feat: move kubectl config setup to init-container

fix: actually wrap the cmp-server and not the repo-server
Merge pull request 'chore(deps): update quay.io/argoproj/argocd docker tag to v3.0.9' (#14 ) from renovate/all-minor-patch into main
2025-06-23 11:16:41 +00:00 · 2025-06-23 10:58:43 +00:00 · 2025-06-22 23:14:24 +00:00 · 2025-06-18 03:06:33 +00:00 · 2025-06-05 16:13:09 +00:00 · 2025-06-05 03:03:38 +00:00
5 changed files with 16 additions and 18 deletions
--- a/.ci/README.md
+++ b/.ci/README.md
@ -14,7 +14,7 @@ include .ci/podman.mk

 Add subtree to your project:
 ```
-git subtree add --prefix .ci https://git.zero-downtime.net/ZeroDownTime/ci-tools-lib.git master --squash
+git subtree add --prefix .ci https://git.zero-downtime.net/ZeroDownTime/ci-tools-lib.git main --squash
 ```


--- a/.ci/ecr_public_lifecycle.py
+++ b/.ci/ecr_public_lifecycle.py
@ -41,7 +41,8 @@ for image in sorted(images, key=lambda d: d['imagePushedAt'], reverse=True):
        _delete = True
        for tag in image["imageTags"]:
            # Look for at least one tag NOT beign a SemVer dev tag
-            if "-" not in tag:
+            # untagged dev builds get tagged as <tag>-g<commit>
+            if "-g" not in tag and "dirty" not in tag:
                _delete = False
        if _delete:
            print("Deleting development image {}".format(image["imageTags"]))
--- a/.ci/podman.mk
+++ b/.ci/podman.mk
@ -8,8 +8,8 @@ SHELL := bash
 .PHONY: all # All targets are accessible for user
 .DEFAULT: help # Running Make will run the help target

-# Parse version from latest git semver tag
-GIT_TAG ?= $(shell git describe --tags --match v*.*.* 2>/dev/null || git rev-parse --short HEAD 2>/dev/null)
+# Parse version from latest git semver tag, use short commit otherwise
+GIT_TAG ?= $(shell git describe --tags --match v*.*.* --dirty 2>/dev/null || git describe --match="" --always --dirty 2>/dev/null)
 GIT_BRANCH ?= $(shell git rev-parse --abbrev-ref HEAD 2>/dev/null)

 TAG ::= $(GIT_TAG)
@ -49,7 +49,7 @@ test:: ## test built artificats

 scan: ## Scan image using trivy
 	echo "Scanning $(IMAGE):$(TAG)-$(_ARCH) using Trivy $(TRIVY_REMOTE)"
-	trivy image $(TRIVY_OPTS) --quiet --no-progress --ignorefile ./.trivyignore.yaml localhost/$(IMAGE):$(TAG)-$(_ARCH)
+	trivy image $(TRIVY_OPTS) --quiet --no-progress localhost/$(IMAGE):$(TAG)-$(_ARCH)

 # first tag and push all actual images
 # create new manifest for each tag and add all available TAG-ARCH before pushing
--- a/19
+++ b/19
@ -1,11 +1,11 @@
-FROM quay.io/argoproj/argocd:v2.14.9
+FROM quay.io/argoproj/argocd:v3.0.9

 # renovate: datasource=github-releases depName=sops packageName=getsops/sops
-ARG SOPS_VERSION=v3.10.1
+ARG SOPS_VERSION=v3.10.2
 # renovate: datasource=github-releases depName=vals packageName=helmfile/vals
-ARG VALS_VERSION=v0.40.1
+ARG VALS_VERSION=v0.41.2
 # renovate: datasource=github-releases depName=helm-secrets packageName=jkroepke/helm-secrets
-ARG HELM_SECRETS_VERSION=v4.6.3
+ARG HELM_SECRETS_VERSION=v4.6.5

 ARG ARGOCD_USER_ID="999"

@ -17,7 +17,7 @@ ENV HELM_SECRETS_BACKEND="vals" \
    HELM_SECRETS_VALUES_ALLOW_ABSOLUTE_PATH=true \
    HELM_SECRETS_VALUES_ALLOW_PATH_TRAVERSAL=false \
    HELM_SECRETS_WRAPPER_ENABLED=true \
-    KUBECONFIG=/tmp/kubectl.config
+    KUBECONFIG=/home/argocd/cmp-server/plugins/kubectl.config

 # Optionally, set default gpg key for sops files
 # ENV HELM_SECRETS_LOAD_GPG_KEYS=/path/to/gpg.key
@ -44,13 +44,10 @@ RUN mkdir -p /home/argocd/.local/share/helm/plugins && \
    | tar -C /home/argocd/.local/share/helm/plugins -xzf- && \
    chown -R root: /home/argocd/.local/share/helm && \
    ln -sf /home/argocd/.local/share/helm/plugins/helm-secrets/scripts/wrapper/helm.sh /usr/local/sbin/helm && \
-    sed -i -e 's/secrets/secrets --evaluate-templates/' /home/argocd/.local/share/helm/plugins/helm-secrets/scripts/wrapper/helm.sh && \
-    rm -f /usr/local/bin/argocd-repo-server
+    sed -i -e 's/secrets/secrets --evaluate-templates/' /home/argocd/.local/share/helm/plugins/helm-secrets/scripts/wrapper/helm.sh

-
-
-# replace argocd-repo-server with wrapper to install kubectl config
-ADD argocd-repo-server-wrapper.sh /usr/local/bin/argocd-repo-server
+# Add tools scripts for the init-container
+ADD create-kubectl-config.sh /usr/local/bin/create-kubectl-config.sh

 # register vals "cmp plugin"
 ADD plugin.yaml /home/argocd/cmp-server/config/plugin.yaml
--- a/argocd-repo-server-wrapper.sh
+++ b/argocd-repo-server-wrapper.sh
@ -1,6 +1,6 @@
 #!/bin/sh

-KUBECONFIG=/tmp/kubectl.config
+KUBECONFIG=/home/argocd/cmp-server/plugins/kubectl.config
 SA_NAME=argo-argocd-repo-server

 CA64=$(cat /run/secrets/kubernetes.io/serviceaccount/ca.crt | base64 -w0)
@ -28,4 +28,4 @@ EOF

 chmod 600 $KUBECONFIG

-ARGOCD_BINARY_NAME=argocd-repo-server /usr/local/bin/argocd $@
+# ARGOCD_BINARY_NAME=argocd-cmp-server /usr/local/bin/argocd $@
Author	SHA1	Message	Date
Stefan Reimer	4b45b05e8e	feat: move kubectl config setup to init-container All checks were successful ZeroDownTime/zdt-argocd/pipeline/head This commit looks good Details ZeroDownTime/zdt-argocd/pipeline/tag This commit looks good Details	2025-06-23 11:16:41 +00:00
Stefan Reimer	73e0319591	fix: actually wrap the cmp-server and not the repo-server All checks were successful ZeroDownTime/zdt-argocd/pipeline/head This commit looks good Details ZeroDownTime/zdt-argocd/pipeline/tag This commit looks good Details	2025-06-23 10:58:43 +00:00
Stefan Reimer	c7101759ea	Merge pull request 'chore(deps): update quay.io/argoproj/argocd docker tag to v3.0.9' (#14 ) from renovate/all-minor-patch into main All checks were successful ZeroDownTime/zdt-argocd/pipeline/head This commit looks good Details Reviewed-on: #14	2025-06-22 23:14:24 +00:00
Renovate Bot	7e3620b760	chore(deps): update quay.io/argoproj/argocd docker tag to v3.0.9 All checks were successful ZeroDownTime/zdt-argocd/pipeline/pr-main This commit looks good Details	2025-06-18 03:06:33 +00:00
Stefan Reimer	5018b7337d	Merge pull request 'chore(deps): update all non-major dependencies' (#13 ) from renovate/all-minor-patch into main All checks were successful ZeroDownTime/zdt-argocd/pipeline/tag This commit looks good Details ZeroDownTime/zdt-argocd/pipeline/head This commit looks good Details Reviewed-on: #13	2025-06-05 16:13:09 +00:00
Renovate Bot	693135bb57	chore(deps): update all non-major dependencies All checks were successful ZeroDownTime/zdt-argocd/pipeline/pr-main This commit looks good Details	2025-06-05 03:03:38 +00:00
Stefan Reimer	6897f3400d	Merge latest ci-tools-lib All checks were successful ZeroDownTime/zdt-argocd/pipeline/head This commit looks good Details	2025-05-23 18:08:21 +00:00
Stefan Reimer	69c4891f01	Squashed '.ci/' changes from 9725c2e..67529a0 67529a0 Fix: revert to std trivyignore file due to new flag handling git-subtree-dir: .ci git-subtree-split: 67529a07cfa28b3324b87f7d56dcaa3673ff987a	2025-05-23 18:08:21 +00:00
Stefan Reimer	e5316bae8c	Merge pull request 'chore(deps): update all non-major dependencies' (#10 ) from renovate/all-minor-patch into main Some checks failed ZeroDownTime/zdt-argocd/pipeline/tag There was a failure building this commit Details ZeroDownTime/zdt-argocd/pipeline/head There was a failure building this commit Details Reviewed-on: #10	2025-05-23 17:16:42 +00:00
Renovate Bot	2007a7d801	chore(deps): update all non-major dependencies Some checks are pending ZeroDownTime/zdt-argocd/pipeline/pr-main Build queued... Details	2025-05-23 17:08:54 +00:00
Stefan Reimer	2204b18d13	Merge pull request 'chore(deps): update quay.io/argoproj/argocd docker tag to v3' (#12 ) from renovate/quay.io-argoproj-argocd-3.x into main Some checks failed ZeroDownTime/zdt-argocd/pipeline/head There was a failure building this commit Details Reviewed-on: #12	2025-05-23 17:05:02 +00:00
Renovate Bot	e7b08920c6	chore(deps): update quay.io/argoproj/argocd docker tag to v3 All checks were successful ZeroDownTime/zdt-argocd/pipeline/pr-main This commit looks good Details	2025-05-22 03:03:55 +00:00
Stefan Reimer	e14f581e0a	Squashed '.ci/' changes from a5cd89d..9725c2e 9725c2e fix: ensure we dont remove rc builds git-subtree-dir: .ci git-subtree-split: 9725c2ef8842467951ec60adb1b45dfeca7618f5	2025-04-17 22:58:54 +00:00
Stefan Reimer	b4434314d0	Merge latest ci-tools-lib All checks were successful ZeroDownTime/zdt-argocd/pipeline/head This commit looks good Details	2025-04-17 22:58:54 +00:00
Stefan Reimer	46ed0290d4	Squashed '.ci/' changes from 3feaf6f..a5cd89d a5cd89d feat: improve tag parsing, ensure dirty is added if needed 15e4d1f ci: make work with main branch git-subtree-dir: .ci git-subtree-split: a5cd89d73157c829eaf12f91a68f73826fbb35e7	2025-04-17 22:49:41 +00:00
Stefan Reimer	ef10a9dfe6	Merge latest ci-tools-lib All checks were successful ZeroDownTime/zdt-argocd/pipeline/head This commit looks good Details	2025-04-17 22:49:41 +00:00
Stefan Reimer	035a221836	Merge pull request 'chore(deps): update all non-major dependencies' (#9 ) from renovate/all-minor-patch into main All checks were successful ZeroDownTime/zdt-argocd/pipeline/head This commit looks good Details Reviewed-on: #9	2025-04-17 22:08:30 +00:00
Renovate Bot	b97a8789bf	chore(deps): update all non-major dependencies All checks were successful ZeroDownTime/zdt-argocd/pipeline/pr-main This commit looks good Details	2025-04-15 03:05:20 +00:00