File tree Expand file tree Collapse file tree
overlays/internal-staging
components/kargo/internal-production/projects/kargo-infra-common/base Expand file tree Collapse file tree Original file line number Diff line number Diff line change 1313 template :
1414 metadata :
1515 name : kargo-{{nameNormalized}}
16- annotations :
17- kargo.akuity.io/authorized-stage : kargo-infra-common:ring-1-staging,kargo-infra-common:ring-2-production
1816 spec :
1917 project : default
2018 source :
Original file line number Diff line number Diff line change 1212 template :
1313 metadata :
1414 name : rover-group-sync
15- annotations :
16- kargo.akuity.io/authorized-stage : kargo-infra-common:ring-1-staging,kargo-infra-common:ring-2-production
1715 spec :
1816 project : default
1917 source :
Original file line number Diff line number Diff line change 1111 template :
1212 metadata :
1313 name : dummy-deployment-{{nameNormalized}}
14- annotations :
15- kargo.akuity.io/authorized-stage : kargo-infra-common:ring-1-staging
1614 spec :
1715 project : default
1816 source :
Original file line number Diff line number Diff line change 1+ ---
2+ apiVersion : v1
3+ kind : ServiceAccount
4+ metadata :
5+ name : argocd-app-reader
6+ ---
7+ apiVersion : v1
8+ kind : Secret
9+ metadata :
10+ name : argocd-app-reader-token
11+ annotations :
12+ kubernetes.io/service-account.name : argocd-app-reader
13+ type : kubernetes.io/service-account-token
14+ ---
15+ apiVersion : rbac.authorization.k8s.io/v1
16+ kind : ClusterRole
17+ metadata :
18+ name : kargo-infra-common-argocd-app-reader
19+ rules :
20+ - apiGroups :
21+ - argoproj.io
22+ resources :
23+ - applications
24+ verbs :
25+ - get
26+ ---
27+ apiVersion : rbac.authorization.k8s.io/v1
28+ kind : ClusterRoleBinding
29+ metadata :
30+ name : kargo-infra-common-argocd-app-reader
31+ roleRef :
32+ apiGroup : rbac.authorization.k8s.io
33+ kind : ClusterRole
34+ name : kargo-infra-common-argocd-app-reader
35+ subjects :
36+ - kind : ServiceAccount
37+ name : argocd-app-reader
38+ namespace : kargo-infra-common
Original file line number Diff line number Diff line change @@ -3,3 +3,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
33kind : Kustomization
44resources :
55 - rbac.yaml
6+ - argocd-app-reader.yaml
Original file line number Diff line number Diff line change @@ -106,13 +106,30 @@ spec:
106106 repoURL : ${{ vars.repoURL }}
107107 prNumber : ${{ outputs['open-pr'].pr.id }}
108108 wait : true
109- - uses : argocd-update
109+ - uses : http
110110 if : ${{ status('open-pr') != 'Errored' }}
111- as : argocd-update
111+ as : wait-for-revision
112+ retry :
113+ timeout : 15m
114+ config :
115+ method : GET
116+ url : https://kubernetes.default.svc/apis/argoproj.io/v1alpha1/namespaces/argocd-local/applications/${{ vars.component }}-in-cluster
117+ headers :
118+ - name : Authorization
119+ value : Bearer ${{ secret('argocd-app-reader-token').token }}
120+ insecureSkipTLSVerify : true
121+ successExpression : |
122+ response.status == 200 &&
123+ response.body?.status?.sync?.status == 'Synced' &&
124+ response.body?.status?.sync?.revision == '${{ outputs['merge-pr'].commit }}'
125+ failureExpression : |
126+ response.body?.status?.health?.status == 'Degraded' ||
127+ response.body?.status?.operationState?.phase in ['Failed', 'Error']
128+ timeout : 60s
129+ - uses : argocd-wait
130+ if : ${{ status('open-pr') != 'Errored' }}
131+ as : argocd-wait
112132 config :
113133 apps :
114134 - name : ${{ vars.component }}-in-cluster
115135 namespace : argocd-local
116- sources :
117- - repoURL : ${{ vars.repoURL }}
118- desiredRevision : ${{ outputs['merge-pr'].commit }}
Original file line number Diff line number Diff line change @@ -95,13 +95,30 @@ spec:
9595 config :
9696 repoURL : ${{ vars.repoURL }}
9797 prNumber : ${{ outputs['open-pr'].pr.id }}
98- - uses : argocd-update
98+ - uses : http
9999 if : ${{ status('open-pr') != 'Errored' }}
100- as : argocd-update
100+ as : wait-for-revision
101+ retry :
102+ timeout : 15m
103+ config :
104+ method : GET
105+ url : https://kubernetes.default.svc/apis/argoproj.io/v1alpha1/namespaces/argocd-local/applications/${{ vars.component }}-in-cluster
106+ headers :
107+ - name : Authorization
108+ value : Bearer ${{ secret('argocd-app-reader-token').token }}
109+ insecureSkipTLSVerify : true
110+ successExpression : |
111+ response.status == 200 &&
112+ response.body?.status?.sync?.status == 'Synced' &&
113+ response.body?.status?.sync?.revision == '${{ outputs['wait-for-pr'].commit }}'
114+ failureExpression : |
115+ response.body?.status?.health?.status == 'Degraded' ||
116+ response.body?.status?.operationState?.phase in ['Failed', 'Error']
117+ timeout : 60s
118+ - uses : argocd-wait
119+ if : ${{ status('open-pr') != 'Errored' }}
120+ as : argocd-wait
101121 config :
102122 apps :
103123 - name : ${{ vars.component }}-in-cluster
104124 namespace : argocd-local
105- sources :
106- - repoURL : ${{ vars.repoURL }}
107- desiredRevision : ${{ outputs['wait-for-pr'].commit }}
You can’t perform that action at this time.
0 commit comments