
 				},
 			},
 			secret: corev1.Secret{
-				ObjectMeta: v1.ObjectMeta{
+				ObjectMeta: metav1.ObjectMeta{
 					Namespace: "argocd",
 					Name:      "my-secret",
 					Labels: map[string]string{
-						generators.ArgoCDSecretTypeLabel: generators.ArgoCDSecretTypeCluster,
+						argocommon.LabelKeySecretType: argocommon.LabelValueSecretTypeCluster,
 					},
 				},
 			},
@@ -230,7 +230,7 @@ func TestClusterEventHandler(t *testing.T) {
 			name: "a matrix generator with non cluster generator should not match",
 			items: []argov1alpha1.ApplicationSet{
 				{
-					ObjectMeta: v1.ObjectMeta{
+					ObjectMeta: metav1.ObjectMeta{
 						Name:      "my-app-set",
 						Namespace: "argocd",
 					},
@@ -250,11 +250,11 @@ func TestClusterEventHandler(t *testing.T) {
 				},
 			},
 			secret: corev1.Secret{
-				ObjectMeta: v1.ObjectMeta{
+				ObjectMeta: metav1.ObjectMeta{
 					Namespace: "argocd",
 					Name:      "my-secret",
 					Labels: map[string]string{
-						generators.ArgoCDSecretTypeLabel: generators.ArgoCDSecretTypeCluster,
+						argocommon.LabelKeySecretType: argocommon.LabelValueSecretTypeCluster,
 					},
 				},
 			},
@@ -264,7 +264,7 @@ func TestClusterEventHandler(t *testing.T) {
 			name: "a matrix generator with a nested matrix generator containing a cluster generator should produce a request",
 			items: []argov1alpha1.ApplicationSet{
 				{
-					ObjectMeta: v1.ObjectMeta{
+					ObjectMeta: metav1.ObjectMeta{
 						Name:      "my-app-set",
 						Namespace: "argocd",
 					},
@@ -300,11 +300,11 @@ func TestClusterEventHandler(t *testing.T) {
 				},
 			},
 			secret: corev1.Secret{
-				ObjectMeta: v1.ObjectMeta{
+				ObjectMeta: metav1.ObjectMeta{
 					Namespace: "argocd",
 					Name:      "my-secret",
 					Labels: map[string]string{
-						generators.ArgoCDSecretTypeLabel: generators.ArgoCDSecretTypeCluster,
+						argocommon.LabelKeySecretType: argocommon.LabelValueSecretTypeCluster,
 					},
 				},
 			},
@@ -316,7 +316,7 @@ func TestClusterEventHandler(t *testing.T) {
 			name: "a matrix generator with a nested matrix generator containing non cluster generator should not match",
 			items: []argov1alpha1.ApplicationSet{
 				{
-					ObjectMeta: v1.ObjectMeta{
+					ObjectMeta: metav1.ObjectMeta{
 						Name:      "my-app-set",
 						Namespace: "argocd",
 					},
@@ -351,11 +351,11 @@ func TestClusterEventHandler(t *testing.T) {
 				},
 			},
 			secret: corev1.Secret{
-				ObjectMeta: v1.ObjectMeta{
+				ObjectMeta: metav1.ObjectMeta{
 					Namespace: "argocd",
 					Name:      "my-secret",
 					Labels: map[string]string{
-						generators.ArgoCDSecretTypeLabel: generators.ArgoCDSecretTypeCluster,
+						argocommon.LabelKeySecretType: argocommon.LabelValueSecretTypeCluster,
 					},
 				},
 			},
@@ -365,7 +365,7 @@ func TestClusterEventHandler(t *testing.T) {
 			name: "a merge generator with a cluster generator should produce a request",
 			items: []argov1alpha1.ApplicationSet{
 				{
-					ObjectMeta: v1.ObjectMeta{
+					ObjectMeta: metav1.ObjectMeta{
 						Name:      "my-app-set",
 						Namespace: "argocd",
 					},
@@ -385,11 +385,11 @@ func TestClusterEventHandler(t *testing.T) {
 				},
 			},
 			secret: corev1.Secret{
-				ObjectMeta: v1.ObjectMeta{
+				ObjectMeta: metav1.ObjectMeta{
 					Namespace: "argocd",
 					Name:      "my-secret",
 					Labels: map[string]string{
-						generators.ArgoCDSecretTypeLabel: generators.ArgoCDSecretTypeCluster,
+						argocommon.LabelKeySecretType: argocommon.LabelValueSecretTypeCluster,
 					},
 				},
 			},
@@ -401,7 +401,7 @@ func TestClusterEventHandler(t *testing.T) {
 			name: "a matrix generator with non cluster generator should not match",
 			items: []argov1alpha1.ApplicationSet{
 				{
-					ObjectMeta: v1.ObjectMeta{
+					ObjectMeta: metav1.ObjectMeta{
 						Name:      "my-app-set",
 						Namespace: "argocd",
 					},
@@ -421,11 +421,11 @@ func TestClusterEventHandler(t *testing.T) {
 				},
 			},
 			secret: corev1.Secret{
-				ObjectMeta: v1.ObjectMeta{
+				ObjectMeta: metav1.ObjectMeta{
 					Namespace: "argocd",
 					Name:      "my-secret",
 					Labels: map[string]string{
-						generators.ArgoCDSecretTypeLabel: generators.ArgoCDSecretTypeCluster,
+						argocommon.LabelKeySecretType: argocommon.LabelValueSecretTypeCluster,
 					},
 				},
 			},
@@ -435,7 +435,7 @@ func TestClusterEventHandler(t *testing.T) {
 			name: "a merge generator with a nested merge generator containing a cluster generator should produce a request",
 			items: []argov1alpha1.ApplicationSet{
 				{
-					ObjectMeta: v1.ObjectMeta{
+					ObjectMeta: metav1.ObjectMeta{
 						Name:      "my-app-set",
 						Namespace: "argocd",
 					},
@@ -471,11 +471,11 @@ func TestClusterEventHandler(t *testing.T) {
 				},
 			},
 			secret: corev1.Secret{
-				ObjectMeta: v1.ObjectMeta{
+				ObjectMeta: metav1.ObjectMeta{
 					Namespace: "argocd",
 					Name:      "my-secret",
 					Labels: map[string]string{
-						generators.ArgoCDSecretTypeLabel: generators.ArgoCDSecretTypeCluster,
+						argocommon.LabelKeySecretType: argocommon.LabelValueSecretTypeCluster,
 					},
 				},
 			},
@@ -487,7 +487,7 @@ func TestClusterEventHandler(t *testing.T) {
 			name: "a merge generator with a nested merge generator containing non cluster generator should not match",
 			items: []argov1alpha1.ApplicationSet{
 				{
-					ObjectMeta: v1.ObjectMeta{
+					ObjectMeta: metav1.ObjectMeta{
 						Name:      "my-app-set",
 						Namespace: "argocd",
 					},
@@ -522,11 +522,11 @@ func TestClusterEventHandler(t *testing.T) {
 				},
 			},
 			secret: corev1.Secret{
-				ObjectMeta: v1.ObjectMeta{
+				ObjectMeta: metav1.ObjectMeta{
 					Namespace: "argocd",
 					Name:      "my-secret",
 					Labels: map[string]string{
-						generators.ArgoCDSecretTypeLabel: generators.ArgoCDSecretTypeCluster,
+						argocommon.LabelKeySecretType: argocommon.LabelValueSecretTypeCluster,
 					},
 				},
 			},
@@ -549,26 +549,20 @@ func TestClusterEventHandler(t *testing.T) {

 			mockAddRateLimitingInterface := mockAddRateLimitingInterface{}

-			handler.queueRelatedAppGenerators(context.Background(), &mockAddRateLimitingInterface, &test.secret)
+			handler.queueRelatedAppGenerators(t.Context(), &mockAddRateLimitingInterface, &test.secret)

-			assert.False(t, mockAddRateLimitingInterface.errorOccurred)
 			assert.ElementsMatch(t, mockAddRateLimitingInterface.addedItems, test.expectedRequests)
 		})
 	}
 }

 // Add checks the type, and adds it to the internal list of received additions
-func (obj *mockAddRateLimitingInterface) Add(item interface{}) {
-	if req, ok := item.(ctrl.Request); ok {
-		obj.addedItems = append(obj.addedItems, req)
-	} else {
-		obj.errorOccurred = true
-	}
+func (obj *mockAddRateLimitingInterface) Add(item reconcile.Request) {
+	obj.addedItems = append(obj.addedItems, item)
 }

 type mockAddRateLimitingInterface struct {
-	errorOccurred bool
-	addedItems    []ctrl.Request
+	addedItems []reconcile.Request
 }

 func TestNestedGeneratorHasClusterGenerator_NestedClusterGenerator(t *testing.T) {
--- a/applicationset/controllers/requeue_after_test.go
+++ b/applicationset/controllers/requeue_after_test.go
@@ -1,7 +1,6 @@
 package controllers

 import (
-	"context"
 	"testing"
 	"time"

@@ -16,14 +15,15 @@ import (
 	"k8s.io/client-go/tools/record"
 	"sigs.k8s.io/controller-runtime/pkg/client/fake"

-	"github.com/argoproj/argo-cd/v2/applicationset/generators"
-	"github.com/argoproj/argo-cd/v2/applicationset/services/mocks"
-	argov1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
+	"github.com/argoproj/argo-cd/v3/applicationset/generators"
+	appsetmetrics "github.com/argoproj/argo-cd/v3/applicationset/metrics"
+	"github.com/argoproj/argo-cd/v3/applicationset/services/mocks"
+	argov1alpha1 "github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1"
 )

 func TestRequeueAfter(t *testing.T) {
 	mockServer := &mocks.Repos{}
-	ctx := context.Background()
+	ctx := t.Context()
 	scheme := runtime.NewScheme()
 	err := argov1alpha1.AddToScheme(scheme)
 	require.NoError(t, err)
@@ -35,20 +35,20 @@ func TestRequeueAfter(t *testing.T) {
 	appClientset := kubefake.NewSimpleClientset()
 	k8sClient := fake.NewClientBuilder().Build()
 	duckType := &unstructured.Unstructured{
-		Object: map[string]interface{}{
+		Object: map[string]any{
 			"apiVersion": "v2quack",
 			"kind":       "Duck",
-			"metadata": map[string]interface{}{
+			"metadata": map[string]any{
 				"name":      "mightyduck",
 				"namespace": "namespace",
-				"labels":    map[string]interface{}{"duck": "all-species"},
+				"labels":    map[string]any{"duck": "all-species"},
 			},
-			"status": map[string]interface{}{
-				"decisions": []interface{}{
-					map[string]interface{}{
+			"status": map[string]any{
+				"decisions": []any{
+					map[string]any{
 						"clusterName": "staging-01",
 					},
-					map[string]interface{}{
+					map[string]any{
 						"clusterName": "production-01",
 					},
 				},
@@ -56,11 +56,11 @@ func TestRequeueAfter(t *testing.T) {
 		},
 	}
 	fakeDynClient := dynfake.NewSimpleDynamicClientWithCustomListKinds(runtime.NewScheme(), gvrToListKind, duckType)
-	scmConfig := generators.NewSCMConfig("", []string{""}, true, nil)
+	scmConfig := generators.NewSCMConfig("", []string{""}, true, nil, true)
 	terminalGenerators := map[string]generators.Generator{
 		"List":                    generators.NewListGenerator(),
-		"Clusters":                generators.NewClusterGenerator(k8sClient, ctx, appClientset, "argocd"),
-		"Git":                     generators.NewGitGenerator(mockServer),
+		"Clusters":                generators.NewClusterGenerator(ctx, k8sClient, appClientset, "argocd"),
+		"Git":                     generators.NewGitGenerator(mockServer, "namespace"),
 		"SCMProvider":             generators.NewSCMProviderGenerator(fake.NewClientBuilder().WithObjects(&corev1.Secret{}).Build(), scmConfig),
 		"ClusterDecisionResource": generators.NewDuckTypeGenerator(ctx, fakeDynClient, appClientset, "argocd"),
 		"PullRequest":             generators.NewPullRequestGenerator(k8sClient, scmConfig),
@@ -89,15 +89,18 @@ func TestRequeueAfter(t *testing.T) {
 	}

 	client := fake.NewClientBuilder().WithScheme(scheme).Build()
+	metrics := appsetmetrics.NewFakeAppsetMetrics()
 	r := ApplicationSetReconciler{
 		Client:     client,
 		Scheme:     scheme,
 		Recorder:   record.NewFakeRecorder(0),
 		Generators: topLevelGenerators,
+		Metrics:    metrics,
 	}

 	type args struct {
-		appset *argov1alpha1.ApplicationSet
+		appset               *argov1alpha1.ApplicationSet
+		requeueAfterOverride string
 	}
 	tests := []struct {
 		name    string
@@ -105,11 +108,13 @@ func TestRequeueAfter(t *testing.T) {
 		want    time.Duration
 		wantErr assert.ErrorAssertionFunc
 	}{
-		{name: "Cluster", args: args{appset: &argov1alpha1.ApplicationSet{
-			Spec: argov1alpha1.ApplicationSetSpec{
-				Generators: []argov1alpha1.ApplicationSetGenerator{{Clusters: &argov1alpha1.ClusterGenerator{}}},
-			},
-		}}, want: generators.NoRequeueAfter, wantErr: assert.NoError},
+		{name: "Cluster", args: args{
+			appset: &argov1alpha1.ApplicationSet{
+				Spec: argov1alpha1.ApplicationSetSpec{
+					Generators: []argov1alpha1.ApplicationSetGenerator{{Clusters: &argov1alpha1.ClusterGenerator{}}},
+				},
+			}, requeueAfterOverride: "",
+		}, want: generators.NoRequeueAfter, wantErr: assert.NoError},
 		{name: "ClusterMergeNested", args: args{&argov1alpha1.ApplicationSet{
 			Spec: argov1alpha1.ApplicationSetSpec{
 				Generators: []argov1alpha1.ApplicationSetGenerator{
@@ -124,7 +129,7 @@ func TestRequeueAfter(t *testing.T) {
 					}},
 				},
 			},
-		}}, want: generators.DefaultRequeueAfterSeconds, wantErr: assert.NoError},
+		}, ""}, want: generators.DefaultRequeueAfterSeconds, wantErr: assert.NoError},
 		{name: "ClusterMatrixNested", args: args{&argov1alpha1.ApplicationSet{
 			Spec: argov1alpha1.ApplicationSetSpec{
 				Generators: []argov1alpha1.ApplicationSetGenerator{
@@ -139,15 +144,65 @@ func TestRequeueAfter(t *testing.T) {
 					}},
 				},
 			},
-		}}, want: generators.DefaultRequeueAfterSeconds, wantErr: assert.NoError},
+		}, ""}, want: generators.DefaultRequeueAfterSeconds, wantErr: assert.NoError},
 		{name: "ListGenerator", args: args{appset: &argov1alpha1.ApplicationSet{
 			Spec: argov1alpha1.ApplicationSetSpec{
 				Generators: []argov1alpha1.ApplicationSetGenerator{{List: &argov1alpha1.ListGenerator{}}},
 			},
 		}}, want: generators.NoRequeueAfter, wantErr: assert.NoError},
+		{name: "DuckGenerator", args: args{appset: &argov1alpha1.ApplicationSet{
+			Spec: argov1alpha1.ApplicationSetSpec{
+				Generators: []argov1alpha1.ApplicationSetGenerator{{ClusterDecisionResource: &argov1alpha1.DuckTypeGenerator{}}},
+			},
+		}}, want: generators.DefaultRequeueAfterSeconds, wantErr: assert.NoError},
+		{name: "OverrideRequeueDuck", args: args{
+			appset: &argov1alpha1.ApplicationSet{
+				Spec: argov1alpha1.ApplicationSetSpec{
+					Generators: []argov1alpha1.ApplicationSetGenerator{{ClusterDecisionResource: &argov1alpha1.DuckTypeGenerator{}}},
+				},
+			}, requeueAfterOverride: "1h",
+		}, want: 1 * time.Hour, wantErr: assert.NoError},
+		{name: "OverrideRequeueGit", args: args{&argov1alpha1.ApplicationSet{
+			Spec: argov1alpha1.ApplicationSetSpec{
+				Generators: []argov1alpha1.ApplicationSetGenerator{
+					{Git: &argov1alpha1.GitGenerator{}},
+				},
+			},
+		}, "1h"}, want: 1 * time.Hour, wantErr: assert.NoError},
+		{name: "OverrideRequeueMatrix", args: args{&argov1alpha1.ApplicationSet{
+			Spec: argov1alpha1.ApplicationSetSpec{
+				Generators: []argov1alpha1.ApplicationSetGenerator{
+					{Clusters: &argov1alpha1.ClusterGenerator{}},
+					{Merge: &argov1alpha1.MergeGenerator{
+						Generators: []argov1alpha1.ApplicationSetNestedGenerator{
+							{
+								Clusters: &argov1alpha1.ClusterGenerator{},
+								Git:      &argov1alpha1.GitGenerator{},
+							},
+						},
+					}},
+				},
+			},
+		}, "5m"}, want: 5 * time.Minute, wantErr: assert.NoError},
+		{name: "OverrideRequeueMerge", args: args{&argov1alpha1.ApplicationSet{
+			Spec: argov1alpha1.ApplicationSetSpec{
+				Generators: []argov1alpha1.ApplicationSetGenerator{
+					{Clusters: &argov1alpha1.ClusterGenerator{}},
+					{Merge: &argov1alpha1.MergeGenerator{
+						Generators: []argov1alpha1.ApplicationSetNestedGenerator{
+							{
+								Clusters: &argov1alpha1.ClusterGenerator{},
+								Git:      &argov1alpha1.GitGenerator{},
+							},
+						},
+					}},
+				},
+			},
+		}, "12s"}, want: 12 * time.Second, wantErr: assert.NoError},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
+			t.Setenv("ARGOCD_APPLICATIONSET_CONTROLLER_REQUEUE_AFTER", tt.args.requeueAfterOverride)
 			assert.Equalf(t, tt.want, r.getMinRequeueAfter(tt.args.appset), "getMinRequeueAfter(%v)", tt.args.appset)
 		})
 	}
--- a/applicationset/controllers/template/patch.go
+++ b/applicationset/controllers/template/patch.go
@@ -6,8 +6,8 @@ import (

 	"k8s.io/apimachinery/pkg/util/strategicpatch"

-	"github.com/argoproj/argo-cd/v2/applicationset/utils"
-	appv1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
+	"github.com/argoproj/argo-cd/v3/applicationset/utils"
+	appv1 "github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1"
 )

 func applyTemplatePatch(app *appv1.Application, templatePatch string) (*appv1.Application, error) {
--- a/applicationset/controllers/template/patch_test.go
+++ b/applicationset/controllers/template/patch_test.go
@@ -7,7 +7,7 @@ import (
 	"github.com/stretchr/testify/require"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"

-	appv1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
+	appv1 "github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1"
 )

 func Test_ApplyTemplatePatch(t *testing.T) {
--- a/applicationset/controllers/template/template.go
+++ b/applicationset/controllers/template/template.go
@@ -7,10 +7,10 @@ import (

 	log "github.com/sirupsen/logrus"

-	"github.com/argoproj/argo-cd/v2/applicationset/generators"
-	"github.com/argoproj/argo-cd/v2/applicationset/utils"
+	"github.com/argoproj/argo-cd/v3/applicationset/generators"
+	"github.com/argoproj/argo-cd/v3/applicationset/utils"

-	argov1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
+	argov1alpha1 "github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1"
 )

 func GenerateApplications(logCtx *log.Entry, applicationSetInfo argov1alpha1.ApplicationSet, g map[string]generators.Generator, renderer utils.Renderer, client client.Client) ([]argov1alpha1.Application, argov1alpha1.ApplicationSetReasonType, error) {
@@ -20,7 +20,7 @@ func GenerateApplications(logCtx *log.Entry, applicationSetInfo argov1alpha1.App
 	var applicationSetReason argov1alpha1.ApplicationSetReasonType

 	for _, requestedGenerator := range applicationSetInfo.Spec.Generators {
-		t, err := generators.Transform(requestedGenerator, g, applicationSetInfo.Spec.Template, &applicationSetInfo, map[string]interface{}{}, client)
+		t, err := generators.Transform(requestedGenerator, g, applicationSetInfo.Spec.Template, &applicationSetInfo, map[string]any{}, client)
 		if err != nil {
 			logCtx.WithError(err).WithField("generator", requestedGenerator).
 				Error("error generating application from params")
@@ -69,15 +69,17 @@ func GenerateApplications(logCtx *log.Entry, applicationSetInfo argov1alpha1.App
 				res = append(res, *app)
 			}
 		}
-
-		logCtx.WithField("generator", requestedGenerator).Infof("generated %d applications", len(res))
-		logCtx.WithField("generator", requestedGenerator).Debugf("apps from generator: %+v", res)
+		if log.IsLevelEnabled(log.DebugLevel) {
+			logCtx.WithField("generator", requestedGenerator).Debugf("apps from generator: %+v", res)
+		} else {
+			logCtx.Infof("generated %d applications", len(res))
+		}
 	}

 	return res, applicationSetReason, firstError
 }

-func renderTemplatePatch(r utils.Renderer, app *argov1alpha1.Application, applicationSetInfo argov1alpha1.ApplicationSet, params map[string]interface{}) (*argov1alpha1.Application, error) {
+func renderTemplatePatch(r utils.Renderer, app *argov1alpha1.Application, applicationSetInfo argov1alpha1.ApplicationSet, params map[string]any) (*argov1alpha1.Application, error) {
 	replacedTemplate, err := r.Replace(*applicationSetInfo.Spec.TemplatePatch, params, applicationSetInfo.Spec.GoTemplate, applicationSetInfo.Spec.GoTemplateOptions)
 	if err != nil {
 		return nil, fmt.Errorf("error replacing values in templatePatch: %w", err)
--- a/applicationset/controllers/template/template_test.go
+++ b/applicationset/controllers/template/template_test.go
@@ -1,7 +1,8 @@
 package template

 import (
-	"fmt"
+	"errors"
+	"maps"
 	"testing"

 	"github.com/stretchr/testify/mock"
@@ -12,13 +13,12 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"

-	"github.com/argoproj/argo-cd/v2/applicationset/generators"
-	genmock "github.com/argoproj/argo-cd/v2/applicationset/generators/mocks"
-	"github.com/argoproj/argo-cd/v2/applicationset/utils"
-	rendmock "github.com/argoproj/argo-cd/v2/applicationset/utils/mocks"
-	"github.com/argoproj/argo-cd/v2/pkg/apis/application"
-	"github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
-	"github.com/argoproj/argo-cd/v2/util/collections"
+	"github.com/argoproj/argo-cd/v3/applicationset/generators"
+	genmock "github.com/argoproj/argo-cd/v3/applicationset/generators/mocks"
+	"github.com/argoproj/argo-cd/v3/applicationset/utils"
+	rendmock "github.com/argoproj/argo-cd/v3/applicationset/utils/mocks"
+	"github.com/argoproj/argo-cd/v3/pkg/apis/application"
+	"github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1"
 )

 func TestGenerateApplications(t *testing.T) {
@@ -31,7 +31,7 @@ func TestGenerateApplications(t *testing.T) {

 	for _, c := range []struct {
 		name                string
-		params              []map[string]interface{}
+		params              []map[string]any
 		template            v1alpha1.ApplicationSetTemplate
 		generateParamsError error
 		rendererError       error
@@ -40,7 +40,7 @@ func TestGenerateApplications(t *testing.T) {
 	}{
 		{
 			name:   "Generate two applications",
-			params: []map[string]interface{}{{"name": "app1"}, {"name": "app2"}},
+			params: []map[string]any{{"name": "app1"}, {"name": "app2"}},
 			template: v1alpha1.ApplicationSetTemplate{
 				ApplicationSetTemplateMeta: v1alpha1.ApplicationSetTemplateMeta{
 					Name:      "name",
@@ -53,13 +53,13 @@ func TestGenerateApplications(t *testing.T) {
 		},
 		{
 			name:                "Handles error from the generator",
-			generateParamsError: fmt.Errorf("error"),
+			generateParamsError: errors.New("error"),
 			expectErr:           true,
 			expectedReason:      v1alpha1.ApplicationSetReasonApplicationParamsGenerationError,
 		},
 		{
 			name:   "Handles error from the render",
-			params: []map[string]interface{}{{"name": "app1"}, {"name": "app2"}},
+			params: []map[string]any{{"name": "app1"}, {"name": "app2"}},
 			template: v1alpha1.ApplicationSetTemplate{
 				ApplicationSetTemplateMeta: v1alpha1.ApplicationSetTemplateMeta{
 					Name:      "name",
@@ -68,7 +68,7 @@ func TestGenerateApplications(t *testing.T) {
 				},
 				Spec: v1alpha1.ApplicationSpec{},
 			},
-			rendererError:  fmt.Errorf("error"),
+			rendererError:  errors.New("error"),
 			expectErr:      true,
 			expectedReason: v1alpha1.ApplicationSetReasonRenderTemplateParamsError,
 		},
@@ -153,7 +153,7 @@ func TestGenerateApplications(t *testing.T) {
 func TestMergeTemplateApplications(t *testing.T) {
 	for _, c := range []struct {
 		name             string
-		params           []map[string]interface{}
+		params           []map[string]any
 		template         v1alpha1.ApplicationSetTemplate
 		overrideTemplate v1alpha1.ApplicationSetTemplate
 		expectedMerged   v1alpha1.ApplicationSetTemplate
@@ -161,7 +161,7 @@ func TestMergeTemplateApplications(t *testing.T) {
 	}{
 		{
 			name:   "Generate app",
-			params: []map[string]interface{}{{"name": "app1"}},
+			params: []map[string]any{{"name": "app1"}},
 			template: v1alpha1.ApplicationSetTemplate{
 				ApplicationSetTemplateMeta: v1alpha1.ApplicationSetTemplateMeta{
 					Name:      "name",
@@ -245,13 +245,13 @@ func TestMergeTemplateApplications(t *testing.T) {
 func TestGenerateAppsUsingPullRequestGenerator(t *testing.T) {
 	for _, cases := range []struct {
 		name        string
-		params      []map[string]interface{}
+		params      []map[string]any
 		template    v1alpha1.ApplicationSetTemplate
 		expectedApp []v1alpha1.Application
 	}{
 		{
 			name: "Generate an application from a go template application set manifest using a pull request generator",
-			params: []map[string]interface{}{
+			params: []map[string]any{
 				{
 					"number":                                "1",
 					"title":                                 "title1",
@@ -344,7 +344,7 @@ func TestGenerateAppsUsingPullRequestGenerator(t *testing.T) {
 			assert.EqualValues(t, cases.expectedApp[0].ObjectMeta.Name, gotApp[0].ObjectMeta.Name)
 			assert.EqualValues(t, cases.expectedApp[0].Spec.Source.TargetRevision, gotApp[0].Spec.Source.TargetRevision)
 			assert.EqualValues(t, cases.expectedApp[0].Spec.Destination.Namespace, gotApp[0].Spec.Destination.Namespace)
-			assert.True(t, collections.StringMapsEqual(cases.expectedApp[0].ObjectMeta.Labels, gotApp[0].ObjectMeta.Labels))
+			assert.True(t, maps.Equal(cases.expectedApp[0].ObjectMeta.Labels, gotApp[0].ObjectMeta.Labels))
 		})
 	}
 }
--- a/applicationset/examples/applications-sync-policies/guestbook/engineering-dev/guestbook-ui-deployment.yaml
+++ b/applicationset/examples/applications-sync-policies/guestbook/engineering-dev/guestbook-ui-deployment.yaml
@@ -14,7 +14,7 @@ spec:
        app: guestbook-ui
    spec:
      containers:
-      - image: gcr.io/heptio-images/ks-guestbook-demo:0.2
+      - image: quay.io/argoprojlabs/argocd-e2e-container:0.2
        name: guestbook-ui
        ports:
        - containerPort: 80
--- a/applicationset/examples/applications-sync-policies/guestbook/engineering-prod/guestbook-ui-deployment.yaml
+++ b/applicationset/examples/applications-sync-policies/guestbook/engineering-prod/guestbook-ui-deployment.yaml
@@ -14,7 +14,7 @@ spec:
        app: guestbook-ui
    spec:
      containers:
-      - image: gcr.io/heptio-images/ks-guestbook-demo:0.2
+      - image: quay.io/argoprojlabs/argocd-e2e-container:0.2
        name: guestbook-ui
        ports:
        - containerPort: 80
--- a/applicationset/examples/git-generator-directory/excludes/cluster-addons/exclude-helm-guestbook/values.yaml
+++ b/applicationset/examples/git-generator-directory/excludes/cluster-addons/exclude-helm-guestbook/values.yaml
@@ -5,7 +5,7 @@
 replicaCount: 1

 image:
-  repository: gcr.io/heptio-images/ks-guestbook-demo
+  repository: quay.io/argoprojlabs/argocd-e2e-container
  tag: 0.1
  pullPolicy: IfNotPresent

--- a/applicationset/examples/git-generator-files-discovery/apps/guestbook/guestbook-ui-deployment.yaml
+++ b/applicationset/examples/git-generator-files-discovery/apps/guestbook/guestbook-ui-deployment.yaml
@@ -14,7 +14,7 @@ spec:
        app: guestbook-ui
    spec:
      containers:
-      - image: gcr.io/heptio-images/ks-guestbook-demo:0.2
+      - image: quay.io/argoprojlabs/argocd-e2e-container:0.2
        name: guestbook-ui
        ports:
        - containerPort: 80
--- a/applicationset/examples/list-generator/guestbook/engineering-dev/guestbook-ui-deployment.yaml
+++ b/applicationset/examples/list-generator/guestbook/engineering-dev/guestbook-ui-deployment.yaml
@@ -14,7 +14,7 @@ spec:
        app: guestbook-ui
    spec:
      containers:
-      - image: gcr.io/heptio-images/ks-guestbook-demo:0.2
+      - image: quay.io/argoprojlabs/argocd-e2e-container:0.2
        name: guestbook-ui
        ports:
        - containerPort: 80
--- a/applicationset/examples/list-generator/guestbook/engineering-prod/guestbook-ui-deployment.yaml
+++ b/applicationset/examples/list-generator/guestbook/engineering-prod/guestbook-ui-deployment.yaml
@@ -14,7 +14,7 @@ spec:
        app: guestbook-ui
    spec:
      containers:
-      - image: gcr.io/heptio-images/ks-guestbook-demo:0.2
+      - image: quay.io/argoprojlabs/argocd-e2e-container:0.2
        name: guestbook-ui
        ports:
        - containerPort: 80
--- a/applicationset/examples/template-override/default/guestbook-ui-deployment.yaml
+++ b/applicationset/examples/template-override/default/guestbook-ui-deployment.yaml
@@ -14,7 +14,7 @@ spec:
        app: guestbook-ui
    spec:
      containers:
-      - image: gcr.io/heptio-images/ks-guestbook-demo:0.2
+      - image: quay.io/argoprojlabs/argocd-e2e-container:0.2
        name: guestbook-ui
        ports:
        - containerPort: 80
--- a/applicationset/examples/template-override/engineering-dev-override/guestbook-ui-deployment.yaml
+++ b/applicationset/examples/template-override/engineering-dev-override/guestbook-ui-deployment.yaml
@@ -14,7 +14,7 @@ spec:
        app: guestbook-ui
    spec:
      containers:
-      - image: gcr.io/heptio-images/ks-guestbook-demo:0.2
+      - image: quay.io/argoprojlabs/argocd-e2e-container:0.2
        name: guestbook-ui
        ports:
        - containerPort: 80
--- a/applicationset/generators/cluster.go
+++ b/applicationset/generators/cluster.go
@@ -7,20 +7,16 @@ import (

 	log "github.com/sirupsen/logrus"

-	"github.com/argoproj/argo-cd/v2/util/settings"
+	"github.com/argoproj/argo-cd/v3/util/settings"

 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/client-go/kubernetes"
 	"sigs.k8s.io/controller-runtime/pkg/client"

-	"github.com/argoproj/argo-cd/v2/applicationset/utils"
-	argoappsetv1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
-)
-
-const (
-	ArgoCDSecretTypeLabel   = "argocd.argoproj.io/secret-type"
-	ArgoCDSecretTypeCluster = "cluster"
+	"github.com/argoproj/argo-cd/v3/applicationset/utils"
+	"github.com/argoproj/argo-cd/v3/common"
+	argoappsetv1alpha1 "github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1"
 )

 var _ Generator = (*ClusterGenerator)(nil)
@@ -37,7 +33,7 @@ type ClusterGenerator struct {

 var render = &utils.Render{}

-func NewClusterGenerator(c client.Client, ctx context.Context, clientset kubernetes.Interface, namespace string) Generator {
+func NewClusterGenerator(ctx context.Context, c client.Client, clientset kubernetes.Interface, namespace string) Generator {
 	settingsManager := settings.NewSettingsManager(ctx, clientset, namespace)

 	g := &ClusterGenerator{
@@ -52,7 +48,7 @@ func NewClusterGenerator(c client.Client, ctx context.Context, clientset kuberne

 // GetRequeueAfter never requeue the cluster generator because the `clusterSecretEventHandler` will requeue the appsets
 // when the cluster secrets change
-func (g *ClusterGenerator) GetRequeueAfter(appSetGenerator *argoappsetv1alpha1.ApplicationSetGenerator) time.Duration {
+func (g *ClusterGenerator) GetRequeueAfter(_ *argoappsetv1alpha1.ApplicationSetGenerator) time.Duration {
 	return NoRequeueAfter
 }

@@ -60,7 +56,8 @@ func (g *ClusterGenerator) GetTemplate(appSetGenerator *argoappsetv1alpha1.Appli
 	return &appSetGenerator.Clusters.Template
 }

-func (g *ClusterGenerator) GenerateParams(appSetGenerator *argoappsetv1alpha1.ApplicationSetGenerator, appSet *argoappsetv1alpha1.ApplicationSet, _ client.Client) ([]map[string]interface{}, error) {
+func (g *ClusterGenerator) GenerateParams(appSetGenerator *argoappsetv1alpha1.ApplicationSetGenerator, appSet *argoappsetv1alpha1.ApplicationSet, _ client.Client) ([]map[string]any, error) {
+	logCtx := log.WithField("applicationset", appSet.GetName()).WithField("namespace", appSet.GetNamespace())
 	if appSetGenerator == nil {
 		return nil, EmptyAppSetGeneratorError
 	}
@@ -73,7 +70,7 @@ func (g *ClusterGenerator) GenerateParams(appSetGenerator *argoappsetv1alpha1.Ap
 	// - Since local clusters do not have secrets, they do not have labels to match against
 	ignoreLocalClusters := len(appSetGenerator.Clusters.Selector.MatchExpressions) > 0 || len(appSetGenerator.Clusters.Selector.MatchLabels) > 0

-	// ListCluster from Argo CD's util/db package will include the local cluster in the list of clusters
+	// ListCluster will include the local cluster in the list of clusters
 	clustersFromArgoCD, err := utils.ListClusters(g.ctx, g.clientset, g.namespace)
 	if err != nil {
 		return nil, fmt.Errorf("error listing clusters: %w", err)
@@ -83,48 +80,64 @@ func (g *ClusterGenerator) GenerateParams(appSetGenerator *argoappsetv1alpha1.Ap
 		return nil, nil
 	}

-	clusterSecrets, err := g.getSecretsByClusterName(appSetGenerator)
+	clusterSecrets, err := g.getSecretsByClusterName(logCtx, appSetGenerator)
 	if err != nil {
 		return nil, fmt.Errorf("error getting cluster secrets: %w", err)
 	}

-	res := []map[string]interface{}{}
+	res := []map[string]any{}

 	secretsFound := []corev1.Secret{}

-	for _, cluster := range clustersFromArgoCD.Items {
+	isFlatMode := appSetGenerator.Clusters.FlatList
+	logCtx.Debugf("Using flat mode = %t for cluster generator", isFlatMode)
+	clustersParams := make([]map[string]any, 0)
+
+	for _, cluster := range clustersFromArgoCD {
 		// If there is a secret for this cluster, then it's a non-local cluster, so it will be
 		// handled by the next step.
 		if secretForCluster, exists := clusterSecrets[cluster.Name]; exists {
 			secretsFound = append(secretsFound, secretForCluster)
 		} else if !ignoreLocalClusters {
 			// If there is no secret for the cluster, it's the local cluster, so handle it here.
-			params := map[string]interface{}{}
+			params := map[string]any{}
 			params["name"] = cluster.Name
 			params["nameNormalized"] = cluster.Name
 			params["server"] = cluster.Server
+			params["project"] = ""

 			err = appendTemplatedValues(appSetGenerator.Clusters.Values, params, appSet.Spec.GoTemplate, appSet.Spec.GoTemplateOptions)
 			if err != nil {
 				return nil, fmt.Errorf("error appending templated values for local cluster: %w", err)
 			}

-			res = append(res, params)
+			if isFlatMode {
+				clustersParams = append(clustersParams, params)
+			} else {
+				res = append(res, params)
+			}

-			log.WithField("cluster", "local cluster").Info("matched local cluster")
+			logCtx.WithField("cluster", "local cluster").Info("matched local cluster")
 		}
 	}

 	// For each matching cluster secret (non-local clusters only)
 	for _, cluster := range secretsFound {
-		params := map[string]interface{}{}
+		params := map[string]any{}

 		params["name"] = string(cluster.Data["name"])
 		params["nameNormalized"] = utils.SanitizeName(string(cluster.Data["name"]))
 		params["server"] = string(cluster.Data["server"])

+		project, ok := cluster.Data["project"]
+		if ok {
+			params["project"] = string(project)
+		} else {
+			params["project"] = ""
+		}
+
 		if appSet.Spec.GoTemplate {
-			meta := map[string]interface{}{}
+			meta := map[string]any{}

 			if len(cluster.ObjectMeta.Annotations) > 0 {
 				meta["annotations"] = cluster.ObjectMeta.Annotations
@@ -136,11 +149,11 @@ func (g *ClusterGenerator) GenerateParams(appSetGenerator *argoappsetv1alpha1.Ap
 			params["metadata"] = meta
 		} else {
 			for key, value := range cluster.ObjectMeta.Annotations {
-				params[fmt.Sprintf("metadata.annotations.%s", key)] = value
+				params["metadata.annotations."+key] = value
 			}

 			for key, value := range cluster.ObjectMeta.Labels {
-				params[fmt.Sprintf("metadata.labels.%s", key)] = value
+				params["metadata.labels."+key] = value
 			}
 		}

@@ -149,19 +162,27 @@ func (g *ClusterGenerator) GenerateParams(appSetGenerator *argoappsetv1alpha1.Ap
 			return nil, fmt.Errorf("error appending templated values for cluster: %w", err)
 		}

-		res = append(res, params)
+		if isFlatMode {
+			clustersParams = append(clustersParams, params)
+		} else {
+			res = append(res, params)
+		}

-		log.WithField("cluster", cluster.Name).Info("matched cluster secret")
+		logCtx.WithField("cluster", cluster.Name).Debug("matched cluster secret")
 	}

+	if isFlatMode {
+		res = append(res, map[string]any{
+			"clusters": clustersParams,
+		})
+	}
 	return res, nil
 }

-func (g *ClusterGenerator) getSecretsByClusterName(appSetGenerator *argoappsetv1alpha1.ApplicationSetGenerator) (map[string]corev1.Secret, error) {
-	// List all Clusters:
+func (g *ClusterGenerator) getSecretsByClusterName(log *log.Entry, appSetGenerator *argoappsetv1alpha1.ApplicationSetGenerator) (map[string]corev1.Secret, error) {
 	clusterSecretList := &corev1.SecretList{}

-	selector := metav1.AddLabelToSelector(&appSetGenerator.Clusters.Selector, ArgoCDSecretTypeLabel, ArgoCDSecretTypeCluster)
+	selector := metav1.AddLabelToSelector(&appSetGenerator.Clusters.Selector, common.LabelKeySecretType, common.LabelValueSecretTypeCluster)
 	secretSelector, err := metav1.LabelSelectorAsSelector(selector)
 	if err != nil {
 		return nil, fmt.Errorf("error converting label selector: %w", err)
@@ -170,7 +191,7 @@ func (g *ClusterGenerator) getSecretsByClusterName(appSetGenerator *argoappsetv1
 	if err := g.Client.List(context.Background(), clusterSecretList, client.MatchingLabelsSelector{Selector: secretSelector}); err != nil {
 		return nil, err
 	}
-	log.Debug("clusters matching labels", "count", len(clusterSecretList.Items))
+	log.Debugf("clusters matching labels: %d", len(clusterSecretList.Items))

 	res := map[string]corev1.Secret{}

--- a/applicationset/generators/cluster_test.go
+++ b/applicationset/generators/cluster_test.go
@@ -2,7 +2,7 @@ package generators

 import (
 	"context"
-	"fmt"
+	"errors"
 	"testing"

 	corev1 "k8s.io/api/core/v1"
@@ -13,8 +13,8 @@ import (

 	kubefake "k8s.io/client-go/kubernetes/fake"

-	"github.com/argoproj/argo-cd/v2/applicationset/utils"
-	argoprojiov1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
+	"github.com/argoproj/argo-cd/v3/applicationset/utils"
+	argoprojiov1alpha1 "github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1"

 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
@@ -27,7 +27,7 @@ type possiblyErroringFakeCtrlRuntimeClient struct {

 func (p *possiblyErroringFakeCtrlRuntimeClient) List(ctx context.Context, secretList client.ObjectList, opts ...client.ListOption) error {
 	if p.shouldError {
-		return fmt.Errorf("could not list Secrets")
+		return errors.New("could not list Secrets")
 	}
 	return p.Client.List(ctx, secretList, opts...)
 }
@@ -76,18 +76,20 @@ func TestGenerateParams(t *testing.T) {
 				},
 			},
 			Data: map[string][]byte{
-				"config": []byte("{}"),
-				"name":   []byte("production_01/west"),
-				"server": []byte("https://production-01.example.com"),
+				"config":  []byte("{}"),
+				"name":    []byte("production_01/west"),
+				"server":  []byte("https://production-01.example.com"),
+				"project": []byte("prod-project"),
 			},
 			Type: corev1.SecretType("Opaque"),
 		},
 	}
 	testCases := []struct {
-		name     string
-		selector metav1.LabelSelector
-		values   map[string]string
-		expected []map[string]interface{}
+		name       string
+		selector   metav1.LabelSelector
+		isFlatMode bool
+		values     map[string]string
+		expected   []map[string]any
 		// clientError is true if a k8s client error should be simulated
 		clientError   bool
 		expectedError error
@@ -104,18 +106,17 @@ func TestGenerateParams(t *testing.T) {
 				"bat":   "{{ metadata.labels.environment }}",
 				"aaa":   "{{ server }}",
 				"no-op": "{{ this-does-not-exist }}",
-			}, expected: []map[string]interface{}{
+			}, expected: []map[string]any{
+				{"values.lol1": "lol", "values.lol2": "{{values.lol1}}{{values.lol1}}", "values.lol3": "{{values.lol2}}{{values.lol2}}{{values.lol2}}", "values.foo": "bar", "values.bar": "{{ metadata.annotations.foo.argoproj.io }}", "values.no-op": "{{ this-does-not-exist }}", "values.bat": "{{ metadata.labels.environment }}", "values.aaa": "https://kubernetes.default.svc", "nameNormalized": "in-cluster", "name": "in-cluster", "server": "https://kubernetes.default.svc", "project": ""},
 				{
 					"values.lol1": "lol", "values.lol2": "{{values.lol1}}{{values.lol1}}", "values.lol3": "{{values.lol2}}{{values.lol2}}{{values.lol2}}", "values.foo": "bar", "values.bar": "production", "values.no-op": "{{ this-does-not-exist }}", "values.bat": "production", "values.aaa": "https://production-01.example.com", "name": "production_01/west", "nameNormalized": "production-01-west", "server": "https://production-01.example.com", "metadata.labels.environment": "production", "metadata.labels.org": "bar",
-					"metadata.labels.argocd.argoproj.io/secret-type": "cluster", "metadata.annotations.foo.argoproj.io": "production",
+					"metadata.labels.argocd.argoproj.io/secret-type": "cluster", "metadata.annotations.foo.argoproj.io": "production", "project": "prod-project",
 				},

 				{
 					"values.lol1": "lol", "values.lol2": "{{values.lol1}}{{values.lol1}}", "values.lol3": "{{values.lol2}}{{values.lol2}}{{values.lol2}}", "values.foo": "bar", "values.bar": "staging", "values.no-op": "{{ this-does-not-exist }}", "values.bat": "staging", "values.aaa": "https://staging-01.example.com", "name": "staging-01", "nameNormalized": "staging-01", "server": "https://staging-01.example.com", "metadata.labels.environment": "staging", "metadata.labels.org": "foo",
-					"metadata.labels.argocd.argoproj.io/secret-type": "cluster", "metadata.annotations.foo.argoproj.io": "staging",
+					"metadata.labels.argocd.argoproj.io/secret-type": "cluster", "metadata.annotations.foo.argoproj.io": "staging", "project": "",
 				},
-
-				{"values.lol1": "lol", "values.lol2": "{{values.lol1}}{{values.lol1}}", "values.lol3": "{{values.lol2}}{{values.lol2}}{{values.lol2}}", "values.foo": "bar", "values.bar": "{{ metadata.annotations.foo.argoproj.io }}", "values.no-op": "{{ this-does-not-exist }}", "values.bat": "{{ metadata.labels.environment }}", "values.aaa": "https://kubernetes.default.svc", "nameNormalized": "in-cluster", "name": "in-cluster", "server": "https://kubernetes.default.svc"},
 			},
 			clientError:   false,
 			expectedError: nil,
@@ -128,15 +129,15 @@ func TestGenerateParams(t *testing.T) {
 				},
 			},
 			values: nil,
-			expected: []map[string]interface{}{
+			expected: []map[string]any{
 				{
 					"name": "production_01/west", "nameNormalized": "production-01-west", "server": "https://production-01.example.com", "metadata.labels.environment": "production", "metadata.labels.org": "bar",
-					"metadata.labels.argocd.argoproj.io/secret-type": "cluster", "metadata.annotations.foo.argoproj.io": "production",
+					"metadata.labels.argocd.argoproj.io/secret-type": "cluster", "metadata.annotations.foo.argoproj.io": "production", "project": "prod-project",
 				},

 				{
 					"name": "staging-01", "nameNormalized": "staging-01", "server": "https://staging-01.example.com", "metadata.labels.environment": "staging", "metadata.labels.org": "foo",
-					"metadata.labels.argocd.argoproj.io/secret-type": "cluster", "metadata.annotations.foo.argoproj.io": "staging",
+					"metadata.labels.argocd.argoproj.io/secret-type": "cluster", "metadata.annotations.foo.argoproj.io": "staging", "project": "",
 				},
 			},
 			clientError:   false,
@@ -152,10 +153,10 @@ func TestGenerateParams(t *testing.T) {
 			values: map[string]string{
 				"foo": "bar",
 			},
-			expected: []map[string]interface{}{
+			expected: []map[string]any{
 				{
 					"values.foo": "bar", "name": "production_01/west", "nameNormalized": "production-01-west", "server": "https://production-01.example.com", "metadata.labels.environment": "production", "metadata.labels.org": "bar",
-					"metadata.labels.argocd.argoproj.io/secret-type": "cluster", "metadata.annotations.foo.argoproj.io": "production",
+					"metadata.labels.argocd.argoproj.io/secret-type": "cluster", "metadata.annotations.foo.argoproj.io": "production", "project": "prod-project",
 				},
 			},
 			clientError:   false,
@@ -178,14 +179,14 @@ func TestGenerateParams(t *testing.T) {
 			values: map[string]string{
 				"foo": "bar",
 			},
-			expected: []map[string]interface{}{
+			expected: []map[string]any{
 				{
 					"values.foo": "bar", "name": "staging-01", "nameNormalized": "staging-01", "server": "https://staging-01.example.com", "metadata.labels.environment": "staging", "metadata.labels.org": "foo",
-					"metadata.labels.argocd.argoproj.io/secret-type": "cluster", "metadata.annotations.foo.argoproj.io": "staging",
+					"metadata.labels.argocd.argoproj.io/secret-type": "cluster", "metadata.annotations.foo.argoproj.io": "staging", "project": "",
 				},
 				{
 					"values.foo": "bar", "name": "production_01/west", "nameNormalized": "production-01-west", "server": "https://production-01.example.com", "metadata.labels.environment": "production", "metadata.labels.org": "bar",
-					"metadata.labels.argocd.argoproj.io/secret-type": "cluster", "metadata.annotations.foo.argoproj.io": "production",
+					"metadata.labels.argocd.argoproj.io/secret-type": "cluster", "metadata.annotations.foo.argoproj.io": "production", "project": "prod-project",
 				},
 			},
 			clientError:   false,
@@ -211,10 +212,10 @@ func TestGenerateParams(t *testing.T) {
 			values: map[string]string{
 				"name": "baz",
 			},
-			expected: []map[string]interface{}{
+			expected: []map[string]any{
 				{
 					"values.name": "baz", "name": "staging-01", "nameNormalized": "staging-01", "server": "https://staging-01.example.com", "metadata.labels.environment": "staging", "metadata.labels.org": "foo",
-					"metadata.labels.argocd.argoproj.io/secret-type": "cluster", "metadata.annotations.foo.argoproj.io": "staging",
+					"metadata.labels.argocd.argoproj.io/secret-type": "cluster", "metadata.annotations.foo.argoproj.io": "staging", "project": "",
 				},
 			},
 			clientError:   false,
@@ -226,7 +227,75 @@ func TestGenerateParams(t *testing.T) {
 			values:        nil,
 			expected:      nil,
 			clientError:   true,
-			expectedError: fmt.Errorf("error getting cluster secrets: could not list Secrets"),
+			expectedError: errors.New("error getting cluster secrets: could not list Secrets"),
+		},
+		{
+			name:     "flat mode without selectors",
+			selector: metav1.LabelSelector{},
+			values: map[string]string{
+				"lol1":  "lol",
+				"lol2":  "{{values.lol1}}{{values.lol1}}",
+				"lol3":  "{{values.lol2}}{{values.lol2}}{{values.lol2}}",
+				"foo":   "bar",
+				"bar":   "{{ metadata.annotations.foo.argoproj.io }}",
+				"bat":   "{{ metadata.labels.environment }}",
+				"aaa":   "{{ server }}",
+				"no-op": "{{ this-does-not-exist }}",
+			},
+			expected: []map[string]any{
+				{
+					"clusters": []map[string]any{
+						{"values.lol1": "lol", "values.lol2": "{{values.lol1}}{{values.lol1}}", "values.lol3": "{{values.lol2}}{{values.lol2}}{{values.lol2}}", "values.foo": "bar", "values.bar": "{{ metadata.annotations.foo.argoproj.io }}", "values.no-op": "{{ this-does-not-exist }}", "values.bat": "{{ metadata.labels.environment }}", "values.aaa": "https://kubernetes.default.svc", "nameNormalized": "in-cluster", "name": "in-cluster", "server": "https://kubernetes.default.svc", "project": ""},
+						{
+							"values.lol1": "lol", "values.lol2": "{{values.lol1}}{{values.lol1}}", "values.lol3": "{{values.lol2}}{{values.lol2}}{{values.lol2}}", "values.foo": "bar", "values.bar": "production", "values.no-op": "{{ this-does-not-exist }}", "values.bat": "production", "values.aaa": "https://production-01.example.com", "name": "production_01/west", "nameNormalized": "production-01-west", "server": "https://production-01.example.com", "metadata.labels.environment": "production", "metadata.labels.org": "bar",
+							"metadata.labels.argocd.argoproj.io/secret-type": "cluster", "metadata.annotations.foo.argoproj.io": "production", "project": "prod-project",
+						},
+
+						{
+							"values.lol1": "lol", "values.lol2": "{{values.lol1}}{{values.lol1}}", "values.lol3": "{{values.lol2}}{{values.lol2}}{{values.lol2}}", "values.foo": "bar", "values.bar": "staging", "values.no-op": "{{ this-does-not-exist }}", "values.bat": "staging", "values.aaa": "https://staging-01.example.com", "name": "staging-01", "nameNormalized": "staging-01", "server": "https://staging-01.example.com", "metadata.labels.environment": "staging", "metadata.labels.org": "foo",
+							"metadata.labels.argocd.argoproj.io/secret-type": "cluster", "metadata.annotations.foo.argoproj.io": "staging", "project": "",
+						},
+					},
+				},
+			},
+			isFlatMode:    true,
+			clientError:   false,
+			expectedError: nil,
+		},
+		{
+			name: "production or staging with flat mode",
+			selector: metav1.LabelSelector{
+				MatchExpressions: []metav1.LabelSelectorRequirement{
+					{
+						Key:      "environment",
+						Operator: "In",
+						Values: []string{
+							"production",
+							"staging",
+						},
+					},
+				},
+			},
+			isFlatMode: true,
+			values: map[string]string{
+				"foo": "bar",
+			},
+			expected: []map[string]any{
+				{
+					"clusters": []map[string]any{
+						{
+							"values.foo": "bar", "name": "production_01/west", "nameNormalized": "production-01-west", "server": "https://production-01.example.com", "metadata.labels.environment": "production", "metadata.labels.org": "bar",
+							"metadata.labels.argocd.argoproj.io/secret-type": "cluster", "metadata.annotations.foo.argoproj.io": "production", "project": "prod-project",
+						},
+						{
+							"values.foo": "bar", "name": "staging-01", "nameNormalized": "staging-01", "server": "https://staging-01.example.com", "metadata.labels.environment": "staging", "metadata.labels.org": "foo",
+							"metadata.labels.argocd.argoproj.io/secret-type": "cluster", "metadata.annotations.foo.argoproj.io": "staging", "project": "",
+						},
+					},
+				},
+			},
+			clientError:   false,
+			expectedError: nil,
 		},
 	}

@@ -246,7 +315,7 @@ func TestGenerateParams(t *testing.T) {
 				testCase.clientError,
 			}

-			clusterGenerator := NewClusterGenerator(cl, context.Background(), appClientset, "namespace")
+			clusterGenerator := NewClusterGenerator(t.Context(), cl, appClientset, "namespace")

 			applicationSetInfo := argoprojiov1alpha1.ApplicationSet{
 				ObjectMeta: metav1.ObjectMeta{
@@ -259,6 +328,7 @@ func TestGenerateParams(t *testing.T) {
 				Clusters: &argoprojiov1alpha1.ClusterGenerator{
 					Selector: testCase.selector,
 					Values:   testCase.values,
+					FlatList: testCase.isFlatMode,
 				},
 			}, &applicationSetInfo, nil)

@@ -324,10 +394,11 @@ func TestGenerateParamsGoTemplate(t *testing.T) {
 		},
 	}
 	testCases := []struct {
-		name     string
-		selector metav1.LabelSelector
-		values   map[string]string
-		expected []map[string]interface{}
+		name       string
+		selector   metav1.LabelSelector
+		values     map[string]string
+		isFlatMode bool
+		expected   []map[string]any
 		// clientError is true if a k8s client error should be simulated
 		clientError   bool
 		expectedError error
@@ -344,12 +415,13 @@ func TestGenerateParamsGoTemplate(t *testing.T) {
 				"bat":   "{{ if not (empty .metadata) }}{{.metadata.labels.environment}}{{ end }}",
 				"aaa":   "{{ .server }}",
 				"no-op": "{{ .thisDoesNotExist }}",
-			}, expected: []map[string]interface{}{
+			}, expected: []map[string]any{
 				{
 					"name":           "production_01/west",
 					"nameNormalized": "production-01-west",
 					"server":         "https://production-01.example.com",
-					"metadata": map[string]interface{}{
+					"project":        "",
+					"metadata": map[string]any{
 						"labels": map[string]string{
 							"argocd.argoproj.io/secret-type": "cluster",
 							"environment":                    "production",
@@ -374,7 +446,8 @@ func TestGenerateParamsGoTemplate(t *testing.T) {
 					"name":           "staging-01",
 					"nameNormalized": "staging-01",
 					"server":         "https://staging-01.example.com",
-					"metadata": map[string]interface{}{
+					"project":        "",
+					"metadata": map[string]any{
 						"labels": map[string]string{
 							"argocd.argoproj.io/secret-type": "cluster",
 							"environment":                    "staging",
@@ -399,6 +472,7 @@ func TestGenerateParamsGoTemplate(t *testing.T) {
 					"nameNormalized": "in-cluster",
 					"name":           "in-cluster",
 					"server":         "https://kubernetes.default.svc",
+					"project":        "",
 					"values": map[string]string{
 						"lol1":  "lol",
 						"lol2":  "<no value><no value>",
@@ -422,12 +496,13 @@ func TestGenerateParamsGoTemplate(t *testing.T) {
 				},
 			},
 			values: nil,
-			expected: []map[string]interface{}{
+			expected: []map[string]any{
 				{
 					"name":           "production_01/west",
 					"nameNormalized": "production-01-west",
 					"server":         "https://production-01.example.com",
-					"metadata": map[string]interface{}{
+					"project":        "",
+					"metadata": map[string]any{
 						"labels": map[string]string{
 							"argocd.argoproj.io/secret-type": "cluster",
 							"environment":                    "production",
@@ -442,7 +517,8 @@ func TestGenerateParamsGoTemplate(t *testing.T) {
 					"name":           "staging-01",
 					"nameNormalized": "staging-01",
 					"server":         "https://staging-01.example.com",
-					"metadata": map[string]interface{}{
+					"project":        "",
+					"metadata": map[string]any{
 						"labels": map[string]string{
 							"argocd.argoproj.io/secret-type": "cluster",
 							"environment":                    "staging",
@@ -467,12 +543,13 @@ func TestGenerateParamsGoTemplate(t *testing.T) {
 			values: map[string]string{
 				"foo": "bar",
 			},
-			expected: []map[string]interface{}{
+			expected: []map[string]any{
 				{
 					"name":           "production_01/west",
 					"nameNormalized": "production-01-west",
 					"server":         "https://production-01.example.com",
-					"metadata": map[string]interface{}{
+					"project":        "",
+					"metadata": map[string]any{
 						"labels": map[string]string{
 							"argocd.argoproj.io/secret-type": "cluster",
 							"environment":                    "production",
@@ -507,12 +584,13 @@ func TestGenerateParamsGoTemplate(t *testing.T) {
 			values: map[string]string{
 				"foo": "bar",
 			},
-			expected: []map[string]interface{}{
+			expected: []map[string]any{
 				{
 					"name":           "production_01/west",
 					"nameNormalized": "production-01-west",
 					"server":         "https://production-01.example.com",
-					"metadata": map[string]interface{}{
+					"project":        "",
+					"metadata": map[string]any{
 						"labels": map[string]string{
 							"argocd.argoproj.io/secret-type": "cluster",
 							"environment":                    "production",
@@ -530,7 +608,8 @@ func TestGenerateParamsGoTemplate(t *testing.T) {
 					"name":           "staging-01",
 					"nameNormalized": "staging-01",
 					"server":         "https://staging-01.example.com",
-					"metadata": map[string]interface{}{
+					"project":        "",
+					"metadata": map[string]any{
 						"labels": map[string]string{
 							"argocd.argoproj.io/secret-type": "cluster",
 							"environment":                    "staging",
@@ -568,12 +647,13 @@ func TestGenerateParamsGoTemplate(t *testing.T) {
 			values: map[string]string{
 				"name": "baz",
 			},
-			expected: []map[string]interface{}{
+			expected: []map[string]any{
 				{
 					"name":           "staging-01",
 					"nameNormalized": "staging-01",
 					"server":         "https://staging-01.example.com",
-					"metadata": map[string]interface{}{
+					"project":        "",
+					"metadata": map[string]any{
 						"labels": map[string]string{
 							"argocd.argoproj.io/secret-type": "cluster",
 							"environment":                    "staging",
@@ -597,7 +677,163 @@ func TestGenerateParamsGoTemplate(t *testing.T) {
 			values:        nil,
 			expected:      nil,
 			clientError:   true,
-			expectedError: fmt.Errorf("error getting cluster secrets: could not list Secrets"),
+			expectedError: errors.New("error getting cluster secrets: could not list Secrets"),
+		},
+		{
+			name:       "Clusters with flat list mode and no selector",
+			selector:   metav1.LabelSelector{},
+			isFlatMode: true,
+			values: map[string]string{
+				"lol1":  "lol",
+				"lol2":  "{{ .values.lol1 }}{{ .values.lol1 }}",
+				"lol3":  "{{ .values.lol2 }}{{ .values.lol2 }}{{ .values.lol2 }}",
+				"foo":   "bar",
+				"bar":   "{{ if not (empty .metadata) }}{{index .metadata.annotations \"foo.argoproj.io\" }}{{ end }}",
+				"bat":   "{{ if not (empty .metadata) }}{{.metadata.labels.environment}}{{ end }}",
+				"aaa":   "{{ .server }}",
+				"no-op": "{{ .thisDoesNotExist }}",
+			},
+			expected: []map[string]any{
+				{
+					"clusters": []map[string]any{
+						{
+							"nameNormalized": "in-cluster",
+							"name":           "in-cluster",
+							"server":         "https://kubernetes.default.svc",
+							"project":        "",
+							"values": map[string]string{
+								"lol1":  "lol",
+								"lol2":  "<no value><no value>",
+								"lol3":  "<no value><no value><no value>",
+								"foo":   "bar",
+								"bar":   "",
+								"bat":   "",
+								"aaa":   "https://kubernetes.default.svc",
+								"no-op": "<no value>",
+							},
+						},
+						{
+							"name":           "production_01/west",
+							"nameNormalized": "production-01-west",
+							"server":         "https://production-01.example.com",
+							"project":        "",
+							"metadata": map[string]any{
+								"labels": map[string]string{
+									"argocd.argoproj.io/secret-type": "cluster",
+									"environment":                    "production",
+									"org":                            "bar",
+								},
+								"annotations": map[string]string{
+									"foo.argoproj.io": "production",
+								},
+							},
+							"values": map[string]string{
+								"lol1":  "lol",
+								"lol2":  "<no value><no value>",
+								"lol3":  "<no value><no value><no value>",
+								"foo":   "bar",
+								"bar":   "production",
+								"bat":   "production",
+								"aaa":   "https://production-01.example.com",
+								"no-op": "<no value>",
+							},
+						},
+						{
+							"name":           "staging-01",
+							"nameNormalized": "staging-01",
+							"server":         "https://staging-01.example.com",
+							"project":        "",
+							"metadata": map[string]any{
+								"labels": map[string]string{
+									"argocd.argoproj.io/secret-type": "cluster",
+									"environment":                    "staging",
+									"org":                            "foo",
+								},
+								"annotations": map[string]string{
+									"foo.argoproj.io": "staging",
+								},
+							},
+							"values": map[string]string{
+								"lol1":  "lol",
+								"lol2":  "<no value><no value>",
+								"lol3":  "<no value><no value><no value>",
+								"foo":   "bar",
+								"bar":   "staging",
+								"bat":   "staging",
+								"aaa":   "https://staging-01.example.com",
+								"no-op": "<no value>",
+							},
+						},
+					},
+				},
+			},
+			clientError:   false,
+			expectedError: nil,
+		},
+		{
+			name: "production or staging with flat mode",
+			selector: metav1.LabelSelector{
+				MatchExpressions: []metav1.LabelSelectorRequirement{
+					{
+						Key:      "environment",
+						Operator: "In",
+						Values: []string{
+							"production",
+							"staging",
+						},
+					},
+				},
+			},
+			isFlatMode: true,
+			values: map[string]string{
+				"foo": "bar",
+			},
+			expected: []map[string]any{
+				{
+					"clusters": []map[string]any{
+						{
+							"name":           "production_01/west",
+							"nameNormalized": "production-01-west",
+							"server":         "https://production-01.example.com",
+							"project":        "",
+							"metadata": map[string]any{
+								"labels": map[string]string{
+									"argocd.argoproj.io/secret-type": "cluster",
+									"environment":                    "production",
+									"org":                            "bar",
+								},
+								"annotations": map[string]string{
+									"foo.argoproj.io": "production",
+								},
+							},
+							"values": map[string]string{
+								"foo": "bar",
+							},
+						},
+						{
+							"name":           "staging-01",
+							"nameNormalized": "staging-01",
+							"server":         "https://staging-01.example.com",
+							"project":        "",
+							"metadata": map[string]any{
+								"labels": map[string]string{
+									"argocd.argoproj.io/secret-type": "cluster",
+									"environment":                    "staging",
+									"org":                            "foo",
+								},
+								"annotations": map[string]string{
+									"foo.argoproj.io": "staging",
+								},
+							},
+							"values": map[string]string{
+								"foo": "bar",
+							},
+						},
+					},
+				},
+			},
+			clientError:   false,
+			expectedError: nil,
 		},
 	}

@@ -617,7 +853,7 @@ func TestGenerateParamsGoTemplate(t *testing.T) {
 				testCase.clientError,
 			}

-			clusterGenerator := NewClusterGenerator(cl, context.Background(), appClientset, "namespace")
+			clusterGenerator := NewClusterGenerator(t.Context(), cl, appClientset, "namespace")

 			applicationSetInfo := argoprojiov1alpha1.ApplicationSet{
 				ObjectMeta: metav1.ObjectMeta{
@@ -632,6 +868,7 @@ func TestGenerateParamsGoTemplate(t *testing.T) {
 				Clusters: &argoprojiov1alpha1.ClusterGenerator{
 					Selector: testCase.selector,
 					Values:   testCase.values,
+					FlatList: testCase.isFlatMode,
 				},
 			}, &applicationSetInfo, nil)

--- a/applicationset/generators/duck_type.go
+++ b/applicationset/generators/duck_type.go
@@ -2,6 +2,7 @@ package generators

 import (
 	"context"
+	"errors"
 	"fmt"
 	"strings"
 	"time"
@@ -9,7 +10,7 @@ import (
 	log "github.com/sirupsen/logrus"
 	"sigs.k8s.io/controller-runtime/pkg/client"

-	"github.com/argoproj/argo-cd/v2/util/settings"
+	"github.com/argoproj/argo-cd/v3/util/settings"

 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/fields"
@@ -17,8 +18,8 @@ import (
 	"k8s.io/client-go/dynamic"
 	"k8s.io/client-go/kubernetes"

-	"github.com/argoproj/argo-cd/v2/applicationset/utils"
-	argoprojiov1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
+	"github.com/argoproj/argo-cd/v3/applicationset/utils"
+	argoprojiov1alpha1 "github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1"
 )

 var _ Generator = (*DuckTypeGenerator)(nil)
@@ -52,14 +53,14 @@ func (g *DuckTypeGenerator) GetRequeueAfter(appSetGenerator *argoprojiov1alpha1.
 		return time.Duration(*appSetGenerator.ClusterDecisionResource.RequeueAfterSeconds) * time.Second
 	}

-	return DefaultRequeueAfterSeconds
+	return getDefaultRequeueAfter()
 }

 func (g *DuckTypeGenerator) GetTemplate(appSetGenerator *argoprojiov1alpha1.ApplicationSetGenerator) *argoprojiov1alpha1.ApplicationSetTemplate {
 	return &appSetGenerator.ClusterDecisionResource.Template
 }

-func (g *DuckTypeGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha1.ApplicationSetGenerator, appSet *argoprojiov1alpha1.ApplicationSet, _ client.Client) ([]map[string]interface{}, error) {
+func (g *DuckTypeGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha1.ApplicationSetGenerator, appSet *argoprojiov1alpha1.ApplicationSet, _ client.Client) ([]map[string]any, error) {
 	if appSetGenerator == nil {
 		return nil, EmptyAppSetGeneratorError
 	}
@@ -96,13 +97,13 @@ func (g *DuckTypeGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha1.A
 	// Validate the fields
 	if kind == "" || versionIdx < 1 {
 		log.Warningf("kind=%v, resourceName=%v, versionIdx=%v", kind, resourceName, versionIdx)
-		return nil, fmt.Errorf("There is a problem with the apiVersion, kind or resourceName provided")
+		return nil, errors.New("There is a problem with the apiVersion, kind or resourceName provided")
 	}

 	if (resourceName == "" && labelSelector.MatchLabels == nil && labelSelector.MatchExpressions == nil) ||
 		(resourceName != "" && (labelSelector.MatchExpressions != nil || labelSelector.MatchLabels != nil)) {
 		log.Warningf("You must choose either resourceName=%v, labelSelector.matchLabels=%v or labelSelect.matchExpressions=%v", resourceName, labelSelector.MatchLabels, labelSelector.MatchExpressions)
-		return nil, fmt.Errorf("There is a problem with the definition of the ClusterDecisionResource generator")
+		return nil, errors.New("There is a problem with the definition of the ClusterDecisionResource generator")
 	}

 	// Split up the apiVersion
@@ -130,7 +131,7 @@ func (g *DuckTypeGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha1.A

 	if len(duckResources.Items) == 0 {
 		log.Warning("no resource found, make sure you clusterDecisionResource is defined correctly")
-		return nil, fmt.Errorf("no clusterDecisionResources found")
+		return nil, errors.New("no clusterDecisionResources found")
 	}

 	// Override the duck type in the status of the resource
@@ -146,81 +147,77 @@ func (g *DuckTypeGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha1.A
 		return nil, nil
 	}

-	res := []map[string]interface{}{}
-	clusterDecisions := []interface{}{}
+	res := []map[string]any{}
+	clusterDecisions := []any{}

 	// Build the decision slice
 	for _, duckResource := range duckResources.Items {
 		log.WithField("duckResourceName", duckResource.GetName()).Debug("found resource")

-		if duckResource.Object["status"] == nil || len(duckResource.Object["status"].(map[string]interface{})) == 0 {
+		if duckResource.Object["status"] == nil || len(duckResource.Object["status"].(map[string]any)) == 0 {
 			log.Warningf("clusterDecisionResource: %s, has no status", duckResource.GetName())
 			continue
 		}

 		log.WithField("duckResourceStatus", duckResource.Object["status"]).Debug("found resource")

-		clusterDecisions = append(clusterDecisions, duckResource.Object["status"].(map[string]interface{})[statusListKey].([]interface{})...)
+		clusterDecisions = append(clusterDecisions, duckResource.Object["status"].(map[string]any)[statusListKey].([]any)...)
 	}
 	log.Infof("Number of decisions found: %v", len(clusterDecisions))

-	// Read this outside the loop to improve performance
-	argoClusters := clustersFromArgoCD.Items
-
-	if len(clusterDecisions) > 0 {
-		for _, cluster := range clusterDecisions {
-			// generated instance of cluster params
-			params := map[string]interface{}{}
-
-			log.Infof("cluster: %v", cluster)
-			matchValue := cluster.(map[string]interface{})[matchKey]
-			if matchValue == nil || matchValue.(string) == "" {
-				log.Warningf("matchKey=%v not found in \"%v\" list: %v\n", matchKey, statusListKey, cluster.(map[string]interface{}))
-				continue
-			}
-
-			strMatchValue := matchValue.(string)
-			log.WithField(matchKey, strMatchValue).Debug("validate against ArgoCD")
-
-			found := false
-
-			for _, argoCluster := range argoClusters {
-				if argoCluster.Name == strMatchValue {
-					log.WithField(matchKey, argoCluster.Name).Info("matched cluster in ArgoCD")
-					params["name"] = argoCluster.Name
-					params["server"] = argoCluster.Server
-
-					found = true
-					break // Stop looking
-				}
-			}
-
-			if !found {
-				log.WithField(matchKey, strMatchValue).Warning("unmatched cluster in ArgoCD")
-				continue
-			}
-
-			for key, value := range cluster.(map[string]interface{}) {
-				params[key] = value.(string)
-			}
-
-			for key, value := range appSetGenerator.ClusterDecisionResource.Values {
-				if appSet.Spec.GoTemplate {
-					if params["values"] == nil {
-						params["values"] = map[string]string{}
-					}
-					params["values"].(map[string]string)[key] = value
-				} else {
-					params[fmt.Sprintf("values.%s", key)] = value
-				}
-			}
-
-			res = append(res, params)
-		}
-	} else {
-		log.Warningf("clusterDecisionResource status." + statusListKey + " missing")
+	if len(clusterDecisions) == 0 {
+		log.Warningf("clusterDecisionResource status.%s missing", statusListKey)
 		return nil, nil
 	}
+	for _, cluster := range clusterDecisions {
+		// generated instance of cluster params
+		params := map[string]any{}
+
+		log.Infof("cluster: %v", cluster)
+		matchValue := cluster.(map[string]any)[matchKey]
+		if matchValue == nil || matchValue.(string) == "" {
+			log.Warningf("matchKey=%v not found in \"%v\" list: %v\n", matchKey, statusListKey, cluster.(map[string]any))
+			continue
+		}
+
+		strMatchValue := matchValue.(string)
+		log.WithField(matchKey, strMatchValue).Debug("validate against ArgoCD")
+
+		found := false
+
+		for _, argoCluster := range clustersFromArgoCD {
+			if argoCluster.Name == strMatchValue {
+				log.WithField(matchKey, argoCluster.Name).Info("matched cluster in ArgoCD")
+				params["name"] = argoCluster.Name
+				params["server"] = argoCluster.Server
+
+				found = true
+				break // Stop looking
+			}
+		}
+
+		if !found {
+			log.WithField(matchKey, strMatchValue).Warning("unmatched cluster in ArgoCD")
+			continue
+		}
+
+		for key, value := range cluster.(map[string]any) {
+			params[key] = value.(string)
+		}
+
+		for key, value := range appSetGenerator.ClusterDecisionResource.Values {
+			if appSet.Spec.GoTemplate {
+				if params["values"] == nil {
+					params["values"] = map[string]string{}
+				}
+				params["values"].(map[string]string)[key] = value
+			} else {
+				params["values."+key] = value
+			}
+		}
+
+		res = append(res, params)
+	}

 	return res, nil
 }
--- a/applicationset/generators/duck_type_test.go
+++ b/applicationset/generators/duck_type_test.go
@@ -1,8 +1,7 @@
 package generators

 import (
-	"context"
-	"fmt"
+	"errors"
 	"testing"

 	"github.com/stretchr/testify/assert"
@@ -16,11 +15,11 @@ import (
 	kubefake "k8s.io/client-go/kubernetes/fake"
 	"sigs.k8s.io/controller-runtime/pkg/client"

-	argoprojiov1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
+	argoprojiov1alpha1 "github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1"
 )

 const (
-	resourceApiVersion = "mallard.io/v1"
+	resourceAPIVersion = "mallard.io/v1"
 	resourceKind       = "ducks"
 	resourceName       = "quak"
 )
@@ -78,20 +77,20 @@ func TestGenerateParamsForDuckType(t *testing.T) {
 	}

 	duckType := &unstructured.Unstructured{
-		Object: map[string]interface{}{
-			"apiVersion": resourceApiVersion,
+		Object: map[string]any{
+			"apiVersion": resourceAPIVersion,
 			"kind":       "Duck",
-			"metadata": map[string]interface{}{
+			"metadata": map[string]any{
 				"name":      resourceName,
 				"namespace": "namespace",
-				"labels":    map[string]interface{}{"duck": "all-species"},
+				"labels":    map[string]any{"duck": "all-species"},
 			},
-			"status": map[string]interface{}{
-				"decisions": []interface{}{
-					map[string]interface{}{
+			"status": map[string]any{
+				"decisions": []any{
+					map[string]any{
 						"clusterName": "staging-01",
 					},
-					map[string]interface{}{
+					map[string]any{
 						"clusterName": "production-01",
 					},
 				},
@@ -100,17 +99,17 @@ func TestGenerateParamsForDuckType(t *testing.T) {
 	}

 	duckTypeProdOnly := &unstructured.Unstructured{
-		Object: map[string]interface{}{
-			"apiVersion": resourceApiVersion,
+		Object: map[string]any{
+			"apiVersion": resourceAPIVersion,
 			"kind":       "Duck",
-			"metadata": map[string]interface{}{
+			"metadata": map[string]any{
 				"name":      resourceName,
 				"namespace": "namespace",
-				"labels":    map[string]interface{}{"duck": "spotted"},
+				"labels":    map[string]any{"duck": "spotted"},
 			},
-			"status": map[string]interface{}{
-				"decisions": []interface{}{
-					map[string]interface{}{
+			"status": map[string]any{
+				"decisions": []any{
+					map[string]any{
 						"clusterName": "production-01",
 					},
 				},
@@ -119,15 +118,15 @@ func TestGenerateParamsForDuckType(t *testing.T) {
 	}

 	duckTypeEmpty := &unstructured.Unstructured{
-		Object: map[string]interface{}{
-			"apiVersion": resourceApiVersion,
+		Object: map[string]any{
+			"apiVersion": resourceAPIVersion,
 			"kind":       "Duck",
-			"metadata": map[string]interface{}{
+			"metadata": map[string]any{
 				"name":      resourceName,
 				"namespace": "namespace",
-				"labels":    map[string]interface{}{"duck": "canvasback"},
+				"labels":    map[string]any{"duck": "canvasback"},
 			},
-			"status": map[string]interface{}{},
+			"status": map[string]any{},
 		},
 	}

@@ -137,7 +136,7 @@ func TestGenerateParamsForDuckType(t *testing.T) {
 			Namespace: "namespace",
 		},
 		Data: map[string]string{
-			"apiVersion":    resourceApiVersion,
+			"apiVersion":    resourceAPIVersion,
 			"kind":          resourceKind,
 			"statusListKey": "decisions",
 			"matchKey":      "clusterName",
@@ -151,7 +150,7 @@ func TestGenerateParamsForDuckType(t *testing.T) {
 		labelSelector metav1.LabelSelector
 		resource      *unstructured.Unstructured
 		values        map[string]string
-		expected      []map[string]interface{}
+		expected      []map[string]any
 		expectedError error
 	}{
 		{
@@ -159,8 +158,8 @@ func TestGenerateParamsForDuckType(t *testing.T) {
 			resourceName:  "",
 			resource:      duckType,
 			values:        nil,
-			expected:      []map[string]interface{}{},
-			expectedError: fmt.Errorf("There is a problem with the definition of the ClusterDecisionResource generator"),
+			expected:      []map[string]any{},
+			expectedError: errors.New("There is a problem with the definition of the ClusterDecisionResource generator"),
 		},
 		/*** This does not work with the FAKE runtime client, fieldSelectors are broken.
 		{
@@ -177,7 +176,7 @@ func TestGenerateParamsForDuckType(t *testing.T) {
 			resourceName: resourceName,
 			resource:     duckType,
 			values:       nil,
-			expected: []map[string]interface{}{
+			expected: []map[string]any{
 				{"clusterName": "production-01", "name": "production-01", "server": "https://production-01.example.com"},

 				{"clusterName": "staging-01", "name": "staging-01", "server": "https://staging-01.example.com"},
@@ -191,7 +190,7 @@ func TestGenerateParamsForDuckType(t *testing.T) {
 			values: map[string]string{
 				"foo": "bar",
 			},
-			expected: []map[string]interface{}{
+			expected: []map[string]any{
 				{"clusterName": "production-01", "values.foo": "bar", "name": "production-01", "server": "https://production-01.example.com"},
 			},
 			expectedError: nil,
@@ -219,7 +218,7 @@ func TestGenerateParamsForDuckType(t *testing.T) {
 			labelSelector: metav1.LabelSelector{MatchLabels: map[string]string{"duck": "all-species"}},
 			resource:      duckType,
 			values:        nil,
-			expected: []map[string]interface{}{
+			expected: []map[string]any{
 				{"clusterName": "production-01", "name": "production-01", "server": "https://production-01.example.com"},

 				{"clusterName": "staging-01", "name": "staging-01", "server": "https://staging-01.example.com"},
@@ -234,7 +233,7 @@ func TestGenerateParamsForDuckType(t *testing.T) {
 			values: map[string]string{
 				"foo": "bar",
 			},
-			expected: []map[string]interface{}{
+			expected: []map[string]any{
 				{"clusterName": "production-01", "values.foo": "bar", "name": "production-01", "server": "https://production-01.example.com"},
 			},
 			expectedError: nil,
@@ -251,7 +250,7 @@ func TestGenerateParamsForDuckType(t *testing.T) {
 			}},
 			resource: duckType,
 			values:   nil,
-			expected: []map[string]interface{}{
+			expected: []map[string]any{
 				{"clusterName": "production-01", "name": "production-01", "server": "https://production-01.example.com"},

 				{"clusterName": "staging-01", "name": "staging-01", "server": "https://staging-01.example.com"},
@@ -271,7 +270,7 @@ func TestGenerateParamsForDuckType(t *testing.T) {
 			resource:      duckType,
 			values:        nil,
 			expected:      nil,
-			expectedError: fmt.Errorf("There is a problem with the definition of the ClusterDecisionResource generator"),
+			expectedError: errors.New("There is a problem with the definition of the ClusterDecisionResource generator"),
 		},
 	}

@@ -293,7 +292,7 @@ func TestGenerateParamsForDuckType(t *testing.T) {

 			fakeDynClient := dynfake.NewSimpleDynamicClientWithCustomListKinds(runtime.NewScheme(), gvrToListKind, testCase.resource)

-			duckTypeGenerator := NewDuckTypeGenerator(context.Background(), fakeDynClient, appClientset, "namespace")
+			duckTypeGenerator := NewDuckTypeGenerator(t.Context(), fakeDynClient, appClientset, "namespace")

 			applicationSetInfo := argoprojiov1alpha1.ApplicationSet{
 				ObjectMeta: metav1.ObjectMeta{
@@ -374,20 +373,20 @@ func TestGenerateParamsForDuckTypeGoTemplate(t *testing.T) {
 	}

 	duckType := &unstructured.Unstructured{
-		Object: map[string]interface{}{
-			"apiVersion": resourceApiVersion,
+		Object: map[string]any{
+			"apiVersion": resourceAPIVersion,
 			"kind":       "Duck",
-			"metadata": map[string]interface{}{
+			"metadata": map[string]any{
 				"name":      resourceName,
 				"namespace": "namespace",
-				"labels":    map[string]interface{}{"duck": "all-species"},
+				"labels":    map[string]any{"duck": "all-species"},
 			},
-			"status": map[string]interface{}{
-				"decisions": []interface{}{
-					map[string]interface{}{
+			"status": map[string]any{
+				"decisions": []any{
+					map[string]any{
 						"clusterName": "staging-01",
 					},
-					map[string]interface{}{
+					map[string]any{
 						"clusterName": "production-01",
 					},
 				},
@@ -396,17 +395,17 @@ func TestGenerateParamsForDuckTypeGoTemplate(t *testing.T) {
 	}

 	duckTypeProdOnly := &unstructured.Unstructured{
-		Object: map[string]interface{}{
-			"apiVersion": resourceApiVersion,
+		Object: map[string]any{
+			"apiVersion": resourceAPIVersion,
 			"kind":       "Duck",
-			"metadata": map[string]interface{}{
+			"metadata": map[string]any{
 				"name":      resourceName,
 				"namespace": "namespace",
-				"labels":    map[string]interface{}{"duck": "spotted"},
+				"labels":    map[string]any{"duck": "spotted"},
 			},
-			"status": map[string]interface{}{
-				"decisions": []interface{}{
-					map[string]interface{}{
+			"status": map[string]any{
+				"decisions": []any{
+					map[string]any{
 						"clusterName": "production-01",
 					},
 				},
@@ -415,15 +414,15 @@ func TestGenerateParamsForDuckTypeGoTemplate(t *testing.T) {
 	}

 	duckTypeEmpty := &unstructured.Unstructured{
-		Object: map[string]interface{}{
-			"apiVersion": resourceApiVersion,
+		Object: map[string]any{
+			"apiVersion": resourceAPIVersion,
 			"kind":       "Duck",
-			"metadata": map[string]interface{}{
+			"metadata": map[string]any{
 				"name":      resourceName,
 				"namespace": "namespace",
-				"labels":    map[string]interface{}{"duck": "canvasback"},
+				"labels":    map[string]any{"duck": "canvasback"},
 			},
-			"status": map[string]interface{}{},
+			"status": map[string]any{},
 		},
 	}

@@ -433,7 +432,7 @@ func TestGenerateParamsForDuckTypeGoTemplate(t *testing.T) {
 			Namespace: "namespace",
 		},
 		Data: map[string]string{
-			"apiVersion":    resourceApiVersion,
+			"apiVersion":    resourceAPIVersion,
 			"kind":          resourceKind,
 			"statusListKey": "decisions",
 			"matchKey":      "clusterName",
@@ -447,7 +446,7 @@ func TestGenerateParamsForDuckTypeGoTemplate(t *testing.T) {
 		labelSelector metav1.LabelSelector
 		resource      *unstructured.Unstructured
 		values        map[string]string
-		expected      []map[string]interface{}
+		expected      []map[string]any
 		expectedError error
 	}{
 		{
@@ -455,8 +454,8 @@ func TestGenerateParamsForDuckTypeGoTemplate(t *testing.T) {
 			resourceName:  "",
 			resource:      duckType,
 			values:        nil,
-			expected:      []map[string]interface{}{},
-			expectedError: fmt.Errorf("There is a problem with the definition of the ClusterDecisionResource generator"),
+			expected:      []map[string]any{},
+			expectedError: errors.New("There is a problem with the definition of the ClusterDecisionResource generator"),
 		},
 		/*** This does not work with the FAKE runtime client, fieldSelectors are broken.
 		{
@@ -473,7 +472,7 @@ func TestGenerateParamsForDuckTypeGoTemplate(t *testing.T) {
 			resourceName: resourceName,
 			resource:     duckType,
 			values:       nil,
-			expected: []map[string]interface{}{
+			expected: []map[string]any{
 				{"clusterName": "production-01", "name": "production-01", "server": "https://production-01.example.com"},

 				{"clusterName": "staging-01", "name": "staging-01", "server": "https://staging-01.example.com"},
@@ -487,7 +486,7 @@ func TestGenerateParamsForDuckTypeGoTemplate(t *testing.T) {
 			values: map[string]string{
 				"foo": "bar",
 			},
-			expected: []map[string]interface{}{
+			expected: []map[string]any{
 				{"clusterName": "production-01", "values": map[string]string{"foo": "bar"}, "name": "production-01", "server": "https://production-01.example.com"},
 			},
 			expectedError: nil,
@@ -515,7 +514,7 @@ func TestGenerateParamsForDuckTypeGoTemplate(t *testing.T) {
 			labelSelector: metav1.LabelSelector{MatchLabels: map[string]string{"duck": "all-species"}},
 			resource:      duckType,
 			values:        nil,
-			expected: []map[string]interface{}{
+			expected: []map[string]any{
 				{"clusterName": "production-01", "name": "production-01", "server": "https://production-01.example.com"},

 				{"clusterName": "staging-01", "name": "staging-01", "server": "https://staging-01.example.com"},
@@ -530,7 +529,7 @@ func TestGenerateParamsForDuckTypeGoTemplate(t *testing.T) {
 			values: map[string]string{
 				"foo": "bar",
 			},
-			expected: []map[string]interface{}{
+			expected: []map[string]any{
 				{"clusterName": "production-01", "values": map[string]string{"foo": "bar"}, "name": "production-01", "server": "https://production-01.example.com"},
 			},
 			expectedError: nil,
@@ -547,7 +546,7 @@ func TestGenerateParamsForDuckTypeGoTemplate(t *testing.T) {
 			}},
 			resource: duckType,
 			values:   nil,
-			expected: []map[string]interface{}{
+			expected: []map[string]any{
 				{"clusterName": "production-01", "name": "production-01", "server": "https://production-01.example.com"},

 				{"clusterName": "staging-01", "name": "staging-01", "server": "https://staging-01.example.com"},
@@ -567,7 +566,7 @@ func TestGenerateParamsForDuckTypeGoTemplate(t *testing.T) {
 			resource:      duckType,
 			values:        nil,
 			expected:      nil,
-			expectedError: fmt.Errorf("There is a problem with the definition of the ClusterDecisionResource generator"),
+			expectedError: errors.New("There is a problem with the definition of the ClusterDecisionResource generator"),
 		},
 	}

@@ -589,7 +588,7 @@ func TestGenerateParamsForDuckTypeGoTemplate(t *testing.T) {

 			fakeDynClient := dynfake.NewSimpleDynamicClientWithCustomListKinds(runtime.NewScheme(), gvrToListKind, testCase.resource)

-			duckTypeGenerator := NewDuckTypeGenerator(context.Background(), fakeDynClient, appClientset, "namespace")
+			duckTypeGenerator := NewDuckTypeGenerator(t.Context(), fakeDynClient, appClientset, "namespace")

 			applicationSetInfo := argoprojiov1alpha1.ApplicationSet{
 				ObjectMeta: metav1.ObjectMeta{
--- a/applicationset/generators/generator_spec_processor.go
+++ b/applicationset/generators/generator_spec_processor.go
@@ -7,13 +7,13 @@ import (
 	"github.com/jeremywohl/flatten"
 	"sigs.k8s.io/controller-runtime/pkg/client"

-	"github.com/argoproj/argo-cd/v2/applicationset/utils"
+	"github.com/argoproj/argo-cd/v3/applicationset/utils"

 	"k8s.io/apimachinery/pkg/labels"

-	argoprojiov1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
+	argoprojiov1alpha1 "github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1"

-	"github.com/imdario/mergo"
+	"dario.cat/mergo"
 	log "github.com/sirupsen/logrus"
 )

@@ -22,12 +22,12 @@ const (
 )

 type TransformResult struct {
-	Params   []map[string]interface{}
+	Params   []map[string]any
 	Template argoprojiov1alpha1.ApplicationSetTemplate
 }

 // Transform a spec generator to list of paramSets and a template
-func Transform(requestedGenerator argoprojiov1alpha1.ApplicationSetGenerator, allGenerators map[string]Generator, baseTemplate argoprojiov1alpha1.ApplicationSetTemplate, appSet *argoprojiov1alpha1.ApplicationSet, genParams map[string]interface{}, client client.Client) ([]TransformResult, error) {
+func Transform(requestedGenerator argoprojiov1alpha1.ApplicationSetGenerator, allGenerators map[string]Generator, baseTemplate argoprojiov1alpha1.ApplicationSetTemplate, appSet *argoprojiov1alpha1.ApplicationSet, genParams map[string]any, client client.Client) ([]TransformResult, error) {
 	// This is a custom version of the `LabelSelectorAsSelector` that is in k8s.io/apimachinery. This has been copied
 	// verbatim from that package, with the difference that we do not have any restrictions on label values. This is done
 	// so that, among other things, we can match on cluster urls.
@@ -52,7 +52,7 @@ func Transform(requestedGenerator argoprojiov1alpha1.ApplicationSetGenerator, al
 			}
 			continue
 		}
-		var params []map[string]interface{}
+		var params []map[string]any
 		if len(genParams) != 0 {
 			tempInterpolatedGenerator, err := InterpolateGenerator(&requestedGenerator, genParams, appSet.Spec.GoTemplate, appSet.Spec.GoTemplateOptions)
 			interpolatedGenerator = &tempInterpolatedGenerator
@@ -74,7 +74,7 @@ func Transform(requestedGenerator argoprojiov1alpha1.ApplicationSetGenerator, al
 			}
 			continue
 		}
-		var filterParams []map[string]interface{}
+		var filterParams []map[string]any
 		for _, param := range params {
 			flatParam, err := flattenParameters(param)
 			if err != nil {
@@ -123,7 +123,7 @@ func GetRelevantGenerators(requestedGenerator *argoprojiov1alpha1.ApplicationSet
 	return res
 }

-func flattenParameters(in map[string]interface{}) (map[string]string, error) {
+func flattenParameters(in map[string]any) (map[string]string, error) {
 	flat, err := flatten.Flatten(in, "", flatten.DotStyle)
 	if err != nil {
 		return nil, fmt.Errorf("error flatenning parameters: %w", err)
@@ -149,7 +149,7 @@ func mergeGeneratorTemplate(g Generator, requestedGenerator *argoprojiov1alpha1.

 // InterpolateGenerator allows interpolating the matrix's 2nd child generator with values from the 1st child generator
 // "params" parameter is an array, where each index corresponds to a generator. Each index contains a map w/ that generator's parameters.
-func InterpolateGenerator(requestedGenerator *argoprojiov1alpha1.ApplicationSetGenerator, params map[string]interface{}, useGoTemplate bool, goTemplateOptions []string) (argoprojiov1alpha1.ApplicationSetGenerator, error) {
+func InterpolateGenerator(requestedGenerator *argoprojiov1alpha1.ApplicationSetGenerator, params map[string]any, useGoTemplate bool, goTemplateOptions []string) (argoprojiov1alpha1.ApplicationSetGenerator, error) {
 	render := utils.Render{}
 	interpolatedGenerator, err := render.RenderGeneratorParams(requestedGenerator, params, useGoTemplate, goTemplateOptions)
 	if err != nil {
@@ -159,16 +159,3 @@ func InterpolateGenerator(requestedGenerator *argoprojiov1alpha1.ApplicationSetG

 	return *interpolatedGenerator, nil
 }
-
-// Fixes https://github.com/argoproj/argo-cd/issues/11982 while ensuring backwards compatibility.
-// This is only a short-term solution and should be removed in a future major version.
-func dropDisabledNestedSelectors(generators []argoprojiov1alpha1.ApplicationSetNestedGenerator) bool {
-	var foundSelector bool
-	for i := range generators {
-		if generators[i].Selector != nil {
-			foundSelector = true
-			generators[i].Selector = nil
-		}
-	}
-	return foundSelector
-}
--- a/applicationset/generators/generator_spec_processor_test.go
+++ b/applicationset/generators/generator_spec_processor_test.go
@@ -10,9 +10,9 @@ import (
 	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"

-	"github.com/argoproj/argo-cd/v2/applicationset/services/mocks"
+	"github.com/argoproj/argo-cd/v3/applicationset/services/mocks"

-	argov1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
+	argov1alpha1 "github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1"

 	"github.com/stretchr/testify/mock"
 	corev1 "k8s.io/api/core/v1"
@@ -27,19 +27,19 @@ func TestMatchValues(t *testing.T) {
 		name     string
 		elements []apiextensionsv1.JSON
 		selector *metav1.LabelSelector
-		expected []map[string]interface{}
+		expected []map[string]any
 	}{
 		{
 			name:     "no filter",
 			elements: []apiextensionsv1.JSON{{Raw: []byte(`{"cluster": "cluster","url": "url"}`)}},
 			selector: &metav1.LabelSelector{},
-			expected: []map[string]interface{}{{"cluster": "cluster", "url": "url"}},
+			expected: []map[string]any{{"cluster": "cluster", "url": "url"}},
 		},
 		{
 			name:     "nil",
 			elements: []apiextensionsv1.JSON{{Raw: []byte(`{"cluster": "cluster","url": "url"}`)}},
 			selector: nil,
-			expected: []map[string]interface{}{{"cluster": "cluster", "url": "url"}},
+			expected: []map[string]any{{"cluster": "cluster", "url": "url"}},
 		},
 		{
 			name:     "values.foo should be foo but is ignore element",
@@ -49,7 +49,7 @@ func TestMatchValues(t *testing.T) {
 					"values.foo": "foo",
 				},
 			},
-			expected: []map[string]interface{}{},
+			expected: []map[string]any{},
 		},
 		{
 			name:     "values.foo should be bar",
@@ -59,7 +59,7 @@ func TestMatchValues(t *testing.T) {
 					"values.foo": "bar",
 				},
 			},
-			expected: []map[string]interface{}{{"cluster": "cluster", "url": "url", "values.foo": "bar"}},
+			expected: []map[string]any{{"cluster": "cluster", "url": "url", "values.foo": "bar"}},
 		},
 	}

@@ -101,19 +101,19 @@ func TestMatchValuesGoTemplate(t *testing.T) {
 		name     string
 		elements []apiextensionsv1.JSON
 		selector *metav1.LabelSelector
-		expected []map[string]interface{}
+		expected []map[string]any
 	}{
 		{
 			name:     "no filter",
 			elements: []apiextensionsv1.JSON{{Raw: []byte(`{"cluster": "cluster","url": "url"}`)}},
 			selector: &metav1.LabelSelector{},
-			expected: []map[string]interface{}{{"cluster": "cluster", "url": "url"}},
+			expected: []map[string]any{{"cluster": "cluster", "url": "url"}},
 		},
 		{
 			name:     "nil",
 			elements: []apiextensionsv1.JSON{{Raw: []byte(`{"cluster": "cluster","url": "url"}`)}},
 			selector: nil,
-			expected: []map[string]interface{}{{"cluster": "cluster", "url": "url"}},
+			expected: []map[string]any{{"cluster": "cluster", "url": "url"}},
 		},
 		{
 			name:     "values.foo should be foo but is ignore element",
@@ -123,7 +123,7 @@ func TestMatchValuesGoTemplate(t *testing.T) {
 					"values.foo": "foo",
 				},
 			},
-			expected: []map[string]interface{}{},
+			expected: []map[string]any{},
 		},
 		{
 			name:     "values.foo should be bar",
@@ -133,7 +133,7 @@ func TestMatchValuesGoTemplate(t *testing.T) {
 					"values.foo": "bar",
 				},
 			},
-			expected: []map[string]interface{}{{"cluster": "cluster", "url": "url", "values": map[string]interface{}{"foo": "bar"}}},
+			expected: []map[string]any{{"cluster": "cluster", "url": "url", "values": map[string]any{"foo": "bar"}}},
 		},
 		{
 			name:     "values.0 should be bar",
@@ -143,7 +143,7 @@ func TestMatchValuesGoTemplate(t *testing.T) {
 					"values.0": "bar",
 				},
 			},
-			expected: []map[string]interface{}{{"cluster": "cluster", "url": "url", "values": []interface{}{"bar"}}},
+			expected: []map[string]any{{"cluster": "cluster", "url": "url", "values": []any{"bar"}}},
 		},
 	}

@@ -184,14 +184,14 @@ func TestTransForm(t *testing.T) {
 	testCases := []struct {
 		name     string
 		selector *metav1.LabelSelector
-		expected []map[string]interface{}
+		expected []map[string]any
 	}{
 		{
 			name: "server filter",
 			selector: &metav1.LabelSelector{
 				MatchLabels: map[string]string{"server": "https://production-01.example.com"},
 			},
-			expected: []map[string]interface{}{{
+			expected: []map[string]any{{
 				"metadata.annotations.foo.argoproj.io":           "production",
 				"metadata.labels.argocd.argoproj.io/secret-type": "cluster",
 				"metadata.labels.environment":                    "production",
@@ -199,6 +199,7 @@ func TestTransForm(t *testing.T) {
 				"name":                                           "production_01/west",
 				"nameNormalized":                                 "production-01-west",
 				"server":                                         "https://production-01.example.com",
+				"project":                                        "",
 			}},
 		},
 		{
@@ -206,7 +207,7 @@ func TestTransForm(t *testing.T) {
 			selector: &metav1.LabelSelector{
 				MatchLabels: map[string]string{"server": "https://some-really-long-url-that-will-exceed-63-characters.com"},
 			},
-			expected: []map[string]interface{}{{
+			expected: []map[string]any{{
 				"metadata.annotations.foo.argoproj.io":           "production",
 				"metadata.labels.argocd.argoproj.io/secret-type": "cluster",
 				"metadata.labels.environment":                    "production",
@@ -214,6 +215,7 @@ func TestTransForm(t *testing.T) {
 				"name":                                           "some-really-long-server-url",
 				"nameNormalized":                                 "some-really-long-server-url",
 				"server":                                         "https://some-really-long-url-that-will-exceed-63-characters.com",
+				"project":                                        "",
 			}},
 		},
 	}
@@ -340,13 +342,13 @@ func getMockClusterGenerator() Generator {
 	appClientset := kubefake.NewSimpleClientset(runtimeClusters...)

 	fakeClient := fake.NewClientBuilder().WithObjects(clusters...).Build()
-	return NewClusterGenerator(fakeClient, context.Background(), appClientset, "namespace")
+	return NewClusterGenerator(context.Background(), fakeClient, appClientset, "namespace")
 }

 func getMockGitGenerator() Generator {
 	argoCDServiceMock := mocks.Repos{}
 	argoCDServiceMock.On("GetDirectories", mock.Anything, mock.Anything, mock.Anything).Return([]string{"app1", "app2", "app_3", "p1/app4"}, nil)
-	gitGenerator := NewGitGenerator(&argoCDServiceMock)
+	gitGenerator := NewGitGenerator(&argoCDServiceMock, "namespace")
 	return gitGenerator
 }

@@ -411,7 +413,7 @@ func TestInterpolateGenerator(t *testing.T) {
 			},
 		},
 	}
-	gitGeneratorParams := map[string]interface{}{
+	gitGeneratorParams := map[string]any{
 		"path":                    "p1/p2/app3",
 		"path.basename":           "app3",
 		"path[0]":                 "p1",
@@ -440,7 +442,7 @@ func TestInterpolateGenerator(t *testing.T) {
 			Template: argov1alpha1.ApplicationSetTemplate{},
 		},
 	}
-	clusterGeneratorParams := map[string]interface{}{
+	clusterGeneratorParams := map[string]any{
 		"name": "production_01/west", "server": "https://production-01.example.com",
 	}
 	interpolatedGenerator, err = InterpolateGenerator(requestedGenerator, clusterGeneratorParams, false, nil)
@@ -466,8 +468,8 @@ func TestInterpolateGenerator_go(t *testing.T) {
 			},
 		},
 	}
-	gitGeneratorParams := map[string]interface{}{
-		"path": map[string]interface{}{
+	gitGeneratorParams := map[string]any{
+		"path": map[string]any{
 			"path":     "p1/p2/app3",
 			"segments": []string{"p1", "p2", "app3"},
 		},
@@ -495,7 +497,7 @@ func TestInterpolateGenerator_go(t *testing.T) {
 			Template: argov1alpha1.ApplicationSetTemplate{},
 		},
 	}
-	clusterGeneratorParams := map[string]interface{}{
+	clusterGeneratorParams := map[string]any{
 		"name": "production_01/west", "server": "https://production-01.example.com",
 	}
 	interpolatedGenerator, err = InterpolateGenerator(requestedGenerator, clusterGeneratorParams, true, nil)
@@ -510,7 +512,7 @@ func TestInterpolateGenerator_go(t *testing.T) {
 func TestInterpolateGeneratorError(t *testing.T) {
 	type args struct {
 		requestedGenerator *argov1alpha1.ApplicationSetGenerator
-		params             map[string]interface{}
+		params             map[string]any
 		useGoTemplate      bool
 		goTemplateOptions  []string
 	}
@@ -528,7 +530,7 @@ func TestInterpolateGeneratorError(t *testing.T) {
 		}, want: argov1alpha1.ApplicationSetGenerator{}, expectedErrStr: "generator is empty"},
 		{name: "No Params", args: args{
 			requestedGenerator: &argov1alpha1.ApplicationSetGenerator{},
-			params:             map[string]interface{}{},
+			params:             map[string]any{},
 			useGoTemplate:      false,
 			goTemplateOptions:  nil,
 		}, want: argov1alpha1.ApplicationSetGenerator{}, expectedErrStr: ""},
@@ -543,7 +545,7 @@ func TestInterpolateGeneratorError(t *testing.T) {
 					"resolved":  "{{ index .rmap (default .override .test) }}",
 				},
 			}},
-			params: map[string]interface{}{
+			params: map[string]any{
 				"name":     "in-cluster",
 				"override": "foo",
 			},
--- a/applicationset/generators/git.go
+++ b/applicationset/generators/git.go
@@ -15,22 +15,25 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/yaml"

-	"github.com/argoproj/argo-cd/v2/applicationset/services"
-	"github.com/argoproj/argo-cd/v2/applicationset/utils"
-	argoprojiov1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
-	"github.com/argoproj/argo-cd/v2/util/gpg"
+	"github.com/argoproj/argo-cd/v3/applicationset/services"
+	"github.com/argoproj/argo-cd/v3/applicationset/utils"
+	argoprojiov1alpha1 "github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1"
+	"github.com/argoproj/argo-cd/v3/util/gpg"
 )

 var _ Generator = (*GitGenerator)(nil)

 type GitGenerator struct {
-	repos services.Repos
+	repos     services.Repos
+	namespace string
 }

-func NewGitGenerator(repos services.Repos) Generator {
+func NewGitGenerator(repos services.Repos, namespace string) Generator {
 	g := &GitGenerator{
-		repos: repos,
+		repos:     repos,
+		namespace: namespace,
 	}
+
 	return g
 }

@@ -45,10 +48,10 @@ func (g *GitGenerator) GetRequeueAfter(appSetGenerator *argoprojiov1alpha1.Appli
 		return time.Duration(*appSetGenerator.Git.RequeueAfterSeconds) * time.Second
 	}

-	return DefaultRequeueAfterSeconds
+	return getDefaultRequeueAfter()
 }

-func (g *GitGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha1.ApplicationSetGenerator, appSet *argoprojiov1alpha1.ApplicationSet, client client.Client) ([]map[string]interface{}, error) {
+func (g *GitGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha1.ApplicationSetGenerator, appSet *argoprojiov1alpha1.ApplicationSet, client client.Client) ([]map[string]any, error) {
 	if appSetGenerator == nil {
 		return nil, EmptyAppSetGeneratorError
 	}
@@ -59,28 +62,37 @@ func (g *GitGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha1.Applic

 	noRevisionCache := appSet.RefreshRequired()

-	var project string
-	if strings.Contains(appSet.Spec.Template.Spec.Project, "{{") {
-		project = appSetGenerator.Git.Template.Spec.Project
-	} else {
-		project = appSet.Spec.Template.Spec.Project
+	verifyCommit := false
+
+	// When the project field is templated, the contents of the git repo are required to run the git generator and get the templated value,
+	// but git generator cannot be called without verifying the commit signature.
+	// In this case, we skip the signature verification.
+	if !strings.Contains(appSet.Spec.Template.Spec.Project, "{{") {
+		project := appSet.Spec.Template.Spec.Project
+		appProject := &argoprojiov1alpha1.AppProject{}
+		namespace := g.namespace
+		if namespace == "" {
+			namespace = appSet.Namespace
+		}
+		if err := client.Get(context.TODO(), types.NamespacedName{Name: project, Namespace: namespace}, appProject); err != nil {
+			return nil, fmt.Errorf("error getting project %s: %w", project, err)
+		}
+		// we need to verify the signature on the Git revision if GPG is enabled
+		verifyCommit = len(appProject.Spec.SignatureKeys) > 0 && gpg.IsGPGEnabled()
 	}

-	appProject := &argoprojiov1alpha1.AppProject{}
-	if err := client.Get(context.TODO(), types.NamespacedName{Name: appSet.Spec.Template.Spec.Project, Namespace: appSet.Namespace}, appProject); err != nil {
-		return nil, fmt.Errorf("error getting project %s: %w", project, err)
-	}
-
-	// we need to verify the signature on the Git revision if GPG is enabled
-	verifyCommit := appProject.Spec.SignatureKeys != nil && len(appProject.Spec.SignatureKeys) > 0 && gpg.IsGPGEnabled()
+	// If the project field is templated, we cannot resolve the project name, so we pass an empty string to the repo-server.
+	// This means only "globally-scoped" repo credentials can be used for such appsets.
+	project := resolveProjectName(appSet.Spec.Template.Spec.Project)

 	var err error
-	var res []map[string]interface{}
-	if len(appSetGenerator.Git.Directories) != 0 {
-		res, err = g.generateParamsForGitDirectories(appSetGenerator, noRevisionCache, verifyCommit, appSet.Spec.GoTemplate, appSet.Spec.GoTemplateOptions)
-	} else if len(appSetGenerator.Git.Files) != 0 {
-		res, err = g.generateParamsForGitFiles(appSetGenerator, noRevisionCache, verifyCommit, appSet.Spec.GoTemplate, appSet.Spec.GoTemplateOptions)
-	} else {
+	var res []map[string]any
+	switch {
+	case len(appSetGenerator.Git.Directories) != 0:
+		res, err = g.generateParamsForGitDirectories(appSetGenerator, noRevisionCache, verifyCommit, appSet.Spec.GoTemplate, project, appSet.Spec.GoTemplateOptions)
+	case len(appSetGenerator.Git.Files) != 0:
+		res, err = g.generateParamsForGitFiles(appSetGenerator, noRevisionCache, verifyCommit, appSet.Spec.GoTemplate, project, appSet.Spec.GoTemplateOptions)
+	default:
 		return nil, EmptyAppSetGeneratorError
 	}
 	if err != nil {
@@ -90,9 +102,9 @@ func (g *GitGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha1.Applic
 	return res, nil
 }

-func (g *GitGenerator) generateParamsForGitDirectories(appSetGenerator *argoprojiov1alpha1.ApplicationSetGenerator, noRevisionCache, verifyCommit bool, useGoTemplate bool, goTemplateOptions []string) ([]map[string]interface{}, error) {
+func (g *GitGenerator) generateParamsForGitDirectories(appSetGenerator *argoprojiov1alpha1.ApplicationSetGenerator, noRevisionCache, verifyCommit, useGoTemplate bool, project string, goTemplateOptions []string) ([]map[string]any, error) {
 	// Directories, not files
-	allPaths, err := g.repos.GetDirectories(context.TODO(), appSetGenerator.Git.RepoURL, appSetGenerator.Git.Revision, noRevisionCache, verifyCommit)
+	allPaths, err := g.repos.GetDirectories(context.TODO(), appSetGenerator.Git.RepoURL, appSetGenerator.Git.Revision, project, noRevisionCache, verifyCommit)
 	if err != nil {
 		return nil, fmt.Errorf("error getting directories from repo: %w", err)
 	}
@@ -115,11 +127,11 @@ func (g *GitGenerator) generateParamsForGitDirectories(appSetGenerator *argoproj
 	return res, nil
 }

-func (g *GitGenerator) generateParamsForGitFiles(appSetGenerator *argoprojiov1alpha1.ApplicationSetGenerator, noRevisionCache, verifyCommit bool, useGoTemplate bool, goTemplateOptions []string) ([]map[string]interface{}, error) {
+func (g *GitGenerator) generateParamsForGitFiles(appSetGenerator *argoprojiov1alpha1.ApplicationSetGenerator, noRevisionCache, verifyCommit, useGoTemplate bool, project string, goTemplateOptions []string) ([]map[string]any, error) {
 	// Get all files that match the requested path string, removing duplicates
 	allFiles := make(map[string][]byte)
 	for _, requestedPath := range appSetGenerator.Git.Files {
-		files, err := g.repos.GetFiles(context.TODO(), appSetGenerator.Git.RepoURL, appSetGenerator.Git.Revision, requestedPath.Path, noRevisionCache, verifyCommit)
+		files, err := g.repos.GetFiles(context.TODO(), appSetGenerator.Git.RepoURL, appSetGenerator.Git.Revision, project, requestedPath.Path, noRevisionCache, verifyCommit)
 		if err != nil {
 			return nil, err
 		}
@@ -137,7 +149,7 @@ func (g *GitGenerator) generateParamsForGitFiles(appSetGenerator *argoprojiov1al
 	sort.Strings(allPaths)

 	// Generate params from each path, and return
-	res := []map[string]interface{}{}
+	res := []map[string]any{}
 	for _, path := range allPaths {
 		// A JSON / YAML file path can contain multiple sets of parameters (ie it is an array)
 		paramsArray, err := g.generateParamsFromGitFile(path, allFiles[path], appSetGenerator.Git.Values, useGoTemplate, goTemplateOptions, appSetGenerator.Git.PathParamPrefix)
@@ -150,14 +162,14 @@ func (g *GitGenerator) generateParamsForGitFiles(appSetGenerator *argoprojiov1al
 	return res, nil
 }

-func (g *GitGenerator) generateParamsFromGitFile(filePath string, fileContent []byte, values map[string]string, useGoTemplate bool, goTemplateOptions []string, pathParamPrefix string) ([]map[string]interface{}, error) {
-	objectsFound := []map[string]interface{}{}
+func (g *GitGenerator) generateParamsFromGitFile(filePath string, fileContent []byte, values map[string]string, useGoTemplate bool, goTemplateOptions []string, pathParamPrefix string) ([]map[string]any, error) {
+	objectsFound := []map[string]any{}

 	// First, we attempt to parse as an array
 	err := yaml.Unmarshal(fileContent, &objectsFound)
 	if err != nil {
 		// If unable to parse as an array, attempt to parse as a single object
-		singleObj := make(map[string]interface{})
+		singleObj := make(map[string]any)
 		err = yaml.Unmarshal(fileContent, &singleObj)
 		if err != nil {
 			return nil, fmt.Errorf("unable to parse file: %w", err)
@@ -165,20 +177,20 @@ func (g *GitGenerator) generateParamsFromGitFile(filePath string, fileContent []
 		objectsFound = append(objectsFound, singleObj)
 	} else if len(objectsFound) == 0 {
 		// If file is valid but empty, add a default empty item
-		objectsFound = append(objectsFound, map[string]interface{}{})
+		objectsFound = append(objectsFound, map[string]any{})
 	}

-	res := []map[string]interface{}{}
+	res := []map[string]any{}

 	for _, objectFound := range objectsFound {
-		params := map[string]interface{}{}
+		params := map[string]any{}

 		if useGoTemplate {
 			for k, v := range objectFound {
 				params[k] = v
 			}

-			paramPath := map[string]interface{}{}
+			paramPath := map[string]any{}

 			paramPath["path"] = path.Dir(filePath)
 			paramPath["basename"] = path.Base(paramPath["path"].(string))
@@ -187,7 +199,7 @@ func (g *GitGenerator) generateParamsFromGitFile(filePath string, fileContent []
 			paramPath["filenameNormalized"] = utils.SanitizeName(path.Base(paramPath["filename"].(string)))
 			paramPath["segments"] = strings.Split(paramPath["path"].(string), "/")
 			if pathParamPrefix != "" {
-				params[pathParamPrefix] = map[string]interface{}{"path": paramPath}
+				params[pathParamPrefix] = map[string]any{"path": paramPath}
 			} else {
 				params["path"] = paramPath
 			}
@@ -254,19 +266,19 @@ func (g *GitGenerator) filterApps(directories []argoprojiov1alpha1.GitDirectoryG
 	return res
 }

-func (g *GitGenerator) generateParamsFromApps(requestedApps []string, appSetGenerator *argoprojiov1alpha1.ApplicationSetGenerator, useGoTemplate bool, goTemplateOptions []string) ([]map[string]interface{}, error) {
-	res := make([]map[string]interface{}, len(requestedApps))
+func (g *GitGenerator) generateParamsFromApps(requestedApps []string, appSetGenerator *argoprojiov1alpha1.ApplicationSetGenerator, useGoTemplate bool, goTemplateOptions []string) ([]map[string]any, error) {
+	res := make([]map[string]any, len(requestedApps))
 	for i, a := range requestedApps {
-		params := make(map[string]interface{}, 5)
+		params := make(map[string]any, 5)

 		if useGoTemplate {
-			paramPath := map[string]interface{}{}
+			paramPath := map[string]any{}
 			paramPath["path"] = a
 			paramPath["basename"] = path.Base(a)
 			paramPath["basenameNormalized"] = utils.SanitizeName(path.Base(a))
 			paramPath["segments"] = strings.Split(paramPath["path"].(string), "/")
 			if appSetGenerator.Git.PathParamPrefix != "" {
-				params[appSetGenerator.Git.PathParamPrefix] = map[string]interface{}{"path": paramPath}
+				params[appSetGenerator.Git.PathParamPrefix] = map[string]any{"path": paramPath}
 			} else {
 				params["path"] = paramPath
 			}
@@ -295,3 +307,11 @@ func (g *GitGenerator) generateParamsFromApps(requestedApps []string, appSetGene

 	return res, nil
 }
+
+func resolveProjectName(project string) string {
+	if strings.Contains(project, "{{") {
+		return ""
+	}
+
+	return project
+}
--- a/applicationset/generators/git_test.go
+++ b/applicationset/generators/git_test.go
--- a/applicationset/generators/interface.go
+++ b/applicationset/generators/interface.go
@@ -1,12 +1,13 @@
 package generators

 import (
-	"fmt"
+	"errors"
 	"time"

 	"sigs.k8s.io/controller-runtime/pkg/client"

-	argoprojiov1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
+	argoprojiov1alpha1 "github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1"
+	"github.com/argoproj/argo-cd/v3/util/env"
 )

 // Generator defines the interface implemented by all ApplicationSet generators.
@@ -14,7 +15,7 @@ type Generator interface {
 	// GenerateParams interprets the ApplicationSet and generates all relevant parameters for the application template.
 	// The expected / desired list of parameters is returned, it then will be render and reconciled
 	// against the current state of the Applications in the cluster.
-	GenerateParams(appSetGenerator *argoprojiov1alpha1.ApplicationSetGenerator, applicationSetInfo *argoprojiov1alpha1.ApplicationSet, client client.Client) ([]map[string]interface{}, error)
+	GenerateParams(appSetGenerator *argoprojiov1alpha1.ApplicationSetGenerator, applicationSetInfo *argoprojiov1alpha1.ApplicationSet, client client.Client) ([]map[string]any, error)

 	// GetRequeueAfter is the generator can controller the next reconciled loop
 	// In case there is more then one generator the time will be the minimum of the times.
@@ -26,11 +27,15 @@ type Generator interface {
 }

 var (
-	EmptyAppSetGeneratorError = fmt.Errorf("ApplicationSet is empty")
+	EmptyAppSetGeneratorError = errors.New("ApplicationSet is empty")
 	NoRequeueAfter            time.Duration
 )

-// DefaultRequeueAfterSeconds is used when GetRequeueAfter is not specified, it is the default time to wait before the next reconcile loop
 const (
 	DefaultRequeueAfterSeconds = 3 * time.Minute
 )
+
+func getDefaultRequeueAfter() time.Duration {
+	// Default is 3 minutes, min is 1 second, max is 1 year
+	return env.ParseDurationFromEnv("ARGOCD_APPLICATIONSET_CONTROLLER_REQUEUE_AFTER", DefaultRequeueAfterSeconds, 1*time.Second, 8760*time.Hour)
+}
--- a/applicationset/generators/interface_test.go
+++ b/applicationset/generators/interface_test.go
@@ -0,0 +1,29 @@
+package generators
+
+import (
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func Test_getDefaultRequeueAfter(t *testing.T) {
+	tests := []struct {
+		name            string
+		requeueAfterEnv string
+		want            time.Duration
+	}{
+		{name: "Default", requeueAfterEnv: "", want: DefaultRequeueAfterSeconds},
+		{name: "Min", requeueAfterEnv: "1s", want: 1 * time.Second},
+		{name: "Max", requeueAfterEnv: "8760h", want: 8760 * time.Hour},
+		{name: "Override", requeueAfterEnv: "10m", want: 10 * time.Minute},
+		{name: "LessThanMin", requeueAfterEnv: "1ms", want: DefaultRequeueAfterSeconds},
+		{name: "MoreThanMax", requeueAfterEnv: "8761h", want: DefaultRequeueAfterSeconds},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			t.Setenv("ARGOCD_APPLICATIONSET_CONTROLLER_REQUEUE_AFTER", tt.requeueAfterEnv)
+			assert.Equalf(t, tt.want, getDefaultRequeueAfter(), "getDefaultRequeueAfter()")
+		})
+	}
+}
--- a/applicationset/generators/list.go
+++ b/applicationset/generators/list.go
@@ -2,13 +2,14 @@ package generators

 import (
 	"encoding/json"
+	"errors"
 	"fmt"
 	"time"

 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/yaml"

-	argoprojiov1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
+	argoprojiov1alpha1 "github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1"
 )

 var _ Generator = (*ListGenerator)(nil)
@@ -20,7 +21,7 @@ func NewListGenerator() Generator {
 	return g
 }

-func (g *ListGenerator) GetRequeueAfter(appSetGenerator *argoprojiov1alpha1.ApplicationSetGenerator) time.Duration {
+func (g *ListGenerator) GetRequeueAfter(_ *argoprojiov1alpha1.ApplicationSetGenerator) time.Duration {
 	return NoRequeueAfter
 }

@@ -28,7 +29,7 @@ func (g *ListGenerator) GetTemplate(appSetGenerator *argoprojiov1alpha1.Applicat
 	return &appSetGenerator.List.Template
 }

-func (g *ListGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha1.ApplicationSetGenerator, appSet *argoprojiov1alpha1.ApplicationSet, _ client.Client) ([]map[string]interface{}, error) {
+func (g *ListGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha1.ApplicationSetGenerator, appSet *argoprojiov1alpha1.ApplicationSet, _ client.Client) ([]map[string]any, error) {
 	if appSetGenerator == nil {
 		return nil, EmptyAppSetGeneratorError
 	}
@@ -37,11 +38,11 @@ func (g *ListGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha1.Appli
 		return nil, EmptyAppSetGeneratorError
 	}

-	res := make([]map[string]interface{}, len(appSetGenerator.List.Elements))
+	res := make([]map[string]any, len(appSetGenerator.List.Elements))

 	for i, tmpItem := range appSetGenerator.List.Elements {
-		params := map[string]interface{}{}
-		var element map[string]interface{}
+		params := map[string]any{}
+		var element map[string]any
 		err := json.Unmarshal(tmpItem.Raw, &element)
 		if err != nil {
 			return nil, fmt.Errorf("error unmarshling list element %w", err)
@@ -52,16 +53,16 @@ func (g *ListGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha1.Appli
 		} else {
 			for key, value := range element {
 				if key == "values" {
-					values, ok := (value).(map[string]interface{})
+					values, ok := (value).(map[string]any)
 					if !ok {
-						return nil, fmt.Errorf("error parsing values map")
+						return nil, errors.New("error parsing values map")
 					}
 					for k, v := range values {
 						value, ok := v.(string)
 						if !ok {
 							return nil, fmt.Errorf("error parsing value as string %w", err)
 						}
-						params[fmt.Sprintf("values.%s", k)] = value
+						params["values."+k] = value
 					}
 				} else {
 					v, ok := value.(string)
@@ -77,7 +78,7 @@ func (g *ListGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha1.Appli

 	// Append elements from ElementsYaml to the response
 	if len(appSetGenerator.List.ElementsYaml) > 0 {
-		var yamlElements []map[string]interface{}
+		var yamlElements []map[string]any
 		err := yaml.Unmarshal([]byte(appSetGenerator.List.ElementsYaml), &yamlElements)
 		if err != nil {
 			return nil, fmt.Errorf("error unmarshling decoded ElementsYaml %w", err)
--- a/applicationset/generators/list_test.go
+++ b/applicationset/generators/list_test.go
@@ -8,20 +8,20 @@ import (
 	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"

-	argoprojiov1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
+	argoprojiov1alpha1 "github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1"
 )

 func TestGenerateListParams(t *testing.T) {
 	testCases := []struct {
 		elements []apiextensionsv1.JSON
-		expected []map[string]interface{}
+		expected []map[string]any
 	}{
 		{
 			elements: []apiextensionsv1.JSON{{Raw: []byte(`{"cluster": "cluster","url": "url"}`)}},
-			expected: []map[string]interface{}{{"cluster": "cluster", "url": "url"}},
+			expected: []map[string]any{{"cluster": "cluster", "url": "url"}},
 		}, {
 			elements: []apiextensionsv1.JSON{{Raw: []byte(`{"cluster": "cluster","url": "url","values":{"foo":"bar"}}`)}},
-			expected: []map[string]interface{}{{"cluster": "cluster", "url": "url", "values.foo": "bar"}},
+			expected: []map[string]any{{"cluster": "cluster", "url": "url", "values.foo": "bar"}},
 		},
 	}

@@ -49,14 +49,14 @@ func TestGenerateListParams(t *testing.T) {
 func TestGenerateListParamsGoTemplate(t *testing.T) {
 	testCases := []struct {
 		elements []apiextensionsv1.JSON
-		expected []map[string]interface{}
+		expected []map[string]any
 	}{
 		{
 			elements: []apiextensionsv1.JSON{{Raw: []byte(`{"cluster": "cluster","url": "url"}`)}},
-			expected: []map[string]interface{}{{"cluster": "cluster", "url": "url"}},
+			expected: []map[string]any{{"cluster": "cluster", "url": "url"}},
 		}, {
 			elements: []apiextensionsv1.JSON{{Raw: []byte(`{"cluster": "cluster","url": "url","values":{"foo":"bar"}}`)}},
-			expected: []map[string]interface{}{{"cluster": "cluster", "url": "url", "values": map[string]interface{}{"foo": "bar"}}},
+			expected: []map[string]any{{"cluster": "cluster", "url": "url", "values": map[string]any{"foo": "bar"}}},
 		},
 	}

--- a/applicationset/generators/matrix.go
+++ b/applicationset/generators/matrix.go
@@ -1,24 +1,23 @@
 package generators

 import (
+	"errors"
 	"fmt"
 	"time"

-	"github.com/imdario/mergo"
+	"dario.cat/mergo"
 	"sigs.k8s.io/controller-runtime/pkg/client"

-	"github.com/argoproj/argo-cd/v2/applicationset/utils"
-	argoprojiov1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
-
-	log "github.com/sirupsen/logrus"
+	"github.com/argoproj/argo-cd/v3/applicationset/utils"
+	argoprojiov1alpha1 "github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1"
 )

 var _ Generator = (*MatrixGenerator)(nil)

 var (
-	ErrMoreThanTwoGenerators      = fmt.Errorf("found more than two generators, Matrix support only two")
-	ErrLessThanTwoGenerators      = fmt.Errorf("found less than two generators, Matrix support only two")
-	ErrMoreThenOneInnerGenerators = fmt.Errorf("found more than one generator in matrix.Generators")
+	ErrMoreThanTwoGenerators      = errors.New("found more than two generators, Matrix support only two")
+	ErrLessThanTwoGenerators      = errors.New("found less than two generators, Matrix support only two")
+	ErrMoreThenOneInnerGenerators = errors.New("found more than one generator in matrix.Generators")
 )

 type MatrixGenerator struct {
@@ -33,7 +32,7 @@ func NewMatrixGenerator(supportedGenerators map[string]Generator) Generator {
 	return m
 }

-func (m *MatrixGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha1.ApplicationSetGenerator, appSet *argoprojiov1alpha1.ApplicationSet, client client.Client) ([]map[string]interface{}, error) {
+func (m *MatrixGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha1.ApplicationSetGenerator, appSet *argoprojiov1alpha1.ApplicationSet, client client.Client) ([]map[string]any, error) {
 	if appSetGenerator.Matrix == nil {
 		return nil, EmptyAppSetGeneratorError
 	}
@@ -46,7 +45,7 @@ func (m *MatrixGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha1.App
 		return nil, ErrMoreThanTwoGenerators
 	}

-	res := []map[string]interface{}{}
+	res := []map[string]any{}

 	g0, err := m.getParams(appSetGenerator.Matrix.Generators[0], appSet, nil, client)
 	if err != nil {
@@ -59,7 +58,7 @@ func (m *MatrixGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha1.App
 		}
 		for _, b := range g1 {
 			if appSet.Spec.GoTemplate {
-				tmp := map[string]interface{}{}
+				tmp := map[string]any{}
 				if err := mergo.Merge(&tmp, b, mergo.WithOverride); err != nil {
 					return nil, fmt.Errorf("failed to merge params from the second generator in the matrix generator with temp map: %w", err)
 				}
@@ -80,27 +79,15 @@ func (m *MatrixGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha1.App
 	return res, nil
 }

-func (m *MatrixGenerator) getParams(appSetBaseGenerator argoprojiov1alpha1.ApplicationSetNestedGenerator, appSet *argoprojiov1alpha1.ApplicationSet, params map[string]interface{}, client client.Client) ([]map[string]interface{}, error) {
+func (m *MatrixGenerator) getParams(appSetBaseGenerator argoprojiov1alpha1.ApplicationSetNestedGenerator, appSet *argoprojiov1alpha1.ApplicationSet, params map[string]any, client client.Client) ([]map[string]any, error) {
 	matrixGen, err := getMatrixGenerator(appSetBaseGenerator)
 	if err != nil {
 		return nil, err
 	}
-	if matrixGen != nil && !appSet.Spec.ApplyNestedSelectors {
-		foundSelector := dropDisabledNestedSelectors(matrixGen.Generators)
-		if foundSelector {
-			log.Warnf("AppSet '%v' defines selector on nested matrix generator's generator without enabling them via 'spec.applyNestedSelectors', ignoring nested selectors", appSet.Name)
-		}
-	}
 	mergeGen, err := getMergeGenerator(appSetBaseGenerator)
 	if err != nil {
 		return nil, fmt.Errorf("error retrieving merge generator: %w", err)
 	}
-	if mergeGen != nil && !appSet.Spec.ApplyNestedSelectors {
-		foundSelector := dropDisabledNestedSelectors(mergeGen.Generators)
-		if foundSelector {
-			log.Warnf("AppSet '%v' defines selector on nested merge generator's generator without enabling them via 'spec.applyNestedSelectors', ignoring nested selectors", appSet.Name)
-		}
-	}

 	t, err := Transform(
 		argoprojiov1alpha1.ApplicationSetGenerator{
@@ -125,7 +112,7 @@ func (m *MatrixGenerator) getParams(appSetBaseGenerator argoprojiov1alpha1.Appli
 	}

 	if len(t) == 0 {
-		return nil, fmt.Errorf("child generator generated no parameters")
+		return nil, errors.New("child generator generated no parameters")
 	}

 	if len(t) > 1 {
@@ -168,9 +155,8 @@ func (m *MatrixGenerator) GetRequeueAfter(appSetGenerator *argoprojiov1alpha1.Ap

 	if found {
 		return res
-	} else {
-		return NoRequeueAfter
 	}
+	return NoRequeueAfter
 }

 func getMatrixGenerator(r argoprojiov1alpha1.ApplicationSetNestedGenerator) (*argoprojiov1alpha1.MatrixGenerator, error) {
--- a/applicationset/generators/matrix_test.go
+++ b/applicationset/generators/matrix_test.go
@@ -1,7 +1,6 @@
 package generators

 import (
-	"context"
 	"testing"
 	"time"

@@ -13,36 +12,35 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/client/fake"

-	"github.com/argoproj/argo-cd/v2/applicationset/services/mocks"
+	"github.com/argoproj/argo-cd/v3/applicationset/services/mocks"

 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/mock"
 	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"

-	"github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
-	argoprojiov1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
+	"github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1"
 )

 func TestMatrixGenerate(t *testing.T) {
-	gitGenerator := &argoprojiov1alpha1.GitGenerator{
+	gitGenerator := &v1alpha1.GitGenerator{
 		RepoURL:     "RepoURL",
 		Revision:    "Revision",
-		Directories: []argoprojiov1alpha1.GitDirectoryGeneratorItem{{Path: "*"}},
+		Directories: []v1alpha1.GitDirectoryGeneratorItem{{Path: "*"}},
 	}

-	listGenerator := &argoprojiov1alpha1.ListGenerator{
+	listGenerator := &v1alpha1.ListGenerator{
 		Elements: []apiextensionsv1.JSON{{Raw: []byte(`{"cluster": "Cluster","url": "Url", "templated": "test-{{path.basenameNormalized}}"}`)}},
 	}

 	testCases := []struct {
 		name           string
-		baseGenerators []argoprojiov1alpha1.ApplicationSetNestedGenerator
+		baseGenerators []v1alpha1.ApplicationSetNestedGenerator
 		expectedErr    error
-		expected       []map[string]interface{}
+		expected       []map[string]any
 	}{
 		{
 			name: "happy flow - generate params",
-			baseGenerators: []argoprojiov1alpha1.ApplicationSetNestedGenerator{
+			baseGenerators: []v1alpha1.ApplicationSetNestedGenerator{
 				{
 					Git: gitGenerator,
 				},
@@ -50,16 +48,16 @@ func TestMatrixGenerate(t *testing.T) {
 					List: listGenerator,
 				},
 			},
-			expected: []map[string]interface{}{
+			expected: []map[string]any{
 				{"path": "app1", "path.basename": "app1", "path.basenameNormalized": "app1", "cluster": "Cluster", "url": "Url", "templated": "test-app1"},
 				{"path": "app2", "path.basename": "app2", "path.basenameNormalized": "app2", "cluster": "Cluster", "url": "Url", "templated": "test-app2"},
 			},
 		},
 		{
 			name: "happy flow - generate params from two lists",
-			baseGenerators: []argoprojiov1alpha1.ApplicationSetNestedGenerator{
+			baseGenerators: []v1alpha1.ApplicationSetNestedGenerator{
 				{
-					List: &argoprojiov1alpha1.ListGenerator{
+					List: &v1alpha1.ListGenerator{
 						Elements: []apiextensionsv1.JSON{
 							{Raw: []byte(`{"a": "1"}`)},
 							{Raw: []byte(`{"a": "2"}`)},
@@ -67,7 +65,7 @@ func TestMatrixGenerate(t *testing.T) {
 					},
 				},
 				{
-					List: &argoprojiov1alpha1.ListGenerator{
+					List: &v1alpha1.ListGenerator{
 						Elements: []apiextensionsv1.JSON{
 							{Raw: []byte(`{"b": "1"}`)},
 							{Raw: []byte(`{"b": "2"}`)},
@@ -75,7 +73,7 @@ func TestMatrixGenerate(t *testing.T) {
 					},
 				},
 			},
-			expected: []map[string]interface{}{
+			expected: []map[string]any{
 				{"a": "1", "b": "1"},
 				{"a": "1", "b": "2"},
 				{"a": "2", "b": "1"},
@@ -84,7 +82,7 @@ func TestMatrixGenerate(t *testing.T) {
 		},
 		{
 			name: "returns error if there is less than two base generators",
-			baseGenerators: []argoprojiov1alpha1.ApplicationSetNestedGenerator{
+			baseGenerators: []v1alpha1.ApplicationSetNestedGenerator{
 				{
 					Git: gitGenerator,
 				},
@@ -93,7 +91,7 @@ func TestMatrixGenerate(t *testing.T) {
 		},
 		{
 			name: "returns error if there is more than two base generators",
-			baseGenerators: []argoprojiov1alpha1.ApplicationSetNestedGenerator{
+			baseGenerators: []v1alpha1.ApplicationSetNestedGenerator{
 				{
 					List: listGenerator,
 				},
@@ -108,7 +106,7 @@ func TestMatrixGenerate(t *testing.T) {
 		},
 		{
 			name: "returns error if there is more than one inner generator in the first base generator",
-			baseGenerators: []argoprojiov1alpha1.ApplicationSetNestedGenerator{
+			baseGenerators: []v1alpha1.ApplicationSetNestedGenerator{
 				{
 					Git:  gitGenerator,
 					List: listGenerator,
@@ -121,7 +119,7 @@ func TestMatrixGenerate(t *testing.T) {
 		},
 		{
 			name: "returns error if there is more than one inner generator in the second base generator",
-			baseGenerators: []argoprojiov1alpha1.ApplicationSetNestedGenerator{
+			baseGenerators: []v1alpha1.ApplicationSetNestedGenerator{
 				{
 					List: listGenerator,
 				},
@@ -139,19 +137,19 @@ func TestMatrixGenerate(t *testing.T) {

 		t.Run(testCaseCopy.name, func(t *testing.T) {
 			genMock := &generatorMock{}
-			appSet := &argoprojiov1alpha1.ApplicationSet{
+			appSet := &v1alpha1.ApplicationSet{
 				ObjectMeta: metav1.ObjectMeta{
 					Name: "set",
 				},
-				Spec: argoprojiov1alpha1.ApplicationSetSpec{},
+				Spec: v1alpha1.ApplicationSetSpec{},
 			}

 			for _, g := range testCaseCopy.baseGenerators {
-				gitGeneratorSpec := argoprojiov1alpha1.ApplicationSetGenerator{
+				gitGeneratorSpec := v1alpha1.ApplicationSetGenerator{
 					Git:  g.Git,
 					List: g.List,
 				}
-				genMock.On("GenerateParams", mock.AnythingOfType("*v1alpha1.ApplicationSetGenerator"), appSet, mock.Anything).Return([]map[string]interface{}{
+				genMock.On("GenerateParams", mock.AnythingOfType("*v1alpha1.ApplicationSetGenerator"), appSet, mock.Anything).Return([]map[string]any{
 					{
 						"path":                    "app1",
 						"path.basename":           "app1",
@@ -165,7 +163,7 @@ func TestMatrixGenerate(t *testing.T) {
 				}, nil)

 				genMock.On("GetTemplate", &gitGeneratorSpec).
-					Return(&argoprojiov1alpha1.ApplicationSetTemplate{})
+					Return(&v1alpha1.ApplicationSetTemplate{})
 			}

 			matrixGenerator := NewMatrixGenerator(
@@ -175,10 +173,10 @@ func TestMatrixGenerate(t *testing.T) {
 				},
 			)

-			got, err := matrixGenerator.GenerateParams(&argoprojiov1alpha1.ApplicationSetGenerator{
-				Matrix: &argoprojiov1alpha1.MatrixGenerator{
+			got, err := matrixGenerator.GenerateParams(&v1alpha1.ApplicationSetGenerator{
+				Matrix: &v1alpha1.MatrixGenerator{
 					Generators: testCaseCopy.baseGenerators,
-					Template:   argoprojiov1alpha1.ApplicationSetTemplate{},
+					Template:   v1alpha1.ApplicationSetTemplate{},
 				},
 			}, appSet, nil)

@@ -193,25 +191,25 @@ func TestMatrixGenerate(t *testing.T) {
 }

 func TestMatrixGenerateGoTemplate(t *testing.T) {
-	gitGenerator := &argoprojiov1alpha1.GitGenerator{
+	gitGenerator := &v1alpha1.GitGenerator{
 		RepoURL:     "RepoURL",
 		Revision:    "Revision",
-		Directories: []argoprojiov1alpha1.GitDirectoryGeneratorItem{{Path: "*"}},
+		Directories: []v1alpha1.GitDirectoryGeneratorItem{{Path: "*"}},
 	}

-	listGenerator := &argoprojiov1alpha1.ListGenerator{
+	listGenerator := &v1alpha1.ListGenerator{
 		Elements: []apiextensionsv1.JSON{{Raw: []byte(`{"cluster": "Cluster","url": "Url"}`)}},
 	}

 	testCases := []struct {
 		name           string
-		baseGenerators []argoprojiov1alpha1.ApplicationSetNestedGenerator
+		baseGenerators []v1alpha1.ApplicationSetNestedGenerator
 		expectedErr    error
-		expected       []map[string]interface{}
+		expected       []map[string]any
 	}{
 		{
 			name: "happy flow - generate params",
-			baseGenerators: []argoprojiov1alpha1.ApplicationSetNestedGenerator{
+			baseGenerators: []v1alpha1.ApplicationSetNestedGenerator{
 				{
 					Git: gitGenerator,
 				},
@@ -219,7 +217,7 @@ func TestMatrixGenerateGoTemplate(t *testing.T) {
 					List: listGenerator,
 				},
 			},
-			expected: []map[string]interface{}{
+			expected: []map[string]any{
 				{
 					"path": map[string]string{
 						"path":               "app1",
@@ -242,9 +240,9 @@ func TestMatrixGenerateGoTemplate(t *testing.T) {
 		},
 		{
 			name: "happy flow - generate params from two lists",
-			baseGenerators: []argoprojiov1alpha1.ApplicationSetNestedGenerator{
+			baseGenerators: []v1alpha1.ApplicationSetNestedGenerator{
 				{
-					List: &argoprojiov1alpha1.ListGenerator{
+					List: &v1alpha1.ListGenerator{
 						Elements: []apiextensionsv1.JSON{
 							{Raw: []byte(`{"a": "1"}`)},
 							{Raw: []byte(`{"a": "2"}`)},
@@ -252,7 +250,7 @@ func TestMatrixGenerateGoTemplate(t *testing.T) {
 					},
 				},
 				{
-					List: &argoprojiov1alpha1.ListGenerator{
+					List: &v1alpha1.ListGenerator{
 						Elements: []apiextensionsv1.JSON{
 							{Raw: []byte(`{"b": "1"}`)},
 							{Raw: []byte(`{"b": "2"}`)},
@@ -260,7 +258,7 @@ func TestMatrixGenerateGoTemplate(t *testing.T) {
 					},
 				},
 			},
-			expected: []map[string]interface{}{
+			expected: []map[string]any{
 				{"a": "1", "b": "1"},
 				{"a": "1", "b": "2"},
 				{"a": "2", "b": "1"},
@@ -269,29 +267,29 @@ func TestMatrixGenerateGoTemplate(t *testing.T) {
 		},
 		{
 			name: "parameter override: first list elements take precedence",
-			baseGenerators: []argoprojiov1alpha1.ApplicationSetNestedGenerator{
+			baseGenerators: []v1alpha1.ApplicationSetNestedGenerator{
 				{
-					List: &argoprojiov1alpha1.ListGenerator{
+					List: &v1alpha1.ListGenerator{
 						Elements: []apiextensionsv1.JSON{
 							{Raw: []byte(`{"booleanFalse": false, "booleanTrue": true, "stringFalse": "false", "stringTrue": "true"}`)},
 						},
 					},
 				},
 				{
-					List: &argoprojiov1alpha1.ListGenerator{
+					List: &v1alpha1.ListGenerator{
 						Elements: []apiextensionsv1.JSON{
 							{Raw: []byte(`{"booleanFalse": true, "booleanTrue": false, "stringFalse": "true", "stringTrue": "false"}`)},
 						},
 					},
 				},
 			},
-			expected: []map[string]interface{}{
+			expected: []map[string]any{
 				{"booleanFalse": false, "booleanTrue": true, "stringFalse": "false", "stringTrue": "true"},
 			},
 		},
 		{
 			name: "returns error if there is less than two base generators",
-			baseGenerators: []argoprojiov1alpha1.ApplicationSetNestedGenerator{
+			baseGenerators: []v1alpha1.ApplicationSetNestedGenerator{
 				{
 					Git: gitGenerator,
 				},
@@ -300,7 +298,7 @@ func TestMatrixGenerateGoTemplate(t *testing.T) {
 		},
 		{
 			name: "returns error if there is more than two base generators",
-			baseGenerators: []argoprojiov1alpha1.ApplicationSetNestedGenerator{
+			baseGenerators: []v1alpha1.ApplicationSetNestedGenerator{
 				{
 					List: listGenerator,
 				},
@@ -315,7 +313,7 @@ func TestMatrixGenerateGoTemplate(t *testing.T) {
 		},
 		{
 			name: "returns error if there is more than one inner generator in the first base generator",
-			baseGenerators: []argoprojiov1alpha1.ApplicationSetNestedGenerator{
+			baseGenerators: []v1alpha1.ApplicationSetNestedGenerator{
 				{
 					Git:  gitGenerator,
 					List: listGenerator,
@@ -328,7 +326,7 @@ func TestMatrixGenerateGoTemplate(t *testing.T) {
 		},
 		{
 			name: "returns error if there is more than one inner generator in the second base generator",
-			baseGenerators: []argoprojiov1alpha1.ApplicationSetNestedGenerator{
+			baseGenerators: []v1alpha1.ApplicationSetNestedGenerator{
 				{
 					List: listGenerator,
 				},
@@ -346,21 +344,21 @@ func TestMatrixGenerateGoTemplate(t *testing.T) {

 		t.Run(testCaseCopy.name, func(t *testing.T) {
 			genMock := &generatorMock{}
-			appSet := &argoprojiov1alpha1.ApplicationSet{
+			appSet := &v1alpha1.ApplicationSet{
 				ObjectMeta: metav1.ObjectMeta{
 					Name: "set",
 				},
-				Spec: argoprojiov1alpha1.ApplicationSetSpec{
+				Spec: v1alpha1.ApplicationSetSpec{
 					GoTemplate: true,
 				},
 			}

 			for _, g := range testCaseCopy.baseGenerators {
-				gitGeneratorSpec := argoprojiov1alpha1.ApplicationSetGenerator{
+				gitGeneratorSpec := v1alpha1.ApplicationSetGenerator{
 					Git:  g.Git,
 					List: g.List,
 				}
-				genMock.On("GenerateParams", mock.AnythingOfType("*v1alpha1.ApplicationSetGenerator"), appSet, mock.Anything).Return([]map[string]interface{}{
+				genMock.On("GenerateParams", mock.AnythingOfType("*v1alpha1.ApplicationSetGenerator"), appSet, mock.Anything).Return([]map[string]any{
 					{
 						"path": map[string]string{
 							"path":               "app1",
@@ -378,7 +376,7 @@ func TestMatrixGenerateGoTemplate(t *testing.T) {
 				}, nil)

 				genMock.On("GetTemplate", &gitGeneratorSpec).
-					Return(&argoprojiov1alpha1.ApplicationSetTemplate{})
+					Return(&v1alpha1.ApplicationSetTemplate{})
 			}

 			matrixGenerator := NewMatrixGenerator(
@@ -388,10 +386,10 @@ func TestMatrixGenerateGoTemplate(t *testing.T) {
 				},
 			)

-			got, err := matrixGenerator.GenerateParams(&argoprojiov1alpha1.ApplicationSetGenerator{
-				Matrix: &argoprojiov1alpha1.MatrixGenerator{
+			got, err := matrixGenerator.GenerateParams(&v1alpha1.ApplicationSetGenerator{
+				Matrix: &v1alpha1.MatrixGenerator{
 					Generators: testCaseCopy.baseGenerators,
-					Template:   argoprojiov1alpha1.ApplicationSetTemplate{},
+					Template:   v1alpha1.ApplicationSetTemplate{},
 				},
 			}, appSet, nil)

@@ -406,31 +404,31 @@ func TestMatrixGenerateGoTemplate(t *testing.T) {
 }

 func TestMatrixGetRequeueAfter(t *testing.T) {
-	gitGenerator := &argoprojiov1alpha1.GitGenerator{
+	gitGenerator := &v1alpha1.GitGenerator{
 		RepoURL:     "RepoURL",
 		Revision:    "Revision",
-		Directories: []argoprojiov1alpha1.GitDirectoryGeneratorItem{{Path: "*"}},
+		Directories: []v1alpha1.GitDirectoryGeneratorItem{{Path: "*"}},
 	}

-	listGenerator := &argoprojiov1alpha1.ListGenerator{
+	listGenerator := &v1alpha1.ListGenerator{
 		Elements: []apiextensionsv1.JSON{{Raw: []byte(`{"cluster": "Cluster","url": "Url"}`)}},
 	}

-	pullRequestGenerator := &argoprojiov1alpha1.PullRequestGenerator{}
+	pullRequestGenerator := &v1alpha1.PullRequestGenerator{}

-	scmGenerator := &argoprojiov1alpha1.SCMProviderGenerator{}
+	scmGenerator := &v1alpha1.SCMProviderGenerator{}

-	duckTypeGenerator := &argoprojiov1alpha1.DuckTypeGenerator{}
+	duckTypeGenerator := &v1alpha1.DuckTypeGenerator{}

 	testCases := []struct {
 		name               string
-		baseGenerators     []argoprojiov1alpha1.ApplicationSetNestedGenerator
+		baseGenerators     []v1alpha1.ApplicationSetNestedGenerator
 		gitGetRequeueAfter time.Duration
 		expected           time.Duration
 	}{
 		{
 			name: "return NoRequeueAfter if all the inner baseGenerators returns it",
-			baseGenerators: []argoprojiov1alpha1.ApplicationSetNestedGenerator{
+			baseGenerators: []v1alpha1.ApplicationSetNestedGenerator{
 				{
 					Git: gitGenerator,
 				},
@@ -443,7 +441,7 @@ func TestMatrixGetRequeueAfter(t *testing.T) {
 		},
 		{
 			name: "returns the minimal time",
-			baseGenerators: []argoprojiov1alpha1.ApplicationSetNestedGenerator{
+			baseGenerators: []v1alpha1.ApplicationSetNestedGenerator{
 				{
 					Git: gitGenerator,
 				},
@@ -456,7 +454,7 @@ func TestMatrixGetRequeueAfter(t *testing.T) {
 		},
 		{
 			name: "returns the minimal time for pull request",
-			baseGenerators: []argoprojiov1alpha1.ApplicationSetNestedGenerator{
+			baseGenerators: []v1alpha1.ApplicationSetNestedGenerator{
 				{
 					Git: gitGenerator,
 				},
@@ -469,7 +467,7 @@ func TestMatrixGetRequeueAfter(t *testing.T) {
 		},
 		{
 			name: "returns the default time if no requeueAfterSeconds is provided",
-			baseGenerators: []argoprojiov1alpha1.ApplicationSetNestedGenerator{
+			baseGenerators: []v1alpha1.ApplicationSetNestedGenerator{
 				{
 					Git: gitGenerator,
 				},
@@ -481,7 +479,7 @@ func TestMatrixGetRequeueAfter(t *testing.T) {
 		},
 		{
 			name: "returns the default time for duck type generator",
-			baseGenerators: []argoprojiov1alpha1.ApplicationSetNestedGenerator{
+			baseGenerators: []v1alpha1.ApplicationSetNestedGenerator{
 				{
 					Git: gitGenerator,
 				},
@@ -493,7 +491,7 @@ func TestMatrixGetRequeueAfter(t *testing.T) {
 		},
 		{
 			name: "returns the default time for scm generator",
-			baseGenerators: []argoprojiov1alpha1.ApplicationSetNestedGenerator{
+			baseGenerators: []v1alpha1.ApplicationSetNestedGenerator{
 				{
 					Git: gitGenerator,
 				},
@@ -512,7 +510,7 @@ func TestMatrixGetRequeueAfter(t *testing.T) {
 			mock := &generatorMock{}

 			for _, g := range testCaseCopy.baseGenerators {
-				gitGeneratorSpec := argoprojiov1alpha1.ApplicationSetGenerator{
+				gitGeneratorSpec := v1alpha1.ApplicationSetGenerator{
 					Git:                     g.Git,
 					List:                    g.List,
 					PullRequest:             g.PullRequest,
@@ -532,10 +530,10 @@ func TestMatrixGetRequeueAfter(t *testing.T) {
 				},
 			)

-			got := matrixGenerator.GetRequeueAfter(&argoprojiov1alpha1.ApplicationSetGenerator{
-				Matrix: &argoprojiov1alpha1.MatrixGenerator{
+			got := matrixGenerator.GetRequeueAfter(&v1alpha1.ApplicationSetGenerator{
+				Matrix: &v1alpha1.MatrixGenerator{
 					Generators: testCaseCopy.baseGenerators,
-					Template:   argoprojiov1alpha1.ApplicationSetTemplate{},
+					Template:   v1alpha1.ApplicationSetTemplate{},
 				},
 			})

@@ -545,16 +543,16 @@ func TestMatrixGetRequeueAfter(t *testing.T) {
 }

 func TestInterpolatedMatrixGenerate(t *testing.T) {
-	interpolatedGitGenerator := &argoprojiov1alpha1.GitGenerator{
+	interpolatedGitGenerator := &v1alpha1.GitGenerator{
 		RepoURL:  "RepoURL",
 		Revision: "Revision",
-		Files: []argoprojiov1alpha1.GitFileGeneratorItem{
+		Files: []v1alpha1.GitFileGeneratorItem{
 			{Path: "examples/git-generator-files-discovery/cluster-config/dev/config.json"},
 			{Path: "examples/git-generator-files-discovery/cluster-config/prod/config.json"},
 		},
 	}

-	interpolatedClusterGenerator := &argoprojiov1alpha1.ClusterGenerator{
+	interpolatedClusterGenerator := &v1alpha1.ClusterGenerator{
 		Selector: metav1.LabelSelector{
 			MatchLabels:      map[string]string{"environment": "{{path.basename}}"},
 			MatchExpressions: nil,
@@ -562,14 +560,14 @@ func TestInterpolatedMatrixGenerate(t *testing.T) {
 	}
 	testCases := []struct {
 		name           string
-		baseGenerators []argoprojiov1alpha1.ApplicationSetNestedGenerator
+		baseGenerators []v1alpha1.ApplicationSetNestedGenerator
 		expectedErr    error
-		expected       []map[string]interface{}
+		expected       []map[string]any
 		clientError    bool
 	}{
 		{
 			name: "happy flow - generate interpolated params",
-			baseGenerators: []argoprojiov1alpha1.ApplicationSetNestedGenerator{
+			baseGenerators: []v1alpha1.ApplicationSetNestedGenerator{
 				{
 					Git: interpolatedGitGenerator,
 				},
@@ -577,9 +575,9 @@ func TestInterpolatedMatrixGenerate(t *testing.T) {
 					Clusters: interpolatedClusterGenerator,
 				},
 			},
-			expected: []map[string]interface{}{
-				{"path": "examples/git-generator-files-discovery/cluster-config/dev/config.json", "path.basename": "dev", "path.basenameNormalized": "dev", "name": "dev-01", "nameNormalized": "dev-01", "server": "https://dev-01.example.com", "metadata.labels.environment": "dev", "metadata.labels.argocd.argoproj.io/secret-type": "cluster"},
-				{"path": "examples/git-generator-files-discovery/cluster-config/prod/config.json", "path.basename": "prod", "path.basenameNormalized": "prod", "name": "prod-01", "nameNormalized": "prod-01", "server": "https://prod-01.example.com", "metadata.labels.environment": "prod", "metadata.labels.argocd.argoproj.io/secret-type": "cluster"},
+			expected: []map[string]any{
+				{"path": "examples/git-generator-files-discovery/cluster-config/dev/config.json", "path.basename": "dev", "path.basenameNormalized": "dev", "name": "dev-01", "nameNormalized": "dev-01", "server": "https://dev-01.example.com", "metadata.labels.environment": "dev", "metadata.labels.argocd.argoproj.io/secret-type": "cluster", "project": ""},
+				{"path": "examples/git-generator-files-discovery/cluster-config/prod/config.json", "path.basename": "prod", "path.basenameNormalized": "prod", "name": "prod-01", "nameNormalized": "prod-01", "server": "https://prod-01.example.com", "metadata.labels.environment": "prod", "metadata.labels.argocd.argoproj.io/secret-type": "cluster", "project": ""},
 			},
 			clientError: false,
 		},
@@ -637,7 +635,7 @@ func TestInterpolatedMatrixGenerate(t *testing.T) {

 		t.Run(testCaseCopy.name, func(t *testing.T) {
 			genMock := &generatorMock{}
-			appSet := &argoprojiov1alpha1.ApplicationSet{}
+			appSet := &v1alpha1.ApplicationSet{}

 			appClientset := kubefake.NewSimpleClientset(runtimeClusters...)
 			fakeClient := fake.NewClientBuilder().WithObjects(clusters...).Build()
@@ -645,14 +643,14 @@ func TestInterpolatedMatrixGenerate(t *testing.T) {
 				fakeClient,
 				testCase.clientError,
 			}
-			clusterGenerator := NewClusterGenerator(cl, context.Background(), appClientset, "namespace")
+			clusterGenerator := NewClusterGenerator(t.Context(), cl, appClientset, "namespace")

 			for _, g := range testCaseCopy.baseGenerators {
-				gitGeneratorSpec := argoprojiov1alpha1.ApplicationSetGenerator{
+				gitGeneratorSpec := v1alpha1.ApplicationSetGenerator{
 					Git:      g.Git,
 					Clusters: g.Clusters,
 				}
-				genMock.On("GenerateParams", mock.AnythingOfType("*v1alpha1.ApplicationSetGenerator"), appSet).Return([]map[string]interface{}{
+				genMock.On("GenerateParams", mock.AnythingOfType("*v1alpha1.ApplicationSetGenerator"), appSet).Return([]map[string]any{
 					{
 						"path":                    "examples/git-generator-files-discovery/cluster-config/dev/config.json",
 						"path.basename":           "dev",
@@ -665,7 +663,7 @@ func TestInterpolatedMatrixGenerate(t *testing.T) {
 					},
 				}, nil)
 				genMock.On("GetTemplate", &gitGeneratorSpec).
-					Return(&argoprojiov1alpha1.ApplicationSetTemplate{})
+					Return(&v1alpha1.ApplicationSetTemplate{})
 			}
 			matrixGenerator := NewMatrixGenerator(
 				map[string]Generator{
@@ -674,10 +672,10 @@ func TestInterpolatedMatrixGenerate(t *testing.T) {
 				},
 			)

-			got, err := matrixGenerator.GenerateParams(&argoprojiov1alpha1.ApplicationSetGenerator{
-				Matrix: &argoprojiov1alpha1.MatrixGenerator{
+			got, err := matrixGenerator.GenerateParams(&v1alpha1.ApplicationSetGenerator{
+				Matrix: &v1alpha1.MatrixGenerator{
 					Generators: testCaseCopy.baseGenerators,
-					Template:   argoprojiov1alpha1.ApplicationSetTemplate{},
+					Template:   v1alpha1.ApplicationSetTemplate{},
 				},
 			}, appSet, nil)

@@ -692,16 +690,16 @@ func TestInterpolatedMatrixGenerate(t *testing.T) {
 }

 func TestInterpolatedMatrixGenerateGoTemplate(t *testing.T) {
-	interpolatedGitGenerator := &argoprojiov1alpha1.GitGenerator{
+	interpolatedGitGenerator := &v1alpha1.GitGenerator{
 		RepoURL:  "RepoURL",
 		Revision: "Revision",
-		Files: []argoprojiov1alpha1.GitFileGeneratorItem{
+		Files: []v1alpha1.GitFileGeneratorItem{
 			{Path: "examples/git-generator-files-discovery/cluster-config/dev/config.json"},
 			{Path: "examples/git-generator-files-discovery/cluster-config/prod/config.json"},
 		},
 	}

-	interpolatedClusterGenerator := &argoprojiov1alpha1.ClusterGenerator{
+	interpolatedClusterGenerator := &v1alpha1.ClusterGenerator{
 		Selector: metav1.LabelSelector{
 			MatchLabels:      map[string]string{"environment": "{{.path.basename}}"},
 			MatchExpressions: nil,
@@ -709,14 +707,14 @@ func TestInterpolatedMatrixGenerateGoTemplate(t *testing.T) {
 	}
 	testCases := []struct {
 		name           string
-		baseGenerators []argoprojiov1alpha1.ApplicationSetNestedGenerator
+		baseGenerators []v1alpha1.ApplicationSetNestedGenerator
 		expectedErr    error
-		expected       []map[string]interface{}
+		expected       []map[string]any
 		clientError    bool
 	}{
 		{
 			name: "happy flow - generate interpolated params",
-			baseGenerators: []argoprojiov1alpha1.ApplicationSetNestedGenerator{
+			baseGenerators: []v1alpha1.ApplicationSetNestedGenerator{
 				{
 					Git: interpolatedGitGenerator,
 				},
@@ -724,7 +722,7 @@ func TestInterpolatedMatrixGenerateGoTemplate(t *testing.T) {
 					Clusters: interpolatedClusterGenerator,
 				},
 			},
-			expected: []map[string]interface{}{
+			expected: []map[string]any{
 				{
 					"path": map[string]string{
 						"path":               "examples/git-generator-files-discovery/cluster-config/dev/config.json",
@@ -734,7 +732,8 @@ func TestInterpolatedMatrixGenerateGoTemplate(t *testing.T) {
 					"name":           "dev-01",
 					"nameNormalized": "dev-01",
 					"server":         "https://dev-01.example.com",
-					"metadata": map[string]interface{}{
+					"project":        "",
+					"metadata": map[string]any{
 						"labels": map[string]string{
 							"environment":                    "dev",
 							"argocd.argoproj.io/secret-type": "cluster",
@@ -750,7 +749,8 @@ func TestInterpolatedMatrixGenerateGoTemplate(t *testing.T) {
 					"name":           "prod-01",
 					"nameNormalized": "prod-01",
 					"server":         "https://prod-01.example.com",
-					"metadata": map[string]interface{}{
+					"project":        "",
+					"metadata": map[string]any{
 						"labels": map[string]string{
 							"environment":                    "prod",
 							"argocd.argoproj.io/secret-type": "cluster",
@@ -814,8 +814,8 @@ func TestInterpolatedMatrixGenerateGoTemplate(t *testing.T) {

 		t.Run(testCaseCopy.name, func(t *testing.T) {
 			genMock := &generatorMock{}
-			appSet := &argoprojiov1alpha1.ApplicationSet{
-				Spec: argoprojiov1alpha1.ApplicationSetSpec{
+			appSet := &v1alpha1.ApplicationSet{
+				Spec: v1alpha1.ApplicationSetSpec{
 					GoTemplate: true,
 				},
 			}
@@ -826,14 +826,14 @@ func TestInterpolatedMatrixGenerateGoTemplate(t *testing.T) {
 				fakeClient,
 				testCase.clientError,
 			}
-			clusterGenerator := NewClusterGenerator(cl, context.Background(), appClientset, "namespace")
+			clusterGenerator := NewClusterGenerator(t.Context(), cl, appClientset, "namespace")

 			for _, g := range testCaseCopy.baseGenerators {
-				gitGeneratorSpec := argoprojiov1alpha1.ApplicationSetGenerator{
+				gitGeneratorSpec := v1alpha1.ApplicationSetGenerator{
 					Git:      g.Git,
 					Clusters: g.Clusters,
 				}
-				genMock.On("GenerateParams", mock.AnythingOfType("*v1alpha1.ApplicationSetGenerator"), appSet).Return([]map[string]interface{}{
+				genMock.On("GenerateParams", mock.AnythingOfType("*v1alpha1.ApplicationSetGenerator"), appSet).Return([]map[string]any{
 					{
 						"path": map[string]string{
 							"path":               "examples/git-generator-files-discovery/cluster-config/dev/config.json",
@@ -850,7 +850,7 @@ func TestInterpolatedMatrixGenerateGoTemplate(t *testing.T) {
 					},
 				}, nil)
 				genMock.On("GetTemplate", &gitGeneratorSpec).
-					Return(&argoprojiov1alpha1.ApplicationSetTemplate{})
+					Return(&v1alpha1.ApplicationSetTemplate{})
 			}
 			matrixGenerator := NewMatrixGenerator(
 				map[string]Generator{
@@ -859,10 +859,10 @@ func TestInterpolatedMatrixGenerateGoTemplate(t *testing.T) {
 				},
 			)

-			got, err := matrixGenerator.GenerateParams(&argoprojiov1alpha1.ApplicationSetGenerator{
-				Matrix: &argoprojiov1alpha1.MatrixGenerator{
+			got, err := matrixGenerator.GenerateParams(&v1alpha1.ApplicationSetGenerator{
+				Matrix: &v1alpha1.MatrixGenerator{
 					Generators: testCaseCopy.baseGenerators,
-					Template:   argoprojiov1alpha1.ApplicationSetTemplate{},
+					Template:   v1alpha1.ApplicationSetTemplate{},
 				},
 			}, appSet, nil)

@@ -877,28 +877,28 @@ func TestInterpolatedMatrixGenerateGoTemplate(t *testing.T) {
 }

 func TestMatrixGenerateListElementsYaml(t *testing.T) {
-	gitGenerator := &argoprojiov1alpha1.GitGenerator{
+	gitGenerator := &v1alpha1.GitGenerator{
 		RepoURL:  "RepoURL",
 		Revision: "Revision",
-		Files: []argoprojiov1alpha1.GitFileGeneratorItem{
+		Files: []v1alpha1.GitFileGeneratorItem{
 			{Path: "config.yaml"},
 		},
 	}

-	listGenerator := &argoprojiov1alpha1.ListGenerator{
+	listGenerator := &v1alpha1.ListGenerator{
 		Elements:     []apiextensionsv1.JSON{},
 		ElementsYaml: "{{ .foo.bar | toJson }}",
 	}

 	testCases := []struct {
 		name           string
-		baseGenerators []argoprojiov1alpha1.ApplicationSetNestedGenerator
+		baseGenerators []v1alpha1.ApplicationSetNestedGenerator
 		expectedErr    error
-		expected       []map[string]interface{}
+		expected       []map[string]any
 	}{
 		{
 			name: "happy flow - generate params",
-			baseGenerators: []argoprojiov1alpha1.ApplicationSetNestedGenerator{
+			baseGenerators: []v1alpha1.ApplicationSetNestedGenerator{
 				{
 					Git: gitGenerator,
 				},
@@ -906,23 +906,23 @@ func TestMatrixGenerateListElementsYaml(t *testing.T) {
 					List: listGenerator,
 				},
 			},
-			expected: []map[string]interface{}{
+			expected: []map[string]any{
 				{
 					"chart":   "a",
 					"version": "1",
-					"foo": map[string]interface{}{
-						"bar": []interface{}{
-							map[string]interface{}{
+					"foo": map[string]any{
+						"bar": []any{
+							map[string]any{
 								"chart":   "a",
 								"version": "1",
 							},
-							map[string]interface{}{
+							map[string]any{
 								"chart":   "b",
 								"version": "2",
 							},
 						},
 					},
-					"path": map[string]interface{}{
+					"path": map[string]any{
 						"basename":           "dir",
 						"basenameNormalized": "dir",
 						"filename":           "file_name.yaml",
@@ -937,19 +937,19 @@ func TestMatrixGenerateListElementsYaml(t *testing.T) {
 				{
 					"chart":   "b",
 					"version": "2",
-					"foo": map[string]interface{}{
-						"bar": []interface{}{
-							map[string]interface{}{
+					"foo": map[string]any{
+						"bar": []any{
+							map[string]any{
 								"chart":   "a",
 								"version": "1",
 							},
-							map[string]interface{}{
+							map[string]any{
 								"chart":   "b",
 								"version": "2",
 							},
 						},
 					},
-					"path": map[string]interface{}{
+					"path": map[string]any{
 						"basename":           "dir",
 						"basenameNormalized": "dir",
 						"filename":           "file_name.yaml",
@@ -970,34 +970,34 @@ func TestMatrixGenerateListElementsYaml(t *testing.T) {

 		t.Run(testCaseCopy.name, func(t *testing.T) {
 			genMock := &generatorMock{}
-			appSet := &argoprojiov1alpha1.ApplicationSet{
+			appSet := &v1alpha1.ApplicationSet{
 				ObjectMeta: metav1.ObjectMeta{
 					Name: "set",
 				},
-				Spec: argoprojiov1alpha1.ApplicationSetSpec{
+				Spec: v1alpha1.ApplicationSetSpec{
 					GoTemplate: true,
 				},
 			}

 			for _, g := range testCaseCopy.baseGenerators {
-				gitGeneratorSpec := argoprojiov1alpha1.ApplicationSetGenerator{
+				gitGeneratorSpec := v1alpha1.ApplicationSetGenerator{
 					Git:  g.Git,
 					List: g.List,
 				}
 				genMock.On("GenerateParams", mock.AnythingOfType("*v1alpha1.ApplicationSetGenerator"), appSet).Return([]map[string]any{{
-					"foo": map[string]interface{}{
-						"bar": []interface{}{
-							map[string]interface{}{
+					"foo": map[string]any{
+						"bar": []any{
+							map[string]any{
 								"chart":   "a",
 								"version": "1",
 							},
-							map[string]interface{}{
+							map[string]any{
 								"chart":   "b",
 								"version": "2",
 							},
 						},
 					},
-					"path": map[string]interface{}{
+					"path": map[string]any{
 						"basename":           "dir",
 						"basenameNormalized": "dir",
 						"filename":           "file_name.yaml",
@@ -1010,7 +1010,7 @@ func TestMatrixGenerateListElementsYaml(t *testing.T) {
 					},
 				}}, nil)
 				genMock.On("GetTemplate", &gitGeneratorSpec).
-					Return(&argoprojiov1alpha1.ApplicationSetTemplate{})
+					Return(&v1alpha1.ApplicationSetTemplate{})
 			}

 			matrixGenerator := NewMatrixGenerator(
@@ -1020,10 +1020,10 @@ func TestMatrixGenerateListElementsYaml(t *testing.T) {
 				},
 			)

-			got, err := matrixGenerator.GenerateParams(&argoprojiov1alpha1.ApplicationSetGenerator{
-				Matrix: &argoprojiov1alpha1.MatrixGenerator{
+			got, err := matrixGenerator.GenerateParams(&v1alpha1.ApplicationSetGenerator{
+				Matrix: &v1alpha1.MatrixGenerator{
 					Generators: testCaseCopy.baseGenerators,
-					Template:   argoprojiov1alpha1.ApplicationSetTemplate{},
+					Template:   v1alpha1.ApplicationSetTemplate{},
 				},
 			}, appSet, nil)

@@ -1041,19 +1041,19 @@ type generatorMock struct {
 	mock.Mock
 }

-func (g *generatorMock) GetTemplate(appSetGenerator *argoprojiov1alpha1.ApplicationSetGenerator) *argoprojiov1alpha1.ApplicationSetTemplate {
+func (g *generatorMock) GetTemplate(appSetGenerator *v1alpha1.ApplicationSetGenerator) *v1alpha1.ApplicationSetTemplate {
 	args := g.Called(appSetGenerator)

-	return args.Get(0).(*argoprojiov1alpha1.ApplicationSetTemplate)
+	return args.Get(0).(*v1alpha1.ApplicationSetTemplate)
 }

-func (g *generatorMock) GenerateParams(appSetGenerator *argoprojiov1alpha1.ApplicationSetGenerator, appSet *argoprojiov1alpha1.ApplicationSet, _ client.Client) ([]map[string]interface{}, error) {
+func (g *generatorMock) GenerateParams(appSetGenerator *v1alpha1.ApplicationSetGenerator, appSet *v1alpha1.ApplicationSet, _ client.Client) ([]map[string]any, error) {
 	args := g.Called(appSetGenerator, appSet)

-	return args.Get(0).([]map[string]interface{}), args.Error(1)
+	return args.Get(0).([]map[string]any), args.Error(1)
 }

-func (g *generatorMock) GetRequeueAfter(appSetGenerator *argoprojiov1alpha1.ApplicationSetGenerator) time.Duration {
+func (g *generatorMock) GetRequeueAfter(appSetGenerator *v1alpha1.ApplicationSetGenerator) time.Duration {
 	args := g.Called(appSetGenerator)

 	return args.Get(0).(time.Duration)
@@ -1073,33 +1073,33 @@ func TestGitGenerator_GenerateParams_list_x_git_matrix_generator(t *testing.T) {
 	// of that bug.

 	listGeneratorMock := &generatorMock{}
-	listGeneratorMock.On("GenerateParams", mock.AnythingOfType("*v1alpha1.ApplicationSetGenerator"), mock.AnythingOfType("*v1alpha1.ApplicationSet"), mock.Anything).Return([]map[string]interface{}{
+	listGeneratorMock.On("GenerateParams", mock.AnythingOfType("*v1alpha1.ApplicationSetGenerator"), mock.AnythingOfType("*v1alpha1.ApplicationSet"), mock.Anything).Return([]map[string]any{
 		{"some": "value"},
 	}, nil)
-	listGeneratorMock.On("GetTemplate", mock.AnythingOfType("*v1alpha1.ApplicationSetGenerator")).Return(&argoprojiov1alpha1.ApplicationSetTemplate{})
+	listGeneratorMock.On("GetTemplate", mock.AnythingOfType("*v1alpha1.ApplicationSetGenerator")).Return(&v1alpha1.ApplicationSetTemplate{})

-	gitGeneratorSpec := &argoprojiov1alpha1.GitGenerator{
+	gitGeneratorSpec := &v1alpha1.GitGenerator{
 		RepoURL: "https://git.example.com",
-		Files: []argoprojiov1alpha1.GitFileGeneratorItem{
+		Files: []v1alpha1.GitFileGeneratorItem{
 			{Path: "some/path.json"},
 		},
 	}

 	repoServiceMock := &mocks.Repos{}
-	repoServiceMock.On("GetFiles", mock.Anything, mock.Anything, mock.Anything, mock.Anything, mock.Anything, mock.Anything).Return(map[string][]byte{
+	repoServiceMock.On("GetFiles", mock.Anything, mock.Anything, mock.Anything, mock.Anything, mock.Anything, mock.Anything, mock.Anything).Return(map[string][]byte{
 		"some/path.json": []byte("test: content"),
 	}, nil)
-	gitGenerator := NewGitGenerator(repoServiceMock)
+	gitGenerator := NewGitGenerator(repoServiceMock, "")

 	matrixGenerator := NewMatrixGenerator(map[string]Generator{
 		"List": listGeneratorMock,
 		"Git":  gitGenerator,
 	})

-	matrixGeneratorSpec := &argoprojiov1alpha1.MatrixGenerator{
-		Generators: []argoprojiov1alpha1.ApplicationSetNestedGenerator{
+	matrixGeneratorSpec := &v1alpha1.MatrixGenerator{
+		Generators: []v1alpha1.ApplicationSetNestedGenerator{
 			{
-				List: &argoprojiov1alpha1.ListGenerator{
+				List: &v1alpha1.ListGenerator{
 					Elements: []apiextensionsv1.JSON{
 						{
 							Raw: []byte(`{"some": "value"}`),
@@ -1116,15 +1116,15 @@ func TestGitGenerator_GenerateParams_list_x_git_matrix_generator(t *testing.T) {
 	scheme := runtime.NewScheme()
 	err := v1alpha1.AddToScheme(scheme)
 	require.NoError(t, err)
-	appProject := argoprojiov1alpha1.AppProject{}
+	appProject := v1alpha1.AppProject{}

 	client := fake.NewClientBuilder().WithScheme(scheme).WithObjects(&appProject).Build()

-	params, err := matrixGenerator.GenerateParams(&argoprojiov1alpha1.ApplicationSetGenerator{
+	params, err := matrixGenerator.GenerateParams(&v1alpha1.ApplicationSetGenerator{
 		Matrix: matrixGeneratorSpec,
-	}, &argoprojiov1alpha1.ApplicationSet{}, client)
+	}, &v1alpha1.ApplicationSet{}, client)
 	require.NoError(t, err)
-	assert.Equal(t, []map[string]interface{}{{
+	assert.Equal(t, []map[string]any{{
 		"path":                    "some",
 		"path.basename":           "some",
 		"path.basenameNormalized": "some",
--- a/applicationset/generators/merge.go
+++ b/applicationset/generators/merge.go
@@ -2,24 +2,23 @@ package generators

 import (
 	"encoding/json"
+	"errors"
 	"fmt"
 	"time"

-	"github.com/imdario/mergo"
+	"dario.cat/mergo"
 	"sigs.k8s.io/controller-runtime/pkg/client"

-	"github.com/argoproj/argo-cd/v2/applicationset/utils"
-	argoprojiov1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
-
-	log "github.com/sirupsen/logrus"
+	"github.com/argoproj/argo-cd/v3/applicationset/utils"
+	argoprojiov1alpha1 "github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1"
 )

 var _ Generator = (*MergeGenerator)(nil)

 var (
-	ErrLessThanTwoGeneratorsInMerge = fmt.Errorf("found less than two generators, Merge requires two or more")
-	ErrNoMergeKeys                  = fmt.Errorf("no merge keys were specified, Merge requires at least one")
-	ErrNonUniqueParamSets           = fmt.Errorf("the parameters from a generator were not unique by the given mergeKeys, Merge requires all param sets to be unique")
+	ErrLessThanTwoGeneratorsInMerge = errors.New("found less than two generators, Merge requires two or more")
+	ErrNoMergeKeys                  = errors.New("no merge keys were specified, Merge requires at least one")
+	ErrNonUniqueParamSets           = errors.New("the parameters from a generator were not unique by the given mergeKeys, Merge requires all param sets to be unique")
 )

 type MergeGenerator struct {
@@ -37,8 +36,8 @@ func NewMergeGenerator(supportedGenerators map[string]Generator) Generator {

 // getParamSetsForAllGenerators generates params for each child generator in a MergeGenerator. Param sets are returned
 // in slices ordered according to the order of the given generators.
-func (m *MergeGenerator) getParamSetsForAllGenerators(generators []argoprojiov1alpha1.ApplicationSetNestedGenerator, appSet *argoprojiov1alpha1.ApplicationSet, client client.Client) ([][]map[string]interface{}, error) {
-	var paramSets [][]map[string]interface{}
+func (m *MergeGenerator) getParamSetsForAllGenerators(generators []argoprojiov1alpha1.ApplicationSetNestedGenerator, appSet *argoprojiov1alpha1.ApplicationSet, client client.Client) ([][]map[string]any, error) {
+	var paramSets [][]map[string]any
 	for i, generator := range generators {
 		generatorParamSets, err := m.getParams(generator, appSet, client)
 		if err != nil {
@@ -51,7 +50,7 @@ func (m *MergeGenerator) getParamSetsForAllGenerators(generators []argoprojiov1a
 }

 // GenerateParams gets the params produced by the MergeGenerator.
-func (m *MergeGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha1.ApplicationSetGenerator, appSet *argoprojiov1alpha1.ApplicationSet, client client.Client) ([]map[string]interface{}, error) {
+func (m *MergeGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha1.ApplicationSetGenerator, appSet *argoprojiov1alpha1.ApplicationSet, client client.Client) ([]map[string]any, error) {
 	if appSetGenerator.Merge == nil {
 		return nil, EmptyAppSetGeneratorError
 	}
@@ -94,11 +93,11 @@ func (m *MergeGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha1.Appl
 		}
 	}

-	mergedParamSets := make([]map[string]interface{}, len(baseParamSetsByMergeKey))
+	mergedParamSets := make([]map[string]any, len(baseParamSetsByMergeKey))
 	i := 0
 	for _, mergedParamSet := range baseParamSetsByMergeKey {
 		mergedParamSets[i] = mergedParamSet
-		i += 1
+		i++
 	}

 	return mergedParamSets, nil
@@ -107,7 +106,7 @@ func (m *MergeGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha1.Appl
 // getParamSetsByMergeKey converts the given list of parameter sets to a map of parameter sets where the key is the
 // unique key of the parameter set as determined by the given mergeKeys. If any two parameter sets share the same merge
 // key, getParamSetsByMergeKey will throw NonUniqueParamSets.
-func getParamSetsByMergeKey(mergeKeys []string, paramSets []map[string]interface{}) (map[string]map[string]interface{}, error) {
+func getParamSetsByMergeKey(mergeKeys []string, paramSets []map[string]any) (map[string]map[string]any, error) {
 	if len(mergeKeys) < 1 {
 		return nil, ErrNoMergeKeys
 	}
@@ -117,17 +116,17 @@ func getParamSetsByMergeKey(mergeKeys []string, paramSets []map[string]interface
 		deDuplicatedMergeKeys[mergeKey] = false
 	}

-	paramSetsByMergeKey := make(map[string]map[string]interface{}, len(paramSets))
+	paramSetsByMergeKey := make(map[string]map[string]any, len(paramSets))
 	for _, paramSet := range paramSets {
-		paramSetKey := make(map[string]interface{})
+		paramSetKey := make(map[string]any)
 		for mergeKey := range deDuplicatedMergeKeys {
 			paramSetKey[mergeKey] = paramSet[mergeKey]
 		}
-		paramSetKeyJson, err := json.Marshal(paramSetKey)
+		paramSetKeyJSON, err := json.Marshal(paramSetKey)
 		if err != nil {
 			return nil, fmt.Errorf("error marshalling param set key json: %w", err)
 		}
-		paramSetKeyString := string(paramSetKeyJson)
+		paramSetKeyString := string(paramSetKeyJSON)
 		if _, exists := paramSetsByMergeKey[paramSetKeyString]; exists {
 			return nil, fmt.Errorf("%w. Duplicate key was %s", ErrNonUniqueParamSets, paramSetKeyString)
 		}
@@ -138,27 +137,15 @@ func getParamSetsByMergeKey(mergeKeys []string, paramSets []map[string]interface
 }

 // getParams get the parameters generated by this generator.
-func (m *MergeGenerator) getParams(appSetBaseGenerator argoprojiov1alpha1.ApplicationSetNestedGenerator, appSet *argoprojiov1alpha1.ApplicationSet, client client.Client) ([]map[string]interface{}, error) {
+func (m *MergeGenerator) getParams(appSetBaseGenerator argoprojiov1alpha1.ApplicationSetNestedGenerator, appSet *argoprojiov1alpha1.ApplicationSet, client client.Client) ([]map[string]any, error) {
 	matrixGen, err := getMatrixGenerator(appSetBaseGenerator)
 	if err != nil {
 		return nil, err
 	}
-	if matrixGen != nil && !appSet.Spec.ApplyNestedSelectors {
-		foundSelector := dropDisabledNestedSelectors(matrixGen.Generators)
-		if foundSelector {
-			log.Warnf("AppSet '%v' defines selector on nested matrix generator's generator without enabling them via 'spec.applyNestedSelectors', ignoring nested selector", appSet.Name)
-		}
-	}
 	mergeGen, err := getMergeGenerator(appSetBaseGenerator)
 	if err != nil {
 		return nil, err
 	}
-	if mergeGen != nil && !appSet.Spec.ApplyNestedSelectors {
-		foundSelector := dropDisabledNestedSelectors(mergeGen.Generators)
-		if foundSelector {
-			log.Warnf("AppSet '%v' defines selector on nested merge generator's generator without enabling them via 'spec.applyNestedSelectors', ignoring nested selector", appSet.Name)
-		}
-	}

 	t, err := Transform(
 		argoprojiov1alpha1.ApplicationSetGenerator{
@@ -176,13 +163,13 @@ func (m *MergeGenerator) getParams(appSetBaseGenerator argoprojiov1alpha1.Applic
 		m.supportedGenerators,
 		argoprojiov1alpha1.ApplicationSetTemplate{},
 		appSet,
-		map[string]interface{}{}, client)
+		map[string]any{}, client)
 	if err != nil {
 		return nil, fmt.Errorf("child generator returned an error on parameter generation: %w", err)
 	}

 	if len(t) == 0 {
-		return nil, fmt.Errorf("child generator generated no parameters")
+		return nil, errors.New("child generator generated no parameters")
 	}

 	if len(t) > 1 {
@@ -223,9 +210,8 @@ func (m *MergeGenerator) GetRequeueAfter(appSetGenerator *argoprojiov1alpha1.App

 	if found {
 		return res
-	} else {
-		return NoRequeueAfter
 	}
+	return NoRequeueAfter
 }

 func getMergeGenerator(r argoprojiov1alpha1.ApplicationSetNestedGenerator) (*argoprojiov1alpha1.MergeGenerator, error) {
--- a/applicationset/generators/merge_test.go
+++ b/applicationset/generators/merge_test.go
@@ -9,7 +9,7 @@ import (
 	"github.com/stretchr/testify/require"
 	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"

-	argoprojiov1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
+	argoprojiov1alpha1 "github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1"
 )

 func getNestedListGenerator(json string) *argoprojiov1alpha1.ApplicationSetNestedGenerator {
@@ -36,15 +36,15 @@ func getTerminalListGeneratorMultiple(jsons []string) argoprojiov1alpha1.Applica
 	return generator
 }

-func listOfMapsToSet(maps []map[string]interface{}) (map[string]bool, error) {
+func listOfMapsToSet(maps []map[string]any) (map[string]bool, error) {
 	set := make(map[string]bool, len(maps))
 	for _, paramMap := range maps {
-		paramMapAsJson, err := json.Marshal(paramMap)
+		paramMapAsJSON, err := json.Marshal(paramMap)
 		if err != nil {
 			return nil, err
 		}

-		set[string(paramMapAsJson)] = false
+		set[string(paramMapAsJSON)] = false
 	}
 	return set, nil
 }
@@ -55,7 +55,7 @@ func TestMergeGenerate(t *testing.T) {
 		baseGenerators []argoprojiov1alpha1.ApplicationSetNestedGenerator
 		mergeKeys      []string
 		expectedErr    error
-		expected       []map[string]interface{}
+		expected       []map[string]any
 	}{
 		{
 			name:           "no generators",
@@ -79,7 +79,7 @@ func TestMergeGenerate(t *testing.T) {
 				*getNestedListGenerator(`{"a": "3_1","b": "different","c": "3_3"}`), // gets ignored because its merge key value isn't in the base params set
 			},
 			mergeKeys: []string{"b"},
-			expected: []map[string]interface{}{
+			expected: []map[string]any{
 				{"a": "2_1", "b": "same", "c": "1_3"},
 			},
 		},
@@ -90,7 +90,7 @@ func TestMergeGenerate(t *testing.T) {
 				*getNestedListGenerator(`{"a": "a"}`),
 			},
 			mergeKeys: []string{"b"},
-			expected: []map[string]interface{}{
+			expected: []map[string]any{
 				{"a": "a"},
 			},
 		},
@@ -101,7 +101,7 @@ func TestMergeGenerate(t *testing.T) {
 				*getNestedListGenerator(`{"b": "b"}`),
 			},
 			mergeKeys: []string{"b"},
-			expected: []map[string]interface{}{
+			expected: []map[string]any{
 				{"a": "a"},
 			},
 		},
@@ -119,7 +119,7 @@ func TestMergeGenerate(t *testing.T) {
 				*getNestedListGenerator(`{"a": "1", "b": "1", "c": "added"}`),
 			},
 			mergeKeys: []string{"a", "b"},
-			expected: []map[string]interface{}{
+			expected: []map[string]any{
 				{"a": "1", "b": "1", "c": "added"},
 				{"a": "1", "b": "2"},
 				{"a": "2", "b": "1"},
@@ -141,7 +141,7 @@ func TestMergeGenerate(t *testing.T) {
 				*getNestedListGenerator(`{"a": "1", "b": "3", "d": "added"}`),
 			},
 			mergeKeys: []string{"a", "b"},
-			expected: []map[string]interface{}{
+			expected: []map[string]any{
 				{"a": "1", "b": "3", "c": "added", "d": "added"},
 				{"a": "2", "b": "2"},
 			},
@@ -196,7 +196,8 @@ func TestMergeGenerate(t *testing.T) {
 	}
 }

-func toAPIExtensionsJSON(t *testing.T, g interface{}) *apiextensionsv1.JSON {
+func toAPIExtensionsJSON(t *testing.T, g any) *apiextensionsv1.JSON {
+	t.Helper()
 	resVal, err := json.Marshal(g)
 	if err != nil {
 		t.Error("unable to unmarshal json", g)
@@ -212,9 +213,9 @@ func TestParamSetsAreUniqueByMergeKeys(t *testing.T) {
 	testCases := []struct {
 		name        string
 		mergeKeys   []string
-		paramSets   []map[string]interface{}
+		paramSets   []map[string]any
 		expectedErr error
-		expected    map[string]map[string]interface{}
+		expected    map[string]map[string]any
 	}{
 		{
 			name:        "no merge keys",
@@ -224,13 +225,13 @@ func TestParamSetsAreUniqueByMergeKeys(t *testing.T) {
 		{
 			name:      "no paramSets",
 			mergeKeys: []string{"key"},
-			expected:  make(map[string]map[string]interface{}),
+			expected:  make(map[string]map[string]any),
 		},
 		{
 			name:      "simple key, unique paramSets",
 			mergeKeys: []string{"key"},
-			paramSets: []map[string]interface{}{{"key": "a"}, {"key": "b"}},
-			expected: map[string]map[string]interface{}{
+			paramSets: []map[string]any{{"key": "a"}, {"key": "b"}},
+			expected: map[string]map[string]any{
 				`{"key":"a"}`: {"key": "a"},
 				`{"key":"b"}`: {"key": "b"},
 			},
@@ -238,23 +239,23 @@ func TestParamSetsAreUniqueByMergeKeys(t *testing.T) {
 		{
 			name:      "simple key object, unique paramSets",
 			mergeKeys: []string{"key"},
-			paramSets: []map[string]interface{}{{"key": map[string]interface{}{"hello": "world"}}, {"key": "b"}},
-			expected: map[string]map[string]interface{}{
-				`{"key":{"hello":"world"}}`: {"key": map[string]interface{}{"hello": "world"}},
+			paramSets: []map[string]any{{"key": map[string]any{"hello": "world"}}, {"key": "b"}},
+			expected: map[string]map[string]any{
+				`{"key":{"hello":"world"}}`: {"key": map[string]any{"hello": "world"}},
 				`{"key":"b"}`:               {"key": "b"},
 			},
 		},
 		{
 			name:        "simple key, non-unique paramSets",
 			mergeKeys:   []string{"key"},
-			paramSets:   []map[string]interface{}{{"key": "a"}, {"key": "b"}, {"key": "b"}},
+			paramSets:   []map[string]any{{"key": "a"}, {"key": "b"}, {"key": "b"}},
 			expectedErr: fmt.Errorf("%w. Duplicate key was %s", ErrNonUniqueParamSets, `{"key":"b"}`),
 		},
 		{
 			name:      "simple key, duplicated key name, unique paramSets",
 			mergeKeys: []string{"key", "key"},
-			paramSets: []map[string]interface{}{{"key": "a"}, {"key": "b"}},
-			expected: map[string]map[string]interface{}{
+			paramSets: []map[string]any{{"key": "a"}, {"key": "b"}},
+			expected: map[string]map[string]any{
 				`{"key":"a"}`: {"key": "a"},
 				`{"key":"b"}`: {"key": "b"},
 			},
@@ -262,18 +263,18 @@ func TestParamSetsAreUniqueByMergeKeys(t *testing.T) {
 		{
 			name:        "simple key, duplicated key name, non-unique paramSets",
 			mergeKeys:   []string{"key", "key"},
-			paramSets:   []map[string]interface{}{{"key": "a"}, {"key": "b"}, {"key": "b"}},
+			paramSets:   []map[string]any{{"key": "a"}, {"key": "b"}, {"key": "b"}},
 			expectedErr: fmt.Errorf("%w. Duplicate key was %s", ErrNonUniqueParamSets, `{"key":"b"}`),
 		},
 		{
 			name:      "compound key, unique paramSets",
 			mergeKeys: []string{"key1", "key2"},
-			paramSets: []map[string]interface{}{
+			paramSets: []map[string]any{
 				{"key1": "a", "key2": "a"},
 				{"key1": "a", "key2": "b"},
 				{"key1": "b", "key2": "a"},
 			},
-			expected: map[string]map[string]interface{}{
+			expected: map[string]map[string]any{
 				`{"key1":"a","key2":"a"}`: {"key1": "a", "key2": "a"},
 				`{"key1":"a","key2":"b"}`: {"key1": "a", "key2": "b"},
 				`{"key1":"b","key2":"a"}`: {"key1": "b", "key2": "a"},
@@ -282,13 +283,13 @@ func TestParamSetsAreUniqueByMergeKeys(t *testing.T) {
 		{
 			name:      "compound key object, unique paramSets",
 			mergeKeys: []string{"key1", "key2"},
-			paramSets: []map[string]interface{}{
-				{"key1": "a", "key2": map[string]interface{}{"hello": "world"}},
+			paramSets: []map[string]any{
+				{"key1": "a", "key2": map[string]any{"hello": "world"}},
 				{"key1": "a", "key2": "b"},
 				{"key1": "b", "key2": "a"},
 			},
-			expected: map[string]map[string]interface{}{
-				`{"key1":"a","key2":{"hello":"world"}}`: {"key1": "a", "key2": map[string]interface{}{"hello": "world"}},
+			expected: map[string]map[string]any{
+				`{"key1":"a","key2":{"hello":"world"}}`: {"key1": "a", "key2": map[string]any{"hello": "world"}},
 				`{"key1":"a","key2":"b"}`:               {"key1": "a", "key2": "b"},
 				`{"key1":"b","key2":"a"}`:               {"key1": "b", "key2": "a"},
 			},
@@ -296,12 +297,12 @@ func TestParamSetsAreUniqueByMergeKeys(t *testing.T) {
 		{
 			name:      "compound key, duplicate key names, unique paramSets",
 			mergeKeys: []string{"key1", "key1", "key2"},
-			paramSets: []map[string]interface{}{
+			paramSets: []map[string]any{
 				{"key1": "a", "key2": "a"},
 				{"key1": "a", "key2": "b"},
 				{"key1": "b", "key2": "a"},
 			},
-			expected: map[string]map[string]interface{}{
+			expected: map[string]map[string]any{
 				`{"key1":"a","key2":"a"}`: {"key1": "a", "key2": "a"},
 				`{"key1":"a","key2":"b"}`: {"key1": "a", "key2": "b"},
 				`{"key1":"b","key2":"a"}`: {"key1": "b", "key2": "a"},
@@ -310,7 +311,7 @@ func TestParamSetsAreUniqueByMergeKeys(t *testing.T) {
 		{
 			name:      "compound key, non-unique paramSets",
 			mergeKeys: []string{"key1", "key2"},
-			paramSets: []map[string]interface{}{
+			paramSets: []map[string]any{
 				{"key1": "a", "key2": "a"},
 				{"key1": "a", "key2": "a"},
 				{"key1": "b", "key2": "a"},
@@ -320,7 +321,7 @@ func TestParamSetsAreUniqueByMergeKeys(t *testing.T) {
 		{
 			name:      "compound key, duplicate key names, non-unique paramSets",
 			mergeKeys: []string{"key1", "key1", "key2"},
-			paramSets: []map[string]interface{}{
+			paramSets: []map[string]any{
 				{"key1": "a", "key2": "a"},
 				{"key1": "a", "key2": "a"},
 				{"key1": "b", "key2": "a"},
--- a/applicationset/generators/mocks/Generator.go
+++ b/applicationset/generators/mocks/Generator.go
@@ -1,4 +1,4 @@
-// Code generated by mockery v2.43.2. DO NOT EDIT.
+// Code generated by mockery v2.52.4. DO NOT EDIT.

 package mocks

@@ -9,7 +9,7 @@ import (

 	time "time"

-	v1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
+	v1alpha1 "github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1"
 )

 // Generator is an autogenerated mock type for the Generator type
--- a/applicationset/generators/plugin.go
+++ b/applicationset/generators/plugin.go
@@ -2,6 +2,7 @@ package generators

 import (
 	"context"
+	"errors"
 	"fmt"
 	"strconv"
 	"strings"
@@ -12,10 +13,10 @@ import (
 	"k8s.io/client-go/kubernetes"
 	"sigs.k8s.io/controller-runtime/pkg/client"

-	argoprojiov1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
-	"github.com/argoproj/argo-cd/v2/util/settings"
+	argoprojiov1alpha1 "github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1"
+	"github.com/argoproj/argo-cd/v3/util/settings"

-	"github.com/argoproj/argo-cd/v2/applicationset/services/plugin"
+	"github.com/argoproj/argo-cd/v3/applicationset/services/plugin"
 )

 const (
@@ -31,7 +32,7 @@ type PluginGenerator struct {
 	namespace string
 }

-func NewPluginGenerator(client client.Client, ctx context.Context, clientset kubernetes.Interface, namespace string) Generator {
+func NewPluginGenerator(ctx context.Context, client client.Client, clientset kubernetes.Interface, namespace string) Generator {
 	g := &PluginGenerator{
 		client:    client,
 		ctx:       ctx,
@@ -55,7 +56,7 @@ func (g *PluginGenerator) GetTemplate(appSetGenerator *argoprojiov1alpha1.Applic
 	return &appSetGenerator.Plugin.Template
 }

-func (g *PluginGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha1.ApplicationSetGenerator, applicationSetInfo *argoprojiov1alpha1.ApplicationSet, _ client.Client) ([]map[string]interface{}, error) {
+func (g *PluginGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha1.ApplicationSetGenerator, applicationSetInfo *argoprojiov1alpha1.ApplicationSet, _ client.Client) ([]map[string]any, error) {
 	if appSetGenerator == nil {
 		return nil, EmptyAppSetGeneratorError
 	}
@@ -105,18 +106,18 @@ func (g *PluginGenerator) getPluginFromGenerator(ctx context.Context, appSetName
 		}
 	}

-	pluginClient, err := plugin.NewPluginService(ctx, appSetName, cm["baseUrl"], token, requestTimeout)
+	pluginClient, err := plugin.NewPluginService(appSetName, cm["baseUrl"], token, requestTimeout)
 	if err != nil {
 		return nil, fmt.Errorf("error initializing plugin client: %w", err)
 	}
 	return pluginClient, nil
 }

-func (g *PluginGenerator) generateParams(appSetGenerator *argoprojiov1alpha1.ApplicationSetGenerator, appSet *argoprojiov1alpha1.ApplicationSet, objectsFound []map[string]interface{}, pluginParams argoprojiov1alpha1.PluginParameters, useGoTemplate bool) ([]map[string]interface{}, error) {
-	res := []map[string]interface{}{}
+func (g *PluginGenerator) generateParams(appSetGenerator *argoprojiov1alpha1.ApplicationSetGenerator, appSet *argoprojiov1alpha1.ApplicationSet, objectsFound []map[string]any, pluginParams argoprojiov1alpha1.PluginParameters, useGoTemplate bool) ([]map[string]any, error) {
+	res := []map[string]any{}

 	for _, objectFound := range objectsFound {
-		params := map[string]interface{}{}
+		params := map[string]any{}

 		if useGoTemplate {
 			for k, v := range objectFound {
@@ -132,7 +133,7 @@ func (g *PluginGenerator) generateParams(appSetGenerator *argoprojiov1alpha1.App
 			}
 		}

-		params["generator"] = map[string]interface{}{
+		params["generator"] = map[string]any{
 			"input": map[string]argoprojiov1alpha1.PluginParameters{
 				"parameters": pluginParams,
 			},
@@ -192,14 +193,14 @@ func (g *PluginGenerator) getConfigMap(ctx context.Context, configMapRef string)
 		return nil, err
 	}

-	baseUrl, ok := cm.Data["baseUrl"]
-	if !ok || baseUrl == "" {
-		return nil, fmt.Errorf("baseUrl not found in ConfigMap")
+	baseURL, ok := cm.Data["baseUrl"]
+	if !ok || baseURL == "" {
+		return nil, errors.New("baseUrl not found in ConfigMap")
 	}

 	token, ok := cm.Data["token"]
 	if !ok || token == "" {
-		return nil, fmt.Errorf("token not found in ConfigMap")
+		return nil, errors.New("token not found in ConfigMap")
 	}

 	return cm.Data, nil
--- a/applicationset/generators/plugin_test.go
+++ b/applicationset/generators/plugin_test.go
@@ -1,8 +1,8 @@
 package generators

 import (
-	"context"
 	"encoding/json"
+	"errors"
 	"fmt"
 	"net/http"
 	"net/http/httptest"
@@ -11,7 +11,7 @@ import (

 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
-	v1 "k8s.io/api/core/v1"
+	corev1 "k8s.io/api/core/v1"
 	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
@@ -19,25 +19,25 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/client/fake"

-	"github.com/argoproj/argo-cd/v2/applicationset/services/plugin"
-	argoprojiov1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
+	"github.com/argoproj/argo-cd/v3/applicationset/services/plugin"
+	argoprojiov1alpha1 "github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1"
 )

 func TestPluginGenerateParams(t *testing.T) {
 	testCases := []struct {
 		name            string
-		configmap       *v1.ConfigMap
-		secret          *v1.Secret
+		configmap       *corev1.ConfigMap
+		secret          *corev1.Secret
 		inputParameters map[string]apiextensionsv1.JSON
 		values          map[string]string
 		gotemplate      bool
-		expected        []map[string]interface{}
+		expected        []map[string]any
 		content         []byte
 		expectedError   error
 	}{
 		{
 			name: "simple case",
-			configmap: &v1.ConfigMap{
+			configmap: &corev1.ConfigMap{
 				ObjectMeta: metav1.ObjectMeta{
 					Name:      "first-plugin-cm",
 					Namespace: "default",
@@ -47,7 +47,7 @@ func TestPluginGenerateParams(t *testing.T) {
 					"token":   "$plugin.token",
 				},
 			},
-			secret: &v1.Secret{
+			secret: &corev1.Secret{
 				ObjectMeta: metav1.ObjectMeta{
 					Name:      "argocd-secret",
 					Namespace: "default",
@@ -73,13 +73,13 @@ func TestPluginGenerateParams(t *testing.T) {
 					"key3": 123
                }]
 			 }}`),
-			expected: []map[string]interface{}{
+			expected: []map[string]any{
 				{
 					"key1":                 "val1",
 					"key2.key2_1":          "val2_1",
 					"key2.key2_2.key2_2_1": "val2_2_1",
 					"key3":                 "123",
-					"generator": map[string]interface{}{
+					"generator": map[string]any{
 						"input": argoprojiov1alpha1.PluginInput{
 							Parameters: argoprojiov1alpha1.PluginParameters{
 								"pkey1": {Raw: []byte(`"val1"`)},
@@ -93,7 +93,7 @@ func TestPluginGenerateParams(t *testing.T) {
 		},
 		{
 			name: "simple case with values",
-			configmap: &v1.ConfigMap{
+			configmap: &corev1.ConfigMap{
 				ObjectMeta: metav1.ObjectMeta{
 					Name:      "first-plugin-cm",
 					Namespace: "default",
@@ -103,7 +103,7 @@ func TestPluginGenerateParams(t *testing.T) {
 					"token":   "$plugin.token",
 				},
 			},
-			secret: &v1.Secret{
+			secret: &corev1.Secret{
 				ObjectMeta: metav1.ObjectMeta{
 					Name:      "argocd-secret",
 					Namespace: "default",
@@ -133,7 +133,7 @@ func TestPluginGenerateParams(t *testing.T) {
 					"key3": 123
                }]
 			 }}`),
-			expected: []map[string]interface{}{
+			expected: []map[string]any{
 				{
 					"key1":                 "val1",
 					"key2.key2_1":          "val2_1",
@@ -141,7 +141,7 @@ func TestPluginGenerateParams(t *testing.T) {
 					"key3":                 "123",
 					"values.valuekey1":     "valuevalue1",
 					"values.valuekey2":     "templated-val1",
-					"generator": map[string]interface{}{
+					"generator": map[string]any{
 						"input": argoprojiov1alpha1.PluginInput{
 							Parameters: argoprojiov1alpha1.PluginParameters{
 								"pkey1": {Raw: []byte(`"val1"`)},
@@ -155,7 +155,7 @@ func TestPluginGenerateParams(t *testing.T) {
 		},
 		{
 			name: "simple case with gotemplate",
-			configmap: &v1.ConfigMap{
+			configmap: &corev1.ConfigMap{
 				ObjectMeta: metav1.ObjectMeta{
 					Name:      "first-plugin-cm",
 					Namespace: "default",
@@ -165,7 +165,7 @@ func TestPluginGenerateParams(t *testing.T) {
 					"token":   "$plugin.token",
 				},
 			},
-			secret: &v1.Secret{
+			secret: &corev1.Secret{
 				ObjectMeta: metav1.ObjectMeta{
 					Name:      "argocd-secret",
 					Namespace: "default",
@@ -191,17 +191,17 @@ func TestPluginGenerateParams(t *testing.T) {
 					"key3": 123
                }]
 			 }}`),
-			expected: []map[string]interface{}{
+			expected: []map[string]any{
 				{
 					"key1": "val1",
-					"key2": map[string]interface{}{
+					"key2": map[string]any{
 						"key2_1": "val2_1",
-						"key2_2": map[string]interface{}{
+						"key2_2": map[string]any{
 							"key2_2_1": "val2_2_1",
 						},
 					},
 					"key3": float64(123),
-					"generator": map[string]interface{}{
+					"generator": map[string]any{
 						"input": argoprojiov1alpha1.PluginInput{
 							Parameters: argoprojiov1alpha1.PluginParameters{
 								"pkey1": {Raw: []byte(`"val1"`)},
@@ -215,7 +215,7 @@ func TestPluginGenerateParams(t *testing.T) {
 		},
 		{
 			name: "simple case with appended params",
-			configmap: &v1.ConfigMap{
+			configmap: &corev1.ConfigMap{
 				ObjectMeta: metav1.ObjectMeta{
 					Name:      "first-plugin-cm",
 					Namespace: "default",
@@ -225,7 +225,7 @@ func TestPluginGenerateParams(t *testing.T) {
 					"token":   "$plugin.token",
 				},
 			},
-			secret: &v1.Secret{
+			secret: &corev1.Secret{
 				ObjectMeta: metav1.ObjectMeta{
 					Name:      "argocd-secret",
 					Namespace: "default",
@@ -250,14 +250,14 @@ func TestPluginGenerateParams(t *testing.T) {
 				"key3": 123,
 				"pkey2": "valplugin"
 			 }]}}`),
-			expected: []map[string]interface{}{
+			expected: []map[string]any{
 				{
 					"key1":                 "val1",
 					"key2.key2_1":          "val2_1",
 					"key2.key2_2.key2_2_1": "val2_2_1",
 					"key3":                 "123",
 					"pkey2":                "valplugin",
-					"generator": map[string]interface{}{
+					"generator": map[string]any{
 						"input": argoprojiov1alpha1.PluginInput{
 							Parameters: argoprojiov1alpha1.PluginParameters{
 								"pkey1": {Raw: []byte(`"val1"`)},
@@ -271,7 +271,7 @@ func TestPluginGenerateParams(t *testing.T) {
 		},
 		{
 			name: "no params",
-			configmap: &v1.ConfigMap{
+			configmap: &corev1.ConfigMap{
 				ObjectMeta: metav1.ObjectMeta{
 					Name:      "first-plugin-cm",
 					Namespace: "default",
@@ -281,7 +281,7 @@ func TestPluginGenerateParams(t *testing.T) {
 					"token":   "$plugin.token",
 				},
 			},
-			secret: &v1.Secret{
+			secret: &corev1.Secret{
 				ObjectMeta: metav1.ObjectMeta{
 					Name:      "argocd-secret",
 					Namespace: "default",
@@ -304,14 +304,14 @@ func TestPluginGenerateParams(t *testing.T) {
 					"key3": 123
                }]
 			 }}`),
-			expected: []map[string]interface{}{
+			expected: []map[string]any{
 				{
 					"key1":                 "val1",
 					"key2.key2_1":          "val2_1",
 					"key2.key2_2.key2_2_1": "val2_2_1",
 					"key3":                 "123",
-					"generator": map[string]interface{}{
-						"input": map[string]map[string]interface{}{
+					"generator": map[string]any{
+						"input": map[string]map[string]any{
 							"parameters": {},
 						},
 					},
@@ -321,7 +321,7 @@ func TestPluginGenerateParams(t *testing.T) {
 		},
 		{
 			name: "empty return",
-			configmap: &v1.ConfigMap{
+			configmap: &corev1.ConfigMap{
 				ObjectMeta: metav1.ObjectMeta{
 					Name:      "first-plugin-cm",
 					Namespace: "default",
@@ -331,7 +331,7 @@ func TestPluginGenerateParams(t *testing.T) {
 					"token":   "$plugin.token",
 				},
 			},
-			secret: &v1.Secret{
+			secret: &corev1.Secret{
 				ObjectMeta: metav1.ObjectMeta{
 					Name:      "argocd-secret",
 					Namespace: "default",
@@ -343,12 +343,12 @@ func TestPluginGenerateParams(t *testing.T) {
 			inputParameters: map[string]apiextensionsv1.JSON{},
 			gotemplate:      false,
 			content:         []byte(`{"input": {"parameters": []}}`),
-			expected:        []map[string]interface{}{},
+			expected:        []map[string]any{},
 			expectedError:   nil,
 		},
 		{
 			name: "wrong return",
-			configmap: &v1.ConfigMap{
+			configmap: &corev1.ConfigMap{
 				ObjectMeta: metav1.ObjectMeta{
 					Name:      "first-plugin-cm",
 					Namespace: "default",
@@ -358,7 +358,7 @@ func TestPluginGenerateParams(t *testing.T) {
 					"token":   "$plugin.token",
 				},
 			},
-			secret: &v1.Secret{
+			secret: &corev1.Secret{
 				ObjectMeta: metav1.ObjectMeta{
 					Name:      "argocd-secret",
 					Namespace: "default",
@@ -370,12 +370,12 @@ func TestPluginGenerateParams(t *testing.T) {
 			inputParameters: map[string]apiextensionsv1.JSON{},
 			gotemplate:      false,
 			content:         []byte(`wrong body ...`),
-			expected:        []map[string]interface{}{},
-			expectedError:   fmt.Errorf("error listing params: error get api 'set': invalid character 'w' looking for beginning of value: wrong body ..."),
+			expected:        []map[string]any{},
+			expectedError:   errors.New("error listing params: error get api 'set': invalid character 'w' looking for beginning of value: wrong body ..."),
 		},
 		{
 			name: "external secret",
-			configmap: &v1.ConfigMap{
+			configmap: &corev1.ConfigMap{
 				ObjectMeta: metav1.ObjectMeta{
 					Name:      "first-plugin-cm",
 					Namespace: "default",
@@ -385,7 +385,7 @@ func TestPluginGenerateParams(t *testing.T) {
 					"token":   "$plugin-secret:plugin.token",
 				},
 			},
-			secret: &v1.Secret{
+			secret: &corev1.Secret{
 				ObjectMeta: metav1.ObjectMeta{
 					Name:      "plugin-secret",
 					Namespace: "default",
@@ -410,14 +410,14 @@ func TestPluginGenerateParams(t *testing.T) {
 				"key3": 123,
 				"pkey2": "valplugin"
 			 }]}}`),
-			expected: []map[string]interface{}{
+			expected: []map[string]any{
 				{
 					"key1":                 "val1",
 					"key2.key2_1":          "val2_1",
 					"key2.key2_2.key2_2_1": "val2_2_1",
 					"key3":                 "123",
 					"pkey2":                "valplugin",
-					"generator": map[string]interface{}{
+					"generator": map[string]any{
 						"input": argoprojiov1alpha1.PluginInput{
 							Parameters: argoprojiov1alpha1.PluginParameters{
 								"pkey1": {Raw: []byte(`"val1"`)},
@@ -431,7 +431,7 @@ func TestPluginGenerateParams(t *testing.T) {
 		},
 		{
 			name: "no secret",
-			configmap: &v1.ConfigMap{
+			configmap: &corev1.ConfigMap{
 				ObjectMeta: metav1.ObjectMeta{
 					Name:      "first-plugin-cm",
 					Namespace: "default",
@@ -441,7 +441,7 @@ func TestPluginGenerateParams(t *testing.T) {
 					"token":   "$plugin.token",
 				},
 			},
-			secret: &v1.Secret{},
+			secret: &corev1.Secret{},
 			inputParameters: map[string]apiextensionsv1.JSON{
 				"pkey1": {Raw: []byte(`"val1"`)},
 				"pkey2": {Raw: []byte(`"val2"`)},
@@ -459,13 +459,13 @@ func TestPluginGenerateParams(t *testing.T) {
 					"key3": 123
                }]
 			 }}`),
-			expected: []map[string]interface{}{
+			expected: []map[string]any{
 				{
 					"key1":                 "val1",
 					"key2.key2_1":          "val2_1",
 					"key2.key2_2.key2_2_1": "val2_2_1",
 					"key3":                 "123",
-					"generator": map[string]interface{}{
+					"generator": map[string]any{
 						"input": argoprojiov1alpha1.PluginInput{
 							Parameters: argoprojiov1alpha1.PluginParameters{
 								"pkey1": {Raw: []byte(`"val1"`)},
@@ -475,12 +475,12 @@ func TestPluginGenerateParams(t *testing.T) {
 					},
 				},
 			},
-			expectedError: fmt.Errorf("error getting plugin from generator: error fetching Secret token: error fetching secret default/argocd-secret: secrets \"argocd-secret\" not found"),
+			expectedError: errors.New("error getting plugin from generator: error fetching Secret token: error fetching secret default/argocd-secret: secrets \"argocd-secret\" not found"),
 		},
 		{
 			name:      "no configmap",
-			configmap: &v1.ConfigMap{},
-			secret: &v1.Secret{
+			configmap: &corev1.ConfigMap{},
+			secret: &corev1.Secret{
 				ObjectMeta: metav1.ObjectMeta{
 					Name:      "argocd-secret",
 					Namespace: "default",
@@ -506,13 +506,13 @@ func TestPluginGenerateParams(t *testing.T) {
 					"key3": 123
                }]
 			 }}`),
-			expected: []map[string]interface{}{
+			expected: []map[string]any{
 				{
 					"key1":                 "val1",
 					"key2.key2_1":          "val2_1",
 					"key2.key2_2.key2_2_1": "val2_2_1",
 					"key3":                 "123",
-					"generator": map[string]interface{}{
+					"generator": map[string]any{
 						"input": argoprojiov1alpha1.PluginInput{
 							Parameters: argoprojiov1alpha1.PluginParameters{
 								"pkey1": {Raw: []byte(`"val1"`)},
@@ -522,11 +522,11 @@ func TestPluginGenerateParams(t *testing.T) {
 					},
 				},
 			},
-			expectedError: fmt.Errorf("error getting plugin from generator: error fetching ConfigMap: configmaps \"\" not found"),
+			expectedError: errors.New("error getting plugin from generator: error fetching ConfigMap: configmaps \"\" not found"),
 		},
 		{
 			name: "no baseUrl",
-			configmap: &v1.ConfigMap{
+			configmap: &corev1.ConfigMap{
 				ObjectMeta: metav1.ObjectMeta{
 					Name:      "first-plugin-cm",
 					Namespace: "default",
@@ -535,7 +535,7 @@ func TestPluginGenerateParams(t *testing.T) {
 					"token": "$plugin.token",
 				},
 			},
-			secret: &v1.Secret{
+			secret: &corev1.Secret{
 				ObjectMeta: metav1.ObjectMeta{
 					Name:      "argocd-secret",
 					Namespace: "default",
@@ -561,13 +561,13 @@ func TestPluginGenerateParams(t *testing.T) {
 					"key3": 123
                }]
 			 }}`),
-			expected: []map[string]interface{}{
+			expected: []map[string]any{
 				{
 					"key1":                 "val1",
 					"key2.key2_1":          "val2_1",
 					"key2.key2_2.key2_2_1": "val2_2_1",
 					"key3":                 "123",
-					"generator": map[string]interface{}{
+					"generator": map[string]any{
 						"input": argoprojiov1alpha1.PluginInput{
 							Parameters: argoprojiov1alpha1.PluginParameters{
 								"pkey1": {Raw: []byte(`"val1"`)},
@@ -577,11 +577,11 @@ func TestPluginGenerateParams(t *testing.T) {
 					},
 				},
 			},
-			expectedError: fmt.Errorf("error getting plugin from generator: error fetching ConfigMap: baseUrl not found in ConfigMap"),
+			expectedError: errors.New("error getting plugin from generator: error fetching ConfigMap: baseUrl not found in ConfigMap"),
 		},
 		{
 			name: "no token",
-			configmap: &v1.ConfigMap{
+			configmap: &corev1.ConfigMap{
 				ObjectMeta: metav1.ObjectMeta{
 					Name:      "first-plugin-cm",
 					Namespace: "default",
@@ -590,7 +590,7 @@ func TestPluginGenerateParams(t *testing.T) {
 					"baseUrl": "http://127.0.0.1",
 				},
 			},
-			secret: &v1.Secret{},
+			secret: &corev1.Secret{},
 			inputParameters: map[string]apiextensionsv1.JSON{
 				"pkey1": {Raw: []byte(`"val1"`)},
 				"pkey2": {Raw: []byte(`"val2"`)},
@@ -608,13 +608,13 @@ func TestPluginGenerateParams(t *testing.T) {
 					"key3": 123
                }]
 			 }}`),
-			expected: []map[string]interface{}{
+			expected: []map[string]any{
 				{
 					"key1":                 "val1",
 					"key2.key2_1":          "val2_1",
 					"key2.key2_2.key2_2_1": "val2_2_1",
 					"key3":                 "123",
-					"generator": map[string]interface{}{
+					"generator": map[string]any{
 						"input": argoprojiov1alpha1.PluginInput{
 							Parameters: argoprojiov1alpha1.PluginParameters{
 								"pkey1": {Raw: []byte(`"val1"`)},
@@ -624,11 +624,11 @@ func TestPluginGenerateParams(t *testing.T) {
 					},
 				},
 			},
-			expectedError: fmt.Errorf("error getting plugin from generator: error fetching ConfigMap: token not found in ConfigMap"),
+			expectedError: errors.New("error getting plugin from generator: error fetching ConfigMap: token not found in ConfigMap"),
 		},
 	}

-	ctx := context.Background()
+	ctx := t.Context()

 	for _, testCase := range testCases {
 		t.Run(testCase.name, func(t *testing.T) {
@@ -670,7 +670,7 @@ func TestPluginGenerateParams(t *testing.T) {

 			fakeClientWithCache := fake.NewClientBuilder().WithObjects([]client.Object{testCase.configmap, testCase.secret}...).Build()

-			pluginGenerator := NewPluginGenerator(fakeClientWithCache, ctx, fakeClient, "default")
+			pluginGenerator := NewPluginGenerator(ctx, fakeClientWithCache, fakeClient, "default")

 			applicationSetInfo := argoprojiov1alpha1.ApplicationSet{
 				ObjectMeta: metav1.ObjectMeta{
@@ -690,11 +690,11 @@ func TestPluginGenerateParams(t *testing.T) {
 				require.EqualError(t, err, testCase.expectedError.Error())
 			} else {
 				require.NoError(t, err)
-				expectedJson, err := json.Marshal(testCase.expected)
+				expectedJSON, err := json.Marshal(testCase.expected)
 				require.NoError(t, err)
-				gotJson, err := json.Marshal(got)
+				gotJSON, err := json.Marshal(got)
 				require.NoError(t, err)
-				assert.Equal(t, string(expectedJson), string(gotJson))
+				assert.JSONEq(t, string(expectedJSON), string(gotJSON))
 			}
 		})
 	}
--- a/applicationset/generators/pull_request.go
+++ b/applicationset/generators/pull_request.go
@@ -2,6 +2,7 @@ package generators

 import (
 	"context"
+	"errors"
 	"fmt"
 	"strconv"
 	"time"
@@ -10,9 +11,9 @@ import (

 	"github.com/gosimple/slug"

-	pullrequest "github.com/argoproj/argo-cd/v2/applicationset/services/pull_request"
-	"github.com/argoproj/argo-cd/v2/applicationset/utils"
-	argoprojiov1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
+	pullrequest "github.com/argoproj/argo-cd/v3/applicationset/services/pull_request"
+	"github.com/argoproj/argo-cd/v3/applicationset/utils"
+	argoprojiov1alpha1 "github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1"
 )

 var _ Generator = (*PullRequestGenerator)(nil)
@@ -50,7 +51,7 @@ func (g *PullRequestGenerator) GetTemplate(appSetGenerator *argoprojiov1alpha1.A
 	return &appSetGenerator.PullRequest.Template
 }

-func (g *PullRequestGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha1.ApplicationSetGenerator, applicationSetInfo *argoprojiov1alpha1.ApplicationSet, _ client.Client) ([]map[string]interface{}, error) {
+func (g *PullRequestGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha1.ApplicationSetGenerator, applicationSetInfo *argoprojiov1alpha1.ApplicationSet, _ client.Client) ([]map[string]any, error) {
 	if appSetGenerator == nil {
 		return nil, EmptyAppSetGeneratorError
 	}
@@ -69,7 +70,7 @@ func (g *PullRequestGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha
 	if err != nil {
 		return nil, fmt.Errorf("error listing repos: %w", err)
 	}
-	params := make([]map[string]interface{}, 0, len(pulls))
+	params := make([]map[string]any, 0, len(pulls))

 	// In order to follow the DNS label standard as defined in RFC 1123,
 	// we need to limit the 'branch' to 50 to give room to append/suffix-ing it
@@ -95,7 +96,7 @@ func (g *PullRequestGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha
 			shortSHALength7 = len(pull.HeadSHA)
 		}

-		paramMap := map[string]interface{}{
+		paramMap := map[string]any{
 			"number":             strconv.Itoa(pull.Number),
 			"title":              pull.Title,
 			"branch":             pull.Branch,
@@ -108,6 +109,11 @@ func (g *PullRequestGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha
 			"author":             pull.Author,
 		}

+		err := appendTemplatedValues(appSetGenerator.PullRequest.Values, paramMap, applicationSetInfo.Spec.GoTemplate, applicationSetInfo.Spec.GoTemplateOptions)
+		if err != nil {
+			return nil, fmt.Errorf("failed to append templated values: %w", err)
+		}
+
 		// PR lables will only be supported for Go Template appsets, since fasttemplate will be deprecated.
 		if applicationSetInfo != nil && applicationSetInfo.Spec.GoTemplate {
 			paramMap["labels"] = pull.Labels
@@ -139,19 +145,19 @@ func (g *PullRequestGenerator) selectServiceProvider(ctx context.Context, genera
 				return nil, fmt.Errorf("error fetching CA certificates from ConfigMap: %w", prErr)
 			}
 		}
-		token, err := utils.GetSecretRef(ctx, g.client, providerConfig.TokenRef, applicationSetInfo.Namespace)
+		token, err := utils.GetSecretRef(ctx, g.client, providerConfig.TokenRef, applicationSetInfo.Namespace, g.tokenRefStrictMode)
 		if err != nil {
 			return nil, fmt.Errorf("error fetching Secret token: %w", err)
 		}
-		return pullrequest.NewGitLabService(ctx, token, providerConfig.API, providerConfig.Project, providerConfig.Labels, providerConfig.PullRequestState, g.scmRootCAPath, providerConfig.Insecure, caCerts)
+		return pullrequest.NewGitLabService(token, providerConfig.API, providerConfig.Project, providerConfig.Labels, providerConfig.PullRequestState, g.scmRootCAPath, providerConfig.Insecure, caCerts)
 	}
 	if generatorConfig.Gitea != nil {
 		providerConfig := generatorConfig.Gitea
-		token, err := utils.GetSecretRef(ctx, g.client, providerConfig.TokenRef, applicationSetInfo.Namespace)
+		token, err := utils.GetSecretRef(ctx, g.client, providerConfig.TokenRef, applicationSetInfo.Namespace, g.tokenRefStrictMode)
 		if err != nil {
 			return nil, fmt.Errorf("error fetching Secret token: %w", err)
 		}
-		return pullrequest.NewGiteaService(ctx, token, providerConfig.API, providerConfig.Owner, providerConfig.Repo, providerConfig.Insecure)
+		return pullrequest.NewGiteaService(token, providerConfig.API, providerConfig.Owner, providerConfig.Repo, providerConfig.Insecure)
 	}
 	if generatorConfig.BitbucketServer != nil {
 		providerConfig := generatorConfig.BitbucketServer
@@ -164,48 +170,46 @@ func (g *PullRequestGenerator) selectServiceProvider(ctx context.Context, genera
 			}
 		}
 		if providerConfig.BearerToken != nil {
-			appToken, err := utils.GetSecretRef(ctx, g.client, providerConfig.BearerToken.TokenRef, applicationSetInfo.Namespace)
+			appToken, err := utils.GetSecretRef(ctx, g.client, providerConfig.BearerToken.TokenRef, applicationSetInfo.Namespace, g.tokenRefStrictMode)
 			if err != nil {
 				return nil, fmt.Errorf("error fetching Secret Bearer token: %w", err)
 			}
-			return pullrequest.NewBitbucketServiceBearerToken(ctx, providerConfig.API, appToken, providerConfig.Project, providerConfig.Repo, g.scmRootCAPath, providerConfig.Insecure, caCerts)
+			return pullrequest.NewBitbucketServiceBearerToken(ctx, appToken, providerConfig.API, providerConfig.Project, providerConfig.Repo, g.scmRootCAPath, providerConfig.Insecure, caCerts)
 		} else if providerConfig.BasicAuth != nil {
-			password, err := utils.GetSecretRef(ctx, g.client, providerConfig.BasicAuth.PasswordRef, applicationSetInfo.Namespace)
+			password, err := utils.GetSecretRef(ctx, g.client, providerConfig.BasicAuth.PasswordRef, applicationSetInfo.Namespace, g.tokenRefStrictMode)
 			if err != nil {
 				return nil, fmt.Errorf("error fetching Secret token: %w", err)
 			}
 			return pullrequest.NewBitbucketServiceBasicAuth(ctx, providerConfig.BasicAuth.Username, password, providerConfig.API, providerConfig.Project, providerConfig.Repo, g.scmRootCAPath, providerConfig.Insecure, caCerts)
-		} else {
-			return pullrequest.NewBitbucketServiceNoAuth(ctx, providerConfig.API, providerConfig.Project, providerConfig.Repo, g.scmRootCAPath, providerConfig.Insecure, caCerts)
 		}
+		return pullrequest.NewBitbucketServiceNoAuth(ctx, providerConfig.API, providerConfig.Project, providerConfig.Repo, g.scmRootCAPath, providerConfig.Insecure, caCerts)
 	}
 	if generatorConfig.Bitbucket != nil {
 		providerConfig := generatorConfig.Bitbucket
 		if providerConfig.BearerToken != nil {
-			appToken, err := utils.GetSecretRef(ctx, g.client, providerConfig.BearerToken.TokenRef, applicationSetInfo.Namespace)
+			appToken, err := utils.GetSecretRef(ctx, g.client, providerConfig.BearerToken.TokenRef, applicationSetInfo.Namespace, g.tokenRefStrictMode)
 			if err != nil {
 				return nil, fmt.Errorf("error fetching Secret Bearer token: %w", err)
 			}
 			return pullrequest.NewBitbucketCloudServiceBearerToken(providerConfig.API, appToken, providerConfig.Owner, providerConfig.Repo)
 		} else if providerConfig.BasicAuth != nil {
-			password, err := utils.GetSecretRef(ctx, g.client, providerConfig.BasicAuth.PasswordRef, applicationSetInfo.Namespace)
+			password, err := utils.GetSecretRef(ctx, g.client, providerConfig.BasicAuth.PasswordRef, applicationSetInfo.Namespace, g.tokenRefStrictMode)
 			if err != nil {
 				return nil, fmt.Errorf("error fetching Secret token: %w", err)
 			}
 			return pullrequest.NewBitbucketCloudServiceBasicAuth(providerConfig.API, providerConfig.BasicAuth.Username, password, providerConfig.Owner, providerConfig.Repo)
-		} else {
-			return pullrequest.NewBitbucketCloudServiceNoAuth(providerConfig.API, providerConfig.Owner, providerConfig.Repo)
 		}
+		return pullrequest.NewBitbucketCloudServiceNoAuth(providerConfig.API, providerConfig.Owner, providerConfig.Repo)
 	}
 	if generatorConfig.AzureDevOps != nil {
 		providerConfig := generatorConfig.AzureDevOps
-		token, err := utils.GetSecretRef(ctx, g.client, providerConfig.TokenRef, applicationSetInfo.Namespace)
+		token, err := utils.GetSecretRef(ctx, g.client, providerConfig.TokenRef, applicationSetInfo.Namespace, g.tokenRefStrictMode)
 		if err != nil {
 			return nil, fmt.Errorf("error fetching Secret token: %w", err)
 		}
-		return pullrequest.NewAzureDevOpsService(ctx, token, providerConfig.API, providerConfig.Organization, providerConfig.Project, providerConfig.Repo, providerConfig.Labels)
+		return pullrequest.NewAzureDevOpsService(token, providerConfig.API, providerConfig.Organization, providerConfig.Project, providerConfig.Repo, providerConfig.Labels)
 	}
-	return nil, fmt.Errorf("no Pull Request provider implementation configured")
+	return nil, errors.New("no Pull Request provider implementation configured")
 }

 func (g *PullRequestGenerator) github(ctx context.Context, cfg *argoprojiov1alpha1.PullRequestGeneratorGithub, applicationSetInfo *argoprojiov1alpha1.ApplicationSet) (pullrequest.PullRequestService, error) {
@@ -219,9 +223,9 @@ func (g *PullRequestGenerator) github(ctx context.Context, cfg *argoprojiov1alph
 	}

 	// always default to token, even if not set (public access)
-	token, err := utils.GetSecretRef(ctx, g.client, cfg.TokenRef, applicationSetInfo.Namespace)
+	token, err := utils.GetSecretRef(ctx, g.client, cfg.TokenRef, applicationSetInfo.Namespace, g.tokenRefStrictMode)
 	if err != nil {
 		return nil, fmt.Errorf("error fetching Secret token: %w", err)
 	}
-	return pullrequest.NewGithubService(ctx, token, cfg.API, cfg.Owner, cfg.Repo, cfg.Labels)
+	return pullrequest.NewGithubService(token, cfg.API, cfg.Owner, cfg.Repo, cfg.Labels)
 }
--- a/applicationset/generators/pull_request_test.go
+++ b/applicationset/generators/pull_request_test.go
@@ -2,22 +2,23 @@ package generators

 import (
 	"context"
-	"fmt"
+	"errors"
 	"testing"

 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"

-	pullrequest "github.com/argoproj/argo-cd/v2/applicationset/services/pull_request"
-	argoprojiov1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
+	pullrequest "github.com/argoproj/argo-cd/v3/applicationset/services/pull_request"
+	argoprojiov1alpha1 "github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1"
 )

 func TestPullRequestGithubGenerateParams(t *testing.T) {
-	ctx := context.Background()
+	ctx := t.Context()
 	cases := []struct {
 		selectFunc     func(context.Context, *argoprojiov1alpha1.PullRequestGenerator, *argoprojiov1alpha1.ApplicationSet) (pullrequest.PullRequestService, error)
-		expected       []map[string]interface{}
+		values         map[string]string
+		expected       []map[string]any
 		expectedErr    error
 		applicationSet argoprojiov1alpha1.ApplicationSet
 	}{
@@ -38,7 +39,7 @@ func TestPullRequestGithubGenerateParams(t *testing.T) {
 					nil,
 				)
 			},
-			expected: []map[string]interface{}{
+			expected: []map[string]any{
 				{
 					"number":             "1",
 					"title":              "title1",
@@ -71,7 +72,7 @@ func TestPullRequestGithubGenerateParams(t *testing.T) {
 					nil,
 				)
 			},
-			expected: []map[string]interface{}{
+			expected: []map[string]any{
 				{
 					"number":             "2",
 					"title":              "title2",
@@ -104,7 +105,7 @@ func TestPullRequestGithubGenerateParams(t *testing.T) {
 					nil,
 				)
 			},
-			expected: []map[string]interface{}{
+			expected: []map[string]any{
 				{
 					"number":             "1",
 					"title":              "title1",
@@ -124,12 +125,51 @@ func TestPullRequestGithubGenerateParams(t *testing.T) {
 			selectFunc: func(context.Context, *argoprojiov1alpha1.PullRequestGenerator, *argoprojiov1alpha1.ApplicationSet) (pullrequest.PullRequestService, error) {
 				return pullrequest.NewFakeService(
 					ctx,
+					[]*pullrequest.PullRequest{
+						{
+							Number:       1,
+							Title:        "title1",
+							Branch:       "my_branch",
+							TargetBranch: "master",
+							HeadSHA:      "abcd",
+							Author:       "testName",
+						},
+					},
 					nil,
-					fmt.Errorf("fake error"),
+				)
+			},
+			values: map[string]string{
+				"foo":       "bar",
+				"pr_branch": "{{ branch }}",
+			},
+			expected: []map[string]any{
+				{
+					"number":             "1",
+					"title":              "title1",
+					"branch":             "my_branch",
+					"branch_slug":        "my-branch",
+					"target_branch":      "master",
+					"target_branch_slug": "master",
+					"head_sha":           "abcd",
+					"head_short_sha":     "abcd",
+					"head_short_sha_7":   "abcd",
+					"author":             "testName",
+					"values.foo":         "bar",
+					"values.pr_branch":   "my_branch",
+				},
+			},
+			expectedErr: nil,
+		},
+		{
+			selectFunc: func(context.Context, *argoprojiov1alpha1.PullRequestGenerator, *argoprojiov1alpha1.ApplicationSet) (pullrequest.PullRequestService, error) {
+				return pullrequest.NewFakeService(
+					ctx,
+					nil,
+					errors.New("fake error"),
 				)
 			},
 			expected:    nil,
-			expectedErr: fmt.Errorf("error listing repos: fake error"),
+			expectedErr: errors.New("error listing repos: fake error"),
 		},
 		{
 			selectFunc: func(context.Context, *argoprojiov1alpha1.PullRequestGenerator, *argoprojiov1alpha1.ApplicationSet) (pullrequest.PullRequestService, error) {
@@ -149,7 +189,7 @@ func TestPullRequestGithubGenerateParams(t *testing.T) {
 					nil,
 				)
 			},
-			expected: []map[string]interface{}{
+			expected: []map[string]any{
 				{
 					"number":             "1",
 					"title":              "title1",
@@ -190,7 +230,7 @@ func TestPullRequestGithubGenerateParams(t *testing.T) {
 					nil,
 				)
 			},
-			expected: []map[string]interface{}{
+			expected: []map[string]any{
 				{
 					"number":             "1",
 					"title":              "title1",
@@ -219,12 +259,14 @@ func TestPullRequestGithubGenerateParams(t *testing.T) {
 			selectServiceProviderFunc: c.selectFunc,
 		}
 		generatorConfig := argoprojiov1alpha1.ApplicationSetGenerator{
-			PullRequest: &argoprojiov1alpha1.PullRequestGenerator{},
+			PullRequest: &argoprojiov1alpha1.PullRequestGenerator{
+				Values: c.values,
+			},
 		}

 		got, gotErr := gen.GenerateParams(&generatorConfig, &c.applicationSet, nil)
 		if c.expectedErr != nil {
-			assert.Equal(t, c.expectedErr.Error(), gotErr.Error())
+			require.EqualError(t, gotErr, c.expectedErr.Error())
 		} else {
 			require.NoError(t, gotErr)
 		}
@@ -283,7 +325,7 @@ func TestAllowedSCMProviderPullRequest(t *testing.T) {
 				"gitea.myorg.com",
 				"bitbucket.myorg.com",
 				"azuredevops.myorg.com",
-			}, true, nil))
+			}, true, nil, true))

 			applicationSetInfo := argoprojiov1alpha1.ApplicationSet{
 				ObjectMeta: metav1.ObjectMeta{
@@ -306,7 +348,7 @@ func TestAllowedSCMProviderPullRequest(t *testing.T) {
 }

 func TestSCMProviderDisabled_PRGenerator(t *testing.T) {
-	generator := NewPullRequestGenerator(nil, NewSCMConfig("", []string{}, false, nil))
+	generator := NewPullRequestGenerator(nil, NewSCMConfig("", []string{}, false, nil, true))

 	applicationSetInfo := argoprojiov1alpha1.ApplicationSet{
 		ObjectMeta: metav1.ObjectMeta{
--- a/applicationset/generators/scm_provider.go
+++ b/applicationset/generators/scm_provider.go
@@ -11,11 +11,11 @@ import (

 	log "github.com/sirupsen/logrus"

-	"github.com/argoproj/argo-cd/v2/applicationset/services/github_app_auth"
-	"github.com/argoproj/argo-cd/v2/applicationset/services/scm_provider"
-	"github.com/argoproj/argo-cd/v2/applicationset/utils"
-	"github.com/argoproj/argo-cd/v2/common"
-	argoprojiov1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
+	"github.com/argoproj/argo-cd/v3/applicationset/services/github_app_auth"
+	"github.com/argoproj/argo-cd/v3/applicationset/services/scm_provider"
+	"github.com/argoproj/argo-cd/v3/applicationset/utils"
+	"github.com/argoproj/argo-cd/v3/common"
+	argoprojiov1alpha1 "github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1"
 )

 var _ Generator = (*SCMProviderGenerator)(nil)
@@ -35,14 +35,16 @@ type SCMConfig struct {
 	allowedSCMProviders []string
 	enableSCMProviders  bool
 	GitHubApps          github_app_auth.Credentials
+	tokenRefStrictMode  bool
 }

-func NewSCMConfig(scmRootCAPath string, allowedSCMProviders []string, enableSCMProviders bool, gitHubApps github_app_auth.Credentials) SCMConfig {
+func NewSCMConfig(scmRootCAPath string, allowedSCMProviders []string, enableSCMProviders bool, gitHubApps github_app_auth.Credentials, tokenRefStrictMode bool) SCMConfig {
 	return SCMConfig{
 		scmRootCAPath:       scmRootCAPath,
 		allowedSCMProviders: allowedSCMProviders,
 		enableSCMProviders:  enableSCMProviders,
 		GitHubApps:          gitHubApps,
+		tokenRefStrictMode:  tokenRefStrictMode,
 	}
 }

@@ -114,7 +116,7 @@ func ScmProviderAllowed(applicationSetInfo *argoprojiov1alpha1.ApplicationSet, g
 	return NewErrDisallowedSCMProvider(url, allowedScmProviders)
 }

-func (g *SCMProviderGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha1.ApplicationSetGenerator, applicationSetInfo *argoprojiov1alpha1.ApplicationSet, _ client.Client) ([]map[string]interface{}, error) {
+func (g *SCMProviderGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha1.ApplicationSetGenerator, applicationSetInfo *argoprojiov1alpha1.ApplicationSet, _ client.Client) ([]map[string]any, error) {
 	if appSetGenerator == nil {
 		return nil, EmptyAppSetGeneratorError
 	}
@@ -136,15 +138,16 @@ func (g *SCMProviderGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha

 	ctx := context.Background()
 	var provider scm_provider.SCMProviderService
-	if g.overrideProvider != nil {
+	switch {
+	case g.overrideProvider != nil:
 		provider = g.overrideProvider
-	} else if providerConfig.Github != nil {
+	case providerConfig.Github != nil:
 		var err error
 		provider, err = g.githubProvider(ctx, providerConfig.Github, applicationSetInfo)
 		if err != nil {
 			return nil, fmt.Errorf("scm provider: %w", err)
 		}
-	} else if providerConfig.Gitlab != nil {
+	case providerConfig.Gitlab != nil:
 		providerConfig := providerConfig.Gitlab
 		var caCerts []byte
 		var scmError error
@@ -154,24 +157,24 @@ func (g *SCMProviderGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha
 				return nil, fmt.Errorf("error fetching CA certificates from ConfigMap: %w", scmError)
 			}
 		}
-		token, err := utils.GetSecretRef(ctx, g.client, providerConfig.TokenRef, applicationSetInfo.Namespace)
+		token, err := utils.GetSecretRef(ctx, g.client, providerConfig.TokenRef, applicationSetInfo.Namespace, g.tokenRefStrictMode)
 		if err != nil {
 			return nil, fmt.Errorf("error fetching Gitlab token: %w", err)
 		}
-		provider, err = scm_provider.NewGitlabProvider(ctx, providerConfig.Group, token, providerConfig.API, providerConfig.AllBranches, providerConfig.IncludeSubgroups, providerConfig.WillIncludeSharedProjects(), providerConfig.Insecure, g.scmRootCAPath, providerConfig.Topic, caCerts)
+		provider, err = scm_provider.NewGitlabProvider(providerConfig.Group, token, providerConfig.API, providerConfig.AllBranches, providerConfig.IncludeSubgroups, providerConfig.WillIncludeSharedProjects(), providerConfig.Insecure, g.scmRootCAPath, providerConfig.Topic, caCerts)
 		if err != nil {
 			return nil, fmt.Errorf("error initializing Gitlab service: %w", err)
 		}
-	} else if providerConfig.Gitea != nil {
-		token, err := utils.GetSecretRef(ctx, g.client, providerConfig.Gitea.TokenRef, applicationSetInfo.Namespace)
+	case providerConfig.Gitea != nil:
+		token, err := utils.GetSecretRef(ctx, g.client, providerConfig.Gitea.TokenRef, applicationSetInfo.Namespace, g.tokenRefStrictMode)
 		if err != nil {
 			return nil, fmt.Errorf("error fetching Gitea token: %w", err)
 		}
-		provider, err = scm_provider.NewGiteaProvider(ctx, providerConfig.Gitea.Owner, token, providerConfig.Gitea.API, providerConfig.Gitea.AllBranches, providerConfig.Gitea.Insecure)
+		provider, err = scm_provider.NewGiteaProvider(providerConfig.Gitea.Owner, token, providerConfig.Gitea.API, providerConfig.Gitea.AllBranches, providerConfig.Gitea.Insecure)
 		if err != nil {
 			return nil, fmt.Errorf("error initializing Gitea service: %w", err)
 		}
-	} else if providerConfig.BitbucketServer != nil {
+	case providerConfig.BitbucketServer != nil:
 		providerConfig := providerConfig.BitbucketServer
 		var caCerts []byte
 		var scmError error
@@ -181,50 +184,51 @@ func (g *SCMProviderGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha
 				return nil, fmt.Errorf("error fetching CA certificates from ConfigMap: %w", scmError)
 			}
 		}
-		if providerConfig.BearerToken != nil {
-			appToken, err := utils.GetSecretRef(ctx, g.client, providerConfig.BearerToken.TokenRef, applicationSetInfo.Namespace)
+		switch {
+		case providerConfig.BearerToken != nil:
+			appToken, err := utils.GetSecretRef(ctx, g.client, providerConfig.BearerToken.TokenRef, applicationSetInfo.Namespace, g.tokenRefStrictMode)
 			if err != nil {
 				return nil, fmt.Errorf("error fetching Secret Bearer token: %w", err)
 			}
 			provider, scmError = scm_provider.NewBitbucketServerProviderBearerToken(ctx, appToken, providerConfig.API, providerConfig.Project, providerConfig.AllBranches, g.scmRootCAPath, providerConfig.Insecure, caCerts)
-		} else if providerConfig.BasicAuth != nil {
-			password, err := utils.GetSecretRef(ctx, g.client, providerConfig.BasicAuth.PasswordRef, applicationSetInfo.Namespace)
+		case providerConfig.BasicAuth != nil:
+			password, err := utils.GetSecretRef(ctx, g.client, providerConfig.BasicAuth.PasswordRef, applicationSetInfo.Namespace, g.tokenRefStrictMode)
 			if err != nil {
 				return nil, fmt.Errorf("error fetching Secret token: %w", err)
 			}
 			provider, scmError = scm_provider.NewBitbucketServerProviderBasicAuth(ctx, providerConfig.BasicAuth.Username, password, providerConfig.API, providerConfig.Project, providerConfig.AllBranches, g.scmRootCAPath, providerConfig.Insecure, caCerts)
-		} else {
+		default:
 			provider, scmError = scm_provider.NewBitbucketServerProviderNoAuth(ctx, providerConfig.API, providerConfig.Project, providerConfig.AllBranches, g.scmRootCAPath, providerConfig.Insecure, caCerts)
 		}
 		if scmError != nil {
 			return nil, fmt.Errorf("error initializing Bitbucket Server service: %w", scmError)
 		}
-	} else if providerConfig.AzureDevOps != nil {
-		token, err := utils.GetSecretRef(ctx, g.client, providerConfig.AzureDevOps.AccessTokenRef, applicationSetInfo.Namespace)
+	case providerConfig.AzureDevOps != nil:
+		token, err := utils.GetSecretRef(ctx, g.client, providerConfig.AzureDevOps.AccessTokenRef, applicationSetInfo.Namespace, g.tokenRefStrictMode)
 		if err != nil {
 			return nil, fmt.Errorf("error fetching Azure Devops access token: %w", err)
 		}
-		provider, err = scm_provider.NewAzureDevOpsProvider(ctx, token, providerConfig.AzureDevOps.Organization, providerConfig.AzureDevOps.API, providerConfig.AzureDevOps.TeamProject, providerConfig.AzureDevOps.AllBranches)
+		provider, err = scm_provider.NewAzureDevOpsProvider(token, providerConfig.AzureDevOps.Organization, providerConfig.AzureDevOps.API, providerConfig.AzureDevOps.TeamProject, providerConfig.AzureDevOps.AllBranches)
 		if err != nil {
 			return nil, fmt.Errorf("error initializing Azure Devops service: %w", err)
 		}
-	} else if providerConfig.Bitbucket != nil {
-		appPassword, err := utils.GetSecretRef(ctx, g.client, providerConfig.Bitbucket.AppPasswordRef, applicationSetInfo.Namespace)
+	case providerConfig.Bitbucket != nil:
+		appPassword, err := utils.GetSecretRef(ctx, g.client, providerConfig.Bitbucket.AppPasswordRef, applicationSetInfo.Namespace, g.tokenRefStrictMode)
 		if err != nil {
 			return nil, fmt.Errorf("error fetching Bitbucket cloud appPassword: %w", err)
 		}
-		provider, err = scm_provider.NewBitBucketCloudProvider(ctx, providerConfig.Bitbucket.Owner, providerConfig.Bitbucket.User, appPassword, providerConfig.Bitbucket.AllBranches)
+		provider, err = scm_provider.NewBitBucketCloudProvider(providerConfig.Bitbucket.Owner, providerConfig.Bitbucket.User, appPassword, providerConfig.Bitbucket.AllBranches)
 		if err != nil {
 			return nil, fmt.Errorf("error initializing Bitbucket cloud service: %w", err)
 		}
-	} else if providerConfig.AWSCodeCommit != nil {
+	case providerConfig.AWSCodeCommit != nil:
 		var awsErr error
 		provider, awsErr = scm_provider.NewAWSCodeCommitProvider(ctx, providerConfig.AWSCodeCommit.TagFilters, providerConfig.AWSCodeCommit.Role, providerConfig.AWSCodeCommit.Region, providerConfig.AWSCodeCommit.AllBranches)
 		if awsErr != nil {
 			return nil, fmt.Errorf("error initializing AWS codecommit service: %w", awsErr)
 		}
-	} else {
-		return nil, fmt.Errorf("no SCM provider implementation configured")
+	default:
+		return nil, errors.New("no SCM provider implementation configured")
 	}

 	// Find all the available repos.
@@ -232,7 +236,7 @@ func (g *SCMProviderGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha
 	if err != nil {
 		return nil, fmt.Errorf("error listing repos: %w", err)
 	}
-	paramsArray := make([]map[string]interface{}, 0, len(repos))
+	paramsArray := make([]map[string]any, 0, len(repos))
 	var shortSHALength int
 	var shortSHALength7 int
 	for _, repo := range repos {
@@ -246,7 +250,7 @@ func (g *SCMProviderGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha
 			shortSHALength7 = len(repo.SHA)
 		}

-		params := map[string]interface{}{
+		params := map[string]any{
 			"organization":     repo.Organization,
 			"repository":       repo.Repository,
 			"url":              repo.URL,
@@ -283,9 +287,9 @@ func (g *SCMProviderGenerator) githubProvider(ctx context.Context, github *argop
 		)
 	}

-	token, err := utils.GetSecretRef(ctx, g.client, github.TokenRef, applicationSetInfo.Namespace)
+	token, err := utils.GetSecretRef(ctx, g.client, github.TokenRef, applicationSetInfo.Namespace, g.tokenRefStrictMode)
 	if err != nil {
 		return nil, fmt.Errorf("error fetching Github token: %w", err)
 	}
-	return scm_provider.NewGithubProvider(ctx, github.Organization, token, github.API, github.AllBranches)
+	return scm_provider.NewGithubProvider(github.Organization, token, github.API, github.AllBranches)
 }
--- a/applicationset/generators/scm_provider_test.go
+++ b/applicationset/generators/scm_provider_test.go
@@ -7,8 +7,8 @@ import (
 	"github.com/stretchr/testify/require"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"

-	"github.com/argoproj/argo-cd/v2/applicationset/services/scm_provider"
-	argoprojiov1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
+	"github.com/argoproj/argo-cd/v3/applicationset/services/scm_provider"
+	argoprojiov1alpha1 "github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1"
 )

 func TestSCMProviderGenerateParams(t *testing.T) {
@@ -16,7 +16,7 @@ func TestSCMProviderGenerateParams(t *testing.T) {
 		name          string
 		repos         []*scm_provider.Repository
 		values        map[string]string
-		expected      []map[string]interface{}
+		expected      []map[string]any
 		expectedError error
 	}{
 		{
@@ -38,7 +38,7 @@ func TestSCMProviderGenerateParams(t *testing.T) {
 					SHA:          "59d0",
 				},
 			},
-			expected: []map[string]interface{}{
+			expected: []map[string]any{
 				{
 					"organization":     "myorg",
 					"repository":       "repo1",
@@ -79,7 +79,7 @@ func TestSCMProviderGenerateParams(t *testing.T) {
 				"foo":                    "bar",
 				"should_i_force_push_to": "{{ branch }}?",
 			},
-			expected: []map[string]interface{}{
+			expected: []map[string]any{
 				{
 					"organization":                  "myorg",
 					"repository":                    "repo3",
--- a/applicationset/generators/scm_utils.go
+++ b/applicationset/generators/scm_utils.go
@@ -1,5 +1,5 @@
 package generators

-type SCMGeneratorWithCustomApiUrl interface {
+type SCMGeneratorWithCustomApiUrl interface { //nolint:revive //FIXME(var-naming)
 	CustomApiUrl() string
 }
--- a/applicationset/generators/utils.go
+++ b/applicationset/generators/utils.go
@@ -7,18 +7,18 @@ import (
 	"k8s.io/client-go/kubernetes"
 	"sigs.k8s.io/controller-runtime/pkg/client"

-	"github.com/argoproj/argo-cd/v2/applicationset/services"
+	"github.com/argoproj/argo-cd/v3/applicationset/services"
 )

 func GetGenerators(ctx context.Context, c client.Client, k8sClient kubernetes.Interface, namespace string, argoCDService services.Repos, dynamicClient dynamic.Interface, scmConfig SCMConfig) map[string]Generator {
 	terminalGenerators := map[string]Generator{
 		"List":                    NewListGenerator(),
-		"Clusters":                NewClusterGenerator(c, ctx, k8sClient, namespace),
-		"Git":                     NewGitGenerator(argoCDService),
+		"Clusters":                NewClusterGenerator(ctx, c, k8sClient, namespace),
+		"Git":                     NewGitGenerator(argoCDService, namespace),
 		"SCMProvider":             NewSCMProviderGenerator(c, scmConfig),
 		"ClusterDecisionResource": NewDuckTypeGenerator(ctx, dynamicClient, k8sClient, namespace),
 		"PullRequest":             NewPullRequestGenerator(c, scmConfig),
-		"Plugin":                  NewPluginGenerator(c, ctx, k8sClient, namespace),
+		"Plugin":                  NewPluginGenerator(ctx, c, k8sClient, namespace),
 	}

 	nestedGenerators := map[string]Generator{
--- a/applicationset/generators/value_interpolation.go
+++ b/applicationset/generators/value_interpolation.go
@@ -4,11 +4,11 @@ import (
 	"fmt"
 )

-func appendTemplatedValues(values map[string]string, params map[string]interface{}, useGoTemplate bool, goTemplateOptions []string) error {
+func appendTemplatedValues(values map[string]string, params map[string]any, useGoTemplate bool, goTemplateOptions []string) error {
 	// We create a local map to ensure that we do not fall victim to a billion-laughs attack. We iterate through the
 	// cluster values map and only replace values in said map if it has already been allowlisted in the params map.
 	// Once we iterate through all the cluster values we can then safely merge the `tmp` map into the main params map.
-	tmp := map[string]interface{}{}
+	tmp := map[string]any{}

 	for key, value := range values {
 		result, err := replaceTemplatedString(value, params, useGoTemplate, goTemplateOptions)
@@ -22,7 +22,7 @@ func appendTemplatedValues(values map[string]string, params map[string]interface
 			}
 			tmp["values"].(map[string]string)[key] = result
 		} else {
-			tmp[fmt.Sprintf("values.%s", key)] = result
+			tmp["values."+key] = result
 		}
 	}

@@ -33,7 +33,7 @@ func appendTemplatedValues(values map[string]string, params map[string]interface
 	return nil
 }

-func replaceTemplatedString(value string, params map[string]interface{}, useGoTemplate bool, goTemplateOptions []string) (string, error) {
+func replaceTemplatedString(value string, params map[string]any, useGoTemplate bool, goTemplateOptions []string) (string, error) {
 	replacedTmplStr, err := render.Replace(value, params, useGoTemplate, goTemplateOptions)
 	if err != nil {
 		return "", fmt.Errorf("failed to replace templated string with rendered values: %w", err)
--- a/applicationset/generators/value_interpolation_test.go
+++ b/applicationset/generators/value_interpolation_test.go
@@ -11,18 +11,18 @@ func TestValueInterpolation(t *testing.T) {
 	testCases := []struct {
 		name     string
 		values   map[string]string
-		params   map[string]interface{}
-		expected map[string]interface{}
+		params   map[string]any
+		expected map[string]any
 	}{
 		{
 			name: "Simple interpolation",
 			values: map[string]string{
 				"hello": "{{ world }}",
 			},
-			params: map[string]interface{}{
+			params: map[string]any{
 				"world": "world!",
 			},
-			expected: map[string]interface{}{
+			expected: map[string]any{
 				"world":        "world!",
 				"values.hello": "world!",
 			},
@@ -32,8 +32,8 @@ func TestValueInterpolation(t *testing.T) {
 			values: map[string]string{
 				"non-existent": "{{ non-existent }}",
 			},
-			params: map[string]interface{}{},
-			expected: map[string]interface{}{
+			params: map[string]any{},
+			expected: map[string]any{
 				"values.non-existent": "{{ non-existent }}",
 			},
 		},
@@ -44,8 +44,8 @@ func TestValueInterpolation(t *testing.T) {
 				"lol2": "{{values.lol1}}{{values.lol1}}",
 				"lol3": "{{values.lol2}}{{values.lol2}}{{values.lol2}}",
 			},
-			params: map[string]interface{}{},
-			expected: map[string]interface{}{
+			params: map[string]any{},
+			expected: map[string]any{
 				"values.lol1": "lol",
 				"values.lol2": "{{values.lol1}}{{values.lol1}}",
 				"values.lol3": "{{values.lol2}}{{values.lol2}}{{values.lol2}}",
@@ -66,18 +66,18 @@ func TestValueInterpolationWithGoTemplating(t *testing.T) {
 	testCases := []struct {
 		name     string
 		values   map[string]string
-		params   map[string]interface{}
-		expected map[string]interface{}
+		params   map[string]any
+		expected map[string]any
 	}{
 		{
 			name: "Simple interpolation",
 			values: map[string]string{
 				"hello": "{{ .world }}",
 			},
-			params: map[string]interface{}{
+			params: map[string]any{
 				"world": "world!",
 			},
-			expected: map[string]interface{}{
+			expected: map[string]any{
 				"world": "world!",
 				"values": map[string]string{
 					"hello": "world!",
@@ -89,8 +89,8 @@ func TestValueInterpolationWithGoTemplating(t *testing.T) {
 			values: map[string]string{
 				"non_existent": "{{ default \"bar\" .non_existent }}",
 			},
-			params: map[string]interface{}{},
-			expected: map[string]interface{}{
+			params: map[string]any{},
+			expected: map[string]any{
 				"values": map[string]string{
 					"non_existent": "bar",
 				},
@@ -103,8 +103,8 @@ func TestValueInterpolationWithGoTemplating(t *testing.T) {
 				"lol2": "{{.values.lol1}}{{.values.lol1}}",
 				"lol3": "{{.values.lol2}}{{.values.lol2}}{{.values.lol2}}",
 			},
-			params: map[string]interface{}{},
-			expected: map[string]interface{}{
+			params: map[string]any{},
+			expected: map[string]any{
 				"values": map[string]string{
 					"lol1": "lol",
 					"lol2": "<no value><no value>",
--- a/applicationset/metrics/fake.go
+++ b/applicationset/metrics/fake.go
@@ -0,0 +1,21 @@
+package metrics
+
+import (
+	"github.com/prometheus/client_golang/prometheus"
+)
+
+// Fake implementation for testing
+func NewFakeAppsetMetrics() *ApplicationsetMetrics {
+	reconcileHistogram := prometheus.NewHistogramVec(
+		prometheus.HistogramOpts{
+			Name: "argocd_appset_reconcile",
+			Help: "Application reconciliation performance in seconds.",
+			// Buckets can be set later on after observing median time
+		},
+		[]string{"name", "namespace"},
+	)
+
+	return &ApplicationsetMetrics{
+		reconcileHistogram: reconcileHistogram,
+	}
+}
--- a/applicationset/metrics/metrics.go
+++ b/applicationset/metrics/metrics.go
@@ -0,0 +1,136 @@
+package metrics
+
+import (
+	"time"
+
+	"github.com/prometheus/client_golang/prometheus"
+	"k8s.io/apimachinery/pkg/labels"
+	"sigs.k8s.io/controller-runtime/pkg/metrics"
+
+	argoappv1 "github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1"
+	applisters "github.com/argoproj/argo-cd/v3/pkg/client/listers/application/v1alpha1"
+	metricsutil "github.com/argoproj/argo-cd/v3/util/metrics"
+	"github.com/argoproj/argo-cd/v3/util/metrics/kubectl"
+)
+
+var (
+	descAppsetLabels        *prometheus.Desc
+	descAppsetDefaultLabels = []string{"namespace", "name"}
+	descAppsetInfo          = prometheus.NewDesc(
+		"argocd_appset_info",
+		"Information about applicationset",
+		append(descAppsetDefaultLabels, "resource_update_status"),
+		nil,
+	)
+
+	descAppsetGeneratedApps = prometheus.NewDesc(
+		"argocd_appset_owned_applications",
+		"Number of applications owned by the applicationset",
+		descAppsetDefaultLabels,
+		nil,
+	)
+)
+
+type ApplicationsetMetrics struct {
+	reconcileHistogram *prometheus.HistogramVec
+}
+
+type appsetCollector struct {
+	lister applisters.ApplicationSetLister
+	// appsClientSet appclientset.Interface
+	labels []string
+	filter func(appset *argoappv1.ApplicationSet) bool
+}
+
+func NewApplicationsetMetrics(appsetLister applisters.ApplicationSetLister, appsetLabels []string, appsetFilter func(appset *argoappv1.ApplicationSet) bool) ApplicationsetMetrics {
+	reconcileHistogram := prometheus.NewHistogramVec(
+		prometheus.HistogramOpts{
+			Name: "argocd_appset_reconcile",
+			Help: "Application reconciliation performance in seconds.",
+			// Buckets can be set later on after observing median time
+		},
+		descAppsetDefaultLabels,
+	)
+
+	appsetCollector := newAppsetCollector(appsetLister, appsetLabels, appsetFilter)
+
+	// Register collectors and metrics
+	metrics.Registry.MustRegister(reconcileHistogram)
+	metrics.Registry.MustRegister(appsetCollector)
+
+	kubectlMetricsServer := kubectl.NewKubectlMetrics()
+	kubectlMetricsServer.RegisterWithClientGo()
+	kubectl.RegisterWithPrometheus(metrics.Registry)
+
+	return ApplicationsetMetrics{
+		reconcileHistogram: reconcileHistogram,
+	}
+}
+
+func (m *ApplicationsetMetrics) ObserveReconcile(appset *argoappv1.ApplicationSet, duration time.Duration) {
+	m.reconcileHistogram.WithLabelValues(appset.Namespace, appset.Name).Observe(duration.Seconds())
+}
+
+func newAppsetCollector(lister applisters.ApplicationSetLister, labels []string, filter func(appset *argoappv1.ApplicationSet) bool) *appsetCollector {
+	descAppsetDefaultLabels = []string{"namespace", "name"}
+
+	if len(labels) > 0 {
+		descAppsetLabels = prometheus.NewDesc(
+			"argocd_appset_labels",
+			"Applicationset labels translated to Prometheus labels",
+			append(descAppsetDefaultLabels, metricsutil.NormalizeLabels("label", labels)...),
+			nil,
+		)
+	}
+
+	return &appsetCollector{
+		lister: lister,
+		labels: labels,
+		filter: filter,
+	}
+}
+
+// Describe implements the prometheus.Collector interface
+func (c *appsetCollector) Describe(ch chan<- *prometheus.Desc) {
+	ch <- descAppsetInfo
+	ch <- descAppsetGeneratedApps
+
+	if len(c.labels) > 0 {
+		ch <- descAppsetLabels
+	}
+}
+
+// Collect implements the prometheus.Collector interface
+func (c *appsetCollector) Collect(ch chan<- prometheus.Metric) {
+	appsets, _ := c.lister.List(labels.NewSelector())
+
+	for _, appset := range appsets {
+		if c.filter(appset) {
+			collectAppset(appset, c.labels, ch)
+		}
+	}
+}
+
+func collectAppset(appset *argoappv1.ApplicationSet, labelsToCollect []string, ch chan<- prometheus.Metric) {
+	labelValues := make([]string, 0)
+	commonLabelValues := []string{appset.Namespace, appset.Name}
+
+	for _, label := range labelsToCollect {
+		labelValues = append(labelValues, appset.GetLabels()[label])
+	}
+
+	resourceUpdateStatus := "Unknown"
+
+	for _, condition := range appset.Status.Conditions {
+		if condition.Type == argoappv1.ApplicationSetConditionResourcesUpToDate {
+			resourceUpdateStatus = condition.Reason
+		}
+	}
+
+	if len(labelsToCollect) > 0 {
+		ch <- prometheus.MustNewConstMetric(descAppsetLabels, prometheus.GaugeValue, 1, append(commonLabelValues, labelValues...)...)
+	}
+
+	ch <- prometheus.MustNewConstMetric(descAppsetInfo, prometheus.GaugeValue, 1, appset.Namespace, appset.Name, resourceUpdateStatus)
+	ch <- prometheus.MustNewConstMetric(descAppsetGeneratedApps, prometheus.GaugeValue, float64(len(appset.Status.Resources)), appset.Namespace, appset.Name)
+}
--- a/applicationset/metrics/metrics_test.go
+++ b/applicationset/metrics/metrics_test.go
@@ -0,0 +1,252 @@
+package metrics
+
+import (
+	"net/http"
+	"net/http/httptest"
+	"strings"
+	"testing"
+	"time"
+
+	"github.com/prometheus/client_golang/prometheus"
+	"github.com/prometheus/client_golang/prometheus/promhttp"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+	"k8s.io/apimachinery/pkg/runtime"
+	ctrlclient "sigs.k8s.io/controller-runtime/pkg/client"
+	"sigs.k8s.io/controller-runtime/pkg/client/fake"
+	"sigs.k8s.io/controller-runtime/pkg/metrics"
+	"sigs.k8s.io/yaml"
+
+	"github.com/argoproj/argo-cd/v3/applicationset/utils"
+	argoappv1 "github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1"
+	metricsutil "github.com/argoproj/argo-cd/v3/util/metrics"
+)
+
+var (
+	applicationsetNamespaces = []string{"argocd", "test-namespace1"}
+
+	filter = func(appset *argoappv1.ApplicationSet) bool {
+		return utils.IsNamespaceAllowed(applicationsetNamespaces, appset.Namespace)
+	}
+
+	collectedLabels = []string{"included/test"}
+)
+
+const fakeAppsetList = `
+apiVersion: argoproj.io/v1alpha1
+kind: ApplicationSet
+metadata:
+  name: test1
+  namespace: argocd
+  labels:
+    included/test: test
+    not-included.label/test: test
+spec:
+  generators:
+  - git:
+      directories:
+      - path: test/*
+      repoURL: https://github.com/test/test.git
+      revision: HEAD
+  template:
+    metadata:
+      name: '{{.path.basename}}'
+    spec:
+      destination:
+        namespace: '{{.path.basename}}'
+        server: https://kubernetes.default.svc
+      project: default
+      source:
+        path: '{{.path.path}}'
+        repoURL: https://github.com/test/test.git
+        targetRevision: HEAD
+status:
+  resources:
+  - group: argoproj.io
+    health:
+      status: Missing
+    kind: Application
+    name: test-app1
+    namespace: argocd
+    status: OutOfSync
+    version: v1alpha1
+  - group: argoproj.io
+    health:
+      status: Missing
+    kind: Application
+    name: test-app2
+    namespace: argocd
+    status: OutOfSync
+    version: v1alpha1
+  conditions:
+  - lastTransitionTime: "2024-01-01T00:00:00Z"
+    message: Successfully generated parameters for all Applications
+    reason: ApplicationSetUpToDate
+    status: "False"
+    type: ErrorOccurred
+  - lastTransitionTime: "2024-01-01T00:00:00Z"
+    message: Successfully generated parameters for all Applications
+    reason: ParametersGenerated
+    status: "True"
+    type: ParametersGenerated
+  - lastTransitionTime: "2024-01-01T00:00:00Z"
+    message: ApplicationSet up to date
+    reason: ApplicationSetUpToDate
+    status: "True"
+    type: ResourcesUpToDate
+---
+apiVersion: argoproj.io/v1alpha1
+kind: ApplicationSet
+metadata:
+  name: test2
+  namespace: argocd
+  labels:
+    not-included.label/test: test
+spec:
+  generators:
+  - git:
+      directories:
+      - path: test/*
+      repoURL: https://github.com/test/test.git
+      revision: HEAD
+  template:
+    metadata:
+      name: '{{.path.basename}}'
+    spec:
+      destination:
+        namespace: '{{.path.basename}}'
+        server: https://kubernetes.default.svc
+      project: default
+      source:
+        path: '{{.path.path}}'
+        repoURL: https://github.com/test/test.git
+        targetRevision: HEAD
+---
+apiVersion: argoproj.io/v1alpha1
+kind: ApplicationSet
+metadata:
+  name: should-be-filtered-out
+  namespace: not-allowed
+spec:
+  generators:
+  - git:
+      directories:
+      - path: test/*
+      repoURL: https://github.com/test/test.git
+      revision: HEAD
+  template:
+    metadata:
+      name: '{{.path.basename}}'
+    spec:
+      destination:
+        namespace: '{{.path.basename}}'
+        server: https://kubernetes.default.svc
+      project: default
+      source:
+        path: '{{.path.path}}'
+        repoURL: https://github.com/test/test.git
+        targetRevision: HEAD
+`
+
+func newFakeAppsets(fakeAppsetYAML string) []argoappv1.ApplicationSet {
+	var results []argoappv1.ApplicationSet
+
+	appsetRawYamls := strings.Split(fakeAppsetYAML, "---")
+
+	for _, appsetRawYaml := range appsetRawYamls {
+		var appset argoappv1.ApplicationSet
+		err := yaml.Unmarshal([]byte(appsetRawYaml), &appset)
+		if err != nil {
+			panic(err)
+		}
+
+		results = append(results, appset)
+	}
+
+	return results
+}
+
+func TestApplicationsetCollector(t *testing.T) {
+	appsetList := newFakeAppsets(fakeAppsetList)
+	client := initializeClient(appsetList)
+	metrics.Registry = prometheus.NewRegistry()
+
+	appsetCollector := newAppsetCollector(utils.NewAppsetLister(client), collectedLabels, filter)
+
+	metrics.Registry.MustRegister(appsetCollector)
+	req, err := http.NewRequest(http.MethodGet, "/metrics", nil)
+	require.NoError(t, err)
+	rr := httptest.NewRecorder()
+	handler := promhttp.HandlerFor(metrics.Registry, promhttp.HandlerOpts{})
+	handler.ServeHTTP(rr, req)
+
+	assert.Equal(t, http.StatusOK, rr.Code)
+	// Test correct appset_info and owned applications
+	assert.Contains(t, rr.Body.String(), `
+argocd_appset_info{name="test1",namespace="argocd",resource_update_status="ApplicationSetUpToDate"} 1
+`)
+	assert.Contains(t, rr.Body.String(), `
+argocd_appset_owned_applications{name="test1",namespace="argocd"} 2
+`)
+	// Test labels collection - should not include labels not included in the list of collected labels and include the ones that do.
+	assert.Contains(t, rr.Body.String(), `
+argocd_appset_labels{label_included_test="test",name="test1",namespace="argocd"} 1
+`)
+	assert.NotContains(t, rr.Body.String(), normalizeLabel("not-included.label/test"))
+	// If collected label is not present on the applicationset the value should be empty
+	assert.Contains(t, rr.Body.String(), `
+argocd_appset_labels{label_included_test="",name="test2",namespace="argocd"} 1
+`)
+	// If ResourcesUpToDate condition is not present on the applicationset the status should be reported as 'Unknown'
+	assert.Contains(t, rr.Body.String(), `
+argocd_appset_info{name="test2",namespace="argocd",resource_update_status="Unknown"} 1
+`)
+	// If there are no resources on the applicationset the owned application gague should return 0
+	assert.Contains(t, rr.Body.String(), `
+argocd_appset_owned_applications{name="test2",namespace="argocd"} 0
+`)
+	// Test that filter is working
+	assert.NotContains(t, rr.Body.String(), `name="should-be-filtered-out"`)
+}
+
+func TestObserveReconcile(t *testing.T) {
+	appsetList := newFakeAppsets(fakeAppsetList)
+	client := initializeClient(appsetList)
+	metrics.Registry = prometheus.NewRegistry()
+
+	appsetMetrics := NewApplicationsetMetrics(utils.NewAppsetLister(client), collectedLabels, filter)
+
+	req, err := http.NewRequest(http.MethodGet, "/metrics", nil)
+	require.NoError(t, err)
+	rr := httptest.NewRecorder()
+	handler := promhttp.HandlerFor(metrics.Registry, promhttp.HandlerOpts{})
+	appsetMetrics.ObserveReconcile(&appsetList[0], 5*time.Second)
+	handler.ServeHTTP(rr, req)
+	assert.Contains(t, rr.Body.String(), `
+argocd_appset_reconcile_sum{name="test1",namespace="argocd"} 5
+`)
+	// If there are no resources on the applicationset the owned application gague should return 0
+	assert.Contains(t, rr.Body.String(), `
+argocd_appset_reconcile_count{name="test1",namespace="argocd"} 1
+`)
+}
+
+func initializeClient(appsets []argoappv1.ApplicationSet) ctrlclient.WithWatch {
+	scheme := runtime.NewScheme()
+	err := argoappv1.AddToScheme(scheme)
+	if err != nil {
+		panic(err)
+	}
+
+	var clientObjects []ctrlclient.Object
+
+	for _, appset := range appsets {
+		clientObjects = append(clientObjects, appset.DeepCopy())
+	}
+
+	return fake.NewClientBuilder().WithScheme(scheme).WithObjects(clientObjects...).Build()
+}
+
+func normalizeLabel(label string) string {
+	return metricsutil.NormalizeLabels("label", []string{label})[0]
+}
--- a/applicationset/services/internal/github_app/client.go
+++ b/applicationset/services/internal/github_app/client.go
@@ -5,9 +5,9 @@ import (
 	"net/http"

 	"github.com/bradleyfalzon/ghinstallation/v2"
-	"github.com/google/go-github/v63/github"
+	"github.com/google/go-github/v66/github"

-	"github.com/argoproj/argo-cd/v2/applicationset/services/github_app_auth"
+	"github.com/argoproj/argo-cd/v3/applicationset/services/github_app_auth"
 )

 // Client builds a github client for the given app authentication.
--- a/applicationset/services/internal/http/client.go
+++ b/applicationset/services/internal/http/client.go
@@ -65,7 +65,7 @@ func newClient(baseURL string, options ...ClientOptionFunc) (*Client, error) {
 	return c, nil
 }

-func (c *Client) NewRequest(method, path string, body interface{}, options []ClientOptionFunc) (*http.Request, error) {
+func (c *Client) NewRequestWithContext(ctx context.Context, method, path string, body any) (*http.Request, error) {
 	// Make sure the given URL end with a slash
 	if !strings.HasSuffix(c.baseURL, "/") {
 		c.baseURL += "/"
@@ -82,7 +82,7 @@ func (c *Client) NewRequest(method, path string, body interface{}, options []Cli
 		}
 	}

-	req, err := http.NewRequest(method, c.baseURL+path, buf)
+	req, err := http.NewRequestWithContext(ctx, method, c.baseURL+path, buf)
 	if err != nil {
 		return nil, err
 	}
@@ -102,7 +102,7 @@ func (c *Client) NewRequest(method, path string, body interface{}, options []Cli
 	return req, nil
 }

-func (c *Client) Do(ctx context.Context, req *http.Request, v interface{}) (*http.Response, error) {
+func (c *Client) Do(req *http.Request, v any) (*http.Response, error) {
 	resp, err := c.client.Do(req)
 	if err != nil {
 		return nil, err
@@ -134,7 +134,7 @@ func (c *Client) Do(ctx context.Context, req *http.Request, v interface{}) (*htt

 // CheckResponse checks the API response for errors, and returns them if present.
 func CheckResponse(resp *http.Response) error {
-	if c := resp.StatusCode; 200 <= c && c <= 299 {
+	if c := resp.StatusCode; http.StatusOK <= c && c < http.StatusMultipleChoices {
 		return nil
 	}

@@ -143,7 +143,7 @@ func CheckResponse(resp *http.Response) error {
 		return fmt.Errorf("API error with status code %d: %w", resp.StatusCode, err)
 	}

-	var raw map[string]interface{}
+	var raw map[string]any
 	if err := json.Unmarshal(data, &raw); err != nil {
 		return fmt.Errorf("API error with status code %d: %s", resp.StatusCode, string(data))
 	}
--- a/applicationset/services/internal/http/client_test.go
+++ b/applicationset/services/internal/http/client_test.go
@@ -2,7 +2,7 @@ package http

 import (
 	"bytes"
-	"context"
+	"errors"
 	"fmt"
 	"io"
 	"net/http"
@@ -10,10 +10,11 @@ import (
 	"testing"

 	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 )

 func TestClient(t *testing.T) {
-	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) {
 		w.WriteHeader(http.StatusOK)
 		_, err := w.Write([]byte("Hello, World!"))
 		if err != nil {
@@ -24,21 +25,17 @@ func TestClient(t *testing.T) {

 	var clientOptionFns []ClientOptionFunc
 	_, err := NewClient(server.URL, clientOptionFns...)
-	if err != nil {
-		t.Fatalf("Failed to create client: %v", err)
-	}
+	require.NoError(t, err, "Failed to create client")
 }

 func TestClientDo(t *testing.T) {
-	ctx := context.Background()
-
 	for _, c := range []struct {
 		name            string
 		params          map[string]string
 		content         []byte
 		fakeServer      *httptest.Server
 		clientOptionFns []ClientOptionFunc
-		expected        []map[string]interface{}
+		expected        []map[string]any
 		expectedCode    int
 		expectedError   error
 	}{
@@ -48,7 +45,7 @@ func TestClientDo(t *testing.T) {
 				"pkey1": "val1",
 				"pkey2": "val2",
 			},
-			fakeServer: httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			fakeServer: httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) {
 				w.WriteHeader(http.StatusOK)
 				_, err := w.Write([]byte(`[{
 					"key1": "val1",
@@ -65,19 +62,19 @@ func TestClientDo(t *testing.T) {
 				}
 			})),
 			clientOptionFns: nil,
-			expected: []map[string]interface{}{
+			expected: []map[string]any{
 				{
 					"key1": "val1",
-					"key2": map[string]interface{}{
+					"key2": map[string]any{
 						"key2_1": "val2_1",
-						"key2_2": map[string]interface{}{
+						"key2_2": map[string]any{
 							"key2_2_1": "val2_2_1",
 						},
 					},
 					"key3": float64(123),
 				},
 			},
-			expectedCode:  200,
+			expectedCode:  http.StatusOK,
 			expectedError: nil,
 		},
 		{
@@ -108,9 +105,9 @@ func TestClientDo(t *testing.T) {
 				}
 			})),
 			clientOptionFns: nil,
-			expected:        []map[string]interface{}(nil),
-			expectedCode:    401,
-			expectedError:   fmt.Errorf("API error with status code 401: "),
+			expected:        []map[string]any(nil),
+			expectedCode:    http.StatusUnauthorized,
+			expectedError:   errors.New("API error with status code 401: "),
 		},
 	} {
 		cc := c
@@ -118,18 +115,14 @@ func TestClientDo(t *testing.T) {
 			defer cc.fakeServer.Close()

 			client, err := NewClient(cc.fakeServer.URL, cc.clientOptionFns...)
-			if err != nil {
-				t.Fatalf("NewClient returned unexpected error: %v", err)
-			}
+			require.NoError(t, err, "NewClient returned unexpected error")

-			req, err := client.NewRequest("POST", "", cc.params, nil)
-			if err != nil {
-				t.Fatalf("NewRequest returned unexpected error: %v", err)
-			}
+			req, err := client.NewRequestWithContext(t.Context(), http.MethodPost, "", cc.params)
+			require.NoError(t, err, "NewRequest returned unexpected error")

-			var data []map[string]interface{}
+			var data []map[string]any

-			resp, err := client.Do(ctx, req, &data)
+			resp, err := client.Do(req, &data)

 			if cc.expectedError != nil {
 				assert.EqualError(t, err, cc.expectedError.Error())
@@ -149,12 +142,5 @@ func TestCheckResponse(t *testing.T) {
 	}

 	err := CheckResponse(resp)
-	if err == nil {
-		t.Error("Expected an error, got nil")
-	}
-
-	expected := "API error with status code 400: invalid_request"
-	if err.Error() != expected {
-		t.Errorf("Expected error '%s', got '%s'", expected, err.Error())
-	}
+	require.EqualError(t, err, "API error with status code 400: invalid_request")
 }
--- a/applicationset/services/mocks/Repos.go
+++ b/applicationset/services/mocks/Repos.go
@@ -1,4 +1,4 @@
-// Code generated by mockery v2.43.2. DO NOT EDIT.
+// Code generated by mockery v2.52.4. DO NOT EDIT.

 package mocks

@@ -13,9 +13,9 @@ type Repos struct {
 	mock.Mock
 }

-// GetDirectories provides a mock function with given fields: ctx, repoURL, revision, noRevisionCache, verifyCommit
-func (_m *Repos) GetDirectories(ctx context.Context, repoURL string, revision string, noRevisionCache bool, verifyCommit bool) ([]string, error) {
-	ret := _m.Called(ctx, repoURL, revision, noRevisionCache, verifyCommit)
+// GetDirectories provides a mock function with given fields: ctx, repoURL, revision, project, noRevisionCache, verifyCommit
+func (_m *Repos) GetDirectories(ctx context.Context, repoURL string, revision string, project string, noRevisionCache bool, verifyCommit bool) ([]string, error) {
+	ret := _m.Called(ctx, repoURL, revision, project, noRevisionCache, verifyCommit)

 	if len(ret) == 0 {
 		panic("no return value specified for GetDirectories")
@@ -23,19 +23,19 @@ func (_m *Repos) GetDirectories(ctx context.Context, repoURL string, revision st

 	var r0 []string
 	var r1 error
-	if rf, ok := ret.Get(0).(func(context.Context, string, string, bool, bool) ([]string, error)); ok {
-		return rf(ctx, repoURL, revision, noRevisionCache, verifyCommit)
+	if rf, ok := ret.Get(0).(func(context.Context, string, string, string, bool, bool) ([]string, error)); ok {
+		return rf(ctx, repoURL, revision, project, noRevisionCache, verifyCommit)
 	}
-	if rf, ok := ret.Get(0).(func(context.Context, string, string, bool, bool) []string); ok {
-		r0 = rf(ctx, repoURL, revision, noRevisionCache, verifyCommit)
+	if rf, ok := ret.Get(0).(func(context.Context, string, string, string, bool, bool) []string); ok {
+		r0 = rf(ctx, repoURL, revision, project, noRevisionCache, verifyCommit)
 	} else {
 		if ret.Get(0) != nil {
 			r0 = ret.Get(0).([]string)
 		}
 	}

-	if rf, ok := ret.Get(1).(func(context.Context, string, string, bool, bool) error); ok {
-		r1 = rf(ctx, repoURL, revision, noRevisionCache, verifyCommit)
+	if rf, ok := ret.Get(1).(func(context.Context, string, string, string, bool, bool) error); ok {
+		r1 = rf(ctx, repoURL, revision, project, noRevisionCache, verifyCommit)
 	} else {
 		r1 = ret.Error(1)
 	}
@@ -43,9 +43,9 @@ func (_m *Repos) GetDirectories(ctx context.Context, repoURL string, revision st
 	return r0, r1
 }

-// GetFiles provides a mock function with given fields: ctx, repoURL, revision, pattern, noRevisionCache, verifyCommit
-func (_m *Repos) GetFiles(ctx context.Context, repoURL string, revision string, pattern string, noRevisionCache bool, verifyCommit bool) (map[string][]byte, error) {
-	ret := _m.Called(ctx, repoURL, revision, pattern, noRevisionCache, verifyCommit)
+// GetFiles provides a mock function with given fields: ctx, repoURL, revision, project, pattern, noRevisionCache, verifyCommit
+func (_m *Repos) GetFiles(ctx context.Context, repoURL string, revision string, project string, pattern string, noRevisionCache bool, verifyCommit bool) (map[string][]byte, error) {
+	ret := _m.Called(ctx, repoURL, revision, project, pattern, noRevisionCache, verifyCommit)

 	if len(ret) == 0 {
 		panic("no return value specified for GetFiles")
@@ -53,19 +53,19 @@ func (_m *Repos) GetFiles(ctx context.Context, repoURL string, revision string,

 	var r0 map[string][]byte
 	var r1 error
-	if rf, ok := ret.Get(0).(func(context.Context, string, string, string, bool, bool) (map[string][]byte, error)); ok {
-		return rf(ctx, repoURL, revision, pattern, noRevisionCache, verifyCommit)
+	if rf, ok := ret.Get(0).(func(context.Context, string, string, string, string, bool, bool) (map[string][]byte, error)); ok {
+		return rf(ctx, repoURL, revision, project, pattern, noRevisionCache, verifyCommit)
 	}
-	if rf, ok := ret.Get(0).(func(context.Context, string, string, string, bool, bool) map[string][]byte); ok {
-		r0 = rf(ctx, repoURL, revision, pattern, noRevisionCache, verifyCommit)
+	if rf, ok := ret.Get(0).(func(context.Context, string, string, string, string, bool, bool) map[string][]byte); ok {
+		r0 = rf(ctx, repoURL, revision, project, pattern, noRevisionCache, verifyCommit)
 	} else {
 		if ret.Get(0) != nil {
 			r0 = ret.Get(0).(map[string][]byte)
 		}
 	}

-	if rf, ok := ret.Get(1).(func(context.Context, string, string, string, bool, bool) error); ok {
-		r1 = rf(ctx, repoURL, revision, pattern, noRevisionCache, verifyCommit)
+	if rf, ok := ret.Get(1).(func(context.Context, string, string, string, string, bool, bool) error); ok {
+		r1 = rf(ctx, repoURL, revision, project, pattern, noRevisionCache, verifyCommit)
 	} else {
 		r1 = ret.Error(1)
 	}
--- a/applicationset/services/plugin/plugin_service.go
+++ b/applicationset/services/plugin/plugin_service.go
@@ -5,8 +5,8 @@ import (
 	"fmt"
 	"net/http"

-	internalhttp "github.com/argoproj/argo-cd/v2/applicationset/services/internal/http"
-	"github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
+	internalhttp "github.com/argoproj/argo-cd/v3/applicationset/services/internal/http"
+	"github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1"
 )

 // ServiceRequest is the request object sent to the plugin service.
@@ -20,7 +20,7 @@ type ServiceRequest struct {

 type Output struct {
 	// Parameters is the list of parameter sets returned by the plugin.
-	Parameters []map[string]interface{} `json:"parameters"`
+	Parameters []map[string]any `json:"parameters"`
 }

 // ServiceResponse is the response object returned by the plugin service.
@@ -34,7 +34,7 @@ type Service struct {
 	appSetName string
 }

-func NewPluginService(ctx context.Context, appSetName string, baseURL string, token string, requestTimeout int) (*Service, error) {
+func NewPluginService(appSetName string, baseURL string, token string, requestTimeout int) (*Service, error) {
 	var clientOptionFns []internalhttp.ClientOptionFunc

 	clientOptionFns = append(clientOptionFns, internalhttp.WithToken(token))
@@ -55,14 +55,14 @@ func NewPluginService(ctx context.Context, appSetName string, baseURL string, to
 }

 func (p *Service) List(ctx context.Context, parameters v1alpha1.PluginParameters) (*ServiceResponse, error) {
-	req, err := p.client.NewRequest(http.MethodPost, "api/v1/getparams.execute", ServiceRequest{ApplicationSetName: p.appSetName, Input: v1alpha1.PluginInput{Parameters: parameters}}, nil)
+	req, err := p.client.NewRequestWithContext(ctx, http.MethodPost, "api/v1/getparams.execute", ServiceRequest{ApplicationSetName: p.appSetName, Input: v1alpha1.PluginInput{Parameters: parameters}})
 	if err != nil {
 		return nil, fmt.Errorf("NewRequest returned unexpected error: %w", err)
 	}

 	var data ServiceResponse

-	_, err = p.client.Do(ctx, req, &data)
+	_, err = p.client.Do(req, &data)
 	if err != nil {
 		return nil, fmt.Errorf("error get api '%s': %w", p.appSetName, err)
 	}
--- a/applicationset/services/plugin/plugin_service_test.go
+++ b/applicationset/services/plugin/plugin_service_test.go
@@ -1,7 +1,6 @@
 package plugin

 import (
-	"context"
 	"encoding/json"
 	"fmt"
 	"net/http"
@@ -9,6 +8,7 @@ import (
 	"testing"

 	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 )

 func TestPlugin(t *testing.T) {
@@ -30,20 +30,14 @@ func TestPlugin(t *testing.T) {
 	ts := httptest.NewServer(handler)
 	defer ts.Close()

-	client, err := NewPluginService(context.Background(), "plugin-test", ts.URL, token, 0)
-	if err != nil {
-		t.Errorf("unexpected error: %v", err)
-	}
+	client, err := NewPluginService("plugin-test", ts.URL, token, 0)
+	require.NoError(t, err)

-	data, err := client.List(context.Background(), nil)
-	if err != nil {
-		t.Errorf("unexpected error: %v", err)
-	}
+	data, err := client.List(t.Context(), nil)
+	require.NoError(t, err)

 	var expectedData ServiceResponse
 	err = json.Unmarshal([]byte(expectedJSON), &expectedData)
-	if err != nil {
-		t.Fatal(err)
-	}
+	require.NoError(t, err)
 	assert.Equal(t, &expectedData, data)
 }
--- a/applicationset/services/plugin/utils.go
+++ b/applicationset/services/plugin/utils.go
@@ -1,10 +1,9 @@
 package plugin

 import (
-	"fmt"
 	"strings"

-	"github.com/argoproj/argo-cd/v2/common"
+	"github.com/argoproj/argo-cd/v3/common"
 )

 // ParseSecretKey retrieves secret appSetName if different from common ArgoCDSecretName.
@@ -12,7 +11,7 @@ func ParseSecretKey(key string) (secretName string, tokenKey string) {
 	if strings.Contains(key, ":") {
 		parts := strings.Split(key, ":")
 		secretName = parts[0][1:]
-		tokenKey = fmt.Sprintf("$%s", parts[1])
+		tokenKey = "$" + parts[1]
 	} else {
 		secretName = common.ArgoCDSecretName
 		tokenKey = key
--- a/applicationset/services/pull_request/azure_devops.go
+++ b/applicationset/services/pull_request/azure_devops.go
@@ -6,8 +6,8 @@ import (
 	"strings"

 	"github.com/microsoft/azure-devops-go-api/azuredevops"
-	core "github.com/microsoft/azure-devops-go-api/azuredevops/core"
-	git "github.com/microsoft/azure-devops-go-api/azuredevops/git"
+	"github.com/microsoft/azure-devops-go-api/azuredevops/core"
+	"github.com/microsoft/azure-devops-go-api/azuredevops/git"
 )

 const AZURE_DEVOPS_DEFAULT_URL = "https://dev.azure.com"
@@ -41,14 +41,14 @@ var (
 	_ AzureDevOpsClientFactory = &devopsFactoryImpl{}
 )

-func NewAzureDevOpsService(ctx context.Context, token, url, organization, project, repo string, labels []string) (PullRequestService, error) {
-	organizationUrl := buildURL(url, organization)
+func NewAzureDevOpsService(token, url, organization, project, repo string, labels []string) (PullRequestService, error) {
+	organizationURL := buildURL(url, organization)

 	var connection *azuredevops.Connection
 	if token == "" {
-		connection = azuredevops.NewAnonymousConnection(organizationUrl)
+		connection = azuredevops.NewAnonymousConnection(organizationURL)
 	} else {
-		connection = azuredevops.NewPatConnection(organizationUrl, token)
+		connection = azuredevops.NewPatConnection(organizationURL, token)
 	}

 	return &AzureDevOpsService{
@@ -82,6 +82,7 @@ func (a *AzureDevOpsService) List(ctx context.Context) ([]*PullRequest, error) {
 			pr.Repository.Name == nil ||
 			pr.PullRequestId == nil ||
 			pr.SourceRefName == nil ||
+			pr.TargetRefName == nil ||
 			pr.LastMergeSourceCommit == nil ||
 			pr.LastMergeSourceCommit.CommitId == nil {
 			continue
@@ -94,12 +95,13 @@ func (a *AzureDevOpsService) List(ctx context.Context) ([]*PullRequest, error) {

 		if *pr.Repository.Name == a.repo {
 			pullRequests = append(pullRequests, &PullRequest{
-				Number:  *pr.PullRequestId,
-				Title:   *pr.Title,
-				Branch:  strings.Replace(*pr.SourceRefName, "refs/heads/", "", 1),
-				HeadSHA: *pr.LastMergeSourceCommit.CommitId,
-				Labels:  azureDevOpsLabels,
-				Author:  strings.Split(*pr.CreatedBy.UniqueName, "@")[0], // Get the part before the @ in the email-address
+				Number:       *pr.PullRequestId,
+				Title:        *pr.Title,
+				Branch:       strings.Replace(*pr.SourceRefName, "refs/heads/", "", 1),
+				TargetBranch: strings.Replace(*pr.TargetRefName, "refs/heads/", "", 1),
+				HeadSHA:      *pr.LastMergeSourceCommit.CommitId,
+				Labels:       azureDevOpsLabels,
+				Author:       strings.Split(*pr.CreatedBy.UniqueName, "@")[0], // Get the part before the @ in the email-address
 			})
 		}
 	}
--- a/applicationset/services/pull_request/azure_devops_test.go
+++ b/applicationset/services/pull_request/azure_devops_test.go
@@ -7,12 +7,12 @@ import (
 	"github.com/microsoft/azure-devops-go-api/azuredevops/webapi"

 	"github.com/microsoft/azure-devops-go-api/azuredevops/core"
-	git "github.com/microsoft/azure-devops-go-api/azuredevops/git"
+	"github.com/microsoft/azure-devops-go-api/azuredevops/git"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/mock"
 	"github.com/stretchr/testify/require"

-	azureMock "github.com/argoproj/argo-cd/v2/applicationset/services/scm_provider/azure_devops/git/mocks"
+	azureMock "github.com/argoproj/argo-cd/v3/applicationset/services/scm_provider/azure_devops/git/mocks"
 )

 func createBoolPtr(x bool) *bool {
@@ -61,19 +61,20 @@ func (m *AzureClientFactoryMock) GetClient(ctx context.Context) (git.Client, err
 func TestListPullRequest(t *testing.T) {
 	teamProject := "myorg_project"
 	repoName := "myorg_project_repo"
-	pr_id := 123
-	pr_title := "feat(123)"
-	pr_head_sha := "cd4973d9d14a08ffe6b641a89a68891d6aac8056"
-	ctx := context.Background()
+	prID := 123
+	prTitle := "feat(123)"
+	prHeadSha := "cd4973d9d14a08ffe6b641a89a68891d6aac8056"
+	ctx := t.Context()
 	uniqueName := "testName"

 	pullRequestMock := []git.GitPullRequest{
 		{
-			PullRequestId: createIntPtr(pr_id),
-			Title:         createStringPtr(pr_title),
+			PullRequestId: createIntPtr(prID),
+			Title:         createStringPtr(prTitle),
 			SourceRefName: createStringPtr("refs/heads/feature-branch"),
+			TargetRefName: createStringPtr("refs/heads/main"),
 			LastMergeSourceCommit: &git.GitCommitRef{
-				CommitId: createStringPtr(pr_head_sha),
+				CommitId: createStringPtr(prHeadSha),
 			},
 			Labels: &[]core.WebApiTagDefinition{},
 			Repository: &git.GitRepository{
@@ -106,9 +107,10 @@ func TestListPullRequest(t *testing.T) {
 	require.NoError(t, err)
 	assert.Len(t, list, 1)
 	assert.Equal(t, "feature-branch", list[0].Branch)
-	assert.Equal(t, pr_head_sha, list[0].HeadSHA)
+	assert.Equal(t, "main", list[0].TargetBranch)
+	assert.Equal(t, prHeadSha, list[0].HeadSHA)
 	assert.Equal(t, "feat(123)", list[0].Title)
-	assert.Equal(t, pr_id, list[0].Number)
+	assert.Equal(t, prID, list[0].Number)
 	assert.Equal(t, uniqueName, list[0].Author)
 }

--- a/applicationset/services/pull_request/bitbucket_cloud.go
+++ b/applicationset/services/pull_request/bitbucket_cloud.go
@@ -3,6 +3,7 @@ package pull_request
 import (
 	"context"
 	"encoding/json"
+	"errors"
 	"fmt"
 	"net/url"

@@ -19,7 +20,7 @@ type BitbucketCloudPullRequest struct {
 	ID     int                             `json:"id"`
 	Title  string                          `json:"title"`
 	Source BitbucketCloudPullRequestSource `json:"source"`
-	Author string                          `json:"author"`
+	Author BitbucketCloudPullRequestAuthor `json:"author"`
 }

 type BitbucketCloudPullRequestSource struct {
@@ -35,6 +36,11 @@ type BitbucketCloudPullRequestSourceCommit struct {
 	Hash string `json:"hash"`
 }

+// Also have display_name and uuid, but don't plan to use them.
+type BitbucketCloudPullRequestAuthor struct {
+	Nickname string `json:"nickname"`
+}
+
 type PullRequestResponse struct {
 	Page     int32         `json:"page"`
 	Size     int32         `json:"size"`
@@ -46,7 +52,7 @@ type PullRequestResponse struct {

 var _ PullRequestService = (*BitbucketCloudService)(nil)

-func parseUrl(uri string) (*url.URL, error) {
+func parseURL(uri string) (*url.URL, error) {
 	if uri == "" {
 		uri = "https://api.bitbucket.org/2.0"
 	}
@@ -59,10 +65,10 @@ func parseUrl(uri string) (*url.URL, error) {
 	return url, nil
 }

-func NewBitbucketCloudServiceBasicAuth(baseUrl, username, password, owner, repositorySlug string) (PullRequestService, error) {
-	url, err := parseUrl(baseUrl)
+func NewBitbucketCloudServiceBasicAuth(baseURL, username, password, owner, repositorySlug string) (PullRequestService, error) {
+	url, err := parseURL(baseURL)
 	if err != nil {
-		return nil, fmt.Errorf("error parsing base url of %s for %s/%s: %w", baseUrl, owner, repositorySlug, err)
+		return nil, fmt.Errorf("error parsing base url of %s for %s/%s: %w", baseURL, owner, repositorySlug, err)
 	}

 	bitbucketClient := bitbucket.NewBasicAuth(username, password)
@@ -75,10 +81,10 @@ func NewBitbucketCloudServiceBasicAuth(baseUrl, username, password, owner, repos
 	}, nil
 }

-func NewBitbucketCloudServiceBearerToken(baseUrl, bearerToken, owner, repositorySlug string) (PullRequestService, error) {
-	url, err := parseUrl(baseUrl)
+func NewBitbucketCloudServiceBearerToken(baseURL, bearerToken, owner, repositorySlug string) (PullRequestService, error) {
+	url, err := parseURL(baseURL)
 	if err != nil {
-		return nil, fmt.Errorf("error parsing base url of %s for %s/%s: %w", baseUrl, owner, repositorySlug, err)
+		return nil, fmt.Errorf("error parsing base url of %s for %s/%s: %w", baseURL, owner, repositorySlug, err)
 	}

 	bitbucketClient := bitbucket.NewOAuthbearerToken(bearerToken)
@@ -91,9 +97,9 @@ func NewBitbucketCloudServiceBearerToken(baseUrl, bearerToken, owner, repository
 	}, nil
 }

-func NewBitbucketCloudServiceNoAuth(baseUrl, owner, repositorySlug string) (PullRequestService, error) {
+func NewBitbucketCloudServiceNoAuth(baseURL, owner, repositorySlug string) (PullRequestService, error) {
 	// There is currently no method to explicitly not require auth
-	return NewBitbucketCloudServiceBearerToken(baseUrl, "", owner, repositorySlug)
+	return NewBitbucketCloudServiceBearerToken(baseURL, "", owner, repositorySlug)
 }

 func (b *BitbucketCloudService) List(_ context.Context) ([]*PullRequest, error) {
@@ -107,14 +113,14 @@ func (b *BitbucketCloudService) List(_ context.Context) ([]*PullRequest, error)
 		return nil, fmt.Errorf("error listing pull requests for %s/%s: %w", b.owner, b.repositorySlug, err)
 	}

-	resp, ok := response.(map[string]interface{})
+	resp, ok := response.(map[string]any)
 	if !ok {
-		return nil, fmt.Errorf("unknown type returned from bitbucket pull requests")
+		return nil, errors.New("unknown type returned from bitbucket pull requests")
 	}

-	repoArray, ok := resp["values"].([]interface{})
+	repoArray, ok := resp["values"].([]any)
 	if !ok {
-		return nil, fmt.Errorf("unknown type returned from response values")
+		return nil, errors.New("unknown type returned from response values")
 	}

 	jsonStr, err := json.Marshal(repoArray)
@@ -134,7 +140,7 @@ func (b *BitbucketCloudService) List(_ context.Context) ([]*PullRequest, error)
 			Title:   pull.Title,
 			Branch:  pull.Source.Branch.Name,
 			HeadSHA: pull.Source.Commit.Hash,
-			Author:  pull.Author,
+			Author:  pull.Author.Nickname,
 		})
 	}

--- a/applicationset/services/pull_request/bitbucket_cloud_test.go
+++ b/applicationset/services/pull_request/bitbucket_cloud_test.go
@@ -1,7 +1,6 @@
 package pull_request

 import (
-	"context"
 	"fmt"
 	"io"
 	"net/http"
@@ -11,10 +10,11 @@ import (
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"

-	"github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
+	"github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1"
 )

 func defaultHandlerCloud(t *testing.T) func(http.ResponseWriter, *http.Request) {
+	t.Helper()
 	return func(w http.ResponseWriter, r *http.Request) {
 		w.Header().Set("Content-Type", "application/json")
 		var err error
@@ -37,7 +37,9 @@ func defaultHandlerCloud(t *testing.T) func(http.ResponseWriter, *http.Request)
 									"hash": "1a8dd249c04a"
 								}
 							},
-							"author": "testName"
+							"author": {
+								"nickname": "testName"
+							}
 						}
 					]
 				}`)
@@ -51,11 +53,11 @@ func defaultHandlerCloud(t *testing.T) func(http.ResponseWriter, *http.Request)
 }

 func TestParseUrlEmptyUrl(t *testing.T) {
-	url, err := parseUrl("")
-	bitbucketUrl, _ := url.Parse("https://api.bitbucket.org/2.0")
+	url, err := parseURL("")
+	bitbucketURL, _ := url.Parse("https://api.bitbucket.org/2.0")

 	require.NoError(t, err)
-	assert.Equal(t, bitbucketUrl, url)
+	assert.Equal(t, bitbucketURL, url)
 }

 func TestInvalidBaseUrlBasicAuthCloud(t *testing.T) {
@@ -84,7 +86,7 @@ func TestListPullRequestBearerTokenCloud(t *testing.T) {
 	defer ts.Close()
 	svc, err := NewBitbucketCloudServiceBearerToken(ts.URL, "TOKEN", "OWNER", "REPO")
 	require.NoError(t, err)
-	pullRequests, err := ListPullRequests(context.Background(), svc, []v1alpha1.PullRequestGeneratorFilter{})
+	pullRequests, err := ListPullRequests(t.Context(), svc, []v1alpha1.PullRequestGeneratorFilter{})
 	require.NoError(t, err)
 	assert.Len(t, pullRequests, 1)
 	assert.Equal(t, 101, pullRequests[0].Number)
@@ -102,7 +104,7 @@ func TestListPullRequestNoAuthCloud(t *testing.T) {
 	defer ts.Close()
 	svc, err := NewBitbucketCloudServiceNoAuth(ts.URL, "OWNER", "REPO")
 	require.NoError(t, err)
-	pullRequests, err := ListPullRequests(context.Background(), svc, []v1alpha1.PullRequestGeneratorFilter{})
+	pullRequests, err := ListPullRequests(t.Context(), svc, []v1alpha1.PullRequestGeneratorFilter{})
 	require.NoError(t, err)
 	assert.Len(t, pullRequests, 1)
 	assert.Equal(t, 101, pullRequests[0].Number)
@@ -120,7 +122,7 @@ func TestListPullRequestBasicAuthCloud(t *testing.T) {
 	defer ts.Close()
 	svc, err := NewBitbucketCloudServiceBasicAuth(ts.URL, "user", "password", "OWNER", "REPO")
 	require.NoError(t, err)
-	pullRequests, err := ListPullRequests(context.Background(), svc, []v1alpha1.PullRequestGeneratorFilter{})
+	pullRequests, err := ListPullRequests(t.Context(), svc, []v1alpha1.PullRequestGeneratorFilter{})
 	require.NoError(t, err)
 	assert.Len(t, pullRequests, 1)
 	assert.Equal(t, 101, pullRequests[0].Number)
@@ -154,7 +156,9 @@ func TestListPullRequestPaginationCloud(t *testing.T) {
 								"hash": "1a8dd249c04a"
 							}
 						},
-						"author": "testName"
+						"author": {
+							"nickname": "testName"
+						}
 					},
 					{
 						"id": 102,
@@ -168,7 +172,9 @@ func TestListPullRequestPaginationCloud(t *testing.T) {
 								"hash": "4cf807e67a6d"
 							}
 						},
-                        "author": "testName"
+						"author": {
+							"nickname": "testName"
+						}
 					}
 				]
 			}`, r.Host))
@@ -191,7 +197,9 @@ func TestListPullRequestPaginationCloud(t *testing.T) {
 								"hash": "6344d9623e3b"
 							}
 						},
-						"author": "testName"
+						"author": {
+							"nickname": "testName"
+						}
 					}
 				]
 			}`, r.Host))
@@ -205,7 +213,7 @@ func TestListPullRequestPaginationCloud(t *testing.T) {
 	defer ts.Close()
 	svc, err := NewBitbucketCloudServiceNoAuth(ts.URL, "OWNER", "REPO")
 	require.NoError(t, err)
-	pullRequests, err := ListPullRequests(context.Background(), svc, []v1alpha1.PullRequestGeneratorFilter{})
+	pullRequests, err := ListPullRequests(t.Context(), svc, []v1alpha1.PullRequestGeneratorFilter{})
 	require.NoError(t, err)
 	assert.Len(t, pullRequests, 3)
 	assert.Equal(t, PullRequest{
@@ -232,12 +240,12 @@ func TestListPullRequestPaginationCloud(t *testing.T) {
 }

 func TestListResponseErrorCloud(t *testing.T) {
-	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		w.WriteHeader(500)
+	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) {
+		w.WriteHeader(http.StatusInternalServerError)
 	}))
 	defer ts.Close()
 	svc, _ := NewBitbucketCloudServiceNoAuth(ts.URL, "OWNER", "REPO")
-	_, err := ListPullRequests(context.Background(), svc, []v1alpha1.PullRequestGeneratorFilter{})
+	_, err := ListPullRequests(t.Context(), svc, []v1alpha1.PullRequestGeneratorFilter{})
 	require.Error(t, err)
 }

@@ -261,7 +269,7 @@ func TestListResponseMalformedCloud(t *testing.T) {
 	}))
 	defer ts.Close()
 	svc, _ := NewBitbucketCloudServiceNoAuth(ts.URL, "OWNER", "REPO")
-	_, err := ListPullRequests(context.Background(), svc, []v1alpha1.PullRequestGeneratorFilter{})
+	_, err := ListPullRequests(t.Context(), svc, []v1alpha1.PullRequestGeneratorFilter{})
 	require.Error(t, err)
 }

@@ -285,7 +293,7 @@ func TestListResponseMalformedValuesCloud(t *testing.T) {
 	}))
 	defer ts.Close()
 	svc, _ := NewBitbucketCloudServiceNoAuth(ts.URL, "OWNER", "REPO")
-	_, err := ListPullRequests(context.Background(), svc, []v1alpha1.PullRequestGeneratorFilter{})
+	_, err := ListPullRequests(t.Context(), svc, []v1alpha1.PullRequestGeneratorFilter{})
 	require.Error(t, err)
 }

@@ -310,7 +318,7 @@ func TestListResponseEmptyCloud(t *testing.T) {
 	defer ts.Close()
 	svc, err := NewBitbucketCloudServiceNoAuth(ts.URL, "OWNER", "REPO")
 	require.NoError(t, err)
-	pullRequests, err := ListPullRequests(context.Background(), svc, []v1alpha1.PullRequestGeneratorFilter{})
+	pullRequests, err := ListPullRequests(t.Context(), svc, []v1alpha1.PullRequestGeneratorFilter{})
 	require.NoError(t, err)
 	assert.Empty(t, pullRequests)
 }
@@ -339,7 +347,9 @@ func TestListPullRequestBranchMatchCloud(t *testing.T) {
 								"hash": "1a8dd249c04a"
 							}
 						},
-						"author": "testName"
+						"author": {
+							"nickname": "testName"
+						}
 					},
 					{
 						"id": 200,
@@ -353,7 +363,9 @@ func TestListPullRequestBranchMatchCloud(t *testing.T) {
 								"hash": "4cf807e67a6d"
 							}
 						},
-						"author": "testName"
+						"author": {
+							"nickname": "testName"
+						}
 					}
 				]
 			}`, r.Host))
@@ -376,7 +388,9 @@ func TestListPullRequestBranchMatchCloud(t *testing.T) {
 								"hash": "6344d9623e3b"
 							}
 						},
-						"author": "testName"
+						"author": {
+							"nickname": "testName"
+						}
 					}
 				]
 			}`, r.Host))
@@ -391,7 +405,7 @@ func TestListPullRequestBranchMatchCloud(t *testing.T) {
 	regexp := `feature-1[\d]{2}`
 	svc, err := NewBitbucketCloudServiceNoAuth(ts.URL, "OWNER", "REPO")
 	require.NoError(t, err)
-	pullRequests, err := ListPullRequests(context.Background(), svc, []v1alpha1.PullRequestGeneratorFilter{
+	pullRequests, err := ListPullRequests(t.Context(), svc, []v1alpha1.PullRequestGeneratorFilter{
 		{
 			BranchMatch: &regexp,
 		},
@@ -416,7 +430,7 @@ func TestListPullRequestBranchMatchCloud(t *testing.T) {
 	regexp = `.*2$`
 	svc, err = NewBitbucketCloudServiceNoAuth(ts.URL, "OWNER", "REPO")
 	require.NoError(t, err)
-	pullRequests, err = ListPullRequests(context.Background(), svc, []v1alpha1.PullRequestGeneratorFilter{
+	pullRequests, err = ListPullRequests(t.Context(), svc, []v1alpha1.PullRequestGeneratorFilter{
 		{
 			BranchMatch: &regexp,
 		},
@@ -434,7 +448,7 @@ func TestListPullRequestBranchMatchCloud(t *testing.T) {
 	regexp = `[\d{2}`
 	svc, err = NewBitbucketCloudServiceNoAuth(ts.URL, "OWNER", "REPO")
 	require.NoError(t, err)
-	_, err = ListPullRequests(context.Background(), svc, []v1alpha1.PullRequestGeneratorFilter{
+	_, err = ListPullRequests(t.Context(), svc, []v1alpha1.PullRequestGeneratorFilter{
 		{
 			BranchMatch: &regexp,
 		},
--- a/applicationset/services/pull_request/bitbucket_server.go
+++ b/applicationset/services/pull_request/bitbucket_server.go
@@ -8,7 +8,7 @@ import (
 	bitbucketv1 "github.com/gfleury/go-bitbucket-v1"
 	log "github.com/sirupsen/logrus"

-	"github.com/argoproj/argo-cd/v2/applicationset/utils"
+	"github.com/argoproj/argo-cd/v3/applicationset/utils"
 )

 type BitbucketService struct {
@@ -64,7 +64,7 @@ func newBitbucketService(ctx context.Context, bitbucketConfig *bitbucketv1.Confi
 }

 func (b *BitbucketService) List(_ context.Context) ([]*PullRequest, error) {
-	paged := map[string]interface{}{
+	paged := map[string]any{
 		"limit": 100,
 	}

--- a/applicationset/services/pull_request/bitbucket_server_test.go
+++ b/applicationset/services/pull_request/bitbucket_server_test.go
@@ -1,7 +1,6 @@
 package pull_request

 import (
-	"context"
 	"crypto/x509"
 	"encoding/pem"
 	"io"
@@ -12,10 +11,11 @@ import (
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"

-	"github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
+	"github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1"
 )

 func defaultHandler(t *testing.T) func(http.ResponseWriter, *http.Request) {
+	t.Helper()
 	return func(w http.ResponseWriter, r *http.Request) {
 		w.Header().Set("Content-Type", "application/json")
 		var err error
@@ -63,9 +63,9 @@ func TestListPullRequestNoAuth(t *testing.T) {
 		defaultHandler(t)(w, r)
 	}))
 	defer ts.Close()
-	svc, err := NewBitbucketServiceNoAuth(context.Background(), ts.URL, "PROJECT", "REPO", "", false, nil)
+	svc, err := NewBitbucketServiceNoAuth(t.Context(), ts.URL, "PROJECT", "REPO", "", false, nil)
 	require.NoError(t, err)
-	pullRequests, err := ListPullRequests(context.Background(), svc, []v1alpha1.PullRequestGeneratorFilter{})
+	pullRequests, err := ListPullRequests(t.Context(), svc, []v1alpha1.PullRequestGeneratorFilter{})
 	require.NoError(t, err)
 	assert.Len(t, pullRequests, 1)
 	assert.Equal(t, 101, pullRequests[0].Number)
@@ -164,9 +164,9 @@ func TestListPullRequestPagination(t *testing.T) {
 		}
 	}))
 	defer ts.Close()
-	svc, err := NewBitbucketServiceNoAuth(context.Background(), ts.URL, "PROJECT", "REPO", "", false, nil)
+	svc, err := NewBitbucketServiceNoAuth(t.Context(), ts.URL, "PROJECT", "REPO", "", false, nil)
 	require.NoError(t, err)
-	pullRequests, err := ListPullRequests(context.Background(), svc, []v1alpha1.PullRequestGeneratorFilter{})
+	pullRequests, err := ListPullRequests(t.Context(), svc, []v1alpha1.PullRequestGeneratorFilter{})
 	require.NoError(t, err)
 	assert.Len(t, pullRequests, 3)
 	assert.Equal(t, PullRequest{
@@ -206,9 +206,9 @@ func TestListPullRequestBasicAuth(t *testing.T) {
 		defaultHandler(t)(w, r)
 	}))
 	defer ts.Close()
-	svc, err := NewBitbucketServiceBasicAuth(context.Background(), "user", "password", ts.URL, "PROJECT", "REPO", "", false, nil)
+	svc, err := NewBitbucketServiceBasicAuth(t.Context(), "user", "password", ts.URL, "PROJECT", "REPO", "", false, nil)
 	require.NoError(t, err)
-	pullRequests, err := ListPullRequests(context.Background(), svc, []v1alpha1.PullRequestGeneratorFilter{})
+	pullRequests, err := ListPullRequests(t.Context(), svc, []v1alpha1.PullRequestGeneratorFilter{})
 	require.NoError(t, err)
 	assert.Len(t, pullRequests, 1)
 	assert.Equal(t, 101, pullRequests[0].Number)
@@ -223,9 +223,9 @@ func TestListPullRequestBearerAuth(t *testing.T) {
 		defaultHandler(t)(w, r)
 	}))
 	defer ts.Close()
-	svc, err := NewBitbucketServiceBearerToken(context.Background(), "tolkien", ts.URL, "PROJECT", "REPO", "", false, nil)
+	svc, err := NewBitbucketServiceBearerToken(t.Context(), "tolkien", ts.URL, "PROJECT", "REPO", "", false, nil)
 	require.NoError(t, err)
-	pullRequests, err := ListPullRequests(context.Background(), svc, []v1alpha1.PullRequestGeneratorFilter{})
+	pullRequests, err := ListPullRequests(t.Context(), svc, []v1alpha1.PullRequestGeneratorFilter{})
 	require.NoError(t, err)
 	assert.Len(t, pullRequests, 1)
 	assert.Equal(t, 101, pullRequests[0].Number)
@@ -276,7 +276,7 @@ func TestListPullRequestTLS(t *testing.T) {
 			defer ts.Close()

 			var certs []byte
-			if test.passCerts == true {
+			if test.passCerts {
 				for _, cert := range ts.TLS.Certificates {
 					for _, c := range cert.Certificate {
 						parsedCert, err := x509.ParseCertificate(c)
@@ -289,9 +289,9 @@ func TestListPullRequestTLS(t *testing.T) {
 				}
 			}

-			svc, err := NewBitbucketServiceBasicAuth(context.Background(), "user", "password", ts.URL, "PROJECT", "REPO", "", test.tlsInsecure, certs)
+			svc, err := NewBitbucketServiceBasicAuth(t.Context(), "user", "password", ts.URL, "PROJECT", "REPO", "", test.tlsInsecure, certs)
 			require.NoError(t, err)
-			_, err = ListPullRequests(context.Background(), svc, []v1alpha1.PullRequestGeneratorFilter{})
+			_, err = ListPullRequests(t.Context(), svc, []v1alpha1.PullRequestGeneratorFilter{})
 			if test.requireErr {
 				require.Error(t, err)
 			} else {
@@ -302,12 +302,12 @@ func TestListPullRequestTLS(t *testing.T) {
 }

 func TestListResponseError(t *testing.T) {
-	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) {
 		w.WriteHeader(http.StatusInternalServerError)
 	}))
 	defer ts.Close()
-	svc, _ := NewBitbucketServiceNoAuth(context.Background(), ts.URL, "PROJECT", "REPO", "", false, nil)
-	_, err := ListPullRequests(context.Background(), svc, []v1alpha1.PullRequestGeneratorFilter{})
+	svc, _ := NewBitbucketServiceNoAuth(t.Context(), ts.URL, "PROJECT", "REPO", "", false, nil)
+	_, err := ListPullRequests(t.Context(), svc, []v1alpha1.PullRequestGeneratorFilter{})
 	require.Error(t, err)
 }

@@ -331,8 +331,8 @@ func TestListResponseMalformed(t *testing.T) {
 		}
 	}))
 	defer ts.Close()
-	svc, _ := NewBitbucketServiceNoAuth(context.Background(), ts.URL, "PROJECT", "REPO", "", false, nil)
-	_, err := ListPullRequests(context.Background(), svc, []v1alpha1.PullRequestGeneratorFilter{})
+	svc, _ := NewBitbucketServiceNoAuth(t.Context(), ts.URL, "PROJECT", "REPO", "", false, nil)
+	_, err := ListPullRequests(t.Context(), svc, []v1alpha1.PullRequestGeneratorFilter{})
 	require.Error(t, err)
 }

@@ -356,9 +356,9 @@ func TestListResponseEmpty(t *testing.T) {
 		}
 	}))
 	defer ts.Close()
-	svc, err := NewBitbucketServiceNoAuth(context.Background(), ts.URL, "PROJECT", "REPO", "", false, nil)
+	svc, err := NewBitbucketServiceNoAuth(t.Context(), ts.URL, "PROJECT", "REPO", "", false, nil)
 	require.NoError(t, err)
-	pullRequests, err := ListPullRequests(context.Background(), svc, []v1alpha1.PullRequestGeneratorFilter{})
+	pullRequests, err := ListPullRequests(t.Context(), svc, []v1alpha1.PullRequestGeneratorFilter{})
 	require.NoError(t, err)
 	assert.Empty(t, pullRequests)
 }
@@ -452,9 +452,9 @@ func TestListPullRequestBranchMatch(t *testing.T) {
 	}))
 	defer ts.Close()
 	regexp := `feature-1[\d]{2}`
-	svc, err := NewBitbucketServiceNoAuth(context.Background(), ts.URL, "PROJECT", "REPO", "", false, nil)
+	svc, err := NewBitbucketServiceNoAuth(t.Context(), ts.URL, "PROJECT", "REPO", "", false, nil)
 	require.NoError(t, err)
-	pullRequests, err := ListPullRequests(context.Background(), svc, []v1alpha1.PullRequestGeneratorFilter{
+	pullRequests, err := ListPullRequests(t.Context(), svc, []v1alpha1.PullRequestGeneratorFilter{
 		{
 			BranchMatch: &regexp,
 		},
@@ -481,9 +481,9 @@ func TestListPullRequestBranchMatch(t *testing.T) {
 	}, *pullRequests[1])

 	regexp = `.*2$`
-	svc, err = NewBitbucketServiceNoAuth(context.Background(), ts.URL, "PROJECT", "REPO", "", false, nil)
+	svc, err = NewBitbucketServiceNoAuth(t.Context(), ts.URL, "PROJECT", "REPO", "", false, nil)
 	require.NoError(t, err)
-	pullRequests, err = ListPullRequests(context.Background(), svc, []v1alpha1.PullRequestGeneratorFilter{
+	pullRequests, err = ListPullRequests(t.Context(), svc, []v1alpha1.PullRequestGeneratorFilter{
 		{
 			BranchMatch: &regexp,
 		},
@@ -501,9 +501,9 @@ func TestListPullRequestBranchMatch(t *testing.T) {
 	}, *pullRequests[0])

 	regexp = `[\d{2}`
-	svc, err = NewBitbucketServiceNoAuth(context.Background(), ts.URL, "PROJECT", "REPO", "", false, nil)
+	svc, err = NewBitbucketServiceNoAuth(t.Context(), ts.URL, "PROJECT", "REPO", "", false, nil)
 	require.NoError(t, err)
-	_, err = ListPullRequests(context.Background(), svc, []v1alpha1.PullRequestGeneratorFilter{
+	_, err = ListPullRequests(t.Context(), svc, []v1alpha1.PullRequestGeneratorFilter{
 		{
 			BranchMatch: &regexp,
 		},
--- a/applicationset/services/pull_request/fake.go
+++ b/applicationset/services/pull_request/fake.go
@@ -18,6 +18,6 @@ func NewFakeService(_ context.Context, listPullReuests []*PullRequest, listError
 	}, nil
 }

-func (g *FakeService) List(ctx context.Context) ([]*PullRequest, error) {
+func (g *FakeService) List(_ context.Context) ([]*PullRequest, error) {
 	return g.listPullReuests, g.listError
 }
--- a/applicationset/services/pull_request/gitea.go
+++ b/applicationset/services/pull_request/gitea.go
@@ -18,7 +18,7 @@ type GiteaService struct {

 var _ PullRequestService = (*GiteaService)(nil)

-func NewGiteaService(ctx context.Context, token, url, owner, repo string, insecure bool) (PullRequestService, error) {
+func NewGiteaService(token, url, owner, repo string, insecure bool) (PullRequestService, error) {
 	if token == "" {
 		token = os.Getenv("GITEA_TOKEN")
 	}
@@ -49,6 +49,7 @@ func (g *GiteaService) List(ctx context.Context) ([]*PullRequest, error) {
 	opts := gitea.ListPullRequestsOptions{
 		State: gitea.StateOpen,
 	}
+	g.client.SetContext(ctx)
 	prs, _, err := g.client.ListRepoPullRequests(g.owner, g.repo, opts)
 	if err != nil {
 		return nil, err
--- a/applicationset/services/pull_request/gitea_test.go
+++ b/applicationset/services/pull_request/gitea_test.go
@@ -1,7 +1,6 @@
 package pull_request

 import (
-	"context"
 	"fmt"
 	"io"
 	"net/http"
@@ -14,6 +13,7 @@ import (
 )

 func giteaMockHandler(t *testing.T) func(http.ResponseWriter, *http.Request) {
+	t.Helper()
 	return func(w http.ResponseWriter, r *http.Request) {
 		w.Header().Set("Content-Type", "application/json")
 		fmt.Println(r.RequestURI)
@@ -250,9 +250,9 @@ func TestGiteaList(t *testing.T) {
 	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		giteaMockHandler(t)(w, r)
 	}))
-	host, err := NewGiteaService(context.Background(), "", ts.URL, "test-argocd", "pr-test", false)
+	host, err := NewGiteaService("", ts.URL, "test-argocd", "pr-test", false)
 	require.NoError(t, err)
-	prs, err := host.List(context.Background())
+	prs, err := host.List(t.Context())
 	require.NoError(t, err)
 	assert.Len(t, prs, 1)
 	assert.Equal(t, 1, prs[0].Number)
--- a/applicationset/services/pull_request/github.go
+++ b/applicationset/services/pull_request/github.go
@@ -3,10 +3,10 @@ package pull_request
 import (
 	"context"
 	"fmt"
+	"net/http"
 	"os"

-	"github.com/google/go-github/v63/github"
-	"golang.org/x/oauth2"
+	"github.com/google/go-github/v66/github"
 )

 type GithubService struct {
@@ -18,21 +18,19 @@ type GithubService struct {

 var _ PullRequestService = (*GithubService)(nil)

-func NewGithubService(ctx context.Context, token, url, owner, repo string, labels []string) (PullRequestService, error) {
-	var ts oauth2.TokenSource
+func NewGithubService(token, url, owner, repo string, labels []string) (PullRequestService, error) {
 	// Undocumented environment variable to set a default token, to be used in testing to dodge anonymous rate limits.
 	if token == "" {
 		token = os.Getenv("GITHUB_TOKEN")
 	}
-	if token != "" {
-		ts = oauth2.StaticTokenSource(
-			&oauth2.Token{AccessToken: token},
-		)
-	}
-	httpClient := oauth2.NewClient(ctx, ts)
+	httpClient := &http.Client{}
 	var client *github.Client
 	if url == "" {
-		client = github.NewClient(httpClient)
+		if token == "" {
+			client = github.NewClient(httpClient)
+		} else {
+			client = github.NewClient(httpClient).WithAuthToken(token)
+		}
 	} else {
 		var err error
 		client, err = github.NewClient(httpClient).WithEnterpriseURLs(url, url)
--- a/applicationset/services/pull_request/github_app.go
+++ b/applicationset/services/pull_request/github_app.go
@@ -1,8 +1,8 @@
 package pull_request

 import (
-	"github.com/argoproj/argo-cd/v2/applicationset/services/github_app_auth"
-	"github.com/argoproj/argo-cd/v2/applicationset/services/internal/github_app"
+	"github.com/argoproj/argo-cd/v3/applicationset/services/github_app_auth"
+	"github.com/argoproj/argo-cd/v3/applicationset/services/internal/github_app"
 )

 func NewGithubAppService(g github_app_auth.Authentication, url, owner, repo string, labels []string) (PullRequestService, error) {
--- a/applicationset/services/pull_request/github_test.go
+++ b/applicationset/services/pull_request/github_test.go
@@ -3,8 +3,8 @@ package pull_request
 import (
 	"testing"

-	"github.com/google/go-github/v63/github"
-	"github.com/stretchr/testify/assert"
+	"github.com/google/go-github/v66/github"
+	"github.com/stretchr/testify/require"
 )

 func toPtr(s string) *string {
@@ -52,9 +52,8 @@ func TestContainLabels(t *testing.T) {

 	for _, c := range cases {
 		t.Run(c.Name, func(t *testing.T) {
-			if got := containLabels(c.Labels, c.PullLabels); got != c.Expect {
-				t.Errorf("expect: %v, got: %v", c.Expect, got)
-			}
+			got := containLabels(c.Labels, c.PullLabels)
+			require.Equal(t, got, c.Expect)
 		})
 	}
 }
@@ -83,7 +82,7 @@ func TestGetGitHubPRLabelNames(t *testing.T) {
 	for _, test := range Tests {
 		t.Run(test.Name, func(t *testing.T) {
 			labels := getGithubPRLabelNames(test.PullLabels)
-			assert.Equal(t, test.ExpectedResult, labels)
+			require.Equal(t, test.ExpectedResult, labels)
 		})
 	}
 }
--- a/applicationset/services/pull_request/gitlab.go
+++ b/applicationset/services/pull_request/gitlab.go
@@ -7,9 +7,9 @@ import (
 	"os"

 	"github.com/hashicorp/go-retryablehttp"
-	gitlab "github.com/xanzy/go-gitlab"
+	gitlab "gitlab.com/gitlab-org/api/client-go"

-	"github.com/argoproj/argo-cd/v2/applicationset/utils"
+	"github.com/argoproj/argo-cd/v3/applicationset/utils"
 )

 type GitLabService struct {
@@ -21,7 +21,7 @@ type GitLabService struct {

 var _ PullRequestService = (*GitLabService)(nil)

-func NewGitLabService(ctx context.Context, token, url, project string, labels []string, pullRequestState string, scmRootCAPath string, insecure bool, caCerts []byte) (PullRequestService, error) {
+func NewGitLabService(token, url, project string, labels []string, pullRequestState string, scmRootCAPath string, insecure bool, caCerts []byte) (PullRequestService, error) {
 	var clientOptionFns []gitlab.ClientOptionFunc

 	// Set a custom Gitlab base URL if one is provided
@@ -74,7 +74,7 @@ func (g *GitLabService) List(ctx context.Context) ([]*PullRequest, error) {

 	pullRequests := []*PullRequest{}
 	for {
-		mrs, resp, err := g.client.MergeRequests.ListProjectMergeRequests(g.project, opts)
+		mrs, resp, err := g.client.MergeRequests.ListProjectMergeRequests(g.project, opts, gitlab.WithContext(ctx))
 		if err != nil {
 			return nil, fmt.Errorf("error listing merge requests for project '%s': %w", g.project, err)
 		}
--- a/applicationset/services/pull_request/gitlab_test.go
+++ b/applicationset/services/pull_request/gitlab_test.go
@@ -1,7 +1,6 @@
 package pull_request

 import (
-	"context"
 	"crypto/x509"
 	"encoding/pem"
 	"io"
@@ -15,14 +14,12 @@ import (
 )

 func writeMRListResponse(t *testing.T, w io.Writer) {
+	t.Helper()
 	f, err := os.Open("fixtures/gitlab_mr_list_response.json")
-	if err != nil {
-		t.Fatalf("error opening fixture file: %v", err)
-	}
+	require.NoErrorf(t, err, "error opening fixture file: %v", err)

-	if _, err = io.Copy(w, f); err != nil {
-		t.Fatalf("error writing response: %v", err)
-	}
+	_, err = io.Copy(w, f)
+	require.NoErrorf(t, err, "error writing response: %v", err)
 }

 func TestGitLabServiceCustomBaseURL(t *testing.T) {
@@ -37,10 +34,10 @@ func TestGitLabServiceCustomBaseURL(t *testing.T) {
 		writeMRListResponse(t, w)
 	})

-	svc, err := NewGitLabService(context.Background(), "", server.URL, "278964", nil, "", "", false, nil)
+	svc, err := NewGitLabService("", server.URL, "278964", nil, "", "", false, nil)
 	require.NoError(t, err)

-	_, err = svc.List(context.Background())
+	_, err = svc.List(t.Context())
 	require.NoError(t, err)
 }

@@ -56,10 +53,10 @@ func TestGitLabServiceToken(t *testing.T) {
 		writeMRListResponse(t, w)
 	})

-	svc, err := NewGitLabService(context.Background(), "token-123", server.URL, "278964", nil, "", "", false, nil)
+	svc, err := NewGitLabService("token-123", server.URL, "278964", nil, "", "", false, nil)
 	require.NoError(t, err)

-	_, err = svc.List(context.Background())
+	_, err = svc.List(t.Context())
 	require.NoError(t, err)
 }

@@ -75,10 +72,10 @@ func TestList(t *testing.T) {
 		writeMRListResponse(t, w)
 	})

-	svc, err := NewGitLabService(context.Background(), "", server.URL, "278964", []string{}, "", "", false, nil)
+	svc, err := NewGitLabService("", server.URL, "278964", []string{}, "", "", false, nil)
 	require.NoError(t, err)

-	prs, err := svc.List(context.Background())
+	prs, err := svc.List(t.Context())
 	require.NoError(t, err)
 	assert.Len(t, prs, 1)
 	assert.Equal(t, 15442, prs[0].Number)
@@ -101,10 +98,10 @@ func TestListWithLabels(t *testing.T) {
 		writeMRListResponse(t, w)
 	})

-	svc, err := NewGitLabService(context.Background(), "", server.URL, "278964", []string{"feature", "ready"}, "", "", false, nil)
+	svc, err := NewGitLabService("", server.URL, "278964", []string{"feature", "ready"}, "", "", false, nil)
 	require.NoError(t, err)

-	_, err = svc.List(context.Background())
+	_, err = svc.List(t.Context())
 	require.NoError(t, err)
 }

@@ -120,10 +117,10 @@ func TestListWithState(t *testing.T) {
 		writeMRListResponse(t, w)
 	})

-	svc, err := NewGitLabService(context.Background(), "", server.URL, "278964", []string{}, "opened", "", false, nil)
+	svc, err := NewGitLabService("", server.URL, "278964", []string{}, "opened", "", false, nil)
 	require.NoError(t, err)

-	_, err = svc.List(context.Background())
+	_, err = svc.List(t.Context())
 	require.NoError(t, err)
 }

@@ -163,13 +160,13 @@ func TestListWithStateTLS(t *testing.T) {
 	for _, test := range tests {
 		test := test
 		t.Run(test.name, func(t *testing.T) {
-			ts := httptest.NewTLSServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			ts := httptest.NewTLSServer(http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) {
 				writeMRListResponse(t, w)
 			}))
 			defer ts.Close()

 			var certs []byte
-			if test.passCerts == true {
+			if test.passCerts {
 				for _, cert := range ts.TLS.Certificates {
 					for _, c := range cert.Certificate {
 						parsedCert, err := x509.ParseCertificate(c)
@@ -182,10 +179,10 @@ func TestListWithStateTLS(t *testing.T) {
 				}
 			}

-			svc, err := NewGitLabService(context.Background(), "", ts.URL, "278964", []string{}, "opened", "", test.tlsInsecure, certs)
+			svc, err := NewGitLabService("", ts.URL, "278964", []string{}, "opened", "", test.tlsInsecure, certs)
 			require.NoError(t, err)

-			_, err = svc.List(context.Background())
+			_, err = svc.List(t.Context())
 			if test.requireErr {
 				require.Error(t, err)
 			} else {
--- a/applicationset/services/pull_request/utils.go
+++ b/applicationset/services/pull_request/utils.go
@@ -5,7 +5,7 @@ import (
 	"fmt"
 	"regexp"

-	argoprojiov1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
+	argoprojiov1alpha1 "github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1"
 )

 func compileFilters(filters []argoprojiov1alpha1.PullRequestGeneratorFilter) ([]*Filter, error) {
--- a/applicationset/services/pull_request/utils_test.go
+++ b/applicationset/services/pull_request/utils_test.go
@@ -1,13 +1,12 @@
 package pull_request

 import (
-	"context"
 	"testing"

 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"

-	argoprojiov1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
+	argoprojiov1alpha1 "github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1"
 )

 func strp(s string) *string {
@@ -16,7 +15,7 @@ func strp(s string) *string {

 func TestFilterBranchMatchBadRegexp(t *testing.T) {
 	provider, _ := NewFakeService(
-		context.Background(),
+		t.Context(),
 		[]*PullRequest{
 			{
 				Number:       1,
@@ -34,13 +33,13 @@ func TestFilterBranchMatchBadRegexp(t *testing.T) {
 			BranchMatch: strp("("),
 		},
 	}
-	_, err := ListPullRequests(context.Background(), provider, filters)
+	_, err := ListPullRequests(t.Context(), provider, filters)
 	require.Error(t, err)
 }

 func TestFilterBranchMatch(t *testing.T) {
 	provider, _ := NewFakeService(
-		context.Background(),
+		t.Context(),
 		[]*PullRequest{
 			{
 				Number:       1,
@@ -82,7 +81,7 @@ func TestFilterBranchMatch(t *testing.T) {
 			BranchMatch: strp("w"),
 		},
 	}
-	pullRequests, err := ListPullRequests(context.Background(), provider, filters)
+	pullRequests, err := ListPullRequests(t.Context(), provider, filters)
 	require.NoError(t, err)
 	assert.Len(t, pullRequests, 1)
 	assert.Equal(t, "two", pullRequests[0].Branch)
@@ -90,7 +89,7 @@ func TestFilterBranchMatch(t *testing.T) {

 func TestFilterTargetBranchMatch(t *testing.T) {
 	provider, _ := NewFakeService(
-		context.Background(),
+		t.Context(),
 		[]*PullRequest{
 			{
 				Number:       1,
@@ -132,7 +131,7 @@ func TestFilterTargetBranchMatch(t *testing.T) {
 			TargetBranchMatch: strp("1"),
 		},
 	}
-	pullRequests, err := ListPullRequests(context.Background(), provider, filters)
+	pullRequests, err := ListPullRequests(t.Context(), provider, filters)
 	require.NoError(t, err)
 	assert.Len(t, pullRequests, 1)
 	assert.Equal(t, "two", pullRequests[0].Branch)
@@ -140,7 +139,7 @@ func TestFilterTargetBranchMatch(t *testing.T) {

 func TestMultiFilterOr(t *testing.T) {
 	provider, _ := NewFakeService(
-		context.Background(),
+		t.Context(),
 		[]*PullRequest{
 			{
 				Number:       1,
@@ -185,7 +184,7 @@ func TestMultiFilterOr(t *testing.T) {
 			BranchMatch: strp("r"),
 		},
 	}
-	pullRequests, err := ListPullRequests(context.Background(), provider, filters)
+	pullRequests, err := ListPullRequests(t.Context(), provider, filters)
 	require.NoError(t, err)
 	assert.Len(t, pullRequests, 3)
 	assert.Equal(t, "two", pullRequests[0].Branch)
@@ -195,7 +194,7 @@ func TestMultiFilterOr(t *testing.T) {

 func TestMultiFilterOrWithTargetBranchFilter(t *testing.T) {
 	provider, _ := NewFakeService(
-		context.Background(),
+		t.Context(),
 		[]*PullRequest{
 			{
 				Number:       1,
@@ -242,7 +241,7 @@ func TestMultiFilterOrWithTargetBranchFilter(t *testing.T) {
 			TargetBranchMatch: strp("3"),
 		},
 	}
-	pullRequests, err := ListPullRequests(context.Background(), provider, filters)
+	pullRequests, err := ListPullRequests(t.Context(), provider, filters)
 	require.NoError(t, err)
 	assert.Len(t, pullRequests, 2)
 	assert.Equal(t, "two", pullRequests[0].Branch)
@@ -251,7 +250,7 @@ func TestMultiFilterOrWithTargetBranchFilter(t *testing.T) {

 func TestNoFilters(t *testing.T) {
 	provider, _ := NewFakeService(
-		context.Background(),
+		t.Context(),
 		[]*PullRequest{
 			{
 				Number:       1,
@@ -273,7 +272,7 @@ func TestNoFilters(t *testing.T) {
 		nil,
 	)
 	filters := []argoprojiov1alpha1.PullRequestGeneratorFilter{}
-	repos, err := ListPullRequests(context.Background(), provider, filters)
+	repos, err := ListPullRequests(t.Context(), provider, filters)
 	require.NoError(t, err)
 	assert.Len(t, repos, 2)
 	assert.Equal(t, "one", repos[0].Branch)
--- a/applicationset/services/repo_service.go
+++ b/applicationset/services/repo_service.go
@@ -4,39 +4,54 @@ import (
 	"context"
 	"fmt"

-	"github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
-	"github.com/argoproj/argo-cd/v2/reposerver/apiclient"
-	"github.com/argoproj/argo-cd/v2/util/git"
-	"github.com/argoproj/argo-cd/v2/util/io"
+	"github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1"
+	"github.com/argoproj/argo-cd/v3/reposerver/apiclient"
+	"github.com/argoproj/argo-cd/v3/util/db"
+	"github.com/argoproj/argo-cd/v3/util/io"
 )

 type argoCDService struct {
-	getRepository          func(ctx context.Context, url, project string) (*v1alpha1.Repository, error)
-	storecreds             git.CredsStore
-	submoduleEnabled       bool
-	repoServerClientSet    apiclient.Clientset
-	newFileGlobbingEnabled bool
+	getRepository                   func(ctx context.Context, url, project string) (*v1alpha1.Repository, error)
+	submoduleEnabled                bool
+	newFileGlobbingEnabled          bool
+	getGitFilesFromRepoServer       func(ctx context.Context, req *apiclient.GitFilesRequest) (*apiclient.GitFilesResponse, error)
+	getGitDirectoriesFromRepoServer func(ctx context.Context, req *apiclient.GitDirectoriesRequest) (*apiclient.GitDirectoriesResponse, error)
 }

 type Repos interface {
 	// GetFiles returns content of files (not directories) within the target repo
-	GetFiles(ctx context.Context, repoURL string, revision string, pattern string, noRevisionCache, verifyCommit bool) (map[string][]byte, error)
+	GetFiles(ctx context.Context, repoURL, revision, project, pattern string, noRevisionCache, verifyCommit bool) (map[string][]byte, error)

 	// GetDirectories returns a list of directories (not files) within the target repo
-	GetDirectories(ctx context.Context, repoURL string, revision string, noRevisionCache, verifyCommit bool) ([]string, error)
+	GetDirectories(ctx context.Context, repoURL, revision, project string, noRevisionCache, verifyCommit bool) ([]string, error)
 }

-func NewArgoCDService(getRepository func(ctx context.Context, url, project string) (*v1alpha1.Repository, error), submoduleEnabled bool, repoClientset apiclient.Clientset, newFileGlobbingEnabled bool) (Repos, error) {
+func NewArgoCDService(db db.ArgoDB, submoduleEnabled bool, repoClientset apiclient.Clientset, newFileGlobbingEnabled bool) Repos {
 	return &argoCDService{
-		getRepository:          getRepository,
+		getRepository:          db.GetRepository,
 		submoduleEnabled:       submoduleEnabled,
-		repoServerClientSet:    repoClientset,
 		newFileGlobbingEnabled: newFileGlobbingEnabled,
-	}, nil
+		getGitFilesFromRepoServer: func(ctx context.Context, fileRequest *apiclient.GitFilesRequest) (*apiclient.GitFilesResponse, error) {
+			closer, client, err := repoClientset.NewRepoServerClient()
+			if err != nil {
+				return nil, fmt.Errorf("error initializing new repo server client: %w", err)
+			}
+			defer io.Close(closer)
+			return client.GetGitFiles(ctx, fileRequest)
+		},
+		getGitDirectoriesFromRepoServer: func(ctx context.Context, dirRequest *apiclient.GitDirectoriesRequest) (*apiclient.GitDirectoriesResponse, error) {
+			closer, client, err := repoClientset.NewRepoServerClient()
+			if err != nil {
+				return nil, fmt.Errorf("error initialising new repo server client: %w", err)
+			}
+			defer io.Close(closer)
+			return client.GetGitDirectories(ctx, dirRequest)
+		},
+	}
 }

-func (a *argoCDService) GetFiles(ctx context.Context, repoURL string, revision string, pattern string, noRevisionCache, verifyCommit bool) (map[string][]byte, error) {
-	repo, err := a.getRepository(ctx, repoURL, "")
+func (a *argoCDService) GetFiles(ctx context.Context, repoURL, revision, project, pattern string, noRevisionCache, verifyCommit bool) (map[string][]byte, error) {
+	repo, err := a.getRepository(ctx, repoURL, project)
 	if err != nil {
 		return nil, fmt.Errorf("error in GetRepository: %w", err)
 	}
@@ -50,21 +65,15 @@ func (a *argoCDService) GetFiles(ctx context.Context, repoURL string, revision s
 		NoRevisionCache:           noRevisionCache,
 		VerifyCommit:              verifyCommit,
 	}
-	closer, client, err := a.repoServerClientSet.NewRepoServerClient()
-	if err != nil {
-		return nil, fmt.Errorf("error initialising new repo server client: %w", err)
-	}
-	defer io.Close(closer)
-
-	fileResponse, err := client.GetGitFiles(ctx, fileRequest)
+	fileResponse, err := a.getGitFilesFromRepoServer(ctx, fileRequest)
 	if err != nil {
 		return nil, fmt.Errorf("error retrieving Git files: %w", err)
 	}
 	return fileResponse.GetMap(), nil
 }

-func (a *argoCDService) GetDirectories(ctx context.Context, repoURL string, revision string, noRevisionCache, verifyCommit bool) ([]string, error) {
-	repo, err := a.getRepository(ctx, repoURL, "")
+func (a *argoCDService) GetDirectories(ctx context.Context, repoURL, revision, project string, noRevisionCache, verifyCommit bool) ([]string, error) {
+	repo, err := a.getRepository(ctx, repoURL, project)
 	if err != nil {
 		return nil, fmt.Errorf("error in GetRepository: %w", err)
 	}
@@ -77,13 +86,7 @@ func (a *argoCDService) GetDirectories(ctx context.Context, repoURL string, revi
 		VerifyCommit:     verifyCommit,
 	}

-	closer, client, err := a.repoServerClientSet.NewRepoServerClient()
-	if err != nil {
-		return nil, fmt.Errorf("error initialising new repo server client: %w", err)
-	}
-	defer io.Close(closer)
-
-	dirResponse, err := client.GetGitDirectories(ctx, dirRequest)
+	dirResponse, err := a.getGitDirectoriesFromRepoServer(ctx, dirRequest)
 	if err != nil {
 		return nil, fmt.Errorf("error retrieving Git Directories: %w", err)
 	}
--- a/applicationset/services/repo_service_test.go
+++ b/applicationset/services/repo_service_test.go
@@ -2,26 +2,26 @@ package services

 import (
 	"context"
+	"errors"
 	"fmt"
 	"testing"

 	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/mock"
-	"github.com/stretchr/testify/require"
+	"k8s.io/client-go/kubernetes/fake"

-	"github.com/argoproj/argo-cd/v2/reposerver/apiclient"
-	repo_mocks "github.com/argoproj/argo-cd/v2/reposerver/apiclient/mocks"
-	"github.com/argoproj/argo-cd/v2/util/git"
+	"github.com/argoproj/argo-cd/v3/reposerver/apiclient"
+	repo_mocks "github.com/argoproj/argo-cd/v3/reposerver/apiclient/mocks"
+	"github.com/argoproj/argo-cd/v3/util/db"
+	"github.com/argoproj/argo-cd/v3/util/settings"

-	"github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
+	"github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1"
 )

 func TestGetDirectories(t *testing.T) {
 	type fields struct {
-		storecreds            git.CredsStore
-		submoduleEnabled      bool
-		getRepository         func(ctx context.Context, url, project string) (*v1alpha1.Repository, error)
-		repoServerClientFuncs []func(*repo_mocks.RepoServerServiceClient)
+		submoduleEnabled  bool
+		getRepository     func(ctx context.Context, url, project string) (*v1alpha1.Repository, error)
+		getGitDirectories func(ctx context.Context, req *apiclient.GitDirectoriesRequest) (*apiclient.GitDirectoriesResponse, error)
 	}
 	type args struct {
 		ctx             context.Context
@@ -38,58 +38,49 @@ func TestGetDirectories(t *testing.T) {
 		wantErr assert.ErrorAssertionFunc
 	}{
 		{name: "ErrorGettingRepos", fields: fields{
-			getRepository: func(ctx context.Context, url, project string) (*v1alpha1.Repository, error) {
-				return nil, fmt.Errorf("unable to get repos")
+			getRepository: func(_ context.Context, _, _ string) (*v1alpha1.Repository, error) {
+				return nil, errors.New("unable to get repos")
 			},
 		}, args: args{}, want: nil, wantErr: assert.Error},
 		{name: "ErrorGettingDirs", fields: fields{
-			getRepository: func(ctx context.Context, url, project string) (*v1alpha1.Repository, error) {
+			getRepository: func(_ context.Context, _, _ string) (*v1alpha1.Repository, error) {
 				return &v1alpha1.Repository{}, nil
 			},
-			repoServerClientFuncs: []func(*repo_mocks.RepoServerServiceClient){
-				func(client *repo_mocks.RepoServerServiceClient) {
-					client.On("GetGitDirectories", mock.Anything, mock.Anything).Return(nil, fmt.Errorf("unable to get dirs"))
-				},
+			getGitDirectories: func(_ context.Context, _ *apiclient.GitDirectoriesRequest) (*apiclient.GitDirectoriesResponse, error) {
+				return nil, errors.New("unable to get dirs")
 			},
 		}, args: args{}, want: nil, wantErr: assert.Error},
 		{name: "HappyCase", fields: fields{
-			getRepository: func(ctx context.Context, url, project string) (*v1alpha1.Repository, error) {
-				return &v1alpha1.Repository{}, nil
+			getRepository: func(_ context.Context, _, _ string) (*v1alpha1.Repository, error) {
+				return &v1alpha1.Repository{
+					Repo: "foo",
+				}, nil
 			},
-			repoServerClientFuncs: []func(*repo_mocks.RepoServerServiceClient){
-				func(client *repo_mocks.RepoServerServiceClient) {
-					client.On("GetGitDirectories", mock.Anything, mock.Anything).Return(&apiclient.GitDirectoriesResponse{
-						Paths: []string{"foo", "foo/bar", "bar/foo"},
-					}, nil)
-				},
+			getGitDirectories: func(_ context.Context, _ *apiclient.GitDirectoriesRequest) (*apiclient.GitDirectoriesResponse, error) {
+				return &apiclient.GitDirectoriesResponse{
+					Paths: []string{"foo", "foo/bar", "bar/foo"},
+				}, nil
 			},
-		}, args: args{}, want: []string{"foo", "foo/bar", "bar/foo"}, wantErr: assert.NoError},
+		}, args: args{
+			repoURL: "foo",
+		}, want: []string{"foo", "foo/bar", "bar/foo"}, wantErr: assert.NoError},
 		{name: "ErrorVerifyingCommit", fields: fields{
-			getRepository: func(ctx context.Context, url, project string) (*v1alpha1.Repository, error) {
+			getRepository: func(_ context.Context, _, _ string) (*v1alpha1.Repository, error) {
 				return &v1alpha1.Repository{}, nil
 			},
-			repoServerClientFuncs: []func(*repo_mocks.RepoServerServiceClient){
-				func(client *repo_mocks.RepoServerServiceClient) {
-					client.On("GetGitDirectories", mock.Anything, mock.Anything).Return(nil, fmt.Errorf("revision HEAD is not signed"))
-				},
+			getGitDirectories: func(_ context.Context, _ *apiclient.GitDirectoriesRequest) (*apiclient.GitDirectoriesResponse, error) {
+				return nil, errors.New("revision HEAD is not signed")
 			},
 		}, args: args{}, want: nil, wantErr: assert.Error},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			mockRepoClient := &repo_mocks.RepoServerServiceClient{}
-			// decorate the mocks
-			for i := range tt.fields.repoServerClientFuncs {
-				tt.fields.repoServerClientFuncs[i](mockRepoClient)
-			}
-
 			a := &argoCDService{
-				getRepository:       tt.fields.getRepository,
-				storecreds:          tt.fields.storecreds,
-				submoduleEnabled:    tt.fields.submoduleEnabled,
-				repoServerClientSet: &repo_mocks.Clientset{RepoServerServiceClient: mockRepoClient},
+				getRepository:                   tt.fields.getRepository,
+				submoduleEnabled:                tt.fields.submoduleEnabled,
+				getGitDirectoriesFromRepoServer: tt.fields.getGitDirectories,
 			}
-			got, err := a.GetDirectories(tt.args.ctx, tt.args.repoURL, tt.args.revision, tt.args.noRevisionCache, tt.args.verifyCommit)
+			got, err := a.GetDirectories(tt.args.ctx, tt.args.repoURL, tt.args.revision, "", tt.args.noRevisionCache, tt.args.verifyCommit)
 			if !tt.wantErr(t, err, fmt.Sprintf("GetDirectories(%v, %v, %v, %v)", tt.args.ctx, tt.args.repoURL, tt.args.revision, tt.args.noRevisionCache)) {
 				return
 			}
@@ -100,10 +91,9 @@ func TestGetDirectories(t *testing.T) {

 func TestGetFiles(t *testing.T) {
 	type fields struct {
-		storecreds            git.CredsStore
-		submoduleEnabled      bool
-		repoServerClientFuncs []func(*repo_mocks.RepoServerServiceClient)
-		getRepository         func(ctx context.Context, url, project string) (*v1alpha1.Repository, error)
+		submoduleEnabled bool
+		getRepository    func(ctx context.Context, url, project string) (*v1alpha1.Repository, error)
+		getGitFiles      func(ctx context.Context, req *apiclient.GitFilesRequest) (*apiclient.GitFilesResponse, error)
 	}
 	type args struct {
 		ctx             context.Context
@@ -121,64 +111,55 @@ func TestGetFiles(t *testing.T) {
 		wantErr assert.ErrorAssertionFunc
 	}{
 		{name: "ErrorGettingRepos", fields: fields{
-			getRepository: func(ctx context.Context, url, project string) (*v1alpha1.Repository, error) {
-				return nil, fmt.Errorf("unable to get repos")
+			getRepository: func(_ context.Context, _, _ string) (*v1alpha1.Repository, error) {
+				return nil, errors.New("unable to get repos")
 			},
 		}, args: args{}, want: nil, wantErr: assert.Error},
 		{name: "ErrorGettingFiles", fields: fields{
-			getRepository: func(ctx context.Context, url, project string) (*v1alpha1.Repository, error) {
+			getRepository: func(_ context.Context, _, _ string) (*v1alpha1.Repository, error) {
 				return &v1alpha1.Repository{}, nil
 			},
-			repoServerClientFuncs: []func(*repo_mocks.RepoServerServiceClient){
-				func(client *repo_mocks.RepoServerServiceClient) {
-					client.On("GetGitFiles", mock.Anything, mock.Anything).Return(nil, fmt.Errorf("unable to get files"))
-				},
+			getGitFiles: func(_ context.Context, _ *apiclient.GitFilesRequest) (*apiclient.GitFilesResponse, error) {
+				return nil, errors.New("unable to get files")
 			},
 		}, args: args{}, want: nil, wantErr: assert.Error},
 		{name: "HappyCase", fields: fields{
-			getRepository: func(ctx context.Context, url, project string) (*v1alpha1.Repository, error) {
-				return &v1alpha1.Repository{}, nil
+			getRepository: func(_ context.Context, _, _ string) (*v1alpha1.Repository, error) {
+				return &v1alpha1.Repository{
+					Repo: "foo",
+				}, nil
 			},
-			repoServerClientFuncs: []func(*repo_mocks.RepoServerServiceClient){
-				func(client *repo_mocks.RepoServerServiceClient) {
-					client.On("GetGitFiles", mock.Anything, mock.Anything).Return(&apiclient.GitFilesResponse{
-						Map: map[string][]byte{
-							"foo.json": []byte("hello: world!"),
-							"bar.yaml": []byte("yay: appsets"),
-						},
-					}, nil)
-				},
+			getGitFiles: func(_ context.Context, _ *apiclient.GitFilesRequest) (*apiclient.GitFilesResponse, error) {
+				return &apiclient.GitFilesResponse{
+					Map: map[string][]byte{
+						"foo.json": []byte("hello: world!"),
+						"bar.yaml": []byte("yay: appsets"),
+					},
+				}, nil
 			},
-		}, args: args{}, want: map[string][]byte{
+		}, args: args{
+			repoURL: "foo",
+		}, want: map[string][]byte{
 			"foo.json": []byte("hello: world!"),
 			"bar.yaml": []byte("yay: appsets"),
 		}, wantErr: assert.NoError},
 		{name: "ErrorVerifyingCommit", fields: fields{
-			getRepository: func(ctx context.Context, url, project string) (*v1alpha1.Repository, error) {
+			getRepository: func(_ context.Context, _, _ string) (*v1alpha1.Repository, error) {
 				return &v1alpha1.Repository{}, nil
 			},
-			repoServerClientFuncs: []func(*repo_mocks.RepoServerServiceClient){
-				func(client *repo_mocks.RepoServerServiceClient) {
-					client.On("GetGitFiles", mock.Anything, mock.Anything).Return(nil, fmt.Errorf("revision HEAD is not signed"))
-				},
+			getGitFiles: func(_ context.Context, _ *apiclient.GitFilesRequest) (*apiclient.GitFilesResponse, error) {
+				return nil, errors.New("revision HEAD is not signed")
 			},
 		}, args: args{}, want: nil, wantErr: assert.Error},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			mockRepoClient := &repo_mocks.RepoServerServiceClient{}
-			// decorate the mocks
-			for i := range tt.fields.repoServerClientFuncs {
-				tt.fields.repoServerClientFuncs[i](mockRepoClient)
-			}
-
 			a := &argoCDService{
-				getRepository:       tt.fields.getRepository,
-				storecreds:          tt.fields.storecreds,
-				submoduleEnabled:    tt.fields.submoduleEnabled,
-				repoServerClientSet: &repo_mocks.Clientset{RepoServerServiceClient: mockRepoClient},
+				getRepository:             tt.fields.getRepository,
+				submoduleEnabled:          tt.fields.submoduleEnabled,
+				getGitFilesFromRepoServer: tt.fields.getGitFiles,
 			}
-			got, err := a.GetFiles(tt.args.ctx, tt.args.repoURL, tt.args.revision, tt.args.pattern, tt.args.noRevisionCache, tt.args.verifyCommit)
+			got, err := a.GetFiles(tt.args.ctx, tt.args.repoURL, tt.args.revision, tt.args.pattern, "", tt.args.noRevisionCache, tt.args.verifyCommit)
 			if !tt.wantErr(t, err, fmt.Sprintf("GetFiles(%v, %v, %v, %v, %v)", tt.args.ctx, tt.args.repoURL, tt.args.revision, tt.args.pattern, tt.args.noRevisionCache)) {
 				return
 			}
@@ -188,9 +169,9 @@ func TestGetFiles(t *testing.T) {
 }

 func TestNewArgoCDService(t *testing.T) {
-	service, err := NewArgoCDService(func(ctx context.Context, url, project string) (*v1alpha1.Repository, error) {
-		return &v1alpha1.Repository{}, nil
-	}, false, &repo_mocks.Clientset{}, false)
-	require.NoError(t, err)
+	testNamespace := "test"
+	clientset := fake.NewClientset()
+	testDB := db.NewDB(testNamespace, settings.NewSettingsManager(t.Context(), clientset, testNamespace), clientset)
+	service := NewArgoCDService(testDB, false, &repo_mocks.Clientset{}, false)
 	assert.NotNil(t, service)
 }
--- a/applicationset/services/scm_provider/aws_codecommit.go
+++ b/applicationset/services/scm_provider/aws_codecommit.go
@@ -21,13 +21,13 @@ import (
 	"golang.org/x/exp/maps"
 	"k8s.io/utils/strings/slices"

-	application "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
+	application "github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1"
 )

 const (
 	resourceTypeCodeCommitRepository = "codecommit:repository"
-	prefixGitUrlHttps                = "https://git-codecommit."
-	prefixGitUrlHttpsFIPS            = "https://git-codecommit-fips."
+	prefixGitURLHTTPS                = "https://git-codecommit."
+	prefixGitURLHTTPSFIPS            = "https://git-codecommit-fips."
 )

 // AWSCodeCommitClient is a lean facade to the codecommitiface.CodeCommitAPI
@@ -315,16 +315,16 @@ func getCodeCommitRepoName(repoArn string) (string, error) {
 // getCodeCommitFIPSEndpoint transforms provided https:// codecommit URL to a FIPS-compliant endpoint.
 // note that the specified region must support FIPS, otherwise the returned URL won't be reachable
 // see: https://docs.aws.amazon.com/codecommit/latest/userguide/regions.html#regions-git
-func getCodeCommitFIPSEndpoint(repoUrl string) (string, error) {
-	if strings.HasPrefix(repoUrl, prefixGitUrlHttpsFIPS) {
-		log.Debugf("provided repoUrl %s is already a fips endpoint", repoUrl)
-		return repoUrl, nil
+func getCodeCommitFIPSEndpoint(repoURL string) (string, error) {
+	if strings.HasPrefix(repoURL, prefixGitURLHTTPSFIPS) {
+		log.Debugf("provided repoUrl %s is already a fips endpoint", repoURL)
+		return repoURL, nil
 	}
-	if !strings.HasPrefix(repoUrl, prefixGitUrlHttps) {
-		return "", fmt.Errorf("the provided https endpoint isn't recognized, cannot be transformed to FIPS endpoint: %s", repoUrl)
+	if !strings.HasPrefix(repoURL, prefixGitURLHTTPS) {
+		return "", fmt.Errorf("the provided https endpoint isn't recognized, cannot be transformed to FIPS endpoint: %s", repoURL)
 	}
 	// we already have the prefix, so we guarantee to replace exactly the prefix only.
-	return strings.Replace(repoUrl, prefixGitUrlHttps, prefixGitUrlHttpsFIPS, 1), nil
+	return strings.Replace(repoURL, prefixGitURLHTTPS, prefixGitURLHTTPSFIPS, 1), nil
 }

 func hasAwsError(err error, codes ...string) bool {
--- a/applicationset/services/scm_provider/aws_codecommit/mocks/AWSCodeCommitClient.go
+++ b/applicationset/services/scm_provider/aws_codecommit/mocks/AWSCodeCommitClient.go
@@ -1,4 +1,4 @@
-// Code generated by mockery v2.43.2. DO NOT EDIT.
+// Code generated by mockery v2.52.4. DO NOT EDIT.

 package mocks

--- a/applicationset/services/scm_provider/aws_codecommit/mocks/AWSTaggingClient.go
+++ b/applicationset/services/scm_provider/aws_codecommit/mocks/AWSTaggingClient.go
@@ -1,4 +1,4 @@
-// Code generated by mockery v2.43.2. DO NOT EDIT.
+// Code generated by mockery v2.52.4. DO NOT EDIT.

 package mocks

--- a/applicationset/services/scm_provider/aws_codecommit_test.go
+++ b/applicationset/services/scm_provider/aws_codecommit_test.go
@@ -1,7 +1,6 @@
 package scm_provider

 import (
-	"context"
 	"errors"
 	"sort"
 	"testing"
@@ -13,8 +12,8 @@ import (
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/mock"

-	"github.com/argoproj/argo-cd/v2/applicationset/services/scm_provider/aws_codecommit/mocks"
-	"github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
+	"github.com/argoproj/argo-cd/v3/applicationset/services/scm_provider/aws_codecommit/mocks"
+	"github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1"
 )

 type awsCodeCommitTestRepository struct {
@@ -23,7 +22,7 @@ type awsCodeCommitTestRepository struct {
 	arn                      string
 	accountId                string
 	defaultBranch            string
-	expectedCloneUrl         string
+	expectedCloneURL         string
 	getRepositoryError       error
 	getRepositoryNilMetadata bool
 	valid                    bool
@@ -49,7 +48,7 @@ func TestAWSCodeCommitListRepos(t *testing.T) {
 					id:               "8235624d-d248-4df9-a983-2558b01dbe83",
 					arn:              "arn:aws:codecommit:us-east-1:111111111111:repo1",
 					defaultBranch:    "main",
-					expectedCloneUrl: "https://git-codecommit.us-east-1.amazonaws.com/v1/repos/repo1",
+					expectedCloneURL: "https://git-codecommit.us-east-1.amazonaws.com/v1/repos/repo1",
 					valid:            true,
 				},
 			},
@@ -74,7 +73,7 @@ func TestAWSCodeCommitListRepos(t *testing.T) {
 					id:               "8235624d-d248-4df9-a983-2558b01dbe83",
 					arn:              "arn:aws:codecommit:us-east-1:111111111111:repo1",
 					defaultBranch:    "main",
-					expectedCloneUrl: "https://git-codecommit-fips.us-east-1.amazonaws.com/v1/repos/repo1",
+					expectedCloneURL: "https://git-codecommit-fips.us-east-1.amazonaws.com/v1/repos/repo1",
 					valid:            true,
 				},
 			},
@@ -96,7 +95,7 @@ func TestAWSCodeCommitListRepos(t *testing.T) {
 					id:               "8235624d-d248-4df9-a983-2558b01dbe83",
 					arn:              "arn:aws:codecommit:us-east-1:111111111111:repo1",
 					defaultBranch:    "main",
-					expectedCloneUrl: "ssh://git-codecommit.us-east-1.amazonaws.com/v1/repos/repo1",
+					expectedCloneURL: "ssh://git-codecommit.us-east-1.amazonaws.com/v1/repos/repo1",
 					valid:            true,
 				},
 				{
@@ -160,7 +159,7 @@ func TestAWSCodeCommitListRepos(t *testing.T) {
 		t.Run(testCase.name, func(t *testing.T) {
 			codeCommitClient := mocks.NewAWSCodeCommitClient(t)
 			taggingClient := mocks.NewAWSTaggingClient(t)
-			ctx := context.Background()
+			ctx := t.Context()
 			codecommitRepoNameIdPairs := make([]*codecommit.RepositoryNameIdPair, 0)
 			resourceTaggings := make([]*resourcegroupstaggingapi.ResourceTagMapping, 0)
 			validRepositories := make([]*awsCodeCommitTestRepository, 0)
@@ -226,7 +225,7 @@ func TestAWSCodeCommitListRepos(t *testing.T) {
 					assert.Equal(t, originRepo.name, repo.Repository)
 					assert.Equal(t, originRepo.id, repo.RepositoryId)
 					assert.Equal(t, originRepo.defaultBranch, repo.Branch)
-					assert.Equal(t, originRepo.expectedCloneUrl, repo.URL)
+					assert.Equal(t, originRepo.expectedCloneURL, repo.URL)
 					assert.Empty(t, repo.SHA, "SHA is always empty")
 				}
 			}
@@ -349,7 +348,7 @@ func TestAWSCodeCommitRepoHasPath(t *testing.T) {
 		t.Run(testCase.name, func(t *testing.T) {
 			codeCommitClient := mocks.NewAWSCodeCommitClient(t)
 			taggingClient := mocks.NewAWSTaggingClient(t)
-			ctx := context.Background()
+			ctx := t.Context()
 			if testCase.expectedGetFolderPath != "" {
 				codeCommitClient.
 					On("GetFolderWithContext", ctx, &codecommit.GetFolderInput{
@@ -382,7 +381,7 @@ func TestAWSCodeCommitGetBranches(t *testing.T) {
 	id := "1a64adc4-2fb5-4abd-afe7-127984ba83c0"
 	defaultBranch := "main"
 	organization := "111111111111"
-	cloneUrl := "https://git-codecommit.us-east-1.amazonaws.com/v1/repos/repo1"
+	cloneURL := "https://git-codecommit.us-east-1.amazonaws.com/v1/repos/repo1"

 	testCases := []struct {
 		name               string
@@ -422,7 +421,7 @@ func TestAWSCodeCommitGetBranches(t *testing.T) {
 		t.Run(testCase.name, func(t *testing.T) {
 			codeCommitClient := mocks.NewAWSCodeCommitClient(t)
 			taggingClient := mocks.NewAWSTaggingClient(t)
-			ctx := context.Background()
+			ctx := t.Context()
 			if testCase.allBranches {
 				codeCommitClient.
 					On("ListBranchesWithContext", ctx, &codecommit.ListBranchesInput{
@@ -445,7 +444,7 @@ func TestAWSCodeCommitGetBranches(t *testing.T) {
 			actual, err := provider.GetBranches(ctx, &Repository{
 				Organization: organization,
 				Repository:   name,
-				URL:          cloneUrl,
+				URL:          cloneURL,
 				RepositoryId: id,
 			})
 			if testCase.expectOverallError {
@@ -454,7 +453,7 @@ func TestAWSCodeCommitGetBranches(t *testing.T) {
 				assertCopiedProperties := func(repo *Repository) {
 					assert.Equal(t, id, repo.RepositoryId)
 					assert.Equal(t, name, repo.Repository)
-					assert.Equal(t, cloneUrl, repo.URL)
+					assert.Equal(t, cloneURL, repo.URL)
 					assert.Equal(t, organization, repo.Organization)
 					assert.Empty(t, repo.SHA)
 				}
--- a/Show More
+++ b/Show More
@@ -1 +1 @@
 .13.0
 .0.6