0.24.2

Installation

To get Helm chart for this release run:

helm pull oci://quay.io/codefresh/gitops-runtime --version 0.24.2

Chart changes

• Chore-30961 security argocd-exstras (#729)
• bump argo-rollouts (#731)
• Chore/cr 29689 argo events workflow update with security fixes (#727)
• fix: security vulnerability CVE-2025-55190 (#733)
• Fix/svc-acc-pre-uninstall-hook (#728)
• updated sealed-secrets-controller (#723) (#724)
• fix: security fix: upgrade cli-v2 and debian versions (#718)
• feat: update cap-app-proxy image tags to 1.3750.0 (#720)

0.24.1

Installation

To get Helm chart for this release run:

helm pull oci://quay.io/codefresh/gitops-runtime --version 0.24.1

Chart changes

• 'chore: security fixes in tunnel-client, argo-events jetstreaming, runtime-installer'

0.24.0

Installation

To install this version of the gitops-runtime Helm chart, use the following command:

helm pull oci://quay.io/codefresh/gitops-runtime --version 0.24.0

⚠️ Important Upgrade Instructions

This release incorporates a security fix from Argo CD to address advisory GHSA-786q-9hcg-v9ff. The change removes sensitive information from the Project API response.

If you have automations or CLI commands that rely on credentials from project-scoped repositories and clusters previously returned by the Project API, you must update them to remove the logic that uses this data.

Chart Changes

This release includes the following notable changes:

• Security:

  • The Argo CD Project API response has been sanitized to remove sensitive information in accordance with GHSA-786q-9hcg-v9ff.

• Features:

  • Support for single-namespaced runtime installations has been added. This allows for a more granular and isolated setup.

• Dependency Updates:

  • The app-proxy image has been updated to version 1.3736.0 to support single-namespaced runtimes.
  • The gitops-operator image has been updated to disable the RGS controller when running in single-namespaced mode.

0.23.3

Installation

To get Helm chart for this release run:

helm pull oci://quay.io/codefresh/gitops-runtime --version 0.23.3

Chart changes

• update cli-v2 in installer - fix token validation code (#696)
• update cap-app-proxy image tags to 1.3727.0 (#692)

App-proxy changes

• fix: remote-cluster application fails to sync due to its project

Important Note

If the ISC repository already contains the resources/app-projects/cf-runtime-app-project.yaml file (created by runtime chart >=0.23 <0.23.3) - it should be manually updated:

...
spec:
  destinations:
  - namespace: '*'
    server: "*" # <-- replace 'https://kubernetes.default.svc' with "*" here
...

0.23.2

Installation

To get Helm chart for this release run:

helm pull oci://quay.io/codefresh/gitops-runtime --version 0.23.2

Chart changes

• updated changes
• updated nginx (#662)
• updated cli-v2, kubectl in runtime-installer (#661)
• using bitnamilegacy instead of bitnami (#653)
• chore(CR-30232): updated oauth2, golang.org/x/net, github.com/cloudflare (#639)
• updated cspd enrichers (#652)
• updated changes
• fix(app-proxy): update cap-app-proxy image tags to 1.3718.0 (#678)
• fix(app-proxy): update cap-app-proxy image tags to 1.3709.0 - simplify user cache (#673)

App-proxy changes

Introduced changes:

• fix: update EventSource import to default import syntax
• feat: simplify user cache
• feat: closing ha gaps in app-proxy

0.23.1

Installation

To get Helm chart for this release run:

helm pull oci://quay.io/codefresh/gitops-runtime --version 0.23.1

Chart changes

• bumped app-proxy to 1.3707.0 for HA support (#667)

App-proxy changes

Introduced changes:

• fix: "cannot lock ref" error while performing a promotion

0.23.0

Quick install

helm pull oci://quay.io/codefresh/gitops-runtime --version 0.23.0

What’s new (highlights)

• Eventing: optional JetStream eventbus support + fixes for eventBusName.
• Argo CD 3.x compatibility: updated sub-charts (Argo CD, argo-rollouts) and a fix for out-of-sync CRDs; Helm & go-git bumps; Redis chart bump.
• Access control: ABAC for deployment actions (pause, resume, restart).
• Networking/ops: global proxy env vars and app-proxy now uses them for Git operations.
• Stability & resilience: many operator fixes (better error handling, safer resume logic, bounded curl timeouts, thread-safety, smarter requeues).

---

Component & chart updates

• cap-app-proxy: 1.3702.0
• codefresh-gitops-operator: 0.10.1
• argo-rollotus sub-chart: 2.37.3-6-v1.7.2-cap-CR-29629 (fixes out-of-sync CRDs on Argo CD v3)
• argo-cd sub-chart: 8.0.6-6-cap-v3.0.2-2025-07-06-e9fc72a9 (Helm & go-git bump; Redis version bump)

---

Detailed changes

Helm chart

• update cap-app-proxy to 1.3702.0
• update codefresh-gitops-operator to 0.10.1
• update argo-rollotus sub-chart to 2.37.3-6-v1.7.2-cap-CR-29629 (solve out-of-sync CRDs on Argo CD v3) (#630)
• update argo-cd sub-chart to 8.0.6-6-cap-v3.0.2-2025-07-06-e9fc72a9 (Helm & go-git bump) (#599); Redis version bump (#631)
• feat: add gitops-operator and argocd-extras templates (#591)
• feat: JetStream eventbus (#589)
• feat: added global proxy variables (#573)
• fix: support bring-your-own Argo CD < 3.1 (#576)
• fix: retries for Argo Events Sensors (#593)

app-proxy

• Allow concurrent reading of Git repo file content (#585)
• Update cf-git-providers to ^0.15.2 (#590)
• Return pushed commit SHA on push (#628)
• Fix eventBusName when using JetStream (#636)
• Use proxy env vars for Git operations (#646)
• Runtime application labels handling

codefresh-gitops-operator

• Fail release if app sync fails (#645)
• Stop attempting to resume a non-running workflow (#584)
• Change Git log look-back to 2 hours (#586)
• Broad error-handling improvements following 0.22.0 (#595)
• Cap curl on action node at 5 minutes; update Workflows.Resume (remove loop); make maps used in multithreaded code thread-safe; add requeue workaround for degraded rollout apps (#624)
• Update workflow submission logic & improve error handling (#65)
• Don’t requeue on known release creation failures (#655)

event-reporter

• Update cf-argocd-extras to 0.5.12 (dependency list fixes) (#616)
• Handle applications from a specific Argo CD instance (#618)

Other notable repo changes

• Add proxy env vars to COMMON_ENV_VARS
• Configurable refresh-permissions interval
• Fetch inactive applications only in app-proxy runtime
• Change ISC default app project to cf-app-project
• Add @types/jest dependency to multiple packages
• Update NestJS version

0.22.2

Installation

To get Helm chart for this release run:

helm pull oci://quay.io/codefresh/gitops-runtime --version 0.22.2

Chart changes

• Update gitops-oeprator to 0.8.6-832833c - optimize and batch calls to gitLog
• Update app-proxy to 1.3636.0-6119302 - fix caching of github users info, interduce new env variable to control permissions and token checks

App-proxy changes

No changes in this release

0.22.1

Installation

To fetch the Helm chart for this release, run:

helm pull oci://quay.io/codefresh/gitops-runtime --version 0.22.1

---

⚠️ Important Upgrade Considerations

Argo CD 3.0 Upgrade

This release includes an upgrade to Argo CD 3.0. While we haven't identified any breaking changes for standard Codefresh deployments, please note:

• If you have customized any default Argo CD values beyond what Codefresh distributes, you may be affected by Argo CD 3.0 changes
• Review the Argo CD 3.0 migration guide if you have custom configurations
• Test the upgrade in a non-production environment first if you have made extensive customizations

---

🚀 Chart Changes

Added

• feat: replaced EventBus implementation to jetstream (#589, #612) - ⚠️ See upgrade considerations above
• feat: GitHub‑API metrics exporter and upgraded Ubuntu base image for all service containers (#553)
• test: Initial component‑test framework for chart validation (#567)

Changed

• chore: codefresh‑gitops‑operator → v0.8.6

  • Includes workflow‑resume guard, and multiple bug‑fixes (#595, #586, #584, #582, #575)

• chore: argo‑cd Helm dependency → 8.0.6‑4‑cap‑v3.0.2‑2025‑07‑06‑e9fc72a9 (Argo CD 3.0 compatibility) (#563)

• chore: app‑proxy images → 1.3636.0

  • Adds GitHub‑rate‑limit mitigation, log filtering/live‑stream, and Argo CD 3.1 runResourceAction support (#570, #566, #564)

• chore: cf‑argocd‑extras bumped to 0.5.7 (#561)

• chore: Argo Rollouts upgraded to v1.7.2 (includes critical security patches) (#562)

• chore: Image‑enrichment service bumped to 1.1.14 (#558)

• fix: Updated REQUIRED_VERSION_CONSTRAINT for Argo CD 3.1+ (#576)

Fixed

• fix: validate-values script no longer fails when custom values are omitted (#560)

Removed

• chore: Dropped unused environment variable from app‑proxy deployment (#565)

Security

• security: Patched critical CVEs in Argo Rollouts 1.7.2 (#562)
• security: Upgraded nats‑exporter to resolve high‑severity vulnerabilities (#543)

---

🔧 App‑Proxy Changes

Added

• Reduced GitHub‑API requests to stay within rate limits
• Git‑operation cache for faster repository interactions
• Log filtering plus live‑mode switching in the UI
• Support for Argo CD 3.1 runResourceAction API

Fixed

• Lower test‑log volume and resolved open‑handler leaks
• Improved memory usage when working with very large repositories

0.21.1

Installation

To get Helm chart for this release run:

helm pull oci://quay.io/codefresh/gitops-runtime --version 0.21.1

Chart changes

• create release 0.21.1
• chore(CR-29827): upd cli-v2 for installer (#568)
• fix: bump cf-argocd-extras to 0.5.7 (#561)
• feat: security fixes for Argo Rollouts 1.7.2 (#562)
• chore(CR-29160): security upd nats exporter (#543)

App-proxy changes

No changes in this release