init version 2.7

Signed-off-by: Chanwit Kaewkasi <chanwit@gmail.com>
flux-subsystem-argo · May 13, 2023 · b9eb87a · b9eb87a
1 parent 04f9c84
commit b9eb87a
Show file tree

Hide file tree

Showing 19 changed files with 9,872 additions and 0 deletions.
diff --git a/.github/workflows/build_v27.yaml b/.github/workflows/build_v27.yaml
@@ -0,0 +1,56 @@
+name: build_v27
+on:
+  workflow_dispatch:
+  pull_request:
+  push:
+    branches:
+      - main
+    paths:
+      - patches-argo-cd-v2.7/**
+      - patches-gitops-engine-v2.0.0/**
+      - VERSION_27
+      - .github/workflows/build_v27.yaml
+
+permissions:
+  contents: write
+  id-token: write
+  packages: write
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+      - name: install stgit
+        shell: bash
+        run: |
+          sudo apt-get install -y stgit
+          git config --global user.name "Chanwit Kaewkasi"
+          git config --global user.email "chanwit@gmail.com"
+      - name: Get branch names
+        id: branch-name
+        uses: tj-actions/branch-names@v5.1
+      - name: Prepare
+        id: prep
+        run: |
+          VERSION="${{ steps.branch-name.outputs.current_branch }}-${GITHUB_SHA::8}"
+          echo ::set-output name=VERSION::${VERSION}
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v1
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Build v2.7
+        run: |
+          ln -s VERSION_27 VERSION
+          ln -s patches-argo-cd-v2.7 patches-argo-cd
+          ln -s patches-gitops-engine-v2.0.0 patches-gitops-engine
+          rm -rf argo-cd || true
+          bash -x ./init.sh
+          source ./VERSION
+          VERSION=${BASE_VERSION}-${SUFFIX_VERSION}-${{ steps.prep.outputs.VERSION }}
+          ( cd argo-cd && IMAGE_NAMESPACE=ghcr.io/flux-subsystem-argo/fsa IMAGE_TAG=$VERSION DOCKER_PUSH=true make image )
+          unlink patches-argo-cd
+          unlink VERSION
diff --git a/Makefile b/Makefile
@@ -1,3 +1,10 @@
+.PHONY: init-v27
+init-v27:
+	ln -s VERSION_27 VERSION
+	ln -s patches-gitops-engine-v2.0.0 patches-gitops-engine
+	ln -s patches-argo-cd-v2.7 patches-argo-cd
+	make init
+
 .PHONY: init-v26
 init-v26:
 	ln -s VERSION_26 VERSION

diff --git a/VERSION_27 b/VERSION_27
@@ -0,0 +1,3 @@
+BASE_VERSION=v2.7.2
+SUFFIX_VERSION=fl.6
+GITOPS_ENGINE_VERSION=ed70eac8b7bd6b2f276502398fdbccccab5d189a
diff --git a/patches-argo-cd-v2.7/01-build-with-local-gitops-engine.patch b/patches-argo-cd-v2.7/01-build-with-local-gitops-engine.patch
@@ -0,0 +1,63 @@
+build with local gitops engine
+
+From: Chanwit Kaewkasi <chanwit@gmail.com>
+
+Signed-off-by: Chanwit Kaewkasi <chanwit@gmail.com>
+---
+ .gitignore |    2 ++
+ Dockerfile |    9 +++++++++
+ go.mod     |    2 ++
+ 3 files changed, 13 insertions(+)
+
+diff --git a/.gitignore b/.gitignore
+index 869bb876f..e05fdda3e 100644
+--- a/.gitignore
++++ b/.gitignore
+@@ -24,3 +24,5 @@ cmd/argocd/argocd
+ cmd/argocd-application-controller/argocd-application-controller
+ cmd/argocd-repo-server/argocd-repo-server
+ cmd/argocd-server/argocd-server
++
++gitops-engine/
+diff --git a/Dockerfile b/Dockerfile
+index 3a434bc3b..6d69cfc51 100644
+--- a/Dockerfile
++++ b/Dockerfile
+@@ -103,7 +103,9 @@ FROM --platform=$BUILDPLATFORM docker.io/library/golang:1.18 AS argocd-build
+
+ WORKDIR /go/src/github.com/argoproj/argo-cd
+
++COPY ./gitops-engine ./gitops-engine
+ COPY go.* ./
++
+ RUN go mod download
+
+ # Perform the build
+@@ -117,9 +119,16 @@ RUN GOOS=$TARGETOS GOARCH=$TARGETARCH make argocd-all
+ # Final image
+ ####################################################################################################
+ FROM argocd-base
++
++LABEL org.opencontainers.image.source https://github.com/flux-subsystem-argo/fsa
++
+ COPY --from=argocd-build /go/src/github.com/argoproj/argo-cd/dist/argocd* /usr/local/bin/
+
+ USER root
++
++RUN chmod +x /usr/local/bin/gpg-wrapper.sh && \
++    chmod +x /usr/local/bin/git-verify-wrapper.sh
++
+ RUN ln -s /usr/local/bin/argocd /usr/local/bin/argocd-server && \
+     ln -s /usr/local/bin/argocd /usr/local/bin/argocd-repo-server && \
+     ln -s /usr/local/bin/argocd /usr/local/bin/argocd-cmp-server && \
+diff --git a/go.mod b/go.mod
+index 9a3876f4f..9a26192c5 100644
+--- a/go.mod
++++ b/go.mod
+@@ -296,4 +296,6 @@ replace (
+ 	k8s.io/mount-utils => k8s.io/mount-utils v0.24.2
+ 	k8s.io/pod-security-admission => k8s.io/pod-security-admission v0.24.2
+ 	k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.24.2
++
++	github.com/argoproj/gitops-engine v0.7.1-0.20221208230615-917f5a0f16d5 => ./gitops-engine
+ )
diff --git a/patches-argo-cd-v2.7/02-implement-loopback.patch b/patches-argo-cd-v2.7/02-implement-loopback.patch
@@ -0,0 +1,183 @@
+implement loopback reconciliation
+
+From: Chanwit Kaewkasi <chanwit@gmail.com>
+
+Signed-off-by: Chanwit Kaewkasi <chanwit@gmail.com>
+---
+ controller/state.go     |   16 ++++-
+ controller/state_fsa.go |  139 +++++++++++++++++++++++++++++++++++++++++++++++
+ 2 files changed, 150 insertions(+), 5 deletions(-)
+ create mode 100644 controller/state_fsa.go
+
+diff --git a/controller/state.go b/controller/state.go
+index 4f2a8d2f6..20cfe89a7 100644
+--- a/controller/state.go
++++ b/controller/state.go
+@@ -411,11 +411,17 @@ func (m *appStateManager) CompareAppState(app *v1alpha1.Application, project *ap
+ 			}
+ 		}
+
+-		targetObjs, manifestInfoMap, err = m.getRepoObjs(app, sources, appLabelKey, revisions, noCache, noRevisionCache, verifySignature, project)
+-		if err != nil {
+-			targetObjs = make([]*unstructured.Unstructured, 0)
+-			conditions = append(conditions, v1alpha1.ApplicationCondition{Type: v1alpha1.ApplicationConditionComparisonError, Message: err.Error(), LastTransitionTime: &now})
+-			failedToLoadObjs = true
++		if isFluxSubsystemEnabled(app) && app.Spec.Source.IsHelm() {
++			targetObjs, conditions, failedToLoadObjs = m.getFluxHelmTargetObjects(app, conditions, now)
++		} else if isFluxSubsystemEnabled(app) && !app.Spec.Source.IsHelm() {
++			targetObjs, conditions, failedToLoadObjs = m.getFluxKustomizeTargetObjects(app, conditions, now)
++		} else {
++			targetObjs, manifestInfoMap, err = m.getRepoObjs(app, sources, appLabelKey, revisions, noCache, noRevisionCache, verifySignature, project)
++			if err != nil {
++				targetObjs = make([]*unstructured.Unstructured, 0)
++				conditions = append(conditions, v1alpha1.ApplicationCondition{Type: v1alpha1.ApplicationConditionComparisonError, Message: err.Error(), LastTransitionTime: &now})
++				failedToLoadObjs = true
++			}
+ 		}
+ 	} else {
+ 		// Prevent applying local manifests for now when signature verification is enabled
+diff --git a/controller/state_fsa.go b/controller/state_fsa.go
+new file mode 100644
+index 000000000..f795c6a75
+--- /dev/null
++++ b/controller/state_fsa.go
+@@ -0,0 +1,139 @@
++package controller
++
++import (
++	"context"
++	"github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
++	"k8s.io/apimachinery/pkg/apis/meta/v1"
++	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
++	"k8s.io/apimachinery/pkg/runtime/schema"
++)
++
++func isFluxSubsystemEnabled(app *v1alpha1.Application) bool {
++	if app == nil {
++		return false
++	}
++	if app.Spec.SyncPolicy == nil {
++		return false
++	}
++	if app.Spec.SyncPolicy.SyncOptions == nil {
++		return false
++	}
++	if app.Spec.SyncPolicy.SyncOptions.HasOption("FluxSubsystem=true") == false {
++		return false
++	}
++	return true
++}
++
++func (m *appStateManager) getFluxHelmTargetObjects(app *v1alpha1.Application, conditions []v1alpha1.ApplicationCondition, now v1.Time) ([]*unstructured.Unstructured, []v1alpha1.ApplicationCondition, bool) {
++	var (
++		targetObjs       []*unstructured.Unstructured
++		failedToLoadObjs bool
++	)
++
++	cluster, err := m.db.GetCluster(context.TODO(), app.Spec.Destination.Server)
++	if err != nil {
++		targetObjs = make([]*unstructured.Unstructured, 0)
++		conditions = append(conditions, v1alpha1.ApplicationCondition{Type: v1alpha1.ApplicationConditionComparisonError, Message: err.Error(), LastTransitionTime: &now})
++		failedToLoadObjs = true
++	}
++	config := cluster.RESTConfig()
++
++	var hl *unstructured.Unstructured
++	hl, err = m.kubectl.GetResource(context.TODO(), config, schema.GroupVersionKind{
++		Group:   "helm.toolkit.fluxcd.io",
++		Version: "v2beta1",
++		Kind:    "HelmRelease",
++	}, app.Name, app.Spec.Destination.Namespace)
++	if err != nil {
++		targetObjs = make([]*unstructured.Unstructured, 0)
++		conditions = append(conditions, v1alpha1.ApplicationCondition{Type: v1alpha1.ApplicationConditionComparisonError, Message: err.Error(), LastTransitionTime: &now})
++		failedToLoadObjs = true
++	}
++
++	if hl == nil {
++		targetObjs = make([]*unstructured.Unstructured, 0)
++		conditions = append(conditions, v1alpha1.ApplicationCondition{Type: v1alpha1.ApplicationConditionComparisonError, Message: err.Error(), LastTransitionTime: &now})
++		failedToLoadObjs = true
++	} else {
++		var source *unstructured.Unstructured
++		if sourceKind, found, err := unstructured.NestedString(hl.Object, "spec", "chart", "spec", "sourceRef", "kind"); found && err == nil {
++			if sourceName, found, err := unstructured.NestedString(hl.Object, "spec", "chart", "spec", "sourceRef", "name"); found && err == nil {
++				if sourceNS, found, err := unstructured.NestedString(hl.Object, "spec", "chart", "spec", "sourceRef", "namespace"); err == nil {
++					if !found {
++						sourceNS = hl.GetNamespace()
++					}
++					source, err = m.kubectl.GetResource(context.Background(), config, schema.GroupVersionKind{
++						Group:   "source.toolkit.fluxcd.io",
++						Version: "v1beta1",
++						Kind:    sourceKind,
++					}, sourceName, sourceNS)
++				}
++			}
++		}
++		if source != nil {
++			targetObjs = []*unstructured.Unstructured{hl, source}
++		} else {
++			targetObjs = make([]*unstructured.Unstructured, 0)
++			conditions = append(conditions, v1alpha1.ApplicationCondition{Type: v1alpha1.ApplicationConditionComparisonError, Message: err.Error(), LastTransitionTime: &now})
++			failedToLoadObjs = true
++		}
++	}
++	return targetObjs, conditions, failedToLoadObjs
++}
++
++func (m *appStateManager) getFluxKustomizeTargetObjects(app *v1alpha1.Application, conditions []v1alpha1.ApplicationCondition, now v1.Time) ([]*unstructured.Unstructured, []v1alpha1.ApplicationCondition, bool) {
++	var (
++		targetObjs       []*unstructured.Unstructured
++		failedToLoadObjs bool
++	)
++
++	cluster, err := m.db.GetCluster(context.TODO(), app.Spec.Destination.Server)
++	if err != nil {
++		targetObjs = make([]*unstructured.Unstructured, 0)
++		conditions = append(conditions, v1alpha1.ApplicationCondition{Type: v1alpha1.ApplicationConditionComparisonError, Message: err.Error(), LastTransitionTime: &now})
++		failedToLoadObjs = true
++	}
++	config := cluster.RESTConfig()
++
++	var ks *unstructured.Unstructured
++	ks, err = m.kubectl.GetResource(context.TODO(), config, schema.GroupVersionKind{
++		Group:   "kustomize.toolkit.fluxcd.io",
++		Version: "v1beta2",
++		Kind:    "Kustomization",
++	}, app.Name, app.Spec.Destination.Namespace)
++	if err != nil {
++		targetObjs = make([]*unstructured.Unstructured, 0)
++		conditions = append(conditions, v1alpha1.ApplicationCondition{Type: v1alpha1.ApplicationConditionComparisonError, Message: err.Error(), LastTransitionTime: &now})
++		failedToLoadObjs = true
++	}
++
++	if ks == nil {
++		targetObjs = make([]*unstructured.Unstructured, 0)
++		conditions = append(conditions, v1alpha1.ApplicationCondition{Type: v1alpha1.ApplicationConditionComparisonError, Message: err.Error(), LastTransitionTime: &now})
++		failedToLoadObjs = true
++	} else {
++		var source *unstructured.Unstructured
++		if sourceKind, found, err := unstructured.NestedString(ks.Object, "spec", "sourceRef", "kind"); found && err == nil {
++			if sourceName, found, err := unstructured.NestedString(ks.Object, "spec", "sourceRef", "name"); found && err == nil {
++				if sourceNS, found, err := unstructured.NestedString(ks.Object, "spec", "sourceRef", "namespace"); err == nil {
++					if !found {
++						sourceNS = ks.GetNamespace()
++					}
++					source, err = m.kubectl.GetResource(context.Background(), config, schema.GroupVersionKind{
++						Group:   "source.toolkit.fluxcd.io",
++						Version: "v1beta1",
++						Kind:    sourceKind,
++					}, sourceName, sourceNS)
++				}
++			}
++		}
++		if source != nil {
++			targetObjs = []*unstructured.Unstructured{ks, source}
++		} else {
++			targetObjs = make([]*unstructured.Unstructured, 0)
++			conditions = append(conditions, v1alpha1.ApplicationCondition{Type: v1alpha1.ApplicationConditionComparisonError, Message: err.Error(), LastTransitionTime: &now})
++			failedToLoadObjs = true
++		}
++	}
++	return targetObjs, conditions, failedToLoadObjs
++}
diff --git a/patches-argo-cd-v2.7/03-allow-flux-and-oci-schemes.patch b/patches-argo-cd-v2.7/03-allow-flux-and-oci-schemes.patch
@@ -0,0 +1,58 @@
+allow flux and oci schemes
+
+From: Chanwit Kaewkasi <chanwit@gmail.com>
+
+Signed-off-by: Chanwit Kaewkasi <chanwit@gmail.com>
+---
+ reposerver/repository/repository.go |    5 +++++
+ server/application/application.go   |    4 ++++
+ util/argo/argo.go                   |    5 +++++
+ 3 files changed, 14 insertions(+)
+
+diff --git a/reposerver/repository/repository.go b/reposerver/repository/repository.go
+index ad5a7ab2c..81b842060 100644
+--- a/reposerver/repository/repository.go
++++ b/reposerver/repository/repository.go
+@@ -2435,6 +2435,11 @@ func (s *Service) TestRepository(ctx context.Context, q *apiclient.TestRepositor
+ 	}
+ 	check := checks[repo.Type]
+ 	apiResp := &apiclient.TestRepositoryResponse{VerifiedRepository: false}
++
++	// Flux or OCI scheme are special cases
++	if strings.HasPrefix(repo.Repo, "flux://") || strings.HasPrefix(repo.Repo, "oci://") {
++		return apiResp, nil
++	}
+ 	err := check()
+ 	if err != nil {
+ 		return apiResp, fmt.Errorf("error testing repository connectivity: %w", err)
+diff --git a/server/application/application.go b/server/application/application.go
+index 1ae8412fc..8c8113e81 100644
+--- a/server/application/application.go
++++ b/server/application/application.go
+@@ -1857,6 +1857,10 @@ func (s *Server) resolveRevision(ctx context.Context, app *appv1.Application, sy
+ 			// If it's already a commit SHA, then no need to look it up
+ 			return ambiguousRevision, ambiguousRevision, nil
+ 		}
++		if strings.HasPrefix(app.Spec.Source.RepoURL, "flux://") || strings.HasPrefix(app.Spec.Source.RepoURL, "oci://") {
++			// Flux or OCI scheme are special cases
++			return ambiguousRevision, ambiguousRevision, nil
++		}
+ 	}
+
+ 	resolveRevisionResponse, err := repoClient.ResolveRevision(ctx, &apiclient.ResolveRevisionRequest{
+diff --git a/util/argo/argo.go b/util/argo/argo.go
+index e8384bcf7..388ce92c4 100644
+--- a/util/argo/argo.go
++++ b/util/argo/argo.go
+@@ -190,6 +190,11 @@ func ValidateRepo(
+
+ 	conditions := make([]argoappv1.ApplicationCondition, 0)
+
++	// Flux or OCI scheme are special cases
++	if strings.HasPrefix(spec.Source.RepoURL, "flux://") || strings.HasPrefix(spec.Source.RepoURL, "oci://") {
++		return conditions, nil
++	}
++
+ 	// Test the repo
+ 	conn, repoClient, err := repoClientset.NewRepoServerClient()
+ 	if err != nil {