argoproj · mayzhang2000 · Oct 9, 2023 · Oct 9, 2023 · Oct 9, 2023 · Oct 11, 2023
@@ -9,7 +9,6 @@ on:
   pull_request:
   schedule:
     - cron: '0 19 * * 0'
-
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
@@ -31,7 +30,10 @@ jobs:
     steps:
     - name: Checkout repository
       uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
-
+    - name: Install Go
+      uses: actions/setup-go@v4
+      with:
+        go-version-file: go.mod
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
       uses: github/codeql-action/init@8aff97f12c99086bdb92ff62ae06dbbcdf07941b # v2.1.33

@@ -43,19 +43,20 @@ func addK8SFlagsToCmd(cmd *cobra.Command) clientcmd.ClientConfig {
 
 func NewCommand() *cobra.Command {
 	var (
-		clientConfig              clientcmd.ClientConfig
-		processorsCount           int
-		namespace                 string
-		appLabelSelector          string
-		logLevel                  string
-		logFormat                 string
-		metricsPort               int
-		argocdRepoServer          string
-		argocdRepoServerPlaintext bool
-		argocdRepoServerStrictTLS bool
-		configMapName             string
-		secretName                string
-		applicationNamespaces     []string
+		clientConfig                   clientcmd.ClientConfig
+		processorsCount                int
+		namespace                      string
+		appLabelSelector               string
+		logLevel                       string
+		logFormat                      string
+		metricsPort                    int
+		argocdRepoServer               string
+		argocdRepoServerPlaintext      bool
+		argocdRepoServerStrictTLS      bool
+		configMapName                  string
+		secretName                     string
+		applicationNamespaces          []string
+		selfServiceNotificationEnabled bool
 	)
 	var command = cobra.Command{
 		Use:   "controller",
@@ -139,7 +140,7 @@ func NewCommand() *cobra.Command {
 			log.Infof("serving metrics on port %d", metricsPort)
 			log.Infof("loading configuration %d", metricsPort)
 
-			ctrl := notificationscontroller.NewController(k8sClient, dynamicClient, argocdService, namespace, applicationNamespaces, appLabelSelector, registry, secretName, configMapName)
+			ctrl := notificationscontroller.NewController(k8sClient, dynamicClient, argocdService, namespace, applicationNamespaces, appLabelSelector, registry, secretName, configMapName, selfServiceNotificationEnabled)
 			err = ctrl.Init(ctx)
 			if err != nil {
 				return fmt.Errorf("failed to initialize controller: %w", err)
@@ -163,5 +164,6 @@ func NewCommand() *cobra.Command {
 	command.Flags().StringVar(&configMapName, "config-map-name", "argocd-notifications-cm", "Set notifications ConfigMap name")
 	command.Flags().StringVar(&secretName, "secret-name", "argocd-notifications-secret", "Set notifications Secret name")
 	command.Flags().StringSliceVar(&applicationNamespaces, "application-namespaces", env.StringsFromEnv("ARGOCD_APPLICATION_NAMESPACES", []string{}, ","), "List of additional namespaces that this controller should send notifications for")
+	command.Flags().BoolVar(&selfServiceNotificationEnabled, "self-service-notification-enabled", env.ParseBoolFromEnv("ARGOCD_NOTIFICATION_CONTROLLER_SELF_SERVICE_NOTIFICATION_ENABLED", false), "Allows argocd notification controller to pull notification config from the namespace that the argocd resource is in. This is useful for self-service notification.")
 	return &command
 }
@@ -36,7 +36,7 @@ func NewNotificationsCommand() *cobra.Command {
 		"notifications",
 		"argocd admin notifications",
 		applications,
-		settings.GetFactorySettings(argocdService, "argocd-notifications-secret", "argocd-notifications-cm"), func(clientConfig clientcmd.ClientConfig) {
+		settings.GetFactorySettings(argocdService, "argocd-notifications-secret", "argocd-notifications-cm", false), func(clientConfig clientcmd.ClientConfig) {
 			k8sCfg, err := clientConfig.ClientConfig()
 			if err != nil {
 				log.Fatalf("Failed to parse k8s config: %v", err)

@@ -15,7 +15,10 @@ Some manual steps will need to be performed by the Argo CD administrator in orde
 
 !!! note
     This feature is considered beta as of now. Some of the implementation details may change over the course of time until it is promoted to a stable status. We will be happy if early adopters use this feature and provide us with bug reports and feedback.
-
+
+
+One additional advantage of adopting applications in any namespace is to allow end-users to configure notifications for their Argo CD application in the namespace where Argo CD application is running in. See notifications [namespace based configuration](notifications/index.md#namespace-based-configuration) page for more information.
+
 ## Prerequisites
 
 ### Cluster-scoped Argo CD installation

@@ -45,3 +45,71 @@ So you can just use them instead of reinventing new ones.
     ```
 
 Try syncing an application to get notified when the sync is completed.
+
+## Namespace based configuration
+
+A common installation method for Argo CD Notifications is to install it in a dedicated namespace to manage a whole cluster. In this case, the administrator is the only
+person who can configure notifications in that namespace generally. However, in some cases, it is required to allow end-users to configure notifications
+for their Argo CD applications. For example, the end-user can configure notifications for their Argo CD application in the namespace where they have access to and their Argo CD application is running in.
+
+This feature is based on applications in any namespace. See [applications in any namespace](../app-any-namespace.md) page for more information.
+
+In order to enable this feature, the Argo CD administrator must reconfigure the argocd-notification-controller workloads to add  `--application-namespaces` and `--self-service-notification-enabled` parameters to the container's startup command.
+`--application-namespaces` controls the list of namespaces that Argo CD applications are in. `--self-service-notification-enabled` turns on this feature.
+
+The startup parameters for both can also be conveniently set up and kept in sync by specifying
+the `application.namespaces` and `notificationscontroller.selfservice.enabled` in the argocd-cmd-params-cm ConfigMap instead of changing the manifests for the respective workloads. For example:
+
+```yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: argocd-cmd-params-cm
+data:
+  application.namespaces: app-team-one, app-team-two
+  notificationscontroller.selfservice.enabled: true
+```
+
+To use this feature, you can deploy configmap named `argocd-notifications-cm` and possibly a secret `argocd-notifications-secret` in the namespace where the Argo CD application lives.
+
+When it is configured this way the controller will send notifications using both the controller level configuration (the configmap located in the same namespaces as the controller) as well as
+the configuration located in the same namespace where the Argo CD application is at.
+
+Example: Application team wants to receive notifications using PagerDutyV2, when the controller level configuration is only supporting Slack.
+
+The following two resources are deployed in the namespace where the Argo CD application lives.
+```yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: argocd-notifications-cm
+data:
+  service.pagerdutyv2: |
+    serviceKeys:
+      my-service: $pagerduty-key-my-service
+...
+```
+```yaml
+apiVersion: v1
+kind: Secret
+metadata:
+  name: argo-cd-notification-secret
+type: Opaque
+data:
+  pagerduty-key-my-service: <pd-integration-key>
+```
+
+When an Argo CD application has the following subscriptions, user receives application sync failure message from pager duty.
+```yaml
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  annotations:
+    notifications.argoproj.io/subscribe.on-sync-failed.pagerdutyv2: "<serviceID for Pagerduty>"
+```
+
+!!! note
+When the same notification service and trigger are defined in controller level configuration and application level configuration,
+both notifications will be sent according to its own configuration.
+
+[Defining and using secrets within notification templates](templates.md/#defining-and-using-secrets-within-notification-templates) function is not available when flag `--self-service-notification-enable` is on.
@@ -12,7 +12,7 @@ The GitHub notification service changes commit status using [GitHub Apps](https:
 ## Configuration
 
 1. Create a GitHub Apps using https://github.com/settings/apps/new
-2. Change repository permissions to enable write commit statuses and/or deployments
+2. Change repository permissions to enable write commit statuses and/or deployments and/or pull requests comments
 ![2](https://user-images.githubusercontent.com/18019529/108397381-3ca57980-725b-11eb-8d17-5b8992dc009e.png)
 3. Generate a private key, and download it automatically
 ![3](https://user-images.githubusercontent.com/18019529/108397926-d4a36300-725b-11eb-83fe-74795c8c3e03.png)
@@ -76,6 +76,10 @@ template.app-deployed: |
       logURL: "{{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true"
       requiredContexts: []
       autoMerge: true
+    pullRequestComment:
+      content: |
+        Application {{.app.metadata.name}} is now running new version of deployments manifests.
+        See more here: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true
 ```
 
 **Notes**:
@@ -84,3 +88,4 @@ template.app-deployed: |
 - Automerge is optional and `true` by default for github deployments to ensure the requested ref is up to date with the default branch.
   Setting this option to `false` is required if you would like to deploy older refs in your default branch.
   For more information see the [Github Deployment API Docs](https://docs.github.com/en/rest/deployments/deployments?apiVersion=2022-11-28#create-a-deployment).
+- If `github.pullRequestComment.content` is set to 65536 characters or more, it will be truncated.
@@ -59,24 +59,27 @@ A card message can be defined as follows:
 ```yaml
 template.app-sync-succeeded: |
   googlechat:
-    cards: |
+    cardsV2: |
       - header:
           title: ArgoCD Bot Notification
         sections:
           - widgets:
-              - textParagraph:
+              - decoratedText:
                   text: The app {{ .app.metadata.name }} has successfully synced!
           - widgets:
-              - keyValue:
+              - decoratedText:
                   topLabel: Repository
-                  content: {{ call .repo.RepoURLToHTTPS .app.spec.source.repoURL }}
-              - keyValue:
+                  text: {{ call .repo.RepoURLToHTTPS .app.spec.source.repoURL }}
+              - decoratedText:
                   topLabel: Revision
-                  content: {{ .app.spec.source.targetRevision }}
-              - keyValue:
+                  text: {{ .app.spec.source.targetRevision }}
+              - decoratedText:
                   topLabel: Author
-                  content: {{ (call .repo.GetCommitMetadata .app.status.sync.revision).Author }}
+                  text: {{ (call .repo.GetCommitMetadata .app.status.sync.revision).Author }}
 ```
+All [Card fields](https://developers.google.com/chat/api/reference/rest/v1/cards#Card_1) are supported and can be used
+in notifications. It is also possible to use the previous (now deprecated) `cards` key to use the legacy card fields,
+but this is not recommended as Google has deprecated this field and recommends using the newer `cardsV2`.
 
 The card message can be written in JSON too.
 

@@ -16,4 +16,13 @@ rules:
   - list
   - watch
   - update
-  - patch
+  - patch
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  - configmaps
+  verbs:
+  - get
+  - list
+  - watch
@@ -1,6 +1,8 @@
 module github.com/argoproj/argo-cd/v2
 
-go 1.19
+go 1.21
+
+toolchain go1.21.3
 
 require (
 	code.gitea.io/sdk/gitea v0.15.1
@@ -12,7 +14,7 @@ require (
 	github.com/alicebob/miniredis/v2 v2.30.4
 	github.com/antonmedv/expr v1.15.2
 	github.com/argoproj/gitops-engine v0.7.1-0.20231013183858-f15cf615b814
-	github.com/argoproj/notifications-engine v0.4.1-0.20230905144632-9dcecdc3eebf
+	github.com/argoproj/notifications-engine v0.4.1-0.20231011160156-2d2d1a75dbee
 	github.com/argoproj/pkg v0.13.7-0.20230626144333-d56162821bd1
 	github.com/aws/aws-sdk-go v1.44.317
 	github.com/bmatcuk/doublestar/v4 v4.6.0
@@ -126,11 +128,16 @@ require (
 	github.com/aws/aws-sdk-go-v2/service/sts v1.18.0 // indirect
 	github.com/aws/smithy-go v1.13.5 // indirect
 	github.com/golang-jwt/jwt v3.2.2+incompatible // indirect
+	github.com/google/s2a-go v0.1.4 // indirect
+	github.com/googleapis/enterprise-certificate-proxy v0.2.5 // indirect
+	github.com/googleapis/gax-go/v2 v2.12.0 // indirect
 	github.com/kylelemons/godebug v1.1.0 // indirect
 	github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8 // indirect
 	github.com/tidwall/gjson v1.14.4 // indirect
 	github.com/tidwall/match v1.1.1 // indirect
 	github.com/tidwall/pretty v1.2.0 // indirect
+	go.opencensus.io v0.24.0 // indirect
+	google.golang.org/api v0.132.0 // indirect
 	google.golang.org/genproto v0.0.0-20230711160842-782d3b101e98 // indirect
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20230711160842-782d3b101e98 // indirect
 	gopkg.in/retry.v1 v1.0.3 // indirect