Merge remote-tracking branch 'origin/master' into feat/oci

feat: WIP argocd_score (#78 )
Co-authored-by: tahahawa <tahahawa@gmail.com> Reviewed-on: https://git.nationtech.io/NationTech/harmony/pulls/78 Reviewed-by: johnride <jg@nationtech.io> Co-authored-by: Taha Hawa <taha@taha.dev> Co-committed-by: Taha Hawa <taha@taha.dev>
2025-07-03 15:36:52 -04:00 · 2025-07-03 19:30:00 +00:00
4 changed files with 1161 additions and 4 deletions
--- a/harmony/src/modules/application/features/argo_types.rs
+++ b/harmony/src/modules/application/features/argo_types.rs
@ -0,0 +1,226 @@
 use std::{backtrace, collections::HashMap};
 use serde::Serialize;
 use serde_yaml::{Mapping, Value};
 use url::Url;
 use crate::modules::application::features::CDApplicationConfig;
 #[derive(Clone, Debug, Serialize)]
 #[serde(rename_all = "camelCase")]
 pub struct Helm {
    pub pass_credentials: Option<bool>,
    pub parameters: Vec<Value>,
    pub file_parameters: Vec<Value>,
    pub release_name: Option<String>,
    pub value_files: Vec<String>,
    pub ignore_missing_value_files: Option<bool>,
    pub values: Option<String>,
    pub values_object: Option<Value>,
    pub skip_crds: Option<bool>,
    pub skip_schema_validation: Option<bool>,
    pub version: Option<String>,
    pub kube_version: Option<String>,
    pub api_versions: Vec<String>,
    pub namespace: Option<String>,
 }
 #[derive(Clone, Debug, Serialize)]
 #[serde(rename_all = "camelCase")]
 pub struct Source {
    pub repo_url: Url,
    pub target_revision: Option<String>,
    pub chart: String,
    pub helm: Helm,
 }
 #[derive(Clone, Debug, Serialize)]
 #[serde(rename_all = "camelCase")]
 pub struct Automated {
    pub prune: bool,
    pub self_heal: bool,
    pub allow_empty: bool,
 }
 #[derive(Clone, Debug, Serialize)]
 #[serde(rename_all = "camelCase")]
 pub struct Backoff {
    pub duration: String,
    pub factor: u32,
    pub max_duration: String,
 }
 #[derive(Clone, Debug, Serialize)]
 #[serde(rename_all = "camelCase")]
 pub struct Retry {
    pub limit: u32,
    pub backoff: Backoff,
 }
 #[derive(Clone, Debug, Serialize)]
 #[serde(rename_all = "camelCase")]
 pub struct SyncPolicy {
    pub automated: Automated,
    pub sync_options: Vec<String>,
    pub retry: Retry,
 }
 #[derive(Clone, Debug, Serialize)]
 #[serde(rename_all = "camelCase")]
 pub struct ArgoApplication {
    pub name: String,
    pub namespace: Option<String>,
    pub project: String,
    pub source: Source,
    pub sync_policy: SyncPolicy,
    pub revision_history_limit: u32,
 }
 impl Default for ArgoApplication {
    fn default() -> Self {
        Self {
            name: Default::default(),
            namespace: Default::default(),
            project: Default::default(),
            source: Source {
                repo_url: Url::parse("http://asdf").expect("Couldn't parse to URL"),
                target_revision: None,
                chart: "".to_string(),
                helm: Helm {
                    pass_credentials: None,
                    parameters: vec![],
                    file_parameters: vec![],
                    release_name: None,
                    value_files: vec![],
                    ignore_missing_value_files: None,
                    values: None,
                    values_object: None,
                    skip_crds: None,
                    skip_schema_validation: None,
                    version: None,
                    kube_version: None,
                    api_versions: vec![],
                    namespace: None,
                },
            },
            sync_policy: SyncPolicy {
                automated: Automated {
                    prune: false,
                    self_heal: false,
                    allow_empty: false,
                },
                sync_options: vec![],
                retry: Retry {
                    limit: 5,
                    backoff: Backoff {
                        duration: "5s".to_string(),
                        factor: 2,
                        max_duration: "3m".to_string(),
                    },
                },
            },
            revision_history_limit: 10,
        }
    }
 }
 impl From<CDApplicationConfig> for ArgoApplication {
    fn from(value: CDApplicationConfig) -> Self {
        Self {
            name: value.name,
            namespace: Some(value.namespace),
            project: "default".to_string(),
            source: Source {
                repo_url: Url::parse(value.helm_chart_repo_url.to_string().as_str())
                    .expect("couldn't convert to URL"),
                target_revision: None,
                chart: value.helm_chart_name,
                helm: Helm {
                    pass_credentials: None,
                    parameters: vec![],
                    file_parameters: vec![],
                    release_name: None,
                    value_files: vec![],
                    ignore_missing_value_files: None,
                    values: None,
                    values_object: Some(value.values_overrides),
                    skip_crds: None,
                    skip_schema_validation: None,
                    version: None,
                    kube_version: None,
                    api_versions: vec![],
                    namespace: None,
                },
            },
            sync_policy: SyncPolicy {
                automated: Automated {
                    prune: false,
                    self_heal: false,
                    allow_empty: true,
                },
                sync_options: vec![],
                retry: Retry {
                    limit: 5,
                    backoff: Backoff {
                        duration: "5s".to_string(),
                        factor: 2,
                        max_duration: "3m".to_string(),
                    },
                },
            },
            ..Self::default()
        }
    }
 }
 impl ArgoApplication {
    fn to_yaml(self) -> serde_yaml::Value {
        let name = self.name;
        let namespace = if let Some(ns) = self.namespace {
            ns
        } else {
            "argocd".to_string()
        };
        let project = self.project;
        let source = self.source;
        let mut yaml_str = format!(
            r#"
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
  name: {name}
  # You'll usually want to add your resources to the argocd namespace.
  namespace: {namespace}
 spec:
  # The project the application belongs to.
  project: {project}
  # Destination cluster and namespace to deploy the application
  destination:
    # cluster API URL
    server: https://kubernetes.default.svc
    # or cluster name
    # name: in-cluster
    # The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace
    namespace: {namespace}
 "#
        );
        yaml_str.push_str(
            &serde_yaml::to_string(&source.clone())
                .expect("couldn't serialize source to yaml string"),
        );
        yaml_str.push_str(
            &serde_yaml::to_string(&self.sync_policy)
                .expect("couldn't serialize sync policy to yaml string"),
        );
        yaml_str.push_str(
            &serde_yaml::to_string(&self.revision_history_limit)
                .expect("couldn't serialize revision history to yaml string"),
        );
        serde_yaml::from_str(&yaml_str).expect("Couldn't parse YAML")
    }
 }
--- a/harmony/src/modules/application/features/continuous_delivery.rs
+++ b/harmony/src/modules/application/features/continuous_delivery.rs
@ -2,7 +2,7 @@ use std::{io::Write, process::Command, sync::Arc};
 use async_trait::async_trait;
 use log::{error, info};
-use serde_json::Value;
+use serde_yaml::Value;
 use tempfile::NamedTempFile;
 use crate::{
@ -212,9 +212,12 @@ impl<
 /// For now this is entirely bound to K8s / ArgoCD, will have to be revisited when we support
 /// more CD systems
 pub struct CDApplicationConfig {
-    version: Version,
+    pub version: Version,
-    helm_chart_url: Url,
+    pub helm_chart_repo_url: Url,
-    values_overrides: Value,
+    pub helm_chart_name: String,
    pub values_overrides: Value,
    pub name: String,
    pub namespace: String,
 }
 pub trait ContinuousDeliveryApplication {
--- a/harmony/src/modules/application/features/helm_argocd_score.rs
+++ b/harmony/src/modules/application/features/helm_argocd_score.rs
@ -0,0 +1,922 @@
 use non_blank_string_rs::NonBlankString;
 use std::str::FromStr;
 use crate::modules::helm::chart::{HelmChartScore, HelmRepository};
 pub fn argo_helm_chart_score(namespace: String, openshift: bool, domain: String) -> HelmChartScore {
    let values = format!(
        r#"
 # -- Create aggregated roles that extend existing cluster roles to interact with argo-cd resources
 ## Ref: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#aggregated-clusterroles
 createAggregateRoles: false
 # -- Create cluster roles for cluster-wide installation.
 ## Used when you manage applications in the same cluster where Argo CD runs
 createClusterRoles: true
 openshift:
  # -- enables using arbitrary uid for argo repo server
  enabled: {openshift}
 ## Custom resource configuration
 crds:
  # -- Install and upgrade CRDs
  install: true
  # -- Keep CRDs on chart uninstall
  keep: true
  # -- Annotations to be added to all CRDs
  annotations: {{}}
  # -- Addtional labels to be added to all CRDs
  additionalLabels: {{}}
 ## Globally shared configuration
 global:
  # -- Default domain used by all components
  ## Used for ingresses, certificates, SSO, notifications, etc.
  domain: {domain}
  # -- Runtime class name for all components
  runtimeClassName: ""
  # -- Common labels for the all resources
  additionalLabels: {{}}
    # app: argo-cd
  # -- Number of old deployment ReplicaSets to retain. The rest will be garbage collected.
  revisionHistoryLimit: 3
  # Default image used by all components
  image:
    # -- If defined, a repository applied to all Argo CD deployments
    repository: quay.io/argoproj/argocd
    # -- Overrides the global Argo CD image tag whose default is the chart appVersion
    tag: ""
    # -- If defined, a imagePullPolicy applied to all Argo CD deployments
    imagePullPolicy: IfNotPresent
  # -- Secrets with credentials to pull images from a private registry
  imagePullSecrets: []
  # Default logging options used by all components
  logging:
    # -- Set the global logging format. Either: `text` or `json`
    format: text
    # -- Set the global logging level. One of: `debug`, `info`, `warn` or `error`
    level: info
 ## Argo Configs
 configs:
  # General Argo CD configuration. Any values you put under `.configs.cm` are passed to argocd-cm ConfigMap.
  ## Ref: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/argocd-cm.yaml
  cm:
    # -- Create the argocd-cm configmap for [declarative setup]
    create: true
    # -- Enable local admin user
    ## Ref: https://argo-cd.readthedocs.io/en/latest/faq/#how-to-disable-admin-user
    admin.enabled: true
    # -- Timeout to discover if a new manifests version got published to the repository
    timeout.reconciliation: 180s
    # -- Timeout to refresh application data as well as target manifests cache
    timeout.hard.reconciliation: 0s
  # Argo CD configuration parameters
  ## Ref: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/argocd-cmd-params-cm.yaml
  params:
    # -- Create the argocd-cmd-params-cm configmap
    # If false, it is expected the configmap will be created by something else.
    create: true
    # -- Enables [Applications in any namespace]
    ## List of additional namespaces where applications may be created in and reconciled from.
    ## The namespace where Argo CD is installed to will always be allowed.
    ## Set comma-separated list. (e.g. app-team-one, app-team-two)
    application.namespaces: ""
  # Argo CD RBAC policy configuration
  ## Ref: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/rbac.md
  rbac:
    # -- Create the argocd-rbac-cm configmap with ([Argo CD RBAC policy]) definitions.
    # If false, it is expected the configmap will be created by something else.
    # Argo CD will not work if there is no configmap created with the name above.
    create: true
    # -- Annotations to be added to argocd-rbac-cm configmap
    annotations: {{}}
    # -- The name of the default role which Argo CD will falls back to, when authorizing API requests (optional).
    # If omitted or empty, users may be still be able to login, but will see no apps, projects, etc...
    policy.default: ''
    # -- File containing user-defined policies and role definitions.
    # @default -- `''` (See [values.yaml])
    policy.csv: ''
    # Policy rules are in the form:
    #  p, subject, resource, action, object, effect
    # Role definitions and bindings are in the form:
    #  g, subject, inherited-subject
    # policy.csv: |
    #   p, role:org-admin, applications, *, */*, allow
    #   p, role:org-admin, clusters, get, *, allow
    #   p, role:org-admin, repositories, *, *, allow
    #   p, role:org-admin, logs, get, *, allow
    #   p, role:org-admin, exec, create, */*, allow
    #   g, your-github-org:your-team, role:org-admin
    # -- OIDC scopes to examine during rbac enforcement (in addition to `sub` scope).
    # The scope value can be a string, or a list of strings.
    scopes: "[groups]"
    # -- Matcher function for Casbin, `glob` for glob matcher and `regex` for regex matcher.
    policy.matchMode: "glob"
  # GnuPG public keys for commit verification
  ## Ref: https://argo-cd.readthedocs.io/en/stable/user-guide/gpg-verification/
  gpg:
    # -- Annotations to be added to argocd-gpg-keys-cm configmap
    annotations: {{}}
    # -- [GnuPG] public keys to add to the keyring
    # @default -- `{{}}` (See [values.yaml])
    ## Note: Public keys should be exported with `gpg --export --armor <KEY>`
    keys: {{}}
      # 4AEE18F83AFDEB23: |
      #   -----BEGIN PGP PUBLIC KEY BLOCK-----
      #   ...
      #   -----END PGP PUBLIC KEY BLOCK-----
  # SSH known hosts for Git repositories
  ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#ssh-known-host-public-keys
  ssh:
    # -- Specifies if the argocd-ssh-known-hosts-cm configmap should be created by Helm.
    create: true
    # -- Annotations to be added to argocd-ssh-known-hosts-cm configmap
    annotations: {{}}
    # -- Known hosts to be added to the known host list by default.
    # @default -- See [values.yaml]
    knownHosts: |
      [ssh.github.com]:443 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=
      [ssh.github.com]:443 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl
      [ssh.github.com]:443 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk=
      bitbucket.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPIQmuzMBuKdWeF4+a2sjSSpBK0iqitSQ+5BM9KhpexuGt20JpTVM7u5BDZngncgrqDMbWdxMWWOGtZ9UgbqgZE=
      bitbucket.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIazEu89wgQZ4bqs3d63QSMzYVa0MuJ2e2gKTKqu+UUO
      bitbucket.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDQeJzhupRu0u0cdegZIa8e86EG2qOCsIsD1Xw0xSeiPDlCr7kq97NLmMbpKTX6Esc30NuoqEEHCuc7yWtwp8dI76EEEB1VqY9QJq6vk+aySyboD5QF61I/1WeTwu+deCbgKMGbUijeXhtfbxSxm6JwGrXrhBdofTsbKRUsrN1WoNgUa8uqN1Vx6WAJw1JHPhglEGGHea6QICwJOAr/6mrui/oB7pkaWKHj3z7d1IC4KWLtY47elvjbaTlkN04Kc/5LFEirorGYVbt15kAUlqGM65pk6ZBxtaO3+30LVlORZkxOh+LKL/BvbZ/iRNhItLqNyieoQj/uh/7Iv4uyH/cV/0b4WDSd3DptigWq84lJubb9t/DnZlrJazxyDCulTmKdOR7vs9gMTo+uoIrPSb8ScTtvw65+odKAlBj59dhnVp9zd7QUojOpXlL62Aw56U4oO+FALuevvMjiWeavKhJqlR7i5n9srYcrNV7ttmDw7kf/97P5zauIhxcjX+xHv4M=
      github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=
      github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl
      github.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk=
      gitlab.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY=
      gitlab.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf
      gitlab.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bNKTBSpIYDEGk9KxsGh3mySTRgMtXL583qmBpzeQ+jqCMRgBqB98u3z++J1sKlXHWfM9dyhSevkMwSbhoR8XIq/U0tCNyokEi/ueaBMCvbcTHhO7FcwzY92WK4Yt0aGROY5qX2UKSeOvuP4D6TPqKF1onrSzH9bx9XUf2lEdWT/ia1NEKjunUqu1xOB/StKDHMoX4/OKyIzuS0q/T1zOATthvasJFoPrAjkohTyaDUz2LN5JoH839hViyEG82yB+MjcFV5MU3N1l1QL3cVUCh93xSaua1N85qivl+siMkPGbO5xR/En4iEY6K2XPASUEMaieWVNTRCtJ4S8H+9
      ssh.dev.azure.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H
      vs-ssh.visualstudio.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H
    # -- Additional known hosts for private repositories
    extraHosts: ''
  # Repository TLS certificates
  # Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#repositories-using-self-signed-tls-certificates-or-are-signed-by-custom-ca
  tls:
    # -- Annotations to be added to argocd-tls-certs-cm configmap
    annotations: {{}}
    # -- TLS certificates for Git repositories
    # @default -- `{{}}` (See [values.yaml])
    certificates: {{}}
      # server.example.com: |
      #   -----BEGIN CERTIFICATE-----
      #   ...
      #   -----END CERTIFICATE-----
    # -- Specifies if the argocd-tls-certs-cm configmap should be created by Helm.
    create: true
  # -- Repositories list to be used by applications
  ## Creates a secret for each key/value specified below to create repositories
  ## Note: the last example in the list would use a repository credential template, configured under "configs.credentialTemplates".
  repositories: {{}}
    # istio-helm-repo:
    #   url: https://storage.googleapis.com/istio-prerelease/daily-build/master-latest-daily/charts
    #   name: istio.io
    #   type: helm
    # private-helm-repo:
    #   url: https://my-private-chart-repo.internal
    #   name: private-repo
    #   type: helm
    #   password: my-password
    #   username: my-username
    # private-repo:
    #   url: https://github.com/argoproj/private-repo
  # -- Annotations to be added to `configs.repositories` Secret
  repositoriesAnnotations: {{}}
  # Argo CD sensitive data
  # Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/user-management/#sensitive-data-and-sso-client-secrets
  secret:
    # -- Create the argocd-secret
    createSecret: true
 ## Application controller
 controller:
  # -- Application controller name string
  name: application-controller
  # -- The number of application controller pods to run.
  # Additional replicas will cause sharding of managed clusters across number of replicas.
  ## With dynamic cluster distribution turned on, sharding of the clusters will gracefully
  ## rebalance if the number of replica's changes or one becomes unhealthy. (alpha)
  replicas: 1
  # -- Maximum number of controller revisions that will be maintained in StatefulSet history
  revisionHistoryLimit: 5
  # -- Resource limits and requests for the application controller pods
  resources: {{}}
  #  limits:
  #    cpu: 500m
  #    memory: 512Mi
  #  requests:
  #    cpu: 250m
  #    memory: 256Mi
  # Application controller container ports
  containerPorts:
    # -- Metrics container port
    metrics: 8082
  serviceAccount:
    # -- Create a service account for the application controller
    create: true
    # -- Service account name
    name: argocd-application-controller
    # -- Annotations applied to created service account
    annotations: {{}}
    # -- Labels applied to created service account
    labels: {{}}
    # -- Automount API credentials for the Service Account
    automountServiceAccountToken: true
  ## Application controller metrics configuration
  metrics:
    # -- Deploy metrics service
    enabled: true
    # -- Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used.
    scrapeTimeout: ""
    applicationLabels:
      # -- Enables additional labels in argocd_app_labels metric
      enabled: false
      # -- Additional labels
      labels: []
    service:
      # -- Metrics service type
      type: ClusterIP
      # -- Metrics service clusterIP. `None` makes a "headless service" (no virtual IP)
      clusterIP: ""
      # -- Metrics service annotations
      annotations: {{}}
      # -- Metrics service labels
      labels: {{}}
      # -- Metrics service port
      servicePort: 8082
      # -- Metrics service port name
      portName: http-metrics
    serviceMonitor:
      # -- Enable a prometheus ServiceMonitor
      enabled: true
      # -- Prometheus ServiceMonitor interval
      interval: 30s
      # -- When true, honorLabels preserves the metric’s labels when they collide with the target’s labels.
      honorLabels: false
      # -- Prometheus [RelabelConfigs] to apply to samples before scraping
      relabelings: []
      # -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion
      metricRelabelings: []
      # -- Prometheus ServiceMonitor selector
      selector: {{}}
        # prometheus: kube-prometheus
      # -- Prometheus ServiceMonitor scheme
      scheme: ""
      # -- Prometheus ServiceMonitor tlsConfig
      tlsConfig: {{}}
      # -- Prometheus ServiceMonitor namespace
      namespace: "" # "monitoring"
      # -- Prometheus ServiceMonitor labels
      additionalLabels: {{}}
      # -- Prometheus ServiceMonitor annotations
      annotations: {{}}
    rules:
      # -- Deploy a PrometheusRule for the application controller
      enabled: false
      # -- PrometheusRule namespace
      namespace: "" # "monitoring"
      # -- PrometheusRule selector
      selector: {{}}
        # prometheus: kube-prometheus
      # -- PrometheusRule labels
      additionalLabels: {{}}
      # -- PrometheusRule annotations
      annotations: {{}}
      # -- PrometheusRule.Spec for the application controller
      spec: []
 ## Dex
 dex:
  # -- Enable dex
  enabled: false
 ## Redis
 redis:
  # -- Enable redis
  enabled: true
  # -- Redis name
  name: redis
  ## Redis image
  image:
    # -- Redis repository
    repository: ecr-public.aws.com/docker/library/redis
    # -- Redis tag
    ## Do not upgrade to >= 7.4.0, otherwise you are no longer using an open source version of Redis
    tag: 7.2.8-alpine
    # -- Redis image pull policy
    # @default -- `""` (defaults to global.image.imagePullPolicy)
    imagePullPolicy: ""
  ## Prometheus redis-exporter sidecar
  exporter:
    # -- Enable Prometheus redis-exporter sidecar
    enabled: true
    # -- Environment variables to pass to the Redis exporter
    env: []
    ## Prometheus redis-exporter image
    image:
      # -- Repository to use for the redis-exporter
      repository: ghcr.io/oliver006/redis_exporter
      # -- Tag to use for the redis-exporter
      tag: v1.74.0
      # -- Image pull policy for the redis-exporter
      # @default -- `""` (defaults to global.image.imagePullPolicy)
      imagePullPolicy: ""
    ## Probes for Redis exporter (optional)
    ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
    readinessProbe:
      # -- Enable Kubernetes liveness probe for Redis exporter (optional)
      enabled: false
      # -- Number of seconds after the container has started before [probe] is initiated
      initialDelaySeconds: 30
      # -- How often (in seconds) to perform the [probe]
      periodSeconds: 15
      # -- Number of seconds after which the [probe] times out
      timeoutSeconds: 15
      # -- Minimum consecutive successes for the [probe] to be considered successful after having failed
      successThreshold: 1
      # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
      failureThreshold: 5
    livenessProbe:
      # -- Enable Kubernetes liveness probe for Redis exporter
      enabled: false
      # -- Number of seconds after the container has started before [probe] is initiated
      initialDelaySeconds: 30
      # -- How often (in seconds) to perform the [probe]
      periodSeconds: 15
      # -- Number of seconds after which the [probe] times out
      timeoutSeconds: 15
      # -- Minimum consecutive successes for the [probe] to be considered successful after having failed
      successThreshold: 1
      # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
      failureThreshold: 5
    # -- Resource limits and requests for redis-exporter sidecar
    resources:
      limits:
        cpu: 50m
        memory: 64Mi
      requests:
        cpu: 10m
        memory: 32Mi
  ## Probes for Redis server (optional)
  ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
  readinessProbe:
    # -- Enable Kubernetes liveness probe for Redis server
    enabled: false
    # -- Number of seconds after the container has started before [probe] is initiated
    initialDelaySeconds: 30
    # -- How often (in seconds) to perform the [probe]
    periodSeconds: 15
    # -- Number of seconds after which the [probe] times out
    timeoutSeconds: 15
    # -- Minimum consecutive successes for the [probe] to be considered successful after having failed
    successThreshold: 1
    # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
    failureThreshold: 5
  livenessProbe:
    # -- Enable Kubernetes liveness probe for Redis server
    enabled: false
    # -- Number of seconds after the container has started before [probe] is initiated
    initialDelaySeconds: 30
    # -- How often (in seconds) to perform the [probe]
    periodSeconds: 15
    # -- Number of seconds after which the [probe] times out
    timeoutSeconds: 15
    # -- Minimum consecutive successes for the [probe] to be considered successful after having failed
    successThreshold: 1
    # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
    failureThreshold: 5
  # -- Resource limits and requests for redis
  resources:
    limits:
      cpu: 200m
      memory: 128Mi
    requests:
      cpu: 100m
      memory: 64Mi
  metrics:
    # -- Deploy metrics service
    enabled: true
    # Redis metrics service configuration
    service:
      # -- Metrics service type
      type: ClusterIP
      # -- Metrics service clusterIP. `None` makes a "headless service" (no virtual IP)
      clusterIP: None
      # -- Metrics service annotations
      annotations: {{}}
      # -- Metrics service labels
      labels: {{}}
      # -- Metrics service port
      servicePort: 9121
      # -- Metrics service port name
      portName: http-metrics
    serviceMonitor:
      # -- Enable a prometheus ServiceMonitor
      enabled: true
      # -- Interval at which metrics should be scraped
      interval: 30s
      # -- When true, honorLabels preserves the metric’s labels when they collide with the target’s labels.
      honorLabels: false
      # -- Prometheus [RelabelConfigs] to apply to samples before scraping
      relabelings: []
      # -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion
      metricRelabelings: []
      # -- Prometheus ServiceMonitor selector
      selector: {{}}
        # prometheus: kube-prometheus
      # -- Prometheus ServiceMonitor scheme
      scheme: ""
      # -- Prometheus ServiceMonitor tlsConfig
      tlsConfig: {{}}
      # -- Prometheus ServiceMonitor namespace
      namespace: "" # "monitoring"
      # -- Prometheus ServiceMonitor labels
      additionalLabels: {{}}
      # -- Prometheus ServiceMonitor annotations
      annotations: {{}}
 ## Server
 server:
  # -- Argo CD server name
  name: server
  # -- The number of server pods to run
  replicas: 1
  # -- Resource limits and requests for the Argo CD server
  resources: {{}}
  #  limits:
  #    cpu: 100m
  #    memory: 128Mi
  #  requests:
  #    cpu: 50m
  #    memory: 64Mi
  ## Server metrics service configuration
  metrics:
    # -- Deploy metrics service
    enabled: true
    service:
      # -- Metrics service type
      type: ClusterIP
      # -- Metrics service clusterIP. `None` makes a "headless service" (no virtual IP)
      clusterIP: ""
      # -- Metrics service annotations
      annotations: {{}}
      # -- Metrics service labels
      labels: {{}}
      # -- Metrics service port
      servicePort: 8083
      # -- Metrics service port name
      portName: http-metrics
    serviceMonitor:
      # -- Enable a prometheus ServiceMonitor
      enabled: true
      # -- Prometheus ServiceMonitor interval
      interval: 30s
      # -- Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used.
      scrapeTimeout: ""
      # -- When true, honorLabels preserves the metric’s labels when they collide with the target’s labels.
      honorLabels: false
      # -- Prometheus [RelabelConfigs] to apply to samples before scraping
      relabelings: []
      # -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion
      metricRelabelings: []
      # -- Prometheus ServiceMonitor selector
      selector: {{}}
        # prometheus: kube-prometheus
      # -- Prometheus ServiceMonitor scheme
      scheme: ""
      # -- Prometheus ServiceMonitor tlsConfig
      tlsConfig: {{}}
      # -- Prometheus ServiceMonitor namespace
      namespace: ""  # monitoring
      # -- Prometheus ServiceMonitor labels
      additionalLabels: {{}}
      # -- Prometheus ServiceMonitor annotations
      annotations: {{}}
  # Argo CD server ingress configuration
  ingress:
    # -- Enable an ingress resource for the Argo CD server
    enabled: false
    # -- Specific implementation for ingress controller. One of `generic`, `aws` or `gke`
    ## Additional configuration might be required in related configuration sections
    controller: generic
    # -- Additional ingress labels
    labels: {{}}
    # -- Additional ingress annotations
    ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#option-1-ssl-passthrough
    annotations: {{}}
      # nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
      # nginx.ingress.kubernetes.io/ssl-passthrough: "true"
    # -- Defines which ingress controller will implement the resource
    ingressClassName: ""
    # -- Argo CD server hostname
    # @default -- `""` (defaults to global.domain)
    hostname: ""
    # -- The path to Argo CD server
    path: /
    # -- Ingress path type. One of `Exact`, `Prefix` or `ImplementationSpecific`
    pathType: Prefix
    # -- Enable TLS configuration for the hostname defined at `server.ingress.hostname`
    ## TLS certificate will be retrieved from a TLS secret `argocd-server-tls`
    ## You can create this secret via `certificate` or `certificateSecret` option
    tls: false
    # -- The list of additional hostnames to be covered by ingress record
    # @default -- `[]` (See [values.yaml])
    extraHosts: []
      # - name: argocd.example.com
      #   path: /
    # -- Additional ingress paths
    # @default -- `[]` (See [values.yaml])
    ## Note: Supports use of custom Helm templates
    extraPaths: []
      # - path: /*
      #   pathType: Prefix
      #   backend:
      #     service:
      #       name: ssl-redirect
      #       port:
      #         name: use-annotation
    # -- Additional ingress rules
    # @default -- `[]` (See [values.yaml])
    ## Note: Supports use of custom Helm templates
    extraRules: []
      # - http:
      #     paths:
      #     - path: /
      #       pathType: Prefix
      #       backend:
      #         service:
      #           name: '{{{{ include "argo-cd.server.fullname" . }}}}'
      #           port:
      #             name: '{{{{ .Values.server.service.servicePortHttpsName }}}}'
    # -- Additional TLS configuration
    # @default -- `[]` (See [values.yaml])
    extraTls: []
      # - hosts:
      #   - argocd.example.com
      #   secretName: your-certificate-name
  # Create a OpenShift Route with SSL passthrough for UI and CLI
  # Consider setting 'hostname' e.g. https://argocd.apps-crc.testing/ using your Default Ingress Controller Domain
  # Find your domain with: kubectl describe --namespace=openshift-ingress-operator ingresscontroller/default | grep Domain:
  # If 'hostname' is an empty string "" OpenShift will create a hostname for you.
  route:
    # -- Enable an OpenShift Route for the Argo CD server
    enabled: {openshift}
    # -- Openshift Route annotations
    annotations: {{}}
    # -- Hostname of OpenShift Route
    hostname: ""
    # -- Termination type of Openshift Route
    termination_type: passthrough
    # -- Termination policy of Openshift Route
    termination_policy: None
 ## Repo Server
 repoServer:
  # -- Repo server name
  name: repo-server
  # -- The number of repo server pods to run
  replicas: 1
  # -- Resource limits and requests for the repo server pods
  resources: {{}}
  #  limits:
  #    cpu: 50m
  #    memory: 128Mi
  #  requests:
  #    cpu: 10m
  #    memory: 64Mi
  ## Repo server metrics service configuration
  metrics:
    # -- Deploy metrics service
    enabled: true
    service:
      # -- Metrics service type
      type: ClusterIP
      # -- Metrics service clusterIP. `None` makes a "headless service" (no virtual IP)
      clusterIP: ""
      # -- Metrics service annotations
      annotations: {{}}
      # -- Metrics service labels
      labels: {{}}
      # -- Metrics service port
      servicePort: 8084
      # -- Metrics service port name
      portName: http-metrics
    serviceMonitor:
      # -- Enable a prometheus ServiceMonitor
      enabled: true
      # -- Prometheus ServiceMonitor interval
      interval: 30s
      # -- Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used.
      scrapeTimeout: ""
      # -- When true, honorLabels preserves the metric’s labels when they collide with the target’s labels.
      honorLabels: false
      # -- Prometheus [RelabelConfigs] to apply to samples before scraping
      relabelings: []
      # -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion
      metricRelabelings: []
      # -- Prometheus ServiceMonitor selector
      selector: {{}}
        # prometheus: kube-prometheus
      # -- Prometheus ServiceMonitor scheme
      scheme: ""
      # -- Prometheus ServiceMonitor tlsConfig
      tlsConfig: {{}}
      # -- Prometheus ServiceMonitor namespace
      namespace: "" # "monitoring"
      # -- Prometheus ServiceMonitor labels
      additionalLabels: {{}}
      # -- Prometheus ServiceMonitor annotations
      annotations: {{}}
 ## ApplicationSet controller
 applicationSet:
  # -- ApplicationSet controller name string
  name: applicationset-controller
  # -- The number of ApplicationSet controller pods to run
  replicas: 1
  ## Metrics service configuration
  metrics:
    # -- Deploy metrics service
    enabled: true
    service:
      # -- Metrics service type
      type: ClusterIP
      # -- Metrics service clusterIP. `None` makes a "headless service" (no virtual IP)
      clusterIP: ""
      # -- Metrics service annotations
      annotations: {{}}
      # -- Metrics service labels
      labels: {{}}
      # -- Metrics service port
      servicePort: 8080
      # -- Metrics service port name
      portName: http-metrics
    serviceMonitor:
      # -- Enable a prometheus ServiceMonitor
      enabled: true
      # -- Prometheus ServiceMonitor interval
      interval: 30s
      # -- Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used.
      scrapeTimeout: ""
      # -- When true, honorLabels preserves the metric’s labels when they collide with the target’s labels.
      honorLabels: false
      # -- Prometheus [RelabelConfigs] to apply to samples before scraping
      relabelings: []
      # -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion
      metricRelabelings: []
      # -- Prometheus ServiceMonitor selector
      selector: {{}}
        # prometheus: kube-prometheus
      # -- Prometheus ServiceMonitor scheme
      scheme: ""
      # -- Prometheus ServiceMonitor tlsConfig
      tlsConfig: {{}}
      # -- Prometheus ServiceMonitor namespace
      namespace: ""  # monitoring
      # -- Prometheus ServiceMonitor labels
      additionalLabels: {{}}
      # -- Prometheus ServiceMonitor annotations
      annotations: {{}}
  # -- Resource limits and requests for the ApplicationSet controller pods.
  resources: {{}}
    # limits:
    #   cpu: 100m
    #   memory: 128Mi
    # requests:
    #   cpu: 100m
    #   memory: 128Mi
  # -- Enable ApplicationSet in any namespace feature
  allowAnyNamespace: false
 ## Notifications controller
 notifications:
  # -- Enable notifications controller
  enabled: true
  # -- Notifications controller name string
  name: notifications-controller
  # -- Argo CD dashboard url; used in place of {{{{.context.argocdUrl}}}} in templates
  # @default -- `""` (defaults to https://`global.domain`)
  argocdUrl: ""
  secret:
    # -- Whether helm chart creates notifications controller secret
    ## If true, will create a secret with the name below. Otherwise, will assume existence of a secret with that name.
    create: true
    # -- notifications controller Secret name
    name: "argocd-notifications-secret"
    # -- Generic key:value pairs to be inserted into the secret
    ## Can be used for templates, notification services etc. Some examples given below.
    ## For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/services/overview/
    items: {{}}
      # slack-token:
      #   # For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/services/slack/
      # grafana-apiKey:
      #   # For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/services/grafana/
      # webhooks-github-token:
      # email-username:
      # email-password:
        # For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/services/email/
  metrics:
    # -- Enables prometheus metrics server
    enabled: true
    # -- Metrics port
    port: 9001
    service:
      # -- Metrics service type
      type: ClusterIP
      # -- Metrics service clusterIP. `None` makes a "headless service" (no virtual IP)
      clusterIP: ""
      # -- Metrics service annotations
      annotations: {{}}
      # -- Metrics service labels
      labels: {{}}
      # -- Metrics service port name
      portName: http-metrics
    serviceMonitor:
      # -- Enable a prometheus ServiceMonitor
      enabled: true
      # -- Prometheus ServiceMonitor selector
      selector: {{}}
        # prometheus: kube-prometheus
      # -- Prometheus ServiceMonitor labels
      additionalLabels: {{}}
      # -- Prometheus ServiceMonitor annotations
      annotations: {{}}
      # namespace: monitoring
      # interval: 30s
      # scrapeTimeout: 10s
      # -- Prometheus ServiceMonitor scheme
      scheme: ""
      # -- Prometheus ServiceMonitor tlsConfig
      tlsConfig: {{}}
      # -- When true, honorLabels preserves the metric’s labels when they collide with the target’s labels.
      honorLabels: false
      # -- Prometheus [RelabelConfigs] to apply to samples before scraping
      relabelings: []
      # -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion
      metricRelabelings: []
  # -- Configures notification services such as slack, email or custom webhook
  # @default -- See [values.yaml]
  ## For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/services/overview/
  notifiers: {{}}
    # service.slack: |
    #   token: $slack-token
  # -- Resource limits and requests for the notifications controller
  resources: {{}}
    # limits:
    #   cpu: 100m
    #   memory: 128Mi
    # requests:
    #   cpu: 100m
    #   memory: 128Mi
  cm:
    # -- Whether helm chart creates notifications controller config map
    create: true
  # -- Contains centrally managed global application subscriptions
  ## For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/subscriptions/
  subscriptions: []
    # # subscription for on-sync-status-unknown trigger notifications
    # - recipients:
    #   - slack:test2
    #   - email:test@gmail.com
    #   triggers:
    #   - on-sync-status-unknown
    # # subscription restricted to applications with matching labels only
    # - recipients:
    #   - slack:test3
    #   selector: test=true
    #   triggers:
    #   - on-sync-status-unknown
  # -- The notification template is used to generate the notification content
  ## For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/templates/
  templates: {{}}
 commitServer:
  # -- Enable commit server
  enabled: false
 "#,
    );
    HelmChartScore {
        namespace: Some(NonBlankString::from_str(&namespace).unwrap()),
        release_name: NonBlankString::from_str("argo-cd").unwrap(),
        chart_name: NonBlankString::from_str("argo/argo-cd").unwrap(),
        chart_version: Some(NonBlankString::from_str("8.1.2").unwrap()),
        values_overrides: None,
        values_yaml: Some(values.to_string()),
        create_namespace: true,
        install_only: false,
        repository: Some(HelmRepository::new(
            "argo".to_string(),
            url::Url::parse("https://argoproj.github.io/argo-helm").unwrap(),
            true,
        )),
    }
 }
--- a/harmony/src/modules/application/features/mod.rs
+++ b/harmony/src/modules/application/features/mod.rs
@ -6,3 +6,9 @@ pub use monitoring::*;
 mod continuous_delivery;
 pub use continuous_delivery::*;
 mod helm_argocd_score;
 pub use helm_argocd_score::*;
 mod argo_types;
 pub use argo_types::*;
Author	SHA1	Message	Date
Jean-Gabriel Gill-Couture	7b0f3b79b1	Merge remote-tracking branch 'origin/master' into feat/oci All checks were successful Run Check Script / check (pull_request) Successful in -8s Details	2025-07-03 15:36:52 -04:00
Taha Hawa	b4f5b91a57	feat: WIP argocd_score (#78 ) Some checks are pending Compile and package harmony_composer / package_harmony_composer (push) Waiting to run Details Run Check Script / check (push) Successful in -8s Details Co-authored-by: tahahawa <tahahawa@gmail.com> Reviewed-on: https://git.nationtech.io/NationTech/harmony/pulls/78 Reviewed-by: johnride <jg@nationtech.io> Co-authored-by: Taha Hawa <taha@taha.dev> Co-committed-by: Taha Hawa <taha@taha.dev>	2025-07-03 19:30:00 +00:00