docs: Clarifying override RBAC needs (#16964)

Signed-off-by: Ryan Shatford <ryan@shatford.com>
Signed-off-by: Dan Garfield <dan@codefresh.io>
Co-authored-by: Ryan Shatford <ryan@shatford.com>
Co-authored-by: Dan Garfield <dan@codefresh.io>

.codecov.yml

@@ -7,8 +7,6 @@ ignore:
 - "pkg/apis/client/.*"
 - "pkg/client/.*"
 - "vendor/.*"
-- "test/.*"
-- "**/mocks/*"
 coverage:
   status:
     # we've found this not to be useful

.dockerignore

@@ -11,19 +11,3 @@ cmd/**/debug
 debug.test
 coverage.out
 ui/node_modules/
-test-results/
-test/
-manifests/
-hack/
-docs/
-examples/
-.github/
-!test/container
-!test/e2e/testdata
-!test/fixture
-!test/remote
-!hack/installers
-!hack/gpg-wrapper.sh
-!hack/git-verify-wrapper.sh
-!hack/tool-versions.sh
-!hack/install.sh

.gitattributes

@@ -1,18 +0,0 @@
-**/*.pb.go linguist-generated=true
-**/mocks/*.go linguist-generated=true
-assets/swagger.json linguist-generated=true
-docs/operator-manual/resource_actions_builtin.md linguist-generated=true
-docs/operator-manual/server-commands/argocd-*.md linguist-generated=true
-docs/user-guide/commands/argocd_*.md linguist-generated=true
-manifests/core-install.yaml linguist-generated=true
-manifests/core-install-with-hydrator.yaml linguist-generated=true
-manifests/crds/*-crd.yaml linguist-generated=true
-manifests/ha/install.yaml linguist-generated=true
-manifests/ha/install-with-hydrator.yaml linguist-generated=true
-manifests/ha/namespace-install.yaml linguist-generated=true
-manifests/ha/namespace-install-with-hydrator.yaml linguist-generated=true
-manifests/install.yaml linguist-generated=true
-manifests/install-with-hydrator.yaml linguist-generated=true
-manifests/namespace-install.yaml linguist-generated=true
-manifests/namespace-install-with-hydrator.yaml linguist-generated=true
-pkg/apis/api-rules/violation_exceptions.list linguist-generated=true

.github/ISSUE_TEMPLATE/bug_report.md

@@ -6,7 +6,7 @@ labels: 'bug'
 assignees: ''
 ---
 
-<!-- If you are trying to resolve an environment-specific issue or have a one-off question about the edge case that does not require a feature then please consider asking a question in argocd slack [channel](https://argoproj.github.io/community/join-slack). -->
+If you are trying to resolve an environment-specific issue or have a one-off question about the edge case that does not require a feature then please consider asking a question in argocd slack [channel](https://argoproj.github.io/community/join-slack).
 
 Checklist:
 
@@ -16,19 +16,19 @@ Checklist:
 
 **Describe the bug**
 
-<!-- A clear and concise description of what the bug is. -->
+A clear and concise description of what the bug is.
 
 **To Reproduce**
 
-<!-- A list of the steps required to reproduce the issue. Best of all, give us the URL to a repository that exhibits this issue. -->
+A list of the steps required to reproduce the issue. Best of all, give us the URL to a repository that exhibits this issue.
 
 **Expected behavior**
 
-<!-- A clear and concise description of what you expected to happen. -->
+A clear and concise description of what you expected to happen.
 
 **Screenshots**
 
-<!-- If applicable, add screenshots to help explain your problem. -->
+If applicable, add screenshots to help explain your problem.
 
 **Version**
 

.github/ISSUE_TEMPLATE/new_dev_tool.md

@@ -1,43 +0,0 @@
----
-name: New Dev Tool Request
-about: This is a request for adding a new tool for setting up a dev environment.
-title: ''
-labels: ''
-assignees: ''
----
-
-Checklist:
-
-* [ ] I am willing to maintain this tool, or have another Argo CD maintainer who is. 
-* [ ] I have another Argo CD maintainer who is willing to help maintain this tool (there needs to be at least two maintainers willing to maintain this tool)
-* [ ] I have a lead sponsor who is a core Argo CD maintainer
-* [ ] There is a PR which adds said tool - this is so that the maintainers can assess the impact of having this in the tree
-* [ ] I have given a motivation why this should be added
-
-### The proposer
-
-<-- The username(s) of the person(s) proposing the tool -->
-
-### The proposed tool
-
-<!-- The tool itself, with a link to the tool’s website -->
-
-### Motivation
-
-<!-- Why this tool would be useful to have in the tree. --> 
-
-### Link to PR (Optional)
-
-<!-- A PR adding the tool to the tree -->
-
-### Lead Sponsor(s)
-
-Final approval requires sponsorship from at least one core maintainer.
-
-- @<sponsor-1>
-
-### Co-sponsors
-
-These will be the co-maintainers of the specified tool.
-
-- @<sponsor-1>

.github/ISSUE_TEMPLATE/release.md

@@ -1,26 +0,0 @@
----
-name: Argo CD Release
-about: Used by our Release Champion to track progress of a minor release
-title: 'Argo CD Release vX.X'
-labels: 'release'
-assignees: ''
----
-
-Target RC1 date: ___. __, ____
-Target GA date: ___. __, ____
-
- - [ ] 1wk before feature freeze post in #argo-contributors that PRs must be merged by DD-MM-YYYY to be included in the release - ask approvers to drop items from milestone they can’t merge
- - [ ] At least two days before RC1 date, draft RC blog post and submit it for review (or delegate this task)
- - [ ] Cut RC1 (or delegate this task to an Approver and coordinate timing)
- - [ ] Create new release branch
-    - [ ] Add the release branch to ReadTheDocs
-    - [ ] Confirm that tweet and blog post are ready
-    - [ ] Trigger the release
-    - [ ] After the release is finished, publish tweet and blog post
-    - [ ] Post in #argo-cd and #argo-announcements with lots of emojis announcing the release and requesting help testing
- - [ ] Monitor support channels for issues, cherry-picking bugfixes and docs fixes as appropriate (or delegate this task to an Approver and coordinate timing)
- - [ ] At release date, evaluate if any bugs justify delaying the release. If not, cut the release (or delegate this task to an Approver and coordinate timing)
- - [ ] If unreleased changes are on the release branch for {current minor version minus 3}, cut a final patch release for that series (or delegate this task to an Approver and coordinate timing)
- - [ ] After the release, post in #argo-cd that the {current minor version minus 3} has reached EOL (example: https://cloud-native.slack.com/archives/C01TSERG0KZ/p1667336234059729)
- - [ ] (For the next release champion) Review the [items scheduled for the next release](https://github.com/orgs/argoproj/projects/25). If any item does not have an assignee who can commit to finish the feature, move it to the next release.
- - [ ] (For the next release champion) Schedule a time mid-way through the release cycle to review items again.

.github/ISSUE_TEMPLATE/security_logs.md

@@ -1,19 +0,0 @@
----
-name: Security log
-about: Propose adding security-related logs or tagging existing logs with security fields
-title: "seclog: [Event Description]"
-labels: security-log
-assignees: notfromstatefarm
----
-# Event to be logged
-
-Specify the event that needs to be logged or existing logs that need to be tagged.
-
-# Proposed level
-
-What security level should these events be logged under? Refer to https://argo-cd.readthedocs.io/en/latest/operator-manual/security/#security-field for more info.
-
-# Common Weakness Enumeration
-
-Is there an associated [CWE](https://cwe.mitre.org/) that could be tagged as well?
-

.github/cherry-pick-bot.yml

@@ -1,3 +0,0 @@
-enabled: true
-preservePullRequestTitle: true
-

.github/dependabot.yml

@@ -1,60 +0,0 @@
-version: 2
-updates:
-  - package-ecosystem: "gomod"
-    directory: "/"
-    schedule:
-      interval: "daily"
-    open-pull-requests-limit: 20
-    ignore:
-    - dependency-name: k8s.io/*
-    groups:
-      otel:
-        patterns:
-          - "go.opentelemetry.io/*"
-
-  - package-ecosystem: "github-actions"
-    directory: "/"
-    schedule:
-      interval: "daily"
-
-  - package-ecosystem: "npm"
-    directory: "/ui/"
-    schedule:
-      interval: "daily"
-
-# Disabled since this code is rarely used.
-#  - package-ecosystem: "npm"
-#    directory: "/ui-test/"
-#    schedule:
-#      interval: "daily"
-
-  - package-ecosystem: "docker"
-    directory: "/"
-    schedule:
-      interval: "daily"
-    ignore:
-      # We use consistent go and node versions across a lot of different files, and updating via dependabot would cause
-      # drift among those files, instead we let renovate bot handle them.
-      - dependency-name: "library/golang"
-      - dependency-name: "library/node"
-
-  - package-ecosystem: "docker"
-    directory: "/test/container/"
-    schedule:
-      interval: "daily"
-
-  - package-ecosystem: "docker"
-    directory: "/test/e2e/multiarch-container/"
-    schedule:
-      interval: "daily"
-
-  - package-ecosystem: "docker"
-    directory: "/test/remote/"
-    schedule:
-      interval: "daily"
-
-# Disabled since this code is rarely used.
-#  - package-ecosystem: "docker"
-#    directory: "/ui-test/"
-#    schedule:
-#      interval: "daily"

.github/pr-title-checker-config.json

@@ -1,15 +0,0 @@
-{
-    "LABEL": {
-      "name": "title needs formatting",
-      "color": "EEEEEE"
-    },
-    "CHECKS": {
-      "prefixes": ["[Bot] docs: "],
-      "regexp": "^(feat|fix|docs|test|ci|chore)!?(\\(.*\\))?!?:.*"
-    },
-    "MESSAGES": {
-      "success": "PR title is valid",
-      "failure": "PR title is invalid",
-      "notice": "PR Title needs to pass regex '^(feat|fix|docs|test|ci|chore)!?(\\(.*\\))?!?:.*"
-    }
-  }

.github/pull_request_template.md

@@ -1,24 +1,17 @@
-<!--
 Note on DCO:
 
 If the DCO action in the integration test fails, one or more of your commits are not signed off. Please click on the *Details* link next to the DCO action for instructions on how to resolve this.
--->
 
 Checklist:
 
 * [ ] Either (a) I've created an [enhancement proposal](https://github.com/argoproj/argo-cd/issues/new/choose) and discussed it with the community, (b) this is a bug fix, or (c) this does not need to be in the release notes.
 * [ ] The title of the PR states what changed and the related issues number (used for the release note).
-* [ ] The title of the PR conforms to the [Toolchain Guide](https://argo-cd.readthedocs.io/en/latest/developer-guide/toolchain-guide/#title-of-the-pr)
 * [ ] I've included "Closes [ISSUE #]" or "Fixes [ISSUE #]" in the description to automatically close the associated issue.
 * [ ] I've updated both the CLI and UI to expose my feature, or I plan to submit a second PR with them.
 * [ ] Does this PR require documentation updates?
 * [ ] I've updated documentation as required by this PR.
-* [ ] I have signed off all my commits as required by [DCO](https://github.com/argoproj/argoproj/blob/master/community/CONTRIBUTING.md#legal)
-* [ ] I have written unit and/or e2e tests for my change. PRs without these are unlikely to be merged.
-* [ ] My build is green ([troubleshooting builds](https://argo-cd.readthedocs.io/en/latest/developer-guide/ci/)).
-* [ ] My new feature complies with the [feature status](https://github.com/argoproj/argoproj/blob/master/community/feature-status.md) guidelines.
-* [ ] I have added a brief description of why this PR is necessary and/or what this PR solves.
 * [ ] Optional. My organization is added to USERS.md.
-* [ ] Optional. For bug fixes, I've indicated what older releases this fix should be cherry-picked into (this may or may not happen depending on risk/complexity).
+* [ ] I have signed off all my commits as required by [DCO](https://github.com/argoproj/argoproj/tree/master/community#contributing-to-argo)
+* [ ] I have written unit and/or e2e tests for my change. PRs without these are unlikely to be merged.
+* [ ] My build is green ([troubleshooting builds](https://argo-cd.readthedocs.io/en/latest/developer-guide/ci/)). 
 
-<!-- Please see [Contribution FAQs](https://argo-cd.readthedocs.io/en/latest/developer-guide/faq/) if you have questions about your pull-request. -->

.github/workflows/README.md

@@ -1,39 +0,0 @@
-# Workflows
-
-| Workflow           | Description                                                    |
-|--------------------|----------------------------------------------------------------|
-| ci-build.yaml      | Build, lint, test, codegen, build-ui, analyze, e2e-test        |
-| codeql.yaml        | CodeQL analysis                                                |
-| image-reuse.yaml   | Build, push, and Sign container images                         |
-| image.yaml         | Build container image for PR's & publish for push events       |
-| init-release.yaml  | Build manifests and version then create a PR for release branch|
-| pr-title-check.yaml| Lint PR for semantic information                               |
-| release.yaml       | Build images, cli-binaries, provenances, and post actions      |
-| scorecard.yaml     | Generate scorecard for supply-chain security                   |
-| update-snyk.yaml   | Scheduled snyk reports                                         |
-
-# Reusable workflows
-
-## image-reuse.yaml
-
-- The reusable workflow can be used to publish or build images with multiple container registries(Quay,GHCR, dockerhub), and then sign them with cosign when an image is published.
-- A GO version `must` be specified e.g. 1.21
-- The image name for each registry *must* contain the tag. Note: multiple tags are allowed for each registry using a CSV type.
-- Multiple platforms can be specified e.g. linux/amd64,linux/arm64
-- Images are not published by default. A boolean value must be set to `true` to push images.
-- An optional target can be specified.
-
-| Inputs            | Description                         | Type        | Required | Defaults        |
-|-------------------|-------------------------------------|-------------|----------|-----------------|
-| go-version        | Version of Go to be used            | string      | true     | none            |
-| quay_image_name   | Full image name and tag             | CSV, string | false    | none            |
-| ghcr_image_name   | Full image name and tag             | CSV, string | false    | none            |
-| docker_image_name | Full image name and tag             | CSV, string | false    | none            |
-| platforms         | Platforms to build (linux/amd64)    | CSV, string | false    | linux/amd64     |
-| push              | Whether to push image/s to registry | boolean     | false    | false           |
-| target            | Target build stage                  | string      | false    | none            |
-
-| Outputs     | Description                              | Type  |
-|-------------|------------------------------------------|-------|
-|image-digest | Image digest of image container created  | string|
-

.github/workflows/bump-major-version.yaml

@@ -1,89 +0,0 @@
-name: Bump major version
-on:
-  workflow_dispatch: {}
-
-permissions: {}
-
-jobs:
-  prepare-release:
-    permissions:
-      contents: write  # for peter-evans/create-pull-request to create branch
-      pull-requests: write  # for peter-evans/create-pull-request to create a PR
-    name: Automatically update major version
-    runs-on: ubuntu-22.04
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@8410ad0602e1e429cee44a835ae9f77f654a6694  # v4.0.0
-        with:
-          fetch-depth: 0
-          token: ${{ secrets.GITHUB_TOKEN }}
-
-      # Get the current major version from go.mod and save it as a variable.
-      - name: Get target version
-        id: get-target-version
-        run: |
-          set -ue
-          CURRENT_VERSION=$(grep 'module github.com/argoproj/argo-cd' go.mod | awk '{print $2}' | sed 's/.*\/v//')
-          echo "TARGET_VERSION=$((CURRENT_VERSION + 1))" >> $GITHUB_OUTPUT
-
-      - name: Copy source code to GOPATH
-        run: |
-          mkdir -p ~/go/src/github.com/argoproj
-          cp -a ../argo-cd ~/go/src/github.com/argoproj
-
-      - name: Run script to bump the version
-        run: |
-          hack/bump-major-version.sh
-        working-directory: /home/runner/go/src/github.com/argoproj/argo-cd
-
-      - name: Setup Golang
-        uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
-        with:
-          go-version: ${{ env.GOLANG_VERSION }}
-      - name: Add ~/go/bin to PATH
-        run: |
-          echo "/home/runner/go/bin" >> $GITHUB_PATH
-      - name: Add /usr/local/bin to PATH
-        run: |
-          echo "/usr/local/bin" >> $GITHUB_PATH
-      - name: Download & vendor dependencies
-        run: |
-          # We need to vendor go modules for codegen yet
-          go mod download
-          go mod vendor -v
-        working-directory: /home/runner/go/src/github.com/argoproj/argo-cd
-      - name: Install toolchain for codegen
-        run: |
-          make install-codegen-tools-local
-          make install-go-tools-local
-        working-directory: /home/runner/go/src/github.com/argoproj/argo-cd
-        # We install kustomize in the dist directory
-      - name: Add dist to PATH
-        run: |
-          echo "/home/runner/work/argo-cd/argo-cd/dist" >> $GITHUB_PATH
-      - name: Run codegen
-        run: |
-          set -x
-          export GOPATH=$(go env GOPATH)
-          make codegen-local
-        working-directory: /home/runner/go/src/github.com/argoproj/argo-cd
-
-      - name: Copy changes back
-        run: |
-          # Copy the contents back, but skip the .git directory
-          rsync -a --exclude=.git /home/runner/go/src/github.com/argoproj/argo-cd/ ../argo-cd
-
-      - name: Create pull request
-        uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e  # v7.0.8
-        with:
-          commit-message: "Bump major version to ${{ steps.get-target-version.outputs.TARGET_VERSION }}"
-          title: "Bump major version to ${{ steps.get-target-version.outputs.TARGET_VERSION }}"
-          body: |
-            Congrats! You've just bumped the major version to ${{ steps.get-target-version.outputs.TARGET_VERSION }}.
-            
-            Next steps:
-            - [ ] Merge this PR
-            - [ ] Add an upgrade guide to the docs for this version
-          branch: bump-major-version
-          branch-suffix: random
-          signoff: true

.github/workflows/ci-build.yaml

@@ -1,5 +1,5 @@
 name: Integration tests
-on:
+on: 
   push:
     branches:
       - 'master'
@@ -9,80 +9,48 @@ on:
   pull_request:
     branches:
       - 'master'
-      - 'release-*'
-
-env:
-  # Golang version to use across CI steps
-  # renovate: datasource=golang-version packageName=golang
-  GOLANG_VERSION: '1.25.5'
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: ${{ github.ref != 'refs/heads/master' }}
-
-permissions:
-  contents: read
 
 jobs:
-  changes:
+  build-docker:
+    name: Build Docker image
     runs-on: ubuntu-latest
-    outputs:
-      backend: ${{ steps.filter.outputs.backend_any_changed }}
-      frontend: ${{ steps.filter.outputs.frontend_any_changed }}
-      docs: ${{ steps.filter.outputs.docs_any_changed }}
-    steps:
-      - uses: actions/checkout@8410ad0602e1e429cee44a835ae9f77f654a6694 # v4.0.0
-      - uses: tj-actions/changed-files@ed68ef82c095e0d48ec87eccea555d944a631a4c # v46.0.5
-        id: filter
-        with:
-          # Any file which is not under docs/, ui/ or is not a markdown file is counted as a backend file
-          files_yaml: |
-            backend:
-              - '!ui/**'
-              - '!**.md'
-              - '!**/*.md'
-              - '!docs/**'
-            frontend:
-              - 'ui/**'
-              - Dockerfile
-            docs:
-              - 'docs/**'
-  check-go:
-    name: Ensure Go modules synchronicity
-    if: ${{ needs.changes.outputs.backend == 'true' }}
-    runs-on: ubuntu-22.04
-    needs:
-      - changes
+    if: github.head_ref != ''
     steps:
       - name: Checkout code
-        uses: actions/checkout@8410ad0602e1e429cee44a835ae9f77f654a6694 # v4.0.0
+        uses: actions/checkout@v2
+      - name: Build Docker image
+        run: |
+          make image
+  check-go:
+    name: Ensure Go modules synchronicity
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
       - name: Setup Golang
-        uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
+        uses: actions/setup-go@v1
         with:
-          go-version: ${{ env.GOLANG_VERSION }}
+          go-version: '1.14.12'
       - name: Download all Go modules
         run: |
           go mod download
-      - name: Check for tidiness of go.mod and go.sum
+      - name: Check for tidyness of go.mod and go.sum
         run: |
           go mod tidy
           git diff --exit-code -- .
 
   build-go:
     name: Build & cache Go code
-    if: ${{ needs.changes.outputs.backend == 'true' }}
-    runs-on: ubuntu-22.04
-    needs:
-      - changes
+    runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@8410ad0602e1e429cee44a835ae9f77f654a6694 # v4.0.0
+        uses: actions/checkout@v2
       - name: Setup Golang
-        uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
+        uses: actions/setup-go@v1
         with:
-          go-version: ${{ env.GOLANG_VERSION }}
+          go-version: '1.14.12'
       - name: Restore go build cache
-        uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
+        uses: actions/cache@v1
         with:
           path: ~/.cache/go-build
           key: ${{ runner.os }}-go-build-v1-${{ github.run_id }}
@@ -93,49 +61,33 @@ jobs:
         run: make build-local
 
   lint-go:
-    permissions:
-      contents: read # for actions/checkout to fetch code
-      pull-requests: read # for golangci/golangci-lint-action to fetch pull requests
     name: Lint Go code
-    if: ${{ needs.changes.outputs.backend == 'true' }}
-    runs-on: ubuntu-22.04
-    needs:
-      - changes
+    runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
-      - name: Setup Golang
-        uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0
-        with:
-          go-version: ${{ env.GOLANG_VERSION }}
+        uses: actions/checkout@v2
       - name: Run golangci-lint
-        uses: golangci/golangci-lint-action@1e7e51e771db61008b38414a730f564565cf7c20 # v9.2.0
+        uses: golangci/golangci-lint-action@v2
         with:
-          # renovate: datasource=go packageName=github.com/golangci/golangci-lint versioning=regex:^v(?<major>\d+)\.(?<minor>\d+)\.(?<patch>\d+)?$
-          version: v2.5.0
-          args: --verbose
+          version: v1.29
+          args: --timeout 5m --exclude SA5011
 
   test-go:
     name: Run unit tests for Go packages
-    if: ${{ needs.changes.outputs.backend == 'true' }}
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-latest
     needs:
       - build-go
-      - changes
-    env:
-      GITHUB_TOKEN: ${{ secrets.E2E_TEST_GITHUB_TOKEN || secrets.GITHUB_TOKEN }}
-      GITLAB_TOKEN: ${{ secrets.E2E_TEST_GITLAB_TOKEN }}
     steps:
       - name: Create checkout directory
         run: mkdir -p ~/go/src/github.com/argoproj
       - name: Checkout code
-        uses: actions/checkout@8410ad0602e1e429cee44a835ae9f77f654a6694 # v4.0.0
+        uses: actions/checkout@v2
       - name: Create symlink in GOPATH
         run: ln -s $(pwd) ~/go/src/github.com/argoproj/argo-cd
       - name: Setup Golang
-        uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
+        uses: actions/setup-go@v1
         with:
-          go-version: ${{ env.GOLANG_VERSION }}
+          go-version: '1.14.12'
       - name: Install required packages
         run: |
           sudo apt-get install git -y
@@ -153,17 +105,13 @@ jobs:
         run: |
           echo "/usr/local/bin" >> $GITHUB_PATH
       - name: Restore go build cache
-        uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
+        uses: actions/cache@v1
         with:
           path: ~/.cache/go-build
           key: ${{ runner.os }}-go-build-v1-${{ github.run_id }}
       - name: Install all tools required for building & testing
         run: |
           make install-test-tools-local
-        # We install kustomize in the dist directory
-      - name: Add dist to PATH
-        run: |
-          echo "/home/runner/work/argo-cd/argo-cd/dist" >> $GITHUB_PATH
       - name: Setup git username and email
         run: |
           git config --global user.name "John Doe"
@@ -173,33 +121,33 @@ jobs:
           go mod download
       - name: Run all unit tests
         run: make test-local
+      - name: Generate code coverage artifacts
+        uses: actions/upload-artifact@v2
+        with:
+          name: code-coverage
+          path: coverage.out
       - name: Generate test results artifacts
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@v2
         with:
           name: test-results
-          path: test-results
+          path: test-results/
 
   test-go-race:
-    name: Run unit tests with -race for Go packages
-    if: ${{ needs.changes.outputs.backend == 'true' }}
-    runs-on: ubuntu-22.04
+    name: Run unit tests with -race, for Go packages
+    runs-on: ubuntu-latest
     needs:
       - build-go
-      - changes
-    env:
-      GITHUB_TOKEN: ${{ secrets.E2E_TEST_GITHUB_TOKEN || secrets.GITHUB_TOKEN }}
-      GITLAB_TOKEN: ${{ secrets.E2E_TEST_GITLAB_TOKEN }}
     steps:
       - name: Create checkout directory
         run: mkdir -p ~/go/src/github.com/argoproj
       - name: Checkout code
-        uses: actions/checkout@8410ad0602e1e429cee44a835ae9f77f654a6694 # v4.0.0
+        uses: actions/checkout@v2
       - name: Create symlink in GOPATH
         run: ln -s $(pwd) ~/go/src/github.com/argoproj/argo-cd
       - name: Setup Golang
-        uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
+        uses: actions/setup-go@v1
         with:
-          go-version: ${{ env.GOLANG_VERSION }}
+          go-version: '1.14.12'
       - name: Install required packages
         run: |
           sudo apt-get install git -y
@@ -217,17 +165,13 @@ jobs:
         run: |
           echo "/usr/local/bin" >> $GITHUB_PATH
       - name: Restore go build cache
-        uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
+        uses: actions/cache@v1
         with:
           path: ~/.cache/go-build
           key: ${{ runner.os }}-go-build-v1-${{ github.run_id }}
       - name: Install all tools required for building & testing
         run: |
           make install-test-tools-local
-        # We install kustomize in the dist directory
-      - name: Add dist to PATH
-        run: |
-          echo "/home/runner/work/argo-cd/argo-cd/dist" >> $GITHUB_PATH
       - name: Setup git username and email
         run: |
           git config --global user.name "John Doe"
@@ -238,24 +182,21 @@ jobs:
       - name: Run all unit tests
         run: make test-race-local
       - name: Generate test results artifacts
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@v2
         with:
           name: race-results
           path: test-results/
 
   codegen:
     name: Check changes to generated code
-    if: ${{ needs.changes.outputs.backend == 'true' || needs.changes.outputs.docs == 'true'}}
-    runs-on: ubuntu-22.04
-    needs:
-      - changes
+    runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@8410ad0602e1e429cee44a835ae9f77f654a6694 # v4.0.0
+        uses: actions/checkout@v2
       - name: Setup Golang
-        uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
+        uses: actions/setup-go@v1
         with:
-          go-version: ${{ env.GOLANG_VERSION }}
+          go-version: '1.14.12'
       - name: Create symlink in GOPATH
         run: |
           mkdir -p ~/go/src/github.com/argoproj
@@ -277,10 +218,9 @@ jobs:
           make install-codegen-tools-local
           make install-go-tools-local
         working-directory: /home/runner/go/src/github.com/argoproj/argo-cd
-        # We install kustomize in the dist directory
-      - name: Add dist to PATH
+      - name: Initialize local Helm
         run: |
-          echo "/home/runner/work/argo-cd/argo-cd/dist" >> $GITHUB_PATH
+          helm2 init --client-only
       - name: Run codegen
         run: |
           set -x
@@ -296,22 +236,17 @@ jobs:
 
   build-ui:
     name: Build, test & lint UI code
-    # We run UI logic for backend changes so that we have a complete set of coverage documents to send to codecov.
-    if: ${{ needs.changes.outputs.backend == 'true' || needs.changes.outputs.frontend == 'true' }}
-    runs-on: ubuntu-22.04
-    needs:
-      - changes
+    runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@8410ad0602e1e429cee44a835ae9f77f654a6694 # v4.0.0
+        uses: actions/checkout@v2
       - name: Setup NodeJS
-        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
+        uses: actions/setup-node@v1
         with:
-          # renovate: datasource=node-version packageName=node versioning=node
-          node-version: '22.9.0'
+          node-version: '12.18.4'
       - name: Restore node dependency cache
         id: cache-dependencies
-        uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
+        uses: actions/cache@v1
         with:
           path: ui/node_modules
           key: ${{ runner.os }}-node-dep-v2-${{ hashFiles('**/yarn.lock') }}
@@ -324,140 +259,105 @@ jobs:
           yarn build
         env:
           NODE_ENV: production
-          NODE_ONLINE_ENV: online
-          HOST_ARCH: amd64
-          # If we're on the master branch, set the codecov token so that we upload bundle analysis
-          CODECOV_TOKEN: ${{ github.ref == 'refs/heads/master' && secrets.CODECOV_TOKEN || '' }}
         working-directory: ui/
       - name: Run ESLint
         run: yarn lint
         working-directory: ui/
 
-  shellcheck:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@8410ad0602e1e429cee44a835ae9f77f654a6694 # v4.0.0
-      - run: |
-          sudo apt-get install shellcheck
-          shellcheck -e SC2086 -e SC2046 -e SC2068 -e SC2206 -e SC2048 -e SC2059 -e SC2154 -e SC2034 -e SC2016 -e SC2128 -e SC1091 -e SC2207  $(find . -type f -name '*.sh') | tee sc.log
-          test ! -s sc.log
-
   analyze:
     name: Process & analyze test artifacts
-    if: ${{ needs.changes.outputs.backend == 'true' || needs.changes.outputs.frontend == 'true' }}
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-latest
     needs:
       - test-go
       - build-ui
-      - changes
-      - test-e2e
     env:
       sonar_secret: ${{ secrets.SONAR_TOKEN }}
     steps:
       - name: Checkout code
-        uses: actions/checkout@8410ad0602e1e429cee44a835ae9f77f654a6694 # v4.0.0
+        uses: actions/checkout@v2
         with:
           fetch-depth: 0
       - name: Restore node dependency cache
         id: cache-dependencies
-        uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
+        uses: actions/cache@v1
         with:
           path: ui/node_modules
           key: ${{ runner.os }}-node-dep-v2-${{ hashFiles('**/yarn.lock') }}
       - name: Remove other node_modules directory
         run: |
           rm -rf ui/node_modules/argo-ui/node_modules
-      - name: Get e2e code coverage
-        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
+      - name: Create test-results directory
+        run: |
+          mkdir -p test-results
+      - name: Get code coverage artifiact
+        uses: actions/download-artifact@v2
         with:
-          name: e2e-code-coverage
-          path: e2e-code-coverage
-      - name: Get unit test code coverage
-        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
+          name: code-coverage
+      - name: Get test result artifact
+        uses: actions/download-artifact@v2
         with:
           name: test-results
           path: test-results
-      - name: combine-go-coverage
-        # We generate coverage reports for all Argo CD components, but only the applicationset-controller,
-        # app-controller, repo-server, and commit-server report contain coverage data. The other components currently
-        # don't shut down gracefully, so no coverage data is produced. Once those components are fixed, we can add
-        # references to their coverage output directories.
-        run: |
-          go tool covdata percent -i=test-results,e2e-code-coverage/applicationset-controller,e2e-code-coverage/repo-server,e2e-code-coverage/app-controller,e2e-code-coverage/commit-server -o test-results/full-coverage.out
       - name: Upload code coverage information to codecov.io
-        uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3
+        uses: codecov/codecov-action@v1
         with:
-          files: test-results/full-coverage.out
-          fail_ci_if_error: true
-        env:
-          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
-      - name: Upload test results to Codecov
-        if: github.ref == 'refs/heads/master' && github.event_name == 'push' && github.repository == 'argoproj/argo-cd'
-        uses: codecov/test-results-action@47f89e9acb64b76debcd5ea40642d25a4adced9f # v1.1.1
-        with:
-          file: test-results/junit.xml
-          fail_ci_if_error: true
-          token: ${{ secrets.CODECOV_TOKEN }}
+          file: coverage.out
       - name: Perform static code analysis using SonarCloud
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
-        uses: SonarSource/sonarqube-scan-action@2500896589ef8f7247069a56136f8dc177c27ccf # v5.2.0
+          SCANNER_VERSION: 4.2.0.1873
+          SCANNER_PATH: /tmp/cache/scanner
+          OS: linux
+        run: |
+            # We do not use the provided action, because it does contain an old
+            # version of the scanner, and also takes time to build.
+            set -e
+            mkdir -p ${SCANNER_PATH}
+            export SONAR_USER_HOME=${SCANNER_PATH}/.sonar
+            if [[ ! -x "${SCANNER_PATH}/sonar-scanner-${SCANNER_VERSION}-${OS}/bin/sonar-scanner" ]]; then
+              curl -Ol https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-${SCANNER_VERSION}-${OS}.zip
+              unzip -qq -o sonar-scanner-cli-${SCANNER_VERSION}-${OS}.zip -d ${SCANNER_PATH}
+            fi
+
+            chmod +x ${SCANNER_PATH}/sonar-scanner-${SCANNER_VERSION}-${OS}/bin/sonar-scanner
+            chmod +x ${SCANNER_PATH}/sonar-scanner-${SCANNER_VERSION}-${OS}/jre/bin/java
+
+            # Explicitly set NODE_MODULES
+            export NODE_MODULES=${PWD}/ui/node_modules
+            export NODE_PATH=${PWD}/ui/node_modules
+
+            ${SCANNER_PATH}/sonar-scanner-${SCANNER_VERSION}-${OS}/bin/sonar-scanner
         if: env.sonar_secret != ''
+
   test-e2e:
     name: Run end-to-end tests
-    if: ${{ needs.changes.outputs.backend == 'true' }}
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-latest
     strategy:
-      fail-fast: false
       matrix:
-        # latest: true means that this version mush upload the coverage report to codecov.io
-        # We designate the latest version because we only collect code coverage for that version.
-        k3s:
-          - version: v1.34.2
-            latest: true
-          - version: v1.33.1
-            latest: false
-          - version: v1.32.1
-            latest: false
-          - version: v1.31.0
-            latest: false
-    needs:
+        k3s-version: [v1.20.2, v1.19.2, v1.18.9, v1.17.11, v1.16.15]
+    needs: 
       - build-go
-      - changes
     env:
       GOPATH: /home/runner/go
-      ARGOCD_FAKE_IN_CLUSTER: 'true'
-      ARGOCD_SSH_DATA_PATH: '/tmp/argo-e2e/app/config/ssh'
-      ARGOCD_TLS_DATA_PATH: '/tmp/argo-e2e/app/config/tls'
-      ARGOCD_E2E_SSH_KNOWN_HOSTS: '../fixture/certs/ssh_known_hosts'
-      ARGOCD_E2E_K3S: 'true'
-      ARGOCD_IN_CI: 'true'
-      ARGOCD_E2E_APISERVER_PORT: '8088'
-      ARGOCD_APPLICATION_NAMESPACES: 'argocd-e2e-external,argocd-e2e-external-2'
-      ARGOCD_SERVER: '127.0.0.1:8088'
-      GITHUB_TOKEN: ${{ secrets.E2E_TEST_GITHUB_TOKEN || secrets.GITHUB_TOKEN }}
-      GITLAB_TOKEN: ${{ secrets.E2E_TEST_GITLAB_TOKEN }}
+      ARGOCD_FAKE_IN_CLUSTER: "true"
+      ARGOCD_SSH_DATA_PATH: "/tmp/argo-e2e/app/config/ssh"
+      ARGOCD_TLS_DATA_PATH: "/tmp/argo-e2e/app/config/tls"
+      ARGOCD_E2E_SSH_KNOWN_HOSTS: "../fixture/certs/ssh_known_hosts"
+      ARGOCD_E2E_K3S: "true"
+      ARGOCD_IN_CI: "true"
+      ARGOCD_E2E_APISERVER_PORT: "8088"
+      ARGOCD_SERVER: "127.0.0.1:8088"
     steps:
-      - name: Free Disk Space (Ubuntu)
-        uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be
-        with:
-          large-packages: false
-          docker-images: false
-          swap-storage: false
-          tool-cache: false
       - name: Checkout code
-        uses: actions/checkout@8410ad0602e1e429cee44a835ae9f77f654a6694 # v4.0.0
+        uses: actions/checkout@v2
       - name: Setup Golang
-        uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
+        uses: actions/setup-go@v1
         with:
-          go-version: ${{ env.GOLANG_VERSION }}
-      - name: GH actions workaround - Kill XSP4 process
-        run: |
-          sudo pkill mono || true
+          go-version: '1.14.12'
       - name: Install K3S
         env:
-          INSTALL_K3S_VERSION: ${{ matrix.k3s.version }}+k3s1
+          INSTALL_K3S_VERSION: ${{ matrix.k3s-version }}+k3s1
         run: |
           set -x
           curl -sfL https://get.k3s.io | sh -
@@ -465,10 +365,9 @@ jobs:
           sudo mkdir -p $HOME/.kube && sudo chown -R runner $HOME/.kube
           sudo k3s kubectl config view --raw > $HOME/.kube/config
           sudo chown runner $HOME/.kube/config
-          sudo chmod go-r $HOME/.kube/config
           kubectl version
       - name: Restore go build cache
-        uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
+        uses: actions/cache@v1
         with:
           path: ~/.cache/go-build
           key: ${{ runner.os }}-go-build-v1-${{ github.run_id }}
@@ -478,13 +377,10 @@ jobs:
       - name: Add /usr/local/bin to PATH
         run: |
           echo "/usr/local/bin" >> $GITHUB_PATH
-      - name: Add ./dist to PATH
-        run: |
-          echo "$(pwd)/dist" >> $GITHUB_PATH
       - name: Download Go dependencies
         run: |
           go mod download
-          go install github.com/mattn/goreman@latest
+          go get github.com/mattn/goreman
       - name: Install all tools required for building & testing
         run: |
           make install-test-tools-local
@@ -494,9 +390,9 @@ jobs:
           git config --global user.email "john.doe@example.com"
       - name: Pull Docker image required for tests
         run: |
-          docker pull ghcr.io/dexidp/dex:v2.43.0
+          docker pull quay.io/dexidp/dex:v2.25.0
           docker pull argoproj/argo-cd-ci-builder:v1.0.0
-          docker pull redis:7.2.11-alpine
+          docker pull redis:5.0.10-alpine
       - name: Create target directory for binaries in the build-process
         run: |
           mkdir -p dist
@@ -509,11 +405,11 @@ jobs:
           # port 8080 which is not visible in netstat -tulpen, but still there
           # with a HTTP listener. We have API server listening on port 8088
           # instead.
-          make start-e2e-local COVERAGE_ENABLED=true 2>&1 | sed -r "s/[[:cntrl:]]\[[0-9]{1,3}m//g" > /tmp/e2e-server.log &
+          make start-e2e-local 2>&1 | sed -r "s/[[:cntrl:]]\[[0-9]{1,3}m//g" > /tmp/e2e-server.log &
           count=1
           until curl -f http://127.0.0.1:8088/healthz; do
             sleep 10;
-            if test $count -ge 180; then
+            if test $count -ge 60; then
               echo "Timeout"
               exit 1
             fi
@@ -523,40 +419,9 @@ jobs:
         run: |
           set -x
           make test-e2e-local
-          goreman run stop-all || echo "goreman trouble"
-          sleep 30
-      - name: Upload e2e coverage report
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
-        with:
-          name: e2e-code-coverage
-          path: /tmp/coverage
-        if: ${{ matrix.k3s.latest }}
       - name: Upload e2e-server logs
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@v2
         with:
-          name: e2e-server-k8s${{ matrix.k3s.version }}.log
+          name: e2e-server-k8s${{ matrix.k3s-version }}.log
           path: /tmp/e2e-server.log
         if: ${{ failure() }}
-
-  # workaround for status checks -- check this one job instead of each individual E2E job in the matrix
-  # this allows us to skip the entire matrix when it doesn't need to run while still having accurate status checks
-  # see:
-  # https://github.com/argoproj/argo-workflows/pull/12006
-  # https://github.com/orgs/community/discussions/9141#discussioncomment-2296809
-  # https://github.com/orgs/community/discussions/26822#discussioncomment-3305794
-  test-e2e-composite-result:
-    name: E2E Tests - Composite result
-    if: ${{ always() }}
-    needs:
-      - test-e2e
-      - changes
-    runs-on: ubuntu-22.04
-    steps:
-      - run: |
-          result="${{ needs.test-e2e.result }}"
-          # mark as successful even if skipped
-          if [[ $result == "success" || $result == "skipped" ]]; then
-            exit 0
-          else
-            exit 1
-          fi

.github/workflows/codeql.yml

@@ -2,44 +2,32 @@ name: "Code scanning - action"
 
 on:
   push:
-    # Secrets aren't available for dependabot on push. https://docs.github.com/en/enterprise-cloud@latest/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/troubleshooting-the-codeql-workflow#error-403-resource-not-accessible-by-integration-when-using-dependabot
-    branches-ignore:
-      - 'dependabot/**'
-      - 'cherry-pick-*'
   pull_request:
   schedule:
     - cron: '0 19 * * 0'
 
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
-
-permissions:
-  contents: read
-
 jobs:
   CodeQL-Build:
-    permissions:
-      actions: read  # for github/codeql-action/init to get workflow details
-      contents: read  # for actions/checkout to fetch code
-      security-events: write  # for github/codeql-action/autobuild to send a status report
-    if: github.repository == 'argoproj/argo-cd' || vars.enable_codeql
 
     # CodeQL runs on ubuntu-latest and windows-latest
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-latest
+
     steps:
     - name: Checkout repository
-      uses: actions/checkout@8410ad0602e1e429cee44a835ae9f77f654a6694 # v4.0.0
-
-    # Use correct go version. https://github.com/github/codeql-action/issues/1842#issuecomment-1704398087
-    - name: Setup Golang
-      uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
+      uses: actions/checkout@v2
       with:
-        go-version-file: go.mod
+        # We must fetch at least the immediate parents so that if this is
+        # a pull request then we can checkout the head.
+        fetch-depth: 2
+
+    # If this run was triggered by a pull request event, then checkout
+    # the head of the pull request instead of the merge commit.
+    - run: git checkout HEAD^2
+      if: ${{ github.event_name == 'pull_request' }}
       
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@8fcfedf57053e09257688fce7a0beeb18b1b9ae3 # v2.17.2
+      uses: github/codeql-action/init@v1
       # Override language selection by uncommenting this and choosing your languages
       # with:
       #   languages: go, javascript, csharp, python, cpp, java
@@ -47,7 +35,7 @@ jobs:
     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
-      uses: github/codeql-action/autobuild@8fcfedf57053e09257688fce7a0beeb18b1b9ae3 # v2.17.2
+      uses: github/codeql-action/autobuild@v1
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 https://git.io/JvXDl
@@ -61,4 +49,4 @@ jobs:
     #   make release
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@8fcfedf57053e09257688fce7a0beeb18b1b9ae3 # v2.17.2
+      uses: github/codeql-action/analyze@v1

.github/workflows/gh-pages.yaml

@@ -0,0 +1,30 @@
+name: Deploy
+
+on:
+  push:
+    branches:
+      - master
+  pull_request:
+    branches:
+      - 'master'
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v1
+      - name: Setup Python
+        uses: actions/setup-python@v1
+        with:
+          python-version: 3.x
+      - name: build
+        run: |
+          pip install -r docs/requirements.txt
+          mkdocs build
+      - name: deploy
+        if: ${{ github.event_name == 'push' }}
+        uses: peaceiris/actions-gh-pages@v2.5.0
+        env:
+          PERSONAL_TOKEN: ${{ secrets.PERSONAL_TOKEN }}
+          PUBLISH_BRANCH: gh-pages
+          PUBLISH_DIR: ./site

.github/workflows/image-reuse.yaml

@@ -1,170 +0,0 @@
-name: Publish and Sign Container Image
-on:
-  workflow_call:
-    inputs:
-      go-version:
-        required: true
-        type: string
-      quay_image_name:
-        required: false
-        type: string
-      ghcr_image_name:
-        required: false
-        type: string
-      docker_image_name:
-        required: false
-        type: string
-      platforms:
-        required: true
-        type: string
-      push:
-        required: true
-        type: boolean
-      target:
-        required: false
-        type: string
-
-    secrets:
-      quay_username:
-        required: false
-      quay_password:
-        required: false
-      ghcr_username:
-        required: false
-      ghcr_password:
-        required: false
-      docker_username:
-        required: false
-      docker_password:
-        required: false
-
-    outputs:
-      image-digest:
-        description: "sha256 digest of container image"
-        value: ${{ jobs.publish.outputs.image-digest }}
-
-permissions: {}
-
-jobs:
-  publish:
-    permissions:
-      contents: read
-      packages: write # Used to push images to `ghcr.io` if used.
-      id-token: write # Needed to create an OIDC token for keyless signing
-    runs-on: ubuntu-22.04
-    outputs:
-      image-digest: ${{ steps.image.outputs.digest }}
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@8410ad0602e1e429cee44a835ae9f77f654a6694 # v4.0.0
-        with:
-          fetch-depth: 0
-          token: ${{ secrets.GITHUB_TOKEN }}
-        if: ${{ github.ref_type == 'tag'}}
-
-      - name: Checkout code
-        uses: actions/checkout@8410ad0602e1e429cee44a835ae9f77f654a6694 # v4.0.0
-        if: ${{ github.ref_type != 'tag'}}
-
-      - name: Setup Golang
-        uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
-        with:
-          go-version: ${{ inputs.go-version }}
-          cache: false
-
-      - name: Install cosign
-        uses: sigstore/cosign-installer@fb28c2b6339dcd94da6e4cbcbc5e888961f6f8c3 # v3.9.0
-
-      - uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0
-      - uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
-
-      - name: Setup tags for container image as a CSV type
-        run: |
-          IMAGE_TAGS=$(for str in \
-            ${{ inputs.quay_image_name }} \
-            ${{ inputs.ghcr_image_name }} \
-            ${{ inputs.docker_image_name}}; do
-            echo -n "${str}",;done | sed 's/,$//')
-
-          echo $IMAGE_TAGS
-          echo "TAGS=$IMAGE_TAGS" >> $GITHUB_ENV
-
-      - name: Setup image namespace for signing, strip off the tag
-        run: |
-          TAGS=$(for tag in \
-            ${{ inputs.quay_image_name }} \
-            ${{ inputs.ghcr_image_name }} \
-            ${{ inputs.docker_image_name}}; do
-            echo -n "${tag}" | awk -F ":" '{print $1}' -;done)
-          
-            echo $TAGS
-            echo 'SIGNING_TAGS<<EOF' >> $GITHUB_ENV
-            echo $TAGS >> $GITHUB_ENV
-            echo 'EOF' >> $GITHUB_ENV
-
-      - name: Login to Quay.io
-        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
-        with:
-          registry: quay.io
-          username: ${{ secrets.quay_username }}
-          password: ${{ secrets.quay_password }}
-        if: ${{ inputs.quay_image_name && inputs.push }}
-
-      - name: Login to GitHub Container Registry
-        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
-        with:
-          registry: ghcr.io
-          username: ${{ secrets.ghcr_username }}
-          password: ${{ secrets.ghcr_password }}
-        if: ${{ inputs.ghcr_image_name && inputs.push }}
-
-      - name: Login to dockerhub Container Registry
-        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
-        with:
-          username: ${{ secrets.docker_username }}
-          password: ${{ secrets.docker_password }}
-        if: ${{ inputs.docker_image_name && inputs.push }}
-
-      - name: Set up build args for container image
-        run: |
-            echo "GIT_TAG=$(if [ -z "`git status --porcelain`" ]; then git describe --exact-match --tags HEAD 2>/dev/null; fi)" >> $GITHUB_ENV
-            echo "GIT_COMMIT=$(git rev-parse HEAD)" >> $GITHUB_ENV
-            echo "BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_ENV
-            echo "GIT_TREE_STATE=$(if [ -z "`git status --porcelain`" ]; then echo "clean" ; else echo "dirty"; fi)" >> $GITHUB_ENV
-
-      - name: Free Disk Space (Ubuntu)
-        uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be
-        with:
-          large-packages: false
-          docker-images: false
-          swap-storage: false
-          tool-cache: false
-
-      - name: Build and push container image
-        id: image
-        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 #v6.18.0
-        with:
-          context: .
-          platforms: ${{ inputs.platforms }}
-          push: ${{ inputs.push }}
-          tags: ${{ env.TAGS }}
-          target: ${{ inputs.target }}
-          provenance: false
-          sbom: false
-          build-args: |
-            GIT_TAG=${{env.GIT_TAG}}
-            GIT_COMMIT=${{env.GIT_COMMIT}}
-            BUILD_DATE=${{env.BUILD_DATE}}
-            GIT_TREE_STATE=${{env.GIT_TREE_STATE}}
-
-      - name: Sign container images
-        run: |
-          for signing_tag in $SIGNING_TAGS; do
-            cosign sign \
-            -a "repo=${{ github.repository }}" \
-            -a "workflow=${{ github.workflow }}" \
-            -a "sha=${{ github.sha }}" \
-            -y \
-            "$signing_tag"@${{ steps.image.outputs.digest }}
-          done
-        if: ${{ inputs.push }}

.github/workflows/image.yaml

@@ -4,115 +4,47 @@ on:
   push:
     branches:
       - master
-  pull_request:
-    branches:
-      - master
-    types: [labeled, unlabeled, opened, synchronize, reopened]
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
-
-permissions: {}
 
 jobs:
-  set-vars:
-    permissions:
-      contents: read
-    if: github.repository == 'argoproj/argo-cd'
-    runs-on: ubuntu-22.04
-    outputs:
-      image-tag: ${{ steps.image.outputs.tag}}
-      platforms: ${{ steps.platforms.outputs.platforms }}
+  publish:
+    runs-on: ubuntu-latest
+    env:
+      GOPATH: /home/runner/work/argo-cd/argo-cd
     steps:
-      - uses: actions/checkout@8410ad0602e1e429cee44a835ae9f77f654a6694 # v4.0.0
+      - uses: actions/setup-go@v1
+        with:
+          go-version: '1.14.12'
+      - uses: actions/checkout@master
+        with:
+          path: src/github.com/argoproj/argo-cd
 
-      - name: Set image tag for ghcr
-        run: echo "tag=$(cat ./VERSION)-${GITHUB_SHA::8}" >> $GITHUB_OUTPUT
+      # get image tag
+      - run: echo ::set-output name=tag::$(cat ./VERSION)-${GITHUB_SHA::8}
+        working-directory: ./src/github.com/argoproj/argo-cd
         id: image
 
-      - name: Determine image platforms to use
-        id: platforms
-        run: |
-          IMAGE_PLATFORMS=linux/amd64
-          if [[ "${{ github.event_name }}" == "push" || "${{ contains(github.event.pull_request.labels.*.name, 'test-multi-image') }}" == "true" ]]
-          then
-            IMAGE_PLATFORMS=linux/amd64,linux/arm64,linux/s390x,linux/ppc64le
-          fi
-          echo "Building image for platforms: $IMAGE_PLATFORMS"
-          echo "platforms=$IMAGE_PLATFORMS" >> $GITHUB_OUTPUT
+      # build
+      - run: |
+          docker images -a --format "{{.ID}}" | xargs -I {} docker rmi {}
+          make image DEV_IMAGE=true DOCKER_PUSH=false IMAGE_NAMESPACE=docker.pkg.github.com/argoproj/argo-cd IMAGE_TAG=${{ steps.image.outputs.tag }}
+        working-directory: ./src/github.com/argoproj/argo-cd
 
-  build-only:
-    needs: [set-vars]
-    permissions:
-      contents: read
-      packages: write # for pushing packages to GHCR, which is used by cd.apps.argoproj.io to avoid polluting Quay with tags
-      id-token: write # for creating OIDC tokens for signing.
-    if: ${{ github.repository == 'argoproj/argo-cd' && github.event_name != 'push' }}
-    uses: ./.github/workflows/image-reuse.yaml
-    with:
-      # Note: cannot use env variables to set go-version (https://docs.github.com/en/actions/using-workflows/reusing-workflows#limitations)
-      # renovate: datasource=golang-version packageName=golang
-      go-version: 1.25.5
-      platforms: ${{ needs.set-vars.outputs.platforms }}
-      push: false
+      # publish
+      - run: |
+          docker login docker.pkg.github.com --username $USERNAME --password $PASSWORD
+          docker push docker.pkg.github.com/argoproj/argo-cd/argocd:${{ steps.image.outputs.tag }}
+        env:
+          USERNAME: ${{ secrets.USERNAME }}
+          PASSWORD: ${{ secrets.TOKEN }}
 
-  build-and-publish:
-    needs: [set-vars]
-    permissions:
-      contents: read
-      packages: write # for pushing packages to GHCR, which is used by cd.apps.argoproj.io to avoid polluting Quay with tags
-      id-token: write # for creating OIDC tokens for signing.
-    if: ${{ github.repository == 'argoproj/argo-cd' && github.event_name == 'push' }}
-    uses: ./.github/workflows/image-reuse.yaml
-    with:
-      quay_image_name: quay.io/argoproj/argocd:latest
-      ghcr_image_name: ghcr.io/argoproj/argo-cd/argocd:${{ needs.set-vars.outputs.image-tag }}
-      # Note: cannot use env variables to set go-version (https://docs.github.com/en/actions/using-workflows/reusing-workflows#limitations)
-      # renovate: datasource=golang-version packageName=golang
-      go-version: 1.25.5
-      platforms: ${{ needs.set-vars.outputs.platforms }}
-      push: true
-    secrets:
-      quay_username: ${{ secrets.RELEASE_QUAY_USERNAME }}
-      quay_password: ${{ secrets.RELEASE_QUAY_TOKEN }}
-      ghcr_username: ${{ github.actor }}
-      ghcr_password: ${{ secrets.GITHUB_TOKEN }}
-
-  build-and-publish-provenance: # Push attestations to GHCR, latest image is polluting quay.io
-    needs:
-      - build-and-publish
-    permissions:
-      actions: read # for detecting the Github Actions environment.
-      id-token: write # for creating OIDC tokens for signing.
-      packages: write # for uploading attestations. (https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/container/README.md#known-issues)
-    if: ${{ github.repository == 'argoproj/argo-cd' && github.event_name == 'push' }}
-    # Must be refernced by a tag. https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/container/README.md#referencing-the-slsa-generator
-    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v2.1.0
-    with:
-      image: ghcr.io/argoproj/argo-cd/argocd
-      digest: ${{ needs.build-and-publish.outputs.image-digest }}
-      registry-username: ${{ github.actor }}
-    secrets:
-      registry-password: ${{ secrets.GITHUB_TOKEN }}
-
-  Deploy:
-    needs:
-      - build-and-publish
-      - set-vars
-    permissions:
-      contents: write # for git to push upgrade commit if not already deployed
-      packages: write # for pushing packages to GHCR, which is used by cd.apps.argoproj.io to avoid polluting Quay with tags
-    if: ${{ github.repository == 'argoproj/argo-cd' && github.event_name == 'push' }}
-    runs-on: ubuntu-22.04
-    steps:
-      - uses: actions/checkout@8410ad0602e1e429cee44a835ae9f77f654a6694 # v4.0.0
+      # deploy
       - run: git clone "https://$TOKEN@github.com/argoproj/argoproj-deployments"
         env:
           TOKEN: ${{ secrets.TOKEN }}
       - run: |
-          docker run -u $(id -u):$(id -g) -v $(pwd):/src -w /src --rm -t ghcr.io/argoproj/argo-cd/argocd:${{ needs.set-vars.outputs.image-tag }} kustomize edit set image quay.io/argoproj/argocd=ghcr.io/argoproj/argo-cd/argocd:${{ needs.set-vars.outputs.image-tag }}
+          docker run -v $(pwd):/src -w /src --rm -t lyft/kustomizer:v3.3.0 kustomize edit set image quay.io/argoproj/argocd=docker.pkg.github.com/argoproj/argo-cd/argocd:${{ steps.image.outputs.tag }}
           git config --global user.email 'ci@argoproj.com'
           git config --global user.name 'CI'
-          git diff --exit-code && echo 'Already deployed' || (git commit -am 'Upgrade argocd to ${{ needs.set-vars.outputs.image-tag }}' && git push)
+          git diff --exit-code && echo 'Already deployed' || (git commit -am 'Upgrade argocd to ${{ steps.image.outputs.tag }}' && git push)
         working-directory: argoproj-deployments/argocd
+      # TODO: clean up old images once github supports it: https://github.community/t5/How-to-use-Git-and-GitHub/Deleting-images-from-Github-Package-Registry/m-p/41202/thread-id/9811

.github/workflows/init-release.yaml

@@ -1,77 +0,0 @@
-name: Init ArgoCD Release
-on:
-  workflow_dispatch:
-    inputs:
-      TARGET_BRANCH:
-        description: 'TARGET_BRANCH to checkout (e.g. release-2.5)'
-        required: true
-        type: string
-
-      TARGET_VERSION:
-        description: 'TARGET_VERSION to build manifests (e.g. 2.5.0-rc1) Note: the `v` prefix is not used'
-        required: true
-        type: string
-
-permissions: {}
-
-jobs:
-  prepare-release:
-    permissions:
-      contents: write  # for peter-evans/create-pull-request to create branch
-      pull-requests: write  # for peter-evans/create-pull-request to create a PR
-    name: Automatically generate version and manifests on ${{ inputs.TARGET_BRANCH }}
-    runs-on: ubuntu-22.04
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@8410ad0602e1e429cee44a835ae9f77f654a6694  # v4.0.0
-        with:
-          fetch-depth: 0
-          token: ${{ secrets.GITHUB_TOKEN }}
-          ref: ${{ inputs.TARGET_BRANCH }}
-
-      - name: Check if TARGET_VERSION is well formed.
-        run: |
-          set -xue
-          # Target version must not contain 'v' prefix
-          if echo "${{ inputs.TARGET_VERSION }}" | grep -e '^v'; then
-            echo "::error::Target version '${{ inputs.TARGET_VERSION }}' should not begin with a 'v' prefix, refusing to continue." >&2
-            exit 1
-          fi
-
-      - name: Create VERSION information
-        run: |
-          set -ue
-          echo "Bumping version from $(cat VERSION) to ${{ inputs.TARGET_VERSION }}"
-          echo "${{ inputs.TARGET_VERSION }}" > VERSION
-
-        # We install kustomize in the dist directory
-      - name: Add dist to PATH
-        run: |
-          echo "/home/runner/work/argo-cd/argo-cd/dist" >> $GITHUB_PATH
-
-      - name: Generate new set of manifests
-        run: |
-          set -ue
-          make install-codegen-tools-local
-          make manifests-local VERSION=${{ inputs.TARGET_VERSION }}
-          git diff
-
-      - name: Generate version compatibility table
-        run: |
-          git stash
-          bash hack/update-supported-versions.sh
-          git add -u .
-          git stash pop
-
-      - name: Create pull request
-        uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e  # v7.0.8
-        with:
-          commit-message: "Bump version to ${{ inputs.TARGET_VERSION }}"
-          title: "Bump version to ${{ inputs.TARGET_VERSION }} on ${{ inputs.TARGET_BRANCH }} branch"
-          body: Updating VERSION and manifests to ${{ inputs.TARGET_VERSION }}
-          branch: update-version
-          branch-suffix: random
-          signoff: true
-          labels: release
-
-

.github/workflows/pr-title-check.yml

@@ -1,29 +0,0 @@
-name: "Lint PR"
-
-on:
-  pull_request_target:
-    types: [opened, edited, reopened, synchronize]
-
-# IMPORTANT: No checkout actions, scripts, or builds should be added to this workflow. Permissions should always be used
-# with extreme caution. https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request_target
-permissions: {}
-
-# PR updates can happen in quick succession leading to this
-# workflow being trigger a number of times. This limits it
-# to one run per PR.
-concurrency:
-  group: ${{ github.workflow }}-${{ github.head_ref }}
-  cancel-in-progress: true
-
-jobs:
-  validate:
-    permissions:
-      contents: read
-      pull-requests: read
-    name: Validate PR Title
-    runs-on: ubuntu-latest
-    steps:
-      - uses: thehanimo/pr-title-checker@7fbfe05602bdd86f926d3fb3bccb6f3aed43bc70 # v1.4.3
-        with:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          configuration_path: ".github/pr-title-checker-config.json"

.github/workflows/release.yaml

@@ -1,328 +1,311 @@
-name: Publish ArgoCD Release
+name: Create ArgoCD release
 on:
   push:
     tags:
-      - 'v*'
-      - '!v2.4*'
-      - '!v2.5*'
-      - '!v2.6*'
-
-permissions: {}
-
-env:
-  # renovate: datasource=golang-version packageName=golang
-  GOLANG_VERSION: '1.25.5' # Note: go-version must also be set in job argocd-image.with.go-version
-
+      - 'release-v*'
+      - '!release-v1.5*'
+      - '!release-v1.4*'
+      - '!release-v1.3*'
+      - '!release-v1.2*'
+      - '!release-v1.1*'
+      - '!release-v1.0*'
+      - '!release-v0*'
 jobs:
-  argocd-image:
-    permissions:
-      contents: read
-      id-token: write # for creating OIDC tokens for signing.
-      packages: write # used to push images to `ghcr.io` if used.
-    if: github.repository == 'argoproj/argo-cd'
-    uses: ./.github/workflows/image-reuse.yaml
-    with:
-      quay_image_name: quay.io/argoproj/argocd:${{ github.ref_name }}
-      # Note: cannot use env variables to set go-version (https://docs.github.com/en/actions/using-workflows/reusing-workflows#limitations)
-      # renovate: datasource=golang-version packageName=golang
-      go-version: 1.25.5
-      platforms: linux/amd64,linux/arm64,linux/s390x,linux/ppc64le
-      push: true
-    secrets:
-      quay_username: ${{ secrets.RELEASE_QUAY_USERNAME }}
-      quay_password: ${{ secrets.RELEASE_QUAY_TOKEN }}
-
-  setup-variables:
-    name: Setup Release Variables
-    if: github.repository == 'argoproj/argo-cd'
-    runs-on: ubuntu-22.04
-    outputs:
-      is_pre_release: ${{ steps.var.outputs.is_pre_release }}
-      is_latest_release: ${{ steps.var.outputs.is_latest_release }}
+  prepare-release:
+    name: Perform automatic release on trigger ${{ github.ref }}
+    runs-on: ubuntu-latest
+    env:
+      # The name of the tag as supplied by the GitHub event
+      SOURCE_TAG: ${{ github.ref }}
+      # The image namespace where Docker image will be published to
+      IMAGE_NAMESPACE: argoproj
+      # Whether to create & push image and release assets
+      DRY_RUN: false
+      # Whether a draft release should be created, instead of public one
+      DRAFT_RELEASE: false
+      # Whether to update homebrew with this release as well
+      # Set RELEASE_HOMEBREW_TOKEN secret in repository for this to work - needs
+      # access to public repositories
+      UPDATE_HOMEBREW: false
+      # Name of the GitHub user for Git config
+      GIT_USERNAME: argo-bot
+      # E-Mail of the GitHub user for Git config
+      GIT_EMAIL: argoproj@gmail.com
     steps:
       - name: Checkout code
-        uses: actions/checkout@8410ad0602e1e429cee44a835ae9f77f654a6694 # v4.0.0
+        uses: actions/checkout@v2
         with:
           fetch-depth: 0
           token: ${{ secrets.GITHUB_TOKEN }}
-      - name: Setup variables
-        id: var
+
+      - name: Check if the published tag is well formed and setup vars
         run: |
           set -xue
-          # Fetch all tag information
-          git fetch --prune --tags --force
+          # Target version must match major.minor.patch and optional -rcX suffix
+          # where X must be a number.
+          TARGET_VERSION=${SOURCE_TAG#*release-v}
+          if ! echo "${TARGET_VERSION}" | egrep '^[0-9]+\.[0-9]+\.[0-9]+(-rc[0-9]+)*$'; then
+            echo "::error::Target version '${TARGET_VERSION}' is malformed, refusing to continue." >&2
+            exit 1
+          fi
 
-          LATEST_RELEASE_TAG=$(git -c 'versionsort.suffix=-rc' tag --list --sort=version:refname | grep -v '-' | tail -n1)
+          # Target branch is the release branch we're going to operate on
+          # Its name is 'release-<major>.<minor>'
+          TARGET_BRANCH="release-${TARGET_VERSION%\.[0-9]*}"
 
+          # The release tag is the source tag, minus the release- prefix
+          RELEASE_TAG="${SOURCE_TAG#*release-}"
+
+          # Whether this is a pre-release (indicated by -rc suffix)
           PRE_RELEASE=false
-          # Check if latest tag is a pre-release
-          if echo ${{ github.ref_name }} | grep -E -- '-rc[0-9]+$';then
+          if echo "${RELEASE_TAG}" | egrep -- '-rc[0-9]+$'; then
             PRE_RELEASE=true
           fi
 
-          IS_LATEST=false
-          # Ensure latest release tag matches github.ref_name
-          if [[ $LATEST_RELEASE_TAG == ${{ github.ref_name }} ]];then
-            IS_LATEST=true
+          # We must not have a release trigger within the same release branch,
+          # because that means a release for this branch is already running.
+          if git tag -l | grep "release-v${TARGET_VERSION%\.[0-9]*}" | grep -v "release-v${TARGET_VERSION}"; then
+            echo "::error::Another release for branch ${TARGET_BRANCH} is currently in progress."
+            exit 1
           fi
-          echo "is_pre_release=$PRE_RELEASE" >> $GITHUB_OUTPUT
-          echo "is_latest_release=$IS_LATEST" >> $GITHUB_OUTPUT
 
-  argocd-image-provenance:
-    needs: [argocd-image]
-    permissions:
-      actions: read # for detecting the Github Actions environment.
-      id-token: write # for creating OIDC tokens for signing.
-      packages: write # for uploading attestations. (https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/container/README.md#known-issues)
-    # Must be refernced by a tag. https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/container/README.md#referencing-the-slsa-generator
-    if: github.repository == 'argoproj/argo-cd'
-    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v2.1.0
-    with:
-      image: quay.io/argoproj/argocd
-      digest: ${{ needs.argocd-image.outputs.image-digest }}
-    secrets:
-      registry-username: ${{ secrets.RELEASE_QUAY_USERNAME }}
-      registry-password: ${{ secrets.RELEASE_QUAY_TOKEN }}
-
-  goreleaser:
-    needs:
-      - setup-variables
-      - argocd-image
-      - argocd-image-provenance
-    permissions:
-      contents: write # used for uploading assets
-    if: github.repository == 'argoproj/argo-cd'
-    runs-on: ubuntu-22.04
-    env:
-      GORELEASER_MAKE_LATEST: ${{ needs.setup-variables.outputs.is_latest_release }}
-    outputs:
-      hashes: ${{ steps.hash.outputs.hashes }}
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@8410ad0602e1e429cee44a835ae9f77f654a6694 # v4.0.0
-        with:
-          fetch-depth: 0
-          token: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Fetch all tags
-        run: git fetch --force --tags
-
-      - name: Setup Golang
-        uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
-        with:
-          go-version: ${{ env.GOLANG_VERSION }}
-          cache: false
-
-      - name: Set GORELEASER_PREVIOUS_TAG # Workaround, GoReleaser uses 'git-describe' to determine a previous tag. Our tags are created in release branches.
-        run: |
-          set -xue
-          GORELEASER_PREVIOUS_TAG=$(go run hack/get-previous-release/get-previous-version-for-release-notes.go ${{ github.ref_name }}) || exit 1
-          echo "GORELEASER_PREVIOUS_TAG=$GORELEASER_PREVIOUS_TAG" >> $GITHUB_ENV
-
-      - name: Set environment variables for ldflags
-        id: set_ldflag
-        run: |
-          echo "KUBECTL_VERSION=$(go list -m k8s.io/client-go | head -n 1 | rev | cut -d' ' -f1 | rev)" >> $GITHUB_ENV
-          echo "GIT_TREE_STATE=$(if [ -z "`git status --porcelain`" ]; then echo "clean" ; else echo "dirty"; fi)" >> $GITHUB_ENV
-
-      - name: Free Disk Space (Ubuntu)
-        uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be
-        with:
-          large-packages: false
-          docker-images: false
-          swap-storage: false
-          tool-cache: false
-
-      - name: Run GoReleaser
-        uses: goreleaser/goreleaser-action@9c156ee8a17a598857849441385a2041ef570552 # v6.3.0
-        id: run-goreleaser
-        with:
-          version: latest
-          args: release --clean --timeout 55m
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          KUBECTL_VERSION: ${{ env.KUBECTL_VERSION }}
-          GIT_TREE_STATE: ${{ env.GIT_TREE_STATE }}
-
-      - name: Generate subject for provenance
-        id: hash
-        env:
-          ARTIFACTS: '${{ steps.run-goreleaser.outputs.artifacts }}'
-        run: |
-          set -euo pipefail
-
-          hashes=$(echo $ARTIFACTS | jq --raw-output '.[] | {name, "digest": (.extra.Digest // .extra.Checksum)} | select(.digest) | {digest} + {name} | join("  ") | sub("^sha256:";"")' | base64 -w0)
-          if test "$hashes" = ""; then # goreleaser < v1.13.0
-            checksum_file=$(echo "$ARTIFACTS" | jq -r '.[] | select (.type=="Checksum") | .path')
-            hashes=$(cat $checksum_file | base64 -w0)
+          # Ensure that release do not yet exist
+          if git rev-parse ${RELEASE_TAG}; then
+            echo "::error::Release tag ${RELEASE_TAG} already exists in repository. Refusing to continue."
+            exit 1
           fi
-          echo "hashes=$hashes" >> $GITHUB_OUTPUT
 
-  goreleaser-provenance:
-    needs: [goreleaser]
-    permissions:
-      actions: read # for detecting the Github Actions environment
-      id-token: write # Needed for provenance signing and ID
-      contents: write #  Needed for release uploads
-    if: github.repository == 'argoproj/argo-cd'
-    # Must be refernced by a tag. https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/container/README.md#referencing-the-slsa-generator
-    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.1.0
-    with:
-      base64-subjects: '${{ needs.goreleaser.outputs.hashes }}'
-      provenance-name: 'argocd-cli.intoto.jsonl'
-      upload-assets: true
+          # Make the variables available in follow-up steps
+          echo "TARGET_VERSION=${TARGET_VERSION}" >> $GITHUB_ENV
+          echo "TARGET_BRANCH=${TARGET_BRANCH}" >> $GITHUB_ENV
+          echo "RELEASE_TAG=${RELEASE_TAG}" >> $GITHUB_ENV
+          echo "PRE_RELEASE=${PRE_RELEASE}" >> $GITHUB_ENV
 
-  generate-sbom:
-    name: Create SBOM and generate hash
-    needs:
-      - argocd-image
-      - goreleaser
-    permissions:
-      contents: write # Needed for release uploads
-    outputs:
-      hashes: ${{ steps.sbom-hash.outputs.hashes }}
-    if: github.repository == 'argoproj/argo-cd'
-    runs-on: ubuntu-22.04
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@8410ad0602e1e429cee44a835ae9f77f654a6694 # v4.0.0
-        with:
-          fetch-depth: 0
-          token: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Setup Golang
-        uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
-        with:
-          go-version: ${{ env.GOLANG_VERSION }}
-          cache: false
-
-      - name: Generate SBOM (spdx)
-        id: spdx-builder
-        env:
-          # defines the spdx/spdx-sbom-generator version to use.
-          SPDX_GEN_VERSION: v0.0.13
-          # defines the sigs.k8s.io/bom version to use.
-          SIGS_BOM_VERSION: v0.2.1
-          # comma delimited list of project relative folders to inspect for package
-          # managers (gomod, yarn, npm).
-          PROJECT_FOLDERS: '.,./ui'
-          # full qualified name of the docker image to be inspected
-          DOCKER_IMAGE: quay.io/argoproj/argocd:${{ github.ref_name }}
+      - name: Check if our release tag has a correct annotation
         run: |
-          yarn install --cwd ./ui
-          go install github.com/spdx/spdx-sbom-generator/cmd/generator@$SPDX_GEN_VERSION
-          go install sigs.k8s.io/bom/cmd/bom@$SIGS_BOM_VERSION
+          set -ue
+          # Fetch all tag information as well
+          git fetch --prune --tags --force
 
-          # Generate SPDX for project dependencies analyzing package managers
-          for folder in $(echo $PROJECT_FOLDERS | sed "s/,/ /g")
-          do
-            generator -p $folder -o /tmp
+          echo "=========== BEGIN COMMIT MESSAGE ============="
+          git show ${SOURCE_TAG}
+          echo "============ END COMMIT MESSAGE =============="
+          
+          # Quite dirty hack to get the release notes from the annotated tag
+          # into a temporary file.
+          RELEASE_NOTES=$(mktemp -p /tmp release-notes.XXXXXX)
+
+          prefix=true
+          begin=false
+          git show ${SOURCE_TAG} | while read line; do
+            # Whatever is in commit history for the tag, we only want that
+            # annotation from our tag. We discard everything else.
+            if test "$begin" = "false"; then
+              if echo "$line" | grep -q "tag ${SOURCE_TAG#refs/tags/}"; then begin="true"; fi
+              continue
+            fi
+            if test "$prefix" = "true"; then
+                  if test -z "$line"; then prefix=false; fi
+            else
+                  if echo "$line" | egrep -q '^commit [0-9a-f]+'; then
+                          break
+                  fi
+                  echo "$line" >> ${RELEASE_NOTES}
+            fi
           done
 
-          # Generate SPDX for binaries analyzing the docker image
-          if [[ ! -z $DOCKER_IMAGE ]]; then
-            bom generate -o /tmp/bom-docker-image.spdx -i $DOCKER_IMAGE
+          # For debug purposes
+          echo "============BEGIN RELEASE NOTES================="
+          cat ${RELEASE_NOTES}
+          echo "=============END RELEASE NOTES=================="
+
+          # Too short release notes are suspicious. We need at least 100 bytes.
+          relNoteLen=$(stat -c '%s' $RELEASE_NOTES)
+          if test $relNoteLen -lt 100; then
+            echo "::error::No release notes provided in tag annotation (or tag is not annotated)"
+            exit 1
           fi
 
-          cd /tmp && tar -zcf sbom.tar.gz *.spdx
+          # Check for magic string '## Quick Start' in head of release notes
+          if ! head -2 ${RELEASE_NOTES} | grep -iq '## Quick Start'; then
+            echo "::error::Release notes seem invalid, quick start section not found."
+            exit 1
+          fi
 
-      - name: Generate SBOM hash
-        shell: bash
-        id: sbom-hash
-        run: |
-          # sha256sum generates sha256 hash for sbom.
-          # base64 -w0 encodes to base64 and outputs on a single line.
-          # sha256sum /tmp/sbom.tar.gz ... | base64 -w0
-          echo "hashes=$(sha256sum /tmp/sbom.tar.gz | base64 -w0)" >> "$GITHUB_OUTPUT"
+          # We store path to temporary release notes file for later reading, we
+          # need it when creating release.
+          echo "RELEASE_NOTES=${RELEASE_NOTES}" >> $GITHUB_ENV
 
-      - name: Upload SBOM
-        uses: softprops/action-gh-release@72f2c25fcb47643c292f7107632f7a47c1df5cd8 # v2.3.2
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      - name: Setup Golang
+        uses: actions/setup-go@v1
         with:
-          files: |
-            /tmp/sbom.tar.gz
-
-  sbom-provenance:
-    needs: [generate-sbom]
-    permissions:
-      actions: read # for detecting the Github Actions environment
-      id-token: write # Needed for provenance signing and ID
-      contents: write #  Needed for release uploads
-    if: github.repository == 'argoproj/argo-cd'
-    # Must be referenced by a tag. https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/container/README.md#referencing-the-slsa-generator
-    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.1.0
-    with:
-      base64-subjects: '${{ needs.generate-sbom.outputs.hashes }}'
-      provenance-name: 'argocd-sbom.intoto.jsonl'
-      upload-assets: true
-
-  post-release:
-    needs:
-      - setup-variables
-      - argocd-image
-      - goreleaser
-      - generate-sbom
-    permissions:
-      contents: write # Needed to push commit to update stable tag
-      pull-requests: write # Needed to create PR for VERSION update.
-    if: github.repository == 'argoproj/argo-cd'
-    runs-on: ubuntu-22.04
-    env:
-      TAG_STABLE: ${{ needs.setup-variables.outputs.is_latest_release }}
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@8410ad0602e1e429cee44a835ae9f77f654a6694 # v4.0.0
-        with:
-          fetch-depth: 0
-          token: ${{ secrets.GITHUB_TOKEN }}
+          go-version: '1.14.12'
 
       - name: Setup Git author information
         run: |
           set -ue
-          git config --global user.email 'ci@argoproj.com'
-          git config --global user.name 'CI'
+          git config --global user.email "${GIT_EMAIL}"
+          git config --global user.name "${GIT_USERNAME}"
 
-      - name: Update stable tag to latest version
+      - name: Checkout corresponding release branch
         run: |
-          git tag -f stable ${{ github.ref_name }}
-          git push -f origin stable
-        if: ${{ env.TAG_STABLE == 'true' }}
-
-      - name: Check to see if VERSION should be updated on master branch
-        run: |
-          set -xue
-          SOURCE_TAG=${{ github.ref_name }}
-          VERSION_REF="${SOURCE_TAG#*v}"
-          COMMIT_HASH=$(git rev-parse HEAD)
-          if echo "$VERSION_REF" | grep -E -- '^[0-9]+\.[0-9]+\.0-rc1';then
-            VERSION=$(awk 'BEGIN {FS=OFS="."} {$2++; print}' <<< "${VERSION_REF%-rc1}")
-            echo "Updating VERSION to: $VERSION"
-            echo "UPDATE_VERSION=true" >> $GITHUB_ENV
-            echo "NEW_VERSION=$VERSION" >> $GITHUB_ENV
-            echo "COMMIT_HASH=$COMMIT_HASH" >> $GITHUB_ENV
-          else
-            echo "Not updating VERSION"
-            echo "UPDATE_VERSION=false" >> $GITHUB_ENV
+          set -ue
+          echo "Switching to release branch '${TARGET_BRANCH}'"
+          if ! git checkout ${TARGET_BRANCH}; then
+            echo "::error::Checking out release branch '${TARGET_BRANCH}' for target version '${TARGET_VERSION}' (tagged '${RELEASE_TAG}') failed. Does it exist in repo?"
+            exit 1
           fi
 
-      - name: Update VERSION on master branch
+      - name: Create VERSION information
         run: |
-          echo ${{ env.NEW_VERSION }} > VERSION
-          # Replace the 'project-release: vX.X.X-rcX' line in SECURITY-INSIGHTS.yml
-          sed -i "s/project-release: v.*$/project-release: v${{ env.NEW_VERSION }}/" SECURITY-INSIGHTS.yml
-          # Update the 'commit-hash: XXXXXXX' line in SECURITY-INSIGHTS.yml
-          sed -i "s/commit-hash: .*/commit-hash: ${{ env.COMMIT_HASH }}/" SECURITY-INSIGHTS.yml
-        if: ${{ env.UPDATE_VERSION == 'true' }}
+          set -ue
+          echo "Bumping version from $(cat VERSION) to ${TARGET_VERSION}"
+          echo "${TARGET_VERSION}" > VERSION
+          git commit -m "Bump version to ${TARGET_VERSION}" VERSION
 
-      - name: Create PR to update VERSION on master branch
-        uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8
+      - name: Generate new set of manifests
+        run: |
+          set -ue
+          make install-codegen-tools-local
+          helm2 init --client-only
+          make manifests-local VERSION=${TARGET_VERSION}
+          git diff
+          git commit manifests/ -m "Bump version to ${TARGET_VERSION}"
+
+      - name: Create the release tag
+        run: |
+          set -ue
+          echo "Creating release ${RELEASE_TAG}"
+          git tag ${RELEASE_TAG}
+
+      - name: Build Docker image for release
+        run: |
+          set -ue
+          git clean -fd
+          mkdir -p dist/
+          make image IMAGE_TAG="${TARGET_VERSION}" DOCKER_PUSH=false
+          make release-cli
+          chmod +x ./dist/argocd-linux-amd64
+          ./dist/argocd-linux-amd64 version --client
+        if: ${{ env.DRY_RUN != 'true' }}
+
+      - name: Push docker image to repository
+        env:
+          DOCKER_USERNAME: ${{ secrets.RELEASE_DOCKERHUB_USERNAME }}
+          DOCKER_TOKEN: ${{ secrets.RELEASE_DOCKERHUB_TOKEN }}
+          QUAY_USERNAME: ${{ secrets.RELEASE_QUAY_USERNAME }}
+          QUAY_TOKEN: ${{ secrets.RELEASE_QUAY_TOKEN }}
+        run: |
+          set -ue
+          docker login --username "${DOCKER_USERNAME}" --password "${DOCKER_TOKEN}"
+          docker push ${IMAGE_NAMESPACE}/argocd:v${TARGET_VERSION}
+          docker login quay.io --username "${QUAY_USERNAME}" --password "${QUAY_TOKEN}"
+          docker tag ${IMAGE_NAMESPACE}/argocd:v${TARGET_VERSION} quay.io/${IMAGE_NAMESPACE}/argocd:v${TARGET_VERSION}
+          docker push quay.io/${IMAGE_NAMESPACE}/argocd:v${TARGET_VERSION}
+        if: ${{ env.DRY_RUN != 'true' }}
+
+      - name: Read release notes file
+        id: release-notes
+        uses: juliangruber/read-file-action@v1
+        with: 
+          path: ${{ env.RELEASE_NOTES }}
+
+      - name: Push changes to release branch
+        run: |
+          set -ue
+          git push origin ${TARGET_BRANCH}
+          git push origin ${RELEASE_TAG}
+
+      - name: Create GitHub release
+        uses: actions/create-release@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        id: create_release
         with:
-          commit-message: Bump version in master
-          title: 'chore: Bump version in master'
-          body: All images built from master should indicate which version we are on track for.
-          signoff: true
-          branch: update-version
-          branch-suffix: random
-          base: master
-        if: ${{ env.UPDATE_VERSION == 'true' }}
+          tag_name: ${{ env.RELEASE_TAG }}
+          release_name: ${{ env.RELEASE_TAG }}
+          draft: ${{ env.DRAFT_RELEASE }}
+          prerelease: ${{ env.PRE_RELEASE }}
+          body: ${{ steps.release-notes.outputs.content }}
+
+      - name: Upload argocd-linux-amd64 binary to release assets
+        uses: actions/upload-release-asset@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          upload_url: ${{ steps.create_release.outputs.upload_url }}
+          asset_path: ./dist/argocd-linux-amd64
+          asset_name: argocd-linux-amd64
+          asset_content_type: application/octet-stream
+        if: ${{ env.DRY_RUN != 'true' }}
+
+      - name: Upload argocd-darwin-amd64 binary to release assets
+        uses: actions/upload-release-asset@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          upload_url: ${{ steps.create_release.outputs.upload_url }}
+          asset_path: ./dist/argocd-darwin-amd64
+          asset_name: argocd-darwin-amd64
+          asset_content_type: application/octet-stream
+        if: ${{ env.DRY_RUN != 'true' }}
+
+      - name: Upload argocd-windows-amd64 binary to release assets
+        uses: actions/upload-release-asset@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          upload_url: ${{ steps.create_release.outputs.upload_url }}
+          asset_path: ./dist/argocd-windows-amd64.exe
+          asset_name: argocd-windows-amd64.exe
+          asset_content_type: application/octet-stream
+        if: ${{ env.DRY_RUN != 'true' }}
+
+      # include argocd-util as part of release artifacts (argoproj/argo-cd#5174)
+      - name: Upload argocd-util-linux-amd64 binary to release assets
+        uses: actions/upload-release-asset@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          upload_url: ${{ steps.create_release.outputs.upload_url }}
+          asset_path: ./dist/argocd-linux-amd64
+          asset_name: argocd-util-linux-amd64
+          asset_content_type: application/octet-stream
+        if: ${{ env.DRY_RUN != 'true' }}
+
+      - name: Upload argocd-util-darwin-amd64 binary to release assets
+        uses: actions/upload-release-asset@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          upload_url: ${{ steps.create_release.outputs.upload_url }}
+          asset_path: ./dist/argocd-darwin-amd64
+          asset_name: argocd-util-darwin-amd64
+          asset_content_type: application/octet-stream
+        if: ${{ env.DRY_RUN != 'true' }}
+
+      - name: Upload argocd-util-windows-amd64 binary to release assets
+        uses: actions/upload-release-asset@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          upload_url: ${{ steps.create_release.outputs.upload_url }}
+          asset_path: ./dist/argocd-windows-amd64.exe
+          asset_name: argocd-util-windows-amd64.exe
+          asset_content_type: application/octet-stream
+        if: ${{ env.DRY_RUN != 'true' }}
+
+      - name: Update homebrew formula
+        env:
+          HOMEBREW_TOKEN: ${{ secrets.RELEASE_HOMEBREW_TOKEN }}
+        uses: dawidd6/action-homebrew-bump-formula@v3
+        with:
+          token: ${{env.HOMEBREW_TOKEN}}
+          formula: argocd
+        if: ${{ env.HOMEBREW_TOKEN != '' && env.UPDATE_HOMEBREW == 'true' && env.PRE_RELEASE != 'true' }}
+
+      - name: Delete original request tag from repository
+        run: |
+          set -ue
+          git push --delete origin ${SOURCE_TAG}
+        if: ${{ always() }}

.github/workflows/scorecard.yaml

@@ -1,67 +0,0 @@
-name: Scorecards supply-chain security
-on:
-  # Only the default branch is supported.
-  branch_protection_rule:
-  schedule:
-    - cron: "39 9 * * 2"
-  push:
-    branches: ["master"]
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
-
-# Declare default permissions as read only.
-permissions: read-all
-
-jobs:
-  analysis:
-    name: Scorecards analysis
-    runs-on: ubuntu-22.04
-    permissions:
-      # Needed to upload the results to code-scanning dashboard.
-      security-events: write
-      # Used to receive a badge. (Upcoming feature)
-      id-token: write
-      # Needs for private repositories.
-      contents: read
-      actions: read
-    if: github.repository == 'argoproj/argo-cd'
-
-    steps:
-      - name: "Checkout code"
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
-        with:
-          persist-credentials: false
-
-      - name: "Run analysis"
-        uses: ossf/scorecard-action@05b42c624433fc40578a4040d5cf5e36ddca8cde # v2.4.2
-        with:
-          results_file: results.sarif
-          results_format: sarif
-          # (Optional) Read-only PAT token. Uncomment the `repo_token` line below if:
-          # - you want to enable the Branch-Protection check on a *public* repository, or
-          # - you are installing Scorecards on a *private* repository
-          # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-pat.
-          # repo_token: ${{ secrets.SCORECARD_READ_TOKEN }}
-
-          # Publish the results for public repositories to enable scorecard badges. For more details, see
-          # https://github.com/ossf/scorecard-action#publishing-results.
-          # For private repositories, `publish_results` will automatically be set to `false`, regardless
-          # of the value entered here.
-          publish_results: true
-
-      # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
-      # format to the repository Actions tab.
-      - name: "Upload artifact"
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
-        with:
-          name: SARIF file
-          path: results.sarif
-          retention-days: 5
-
-      # Upload the results to GitHub's code scanning dashboard.
-      - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@8fcfedf57053e09257688fce7a0beeb18b1b9ae3 # v2.17.2
-        with:
-          sarif_file: results.sarif

.github/workflows/update-snyk.yaml

@@ -1,36 +0,0 @@
-name: Snyk report update
-on:
-  workflow_dispatch: {}
-  schedule:
-    - cron: '0 0 * * 0' # midnight every Sunday
-
-permissions:
-  contents: read
-
-jobs:
-  snyk-report:
-    permissions:
-      contents: write
-      pull-requests: write
-    if: github.repository == 'argoproj/argo-cd'
-    name: Update Snyk report in the docs directory
-    runs-on: ubuntu-22.04
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@8410ad0602e1e429cee44a835ae9f77f654a6694 # v4.0.0
-        with:
-          token: ${{ secrets.GITHUB_TOKEN }}
-      - name: Build reports
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
-        run: |
-          make snyk-report
-          pr_branch="snyk-update-$(echo $RANDOM | md5sum | head -c 20)"
-          git checkout -b "$pr_branch"
-          git config --global user.email 'ci@argoproj.com'
-          git config --global user.name 'CI'
-          git add docs/snyk
-          git commit -m "[Bot] docs: Update Snyk reports" --signoff
-          git push --set-upstream origin "$pr_branch"
-          gh pr create -B master -H "$pr_branch" --title '[Bot] docs: Update Snyk report' --body ''

.gitignore

@@ -1,14 +1,10 @@
 .vscode/
 .idea/
 .DS_Store
-.run/
 vendor/
-dist/*
-ui/dist/app/*
-!ui/dist/app/gitkeep
+dist/
 site/
 *.iml
-.tilt-bin/
 # delve debug binaries
 cmd/**/debug
 debug.test
@@ -17,17 +13,10 @@ test-results
 .scannerwork
 .scratch
 node_modules/
-.kube/
-./test/cmp/*.sock
-.envrc.remote
-.*.swp
-rerunreport.txt
 
 # ignore built binaries
 cmd/argocd/argocd
 cmd/argocd-application-controller/argocd-application-controller
 cmd/argocd-repo-server/argocd-repo-server
 cmd/argocd-server/argocd-server
-
-# ignore generated `.argocd-helm-dep-up` marker file; this should not be committed to git
-reposerver/repository/testdata/**/.argocd-helm-dep-up
+cmd/argocd-util/argocd-util

.golangci.yaml

@@ -1,253 +0,0 @@
-formatters:
-  enable:
-    - gofumpt
-    - goimports
-
-  settings:
-    goimports:
-      local-prefixes:
-        - github.com/argoproj/argo-cd/v3
-
-issues:
-  max-issues-per-linter: 0
-
-  max-same-issues: 0
-
-linters:
-  enable:
-    - errorlint
-    - exptostd
-    - gocritic
-    - gomodguard
-    - govet
-    - importas
-    - misspell
-    - perfsprint
-    - revive
-    - staticcheck
-    - testifylint
-    - thelper
-    - tparallel
-    - unparam
-    - usestdlibvars
-    - usetesting
-    - whitespace
-
-  exclusions:
-    rules:
-      - linters:
-          - unparam
-        path: (.+)_test\.go
-
-    presets:
-      - comments
-      - common-false-positives
-      - legacy
-      - std-error-handling
-
-    warn-unused: true
-
-  settings:
-    gocritic:
-      enable-all: true
-      # Most of these should probably be enabled one-by-one.
-      disabled-checks:
-        - appendAssign
-        - appendCombine # Leave disabled, multi-line assigns can be more readable.
-        - assignOp # Leave disabled, assign operations can be more confusing than helpful.
-        - commentedOutCode
-        - deferInLoop
-        - exitAfterDefer
-        - exposedSyncMutex
-        - hugeParam
-        - importShadow
-        - paramTypeCombine # Leave disabled, there are too many failures to be worth fixing.
-        - rangeValCopy
-        - tooManyResultsChecker
-        - unnamedResult
-        - whyNoLint
-
-    gomodguard:
-      blocked:
-        modules:
-          - github.com/golang-jwt/jwt/v4:
-              recommendations:
-                - github.com/golang-jwt/jwt/v5
-
-          - github.com/imdario/mergo:
-              recommendations:
-                - dario.cat/mergo
-              reason: '`github.com/imdario/mergo` has been renamed.'
-
-          - github.com/pkg/errors:
-              recommendations:
-                - errors
-
-    govet:
-      disable:
-        - fieldalignment
-        - shadow
-      enable-all: true
-
-    importas:
-      alias:
-        - pkg: github.com/golang-jwt/jwt/v5
-          alias: jwtgo
-
-        - pkg: k8s.io/api/apps/v1
-          alias: appsv1
-
-        - pkg: k8s.io/api/core/v1
-          alias: corev1
-
-        - pkg: k8s.io/api/rbac/v1
-          alias: rbacv1
-
-        - pkg: k8s.io/apimachinery/pkg/api/errors
-          alias: apierrors
-
-        - pkg: k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1
-          alias: apiextensionsv1
-
-        - pkg: k8s.io/apimachinery/pkg/apis/meta/v1
-          alias: metav1
-
-        - pkg: k8s.io/client-go/informers/core/v1
-          alias: informersv1
-
-        - pkg: errors
-          alias: stderrors
-
-        - pkg: github.com/argoproj/argo-cd/v3/util/io
-          alias: utilio
-
-    nolintlint:
-      require-specific: true
-
-    perfsprint:
-      # Optimizes even if it requires an int or uint type cast.
-      int-conversion: true
-      # Optimizes into `err.Error()` even if it is only equivalent for non-nil errors.
-      err-error: true
-      # Optimizes `fmt.Errorf`.
-      errorf: true
-      # Optimizes `fmt.Sprintf` with only one argument.
-      sprintf1: true
-      # Optimizes into strings concatenation.
-      strconcat: true
-
-    revive:
-      # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md
-      rules:
-        - name: bool-literal-in-expr
-
-        - name: blank-imports
-          disabled: true
-
-        - name: context-as-argument
-          arguments:
-            - allowTypesBefore: '*testing.T,testing.TB'
-
-        - name: context-keys-type
-          disabled: true
-
-        - name: dot-imports
-          disabled: true
-
-        - name: duplicated-imports
-
-        - name: early-return
-          arguments:
-            - preserveScope
-
-        - name: empty-block
-          disabled: true
-
-        - name: error-naming
-          disabled: true
-
-        - name: error-return
-
-        - name: error-strings
-          disabled: true
-
-        - name: errorf
-
-        - name: identical-branches
-
-        - name: if-return
-
-        - name: increment-decrement
-
-        - name: indent-error-flow
-          arguments:
-            - preserveScope
-
-        - name: modifies-parameter
-
-        - name: optimize-operands-order
-
-        - name: range
-
-        - name: receiver-naming
-
-        - name: redefines-builtin-id
-          disabled: true
-
-        - name: redundant-import-alias
-
-        - name: superfluous-else
-          arguments:
-            - preserveScope
-
-        - name: time-equal
-
-        - name: time-naming
-          disabled: true
-
-        - name: unexported-return
-          disabled: true
-
-        - name: unnecessary-stmt
-
-        - name: unreachable-code
-
-        - name: unused-parameter
-
-        - name: use-any
-
-        - name: useless-break
-
-        - name: var-declaration
-
-        - name: var-naming
-          arguments:
-            - - ID
-            - - VM
-            - - skipPackageNameChecks: true
-                upperCaseConst: true
-
-    staticcheck:
-      checks:
-        - all
-        - -SA5011
-        - -ST1003
-        - -ST1016
-
-    testifylint:
-      enable-all: true
-
-      disable:
-        - go-require
-
-    unused:
-      field-writes-are-uses: false
-      exported-fields-are-used: false
-
-    usetesting:
-      os-mkdir-temp: false
-
-output:
-  show-stats: false
-
-version: "2"

.golangci.yml

@@ -0,0 +1,22 @@
+run:
+  timeout: 2m
+  skip-files:
+    - ".*\\.pb\\.go"
+  skip-dirs:
+    - pkg/client/
+    - vendor/
+linters:
+  enable:
+    - vet
+    - deadcode
+    - goimports
+    - varcheck
+    - structcheck
+    - ineffassign
+    - unconvert
+    - unparam
+linters-settings:
+  goimports:
+    local-prefixes: github.com/argoproj/argo-cd
+service:
+  golangci-lint-version: 1.21.0

.goreleaser.yaml

@@ -1,124 +0,0 @@
-version: 2
-
-project_name: argocd
-
-before:
-  hooks:
-    - go mod download
-    - make build-ui
-
-builds:
-  - id: argocd-cli
-    main: ./cmd
-    binary: argocd-{{ .Os}}-{{ .Arch}}
-    env:
-      - CGO_ENABLED=0
-    flags:
-      - -v
-    ldflags:
-      - -X github.com/argoproj/argo-cd/v3/common.version={{ .Version }}
-      - -X github.com/argoproj/argo-cd/v3/common.buildDate={{ .Date }}
-      - -X github.com/argoproj/argo-cd/v3/common.gitCommit={{ .FullCommit }}
-      - -X github.com/argoproj/argo-cd/v3/common.gitTreeState={{ .Env.GIT_TREE_STATE }}
-      - -X github.com/argoproj/argo-cd/v3/common.kubectlVersion={{ .Env.KUBECTL_VERSION }}
-      - -extldflags="-static"
-    goos:
-      - linux
-      - windows
-      - darwin
-    goarch:
-      - amd64
-      - arm64
-      - s390x
-      - ppc64le
-    ignore:
-      - goos: darwin
-        goarch: s390x
-      - goos: darwin
-        goarch: ppc64le
-      - goos: windows
-        goarch: s390x
-      - goos: windows
-        goarch: ppc64le
-      - goos: windows
-        goarch: arm64
-
-archives:
-  - id: argocd-archive
-    ids:
-      - argocd-cli
-    name_template: |-
-      {{ .ProjectName }}-{{ .Os }}-{{ .Arch }}
-    formats: [binary]
-
-checksum:
-  name_template: 'cli_checksums.txt'
-  algorithm: sha256
-
-release:
-  make_latest: '{{ .Env.GORELEASER_MAKE_LATEST }}'
-  prerelease: auto
-  draft: false
-  header: |
-    ## Quick Start
-
-    ### Non-HA:
-
-    ```shell
-    kubectl create namespace argocd
-    kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/{{.Tag}}/manifests/install.yaml
-    ```
-
-    ### HA:
-
-    ```shell
-    kubectl create namespace argocd
-    kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/{{.Tag}}/manifests/ha/install.yaml
-    ```
-
-    ## Release Signatures and Provenance
-
-    All Argo CD container images are signed by cosign.  A Provenance is generated for container images and CLI binaries which meet the SLSA Level 3 specifications. See the [documentation](https://argo-cd.readthedocs.io/en/stable/operator-manual/signed-release-assets) on how to verify.
-
-    ## Release Notes Blog Post
-    For a detailed breakdown of the key changes and improvements in this release, check out the [official blog post](https://blog.argoproj.io/announcing-argo-cd-v3-1-f4389bc783c8)
-
-    ## Upgrading
-
-    If upgrading from a different minor version, be sure to read the [upgrading](https://argo-cd.readthedocs.io/en/stable/operator-manual/upgrading/overview/) documentation.
-  footer: |
-    **Full Changelog**: https://github.com/argoproj/argo-cd/compare/{{ .PreviousTag }}...{{ .Tag }}
-
-    <a href="https://argoproj.github.io/cd/"><img src="https://raw.githubusercontent.com/argoproj/argo-site/master/content/pages/cd/gitops-cd.png" width="25%" ></a>
-
-snapshot: #### To be removed for PR
-  version_template: '2.6.0'
-
-changelog:
-  use: github
-  sort: asc
-  abbrev: 0
-  groups: # Regex use RE2 syntax as defined here: https://github.com/google/re2/wiki/Syntax.
-    - title: 'Breaking Changes'
-      regexp: '^.*?(\([[:word:]]+\))??!:.+$'
-      order: 0
-    - title: 'Features'
-      regexp: '^.*?feat(\([[:word:]]+\))??!?:.+$'
-      order: 100
-    - title: 'Bug fixes'
-      regexp: '^.*?fix(\([[:word:]]+\))??!?:.+$'
-      order: 200
-    - title: 'Documentation'
-      regexp: '^.*?docs(\([[:word:]]+\))??!?:.+$'
-      order: 300
-    - title: 'Dependency updates'
-      regexp: '^.*?(feat|fix|chore)\(deps?.+\)!?:.+$'
-      order: 400
-    - title: 'Other work'
-      order: 999
-  filters:
-    exclude:
-      - '^test:'
-      - '^.*?Bump(\([[:word:]]+\))?.+$'
-      - '^.*?\[Bot\](\([[:word:]]+\))?.+$'
-# yaml-language-server: $schema=https://goreleaser.com/static/schema.json

.mockery.yaml

@@ -1,85 +0,0 @@
-dir: '{{.InterfaceDir}}/mocks'
-structname: '{{.InterfaceName}}'
-filename: '{{.InterfaceName}}.go'
-pkgname: mocks
-
-template-data:
-  unroll-variadic: true
-
-packages:
-  github.com/argoproj/argo-cd/v3/applicationset/generators:
-    interfaces:
-      Generator: {}
-  github.com/argoproj/argo-cd/v3/applicationset/services:
-    interfaces:
-      Repos: {}
-  github.com/argoproj/argo-cd/v3/applicationset/services/scm_provider:
-    config:
-      dir: applicationset/services/scm_provider/aws_codecommit/mocks
-    interfaces:
-      AWSCodeCommitClient: {}
-      AWSTaggingClient: {}
-  github.com/argoproj/argo-cd/v3/applicationset/utils:
-    interfaces:
-      Renderer: {}
-  github.com/argoproj/argo-cd/v3/commitserver/apiclient:
-    interfaces:
-      Clientset: {}
-      CommitServiceClient: {}
-  github.com/argoproj/argo-cd/v3/commitserver/commit:
-    interfaces:
-      RepoClientFactory: {}
-  github.com/argoproj/argo-cd/v3/controller/cache:
-    interfaces:
-      LiveStateCache: {}
-  github.com/argoproj/argo-cd/v3/pkg/apiclient/cluster:
-    interfaces:
-      ClusterServiceServer: {}
-  github.com/argoproj/argo-cd/v3/pkg/apiclient/session:
-    interfaces:
-      SessionServiceClient: {}
-      SessionServiceServer: {}
-  github.com/argoproj/argo-cd/v3/pkg/client/clientset/versioned/typed/application/v1alpha1:
-    interfaces:
-      AppProjectInterface: {}
-  github.com/argoproj/argo-cd/v3/reposerver/apiclient:
-    interfaces:
-      RepoServerService_GenerateManifestWithFilesClient: {}
-      RepoServerServiceClient: {}
-  github.com/argoproj/argo-cd/v3/server/application:
-    interfaces:
-      Broadcaster: {}
-  github.com/argoproj/argo-cd/v3/server/extension:
-    interfaces:
-      ApplicationGetter: {}
-      ExtensionMetricsRegistry: {}
-      ProjectGetter: {}
-      RbacEnforcer: {}
-      SettingsGetter: {}
-      UserGetter: {}
-  github.com/argoproj/argo-cd/v3/util/db:
-    interfaces:
-      ArgoDB: {}
-  github.com/argoproj/argo-cd/v3/util/git:
-    interfaces:
-      Client: {}
-  github.com/argoproj/argo-cd/v3/util/helm:
-    interfaces:
-      Client: {}
-  github.com/argoproj/argo-cd/v3/util/oci:
-    interfaces:
-      Client: {}
-  github.com/argoproj/argo-cd/v3/util/io:
-    interfaces:
-      TempPaths: {}
-  github.com/argoproj/argo-cd/v3/util/notification/argocd:
-    interfaces:
-      Service: {}
-  github.com/argoproj/argo-cd/v3/util/workloadidentity:
-    interfaces:
-      TokenProvider: {}
-  github.com/microsoft/azure-devops-go-api/azuredevops/v7/git:
-    config:
-      dir: applicationset/services/scm_provider/azure_devops/git/mocks
-    interfaces:
-      Client: {}

.readthedocs.yaml

@@ -1,12 +0,0 @@
-version: 2
-formats: all
-mkdocs:
-  fail_on_warning: false
-  configuration: mkdocs.yml
-python:
-  install:
-    - requirements: docs/requirements.txt
-build:
-  os: "ubuntu-22.04"
-  tools:
-    python: "3.12"

.readthedocs.yml

@@ -0,0 +1,7 @@
+version: 2
+formats: all
+mkdocs:
+  fail_on_warning: false
+python:
+  install:
+    - requirements: docs/requirements.txt

.snyk

@@ -1,40 +0,0 @@
-# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
-version: v1.22.1
-# ignores vulnerabilities until expiry date; change duration by modifying expiry date
-ignore:
-  SNYK-JS-ANSIREGEX-1583908:
-    - '*':
-        reason: >-
-          Code is only run client-side in the swagger-ui endpoint. No risk of
-          server-side DoS.
-  SNYK-CC-K8S-44:
-    - 'manifests/core-install.yaml > *':
-        reason: >-
-          Argo CD needs wide permissions to manage resources.
-    - 'manifests/install.yaml > *':
-        reason: >-
-          Argo CD needs wide permissions to manage resources.
-  SNYK-JS-MOMENT-2440688:
-    - '*':
-        reason: >-
-          Code is only run client-side. No risk of directory traversal.
-  SNYK-GOLANG-GITHUBCOMEMICKLEIGORESTFUL-2435653:
-    - '*':
-        reason: >-
-          Argo CD uses go-restful as a transitive dependency of kube-openapi. kube-openapi is used to generate openapi
-          specs. We do not use go-restul at runtime and are therefore not vulnerable to this CORS misconfiguration
-          issue in go-restful.
-  SNYK-JS-FORMIDABLE-2838956:
-    - '*':
-        reason: >-
-          Code is only run client-side. No risk of arbitrary file upload.
-  SNYK-JS-PARSEPATH-2936439:
-    - '*':
-        reason: >-
-          The issue is that, for specific URLs, parse-path may incorrectly identify the "resource" (domain name)
-          portion. For example, in "http://127.0.0.1#@example.com", it identifies "example.com" as the "resource".
-
-          We use parse-path on the client side, but permissions for git URLs are checked server-side. This is a
-          potential usability issue, but it is not a security issue.
-patch: {}
-

CODEOWNERS

@@ -1,14 +0,0 @@
-# All
-** @argoproj/argocd-approvers
-
-# Docs
-/docs/**     @argoproj/argocd-approvers @argoproj/argocd-approvers-docs
-/USERS.md    @argoproj/argocd-approvers @argoproj/argocd-approvers-docs
-/README.md   @argoproj/argocd-approvers @argoproj/argocd-approvers-docs
-/mkdocs.yml  @argoproj/argocd-approvers @argoproj/argocd-approvers-docs
-
-# CI
-/.codecov.yml             @argoproj/argocd-approvers @argoproj/argocd-approvers-ci
-/.github/**               @argoproj/argocd-approvers @argoproj/argocd-approvers-ci
-/.goreleaser.yaml         @argoproj/argocd-approvers @argoproj/argocd-approvers-ci
-/sonar-project.properties @argoproj/argocd-approvers @argoproj/argocd-approvers-ci

CONTRIBUTING.md

@@ -1 +0,0 @@
-Please refer to [the Contribution Guide](https://argo-cd.readthedocs.io/en/latest/developer-guide/code-contributions/)

Dockerfile

@@ -1,149 +1,140 @@
-ARG BASE_IMAGE=docker.io/library/ubuntu:24.04@sha256:80dd3c3b9c6cecb9f1667e9290b3bc61b78c2678c02cbdae5f0fea92cc6734ab
+ARG BASE_IMAGE=ubuntu:20.10
 ####################################################################################################
 # Builder image
 # Initial stage which pulls prepares build dependencies and CLI tooling we need for our final image
 # Also used as the image in CI jobs so needs all dependencies
 ####################################################################################################
-FROM docker.io/library/golang:1.25.5@sha256:6cc2338c038bc20f96ab32848da2b5c0641bb9bb5363f2c33e9b7c8838f9a208 AS builder
+FROM golang:1.14.12 as builder
 
-WORKDIR /tmp
+RUN echo 'deb http://deb.debian.org/debian buster-backports main' >> /etc/apt/sources.list
 
-RUN echo 'deb http://archive.debian.org/debian buster-backports main' >> /etc/apt/sources.list
-
-RUN apt-get update && apt-get install --no-install-recommends -y \
+RUN apt-get update && apt-get install -y \
     openssh-server \
     nginx \
-    unzip \
     fcgiwrap \
     git \
     git-lfs \
     make \
     wget \
     gcc \
-    sudo \
     zip && \
     apt-get clean && \
     rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
 
-COPY hack/install.sh hack/tool-versions.sh ./
-COPY hack/installers installers
+WORKDIR /tmp
 
-RUN ./install.sh helm && \
-    INSTALL_PATH=/usr/local/bin ./install.sh kustomize
+ADD hack/install.sh .
+ADD hack/installers installers
+ADD hack/tool-versions.sh .
+
+RUN ./install.sh packr-linux
+RUN ./install.sh ksonnet-linux
+RUN ./install.sh helm2-linux
+RUN ./install.sh helm-linux
+RUN ./install.sh kustomize-linux
 
 ####################################################################################################
 # Argo CD Base - used as the base for both the release and dev argocd images
 ####################################################################################################
-FROM $BASE_IMAGE AS argocd-base
-
-LABEL org.opencontainers.image.source="https://github.com/argoproj/argo-cd"
+FROM $BASE_IMAGE as argocd-base
 
 USER root
 
-ENV ARGOCD_USER_ID=999 \
-    DEBIAN_FRONTEND=noninteractive
+ENV DEBIAN_FRONTEND=noninteractive
 
-RUN groupadd -g $ARGOCD_USER_ID argocd && \
-    useradd -r -u $ARGOCD_USER_ID -g argocd argocd && \
+RUN groupadd -g 999 argocd && \
+    useradd -r -u 999 -g argocd argocd && \
     mkdir -p /home/argocd && \
     chown argocd:0 /home/argocd && \
     chmod g=u /home/argocd && \
+    chmod g=u /etc/passwd && \
     apt-get update && \
     apt-get dist-upgrade -y && \
-    apt-get install -y \
-    git git-lfs tini gpg tzdata connect-proxy && \
+    apt-get install -y git git-lfs python3-pip tini gpg && \
     apt-get clean && \
+    pip3 install awscli==1.18.80 && \
     rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
 
-COPY hack/gpg-wrapper.sh \
-    hack/git-verify-wrapper.sh \
-    entrypoint.sh \
-    /usr/local/bin/
+COPY hack/git-ask-pass.sh /usr/local/bin/git-ask-pass.sh
+COPY hack/gpg-wrapper.sh /usr/local/bin/gpg-wrapper.sh
+COPY hack/git-verify-wrapper.sh /usr/local/bin/git-verify-wrapper.sh
+COPY --from=builder /usr/local/bin/ks /usr/local/bin/ks
+COPY --from=builder /usr/local/bin/helm2 /usr/local/bin/helm2
 COPY --from=builder /usr/local/bin/helm /usr/local/bin/helm
 COPY --from=builder /usr/local/bin/kustomize /usr/local/bin/kustomize
-
-# keep uid_entrypoint.sh for backward compatibility
-RUN ln -s /usr/local/bin/entrypoint.sh /usr/local/bin/uid_entrypoint.sh
+# script to add current (possibly arbitrary) user to /etc/passwd at runtime
+# (if it's not already there, to be openshift friendly)
+COPY uid_entrypoint.sh /usr/local/bin/uid_entrypoint.sh
 
 # support for mounting configuration from a configmap
-WORKDIR /app/config/ssh
-RUN touch ssh_known_hosts && \
-    ln -s /app/config/ssh/ssh_known_hosts /etc/ssh/ssh_known_hosts
+RUN mkdir -p /app/config/ssh && \
+    touch /app/config/ssh/ssh_known_hosts && \
+    ln -s /app/config/ssh/ssh_known_hosts /etc/ssh/ssh_known_hosts 
 
-WORKDIR /app/config
-RUN mkdir -p tls && \
-    mkdir -p gpg/source && \
-    mkdir -p gpg/keys && \
-    chown argocd gpg/keys && \
-    chmod 0700 gpg/keys
+RUN mkdir -p /app/config/tls
+RUN mkdir -p /app/config/gpg/source && \
+    mkdir -p /app/config/gpg/keys && \
+    chown argocd /app/config/gpg/keys && \
+    chmod 0700 /app/config/gpg/keys
 
+# workaround ksonnet issue https://github.com/ksonnet/ksonnet/issues/298
 ENV USER=argocd
 
-USER $ARGOCD_USER_ID
+USER 999
 WORKDIR /home/argocd
 
 ####################################################################################################
 # Argo CD UI stage
 ####################################################################################################
-FROM --platform=$BUILDPLATFORM docker.io/library/node:23.0.0@sha256:e643c0b70dca9704dff42e12b17f5b719dbe4f95e6392fc2dfa0c5f02ea8044d AS argocd-ui
+FROM node:12.18.4 as argocd-ui
 
 WORKDIR /src
-COPY ["ui/package.json", "ui/yarn.lock", "./"]
+ADD ["ui/package.json", "ui/yarn.lock", "./"]
 
-RUN yarn install --network-timeout 200000 && \
-    yarn cache clean
+RUN yarn install
 
-COPY ["ui/", "."]
+ADD ["ui/", "."]
 
 ARG ARGO_VERSION=latest
 ENV ARGO_VERSION=$ARGO_VERSION
-ARG TARGETARCH
-RUN HOST_ARCH=$TARGETARCH NODE_ENV='production' NODE_ONLINE_ENV='online' NODE_OPTIONS=--max_old_space_size=8192 yarn build
+RUN NODE_ENV='production' yarn build
 
 ####################################################################################################
 # Argo CD Build stage which performs the actual build of Argo CD binaries
 ####################################################################################################
-FROM --platform=$BUILDPLATFORM docker.io/library/golang:1.25.5@sha256:6cc2338c038bc20f96ab32848da2b5c0641bb9bb5363f2c33e9b7c8838f9a208 AS argocd-build
+FROM golang:1.14.12 as argocd-build
+
+COPY --from=builder /usr/local/bin/packr /usr/local/bin/packr
 
 WORKDIR /go/src/github.com/argoproj/argo-cd
 
-COPY go.* ./
+COPY go.mod go.mod
+COPY go.sum go.sum
+
 RUN go mod download
 
 # Perform the build
 COPY . .
-COPY --from=argocd-ui /src/dist/app /go/src/github.com/argoproj/argo-cd/ui/dist/app
-ARG TARGETOS \
-    TARGETARCH
-# These build args are optional; if not specified the defaults will be taken from the Makefile
-ARG GIT_TAG \
-    BUILD_DATE \
-    GIT_TREE_STATE \
-    GIT_COMMIT
-RUN GIT_COMMIT=$GIT_COMMIT \
-    GIT_TREE_STATE=$GIT_TREE_STATE \
-    GIT_TAG=$GIT_TAG \
-    BUILD_DATE=$BUILD_DATE \
-    GOOS=$TARGETOS \
-    GOARCH=$TARGETARCH \
-    make argocd-all
+RUN make argocd-all
+
+ARG BUILD_ALL_CLIS=true
+RUN if [ "$BUILD_ALL_CLIS" = "true" ] ; then \
+    make BIN_NAME=argocd-darwin-amd64 GOOS=darwin argocd-all && \
+    make BIN_NAME=argocd-windows-amd64.exe GOOS=windows argocd-all \
+    ; fi
 
 ####################################################################################################
 # Final image
 ####################################################################################################
 FROM argocd-base
-ENTRYPOINT ["/usr/bin/tini", "--"]
 COPY --from=argocd-build /go/src/github.com/argoproj/argo-cd/dist/argocd* /usr/local/bin/
+COPY --from=argocd-ui ./src/dist/app /shared/app
 
 USER root
-RUN ln -s /usr/local/bin/argocd /usr/local/bin/argocd-server && \
-    ln -s /usr/local/bin/argocd /usr/local/bin/argocd-repo-server && \
-    ln -s /usr/local/bin/argocd /usr/local/bin/argocd-cmp-server && \
-    ln -s /usr/local/bin/argocd /usr/local/bin/argocd-application-controller && \
-    ln -s /usr/local/bin/argocd /usr/local/bin/argocd-dex && \
-    ln -s /usr/local/bin/argocd /usr/local/bin/argocd-notifications && \
-    ln -s /usr/local/bin/argocd /usr/local/bin/argocd-applicationset-controller && \
-    ln -s /usr/local/bin/argocd /usr/local/bin/argocd-k8s-auth && \
-    ln -s /usr/local/bin/argocd /usr/local/bin/argocd-commit-server
+RUN ln -s /usr/local/bin/argocd /usr/local/bin/argocd-util
+RUN ln -s /usr/local/bin/argocd /usr/local/bin/argocd-server
+RUN ln -s /usr/local/bin/argocd /usr/local/bin/argocd-repo-server
+RUN ln -s /usr/local/bin/argocd /usr/local/bin/argocd-application-controller
+RUN ln -s /usr/local/bin/argocd /usr/local/bin/argocd-dex
 
-USER $ARGOCD_USER_ID
+USER 999

Dockerfile.dev

@@ -3,13 +3,17 @@
 ####################################################################################################
 FROM argocd-base
 COPY argocd /usr/local/bin/
+COPY argocd-darwin-amd64 /usr/local/bin/
+COPY argocd-windows-amd64.exe /usr/local/bin/
 
 USER root
-RUN ln -s /usr/local/bin/argocd /usr/local/bin/argocd-server && \
-    ln -s /usr/local/bin/argocd /usr/local/bin/argocd-repo-server && \
-    ln -s /usr/local/bin/argocd /usr/local/bin/argocd-application-controller && \
-    ln -s /usr/local/bin/argocd /usr/local/bin/argocd-dex && \
-    ln -s /usr/local/bin/argocd /usr/local/bin/argocd-notifications && \
-    ln -s /usr/local/bin/argocd /usr/local/bin/argocd-applicationset-controller
-
+RUN ln -s /usr/local/bin/argocd /usr/local/bin/argocd-server
+RUN ln -s /usr/local/bin/argocd /usr/local/bin/argocd-repo-server
+RUN ln -s /usr/local/bin/argocd /usr/local/bin/argocd-application-controller
+RUN ln -s /usr/local/bin/argocd /usr/local/bin/argocd-dex
+RUN ln -s /usr/local/bin/argocd /usr/local/bin/argocd-util
+RUN ln -s /usr/local/bin/argocd-darwin-amd64 /usr/local/bin/argocd-util-darwin-amd64
+RUN ln -s /usr/local/bin/argocd-windows-amd64.exe /usr/local/bin/argocd-util-windows-amd64.exe
 USER 999
+
+COPY --from=argocd-ui ./src/dist/app /shared/app

Dockerfile.tilt

@@ -1,62 +0,0 @@
-FROM docker.io/library/golang:1.24.1@sha256:c5adecdb7b3f8c5ca3c88648a861882849cc8b02fed68ece31e25de88ad13418 
-
-ENV DEBIAN_FRONTEND=noninteractive
-
-RUN echo 'deb http://archive.debian.org/debian buster-backports main' >> /etc/apt/sources.list
-
-RUN apt-get update && apt-get install --no-install-recommends -y \
-    curl \
-    openssh-server \
-    nginx \
-    unzip \
-    fcgiwrap \
-    git \
-    git-lfs \
-    make \
-    wget \
-    gcc \
-    sudo \
-    zip \
-    tini \
-    gpg \
-    tzdata \
-    connect-proxy
-
-RUN go install github.com/go-delve/delve/cmd/dlv@latest
-
-COPY hack/install.sh hack/tool-versions.sh ./
-COPY hack/installers installers
-
-RUN ./install.sh helm && \
-    INSTALL_PATH=/usr/local/bin ./install.sh kustomize
-
-COPY hack/gpg-wrapper.sh \
-    hack/git-verify-wrapper.sh \
-    entrypoint.sh \
-    /usr/local/bin/
-
-# support for mounting configuration from a configmap
-WORKDIR /app/config/ssh
-RUN touch ssh_known_hosts && \
-    ln -s /app/config/ssh/ssh_known_hosts /etc/ssh/ssh_known_hosts
-
-WORKDIR /app/config
-RUN mkdir -p tls && \
-    mkdir -p gpg/source && \
-    mkdir -p gpg/keys 
-
-COPY .tilt-bin/argocd_linux /usr/local/bin/argocd
-
-RUN ln -s /usr/local/bin/argocd /usr/local/bin/argocd-server && \
-    ln -s /usr/local/bin/argocd /usr/local/bin/argocd-repo-server && \
-    ln -s /usr/local/bin/argocd /usr/local/bin/argocd-application-controller && \
-    ln -s /usr/local/bin/argocd /usr/local/bin/argocd-dex && \
-    ln -s /usr/local/bin/argocd /usr/local/bin/argocd-notifications && \
-    ln -s /usr/local/bin/argocd /usr/local/bin/argocd-applicationset-controller && \
-    ln -s /usr/local/bin/argocd /usr/local/bin/argocd-commit-server
-
-# directory for Tilt restart file
-RUN mkdir -p /tilt
-
-# overridden by Tiltfile
-ENTRYPOINT ["/usr/bin/tini", "-s", "--", "dlv", "exec", "--continue", "--accept-multiclient", "--headless", "--listen=:2345", "--api-version=2"]

Dockerfile.ui.tilt

@@ -1,9 +0,0 @@
-FROM node:20
-
-WORKDIR /app/ui
-
-COPY ui /app/ui
-
-RUN yarn install
-
-ENTRYPOINT ["yarn", "start"]

Makefile

@@ -1,52 +1,33 @@
-PACKAGE=github.com/argoproj/argo-cd/v3/common
+PACKAGE=github.com/argoproj/argo-cd/common
 CURRENT_DIR=$(shell pwd)
 DIST_DIR=${CURRENT_DIR}/dist
 CLI_NAME=argocd
+UTIL_CLI_NAME=argocd-util
 BIN_NAME=argocd
 
-UNAME_S:=$(shell uname)
-IS_DARWIN:=$(if $(filter Darwin, $(UNAME_S)),true,false)
-
-# When using OSX/Darwin, you might need to enable CGO for local builds
-DEFAULT_CGO_FLAG:=0
-ifeq ($(IS_DARWIN),true)
-    DEFAULT_CGO_FLAG:=1
-endif
-CGO_FLAG?=${DEFAULT_CGO_FLAG}
-
-GEN_RESOURCES_CLI_NAME=argocd-resources-gen
-
 HOST_OS:=$(shell go env GOOS)
 HOST_ARCH:=$(shell go env GOARCH)
 
-TARGET_ARCH?=linux/amd64
-
 VERSION=$(shell cat ${CURRENT_DIR}/VERSION)
-BUILD_DATE:=$(if $(BUILD_DATE),$(BUILD_DATE),$(shell date -u +'%Y-%m-%dT%H:%M:%SZ'))
-GIT_COMMIT:=$(if $(GIT_COMMIT),$(GIT_COMMIT),$(shell git rev-parse HEAD))
-GIT_TAG:=$(if $(GIT_TAG),$(GIT_TAG),$(shell if [ -z "`git status --porcelain`" ]; then git describe --exact-match --tags HEAD 2>/dev/null; fi))
-GIT_TREE_STATE:=$(if $(GIT_TREE_STATE),$(GIT_TREE_STATE),$(shell if [ -z "`git status --porcelain`" ]; then echo "clean" ; else echo "dirty"; fi))
+BUILD_DATE=$(shell date -u +'%Y-%m-%dT%H:%M:%SZ')
+GIT_COMMIT=$(shell git rev-parse HEAD)
+GIT_TAG=$(shell if [ -z "`git status --porcelain`" ]; then git describe --exact-match --tags HEAD 2>/dev/null; fi)
+GIT_TREE_STATE=$(shell if [ -z "`git status --porcelain`" ]; then echo "clean" ; else echo "dirty"; fi)
+PACKR_CMD=$(shell if [ "`which packr`" ]; then echo "packr"; else echo "go run github.com/gobuffalo/packr/packr"; fi)
 VOLUME_MOUNT=$(shell if test "$(go env GOOS)" = "darwin"; then echo ":delegated"; elif test selinuxenabled; then echo ":delegated"; else echo ""; fi)
-KUBECTL_VERSION=$(shell go list -m k8s.io/client-go | head -n 1 | rev | cut -d' ' -f1 | rev)
+KUBECTL_VERSION=$(shell go list -m all | grep k8s.io/client-go | cut -d ' ' -f5)
 
 GOPATH?=$(shell if test -x `which go`; then go env GOPATH; else echo "$(HOME)/go"; fi)
 GOCACHE?=$(HOME)/.cache/go-build
 
-# Docker command to use
-DOCKER?=docker
-ifeq ($(DOCKER),podman)
-PODMAN_ARGS=--userns keep-id
-else
-PODMAN_ARGS=
-endif
-
 DOCKER_SRCDIR?=$(GOPATH)/src
 DOCKER_WORKDIR?=/go/src/github.com/argoproj/argo-cd
 
 ARGOCD_PROCFILE?=Procfile
 
-# pointing to python 3.7 to match https://github.com/argoproj/argo-cd/blob/master/.readthedocs.yml
-MKDOCS_DOCKER_IMAGE?=python:3.7-alpine
+# Strict mode has been disabled in latest versions of mkdocs-material. 
+# Thus pointing to the older image of mkdocs-material matching the version used by argo-cd.
+MKDOCS_DOCKER_IMAGE?=squidfunk/mkdocs-material:4.1.1
 MKDOCS_RUN_ARGS?=
 
 # Configuration for building argocd-test-tools image
@@ -64,13 +45,9 @@ ARGOCD_E2E_REPOSERVER_PORT?=8081
 ARGOCD_E2E_REDIS_PORT?=6379
 ARGOCD_E2E_DEX_PORT?=5556
 ARGOCD_E2E_YARN_HOST?=localhost
-ARGOCD_E2E_DISABLE_AUTH?=
-
-ARGOCD_E2E_TEST_TIMEOUT?=90m
 
 ARGOCD_IN_CI?=false
 ARGOCD_TEST_E2E?=true
-ARGOCD_BIN_MODE?=true
 
 ARGOCD_LINT_GOGC?=20
 
@@ -83,32 +60,19 @@ else
 DOCKER_SRC_MOUNT="$(PWD):/go/src/github.com/argoproj/argo-cd$(VOLUME_MOUNT)"
 endif
 
-# User and group IDs to map to the test container
-CONTAINER_UID=$(shell id -u)
-CONTAINER_GID=$(shell id -g)
-
-# Set SUDO to sudo to run privileged commands with sudo
-SUDO?=
-
 # Runs any command in the argocd-test-utils container in server mode
 # Server mode container will start with uid 0 and drop privileges during runtime
 define run-in-test-server
-	$(SUDO) $(DOCKER) run --rm -it \
+	docker run --rm -it \
 		--name argocd-test-server \
-		-u $(CONTAINER_UID):$(CONTAINER_GID) \
-		-e USER_ID=$(CONTAINER_UID) \
+		-u $(shell id -u):$(shell id -g) \
+		-e USER_ID=$(shell id -u) \
 		-e HOME=/home/user \
 		-e GOPATH=/go \
 		-e GOCACHE=/tmp/go-build-cache \
 		-e ARGOCD_IN_CI=$(ARGOCD_IN_CI) \
 		-e ARGOCD_E2E_TEST=$(ARGOCD_E2E_TEST) \
 		-e ARGOCD_E2E_YARN_HOST=$(ARGOCD_E2E_YARN_HOST) \
-		-e ARGOCD_E2E_DISABLE_AUTH=$(ARGOCD_E2E_DISABLE_AUTH) \
-		-e ARGOCD_TLS_DATA_PATH=${ARGOCD_TLS_DATA_PATH:-/tmp/argocd-local/tls} \
-		-e ARGOCD_SSH_DATA_PATH=${ARGOCD_SSH_DATA_PATH:-/tmp/argocd-local/ssh} \
-		-e ARGOCD_GPG_DATA_PATH=${ARGOCD_GPG_DATA_PATH:-/tmp/argocd-local/gpg/source} \
-		-e ARGOCD_APPLICATION_NAMESPACES \
-		-e GITHUB_TOKEN \
 		-v ${DOCKER_SRC_MOUNT} \
 		-v ${GOPATH}/pkg/mod:/go/pkg/mod${VOLUME_MOUNT} \
 		-v ${GOCACHE}:/tmp/go-build-cache${VOLUME_MOUNT} \
@@ -117,21 +81,18 @@ define run-in-test-server
 		-w ${DOCKER_WORKDIR} \
 		-p ${ARGOCD_E2E_APISERVER_PORT}:8080 \
 		-p 4000:4000 \
-		-p 5000:5000 \
-		$(PODMAN_ARGS) \
 		$(TEST_TOOLS_PREFIX)$(TEST_TOOLS_IMAGE):$(TEST_TOOLS_TAG) \
 		bash -c "$(1)"
 endef
 
 # Runs any command in the argocd-test-utils container in client mode
 define run-in-test-client
-	$(SUDO) $(DOCKER) run --rm -it \
+	docker run --rm -it \
 	  --name argocd-test-client \
-		-u $(CONTAINER_UID):$(CONTAINER_GID) \
+		-u $(shell id -u):$(shell id -g) \
 		-e HOME=/home/user \
 		-e GOPATH=/go \
 		-e ARGOCD_E2E_K3S=$(ARGOCD_E2E_K3S) \
-		-e GITHUB_TOKEN \
 		-e GOCACHE=/tmp/go-build-cache \
 		-e ARGOCD_LINT_GOGC=$(ARGOCD_LINT_GOGC) \
 		-v ${DOCKER_SRC_MOUNT} \
@@ -140,14 +101,13 @@ define run-in-test-client
 		-v ${HOME}/.kube:/home/user/.kube${VOLUME_MOUNT} \
 		-v /tmp:/tmp${VOLUME_MOUNT} \
 		-w ${DOCKER_WORKDIR} \
-		$(PODMAN_ARGS) \
 		$(TEST_TOOLS_PREFIX)$(TEST_TOOLS_IMAGE):$(TEST_TOOLS_TAG) \
 		bash -c "$(1)"
 endef
 
-#
+# 
 define exec-in-test-server
-	$(SUDO) $(DOCKER) exec -it -u $(CONTAINER_UID):$(CONTAINER_GID) -e ARGOCD_E2E_RECORD=$(ARGOCD_E2E_RECORD) -e ARGOCD_E2E_K3S=$(ARGOCD_E2E_K3S) argocd-test-server $(1)
+	docker exec -it -u $(shell id -u):$(shell id -g) -e ARGOCD_E2E_K3S=$(ARGOCD_E2E_K3S) argocd-test-server $(1)
 endef
 
 PATH:=$(PATH):$(PWD)/hack
@@ -156,30 +116,19 @@ PATH:=$(PATH):$(PWD)/hack
 DOCKER_PUSH?=false
 IMAGE_NAMESPACE?=
 # perform static compilation
-DEFAULT_STATIC_BUILD:=true
-ifeq ($(IS_DARWIN),true)
-    DEFAULT_STATIC_BUILD:=false
-endif
-STATIC_BUILD?=${DEFAULT_STATIC_BUILD}
+STATIC_BUILD?=true
 # build development images
 DEV_IMAGE?=false
 ARGOCD_GPG_ENABLED?=true
 ARGOCD_E2E_APISERVER_PORT?=8080
 
-ifeq (${COVERAGE_ENABLED}, true)
-# We use this in the cli-local target to enable code coverage for e2e tests.
-COVERAGE_FLAG=-cover
-else
-COVERAGE_FLAG=
-endif
-
 override LDFLAGS += \
   -X ${PACKAGE}.version=${VERSION} \
   -X ${PACKAGE}.buildDate=${BUILD_DATE} \
   -X ${PACKAGE}.gitCommit=${GIT_COMMIT} \
   -X ${PACKAGE}.gitTreeState=${GIT_TREE_STATE}\
-  -X ${PACKAGE}.kubectlVersion=${KUBECTL_VERSION}\
-  -X "${PACKAGE}.extraBuildInfo=${EXTRA_BUILD_INFO}"
+  -X ${PACKAGE}.gitTreeState=${GIT_TREE_STATE}\
+  -X ${PACKAGE}.kubectlVersion=${KUBECTL_VERSION}
 
 ifeq (${STATIC_BUILD}, true)
 override LDFLAGS += -extldflags "-static"
@@ -203,60 +152,47 @@ IMAGE_PREFIX=${IMAGE_NAMESPACE}/
 endif
 
 .PHONY: all
-all: cli image
+all: cli image argocd-util
 
-.PHONY: mockgen
-mockgen:
-	./hack/generate-mock.sh
+# We have some legacy requirements for being checked out within $GOPATH.
+# The ensure-gopath target can be used as dependency to ensure we are running
+# within these boundaries.
+.PHONY: ensure-gopath
+ensure-gopath:
+ifneq ("$(PWD)","$(LEGACY_PATH)")
+	@echo "Due to legacy requirements for codegen, repository needs to be checked out within \$$GOPATH"
+	@echo "Location of this repo should be '$(LEGACY_PATH)' but is '$(PWD)'"
+	@exit 1
+endif
 
 .PHONY: gogen
-gogen:
+gogen: ensure-gopath
 	export GO111MODULE=off
-	go generate ./...
+	go generate ./util/argo/...
 
 .PHONY: protogen
-protogen: mod-vendor-local protogen-fast
-
-.PHONY: protogen-fast
-protogen-fast:
+protogen: ensure-gopath
 	export GO111MODULE=off
 	./hack/generate-proto.sh
 
 .PHONY: openapigen
-openapigen:
+openapigen: ensure-gopath
 	export GO111MODULE=off
 	./hack/update-openapi.sh
 
-.PHONY: notification-catalog
-notification-catalog:
-	go run ./hack/gen-catalog catalog
-
-.PHONY: notification-docs
-notification-docs:
-	go run ./hack/gen-docs
-	go run ./hack/gen-catalog docs
-
-
 .PHONY: clientgen
-clientgen:
+clientgen: ensure-gopath
 	export GO111MODULE=off
 	./hack/update-codegen.sh
 
 .PHONY: clidocsgen
-clidocsgen:
-	go run tools/cmd-docs/main.go
-
-.PHONY: actionsdocsgen
-actionsdocsgen:
-	hack/generate-actions-list.sh
+clidocsgen: ensure-gopath
+	go run tools/cmd-docs/main.go	
 
 .PHONY: codegen-local
-codegen-local: mod-vendor-local mockgen gogen protogen clientgen openapigen clidocsgen actionsdocsgen manifests-local notification-docs notification-catalog
+codegen-local: ensure-gopath mod-vendor-local gogen protogen clientgen openapigen clidocsgen manifests-local
 	rm -rf vendor/
 
-.PHONY: codegen-local-fast
-codegen-local-fast: mockgen gogen protogen-fast clientgen openapigen clidocsgen manifests-local notification-docs notification-catalog
-
 .PHONY: codegen
 codegen: test-tools-image
 	$(call run-in-test-client,make codegen-local)
@@ -267,28 +203,34 @@ cli: test-tools-image
 
 .PHONY: cli-local
 cli-local: clean-debug
-	CGO_ENABLED=${CGO_FLAG} GODEBUG="tarinsecurepath=0,zipinsecurepath=0" go build -gcflags="all=-N -l" $(COVERAGE_FLAG) -v -ldflags '${LDFLAGS}' -o ${DIST_DIR}/${CLI_NAME} ./cmd
+	CGO_ENABLED=0 ${PACKR_CMD} build -v -i -ldflags '${LDFLAGS}' -o ${DIST_DIR}/${CLI_NAME} ./cmd
 
-.PHONY: gen-resources-cli-local
-gen-resources-cli-local: clean-debug
-	CGO_ENABLED=${CGO_FLAG} GODEBUG="tarinsecurepath=0,zipinsecurepath=0" go build -v -ldflags '${LDFLAGS}' -o ${DIST_DIR}/${GEN_RESOURCES_CLI_NAME} ./hack/gen-resources/cmd
+.PHONY: cli-argocd
+cli-argocd:
+	go build -v -i -ldflags '${LDFLAGS}' -o ${DIST_DIR}/${CLI_NAME} ./cmd
 
 .PHONY: release-cli
-release-cli: clean-debug build-ui
-	make BIN_NAME=argocd-darwin-amd64 GOOS=darwin argocd-all
-	make BIN_NAME=argocd-darwin-arm64 GOOS=darwin GOARCH=arm64 argocd-all
-	make BIN_NAME=argocd-linux-amd64 GOOS=linux argocd-all
-	make BIN_NAME=argocd-linux-arm64 GOOS=linux GOARCH=arm64 argocd-all
-	make BIN_NAME=argocd-linux-ppc64le GOOS=linux GOARCH=ppc64le argocd-all
-	make BIN_NAME=argocd-linux-s390x GOOS=linux GOARCH=s390x argocd-all
-	make BIN_NAME=argocd-windows-amd64.exe GOOS=windows argocd-all
+release-cli: clean-debug image
+	docker create --name tmp-argocd-linux $(IMAGE_PREFIX)argocd:$(IMAGE_TAG)
+	docker cp tmp-argocd-linux:/usr/local/bin/argocd ${DIST_DIR}/argocd-linux-amd64
+	docker cp tmp-argocd-linux:/usr/local/bin/argocd-darwin-amd64 ${DIST_DIR}/argocd-darwin-amd64
+	docker cp tmp-argocd-linux:/usr/local/bin/argocd-windows-amd64.exe ${DIST_DIR}/argocd-windows-amd64.exe
+	docker rm tmp-argocd-linux
+
+.PHONY: argocd-util
+argocd-util: clean-debug
+	# Build argocd-util as a statically linked binary, so it could run within the alpine-based dex container (argoproj/argo-cd#844)
+	CGO_ENABLED=0 ${PACKR_CMD} build -v -i -ldflags '${LDFLAGS}' -o ${DIST_DIR}/${UTIL_CLI_NAME} ./cmd
+
+# .PHONY: dev-tools-image
+# dev-tools-image:
+# 	docker build -t $(DEV_TOOLS_PREFIX)$(DEV_TOOLS_IMAGE) . -f hack/Dockerfile.dev-tools
+# 	docker tag $(DEV_TOOLS_PREFIX)$(DEV_TOOLS_IMAGE) $(DEV_TOOLS_PREFIX)$(DEV_TOOLS_IMAGE):$(DEV_TOOLS_VERSION)
 
 .PHONY: test-tools-image
 test-tools-image:
-ifndef SKIP_TEST_TOOLS_IMAGE
-	$(SUDO) $(DOCKER) build --build-arg UID=$(CONTAINER_UID) -t $(TEST_TOOLS_PREFIX)$(TEST_TOOLS_IMAGE) -f test/container/Dockerfile .
-	$(SUDO) $(DOCKER) tag $(TEST_TOOLS_PREFIX)$(TEST_TOOLS_IMAGE) $(TEST_TOOLS_PREFIX)$(TEST_TOOLS_IMAGE):$(TEST_TOOLS_TAG)
-endif
+	docker build --build-arg UID=$(shell id -u) -t $(TEST_TOOLS_PREFIX)$(TEST_TOOLS_IMAGE) -f test/container/Dockerfile .
+	docker tag $(TEST_TOOLS_PREFIX)$(TEST_TOOLS_IMAGE) $(TEST_TOOLS_PREFIX)$(TEST_TOOLS_IMAGE):$(TEST_TOOLS_TAG)
 
 .PHONY: manifests-local
 manifests-local:
@@ -301,25 +243,25 @@ manifests: test-tools-image
 # consolidated binary for cli, util, server, repo-server, controller
 .PHONY: argocd-all
 argocd-all: clean-debug
-	CGO_ENABLED=${CGO_FLAG} GOOS=${GOOS} GOARCH=${GOARCH} GODEBUG="tarinsecurepath=0,zipinsecurepath=0" go build -v -ldflags '${LDFLAGS}' -o ${DIST_DIR}/${BIN_NAME} ./cmd
+	CGO_ENABLED=0 ${PACKR_CMD} build -v -i -ldflags '${LDFLAGS}' -o ${DIST_DIR}/${BIN_NAME} ./cmd
 
+# NOTE: we use packr to do the build instead of go, since we embed swagger files and policy.csv
+# files into the go binary
 .PHONY: server
 server: clean-debug
-	CGO_ENABLED=${CGO_FLAG} GODEBUG="tarinsecurepath=0,zipinsecurepath=0" go build -v -ldflags '${LDFLAGS}' -o ${DIST_DIR}/argocd-server ./cmd
+	CGO_ENABLED=0 ${PACKR_CMD} build -v -i -ldflags '${LDFLAGS}' -o ${DIST_DIR}/argocd-server ./cmd
 
 .PHONY: repo-server
 repo-server:
-	CGO_ENABLED=${CGO_FLAG} GODEBUG="tarinsecurepath=0,zipinsecurepath=0" go build -v -ldflags '${LDFLAGS}' -o ${DIST_DIR}/argocd-repo-server ./cmd
+	CGO_ENABLED=0 ${PACKR_CMD} build -v -i -ldflags '${LDFLAGS}' -o ${DIST_DIR}/argocd-repo-server ./cmd
 
 .PHONY: controller
 controller:
-	CGO_ENABLED=${CGO_FLAG} GODEBUG="tarinsecurepath=0,zipinsecurepath=0" go build -v -ldflags '${LDFLAGS}' -o ${DIST_DIR}/argocd-application-controller ./cmd
+	CGO_ENABLED=0 ${PACKR_CMD} build -v -i -ldflags '${LDFLAGS}' -o ${DIST_DIR}/argocd-application-controller ./cmd
 
-.PHONY: build-ui
-build-ui:
-	DOCKER_BUILDKIT=1 $(DOCKER) build -t argocd-ui --platform=$(TARGET_ARCH) --target argocd-ui .
-	find ./ui/dist -type f -not -name gitkeep -delete
-	$(DOCKER) run -v ${CURRENT_DIR}/ui/dist/app:/tmp/app --rm -t argocd-ui sh -c 'cp -r ./dist/app/* /tmp/app/'
+.PHONY: packr
+packr:
+	go build -o ${DIST_DIR}/packr github.com/gobuffalo/packr/packr/
 
 .PHONY: image
 ifeq ($(DEV_IMAGE), true)
@@ -327,30 +269,37 @@ ifeq ($(DEV_IMAGE), true)
 # which speeds up builds. Dockerfile.dev needs to be copied into dist to perform the build, since
 # the dist directory is under .dockerignore.
 IMAGE_TAG="dev-$(shell git describe --always --dirty)"
-image: build-ui
-	DOCKER_BUILDKIT=1 $(DOCKER) build --platform=$(TARGET_ARCH) -t argocd-base --target argocd-base .
-	CGO_ENABLED=${CGO_FLAG} GOOS=linux GOARCH=amd64 GODEBUG="tarinsecurepath=0,zipinsecurepath=0" go build -v -ldflags '${LDFLAGS}' -o ${DIST_DIR}/argocd ./cmd
+image: packr
+	docker build -t argocd-base --target argocd-base .
+	docker build -t argocd-ui --target argocd-ui .
+	CGO_ENABLED=0 GOOS=linux GOARCH=amd64 dist/packr build -v -i -ldflags '${LDFLAGS}' -o ${DIST_DIR}/argocd ./cmd
+	CGO_ENABLED=0 GOOS=darwin GOARCH=amd64 dist/packr build -v -i -ldflags '${LDFLAGS}' -o ${DIST_DIR}/argocd-darwin-amd64 ./cmd
+	CGO_ENABLED=0 GOOS=windows GOARCH=amd64 dist/packr build -v -i -ldflags '${LDFLAGS}' -o ${DIST_DIR}/argocd-windows-amd64.exe ./cmd
 	ln -sfn ${DIST_DIR}/argocd ${DIST_DIR}/argocd-server
 	ln -sfn ${DIST_DIR}/argocd ${DIST_DIR}/argocd-application-controller
 	ln -sfn ${DIST_DIR}/argocd ${DIST_DIR}/argocd-repo-server
-	ln -sfn ${DIST_DIR}/argocd ${DIST_DIR}/argocd-cmp-server
 	ln -sfn ${DIST_DIR}/argocd ${DIST_DIR}/argocd-dex
+	ln -sfn ${DIST_DIR}/argocd ${DIST_DIR}/argocd-util
+	ln -sfn ${DIST_DIR}/argocd-darwin-amd64 ${DIST_DIR}/argocd-util-darwin-amd64
+	ln -sfn ${DIST_DIR}/argocd-windows-amd64.exe ${DIST_DIR}/argocd-util-windows-amd64.exe
 	cp Dockerfile.dev dist
-	DOCKER_BUILDKIT=1 $(DOCKER) build --platform=$(TARGET_ARCH) -t $(IMAGE_PREFIX)argocd:$(IMAGE_TAG) -f dist/Dockerfile.dev dist
+	docker build -t $(IMAGE_PREFIX)argocd:$(IMAGE_TAG) -f dist/Dockerfile.dev dist
 else
 image:
-	DOCKER_BUILDKIT=1 $(DOCKER) build -t $(IMAGE_PREFIX)argocd:$(IMAGE_TAG) --platform=$(TARGET_ARCH) .
+	docker build -t $(IMAGE_PREFIX)argocd:$(IMAGE_TAG) .
 endif
-	@if [ "$(DOCKER_PUSH)" = "true" ] ; then $(DOCKER) push $(IMAGE_PREFIX)argocd:$(IMAGE_TAG) ; fi
+	@if [ "$(DOCKER_PUSH)" = "true" ] ; then docker push $(IMAGE_PREFIX)argocd:$(IMAGE_TAG) ; fi
 
 .PHONY: armimage
+# The "BUILD_ALL_CLIS" argument is to skip building the CLIs for darwin and windows
+# which would take a really long time.
 armimage:
-	$(DOCKER) build -t $(IMAGE_PREFIX)argocd:$(IMAGE_TAG)-arm .
+	docker build -t $(IMAGE_PREFIX)argocd:$(IMAGE_TAG)-arm . --build-arg BUILD_ALL_CLIS="false"
 
 .PHONY: builder-image
 builder-image:
-	$(DOCKER) build  -t $(IMAGE_PREFIX)argo-cd-ci-builder:$(IMAGE_TAG) --target builder .
-	@if [ "$(DOCKER_PUSH)" = "true" ] ; then $(DOCKER) push $(IMAGE_PREFIX)argo-cd-ci-builder:$(IMAGE_TAG) ; fi
+	docker build  -t $(IMAGE_PREFIX)argo-cd-ci-builder:$(IMAGE_TAG) --target builder .
+	@if [ "$(DOCKER_PUSH)" = "true" ] ; then docker push $(IMAGE_PREFIX)argo-cd-ci-builder:$(IMAGE_TAG) ; fi
 
 .PHONY: mod-download
 mod-download: test-tools-image
@@ -358,7 +307,7 @@ mod-download: test-tools-image
 
 .PHONY: mod-download-local
 mod-download-local:
-	go mod download && go mod tidy # go mod download changes go.sum https://github.com/golang/go/issues/42970
+	go mod download
 
 .PHONY: mod-vendor
 mod-vendor: test-tools-image
@@ -368,6 +317,11 @@ mod-vendor: test-tools-image
 mod-vendor-local: mod-download-local
 	go mod vendor
 
+# Deprecated - replace by install-local-tools
+.PHONY: install-lint-tools
+install-lint-tools:
+	./hack/install.sh lint-tools
+
 # Run linter on the code
 .PHONY: lint
 lint: test-tools-image
@@ -379,7 +333,7 @@ lint-local:
 	golangci-lint --version
 	# NOTE: If you get a "Killed" OOM message, try reducing the value of GOGC
 	# See https://github.com/golangci/golangci-lint#memory-usage-of-golangci-lint
-	GOGC=$(ARGOCD_LINT_GOGC) GOMAXPROCS=2 golangci-lint run --fix --verbose
+	GOGC=$(ARGOCD_LINT_GOGC) GOMAXPROCS=2 golangci-lint run --fix --verbose --timeout 300s
 
 .PHONY: lint-ui
 lint-ui: test-tools-image
@@ -398,7 +352,7 @@ build: test-tools-image
 # Build all Go code (local version)
 .PHONY: build-local
 build-local:
-	GODEBUG="tarinsecurepath=0,zipinsecurepath=0" go build -v `go list ./... | grep -v 'resource_customizations\|test/e2e'`
+	go build -v `go list ./... | grep -v 'resource_customizations\|test/e2e'`
 
 # Run all unit tests
 #
@@ -413,9 +367,9 @@ test: test-tools-image
 .PHONY: test-local
 test-local:
 	if test "$(TEST_MODULE)" = ""; then \
-		DIST_DIR=${DIST_DIR} RERUN_FAILS=0 PACKAGES=`go list ./... | grep -v 'test/e2e'` ./hack/test.sh -args -test.gocoverdir="$(PWD)/test-results"; \
+		./hack/test.sh -coverprofile=coverage.out `go list ./... | grep -v 'test/e2e'`; \
 	else \
-		DIST_DIR=${DIST_DIR} RERUN_FAILS=0 PACKAGES="$(TEST_MODULE)" ./hack/test.sh -args -test.gocoverdir="$(PWD)/test-results" "$(TEST_MODULE)"; \
+		./hack/test.sh -coverprofile=coverage.out "$(TEST_MODULE)"; \
 	fi
 
 .PHONY: test-race
@@ -427,9 +381,9 @@ test-race: test-tools-image
 .PHONY: test-race-local
 test-race-local:
 	if test "$(TEST_MODULE)" = ""; then \
-		DIST_DIR=${DIST_DIR} RERUN_FAILS=0 PACKAGES=`go list ./... | grep -v 'test/e2e'` ./hack/test.sh -race -args -test.gocoverdir="$(PWD)/test-results"; \
+		./hack/test.sh -race -coverprofile=coverage.out `go list ./... | grep -v 'test/e2e'`; \
 	else \
-		DIST_DIR=${DIST_DIR} RERUN_FAILS=0 PACKAGES="$(TEST_MODULE)" ./hack/test.sh -race -args -test.gocoverdir="$(PWD)/test-results"; \
+		./hack/test.sh -race -coverprofile=coverage.out "$(TEST_MODULE)"; \
 	fi
 
 # Run the E2E test suite. E2E test servers (see start-e2e target) must be
@@ -443,7 +397,7 @@ test-e2e:
 test-e2e-local: cli-local
 	# NO_PROXY ensures all tests don't go out through a proxy if one is configured on the test system
 	export GO111MODULE=off
-	DIST_DIR=${DIST_DIR} RERUN_FAILS=5 PACKAGES="./test/e2e" ARGOCD_E2E_RECORD=${ARGOCD_E2E_RECORD} ARGOCD_CONFIG_DIR=$(HOME)/.config/argocd-e2e ARGOCD_GPG_ENABLED=true NO_PROXY=* ./hack/test.sh -timeout $(ARGOCD_E2E_TEST_TIMEOUT) -v -args -test.gocoverdir="$(PWD)/test-results"
+	ARGOCD_GPG_ENABLED=true NO_PROXY=* ./hack/test.sh -timeout 20m -v ./test/e2e
 
 # Spawns a shell in the test server container for debugging purposes
 debug-test-server: test-tools-image
@@ -456,57 +410,36 @@ debug-test-client: test-tools-image
 # Starts e2e server in a container
 .PHONY: start-e2e
 start-e2e: test-tools-image
-	$(DOCKER) version
+	docker version
 	mkdir -p ${GOCACHE}
 	$(call run-in-test-server,make ARGOCD_PROCFILE=test/container/Procfile start-e2e-local)
 
 # Starts e2e server locally (or within a container)
 .PHONY: start-e2e-local
-start-e2e-local: mod-vendor-local dep-ui-local cli-local
+start-e2e-local:
 	kubectl create ns argocd-e2e || true
-	kubectl create ns argocd-e2e-external || true
-	kubectl create ns argocd-e2e-external-2 || true
 	kubectl config set-context --current --namespace=argocd-e2e
 	kustomize build test/manifests/base | kubectl apply -f -
-	kubectl apply -f https://raw.githubusercontent.com/open-cluster-management/api/a6845f2ebcb186ec26b832f60c988537a58f3859/cluster/v1alpha1/0000_04_clusters.open-cluster-management.io_placementdecisions.crd.yaml
 	# Create GPG keys and source directories
 	if test -d /tmp/argo-e2e/app/config/gpg; then rm -rf /tmp/argo-e2e/app/config/gpg/*; fi
 	mkdir -p /tmp/argo-e2e/app/config/gpg/keys && chmod 0700 /tmp/argo-e2e/app/config/gpg/keys
 	mkdir -p /tmp/argo-e2e/app/config/gpg/source && chmod 0700 /tmp/argo-e2e/app/config/gpg/source
-	mkdir -p /tmp/argo-e2e/app/config/plugin && chmod 0700 /tmp/argo-e2e/app/config/plugin
-	# create folders to hold go coverage results for each component
-	mkdir -p /tmp/coverage/app-controller
-	mkdir -p /tmp/coverage/api-server
-	mkdir -p /tmp/coverage/repo-server
-	mkdir -p /tmp/coverage/applicationset-controller
-	mkdir -p /tmp/coverage/notification
-	mkdir -p /tmp/coverage/commit-server
 	# set paths for locally managed ssh known hosts and tls certs data
 	ARGOCD_SSH_DATA_PATH=/tmp/argo-e2e/app/config/ssh \
 	ARGOCD_TLS_DATA_PATH=/tmp/argo-e2e/app/config/tls \
 	ARGOCD_GPG_DATA_PATH=/tmp/argo-e2e/app/config/gpg/source \
 	ARGOCD_GNUPGHOME=/tmp/argo-e2e/app/config/gpg/keys \
-	ARGOCD_GPG_ENABLED=$(ARGOCD_GPG_ENABLED) \
-	ARGOCD_PLUGINCONFIGFILEPATH=/tmp/argo-e2e/app/config/plugin \
-	ARGOCD_PLUGINSOCKFILEPATH=/tmp/argo-e2e/app/config/plugin \
+	ARGOCD_GPG_ENABLED=true \
 	ARGOCD_E2E_DISABLE_AUTH=false \
 	ARGOCD_ZJWT_FEATURE_FLAG=always \
 	ARGOCD_IN_CI=$(ARGOCD_IN_CI) \
-	BIN_MODE=$(ARGOCD_BIN_MODE) \
-	ARGOCD_APPLICATION_NAMESPACES=argocd-e2e-external,argocd-e2e-external-2 \
-	ARGOCD_APPLICATIONSET_CONTROLLER_NAMESPACES=argocd-e2e-external,argocd-e2e-external-2 \
-	ARGOCD_APPLICATIONSET_CONTROLLER_TOKENREF_STRICT_MODE=true \
-	ARGOCD_APPLICATIONSET_CONTROLLER_ALLOWED_SCM_PROVIDERS=http://127.0.0.1:8341,http://127.0.0.1:8342,http://127.0.0.1:8343,http://127.0.0.1:8344 \
 	ARGOCD_E2E_TEST=true \
-	ARGOCD_HYDRATOR_ENABLED=true \
-	ARGOCD_CLUSTER_CACHE_EVENTS_PROCESSING_INTERVAL=1ms \
 		goreman -f $(ARGOCD_PROCFILE) start ${ARGOCD_START}
-	ls -lrt /tmp/coverage
 
-# Cleans VSCode debug.test files from sub-dirs to prevent them from being included in by golang embed
+# Cleans VSCode debug.test files from sub-dirs to prevent them from being included in packr boxes
 .PHONY: clean-debug
 clean-debug:
-	-find ${CURRENT_DIR} -name debug.test -exec rm -f {} +
+	-find ${CURRENT_DIR} -name debug.test | xargs rm -f
 
 .PHONY: clean
 clean: clean-debug
@@ -514,12 +447,12 @@ clean: clean-debug
 
 .PHONY: start
 start: test-tools-image
-	$(DOCKER) version
+	docker version
 	$(call run-in-test-server,make ARGOCD_PROCFILE=test/container/Procfile start-local ARGOCD_START=${ARGOCD_START})
 
 # Starts a local instance of ArgoCD
 .PHONY: start-local
-start-local: mod-vendor-local dep-ui-local cli-local
+start-local: mod-vendor-local dep-ui-local
 	# check we can connect to Docker to start Redis
 	killall goreman || true
 	kubectl create ns argocd || true
@@ -527,21 +460,12 @@ start-local: mod-vendor-local dep-ui-local cli-local
 	mkdir -p /tmp/argocd-local
 	mkdir -p /tmp/argocd-local/gpg/keys && chmod 0700 /tmp/argocd-local/gpg/keys
 	mkdir -p /tmp/argocd-local/gpg/source
-	REDIS_PASSWORD=$(shell kubectl get secret argocd-redis -o jsonpath='{.data.auth}' | base64 -d) \
 	ARGOCD_ZJWT_FEATURE_FLAG=always \
 	ARGOCD_IN_CI=false \
-	ARGOCD_GPG_ENABLED=$(ARGOCD_GPG_ENABLED) \
-	BIN_MODE=$(ARGOCD_BIN_MODE) \
+	ARGOCD_GPG_ENABLED=true \
 	ARGOCD_E2E_TEST=false \
-	ARGOCD_APPLICATION_NAMESPACES=$(ARGOCD_APPLICATION_NAMESPACES) \
 		goreman -f $(ARGOCD_PROCFILE) start ${ARGOCD_START}
 
-# Run goreman start with exclude option , provide exclude env variable with list of services
-.PHONY: run
-run:
-	bash ./hack/goreman-start.sh
-
-
 # Runs pre-commit validation with the virtualized toolchain
 .PHONY: pre-commit
 pre-commit: codegen build lint test
@@ -565,7 +489,7 @@ build-docs-local:
 
 .PHONY: build-docs
 build-docs:
-	$(DOCKER) run ${MKDOCS_RUN_ARGS} --rm -it -v ${CURRENT_DIR}:/docs -w /docs --entrypoint "" ${MKDOCS_DOCKER_IMAGE} sh -c 'pip install mkdocs; pip install $$(mkdocs get-deps); mkdocs build'
+	docker run ${MKDOCS_RUN_ARGS} --rm -it -p 8000:8000 -v ${CURRENT_DIR}:/docs ${MKDOCS_DOCKER_IMAGE} build
 
 .PHONY: serve-docs-local
 serve-docs-local:
@@ -573,7 +497,12 @@ serve-docs-local:
 
 .PHONY: serve-docs
 serve-docs:
-	$(DOCKER) run ${MKDOCS_RUN_ARGS} --rm -it -p 8000:8000 -v ${CURRENT_DIR}:/docs -w /docs --entrypoint "" ${MKDOCS_DOCKER_IMAGE} sh -c 'pip install mkdocs; pip install $$(mkdocs get-deps); mkdocs serve -a $$(ip route get 1 | awk '\''{print $$7}'\''):8000'
+	docker run ${MKDOCS_RUN_ARGS} --rm -it -p 8000:8000 -v ${CURRENT_DIR}:/docs ${MKDOCS_DOCKER_IMAGE} serve -a 0.0.0.0:8000
+
+.PHONY: lint-docs
+lint-docs:
+	#  https://github.com/dkhamsing/awesome_bot
+	find docs -name '*.md' -exec grep -l http {} + | xargs docker run --rm -v $(PWD):/mnt:ro dkhamsing/awesome_bot -t 3 --allow-dupe --allow-redirect --white-list `cat white-list | grep -v "#" | tr "\n" ','` --skip-save-results --
 
 # Verify that kubectl can connect to your K8s cluster from Docker
 .PHONY: verify-kube-connect
@@ -595,21 +524,21 @@ install-tools-local: install-test-tools-local install-codegen-tools-local instal
 # Installs all tools required for running unit & end-to-end tests (Linux packages)
 .PHONY: install-test-tools-local
 install-test-tools-local:
-	./hack/install.sh kustomize
-	./hack/install.sh helm
-	./hack/install.sh gotestsum
-	./hack/install.sh oras
+	sudo ./hack/install.sh packr-linux
+	sudo ./hack/install.sh kustomize-linux
+	sudo ./hack/install.sh ksonnet-linux
+	sudo ./hack/install.sh helm2-linux
+	sudo ./hack/install.sh helm-linux
 
 # Installs all tools required for running codegen (Linux packages)
 .PHONY: install-codegen-tools-local
 install-codegen-tools-local:
-	./hack/install.sh codegen-tools
+	sudo ./hack/install.sh codegen-tools
 
 # Installs all tools required for running codegen (Go packages)
 .PHONY: install-go-tools-local
 install-go-tools-local:
 	./hack/install.sh codegen-go-tools
-	./hack/install.sh lint-tools
 
 .PHONY: dep-ui
 dep-ui: test-tools-image
@@ -617,81 +546,3 @@ dep-ui: test-tools-image
 
 dep-ui-local:
 	cd ui && yarn install
-
-start-test-k8s:
-	go run ./hack/k8s
-
-.PHONY: list
-list:
-	@LC_ALL=C $(MAKE) -pRrq -f $(lastword $(MAKEFILE_LIST)) : 2>/dev/null | awk -v RS= -F: '/^# File/,/^# Finished Make data base/ {if ($$1 !~ "^[#.]") {print $$1}}' | sort | egrep -v -e '^[^[:alnum:]]' -e '^$@$$'
-
-.PHONY: applicationset-controller
-applicationset-controller:
-	GODEBUG="tarinsecurepath=0,zipinsecurepath=0" CGO_ENABLED=${CGO_FLAG} go build -v -ldflags '${LDFLAGS}' -o ${DIST_DIR}/argocd-applicationset-controller ./cmd
-
-.PHONY: checksums
-checksums:
-	sha256sum ./dist/$(BIN_NAME)-* | awk -F './dist/' '{print $$1 $$2}' > ./dist/$(BIN_NAME)-$(TARGET_VERSION)-checksums.txt
-
-.PHONY: snyk-container-tests
-snyk-container-tests:
-	./hack/snyk-container-tests.sh
-
-.PHONY: snyk-non-container-tests
-snyk-non-container-tests:
-	./hack/snyk-non-container-tests.sh
-
-.PHONY: snyk-report
-snyk-report:
-	./hack/snyk-report.sh $(target_branch)
-
-.PHONY: help
-help:
-	@echo 'Note: Generally an item w/ (-local) will run inside docker unless you use the -local variant'
-	@echo
-	@echo 'Common targets'
-	@echo
-	@echo 'all -- make cli and image'
-	@echo
-	@echo 'components:'
-	@echo '  applicationset-controller -- applicationset controller'
-	@echo '  cli(-local)               -- argocd cli program'
-	@echo '  controller                -- controller (orchestrator)'
-	@echo '  repo-server               -- repo server (manage repository instances)'
-	@echo '  server                    -- argocd web application'
-	@echo
-	@echo 'build:'
-	@echo '  image                     -- make image of the following items'
-	@echo '  build(-local)             -- compile go'
-	@echo '  build-docs(-local)        -- build docs'
-	@echo '  build-ui                  -- compile typescript'
-	@echo
-	@echo 'run:'
-	@echo '  run                       -- run the components locally'
-	@echo '  serve-docs(-local)        -- expose the documents for viewing in a browser'
-	@echo
-	@echo 'release:'
-	@echo '  release-cli'
-	@echo '  release-precheck'
-	@echo '  checksums'
-	@echo
-	@echo 'docs:'
-	@echo '  build-docs(-local)'
-	@echo '  serve-docs(-local)'
-	@echo '  notification-docs'
-	@echo '  clidocsgen'
-	@echo
-	@echo 'testing:'
-	@echo '  test(-local)'
-	@echo '  start-e2e(-local)'
-	@echo '  test-e2e(-local)'
-	@echo '  test-race(-local)'
-	@echo
-	@echo 'debug:'
-	@echo '  list -- list all make targets'
-	@echo '  install-tools-local -- install all the tools below'
-	@echo
-	@echo 'codegen:'
-	@echo '  codegen(-local) -- if using -local, run the following targets first'
-	@echo '  install-codegen-tools-local -- run this to install the codegen tools'
-	@echo '  install-go-tools-local -- run this to install go libraries for codegen'

OWNERS

@@ -1,34 +1,17 @@
 owners:
 - alexmt
-- crenshaw-dev
 - jessesuen
 
 approvers:
 - alexec
 - alexmt
-- gdsoumya
+- dthomson25
 - jannfis
 - jessesuen
-- jgwest
-- keithchong
 - mayzhang2000
-- rbreeze
-- leoluz
-- crenshaw-dev
-- pasha-codefresh
+- rachelwang20
 
 reviewers:
-- dthomson25
-- tetchel
-- terrytangyuan
+- jgwest
 - wtam2018
-- ishitasequeira
-- reginapizza
-- hblixt
-- chetan-rns
-- wanghong230
-- ciiay
-- saumeya
-- zachaller
-- 34fathombelow
-- alexef
+- tetchel

Procfile

@@ -1,14 +1,8 @@
-controller: [ "$BIN_MODE" = 'true' ] && COMMAND=./dist/argocd || COMMAND='go run ./cmd/main.go' && sh -c "GOCOVERDIR=${ARGOCD_COVERAGE_DIR:-/tmp/coverage/app-controller} HOSTNAME=testappcontroller-1  FORCE_LOG_COLORS=1 ARGOCD_FAKE_IN_CLUSTER=true ARGOCD_TLS_DATA_PATH=${ARGOCD_TLS_DATA_PATH:-/tmp/argocd-local/tls} ARGOCD_SSH_DATA_PATH=${ARGOCD_SSH_DATA_PATH:-/tmp/argocd-local/ssh} ARGOCD_BINARY_NAME=argocd-application-controller $COMMAND --loglevel debug --redis localhost:${ARGOCD_E2E_REDIS_PORT:-6379} --repo-server localhost:${ARGOCD_E2E_REPOSERVER_PORT:-8081} --commit-server localhost:${ARGOCD_E2E_COMMITSERVER_PORT:-8086} --otlp-address=${ARGOCD_OTLP_ADDRESS} --application-namespaces=${ARGOCD_APPLICATION_NAMESPACES:-''} --server-side-diff-enabled=${ARGOCD_APPLICATION_CONTROLLER_SERVER_SIDE_DIFF:-'false'} --hydrator-enabled=${ARGOCD_HYDRATOR_ENABLED:='false'}"
-api-server: [ "$BIN_MODE" = 'true' ] && COMMAND=./dist/argocd || COMMAND='go run ./cmd/main.go' && sh -c "GOCOVERDIR=${ARGOCD_COVERAGE_DIR:-/tmp/coverage/api-server} FORCE_LOG_COLORS=1 ARGOCD_FAKE_IN_CLUSTER=true ARGOCD_TLS_DATA_PATH=${ARGOCD_TLS_DATA_PATH:-/tmp/argocd-local/tls} ARGOCD_SSH_DATA_PATH=${ARGOCD_SSH_DATA_PATH:-/tmp/argocd-local/ssh} ARGOCD_BINARY_NAME=argocd-server $COMMAND --loglevel debug --redis localhost:${ARGOCD_E2E_REDIS_PORT:-6379} --disable-auth=${ARGOCD_E2E_DISABLE_AUTH:-'true'} --insecure --dex-server http://localhost:${ARGOCD_E2E_DEX_PORT:-5556} --repo-server localhost:${ARGOCD_E2E_REPOSERVER_PORT:-8081} --port ${ARGOCD_E2E_APISERVER_PORT:-8080} --otlp-address=${ARGOCD_OTLP_ADDRESS} --application-namespaces=${ARGOCD_APPLICATION_NAMESPACES:-''} --hydrator-enabled=${ARGOCD_HYDRATOR_ENABLED:='false'}"
-dex: sh -c "ARGOCD_BINARY_NAME=argocd-dex go run github.com/argoproj/argo-cd/v3/cmd gendexcfg -o `pwd`/dist/dex.yaml && (test -f dist/dex.yaml || { echo 'Failed to generate dex configuration'; exit 1; }) && docker run --rm -p ${ARGOCD_E2E_DEX_PORT:-5556}:${ARGOCD_E2E_DEX_PORT:-5556} -v `pwd`/dist/dex.yaml:/dex.yaml ghcr.io/dexidp/dex:$(grep "image: ghcr.io/dexidp/dex" manifests/base/dex/argocd-dex-server-deployment.yaml | cut -d':' -f3) dex serve /dex.yaml"
-redis: hack/start-redis-with-password.sh
-repo-server: [ "$BIN_MODE" = 'true' ] && COMMAND=./dist/argocd || COMMAND='go run ./cmd/main.go' && sh -c "GOCOVERDIR=${ARGOCD_COVERAGE_DIR:-/tmp/coverage/repo-server} FORCE_LOG_COLORS=1 ARGOCD_FAKE_IN_CLUSTER=true ARGOCD_GNUPGHOME=${ARGOCD_GNUPGHOME:-/tmp/argocd-local/gpg/keys} ARGOCD_PLUGINSOCKFILEPATH=${ARGOCD_PLUGINSOCKFILEPATH:-./test/cmp}  ARGOCD_GPG_DATA_PATH=${ARGOCD_GPG_DATA_PATH:-/tmp/argocd-local/gpg/source} ARGOCD_TLS_DATA_PATH=${ARGOCD_TLS_DATA_PATH:-/tmp/argocd-local/tls} ARGOCD_SSH_DATA_PATH=${ARGOCD_SSH_DATA_PATH:-/tmp/argocd-local/ssh} ARGOCD_BINARY_NAME=argocd-repo-server ARGOCD_GPG_ENABLED=${ARGOCD_GPG_ENABLED:-false} $COMMAND --loglevel debug --port ${ARGOCD_E2E_REPOSERVER_PORT:-8081} --redis localhost:${ARGOCD_E2E_REDIS_PORT:-6379} --otlp-address=${ARGOCD_OTLP_ADDRESS}"
-cmp-server: [ "$ARGOCD_E2E_TEST" = 'true' ] && exit 0 || [ "$BIN_MODE" = 'true' ] && COMMAND=./dist/argocd || COMMAND='go run ./cmd/main.go' && sh -c "FORCE_LOG_COLORS=1 ARGOCD_FAKE_IN_CLUSTER=true ARGOCD_BINARY_NAME=argocd-cmp-server ARGOCD_PLUGINSOCKFILEPATH=${ARGOCD_PLUGINSOCKFILEPATH:-./test/cmp} $COMMAND --config-dir-path ./test/cmp --loglevel debug --otlp-address=${ARGOCD_OTLP_ADDRESS}"
-commit-server: [ "$BIN_MODE" = 'true' ] && COMMAND=./dist/argocd || COMMAND='go run ./cmd/main.go' && sh -c "GOCOVERDIR=${ARGOCD_COVERAGE_DIR:-/tmp/coverage/commit-server} FORCE_LOG_COLORS=1 ARGOCD_BINARY_NAME=argocd-commit-server $COMMAND --loglevel debug --port ${ARGOCD_E2E_COMMITSERVER_PORT:-8086}"
+controller: sh -c "FORCE_LOG_COLORS=1 ARGOCD_FAKE_IN_CLUSTER=true ARGOCD_TLS_DATA_PATH=${ARGOCD_TLS_DATA_PATH:-/tmp/argocd-local/tls} ARGOCD_SSH_DATA_PATH=${ARGOCD_SSH_DATA_PATH:-/tmp/argocd-local/ssh} ARGOCD_BINARY_NAME=argocd-application-controller go run ./cmd/main.go --loglevel debug --redis localhost:${ARGOCD_E2E_REDIS_PORT:-6379} --repo-server localhost:${ARGOCD_E2E_REPOSERVER_PORT:-8081}"
+api-server: sh -c "FORCE_LOG_COLORS=1 ARGOCD_FAKE_IN_CLUSTER=true ARGOCD_TLS_DATA_PATH=${ARGOCD_TLS_DATA_PATH:-/tmp/argocd-local/tls} ARGOCD_SSH_DATA_PATH=${ARGOCD_SSH_DATA_PATH:-/tmp/argocd-local/ssh} ARGOCD_BINARY_NAME=argocd-server go run ./cmd/main.go --loglevel debug --redis localhost:${ARGOCD_E2E_REDIS_PORT:-6379} --disable-auth=${ARGOCD_E2E_DISABLE_AUTH:-'true'} --insecure --dex-server http://localhost:${ARGOCD_E2E_DEX_PORT:-5556} --repo-server localhost:${ARGOCD_E2E_REPOSERVER_PORT:-8081} --port ${ARGOCD_E2E_APISERVER_PORT:-8080} --staticassets ui/dist/app"
+dex: sh -c "ARGOCD_BINARY_NAME=argocd-dex go run github.com/argoproj/argo-cd/cmd gendexcfg -o `pwd`/dist/dex.yaml && docker run --rm -p ${ARGOCD_E2E_DEX_PORT:-5556}:${ARGOCD_E2E_DEX_PORT:-5556} -v `pwd`/dist/dex.yaml:/dex.yaml ghcr.io/dexidp/dex:v2.27.0 serve /dex.yaml"
+redis: docker run --rm --name argocd-redis -i -p ${ARGOCD_E2E_REDIS_PORT:-6379}:${ARGOCD_E2E_REDIS_PORT:-6379} redis:5.0.10-alpine --save "" --appendonly no --port ${ARGOCD_E2E_REDIS_PORT:-6379}
+repo-server: sh -c "FORCE_LOG_COLORS=1 ARGOCD_FAKE_IN_CLUSTER=true ARGOCD_GNUPGHOME=${ARGOCD_GNUPGHOME:-/tmp/argocd-local/gpg/keys} ARGOCD_GPG_DATA_PATH=${ARGOCD_GPG_DATA_PATH:-/tmp/argocd-local/gpg/source} ARGOCD_TLS_DATA_PATH=${ARGOCD_TLS_DATA_PATH:-/tmp/argocd-local/tls} ARGOCD_SSH_DATA_PATH=${ARGOCD_SSH_DATA_PATH:-/tmp/argocd-local/ssh} ARGOCD_BINARY_NAME=argocd-repo-server go run ./cmd/main.go --loglevel debug --port ${ARGOCD_E2E_REPOSERVER_PORT:-8081} --redis localhost:${ARGOCD_E2E_REDIS_PORT:-6379}"
 ui: sh -c 'cd ui && ${ARGOCD_E2E_YARN_CMD:-yarn} start'
 git-server: test/fixture/testrepos/start-git.sh
-helm-registry: test/fixture/testrepos/start-helm-registry.sh
-oci-registry: test/fixture/testrepos/start-authenticated-helm-registry.sh
 dev-mounter: [[ "$ARGOCD_E2E_TEST" != "true" ]] && go run hack/dev-mounter/main.go --configmap argocd-ssh-known-hosts-cm=${ARGOCD_SSH_DATA_PATH:-/tmp/argocd-local/ssh} --configmap argocd-tls-certs-cm=${ARGOCD_TLS_DATA_PATH:-/tmp/argocd-local/tls} --configmap argocd-gpg-keys-cm=${ARGOCD_GPG_DATA_PATH:-/tmp/argocd-local/gpg/source}
-applicationset-controller: [ "$BIN_MODE" = 'true' ] && COMMAND=./dist/argocd || COMMAND='go run ./cmd/main.go' && sh -c "GOCOVERDIR=${ARGOCD_COVERAGE_DIR:-/tmp/coverage/applicationset-controller} FORCE_LOG_COLORS=4 ARGOCD_FAKE_IN_CLUSTER=true ARGOCD_TLS_DATA_PATH=${ARGOCD_TLS_DATA_PATH:-/tmp/argocd-local/tls} ARGOCD_SSH_DATA_PATH=${ARGOCD_SSH_DATA_PATH:-/tmp/argocd-local/ssh} ARGOCD_BINARY_NAME=argocd-applicationset-controller $COMMAND --loglevel debug --metrics-addr localhost:12345 --probe-addr localhost:12346 --argocd-repo-server localhost:${ARGOCD_E2E_REPOSERVER_PORT:-8081}"
-notification: [ "$BIN_MODE" = 'true' ] && COMMAND=./dist/argocd || COMMAND='go run ./cmd/main.go' && sh -c "GOCOVERDIR=${ARGOCD_COVERAGE_DIR:-/tmp/coverage/notification} FORCE_LOG_COLORS=4 ARGOCD_FAKE_IN_CLUSTER=true ARGOCD_TLS_DATA_PATH=${ARGOCD_TLS_DATA_PATH:-/tmp/argocd-local/tls} ARGOCD_BINARY_NAME=argocd-notifications $COMMAND --loglevel debug --application-namespaces=${ARGOCD_APPLICATION_NAMESPACES:-''} --self-service-notification-enabled=${ARGOCD_NOTIFICATION_CONTROLLER_SELF_SERVICE_NOTIFICATION_ENABLED:-'false'}"

README.md

@@ -1,18 +1,8 @@
-**Releases:**
-[![Release Version](https://img.shields.io/github/v/release/argoproj/argo-cd?label=argo-cd)](https://github.com/argoproj/argo-cd/releases/latest)
-[![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/argo-cd)](https://artifacthub.io/packages/helm/argo/argo-cd)
-[![SLSA 3](https://slsa.dev/images/gh-badge-level3.svg)](https://slsa.dev)
-
-**Code:** 
 [![Integration tests](https://github.com/argoproj/argo-cd/workflows/Integration%20tests/badge.svg?branch=master)](https://github.com/argoproj/argo-cd/actions?query=workflow%3A%22Integration+tests%22)
+[![slack](https://img.shields.io/badge/slack-argoproj-brightgreen.svg?logo=slack)](https://argoproj.github.io/community/join-slack)
 [![codecov](https://codecov.io/gh/argoproj/argo-cd/branch/master/graph/badge.svg)](https://codecov.io/gh/argoproj/argo-cd)
+[![Release Version](https://img.shields.io/github/v/release/argoproj/argo-cd?label=argo-cd)](https://github.com/argoproj/argo-cd/releases/latest)
 [![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/4486/badge)](https://bestpractices.coreinfrastructure.org/projects/4486)
-[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/argoproj/argo-cd/badge)](https://scorecard.dev/viewer/?uri=github.com/argoproj/argo-cd)
-
-**Social:**
-[![Twitter Follow](https://img.shields.io/twitter/follow/argoproj?style=social)](https://twitter.com/argoproj)
-[![Slack](https://img.shields.io/badge/slack-argoproj-brightgreen.svg?logo=slack)](https://argoproj.github.io/community/join-slack)
-[![LinkedIn](https://img.shields.io/badge/LinkedIn-argoproj-blue.svg?logo=linkedin)](https://www.linkedin.com/company/argoproj/)
 
 # Argo CD - Declarative Continuous Delivery for Kubernetes
 
@@ -38,52 +28,26 @@ Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes.
 To learn more about Argo CD [go to the complete documentation](https://argo-cd.readthedocs.io/).
 Check live demo at https://cd.apps.argoproj.io/.
 
-## Community
+## Community Blogs and Presentations
 
-### Contribution, Discussion and Support
-
- You can reach the Argo CD community and developers via the following channels:
-
-* Q & A : [Github Discussions](https://github.com/argoproj/argo-cd/discussions)
-* Chat : [The #argo-cd Slack channel](https://argoproj.github.io/community/join-slack)
-* Contributors Office Hours: [Every Thursday](https://calendar.google.com/calendar/u/0/embed?src=argoproj@gmail.com) | [Agenda](https://docs.google.com/document/d/1xkoFkVviB70YBzSEa4bDnu-rUZ1sIFtwKKG1Uw8XsY8)
-* User Community meeting: [First Wednesday of the month](https://calendar.google.com/calendar/u/0/embed?src=argoproj@gmail.com) | [Agenda](https://docs.google.com/document/d/1ttgw98MO45Dq7ZUHpIiOIEfbyeitKHNfMjbY5dLLMKQ)
-
-
-Participation in the Argo CD project is governed by the [CNCF Code of Conduct](https://github.com/cncf/foundation/blob/master/code-of-conduct.md)
-
-
-### Blogs and Presentations
-
-1. [Awesome-Argo: A Curated List of Awesome Projects and Resources Related to Argo](https://github.com/terrytangyuan/awesome-argo)
-1. [Unveil the Secret Ingredients of Continuous Delivery at Enterprise Scale with Argo CD](https://akuity.io/blog/secret-ingredients-of-continuous-delivery-at-enterprise-scale-with-argocd/)
-1. [GitOps Without Pipelines With ArgoCD Image Updater](https://youtu.be/avPUQin9kzU)
-1. [Combining Argo CD (GitOps), Crossplane (Control Plane), And KubeVela (OAM)](https://youtu.be/eEcgn_gU3SM)
-1. [How to Apply GitOps to Everything - Combining Argo CD and Crossplane](https://youtu.be/yrj4lmScKHQ)
-1. [Couchbase - How To Run a Database Cluster in Kubernetes Using Argo CD](https://youtu.be/nkPoPaVzExY)
 1. [Automation of Everything - How To Combine Argo Events, Workflows & Pipelines, CD, and Rollouts](https://youtu.be/XNXJtxkUKeY)
 1. [Environments Based On Pull Requests (PRs): Using Argo CD To Apply GitOps Principles On Previews](https://youtu.be/cpAaI8p4R60)
 1. [Argo CD: Applying GitOps Principles To Manage Production Environment In Kubernetes](https://youtu.be/vpWQeoaiRM4)
 1. [Creating Temporary Preview Environments Based On Pull Requests With Argo CD And Codefresh](https://codefresh.io/continuous-deployment/creating-temporary-preview-environments-based-pull-requests-argo-cd-codefresh/)
 1. [Tutorial: Everything You Need To Become A GitOps Ninja](https://www.youtube.com/watch?v=r50tRQjisxw) 90m tutorial on GitOps and Argo CD.
 1. [Comparison of Argo CD, Spinnaker, Jenkins X, and Tekton](https://www.inovex.de/blog/spinnaker-vs-argo-cd-vs-tekton-vs-jenkins-x/)
-1. [Simplify and Automate Deployments Using GitOps with IBM Multicloud Manager 3.1.2](https://www.ibm.com/cloud/blog/simplify-and-automate-deployments-using-gitops-with-ibm-multicloud-manager-3-1-2)
+1. [Simplify and Automate Deployments Using GitOps with IBM Multicloud Manager 3.1.2](https://medium.com/ibm-cloud/simplify-and-automate-deployments-using-gitops-with-ibm-multicloud-manager-3-1-2-4395af317359)
 1. [GitOps for Kubeflow using Argo CD](https://v0-6.kubeflow.org/docs/use-cases/gitops-for-kubeflow/)
 1. [GitOps Toolsets on Kubernetes with CircleCI and Argo CD](https://www.digitalocean.com/community/tutorials/webinar-series-gitops-tool-sets-on-kubernetes-with-circleci-and-argo-cd)
+1. [Simplify and Automate Deployments Using GitOps with IBM Multicloud Manager](https://www.ibm.com/blogs/bluemix/2019/02/simplify-and-automate-deployments-using-gitops-with-ibm-multicloud-manager-3-1-2/)
 1. [CI/CD in Light Speed with K8s and Argo CD](https://www.youtube.com/watch?v=OdzH82VpMwI&feature=youtu.be)
 1. [Machine Learning as Code](https://www.youtube.com/watch?v=VXrGp5er1ZE&t=0s&index=135&list=PLj6h78yzYM2PZf9eA7bhWnIh_mK1vyOfU). Among other things, describes how Kubeflow uses Argo CD to implement GitOPs for ML
 1. [Argo CD - GitOps Continuous Delivery for Kubernetes](https://www.youtube.com/watch?v=aWDIQMbp1cc&feature=youtu.be&t=1m4s)
 1. [Introduction to Argo CD : Kubernetes DevOps CI/CD](https://www.youtube.com/watch?v=2WSJF7d8dUg&feature=youtu.be)
-1. [GitOps Deployment and Kubernetes - using Argo CD](https://medium.com/riskified-technology/gitops-deployment-and-kubernetes-f1ab289efa4b)
+1. [GitOps Deployment and Kubernetes - using ArgoCD](https://medium.com/riskified-technology/gitops-deployment-and-kubernetes-f1ab289efa4b)
 1. [Deploy Argo CD with Ingress and TLS in Three Steps: No YAML Yak Shaving Required](https://itnext.io/deploy-argo-cd-with-ingress-and-tls-in-three-steps-no-yaml-yak-shaving-required-bc536d401491)
 1. [GitOps Continuous Delivery with Argo and Codefresh](https://codefresh.io/events/cncf-member-webinar-gitops-continuous-delivery-argo-codefresh/)
-1. [Stay up to date with Argo CD and Renovate](https://mjpitz.com/blog/2020/12/03/renovate-your-gitops/)
+1. [Stay up to date with ArgoCD and Renovate](https://mjpitz.com/blog/2020/12/03/renovate-your-gitops/)
 1. [Setting up Argo CD with Helm](https://www.arthurkoziel.com/setting-up-argocd-with-helm/)
-1. [Applied GitOps with Argo CD](https://thenewstack.io/applied-gitops-with-argocd/)
+1. [Applied GitOps with ArgoCD](https://thenewstack.io/applied-gitops-with-argocd/)
 1. [Solving configuration drift using GitOps with Argo CD](https://www.cncf.io/blog/2020/12/17/solving-configuration-drift-using-gitops-with-argo-cd/)
-1. [Decentralized GitOps over environments](https://blogs.sap.com/2021/05/06/decentralized-gitops-over-environments/)
-1. [Getting Started with ArgoCD for GitOps Deployments](https://youtu.be/AvLuplh1skA)
-1. [Using Argo CD & Datree for Stable Kubernetes CI/CD Deployments](https://youtu.be/17894DTru2Y)
-1. [How to create Argo CD Applications Automatically using ApplicationSet? "Automation of GitOps"](https://amralaayassen.medium.com/how-to-create-argocd-applications-automatically-using-applicationset-automation-of-the-gitops-59455eaf4f72)
-1. [Progressive Delivery with Service Mesh – Argo Rollouts with Istio](https://www.cncf.io/blog/2022/12/16/progressive-delivery-with-service-mesh-argo-rollouts-with-istio/)
-

SECURITY-INSIGHTS.yml

@@ -1,128 +0,0 @@
-header:
-  schema-version: 1.0.0
-  expiration-date: '2024-10-31T00:00:00.000Z' # One year from initial release.
-  last-updated: '2023-10-27'
-  last-reviewed: '2023-10-27'
-  commit-hash: 226a670fe6b3c6769ff6d18e6839298a58e4577d
-  project-url: https://github.com/argoproj/argo-cd
-  project-release: v3.1.0
-  changelog: https://github.com/argoproj/argo-cd/releases
-  license: https://github.com/argoproj/argo-cd/blob/master/LICENSE
-project-lifecycle:
-  status: active
-  roadmap: https://github.com/orgs/argoproj/projects/25
-  bug-fixes-only: false
-  core-maintainers:
-    - https://github.com/argoproj/argoproj/blob/master/MAINTAINERS.md
-  release-cycle: https://argo-cd.readthedocs.io/en/stable/developer-guide/release-process-and-cadence/
-  release-process: https://argo-cd.readthedocs.io/en/stable/developer-guide/release-process-and-cadence/#release-process
-contribution-policy:
-  accepts-pull-requests: true
-  accepts-automated-pull-requests: true
-  automated-tools-list:
-    - automated-tool: dependabot
-      action: allowed
-      path:
-        - /
-    - automated-tool: snyk-report
-      action: allowed
-      path:
-        - docs/snyk
-      comment: |
-        This tool runs Snyk and generates a report of vulnerabilities in the project's dependencies. The report is 
-        placed in the project's documentation. The workflow is defined here:
-        https://github.com/argoproj/argo-cd/blob/master/.github/workflows/update-snyk.yaml
-  contributing-policy: https://argo-cd.readthedocs.io/en/stable/developer-guide/code-contributions/
-  code-of-conduct: https://github.com/cncf/foundation/blob/master/code-of-conduct.md
-documentation:
-  - https://argo-cd.readthedocs.io/
-distribution-points:
-  - https://github.com/argoproj/argo-cd/releases
-  - https://quay.io/repository/argoproj/argocd
-security-artifacts:
-  threat-model:
-    threat-model-created: true
-    evidence-url:
-      - https://github.com/argoproj/argoproj/blob/master/docs/argo_threat_model.pdf
-      - https://github.com/argoproj/argoproj/blob/master/docs/end_user_threat_model.pdf
-  self-assessment:
-    self-assessment-created: false
-    comment: |
-      An extensive self-assessment was performed for CNCF graduation. Because the self-assessment process was evolving
-      at the time, no standardized document has been published.
-security-testing:
-  - tool-type: sca
-    tool-name: Dependabot
-    tool-version: "2"
-    tool-url: https://github.com/dependabot
-    integration:
-      ad-hoc: false
-      ci: false
-      before-release: false
-    tool-rulesets:
-      - https://github.com/argoproj/argo-cd/blob/master/.github/dependabot.yml
-  - tool-type: sca
-    tool-name: Snyk
-    tool-version: latest
-    tool-url: https://snyk.io/
-    integration:
-      ad-hoc: true
-      ci: true
-      before-release: false
-  - tool-type: sast
-    tool-name: CodeQL
-    tool-version: latest
-    tool-url: https://codeql.github.com/
-    integration:
-      ad-hoc: false
-      ci: true
-      before-release: false
-    comment: |
-      We use the default configuration with the latest version.
-security-assessments:
-  - auditor-name: Trail of Bits
-    auditor-url: https://trailofbits.com
-    auditor-report: https://github.com/argoproj/argoproj/blob/master/docs/argo_security_final_report.pdf
-    report-year: 2021
-  - auditor-name: Ada Logics
-    auditor-url: https://adalogics.com
-    auditor-report: https://github.com/argoproj/argoproj/blob/master/docs/argo_security_audit_2022.pdf
-    report-year: 2022
-  - auditor-name: Ada Logics
-    auditor-url: https://adalogics.com
-    auditor-report: https://github.com/argoproj/argoproj/blob/master/docs/audit_fuzzer_adalogics_2022.pdf
-    report-year: 2022
-    comment: |
-      Part of the audit was performed by Ada Logics, focussed on fuzzing.
-  - auditor-name: Chainguard
-    auditor-url: https://chainguard.dev
-    auditor-report: https://github.com/argoproj/argoproj/blob/master/docs/software_supply_chain_slsa_assessment_chainguard_2023.pdf
-    report-year: 2023
-    comment: |
-      Confirmed the project's release process as achieving SLSA (v0.1) level 3.
-security-contacts:
-  - type: email
-    value: cncf-argo-security@lists.cncf.io
-    primary: true
-vulnerability-reporting:
-  accepts-vulnerability-reports: true
-  email-contact: cncf-argo-security@lists.cncf.io
-  security-policy: https://github.com/argoproj/argo-cd/security/policy
-  bug-bounty-available: true
-  bug-bounty-url: https://hackerone.com/ibb/policy_scopes
-  out-scope:
-    - vulnerable and outdated components # See https://github.com/argoproj/argo-cd/blob/master/SECURITY.md#a-word-about-security-scanners
-    - security logging and monitoring failures
-dependencies:
-  third-party-packages: true
-  dependencies-lists:
-    - https://github.com/argoproj/argo-cd/blob/master/go.mod
-    - https://github.com/argoproj/argo-cd/blob/master/Dockerfile
-    - https://github.com/argoproj/argo-cd/blob/master/ui/package.json
-  sbom:
-    - sbom-file: https://github.com/argoproj/argo-cd/releases # Every release's assets include SBOMs.
-      sbom-format: SPDX
-  dependencies-lifecycle:
-    policy-url: https://argo-cd.readthedocs.io/en/stable/developer-guide/release-process-and-cadence/#dependencies-lifecycle-policy
-  env-dependencies-policy:
-    policy-url: https://argo-cd.readthedocs.io/en/stable/developer-guide/release-process-and-cadence/#dependencies-lifecycle-policy

SECURITY.md

@@ -1,45 +1,22 @@
 # Security Policy for Argo CD
 
-Version: **v1.5 (2023-03-06)**
+Version: **v1.0 (2020-02-26)**
 
 ## Preface
 
 As a deployment tool, Argo CD needs to have production access which makes
 security a very important topic. The Argoproj team takes security very
-seriously and is continuously working on improving it.
-
-## A word about security scanners
-
-Many organisations these days employ security scanners to validate their
-container images before letting them on their clusters, and that is a good
-thing. However, the quality and results of these scanners vary greatly,
-many of them produce false positives and require people to look at the
-issues reported and validate them for correctness. A great example of that
-is, that some scanners report kernel vulnerabilities for container images
-just because they are derived from some distribution.
-
-We kindly ask you to not raise issues or contact us regarding any issues
-that are found by your security scanner. Many of those produce a lot of false
-positives, and many of these issues don't affect Argo CD. We do have scanners
-in place for our code, dependencies and container images that we publish. We
-are well aware of the issues that may affect Argo CD and are constantly
-working on the remediation of those that affect Argo CD and our users.
-
-If you believe that we might have missed an issue that we should take a look
-at (that can happen), then please discuss it with us. If there is a CVE
-assigned to the issue, please do open an issue on our GitHub tracker instead
-of writing to the security contact e-mail, since things reported by scanners
-are public already and the discussion that might emerge is of benefit to the
-general community. However, please validate your scanner results and its
-impact on Argo CD before opening an issue at least roughly.
+seriously and is continuously working on improving it. 
 
 ## Supported Versions
 
-We currently support the last 3 minor versions of Argo CD with security and bug fixes.
+We currently support the most recent release (`N`, e.g. `1.8`) and the release
+previous to the most recent one (`N-1`, e.g. `1.7`). With the release of
+`N+1`, `N-1` drops out of support and `N` becomes `N-1`.
 
 We regularly perform patch releases (e.g. `1.8.5` and `1.7.12`) for the
 supported versions, which will contain fixes for security vulnerabilities and
-important bugs. Prior releases might receive critical security fixes on best
+important bugs. Prior releases might receive critical security fixes on a best
 effort basis, however, it cannot be guaranteed that security fixes get
 back-ported to these unsupported versions.
 
@@ -50,7 +27,7 @@ of releasing it within a patch branch for the currently supported releases.
 
 ## Reporting a Vulnerability
 
-If you find a security related bug in Argo CD, we kindly ask you for responsible
+If you find a security related bug in ArgoCD, we kindly ask you for responsible
 disclosure and for giving us appropriate time to react, analyze and develop a
 fix to mitigate the found security vulnerability.
 
@@ -58,32 +35,13 @@ We will do our best to react quickly on your inquiry, and to coordinate a fix
 and disclosure with you. Sometimes, it might take a little longer for us to
 react (e.g. out of office conditions), so please bear with us in these cases.
 
-We will publish security advisories using the
-[GitHub Security Advisories](https://github.com/argoproj/argo-cd/security/advisories)
-feature to keep our community well-informed, and will credit you for your
-findings (unless you prefer to stay anonymous, of course).
+We will publish security advisiories using the Git Hub SA feature to keep our
+community well informed, and will credit you for your findings (unless you
+prefer to stay anonymous, of course).
 
-There are two ways to report a vulnerability to the Argo CD team:
+Please report vulnerabilities by e-mail to all of the following people:
 
-* By opening a draft GitHub security advisory: https://github.com/argoproj/argo-cd/security/advisories/new
-* By e-mail to the following address: cncf-argo-security@lists.cncf.io
-
-## Internet Bug Bounty collaboration
-
-We're happy to announce that the Argo project is collaborating with the great
-folks over at
-[Hacker One](https://hackerone.com/) and their
-[Internet Bug Bounty program](https://hackerone.com/ibb)
-to reward the awesome people who find security vulnerabilities in the four
-main Argo projects (CD, Events, Rollouts and Workflows) and then work with
-us to fix and disclose them in a responsible manner.
-
-If you report a vulnerability to us as outlined in this security policy, we
-will work together with you to find out whether your finding is eligible for
-claiming a bounty, and also on how to claim it.
-
-## Securing your Argo CD Instance
-
-See the [operator manual security page](docs/operator-manual/security.md) for
-additional information about Argo CD's security features and how to make your
-Argo CD production ready.
+* jfischer@redhat.com
+* Jesse_Suen@intuit.com
+* Alexander_Matyushentsev@intuit.com
+* Edward_Lee@intuit.com

SECURITY_CONTACTS

@@ -1,7 +1,7 @@
 # Defined below are the security contacts for this repo.
 #
 # DO NOT REPORT SECURITY VULNERABILITIES DIRECTLY TO THESE NAMES, FOLLOW THE
-# INSTRUCTIONS AT https://github.com/argoproj/argo-cd/security/policy
+# INSTRUCTIONS AT https://argo-cd.readthedocs.io/en/latest/security_considerations/#reporting-vulnerabilities
 
 alexmt
 edlee2121

Tiltfile

@@ -1,282 +0,0 @@
-load('ext://restart_process', 'docker_build_with_restart')
-load('ext://uibutton', 'cmd_button', 'location')
-
-# add ui button in web ui to run make codegen-local (top nav)
-cmd_button(
-    'make codegen-local',
-    argv=['sh', '-c', 'make codegen-local'],
-    location=location.NAV,
-    icon_name='terminal',
-    text='make codegen-local',
-)
-
-# add ui button in web ui to run make codegen-local (top nav)
-cmd_button(
-    'make cli-local',
-    argv=['sh', '-c', 'make cli-local'],
-    location=location.NAV,
-    icon_name='terminal',
-    text='make cli-local',
-)
-
-# detect cluster architecture for build
-cluster_version = decode_yaml(local('kubectl version -o yaml'))
-platform = cluster_version['serverVersion']['platform']
-arch = platform.split('/')[1]
-
-# build the argocd binary on code changes
-code_deps = [
-    'applicationset',
-    'cmd',
-    'cmpserver',
-    'commitserver',
-    'common',
-    'controller',
-    'notification-controller',
-    'pkg',
-    'reposerver',
-    'server',
-    'util',
-    'go.mod',
-    'go.sum',
-]
-local_resource(
-    'build',
-    'CGO_ENABLED=0 GOOS=linux GOARCH=' + arch + ' go build -gcflags="all=-N -l" -mod=readonly -o .tilt-bin/argocd_linux cmd/main.go',
-    deps = code_deps,
-    allow_parallel=True,
-)
-
-# deploy the argocd manifests
-k8s_yaml(kustomize('manifests/dev-tilt'))
-
-# build dev image
-docker_build_with_restart(
-    'argocd', 
-    context='.',
-    dockerfile='Dockerfile.tilt',
-    entrypoint=[
-        "/usr/bin/tini",
-        "-s",
-        "--",
-        "dlv",
-        "exec",
-        "--continue",
-        "--accept-multiclient",
-        "--headless",
-        "--listen=:2345",
-        "--api-version=2"
-    ],
-    platform=platform,
-    live_update=[
-        sync('.tilt-bin/argocd_linux_amd64', '/usr/local/bin/argocd'),
-    ],
-    only=[
-        '.tilt-bin',
-        'hack',
-        'entrypoint.sh',
-    ],
-    restart_file='/tilt/.restart-proc'
-)
-
-# build image for argocd-cli jobs
-docker_build(
-    'argocd-job', 
-    context='.',
-    dockerfile='Dockerfile.tilt',
-    platform=platform,
-    only=[
-        '.tilt-bin',
-        'hack',
-        'entrypoint.sh',
-    ]
-)
-
-# track argocd-server resources and port forward
-k8s_resource(
-    workload='argocd-server',
-    objects=[
-        'argocd-server:serviceaccount',
-        'argocd-server:role',
-        'argocd-server:rolebinding',
-        'argocd-cm:configmap',
-        'argocd-cmd-params-cm:configmap',
-        'argocd-gpg-keys-cm:configmap',
-        'argocd-rbac-cm:configmap',
-        'argocd-ssh-known-hosts-cm:configmap',
-        'argocd-tls-certs-cm:configmap',
-        'argocd-secret:secret',
-        'argocd-server-network-policy:networkpolicy',
-        'argocd-server:clusterrolebinding',
-        'argocd-server:clusterrole',
-    ],
-    port_forwards=[
-        '8080:8080',
-        '9345:2345',
-        '8083:8083'
-    ],
-)
-
-# track crds
-k8s_resource(
-    new_name='cluster-resources',
-    objects=[
-        'applications.argoproj.io:customresourcedefinition',
-        'applicationsets.argoproj.io:customresourcedefinition',
-        'appprojects.argoproj.io:customresourcedefinition',
-        'argocd:namespace'
-    ]
-)
-
-# track argocd-repo-server resources and port forward
-k8s_resource(
-    workload='argocd-repo-server',
-    objects=[
-        'argocd-repo-server:serviceaccount',
-        'argocd-repo-server-network-policy:networkpolicy',
-    ],
-    port_forwards=[
-        '8081:8081',
-        '9346:2345',
-        '8084:8084'
-    ],
-)
-
-# track argocd-redis resources and port forward
-k8s_resource(
-    workload='argocd-redis',
-    objects=[
-        'argocd-redis:serviceaccount',
-        'argocd-redis:role',
-        'argocd-redis:rolebinding',
-        'argocd-redis-network-policy:networkpolicy',
-    ],
-    port_forwards=[
-        '6379:6379',
-    ],
-)
-
-# track argocd-applicationset-controller resources
-k8s_resource(
-    workload='argocd-applicationset-controller',
-    objects=[
-        'argocd-applicationset-controller:serviceaccount',
-        'argocd-applicationset-controller-network-policy:networkpolicy',
-        'argocd-applicationset-controller:role',
-        'argocd-applicationset-controller:rolebinding',
-        'argocd-applicationset-controller:clusterrolebinding',
-        'argocd-applicationset-controller:clusterrole',
-    ],
-    port_forwards=[
-        '9347:2345',
-        '8085:8080',
-        '7000:7000'
-    ],
-)
-
-# track argocd-application-controller resources
-k8s_resource(
-    workload='argocd-application-controller',
-    objects=[
-        'argocd-application-controller:serviceaccount',
-        'argocd-application-controller-network-policy:networkpolicy',
-        'argocd-application-controller:role',
-        'argocd-application-controller:rolebinding',
-        'argocd-application-controller:clusterrolebinding',
-        'argocd-application-controller:clusterrole',
-    ],
-    port_forwards=[
-        '9348:2345',
-        '8086:8082',
-    ],
-)
-
-# track argocd-notifications-controller resources
-k8s_resource(
-    workload='argocd-notifications-controller',
-    objects=[
-        'argocd-notifications-controller:serviceaccount',
-        'argocd-notifications-controller-network-policy:networkpolicy',
-        'argocd-notifications-controller:role',
-        'argocd-notifications-controller:rolebinding',
-        'argocd-notifications-cm:configmap',
-        'argocd-notifications-secret:secret',
-    ],
-    port_forwards=[
-        '9349:2345',
-        '8087:9001',
-    ],
-)
-
-# track argocd-dex-server resources
-k8s_resource(
-    workload='argocd-dex-server',
-    objects=[
-        'argocd-dex-server:serviceaccount',
-        'argocd-dex-server-network-policy:networkpolicy',
-        'argocd-dex-server:role',
-        'argocd-dex-server:rolebinding',
-    ],
-)
-
-# track argocd-commit-server resources
-k8s_resource(
-    workload='argocd-commit-server',
-    objects=[
-        'argocd-commit-server:serviceaccount',
-        'argocd-commit-server-network-policy:networkpolicy',
-    ],
-    port_forwards=[
-        '9350:2345',
-        '8088:8087',
-        '8089:8086',
-    ],
-)
-
-# docker for ui
-docker_build(
-    'argocd-ui',
-    context='.',
-    dockerfile='Dockerfile.ui.tilt',
-    entrypoint=['sh', '-c', 'cd /app/ui && yarn start'], 
-    only=['ui'],
-    live_update=[
-        sync('ui', '/app/ui'),
-        run('sh -c "cd /app/ui && yarn install"', trigger=['/app/ui/package.json', '/app/ui/yarn.lock']),
-    ],
-)
-
-# track argocd-ui resources and port forward
-k8s_resource(
-    workload='argocd-ui',
-    port_forwards=[
-        '4000:4000',
-    ],
-)
-
-# linting
-local_resource(
-    'lint',
-    'make lint-local',
-    deps = code_deps,
-    allow_parallel=True,
-)
-
-local_resource(
-    'lint-ui',
-    'make lint-ui-local',
-    deps = [
-        'ui',
-    ],
-    allow_parallel=True,
-)
-
-local_resource(
-    'vendor',
-    'go mod vendor',
-    deps = [
-        'go.mod',
-        'go.sum',
-    ],
-)
-

USERS.md

@@ -1,416 +1,120 @@
 ## Who uses Argo CD?
 
-As the Argo Community grows, we'd like to keep track of our users. Please send a
-PR with your organization name if you are using Argo CD.
+As the Argo Community grows, we'd like to keep track of our users. Please send a PR with your organization name if you are using Argo CD.
 
 Currently, the following organizations are **officially** using Argo CD:
 
 1. [127Labs](https://127labs.com/)
 1. [3Rein](https://www.3rein.com/)
-1. [4data](https://4data.ch/)
 1. [7shifts](https://www.7shifts.com/)
 1. [Adevinta](https://www.adevinta.com/)
-1. [Adfinis](https://adfinis.com)
-1. [Adobe](https://www.adobe.com/)
-1. [Adventure](https://jp.adventurekk.com/)
-1. [Adyen](https://www.adyen.com)
-1. [AirQo](https://airqo.net/)
-1. [Akuity](https://akuity.io/)
-1. [Alarm.com](https://alarm.com/)
-1. [Alauda](https://alauda.io/)
-1. [Albert Heijn](https://ah.nl/)
-1. [Alibaba Group](https://www.alibabagroup.com/)
-1. [Allianz Direct](https://www.allianzdirect.de/)
-1. [AlphaSense](https://www.alpha-sense.com/)
-1. [Amadeus IT Group](https://amadeus.com/)
-1. [Ambassador Labs](https://www.getambassador.io/)
-1. [Ancestry](https://www.ancestry.com/)
-1. [Andgo Systems](https://www.andgosystems.com/)
 1. [ANSTO - Australian Synchrotron](https://www.synchrotron.org.au/)
-1. [Ant Group](https://www.antgroup.com/)
 1. [AppDirect](https://www.appdirect.com)
 1. [Arctiq Inc.](https://www.arctiq.ca)
-1. [Artemis Health by Nomi Health](https://www.artemishealth.com/)
-1. [Arturia](https://www.arturia.com)
-1. [ARZ Allgemeines Rechenzentrum GmbH](https://www.arz.at/)
-1. [Augury](https://www.augury.com/)
-1. [Autodesk](https://www.autodesk.com)
-1. [Axians ACSP](https://www.axians.fr)
-1. [Axual B.V.](https://axual.com)
-1. [Back Market](https://www.backmarket.com)
-1. [Bajaj Finserv Health Ltd.](https://www.bajajfinservhealth.in)
+1. [ARZ Allgemeines Rechenzentrum GmbH ](https://www.arz.at/)
 1. [Baloise](https://www.baloise.com)
 1. [BCDevExchange DevOps Platform](https://bcdevexchange.org/DevOpsPlatform)
 1. [Beat](https://thebeat.co/en/)
 1. [Beez Innovation Labs](https://www.beezlabs.com/)
-1. [Bedag Informatik AG](https://www.bedag.ch/)
-1. [Beleza Na Web](https://www.belezanaweb.com.br/)
-1. [Believable Bots](https://believablebots.io)
-1. [Bayer AG](https://bayer.com)
-1. [BigPanda](https://bigpanda.io)
 1. [BioBox Analytics](https://biobox.io)
-1. [BMW Group](https://www.bmwgroup.com/)
-1. [Boozt](https://www.booztgroup.com/)
-1. [Bosch](https://www.bosch.com/)
-1. [Boticario](https://www.boticario.com.br/)
-1. [Broker Consulting, a.s.](https://www.bcas.cz/en/)
-1. [Bulder Bank](https://bulderbank.no)
-1. [Cabify](https://cabify.com/en)
-1. [CAM](https://cam-inc.co.jp)
 1. [Camptocamp](https://camptocamp.com)
-1. [Candis](https://www.candis.io)
-1. [Capital One](https://www.capitalone.com)
-1. [CARFAX Europe](https://www.carfax.eu)
 1. [CARFAX](https://www.carfax.com)
-1. [Carrefour Group](https://www.carrefour.com)
-1. [Casavo](https://casavo.com)
 1. [Celonis](https://www.celonis.com/)
-1. [CERN](https://home.cern/)
-1. [Chainnodes](https://chainnodes.org)
-1. [Chargetrip](https://chargetrip.com)
-1. [Chime](https://www.chime.com)
-1. [Chronicle Labs](https://chroniclelabs.org)
-1. [Cisco ET&I](https://eti.cisco.com/)
-1. [Cloud Posse](https://www.cloudposse.com/)
-1. [Cloud Scale](https://cloudscaleinc.com/)
-1. [CloudScript](https://www.cloudscript.com.br/)
-1. [CloudGeometry](https://www.cloudgeometry.io/)
-1. [Cloudmate](https://cloudmt.co.kr/)
-1. [Cloudogu](https://cloudogu.com/)
-1. [Cobalt](https://www.cobalt.io/)
 1. [Codefresh](https://www.codefresh.io/)
 1. [Codility](https://www.codility.com/)
-1. [Cognizant](https://www.cognizant.com/)
 1. [Commonbond](https://commonbond.co/)
-1. [Compatio.AI](https://compatio.ai/)
-1. [Contlo](https://contlo.com/)
-1. [Coralogix](https://coralogix.com/)
-1. [Crédit Agricole CIB](https://www.ca-cib.com)
 1. [CROZ d.o.o.](https://croz.net/)
 1. [CyberAgent](https://www.cyberagent.co.jp/en/)
 1. [Cybozu](https://cybozu-global.com)
 1. [D2iQ](https://www.d2iq.com)
-1. [DaoCloud](https://daocloud.io/)
-1. [Datarisk](https://www.datarisk.io/)
-1. [Daydream](https://daydream.ing)
-1. [Deloitte](https://www.deloitte.com/)
-1. [Deutsche Telekom AG](https://telekom.com)
-1. [Deutsche Bank AG](https://www.deutsche-bank.de/)
-1. [Devopsi - Poland Software/DevOps Consulting](https://devopsi.pl/)
 1. [Devtron Labs](https://github.com/devtron-labs/devtron)
-1. [DigitalEd](https://www.digitaled.com)
-1. [DigitalOcean](https://www.digitalocean.com)
-1. [Divar](https://divar.ir)
-1. [Divistant](https://divistant.com)
-1. [Dott](https://ridedott.com)
-1. [Doubble](https://www.doubble.app)
-1. [Doximity](https://www.doximity.com/)
 1. [EDF Renewables](https://www.edf-re.com/)
 1. [edX](https://edx.org)
-1. [Elastic](https://elastic.co/)
-1. [Electronic Arts Inc.](https://www.ea.com)
-1. [Elementor](https://elementor.com/)
+1. [Electronic Arts Inc. ](https://www.ea.com)
 1. [Elium](https://www.elium.com)
 1. [END.](https://www.endclothing.com/)
 1. [Energisme](https://energisme.com/)
-1. [enigmo](https://enigmo.co.jp/)
-1. [Envoy](https://envoy.com/)
-1. [eSave](https://esave.es/)
-1. [Factorial](https://factorialhr.com/)
-1. [Farfetch](https://www.farfetch.com)
-1. [Faro](https://www.faro.com/)
 1. [Fave](https://myfave.com)
-1. [Flexport](https://www.flexport.com/)
-1. [Flip](https://flip.id)
-1. [Fly Security](https://www.flysecurity.com.br/)
-1. [Fonoa](https://www.fonoa.com/)
-1. [Fortra](https://www.fortra.com)
-1. [freee](https://corp.freee.co.jp/en/company/)
-1. [Freshop, Inc](https://www.freshop.com/)
 1. [Future PLC](https://www.futureplc.com/)
-1. [Flagler Health](https://www.flaglerhealth.io/)
-1. [G DATA CyberDefense AG](https://www.gdata-software.com/)
-1. [G-Research](https://www.gresearch.com/teams/open-source-software/)
 1. [Garner](https://www.garnercorp.com)
-1. [Generali Deutschland AG](https://www.generali.de/)
-1. [Gepardec](https://gepardec.com/)
-1. [Getir](https://getir.com)
-1. [GetYourGuide](https://www.getyourguide.com/)
-1. [Gitpod](https://www.gitpod.io)
-1. [Gllue](https://gllue.com)
-1. [gloat](https://gloat.com/)
-1. [GLOBIS](https://globis.com)
-1. [Glovo](https://www.glovoapp.com)
-1. [GlueOps](https://glueops.dev)
 1. [GMETRI](https://gmetri.com/)
-1. [Gojek](https://www.gojek.io/)
-1. [GoTo Financial](https://gotofinancial.com/)
-1. [GoTo](https://www.goto.com/)
 1. [Greenpass](https://www.greenpass.com.br/)
-1. [Gridfuse](https://gridfuse.com/)
-1. [Groww](https://groww.in)
-1. [Grupo MasMovil](https://grupomasmovil.com/en/)
-1. [Handelsbanken](https://www.handelsbanken.se)
-1. [Hazelcast](https://hazelcast.com/)
 1. [Healy](https://www.healyworld.net)
-1. [Helio](https://helio.exchange)
-1. [hetao101](https://www.hetao101.com/)
-1. [Hetki](https://hetki.ai)
 1. [hipages](https://hipages.com.au/)
-1. [Hiya](https://hiya.com)
 1. [Honestbank](https://honestbank.com)
-1. [Hostinger](https://www.hostinger.com)
-1. [IABAI](https://www.iab.ai)
 1. [IBM](https://www.ibm.com/)
-1. [Ibotta](https://home.ibotta.com)
-1. [Icelandair](https://www.icelandair.com)
-1. [IFS](https://www.ifs.com)
-1. [IITS-Consulting](https://iits-consulting.de)
-1. [IllumiDesk](https://www.illumidesk.com)
-1. [imaware](https://imaware.health)
-1. [Indeed](https://indeed.com)
-1. [Index Exchange](https://www.indexexchange.com/)
-1. [Info Support](https://www.infosupport.com/)
 1. [InsideBoard](https://www.insideboard.com)
-1. [Instruqt](https://www.instruqt.com)
 1. [Intuit](https://www.intuit.com/)
-1. [Jellysmack](https://www.jellysmack.com)
-1. [Joblift](https://joblift.com/)
 1. [JovianX](https://www.jovianx.com/)
-1. [Kaltura](https://corp.kaltura.com/)
-1. [Kandji](https://www.kandji.io/)
-1. [Karrot](https://www.daangn.com/)
-1. [KarrotPay](https://www.daangnpay.com/)
 1. [Kasa](https://kasa.co.kr/)
-1. [Kave Home](https://kavehome.com)
-1. [Keeeb](https://www.keeeb.com/)
-1. [KelkooGroup](https://www.kelkoogroup.com)
 1. [Keptn](https://keptn.sh)
 1. [Kinguin](https://www.kinguin.net/)
 1. [KintoHub](https://www.kintohub.com/)
 1. [KompiTech GmbH](https://www.kompitech.com/)
-1. [Kong Inc.](https://konghq.com/)
-1. [KPMG](https://kpmg.com/uk)
-1. [KubeSphere](https://github.com/kubesphere)
-1. [Kurly](https://www.kurly.com/)
-1. [Kvist](https://kvistsolutions.com)
-1. [Kyriba](https://www.kyriba.com/)
-1. [LeFigaro](https://www.lefigaro.fr/)
-1. [Lely](https://www.lely.com/)
 1. [LexisNexis](https://www.lexisnexis.com/)
-1. [Lian Chu Securities](https://lczq.com)
-1. [Liatrio](https://www.liatrio.com)
-1. [Lightricks](https://www.lightricks.com/)
-1. [Loom](https://www.loom.com/)
-1. [Lucid Motors](https://www.lucidmotors.com/)
+1. [LINE](https://linecorp.com/en/)
 1. [Lytt](https://www.lytt.co/)
-1. [LY Corporation](https://www.lycorp.co.jp/en/)
-1. [Magic Leap](https://www.magicleap.com/)
-1. [Majid Al Futtaim](https://www.majidalfuttaim.com/)
 1. [Major League Baseball](https://mlb.com)
 1. [Mambu](https://www.mambu.com/)
-1. [MariaDB](https://mariadb.com)
-1. [Mattermost](https://www.mattermost.com)
 1. [Max Kelsen](https://www.maxkelsen.com/)
-1. [MeDirect](https://medirect.com.mt/)
-1. [Meican](https://meican.com/)
-1. [Meilleurs Agents](https://www.meilleursagents.com/)
-1. [Mercedes-Benz Tech Innovation](https://www.mercedes-benz-techinnovation.com/)
-1. [Mercedes-Benz.io](https://www.mercedes-benz.io/)
-1. [Metacore Games](https://metacoregames.com/)
-1. [Metanet](http://www.metanet.co.kr/en/)
 1. [MindSpore](https://mindspore.cn)
 1. [Mirantis](https://mirantis.com/)
-1. [Mission Lane](https://missionlane.com)
-1. [mixi Group](https://mixi.co.jp/)
 1. [Moengage](https://www.moengage.com/)
 1. [Money Forward](https://corp.moneyforward.com/en/)
 1. [MOO Print](https://www.moo.com/)
-1. [Mozilla](https://www.mozilla.org)
 1. [MTN Group](https://www.mtn.com/)
-1. [Municipality of The Hague](https://www.denhaag.nl/)
-1. [My Job Glasses](https://myjobglasses.com)
-1. [Natura &Co](https://naturaeco.com/)
-1. [Nethopper](https://nethopper.io)
 1. [New Relic](https://newrelic.com/)
-1. [Nextbasket](https://nextbasket.com)
 1. [Nextdoor](https://nextdoor.com/)
-1. [Next Fit Sistemas](https://nextfit.com.br/)
 1. [Nikkei](https://www.nikkei.co.jp/nikkeiinfo/en/)
-1. [Nitro](https://gonitro.com)
-1. [NYCU, CS IT Center](https://it.cs.nycu.edu.tw)
-1. [Objective](https://www.objective.com.br/)
-1. [OCCMundial](https://occ.com.mx)
 1. [Octadesk](https://octadesk.com)
-1. [Octopus Deploy](https://octopus.com)
-1. [Olfeo](https://www.olfeo.com/)
-1. [omegaUp](https://omegaUp.com)
-1. [Omni](https://omni.se/)
-1. [Oncourse Home Solutions](https://oncoursehome.com/)
-1. [Open Analytics](https://openanalytics.eu)
 1. [openEuler](https://openeuler.org)
 1. [openGauss](https://opengauss.org/)
-1. [OpenGov](https://opengov.com)
 1. [openLooKeng](https://openlookeng.io)
 1. [OpenSaaS Studio](https://opensaas.studio)
 1. [Opensurvey](https://www.opensurvey.co.kr/)
-1. [OpsMx](https://opsmx.io)
-1. [OpsVerse](https://opsverse.io)
 1. [Optoro](https://www.optoro.com/)
 1. [Orbital Insight](https://orbitalinsight.com/)
-1. [Oscar Health Insurance](https://hioscar.com/)
-1. [Outpost24](https://outpost24.com/)
-1. [p3r](https://www.p3r.one/)
-1. [Packlink](https://www.packlink.com/)
-1. [PagerDuty](https://www.pagerduty.com/)
-1. [Pandosearch](https://www.pandosearch.com/en/home)
-1. [Patreon](https://www.patreon.com/)
-1. [PayIt](https://payitgov.com/)
 1. [PayPay](https://paypay.ne.jp/)
-1. [Paystack](https://paystack.com/)
 1. [Peloton Interactive](https://www.onepeloton.com/)
-1. [Percona](https://percona.com/)
-1. [PGS](https://www.pgs.com)
-1. [Pigment](https://www.gopigment.com/)
-1. [Pipedrive](https://www.pipedrive.com/)
 1. [Pipefy](https://www.pipefy.com/)
-1. [Pipekit](https://pipekit.io/)
-1. [Pismo](https://pismo.io/)
-1. [PITS Globale Datenrettungsdienste](https://www.pitsdatenrettung.de/)
-1. [Platform9 Systems](https://platform9.com/)
-1. [Polarpoint.io](https://polarpoint.io)
-1. [Pollinate](https://www.pollinate.global)
-1. [PostFinance](https://github.com/postfinance)
 1. [Preferred Networks](https://preferred.jp/en/)
-1. [Previder BV](https://previder.nl)
-1. [Priceline](https://priceline.com)
-1. [Procore](https://www.procore.com)
-1. [Productboard](https://www.productboard.com/)
 1. [Prudential](https://prudential.com.sg)
-1. [PT Boer Technology (Btech)](https://btech.id/)
 1. [PUBG](https://www.pubg.com)
-1. [Puzzle ITC](https://www.puzzle.ch/)
-1. [Pvotal Technologies](https://pvotal.tech/)
 1. [Qonto](https://qonto.com)
 1. [QuintoAndar](https://quintoandar.com.br)
 1. [Quipper](https://www.quipper.com/)
-1. [RapidAPI](https://www.rapidapi.com/)
-1. [rebuy](https://www.rebuy.de/)
+1. [Recreation.gov](https://www.recreation.gov/)
 1. [Red Hat](https://www.redhat.com/)
-1. [Redpill Linpro](https://www.redpill-linpro.com/)
-1. [Reenigne Cloud](https://reenigne.ca)
-1. [reev.com](https://www.reev.com/)
-1. [Relex Solutions](https://www.relexsolutions.com/)
-1. [RightRev](https://rightrev.com/)
-1. [Rijkswaterstaat](https://www.rijkswaterstaat.nl/en)
-1. [Rise](https://www.risecard.eu/)
 1. [Riskified](https://www.riskified.com/)
 1. [Robotinfra](https://www.robotinfra.com)
-1. [Rocket.Chat](https://rocket.chat)
-1. [Rogo](https://rogodata.com)
-1. [Rubin Observatory](https://www.lsst.org)
 1. [Saildrone](https://www.saildrone.com/)
-1. [Salad Technologies](https://salad.com/)
 1. [Saloodo! GmbH](https://www.saloodo.com)
-1. [Sap Labs](http://sap.com)
-1. [Sauce Labs](https://saucelabs.com/)
-1. [Schneider Electric](https://www.se.com)
-1. [Schwarz IT](https://jobs.schwarz/it-mission)
-1. [SCRM Lidl International Hub](https://scrm.lidl)
-1. [SEEK](https://seek.com.au)
-1. [SEKAI](https://www.sekai.io/)
-1. [Semgrep](https://semgrep.com)
-1. [Shield](https://shield.com)
-1. [SI Analytics](https://si-analytics.ai)
-1. [Sidewalk Entertainment](https://sidewalkplay.com/)
-1. [Skit](https://skit.ai/)
-1. [Skribble](https://skribble.com)
-1. [Skyscanner](https://www.skyscanner.net/)
-1. [Smart Pension](https://www.smartpension.co.uk/)
-1. [Smilee.io](https://smilee.io)
-1. [Smilegate Stove](https://www.onstove.com/)
-1. [Smood.ch](https://www.smood.ch/)
-1. [Snapp](https://snapp.ir/)
-1. [Snyk](https://snyk.io/)
-1. [Softway Medical](https://www.softwaymedical.fr/)
-1. [South China Morning Post (SCMP)](https://www.scmp.com/)
 1. [Speee](https://speee.jp/)
 1. [Spendesk](https://spendesk.com/)
-1. [Splunk](https://splunk.com/)
-1. [Spores Labs](https://spores.app)
-1. [Statsig](https://statsig.com)
-1. [SternumIOT](https://sternumiot.com)
-1. [StreamNative](https://streamnative.io)
-1. [Stuart](https://stuart.com/)
 1. [Sumo Logic](https://sumologic.com/)
-1. [Sutpc](http://www.sutpc.com/)
-1. [Swiss Post](https://github.com/swisspost)
-1. [Swissblock Technologies](https://swissblock.net/)
 1. [Swisscom](https://www.swisscom.ch)
 1. [Swissquote](https://github.com/swissquote)
 1. [Syncier](https://syncier.com/)
-1. [Synergy](https://synergy.net.au)
-1. [Syself](https://syself.com)
-1. [T-ROC Global](https://trocglobal.com/)
 1. [TableCheck](https://tablecheck.com/)
 1. [Tailor Brands](https://www.tailorbrands.com)
-1. [Tamkeen Technologies](https://tamkeentech.sa/)
-1. [TBC Bank](https://tbcbank.ge/)
-1. [Techcombank](https://www.techcombank.com.vn/trang-chu)
-1. [Technacy](https://www.technacy.it/)
-1. [Telavita](https://www.telavita.com.br/)
 1. [Tesla](https://tesla.com/)
-1. [TextNow](https://www.textnow.com/)
-1. [The Scale Factory](https://www.scalefactory.com/)
 1. [ThousandEyes](https://www.thousandeyes.com/)
 1. [Ticketmaster](https://ticketmaster.com)
 1. [Tiger Analytics](https://www.tigeranalytics.com/)
-1. [Tigera](https://www.tigera.io/)
 1. [Toss](https://toss.im/en)
-1. [Trendyol](https://www.trendyol.com/)
 1. [tru.ID](https://tru.id)
-1. [Trusting Social](https://trustingsocial.com/)
-1. [Twilio Segment](https://segment.com/)
 1. [Twilio SendGrid](https://sendgrid.com)
 1. [tZERO](https://www.tzero.com/)
-1. [U.S. Veterans Affairs Department](https://www.va.gov/)
 1. [UBIO](https://ub.io/)
 1. [UFirstGroup](https://www.ufirstgroup.com/en/)
-1. [ungleich.ch](https://ungleich.ch/)
-1. [Unifonic Inc](https://www.unifonic.com/)
 1. [Universidad Mesoamericana](https://www.umes.edu.gt/)
-1. [Upsider Inc.](https://up-sider.com/lp/)
-1. [Urbantz](https://urbantz.com/)
-1. [Vectra](https://www.vectra.ai)
-1. [Veepee](https://www.veepee.com)
-1. [Verkada](https://www.verkada.com)
 1. [Viaduct](https://www.viaduct.ai/)
-1. [VietMoney](https://vietmoney.vn/)
-1. [Vinted](https://vinted.com/)
 1. [Virtuo](https://www.govirtuo.com/)
 1. [VISITS Technologies](https://visits.world/en)
-1. [Viya](https://viya.me)
 1. [Volvo Cars](https://www.volvocars.com/)
-1. [Voyager Digital](https://www.investvoyager.com/)
 1. [VSHN - The DevOps Company](https://vshn.ch/)
-1. [Wakacje.pl](https://www.wakacje.pl/)
 1. [Walkbase](https://www.walkbase.com/)
-1. [Webstores](https://www.webstores.nl)
-1. [Wehkamp](https://www.wehkamp.nl/)
-1. [WeMaintain](https://www.wemaintain.com/)
 1. [WeMo Scooter](https://www.wemoscooter.com/)
 1. [Whitehat Berlin](https://whitehat.berlin) by Guido Maria Serra +Fenaroli
-1. [Witick](https://witick.io/)
-1. [Wolffun Game](https://www.wolffungame.com/)
-1. [WooliesX](https://wooliesx.com.au/)
-1. [Woolworths Group](https://www.woolworthsgroup.com.au/)
-1. [WSpot](https://www.wspot.com.br/)
-1. [X3M ads](https://x3mads.com)
 1. [Yieldlab](https://www.yieldlab.de/)
-1. [Youverify](https://youverify.co/)
-1. [Yubo](https://www.yubo.live/)
-1. [Yuno](https://y.uno/)
-1. [ZDF](https://www.zdf.de/)
-1. [Zimpler](https://www.zimpler.com/)
-1. [ZipRecruiter](https://www.ziprecruiter.com/)
-1. [ZOZO](https://corp.zozo.com/)
+1. [Sap Labs] (http://sap.com)

VERSION

@@ -1 +1 @@
-3.1.12
+1.9.0

applicationset/controllers/clustereventhandler.go

@@ -1,171 +0,0 @@
-package controllers
-
-import (
-	"context"
-	"fmt"
-
-	"sigs.k8s.io/controller-runtime/pkg/reconcile"
-
-	log "github.com/sirupsen/logrus"
-
-	"k8s.io/apimachinery/pkg/types"
-	"k8s.io/client-go/util/workqueue"
-	ctrl "sigs.k8s.io/controller-runtime"
-	"sigs.k8s.io/controller-runtime/pkg/client"
-	"sigs.k8s.io/controller-runtime/pkg/event"
-
-	"github.com/argoproj/argo-cd/v3/applicationset/utils"
-	"github.com/argoproj/argo-cd/v3/common"
-	argoprojiov1alpha1 "github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1"
-)
-
-// clusterSecretEventHandler is used when watching Secrets to check if they are ArgoCD Cluster Secrets, and if so
-// requeue any related ApplicationSets.
-type clusterSecretEventHandler struct {
-	// handler.EnqueueRequestForOwner
-	Log                      log.FieldLogger
-	Client                   client.Client
-	ApplicationSetNamespaces []string
-}
-
-func (h *clusterSecretEventHandler) Create(ctx context.Context, e event.CreateEvent, q workqueue.TypedRateLimitingInterface[reconcile.Request]) {
-	h.queueRelatedAppGenerators(ctx, q, e.Object)
-}
-
-func (h *clusterSecretEventHandler) Update(ctx context.Context, e event.UpdateEvent, q workqueue.TypedRateLimitingInterface[reconcile.Request]) {
-	h.queueRelatedAppGenerators(ctx, q, e.ObjectNew)
-}
-
-func (h *clusterSecretEventHandler) Delete(ctx context.Context, e event.DeleteEvent, q workqueue.TypedRateLimitingInterface[reconcile.Request]) {
-	h.queueRelatedAppGenerators(ctx, q, e.Object)
-}
-
-func (h *clusterSecretEventHandler) Generic(ctx context.Context, e event.GenericEvent, q workqueue.TypedRateLimitingInterface[reconcile.Request]) {
-	h.queueRelatedAppGenerators(ctx, q, e.Object)
-}
-
-// addRateLimitingInterface defines the Add method of workqueue.RateLimitingInterface, allow us to easily mock
-// it for testing purposes.
-type addRateLimitingInterface[T comparable] interface {
-	Add(item T)
-}
-
-func (h *clusterSecretEventHandler) queueRelatedAppGenerators(ctx context.Context, q addRateLimitingInterface[reconcile.Request], object client.Object) {
-	// Check for label, lookup all ApplicationSets that might match the cluster, queue them all
-	if object.GetLabels()[common.LabelKeySecretType] != common.LabelValueSecretTypeCluster {
-		return
-	}
-
-	h.Log.WithFields(log.Fields{
-		"namespace": object.GetNamespace(),
-		"name":      object.GetName(),
-	}).Info("processing event for cluster secret")
-
-	appSetList := &argoprojiov1alpha1.ApplicationSetList{}
-	err := h.Client.List(ctx, appSetList)
-	if err != nil {
-		h.Log.WithError(err).Error("unable to list ApplicationSets")
-		return
-	}
-
-	h.Log.WithField("count", len(appSetList.Items)).Info("listed ApplicationSets")
-	for _, appSet := range appSetList.Items {
-		if !utils.IsNamespaceAllowed(h.ApplicationSetNamespaces, appSet.GetNamespace()) {
-			// Ignore it as not part of the allowed list of namespaces in which to watch Appsets
-			continue
-		}
-		foundClusterGenerator := false
-		for _, generator := range appSet.Spec.Generators {
-			if generator.Clusters != nil {
-				foundClusterGenerator = true
-				break
-			}
-
-			if generator.Matrix != nil {
-				ok, err := nestedGeneratorsHaveClusterGenerator(generator.Matrix.Generators)
-				if err != nil {
-					h.Log.
-						WithFields(log.Fields{
-							"namespace": appSet.GetNamespace(),
-							"name":      appSet.GetName(),
-						}).
-						WithError(err).
-						Error("Unable to check if ApplicationSet matrix generators have cluster generator")
-				}
-				if ok {
-					foundClusterGenerator = true
-					break
-				}
-			}
-
-			if generator.Merge != nil {
-				ok, err := nestedGeneratorsHaveClusterGenerator(generator.Merge.Generators)
-				if err != nil {
-					h.Log.
-						WithFields(log.Fields{
-							"namespace": appSet.GetNamespace(),
-							"name":      appSet.GetName(),
-						}).
-						WithError(err).
-						Error("Unable to check if ApplicationSet merge generators have cluster generator")
-				}
-				if ok {
-					foundClusterGenerator = true
-					break
-				}
-			}
-		}
-		if foundClusterGenerator {
-			// TODO: only queue the AppGenerator if the labels match this cluster
-			req := ctrl.Request{NamespacedName: types.NamespacedName{Namespace: appSet.Namespace, Name: appSet.Name}}
-			q.Add(req)
-		}
-	}
-}
-
-// nestedGeneratorsHaveClusterGenerator iterate over provided nested generators to check if they have a cluster generator.
-func nestedGeneratorsHaveClusterGenerator(generators []argoprojiov1alpha1.ApplicationSetNestedGenerator) (bool, error) {
-	for _, generator := range generators {
-		if ok, err := nestedGeneratorHasClusterGenerator(generator); ok || err != nil {
-			return ok, err
-		}
-	}
-	return false, nil
-}
-
-// nestedGeneratorHasClusterGenerator checks if the provided generator has a cluster generator.
-func nestedGeneratorHasClusterGenerator(nested argoprojiov1alpha1.ApplicationSetNestedGenerator) (bool, error) {
-	if nested.Clusters != nil {
-		return true, nil
-	}
-
-	if nested.Matrix != nil {
-		nestedMatrix, err := argoprojiov1alpha1.ToNestedMatrixGenerator(nested.Matrix)
-		if err != nil {
-			return false, fmt.Errorf("unable to get nested matrix generator: %w", err)
-		}
-		if nestedMatrix != nil {
-			hasClusterGenerator, err := nestedGeneratorsHaveClusterGenerator(nestedMatrix.ToMatrixGenerator().Generators)
-			if err != nil {
-				return false, fmt.Errorf("error evaluating nested matrix generator: %w", err)
-			}
-			return hasClusterGenerator, nil
-		}
-	}
-
-	if nested.Merge != nil {
-		nestedMerge, err := argoprojiov1alpha1.ToNestedMergeGenerator(nested.Merge)
-		if err != nil {
-			return false, fmt.Errorf("unable to get nested merge generator: %w", err)
-		}
-		if nestedMerge != nil {
-			hasClusterGenerator, err := nestedGeneratorsHaveClusterGenerator(nestedMerge.ToMergeGenerator().Generators)
-			if err != nil {
-				return false, fmt.Errorf("error evaluating nested merge generator: %w", err)
-			}
-			return hasClusterGenerator, nil
-		}
-	}
-
-	return false, nil
-}

applicationset/controllers/clustereventhandler_test.go

@@ -1,660 +0,0 @@
-package controllers
-
-import (
-	"testing"
-
-	argocommon "github.com/argoproj/argo-cd/v3/common"
-
-	log "github.com/sirupsen/logrus"
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-	corev1 "k8s.io/api/core/v1"
-	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/apimachinery/pkg/runtime"
-	"k8s.io/apimachinery/pkg/types"
-	ctrl "sigs.k8s.io/controller-runtime"
-	"sigs.k8s.io/controller-runtime/pkg/client/fake"
-	"sigs.k8s.io/controller-runtime/pkg/reconcile"
-
-	argov1alpha1 "github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1"
-)
-
-type mockAddRateLimitingInterface struct {
-	addedItems []reconcile.Request
-}
-
-// Add checks the type, and adds it to the internal list of received additions
-func (obj *mockAddRateLimitingInterface) Add(item reconcile.Request) {
-	obj.addedItems = append(obj.addedItems, item)
-}
-
-func TestClusterEventHandler(t *testing.T) {
-	scheme := runtime.NewScheme()
-	err := argov1alpha1.AddToScheme(scheme)
-	require.NoError(t, err)
-
-	err = argov1alpha1.AddToScheme(scheme)
-	require.NoError(t, err)
-
-	tests := []struct {
-		name             string
-		items            []argov1alpha1.ApplicationSet
-		secret           corev1.Secret
-		expectedRequests []ctrl.Request
-	}{
-		{
-			name:  "no application sets should mean no requests",
-			items: []argov1alpha1.ApplicationSet{},
-			secret: corev1.Secret{
-				ObjectMeta: metav1.ObjectMeta{
-					Namespace: "argocd",
-					Name:      "my-secret",
-					Labels: map[string]string{
-						argocommon.LabelKeySecretType: argocommon.LabelValueSecretTypeCluster,
-					},
-				},
-			},
-			expectedRequests: []reconcile.Request{},
-		},
-		{
-			name: "a cluster generator should produce a request",
-			items: []argov1alpha1.ApplicationSet{
-				{
-					ObjectMeta: metav1.ObjectMeta{
-						Name:      "my-app-set",
-						Namespace: "argocd",
-					},
-					Spec: argov1alpha1.ApplicationSetSpec{
-						Generators: []argov1alpha1.ApplicationSetGenerator{
-							{
-								Clusters: &argov1alpha1.ClusterGenerator{},
-							},
-						},
-					},
-				},
-			},
-			secret: corev1.Secret{
-				ObjectMeta: metav1.ObjectMeta{
-					Namespace: "argocd",
-					Name:      "my-secret",
-					Labels: map[string]string{
-						argocommon.LabelKeySecretType: argocommon.LabelValueSecretTypeCluster,
-					},
-				},
-			},
-			expectedRequests: []reconcile.Request{{
-				NamespacedName: types.NamespacedName{Namespace: "argocd", Name: "my-app-set"},
-			}},
-		},
-		{
-			name: "multiple cluster generators should produce multiple requests",
-			items: []argov1alpha1.ApplicationSet{
-				{
-					ObjectMeta: metav1.ObjectMeta{
-						Name:      "my-app-set",
-						Namespace: "argocd",
-					},
-					Spec: argov1alpha1.ApplicationSetSpec{
-						Generators: []argov1alpha1.ApplicationSetGenerator{
-							{
-								Clusters: &argov1alpha1.ClusterGenerator{},
-							},
-						},
-					},
-				},
-				{
-					ObjectMeta: metav1.ObjectMeta{
-						Name:      "my-app-set2",
-						Namespace: "argocd",
-					},
-					Spec: argov1alpha1.ApplicationSetSpec{
-						Generators: []argov1alpha1.ApplicationSetGenerator{
-							{
-								Clusters: &argov1alpha1.ClusterGenerator{},
-							},
-						},
-					},
-				},
-			},
-			secret: corev1.Secret{
-				ObjectMeta: metav1.ObjectMeta{
-					Namespace: "argocd",
-					Name:      "my-secret",
-					Labels: map[string]string{
-						argocommon.LabelKeySecretType: argocommon.LabelValueSecretTypeCluster,
-					},
-				},
-			},
-			expectedRequests: []reconcile.Request{
-				{NamespacedName: types.NamespacedName{Namespace: "argocd", Name: "my-app-set"}},
-				{NamespacedName: types.NamespacedName{Namespace: "argocd", Name: "my-app-set2"}},
-			},
-		},
-		{
-			name: "non-cluster generator should not match",
-			items: []argov1alpha1.ApplicationSet{
-				{
-					ObjectMeta: metav1.ObjectMeta{
-						Name:      "my-app-set",
-						Namespace: "argocd",
-					},
-					Spec: argov1alpha1.ApplicationSetSpec{
-						Generators: []argov1alpha1.ApplicationSetGenerator{
-							{
-								Clusters: &argov1alpha1.ClusterGenerator{},
-							},
-						},
-					},
-				},
-				{
-					ObjectMeta: metav1.ObjectMeta{
-						Name:      "app-set-non-cluster",
-						Namespace: "argocd",
-					},
-					Spec: argov1alpha1.ApplicationSetSpec{
-						Generators: []argov1alpha1.ApplicationSetGenerator{
-							{
-								List: &argov1alpha1.ListGenerator{},
-							},
-						},
-					},
-				},
-			},
-			secret: corev1.Secret{
-				ObjectMeta: metav1.ObjectMeta{
-					Namespace: "argocd",
-					Name:      "my-secret",
-					Labels: map[string]string{
-						argocommon.LabelKeySecretType: argocommon.LabelValueSecretTypeCluster,
-					},
-				},
-			},
-			expectedRequests: []reconcile.Request{
-				{NamespacedName: types.NamespacedName{Namespace: "argocd", Name: "my-app-set"}},
-			},
-		},
-		{
-			name: "cluster generators in other namespaces should not match",
-			items: []argov1alpha1.ApplicationSet{
-				{
-					ObjectMeta: metav1.ObjectMeta{
-						Name:      "my-app-set",
-						Namespace: "my-namespace-not-allowed",
-					},
-					Spec: argov1alpha1.ApplicationSetSpec{
-						Generators: []argov1alpha1.ApplicationSetGenerator{
-							{
-								Clusters: &argov1alpha1.ClusterGenerator{},
-							},
-						},
-					},
-				},
-			},
-			secret: corev1.Secret{
-				ObjectMeta: metav1.ObjectMeta{
-					Namespace: "argocd",
-					Name:      "my-secret",
-					Labels: map[string]string{
-						argocommon.LabelKeySecretType: argocommon.LabelValueSecretTypeCluster,
-					},
-				},
-			},
-			expectedRequests: []reconcile.Request{},
-		},
-		{
-			name: "non-argo cd secret should not match",
-			items: []argov1alpha1.ApplicationSet{
-				{
-					ObjectMeta: metav1.ObjectMeta{
-						Name:      "my-app-set",
-						Namespace: "another-namespace",
-					},
-					Spec: argov1alpha1.ApplicationSetSpec{
-						Generators: []argov1alpha1.ApplicationSetGenerator{
-							{
-								Clusters: &argov1alpha1.ClusterGenerator{},
-							},
-						},
-					},
-				},
-			},
-			secret: corev1.Secret{
-				ObjectMeta: metav1.ObjectMeta{
-					Namespace: "argocd",
-					Name:      "my-non-argocd-secret",
-				},
-			},
-			expectedRequests: []reconcile.Request{},
-		},
-		{
-			name: "a matrix generator with a cluster generator should produce a request",
-			items: []argov1alpha1.ApplicationSet{
-				{
-					ObjectMeta: metav1.ObjectMeta{
-						Name:      "my-app-set",
-						Namespace: "argocd",
-					},
-					Spec: argov1alpha1.ApplicationSetSpec{
-						Generators: []argov1alpha1.ApplicationSetGenerator{
-							{
-								Matrix: &argov1alpha1.MatrixGenerator{
-									Generators: []argov1alpha1.ApplicationSetNestedGenerator{
-										{
-											Clusters: &argov1alpha1.ClusterGenerator{},
-										},
-									},
-								},
-							},
-						},
-					},
-				},
-			},
-			secret: corev1.Secret{
-				ObjectMeta: metav1.ObjectMeta{
-					Namespace: "argocd",
-					Name:      "my-secret",
-					Labels: map[string]string{
-						argocommon.LabelKeySecretType: argocommon.LabelValueSecretTypeCluster,
-					},
-				},
-			},
-			expectedRequests: []reconcile.Request{{
-				NamespacedName: types.NamespacedName{Namespace: "argocd", Name: "my-app-set"},
-			}},
-		},
-		{
-			name: "a matrix generator with non cluster generator should not match",
-			items: []argov1alpha1.ApplicationSet{
-				{
-					ObjectMeta: metav1.ObjectMeta{
-						Name:      "my-app-set",
-						Namespace: "argocd",
-					},
-					Spec: argov1alpha1.ApplicationSetSpec{
-						Generators: []argov1alpha1.ApplicationSetGenerator{
-							{
-								Matrix: &argov1alpha1.MatrixGenerator{
-									Generators: []argov1alpha1.ApplicationSetNestedGenerator{
-										{
-											List: &argov1alpha1.ListGenerator{},
-										},
-									},
-								},
-							},
-						},
-					},
-				},
-			},
-			secret: corev1.Secret{
-				ObjectMeta: metav1.ObjectMeta{
-					Namespace: "argocd",
-					Name:      "my-secret",
-					Labels: map[string]string{
-						argocommon.LabelKeySecretType: argocommon.LabelValueSecretTypeCluster,
-					},
-				},
-			},
-			expectedRequests: []reconcile.Request{},
-		},
-		{
-			name: "a matrix generator with a nested matrix generator containing a cluster generator should produce a request",
-			items: []argov1alpha1.ApplicationSet{
-				{
-					ObjectMeta: metav1.ObjectMeta{
-						Name:      "my-app-set",
-						Namespace: "argocd",
-					},
-					Spec: argov1alpha1.ApplicationSetSpec{
-						Generators: []argov1alpha1.ApplicationSetGenerator{
-							{
-								Matrix: &argov1alpha1.MatrixGenerator{
-									Generators: []argov1alpha1.ApplicationSetNestedGenerator{
-										{
-											Matrix: &apiextensionsv1.JSON{
-												Raw: []byte(
-													`{
-														"generators": [
-														  {
-															"clusters": {
-															  "selector": {
-																"matchLabels": {
-																  "argocd.argoproj.io/secret-type": "cluster"
-																}
-															  }
-															}
-														  }
-														]
-													  }`,
-												),
-											},
-										},
-									},
-								},
-							},
-						},
-					},
-				},
-			},
-			secret: corev1.Secret{
-				ObjectMeta: metav1.ObjectMeta{
-					Namespace: "argocd",
-					Name:      "my-secret",
-					Labels: map[string]string{
-						argocommon.LabelKeySecretType: argocommon.LabelValueSecretTypeCluster,
-					},
-				},
-			},
-			expectedRequests: []reconcile.Request{{
-				NamespacedName: types.NamespacedName{Namespace: "argocd", Name: "my-app-set"},
-			}},
-		},
-		{
-			name: "a matrix generator with a nested matrix generator containing non cluster generator should not match",
-			items: []argov1alpha1.ApplicationSet{
-				{
-					ObjectMeta: metav1.ObjectMeta{
-						Name:      "my-app-set",
-						Namespace: "argocd",
-					},
-					Spec: argov1alpha1.ApplicationSetSpec{
-						Generators: []argov1alpha1.ApplicationSetGenerator{
-							{
-								Matrix: &argov1alpha1.MatrixGenerator{
-									Generators: []argov1alpha1.ApplicationSetNestedGenerator{
-										{
-											Matrix: &apiextensionsv1.JSON{
-												Raw: []byte(
-													`{
-														"generators": [
-														  {
-															"list": {
-															  "elements": [
-																"a",
-																"b"
-															  ]
-															}
-														  }
-														]
-													  }`,
-												),
-											},
-										},
-									},
-								},
-							},
-						},
-					},
-				},
-			},
-			secret: corev1.Secret{
-				ObjectMeta: metav1.ObjectMeta{
-					Namespace: "argocd",
-					Name:      "my-secret",
-					Labels: map[string]string{
-						argocommon.LabelKeySecretType: argocommon.LabelValueSecretTypeCluster,
-					},
-				},
-			},
-			expectedRequests: []reconcile.Request{},
-		},
-		{
-			name: "a merge generator with a cluster generator should produce a request",
-			items: []argov1alpha1.ApplicationSet{
-				{
-					ObjectMeta: metav1.ObjectMeta{
-						Name:      "my-app-set",
-						Namespace: "argocd",
-					},
-					Spec: argov1alpha1.ApplicationSetSpec{
-						Generators: []argov1alpha1.ApplicationSetGenerator{
-							{
-								Merge: &argov1alpha1.MergeGenerator{
-									Generators: []argov1alpha1.ApplicationSetNestedGenerator{
-										{
-											Clusters: &argov1alpha1.ClusterGenerator{},
-										},
-									},
-								},
-							},
-						},
-					},
-				},
-			},
-			secret: corev1.Secret{
-				ObjectMeta: metav1.ObjectMeta{
-					Namespace: "argocd",
-					Name:      "my-secret",
-					Labels: map[string]string{
-						argocommon.LabelKeySecretType: argocommon.LabelValueSecretTypeCluster,
-					},
-				},
-			},
-			expectedRequests: []reconcile.Request{{
-				NamespacedName: types.NamespacedName{Namespace: "argocd", Name: "my-app-set"},
-			}},
-		},
-		{
-			name: "a matrix generator with non cluster generator should not match",
-			items: []argov1alpha1.ApplicationSet{
-				{
-					ObjectMeta: metav1.ObjectMeta{
-						Name:      "my-app-set",
-						Namespace: "argocd",
-					},
-					Spec: argov1alpha1.ApplicationSetSpec{
-						Generators: []argov1alpha1.ApplicationSetGenerator{
-							{
-								Merge: &argov1alpha1.MergeGenerator{
-									Generators: []argov1alpha1.ApplicationSetNestedGenerator{
-										{
-											List: &argov1alpha1.ListGenerator{},
-										},
-									},
-								},
-							},
-						},
-					},
-				},
-			},
-			secret: corev1.Secret{
-				ObjectMeta: metav1.ObjectMeta{
-					Namespace: "argocd",
-					Name:      "my-secret",
-					Labels: map[string]string{
-						argocommon.LabelKeySecretType: argocommon.LabelValueSecretTypeCluster,
-					},
-				},
-			},
-			expectedRequests: []reconcile.Request{},
-		},
-		{
-			name: "a merge generator with a nested merge generator containing a cluster generator should produce a request",
-			items: []argov1alpha1.ApplicationSet{
-				{
-					ObjectMeta: metav1.ObjectMeta{
-						Name:      "my-app-set",
-						Namespace: "argocd",
-					},
-					Spec: argov1alpha1.ApplicationSetSpec{
-						Generators: []argov1alpha1.ApplicationSetGenerator{
-							{
-								Merge: &argov1alpha1.MergeGenerator{
-									Generators: []argov1alpha1.ApplicationSetNestedGenerator{
-										{
-											Merge: &apiextensionsv1.JSON{
-												Raw: []byte(
-													`{
-														"generators": [
-														  {
-															"clusters": {
-															  "selector": {
-																"matchLabels": {
-																  "argocd.argoproj.io/secret-type": "cluster"
-																}
-															  }
-															}
-														  }
-														]
-													  }`,
-												),
-											},
-										},
-									},
-								},
-							},
-						},
-					},
-				},
-			},
-			secret: corev1.Secret{
-				ObjectMeta: metav1.ObjectMeta{
-					Namespace: "argocd",
-					Name:      "my-secret",
-					Labels: map[string]string{
-						argocommon.LabelKeySecretType: argocommon.LabelValueSecretTypeCluster,
-					},
-				},
-			},
-			expectedRequests: []reconcile.Request{{
-				NamespacedName: types.NamespacedName{Namespace: "argocd", Name: "my-app-set"},
-			}},
-		},
-		{
-			name: "a merge generator with a nested merge generator containing non cluster generator should not match",
-			items: []argov1alpha1.ApplicationSet{
-				{
-					ObjectMeta: metav1.ObjectMeta{
-						Name:      "my-app-set",
-						Namespace: "argocd",
-					},
-					Spec: argov1alpha1.ApplicationSetSpec{
-						Generators: []argov1alpha1.ApplicationSetGenerator{
-							{
-								Merge: &argov1alpha1.MergeGenerator{
-									Generators: []argov1alpha1.ApplicationSetNestedGenerator{
-										{
-											Merge: &apiextensionsv1.JSON{
-												Raw: []byte(
-													`{
-														"generators": [
-														  {
-															"list": {
-															  "elements": [
-																"a",
-																"b"
-															  ]
-															}
-														  }
-														]
-													  }`,
-												),
-											},
-										},
-									},
-								},
-							},
-						},
-					},
-				},
-			},
-			secret: corev1.Secret{
-				ObjectMeta: metav1.ObjectMeta{
-					Namespace: "argocd",
-					Name:      "my-secret",
-					Labels: map[string]string{
-						argocommon.LabelKeySecretType: argocommon.LabelValueSecretTypeCluster,
-					},
-				},
-			},
-			expectedRequests: []reconcile.Request{},
-		},
-	}
-
-	for _, test := range tests {
-		t.Run(test.name, func(t *testing.T) {
-			appSetList := argov1alpha1.ApplicationSetList{
-				Items: test.items,
-			}
-
-			fakeClient := fake.NewClientBuilder().WithScheme(scheme).WithLists(&appSetList).Build()
-
-			handler := &clusterSecretEventHandler{
-				Client:                   fakeClient,
-				Log:                      log.WithField("type", "createSecretEventHandler"),
-				ApplicationSetNamespaces: []string{"argocd"},
-			}
-
-			mockAddRateLimitingInterface := mockAddRateLimitingInterface{}
-
-			handler.queueRelatedAppGenerators(t.Context(), &mockAddRateLimitingInterface, &test.secret)
-
-			assert.ElementsMatch(t, mockAddRateLimitingInterface.addedItems, test.expectedRequests)
-		})
-	}
-}
-
-func TestNestedGeneratorHasClusterGenerator_NestedClusterGenerator(t *testing.T) {
-	nested := argov1alpha1.ApplicationSetNestedGenerator{
-		Clusters: &argov1alpha1.ClusterGenerator{},
-	}
-
-	hasClusterGenerator, err := nestedGeneratorHasClusterGenerator(nested)
-
-	require.NoError(t, err)
-	assert.True(t, hasClusterGenerator)
-}
-
-func TestNestedGeneratorHasClusterGenerator_NestedMergeGenerator(t *testing.T) {
-	nested := argov1alpha1.ApplicationSetNestedGenerator{
-		Merge: &apiextensionsv1.JSON{
-			Raw: []byte(
-				`{
-					"generators": [
-					  {
-						"clusters": {
-						  "selector": {
-							"matchLabels": {
-							  "argocd.argoproj.io/secret-type": "cluster"
-							}
-						  }
-						}
-					  }
-					]
-				  }`,
-			),
-		},
-	}
-
-	hasClusterGenerator, err := nestedGeneratorHasClusterGenerator(nested)
-
-	require.NoError(t, err)
-	assert.True(t, hasClusterGenerator)
-}
-
-func TestNestedGeneratorHasClusterGenerator_NestedMergeGeneratorWithInvalidJSON(t *testing.T) {
-	nested := argov1alpha1.ApplicationSetNestedGenerator{
-		Merge: &apiextensionsv1.JSON{
-			Raw: []byte(
-				`{
-					"generators": [
-					  {
-						"clusters": {
-						  "selector": {
-							"matchLabels": {
-							  "argocd.argoproj.io/secret-type": "cluster"
-							}
-						  }
-						}
-					  }
-					]
-				  `,
-			),
-		},
-	}
-
-	hasClusterGenerator, err := nestedGeneratorHasClusterGenerator(nested)
-
-	require.Error(t, err)
-	assert.False(t, hasClusterGenerator)
-}

applicationset/controllers/requeue_after_test.go

@@ -1,209 +0,0 @@
-package controllers
-
-import (
-	"testing"
-	"time"
-
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-	corev1 "k8s.io/api/core/v1"
-	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
-	"k8s.io/apimachinery/pkg/runtime"
-	"k8s.io/apimachinery/pkg/runtime/schema"
-	dynfake "k8s.io/client-go/dynamic/fake"
-	kubefake "k8s.io/client-go/kubernetes/fake"
-	"k8s.io/client-go/tools/record"
-	"sigs.k8s.io/controller-runtime/pkg/client/fake"
-
-	"github.com/argoproj/argo-cd/v3/applicationset/generators"
-	appsetmetrics "github.com/argoproj/argo-cd/v3/applicationset/metrics"
-	"github.com/argoproj/argo-cd/v3/applicationset/services/mocks"
-	argov1alpha1 "github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1"
-)
-
-func TestRequeueAfter(t *testing.T) {
-	mockServer := &mocks.Repos{}
-	ctx := t.Context()
-	scheme := runtime.NewScheme()
-	err := argov1alpha1.AddToScheme(scheme)
-	require.NoError(t, err)
-	gvrToListKind := map[schema.GroupVersionResource]string{{
-		Group:    "mallard.io",
-		Version:  "v1",
-		Resource: "ducks",
-	}: "DuckList"}
-	appClientset := kubefake.NewSimpleClientset()
-	k8sClient := fake.NewClientBuilder().Build()
-	duckType := &unstructured.Unstructured{
-		Object: map[string]any{
-			"apiVersion": "v2quack",
-			"kind":       "Duck",
-			"metadata": map[string]any{
-				"name":      "mightyduck",
-				"namespace": "namespace",
-				"labels":    map[string]any{"duck": "all-species"},
-			},
-			"status": map[string]any{
-				"decisions": []any{
-					map[string]any{
-						"clusterName": "staging-01",
-					},
-					map[string]any{
-						"clusterName": "production-01",
-					},
-				},
-			},
-		},
-	}
-	fakeDynClient := dynfake.NewSimpleDynamicClientWithCustomListKinds(runtime.NewScheme(), gvrToListKind, duckType)
-	scmConfig := generators.NewSCMConfig("", []string{""}, true, true, nil, true)
-	terminalGenerators := map[string]generators.Generator{
-		"List":                    generators.NewListGenerator(),
-		"Clusters":                generators.NewClusterGenerator(ctx, k8sClient, appClientset, "argocd"),
-		"Git":                     generators.NewGitGenerator(mockServer, "namespace"),
-		"SCMProvider":             generators.NewSCMProviderGenerator(fake.NewClientBuilder().WithObjects(&corev1.Secret{}).Build(), scmConfig),
-		"ClusterDecisionResource": generators.NewDuckTypeGenerator(ctx, fakeDynClient, appClientset, "argocd"),
-		"PullRequest":             generators.NewPullRequestGenerator(k8sClient, scmConfig),
-	}
-
-	nestedGenerators := map[string]generators.Generator{
-		"List":                    terminalGenerators["List"],
-		"Clusters":                terminalGenerators["Clusters"],
-		"Git":                     terminalGenerators["Git"],
-		"SCMProvider":             terminalGenerators["SCMProvider"],
-		"ClusterDecisionResource": terminalGenerators["ClusterDecisionResource"],
-		"PullRequest":             terminalGenerators["PullRequest"],
-		"Matrix":                  generators.NewMatrixGenerator(terminalGenerators),
-		"Merge":                   generators.NewMergeGenerator(terminalGenerators),
-	}
-
-	topLevelGenerators := map[string]generators.Generator{
-		"List":                    terminalGenerators["List"],
-		"Clusters":                terminalGenerators["Clusters"],
-		"Git":                     terminalGenerators["Git"],
-		"SCMProvider":             terminalGenerators["SCMProvider"],
-		"ClusterDecisionResource": terminalGenerators["ClusterDecisionResource"],
-		"PullRequest":             terminalGenerators["PullRequest"],
-		"Matrix":                  generators.NewMatrixGenerator(nestedGenerators),
-		"Merge":                   generators.NewMergeGenerator(nestedGenerators),
-	}
-
-	client := fake.NewClientBuilder().WithScheme(scheme).Build()
-	metrics := appsetmetrics.NewFakeAppsetMetrics()
-	r := ApplicationSetReconciler{
-		Client:     client,
-		Scheme:     scheme,
-		Recorder:   record.NewFakeRecorder(0),
-		Generators: topLevelGenerators,
-		Metrics:    metrics,
-	}
-
-	type args struct {
-		appset               *argov1alpha1.ApplicationSet
-		requeueAfterOverride string
-	}
-	tests := []struct {
-		name    string
-		args    args
-		want    time.Duration
-		wantErr assert.ErrorAssertionFunc
-	}{
-		{name: "Cluster", args: args{
-			appset: &argov1alpha1.ApplicationSet{
-				Spec: argov1alpha1.ApplicationSetSpec{
-					Generators: []argov1alpha1.ApplicationSetGenerator{{Clusters: &argov1alpha1.ClusterGenerator{}}},
-				},
-			}, requeueAfterOverride: "",
-		}, want: generators.NoRequeueAfter, wantErr: assert.NoError},
-		{name: "ClusterMergeNested", args: args{&argov1alpha1.ApplicationSet{
-			Spec: argov1alpha1.ApplicationSetSpec{
-				Generators: []argov1alpha1.ApplicationSetGenerator{
-					{Clusters: &argov1alpha1.ClusterGenerator{}},
-					{Merge: &argov1alpha1.MergeGenerator{
-						Generators: []argov1alpha1.ApplicationSetNestedGenerator{
-							{
-								Clusters: &argov1alpha1.ClusterGenerator{},
-								Git:      &argov1alpha1.GitGenerator{},
-							},
-						},
-					}},
-				},
-			},
-		}, ""}, want: generators.DefaultRequeueAfter, wantErr: assert.NoError},
-		{name: "ClusterMatrixNested", args: args{&argov1alpha1.ApplicationSet{
-			Spec: argov1alpha1.ApplicationSetSpec{
-				Generators: []argov1alpha1.ApplicationSetGenerator{
-					{Clusters: &argov1alpha1.ClusterGenerator{}},
-					{Matrix: &argov1alpha1.MatrixGenerator{
-						Generators: []argov1alpha1.ApplicationSetNestedGenerator{
-							{
-								Clusters: &argov1alpha1.ClusterGenerator{},
-								Git:      &argov1alpha1.GitGenerator{},
-							},
-						},
-					}},
-				},
-			},
-		}, ""}, want: generators.DefaultRequeueAfter, wantErr: assert.NoError},
-		{name: "ListGenerator", args: args{appset: &argov1alpha1.ApplicationSet{
-			Spec: argov1alpha1.ApplicationSetSpec{
-				Generators: []argov1alpha1.ApplicationSetGenerator{{List: &argov1alpha1.ListGenerator{}}},
-			},
-		}}, want: generators.NoRequeueAfter, wantErr: assert.NoError},
-		{name: "DuckGenerator", args: args{appset: &argov1alpha1.ApplicationSet{
-			Spec: argov1alpha1.ApplicationSetSpec{
-				Generators: []argov1alpha1.ApplicationSetGenerator{{ClusterDecisionResource: &argov1alpha1.DuckTypeGenerator{}}},
-			},
-		}}, want: generators.DefaultRequeueAfter, wantErr: assert.NoError},
-		{name: "OverrideRequeueDuck", args: args{
-			appset: &argov1alpha1.ApplicationSet{
-				Spec: argov1alpha1.ApplicationSetSpec{
-					Generators: []argov1alpha1.ApplicationSetGenerator{{ClusterDecisionResource: &argov1alpha1.DuckTypeGenerator{}}},
-				},
-			}, requeueAfterOverride: "1h",
-		}, want: 1 * time.Hour, wantErr: assert.NoError},
-		{name: "OverrideRequeueGit", args: args{&argov1alpha1.ApplicationSet{
-			Spec: argov1alpha1.ApplicationSetSpec{
-				Generators: []argov1alpha1.ApplicationSetGenerator{
-					{Git: &argov1alpha1.GitGenerator{}},
-				},
-			},
-		}, "1h"}, want: 1 * time.Hour, wantErr: assert.NoError},
-		{name: "OverrideRequeueMatrix", args: args{&argov1alpha1.ApplicationSet{
-			Spec: argov1alpha1.ApplicationSetSpec{
-				Generators: []argov1alpha1.ApplicationSetGenerator{
-					{Clusters: &argov1alpha1.ClusterGenerator{}},
-					{Merge: &argov1alpha1.MergeGenerator{
-						Generators: []argov1alpha1.ApplicationSetNestedGenerator{
-							{
-								Clusters: &argov1alpha1.ClusterGenerator{},
-								Git:      &argov1alpha1.GitGenerator{},
-							},
-						},
-					}},
-				},
-			},
-		}, "5m"}, want: 5 * time.Minute, wantErr: assert.NoError},
-		{name: "OverrideRequeueMerge", args: args{&argov1alpha1.ApplicationSet{
-			Spec: argov1alpha1.ApplicationSetSpec{
-				Generators: []argov1alpha1.ApplicationSetGenerator{
-					{Clusters: &argov1alpha1.ClusterGenerator{}},
-					{Merge: &argov1alpha1.MergeGenerator{
-						Generators: []argov1alpha1.ApplicationSetNestedGenerator{
-							{
-								Clusters: &argov1alpha1.ClusterGenerator{},
-								Git:      &argov1alpha1.GitGenerator{},
-							},
-						},
-					}},
-				},
-			},
-		}, "12s"}, want: 12 * time.Second, wantErr: assert.NoError},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			t.Setenv("ARGOCD_APPLICATIONSET_CONTROLLER_REQUEUE_AFTER", tt.args.requeueAfterOverride)
-			assert.Equalf(t, tt.want, r.getMinRequeueAfter(tt.args.appset), "getMinRequeueAfter(%v)", tt.args.appset)
-		})
-	}
-}

applicationset/controllers/template/patch.go

@@ -1,43 +0,0 @@
-package template
-
-import (
-	"encoding/json"
-	"fmt"
-
-	"k8s.io/apimachinery/pkg/util/strategicpatch"
-
-	"github.com/argoproj/argo-cd/v3/applicationset/utils"
-	appv1 "github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1"
-)
-
-func applyTemplatePatch(app *appv1.Application, templatePatch string) (*appv1.Application, error) {
-	appString, err := json.Marshal(app)
-	if err != nil {
-		return nil, fmt.Errorf("error while marhsalling Application %w", err)
-	}
-
-	convertedTemplatePatch, err := utils.ConvertYAMLToJSON(templatePatch)
-	if err != nil {
-		return nil, fmt.Errorf("error while converting template to json %q: %w", convertedTemplatePatch, err)
-	}
-
-	if err := json.Unmarshal([]byte(convertedTemplatePatch), &appv1.Application{}); err != nil {
-		return nil, fmt.Errorf("invalid templatePatch %q: %w", convertedTemplatePatch, err)
-	}
-
-	data, err := strategicpatch.StrategicMergePatch(appString, []byte(convertedTemplatePatch), appv1.Application{})
-	if err != nil {
-		return nil, fmt.Errorf("error while applying templatePatch template to json %q: %w", convertedTemplatePatch, err)
-	}
-
-	finalApp := appv1.Application{}
-	err = json.Unmarshal(data, &finalApp)
-	if err != nil {
-		return nil, fmt.Errorf("error while unmarhsalling patched application: %w", err)
-	}
-
-	// Prevent changes to the `project` field. This helps prevent malicious template patches
-	finalApp.Spec.Project = app.Spec.Project
-
-	return &finalApp, nil
-}

applicationset/controllers/template/patch_test.go

@@ -1,249 +0,0 @@
-package template
-
-import (
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-
-	appv1 "github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1"
-)
-
-func Test_ApplyTemplatePatch(t *testing.T) {
-	testCases := []struct {
-		name          string
-		appTemplate   *appv1.Application
-		templatePatch string
-		expectedApp   *appv1.Application
-	}{
-		{
-			name: "patch with JSON",
-			appTemplate: &appv1.Application{
-				TypeMeta: metav1.TypeMeta{
-					Kind:       "Application",
-					APIVersion: "argoproj.io/v1alpha1",
-				},
-				ObjectMeta: metav1.ObjectMeta{
-					Name:       "my-cluster-guestbook",
-					Namespace:  "namespace",
-					Finalizers: []string{appv1.ResourcesFinalizerName},
-				},
-				Spec: appv1.ApplicationSpec{
-					Project: "default",
-					Source: &appv1.ApplicationSource{
-						RepoURL:        "https://github.com/argoproj/argocd-example-apps.git",
-						TargetRevision: "HEAD",
-						Path:           "guestbook",
-					},
-					Destination: appv1.ApplicationDestination{
-						Server:    "https://kubernetes.default.svc",
-						Namespace: "guestbook",
-					},
-				},
-			},
-			templatePatch: `{
-				"metadata": {
-					"annotations": {
-						"annotation-some-key": "annotation-some-value"
-					}
-				},
-				"spec": {
-					"source": {
-						"helm": {
-							"valueFiles": [
-								"values.test.yaml",
-								"values.big.yaml"
-							]
-						}
-					},
-					"syncPolicy": {
-						"automated": {
-							"prune": true
-						}
-					}
-				}
-			}`,
-			expectedApp: &appv1.Application{
-				TypeMeta: metav1.TypeMeta{
-					Kind:       "Application",
-					APIVersion: "argoproj.io/v1alpha1",
-				},
-				ObjectMeta: metav1.ObjectMeta{
-					Name:       "my-cluster-guestbook",
-					Namespace:  "namespace",
-					Finalizers: []string{appv1.ResourcesFinalizerName},
-					Annotations: map[string]string{
-						"annotation-some-key": "annotation-some-value",
-					},
-				},
-				Spec: appv1.ApplicationSpec{
-					Project: "default",
-					Source: &appv1.ApplicationSource{
-						RepoURL:        "https://github.com/argoproj/argocd-example-apps.git",
-						TargetRevision: "HEAD",
-						Path:           "guestbook",
-						Helm: &appv1.ApplicationSourceHelm{
-							ValueFiles: []string{
-								"values.test.yaml",
-								"values.big.yaml",
-							},
-						},
-					},
-					Destination: appv1.ApplicationDestination{
-						Server:    "https://kubernetes.default.svc",
-						Namespace: "guestbook",
-					},
-					SyncPolicy: &appv1.SyncPolicy{
-						Automated: &appv1.SyncPolicyAutomated{
-							Prune: true,
-						},
-					},
-				},
-			},
-		},
-		{
-			name: "patch with YAML",
-			appTemplate: &appv1.Application{
-				TypeMeta: metav1.TypeMeta{
-					Kind:       "Application",
-					APIVersion: "argoproj.io/v1alpha1",
-				},
-				ObjectMeta: metav1.ObjectMeta{
-					Name:       "my-cluster-guestbook",
-					Namespace:  "namespace",
-					Finalizers: []string{appv1.ResourcesFinalizerName},
-				},
-				Spec: appv1.ApplicationSpec{
-					Project: "default",
-					Source: &appv1.ApplicationSource{
-						RepoURL:        "https://github.com/argoproj/argocd-example-apps.git",
-						TargetRevision: "HEAD",
-						Path:           "guestbook",
-					},
-					Destination: appv1.ApplicationDestination{
-						Server:    "https://kubernetes.default.svc",
-						Namespace: "guestbook",
-					},
-				},
-			},
-			templatePatch: `
-metadata:
-  annotations:
-    annotation-some-key: annotation-some-value
-spec:
-  source:
-    helm:
-      valueFiles:
-        - values.test.yaml
-        - values.big.yaml
-  syncPolicy:
-    automated:
-      prune: true`,
-			expectedApp: &appv1.Application{
-				TypeMeta: metav1.TypeMeta{
-					Kind:       "Application",
-					APIVersion: "argoproj.io/v1alpha1",
-				},
-				ObjectMeta: metav1.ObjectMeta{
-					Name:       "my-cluster-guestbook",
-					Namespace:  "namespace",
-					Finalizers: []string{appv1.ResourcesFinalizerName},
-					Annotations: map[string]string{
-						"annotation-some-key": "annotation-some-value",
-					},
-				},
-				Spec: appv1.ApplicationSpec{
-					Project: "default",
-					Source: &appv1.ApplicationSource{
-						RepoURL:        "https://github.com/argoproj/argocd-example-apps.git",
-						TargetRevision: "HEAD",
-						Path:           "guestbook",
-						Helm: &appv1.ApplicationSourceHelm{
-							ValueFiles: []string{
-								"values.test.yaml",
-								"values.big.yaml",
-							},
-						},
-					},
-					Destination: appv1.ApplicationDestination{
-						Server:    "https://kubernetes.default.svc",
-						Namespace: "guestbook",
-					},
-					SyncPolicy: &appv1.SyncPolicy{
-						Automated: &appv1.SyncPolicyAutomated{
-							Prune: true,
-						},
-					},
-				},
-			},
-		},
-		{
-			name: "project field isn't overwritten",
-			appTemplate: &appv1.Application{
-				TypeMeta: metav1.TypeMeta{
-					Kind:       "Application",
-					APIVersion: "argoproj.io/v1alpha1",
-				},
-				ObjectMeta: metav1.ObjectMeta{
-					Name:      "my-cluster-guestbook",
-					Namespace: "namespace",
-				},
-				Spec: appv1.ApplicationSpec{
-					Project: "default",
-					Source: &appv1.ApplicationSource{
-						RepoURL:        "https://github.com/argoproj/argocd-example-apps.git",
-						TargetRevision: "HEAD",
-						Path:           "guestbook",
-					},
-					Destination: appv1.ApplicationDestination{
-						Server:    "https://kubernetes.default.svc",
-						Namespace: "guestbook",
-					},
-				},
-			},
-			templatePatch: `
-spec:
-  project: my-project`,
-			expectedApp: &appv1.Application{
-				TypeMeta: metav1.TypeMeta{
-					Kind:       "Application",
-					APIVersion: "argoproj.io/v1alpha1",
-				},
-				ObjectMeta: metav1.ObjectMeta{
-					Name:      "my-cluster-guestbook",
-					Namespace: "namespace",
-				},
-				Spec: appv1.ApplicationSpec{
-					Project: "default",
-					Source: &appv1.ApplicationSource{
-						RepoURL:        "https://github.com/argoproj/argocd-example-apps.git",
-						TargetRevision: "HEAD",
-						Path:           "guestbook",
-					},
-					Destination: appv1.ApplicationDestination{
-						Server:    "https://kubernetes.default.svc",
-						Namespace: "guestbook",
-					},
-				},
-			},
-		},
-	}
-
-	for _, tc := range testCases {
-		tcc := tc
-		t.Run(tcc.name, func(t *testing.T) {
-			result, err := applyTemplatePatch(tcc.appTemplate, tcc.templatePatch)
-			require.NoError(t, err)
-			assert.Equal(t, *tcc.expectedApp, *result)
-		})
-	}
-}
-
-func TestError(t *testing.T) {
-	app := &appv1.Application{}
-
-	result, err := applyTemplatePatch(app, "hello world")
-	require.Error(t, err)
-	require.Nil(t, result)
-}

applicationset/controllers/template/template.go

@@ -1,101 +0,0 @@
-package template
-
-import (
-	"fmt"
-
-	"sigs.k8s.io/controller-runtime/pkg/client"
-
-	log "github.com/sirupsen/logrus"
-
-	"github.com/argoproj/argo-cd/v3/applicationset/generators"
-	"github.com/argoproj/argo-cd/v3/applicationset/utils"
-
-	argov1alpha1 "github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1"
-)
-
-func GenerateApplications(logCtx *log.Entry, applicationSetInfo argov1alpha1.ApplicationSet, g map[string]generators.Generator, renderer utils.Renderer, client client.Client) ([]argov1alpha1.Application, argov1alpha1.ApplicationSetReasonType, error) {
-	var res []argov1alpha1.Application
-
-	var firstError error
-	var applicationSetReason argov1alpha1.ApplicationSetReasonType
-
-	for _, requestedGenerator := range applicationSetInfo.Spec.Generators {
-		t, err := generators.Transform(requestedGenerator, g, applicationSetInfo.Spec.Template, &applicationSetInfo, map[string]any{}, client)
-		if err != nil {
-			logCtx.WithError(err).WithField("generator", requestedGenerator).
-				Error("error generating application from params")
-			if firstError == nil {
-				firstError = err
-				applicationSetReason = argov1alpha1.ApplicationSetReasonApplicationParamsGenerationError
-			}
-			continue
-		}
-
-		for _, a := range t {
-			tmplApplication := GetTempApplication(a.Template)
-
-			for _, p := range a.Params {
-				app, err := renderer.RenderTemplateParams(tmplApplication, applicationSetInfo.Spec.SyncPolicy, p, applicationSetInfo.Spec.GoTemplate, applicationSetInfo.Spec.GoTemplateOptions)
-				if err != nil {
-					logCtx.WithError(err).WithField("params", a.Params).WithField("generator", requestedGenerator).
-						Error("error generating application from params")
-
-					if firstError == nil {
-						firstError = err
-						applicationSetReason = argov1alpha1.ApplicationSetReasonRenderTemplateParamsError
-					}
-					continue
-				}
-
-				if applicationSetInfo.Spec.TemplatePatch != nil {
-					patchedApplication, err := renderTemplatePatch(renderer, app, applicationSetInfo, p)
-					if err != nil {
-						log.WithError(err).WithField("params", a.Params).WithField("generator", requestedGenerator).
-							Error("error generating application from params")
-
-						if firstError == nil {
-							firstError = err
-							applicationSetReason = argov1alpha1.ApplicationSetReasonRenderTemplateParamsError
-						}
-						continue
-					}
-
-					app = patchedApplication
-				}
-
-				// The app's namespace must be the same as the AppSet's namespace to preserve the appsets-in-any-namespace
-				// security boundary.
-				app.Namespace = applicationSetInfo.Namespace
-				res = append(res, *app)
-			}
-		}
-		if log.IsLevelEnabled(log.DebugLevel) {
-			logCtx.WithField("generator", requestedGenerator).Debugf("apps from generator: %+v", res)
-		} else {
-			logCtx.Infof("generated %d applications", len(res))
-		}
-	}
-
-	return res, applicationSetReason, firstError
-}
-
-func renderTemplatePatch(r utils.Renderer, app *argov1alpha1.Application, applicationSetInfo argov1alpha1.ApplicationSet, params map[string]any) (*argov1alpha1.Application, error) {
-	replacedTemplate, err := r.Replace(*applicationSetInfo.Spec.TemplatePatch, params, applicationSetInfo.Spec.GoTemplate, applicationSetInfo.Spec.GoTemplateOptions)
-	if err != nil {
-		return nil, fmt.Errorf("error replacing values in templatePatch: %w", err)
-	}
-
-	return applyTemplatePatch(app, replacedTemplate)
-}
-
-func GetTempApplication(applicationSetTemplate argov1alpha1.ApplicationSetTemplate) *argov1alpha1.Application {
-	var tmplApplication argov1alpha1.Application
-	tmplApplication.Annotations = applicationSetTemplate.Annotations
-	tmplApplication.Labels = applicationSetTemplate.Labels
-	tmplApplication.Namespace = applicationSetTemplate.Namespace
-	tmplApplication.Name = applicationSetTemplate.Name
-	tmplApplication.Spec = applicationSetTemplate.Spec
-	tmplApplication.Finalizers = applicationSetTemplate.Finalizers
-
-	return &tmplApplication
-}

applicationset/controllers/template/template_test.go

@@ -1,350 +0,0 @@
-package template
-
-import (
-	"errors"
-	"maps"
-	"testing"
-
-	"github.com/stretchr/testify/mock"
-	"github.com/stretchr/testify/require"
-
-	log "github.com/sirupsen/logrus"
-	"github.com/stretchr/testify/assert"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/apimachinery/pkg/runtime"
-
-	"github.com/argoproj/argo-cd/v3/applicationset/generators"
-	genmock "github.com/argoproj/argo-cd/v3/applicationset/generators/mocks"
-	"github.com/argoproj/argo-cd/v3/applicationset/utils"
-	rendmock "github.com/argoproj/argo-cd/v3/applicationset/utils/mocks"
-	"github.com/argoproj/argo-cd/v3/pkg/apis/application"
-	"github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1"
-)
-
-func TestGenerateApplications(t *testing.T) {
-	scheme := runtime.NewScheme()
-	err := v1alpha1.AddToScheme(scheme)
-	require.NoError(t, err)
-
-	err = v1alpha1.AddToScheme(scheme)
-	require.NoError(t, err)
-
-	for _, c := range []struct {
-		name                string
-		params              []map[string]any
-		template            v1alpha1.ApplicationSetTemplate
-		generateParamsError error
-		rendererError       error
-		expectErr           bool
-		expectedReason      v1alpha1.ApplicationSetReasonType
-	}{
-		{
-			name:   "Generate two applications",
-			params: []map[string]any{{"name": "app1"}, {"name": "app2"}},
-			template: v1alpha1.ApplicationSetTemplate{
-				ApplicationSetTemplateMeta: v1alpha1.ApplicationSetTemplateMeta{
-					Name:      "name",
-					Namespace: "namespace",
-					Labels:    map[string]string{"label_name": "label_value"},
-				},
-				Spec: v1alpha1.ApplicationSpec{},
-			},
-			expectedReason: "",
-		},
-		{
-			name:                "Handles error from the generator",
-			generateParamsError: errors.New("error"),
-			expectErr:           true,
-			expectedReason:      v1alpha1.ApplicationSetReasonApplicationParamsGenerationError,
-		},
-		{
-			name:   "Handles error from the render",
-			params: []map[string]any{{"name": "app1"}, {"name": "app2"}},
-			template: v1alpha1.ApplicationSetTemplate{
-				ApplicationSetTemplateMeta: v1alpha1.ApplicationSetTemplateMeta{
-					Name:      "name",
-					Namespace: "namespace",
-					Labels:    map[string]string{"label_name": "label_value"},
-				},
-				Spec: v1alpha1.ApplicationSpec{},
-			},
-			rendererError:  errors.New("error"),
-			expectErr:      true,
-			expectedReason: v1alpha1.ApplicationSetReasonRenderTemplateParamsError,
-		},
-	} {
-		cc := c
-		app := v1alpha1.Application{
-			ObjectMeta: metav1.ObjectMeta{
-				Name:      "test",
-				Namespace: "namespace",
-			},
-			TypeMeta: metav1.TypeMeta{
-				Kind:       application.ApplicationKind,
-				APIVersion: "argoproj.io/v1alpha1",
-			},
-		}
-
-		t.Run(cc.name, func(t *testing.T) {
-			generatorMock := genmock.Generator{}
-			generator := v1alpha1.ApplicationSetGenerator{
-				List: &v1alpha1.ListGenerator{},
-			}
-
-			generatorMock.On("GenerateParams", &generator, mock.AnythingOfType("*v1alpha1.ApplicationSet"), mock.Anything).
-				Return(cc.params, cc.generateParamsError)
-
-			generatorMock.On("GetTemplate", &generator).
-				Return(&v1alpha1.ApplicationSetTemplate{})
-
-			rendererMock := rendmock.Renderer{}
-
-			var expectedApps []v1alpha1.Application
-
-			if cc.generateParamsError == nil {
-				for _, p := range cc.params {
-					if cc.rendererError != nil {
-						rendererMock.On("RenderTemplateParams", GetTempApplication(cc.template), mock.AnythingOfType("*v1alpha1.ApplicationSetSyncPolicy"), p, false, []string(nil)).
-							Return(nil, cc.rendererError)
-					} else {
-						rendererMock.On("RenderTemplateParams", GetTempApplication(cc.template), mock.AnythingOfType("*v1alpha1.ApplicationSetSyncPolicy"), p, false, []string(nil)).
-							Return(&app, nil)
-						expectedApps = append(expectedApps, app)
-					}
-				}
-			}
-
-			generators := map[string]generators.Generator{
-				"List": &generatorMock,
-			}
-			renderer := &rendererMock
-
-			got, reason, err := GenerateApplications(log.NewEntry(log.StandardLogger()), v1alpha1.ApplicationSet{
-				ObjectMeta: metav1.ObjectMeta{
-					Name:      "name",
-					Namespace: "namespace",
-				},
-				Spec: v1alpha1.ApplicationSetSpec{
-					Generators: []v1alpha1.ApplicationSetGenerator{generator},
-					Template:   cc.template,
-				},
-			},
-				generators,
-				renderer,
-				nil,
-			)
-
-			if cc.expectErr {
-				require.Error(t, err)
-			} else {
-				require.NoError(t, err)
-			}
-			assert.Equal(t, expectedApps, got)
-			assert.Equal(t, cc.expectedReason, reason)
-			generatorMock.AssertNumberOfCalls(t, "GenerateParams", 1)
-
-			if cc.generateParamsError == nil {
-				rendererMock.AssertNumberOfCalls(t, "RenderTemplateParams", len(cc.params))
-			}
-		})
-	}
-}
-
-func TestMergeTemplateApplications(t *testing.T) {
-	for _, c := range []struct {
-		name             string
-		params           []map[string]any
-		template         v1alpha1.ApplicationSetTemplate
-		overrideTemplate v1alpha1.ApplicationSetTemplate
-		expectedMerged   v1alpha1.ApplicationSetTemplate
-		expectedApps     []v1alpha1.Application
-	}{
-		{
-			name:   "Generate app",
-			params: []map[string]any{{"name": "app1"}},
-			template: v1alpha1.ApplicationSetTemplate{
-				ApplicationSetTemplateMeta: v1alpha1.ApplicationSetTemplateMeta{
-					Name:      "name",
-					Namespace: "namespace",
-					Labels:    map[string]string{"label_name": "label_value"},
-				},
-				Spec: v1alpha1.ApplicationSpec{},
-			},
-			overrideTemplate: v1alpha1.ApplicationSetTemplate{
-				ApplicationSetTemplateMeta: v1alpha1.ApplicationSetTemplateMeta{
-					Name:   "test",
-					Labels: map[string]string{"foo": "bar"},
-				},
-				Spec: v1alpha1.ApplicationSpec{},
-			},
-			expectedMerged: v1alpha1.ApplicationSetTemplate{
-				ApplicationSetTemplateMeta: v1alpha1.ApplicationSetTemplateMeta{
-					Name:      "test",
-					Namespace: "namespace",
-					Labels:    map[string]string{"label_name": "label_value", "foo": "bar"},
-				},
-				Spec: v1alpha1.ApplicationSpec{},
-			},
-			expectedApps: []v1alpha1.Application{
-				{
-					ObjectMeta: metav1.ObjectMeta{
-						Name:      "test",
-						Namespace: "test",
-						Labels:    map[string]string{"foo": "bar"},
-					},
-					Spec: v1alpha1.ApplicationSpec{},
-				},
-			},
-		},
-	} {
-		cc := c
-
-		t.Run(cc.name, func(t *testing.T) {
-			generatorMock := genmock.Generator{}
-			generator := v1alpha1.ApplicationSetGenerator{
-				List: &v1alpha1.ListGenerator{},
-			}
-
-			generatorMock.On("GenerateParams", &generator, mock.AnythingOfType("*v1alpha1.ApplicationSet"), mock.Anything).
-				Return(cc.params, nil)
-
-			generatorMock.On("GetTemplate", &generator).
-				Return(&cc.overrideTemplate)
-
-			rendererMock := rendmock.Renderer{}
-
-			rendererMock.On("RenderTemplateParams", GetTempApplication(cc.expectedMerged), mock.AnythingOfType("*v1alpha1.ApplicationSetSyncPolicy"), cc.params[0], false, []string(nil)).
-				Return(&cc.expectedApps[0], nil)
-
-			generators := map[string]generators.Generator{
-				"List": &generatorMock,
-			}
-			renderer := &rendererMock
-
-			got, _, _ := GenerateApplications(log.NewEntry(log.StandardLogger()), v1alpha1.ApplicationSet{
-				ObjectMeta: metav1.ObjectMeta{
-					Name:      "name",
-					Namespace: "namespace",
-				},
-				Spec: v1alpha1.ApplicationSetSpec{
-					Generators: []v1alpha1.ApplicationSetGenerator{generator},
-					Template:   cc.template,
-				},
-			},
-				generators,
-				renderer,
-				nil,
-			)
-
-			assert.Equal(t, cc.expectedApps, got)
-		})
-	}
-}
-
-// Test app generation from a go template application set using a pull request generator
-func TestGenerateAppsUsingPullRequestGenerator(t *testing.T) {
-	for _, cases := range []struct {
-		name        string
-		params      []map[string]any
-		template    v1alpha1.ApplicationSetTemplate
-		expectedApp []v1alpha1.Application
-	}{
-		{
-			name: "Generate an application from a go template application set manifest using a pull request generator",
-			params: []map[string]any{
-				{
-					"number":                                "1",
-					"title":                                 "title1",
-					"branch":                                "branch1",
-					"branch_slug":                           "branchSlug1",
-					"head_sha":                              "089d92cbf9ff857a39e6feccd32798ca700fb958",
-					"head_short_sha":                        "089d92cb",
-					"branch_slugify_default":                "feat/a_really+long_pull_request_name_to_test_argo_slugification_and_branch_name_shortening_feature",
-					"branch_slugify_smarttruncate_disabled": "feat/areallylongpullrequestnametotestargoslugificationandbranchnameshorteningfeature",
-					"branch_slugify_smarttruncate_enabled":  "feat/testwithsmarttruncateenabledramdomlonglistofcharacters",
-					"labels":                                []string{"label1"},
-				},
-			},
-			template: v1alpha1.ApplicationSetTemplate{
-				ApplicationSetTemplateMeta: v1alpha1.ApplicationSetTemplateMeta{
-					Name: "AppSet-{{.branch}}-{{.number}}",
-					Labels: map[string]string{
-						"app1":         "{{index .labels 0}}",
-						"branch-test1": "AppSet-{{.branch_slugify_default | slugify }}",
-						"branch-test2": "AppSet-{{.branch_slugify_smarttruncate_disabled | slugify 49 false }}",
-						"branch-test3": "AppSet-{{.branch_slugify_smarttruncate_enabled | slugify 50 true }}",
-					},
-				},
-				Spec: v1alpha1.ApplicationSpec{
-					Source: &v1alpha1.ApplicationSource{
-						RepoURL:        "https://testurl/testRepo",
-						TargetRevision: "{{.head_short_sha}}",
-					},
-					Destination: v1alpha1.ApplicationDestination{
-						Server:    "https://kubernetes.default.svc",
-						Namespace: "AppSet-{{.branch_slug}}-{{.head_sha}}",
-					},
-				},
-			},
-			expectedApp: []v1alpha1.Application{
-				{
-					ObjectMeta: metav1.ObjectMeta{
-						Name: "AppSet-branch1-1",
-						Labels: map[string]string{
-							"app1":         "label1",
-							"branch-test1": "AppSet-feat-a-really-long-pull-request-name-to-test-argo",
-							"branch-test2": "AppSet-feat-areallylongpullrequestnametotestargoslugific",
-							"branch-test3": "AppSet-feat",
-						},
-					},
-					Spec: v1alpha1.ApplicationSpec{
-						Source: &v1alpha1.ApplicationSource{
-							RepoURL:        "https://testurl/testRepo",
-							TargetRevision: "089d92cb",
-						},
-						Destination: v1alpha1.ApplicationDestination{
-							Server:    "https://kubernetes.default.svc",
-							Namespace: "AppSet-branchSlug1-089d92cbf9ff857a39e6feccd32798ca700fb958",
-						},
-					},
-				},
-			},
-		},
-	} {
-		t.Run(cases.name, func(t *testing.T) {
-			generatorMock := genmock.Generator{}
-			generator := v1alpha1.ApplicationSetGenerator{
-				PullRequest: &v1alpha1.PullRequestGenerator{},
-			}
-
-			generatorMock.On("GenerateParams", &generator, mock.AnythingOfType("*v1alpha1.ApplicationSet"), mock.Anything).
-				Return(cases.params, nil)
-
-			generatorMock.On("GetTemplate", &generator).
-				Return(&cases.template, nil)
-
-			generators := map[string]generators.Generator{
-				"PullRequest": &generatorMock,
-			}
-			renderer := &utils.Render{}
-
-			gotApp, _, _ := GenerateApplications(log.NewEntry(log.StandardLogger()), v1alpha1.ApplicationSet{
-				Spec: v1alpha1.ApplicationSetSpec{
-					GoTemplate: true,
-					Generators: []v1alpha1.ApplicationSetGenerator{{
-						PullRequest: &v1alpha1.PullRequestGenerator{},
-					}},
-					Template: cases.template,
-				},
-			},
-				generators,
-				renderer,
-				nil,
-			)
-			assert.Equal(t, cases.expectedApp[0].Name, gotApp[0].Name)
-			assert.Equal(t, cases.expectedApp[0].Spec.Source.TargetRevision, gotApp[0].Spec.Source.TargetRevision)
-			assert.Equal(t, cases.expectedApp[0].Spec.Destination.Namespace, gotApp[0].Spec.Destination.Namespace)
-			assert.True(t, maps.Equal(cases.expectedApp[0].Labels, gotApp[0].Labels))
-		})
-	}
-}

applicationset/examples/applications-sync-policies/create-only.yaml

@@ -1,35 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: ApplicationSet
-metadata:
-  name: guestbook
-spec:
-  goTemplate: true
-  generators:
-  - list:
-      elements:
-      - cluster: engineering-dev
-        url: https://kubernetes.default.svc
-        foo: bar
-      # Update foo value with foo: bar
-      # Application engineering-prod-guestbook labels will still be baz
-      # Delete this element
-      # Application engineering-prod-guestbook will be kept
-      - cluster: engineering-prod
-        url: https://kubernetes.default.svc
-        foo: baz
-  template:
-    metadata:
-      name: '{{.cluster}}-guestbook'
-      labels:
-        foo: '{{.foo}}'
-    spec:
-      project: default
-      source:
-        repoURL: https://github.com/argoproj/argo-cd.git
-        targetRevision: HEAD
-        path: applicationset/examples/list-generator/guestbook/{{.cluster}}
-      destination:
-        server: '{{.url}}'
-        namespace: guestbook
-  syncPolicy:
-    applicationsSync: create-only

applicationset/examples/applications-sync-policies/create-update.yaml

@@ -1,35 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: ApplicationSet
-metadata:
-  name: guestbook
-spec:
-  goTemplate: true
-  generators:
-  - list:
-      elements:
-      - cluster: engineering-dev
-        url: https://kubernetes.default.svc
-        foo: bar
-      # Update foo value with foo: bar
-      # Application engineering-prod-guestbook labels will change to foo: bar
-      # Delete this element
-      # Application engineering-prod-guestbook will be kept
-      - cluster: engineering-prod
-        url: https://kubernetes.default.svc
-        foo: baz
-  template:
-    metadata:
-      name: '{{.cluster}}-guestbook'
-      labels:
-        foo: '{{.foo}}'
-    spec:
-      project: default
-      source:
-        repoURL: https://github.com/argoproj/argo-cd.git
-        targetRevision: HEAD
-        path: applicationset/examples/list-generator/guestbook/{{.cluster}}
-      destination:
-        server: '{{.url}}'
-        namespace: guestbook
-  syncPolicy:
-    applicationsSync: create-update

applicationset/examples/applications-sync-policies/guestbook/engineering-dev/guestbook-ui-deployment.yaml

@@ -1,20 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: guestbook-ui
-spec:
-  replicas: 1
-  revisionHistoryLimit: 3
-  selector:
-    matchLabels:
-      app: guestbook-ui
-  template:
-    metadata:
-      labels:
-        app: guestbook-ui
-    spec:
-      containers:
-      - image: quay.io/argoprojlabs/argocd-e2e-container:0.2
-        name: guestbook-ui
-        ports:
-        - containerPort: 80

applicationset/examples/applications-sync-policies/guestbook/engineering-dev/guestbook-ui-svc.yaml

@@ -1,10 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: guestbook-ui
-spec:
-  ports:
-  - port: 80
-    targetPort: 80
-  selector:
-    app: guestbook-ui

applicationset/examples/applications-sync-policies/guestbook/engineering-prod/guestbook-ui-deployment.yaml

@@ -1,20 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: guestbook-ui
-spec:
-  replicas: 1
-  revisionHistoryLimit: 3
-  selector:
-    matchLabels:
-      app: guestbook-ui
-  template:
-    metadata:
-      labels:
-        app: guestbook-ui
-    spec:
-      containers:
-      - image: quay.io/argoprojlabs/argocd-e2e-container:0.2
-        name: guestbook-ui
-        ports:
-        - containerPort: 80

applicationset/examples/applications-sync-policies/guestbook/engineering-prod/guestbook-ui-svc.yaml

@@ -1,10 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: guestbook-ui
-spec:
-  ports:
-  - port: 80
-    targetPort: 80
-  selector:
-    app: guestbook-ui

applicationset/examples/cluster/cluster-example-fasttemplate.yaml

@@ -1,19 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: ApplicationSet
-metadata:
-  name: guestbook
-spec:
-  generators:
-  - clusters: {}
-  template:
-    metadata:
-      name: '{{name}}-guestbook'
-    spec:
-      project: "default"
-      source:
-        repoURL: https://github.com/argoproj/argocd-example-apps/
-        targetRevision: HEAD
-        path: guestbook
-      destination:
-        server: '{{server}}'
-        namespace: guestbook

applicationset/examples/cluster/cluster-example.yaml

@@ -1,21 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: ApplicationSet
-metadata:
-  name: guestbook
-spec:
-  goTemplate: true
-  goTemplateOptions: ["missingkey=error"]
-  generators:
-  - clusters: {}
-  template:
-    metadata:
-      name: '{{.name}}-guestbook'
-    spec:
-      project: "default"
-      source:
-        repoURL: https://github.com/argoproj/argocd-example-apps/
-        targetRevision: HEAD
-        path: guestbook
-      destination:
-        server: '{{.server}}'
-        namespace: guestbook

applicationset/examples/clusterDecisionResource/README.md

@@ -1,57 +0,0 @@
-# How the Cluster Decision Resource generator works for clusterDecisionResource
-1. The Cluster Decision Resource generator reads a configurable status format:
-```yaml
-status:
-  clusters:
-  - name: cluster-01
-  - name: cluster-02
-```
-This is a common status format.  Another format that could be read looks like this:
-```yaml
-status:
-  decisions:
-  - clusterName: cluster-01
-    namespace: cluster-01
-  - clusterName: cluster-02
-    namespace: cluster-02
-```
-2. Any resource that has a list of key / value pairs, where the value matches ArgoCD cluster names can be used.
-3. The key / value pairs found in each element of the list will be available to the template. As well, `name` and `server` will still be available to the template.
-4. The Service Account used by the ApplicationSet controller must have access to `Get` the resource you want to retrieve the duck type definition from
-5. A configMap is used to identify the resource to read status of generated ArgoCD clusters from. You can use multiple resources by creating a ConfigMap for each one in the ArgoCD namespace.
-```yaml
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: my-configmap
-data:
-  apiVersion: group.io/v1
-  kind: mykinds
-  statusListKey: clusters
-  matchKey: name
-```
-  * `apiVersion`    - This is the apiVersion of your resource
-  * `kind`          - This is the plural kind of your resource
-  * `statusListKey` - Default is 'clusters', this is the key found in your resource's status that is a list of ArgoCD clusters.
-  * `matchKey`      - Is the key name found in the cluster list, `name` and `clusterName` are the keys in the examples above.
-
-# Applying the example
-1. Connect to a cluster with the ApplicationSet controller running
-2. Edit the Role for the ApplicationSet service account, and grant it permission to `list` the `placementdecisions` resources, from apiGroups `cluster.open-cluster-management.io/v1alpha1`
-```yaml
-- apiGroups:
-  - "cluster.open-cluster-management.io/v1alpha1"
-  resources:
-  - placementdecisions
-  verbs:
-  - list
-```
-3. Apply the following controller and associated ManagedCluster CRD's:
-https://github.com/open-cluster-management/placement
-4. Now apply the PlacementDecision and an ApplicationSet:
-```bash
-kubectl apply -f ./placementdecision.yaml
-kubectl apply -f ./configMap.yaml
-kubectl apply -f ./ducktype-example.yaml
-```
-5. For now this won't do anything until you create a controller that populates the `Status.Decisions` array.

applicationset/examples/clusterDecisionResource/configMap.yaml

@@ -1,11 +0,0 @@
-# To generate a Status.Decisions from this CRD, requires https://github.com/open-cluster-management/multicloud-operators-placementrule be deployed
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: ocm-placement
-data:
-  apiVersion: apps.open-cluster-management.io/v1
-  kind: placementrules
-  statusListKey: decisions
-  matchKey: clusterName

applicationset/examples/clusterDecisionResource/ducktype-example-fasttemplate.yaml

@@ -1,27 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: ApplicationSet
-metadata:
-  name: book-import
-spec:
-  generators:
-    - clusterDecisionResource:
-        configMapRef: ocm-placement
-        name: test-placement
-        requeueAfterSeconds: 30
-  template:
-    metadata:
-      name: '{{clusterName}}-book-import'
-    spec:
-      project: "default"
-      source:
-        repoURL: https://github.com/open-cluster-management/application-samples.git
-        targetRevision: HEAD
-        path: book-import
-      destination:
-        name: '{{clusterName}}'
-        namespace: bookimport
-      syncPolicy:
-        automated:
-          prune: true
-        syncOptions:
-          - CreateNamespace=true

applicationset/examples/clusterDecisionResource/ducktype-example.yaml

@@ -1,29 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: ApplicationSet
-metadata:
-  name: book-import
-spec:
-  goTemplate: true
-  goTemplateOptions: ["missingkey=error"]
-  generators:
-    - clusterDecisionResource:
-        configMapRef: ocm-placement
-        name: test-placement
-        requeueAfterSeconds: 30
-  template:
-    metadata:
-      name: '{{.clusterName}}-book-import'
-    spec:
-      project: "default"
-      source:
-        repoURL: https://github.com/open-cluster-management/application-samples.git
-        targetRevision: HEAD
-        path: book-import
-      destination:
-        name: '{{.clusterName}}'
-        namespace: bookimport
-      syncPolicy:
-        automated:
-          prune: true
-        syncOptions:
-          - CreateNamespace=true

applicationset/examples/clusterDecisionResource/placementdecision.yaml

@@ -1,18 +0,0 @@
----
-apiVersion: apps.open-cluster-management.io/v1
-kind: PlacementRule
-metadata:
-  name: test-placement
-spec:
-  clusterReplicas: 1   # Availability choice, maximum number of clusters to provision at once
-  clusterSelector:
-    matchLabels:
-      'usage': 'development'
-  clusterConditions:
-    - type: ManagedClusterConditionAvailable
-      status: "True"
-# Below is sample output the generator can consume.
-status:
-  decisions:
-  - clusterName: cluster-01
-  - clusterName: cluster-02

applicationset/examples/design-doc/applicationset-fasttemplate.yaml

@@ -1,22 +0,0 @@
-# This is an example of a typical ApplicationSet which uses the cluster generator.
-# An ApplicationSet is comprised with two stanzas:
-#  - spec.generator - producer of a list of values supplied as arguments to an app template
-#  - spec.template - an application template, which has been parameterized
-apiVersion: argoproj.io/v1alpha1
-kind: ApplicationSet
-metadata:
-  name: guestbook
-spec:
-  generators:
-  - clusters: {}
-  template:
-    metadata:
-      name: '{{name}}-guestbook'
-    spec:
-      source:
-        repoURL: https://github.com/infra-team/cluster-deployments.git
-        targetRevision: HEAD
-        chart: guestbook
-      destination:
-        server: '{{server}}'
-        namespace: guestbook

applicationset/examples/design-doc/applicationset.yaml

@@ -1,24 +0,0 @@
-# This is an example of a typical ApplicationSet which uses the cluster generator.
-# An ApplicationSet is comprised with two stanzas:
-#  - spec.generator - producer of a list of values supplied as arguments to an app template
-#  - spec.template - an application template, which has been parameterized
-apiVersion: argoproj.io/v1alpha1
-kind: ApplicationSet
-metadata:
-  name: guestbook
-spec:
-  goTemplate: true
-  goTemplateOptions: ["missingkey=error"]
-  generators:
-  - clusters: {}
-  template:
-    metadata:
-      name: '{{.name}}-guestbook'
-    spec:
-      source:
-        repoURL: https://github.com/infra-team/cluster-deployments.git
-        targetRevision: HEAD
-        chart: guestbook
-      destination:
-        server: '{{.server}}'
-        namespace: guestbook

applicationset/examples/design-doc/clusters.yaml

@@ -1,33 +0,0 @@
-# The cluster generator produces an items list from all clusters registered to Argo CD.
-# It automatically provides the following fields as values to the app template:
-#  - name
-#  - server
-#  - metadata.labels.<key>
-#  - metadata.annotations.<key>
-#  - values.<key>
-apiVersion: argoproj.io/v1alpha1
-kind: ApplicationSet
-metadata:
-  name: guestbook
-spec:
-  generators:
-  - clusters:
-      selector:
-        matchLabels:
-          argocd.argoproj.io/secret-type: cluster
-      values:
-        project: default
-  template:
-    metadata:
-      name: '{{.name}}-guestbook'
-      labels:
-        environment: '{{.metadata.labels.environment}}'
-    spec:
-      project: '{{.values.project}}'
-      source:
-        repoURL: https://github.com/infra-team/cluster-deployments.git
-        targetRevision: HEAD
-        chart: guestbook
-      destination:
-        server: '{{.server}}'
-        namespace: guestbook

applicationset/examples/design-doc/git-directory-discovery-fasttemplate.yaml

@@ -1,44 +0,0 @@
-# This example demonstrates the git directory generator, which produces an items list 
-# based on discovery of directories in a git repo matching a specified pattern.
-# Git generators automatically provide {{path}} and {{path.basename}} as available
-# variables to the app template.
-#
-# Suppose the following git directory structure (note the use of different config tools):
-#
-# cluster-deployments
-# └── add-ons
-#     ├── argo-rollouts
-#     │   ├── all.yaml
-#     │   └── kustomization.yaml
-#     ├── argo-workflows
-#     │   └── install.yaml
-#     ├── grafana
-#     │   ├── Chart.yaml
-#     │   └── values.yaml
-#     └── prometheus-operator
-#         ├── Chart.yaml
-#         └── values.yaml
-#
-# The following ApplicationSet would produce four applications (in different namespaces),
-# using the directory basename as both the namespace and application name. 
-apiVersion: argoproj.io/v1alpha1
-kind: ApplicationSet
-metadata:
-  name: cluster-addons
-spec:
-  generators:
-  - git:
-      repoURL: https://github.com/infra-team/cluster-deployments.git
-      directories:
-      - path: add-ons/*
-  template:
-    metadata:
-      name: '{{path.basename}}'
-    spec:
-      source:
-        repoURL: https://github.com/infra-team/cluster-deployments.git
-        targetRevision: HEAD
-        path: '{{path}}'
-      destination:
-        server: http://kubernetes.default.svc
-        namespace: '{{path.basename}}'

applicationset/examples/design-doc/git-directory-discovery.yaml

@@ -1,46 +0,0 @@
-# This example demonstrates the git directory generator, which produces an items list 
-# based on discovery of directories in a git repo matching a specified pattern.
-# Git generators automatically provide {{path}} and {{path.basename}} as available
-# variables to the app template.
-#
-# Suppose the following git directory structure (note the use of different config tools):
-#
-# cluster-deployments
-# └── add-ons
-#     ├── argo-rollouts
-#     │   ├── all.yaml
-#     │   └── kustomization.yaml
-#     ├── argo-workflows
-#     │   └── install.yaml
-#     ├── grafana
-#     │   ├── Chart.yaml
-#     │   └── values.yaml
-#     └── prometheus-operator
-#         ├── Chart.yaml
-#         └── values.yaml
-#
-# The following ApplicationSet would produce four applications (in different namespaces),
-# using the directory basename as both the namespace and application name. 
-apiVersion: argoproj.io/v1alpha1
-kind: ApplicationSet
-metadata:
-  name: cluster-addons
-spec:
-  goTemplate: true
-  goTemplateOptions: ["missingkey=error"]
-  generators:
-  - git:
-      repoURL: https://github.com/infra-team/cluster-deployments.git
-      directories:
-      - path: add-ons/*
-  template:
-    metadata:
-      name: '{{.path.basename}}'
-    spec:
-      source:
-        repoURL: https://github.com/infra-team/cluster-deployments.git
-        targetRevision: HEAD
-        path: '{{.path.path}}'
-      destination:
-        server: http://kubernetes.default.svc
-        namespace: '{{.path.basename}}'

applicationset/examples/design-doc/git-files-discovery-fasttemplate.yaml

@@ -1,55 +0,0 @@
-# This example demonstrates a git file generator which traverses the directory structure of a git
-# repository to discover items based on a filename convention. For each file discovered, the
-# contents of the discovered files themselves, act as the set of inputs to the app template.
-#
-# Suppose the following git directory structure:
-#
-# cluster-deployments
-# ├── apps
-# │   └── guestbook
-# │       └── install.yaml
-# └── cluster-config
-#     ├── engineering
-#     │   ├── dev
-#     │   │   └── config.json
-#     │   └── prod
-#     │       └── config.json
-#     └── finance
-#         ├── dev
-#         │   └── config.json
-#         └── prod
-#             └── config.json
-#
-# The discovered files (e.g. config.json) files can be any structured data supplied to the
-# generated application. e.g.:
-# {
-#    "aws_account": "123456",
-#    "asset_id": "11223344"
-#    "cluster": {
-#        "owner": "Jesse_Suen@intuit.com",
-#        "name": "engineering-dev",
-#        "address": "http://1.2.3.4"
-#    }
-# }
-#
-apiVersion: argoproj.io/v1alpha1
-kind: ApplicationSet
-metadata:
-  name: guestbook
-spec:
-  generators:
-  - git:
-      repoURL: https://github.com/infra-team/cluster-deployments.git
-      files:
-      - path: "**/config.json"
-  template:
-    metadata:
-      name: '{{cluster.name}}-guestbook'
-    spec:
-      source:
-        repoURL: https://github.com/infra-team/cluster-deployments.git
-        targetRevision: HEAD
-        path: apps/guestbook
-      destination:
-        server: '{{cluster.address}}'
-        namespace: guestbook

applicationset/examples/design-doc/git-files-discovery.yaml

@@ -1,57 +0,0 @@
-# This example demonstrates a git file generator which traverses the directory structure of a git
-# repository to discover items based on a filename convention. For each file discovered, the
-# contents of the discovered files themselves, act as the set of inputs to the app template.
-#
-# Suppose the following git directory structure:
-#
-# cluster-deployments
-# ├── apps
-# │   └── guestbook
-# │       └── install.yaml
-# └── cluster-config
-#     ├── engineering
-#     │   ├── dev
-#     │   │   └── config.json
-#     │   └── prod
-#     │       └── config.json
-#     └── finance
-#         ├── dev
-#         │   └── config.json
-#         └── prod
-#             └── config.json
-#
-# The discovered files (e.g. config.json) files can be any structured data supplied to the
-# generated application. e.g.:
-# {
-#    "aws_account": "123456",
-#    "asset_id": "11223344"
-#    "cluster": {
-#        "owner": "Jesse_Suen@intuit.com",
-#        "name": "engineering-dev",
-#        "address": "http://1.2.3.4"
-#    }
-# }
-#
-apiVersion: argoproj.io/v1alpha1
-kind: ApplicationSet
-metadata:
-  name: guestbook
-spec:
-  goTemplate: true
-  goTemplateOptions: ["missingkey=error"]
-  generators:
-  - git:
-      repoURL: https://github.com/infra-team/cluster-deployments.git
-      files:
-      - path: "**/config.json"
-  template:
-    metadata:
-      name: '{{.cluster.name}}-guestbook'
-    spec:
-      source:
-        repoURL: https://github.com/infra-team/cluster-deployments.git
-        targetRevision: HEAD
-        path: apps/guestbook
-      destination:
-        server: '{{.cluster.address}}'
-        namespace: guestbook

applicationset/examples/design-doc/git-files-literal-fasttemplate.yaml

@@ -1,68 +0,0 @@
-# This example demonstrates a git file generator which produces its items based on one or
-# more files referenced in a git repo. The referenced files would contain a json/yaml list of
-# arbitrary structured objects. Each item of the list would become a set of parameters to a
-# generated application.
-#
-# Suppose the following git directory structure:
-#  
-# cluster-deployments
-# ├── apps
-# │   └── guestbook
-# │       ├── v1.0
-# │       │   └── install.yaml
-# │       └── v2.0
-# │           └── install.yaml
-# └── config
-#     └── clusters.json
-#
-# In this example, the `clusters.json` file is json list of structured data:
-# [
-#     {
-#         "account": "123456",
-#         "asset_id": "11223344",
-#         "cluster": {
-#             "owner": "Jesse_Suen@intuit.com",
-#             "name": "engineering-dev",
-#             "address": "http://1.2.3.4"
-#         },
-#         "appVersions": {
-#             "prometheus-operator": "v0.38",
-#             "guestbook": "v2.0"
-#         }
-#     },
-#     {
-#         "account": "456789",
-#         "asset_id": "55667788",
-#         "cluster": {
-#             "owner": "Alexander_Matyushentsev@intuit.com",
-#             "name": "engineering-prod",
-#             "address": "http://2.4.6.8"
-#         },
-#         "appVersions": {
-#             "prometheus-operator": "v0.38",
-#             "guestbook": "v1.0"
-#         }
-#     }
-# ]
-#
-apiVersion: argoproj.io/v1alpha1
-kind: ApplicationSet
-metadata:
-  name: guestbook
-spec:
-  generators:
-  - git:
-      repoURL: https://github.com/infra-team/cluster-deployments.git
-      files:
-      - path: config/clusters.json
-  template:
-    metadata:
-      name: '{{cluster.name}}-guestbook'
-    spec:
-      source:
-        repoURL: https://github.com/infra-team/cluster-deployments.git
-        targetRevision: HEAD
-        path: apps/guestbook/{{appVersions.guestbook}}
-      destination:
-        server: http://kubernetes.default.svc
-        namespace: guestbook

applicationset/examples/design-doc/git-files-literal.yaml

@@ -1,70 +0,0 @@
-# This example demonstrates a git file generator which produces its items based on one or
-# more files referenced in a git repo. The referenced files would contain a json/yaml list of
-# arbitrary structured objects. Each item of the list would become a set of parameters to a
-# generated application.
-#
-# Suppose the following git directory structure:
-#  
-# cluster-deployments
-# ├── apps
-# │   └── guestbook
-# │       ├── v1.0
-# │       │   └── install.yaml
-# │       └── v2.0
-# │           └── install.yaml
-# └── config
-#     └── clusters.json
-#
-# In this example, the `clusters.json` file is json list of structured data:
-# [
-#     {
-#         "account": "123456",
-#         "asset_id": "11223344",
-#         "cluster": {
-#             "owner": "Jesse_Suen@intuit.com",
-#             "name": "engineering-dev",
-#             "address": "http://1.2.3.4"
-#         },
-#         "appVersions": {
-#             "prometheus-operator": "v0.38",
-#             "guestbook": "v2.0"
-#         }
-#     },
-#     {
-#         "account": "456789",
-#         "asset_id": "55667788",
-#         "cluster": {
-#             "owner": "Alexander_Matyushentsev@intuit.com",
-#             "name": "engineering-prod",
-#             "address": "http://2.4.6.8"
-#         },
-#         "appVersions": {
-#             "prometheus-operator": "v0.38",
-#             "guestbook": "v1.0"
-#         }
-#     }
-# ]
-#
-apiVersion: argoproj.io/v1alpha1
-kind: ApplicationSet
-metadata:
-  name: guestbook
-spec:
-  goTemplate: true
-  goTemplateOptions: ["missingkey=error"]
-  generators:
-  - git:
-      repoURL: https://github.com/infra-team/cluster-deployments.git
-      files:
-      - path: config/clusters.json
-  template:
-    metadata:
-      name: '{{.cluster.name}}-guestbook'
-    spec:
-      source:
-        repoURL: https://github.com/infra-team/cluster-deployments.git
-        targetRevision: HEAD
-        path: apps/guestbook/{{.appVersions.guestbook}}
-      destination:
-        server: http://kubernetes.default.svc
-        namespace: guestbook

applicationset/examples/design-doc/list-fasttemplate.yaml

@@ -1,33 +0,0 @@
-# The list generator specifies a literal list of argument values to the app spec template.
-apiVersion: argoproj.io/v1alpha1
-kind: ApplicationSet
-metadata:
-  name: guestbook
-spec:
-  generators:
-  - list:
-      elements:
-      - cluster: engineering-dev
-        url: https://1.2.3.4
-        values:
-          project: dev
-      - cluster: engineering-prod
-        url: https://2.4.6.8
-        values:
-          project: prod
-      - cluster: finance-preprod
-        url: https://9.8.7.6
-        values:
-          project: preprod
-  template:
-    metadata:
-      name: '{{cluster}}-guestbook'
-    spec:
-      project: '{{values.project}}'
-      source:
-        repoURL: https://github.com/infra-team/cluster-deployments.git
-        targetRevision: HEAD
-        path: guestbook/{{cluster}}
-      destination:
-        server: '{{url}}'
-        namespace: guestbook

applicationset/examples/design-doc/list.yaml

@@ -1,35 +0,0 @@
-# The list generator specifies a literal list of argument values to the app spec template.
-apiVersion: argoproj.io/v1alpha1
-kind: ApplicationSet
-metadata:
-  name: guestbook
-spec:
-  goTemplate: true
-  goTemplateOptions: ["missingkey=error"]
-  generators:
-  - list:
-      elements:
-      - cluster: engineering-dev
-        url: https://1.2.3.4
-        values:
-          project: dev
-      - cluster: engineering-prod
-        url: https://2.4.6.8
-        values:
-          project: prod
-      - cluster: finance-preprod
-        url: https://9.8.7.6
-        values:
-          project: preprod
-  template:
-    metadata:
-      name: '{{.cluster}}-guestbook'
-    spec:
-      project: '{{.values.project}}'
-      source:
-        repoURL: https://github.com/infra-team/cluster-deployments.git
-        targetRevision: HEAD
-        path: guestbook/{{.cluster}}
-      destination:
-        server: '{{.url}}'
-        namespace: guestbook

applicationset/examples/design-doc/proposal/README.md

@@ -1,3 +0,0 @@
-# Proposal Examples
-This directory contains examples that are not yet implemented.
-They are part of the project to indicate future progress, and we are welcome any contribution that will add an implementation

applicationset/examples/design-doc/proposal/filters.yaml

@@ -1,48 +0,0 @@
-# For all generators, filters can be applied to reduce the generated items to a smaller subset.
-# A powerful set of filter expressions are supported using syntax provided by the
-# https://github.com/antonmedv/expr library. Examples expressions are demonstrated below
-apiVersion: argoproj.io/v1alpha1
-kind: ApplicationSet
-metadata:
-  name: guestbook
-spec:
-  generators:
-  # Match all clusters who meet ALL of the following conditions:
-  #  1. name matches the regex `sales-.*`
-  #  2. environment label is either 'staging' or 'prod'
-  - clusters:
-      filters:
-      - expr: '{{name}} matches "sales-.*"'
-      - expr: '{{metadata.labels.environment}} in [staging, prod]'
-      values:
-        version: '2.0.0'
-  # Filter items from `config/clusters.json` in the `cluster-deployments` git repo,
-  # to only those having the `cluster.enabled == true` property. e.g.:
-  # {
-  #    ...
-  #    "cluster": {
-  #        "enabled": true,
-  #        ...
-  #    }
-  # }
-  - git:
-      repoURL: https://github.com/infra-team/cluster-deployments.git
-      files:
-      - path: config/clusters.json
-      filters:
-      - expr: '{{cluster.enabled}} == true'
-  template:
-    metadata:
-      name: '{{name}}-guestbook'
-    spec:
-      source:
-        repoURL: https://github.com/infra-team/cluster-deployments.git
-        targetRevision: "{{values.version}}"
-        chart: guestbook
-        helm:
-          parameters:
-          - name: foo
-            value: "{{metadata.annotations.foo}}"
-      destination:
-        server: '{{server}}'
-        namespace: guestbook

applicationset/examples/design-doc/template-override-fasttemplate.yaml

@@ -1,48 +0,0 @@
-# App templates can also be defined as part of the generator's template stanza. Sometimes it is
-# useful to do this in order to override the spec.template stanza, and when simple string
-# parameterization are insufficient. In the below examples, the generators[].XXX.template is 
-# a partial definition, which overrides/patch the default template.
-apiVersion: argoproj.io/v1alpha1
-kind: ApplicationSet
-metadata:
-  name: guestbook
-spec:
-  generators:
-  - list:
-      elements:
-        - cluster: engineering-dev
-          url: https://1.2.3.4
-      template:
-        metadata: {}
-        spec:
-          project: "project"
-          source:
-            repoURL: https://github.com/infra-team/cluster-deployments.git
-            path: '{{cluster}}-override'
-          destination: {}
-
-  - list:
-      elements:
-        - cluster: engineering-prod
-          url: https://1.2.3.4
-      template:
-        metadata: {}
-        spec:
-          project: "project2"
-          source:
-            repoURL: https://github.com/infra-team/cluster-deployments.git
-            path: '{{cluster}}-override2'
-          destination: {}
-
-  template:
-    metadata:
-      name: '{{cluster}}-guestbook'
-    spec:
-      project: "project"
-      source:
-        repoURL: https://github.com/infra-team/cluster-deployments.git
-        targetRevision: HEAD
-        path: guestbook/{{cluster}}
-      destination:
-        server: '{{url}}'
-        namespace: guestbook

applicationset/examples/design-doc/template-override.yaml

@@ -1,50 +0,0 @@
-# App templates can also be defined as part of the generator's template stanza. Sometimes it is
-# useful to do this in order to override the spec.template stanza, and when simple string
-# parameterization are insufficient. In the below examples, the generators[].XXX.template is 
-# a partial definition, which overrides/patch the default template.
-apiVersion: argoproj.io/v1alpha1
-kind: ApplicationSet
-metadata:
-  name: guestbook
-spec:
-  goTemplate: true
-  goTemplateOptions: ["missingkey=error"]
-  generators:
-  - list:
-      elements:
-        - cluster: engineering-dev
-          url: https://1.2.3.4
-      template:
-        metadata: {}
-        spec:
-          project: "project"
-          source:
-            repoURL: https://github.com/infra-team/cluster-deployments.git
-            path: '{{.cluster}}-override'
-          destination: {}
-
-  - list:
-      elements:
-        - cluster: engineering-prod
-          url: https://1.2.3.4
-      template:
-        metadata: {}
-        spec:
-          project: "project2"
-          source:
-            repoURL: https://github.com/infra-team/cluster-deployments.git
-            path: '{{.cluster}}-override2'
-          destination: {}
-
-  template:
-    metadata:
-      name: '{{.cluster}}-guestbook'
-    spec:
-      project: "project"
-      source:
-        repoURL: https://github.com/infra-team/cluster-deployments.git
-        targetRevision: HEAD
-        path: guestbook/{{.cluster}}
-      destination:
-        server: '{{.url}}'
-        namespace: guestbook

applicationset/examples/git-generator-directory/cluster-addons/argo-workflows/kustomization.yaml

@@ -1,6 +0,0 @@
-#namePrefix: kustomize-
-
-resources:
-- https://github.com/argoproj/argo-workflows/releases/download/v3.4.0/namespace-install.yaml
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization

applicationset/examples/git-generator-directory/cluster-addons/prometheus-operator/Chart.yaml

@@ -1,14 +0,0 @@
-apiVersion: v2
-name: helm-prometheus-operator
-
-type: application
-
-# This is the chart version. This version number should be incremented each time you make changes
-# to the chart and its templates, including the app version.
-# Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.0
-
-# This is the version number of the application being deployed. This version number should be
-# incremented each time you make changes to the application. Versions are not expected to
-# follow Semantic Versioning. They should reflect the version the application is using.
-appVersion: "1.0"

applicationset/examples/git-generator-directory/cluster-addons/prometheus-operator/requirements.yaml

@@ -1,4 +0,0 @@
-dependencies:
-- name: kube-prometheus-stack
-  version: 40.5.0
-  repository: https://prometheus-community.github.io/helm-charts

applicationset/examples/git-generator-directory/cluster-addons/prometheus-operator/values.yaml

@@ -1 +0,0 @@
-# Blank values.yaml

applicationset/examples/git-generator-directory/excludes/cluster-addons/argo-workflows/kustomization.yaml

@@ -1,6 +0,0 @@
-#namePrefix: kustomize-
-
-resources:
-- https://github.com/argoproj/argo-workflows/releases/download/v3.4.0/namespace-install.yaml
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization

applicationset/examples/git-generator-directory/excludes/cluster-addons/exclude-helm-guestbook/Chart.yaml

@@ -1,23 +0,0 @@
-apiVersion: v2
-name: helm-guestbook
-description: A Helm chart for Kubernetes
-
-# A chart can be either an 'application' or a 'library' chart.
-#
-# Application charts are a collection of templates that can be packaged into versioned archives
-# to be deployed.
-#
-# Library charts provide useful utilities or functions for the chart developer. They're included as
-# a dependency of application charts to inject those utilities and functions into the rendering
-# pipeline. Library charts do not define any templates and therefore cannot be deployed.
-type: application
-
-# This is the chart version. This version number should be incremented each time you make changes
-# to the chart and its templates, including the app version.
-# Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.0
-
-# This is the version number of the application being deployed. This version number should be
-# incremented each time you make changes to the application. Versions are not expected to
-# follow Semantic Versioning. They should reflect the version the application is using.
-appVersion: "1.0"

applicationset/examples/git-generator-directory/excludes/cluster-addons/exclude-helm-guestbook/templates/NOTES.txt

@@ -1,19 +0,0 @@
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
-  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ . }}{{ $.Values.ingress.path }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
-  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "helm-guestbook.fullname" . }})
-  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
-  echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
-     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
-           You can watch the status of by running 'kubectl get svc -w {{ template "helm-guestbook.fullname" . }}'
-  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "helm-guestbook.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
-  echo http://$SERVICE_IP:{{ .Values.service.port }}
-{{- else if contains "ClusterIP" .Values.service.type }}
-  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "helm-guestbook.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
-  echo "Visit http://127.0.0.1:8080 to use your application"
-  kubectl port-forward $POD_NAME 8080:80
-{{- end }}

applicationset/examples/git-generator-directory/excludes/cluster-addons/exclude-helm-guestbook/templates/_helpers.tpl

@@ -1,32 +0,0 @@
-{{/* vim: set filetype=mustache: */}}
-{{/*
-Expand the name of the chart.
-*/}}
-{{- define "helm-guestbook.name" -}}
-{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-
-{{/*
-Create a default fully qualified app name.
-We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
-If release name contains chart name it will be used as a full name.
-*/}}
-{{- define "helm-guestbook.fullname" -}}
-{{- if .Values.fullnameOverride -}}
-{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
-{{- else -}}
-{{- $name := default .Chart.Name .Values.nameOverride -}}
-{{- if contains $name .Release.Name -}}
-{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
-{{- else -}}
-{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-{{- end -}}
-{{- end -}}
-
-{{/*
-Create chart name and version as used by the chart label.
-*/}}
-{{- define "helm-guestbook.chart" -}}
-{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
-{{- end -}}

applicationset/examples/git-generator-directory/excludes/cluster-addons/exclude-helm-guestbook/templates/deployment.yaml

@@ -1,52 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: {{ template "helm-guestbook.fullname" . }}
-  labels:
-    app: {{ template "helm-guestbook.name" . }}
-    chart: {{ template "helm-guestbook.chart" . }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-spec:
-  replicas: {{ .Values.replicaCount }}
-  revisionHistoryLimit: 3
-  selector:
-    matchLabels:
-      app: {{ template "helm-guestbook.name" . }}
-      release: {{ .Release.Name }}
-  template:
-    metadata:
-      labels:
-        app: {{ template "helm-guestbook.name" . }}
-        release: {{ .Release.Name }}
-    spec:
-      containers:
-        - name: {{ .Chart.Name }}
-          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
-          imagePullPolicy: {{ .Values.image.pullPolicy }}
-          ports:
-            - name: http
-              containerPort: 80
-              protocol: TCP
-          livenessProbe:
-            httpGet:
-              path: /
-              port: http
-          readinessProbe:
-            httpGet:
-              path: /
-              port: http
-          resources:
-{{ toYaml .Values.resources | indent 12 }}
-    {{- with .Values.nodeSelector }}
-      nodeSelector:
-{{ toYaml . | indent 8 }}
-    {{- end }}
-    {{- with .Values.affinity }}
-      affinity:
-{{ toYaml . | indent 8 }}
-    {{- end }}
-    {{- with .Values.tolerations }}
-      tolerations:
-{{ toYaml . | indent 8 }}
-    {{- end }}

applicationset/examples/git-generator-directory/excludes/cluster-addons/exclude-helm-guestbook/templates/service.yaml

@@ -1,19 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ template "helm-guestbook.fullname" . }}
-  labels:
-    app: {{ template "helm-guestbook.name" . }}
-    chart: {{ template "helm-guestbook.chart" . }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-spec:
-  type: {{ .Values.service.type }}
-  ports:
-    - port: {{ .Values.service.port }}
-      targetPort: http
-      protocol: TCP
-      name: http
-  selector:
-    app: {{ template "helm-guestbook.name" . }}
-    release: {{ .Release.Name }}

applicationset/examples/git-generator-directory/excludes/cluster-addons/exclude-helm-guestbook/values-production.yaml

@@ -1,2 +0,0 @@
-service:
-  type: LoadBalancer

applicationset/examples/git-generator-directory/excludes/cluster-addons/exclude-helm-guestbook/values.yaml

@@ -1,45 +0,0 @@
-# Default values for helm-guestbook.
-# This is a YAML-formatted file.
-# Declare variables to be passed into your templates.
-
-replicaCount: 1
-
-image:
-  repository: quay.io/argoprojlabs/argocd-e2e-container
-  tag: 0.1
-  pullPolicy: IfNotPresent
-
-service:
-  type: ClusterIP
-  port: 80
-
-ingress:
-  enabled: false
-  annotations: {}
-    # kubernetes.io/ingress.class: nginx
-    # kubernetes.io/tls-acme: "true"
-  path: /
-  hosts:
-    - chart-example.local
-  tls: []
-  #  - secretName: chart-example-tls
-  #    hosts:
-  #      - chart-example.local
-
-resources: {}
-  # We usually recommend not to specify default resources and to leave this as a conscious
-  # choice for the user. This also increases chances charts run on environments with little
-  # resources, such as Minikube. If you do want to specify resources, uncomment the following
-  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
-  # limits:
-  #  cpu: 100m
-  #  memory: 128Mi
-  # requests:
-  #  cpu: 100m
-  #  memory: 128Mi
-
-nodeSelector: {}
-
-tolerations: []
-
-affinity: {}

applicationset/examples/git-generator-directory/excludes/cluster-addons/prometheus-operator/Chart.yaml

@@ -1,14 +0,0 @@
-apiVersion: v2
-name: helm-prometheus-operator
-
-type: application
-
-# This is the chart version. This version number should be incremented each time you make changes
-# to the chart and its templates, including the app version.
-# Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.0
-
-# This is the version number of the application being deployed. This version number should be
-# incremented each time you make changes to the application. Versions are not expected to
-# follow Semantic Versioning. They should reflect the version the application is using.
-appVersion: "1.0"

applicationset/examples/git-generator-directory/excludes/cluster-addons/prometheus-operator/requirements.yaml

@@ -1,4 +0,0 @@
-dependencies:
-- name: kube-prometheus-stack
-  version: 40.5.0
-  repository: https://prometheus-community.github.io/helm-charts

applicationset/examples/git-generator-directory/excludes/cluster-addons/prometheus-operator/values.yaml

@@ -1 +0,0 @@
-# Blank values.yaml