codefresh-io · codefresh-v2-pipelines · Oct 5, 2025 · Oct 5, 2025 · Oct 1, 2025 · Oct 1, 2025
@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: 0.1.75
 description: A Helm chart for Codefresh gitops runtime
 name: gitops-runtime
-version: '0.24.3'
+version: '0.24.4'
 home: https://github.com/codefresh-io/gitops-runtime-helm
 icon: https://avatars1.githubusercontent.com/u/11412079?v=3
 keywords:

@@ -1,18 +1,11 @@
-{{- define "cap-app-proxy.resources.configmap-documented-configs"}}
-argoCdUrl: {{ .Values.config.argoCdUrl }}
-argoCdUsername: {{ .Values.config.argoCdUsername }}
+{{- define "cap-app-proxy.resources.configmap-documented-configs" }}
 argoWorkflowsInsecure: {{ .Values.config.argoWorkflowsInsecure | quote }}
-argoWorkflowsUrl: {{ default "" .Values.config.argoWorkflowsUrl }}
+clusterChunkSize: {{ .Values.config.clusterChunkSize | quote }}
 cors: {{ .Values.global.codefresh.url }}
-  {{- with .Values.config.clusterChunkSize }}
-clusterChunkSize: {{ . | quote }}
-  {{- end }}
-env: {{ .Values.config.env | quote}}
 isConfigurationRuntime: {{ .Values.global.runtime.isConfigurationRuntime | quote }}
 isExternalArgoCD: {{ .Values.global.runtime.isExternalArgoCD | quote }}
 runtimeName: {{ required "global.runtime.name is required" .Values.global.runtime.name | quote}}
 isNamespacedRuntime: {{ .Values.global.runtime.singleNamespace | quote }}
-skipGitPermissionValidation: {{ .Values.config.skipGitPermissionValidation | quote }}
 logLevel: {{ .Values.config.logLevel | quote }}
   {{- $enrichmentValues := get .Values "image-enrichment" }}
   {{- if $enrichmentValues.enabled }}
@@ -31,7 +24,7 @@ enrichmentJiraEnrichmentImage: {{ printf "%s/%s:%s" $enrichmentValues.config.ima
 
 {{- define "cap-app-proxy.resources.configmap" }}
 {{- $documentedConfigs := (include "cap-app-proxy.resources.configmap-documented-configs" . | fromYaml ) }}
-{{- $overrides := omit .Values.config "clusterChunkSize" }}
+{{- $overrides := omit .Values.config "argoWorkflowsInsecure" "clusterChunkSize" "cors" }}
 {{- $mergedConfig := mergeOverwrite $documentedConfigs $overrides }}
 apiVersion: v1
 kind: ConfigMap

@@ -5,9 +5,6 @@ ARGO_CD_URL:
       name: cap-app-proxy-cm
       key: argoCdUrl
       optional: true
-ARGO_CD_TOKEN: {{ include "codefresh-gitops-runtime.argocd.server.token" . | nindent 2 }}
-ARGO_CD_USERNAME: {{ include "codefresh-gitops-runtime.argocd.server.username-env-var" . | nindent 2 }}
-ARGO_CD_PASSWORD: {{ include "codefresh-gitops-runtime.argocd.server.password" . | nindent 2 }}
 ARGO_WORKFLOWS_INSECURE:
   valueFrom:
     configMapKeyRef:
@@ -231,8 +228,9 @@ LEADER_ID:
 Read defaults from the template above and merge with the values provided in values file
 */}}
 {{- define "cap-app-proxy.environment-variables" -}}
-{{- $defaults := (include "cap-app-proxy.environment-variables.defaults" . | fromYaml) }}
-{{- $overrides := .Values.env }}
-{{- $mergedValues := mergeOverwrite $defaults $overrides }}
-{{- include "codefresh-gitops-runtime.components.common_helpers.container-templates.env-vars" $mergedValues }}
+  {{- $defaults := (include "cap-app-proxy.environment-variables.defaults" . | fromYaml) }}
+  {{- $argoCdAuth := (include "codefresh-gitops-runtime.argocd-auth" . | fromYaml) }}
+  {{- $overrides := .Values.env }}
+  {{- $mergedValues := mergeOverwrite $defaults $argoCdAuth $overrides }}
+  {{- include "codefresh-gitops-runtime.components.common_helpers.container-templates.env-vars" $mergedValues }}
 {{- end -}}
@@ -15,13 +15,16 @@
   {{- $_ := set $context.Values.container.env.REDIS_PASSWORD.valueFrom.secretKeyRef "key"  (default "redis-password" $vals.externalRedis.existingSecretKeyRef.key) }}
 {{- end }}
 
-{{- if and (eq (index $context.Values "global" "external-argo-cd" "auth" "type") "token") }}
-  {{- if not (index $context.Values "global" "external-argo-cd" "auth" "token") }}
-      {{- $_ := set $context.Values.container.env "ARGO_CD_TOKEN_SECRET_NAME" (required ".Values.global.external-argo-cd.auth.type is set to 'token' therefore .Values.global.external-argo-cd.auth.tokenSecretKeyRef.name is required" (index $context.Values "global" "external-argo-cd" "auth" "tokenSecretKeyRef" "name")) }}
-      {{- $_ := set $context.Values.container.env "ARGO_CD_TOKEN_SECRET_KEY" (required ".Values.global.external-argo-cd.auth.type is set to 'token' therefore .Values.global.external-argo-cd.auth.tokenSecretKeyRef.key is required" (index $context.Values "global" "external-argo-cd" "auth" "tokenSecretKeyRef" "key" )) }}
+{{- $argoCdAuth := (index .Values "global" "external-argo-cd" "auth") }}
+{{- if (eq $argoCdAuth.type "token") }}
+  {{- if $argoCdAuth.token }}
+    {{- $_ := set $context.Values.container.env "ARGO_CD_TOKEN_SECRET_NAME" "gitops-runtime-argo-cd-token" }}
+    {{- $_ := set $context.Values.container.env "ARGO_CD_TOKEN_SECRET_KEY" "token" }}
+  {{- else if $argoCdAuth.tokenSecretKeyRef }}
+    {{- $_ := set $context.Values.container.env "ARGO_CD_TOKEN_SECRET_NAME" (required ".Values.global.external-argo-cd.auth.type is set to 'token' therefore .Values.global.external-argo-cd.auth.tokenSecretKeyRef.name is required" $argoCdAuth.tokenSecretKeyRef.name) }}
+    {{- $_ := set $context.Values.container.env "ARGO_CD_TOKEN_SECRET_KEY" (required ".Values.global.external-argo-cd.auth.type is set to 'token' therefore .Values.global.external-argo-cd.auth.tokenSecretKeyRef.key is required" $argoCdAuth.tokenSecretKeyRef.key) }}
   {{- else }}
-      {{- $_ := set $context.Values.container.env "ARGO_CD_TOKEN_SECRET_NAME" "gitops-runtime-argo-cd-token" }}
-      {{- $_ := set $context.Values.container.env "ARGO_CD_TOKEN_SECRET_KEY" "token" }}
+    {{ fail ".Values.global.external-argo-cd.auth.type is 'token' and .Values.global.external-argo-cd.auth.token or .Values.global.external-argo-cd.auth.tokenSecretKeyRef are not set" }}
   {{- end }}
 {{- end }}
 

@@ -15,13 +15,16 @@
   {{- $_ := set $context.Values.container.env.REDIS_PASSWORD.valueFrom.secretKeyRef "key"  (default "redis-password" $vals.externalRedis.existingSecretKeyRef.key) }}
 {{- end }}
 
-{{- if and (eq (index $context.Values "global" "external-argo-cd" "auth" "type") "token") }}
-  {{- if not (index $context.Values "global" "external-argo-cd" "auth" "token") }}
-      {{- $_ := set $context.Values.container.env "ARGO_CD_TOKEN_SECRET_NAME" (required ".Values.global.external-argo-cd.auth.type is set to 'token' therefore .Values.global.external-argo-cd.auth.tokenSecretKeyRef.name is required" (index $context.Values "global" "external-argo-cd" "auth" "tokenSecretKeyRef" "name")) }}
-      {{- $_ := set $context.Values.container.env "ARGO_CD_TOKEN_SECRET_KEY" (required ".Values.global.external-argo-cd.auth.type is set to 'token' therefore .Values.global.external-argo-cd.auth.tokenSecretKeyRef.key is required" (index $context.Values "global" "external-argo-cd" "auth" "tokenSecretKeyRef" "key" )) }}
+{{- $argoCdAuth := (index .Values "global" "external-argo-cd" "auth") }}
+{{- if (eq $argoCdAuth.type "token") }}
+  {{- if $argoCdAuth.token }}
+    {{- $_ := set $context.Values.container.env "ARGO_CD_TOKEN_SECRET_NAME" "gitops-runtime-argo-cd-token" }}
+    {{- $_ := set $context.Values.container.env "ARGO_CD_TOKEN_SECRET_KEY" "token" }}
+  {{- else if $argoCdAuth.tokenSecretKeyRef }}
+    {{- $_ := set $context.Values.container.env "ARGO_CD_TOKEN_SECRET_NAME" (required ".Values.global.external-argo-cd.auth.type is set to 'token' therefore .Values.global.external-argo-cd.auth.tokenSecretKeyRef.name is required" $argoCdAuth.tokenSecretKeyRef.name) }}
+    {{- $_ := set $context.Values.container.env "ARGO_CD_TOKEN_SECRET_KEY" (required ".Values.global.external-argo-cd.auth.type is set to 'token' therefore .Values.global.external-argo-cd.auth.tokenSecretKeyRef.key is required" $argoCdAuth.tokenSecretKeyRef.key) }}
   {{- else }}
-      {{- $_ := set $context.Values.container.env "ARGO_CD_TOKEN_SECRET_NAME" "gitops-runtime-argo-cd-token" }}
-      {{- $_ := set $context.Values.container.env "ARGO_CD_TOKEN_SECRET_KEY" "token" }}
+    {{ fail ".Values.global.external-argo-cd.auth.type is 'token' and .Values.global.external-argo-cd.auth.token or .Values.global.external-argo-cd.auth.tokenSecretKeyRef are not set" }}
   {{- end }}
 {{- end }}
 

@@ -93,7 +93,7 @@ Determine argocd repo server service name. Must be called with chart root contex
 */}}
 {{- define "codefresh-gitops-runtime.argocd.reposerver.servicename" -}}
 {{/* For now use template from ArgoCD chart until better approach */}}
-  {{- if and (index .Subcharts "argo-cd") }}
+  {{- if (index .Subcharts "argo-cd") }}
     {{- template "argo-cd.repoServer.fullname" (dict "Values" (get .Values "argo-cd") "Release" .Release ) }}
   {{- else }}
     {{- $repoServer := index .Values "global" "external-argo-cd" "repoServer" }}
@@ -107,7 +107,7 @@ Determine argocd argocd repo server port
 */}}
 {{- define "codefresh-gitops-runtime.argocd.reposerver.serviceport" -}}
 {{/* For now use template from ArgoCD chart until better approach */}}
-  {{- if and (index .Subcharts "argo-cd") }}
+  {{- if (index .Subcharts "argo-cd") }}
     {{- index .Values "argo-cd" "repoServer" "service" "port" }}
   {{- else }}
     {{- $repoServer := index .Values "global" "external-argo-cd" "repoServer" }}
@@ -122,11 +122,11 @@ Determine argocd repoServer url
 */}}
 {{- define "codefresh-gitops-runtime.argocd.reposerver.url" -}}
 {{- $argoCDValues := (get .Values "argo-cd") }}
-{{- if and (index .Values "argo-cd" "enabled") }}
+{{- if (index .Values "argo-cd" "enabled") }}
   {{- $serviceName := include "codefresh-gitops-runtime.argocd.reposerver.servicename" . }}
   {{- $port := include "codefresh-gitops-runtime.argocd.reposerver.serviceport" . }}
   {{- printf "%s:%s" $serviceName $port }}
-{{- else if and (index .Values "global" "external-argo-cd" "repoServer") }}
+{{- else if (index .Values "global" "external-argo-cd" "repoServer") }}
   {{- $repoServer := (index .Values "global" "external-argo-cd" "repoServer") }}
   {{- $svc := required "ArgoCD is not enabled and .Values.global.external-argo-cd.repoServer.svc is not set" $repoServer.svc }}
   {{- $port := required "ArgoCD is not enabled and .Values.global.external-argo-cd.repoServer.port is not set" $repoServer.port }}
@@ -149,7 +149,7 @@ Determine argocd servicename. Must be called with chart root context
 Determine rollouts name
 */}}
 {{- define "codefresh-gitops-runtime.argo-rollouts.name" -}}
-  {{- if and (index .Values "argo-rollouts" "enabled") }}
+  {{- if (index .Values "argo-rollouts" "enabled") }}
     {{/* For now use template from rollouts chart until better approach */}}
     {{- template "argo-rollouts.fullname" (dict "Values" (get .Values "argo-rollouts")) }}
   {{- else }}
@@ -189,21 +189,21 @@ Determine argocd redis service port. Must be called with chart root context
 Determine argocd server url. Must be called with chart root context
 */}}
 {{- define "codefresh-gitops-runtime.argocd.server.url" -}}
-  {{- if and (index .Values "argo-cd" "enabled") }}
+  {{- if (index .Values "argo-cd" "enabled") }}
     {{- $protocol := "https" }}
     {{- $port := include "codefresh-gitops-runtime.argocd.server.serviceport" . }}
     {{- if (eq $port "80") }}
       {{- $protocol = "http" }}
     {{- end }}
     {{- $url := include "codefresh-gitops-runtime.argocd.server.no-protocol-url" . }}
     {{- printf "%s://%s" $protocol $url }}
-  {{- else if and (index .Values "global" "external-argo-cd" "server") }}
+  {{- else if (index .Values "global" "external-argo-cd" "server") }}
     {{- $argoCDSrv := (index .Values "global" "external-argo-cd" "server") }}
     {{- $protocol := "http" }}
     {{- $svc := required "ArgoCD is not enabled and .Values.global.external-argo-cd.server.svc is not set" $argoCDSrv.svc }}
     {{- $port := (required "ArgoCD is not enabled and .Values.global.external-argo-cd.server.port is not port" $argoCDSrv.port) | toString }}
     {{- $rootpath := (index .Values "global" "external-argo-cd" "server" "rootpath") }}
-    {{- if and (eq $port "80") }}
+    {{- if (eq $port "80") }}
       {{- printf "%s://%s%s" $protocol $svc $rootpath }}
     {{- else }}
       {{- printf "%s://%s:%s%s" $protocol $svc $port $rootpath }}
@@ -218,12 +218,12 @@ Determine argocd server url witout the protocol. Must be called with chart root
 */}}
 {{- define "codefresh-gitops-runtime.argocd.server.no-protocol-url" -}}
 {{- $argoCDValues := (get .Values "argo-cd") }}
-{{- if and (index .Values "argo-cd" "enabled") }}
+{{- if (index .Values "argo-cd" "enabled") }}
   {{- $serverName := include "codefresh-gitops-runtime.argocd.server.servicename" . }}
   {{- $port := include "codefresh-gitops-runtime.argocd.server.serviceport" . }}
   {{- $path := (get $argoCDValues.configs.params "server.rootpath") }}
   {{- printf "%s:%s%s" $serverName $port $path }}
-{{- else if and (index .Values "global" "external-argo-cd" "server") }}
+{{- else if (index .Values "global" "external-argo-cd" "server") }}
   {{- $argoCDSrv := (index .Values "global" "external-argo-cd" "server") }}
   {{- $svc := required "ArgoCD is not enabled and .Values.global.external-argo-cd.server.svc is not set" $argoCDSrv.svc }}
   {{- $port := required "ArgoCD is not enabled and .Values.global.external-argo-cd.server.port is not set" $argoCDSrv.port }}
@@ -234,95 +234,49 @@ Determine argocd server url witout the protocol. Must be called with chart root
 {{- end }}
 {{- end}}
 
-{{/*
-Determine argocd server password.
-*/}}
-{{- define "codefresh-gitops-runtime.argocd.server.password" }}
-  {{- if and (index .Values "argo-cd" "enabled") }}
-valueFrom:
-  secretKeyRef:
-    name: argocd-initial-admin-secret
-    key: password
-  {{- else if and (eq (index .Values "global" "external-argo-cd" "auth" "type") "password") (index .Values "global" "external-argo-cd" "auth" "passwordSecretKeyRef") }}
-valueFrom:
-  secretKeyRef:
-{{- index .Values "global" "external-argo-cd" "auth" "passwordSecretKeyRef" | toYaml | nindent 4 }}
-  {{- else if and (eq (index .Values "global" "external-argo-cd" "auth" "type") "password") (index .Values "global" "external-argo-cd" "auth" "password") }}
-valueFrom:
-  secretKeyRef:
-    name: gitops-runtime-argo-cd-password
-    key: token
-  {{- else if and (eq (index .Values "global" "external-argo-cd" "auth" "type") "token") (index .Values "global" "external-argo-cd" "auth" "token") }}
-valueFrom:
-  secretKeyRef:
-    name: gitops-runtime-argo-cd-token
-    key: token
-  {{- else if and (eq (index .Values "global" "external-argo-cd" "auth" "type") "token") (index .Values "global" "external-argo-cd" "auth" "tokenSecretKeyRef") }}
-valueFrom:
-  secretKeyRef:
-{{- index .Values "global" "external-argo-cd" "auth" "tokenSecretKeyRef" | toYaml | nindent 4 }}
-    optional: true
-  {{- else }}
-{{ fail "ArgoCD is not enabled and .Values.global.external-argo-cd.auth.password or .Values.global.external-argo-cd.auth.passwordSecretKeyRef is not set" }}
-  {{- end }}
-{{- end }}
-
-
-{{/*
-Determine argocd token password.
-*/}}
-{{- define "codefresh-gitops-runtime.argocd.server.token" }}
-  {{- if and (eq (index .Values "global" "external-argo-cd" "auth" "type") "token") (index .Values "global" "external-argo-cd" "auth" "tokenSecretKeyRef" "name") (index .Values "global" "external-argo-cd" "auth" "tokenSecretKeyRef" "key")}}
-valueFrom:
-  secretKeyRef:
-{{- index .Values "global" "external-argo-cd" "auth" "tokenSecretKeyRef" | toYaml | nindent 4 }}
-  {{- else if and (eq (index .Values "global" "external-argo-cd" "auth" "type") "token") (index .Values "global" "external-argo-cd" "auth" "token") }}
-valueFrom:
-  secretKeyRef:
-    name: gitops-runtime-argo-cd-token
-    key: token
-  {{- else if or (eq (index .Values "global" "external-argo-cd" "auth" "type") "password") }}
-valueFrom:
-  secretKeyRef:
-    name: argocd-token
-    key: token
-    optional: true
-  {{- else }}
-    {{ fail (printf "Invalid value for .Values.global.external-argo-cd.auth.type: %s. Allowed values are: [password token]" (index .Values "global" "external-argo-cd" "auth" "type")) }}
-  {{- end }}
-{{- end }}
-
-{{/*
-Determine argocd server password.
-*/}}
-{{- define "codefresh-gitops-runtime.argocd.server.username-env-var" }}
-  {{- if and (index .Values "argo-cd" "enabled") }}
-valueFrom:
-  configMapKeyRef:
-    name: cap-app-proxy-cm
-    key: argoCdUsername
-    optional: true
-  {{- else if and (index .Values "global" "external-argo-cd" "auth" "usernameSecretKeyRef") }}
-valueFrom:
-  secretKeyRef:
-{{- index .Values "global" "external-argo-cd" "auth" "usernameSecretKeyRef" | toYaml | nindent 4 }}
-  {{- else if and (index .Values "global" "external-argo-cd" "auth" "username") }}
-{{- printf "%s" (index .Values "global" "external-argo-cd" "auth" "username") }}
+{{- define "codefresh-gitops-runtime.argocd-auth" -}}
+  {{- $authValues := (index .Values "global" "external-argo-cd" "auth") }}
+  {{- if (eq $authValues.type "password") }}
+ARGO_CD_USERNAME:
+  valueFrom:
+    configMapKeyRef:
+      name: cap-app-proxy-cm
+      key: argoCdUsername
+ARGO_CD_PASSWORD:
+  valueFrom:
+    secretKeyRef:
+    {{- if $authValues.password }}
+      name: gitops-runtime-argo-cd-password
+      key: token
+    {{- else if $authValues.passwordSecretKeyRef }}
+      {{- $authValues.passwordSecretKeyRef | toYaml | nindent 6 }}
+    {{- end }}
+  {{- else if (eq $authValues.type "token") }}
+ARGO_CD_TOKEN:
+  valueFrom:
+    secretKeyRef:
+    {{- if $authValues.token }}
+      name: gitops-runtime-argo-cd-token
+      key: token
+    {{- else if $authValues.tokenSecretKeyRef }}
+      {{- if and (hasKey $authValues.tokenSecretKeyRef "name") (hasKey $authValues.tokenSecretKeyRef "key") }}
+        {{- $authValues.tokenSecretKeyRef | toYaml | nindent 6 }}
+      {{- else }}
+        {{- fail "Both 'name' and 'key' must be set in .Values.global.external-argo-cd.auth.tokenSecretKeyRef" }}
+      {{- end }}
+    {{- end }}
   {{- else }}
-{{ fail "ArgoCD is not enabled and .Values.global.external-argo-cd.auth.username or .Values.global.external-argo-cd.auth.usernameSecretKeyRef is not set" }}
+    {{ fail (printf "Invalid value for .Values.global.external-argo-cd.auth.type: %s. Allowed values are: [password token]" $authValues.type) }}
   {{- end }}
 {{- end }}
 
 {{/*
-Determine argocd server password.
+Determine argocd server username ConfigMap.
 */}}
 {{- define "codefresh-gitops-runtime.argocd.server.username-cm" }}
-  {{- if and (index .Values "argo-cd" "enabled") }}
-    {{- printf "%s" (index .Values "app-proxy" "config" "argoCdUsername") }}
-  {{- else if and (index .Values "global" "external-argo-cd" "auth" "username") }}
-    {{- printf "%s" (index .Values "global" "external-argo-cd" "auth" "username") }}
-  {{- else }}
-    {{- fail "ArgoCD is not enabled and .Values.global.external-argo-cd.auth.username is not set" }}
+  {{- $externalArgoCDValues := (index .Values "global" "external-argo-cd" "auth") }}
+  {{- if (eq $externalArgoCDValues.type "password") }}
+    {{- coalesce (index .Values "app-proxy" "config" "argoCdUsername") (index .Values "global" "external-argo-cd" "auth" "username") "" }}
   {{- end }}
 {{- end }}
 
@@ -331,11 +285,11 @@ Determine argocd redis url
 */}}
 {{- define "codefresh-gitops-runtime.argocd.redis.url" -}}
 {{- $argoCDValues := (get .Values "argo-cd") }}
-{{- if and (index .Values "argo-cd" "enabled") }}
+{{- if (index .Values "argo-cd" "enabled") }}
   {{- $serviceName := include "codefresh-gitops-runtime.argocd.redis.servicename" . }}
   {{- $port := include "codefresh-gitops-runtime.argocd.redis.serviceport" . }}
   {{- printf "%s:%s" $serviceName $port }}
-{{- else if and (index .Values "global" "external-argo-cd" "redis") }}
+{{- else if (index .Values "global" "external-argo-cd" "redis") }}
   {{- $redis := (index .Values "global" "external-argo-cd" "redis") }}
   {{- $svc := required "ArgoCD is not enabled and .Values.global.external-argo-cd.redis.svc is not set" $redis.svc }}
   {{- $port := required "ArgoCD is not enabled and .Values.global.external-argo-cd.redis.port is not set" $redis.port }}