Skip to content

Commit 616bd31

Browse files
committed
fix: remove argocd-update and uses http for sync verification
1 parent 876bac3 commit 616bd31

7 files changed

Lines changed: 83 additions & 16 deletions

File tree

argo-cd-apps/base/internal/kargo/appset.yaml

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -13,8 +13,6 @@ spec:
1313
template:
1414
metadata:
1515
name: kargo-{{nameNormalized}}
16-
annotations:
17-
kargo.akuity.io/authorized-stage: kargo-infra-common:ring-1-staging,kargo-infra-common:ring-2-production
1816
spec:
1917
project: default
2018
source:

argo-cd-apps/base/internal/rover-group-sync/appset.yaml

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -12,8 +12,6 @@ spec:
1212
template:
1313
metadata:
1414
name: rover-group-sync
15-
annotations:
16-
kargo.akuity.io/authorized-stage: kargo-infra-common:ring-1-staging,kargo-infra-common:ring-2-production
1715
spec:
1816
project: default
1917
source:

argo-cd-apps/overlays/internal-staging/dummy-deployment.yaml

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -11,8 +11,6 @@ spec:
1111
template:
1212
metadata:
1313
name: dummy-deployment-{{nameNormalized}}
14-
annotations:
15-
kargo.akuity.io/authorized-stage: kargo-infra-common:ring-1-staging
1614
spec:
1715
project: default
1816
source:
Lines changed: 38 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,38 @@
1+
---
2+
apiVersion: v1
3+
kind: ServiceAccount
4+
metadata:
5+
name: argocd-app-reader
6+
---
7+
apiVersion: v1
8+
kind: Secret
9+
metadata:
10+
name: argocd-app-reader-token
11+
annotations:
12+
kubernetes.io/service-account.name: argocd-app-reader
13+
type: kubernetes.io/service-account-token
14+
---
15+
apiVersion: rbac.authorization.k8s.io/v1
16+
kind: ClusterRole
17+
metadata:
18+
name: kargo-infra-common-argocd-app-reader
19+
rules:
20+
- apiGroups:
21+
- argoproj.io
22+
resources:
23+
- applications
24+
verbs:
25+
- get
26+
---
27+
apiVersion: rbac.authorization.k8s.io/v1
28+
kind: ClusterRoleBinding
29+
metadata:
30+
name: kargo-infra-common-argocd-app-reader
31+
roleRef:
32+
apiGroup: rbac.authorization.k8s.io
33+
kind: ClusterRole
34+
name: kargo-infra-common-argocd-app-reader
35+
subjects:
36+
- kind: ServiceAccount
37+
name: argocd-app-reader
38+
namespace: kargo-infra-common

components/kargo/internal-production/projects/kargo-infra-common/base/rbac/kustomization.yaml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3,3 +3,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
33
kind: Kustomization
44
resources:
55
- rbac.yaml
6+
- argocd-app-reader.yaml

components/kargo/internal-production/projects/kargo-infra-common/base/stage-ring-1-staging.yaml

Lines changed: 22 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -106,13 +106,30 @@ spec:
106106
repoURL: ${{ vars.repoURL }}
107107
prNumber: ${{ outputs['open-pr'].pr.id }}
108108
wait: true
109-
- uses: argocd-update
109+
- uses: http
110110
if: ${{ status('open-pr') != 'Errored' }}
111-
as: argocd-update
111+
as: wait-for-revision
112+
retry:
113+
timeout: 15m
114+
config:
115+
method: GET
116+
url: https://kubernetes.default.svc/apis/argoproj.io/v1alpha1/namespaces/argocd-local/applications/${{ vars.component }}-in-cluster
117+
headers:
118+
- name: Authorization
119+
value: Bearer ${{ secret('argocd-app-reader-token').token }}
120+
insecureSkipTLSVerify: true
121+
successExpression: |
122+
response.status == 200 &&
123+
response.body?.status?.sync?.status == 'Synced' &&
124+
response.body?.status?.sync?.revision == '${{ outputs['merge-pr'].commit }}'
125+
failureExpression: |
126+
response.body?.status?.health?.status == 'Degraded' ||
127+
response.body?.status?.operationState?.phase in ['Failed', 'Error']
128+
timeout: 60s
129+
- uses: argocd-wait
130+
if: ${{ status('open-pr') != 'Errored' }}
131+
as: argocd-wait
112132
config:
113133
apps:
114134
- name: ${{ vars.component }}-in-cluster
115135
namespace: argocd-local
116-
sources:
117-
- repoURL: ${{ vars.repoURL }}
118-
desiredRevision: ${{ outputs['merge-pr'].commit }}

components/kargo/internal-production/projects/kargo-infra-common/base/stage-ring-2-production.yaml

Lines changed: 22 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -95,13 +95,30 @@ spec:
9595
config:
9696
repoURL: ${{ vars.repoURL }}
9797
prNumber: ${{ outputs['open-pr'].pr.id }}
98-
- uses: argocd-update
98+
- uses: http
9999
if: ${{ status('open-pr') != 'Errored' }}
100-
as: argocd-update
100+
as: wait-for-revision
101+
retry:
102+
timeout: 15m
103+
config:
104+
method: GET
105+
url: https://kubernetes.default.svc/apis/argoproj.io/v1alpha1/namespaces/argocd-local/applications/${{ vars.component }}-in-cluster
106+
headers:
107+
- name: Authorization
108+
value: Bearer ${{ secret('argocd-app-reader-token').token }}
109+
insecureSkipTLSVerify: true
110+
successExpression: |
111+
response.status == 200 &&
112+
response.body?.status?.sync?.status == 'Synced' &&
113+
response.body?.status?.sync?.revision == '${{ outputs['wait-for-pr'].commit }}'
114+
failureExpression: |
115+
response.body?.status?.health?.status == 'Degraded' ||
116+
response.body?.status?.operationState?.phase in ['Failed', 'Error']
117+
timeout: 60s
118+
- uses: argocd-wait
119+
if: ${{ status('open-pr') != 'Errored' }}
120+
as: argocd-wait
101121
config:
102122
apps:
103123
- name: ${{ vars.component }}-in-cluster
104124
namespace: argocd-local
105-
sources:
106-
- repoURL: ${{ vars.repoURL }}
107-
desiredRevision: ${{ outputs['wait-for-pr'].commit }}

0 commit comments

Comments
 (0)