From 71864a0cda7c01342169c9a7ee6763b60920cb1d Mon Sep 17 00:00:00 2001 From: cf-ci-bot-v2 Date: Mon, 19 Jan 2026 08:45:23 +0000 Subject: [PATCH 01/15] Update Chart.yaml and changelog for 0.27.0 release --- charts/gitops-runtime/Chart.yaml | 95 ++++++++++++++++++++- charts/gitops-runtime/README.md | 133 ++++++++++++++++++++++++------ charts/gitops-runtime/values.yaml | 39 ++++----- 3 files changed, 218 insertions(+), 49 deletions(-) diff --git a/charts/gitops-runtime/Chart.yaml b/charts/gitops-runtime/Chart.yaml index 194133128..479965900 100644 --- a/charts/gitops-runtime/Chart.yaml +++ b/charts/gitops-runtime/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: 0.1.72 description: A Helm chart for Codefresh gitops runtime name: gitops-runtime -version: 0.0.0 +version: 0.27.0 home: https://github.com/codefresh-io/gitops-runtime-helm icon: https://avatars1.githubusercontent.com/u/11412079?v=3 keywords: @@ -13,6 +13,99 @@ maintainers: url: https://codefresh-io.github.io/ annotations: artifacthub.io/alternativeName: "codefresh-gitops-runtime" + artifacthub.io/changes: |- + - kind: changed + description: 'chore: Fix security vulnerabilities for argo-workflows (#1047)' + - kind: changed + description: 'feat: add automated Slack release notifications (#1045)' + - kind: changed + description: 'feat(app-proxy): support for the confirm deletion/pruning feature of ArgoCD (#1046)' + - kind: changed + description: updated kubectl for redis-secret-init job (#1041) + - kind: changed + description: 'feat: bump app proxy (#1044)' + - kind: changed + description: 'feat(event-reporter): added deleted field to app event payload (#1039)' + - kind: changed + description: updated argo-cd to 3.2.3 (#1037) + - kind: changed + description: 'fix(sealed-secrets-controller): security vulnerabilities CVE-2025-47912, CVE-2025-58181, CVE-2025-58186, CVE-2025-58187, CVE-2025-58188, CVE-2025-58189, CVE-2025-61723, CVE-2025-61724, CVE-2025-61727, CVE-2025-61729 (#1035)' + - kind: changed + description: 'fix(cf-argocd-extras): security vulnerability CVE-2025-58181, CVE-2025-13281, CVE-2025-61727, CVE-2025-61729 (#1032)' + - kind: changed + description: 'feat: bump app proxy (#1031)' + - kind: changed + description: 'docs: add release guide documentation (#1030)' + - kind: changed + description: 'Revert "feat: remove product crd (#997)" (#1029)' + - kind: changed + description: 'fix(codefresh-gitops-operator): security vulnerability CVE-2025-66626 (#1024)' + - kind: changed + description: 'fix(codefresh-tunnel-client): security vulnerabilities CVE-2025-9230, CVE-2025-9231, CVE-2025-9232, CVE-2025-46394, CVE-2024-58251 (#1023)' + - kind: changed + description: 'feat: added support for runtime uninstallation' + - kind: changed + description: updated argo-cd to 3.2.2 (#1019) + - kind: changed + description: 'fix: sync codefresh-gitops-operator image from `stable/0.26` branch with `main` branch (#1010)' + - kind: changed + description: 'fix: security fixes for enrichment images (CVE-2025-64756, CVE-2025-65945, CVE-2025-66031, CVE-2025-12816, CVE-2025-8291, CVE-2025-6075, CVE-2025-12084) (#1011)' + - kind: changed + description: 'fix: update app-proxy image tags to latest version to improve git providers support (#1014)' + - kind: changed + description: 'fix: app-proxy fails to create a Workflow instance (#1008)' + - kind: changed + description: '[cf-argocd-extras]feat: new MRC change revisions annotations support (#1005)' + - kind: changed + description: 'feat: remove product crd (#997)' + - kind: changed + description: 'fix: update app-proxy image tags to latest version 1.3982.0 (#999)' + - kind: changed + description: 'chore(CR-32163): updated cli-v2 for fixing CVE-2024-25621 "github.com/containerd (#993)' + - kind: changed + description: added labeler github action (#971) + - kind: changed + description: Feat/revert-app-proxy-and-operator (#980) + - kind: changed + description: 'fix: update namespace handling in cluster resource reporter (#965)' + - kind: changed + description: 'feat: add latest app version to release index data (#961)' + - kind: changed + description: reset main version back to 0.0.0 (#959) + - kind: changed + description: 'chore: bump cap-app-proxy to 1.3953.0 (#958)' + - kind: changed + description: 'chore: Fix security vulnerabilities for argo-workflows (#948)' + - kind: changed + description: '[gitops-operator]fix: improve integration test coverage of setup code (#949)' + - kind: changed + description: '[gitops-operator]fix: remove git commit statuses (#940)' + - kind: changed + description: 'feat: multi-runtime installation (#939)' + - kind: changed + description: 'fix: update cap-app-proxy image tags to 1.3943.0 (#944)' + - kind: changed + description: 'chore: remove checksum_test' + - kind: changed + description: 'feat: remove codefresh-cm from helm unit tests' + - kind: changed + description: 'feat: checksum annotations (#938)' + - kind: changed + description: 'fix: update REQUIRED_VERSION_CONSTRAINT for Argo CD compatibility (#937)' + - kind: changed + description: '[cf-argocd-extras]chore: update depencencies (argo-cd 3.2) (#928)' + - kind: changed + description: 'feat: add branch data to pullrequest info (#926)' + - kind: changed + description: 'feat: disable runtime redis by default (#927)' + - kind: changed + description: 'feat: disable Argo Rollouts by default and enable namespace-scoped Argo Workflows (#920)' + - kind: changed + description: 'fix: set transient error on app sync failure (#922)' + - kind: changed + description: 'feat: allow running without redis configured (#919)' + - kind: changed + description: 'fix: retry on notFound before updating resource status (#912)' dependencies: - name: argo-cd repository: https://argoproj.github.io/argo-helm diff --git a/charts/gitops-runtime/README.md b/charts/gitops-runtime/README.md index 28550cd3c..6c077c1e4 100644 --- a/charts/gitops-runtime/README.md +++ b/charts/gitops-runtime/README.md @@ -1,5 +1,5 @@ ## Codefresh gitops runtime -![Version: 0.0.0](https://img.shields.io/badge/Version-0.0.0-informational?style=flat-square) ![AppVersion: 0.1.72](https://img.shields.io/badge/AppVersion-0.1.72-informational?style=flat-square) +![Version: 0.27.0](https://img.shields.io/badge/Version-0.27.0-informational?style=flat-square) ![AppVersion: 0.1.72](https://img.shields.io/badge/AppVersion-0.1.72-informational?style=flat-square) ## Table of Content @@ -222,7 +222,7 @@ We have created a helper utility to resolve this issue: The utility is packaged in a container image. Below are instructions on executing the utility using Docker: ``` -docker run -v :/output quay.io/codefresh/gitops-runtime-private-registry-utils:0.0.0 +docker run -v :/output quay.io/codefresh/gitops-runtime-private-registry-utils:0.27.0 ``` `output_dir` - is a local directory where the utility will output files.
`local_registry` - is your local registry where you want to mirror the images to @@ -235,7 +235,7 @@ The utility will output 4 files into the folder: For usage with external ArgoCD run the utility with `EXTERNAL_ARGOCD` environment variable set to `true`. ``` -docker run -e EXTERNAL_ARGOCD=true -v :/output quay.io/codefresh/gitops-runtime-private-registry-utils:0.0.0 +docker run -e EXTERNAL_ARGOCD=true -v :/output quay.io/codefresh/gitops-runtime-private-registry-utils:0.27.0 ``` ## Openshift @@ -482,6 +482,18 @@ global: | Key | Type | Default | Description | |-----|------|---------|-------------| +| anchors.common-envs[0].OTEL_EXPORTER_OTLP_COMPRESSION | string | `"gzip"` | Specifies the compression algorithm to be used for all telemetry data. Ref: https://opentelemetry.io/docs/specs/otel/protocol/exporter/ | +| anchors.common-envs[0].OTEL_EXPORTER_OTLP_ENDPOINT | string | `"http://localhost:4317"` | Base endpoint URL for all OpenTelemetry signals. Ref: https://opentelemetry.io/docs/languages/sdk-configuration/otlp-exporter/ | +| anchors.common-envs[0].OTEL_EXPORTER_OTLP_PROTOCOL | string | `"grpc"` | Specifies the OTLP transport protocol to be used for all telemetry data. Ref: https://opentelemetry.io/docs/languages/sdk-configuration/otlp-exporter/ | +| anchors.common-envs[0].OTEL_EXPORTER_PROMETHEUS_HOST | string | `"0.0.0.0"` | Host used by the Prometheus OTel metrics exporter if OTEL_METRICS_EXPORTER=prometheus | +| anchors.common-envs[0].OTEL_EXPORTER_PROMETHEUS_PORT | string | `"9464"` | Port used by the Prometheus OTel metrics exporter if OTEL_METRICS_EXPORTER=prometheus | +| anchors.common-envs[0].OTEL_LOGS_EXPORTER | string | `"none"` | OTel Logs exporter to be used. Ref: https://opentelemetry.io/docs/specs/otel/configuration/sdk-environment-variables/ | +| anchors.common-envs[0].OTEL_METRICS_EXPORTER | string | `"none"` | OTel metrics exporter to be used. Set to "prometheus" to export metrics in Prometheus format. If set to "prometheus", it's recommended to set METRICS_SCRAPE_TIMEOUT_MS=4×scrape_interval. Ref: https://opentelemetry.io/docs/specs/otel/configuration/sdk-environment-variables/ | +| anchors.common-envs[0].OTEL_METRIC_EXPORT_INTERVAL | string | `"10000"` | The time interval (in milliseconds) between the start of two export attempts for push metric exporters, such as "otlp". Ref: https://opentelemetry.io/docs/specs/otel/configuration/sdk-environment-variables/ | +| anchors.common-envs[0].OTEL_METRIC_EXPORT_TIMEOUT | string | `"5000"` | Maximum allowed time (in milliseconds) to export data for push metric exporters, such as "otlp". Ref: https://opentelemetry.io/docs/specs/otel/configuration/sdk-environment-variables/ | +| anchors.common-envs[0].OTEL_SEMCONV_STABILITY_OPT_IN | string | `"http"` | Emit the stable HTTP and networking OTel conventions if CF_TELEMETRY_OTEL_ALLOW_HTTP_INSTRUMENTATION=true. | +| anchors.common-envs[0].OTEL_TRACES_EXPORTER | string | `"none"` | OTel traces exporter to be used. Ref: https://opentelemetry.io/docs/specs/otel/configuration/sdk-environment-variables/ | +| anchors.common-envs[0].OTEL_TRACES_SAMPLER | string | `"parentbased_always_on"` | OTel sampler to be used for traces. Ref: https://opentelemetry.io/docs/specs/otel/configuration/sdk-environment-variables/ | | app-proxy.affinity | object | `{}` | | | app-proxy.config.argoCdUrl | string | `nil` | ArgoCD Url. determined by chart logic. Do not change unless you are certain you need to | | app-proxy.config.argoCdUsername | string | `""` | deprecated. use `global.external-argo-cd.auth.username` instead | @@ -492,17 +504,38 @@ global: | app-proxy.config.env | string | `"production"` | | | app-proxy.config.logLevel | string | `"info"` | Log Level | | app-proxy.config.skipGitPermissionValidation | string | `"false"` | Skit git permissions validation | -| app-proxy.env | object | `{}` | | +| app-proxy.env.<<[0].OTEL_EXPORTER_OTLP_COMPRESSION | string | `"gzip"` | Specifies the compression algorithm to be used for all telemetry data. Ref: https://opentelemetry.io/docs/specs/otel/protocol/exporter/ | +| app-proxy.env.<<[0].OTEL_EXPORTER_OTLP_ENDPOINT | string | `"http://localhost:4317"` | Base endpoint URL for all OpenTelemetry signals. Ref: https://opentelemetry.io/docs/languages/sdk-configuration/otlp-exporter/ | +| app-proxy.env.<<[0].OTEL_EXPORTER_OTLP_PROTOCOL | string | `"grpc"` | Specifies the OTLP transport protocol to be used for all telemetry data. Ref: https://opentelemetry.io/docs/languages/sdk-configuration/otlp-exporter/ | +| app-proxy.env.<<[0].OTEL_EXPORTER_PROMETHEUS_HOST | string | `"0.0.0.0"` | Host used by the Prometheus OTel metrics exporter if OTEL_METRICS_EXPORTER=prometheus | +| app-proxy.env.<<[0].OTEL_EXPORTER_PROMETHEUS_PORT | string | `"9464"` | Port used by the Prometheus OTel metrics exporter if OTEL_METRICS_EXPORTER=prometheus | +| app-proxy.env.<<[0].OTEL_LOGS_EXPORTER | string | `"none"` | OTel Logs exporter to be used. Ref: https://opentelemetry.io/docs/specs/otel/configuration/sdk-environment-variables/ | +| app-proxy.env.<<[0].OTEL_METRICS_EXPORTER | string | `"none"` | OTel metrics exporter to be used. Set to "prometheus" to export metrics in Prometheus format. If set to "prometheus", it's recommended to set METRICS_SCRAPE_TIMEOUT_MS=4×scrape_interval. Ref: https://opentelemetry.io/docs/specs/otel/configuration/sdk-environment-variables/ | +| app-proxy.env.<<[0].OTEL_METRIC_EXPORT_INTERVAL | string | `"10000"` | The time interval (in milliseconds) between the start of two export attempts for push metric exporters, such as "otlp". Ref: https://opentelemetry.io/docs/specs/otel/configuration/sdk-environment-variables/ | +| app-proxy.env.<<[0].OTEL_METRIC_EXPORT_TIMEOUT | string | `"5000"` | Maximum allowed time (in milliseconds) to export data for push metric exporters, such as "otlp". Ref: https://opentelemetry.io/docs/specs/otel/configuration/sdk-environment-variables/ | +| app-proxy.env.<<[0].OTEL_SEMCONV_STABILITY_OPT_IN | string | `"http"` | Emit the stable HTTP and networking OTel conventions if CF_TELEMETRY_OTEL_ALLOW_HTTP_INSTRUMENTATION=true. | +| app-proxy.env.<<[0].OTEL_TRACES_EXPORTER | string | `"none"` | OTel traces exporter to be used. Ref: https://opentelemetry.io/docs/specs/otel/configuration/sdk-environment-variables/ | +| app-proxy.env.<<[0].OTEL_TRACES_SAMPLER | string | `"parentbased_always_on"` | OTel sampler to be used for traces. Ref: https://opentelemetry.io/docs/specs/otel/configuration/sdk-environment-variables/ | +| app-proxy.env.CF_TELEMETRY_LOGS_LEVEL | string | `"info"` | Level of logging for app-proxy | +| app-proxy.env.CF_TELEMETRY_LOGS_LEVEL_HTTP | string | `"debug"` | Level for logging HTTP requests | +| app-proxy.env.CF_TELEMETRY_OTEL_ALLOW_HTTP_INSTRUMENTATION | string | `"false"` | Enable OTel HTTP instrumentation. Make sure to sanitize `url.full` and `url.query` span attributes on collector before enabling this flag, as it may contain sensitive information. | +| app-proxy.env.CF_TELEMETRY_OTEL_ENABLE | string | `"false"` | Enable OpenTelemetry signals (logs, metrics, traces) | +| app-proxy.env.CF_TELEMETRY_PROMETHEUS_ENABLE | string | `"false"` | Enable Prometheus server | +| app-proxy.env.CF_TELEMETRY_PROMETHEUS_ENABLE_PROCESS_METRICS | string | `"false"` | Enable collecting process metrics | +| app-proxy.env.CF_TELEMETRY_PROMETHEUS_HOST | string | `"0.0.0.0"` | Host for Prometheus metrics server | +| app-proxy.env.CF_TELEMETRY_PROMETHEUS_PORT | string | `"9100"` | Port for Prometheus metrics server | +| app-proxy.env.CF_TELEMETRY_PYROSCOPE_ENABLE | string | `"false"` | Enable Pyroscope profiling. If enabled, the Pyroscope server address must be set in PYROSCOPE_SERVER_ADDRESS. | +| app-proxy.env.PYROSCOPE_SERVER_ADDRESS | string | `""` | Pyroscope server address | | app-proxy.extraVolumeMounts | list | `[]` | Extra volume mounts for main container | | app-proxy.extraVolumes | list | `[]` | extra volumes | | app-proxy.fullnameOverride | string | `"cap-app-proxy"` | | -| app-proxy.image-enrichment | object | `{"config":{"clientHeartbeatIntervalInSeconds":5,"concurrencyCmKey":"imageReportExecutor","concurrencyCmName":"workflow-synchronization-semaphores","images":{"gitEnrichment":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-image-enricher-git-info","tag":"1.1.17-main"},"jiraEnrichment":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-image-enricher-jira-info","tag":"1.1.17-main"},"reportImage":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-report-image-info","tag":"1.1.17-main"}},"podGcStrategy":"OnWorkflowCompletion","ttlActiveInSeconds":900,"ttlAfterCompletionInSeconds":86400},"enabled":true,"serviceAccount":{"annotations":null,"create":true,"name":"codefresh-image-enrichment-sa"}}` | Image enrichment process configuration | -| app-proxy.image-enrichment.config | object | `{"clientHeartbeatIntervalInSeconds":5,"concurrencyCmKey":"imageReportExecutor","concurrencyCmName":"workflow-synchronization-semaphores","images":{"gitEnrichment":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-image-enricher-git-info","tag":"1.1.17-main"},"jiraEnrichment":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-image-enricher-jira-info","tag":"1.1.17-main"},"reportImage":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-report-image-info","tag":"1.1.17-main"}},"podGcStrategy":"OnWorkflowCompletion","ttlActiveInSeconds":900,"ttlAfterCompletionInSeconds":86400}` | Configurations for image enrichment workflow | +| app-proxy.image-enrichment | object | `{"config":{"clientHeartbeatIntervalInSeconds":5,"concurrencyCmKey":"imageReportExecutor","concurrencyCmName":"workflow-synchronization-semaphores","images":{"gitEnrichment":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-image-enricher-git-info","tag":"1.1.20-main"},"jiraEnrichment":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-image-enricher-jira-info","tag":"1.1.20-main"},"reportImage":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-report-image-info","tag":"1.1.20-main"}},"podGcStrategy":"OnWorkflowCompletion","ttlActiveInSeconds":900,"ttlAfterCompletionInSeconds":86400},"enabled":true,"serviceAccount":{"annotations":null,"create":true,"name":"codefresh-image-enrichment-sa"}}` | Image enrichment process configuration | +| app-proxy.image-enrichment.config | object | `{"clientHeartbeatIntervalInSeconds":5,"concurrencyCmKey":"imageReportExecutor","concurrencyCmName":"workflow-synchronization-semaphores","images":{"gitEnrichment":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-image-enricher-git-info","tag":"1.1.20-main"},"jiraEnrichment":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-image-enricher-jira-info","tag":"1.1.20-main"},"reportImage":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-report-image-info","tag":"1.1.20-main"}},"podGcStrategy":"OnWorkflowCompletion","ttlActiveInSeconds":900,"ttlAfterCompletionInSeconds":86400}` | Configurations for image enrichment workflow | | app-proxy.image-enrichment.config.clientHeartbeatIntervalInSeconds | int | `5` | Client heartbeat interval in seconds for image enrichemnt workflow | | app-proxy.image-enrichment.config.concurrencyCmKey | string | `"imageReportExecutor"` | The name of the key in the configmap to use as synchronization semaphore | | app-proxy.image-enrichment.config.concurrencyCmName | string | `"workflow-synchronization-semaphores"` | The name of the configmap to use as synchronization semaphore, see https://argoproj.github.io/argo-workflows/synchronization/ | -| app-proxy.image-enrichment.config.images | object | `{"gitEnrichment":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-image-enricher-git-info","tag":"1.1.17-main"},"jiraEnrichment":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-image-enricher-jira-info","tag":"1.1.17-main"},"reportImage":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-report-image-info","tag":"1.1.17-main"}}` | Enrichemnt images | -| app-proxy.image-enrichment.config.images.reportImage | object | `{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-report-image-info","tag":"1.1.17-main"}` | Report image enrichment task image | +| app-proxy.image-enrichment.config.images | object | `{"gitEnrichment":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-image-enricher-git-info","tag":"1.1.20-main"},"jiraEnrichment":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-image-enricher-jira-info","tag":"1.1.20-main"},"reportImage":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-report-image-info","tag":"1.1.20-main"}}` | Enrichemnt images | +| app-proxy.image-enrichment.config.images.reportImage | object | `{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-report-image-info","tag":"1.1.20-main"}` | Report image enrichment task image | | app-proxy.image-enrichment.config.podGcStrategy | string | `"OnWorkflowCompletion"` | Pod grabage collection strategy. By default all pods will be deleted when the enrichment workflow completes. | | app-proxy.image-enrichment.config.ttlActiveInSeconds | int | `900` | Maximum allowed runtime for the enrichment workflow | | app-proxy.image-enrichment.config.ttlAfterCompletionInSeconds | int | `86400` | Number of seconds to live after completion | @@ -513,14 +546,14 @@ global: | app-proxy.image-enrichment.serviceAccount.name | string | `"codefresh-image-enrichment-sa"` | Name of the service account to create or the name of the existing one to use | | app-proxy.image.pullPolicy | string | `"IfNotPresent"` | | | app-proxy.image.repository | string | `"quay.io/codefresh/cap-app-proxy"` | | -| app-proxy.image.tag | string | `"1.3883.0"` | | +| app-proxy.image.tag | string | `"1.4018.0"` | | | app-proxy.imagePullSecrets | list | `[]` | | | app-proxy.initContainer.command[0] | string | `"./init.sh"` | | | app-proxy.initContainer.env | object | `{}` | | | app-proxy.initContainer.extraVolumeMounts | list | `[]` | Extra volume mounts for init container | | app-proxy.initContainer.image.pullPolicy | string | `"IfNotPresent"` | | | app-proxy.initContainer.image.repository | string | `"quay.io/codefresh/cap-app-proxy-init"` | | -| app-proxy.initContainer.image.tag | string | `"1.3883.0"` | | +| app-proxy.initContainer.image.tag | string | `"1.4018.0"` | | | app-proxy.initContainer.resources.limits | object | `{}` | | | app-proxy.initContainer.resources.requests.cpu | string | `"0.2"` | | | app-proxy.initContainer.resources.requests.memory | string | `"256Mi"` | | @@ -583,8 +616,9 @@ global: | argo-cd.configs.cm."timeout.reconciliation" | string | `"20s"` | | | argo-cd.configs.params."application.namespaces" | string | `"cf-*"` | | | argo-cd.configs.params."server.insecure" | bool | `true` | | +| argo-cd.controller.statefulsetAnnotations."argocd.argoproj.io/sync-options" | string | `"Delete=false"` | | | argo-cd.enabled | bool | `true` | | -| argo-cd.fullnameOverride | string | `"argocd"` | | +| argo-cd.fullnameOverride | string | `"argo-cd"` | | | argo-cd.notifications.enabled | bool | `false` | | | argo-cd.redis-ha.image.repository | string | `"ecr-public.aws.com/docker/library/redis"` | Redis repository | | argo-cd.redis-ha.image.tag | string | `"8.2.2-alpine"` | Redis tag | @@ -601,9 +635,9 @@ global: | argo-events.crds.install | bool | `false` | | | argo-events.enabled | bool | `true` | | | argo-events.fullnameOverride | string | `"argo-events"` | | -| argo-gateway | object | `{"affinity":{},"hpa":{"enabled":true,"maxReplicas":10,"minReplicas":1,"targetCPUUtilizationPercentage":70},"image":{"registry":"quay.io","repository":"codefresh/cf-argocd-extras","tag":"d4fefcb"},"livenessProbe":{"failureThreshold":3,"initialDelaySeconds":10,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":10},"nodeSelector":{},"pdb":{"enabled":true,"maxUnavailable":"","minAvailable":"50%"},"readinessProbe":{"failureThreshold":3,"initialDelaySeconds":10,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":10},"resources":{"requests":{"cpu":"100m","memory":"128Mi"}},"service":{"type":"ClusterIP"},"serviceAccount":{"create":true},"serviceMonitor":{"enabled":false,"interval":"30s","labels":{},"scrapeTimeout":"10s"},"tolerations":[]}` | Argo Gateway Argo Gateway is used to perform operations on ArgoCD from Codefresh platform | +| argo-gateway | object | `{"affinity":{},"hpa":{"enabled":true,"maxReplicas":10,"minReplicas":1,"targetCPUUtilizationPercentage":70},"image":{"registry":"quay.io","repository":"codefresh/cf-argocd-extras","tag":"bc37d62"},"livenessProbe":{"failureThreshold":3,"initialDelaySeconds":10,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":10},"nodeSelector":{},"pdb":{"enabled":true,"maxUnavailable":"","minAvailable":"50%"},"readinessProbe":{"failureThreshold":3,"initialDelaySeconds":10,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":10},"resources":{"requests":{"cpu":"100m","memory":"128Mi"}},"service":{"type":"ClusterIP"},"serviceAccount":{"create":true},"serviceMonitor":{"enabled":false,"interval":"30s","labels":{},"scrapeTimeout":"10s"},"tolerations":[]}` | Argo Gateway Argo Gateway is used to perform operations on ArgoCD from Codefresh platform | | argo-rollouts.controller.replicas | int | `1` | | -| argo-rollouts.enabled | bool | `true` | | +| argo-rollouts.enabled | bool | `false` | | | argo-rollouts.fullnameOverride | string | `"argo-rollouts"` | | | argo-rollouts.installCRDs | bool | `true` | | | argo-workflows.crds.install | bool | `true` | Install and upgrade CRDs | @@ -613,11 +647,34 @@ global: | argo-workflows.mainContainer.resources.requests.ephemeral-storage | string | `"10Mi"` | | | argo-workflows.server.authModes | list | `["client"]` | auth-mode needs to be set to client to be able to see workflow logs from Codefresh UI | | argo-workflows.server.baseHref | string | `"/workflows/"` | Do not change. Workflows UI is only accessed through internal router, changing this values will break routing to workflows native UI from Codefresh. | +| argo-workflows.singleNamespace | bool | `true` | Restrict Argo Workflows to operate only in a single namespace (the namespace of the Helm release). This ensures it does not interfere with any other instances of Argo Workflows installed on your cluster. | | codefreshWorkflowLogStoreCM | object | `{"enabled":true,"endpoint":"gitops-workflow-logs.codefresh.io","insecure":false}` | Argo workflows logs storage on Codefresh platform settings. Don't change unless instructed by Codefresh support. | -| event-reporters.cluster-event-reporter | object | `{}` | | -| event-reporters.runtime-event-reporter | object | `{}` | | +| event-reporters.cluster-event-reporter.env.<<[0].OTEL_EXPORTER_OTLP_COMPRESSION | string | `"gzip"` | Specifies the compression algorithm to be used for all telemetry data. Ref: https://opentelemetry.io/docs/specs/otel/protocol/exporter/ | +| event-reporters.cluster-event-reporter.env.<<[0].OTEL_EXPORTER_OTLP_ENDPOINT | string | `"http://localhost:4317"` | Base endpoint URL for all OpenTelemetry signals. Ref: https://opentelemetry.io/docs/languages/sdk-configuration/otlp-exporter/ | +| event-reporters.cluster-event-reporter.env.<<[0].OTEL_EXPORTER_OTLP_PROTOCOL | string | `"grpc"` | Specifies the OTLP transport protocol to be used for all telemetry data. Ref: https://opentelemetry.io/docs/languages/sdk-configuration/otlp-exporter/ | +| event-reporters.cluster-event-reporter.env.<<[0].OTEL_EXPORTER_PROMETHEUS_HOST | string | `"0.0.0.0"` | Host used by the Prometheus OTel metrics exporter if OTEL_METRICS_EXPORTER=prometheus | +| event-reporters.cluster-event-reporter.env.<<[0].OTEL_EXPORTER_PROMETHEUS_PORT | string | `"9464"` | Port used by the Prometheus OTel metrics exporter if OTEL_METRICS_EXPORTER=prometheus | +| event-reporters.cluster-event-reporter.env.<<[0].OTEL_LOGS_EXPORTER | string | `"none"` | OTel Logs exporter to be used. Ref: https://opentelemetry.io/docs/specs/otel/configuration/sdk-environment-variables/ | +| event-reporters.cluster-event-reporter.env.<<[0].OTEL_METRICS_EXPORTER | string | `"none"` | OTel metrics exporter to be used. Set to "prometheus" to export metrics in Prometheus format. If set to "prometheus", it's recommended to set METRICS_SCRAPE_TIMEOUT_MS=4×scrape_interval. Ref: https://opentelemetry.io/docs/specs/otel/configuration/sdk-environment-variables/ | +| event-reporters.cluster-event-reporter.env.<<[0].OTEL_METRIC_EXPORT_INTERVAL | string | `"10000"` | The time interval (in milliseconds) between the start of two export attempts for push metric exporters, such as "otlp". Ref: https://opentelemetry.io/docs/specs/otel/configuration/sdk-environment-variables/ | +| event-reporters.cluster-event-reporter.env.<<[0].OTEL_METRIC_EXPORT_TIMEOUT | string | `"5000"` | Maximum allowed time (in milliseconds) to export data for push metric exporters, such as "otlp". Ref: https://opentelemetry.io/docs/specs/otel/configuration/sdk-environment-variables/ | +| event-reporters.cluster-event-reporter.env.<<[0].OTEL_SEMCONV_STABILITY_OPT_IN | string | `"http"` | Emit the stable HTTP and networking OTel conventions if CF_TELEMETRY_OTEL_ALLOW_HTTP_INSTRUMENTATION=true. | +| event-reporters.cluster-event-reporter.env.<<[0].OTEL_TRACES_EXPORTER | string | `"none"` | OTel traces exporter to be used. Ref: https://opentelemetry.io/docs/specs/otel/configuration/sdk-environment-variables/ | +| event-reporters.cluster-event-reporter.env.<<[0].OTEL_TRACES_SAMPLER | string | `"parentbased_always_on"` | OTel sampler to be used for traces. Ref: https://opentelemetry.io/docs/specs/otel/configuration/sdk-environment-variables/ | +| event-reporters.runtime-event-reporter.env.<<[0].OTEL_EXPORTER_OTLP_COMPRESSION | string | `"gzip"` | Specifies the compression algorithm to be used for all telemetry data. Ref: https://opentelemetry.io/docs/specs/otel/protocol/exporter/ | +| event-reporters.runtime-event-reporter.env.<<[0].OTEL_EXPORTER_OTLP_ENDPOINT | string | `"http://localhost:4317"` | Base endpoint URL for all OpenTelemetry signals. Ref: https://opentelemetry.io/docs/languages/sdk-configuration/otlp-exporter/ | +| event-reporters.runtime-event-reporter.env.<<[0].OTEL_EXPORTER_OTLP_PROTOCOL | string | `"grpc"` | Specifies the OTLP transport protocol to be used for all telemetry data. Ref: https://opentelemetry.io/docs/languages/sdk-configuration/otlp-exporter/ | +| event-reporters.runtime-event-reporter.env.<<[0].OTEL_EXPORTER_PROMETHEUS_HOST | string | `"0.0.0.0"` | Host used by the Prometheus OTel metrics exporter if OTEL_METRICS_EXPORTER=prometheus | +| event-reporters.runtime-event-reporter.env.<<[0].OTEL_EXPORTER_PROMETHEUS_PORT | string | `"9464"` | Port used by the Prometheus OTel metrics exporter if OTEL_METRICS_EXPORTER=prometheus | +| event-reporters.runtime-event-reporter.env.<<[0].OTEL_LOGS_EXPORTER | string | `"none"` | OTel Logs exporter to be used. Ref: https://opentelemetry.io/docs/specs/otel/configuration/sdk-environment-variables/ | +| event-reporters.runtime-event-reporter.env.<<[0].OTEL_METRICS_EXPORTER | string | `"none"` | OTel metrics exporter to be used. Set to "prometheus" to export metrics in Prometheus format. If set to "prometheus", it's recommended to set METRICS_SCRAPE_TIMEOUT_MS=4×scrape_interval. Ref: https://opentelemetry.io/docs/specs/otel/configuration/sdk-environment-variables/ | +| event-reporters.runtime-event-reporter.env.<<[0].OTEL_METRIC_EXPORT_INTERVAL | string | `"10000"` | The time interval (in milliseconds) between the start of two export attempts for push metric exporters, such as "otlp". Ref: https://opentelemetry.io/docs/specs/otel/configuration/sdk-environment-variables/ | +| event-reporters.runtime-event-reporter.env.<<[0].OTEL_METRIC_EXPORT_TIMEOUT | string | `"5000"` | Maximum allowed time (in milliseconds) to export data for push metric exporters, such as "otlp". Ref: https://opentelemetry.io/docs/specs/otel/configuration/sdk-environment-variables/ | +| event-reporters.runtime-event-reporter.env.<<[0].OTEL_SEMCONV_STABILITY_OPT_IN | string | `"http"` | Emit the stable HTTP and networking OTel conventions if CF_TELEMETRY_OTEL_ALLOW_HTTP_INSTRUMENTATION=true. | +| event-reporters.runtime-event-reporter.env.<<[0].OTEL_TRACES_EXPORTER | string | `"none"` | OTel traces exporter to be used. Ref: https://opentelemetry.io/docs/specs/otel/configuration/sdk-environment-variables/ | +| event-reporters.runtime-event-reporter.env.<<[0].OTEL_TRACES_SAMPLER | string | `"parentbased_always_on"` | OTel sampler to be used for traces. Ref: https://opentelemetry.io/docs/specs/otel/configuration/sdk-environment-variables/ | | gitops-operator.affinity | object | `{}` | | -| gitops-operator.config | object | `{"commitStatusPollingInterval":"10s","maxConcurrentReleases":100,"promotionWrapperTemplate":"","taskPollingInterval":"10s","workflowMonitorPollingInterval":"10s"}` | GitOps operator configuration | +| gitops-operator.config | object | `{"commitStatusPollingInterval":"10s","maxConcurrentReleases":100,"maxReconcileRetries":10,"promotionWrapperTemplate":"","taskPollingInterval":"10s","workflowMonitorPollingInterval":"10s"}` | GitOps operator configuration | | gitops-operator.config.commitStatusPollingInterval | string | `"10s"` | Commit status polling interval | | gitops-operator.config.maxConcurrentReleases | int | `100` | Maximum number of concurrent releases being processed by the operator (this will not affect the number of releases being processed by the gitops runtime) | | gitops-operator.config.maxReconcileRetries | int | `10` | Maximum number of reconcile retries on promotion-related resources before failing a promotion task | @@ -630,11 +687,21 @@ global: | gitops-operator.crds.install | bool | `true` | Whether or not to install CRDs | | gitops-operator.crds.keep | bool | `false` | Keep CRDs if gitops runtime release is uninstalled | | gitops-operator.enabled | bool | `true` | | +| gitops-operator.env.<<[0].OTEL_EXPORTER_OTLP_COMPRESSION | string | `"gzip"` | Specifies the compression algorithm to be used for all telemetry data. Ref: https://opentelemetry.io/docs/specs/otel/protocol/exporter/ | +| gitops-operator.env.<<[0].OTEL_EXPORTER_OTLP_ENDPOINT | string | `"http://localhost:4317"` | Base endpoint URL for all OpenTelemetry signals. Ref: https://opentelemetry.io/docs/languages/sdk-configuration/otlp-exporter/ | +| gitops-operator.env.<<[0].OTEL_EXPORTER_OTLP_PROTOCOL | string | `"grpc"` | Specifies the OTLP transport protocol to be used for all telemetry data. Ref: https://opentelemetry.io/docs/languages/sdk-configuration/otlp-exporter/ | +| gitops-operator.env.<<[0].OTEL_EXPORTER_PROMETHEUS_HOST | string | `"0.0.0.0"` | Host used by the Prometheus OTel metrics exporter if OTEL_METRICS_EXPORTER=prometheus | +| gitops-operator.env.<<[0].OTEL_EXPORTER_PROMETHEUS_PORT | string | `"9464"` | Port used by the Prometheus OTel metrics exporter if OTEL_METRICS_EXPORTER=prometheus | +| gitops-operator.env.<<[0].OTEL_LOGS_EXPORTER | string | `"none"` | OTel Logs exporter to be used. Ref: https://opentelemetry.io/docs/specs/otel/configuration/sdk-environment-variables/ | +| gitops-operator.env.<<[0].OTEL_METRICS_EXPORTER | string | `"none"` | OTel metrics exporter to be used. Set to "prometheus" to export metrics in Prometheus format. If set to "prometheus", it's recommended to set METRICS_SCRAPE_TIMEOUT_MS=4×scrape_interval. Ref: https://opentelemetry.io/docs/specs/otel/configuration/sdk-environment-variables/ | +| gitops-operator.env.<<[0].OTEL_METRIC_EXPORT_INTERVAL | string | `"10000"` | The time interval (in milliseconds) between the start of two export attempts for push metric exporters, such as "otlp". Ref: https://opentelemetry.io/docs/specs/otel/configuration/sdk-environment-variables/ | +| gitops-operator.env.<<[0].OTEL_METRIC_EXPORT_TIMEOUT | string | `"5000"` | Maximum allowed time (in milliseconds) to export data for push metric exporters, such as "otlp". Ref: https://opentelemetry.io/docs/specs/otel/configuration/sdk-environment-variables/ | +| gitops-operator.env.<<[0].OTEL_SEMCONV_STABILITY_OPT_IN | string | `"http"` | Emit the stable HTTP and networking OTel conventions if CF_TELEMETRY_OTEL_ALLOW_HTTP_INSTRUMENTATION=true. | +| gitops-operator.env.<<[0].OTEL_TRACES_EXPORTER | string | `"none"` | OTel traces exporter to be used. Ref: https://opentelemetry.io/docs/specs/otel/configuration/sdk-environment-variables/ | +| gitops-operator.env.<<[0].OTEL_TRACES_SAMPLER | string | `"parentbased_always_on"` | OTel sampler to be used for traces. Ref: https://opentelemetry.io/docs/specs/otel/configuration/sdk-environment-variables/ | | gitops-operator.env.GITOPS_OPERATOR_VERSION | string | `"0.11.1"` | | | gitops-operator.fullnameOverride | string | `""` | | -| gitops-operator.image.registry | string | `"quay.io"` | defaults | -| gitops-operator.image.repository | string | `"codefresh/codefresh-gitops-operator"` | | -| gitops-operator.image.tag | string | `"293f24f"` | | +| gitops-operator.image | object | `{"registry":"quay.io","repository":"codefresh/codefresh-gitops-operator","tag":"main-c182bdf"}` | GitOps operator image | | gitops-operator.imagePullSecrets | list | `[]` | | | gitops-operator.nameOverride | string | `""` | | | gitops-operator.nodeSelector | object | `{}` | | @@ -664,7 +731,7 @@ global: | global.codefresh.userToken | object | `{"secretKeyRef":{},"token":""}` | User token. Used for runtime registration against the patform. One of token (for plain text value) or secretKeyRef must be provided. | | global.codefresh.userToken.secretKeyRef | object | `{}` | User token that references an existing secret containing the token. | | global.codefresh.userToken.token | string | `""` | User token in plain text. The chart creates and manages the secret for this token. | -| global.event-reporters | object | `{"affinity":{},"config":{},"image":{"registry":"quay.io","repository":"codefresh/cf-argocd-extras","tag":"d4fefcb"},"livenessProbe":{"failureThreshold":3,"initialDelaySeconds":10,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":10},"nodeSelector":{},"pdb":{"enabled":true,"maxUnavailable":"","minAvailable":"50%"},"readinessProbe":{"failureThreshold":3,"initialDelaySeconds":10,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":10},"replicaCount":2,"resources":{"requests":{"cpu":"100m","memory":"128Mi"}},"service":{"ports":{"http":{"port":8088,"targetPort":8088},"metrics":{"port":8087,"targetPort":8087}},"type":"ClusterIP"},"serviceAccount":{"create":true},"serviceMonitor":{"enabled":false,"interval":"30s","labels":{},"scrapeTimeout":"10s"},"tolerations":[]}` | Global settings for event reporters Event reporters are used for reporting runtime and cluster resources to Codefresh platform | +| global.event-reporters | object | `{"affinity":{},"config":{},"image":{"registry":"quay.io","repository":"codefresh/cf-argocd-extras","tag":"bc37d62"},"livenessProbe":{"failureThreshold":3,"initialDelaySeconds":10,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":10},"nodeSelector":{},"pdb":{"enabled":true,"maxUnavailable":"","minAvailable":"50%"},"readinessProbe":{"failureThreshold":3,"initialDelaySeconds":10,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":10},"replicaCount":2,"resources":{"requests":{"cpu":"100m","memory":"128Mi"}},"service":{"ports":{"http":{"port":8088,"targetPort":8088},"metrics":{"port":8087,"targetPort":8087}},"type":"ClusterIP"},"serviceAccount":{"create":true},"serviceMonitor":{"enabled":false,"interval":"30s","labels":{},"scrapeTimeout":"10s"},"tolerations":[]}` | Global settings for event reporters Event reporters are used for reporting runtime and cluster resources to Codefresh platform | | global.external-argo-rollouts | object | `{"rollout-reporter":{"enabled":false}}` | Configuration for external Argo Rollouts | | global.external-argo-rollouts.rollout-reporter | object | `{"enabled":false}` | Rollout reporter settings | | global.external-argo-rollouts.rollout-reporter.enabled | bool | `false` | Enable or disable rollout reporter Configuration is defined at .Values.event-reporters.rollout | @@ -672,7 +739,7 @@ global: | global.httpsProxy | string | `""` | global HTTPS_PROXY for all components | | global.imageRegistry | string | `""` | | | global.integrations.argo-cd.repoServer.port | int | `8081` | Port of the ArgoCD repo server | -| global.integrations.argo-cd.repoServer.svc | string | `"argocd-repo-server"` | Service name of the ArgoCD repo server | +| global.integrations.argo-cd.repoServer.svc | string | `"argo-cd-repo-server"` | Service name of the ArgoCD repo server | | global.integrations.argo-cd.server.auth | object | `{"password":"","passwordSecretKeyRef":{"key":"password","name":"argocd-initial-admin-secret"},"token":"","tokenSecretKeyRef":{},"type":"password","username":"admin"}` | How GitOps Runtime should authenticate with ArgoCD server | | global.integrations.argo-cd.server.auth.password | string | `""` | ArgoCD password in plain text | | global.integrations.argo-cd.server.auth.passwordSecretKeyRef | object | `{"key":"password","name":"argocd-initial-admin-secret"}` | ArgoCD password referenced by an existing secret | @@ -682,7 +749,7 @@ global: | global.integrations.argo-cd.server.auth.username | string | `"admin"` | ArgoCD username in plain text | | global.integrations.argo-cd.server.port | int | `80` | Port of the ArgoCD server | | global.integrations.argo-cd.server.rootpath | string | `""` | Set if Argo CD is running behind reverse proxy under subpath different from / e.g. rootpath: '/argocd' | -| global.integrations.argo-cd.server.svc | string | `"argocd-server"` | Service name of the ArgoCD server | +| global.integrations.argo-cd.server.svc | string | `"argo-cd-server"` | Service name of the ArgoCD server | | global.noProxy | string | `""` | global NO_PROXY for all components | | global.nodeSelector | object | `{}` | Global nodeSelector for all components | | global.runtime | object | `{"cluster":"https://kubernetes.default.svc","codefreshHosted":false,"gitCredentials":{"password":{"secretKeyRef":{},"value":null},"username":"username"},"ingress":{"annotations":{},"className":"nginx","enabled":false,"hosts":[],"labels":{},"protocol":"https","skipValidation":false,"tls":[]},"ingressUrl":"","isConfigurationRuntime":false,"name":null,"singleNamespace":false}` | Runtime level settings | @@ -738,7 +805,7 @@ global: | internal-router.serviceAccount.create | bool | `true` | | | internal-router.serviceAccount.name | string | `""` | | | internal-router.tolerations | list | `[]` | | -| redis | object | `{"affinity":{},"enabled":true,"env":{},"envFrom":[],"extraArgs":[],"fullnameOverride":"runtime-redis","image":{"registry":"public.ecr.aws","repository":"docker/library/redis","tag":"8.2.1-alpine"},"imagePullSecrets":[],"livenessProbe":{"enabled":true,"failureThreshold":5,"initialDelaySeconds":30,"periodSeconds":15,"successThreshold":1,"timeoutSeconds":15},"metrics":{"enabled":true,"env":{},"envFrom":[],"image":{"registry":"ghcr.io","repository":"oliver006/redis_exporter","tag":"v1.72.1"},"livenessProbe":{"enabled":true,"failureThreshold":5,"initialDelaySeconds":30,"periodSeconds":15,"successThreshold":1,"timeoutSeconds":15},"readinessProbe":{"enabled":true,"failureThreshold":5,"initialDelaySeconds":30,"periodSeconds":15,"successThreshold":1,"timeoutSeconds":15},"resources":{},"serviceMonitor":{"enabled":false}},"nodeSelector":{},"pdb":{"annotations":{},"enabled":false,"labels":{},"maxUnavailable":"","minAvailable":1},"podAnnotations":{},"podLabels":{},"podSecurityContext":{},"readinessProbe":{"enabled":true,"failureThreshold":5,"initialDelaySeconds":30,"periodSeconds":15,"successThreshold":1,"timeoutSeconds":15},"resources":{},"securityContext":{},"service":{"annotations":{},"labels":{},"ports":{"metrics":{"port":9121,"targetPort":9121},"redis":{"port":6379,"targetPort":6379}},"type":"ClusterIP"},"serviceAccount":{"annotations":{},"create":true,"name":""},"tolerations":[],"topologySpreadConstraints":[]}` | Standalone redis deployment Will be replaced by redis-ha subchart when `redis-ha.enabled=true` | +| redis | object | `{"affinity":{},"enabled":false,"env":{},"envFrom":[],"extraArgs":[],"fullnameOverride":"runtime-redis","image":{"registry":"public.ecr.aws","repository":"docker/library/redis","tag":"8.2.1-alpine"},"imagePullSecrets":[],"livenessProbe":{"enabled":true,"failureThreshold":5,"initialDelaySeconds":30,"periodSeconds":15,"successThreshold":1,"timeoutSeconds":15},"metrics":{"enabled":true,"env":{},"envFrom":[],"image":{"registry":"ghcr.io","repository":"oliver006/redis_exporter","tag":"v1.72.1"},"livenessProbe":{"enabled":true,"failureThreshold":5,"initialDelaySeconds":30,"periodSeconds":15,"successThreshold":1,"timeoutSeconds":15},"readinessProbe":{"enabled":true,"failureThreshold":5,"initialDelaySeconds":30,"periodSeconds":15,"successThreshold":1,"timeoutSeconds":15},"resources":{},"serviceMonitor":{"enabled":false}},"nodeSelector":{},"pdb":{"annotations":{},"enabled":false,"labels":{},"maxUnavailable":"","minAvailable":1},"podAnnotations":{},"podLabels":{},"podSecurityContext":{},"readinessProbe":{"enabled":true,"failureThreshold":5,"initialDelaySeconds":30,"periodSeconds":15,"successThreshold":1,"timeoutSeconds":15},"resources":{},"securityContext":{},"service":{"annotations":{},"labels":{},"ports":{"metrics":{"port":9121,"targetPort":9121},"redis":{"port":6379,"targetPort":6379}},"type":"ClusterIP"},"serviceAccount":{"annotations":{},"create":true,"name":""},"tolerations":[],"topologySpreadConstraints":[]}` | Standalone redis deployment Will be replaced by redis-ha subchart when `redis-ha.enabled=true` | | redis-ha | object | `{"additionalAffinities":{},"affinity":"","auth":true,"containerSecurityContext":{"readOnlyRootFilesystem":true},"enabled":false,"existingSecret":"gitops-runtime-redis","exporter":{"enabled":false,"image":"ghcr.io/oliver006/redis_exporter","tag":"v1.69.0"},"fullnameOverride":"runtime-redis-ha","haproxy":{"additionalAffinities":{},"affinity":"","containerSecurityContext":{"readOnlyRootFilesystem":true},"enabled":true,"hardAntiAffinity":true,"metrics":{"enabled":true},"tolerations":[]},"hardAntiAffinity":true,"image":{"repository":"public.ecr.aws/docker/library/redis","tag":"8.2.1-alpine"},"persistentVolume":{"enabled":false},"redis":{"config":{"save":"\"\""},"masterGroupName":"gitops-runtime"},"tolerations":[],"topologySpreadConstraints":{"enabled":false,"maxSkew":"","topologyKey":"","whenUnsatisfiable":""}}` | Redis-HA subchart replaces custom redis deployment when `redis-ha.enabled=true` Ref: https://github.com/DandyDeveloper/charts/blob/master/charts/redis-ha/values.yaml | | redis-ha.additionalAffinities | object | `{}` | Additional affinities to add to the Redis server pods. | | redis-ha.affinity | string | `""` | Assign custom [affinity] rules to the Redis pods. | @@ -765,12 +832,12 @@ global: | redis-ha.redis.config.save | string | `'""'` | Will save the DB if both the given number of seconds and the given number of write operations against the DB occurred. `""` is disabled | | redis-ha.redis.masterGroupName | string | `"gitops-runtime"` | Redis convention for naming the cluster group: must match `^[\\w-\\.]+$` and can be templated | | redis-ha.tolerations | list | `[]` | [Tolerations] for use with node taints for Redis pods. | -| redis-ha.topologySpreadConstraints | object | `{"enabled":false,"maxSkew":"","topologyKey":"","whenUnsatisfiable":""}` | Assign custom [TopologySpreadConstraints] rules to the Redis pods. | +| redis-ha.topologySpreadConstraints | object | `{"enabled":false,"maxSkew":"","topologyKey":"","whenUnsatisfiable":""}` | Assign custom [TopologySpreadConstraints] rules to the Redis pods. # https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ | | redis-ha.topologySpreadConstraints.enabled | bool | `false` | Enable Redis HA topology spread constraints | | redis-ha.topologySpreadConstraints.maxSkew | string | `""` (defaults to `1`) | Max skew of pods tolerated | | redis-ha.topologySpreadConstraints.topologyKey | string | `""` (defaults to `topology.kubernetes.io/zone`) | Topology key for spread | | redis-ha.topologySpreadConstraints.whenUnsatisfiable | string | `""` (defaults to `ScheduleAnyway`) | Enforcement policy, hard or soft | -| redis-secret-init | object | `{"affinity":{},"image":{"registry":"docker.io","repository":"alpine/kubectl","tag":"1.34.1"},"nodeSelector":{},"tolerations":[]}` | Enable hook job to create redis secret | +| redis-secret-init | object | `{"affinity":{},"image":{"registry":"docker.io","repository":"alpine/kubectl","tag":"1.35.0"},"nodeSelector":{},"tolerations":[]}` | Enable hook job to create redis secret | | redis.image | object | `{"registry":"public.ecr.aws","repository":"docker/library/redis","tag":"8.2.1-alpine"}` | Redis image | | redis.metrics | object | `{"enabled":true,"env":{},"envFrom":[],"image":{"registry":"ghcr.io","repository":"oliver006/redis_exporter","tag":"v1.72.1"},"livenessProbe":{"enabled":true,"failureThreshold":5,"initialDelaySeconds":30,"periodSeconds":15,"successThreshold":1,"timeoutSeconds":15},"readinessProbe":{"enabled":true,"failureThreshold":5,"initialDelaySeconds":30,"periodSeconds":15,"successThreshold":1,"timeoutSeconds":15},"resources":{},"serviceMonitor":{"enabled":false}}` | Enable metrics sidecar | | redis.metrics.serviceMonitor | object | `{"enabled":false}` | Enable a prometheus ServiceMonitor | @@ -778,7 +845,19 @@ global: | redis.readinessProbe | object | `{"enabled":true,"failureThreshold":5,"initialDelaySeconds":30,"periodSeconds":15,"successThreshold":1,"timeoutSeconds":15}` | Probes configuration | | redis.service | object | `{"annotations":{},"labels":{},"ports":{"metrics":{"port":9121,"targetPort":9121},"redis":{"port":6379,"targetPort":6379}},"type":"ClusterIP"}` | Service configuration | | redis.serviceAccount | object | `{"annotations":{},"create":true,"name":""}` | Create ServiceAccount for redis | -| sealed-secrets | object | `{"fullnameOverride":"sealed-secrets-controller","image":{"registry":"quay.io","repository":"codefresh/sealed-secrets-controller","tag":"0.32.0"},"keyrenewperiod":"720h","resources":{"limits":{"cpu":"500m","memory":"1Gi"},"requests":{"cpu":"200m","memory":"512Mi"}}}` | --------------------------------------------------------------------------------------------------------------------- | -| tunnel-client | object | `{"affinity":{},"enabled":true,"libraryMode":true,"nodeSelector":{},"tolerations":[],"tunnelServer":{"host":"register-tunnels.cf-cd.com","subdomainHost":"tunnels.cf-cd.com"}}` | Tunnel based runtime. Not supported for on-prem platform. In on-prem use ingress based runtimes. | +| sealed-secrets.fullnameOverride | string | `"sealed-secrets-controller"` | | +| sealed-secrets.image.registry | string | `"quay.io"` | | +| sealed-secrets.image.repository | string | `"codefresh/sealed-secrets-controller"` | | +| sealed-secrets.image.tag | string | `"0.34.0"` | | +| sealed-secrets.keyrenewperiod | string | `"720h"` | | +| sealed-secrets.resources.limits.cpu | string | `"500m"` | | +| sealed-secrets.resources.limits.memory | string | `"1Gi"` | | +| sealed-secrets.resources.requests.cpu | string | `"200m"` | | +| sealed-secrets.resources.requests.memory | string | `"512Mi"` | | +| tunnel-client.affinity | object | `{}` | | | tunnel-client.enabled | bool | `true` | Will only be used if global.runtime.ingress.enabled = false | | tunnel-client.libraryMode | bool | `true` | Do not change this value! Breaks chart logic | +| tunnel-client.nodeSelector | object | `{}` | | +| tunnel-client.tolerations | list | `[]` | | +| tunnel-client.tunnelServer.host | string | `"register-tunnels.cf-cd.com"` | | +| tunnel-client.tunnelServer.subdomainHost | string | `"tunnels.cf-cd.com"` | | diff --git a/charts/gitops-runtime/values.yaml b/charts/gitops-runtime/values.yaml index 1fcefb40f..2d5db025f 100644 --- a/charts/gitops-runtime/values.yaml +++ b/charts/gitops-runtime/values.yaml @@ -242,9 +242,9 @@ installer: nodeSelector: {} tolerations: [] affinity: {} -# ----------------------------------------------------------------------------------------------------------------------- -# Sealed secrets -# ----------------------------------------------------------------------------------------------------------------------- +# ********************************************************************************************************************* +# DOCS: https://artifacthub.io/packages/helm/bitnami-labs/sealed-secrets/2.18.0?modal=values +# ********************************************************************************************************************* sealed-secrets: fullnameOverride: sealed-secrets-controller keyrenewperiod: "720h" @@ -259,9 +259,9 @@ sealed-secrets: requests: cpu: 200m memory: 512Mi -#----------------------------------------------------------------------------------------------------------------------- -# ArgoCD -#----------------------------------------------------------------------------------------------------------------------- +# ********************************************************************************************************************* +# DOCS: https://artifacthub.io/packages/helm/argo/argo-cd/9.3.0?modal=values +# ********************************************************************************************************************* argo-cd: enabled: true fullnameOverride: argo-cd @@ -293,9 +293,9 @@ argo-cd: controller: statefulsetAnnotations: argocd.argoproj.io/sync-options: "Delete=false" -#----------------------------------------------------------------------------------------------------------------------- -# Argo Events -#----------------------------------------------------------------------------------------------------------------------- +# ********************************************************************************************************************* +# DOCS: https://github.com/codefresh-io/argo-helm/blob/argo-events-2.4.9-cap-CR-30841/charts/argo-events +# ********************************************************************************************************************* argo-events: enabled: true fullnameOverride: argo-events @@ -314,9 +314,9 @@ argo-events: metricsExporterImage: natsio/prometheus-nats-exporter:0.17.3 configReloaderImage: natsio/nats-server-config-reloader:0.19.1 startCommand: /nats-server -#----------------------------------------------------------------------------------------------------------------------- -# Argo Workflows -#----------------------------------------------------------------------------------------------------------------------- +# ********************************************************************************************************************* +# DOCS: https://github.com/codefresh-io/argo-helm/blob/argo-workflows-0.45.18-v3.6.7-cap-CR-32333/charts/argo-workflows +# ********************************************************************************************************************* argo-workflows: fullnameOverride: argo enabled: true @@ -347,11 +347,9 @@ codefreshWorkflowLogStoreCM: enabled: true endpoint: gitops-workflow-logs.codefresh.io insecure: false -#----------------------------------------------------------------------------------------------------------------------- -# Argo rollouts -#----------------------------------------------------------------------------------------------------------------------- -# -- Argo Rollouts is deprecated and disabled by default. It will be completely removed in February 2026. -# If you require Argo Rollouts, you can manually override this value to true in your Helm values files. +# ********************************************************************************************************************* +# DOCS: https://github.com/codefresh-io/argo-helm/blob/argo-rollouts-2.37.3-7-v1.7.2-cap-OSS-697/charts/argo-rollouts +# ********************************************************************************************************************* argo-rollouts: enabled: false fullnameOverride: argo-rollouts @@ -433,10 +431,9 @@ internal-router: minAvailable: 1 # -- Set number of pods that are unavailable after eviction as number or percentage maxUnavailable: "" -#----------------------------------------------------------------------------------------------------------------------- -# tunnel client -#----------------------------------------------------------------------------------------------------------------------- -# -- Tunnel based runtime. Not supported for on-prem platform. In on-prem use ingress based runtimes. +# ********************************************************************************************************************* +# DOCS: https://github.com/codefresh-io/codefresh-tunnel-charts/blob/codefresh-tunnel-client-0.1.23-helm/codefresh-tunnel-client/values.yaml +# ********************************************************************************************************************* tunnel-client: # -- Will only be used if global.runtime.ingress.enabled = false enabled: true From d85b4fb31bdd143d25fa51435348917d4843a6c7 Mon Sep 17 00:00:00 2001 From: cf-ci-bot-v2 Date: Mon, 19 Jan 2026 10:57:44 +0000 Subject: [PATCH 02/15] Update Chart.yaml and changelog for 0.27.0 release --- charts/gitops-runtime/Chart.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/charts/gitops-runtime/Chart.yaml b/charts/gitops-runtime/Chart.yaml index 479965900..e08ee59b4 100644 --- a/charts/gitops-runtime/Chart.yaml +++ b/charts/gitops-runtime/Chart.yaml @@ -14,6 +14,8 @@ maintainers: annotations: artifacthub.io/alternativeName: "codefresh-gitops-runtime" artifacthub.io/changes: |- + - kind: changed + description: 'fix: a simple runtime application ends up being out-of-sync (#1052)' - kind: changed description: 'chore: Fix security vulnerabilities for argo-workflows (#1047)' - kind: changed From 5af611a0f67dc43f39fd3b0e4b83f5d3f8788728 Mon Sep 17 00:00:00 2001 From: cf-ci-bot-v2 Date: Wed, 21 Jan 2026 10:11:07 +0000 Subject: [PATCH 03/15] Update Chart.yaml and changelog for 0.27.0 release --- charts/gitops-runtime/Chart.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/charts/gitops-runtime/Chart.yaml b/charts/gitops-runtime/Chart.yaml index e08ee59b4..1f0f505a7 100644 --- a/charts/gitops-runtime/Chart.yaml +++ b/charts/gitops-runtime/Chart.yaml @@ -15,7 +15,9 @@ annotations: artifacthub.io/alternativeName: "codefresh-gitops-runtime" artifacthub.io/changes: |- - kind: changed - description: 'fix: a simple runtime application ends up being out-of-sync (#1052)' + description: 'chore: remove argo-rollouts from gitops-runtime helm chart (#1051)' + - kind: changed + description: 'fix: a simple runtime application ends up being out-of-sync' - kind: changed description: 'chore: Fix security vulnerabilities for argo-workflows (#1047)' - kind: changed From 4bcaa96273d8ecf08ed929428d7e0f8af40a9787 Mon Sep 17 00:00:00 2001 From: Daniel Maizel Date: Wed, 21 Jan 2026 12:19:17 +0200 Subject: [PATCH 04/15] docs: update release notes for 0.27.0 --- charts/gitops-runtime/Chart.yaml | 120 +++++++------------------------ 1 file changed, 24 insertions(+), 96 deletions(-) diff --git a/charts/gitops-runtime/Chart.yaml b/charts/gitops-runtime/Chart.yaml index afe764b57..6a0694829 100644 --- a/charts/gitops-runtime/Chart.yaml +++ b/charts/gitops-runtime/Chart.yaml @@ -14,102 +14,30 @@ maintainers: annotations: artifacthub.io/alternativeName: "codefresh-gitops-runtime" artifacthub.io/changes: |- - - kind: changed - description: 'chore: remove argo-rollouts from gitops-runtime helm chart (#1051)' - - kind: changed - description: 'fix: a simple runtime application ends up being out-of-sync' - - kind: changed - description: 'chore: Fix security vulnerabilities for argo-workflows (#1047)' - - kind: changed - description: 'feat: add automated Slack release notifications (#1045)' - - kind: changed - description: 'feat(app-proxy): support for the confirm deletion/pruning feature of ArgoCD (#1046)' - - kind: changed - description: updated kubectl for redis-secret-init job (#1041) - - kind: changed - description: 'feat: bump app proxy (#1044)' - - kind: changed - description: 'feat(event-reporter): added deleted field to app event payload (#1039)' - - kind: changed - description: updated argo-cd to 3.2.3 (#1037) - - kind: changed - description: 'fix(sealed-secrets-controller): security vulnerabilities CVE-2025-47912, CVE-2025-58181, CVE-2025-58186, CVE-2025-58187, CVE-2025-58188, CVE-2025-58189, CVE-2025-61723, CVE-2025-61724, CVE-2025-61727, CVE-2025-61729 (#1035)' - - kind: changed - description: 'fix(cf-argocd-extras): security vulnerability CVE-2025-58181, CVE-2025-13281, CVE-2025-61727, CVE-2025-61729 (#1032)' - - kind: changed - description: 'feat: bump app proxy (#1031)' - - kind: changed - description: 'docs: add release guide documentation (#1030)' - - kind: changed - description: 'Revert "feat: remove product crd (#997)" (#1029)' - - kind: changed - description: 'fix(codefresh-gitops-operator): security vulnerability CVE-2025-66626 (#1024)' - - kind: changed - description: 'fix(codefresh-tunnel-client): security vulnerabilities CVE-2025-9230, CVE-2025-9231, CVE-2025-9232, CVE-2025-46394, CVE-2024-58251 (#1023)' - - kind: changed - description: 'feat: added support for runtime uninstallation' - - kind: changed - description: updated argo-cd to 3.2.2 (#1019) - - kind: changed - description: 'fix: sync codefresh-gitops-operator image from `stable/0.26` branch with `main` branch (#1010)' - - kind: changed - description: 'fix: security fixes for enrichment images (CVE-2025-64756, CVE-2025-65945, CVE-2025-66031, CVE-2025-12816, CVE-2025-8291, CVE-2025-6075, CVE-2025-12084) (#1011)' - - kind: changed - description: 'fix: update app-proxy image tags to latest version to improve git providers support (#1014)' - - kind: changed - description: 'fix: app-proxy fails to create a Workflow instance (#1008)' - - kind: changed - description: '[cf-argocd-extras]feat: new MRC change revisions annotations support (#1005)' - - kind: changed - description: 'feat: remove product crd (#997)' - - kind: changed - description: 'fix: update app-proxy image tags to latest version 1.3982.0 (#999)' - - kind: changed - description: 'chore(CR-32163): updated cli-v2 for fixing CVE-2024-25621 "github.com/containerd (#993)' - - kind: changed - description: added labeler github action (#971) - - kind: changed - description: Feat/revert-app-proxy-and-operator (#980) - - kind: changed - description: 'fix: update namespace handling in cluster resource reporter (#965)' - - kind: changed - description: 'feat: add latest app version to release index data (#961)' - - kind: changed - description: reset main version back to 0.0.0 (#959) - - kind: changed - description: 'chore: bump cap-app-proxy to 1.3953.0 (#958)' - - kind: changed - description: 'chore: Fix security vulnerabilities for argo-workflows (#948)' - - kind: changed - description: '[gitops-operator]fix: improve integration test coverage of setup code (#949)' - - kind: changed - description: '[gitops-operator]fix: remove git commit statuses (#940)' - - kind: changed - description: 'feat: multi-runtime installation (#939)' - - kind: changed - description: 'fix: update cap-app-proxy image tags to 1.3943.0 (#944)' - - kind: changed - description: 'chore: remove checksum_test' - - kind: changed - description: 'feat: remove codefresh-cm from helm unit tests' - - kind: changed - description: 'feat: checksum annotations (#938)' - - kind: changed - description: 'fix: update REQUIRED_VERSION_CONSTRAINT for Argo CD compatibility (#937)' - - kind: changed - description: '[cf-argocd-extras]chore: update depencencies (argo-cd 3.2) (#928)' - - kind: changed - description: 'feat: add branch data to pullrequest info (#926)' - - kind: changed - description: 'feat: disable runtime redis by default (#927)' - - kind: changed - description: 'feat: disable Argo Rollouts by default and enable namespace-scoped Argo Workflows (#920)' - - kind: changed - description: 'fix: set transient error on app sync failure (#922)' - - kind: changed - description: 'feat: allow running without redis configured (#919)' - - kind: changed - description: 'fix: retry on notFound before updating resource status (#912)' + - kind: added + description: "Support for running without Redis configured (#919)" + - kind: added + description: "Support for runtime uninstallation" + - kind: added + description: "Support for confirm deletion/pruning feature of ArgoCD (#1046)" + - kind: added + description: "New MRC change revisions annotations support (#1005)" + - kind: added + description: "Added deleted field to app event payload in event-reporter (#1039)" + - kind: changed + description: "Updated argo-cd to 3.2.2 (#1019)" + - kind: changed + description: "Updated app-proxy to improve git providers support (#1014)" + - kind: removed + description: "Removed argo-rollouts from gitops-runtime helm chart (#1051)" + - kind: fixed + description: "Set transient error on app sync failure (#922)" + - kind: fixed + description: "Resolved runtime application out-of-sync issue" + - kind: fixed + description: "Removed git commit statuses from gitops-operator (#940)" + - kind: security + description: "Fixed security vulnerabilities for argo-workflows (#1047)" dependencies: - name: argo-cd repository: https://argoproj.github.io/argo-helm From 938892e2bb1983c3f9b07b86f1782ba909ac9ef1 Mon Sep 17 00:00:00 2001 From: Daniel Maizel Date: Wed, 21 Jan 2026 12:24:57 +0200 Subject: [PATCH 05/15] chore: bump appVersion --- charts/gitops-runtime/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/gitops-runtime/Chart.yaml b/charts/gitops-runtime/Chart.yaml index 6a0694829..eba09f3ac 100644 --- a/charts/gitops-runtime/Chart.yaml +++ b/charts/gitops-runtime/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 0.1.72 +appVersion: 0.2.1 description: A Helm chart for Codefresh gitops runtime name: gitops-runtime version: 0.27.0 From eff2b92cdb7061949a9e75076cf153750d6aa26c Mon Sep 17 00:00:00 2001 From: Daniel Maizel Date: Wed, 21 Jan 2026 12:42:35 +0200 Subject: [PATCH 06/15] chore: helm docs --- charts/gitops-runtime/README.md | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/charts/gitops-runtime/README.md b/charts/gitops-runtime/README.md index fc2819d0a..6f79ec19e 100644 --- a/charts/gitops-runtime/README.md +++ b/charts/gitops-runtime/README.md @@ -1,5 +1,5 @@ ## Codefresh gitops runtime -![Version: 0.27.0](https://img.shields.io/badge/Version-0.27.0-informational?style=flat-square) ![AppVersion: 0.1.72](https://img.shields.io/badge/AppVersion-0.1.72-informational?style=flat-square) +![Version: 0.27.0](https://img.shields.io/badge/Version-0.27.0-informational?style=flat-square) ![AppVersion: 0.2.1](https://img.shields.io/badge/AppVersion-0.2.1-informational?style=flat-square) ## Table of Content @@ -800,7 +800,7 @@ global: | redis-ha.redis.config.save | string | `'""'` | Will save the DB if both the given number of seconds and the given number of write operations against the DB occurred. `""` is disabled | | redis-ha.redis.masterGroupName | string | `"gitops-runtime"` | Redis convention for naming the cluster group: must match `^[\\w-\\.]+$` and can be templated | | redis-ha.tolerations | list | `[]` | [Tolerations] for use with node taints for Redis pods. | -| redis-ha.topologySpreadConstraints | object | `{"enabled":false,"maxSkew":"","topologyKey":"","whenUnsatisfiable":""}` | Assign custom [TopologySpreadConstraints] rules to the Redis pods. # https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ | +| redis-ha.topologySpreadConstraints | object | `{"enabled":false,"maxSkew":"","topologyKey":"","whenUnsatisfiable":""}` | Assign custom [TopologySpreadConstraints] rules to the Redis pods. | | redis-ha.topologySpreadConstraints.enabled | bool | `false` | Enable Redis HA topology spread constraints | | redis-ha.topologySpreadConstraints.maxSkew | string | `""` (defaults to `1`) | Max skew of pods tolerated | | redis-ha.topologySpreadConstraints.topologyKey | string | `""` (defaults to `topology.kubernetes.io/zone`) | Topology key for spread | @@ -813,8 +813,16 @@ global: | redis.readinessProbe | object | `{"enabled":true,"failureThreshold":5,"initialDelaySeconds":30,"periodSeconds":15,"successThreshold":1,"timeoutSeconds":15}` | Probes configuration | | redis.service | object | `{"annotations":{},"labels":{},"ports":{"metrics":{"port":9121,"targetPort":9121},"redis":{"port":6379,"targetPort":6379}},"type":"ClusterIP"}` | Service configuration | | redis.serviceAccount | object | `{"annotations":{},"create":true,"name":""}` | Create ServiceAccount for redis | -| sealed-secrets | object | `{"fullnameOverride":"sealed-secrets-controller","image":{"registry":"quay.io","repository":"codefresh/sealed-secrets-controller","tag":"0.34.0"},"keyrenewperiod":"720h","resources":{"limits":{"cpu":"500m","memory":"1Gi"},"requests":{"cpu":"200m","memory":"512Mi"}}}` | --------------------------------------------------------------------------------------------------------------------- | -| tunnel-client | object | `{"affinity":{},"enabled":true,"libraryMode":true,"nodeSelector":{},"tolerations":[],"tunnelServer":{"host":"register-tunnels.cf-cd.com","subdomainHost":"tunnels.cf-cd.com"}}` | Tunnel based runtime. Not supported for on-prem platform. In on-prem use ingress based runtimes. | +| sealed-secrets.fullnameOverride | string | `"sealed-secrets-controller"` | | +| sealed-secrets.image.registry | string | `"quay.io"` | | +| sealed-secrets.image.repository | string | `"codefresh/sealed-secrets-controller"` | | +| sealed-secrets.image.tag | string | `"0.34.0"` | | +| sealed-secrets.keyrenewperiod | string | `"720h"` | | +| sealed-secrets.resources.limits.cpu | string | `"500m"` | | +| sealed-secrets.resources.limits.memory | string | `"1Gi"` | | +| sealed-secrets.resources.requests.cpu | string | `"200m"` | | +| sealed-secrets.resources.requests.memory | string | `"512Mi"` | | +| tunnel-client.affinity | object | `{}` | | | tunnel-client.enabled | bool | `true` | Will only be used if global.runtime.ingress.enabled = false | | tunnel-client.libraryMode | bool | `true` | Do not change this value! Breaks chart logic | | tunnel-client.nodeSelector | object | `{}` | | From d2d8faa2aa0998f7b6478707172fcf1edbeaae0f Mon Sep 17 00:00:00 2001 From: Daniel Maizel Date: Wed, 21 Jan 2026 13:15:36 +0200 Subject: [PATCH 07/15] docs: update release notes for 0.27.0 --- charts/gitops-runtime/Chart.yaml | 24 +++++++++++++----------- 1 file changed, 13 insertions(+), 11 deletions(-) diff --git a/charts/gitops-runtime/Chart.yaml b/charts/gitops-runtime/Chart.yaml index eba09f3ac..41227e40c 100644 --- a/charts/gitops-runtime/Chart.yaml +++ b/charts/gitops-runtime/Chart.yaml @@ -15,29 +15,31 @@ annotations: artifacthub.io/alternativeName: "codefresh-gitops-runtime" artifacthub.io/changes: |- - kind: added - description: "Support for running without Redis configured (#919)" + description: "Support for running without Redis configured" - kind: added description: "Support for runtime uninstallation" - kind: added - description: "Support for confirm deletion/pruning feature of ArgoCD (#1046)" + description: "Support for confirm deletion/pruning feature of ArgoCD" - kind: added - description: "New MRC change revisions annotations support (#1005)" + description: "New MRC change revisions annotations support" - kind: added - description: "Added deleted field to app event payload in event-reporter (#1039)" + description: "Added deleted field to app event payload in event-reporter" + - kind: added + description: "Automated Slack release notifications" - kind: changed - description: "Updated argo-cd to 3.2.2 (#1019)" + description: "Upgraded ArgoCD to version 3.2.2" - kind: changed - description: "Updated app-proxy to improve git providers support (#1014)" + description: "Updated app-proxy to version 1.3982.0 with improved git providers support including Bitbucket, Bitbucket Server, and GitLab for the runtime installation wizard" - kind: removed - description: "Removed argo-rollouts from gitops-runtime helm chart (#1051)" + description: "Removed argo-rollouts from gitops-runtime helm chart" - kind: fixed - description: "Set transient error on app sync failure (#922)" + description: "Set transient error on app sync failure" - kind: fixed - description: "Resolved runtime application out-of-sync issue" + description: "Fixed runtime application out-of-sync issue" - kind: fixed - description: "Removed git commit statuses from gitops-operator (#940)" + description: "Removed git commit statuses from gitops-operator" - kind: security - description: "Fixed security vulnerabilities for argo-workflows (#1047)" + description: "Fixed security vulnerabilities in argo-workflows" dependencies: - name: argo-cd repository: https://argoproj.github.io/argo-helm From 30fccb522d155eb0eed8df5d3712e65260a94cab Mon Sep 17 00:00:00 2001 From: Daniel Maizel Date: Wed, 21 Jan 2026 13:19:56 +0200 Subject: [PATCH 08/15] docs: update release notes for 0.27.0 --- charts/gitops-runtime/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/gitops-runtime/Chart.yaml b/charts/gitops-runtime/Chart.yaml index 41227e40c..6047411cc 100644 --- a/charts/gitops-runtime/Chart.yaml +++ b/charts/gitops-runtime/Chart.yaml @@ -29,7 +29,7 @@ annotations: - kind: changed description: "Upgraded ArgoCD to version 3.2.2" - kind: changed - description: "Updated app-proxy to version 1.3982.0 with improved git providers support including Bitbucket, Bitbucket Server, and GitLab for the runtime installation wizard" + description: "Updated app-proxy with improved git providers support including Bitbucket, Bitbucket Server, and GitLab for the runtime installation wizard" - kind: removed description: "Removed argo-rollouts from gitops-runtime helm chart" - kind: fixed From aa586f4086a639475752a64c1cf5f5b6d576cd53 Mon Sep 17 00:00:00 2001 From: Daniel Maizel Date: Wed, 21 Jan 2026 13:21:04 +0200 Subject: [PATCH 09/15] docs: update release notes for 0.27.0 From 6e14c7a757b279ea6dabccdfdceaf7ef67a4c55c Mon Sep 17 00:00:00 2001 From: Daniel Maizel Date: Wed, 21 Jan 2026 13:25:47 +0200 Subject: [PATCH 10/15] docs: update release notes for 0.27.0 From 40e3fba4025220bd303c6cc63eb0daa39ada95ec Mon Sep 17 00:00:00 2001 From: Daniel Maizel Date: Wed, 21 Jan 2026 13:39:31 +0200 Subject: [PATCH 11/15] From bf097f8ad7de172ae31dac25dc0d377d876ba603 Mon Sep 17 00:00:00 2001 From: Daniel Maizel Date: Wed, 21 Jan 2026 13:54:28 +0200 Subject: [PATCH 12/15] chore: fix helm docs --- charts/gitops-runtime/README.md | 2 +- charts/gitops-runtime/values.yaml | 3 +-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/charts/gitops-runtime/README.md b/charts/gitops-runtime/README.md index 6f79ec19e..eb6565f50 100644 --- a/charts/gitops-runtime/README.md +++ b/charts/gitops-runtime/README.md @@ -800,7 +800,7 @@ global: | redis-ha.redis.config.save | string | `'""'` | Will save the DB if both the given number of seconds and the given number of write operations against the DB occurred. `""` is disabled | | redis-ha.redis.masterGroupName | string | `"gitops-runtime"` | Redis convention for naming the cluster group: must match `^[\\w-\\.]+$` and can be templated | | redis-ha.tolerations | list | `[]` | [Tolerations] for use with node taints for Redis pods. | -| redis-ha.topologySpreadConstraints | object | `{"enabled":false,"maxSkew":"","topologyKey":"","whenUnsatisfiable":""}` | Assign custom [TopologySpreadConstraints] rules to the Redis pods. | +| redis-ha.topologySpreadConstraints | object | `{"enabled":false,"maxSkew":"","topologyKey":"","whenUnsatisfiable":""}` | Assign custom [TopologySpreadConstraints](https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/) rules to the Redis pods. | | redis-ha.topologySpreadConstraints.enabled | bool | `false` | Enable Redis HA topology spread constraints | | redis-ha.topologySpreadConstraints.maxSkew | string | `""` (defaults to `1`) | Max skew of pods tolerated | | redis-ha.topologySpreadConstraints.topologyKey | string | `""` (defaults to `topology.kubernetes.io/zone`) | Topology key for spread | diff --git a/charts/gitops-runtime/values.yaml b/charts/gitops-runtime/values.yaml index 74bdd5486..249686715 100644 --- a/charts/gitops-runtime/values.yaml +++ b/charts/gitops-runtime/values.yaml @@ -910,8 +910,7 @@ redis-ha: affinity: "" # -- [Tolerations] for use with node taints for Redis pods. tolerations: [] - # -- Assign custom [TopologySpreadConstraints] rules to the Redis pods. - ## https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ + # -- Assign custom [TopologySpreadConstraints](https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/) rules to the Redis pods. topologySpreadConstraints: # -- Enable Redis HA topology spread constraints enabled: false From 2ed5083d9d07a5b6443c514b3815957b04cff871 Mon Sep 17 00:00:00 2001 From: cf-ci-bot-v2 Date: Thu, 22 Jan 2026 15:57:07 +0000 Subject: [PATCH 13/15] Update Chart.yaml and changelog for 0.27.0 release --- charts/gitops-runtime/Chart.yaml | 126 ++++++++++++++++++++++++------- 1 file changed, 100 insertions(+), 26 deletions(-) diff --git a/charts/gitops-runtime/Chart.yaml b/charts/gitops-runtime/Chart.yaml index 33b50292e..a08c4373b 100644 --- a/charts/gitops-runtime/Chart.yaml +++ b/charts/gitops-runtime/Chart.yaml @@ -14,32 +14,106 @@ maintainers: annotations: artifacthub.io/alternativeName: "codefresh-gitops-runtime" artifacthub.io/changes: |- - - kind: added - description: "Support for running without Redis configured" - - kind: added - description: "Support for runtime uninstallation" - - kind: added - description: "Support for confirm deletion/pruning feature of ArgoCD" - - kind: added - description: "New MRC change revisions annotations support" - - kind: added - description: "Added deleted field to app event payload in event-reporter" - - kind: added - description: "Automated Slack release notifications" - - kind: changed - description: "Upgraded ArgoCD to version 3.2.2" - - kind: changed - description: "Updated app-proxy with improved git providers support including Bitbucket, Bitbucket Server, and GitLab for the runtime installation wizard" - - kind: removed - description: "Removed argo-rollouts from gitops-runtime helm chart" - - kind: fixed - description: "Set transient error on app sync failure" - - kind: fixed - description: "Fixed runtime application out-of-sync issue" - - kind: fixed - description: "Removed git commit statuses from gitops-operator" - - kind: security - description: "Fixed security vulnerabilities in argo-workflows" + - kind: changed + description: 'fix(enrichment-images): security vulnerabilities CVE-2025-66030, CVE-2025-15284, CVE-2025-14104, CVE-2025-66382, CVE-2025-13836 and CVE-2025-13837 (#1065)' + - kind: changed + description: 'chore: cherry-pick remove argo-events controller to stable/0.27 (#1062)' + - kind: changed + description: 'chore: remove argo-rollouts from gitops-runtime helm chart (#1051)' + - kind: changed + description: 'fix: a simple runtime application ends up being out-of-sync' + - kind: changed + description: 'chore: Fix security vulnerabilities for argo-workflows (#1047)' + - kind: changed + description: 'feat: add automated Slack release notifications (#1045)' + - kind: changed + description: 'feat(app-proxy): support for the confirm deletion/pruning feature of ArgoCD (#1046)' + - kind: changed + description: updated kubectl for redis-secret-init job (#1041) + - kind: changed + description: 'feat: bump app proxy (#1044)' + - kind: changed + description: 'feat(event-reporter): added deleted field to app event payload (#1039)' + - kind: changed + description: updated argo-cd to 3.2.3 (#1037) + - kind: changed + description: 'fix(sealed-secrets-controller): security vulnerabilities CVE-2025-47912, CVE-2025-58181, CVE-2025-58186, CVE-2025-58187, CVE-2025-58188, CVE-2025-58189, CVE-2025-61723, CVE-2025-61724, CVE-2025-61727, CVE-2025-61729 (#1035)' + - kind: changed + description: 'fix(cf-argocd-extras): security vulnerability CVE-2025-58181, CVE-2025-13281, CVE-2025-61727, CVE-2025-61729 (#1032)' + - kind: changed + description: 'feat: bump app proxy (#1031)' + - kind: changed + description: 'docs: add release guide documentation (#1030)' + - kind: changed + description: 'Revert "feat: remove product crd (#997)" (#1029)' + - kind: changed + description: 'fix(codefresh-gitops-operator): security vulnerability CVE-2025-66626 (#1024)' + - kind: changed + description: 'fix(codefresh-tunnel-client): security vulnerabilities CVE-2025-9230, CVE-2025-9231, CVE-2025-9232, CVE-2025-46394, CVE-2024-58251 (#1023)' + - kind: changed + description: 'feat: added support for runtime uninstallation' + - kind: changed + description: updated argo-cd to 3.2.2 (#1019) + - kind: changed + description: 'fix: sync codefresh-gitops-operator image from `stable/0.26` branch with `main` branch (#1010)' + - kind: changed + description: 'fix: security fixes for enrichment images (CVE-2025-64756, CVE-2025-65945, CVE-2025-66031, CVE-2025-12816, CVE-2025-8291, CVE-2025-6075, CVE-2025-12084) (#1011)' + - kind: changed + description: 'fix: update app-proxy image tags to latest version to improve git providers support (#1014)' + - kind: changed + description: 'fix: app-proxy fails to create a Workflow instance (#1008)' + - kind: changed + description: '[cf-argocd-extras]feat: new MRC change revisions annotations support (#1005)' + - kind: changed + description: 'feat: remove product crd (#997)' + - kind: changed + description: 'fix: update app-proxy image tags to latest version 1.3982.0 (#999)' + - kind: changed + description: 'chore(CR-32163): updated cli-v2 for fixing CVE-2024-25621 "github.com/containerd (#993)' + - kind: changed + description: added labeler github action (#971) + - kind: changed + description: Feat/revert-app-proxy-and-operator (#980) + - kind: changed + description: 'fix: update namespace handling in cluster resource reporter (#965)' + - kind: changed + description: 'feat: add latest app version to release index data (#961)' + - kind: changed + description: reset main version back to 0.0.0 (#959) + - kind: changed + description: 'chore: bump cap-app-proxy to 1.3953.0 (#958)' + - kind: changed + description: 'chore: Fix security vulnerabilities for argo-workflows (#948)' + - kind: changed + description: '[gitops-operator]fix: improve integration test coverage of setup code (#949)' + - kind: changed + description: '[gitops-operator]fix: remove git commit statuses (#940)' + - kind: changed + description: 'feat: multi-runtime installation (#939)' + - kind: changed + description: 'fix: update cap-app-proxy image tags to 1.3943.0 (#944)' + - kind: changed + description: 'chore: remove checksum_test' + - kind: changed + description: 'feat: remove codefresh-cm from helm unit tests' + - kind: changed + description: 'feat: checksum annotations (#938)' + - kind: changed + description: 'fix: update REQUIRED_VERSION_CONSTRAINT for Argo CD compatibility (#937)' + - kind: changed + description: '[cf-argocd-extras]chore: update depencencies (argo-cd 3.2) (#928)' + - kind: changed + description: 'feat: add branch data to pullrequest info (#926)' + - kind: changed + description: 'feat: disable runtime redis by default (#927)' + - kind: changed + description: 'feat: disable Argo Rollouts by default and enable namespace-scoped Argo Workflows (#920)' + - kind: changed + description: 'fix: set transient error on app sync failure (#922)' + - kind: changed + description: 'feat: allow running without redis configured (#919)' + - kind: changed + description: 'fix: retry on notFound before updating resource status (#912)' dependencies: - name: argo-cd repository: https://argoproj.github.io/argo-helm From 30e48f379e0b9e1a6e080bda97726c00de8f2306 Mon Sep 17 00:00:00 2001 From: Daniel Maizel Date: Mon, 26 Jan 2026 11:28:21 +0200 Subject: [PATCH 14/15] chore: fix helm docs --- charts/gitops-runtime/README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/gitops-runtime/README.md b/charts/gitops-runtime/README.md index 5c32e58cb..5fc9f8ffb 100644 --- a/charts/gitops-runtime/README.md +++ b/charts/gitops-runtime/README.md @@ -494,13 +494,13 @@ global: | app-proxy.extraVolumeMounts | list | `[]` | Extra volume mounts for main container | | app-proxy.extraVolumes | list | `[]` | extra volumes | | app-proxy.fullnameOverride | string | `"cap-app-proxy"` | | -| app-proxy.image-enrichment | object | `{"config":{"clientHeartbeatIntervalInSeconds":5,"concurrencyCmKey":"imageReportExecutor","concurrencyCmName":"workflow-synchronization-semaphores","images":{"gitEnrichment":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-image-enricher-git-info","tag":"1.1.20-main"},"jiraEnrichment":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-image-enricher-jira-info","tag":"1.1.20-main"},"reportImage":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-report-image-info","tag":"1.1.20-main"}},"podGcStrategy":"OnWorkflowCompletion","ttlActiveInSeconds":900,"ttlAfterCompletionInSeconds":86400},"enabled":true,"serviceAccount":{"annotations":null,"create":true,"name":"codefresh-image-enrichment-sa"}}` | Image enrichment process configuration | -| app-proxy.image-enrichment.config | object | `{"clientHeartbeatIntervalInSeconds":5,"concurrencyCmKey":"imageReportExecutor","concurrencyCmName":"workflow-synchronization-semaphores","images":{"gitEnrichment":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-image-enricher-git-info","tag":"1.1.20-main"},"jiraEnrichment":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-image-enricher-jira-info","tag":"1.1.20-main"},"reportImage":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-report-image-info","tag":"1.1.20-main"}},"podGcStrategy":"OnWorkflowCompletion","ttlActiveInSeconds":900,"ttlAfterCompletionInSeconds":86400}` | Configurations for image enrichment workflow | +| app-proxy.image-enrichment | object | `{"config":{"clientHeartbeatIntervalInSeconds":5,"concurrencyCmKey":"imageReportExecutor","concurrencyCmName":"workflow-synchronization-semaphores","images":{"gitEnrichment":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-image-enricher-git-info","tag":"1.1.21-main"},"jiraEnrichment":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-image-enricher-jira-info","tag":"1.1.21-main"},"reportImage":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-report-image-info","tag":"1.1.21-main"}},"podGcStrategy":"OnWorkflowCompletion","ttlActiveInSeconds":900,"ttlAfterCompletionInSeconds":86400},"enabled":true,"serviceAccount":{"annotations":null,"create":true,"name":"codefresh-image-enrichment-sa"}}` | Image enrichment process configuration | +| app-proxy.image-enrichment.config | object | `{"clientHeartbeatIntervalInSeconds":5,"concurrencyCmKey":"imageReportExecutor","concurrencyCmName":"workflow-synchronization-semaphores","images":{"gitEnrichment":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-image-enricher-git-info","tag":"1.1.21-main"},"jiraEnrichment":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-image-enricher-jira-info","tag":"1.1.21-main"},"reportImage":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-report-image-info","tag":"1.1.21-main"}},"podGcStrategy":"OnWorkflowCompletion","ttlActiveInSeconds":900,"ttlAfterCompletionInSeconds":86400}` | Configurations for image enrichment workflow | | app-proxy.image-enrichment.config.clientHeartbeatIntervalInSeconds | int | `5` | Client heartbeat interval in seconds for image enrichemnt workflow | | app-proxy.image-enrichment.config.concurrencyCmKey | string | `"imageReportExecutor"` | The name of the key in the configmap to use as synchronization semaphore | | app-proxy.image-enrichment.config.concurrencyCmName | string | `"workflow-synchronization-semaphores"` | The name of the configmap to use as synchronization semaphore, see https://argoproj.github.io/argo-workflows/synchronization/ | -| app-proxy.image-enrichment.config.images | object | `{"gitEnrichment":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-image-enricher-git-info","tag":"1.1.20-main"},"jiraEnrichment":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-image-enricher-jira-info","tag":"1.1.20-main"},"reportImage":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-report-image-info","tag":"1.1.20-main"}}` | Enrichemnt images | -| app-proxy.image-enrichment.config.images.reportImage | object | `{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-report-image-info","tag":"1.1.20-main"}` | Report image enrichment task image | +| app-proxy.image-enrichment.config.images | object | `{"gitEnrichment":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-image-enricher-git-info","tag":"1.1.21-main"},"jiraEnrichment":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-image-enricher-jira-info","tag":"1.1.21-main"},"reportImage":{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-report-image-info","tag":"1.1.21-main"}}` | Enrichemnt images | +| app-proxy.image-enrichment.config.images.reportImage | object | `{"registry":"quay.io","repository":"codefreshplugins/argo-hub-codefresh-csdp-report-image-info","tag":"1.1.21-main"}` | Report image enrichment task image | | app-proxy.image-enrichment.config.podGcStrategy | string | `"OnWorkflowCompletion"` | Pod grabage collection strategy. By default all pods will be deleted when the enrichment workflow completes. | | app-proxy.image-enrichment.config.ttlActiveInSeconds | int | `900` | Maximum allowed runtime for the enrichment workflow | | app-proxy.image-enrichment.config.ttlAfterCompletionInSeconds | int | `86400` | Number of seconds to live after completion | From b08dc1ef90d076c7a5fb60c02b879682af0f7fd0 Mon Sep 17 00:00:00 2001 From: Daniel Maizel Date: Mon, 26 Jan 2026 12:52:26 +0200 Subject: [PATCH 15/15] chore: update artifcathub.io/changes --- charts/gitops-runtime/Chart.yaml | 130 +++++++------------------------ 1 file changed, 29 insertions(+), 101 deletions(-) diff --git a/charts/gitops-runtime/Chart.yaml b/charts/gitops-runtime/Chart.yaml index a08c4373b..8214daf80 100644 --- a/charts/gitops-runtime/Chart.yaml +++ b/charts/gitops-runtime/Chart.yaml @@ -13,107 +13,35 @@ maintainers: url: https://codefresh-io.github.io/ annotations: artifacthub.io/alternativeName: "codefresh-gitops-runtime" - artifacthub.io/changes: |- - - kind: changed - description: 'fix(enrichment-images): security vulnerabilities CVE-2025-66030, CVE-2025-15284, CVE-2025-14104, CVE-2025-66382, CVE-2025-13836 and CVE-2025-13837 (#1065)' - - kind: changed - description: 'chore: cherry-pick remove argo-events controller to stable/0.27 (#1062)' - - kind: changed - description: 'chore: remove argo-rollouts from gitops-runtime helm chart (#1051)' - - kind: changed - description: 'fix: a simple runtime application ends up being out-of-sync' - - kind: changed - description: 'chore: Fix security vulnerabilities for argo-workflows (#1047)' - - kind: changed - description: 'feat: add automated Slack release notifications (#1045)' - - kind: changed - description: 'feat(app-proxy): support for the confirm deletion/pruning feature of ArgoCD (#1046)' - - kind: changed - description: updated kubectl for redis-secret-init job (#1041) - - kind: changed - description: 'feat: bump app proxy (#1044)' - - kind: changed - description: 'feat(event-reporter): added deleted field to app event payload (#1039)' - - kind: changed - description: updated argo-cd to 3.2.3 (#1037) - - kind: changed - description: 'fix(sealed-secrets-controller): security vulnerabilities CVE-2025-47912, CVE-2025-58181, CVE-2025-58186, CVE-2025-58187, CVE-2025-58188, CVE-2025-58189, CVE-2025-61723, CVE-2025-61724, CVE-2025-61727, CVE-2025-61729 (#1035)' - - kind: changed - description: 'fix(cf-argocd-extras): security vulnerability CVE-2025-58181, CVE-2025-13281, CVE-2025-61727, CVE-2025-61729 (#1032)' - - kind: changed - description: 'feat: bump app proxy (#1031)' - - kind: changed - description: 'docs: add release guide documentation (#1030)' - - kind: changed - description: 'Revert "feat: remove product crd (#997)" (#1029)' - - kind: changed - description: 'fix(codefresh-gitops-operator): security vulnerability CVE-2025-66626 (#1024)' - - kind: changed - description: 'fix(codefresh-tunnel-client): security vulnerabilities CVE-2025-9230, CVE-2025-9231, CVE-2025-9232, CVE-2025-46394, CVE-2024-58251 (#1023)' - - kind: changed - description: 'feat: added support for runtime uninstallation' - - kind: changed - description: updated argo-cd to 3.2.2 (#1019) - - kind: changed - description: 'fix: sync codefresh-gitops-operator image from `stable/0.26` branch with `main` branch (#1010)' - - kind: changed - description: 'fix: security fixes for enrichment images (CVE-2025-64756, CVE-2025-65945, CVE-2025-66031, CVE-2025-12816, CVE-2025-8291, CVE-2025-6075, CVE-2025-12084) (#1011)' - - kind: changed - description: 'fix: update app-proxy image tags to latest version to improve git providers support (#1014)' - - kind: changed - description: 'fix: app-proxy fails to create a Workflow instance (#1008)' - - kind: changed - description: '[cf-argocd-extras]feat: new MRC change revisions annotations support (#1005)' - - kind: changed - description: 'feat: remove product crd (#997)' - - kind: changed - description: 'fix: update app-proxy image tags to latest version 1.3982.0 (#999)' - - kind: changed - description: 'chore(CR-32163): updated cli-v2 for fixing CVE-2024-25621 "github.com/containerd (#993)' - - kind: changed - description: added labeler github action (#971) - - kind: changed - description: Feat/revert-app-proxy-and-operator (#980) - - kind: changed - description: 'fix: update namespace handling in cluster resource reporter (#965)' - - kind: changed - description: 'feat: add latest app version to release index data (#961)' - - kind: changed - description: reset main version back to 0.0.0 (#959) - - kind: changed - description: 'chore: bump cap-app-proxy to 1.3953.0 (#958)' - - kind: changed - description: 'chore: Fix security vulnerabilities for argo-workflows (#948)' - - kind: changed - description: '[gitops-operator]fix: improve integration test coverage of setup code (#949)' - - kind: changed - description: '[gitops-operator]fix: remove git commit statuses (#940)' - - kind: changed - description: 'feat: multi-runtime installation (#939)' - - kind: changed - description: 'fix: update cap-app-proxy image tags to 1.3943.0 (#944)' - - kind: changed - description: 'chore: remove checksum_test' - - kind: changed - description: 'feat: remove codefresh-cm from helm unit tests' - - kind: changed - description: 'feat: checksum annotations (#938)' - - kind: changed - description: 'fix: update REQUIRED_VERSION_CONSTRAINT for Argo CD compatibility (#937)' - - kind: changed - description: '[cf-argocd-extras]chore: update depencencies (argo-cd 3.2) (#928)' - - kind: changed - description: 'feat: add branch data to pullrequest info (#926)' - - kind: changed - description: 'feat: disable runtime redis by default (#927)' - - kind: changed - description: 'feat: disable Argo Rollouts by default and enable namespace-scoped Argo Workflows (#920)' - - kind: changed - description: 'fix: set transient error on app sync failure (#922)' - - kind: changed - description: 'feat: allow running without redis configured (#919)' - - kind: changed - description: 'fix: retry on notFound before updating resource status (#912)' + artifacthub.io/changes: | + - kind: removed + description: Removed Argo Rollouts controller from helm chart + - kind: removed + description: Removed Argo Events controller from helm chart + - kind: added + description: Enhanced runtime uninstallation with zero-footprint cleanup + - kind: added + description: ArgoCD sync and deletion guardrails with confirmation prompts + - kind: added + description: Improved installation wizard with Bitbucket, Bitbucket Server, and GitLab support + - kind: added + description: Support for running without Redis configured + - kind: added + description: MRC change revisions annotations support + - kind: added + description: Deleted field added to app event payload + - kind: added + description: Checksum annotations for config change detection + - kind: changed + description: Runtime Redis disabled by default + - kind: changed + description: Namespace-scoped Argo Workflows enabled by default + - kind: fixed + description: Transient error handling on app sync failure + - kind: fixed + description: Runtime application out-of-sync issue + - kind: security + description: Security fixes for argo-workflows dependencies: - name: argo-cd repository: https://argoproj.github.io/argo-helm