Skip to content

Commit 058824a

Browse files
committed
fix: remove argocd-update and uses http for sync verification
1 parent 876bac3 commit 058824a

7 files changed

Lines changed: 89 additions & 16 deletions

File tree

argo-cd-apps/base/internal/kargo/appset.yaml

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -13,8 +13,6 @@ spec:
1313
template:
1414
metadata:
1515
name: kargo-{{nameNormalized}}
16-
annotations:
17-
kargo.akuity.io/authorized-stage: kargo-infra-common:ring-1-staging,kargo-infra-common:ring-2-production
1816
spec:
1917
project: default
2018
source:

argo-cd-apps/base/internal/rover-group-sync/appset.yaml

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -12,8 +12,6 @@ spec:
1212
template:
1313
metadata:
1414
name: rover-group-sync
15-
annotations:
16-
kargo.akuity.io/authorized-stage: kargo-infra-common:ring-1-staging,kargo-infra-common:ring-2-production
1715
spec:
1816
project: default
1917
source:

argo-cd-apps/overlays/internal-staging/dummy-deployment.yaml

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -11,8 +11,6 @@ spec:
1111
template:
1212
metadata:
1313
name: dummy-deployment-{{nameNormalized}}
14-
annotations:
15-
kargo.akuity.io/authorized-stage: kargo-infra-common:ring-1-staging
1614
spec:
1715
project: default
1816
source:
Lines changed: 38 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,38 @@
1+
---
2+
apiVersion: v1
3+
kind: ServiceAccount
4+
metadata:
5+
name: argocd-app-reader
6+
---
7+
apiVersion: v1
8+
kind: Secret
9+
metadata:
10+
name: argocd-app-reader-token
11+
annotations:
12+
kubernetes.io/service-account.name: argocd-app-reader
13+
type: kubernetes.io/service-account-token
14+
---
15+
apiVersion: rbac.authorization.k8s.io/v1
16+
kind: ClusterRole
17+
metadata:
18+
name: kargo-infra-common-argocd-app-reader
19+
rules:
20+
- apiGroups:
21+
- argoproj.io
22+
resources:
23+
- applications
24+
verbs:
25+
- get
26+
---
27+
apiVersion: rbac.authorization.k8s.io/v1
28+
kind: ClusterRoleBinding
29+
metadata:
30+
name: kargo-infra-common-argocd-app-reader
31+
roleRef:
32+
apiGroup: rbac.authorization.k8s.io
33+
kind: ClusterRole
34+
name: kargo-infra-common-argocd-app-reader
35+
subjects:
36+
- kind: ServiceAccount
37+
name: argocd-app-reader
38+
namespace: kargo-infra-common

components/kargo/internal-production/projects/kargo-infra-common/base/rbac/kustomization.yaml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3,3 +3,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
33
kind: Kustomization
44
resources:
55
- rbac.yaml
6+
- argocd-app-reader.yaml

components/kargo/internal-production/projects/kargo-infra-common/base/stage-ring-1-staging.yaml

Lines changed: 25 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -106,13 +106,33 @@ spec:
106106
repoURL: ${{ vars.repoURL }}
107107
prNumber: ${{ outputs['open-pr'].pr.id }}
108108
wait: true
109-
- uses: argocd-update
109+
# Workaround for argocd-wait race condition (https://github.com/akuity/kargo/issues/6357)
110+
# Queries the K8s API directly to verify ArgoCD has synced the merged commit
111+
# before checking health, preventing premature success from a stale revision.
112+
- uses: http
110113
if: ${{ status('open-pr') != 'Errored' }}
111-
as: argocd-update
114+
as: wait-for-revision
115+
retry:
116+
timeout: 15m
117+
config:
118+
method: GET
119+
url: https://kubernetes.default.svc/apis/argoproj.io/v1alpha1/namespaces/argocd-local/applications/${{ vars.component }}-in-cluster
120+
headers:
121+
- name: Authorization
122+
value: Bearer ${{ secret('argocd-app-reader-token').token }}
123+
insecureSkipTLSVerify: true
124+
successExpression: |
125+
response.status == 200 &&
126+
response.body?.status?.sync?.status == 'Synced' &&
127+
response.body?.status?.sync?.revision == '${{ outputs['merge-pr'].commit }}'
128+
failureExpression: |
129+
response.body?.status?.health?.status == 'Degraded' ||
130+
response.body?.status?.operationState?.phase in ['Failed', 'Error']
131+
timeout: 60s
132+
- uses: argocd-wait
133+
if: ${{ status('open-pr') != 'Errored' }}
134+
as: argocd-wait
112135
config:
113136
apps:
114137
- name: ${{ vars.component }}-in-cluster
115138
namespace: argocd-local
116-
sources:
117-
- repoURL: ${{ vars.repoURL }}
118-
desiredRevision: ${{ outputs['merge-pr'].commit }}

components/kargo/internal-production/projects/kargo-infra-common/base/stage-ring-2-production.yaml

Lines changed: 25 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -95,13 +95,33 @@ spec:
9595
config:
9696
repoURL: ${{ vars.repoURL }}
9797
prNumber: ${{ outputs['open-pr'].pr.id }}
98-
- uses: argocd-update
98+
# Workaround for argocd-wait race condition (https://github.com/akuity/kargo/issues/6357)
99+
# Queries the K8s API directly to verify ArgoCD has synced the merged commit
100+
# before checking health, preventing premature success from a stale revision.
101+
- uses: http
99102
if: ${{ status('open-pr') != 'Errored' }}
100-
as: argocd-update
103+
as: wait-for-revision
104+
retry:
105+
timeout: 15m
106+
config:
107+
method: GET
108+
url: https://kubernetes.default.svc/apis/argoproj.io/v1alpha1/namespaces/argocd-local/applications/${{ vars.component }}-in-cluster
109+
headers:
110+
- name: Authorization
111+
value: Bearer ${{ secret('argocd-app-reader-token').token }}
112+
insecureSkipTLSVerify: true
113+
successExpression: |
114+
response.status == 200 &&
115+
response.body?.status?.sync?.status == 'Synced' &&
116+
response.body?.status?.sync?.revision == '${{ outputs['wait-for-pr'].commit }}'
117+
failureExpression: |
118+
response.body?.status?.health?.status == 'Degraded' ||
119+
response.body?.status?.operationState?.phase in ['Failed', 'Error']
120+
timeout: 60s
121+
- uses: argocd-wait
122+
if: ${{ status('open-pr') != 'Errored' }}
123+
as: argocd-wait
101124
config:
102125
apps:
103126
- name: ${{ vars.component }}-in-cluster
104127
namespace: argocd-local
105-
sources:
106-
- repoURL: ${{ vars.repoURL }}
107-
desiredRevision: ${{ outputs['wait-for-pr'].commit }}

0 commit comments

Comments
 (0)