From 9afa1732bb35ea1a2936540db57aee65bd936218 Mon Sep 17 00:00:00 2001 From: Andrii Shaforostov Date: Wed, 18 Mar 2026 17:08:42 +0200 Subject: [PATCH 1/4] feat: add ABAC validation to the application existence query (#1127) If a user does not have permission to view an application, it will appear as if the application does not exist. Without this update, a user can open the application page and see it in a broken state because nested queries return Forbidden errors. --- charts/gitops-runtime/README.md | 8 ++++---- charts/gitops-runtime/values.yaml | 4 ++-- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/charts/gitops-runtime/README.md b/charts/gitops-runtime/README.md index e25c46670..413b8ad95 100644 --- a/charts/gitops-runtime/README.md +++ b/charts/gitops-runtime/README.md @@ -511,14 +511,14 @@ global: | app-proxy.image-enrichment.serviceAccount.name | string | `"codefresh-image-enrichment-sa"` | Name of the service account to create or the name of the existing one to use | | app-proxy.image.pullPolicy | string | `"IfNotPresent"` | | | app-proxy.image.repository | string | `"quay.io/codefresh/cap-app-proxy"` | | -| app-proxy.image.tag | string | `"1.4068.0"` | | +| app-proxy.image.tag | string | `"1.4072.0"` | | | app-proxy.imagePullSecrets | list | `[]` | | | app-proxy.initContainer.command[0] | string | `"./init.sh"` | | | app-proxy.initContainer.env | object | `{}` | | | app-proxy.initContainer.extraVolumeMounts | list | `[]` | Extra volume mounts for init container | | app-proxy.initContainer.image.pullPolicy | string | `"IfNotPresent"` | | | app-proxy.initContainer.image.repository | string | `"quay.io/codefresh/cap-app-proxy-init"` | | -| app-proxy.initContainer.image.tag | string | `"1.4068.0"` | | +| app-proxy.initContainer.image.tag | string | `"1.4072.0"` | | | app-proxy.initContainer.resources.limits | object | `{}` | | | app-proxy.initContainer.resources.requests.cpu | string | `"0.2"` | | | app-proxy.initContainer.resources.requests.memory | string | `"256Mi"` | | @@ -589,7 +589,7 @@ global: | argo-cd.redis-ha.image.tag | string | `"8.2.2-alpine"` | Redis tag | | argo-cd.redis.image.repository | string | `"ecr-public.aws.com/docker/library/redis"` | Redis repository | | argo-cd.redis.image.tag | string | `"8.2.2-alpine"` | Redis tag | -| argo-gateway | object | `{"affinity":{},"hpa":{"enabled":true,"maxReplicas":10,"minReplicas":1,"targetCPUUtilizationPercentage":70},"image":{"registry":"quay.io","repository":"codefresh/cf-argocd-extras","tag":"bc37d62"},"livenessProbe":{"failureThreshold":3,"initialDelaySeconds":10,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":10},"nodeSelector":{},"pdb":{"enabled":true,"maxUnavailable":"","minAvailable":"50%"},"readinessProbe":{"failureThreshold":3,"initialDelaySeconds":10,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":10},"resources":{"requests":{"cpu":"100m","memory":"128Mi"}},"service":{"type":"ClusterIP"},"serviceAccount":{"create":true},"serviceMonitor":{"enabled":false,"interval":"30s","labels":{},"scrapeTimeout":"10s"},"tolerations":[]}` | Argo Gateway Argo Gateway is used to perform operations on ArgoCD from Codefresh platform | +| argo-gateway | object | `{"affinity":{},"hpa":{"enabled":true,"maxReplicas":10,"minReplicas":1,"targetCPUUtilizationPercentage":70},"image":{"registry":"quay.io","repository":"codefresh/cf-argocd-extras","tag":"7b43e16"},"livenessProbe":{"failureThreshold":3,"initialDelaySeconds":10,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":10},"nodeSelector":{},"pdb":{"enabled":true,"maxUnavailable":"","minAvailable":"50%"},"readinessProbe":{"failureThreshold":3,"initialDelaySeconds":10,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":10},"resources":{"requests":{"cpu":"100m","memory":"128Mi"}},"service":{"type":"ClusterIP"},"serviceAccount":{"create":true},"serviceMonitor":{"enabled":false,"interval":"30s","labels":{},"scrapeTimeout":"10s"},"tolerations":[]}` | Argo Gateway Argo Gateway is used to perform operations on ArgoCD from Codefresh platform | | argo-workflows.crds.install | bool | `true` | Install and upgrade CRDs | | argo-workflows.enabled | bool | `true` | | | argo-workflows.executor.resources.requests.ephemeral-storage | string | `"10Mi"` | | @@ -681,7 +681,7 @@ global: | global.codefresh.userToken | object | `{"secretKeyRef":{},"token":""}` | User token. Used for runtime registration against the patform. One of token (for plain text value) or secretKeyRef must be provided. | | global.codefresh.userToken.secretKeyRef | object | `{}` | User token that references an existing secret containing the token. | | global.codefresh.userToken.token | string | `""` | User token in plain text. The chart creates and manages the secret for this token. | -| global.event-reporters | object | `{"affinity":{},"config":{},"image":{"registry":"quay.io","repository":"codefresh/cf-argocd-extras","tag":"b8c4451"},"livenessProbe":{"failureThreshold":3,"initialDelaySeconds":10,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":10},"nodeSelector":{},"pdb":{"enabled":true,"maxUnavailable":"","minAvailable":"50%"},"readinessProbe":{"failureThreshold":3,"initialDelaySeconds":10,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":10},"replicaCount":2,"resources":{"requests":{"cpu":"100m","memory":"128Mi"}},"service":{"ports":{"http":{"port":8088,"targetPort":8088},"metrics":{"port":8087,"targetPort":8087}},"type":"ClusterIP"},"serviceAccount":{"create":true},"serviceMonitor":{"enabled":false,"interval":"30s","labels":{},"scrapeTimeout":"10s"},"tolerations":[]}` | Global settings for event reporters Event reporters are used for reporting runtime and cluster resources to Codefresh platform | +| global.event-reporters | object | `{"affinity":{},"config":{},"image":{"registry":"quay.io","repository":"codefresh/cf-argocd-extras","tag":"7b43e16"},"livenessProbe":{"failureThreshold":3,"initialDelaySeconds":10,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":10},"nodeSelector":{},"pdb":{"enabled":true,"maxUnavailable":"","minAvailable":"50%"},"readinessProbe":{"failureThreshold":3,"initialDelaySeconds":10,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":10},"replicaCount":2,"resources":{"requests":{"cpu":"100m","memory":"128Mi"}},"service":{"ports":{"http":{"port":8088,"targetPort":8088},"metrics":{"port":8087,"targetPort":8087}},"type":"ClusterIP"},"serviceAccount":{"create":true},"serviceMonitor":{"enabled":false,"interval":"30s","labels":{},"scrapeTimeout":"10s"},"tolerations":[]}` | Global settings for event reporters Event reporters are used for reporting runtime and cluster resources to Codefresh platform | | global.httpProxy | string | `""` | global HTTP_PROXY for all components | | global.httpsProxy | string | `""` | global HTTPS_PROXY for all components | | global.imageRegistry | string | `""` | | diff --git a/charts/gitops-runtime/values.yaml b/charts/gitops-runtime/values.yaml index 0a3a06ff7..b8ed356d1 100644 --- a/charts/gitops-runtime/values.yaml +++ b/charts/gitops-runtime/values.yaml @@ -459,14 +459,14 @@ app-proxy: tag: 1.1.23-main image: repository: quay.io/codefresh/cap-app-proxy - tag: 1.4068.0 + tag: 1.4072.0 pullPolicy: IfNotPresent # -- Extra volume mounts for main container extraVolumeMounts: [] initContainer: image: repository: quay.io/codefresh/cap-app-proxy-init - tag: 1.4068.0 + tag: 1.4072.0 pullPolicy: IfNotPresent command: - ./init.sh From 3e6a7060e2403d2c3533902237d9fbd4b00bfd06 Mon Sep 17 00:00:00 2001 From: andrii-codefresh Date: Wed, 18 Mar 2026 17:47:10 +0200 Subject: [PATCH 2/4] trigger commit From 14dcecbc60353e420f62734e8c424e4a1a15607c Mon Sep 17 00:00:00 2001 From: andrii-codefresh Date: Wed, 18 Mar 2026 17:54:43 +0200 Subject: [PATCH 3/4] trigger commit From 0cc4dcb8700fa2ce2b2d6b9795520f6d8d322b27 Mon Sep 17 00:00:00 2001 From: andrii-codefresh Date: Wed, 18 Mar 2026 17:56:36 +0200 Subject: [PATCH 4/4] trigger commit