fix(bundler): quote argocd app-of-apps metadata.name (#1011)#1040
Merged
mchmarny merged 3 commits intoMay 27, 2026
Merged
Conversation
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: ASSERTIVE Plan: Enterprise Run ID: 📒 Files selected for processing (5)
📝 WalkthroughWalkthroughThis PR quotes Argo CD Application metadata.name in the app-of-apps template using Go's printf "%q". Tests were updated: an existing test now expects a quoted name and a new test renders several YAML-reserved-scalar AppName values, converts the generated YAML to JSON, unmarshals into an unstructured.Unstructured, and asserts GetName() equals the original string. Three testdata fixtures were adjusted to use quoted metadata.name values. Estimated code review effort🎯 2 (Simple) | ⏱️ ~10 minutes Suggested labels
Suggested reviewers
🚥 Pre-merge checks | ✅ 4✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
The argocd deployer's app-of-apps.yaml.tmpl emitted `name: {{ .AppName }}`
unquoted. `ValidateAppName` delegates to k8s.io/apimachinery's DNS-1123
subdomain check, which legitimately accepts digit-only labels (`123`) as
well as YAML-reserved scalars like `true`, `false`, `null`, and `1e3`.
With the unquoted template, `aicr bundle --deployer argocd --app-name 123`
rendered:
metadata:
name: 123
`sigs.k8s.io/yaml.YAMLToJSON` (used by kubectl) routes through JSON and
emits `"name":123` (number). `unstructured.GetName()` then returns ""
because of the val.(string) type assertion inside getNestedString, so
apply is rejected with a metadata.name validation error far from the
original `aicr bundle` call site.
The sibling argocd-helm parent template at argocdhelm.go:446 already
applies Sprig `| quote`. This change brings the static argocd template
into line by using `printf "%q"` (text/template has no `quote` pipe).
Regression test `TestGenerate_AppName_YAMLReservedScalars` rebuilds the
kubectl decode path (sigs.k8s.io/yaml → unstructured.UnmarshalJSON →
GetName) and asserts the rendered metadata.name round-trips as a string
for `123`, `true`, `false`, `null`, and `1e3`. The existing
TestGenerate_AppName assertion is tightened to require quoted form.
Three goldens regenerated.
yuanchen8911
force-pushed
the
fix/argocd-app-name-yaml-quoting-1036
branch
from
a4b152f to
db68b4b
Compare
mchmarny
approved these changes
May 27, 2026
mchmarny
added a commit
that referenced
this pull request
May 27, 2026
PR #1027 bumped testing_tools.helmfile v1.5.1 -> v1.5.2 but the Renovate postUpgradeTask that refreshes helmfile_checksums did not run, leaving the four per-arch SHA256 entries pinned at v1.5.1 values. Both .github/actions/install-e2e-tools (via tools/setup-tools) and .github/actions/setup-build-tools verify the downloaded helmfile tarball against these pinned checksums, so E2E and CLI E2E started failing on every PR rebased onto main after #1027 merged (PR #1040 and others). Refresh the four checksums by running tools/update-helmfile-checksums v1.5.2, which is the same script the Renovate postUpgradeTask invokes. No other code or doc references the stale digests.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Quote
metadata.namein the static argocdapp-of-apps.yamltemplate so a--app-namevalue that is a DNS-1123-valid YAML-reserved scalar (123,true,false,null,1e3, …) renders as a string instead of a number/bool/null. Brings the static argocd template in line with the argocd-helm parent template (which already uses Sprig| quote).Motivation / Context
Follow-up to #1036, which introduced
--app-name. The argocd deployer emittedmetadata.name: {{ .AppName }}without quoting.ValidateAppNamedelegates tok8s.io/apimachinery'sIsDNS1123Subdomain, which legitimately accepts digit-only labels and bare YAML keywords (123,true,null,1e3). With the unquoted template,aicr bundle --deployer argocd --app-name 123 ...rendered:sigs.k8s.io/yaml.YAMLToJSON(used by kubectl) routes through JSON and emits"name":123(number, not string).unstructured.GetName()then returns""becausegetNestedStringdoes aval.(string)type assertion on theint64, sokubectl applyis rejected with a cryptic metadata-name validation error far from the originalaicr bundlecall site. The sibling argocd-helm parent template atpkg/bundler/deployer/argocdhelm/argocdhelm.go:446already applies| quote.Fixes: N/A (cross-review follow-up to merged #1036)
Related: #1011, #1036
Type of Change
Component(s) Affected
pkg/bundler,pkg/component/*)Implementation Notes
name: {{ .AppName }}→name: {{ printf "%q" .AppName }}. Gotext/templatehas noquotepipe;printf "%q"produces a Go-style double-quoted string, which is a valid YAML string scalar for the DNS-1123 character set enforced byValidateAppName.name: "nvidia-stack"(quoted) form. The existingTestGenerate_AppNameassertion is tightened fromname: <value>toname: "<value>"so a future regression cannot silently revert.ValidateAppNameis unchanged. Tightening the validator to reject digit-only / YAML-keyword names would break operators who legitimately want them; the template fix is the narrower, less surprising option.Testing
New test
TestGenerate_AppName_YAMLReservedScalarsrebuilds the kubectl decode path (sigs.k8s.io/yaml.YAMLToJSON→unstructured.UnmarshalJSON→GetName()) and asserts the renderedmetadata.nameround-trips as a string for123,true,false,null,1e3. Without the template fix, every subtest fails becauseGetName()returns"".Coverage delta (
pkg/bundler/deployer/argocd): expected to increase slightly with the new subtests; fullmake qualifywill run in CI.Risk Assessment
nvidia-stackrendering is unchanged behaviorally (name: nvidia-stackandname: "nvidia-stack"are equivalent YAML strings).Rollout notes: None. The rendered manifest is character-different (
name: "nvidia-stack"vsname: nvidia-stack) but semantically identical for any YAML/JSON parser. Argo CD'sargocd app get/syncexamples in the README are unaffected (already plain text).Checklist
make testwith-race) — package-scoped; see Testingmake lint) — package-scoped; see Testinggit commit -S)