Component: `argocd-repo`

This component is responsible for creating and managing an ArgoCD desired state repository.

Usage

Stack Level: Regional

The following are example snippets of how to use this component:

# stacks/argocd/repo/default.yaml
components:
  terraform:
    argocd-repo:
      vars:
        enabled: true
        github_user: ci-acme
        github_user_email: [email protected]
        github_organization: ACME
        github_codeowner_teams:
          - "@ACME/cloud-admins"
          - "@ACME/cloud-posse"
        # the team must be present in the org where the repository lives
        # team_slug is the name of the team without the org
        # e.g. `@cloudposse/engineering` is just `engineering`
        permissions:
          - team_slug: admins
            permission: admin
          - team_slug: bots
            permission: admin
          - team_slug: engineering
            permission: push

# stacks/argocd/repo/non-prod.yaml
import:
  - catalog/argocd/repo/defaults

components:
  terraform:
    argocd-deploy-non-prod:
      component: argocd-repo
      settings:
        spacelift:
          workspace_enabled: true
      vars:
        name: argocd-deploy-non-prod
        description: "ArgoCD desired state repository (Non-production) for ACME applications"
        environments:
          - tenant: mgmt
            environment: uw2
            stage: sandbox

# stacks/mgmt-gbl-corp.yaml
import:
---
- catalog/argocd/repo/non-prod

If the repository already exists, it will need to be imported (replace names of IAM profile var file accordingly):

$ export TF_VAR_github_token_override=[REDACTED]
$ atmos terraform varfile argocd-deploy-non-prod -s mgmt-gbl-corp
$ cd components/terraform/argocd-repo
$ terraform import -var "import_profile_name=eg-mgmt-gbl-corp-admin" -var-file="mgmt-gbl-corp-argocd-deploy-non-prod.terraform.tfvars.json" "github_repository.default[0]" argocd-deploy-non-prod
$ atmos terraform varfile argocd-deploy-non-prod -s mgmt-gbl-corp
$ cd components/terraform/argocd-repo
$ terraform import -var "import_profile_name=eg-mgmt-gbl-corp-admin" -var-file="mgmt-gbl-corp-argocd-deploy-non-prod.terraform.tfvars.json" "github_branch.default[0]" argocd-deploy-non-prod:main
$ cd components/terraform/argocd-repo
$ terraform import -var "import_profile_name=eg-mgmt-gbl-corp-admin" -var-file="mgmt-gbl-corp-argocd-deploy-non-prod.terraform.tfvars.json" "github_branch_default.default[0]" argocd-deploy-non-prod

Requirements

Name	Version
terraform	>= 1.0.0
aws	>= 4.0
github	>= 4.0
random	>= 2.3
tls	>= 3.0

Providers

Name	Version
aws	>= 4.0
github	>= 4.0
tls	>= 3.0

Modules

Name	Source	Version
iam_roles	../account-map/modules/iam-roles	n/a
store_write	cloudposse/ssm-parameter-store/aws	0.11.0
this	cloudposse/label/null	0.25.0

Resources

Name	Type
github_branch_default.default	resource
github_branch_protection.default	resource
github_repository.default	resource
github_repository_deploy_key.default	resource
github_repository_file.application_set	resource
github_repository_file.codeowners_file	resource
github_repository_file.gitignore	resource
github_repository_file.pull_request_template	resource
github_repository_file.readme	resource
github_team_repository.default	resource
tls_private_key.default	resource
aws_ssm_parameter.github_api_key	data source
github_repository.default	data source
github_team.default	data source
github_user.automation_user	data source

Inputs

Name	Description	Type	Default	Required
additional_tag_map	Additional key-value pairs to add to each map in `tags_as_list_of_maps`. Not added to `tags` or `id`. This is for some rare cases where resources want additional configuration of tags and therefore take a list of maps with tag key, value, and additional configuration.	`map(string)`	`{}`	no
attributes	ID element. Additional attributes (e.g. `workers` or `cluster`) to add to `id`, in the order they appear in the list. New attributes are appended to the end of the list. The elements of the list are joined by the `delimiter` and treated as a single ID element.	`list(string)`	`[]`	no
context	Single object for setting entire context at once. See description of individual variables for details. Leave string and numeric variables as `null` to use default value. Individual variable settings (non-null) override settings in context object, except for attributes, tags, and additional_tag_map, which are merged.	`any`	`{ "additional_tag_map": {}, "attributes": [], "delimiter": null, "descriptor_formats": {}, "enabled": true, "environment": null, "id_length_limit": null, "label_key_case": null, "label_order": [], "label_value_case": null, "labels_as_tags": [ "unset" ], "name": null, "namespace": null, "regex_replace_chars": null, "stage": null, "tags": {}, "tenant": null }`	no
create_repo	Whether or not to create the repository or use an existing one	`bool`	`true`	no
delimiter	Delimiter to be used between ID elements. Defaults to `-` (hyphen). Set to `""` to use no delimiter at all.	`string`	`null`	no
description	The description of the repository	`string`	`null`	no
descriptor_formats	Describe additional descriptors to be output in the `descriptors` output map. Map of maps. Keys are names of descriptors. Values are maps of the form `{<br/> format = string<br/> labels = list(string)<br/>}` (Type is `any` so the map values can later be enhanced to provide additional options.) `format` is a Terraform format string to be passed to the `format()` function. `labels` is a list of labels, in order, to pass to `format()` function. Label values will be normalized before being passed to `format()` so they will be identical to how they appear in `id`. Default is `{}` (`descriptors` output will be empty).	`any`	`{}`	no
enabled	Set to false to prevent the module from creating any resources	`bool`	`null`	no
environment	ID element. Usually used for region e.g. 'uw2', 'us-west-2', OR role 'prod', 'staging', 'dev', 'UAT'	`string`	`null`	no
environments	Environments to populate `applicationset.yaml` files and repository deploy keys (for ArgoCD) for. `auto-sync` determines whether or not the ArgoCD application will be automatically synced. `ignore-differences` determines whether or not the ArgoCD application will ignore the number of replicas in the deployment. Read more on ignore differences here: https://argo-cd.readthedocs.io/en/stable/user-guide/sync-options/#respect-ignore-difference-configs Example: `tenant: plat environment: use1 stage: sandbox auto-sync: true ignore-differences: - group: apps kind: Deployment json-pointers: - /spec/replicas`	`list(object({ tenant = optional(string, null) environment = string stage = string attributes = optional(list(string), []) auto-sync = bool ignore-differences = optional(list(object({ group = string, kind = string, json-pointers = list(string) })), []) }))`	`[]`	no
github_base_url	This is the target GitHub base API endpoint. Providing a value is a requirement when working with GitHub Enterprise. It is optional to provide this value and it can also be sourced from the `GITHUB_BASE_URL` environment variable. The value must end with a slash, for example: `https://terraformtesting-ghe.westus.cloudapp.azure.com/`	`string`	`null`	no
github_codeowner_teams	List of teams to use when populating the CODEOWNERS file. For example: `["@ACME/cloud-admins", "@ACME/cloud-developers"]`.	`list(string)`	n/a	yes
github_default_notifications_enabled	Enable default GitHub commit statuses notifications (required for CD sync mode)	`string`	`true`	no
github_notifications	ArgoCD notification annotations for subscribing to GitHub. The default value given uses the same notification template names as defined in the `eks/argocd` component. If want to add additional notifications, include any existing notifications from this list that you want to keep in addition.	`list(string)`	[ "notifications.argoproj.io/subscribe.on-deploy-started.app-repo-github-commit-status: \"\"", "notifications.argoproj.io/subscribe.on-deploy-started.argocd-repo-github-commit-status: \"\"", "notifications.argoproj.io/subscribe.on-deploy-succeded.app-repo-github-commit-status: \"\"", "notifications.argoproj.io/subscribe.on-deploy-succeded.argocd-repo-github-commit-status: \"\"", "notifications.argoproj.io/subscribe.on-deploy-failed.app-repo-github-commit-status: \"\"", "notifications.argoproj.io/subscribe.on-deploy-failed.argocd-repo-github-commit-status: \"\"" ]	no
github_organization	GitHub Organization	`string`	n/a	yes
github_token_override	Use the value of this variable as the GitHub token instead of reading it from SSM	`string`	`null`	no
github_user	Github user	`string`	n/a	yes
github_user_email	Github user email	`string`	n/a	yes
gitignore_entries	List of .gitignore entries to use when populating the .gitignore file. For example: `[".idea/", ".vscode/"]`.	`list(string)`	n/a	yes
id_length_limit	Limit `id` to this many characters (minimum 6). Set to `0` for unlimited length. Set to `null` for keep the existing setting, which defaults to `0`. Does not affect `id_full`.	`number`	`null`	no
label_key_case	Controls the letter case of the `tags` keys (label names) for tags generated by this module. Does not affect keys of tags passed in via the `tags` input. Possible values: `lower`, `title`, `upper`. Default value: `title`.	`string`	`null`	no
label_order	The order in which the labels (ID elements) appear in the `id`. Defaults to ["namespace", "environment", "stage", "name", "attributes"]. You can omit any of the 6 labels ("tenant" is the 6th), but at least one must be present.	`list(string)`	`null`	no
label_value_case	Controls the letter case of ID elements (labels) as included in `id`, set as tag values, and output by this module individually. Does not affect values of tags passed in via the `tags` input. Possible values: `lower`, `title`, `upper` and `none` (no transformation). Set this to `title` and set `delimiter` to `""` to yield Pascal Case IDs. Default value: `lower`.	`string`	`null`	no
labels_as_tags	Set of labels (ID elements) to include as tags in the `tags` output. Default is to include all labels. Tags with empty values will not be included in the `tags` output. Set to `[]` to suppress all generated tags. Notes: The value of the `name` tag, if included, will be the `id`, not the `name`. Unlike other `null-label` inputs, the initial setting of `labels_as_tags` cannot be changed in later chained modules. Attempts to change it will be silently ignored.	`set(string)`	`[ "default" ]`	no
manifest_kubernetes_namespace	The namespace used for the ArgoCD application	`string`	`"argocd"`	no
name	ID element. Usually the component or solution name, e.g. 'app' or 'jenkins'. This is the only ID element not also included as a `tag`. The "name" tag is set to the full `id` string. There is no tag with the value of the `name` input.	`string`	`null`	no
namespace	ID element. Usually an abbreviation of your organization name, e.g. 'eg' or 'cp', to help ensure generated IDs are globally unique	`string`	`null`	no
permissions	A list of Repository Permission objects used to configure the team permissions of the repository `team_slug` should be the name of the team without the `@{org}` e.g. `@cloudposse/team` => `team` `permission` is just one of the available values listed below	`list(object({ team_slug = string, permission = string }))`	`[]`	no
push_restrictions_enabled	Enforce who can push to the main branch	`bool`	`true`	no
regex_replace_chars	Terraform regular expression (regex) string. Characters matching the regex will be removed from the ID elements. If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits.	`string`	`null`	no
region	AWS Region	`string`	n/a	yes
required_pull_request_reviews	Enforce restrictions for pull request reviews	`bool`	`true`	no
slack_notifications_channel	If given, the Slack channel to for deployment notifications.	`string`	`""`	no
ssm_github_api_key	SSM path to the GitHub API key	`string`	`"/argocd/github/api_key"`	no
ssm_github_deploy_key_format	Format string of the SSM parameter path to which the deploy keys will be written to (%s will be replaced with the environment name)	`string`	`"/argocd/deploy_keys/%s"`	no
stage	ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'build', 'test', 'deploy', 'release'	`string`	`null`	no
tags	Additional tags (e.g. `{'BusinessUnit': 'XYZ'}`). Neither the tag keys nor the tag values will be modified by this module.	`map(string)`	`{}`	no
tenant	ID element _(Rarely used, not included by default)_. A customer identifier, indicating who this instance of a resource is for	`string`	`null`	no

Outputs

Name	Description
deploy_keys_ssm_path_format	SSM Parameter Store path format for the repository's deploy keys
deploy_keys_ssm_paths	SSM Parameter Store paths for the repository's deploy keys
repository	Repository name
repository_default_branch	Repository default branch
repository_description	Repository description
repository_git_clone_url	Repository git clone URL
repository_ssh_clone_url	Repository SSH clone URL
repository_url	Repository URL

References

cloudposse/terraform-aws-components - Cloud Posse's upstream component

CHANGELOG

Components PR #851

This is a bug fix and feature enhancement update. There are few actions necessary to upgrade.

Upgrade actions

Enable github_default_notifications_enabled (set true)

components:
  terraform:
    argocd-repo-defaults:
      metadata:
        type: abstract
      vars:
        enabled: true
        github_default_notifications_enabled: true

Apply changes with Atmos

Features

Support predefined GitHub commit status notifications for CD sync mode:
- on-deploy-started
  - app-repo-github-commit-status
  - argocd-repo-github-commit-status
- on-deploy-succeded
  - app-repo-github-commit-status
  - argocd-repo-github-commit-status
- on-deploy-failed
  - app-repo-github-commit-status
  - argocd-repo-github-commit-status

Bug Fixes

Remove legacy unnecessary helm values used in old ArgoCD versions (ex. workflow auth configs) and dropped notifications services

Component: argocd-repo

Usage​

Requirements​

Providers​

Modules​

Resources​

Inputs​

Outputs​

References​

CHANGELOG​

Components PR #851​

Upgrade actions​

Features​

Bug Fixes​