Bump version to 2.4.18

docs: Clarification of the create namespace feature (#11723 )
2026-03-24 01:08:46 +01:00 · 2022-12-16 15:57:45 +00:00 · 2022-12-16 15:57:36 +00:00 · 2022-12-16 08:33:29 -05:00 · 2022-12-16 02:11:59 +01:00 · 2022-12-13 15:25:41 -05:00
37 changed files with 739 additions and 252 deletions
--- a/.github/workflows/ci-build.yaml
+++ b/.github/workflows/ci-build.yaml
@@ -27,9 +27,9 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
-        uses: actions/checkout@v3
+        uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0
      - name: Setup Golang
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@d0a58c1c4d2b25278816e339b944508c875f3613 # v3.4.0
        with:
          go-version: ${{ env.GOLANG_VERSION }}
      - name: Download all Go modules
@@ -45,13 +45,13 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
-        uses: actions/checkout@v3
+        uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0
      - name: Setup Golang
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@d0a58c1c4d2b25278816e339b944508c875f3613 # v3.4.0
        with:
          go-version: ${{ env.GOLANG_VERSION }}
      - name: Restore go build cache
-        uses: actions/cache@v3
+        uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # v3.0.11
        with:
          path: ~/.cache/go-build
          key: ${{ runner.os }}-go-build-v1-${{ github.run_id }}
@@ -69,13 +69,13 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
-        uses: actions/checkout@v3
+        uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0
      - name: Setup Golang
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@d0a58c1c4d2b25278816e339b944508c875f3613 # v3.4.0
        with:
          go-version: ${{ env.GOLANG_VERSION }}
      - name: Run golangci-lint
-        uses: golangci/golangci-lint-action@v3
+        uses: golangci/golangci-lint-action@0ad9a0988b3973e851ab0a07adf248ec2e100376 # v3.3.1
        with:
          version: v1.45.2
          args: --timeout 10m --exclude SA5011 --verbose
@@ -92,11 +92,11 @@ jobs:
      - name: Create checkout directory
        run: mkdir -p ~/go/src/github.com/argoproj
      - name: Checkout code
-        uses: actions/checkout@v3
+        uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0
      - name: Create symlink in GOPATH
        run: ln -s $(pwd) ~/go/src/github.com/argoproj/argo-cd
      - name: Setup Golang
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@d0a58c1c4d2b25278816e339b944508c875f3613 # v3.4.0
        with:
          go-version: ${{ env.GOLANG_VERSION }}
      - name: Install required packages
@@ -116,7 +116,7 @@ jobs:
        run: |
          echo "/usr/local/bin" >> $GITHUB_PATH
      - name: Restore go build cache
-        uses: actions/cache@v3
+        uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # v3.0.11
        with:
          path: ~/.cache/go-build
          key: ${{ runner.os }}-go-build-v1-${{ github.run_id }}
@@ -133,12 +133,12 @@ jobs:
      - name: Run all unit tests
        run: make test-local
      - name: Generate code coverage artifacts
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb # v3.1.1
        with:
          name: code-coverage
          path: coverage.out
      - name: Generate test results artifacts
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb # v3.1.1
        with:
          name: test-results
          path: test-results/
@@ -155,11 +155,11 @@ jobs:
      - name: Create checkout directory
        run: mkdir -p ~/go/src/github.com/argoproj
      - name: Checkout code
-        uses: actions/checkout@v3
+        uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0
      - name: Create symlink in GOPATH
        run: ln -s $(pwd) ~/go/src/github.com/argoproj/argo-cd
      - name: Setup Golang
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@d0a58c1c4d2b25278816e339b944508c875f3613 # v3.4.0
        with:
          go-version: ${{ env.GOLANG_VERSION }}
      - name: Install required packages
@@ -179,7 +179,7 @@ jobs:
        run: |
          echo "/usr/local/bin" >> $GITHUB_PATH
      - name: Restore go build cache
-        uses: actions/cache@v3
+        uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # v3.0.11
        with:
          path: ~/.cache/go-build
          key: ${{ runner.os }}-go-build-v1-${{ github.run_id }}
@@ -196,7 +196,7 @@ jobs:
      - name: Run all unit tests
        run: make test-race-local
      - name: Generate test results artifacts
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb # v3.1.1
        with:
          name: race-results
          path: test-results/
@@ -206,9 +206,9 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
-        uses: actions/checkout@v3
+        uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0
      - name: Setup Golang
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@d0a58c1c4d2b25278816e339b944508c875f3613 # v3.4.0
        with:
          go-version: ${{ env.GOLANG_VERSION }}
      - name: Create symlink in GOPATH
@@ -250,14 +250,14 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
-        uses: actions/checkout@v3
+        uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0
      - name: Setup NodeJS
-        uses: actions/setup-node@v1
+        uses: actions/setup-node@8c91899e586c5b171469028077307d293428b516 # v3.5.1
        with:
          node-version: '12.18.4'
      - name: Restore node dependency cache
        id: cache-dependencies
-        uses: actions/cache@v3
+        uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # v3.0.11
        with:
          path: ui/node_modules
          key: ${{ runner.os }}-node-dep-v2-${{ hashFiles('**/yarn.lock') }}
@@ -287,12 +287,12 @@ jobs:
      sonar_secret: ${{ secrets.SONAR_TOKEN }}
    steps:
      - name: Checkout code
-        uses: actions/checkout@v3
+        uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0
        with:
          fetch-depth: 0
      - name: Restore node dependency cache
        id: cache-dependencies
-        uses: actions/cache@v3
+        uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # v3.0.11
        with:
          path: ui/node_modules
          key: ${{ runner.os }}-node-dep-v2-${{ hashFiles('**/yarn.lock') }}
@@ -303,16 +303,16 @@ jobs:
        run: |
          mkdir -p test-results
      - name: Get code coverage artifiact
-        uses: actions/download-artifact@v2
+        uses: actions/download-artifact@9782bd6a9848b53b110e712e20e42d89988822b7 # v3.0.1
        with:
          name: code-coverage
      - name: Get test result artifact
-        uses: actions/download-artifact@v2
+        uses: actions/download-artifact@9782bd6a9848b53b110e712e20e42d89988822b7 # v3.0.1
        with:
          name: test-results
          path: test-results
      - name: Upload code coverage information to codecov.io
-        uses: codecov/codecov-action@v1
+        uses: codecov/codecov-action@d9f34f8cd5cb3b3eb79b3e4b5dae3a16df499a70 # v3.1.1
        with:
          file: coverage.out
      - name: Perform static code analysis using SonarCloud
@@ -365,14 +365,22 @@ jobs:
      GITLAB_TOKEN: ${{ secrets.E2E_TEST_GITLAB_TOKEN }}  
    steps:
      - name: Checkout code
-        uses: actions/checkout@v3
+        uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0
      - name: Setup Golang
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@d0a58c1c4d2b25278816e339b944508c875f3613 # v3.4.0
        with:
          go-version: ${{ env.GOLANG_VERSION }}
      - name: GH actions workaround - Kill XSP4 process
        run: |
          sudo pkill mono || true
+      # ubuntu-22.04 comes with kubectl, but the version is not pinned. The version as of 2022-12-05 is 1.26.0 which
+      # breaks the `TestNamespacedResourceDiffing` e2e test. So we'll pin to 1.25 and then fix the underlying issue.
+      - name: Install kubectl
+        run: |
+          rm /usr/local/bin/kubectl
+          curl -LO https://dl.k8s.io/release/v1.25.4/bin/linux/amd64/kubectl
+          mv kubectl /usr/local/bin/kubectl
+          chmod +x /usr/local/bin/kubectl
      - name: Install K3S
        env:
          INSTALL_K3S_VERSION: ${{ matrix.k3s-version }}+k3s1
@@ -385,7 +393,7 @@ jobs:
          sudo chown runner $HOME/.kube/config
          kubectl version
      - name: Restore go build cache
-        uses: actions/cache@v3
+        uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # v3.0.11
        with:
          path: ~/.cache/go-build
          key: ${{ runner.os }}-go-build-v1-${{ github.run_id }}
@@ -411,7 +419,7 @@ jobs:
          git config --global user.email "john.doe@example.com"
      - name: Pull Docker image required for tests
        run: |
-          docker pull ghcr.io/dexidp/dex:v2.35.3-distroless
+          docker pull ghcr.io/dexidp/dex:v2.35.3
          docker pull argoproj/argo-cd-ci-builder:v1.0.0
          docker pull redis:7.0.4-alpine
      - name: Create target directory for binaries in the build-process
@@ -441,7 +449,7 @@ jobs:
          set -x
          make test-e2e-local
      - name: Upload e2e-server logs
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb # v3.1.1
        with:
          name: e2e-server-k8s${{ matrix.k3s-version }}.log
          path: /tmp/e2e-server.log
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -29,11 +29,11 @@ jobs:

    steps:
    - name: Checkout repository
-      uses: actions/checkout@v3
+      uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0
      
    # Initializes the CodeQL tools for scanning.
    - name: Initialize CodeQL
-      uses: github/codeql-action/init@v1
+      uses: github/codeql-action/init@8aff97f12c99086bdb92ff62ae06dbbcdf07941b # v2.1.33
      # Override language selection by uncommenting this and choosing your languages
      # with:
      #   languages: go, javascript, csharp, python, cpp, java
@@ -41,7 +41,7 @@ jobs:
    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
    # If this step fails, then you should remove it and run the build manually (see below)
    - name: Autobuild
-      uses: github/codeql-action/autobuild@v1
+      uses: github/codeql-action/autobuild@8aff97f12c99086bdb92ff62ae06dbbcdf07941b # v2.1.33

    # ℹ️ Command-line programs to run using the OS shell.
    # 📚 https://git.io/JvXDl
@@ -55,4 +55,4 @@ jobs:
    #   make release

    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v1
+      uses: github/codeql-action/analyze@8aff97f12c99086bdb92ff62ae06dbbcdf07941b # v2.1.33
--- a/.github/workflows/image.yaml
+++ b/.github/workflows/image.yaml
@@ -28,22 +28,22 @@ jobs:
    env:
      GOPATH: /home/runner/work/argo-cd/argo-cd
    steps:
-      - uses: actions/setup-go@v3
+      - uses: actions/setup-go@d0a58c1c4d2b25278816e339b944508c875f3613 # v3.4.0
        with:
          go-version: ${{ env.GOLANG_VERSION }}
-      - uses: actions/checkout@master
+      - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0
        with:
          path: src/github.com/argoproj/argo-cd

      # get image tag
-      - run: echo ::set-output name=tag::$(cat ./VERSION)-${GITHUB_SHA::8}
+      - run: echo "tag=$(cat ./VERSION)-${GITHUB_SHA::8}" >> $GITHUB_OUTPUT
        working-directory: ./src/github.com/argoproj/argo-cd
        id: image

      # login
      - run: |
-          docker login ghcr.io --username $USERNAME --password $PASSWORD
-          docker login quay.io --username "${DOCKER_USERNAME}" --password "${DOCKER_TOKEN}"
+          docker login ghcr.io --username $USERNAME --password-stdin <<< "$PASSWORD"
+          docker login quay.io --username "$DOCKER_USERNAME" --password-stdin <<< "$DOCKER_TOKEN"
        if: github.event_name == 'push'
        env:
          USERNAME: ${{ secrets.USERNAME }}
@@ -52,8 +52,8 @@ jobs:
          DOCKER_TOKEN: ${{ secrets.RELEASE_QUAY_TOKEN }}

      # build
-      - uses: docker/setup-qemu-action@v2
-      - uses: docker/setup-buildx-action@v2
+      - uses: docker/setup-qemu-action@e81a89b1732b9c48d79cd809d8d81d79c4647a18 # v2.1.0
+      - uses: docker/setup-buildx-action@8c0edbc76e98fa90f69d9a2c020dcb50019dc325 # v2.2.1

      - name: Setup cache for argocd-ui docker layer
        uses: actions/cache@v3
@@ -117,7 +117,7 @@ jobs:

      # sign container images
      - name: Install cosign
-        uses: sigstore/cosign-installer@main
+        uses: sigstore/cosign-installer@9becc617647dfa20ae7b1151972e9b3a2c338a2b # v2.8.1
        with:
          cosign-release: 'v1.13.0'

--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -43,7 +43,7 @@ jobs:
      GIT_EMAIL: argoproj@gmail.com
    steps:
      - name: Checkout code
-        uses: actions/checkout@v3
+        uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0
        with:
          fetch-depth: 0
          token: ${{ secrets.GITHUB_TOKEN }}
@@ -147,7 +147,7 @@ jobs:
          echo "RELEASE_NOTES=${RELEASE_NOTES}" >> $GITHUB_ENV

      - name: Setup Golang
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@d0a58c1c4d2b25278816e339b944508c875f3613 # v3.4.0
        with:
          go-version: ${{ env.GOLANG_VERSION }}

@@ -195,13 +195,13 @@ jobs:
          QUAY_TOKEN: ${{ secrets.RELEASE_QUAY_TOKEN }}
        run: |
          set -ue
-          docker login quay.io --username "${QUAY_USERNAME}" --password "${QUAY_TOKEN}"
+          docker login quay.io --username "${QUAY_USERNAME}" --password-stdin <<< "${QUAY_TOKEN}"
          # Remove the following when Docker Hub is gone
-          docker login --username "${DOCKER_USERNAME}" --password "${DOCKER_TOKEN}"
+          docker login --username "${DOCKER_USERNAME}" --password-stdin <<< "${DOCKER_TOKEN}"
        if: ${{ env.DRY_RUN != 'true' }}

-      - uses: docker/setup-qemu-action@v2
-      - uses: docker/setup-buildx-action@v2
+      - uses: docker/setup-qemu-action@e81a89b1732b9c48d79cd809d8d81d79c4647a18 # v2.1.0
+      - uses: docker/setup-buildx-action@8c0edbc76e98fa90f69d9a2c020dcb50019dc325 # v2.2.1
      - name: Build and push Docker image for release
        run: |
          set -ue
@@ -215,7 +215,7 @@ jobs:
        if: ${{ env.DRY_RUN != 'true' }}

      - name: Install cosign
-        uses: sigstore/cosign-installer@main
+        uses: sigstore/cosign-installer@9becc617647dfa20ae7b1151972e9b3a2c338a2b # v2.8.1
        with:
          cosign-release: 'v1.13.0'

@@ -232,7 +232,7 @@ jobs:

      - name: Read release notes file
        id: release-notes
-        uses: juliangruber/read-file-action@v1
+        uses: juliangruber/read-file-action@02bbba9876a8f870efd4ad64e3b9088d3fb94d4b # v1.1.6
        with:
          path: ${{ env.RELEASE_NOTES }}

@@ -243,7 +243,7 @@ jobs:
          git push origin ${RELEASE_TAG}

      - name: Dry run GitHub release
-        uses: actions/create-release@v1
+        uses: actions/create-release@0cb9c9b65d5d1901c1f53e5e66eaf4afd303e70e # v1.1.4
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        id: create_release
@@ -295,7 +295,7 @@ jobs:
        if: ${{ env.DRY_RUN != 'true' }}

      - name: Create GitHub release
-        uses: softprops/action-gh-release@v1
+        uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v0.1.15
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        with:
@@ -313,7 +313,7 @@ jobs:
      - name: Update homebrew formula
        env:
          HOMEBREW_TOKEN: ${{ secrets.RELEASE_HOMEBREW_TOKEN }}
-        uses: dawidd6/action-homebrew-bump-formula@v3
+        uses: dawidd6/action-homebrew-bump-formula@02e79d9da43d79efa846d73695b6052cbbdbf48a # v3.8.3
        with:
          token: ${{env.HOMEBREW_TOKEN}}
          formula: argocd
--- a/2
+++ b/2
@@ -1 +1 @@
-2.4.17
+2.4.18
--- a/applicationset/generators/scm_provider.go
+++ b/applicationset/generators/scm_provider.go
@@ -101,6 +101,15 @@ func (g *SCMProviderGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha
 		if scmError != nil {
 			return nil, fmt.Errorf("error initializing Bitbucket Server service: %v", scmError)
 		}
+	} else if providerConfig.Bitbucket != nil {
+		appPassword, err := g.getSecretRef(ctx, providerConfig.Bitbucket.AppPasswordRef, applicationSetInfo.Namespace)
+		if err != nil {
+			return nil, fmt.Errorf("error fetching Bitbucket cloud appPassword: %v", err)
+		}
+		provider, err = scm_provider.NewBitBucketCloudProvider(ctx, providerConfig.Bitbucket.Owner, providerConfig.Bitbucket.User, appPassword, providerConfig.Bitbucket.AllBranches)
+		if err != nil {
+			return nil, fmt.Errorf("error initializing Bitbucket cloud service: %v", err)
+		}
 	} else {
 		return nil, fmt.Errorf("no SCM provider implementation configured")
 	}
--- a/docs/operator-manual/application.yaml
+++ b/docs/operator-manual/application.yaml
@@ -45,6 +45,9 @@ spec:
      valueFiles:
      - values-prod.yaml

+      # Ignore locally missing valueFiles when installing Helm chart. Defaults to false
+      ignoreMissingValueFiles: false
+
      # Values file as block file
      values: |
        ingress:
@@ -61,6 +64,9 @@ spec:
              hosts:
                - mydomain.example.com

+      # Skip custom resource definition installation if chart contains custom resource definitions. Defaults to false
+      skipCrds: false
+
      # Optional Helm version to template with. If omitted it will fall back to look at the 'apiVersion' in Chart.yaml
      # and decide which Helm binary to use automatically. This field can be either 'v2' or 'v3'.
      version: v2
--- a/docs/operator-manual/applicationset/Generators-SCM-Provider.md
+++ b/docs/operator-manual/applicationset/Generators-SCM-Provider.md
@@ -178,6 +178,42 @@ If you want to access a private repository, you must also provide the credential

 Available clone protocols are `ssh` and `https`.

+## Bitbucket Cloud
+
+The Bitbucket mode uses the Bitbucket API V2 to scan a workspace in bitbucket.org.
+
+```yaml
+apiVersion: argoproj.io/v1alpha1
+kind: ApplicationSet
+metadata:
+  name: myapps
+spec:
+  generators:
+  - scmProvider:
+      bitbucket:
+        # The workspace id (slug).  
+        owner: "example-owner"
+        # The user to use for basic authentication with an app password.
+        user: "example-user"
+        # If true, scan every branch of every repository. If false, scan only the main branch. Defaults to false.
+        allBranches: true
+        # Reference to a Secret containing an app password.
+        appPasswordRef:
+          secretName: appPassword
+          key: password
+  template:
+  # ...
+```
+
+* `owner`: The workspace ID (slug) to use when looking up repositories.
+* `user`: The user to use for authentication to the Bitbucket API V2 at bitbucket.org.
+* `allBranches`: By default (false) the template will only be evaluated for the main branch of each repo. If this is true, every branch of every repository will be passed to the filters. If using this flag, you likely want to use a `branchMatch` filter.
+* `appPasswordRef`: A `Secret` name and key containing the bitbucket app password to use for requests.
+
+This SCM provider does not yet support label filtering
+
+Available clone protocols are `ssh` and `https`.
+
 ## Filters

 Filters allow selecting which repositories to generate for. Each filter can declare one or more conditions, all of which must pass. If multiple filters are present, any can match for a repository to be included. If no filters are specified, all repositories will be processed.
--- a/docs/user-guide/kustomize.md
+++ b/docs/user-guide/kustomize.md
@@ -84,7 +84,7 @@ argocd app set <appName> --kustomize-version v3.5.4

 ## Build Environment

-Kustomize does not support parameters and therefore cannot support the standard [build environment](build-environment.md).
+Kustomize apps have access to the [standard build environment](build-environment.md) which can be used in combination with a [config managment plugin](config-management-plugins.md) to alter the rendered manifests.

 ## Kustomizing Helm charts

--- a/docs/user-guide/sync-options.md
+++ b/docs/user-guide/sync-options.md
@@ -40,8 +40,8 @@ metadata:
    argocd.argoproj.io/sync-options: Validate=false
 ```

-If you want to exclude a whole class of objects globally, consider setting `resource.customizations` in [system level configuration](../user-guide/diffing.md#system-level-configuration). 
-    
+If you want to exclude a whole class of objects globally, consider setting `resource.customizations` in [system level configuration](../user-guide/diffing.md#system-level-configuration).
+
 ## Skip Dry Run for new custom resources types

 >v1.6
@@ -64,9 +64,9 @@ The dry run will still be executed if the CRD is already present in the cluster.

 ## Selective Sync

-Currently when syncing using auto sync ArgoCD applies every object in the application. 
+Currently when syncing using auto sync Argo CD applies every object in the application.
 For applications containing thousands of objects this takes quite a long time and puts undue pressure on the api server.
-Turning on selective sync option which will sync only out-of-sync resources. 
+Turning on selective sync option which will sync only out-of-sync resources.

 You can add this option by following ways

@@ -81,7 +81,7 @@ spec:
  syncPolicy:
    syncOptions:
    - ApplyOutOfSyncOnly=true
-``` 
+```

 2) Set sync option via argocd cli

@@ -108,8 +108,8 @@ spec:

 ## Prune Last

-This feature is to allow the ability for resource pruning to happen as a final, implicit wave of a sync operation, 
-after the other resources have been deployed and become healthy, and after all other waves completed successfully. 
+This feature is to allow the ability for resource pruning to happen as a final, implicit wave of a sync operation,
+after the other resources have been deployed and become healthy, and after all other waves completed successfully.

 ```yaml
 apiVersion: argoproj.io/v1alpha1
@@ -146,6 +146,10 @@ spec:

 If the `Replace=true` sync option is set the ArgoCD will use `kubectl replace` or `kubectl create` command to apply changes.

+!!! warning
+      During the sync process, the resources will be synchronized using the 'kubectl replace/create' command.
+      This sync option has the potential to be destructive and might lead to resources having to be recreated, which could cause an outage for your application.
+
 This can also be configured at individual resource level.
 ```yaml
 metadata:
@@ -194,10 +198,16 @@ The example above shows how an ArgoCD Application can be configured so it will i
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
-  namespace: test
+  namespace: argocd
 spec:
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: some-namespace
  syncPolicy:
    syncOptions:
    - CreateNamespace=true
 ```
-The example above shows how an Argo CD Application can be configured so it will create namespaces for the Application resources if the namespaces don't exist already. Without this either declared in the Application manifest or passed in the cli via `--sync-option CreateNamespace=true`, the Application will fail to sync if the resources' namespaces do not exist.
+
+The example above shows how an Argo CD Application can be configured so it will create the namespace specified in `spec.destination.namespace` if it doesn't exist already. Without this either declared in the Application manifest or passed in the CLI via `--sync-option CreateNamespace=true`, the Application will fail to sync if the namespace doesn't exist.
+
+Note that the namespace to be created must be informed in the `spec.destination.namespace` field of the Application resource. The `metadata.namespace` field in the Application's child manifests must match this value, or can be omitted, so resources are created in the proper destination.
--- a/manifests/base/dex/argocd-dex-server-deployment.yaml
+++ b/manifests/base/dex/argocd-dex-server-deployment.yaml
@@ -35,7 +35,7 @@ spec:
          runAsNonRoot: true
      containers:
      - name: dex
-        image: ghcr.io/dexidp/dex:v2.35.3-distroless
+        image: ghcr.io/dexidp/dex:v2.35.3
        imagePullPolicy: Always
        command: [/shared/argocd-dex, rundex]
        securityContext:
--- a/manifests/base/kustomization.yaml
+++ b/manifests/base/kustomization.yaml
@@ -5,7 +5,7 @@ kind: Kustomization
 images:
 - name: quay.io/argoproj/argocd
  newName: quay.io/argoproj/argocd
-  newTag: v2.4.17
+  newTag: v2.4.18
 resources:
 - ./application-controller
 - ./dex
--- a/manifests/core-install.yaml
+++ b/manifests/core-install.yaml
@@ -9384,7 +9384,7 @@ spec:
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
-        image: quay.io/argoproj/argocd:v2.4.17
+        image: quay.io/argoproj/argocd:v2.4.18
        imagePullPolicy: Always
        name: argocd-applicationset-controller
        ports:
@@ -9614,7 +9614,7 @@ spec:
          value: /helm-working-dir
        - name: HELM_DATA_HOME
          value: /helm-working-dir
-        image: quay.io/argoproj/argocd:v2.4.17
+        image: quay.io/argoproj/argocd:v2.4.18
        imagePullPolicy: Always
        livenessProbe:
          failureThreshold: 3
@@ -9663,7 +9663,7 @@ spec:
        - -n
        - /usr/local/bin/argocd
        - /var/run/argocd/argocd-cmp-server
-        image: quay.io/argoproj/argocd:v2.4.17
+        image: quay.io/argoproj/argocd:v2.4.18
        name: copyutil
        securityContext:
          allowPrivilegeEscalation: false
@@ -9850,7 +9850,7 @@ spec:
              key: otlp.address
              name: argocd-cmd-params-cm
              optional: true
-        image: quay.io/argoproj/argocd:v2.4.17
+        image: quay.io/argoproj/argocd:v2.4.18
        imagePullPolicy: Always
        livenessProbe:
          httpGet:
--- a/manifests/core-install/kustomization.yaml
+++ b/manifests/core-install/kustomization.yaml
@@ -12,4 +12,4 @@ resources:
 images:
 - name: quay.io/argoproj/argocd
  newName: quay.io/argoproj/argocd
-  newTag: v2.4.17
+  newTag: v2.4.18
--- a/manifests/ha/base/kustomization.yaml
+++ b/manifests/ha/base/kustomization.yaml
@@ -11,7 +11,7 @@ patchesStrategicMerge:
 images:
 - name: quay.io/argoproj/argocd
  newName: quay.io/argoproj/argocd
-  newTag: v2.4.17
+  newTag: v2.4.18
 resources:
 - ../../base/application-controller
 - ../../base/applicationset-controller
--- a/manifests/ha/install.yaml
+++ b/manifests/ha/install.yaml
@@ -10319,7 +10319,7 @@ spec:
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
-        image: quay.io/argoproj/argocd:v2.4.17
+        image: quay.io/argoproj/argocd:v2.4.18
        imagePullPolicy: Always
        name: argocd-applicationset-controller
        ports:
@@ -10391,7 +10391,7 @@ spec:
      - command:
        - /shared/argocd-dex
        - rundex
-        image: ghcr.io/dexidp/dex:v2.35.3-distroless
+        image: ghcr.io/dexidp/dex:v2.35.3
        imagePullPolicy: Always
        name: dex
        ports:
@@ -10416,7 +10416,7 @@ spec:
        - -n
        - /usr/local/bin/argocd
        - /shared/argocd-dex
-        image: quay.io/argoproj/argocd:v2.4.17
+        image: quay.io/argoproj/argocd:v2.4.18
        imagePullPolicy: Always
        name: copyutil
        securityContext:
@@ -10456,7 +10456,7 @@ spec:
      containers:
      - command:
        - argocd-notifications
-        image: quay.io/argoproj/argocd:v2.4.17
+        image: quay.io/argoproj/argocd:v2.4.18
        imagePullPolicy: Always
        livenessProbe:
          tcpSocket:
@@ -10713,7 +10713,7 @@ spec:
          value: /helm-working-dir
        - name: HELM_DATA_HOME
          value: /helm-working-dir
-        image: quay.io/argoproj/argocd:v2.4.17
+        image: quay.io/argoproj/argocd:v2.4.18
        imagePullPolicy: Always
        livenessProbe:
          failureThreshold: 3
@@ -10762,7 +10762,7 @@ spec:
        - -n
        - /usr/local/bin/argocd
        - /var/run/argocd/argocd-cmp-server
-        image: quay.io/argoproj/argocd:v2.4.17
+        image: quay.io/argoproj/argocd:v2.4.18
        name: copyutil
        securityContext:
          allowPrivilegeEscalation: false
@@ -11009,7 +11009,7 @@ spec:
              key: otlp.address
              name: argocd-cmd-params-cm
              optional: true
-        image: quay.io/argoproj/argocd:v2.4.17
+        image: quay.io/argoproj/argocd:v2.4.18
        imagePullPolicy: Always
        livenessProbe:
          httpGet:
@@ -11217,7 +11217,7 @@ spec:
              key: otlp.address
              name: argocd-cmd-params-cm
              optional: true
-        image: quay.io/argoproj/argocd:v2.4.17
+        image: quay.io/argoproj/argocd:v2.4.18
        imagePullPolicy: Always
        livenessProbe:
          httpGet:
--- a/manifests/ha/namespace-install.yaml
+++ b/manifests/ha/namespace-install.yaml
@@ -1244,7 +1244,7 @@ spec:
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
-        image: quay.io/argoproj/argocd:v2.4.17
+        image: quay.io/argoproj/argocd:v2.4.18
        imagePullPolicy: Always
        name: argocd-applicationset-controller
        ports:
@@ -1316,7 +1316,7 @@ spec:
      - command:
        - /shared/argocd-dex
        - rundex
-        image: ghcr.io/dexidp/dex:v2.35.3-distroless
+        image: ghcr.io/dexidp/dex:v2.35.3
        imagePullPolicy: Always
        name: dex
        ports:
@@ -1341,7 +1341,7 @@ spec:
        - -n
        - /usr/local/bin/argocd
        - /shared/argocd-dex
-        image: quay.io/argoproj/argocd:v2.4.17
+        image: quay.io/argoproj/argocd:v2.4.18
        imagePullPolicy: Always
        name: copyutil
        securityContext:
@@ -1381,7 +1381,7 @@ spec:
      containers:
      - command:
        - argocd-notifications
-        image: quay.io/argoproj/argocd:v2.4.17
+        image: quay.io/argoproj/argocd:v2.4.18
        imagePullPolicy: Always
        livenessProbe:
          tcpSocket:
@@ -1638,7 +1638,7 @@ spec:
          value: /helm-working-dir
        - name: HELM_DATA_HOME
          value: /helm-working-dir
-        image: quay.io/argoproj/argocd:v2.4.17
+        image: quay.io/argoproj/argocd:v2.4.18
        imagePullPolicy: Always
        livenessProbe:
          failureThreshold: 3
@@ -1687,7 +1687,7 @@ spec:
        - -n
        - /usr/local/bin/argocd
        - /var/run/argocd/argocd-cmp-server
-        image: quay.io/argoproj/argocd:v2.4.17
+        image: quay.io/argoproj/argocd:v2.4.18
        name: copyutil
        securityContext:
          allowPrivilegeEscalation: false
@@ -1934,7 +1934,7 @@ spec:
              key: otlp.address
              name: argocd-cmd-params-cm
              optional: true
-        image: quay.io/argoproj/argocd:v2.4.17
+        image: quay.io/argoproj/argocd:v2.4.18
        imagePullPolicy: Always
        livenessProbe:
          httpGet:
@@ -2142,7 +2142,7 @@ spec:
              key: otlp.address
              name: argocd-cmd-params-cm
              optional: true
-        image: quay.io/argoproj/argocd:v2.4.17
+        image: quay.io/argoproj/argocd:v2.4.18
        imagePullPolicy: Always
        livenessProbe:
          httpGet:
--- a/manifests/install.yaml
+++ b/manifests/install.yaml
@@ -9691,7 +9691,7 @@ spec:
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
-        image: quay.io/argoproj/argocd:v2.4.17
+        image: quay.io/argoproj/argocd:v2.4.18
        imagePullPolicy: Always
        name: argocd-applicationset-controller
        ports:
@@ -9763,7 +9763,7 @@ spec:
      - command:
        - /shared/argocd-dex
        - rundex
-        image: ghcr.io/dexidp/dex:v2.35.3-distroless
+        image: ghcr.io/dexidp/dex:v2.35.3
        imagePullPolicy: Always
        name: dex
        ports:
@@ -9788,7 +9788,7 @@ spec:
        - -n
        - /usr/local/bin/argocd
        - /shared/argocd-dex
-        image: quay.io/argoproj/argocd:v2.4.17
+        image: quay.io/argoproj/argocd:v2.4.18
        imagePullPolicy: Always
        name: copyutil
        securityContext:
@@ -9828,7 +9828,7 @@ spec:
      containers:
      - command:
        - argocd-notifications
-        image: quay.io/argoproj/argocd:v2.4.17
+        image: quay.io/argoproj/argocd:v2.4.18
        imagePullPolicy: Always
        livenessProbe:
          tcpSocket:
@@ -10053,7 +10053,7 @@ spec:
          value: /helm-working-dir
        - name: HELM_DATA_HOME
          value: /helm-working-dir
-        image: quay.io/argoproj/argocd:v2.4.17
+        image: quay.io/argoproj/argocd:v2.4.18
        imagePullPolicy: Always
        livenessProbe:
          failureThreshold: 3
@@ -10102,7 +10102,7 @@ spec:
        - -n
        - /usr/local/bin/argocd
        - /var/run/argocd/argocd-cmp-server
-        image: quay.io/argoproj/argocd:v2.4.17
+        image: quay.io/argoproj/argocd:v2.4.18
        name: copyutil
        securityContext:
          allowPrivilegeEscalation: false
@@ -10345,7 +10345,7 @@ spec:
              key: otlp.address
              name: argocd-cmd-params-cm
              optional: true
-        image: quay.io/argoproj/argocd:v2.4.17
+        image: quay.io/argoproj/argocd:v2.4.18
        imagePullPolicy: Always
        livenessProbe:
          httpGet:
@@ -10547,7 +10547,7 @@ spec:
              key: otlp.address
              name: argocd-cmd-params-cm
              optional: true
-        image: quay.io/argoproj/argocd:v2.4.17
+        image: quay.io/argoproj/argocd:v2.4.18
        imagePullPolicy: Always
        livenessProbe:
          httpGet:
--- a/manifests/namespace-install.yaml
+++ b/manifests/namespace-install.yaml
@@ -616,7 +616,7 @@ spec:
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
-        image: quay.io/argoproj/argocd:v2.4.17
+        image: quay.io/argoproj/argocd:v2.4.18
        imagePullPolicy: Always
        name: argocd-applicationset-controller
        ports:
@@ -688,7 +688,7 @@ spec:
      - command:
        - /shared/argocd-dex
        - rundex
-        image: ghcr.io/dexidp/dex:v2.35.3-distroless
+        image: ghcr.io/dexidp/dex:v2.35.3
        imagePullPolicy: Always
        name: dex
        ports:
@@ -713,7 +713,7 @@ spec:
        - -n
        - /usr/local/bin/argocd
        - /shared/argocd-dex
-        image: quay.io/argoproj/argocd:v2.4.17
+        image: quay.io/argoproj/argocd:v2.4.18
        imagePullPolicy: Always
        name: copyutil
        securityContext:
@@ -753,7 +753,7 @@ spec:
      containers:
      - command:
        - argocd-notifications
-        image: quay.io/argoproj/argocd:v2.4.17
+        image: quay.io/argoproj/argocd:v2.4.18
        imagePullPolicy: Always
        livenessProbe:
          tcpSocket:
@@ -978,7 +978,7 @@ spec:
          value: /helm-working-dir
        - name: HELM_DATA_HOME
          value: /helm-working-dir
-        image: quay.io/argoproj/argocd:v2.4.17
+        image: quay.io/argoproj/argocd:v2.4.18
        imagePullPolicy: Always
        livenessProbe:
          failureThreshold: 3
@@ -1027,7 +1027,7 @@ spec:
        - -n
        - /usr/local/bin/argocd
        - /var/run/argocd/argocd-cmp-server
-        image: quay.io/argoproj/argocd:v2.4.17
+        image: quay.io/argoproj/argocd:v2.4.18
        name: copyutil
        securityContext:
          allowPrivilegeEscalation: false
@@ -1270,7 +1270,7 @@ spec:
              key: otlp.address
              name: argocd-cmd-params-cm
              optional: true
-        image: quay.io/argoproj/argocd:v2.4.17
+        image: quay.io/argoproj/argocd:v2.4.18
        imagePullPolicy: Always
        livenessProbe:
          httpGet:
@@ -1472,7 +1472,7 @@ spec:
              key: otlp.address
              name: argocd-cmd-params-cm
              optional: true
-        image: quay.io/argoproj/argocd:v2.4.17
+        image: quay.io/argoproj/argocd:v2.4.18
        imagePullPolicy: Always
        livenessProbe:
          httpGet:
--- a/reposerver/repository/repository.go
+++ b/reposerver/repository/repository.go
@@ -697,6 +697,32 @@ func runHelmBuild(appPath string, h helm.Helm) error {
 	return ioutil.WriteFile(markerFile, []byte("marker"), 0644)
 }

+func populateRequestRepos(appPath string, q *apiclient.ManifestRequest) error {
+	repos, err := getHelmDependencyRepos(appPath)
+	if err != nil {
+		return err
+	}
+
+	for _, r := range repos {
+		if !repoExists(r.Repo, q.Repos) {
+			repositoryCredential := getRepoCredential(q.HelmRepoCreds, r.Repo)
+			if repositoryCredential != nil {
+				if repositoryCredential.EnableOCI {
+					r.Repo = strings.TrimPrefix(r.Repo, ociPrefix)
+				}
+				r.EnableOCI = repositoryCredential.EnableOCI
+				r.Password = repositoryCredential.Password
+				r.Username = repositoryCredential.Username
+				r.SSHPrivateKey = repositoryCredential.SSHPrivateKey
+				r.TLSClientCertData = repositoryCredential.TLSClientCertData
+				r.TLSClientCertKey = repositoryCredential.TLSClientCertKey
+			}
+			q.Repos = append(q.Repos, r)
+		}
+	}
+	return nil
+}
+
 func helmTemplate(appPath string, repoRoot string, env *v1alpha1.Env, q *apiclient.ManifestRequest, isLocal bool) ([]*unstructured.Unstructured, error) {
 	concurrencyAllowed := isConcurrencyAllowed(appPath)
 	if !concurrencyAllowed {
@@ -728,7 +754,7 @@ func helmTemplate(appPath string, repoRoot string, env *v1alpha1.Env, q *apiclie
 		for _, val := range appHelm.ValueFiles {

 			// This will resolve val to an absolute path (or an URL)
-			path, isRemote, err := pathutil.ResolveFilePath(appPath, repoRoot, val, q.GetValuesFileSchemes())
+			path, isRemote, err := pathutil.ResolveValueFilePathOrUrl(appPath, repoRoot, val, q.GetValuesFileSchemes())
 			if err != nil {
 				return nil, err
 			}
@@ -768,7 +794,7 @@ func helmTemplate(appPath string, repoRoot string, env *v1alpha1.Env, q *apiclie
 			}
 		}
 		for _, p := range appHelm.FileParameters {
-			resolvedPath, _, err := pathutil.ResolveFilePath(appPath, repoRoot, env.Envsubst(p.Path), q.GetValuesFileSchemes())
+			resolvedPath, _, err := pathutil.ResolveValueFilePathOrUrl(appPath, repoRoot, env.Envsubst(p.Path), q.GetValuesFileSchemes())
 			if err != nil {
 				return nil, err
 			}
@@ -787,24 +813,8 @@ func helmTemplate(appPath string, repoRoot string, env *v1alpha1.Env, q *apiclie
 		templateOpts.SetString[i] = env.Envsubst(j)
 	}

-	repos, err := getHelmDependencyRepos(appPath)
-	if err != nil {
-		return nil, err
-	}
-
-	for _, r := range repos {
-		if !repoExists(r.Repo, q.Repos) {
-			repositoryCredential := getRepoCredential(q.HelmRepoCreds, r.Repo)
-			if repositoryCredential != nil {
-				r.EnableOCI = repositoryCredential.EnableOCI
-				r.Password = repositoryCredential.Password
-				r.Username = repositoryCredential.Username
-				r.SSHPrivateKey = repositoryCredential.SSHPrivateKey
-				r.TLSClientCertData = repositoryCredential.TLSClientCertData
-				r.TLSClientCertKey = repositoryCredential.TLSClientCertKey
-			}
-			q.Repos = append(q.Repos, r)
-		}
+	if err := populateRequestRepos(appPath, q); err != nil {
+		return nil, fmt.Errorf("failed parsing dependencies: %v", err)
 	}

 	var proxy string
@@ -1371,7 +1381,7 @@ func makeJsonnetVm(appPath string, repoRoot string, sourceJsonnet v1alpha1.Appli
 	jpaths := []string{appPath}
 	for _, p := range sourceJsonnet.Libs {
 		// the jsonnet library path is relative to the repository root, not application path
-		jpath, _, err := pathutil.ResolveFilePath(repoRoot, repoRoot, p, nil)
+		jpath, err := pathutil.ResolveFileOrDirectoryPath(repoRoot, repoRoot, p)
 		if err != nil {
 			return nil, err
 		}
@@ -1613,7 +1623,7 @@ func populateHelmAppDetails(res *apiclient.RepoAppDetailsResponse, appPath strin
 		return err
 	}

-	if resolvedValuesPath, _, err := pathutil.ResolveFilePath(appPath, repoRoot, "values.yaml", []string{}); err == nil {
+	if resolvedValuesPath, _, err := pathutil.ResolveValueFilePathOrUrl(appPath, repoRoot, "values.yaml", []string{}); err == nil {
 		if err := loadFileIntoIfExists(resolvedValuesPath, &res.Helm.Values); err != nil {
 			return err
 		}
@@ -1623,7 +1633,7 @@ func populateHelmAppDetails(res *apiclient.RepoAppDetailsResponse, appPath strin
 	var resolvedSelectedValueFiles []pathutil.ResolvedFilePath
 	// drop not allowed values files
 	for _, file := range selectedValueFiles {
-		if resolvedFile, _, err := pathutil.ResolveFilePath(appPath, repoRoot, file, q.GetValuesFileSchemes()); err == nil {
+		if resolvedFile, _, err := pathutil.ResolveValueFilePathOrUrl(appPath, repoRoot, file, q.GetValuesFileSchemes()); err == nil {
 			resolvedSelectedValueFiles = append(resolvedSelectedValueFiles, resolvedFile)
 		} else {
 			log.Warnf("Values file %s is not allowed: %v", file, err)
--- a/reposerver/repository/repository_test.go
+++ b/reposerver/repository/repository_test.go
@@ -47,14 +47,14 @@ gpg:                using RSA key 4AEE18F83AFDEB23
 gpg: Good signature from "GitHub (web-flow commit signing) <noreply@github.com>" [ultimate]
 `

-type clientFunc func(*gitmocks.Client)
+type clientFunc func(*gitmocks.Client, *helmmocks.Client)

 func newServiceWithMocks(root string, signed bool) (*Service, *gitmocks.Client) {
 	root, err := filepath.Abs(root)
 	if err != nil {
 		panic(err)
 	}
-	return newServiceWithOpt(func(gitClient *gitmocks.Client) {
+	return newServiceWithOpt(func(gitClient *gitmocks.Client, helmClient *helmmocks.Client) {
 		gitClient.On("Init").Return(nil)
 		gitClient.On("Fetch", mock.Anything).Return(nil)
 		gitClient.On("Checkout", mock.Anything, mock.Anything).Return(nil)
@@ -66,26 +66,27 @@ func newServiceWithMocks(root string, signed bool) (*Service, *gitmocks.Client)
 		} else {
 			gitClient.On("VerifyCommitSignature", mock.Anything).Return("", nil)
 		}
-	})
+
+		chart := "my-chart"
+		version := "1.1.0"
+		helmClient.On("GetIndex", true).Return(&helm.Index{Entries: map[string]helm.Entries{
+			chart:    {{Version: "1.0.0"}, {Version: version}},
+		}}, nil)
+		helmClient.On("ExtractChart", chart, version).Return("./testdata/my-chart", io.NopCloser, nil)
+		helmClient.On("CleanChartCache", chart, version).Return(nil)
+		helmClient.On("DependencyBuild").Return(nil)
+	}, root)
 }

-func newServiceWithOpt(cf clientFunc) (*Service, *gitmocks.Client) {
+func newServiceWithOpt(cf clientFunc, root string) (*Service, *gitmocks.Client) {
 	helmClient := &helmmocks.Client{}
 	gitClient := &gitmocks.Client{}
-	cf(gitClient)
+	cf(gitClient, helmClient)
 	service := NewService(metrics.NewMetricsServer(), cache.NewCache(
 		cacheutil.NewCache(cacheutil.NewInMemoryCache(1*time.Minute)),
 		1*time.Minute,
 		1*time.Minute,
-	), RepoServerInitConstants{ParallelismLimit: 1}, argo.NewResourceTracking(), &git.NoopCredsStore{}, os.TempDir())
-
-	chart := "my-chart"
-	version := "1.1.0"
-	helmClient.On("GetIndex", true).Return(&helm.Index{Entries: map[string]helm.Entries{
-		chart: {{Version: "1.0.0"}, {Version: version}},
-	}}, nil)
-	helmClient.On("ExtractChart", chart, version).Return("./testdata/my-chart", io.NopCloser, nil)
-	helmClient.On("CleanChartCache", chart, version).Return(nil)
+	), RepoServerInitConstants{ParallelismLimit: 1}, argo.NewResourceTracking(), &git.NoopCredsStore{}, root)

 	service.newGitClient = func(rawRepoURL string, root string, creds git.Creds, insecure bool, enableLfs bool, prosy string, opts ...git.ClientOpts) (client git.Client, e error) {
 		return gitClient, nil
@@ -110,6 +111,11 @@ func newServiceWithSignature(root string) *Service {
 }

 func newServiceWithCommitSHA(root, revision string) *Service {
+	root, err := filepath.Abs(root)
+	if err != nil {
+		panic(err)
+	}
+
 	var revisionErr error

 	commitSHARegex := regexp.MustCompile("^[0-9A-Fa-f]{40}$")
@@ -117,14 +123,14 @@ func newServiceWithCommitSHA(root, revision string) *Service {
 		revisionErr = errors.New("not a commit SHA")
 	}

-	service, gitClient := newServiceWithOpt(func(gitClient *gitmocks.Client) {
+	service, gitClient := newServiceWithOpt(func(gitClient *gitmocks.Client, helmClient *helmmocks.Client) {
 		gitClient.On("Init").Return(nil)
 		gitClient.On("Fetch", mock.Anything).Return(nil)
 		gitClient.On("Checkout", mock.Anything, mock.Anything).Return(nil)
 		gitClient.On("LsRemote", revision).Return(revision, revisionErr)
 		gitClient.On("CommitSHA").Return("632039659e542ed7de0c170a4fcc1c571b288fc0", nil)
 		gitClient.On("Root").Return(root)
-	})
+	}, root)

 	service.newGitClient = func(rawRepoURL string, root string, creds git.Creds, insecure bool, enableLfs bool, proxy string, opts ...git.ClientOpts) (client git.Client, e error) {
 		return gitClient, nil
@@ -363,6 +369,27 @@ func TestGenerateJsonnetManifestInDir(t *testing.T) {
 	assert.Equal(t, 2, len(res1.Manifests))
 }

+func TestGenerateJsonnetManifestInRootDir(t *testing.T) {
+	service := newService("testdata/jsonnet-1")
+
+	q := apiclient.ManifestRequest{
+		Repo: &argoappv1.Repository{},
+		ApplicationSource: &argoappv1.ApplicationSource{
+			Path: ".",
+			Directory: &argoappv1.ApplicationSourceDirectory{
+				Jsonnet: argoappv1.ApplicationSourceJsonnet{
+					ExtVars: []argoappv1.JsonnetVar{{Name: "extVarString", Value: "extVarString"}, {Name: "extVarCode", Value: "\"extVarCode\"", Code: true}},
+					TLAs:    []argoappv1.JsonnetVar{{Name: "tlaString", Value: "tlaString"}, {Name: "tlaCode", Value: "\"tlaCode\"", Code: true}},
+					Libs:    []string{"."},
+				},
+			},
+		},
+	}
+	res1, err := service.GenerateManifest(context.Background(), &q)
+	assert.Nil(t, err)
+	assert.Equal(t, 2, len(res1.Manifests))
+}
+
 func TestGenerateJsonnetLibOutside(t *testing.T) {
 	service := newService(".")

@@ -379,7 +406,7 @@ func TestGenerateJsonnetLibOutside(t *testing.T) {
 	}
 	_, err := service.GenerateManifest(context.Background(), &q)
 	require.Error(t, err)
-	require.Contains(t, err.Error(), "value file '../../../testdata/jsonnet/vendor' resolved to outside repository root")
+	require.Contains(t, err.Error(), "file '../../../testdata/jsonnet/vendor' resolved to outside repository root")
 }

 func TestManifestGenErrorCacheByNumRequests(t *testing.T) {
@@ -1159,6 +1186,7 @@ func TestListApps(t *testing.T) {
 		"kustomization_yml":                 "Kustomize",
 		"my-chart":                          "Helm",
 		"my-chart-2":                        "Helm",
+		"oci-dependencies":                  "Helm",
 		"out-of-bounds-values-file-link":    "Helm",
 		"values-files":                      "Helm",
 	}
@@ -2478,3 +2506,18 @@ func Test_populateHelmAppDetails_values_symlinks(t *testing.T) {
 		assert.Empty(t, res.Helm.Parameters)
 	})
 }
+
+func TestOCIDependencies(t *testing.T) {
+	src := argoappv1.ApplicationSource{Path: "."}
+	q := apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: &src, HelmRepoCreds: []*argoappv1.RepoCreds{
+		{URL: "example.com", Username: "test", Password: "test", EnableOCI: true},
+	}}
+
+	err := populateRequestRepos("./testdata/oci-dependencies", &q)
+	assert.Nil(t, err)
+
+	assert.Equal(t, len(q.Repos), 1)
+	assert.Equal(t, q.Repos[0].Username, "test")
+	assert.Equal(t, q.Repos[0].EnableOCI, true)
+	assert.Equal(t, q.Repos[0].Repo, "example.com")
+}
--- a/reposerver/repository/testdata/jsonnet-1/guestbook-ui.jsonnet
+++ b/reposerver/repository/testdata/jsonnet-1/guestbook-ui.jsonnet
@@ -0,0 +1,47 @@
+local service = import 'vendor/nested/service.libsonnet';
+local params = import 'params.libsonnet';
+
+function(tlaString, tlaCode)
+  [
+    service.new(params),
+    {
+      apiVersion: 'apps/v1beta2',
+      kind: 'Deployment',
+      metadata: {
+        name: params.name,
+      },
+      spec: {
+        replicas: params.replicas,
+        selector: {
+          matchLabels: {
+            app: params.name,
+          },
+        },
+        template: {
+          metadata: {
+            labels: {
+              app: params.name,
+              tlaString: tlaString,
+              tlaCode: tlaCode,
+              extVarString: std.extVar('extVarString'),
+              extVarCode: std.extVar('extVarCode'),
+            },
+          },
+          spec: {
+            containers: [
+              {
+                image: params.image,
+                name: params.name,
+                ports: [
+                  {
+                    containerPort: params.containerPort,
+                  },
+                ],
+              },
+            ],
+          },
+        },
+      },
+    },
+    null,
+  ]
--- a/reposerver/repository/testdata/jsonnet-1/params.libsonnet
+++ b/reposerver/repository/testdata/jsonnet-1/params.libsonnet
@@ -0,0 +1,8 @@
+{
+  containerPort: 80,
+  image: "gcr.io/heptio-images/ks-guestbook-demo:0.2",
+  name: "guestbook-ui",
+  replicas: 1,
+  servicePort: 80,
+  type: "ClusterIP",
+}
--- a/reposerver/repository/testdata/jsonnet-1/vendor/nested/service.libsonnet
+++ b/reposerver/repository/testdata/jsonnet-1/vendor/nested/service.libsonnet
@@ -0,0 +1,23 @@
+local new(params) = {
+  apiVersion: 'v1',
+  kind: 'Service',
+  metadata: {
+    name: params.name,
+  },
+  spec: {
+    ports: [
+      {
+        port: params.servicePort,
+        targetPort: params.containerPort,
+      },
+    ],
+    selector: {
+      app: params.name,
+    },
+    type: params.type,
+  },
+};
+
+{
+  new:: new,
+}
--- a/reposerver/repository/testdata/oci-dependencies/Chart.yaml
+++ b/reposerver/repository/testdata/oci-dependencies/Chart.yaml
@@ -0,0 +1,6 @@
+name: my-chart
+version: 1.1.0
+dependencies:
+- name: my-dependency
+  repository: oci://example.com
+  version: '*'
--- a/server/cluster/cluster.go
+++ b/server/cluster/cluster.go
@@ -1,6 +1,7 @@
 package cluster

 import (
+	"net/url"
 	"time"

 	"github.com/argoproj/gitops-engine/pkg/utils/kube"
@@ -144,6 +145,12 @@ func (s *Server) getCluster(ctx context.Context, q *cluster.ClusterQuery) (*appv
 		q.Name = ""
 		if q.Id.Type == "name" {
 			q.Name = q.Id.Value
+		} else if q.Id.Type == "name_escaped" {
+			nameUnescaped, err := url.QueryUnescape(q.Id.Value)
+			if err != nil {
+				return nil, err
+			}
+			q.Name = nameUnescaped
 		} else {
 			q.Server = q.Id.Value
 		}
--- a/server/cluster/cluster_test.go
+++ b/server/cluster/cluster_test.go
@@ -48,6 +48,66 @@ func newNoopEnforcer() *rbac.Enforcer {
 	return enf
 }

+func TestGetCluster_UrlEncodedName(t *testing.T) {
+	db := &dbmocks.ArgoDB{}
+
+	mockCluster := v1alpha1.Cluster{
+		Name:       "test/ing",
+		Server:     "https://127.0.0.1",
+		Namespaces: []string{"default", "kube-system"},
+	}
+	mockClusterList := v1alpha1.ClusterList{
+		ListMeta: v1.ListMeta{},
+		Items: []v1alpha1.Cluster{
+			mockCluster,
+		},
+	}
+
+	db.On("ListClusters", mock.Anything).Return(&mockClusterList, nil)
+
+	server := NewServer(db, newNoopEnforcer(), newServerInMemoryCache(), &kubetest.MockKubectlCmd{})
+
+	cluster, err := server.Get(context.Background(), &clusterapi.ClusterQuery{
+		Id: &clusterapi.ClusterID{
+			Type:  "name_escaped",
+			Value: "test%2fing",
+		},
+	})
+	require.NoError(t, err)
+
+	assert.Equal(t, cluster.Name, "test/ing")
+}
+
+func TestGetCluster_NameWithUrlEncodingButShouldNotBeUnescaped(t *testing.T) {
+	db := &dbmocks.ArgoDB{}
+
+	mockCluster := v1alpha1.Cluster{
+		Name:       "test%2fing",
+		Server:     "https://127.0.0.1",
+		Namespaces: []string{"default", "kube-system"},
+	}
+	mockClusterList := v1alpha1.ClusterList{
+		ListMeta: v1.ListMeta{},
+		Items: []v1alpha1.Cluster{
+			mockCluster,
+		},
+	}
+
+	db.On("ListClusters", mock.Anything).Return(&mockClusterList, nil)
+
+	server := NewServer(db, newNoopEnforcer(), newServerInMemoryCache(), &kubetest.MockKubectlCmd{})
+
+	cluster, err := server.Get(context.Background(), &clusterapi.ClusterQuery{
+		Id: &clusterapi.ClusterID{
+			Type:  "name",
+			Value: "test%2fing",
+		},
+	})
+	require.NoError(t, err)
+
+	assert.Equal(t, cluster.Name, "test%2fing")
+}
+
 func TestUpdateCluster_NoFieldsPaths(t *testing.T) {
 	db := &dbmocks.ArgoDB{}
 	var updated *v1alpha1.Cluster
--- a/test/e2e/app_management_test.go
+++ b/test/e2e/app_management_test.go
@@ -3,11 +3,9 @@ package e2e
 import (
 	"context"
 	"fmt"
-	"math/rand"
 	"path"
 	"reflect"
 	"regexp"
-	"strings"
 	"testing"
 	"time"

@@ -370,23 +368,18 @@ func TestDeleteAppResource(t *testing.T) {
 // demonstrate that we cannot use a standard sync when an immutable field is changed, we must use "force"
 func TestImmutableChange(t *testing.T) {
 	SkipOnEnv(t, "OPENSHIFT")
-	text := FailOnErr(Run(".", "kubectl", "get", "service", "-n", "kube-system", "kube-dns", "-o", "jsonpath={.spec.clusterIP}")).(string)
-	parts := strings.Split(text, ".")
-	n := rand.Intn(254)
-	ip1 := fmt.Sprintf("%s.%s.%s.%d", parts[0], parts[1], parts[2], n)
-	ip2 := fmt.Sprintf("%s.%s.%s.%d", parts[0], parts[1], parts[2], n+1)
 	Given(t).
-		Path("service").
+		Path("secrets").
 		When().
 		CreateApp().
-		PatchFile("service.yaml", fmt.Sprintf(`[{"op": "add", "path": "/spec/clusterIP", "value": "%s"}]`, ip1)).
+		PatchFile("secrets.yaml", `[{"op": "add", "path": "/data/new-field", "value": "dGVzdA=="}, {"op": "add", "path": "/immutable", "value": true}]`).
 		Sync().
 		Then().
 		Expect(OperationPhaseIs(OperationSucceeded)).
 		Expect(SyncStatusIs(SyncStatusCodeSynced)).
 		Expect(HealthIs(health.HealthStatusHealthy)).
 		When().
-		PatchFile("service.yaml", fmt.Sprintf(`[{"op": "add", "path": "/spec/clusterIP", "value": "%s"}]`, ip2)).
+		PatchFile("secrets.yaml", `[{"op": "add", "path": "/data/new-field", "value": "dGVzdDI="}]`).
 		IgnoreErrors().
 		Sync().
 		DoNotIgnoreErrors().
@@ -395,14 +388,14 @@ func TestImmutableChange(t *testing.T) {
 		Expect(SyncStatusIs(SyncStatusCodeOutOfSync)).
 		Expect(ResourceResultNumbering(1)).
 		Expect(ResourceResultMatches(ResourceResult{
-			Kind:      "Service",
+			Kind:      "Secret",
 			Version:   "v1",
 			Namespace: DeploymentNamespace(),
-			Name:      "my-service",
+			Name:      "test-secret",
 			SyncPhase: "Sync",
 			Status:    "SyncFailed",
 			HookPhase: "Failed",
-			Message:   `Service "my-service" is invalid`,
+			Message:   `Secret "test-secret" is invalid`,
 		})).
 		// now we can do this will a force
 		Given().
--- a/test/e2e/applicationset_test.go
+++ b/test/e2e/applicationset_test.go
@@ -1,6 +1,9 @@
 package e2e

 import (
+	"io"
+	"net/http"
+	"net/http/httptest"
 	"strings"
 	"testing"
 	"time"
@@ -410,21 +413,215 @@ func TestSimpleGitFilesPreserveResourcesOnDeletion(t *testing.T) {
 		}).Then().Expect(Pod(func(p corev1.Pod) bool { return strings.Contains(p.Name, "guestbook-ui") }))
 }

+func githubSCMMockHandler(t *testing.T) func(http.ResponseWriter, *http.Request) {
+	return func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Content-Type", "application/json")
+		switch r.RequestURI {
+		case "/api/v3/orgs/argoproj/repos?per_page=100":
+			_, err := io.WriteString(w, `[
+				{
+				  "id": 1296269,
+				  "node_id": "MDEwOlJlcG9zaXRvcnkxMjk2MjY5",
+				  "name": "argo-cd",
+				  "full_name": "argoproj/argo-cd",
+				  "owner": {
+					"login": "argoproj",
+					"id": 1,
+					"node_id": "MDQ6VXNlcjE=",
+					"avatar_url": "https://github.com/images/error/argoproj_happy.gif",
+					"gravatar_id": "",
+					"url": "https://api.github.com/users/argoproj",
+					"html_url": "https://github.com/argoproj",
+					"followers_url": "https://api.github.com/users/argoproj/followers",
+					"following_url": "https://api.github.com/users/argoproj/following{/other_user}",
+					"gists_url": "https://api.github.com/users/argoproj/gists{/gist_id}",
+					"starred_url": "https://api.github.com/users/argoproj/starred{/owner}{/repo}",
+					"subscriptions_url": "https://api.github.com/users/argoproj/subscriptions",
+					"organizations_url": "https://api.github.com/users/argoproj/orgs",
+					"repos_url": "https://api.github.com/users/argoproj/repos",
+					"events_url": "https://api.github.com/users/argoproj/events{/privacy}",
+					"received_events_url": "https://api.github.com/users/argoproj/received_events",
+					"type": "User",
+					"site_admin": false
+				  },
+				  "private": false,
+				  "html_url": "https://github.com/argoproj/argo-cd",
+				  "description": "This your first repo!",
+				  "fork": false,
+				  "url": "https://api.github.com/repos/argoproj/argo-cd",
+				  "archive_url": "https://api.github.com/repos/argoproj/argo-cd/{archive_format}{/ref}",
+				  "assignees_url": "https://api.github.com/repos/argoproj/argo-cd/assignees{/user}",
+				  "blobs_url": "https://api.github.com/repos/argoproj/argo-cd/git/blobs{/sha}",
+				  "branches_url": "https://api.github.com/repos/argoproj/argo-cd/branches{/branch}",
+				  "collaborators_url": "https://api.github.com/repos/argoproj/argo-cd/collaborators{/collaborator}",
+				  "comments_url": "https://api.github.com/repos/argoproj/argo-cd/comments{/number}",
+				  "commits_url": "https://api.github.com/repos/argoproj/argo-cd/commits{/sha}",
+				  "compare_url": "https://api.github.com/repos/argoproj/argo-cd/compare/{base}...{head}",
+				  "contents_url": "https://api.github.com/repos/argoproj/argo-cd/contents/{path}",
+				  "contributors_url": "https://api.github.com/repos/argoproj/argo-cd/contributors",
+				  "deployments_url": "https://api.github.com/repos/argoproj/argo-cd/deployments",
+				  "downloads_url": "https://api.github.com/repos/argoproj/argo-cd/downloads",
+				  "events_url": "https://api.github.com/repos/argoproj/argo-cd/events",
+				  "forks_url": "https://api.github.com/repos/argoproj/argo-cd/forks",
+				  "git_commits_url": "https://api.github.com/repos/argoproj/argo-cd/git/commits{/sha}",
+				  "git_refs_url": "https://api.github.com/repos/argoproj/argo-cd/git/refs{/sha}",
+				  "git_tags_url": "https://api.github.com/repos/argoproj/argo-cd/git/tags{/sha}",
+				  "git_url": "git:github.com/argoproj/argo-cd.git",
+				  "issue_comment_url": "https://api.github.com/repos/argoproj/argo-cd/issues/comments{/number}",
+				  "issue_events_url": "https://api.github.com/repos/argoproj/argo-cd/issues/events{/number}",
+				  "issues_url": "https://api.github.com/repos/argoproj/argo-cd/issues{/number}",
+				  "keys_url": "https://api.github.com/repos/argoproj/argo-cd/keys{/key_id}",
+				  "labels_url": "https://api.github.com/repos/argoproj/argo-cd/labels{/name}",
+				  "languages_url": "https://api.github.com/repos/argoproj/argo-cd/languages",
+				  "merges_url": "https://api.github.com/repos/argoproj/argo-cd/merges",
+				  "milestones_url": "https://api.github.com/repos/argoproj/argo-cd/milestones{/number}",
+				  "notifications_url": "https://api.github.com/repos/argoproj/argo-cd/notifications{?since,all,participating}",
+				  "pulls_url": "https://api.github.com/repos/argoproj/argo-cd/pulls{/number}",
+				  "releases_url": "https://api.github.com/repos/argoproj/argo-cd/releases{/id}",
+				  "ssh_url": "git@github.com:argoproj/argo-cd.git",
+				  "stargazers_url": "https://api.github.com/repos/argoproj/argo-cd/stargazers",
+				  "statuses_url": "https://api.github.com/repos/argoproj/argo-cd/statuses/{sha}",
+				  "subscribers_url": "https://api.github.com/repos/argoproj/argo-cd/subscribers",
+				  "subscription_url": "https://api.github.com/repos/argoproj/argo-cd/subscription",
+				  "tags_url": "https://api.github.com/repos/argoproj/argo-cd/tags",
+				  "teams_url": "https://api.github.com/repos/argoproj/argo-cd/teams",
+				  "trees_url": "https://api.github.com/repos/argoproj/argo-cd/git/trees{/sha}",
+				  "clone_url": "https://github.com/argoproj/argo-cd.git",
+				  "mirror_url": "git:git.example.com/argoproj/argo-cd",
+				  "hooks_url": "https://api.github.com/repos/argoproj/argo-cd/hooks",
+				  "svn_url": "https://svn.github.com/argoproj/argo-cd",
+				  "homepage": "https://github.com",
+				  "language": null,
+				  "forks_count": 9,
+				  "stargazers_count": 80,
+				  "watchers_count": 80,
+				  "size": 108,
+				  "default_branch": "master",
+				  "open_issues_count": 0,
+				  "is_template": false,
+				  "topics": [
+					"argoproj",
+					"atom",
+					"electron",
+					"api"
+				  ],
+				  "has_issues": true,
+				  "has_projects": true,
+				  "has_wiki": true,
+				  "has_pages": false,
+				  "has_downloads": true,
+				  "archived": false,
+				  "disabled": false,
+				  "visibility": "public",
+				  "pushed_at": "2011-01-26T19:06:43Z",
+				  "created_at": "2011-01-26T19:01:12Z",
+				  "updated_at": "2011-01-26T19:14:43Z",
+				  "permissions": {
+					"admin": false,
+					"push": false,
+					"pull": true
+				  },
+				  "template_repository": null
+				}
+			  ]`)
+			if err != nil {
+				t.Fail()
+			}
+		case "/api/v3/repos/argoproj/argo-cd/branches?per_page=100":
+			_, err := io.WriteString(w, `[
+				{
+				  "name": "master",
+				  "commit": {
+					"sha": "c5b97d5ae6c19d5c5df71a34c7fbeeda2479ccbc",
+					"url": "https://api.github.com/repos/argoproj/argo-cd/commits/c5b97d5ae6c19d5c5df71a34c7fbeeda2479ccbc"
+				  },
+				  "protected": true,
+				  "protection": {
+					"required_status_checks": {
+					  "enforcement_level": "non_admins",
+					  "contexts": [
+						"ci-test",
+						"linter"
+					  ]
+					}
+				  },
+				  "protection_url": "https://api.github.com/repos/argoproj/hello-world/branches/master/protection"
+				}
+			  ]
+			`)
+			if err != nil {
+				t.Fail()
+			}
+		case "/api/v3/repos/argoproj/argo-cd/contents/pkg?ref=master":
+			_, err := io.WriteString(w, `{
+				"type": "file",
+				"encoding": "base64",
+				"size": 5362,
+				"name": "pkg/",
+				"path": "pkg/",
+				"content": "encoded content ...",
+				"sha": "3d21ec53a331a6f037a91c368710b99387d012c1",
+				"url": "https://api.github.com/repos/octokit/octokit.rb/contents/README.md",
+				"git_url": "https://api.github.com/repos/octokit/octokit.rb/git/blobs/3d21ec53a331a6f037a91c368710b99387d012c1",
+				"html_url": "https://github.com/octokit/octokit.rb/blob/master/README.md",
+				"download_url": "https://raw.githubusercontent.com/octokit/octokit.rb/master/README.md",
+				"_links": {
+				  "git": "https://api.github.com/repos/octokit/octokit.rb/git/blobs/3d21ec53a331a6f037a91c368710b99387d012c1",
+				  "self": "https://api.github.com/repos/octokit/octokit.rb/contents/README.md",
+				  "html": "https://github.com/octokit/octokit.rb/blob/master/README.md"
+				}
+			  }`)
+			if err != nil {
+				t.Fail()
+			}
+		case "/api/v3/repos/argoproj/argo-cd/branches/master":
+			_, err := io.WriteString(w, `{
+				"name": "master",
+				"commit": {
+				  "sha": "c5b97d5ae6c19d5c5df71a34c7fbeeda2479ccbc",
+				  "url": "https://api.github.com/repos/octocat/Hello-World/commits/c5b97d5ae6c19d5c5df71a34c7fbeeda2479ccbc"
+				},
+				"protected": true,
+				"protection": {
+				  "required_status_checks": {
+					"enforcement_level": "non_admins",
+					"contexts": [
+					  "ci-test",
+					  "linter"
+					]
+				  }
+				},
+				"protection_url": "https://api.github.com/repos/octocat/hello-world/branches/master/protection"
+			  }`)
+			if err != nil {
+				t.Fail()
+			}
+		default:
+			w.WriteHeader(404)
+		}
+	}
+}
+
 func TestSimpleSCMProviderGenerator(t *testing.T) {
+	// Use mocked API response to avoid rate-limiting.
+	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		githubSCMMockHandler(t)(w, r)
+	}))
+
 	expectedApp := argov1alpha1.Application{
 		TypeMeta: metav1.TypeMeta{
 			Kind:       "Application",
 			APIVersion: "argoproj.io/v1alpha1",
 		},
 		ObjectMeta: metav1.ObjectMeta{
-			Name:       "argocd-example-apps-guestbook",
+			Name:       "argo-cd-guestbook",
 			Namespace:  utils.ArgoCDNamespace,
 			Finalizers: []string{"resources-finalizer.argocd.argoproj.io"},
 		},
 		Spec: argov1alpha1.ApplicationSpec{
 			Project: "default",
 			Source: argov1alpha1.ApplicationSource{
-				RepoURL:        "git@github.com:argoproj/argocd-example-apps.git",
+				RepoURL:        "git@github.com:argoproj/argo-cd.git",
 				TargetRevision: "master",
 				Path:           "guestbook",
 			},
@@ -436,7 +633,7 @@ func TestSimpleSCMProviderGenerator(t *testing.T) {
 	}

 	// Because you can't &"".
-	repoMatch := "example-apps"
+	repoMatch := "argo-cd"

 	Given(t).
 		// Create an SCMProviderGenerator-based ApplicationSet
@@ -464,6 +661,7 @@ func TestSimpleSCMProviderGenerator(t *testing.T) {
 					SCMProvider: &v1alpha1.SCMProviderGenerator{
 						Github: &v1alpha1.SCMProviderGeneratorGithub{
 							Organization: "argoproj",
+							API:          ts.URL,
 						},
 						Filters: []v1alpha1.SCMProviderGeneratorFilter{
 							{
@@ -543,11 +741,39 @@ func TestCustomApplicationFinalizers(t *testing.T) {
 		Delete().Then().Expect(ApplicationsDoNotExist([]argov1alpha1.Application{expectedApp}))
 }

-func TestSimplePullRequestGenerator(t *testing.T) {
-
-	if utils.IsGitHubAPISkippedTest(t) {
-		return
+func githubPullMockHandler(t *testing.T) func(http.ResponseWriter, *http.Request) {
+	return func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Content-Type", "application/json")
+		switch r.RequestURI {
+		case "/api/v3/repos/applicationset-test-org/argocd-example-apps/pulls?per_page=100":
+			_, err := io.WriteString(w, `[
+  {
+    "number": 1,
+    "labels": [
+      {
+        "name": "preview"
+      }
+    ],
+    "head": {
+      "ref": "pull-request",
+      "sha": "824a5c987fdfb2b0629e9dbf5f31636c69ba4772"
+    }
+  }
+]`)
+			if err != nil {
+				t.Fail()
+			}
+		default:
+			w.WriteHeader(404)
+		}
 	}
+}
+
+func TestSimplePullRequestGenerator(t *testing.T) {
+	// Use mocked API response to avoid rate-limiting.
+	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		githubPullMockHandler(t)(w, r)
+	}))

 	expectedApp := argov1alpha1.Application{
 		TypeMeta: metav1.TypeMeta{
@@ -604,6 +830,7 @@ func TestSimplePullRequestGenerator(t *testing.T) {
 				{
 					PullRequest: &v1alpha1.PullRequestGenerator{
 						Github: &v1alpha1.PullRequestGeneratorGithub{
+							API:   ts.URL,
 							Owner: "applicationset-test-org",
 							Repo:  "argocd-example-apps",
 							Labels: []string{
--- a/ui/src/app/index.tsx
+++ b/ui/src/app/index.tsx
@@ -13,3 +13,4 @@ if (mdl.hot) {
 }

 (window as any).React = React;
+(window as any).ReactDOM = ReactDOM;
--- a/ui/src/app/shared/services/clusters-service.ts
+++ b/ui/src/app/shared/services/clusters-service.ts
@@ -10,7 +10,7 @@ export class ClustersService {
    }

    public get(url: string, name: string): Promise<models.Cluster> {
-        const requestUrl = `/clusters/${url ? encodeURIComponent(url) : name}?id.type=${url ? 'url' : 'name'}`;
+        const requestUrl = `/clusters/${url ? encodeURIComponent(url) : encodeURIComponent(name)}?id.type=${url ? 'url' : 'name_escaped'}`;
        return requests.get(requestUrl).then(res => res.body as models.Cluster);
    }

--- a/ui/yarn.lock
+++ b/ui/yarn.lock
@@ -3391,9 +3391,9 @@ decko@^1.2.0:
  integrity sha1-/UPHNelnuAEzBohKVvvmZZlraBc=

 decode-uri-component@^0.2.0:
-  version "0.2.0"
-  resolved "https://registry.yarnpkg.com/decode-uri-component/-/decode-uri-component-0.2.0.tgz#eb3913333458775cb84cd1a1fae062106bb87545"
-  integrity sha1-6zkTMzRYd1y4TNGh+uBiEGu4dUU=
+  version "0.2.2"
+  resolved "https://registry.yarnpkg.com/decode-uri-component/-/decode-uri-component-0.2.2.tgz#e69dbe25d37941171dd540e024c444cd5188e1e9"
+  integrity sha512-FqUYQ+8o158GyGTrMFJms9qh3CqTKvAqgqsTnkLI8sKu0028orqBhxNMFkFen0zGyg6epACD32pjVk58ngIErQ==

 dedent@^0.7.0:
  version "0.7.0"
--- a/util/helm/cmd.go
+++ b/util/helm/cmd.go
@@ -56,7 +56,7 @@ func (c Cmd) run(args ...string) (string, error) {
 			fmt.Sprintf("XDG_CACHE_HOME=%s/cache", c.helmHome),
 			fmt.Sprintf("XDG_CONFIG_HOME=%s/config", c.helmHome),
 			fmt.Sprintf("XDG_DATA_HOME=%s/data", c.helmHome),
-			fmt.Sprintf("HELM_HOME=%s", c.helmHome))
+			fmt.Sprintf("HELM_CONFIG_HOME=%s/config", c.helmHome))
 	}

 	if c.IsHelmOci {
@@ -87,26 +87,6 @@ func (c *Cmd) RegistryLogin(repo string, creds Creds) (string, error) {
 		args = append(args, "--password", creds.Password)
 	}

-	if creds.CAPath != "" {
-		args = append(args, "--ca-file", creds.CAPath)
-	}
-	if len(creds.CertData) > 0 {
-		filePath, closer, err := writeToTmp(creds.CertData)
-		if err != nil {
-			return "", err
-		}
-		defer io.Close(closer)
-		args = append(args, "--cert-file", filePath)
-	}
-	if len(creds.KeyData) > 0 {
-		filePath, closer, err := writeToTmp(creds.KeyData)
-		if err != nil {
-			return "", err
-		}
-		defer io.Close(closer)
-		args = append(args, "--key-file", filePath)
-	}
-
 	if creds.InsecureSkipVerify {
 		args = append(args, "--insecure")
 	}
@@ -117,26 +97,6 @@ func (c *Cmd) RegistryLogout(repo string, creds Creds) (string, error) {
 	args := []string{"registry", "logout"}
 	args = append(args, repo)

-	if creds.CAPath != "" {
-		args = append(args, "--ca-file", creds.CAPath)
-	}
-	if len(creds.CertData) > 0 {
-		filePath, closer, err := writeToTmp(creds.CertData)
-		if err != nil {
-			return "", err
-		}
-		defer io.Close(closer)
-		args = append(args, "--cert-file", filePath)
-	}
-	if len(creds.KeyData) > 0 {
-		filePath, closer, err := writeToTmp(creds.KeyData)
-		if err != nil {
-			return "", err
-		}
-		defer io.Close(closer)
-		args = append(args, "--key-file", filePath)
-	}
-
 	return c.run(args...)
 }

--- a/util/helm/helm.go
+++ b/util/helm/helm.go
@@ -134,8 +134,7 @@ func Version(shortForm bool) (string, error) {
 func (h *helm) GetParameters(valuesFiles []pathutil.ResolvedFilePath, appPath, repoRoot string) (map[string]string, error) {
 	var values []string
 	// Don't load values.yaml if it's an out-of-bounds link.
-	if resolved, _, err := pathutil.ResolveFilePath(appPath, repoRoot, "values.yaml", []string{}); err == nil {
-		fmt.Println(resolved)
+	if _, _, err := pathutil.ResolveValueFilePathOrUrl(appPath, repoRoot, "values.yaml", []string{}); err == nil {
 		out, err := h.cmd.inspectValues(".")
 		if err != nil {
 			return nil, err
--- a/util/helm/helm_test.go
+++ b/util/helm/helm_test.go
@@ -59,7 +59,7 @@ func TestHelmTemplateValues(t *testing.T) {
 	require.NoError(t, err)
 	h, err := NewHelmApp(repoRootAbs, []HelmRepository{}, false, "", "", false)
 	assert.NoError(t, err)
-	valuesPath, _, err := path.ResolveFilePath(repoRootAbs, repoRootAbs, "values-production.yaml", nil)
+	valuesPath, _, err := path.ResolveValueFilePathOrUrl(repoRootAbs, repoRootAbs, "values-production.yaml", nil)
 	require.NoError(t, err)
 	opts := TemplateOpts{
 		Name:   "test",
@@ -98,7 +98,7 @@ func TestHelmGetParamsValueFiles(t *testing.T) {
 	require.NoError(t, err)
 	h, err := NewHelmApp(repoRootAbs, nil, false, "", "", false)
 	assert.NoError(t, err)
-	valuesPath, _, err := path.ResolveFilePath(repoRootAbs, repoRootAbs, "values-production.yaml", nil)
+	valuesPath, _, err := path.ResolveValueFilePathOrUrl(repoRootAbs, repoRootAbs, "values-production.yaml", nil)
 	require.NoError(t, err)
 	params, err := h.GetParameters([]path.ResolvedFilePath{valuesPath}, repoRootAbs, repoRootAbs)
 	assert.Nil(t, err)
@@ -113,9 +113,9 @@ func TestHelmGetParamsValueFilesThatExist(t *testing.T) {
 	require.NoError(t, err)
 	h, err := NewHelmApp(repoRootAbs, nil, false, "", "", false)
 	assert.NoError(t, err)
-	valuesMissingPath, _, err := path.ResolveFilePath(repoRootAbs, repoRootAbs, "values-missing.yaml", nil)
+	valuesMissingPath, _, err := path.ResolveValueFilePathOrUrl(repoRootAbs, repoRootAbs, "values-missing.yaml", nil)
 	require.NoError(t, err)
-	valuesProductionPath, _, err := path.ResolveFilePath(repoRootAbs, repoRootAbs, "values-production.yaml", nil)
+	valuesProductionPath, _, err := path.ResolveValueFilePathOrUrl(repoRootAbs, repoRootAbs, "values-production.yaml", nil)
 	require.NoError(t, err)
 	params, err := h.GetParameters([]path.ResolvedFilePath{valuesMissingPath, valuesProductionPath}, repoRootAbs, repoRootAbs)
 	assert.Nil(t, err)
--- a/util/io/path/resolved.go
+++ b/util/io/path/resolved.go
@@ -10,10 +10,14 @@ import (
 	log "github.com/sirupsen/logrus"
 )

-// ResolvedFilePath represents a resolved file path and intended to prevent unintentional use of not verified file path.
-// It is always either a URL or an absolute path.
+// ResolvedFilePath represents a resolved file path and is intended to prevent unintentional use of an unverified file
+// path. It is always either a URL or an absolute path.
 type ResolvedFilePath string

+// ResolvedFileOrDirectoryPath represents a resolved file or directory path and is intended to prevent unintentional use
+// of an unverified file or directory path. It is an absolute path.
+type ResolvedFileOrDirectoryPath string
+
 // resolveSymbolicLinkRecursive resolves the symlink path recursively to its
 // canonical path on the file system, with a maximum nesting level of maxDepth.
 // If path is not a symlink, returns the verbatim copy of path and err of nil.
@@ -60,7 +64,24 @@ func isURLSchemeAllowed(scheme string, allowed []string) bool {
 	return isAllowed && scheme != ""
 }

-// ResolveFilePath will inspect and resolve given file, and make sure that its final path is within the boundaries of
+// We do not provide the path in the error message, because it will be
+// returned to the user and could be used for information gathering.
+// Instead, we log the concrete error details.
+func resolveFailure(path string, err error) error {
+	log.Errorf("failed to resolve path '%s': %v", path, err)
+	return fmt.Errorf("internal error: failed to resolve path. Check logs for more details")
+}
+
+func ResolveFileOrDirectoryPath(appPath, repoRoot, dir string) (ResolvedFileOrDirectoryPath, error) {
+	path, err := resolveFileOrDirectory(appPath, repoRoot, dir, true)
+	if err != nil {
+		return "", err
+	}
+
+	return ResolvedFileOrDirectoryPath(path), nil
+}
+
+// ResolveValueFilePathOrUrl will inspect and resolve given file, and make sure that its final path is within the boundaries of
 // the path specified in repoRoot.
 //
 // appPath is the path we're operating in, e.g. where a Helm chart was unpacked
@@ -88,15 +109,7 @@ func isURLSchemeAllowed(scheme string, allowed []string) bool {
 //
 // isRemote will be set to true if valueFile is an URL using an allowed
 // protocol scheme, or to false if it resolved to a local file.
-func ResolveFilePath(appPath, repoRoot, valueFile string, allowedURLSchemes []string) (resolvedPath ResolvedFilePath, isRemote bool, err error) {
-	// We do not provide the path in the error message, because it will be
-	// returned to the user and could be used for information gathering.
-	// Instead, we log the concrete error details.
-	resolveFailure := func(path string, err error) error {
-		log.Errorf("failed to resolve path '%s': %v", path, err)
-		return fmt.Errorf("internal error: failed to resolve path. Check logs for more details")
-	}
-
+func ResolveValueFilePathOrUrl(appPath, repoRoot, valueFile string, allowedURLSchemes []string) (resolvedPath ResolvedFilePath, isRemote bool, err error) {
 	// A value file can be specified as an URL to a remote resource.
 	// We only allow certain URL schemes for remote value files.
 	url, err := url.Parse(valueFile)
@@ -111,36 +124,45 @@ func ResolveFilePath(appPath, repoRoot, valueFile string, allowedURLSchemes []st
 		}
 	}

+	path, err := resolveFileOrDirectory(appPath, repoRoot, valueFile, false)
+	if err != nil {
+		return "", false, err
+	}
+
+	return ResolvedFilePath(path), false, nil
+}
+
+func resolveFileOrDirectory(appPath string, repoRoot string, fileOrDirectory string, allowResolveToRoot bool) (string, error) {
 	// Ensure that our repository root is absolute
 	absRepoPath, err := filepath.Abs(repoRoot)
 	if err != nil {
-		return "", false, resolveFailure(repoRoot, err)
+		return "", resolveFailure(repoRoot, err)
 	}

-	// If the path to the file is relative, join it with the current working directory (appPath)
+	// If the path to the file or directory is relative, join it with the current working directory (appPath)
 	// Otherwise, join it with the repository's root
-	path := valueFile
+	path := fileOrDirectory
 	if !filepath.IsAbs(path) {
 		absWorkDir, err := filepath.Abs(appPath)
 		if err != nil {
-			return "", false, resolveFailure(repoRoot, err)
+			return "", resolveFailure(repoRoot, err)
 		}
 		path = filepath.Join(absWorkDir, path)
 	} else {
 		path = filepath.Join(absRepoPath, path)
 	}

-	// Ensure any symbolic link is resolved before we
+	// Ensure any symbolic link is resolved before we evaluate the path
 	delinkedPath, err := resolveSymbolicLinkRecursive(path, 10)
 	if err != nil {
-		return "", false, resolveFailure(path, err)
+		return "", resolveFailure(repoRoot, err)
 	}
 	path = delinkedPath

 	// Resolve the joined path to an absolute path
 	path, err = filepath.Abs(path)
 	if err != nil {
-		return "", false, resolveFailure(path, err)
+		return "", resolveFailure(repoRoot, err)
 	}

 	// Ensure our root path has a trailing slash, otherwise the following check
@@ -150,10 +172,17 @@ func ResolveFilePath(appPath, repoRoot, valueFile string, allowedURLSchemes []st
 		requiredRootPath += string(os.PathSeparator)
 	}

-	// Make sure that the resolved path to values file is within the repository's root path
-	if !strings.HasPrefix(path, requiredRootPath) {
-		return "", false, fmt.Errorf("value file '%s' resolved to outside repository root", valueFile)
+	resolvedToRoot := path+string(os.PathSeparator) == requiredRootPath
+	if resolvedToRoot {
+		if !allowResolveToRoot {
+			return "", resolveFailure(path, fmt.Errorf("path resolved to repository root, which is not allowed"))
+		}
+	} else {
+		// Make sure that the resolved path to file is within the repository's root path
+		if !strings.HasPrefix(path, requiredRootPath) {
+			return "", fmt.Errorf("file '%s' resolved to outside repository root", fileOrDirectory)
+		}
 	}

-	return ResolvedFilePath(path), false, nil
+	return path, nil
 }
--- a/util/io/path/resolved_test.go
+++ b/util/io/path/resolved_test.go
@@ -98,19 +98,19 @@ var allowedRemoteProtocols = []string{"http", "https"}

 func Test_resolveFilePath(t *testing.T) {
 	t.Run("Resolve normal relative path into absolute path", func(t *testing.T) {
-		p, remote, err := ResolveFilePath("/foo/bar", "/foo", "baz/bim.yaml", allowedRemoteProtocols)
+		p, remote, err := ResolveValueFilePathOrUrl("/foo/bar", "/foo", "baz/bim.yaml", allowedRemoteProtocols)
 		assert.NoError(t, err)
 		assert.False(t, remote)
 		assert.Equal(t, "/foo/bar/baz/bim.yaml", string(p))
 	})
 	t.Run("Resolve normal relative path into absolute path", func(t *testing.T) {
-		p, remote, err := ResolveFilePath("/foo/bar", "/foo", "baz/../../bim.yaml", allowedRemoteProtocols)
+		p, remote, err := ResolveValueFilePathOrUrl("/foo/bar", "/foo", "baz/../../bim.yaml", allowedRemoteProtocols)
 		assert.NoError(t, err)
 		assert.False(t, remote)
 		assert.Equal(t, "/foo/bim.yaml", string(p))
 	})
 	t.Run("Error on path resolving outside repository root", func(t *testing.T) {
-		p, remote, err := ResolveFilePath("/foo/bar", "/foo", "baz/../../../bim.yaml", allowedRemoteProtocols)
+		p, remote, err := ResolveValueFilePathOrUrl("/foo/bar", "/foo", "baz/../../../bim.yaml", allowedRemoteProtocols)
 		assert.Error(t, err)
 		assert.Contains(t, err.Error(), "outside repository root")
 		assert.False(t, remote)
@@ -118,26 +118,26 @@ func Test_resolveFilePath(t *testing.T) {
 	})
 	t.Run("Return verbatim URL", func(t *testing.T) {
 		url := "https://some.where/foo,yaml"
-		p, remote, err := ResolveFilePath("/foo/bar", "/foo", url, allowedRemoteProtocols)
+		p, remote, err := ResolveValueFilePathOrUrl("/foo/bar", "/foo", url, allowedRemoteProtocols)
 		assert.NoError(t, err)
 		assert.True(t, remote)
 		assert.Equal(t, url, string(p))
 	})
 	t.Run("URL scheme not allowed", func(t *testing.T) {
 		url := "file:///some.where/foo,yaml"
-		p, remote, err := ResolveFilePath("/foo/bar", "/foo", url, allowedRemoteProtocols)
+		p, remote, err := ResolveValueFilePathOrUrl("/foo/bar", "/foo", url, allowedRemoteProtocols)
 		assert.Error(t, err)
 		assert.False(t, remote)
 		assert.Equal(t, "", string(p))
 	})
 	t.Run("Implicit URL by absolute path", func(t *testing.T) {
-		p, remote, err := ResolveFilePath("/foo/bar", "/foo", "/baz.yaml", allowedRemoteProtocols)
+		p, remote, err := ResolveValueFilePathOrUrl("/foo/bar", "/foo", "/baz.yaml", allowedRemoteProtocols)
 		assert.NoError(t, err)
 		assert.False(t, remote)
 		assert.Equal(t, "/foo/baz.yaml", string(p))
 	})
 	t.Run("Relative app path", func(t *testing.T) {
-		p, remote, err := ResolveFilePath(".", "/foo", "/baz.yaml", allowedRemoteProtocols)
+		p, remote, err := ResolveValueFilePathOrUrl(".", "/foo", "/baz.yaml", allowedRemoteProtocols)
 		assert.NoError(t, err)
 		assert.False(t, remote)
 		assert.Equal(t, "/foo/baz.yaml", string(p))
@@ -145,37 +145,42 @@ func Test_resolveFilePath(t *testing.T) {
 	t.Run("Relative repo path", func(t *testing.T) {
 		c, err := os.Getwd()
 		require.NoError(t, err)
-		p, remote, err := ResolveFilePath(".", ".", "baz.yaml", allowedRemoteProtocols)
+		p, remote, err := ResolveValueFilePathOrUrl(".", ".", "baz.yaml", allowedRemoteProtocols)
 		assert.NoError(t, err)
 		assert.False(t, remote)
 		assert.Equal(t, c+"/baz.yaml", string(p))
 	})
 	t.Run("Overlapping root prefix without trailing slash", func(t *testing.T) {
-		p, remote, err := ResolveFilePath(".", "/foo", "../foo2/baz.yaml", allowedRemoteProtocols)
+		p, remote, err := ResolveValueFilePathOrUrl(".", "/foo", "../foo2/baz.yaml", allowedRemoteProtocols)
 		assert.Error(t, err)
 		assert.Contains(t, err.Error(), "outside repository root")
 		assert.False(t, remote)
 		assert.Equal(t, "", string(p))
 	})
 	t.Run("Overlapping root prefix with trailing slash", func(t *testing.T) {
-		p, remote, err := ResolveFilePath(".", "/foo/", "../foo2/baz.yaml", allowedRemoteProtocols)
+		p, remote, err := ResolveValueFilePathOrUrl(".", "/foo/", "../foo2/baz.yaml", allowedRemoteProtocols)
 		assert.Error(t, err)
 		assert.Contains(t, err.Error(), "outside repository root")
 		assert.False(t, remote)
 		assert.Equal(t, "", string(p))
 	})
 	t.Run("Garbage input as values file", func(t *testing.T) {
-		p, remote, err := ResolveFilePath(".", "/foo/", "kfdj\\ks&&&321209.,---e32908923%$§!\"", allowedRemoteProtocols)
+		p, remote, err := ResolveValueFilePathOrUrl(".", "/foo/", "kfdj\\ks&&&321209.,---e32908923%$§!\"", allowedRemoteProtocols)
 		assert.Error(t, err)
 		assert.Contains(t, err.Error(), "outside repository root")
 		assert.False(t, remote)
 		assert.Equal(t, "", string(p))
 	})
 	t.Run("NUL-byte path input as values file", func(t *testing.T) {
-		p, remote, err := ResolveFilePath(".", "/foo/", "\000", allowedRemoteProtocols)
+		p, remote, err := ResolveValueFilePathOrUrl(".", "/foo/", "\000", allowedRemoteProtocols)
 		assert.Error(t, err)
 		assert.Contains(t, err.Error(), "outside repository root")
 		assert.False(t, remote)
 		assert.Equal(t, "", string(p))
 	})
+	t.Run("Resolve root path into absolute path - jsonnet library path", func(t *testing.T) {
+		p, err := ResolveFileOrDirectoryPath("/foo", "/foo", "./")
+		assert.NoError(t, err)
+		assert.Equal(t, "/foo", string(p))
+	})
 }
Author	SHA1	Message	Date
argo-bot	beef23b7a4	Bump version to 2.4.18	2022-12-16 15:57:45 +00:00
argo-bot	a97db48111	Bump version to 2.4.18	2022-12-16 15:57:36 +00:00
Leonardo Luz Almeida	69939d427a	docs: Clarification of the create namespace feature (#11723 ) * docs: Clarification of the create namespace feature Signed-off-by: Leonardo Luz Almeida <leonardo_almeida@intuit.com> * Address review suggestion Signed-off-by: Leonardo Luz Almeida <leonardo_almeida@intuit.com> Signed-off-by: Leonardo Luz Almeida <leonardo_almeida@intuit.com>	2022-12-16 08:33:29 -05:00
Michael Crenshaw	a7d22df297	fix: pin kubectl version (#11726 ) Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>	2022-12-16 02:11:59 +01:00
Michael Crenshaw	0f99cdd877	chore: fix flaky e2e test for immutable fields (#11685 ) Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>	2022-12-13 15:25:41 -05:00
dependabot[bot]	3c8c8adb37	chore(deps): bump actions/checkout from 3.1.0 to 3.2.0 (#11679 ) Bumps [actions/checkout](https://github.com/actions/checkout) from 3.1.0 to 3.2.0. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](`93ea575cb5...755da8c3cf`) Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-12-13 08:25:37 -05:00
Michael Crenshaw	e0b8b129a5	chore: fix flaky e2e test (#11670 ) Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>	2022-12-12 17:45:06 -05:00
Michael Crenshaw	12c6cf3e8c	chore: fix flaky e2e test (#11509 ) (#11654 ) * chore: fix flaky e2e test (#11509) Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * don't centralize mock response - tests should be independent Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>	2022-12-12 12:16:11 -05:00
Nicholas Morey	197e01b834	docs: kustomize has access to build environment (#11643 ) Current docs reflect that the build environment is not available to kustomize. Since https://github.com/argoproj/argo-cd/pull/8096 it is now exposed for kustomize. This updates the kustomize section of the docs to reflect that. Signed-off-by: Nicholas Morey <nicholas@morey.tech> Signed-off-by: Nicholas Morey <nicholas@morey.tech>	2022-12-11 15:58:51 -05:00
asingh	27ff21643e	docs: add warning for user when using replace sync option (#11566 ) * docs: adding warning to 'replace' sync option Signed-off-by: ashutosh16 <11219262+ashutosh16@users.noreply.github.com> * Update sync-options.md Signed-off-by: asingh <11219262+ashutosh16@users.noreply.github.com> Signed-off-by: ashutosh16 <11219262+ashutosh16@users.noreply.github.com> Signed-off-by: asingh <11219262+ashutosh16@users.noreply.github.com>	2022-12-09 14:23:09 -05:00
Alex Eftimie	ecdea743c2	fix(helm): login OCI Helm dependencies correctly (#8563 ) (#11327 ) Signed-off-by: Alex Eftimie <alex.eftimie@getyourguide.com> Signed-off-by: Alex Eftimie <alex.eftimie@getyourguide.com>	2022-12-07 12:53:32 -05:00
Alex Eftimie	fca6271d38	fix(helm): helm v3 doesn't have these flags (#11100 ) (#11540 ) * fix: helm v3 doesn't have these flags Signed-off-by: Alex Eftimie <alex.eftimie@getyourguide.com> * Revert repoAdd change. Was to greedy, ca-file is needed there Signed-off-by: Alex Eftimie <alex.eftimie@getyourguide.com> Signed-off-by: Alex Eftimie <alex.eftimie@getyourguide.com>	2022-12-07 12:43:58 -05:00
Michael Vittrup Larsen	186c4be175	docs: Add skipCrds and ignoreMissingValueFiles to application.yaml example (#11565 ) Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>	2022-12-06 09:51:12 -05:00
dependabot[bot]	e46ae882f1	chore(deps): bump decode-uri-component from 0.2.0 to 0.2.2 in /ui (#11533 ) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-12-03 22:11:28 -05:00
Michael Crenshaw	30f25ce113	Revert "fix: application stuck in infinite reconciliation loop if using wrong project (#11246 )" This reverts commit `1e53a3adcb`. Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>	2022-12-02 09:25:13 -05:00
dependabot[bot]	72f8ff370a	chore(deps): bump actions/setup-go from 3.3.1 to 3.4.0 (#11535 ) Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3.3.1 to 3.4.0. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](`c4a742cab1...d0a58c1c4d`) Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-12-02 08:54:45 -05:00
dependabot[bot]	955417ae4f	chore(deps): bump softprops/action-gh-release from 0.1.14 to 0.1.15 (#11534 ) Bumps [softprops/action-gh-release](https://github.com/softprops/action-gh-release) from 0.1.14 to 0.1.15. - [Release notes](https://github.com/softprops/action-gh-release/releases) - [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md) - [Commits](`1e07f43987...de2c0eb89a`) Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> --- updated-dependencies: - dependency-name: softprops/action-gh-release dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-12-02 08:53:40 -05:00
Michael Merrill	e091a92f6c	fix: add missing changes for bitbucket cloud SCM provider (#10143 ) (#11150 ) Signed-off-by: mmerrill3 <jjpaacks@gmail.com> Signed-off-by: mmerrill3 <jjpaacks@gmail.com>	2022-11-30 21:04:35 -05:00
Alexander Matyushentsev	de7d35b069	fix: expose missing ReactDOM to enable extensions implementation (#11495 ) Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com> Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>	2022-11-30 11:10:53 -08:00
Michael Crenshaw	b6d33ba162	chore: pin actions (#11360 ) Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>	2022-11-29 13:04:57 -05:00
Michael Crenshaw	e3ef547f16	chore: use set-output environment file (#10999 ) Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>	2022-11-29 09:48:36 -05:00
dependabot[bot]	2868c5aa0a	chore(deps): bump actions/upload-artifact from 2 to 3 (#11365 ) Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 2 to 3. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v2...v3) Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-11-18 22:08:01 -05:00
dependabot[bot]	ba5bab807c	chore(deps): bump actions/setup-node from 1 to 3 (#11364 ) Bumps [actions/setup-node](https://github.com/actions/setup-node) from 1 to 3. - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](https://github.com/actions/setup-node/compare/v1...v3) Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> --- updated-dependencies: - dependency-name: actions/setup-node dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-11-18 22:06:32 -05:00
dependabot[bot]	510e3a9557	chore(deps): bump codecov/codecov-action from 1 to 3 (#11362 ) Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 1 to 3. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/codecov/codecov-action/compare/v1...v3) Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-11-18 22:02:51 -05:00
dependabot[bot]	e52895aead	chore(deps): bump actions/download-artifact from 2 to 3 (#11361 ) Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 2 to 3. - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](https://github.com/actions/download-artifact/compare/v2...v3) Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> --- updated-dependencies: - dependency-name: actions/download-artifact dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-11-18 21:06:33 -05:00
Alexander Matyushentsev	1e53a3adcb	fix: application stuck in infinite reconciliation loop if using wrong project (#11246 ) * fix: application stuck in infinite reconciliation loop if using wrong project Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com> * add missing unit test Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com> Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>	2022-11-18 20:58:54 -05:00
Alex Eftimie	7f4b644231	fix: set HELM_CONFIG_HOME dir for oci registry authentication; fixes: #11284 (#11285 ) Signed-off-by: Alex Eftimie <alex.eftimie@getyourguide.com>	2022-11-17 14:27:39 -08:00
Michael Crenshaw	9fc46d2a0f	chore: use --password-stdin for docker login (#11331 ) Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>	2022-11-17 10:47:07 -05:00
Edmund Rhudy	547f666fb2	fix: UI can now get clusters with slashes in name (#9812 ) (#9813 ) * fix: #9812 UI can now get clusters with slashes in name Fixes #9812 If a cluster name has a slash in it, the API would not be able to fetch that cluster and would display "in-cluster (undefined)" for that application. This fixes that issue by URI-encoding the cluster name on the UI side and URI-decoding the cluster name on the API side. Signed-off-by: Edmund Rhudy <erhudy@users.noreply.github.com> * Retrigger CI pipeline Signed-off-by: Edmund Rhudy <erhudy@users.noreply.github.com> Signed-off-by: Edmund Rhudy <erhudy@users.noreply.github.com>	2022-11-17 09:56:12 -05:00
Shuai Zhang	41a2505bf8	fix: allow resolving repo root as jsonnet lib path (#11119 ) Signed-off-by: shuai-zh <shuaiz8023@gmail.com> Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>	2022-11-15 18:10:14 -05:00
Justin Marquis	b8feaf4db9	fix: use non distroless image for dex (#11219 ) * fix: use non distroless image for dex Signed-off-by: Justin Marquis <34fathombelow@protonmail.com> * change image in ci workflow Signed-off-by: Justin Marquis <34fathombelow@protonmail.com> Signed-off-by: Justin Marquis <34fathombelow@protonmail.com>	2022-11-09 08:26:14 -05:00
@@ -1 +1 @@
 .4.17
 .4.18