Merge pull request #133 from codefresh-io/sync-2.14.9

Sync-2.14.9

Author: ATGardner

.github/workflows/lint-and-test.yml

@@ -27,18 +27,18 @@ jobs:
           fetch-depth: 0
 
       - name: Set up Helm
-        uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0
+        uses: azure/setup-helm@b9e51907a09c216f16ebe8536097933489208112 # v4.3.0
         with:
           version: v3.10.1 # Also update in publish.yaml
 
       - name: Set up python
-        uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
+        uses: actions/setup-python@8d9ed9ac5c53483de85588cdf95a591a75ab9f55 # v5.5.0
         with:
           python-version: 3.9
 
       - name: Setup Chart Linting
         id: lint
-        uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1
+        uses: helm/chart-testing-action@0d28d3144d3a25ea2cc349d6e59901c4ff469b3b # v2.7.0
         with:
           # Note: Also update in scripts/lint.sh
           version: v3.11.0

.github/workflows/publish.yml

@@ -23,7 +23,7 @@ jobs:
           fetch-depth: 0
 
       - name: Install Helm
-        uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0
+        uses: azure/setup-helm@b9e51907a09c216f16ebe8536097933489208112 # v4.3.0
         with:
           version: v3.10.1 # Also update in lint-and-test.yaml
 
@@ -59,15 +59,15 @@ jobs:
           PGP_PASSPHRASE: "${{ secrets.PGP_PASSPHRASE }}"
 
       - name: Run chart-releaser
-        uses: helm/chart-releaser-action@be16258da8010256c6e82849661221415f031968 # v1.5.0 - currently there is a bug on 1.6.0 version, can upgrade back when it'll be solved - https://github.com/helm/chart-releaser-action/issues/171 
+        uses: helm/chart-releaser-action@cae68fefc6b5f367a0275617c9f83181ba54714f # v1.7.0
         with:
           config: "./.github/configs/cr.yaml"
           skip_packaging: true
         env:
           CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
 
       - name: Login to GHCR
-        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
+        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
         with:
           registry: ghcr.io
           username: ${{ github.actor }}

.github/workflows/renovate.yaml

@@ -16,7 +16,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Get token
-        uses: actions/create-github-app-token@c1a285145b9d317df6ced56c09f525b5c2b6f755 # v1.11.1
+        uses: actions/create-github-app-token@3ff1caaa28b64c9cc276ce0a02e2ff584f3900c5 # v2.0.2
         id: get_token
         with:
           app-id: ${{ vars.RENOVATE_APP_ID }}
@@ -26,12 +26,13 @@ jobs:
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Self-hosted Renovate
-        uses: renovatebot/github-action@f24426972367551f3391720e34317783a92fd32b # v41.0.8
+        uses: renovatebot/github-action@c21017a4a2fc9f42953bcc907e375a5a544557ec # v41.0.18
         with:
           configurationFile: .github/configs/renovate-config.js
           # renovate: datasource=docker depName=ghcr.io/renovatebot/renovate
-          renovate-version: 39.86.4
+          renovate-version: 39.229.0
           token: '${{ steps.get_token.outputs.token }}'
+          mount-docker-socket: true
         env:
           LOG_LEVEL: 'debug'
           RENOVATE_REPOSITORIES: '${{ github.repository }}'

.github/workflows/scorecard.yml

@@ -38,15 +38,15 @@ jobs:
           persist-credentials: false
 
       - name: "Run analysis"
-        uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0
+        uses: ossf/scorecard-action@f49aabe0b5af0936a0987cfb85d86b75731b0186 # v2.4.1
         with:
           results_file: results.sarif
           results_format: sarif
           # (Optional) "write" PAT token. Uncomment the `repo_token` line below if:
           # - you want to enable the Branch-Protection check on a *public* repository, or
           # - you are installing Scorecard on a *private* repository
           # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-pat.
-          repo_token: ${{ secrets.SCORECARD_TOKEN }}
+          # repo_token: ${{ secrets.SCORECARD_TOKEN }}
 
           # Public repositories:
           #   - Publish results to OpenSSF REST API for easy access by consumers
@@ -60,14 +60,14 @@ jobs:
       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
       # format to the repository Actions tab.
       - name: "Upload artifact"
-        uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
         with:
           name: SARIF file
           path: results.sarif
           retention-days: 5
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0
+        uses: github/codeql-action/upload-sarif@1b549b9259bda1cb5ddde3b41741a82a2d15a841 # v3.28.13
         with:
           sarif_file: results.sarif

.github/workflows/stale.yml

@@ -14,7 +14,7 @@ jobs:
       pull-requests: write  # for actions/stale to close stale PRs
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/stale@28ca1036281a5e5922ead5184a1bbf96e5fc984e # v9.0.0
+    - uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639 # v9.1.0
       with:
         repo-token: ${{ secrets.GITHUB_TOKEN }}
         # Number of days of inactivity before an issue becomes stale

charts/argo-cd/Chart.lock

@@ -1,6 +1,6 @@
 dependencies:
 - name: redis-ha
   repository: https://dandydeveloper.github.io/charts/
-  version: 4.29.4
-digest: sha256:1257baf1c5e0db036af659d44095223e28ac0c9ec1ed8300a02d5def2281c9c7
-generated: "2024-11-13T09:07:36.494128+09:00"
+  version: 4.33.2
+digest: sha256:1ce334c23fe53427c771277cc7cecd4143226aba04c8a6c52513042a96e7ff5d
+generated: "2025-03-27T09:46:27.113833-07:00"

charts/argo-cd/Chart.yaml

@@ -1,9 +1,9 @@
 apiVersion: v2
-appVersion: v2.13.3-2025.3.5-50344f005
+appVersion: v2.14.9-2025-04-20-584fc7f3
 kubeVersion: ">=1.25.0-0"
 description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes.
 name: argo-cd
-version: 7.7.14-5-cap-2.13.3-2025.3.5-50344f005
+version: 7.8.23-1-cap-v2.14.9-2025-04-20-584fc7f3
 home: https://github.com/argoproj/argo-helm
 icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png
 sources:
@@ -18,7 +18,7 @@ maintainers:
     url: https://argoproj.github.io/
 dependencies:
   - name: redis-ha
-    version: 4.29.4
+    version: 4.33.2
     repository: https://dandydeveloper.github.io/charts/
     condition: redis-ha.enabled
 annotations:
@@ -27,4 +27,52 @@ annotations:
     url: https://argoproj.github.io/argo-helm/pgp_keys.asc
   artifacthub.io/changes: |
     - kind: changed
-      description: bumped argo-cd to v2.13.3-2025.3.5-50344f005 + bumped git-lfs to 3.6.1
+      description: bumped argo-cd to v2.14.9-2025-04-20-584fc7f3
+    - kind: fixed
+      description: Secret for embedded Redis deployments now always uses the same name and key
+    - kind: fixed
+      description: Make code clearer when Redis Secret is optional
+    - kind: fixed
+      description: Correct oliver006/redis_exporter image tag
+    - kind: fixed
+      description: Moved to oliver006/redis_exporter to support multi-arch images (also for non-HA redis)
+    - kind: fixed
+      description: Remove quotation marks around loglevel and logformat CLI args
+    - kind: fixed
+      description: Fixed the log level and log format override for components "dexserver" and "notificationscontroller"
+    - kind: deprecated
+      description: Value `notifications.logLevel` is depreacted in favor of `configs.params."notificationscontroller.log.level"`
+    - kind: deprecated
+      description: Value `notifications.logFormat` is depreacted in favor of `configs.params."notificationscontroller.log.format"`
+    - kind: deprecated
+      description: Value `dex.logLevel` is depreacted in favor of `configs.params."dexserver.log.level"`
+    - kind: deprecated
+      description: Value `dex.logFormat` is depreacted in favor of `configs.params."dexserver.log.format"`
+    - kind: changed
+      description: Upgrade redis-ha
+    - kind: changed
+      description: Bump redis-exporter to 1.69.0
+    - kind: fixed
+      description: Fixed broken topologySpreadConstraints template in commitServer component
+    - kind: added
+      description: Added a comment how to pass values into argocd-cm ConfigMap
+    - kind: added
+      description: Support controller.sync.timeout.seconds
+    - kind: changed
+      description: Bump dex version to v2.42.0
+    - kind: fixed
+      description: Create ServiceMonitor for dex only if dex is enabled
+    - kind: fixed
+      description: Fixed typo in README
+    - kind: fixed
+      description: remove required function in $cluster_key from clusterCredentials
+    - kind: changed
+      description: Bump redis to 7.4.2
+    - kind: added
+      description: Add feature toggle to ArgoCD configmap allowing sync impersonation
+    - kind: fixed
+      description: Address ingress regression of PR #3081, use toString before tpl function
+    - kind: added
+      description: Added conditional around argocd-tls-certs-cm.yaml helm creation
+    - kind: fixed
+      description: Correct ingress listen-ports example