File tree Expand file tree Collapse file tree
overlays/internal-staging
components/kargo/internal-production/projects/kargo-infra-common/base Expand file tree Collapse file tree Original file line number Diff line number Diff line change 1313 template :
1414 metadata :
1515 name : kargo-{{nameNormalized}}
16- annotations :
17- kargo.akuity.io/authorized-stage : kargo-infra-common:ring-1-staging,kargo-infra-common:ring-2-production
1816 spec :
1917 project : default
2018 source :
Original file line number Diff line number Diff line change 1212 template :
1313 metadata :
1414 name : rover-group-sync
15- annotations :
16- kargo.akuity.io/authorized-stage : kargo-infra-common:ring-1-staging,kargo-infra-common:ring-2-production
1715 spec :
1816 project : default
1917 source :
Original file line number Diff line number Diff line change 1111 template :
1212 metadata :
1313 name : dummy-deployment-{{nameNormalized}}
14- annotations :
15- kargo.akuity.io/authorized-stage : kargo-infra-common:ring-1-staging
1614 spec :
1715 project : default
1816 source :
Original file line number Diff line number Diff line change 1+ ---
2+ apiVersion : v1
3+ kind : ServiceAccount
4+ metadata :
5+ name : argocd-app-reader
6+ ---
7+ apiVersion : v1
8+ kind : Secret
9+ metadata :
10+ name : argocd-app-reader-token
11+ annotations :
12+ kubernetes.io/service-account.name : argocd-app-reader
13+ type : kubernetes.io/service-account-token
14+ ---
15+ apiVersion : rbac.authorization.k8s.io/v1
16+ kind : ClusterRole
17+ metadata :
18+ name : kargo-infra-common-argocd-app-reader
19+ rules :
20+ - apiGroups :
21+ - argoproj.io
22+ resources :
23+ - applications
24+ verbs :
25+ - get
26+ ---
27+ apiVersion : rbac.authorization.k8s.io/v1
28+ kind : ClusterRoleBinding
29+ metadata :
30+ name : kargo-infra-common-argocd-app-reader
31+ roleRef :
32+ apiGroup : rbac.authorization.k8s.io
33+ kind : ClusterRole
34+ name : kargo-infra-common-argocd-app-reader
35+ subjects :
36+ - kind : ServiceAccount
37+ name : argocd-app-reader
38+ namespace : kargo-infra-common
Original file line number Diff line number Diff line change @@ -3,3 +3,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
33kind : Kustomization
44resources :
55 - rbac.yaml
6+ - argocd-app-reader.yaml
Original file line number Diff line number Diff line change @@ -106,13 +106,33 @@ spec:
106106 repoURL : ${{ vars.repoURL }}
107107 prNumber : ${{ outputs['open-pr'].pr.id }}
108108 wait : true
109- - uses : argocd-update
109+ # Workaround for argocd-wait race condition (https://github.com/akuity/kargo/issues/6357)
110+ # Queries the K8s API directly to verify ArgoCD has synced the merged commit
111+ # before checking health, preventing premature success from a stale revision.
112+ - uses : http
110113 if : ${{ status('open-pr') != 'Errored' }}
111- as : argocd-update
114+ as : wait-for-revision
115+ retry :
116+ timeout : 15m
117+ config :
118+ method : GET
119+ url : https://kubernetes.default.svc/apis/argoproj.io/v1alpha1/namespaces/argocd-local/applications/${{ vars.component }}-in-cluster
120+ headers :
121+ - name : Authorization
122+ value : Bearer ${{ secret('argocd-app-reader-token').token }}
123+ insecureSkipTLSVerify : true
124+ successExpression : |
125+ response.status == 200 &&
126+ response.body?.status?.sync?.status == 'Synced' &&
127+ response.body?.status?.sync?.revision == '${{ outputs['merge-pr'].commit }}'
128+ failureExpression : |
129+ response.body?.status?.health?.status == 'Degraded' ||
130+ response.body?.status?.operationState?.phase in ['Failed', 'Error']
131+ timeout : 60s
132+ - uses : argocd-wait
133+ if : ${{ status('open-pr') != 'Errored' }}
134+ as : argocd-wait
112135 config :
113136 apps :
114137 - name : ${{ vars.component }}-in-cluster
115138 namespace : argocd-local
116- sources :
117- - repoURL : ${{ vars.repoURL }}
118- desiredRevision : ${{ outputs['merge-pr'].commit }}
Original file line number Diff line number Diff line change @@ -95,13 +95,33 @@ spec:
9595 config :
9696 repoURL : ${{ vars.repoURL }}
9797 prNumber : ${{ outputs['open-pr'].pr.id }}
98- - uses : argocd-update
98+ # Workaround for argocd-wait race condition (https://github.com/akuity/kargo/issues/6357)
99+ # Queries the K8s API directly to verify ArgoCD has synced the merged commit
100+ # before checking health, preventing premature success from a stale revision.
101+ - uses : http
99102 if : ${{ status('open-pr') != 'Errored' }}
100- as : argocd-update
103+ as : wait-for-revision
104+ retry :
105+ timeout : 15m
106+ config :
107+ method : GET
108+ url : https://kubernetes.default.svc/apis/argoproj.io/v1alpha1/namespaces/argocd-local/applications/${{ vars.component }}-in-cluster
109+ headers :
110+ - name : Authorization
111+ value : Bearer ${{ secret('argocd-app-reader-token').token }}
112+ insecureSkipTLSVerify : true
113+ successExpression : |
114+ response.status == 200 &&
115+ response.body?.status?.sync?.status == 'Synced' &&
116+ response.body?.status?.sync?.revision == '${{ outputs['wait-for-pr'].commit }}'
117+ failureExpression : |
118+ response.body?.status?.health?.status == 'Degraded' ||
119+ response.body?.status?.operationState?.phase in ['Failed', 'Error']
120+ timeout : 60s
121+ - uses : argocd-wait
122+ if : ${{ status('open-pr') != 'Errored' }}
123+ as : argocd-wait
101124 config :
102125 apps :
103126 - name : ${{ vars.component }}-in-cluster
104127 namespace : argocd-local
105- sources :
106- - repoURL : ${{ vars.repoURL }}
107- desiredRevision : ${{ outputs['wait-for-pr'].commit }}
You can’t perform that action at this time.
0 commit comments