Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SHA256 hashes not unique #798

Open
ellisvalentiner opened this issue Jul 31, 2024 · 0 comments
Open

SHA256 hashes not unique #798

ellisvalentiner opened this issue Jul 31, 2024 · 0 comments
Labels
bug Something isn't working

Comments

@ellisvalentiner
Copy link

Describe the bug

When using the argocd-image-updater.argoproj.io/git-branch annotation, Argo CD Image Updater may create new, different branches with different SHA256 hashes.

This causes significant "noise" in creating and closing many Git branches.

To Reproduce

Deploy an Argo CD Application with the argocd-image-updater.argoproj.io/git-branch annotation and multiple container images.

Expected behavior

We expect a single branch to be created with a single, consistent, unique SHA256 hash.

Additional context

The write back git commit often lists only a subset of images in the Application and does not find the {{ .OldTag }}.

Example commit message:

updates image container-1 tag '' to '0.1.27'
updates image container-2 tag '' to '0.4.8'
updates image container-3 tag '' to '1.8.8'
updates image container-7 tag '' to '1.0.1'
updates image container-8 tag '' to '0.2.0'

another example commit message (for the same image tag update):

updates image container-1 tag to 0.1.27
updates image container-2 tag to 0.4.8
updates image container-3 tag to 1.8.8
updates image container-4 tag to 1.1.0
updates image container-5 tag to 0.6.9
updates image container-7 tag to 1.0.1
updates image container-8 tag to 0.2.0

Note that images are listed even when there is no new tag, but also not all image are listed.

Example ApplicationSet:

apiVersion: argoproj.io/v1alpha1
kind: ApplicationSet
metadata:
  name: app-name-set
  namespace: default
  finalizers:
    - resources-finalizer.argocd.argoproj.io
spec:
  goTemplate: true
  generators:
    - matrix:
        generators:
          - list:
              elements:
                - cluster: dev
                  url: https://1.2.3.4
                  tag: latest
                  strategy: digest
                - cluster: stage
                  url: https://5.6.7.8
                  strategy: semver
                - cluster: prod
                  url: https://9.10.11.12
                  strategy: semver
                  pullrequest: true
                  tag: "*"
                  gitbranch: "release/prod-app-name-{{.SHA256}}"
          - list:
              elements:
                - registry: us-east4-docker.pkg.dev/my-company-name/my-company-name-docker
  template:
    metadata:
      name: app-name-{{.cluster}}
      finalizers:
        - resources-finalizer.argocd.argoproj.io
    spec:
      project: default
      source:
        repoURL: [email protected]:my-company-name/k8s-config-repo.git
        targetRevision: '{{ .ref | default "HEAD" }}'
        path: helm/app-name
        helm:
          valueFiles:
            - ../../values/app-name/values.yaml
            - ../../values/app-name/values-{{.cluster}}.yaml
      destination:
        namespace: argo-app-name
        server: "{{.url}}"
      syncPolicy:
        automated:
          prune: true
          selfHeal: true
        syncOptions:
          - RespectIgnoreDifferences=true
      ignoreDifferences:
        - group: argoproj.io
          kind: CronWorkflow
          jsonPointers:
            - /spec/suspend
  templatePatch: |
    metadata:
      annotations:
        argocd.argoproj.io/manifest-generate-paths: .; /values/app-name
        argocd-image-updater.argoproj.io/image-list: |
          container-1={{.registry}}/container-1{{if .tag}}:{{.tag}}{{end}},
          container-2={{.registry}}/container-2{{if .tag}}:{{.tag}}{{end}},
          container-3={{.registry}}/container-3{{if .tag}}:{{.tag}}{{end}},
          container-4={{.registry}}/container-4{{if .tag}}:{{.tag}}{{end}},
          container-5={{.registry}}/container-5{{if .tag}}:{{.tag}}{{end}},
          container-6={{.registry}}/container-6{{if .tag}}:{{.tag}}{{end}},
          google-cloud-cli=gcr.io/google.com/cloudsdktool/google-cloud-cli{{if .tag}}:{{.tag}}{{end}},
          container-7={{.registry}}/container-7{{if .tag}}:{{.tag}}{{end}},
          container-8={{.registry}}/container-8{{if .tag}}:{{.tag}}{{end}}
        argocd-image-updater.argoproj.io/write-back-method: git
        argocd-image-updater.argoproj.io/update-strategy: "{{.strategy}}"
        argocd-image-updater.argoproj.io/pull-secret: pullsecret:default/argocd-image-updater-creds
        argocd-image-updater.argoproj.io/git-branch: "{{ if .pullrequest }}main:{{ .gitbranch }}{{ else }}main{{ end }}"
        argocd-image-updater.argoproj.io/force-update: "true"

Version

ArgoCD Image Updater v0.14.0

Note, we've seen this behavior for a long time and it does not appear to be new to this version.

Logs

No relevant logs.
@ellisvalentiner ellisvalentiner added the bug Something isn't working label Jul 31, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ellisvalentiner