diff --git a/reposerver/repository/repository.go b/reposerver/repository/repository.go index a35dabca58046..e681372216eda 100644 --- a/reposerver/repository/repository.go +++ b/reposerver/repository/repository.go @@ -952,11 +952,13 @@ func getHelmRepos(appPath string, repositories []*v1alpha1.Repository, helmRepoC repos := make([]helm.HelmRepository, 0) for _, dep := range dependencies { + // find matching repo credentials by URL or name repo, ok := reposByUrl[dep.Repo] if !ok && dep.Name != "" { repo, ok = reposByName[dep.Name] } if !ok { + // if no matching repo credentials found, use the repo creds from the credential list repo = &v1alpha1.Repository{Repo: dep.Repo, Name: dep.Name, EnableOCI: dep.EnableOCI} if repositoryCredential := getRepoCredential(helmRepoCreds, dep.Repo); repositoryCredential != nil { repo.EnableOCI = repositoryCredential.EnableOCI @@ -965,6 +967,16 @@ func getHelmRepos(appPath string, repositories []*v1alpha1.Repository, helmRepoC repo.SSHPrivateKey = repositoryCredential.SSHPrivateKey repo.TLSClientCertData = repositoryCredential.TLSClientCertData repo.TLSClientCertKey = repositoryCredential.TLSClientCertKey + } else if repo.EnableOCI { + // finally if repo is OCI and no credentials found, use the first OCI credential matching by hostname + // see https://github.com/argoproj/argo-cd/issues/14636 + for _, cred := range repositories { + if depURL, err := url.Parse("oci://" + dep.Repo); err == nil && cred.EnableOCI && depURL.Host == cred.Repo { + repo.Username = cred.Username + repo.Password = cred.Password + break + } + } } } repos = append(repos, helm.HelmRepository{Name: repo.Name, Repo: repo.Repo, Creds: repo.GetHelmCreds(), EnableOci: repo.EnableOCI}) diff --git a/reposerver/repository/repository_test.go b/reposerver/repository/repository_test.go index 2465a7dcb6242..e49ac181006fd 100644 --- a/reposerver/repository/repository_test.go +++ b/reposerver/repository/repository_test.go @@ -2687,7 +2687,7 @@ func TestGetHelmRepos_OCIDependencies(t *testing.T) { assert.Equal(t, len(helmRepos), 1) assert.Equal(t, helmRepos[0].Username, "test") assert.Equal(t, helmRepos[0].EnableOci, true) - assert.Equal(t, helmRepos[0].Repo, "example.com") + assert.Equal(t, helmRepos[0].Repo, "example.com/myrepo") } func TestGetHelmRepo_NamedRepos(t *testing.T) { diff --git a/reposerver/repository/testdata/oci-dependencies/Chart.yaml b/reposerver/repository/testdata/oci-dependencies/Chart.yaml index 3b39781ed6257..1674ae17c5516 100644 --- a/reposerver/repository/testdata/oci-dependencies/Chart.yaml +++ b/reposerver/repository/testdata/oci-dependencies/Chart.yaml @@ -2,5 +2,5 @@ name: my-chart version: 1.1.0 dependencies: - name: my-dependency - repository: oci://example.com + repository: oci://example.com/myrepo version: '*' \ No newline at end of file