feat: allow substitutions in plugin env variables

[ForsakenHarmony]

Related to #5293

Until there's a more robust solution for custom plugins I wanted to be able to pass specific args including e.g. the revision to tanka

Checklist:

• Either (a) I've created an enhancement proposal and discussed it with the community, (b) this is a bug fix, or (c) this does not need to be in the release notes.
• The title of the PR states what changed and the related issues number (used for the release note).
• I've included "Closes [ISSUE #]" or "Fixes [ISSUE #]" in the description to automatically close the associated issue.
• I've updated both the CLI and UI to expose my feature, or I plan to submit a second PR with them.
• Does this PR require documentation updates?
• I've updated documentation as required by this PR.
• Optional. My organization is added to USERS.md.
• I have signed off all my commits as required by DCO
• I have written unit and/or e2e tests for my change. PRs without these are unlikely to be merged.
• My build is green (troubleshooting builds).

[codecov]

Codecov Report

Merging #6097 (01c3cbc) into master (b6d5c23) will increase coverage by 0.09%.
The diff coverage is 80.00%.

@@            Coverage Diff             @@
##           master    #6097      +/-   ##
==========================================
+ Coverage   40.93%   41.03%   +0.09%     
==========================================
  Files         147      151       +4     
  Lines       19729    19960     +231     
==========================================
+ Hits         8077     8191     +114     
- Misses      10541    10640      +99     
- Partials     1111     1129      +18     

Impacted Files	Coverage Δ
reposerver/repository/repository.go	60.85% <80.00%> (+0.08%)	⬆️
reposerver/cache/cache.go	67.44% <0.00%> (-12.56%)	⬇️
util/git/client.go	44.28% <0.00%> (-3.77%)	⬇️
controller/appcontroller.go	53.05% <0.00%> (-0.47%)	⬇️
controller/state.go	68.50% <0.00%> (-0.46%)	⬇️
util/argo/argo.go	61.63% <0.00%> (-0.21%)	⬇️
controller/cache/cache.go	10.74% <0.00%> (-0.13%)	⬇️
cmd/argocd-util/commands/argocd_util.go	14.51% <0.00%> (-0.12%)	⬇️
cmd/argocd/commands/cluster.go	2.59% <0.00%> (-0.10%)	⬇️
... and 20 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update b6d5c23...01c3cbc. Read the comment docs.

[jannfis]

Thanks a lot for your contribution, @ForsakenHarmony!

I have some comments, see below.

[jannfis]

Can you please create a custom error here using fmt.Errorf() instead of passing down err - because it might contain the value of the erroneous environment variable, which ends up in the logs eventually.

[ForsakenHarmony]

What do you think we should return here? It would be nice to know the name of the env var that failed, but I suppose that's not really possible without potentially compromising a secret

I'm also wondering if it's even possible for this to happen

[alexmt]

I think the error might contain env variable defined in ApplicationSource only, not the local env variables of the repo-server pod.

The ApplicationSource is not considered secret and already appears in repo-server logs, so I'm fine to keep it as is.

[jannfis]

Nitpicking: I think it is hard to understand the meaning of this sentence, can we rephrase it a little? E.g. "References to system and build variables will get interpolated in the variables' values."

[ForsakenHarmony]

Yes that sounds good, I wasn't happy with it either

Tried coming up with a nice way to phrase it 3 times, but that didn't work out, I'm adding your suggestion

[alexmt]

LGTM.

@jannfis , can you check my comment regarding logging the error? WDYT?

[jannfis]

Thank you for addressing the review concerns, @ForsakenHarmony

LGTM now!