New Task: Argo CD

[AdityaGupta1]

Changes

Created a Task that syncs (deploys) an Argo CD application.

Submitter Checklist

These are the criteria that every PR should meet, please check them off as you
review them:

• Includes docs (if user facing)
• Commit messages follow commit message best practices

See the contribution guide
for more details.

[googlebot]

Thanks for your pull request. It looks like this may be your first contribution to a Google open source project (if not, look below for help). Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

📝 Please visit https://cla.developers.google.com/ to sign.

Once you've signed (or fixed any issues), please reply here (e.g. I signed it!) and we'll verify it.

---

What to do if you already signed the CLA

Individual signers

• It's possible we don't have your GitHub username or you're using a different email address on your commit. Check your existing CLA data and verify that your email is set on your git commits.

Corporate signers

• Your company has a Point of Contact who decides which employees are authorized to participate. Ask your POC to be added to the group of authorized contributors. If you don't know who your Point of Contact is, direct the Google project maintainer to go/cla#troubleshoot (Public version).
• The email used to register you as an authorized contributor must be the email used for the Git commit. Check your existing CLA data and verify that your email is set on your git commits.
• The email used to register you as an authorized contributor must also be attached to your GitHub account.

ℹ️ Googlers: Go here for more info.

[AdityaGupta1]

I signed the CLA

[googlebot]

CLAs look good, thanks!

ℹ️ Googlers: Go here for more info.

[vdemeester]

@AdityaGupta1 Does argocd supports reading authentication from a file. I really think the auth should be passed as secrets (either using env and envFrom with secrets or using mounted secret in the Task steps)

[AdityaGupta1]

@vdemeester would something like the following work?

apiVersion: v1
kind: ConfigMap
metadata:
  name: env-configmap
data:
  ARGOCD_SERVER: <server address>
---
apiVersion: v1
kind: Secret
metadata:
  name: env-secret
data:
  ARGOCD_USERNAME: <base64 encoded username>
  ARGOCD_PASSWORD: <base64 encoded password>
  ARGOCD_AUTH_TOKEN: <base64 encoded token or empty>
---
apiVersion: tekton.dev/v1alpha1
kind: Task
metadata:
  name: argocd-task-sync-and-wait
spec:
  inputs:
    params:
      - name: application-name
        description: name of the application to sync
      - name: revision
        description: the revision to sync to
        default: HEAD
      - name: flags
        default: --
  containerTemplate:
    envFrom:
      - configMapRef:
          name: env-configmap
      - secretRef:
          name: env-secret
  steps:
    - name: login
      image: argoproj/argocd
      command: ["/bin/bash", "-c"]
      args:
        - if [ -z $ARGOCD_AUTH_TOKEN ]; then
            yes | argocd login $ARGOCD_SERVER --username=ARGOCD_USERNAME --password=ARGOCD_PASSWORD;
          fi
    - name: sync
      image: argoproj/argocd
      command: ["/bin/bash", "-c"]
      args:
        - argocd app sync ${inputs.params.application-name} --revision ${inputs.params.revision} ${inputs.params.flags}
    - name: wait
      image: argoproj/argocd
      command: ["/bin/bash", "-c"]
      args:
        - argocd app wait ${inputs.params.application-name} --health ${inputs.params.flags}

If this is what works, I'll commit this along with an updated README with instructions on how to use the ConfigMap and Secret for authentication.

[dlorenc]

/ok-to-test

[dlorenc]

If this is what works, I'll commit this along with an updated README with instructions on how to use the ConfigMap and Secret for authentication.

Yeah this makes sense!

[vdemeester]

    envFrom:
      - configMapRef:
          name: env-configmap
      - secretRef:
          name: env-secret

Those could even be parametrize, aka having a parameter for the task and a default value, letting users use the secret name the want. But it will only work on 0.5.0 (as containerTemplate doesn't support template before tektoncd/pipeline#1006 is merged).

[AdityaGupta1]

@dlorenc I've updated it to use ConfigMap and Secret, and the instructions have been updated to match

[dlorenc]

/lgtm

[dlorenc]

/approve

[tekton-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: AdityaGupta1, dlorenc

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [dlorenc]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[AdityaGupta1]

It seems like there are some bugs with the latest version of Argo CD that prevent it from working, but my internship at Intuit ends today and I doubt I'll have time to work on it afterwards. Reverting to container version 1.0.2 solves the problem for username/password login, but there is still a bug with token login that is being looked into.

[AdityaGupta1]

@vdemeester @dlorenc I just noticed there is a typo in the login command, in that it is missing a $ before ARGOCD_USERNAME and ARGOCD_PASSWORD. Should I submit another pull request to fix that?