fix: do not fail on manifest-like yaml files - fixes #21934

[CefBoud]

Description

Fixes #21934

Repositories may contain YAML files that resemble valid k8s manifests, as they include apiVersion, metadata, and kind, but are not necessarily valid k8s manifests. An example highlighted in this GitHub issue involves a Helm values file that could be mistaken for a manifest.

Currently, these manifest-like YAMLs cause an error in the form of Failed to unmarshal "{filename}": <nil> that stops the Application from continuing.

This PR replaces the error with a warning without stopping execution. The rationale being that manifest-like files are allowed to exist but a warning is issued to provide information on true positives (manifest that are malformed).

Alternative

A potential downside of this change is that invalid manifests (true positives) will only trigger a warning rather than causing a failure. An alternative approach to address this could be to introduce an annotation or comment, such as # ArgoCD: IgnoreNotAManifest, which can be added to non-manifest YAML files. This would allow those manifests to be ignored if their unmarshalling fails.

Testing

#21934 contains a fairly simple way to reproduce the problem. Using this PR's branch should allow the Application to proceed while logging the warning.

Checklist:

• Either (a) I've created an enhancement proposal and discussed it with the community, (b) this is a bug fix, or (c) this does not need to be in the release notes.
• The title of the PR states what changed and the related issues number (used for the release note).
• The title of the PR conforms to the Toolchain Guide
• I've included "Closes [ISSUE #]" or "Fixes [ISSUE #]" in the description to automatically close the associated issue.
• I've updated both the CLI and UI to expose my feature, or I plan to submit a second PR with them.
• Does this PR require documentation updates?
• I've updated documentation as required by this PR.
• I have signed off all my commits as required by DCO
• I have written unit and/or e2e tests for my change. PRs without these are unlikely to be merged.
• My build is green (troubleshooting builds).
• My new feature complies with the feature status guidelines.
• I have added a brief description of why this PR is necessary and/or what this PR solves.
• Optional. My organization is added to USERS.md.
• Optional. For bug fixes, I've indicated what older releases this fix should be cherry-picked into (this may or may not happen depending on risk/complexity).

[bunnyshell]

❗ Preview Environment undeploy from Bunnyshell failed

See: Environment Details | Pipeline Logs

Available commands (reply to this comment):

• 🚀 /bns:deploy to redeploy the environment
• ❌ /bns:delete to try again to remove the environment

[nitishfy]

Couple of things that I'd suggest here doing:

1. Please add a test case to validate the behaviour.
2. Please fix the failing tests. They are failing because we are not returning an error when the manifest is invalid.

=== FAIL: reposerver/repository TestInvalidManifestsInDir (0.00s)
time="2025-02-27T00:26:33Z" level=info msg="manifest cache miss: &ApplicationSource{RepoURL:,Path:./testdata/invalid-manifests,TargetRevision:,Helm:nil,Kustomize:nil,Directory:&ApplicationSourceDirectory{Recurse:true,Jsonnet:ApplicationSourceJsonnet{ExtVars:[]JsonnetVar{},TLAs:[]JsonnetVar{},Libs:[],},Exclude:,Include:,},Plugin:nil,Chart:,Ref:,Name:,}/mock.Anything"
time="2025-02-27T00:26:33Z" level=info msg="manifest cache miss: &ApplicationSource{RepoURL:,Path:./testdata/invalid-manifests,TargetRevision:,Helm:nil,Kustomize:nil,Directory:&ApplicationSourceDirectory{Recurse:true,Jsonnet:ApplicationSourceJsonnet{ExtVars:[]JsonnetVar{},TLAs:[]JsonnetVar{},Libs:[],},Exclude:,Include:,},Plugin:nil,Chart:,Ref:,Name:,}/mock.Anything"
time="2025-02-27T00:26:33Z" level=warning msg="Failed to unmarshal \"bad.yaml\": file contains 'apiVersion:', 'kind:', and 'metadata:', but is not a valid manifest: failed to unmarshal manifest: error converting YAML to JSON: yaml: line 3: did not find expected key" application=
    repository_test.go:680: 
        	Error Trace:	/home/runner/work/argo-cd/argo-cd/reposerver/repository/repository_test.go:680
        	Error:      	An error is expected but got nil.
        	Test:       	TestInvalidManifestsInDir

=== FAIL: reposerver/repository Test_findManifests/invalid_manifest_throws_an_error (0.00s)
time="2025-02-27T00:26:36Z" level=warning msg="Failed to unmarshal \"bad.yaml\": file contains 'apiVersion:', 'kind:', and 'metadata:', but is not a valid manifest: failed to unmarshal manifest: error converting YAML to JSON: yaml: line 3: did not find expected key" test=test
    repository_test.go:2810: 
        	Error Trace:	/home/runner/work/argo-cd/argo-cd/reposerver/repository/repository_test.go:2810
        	Error:      	An error is expected but got nil.
        	Test:       	Test_findManifests/invalid_manifest_throws_an_error

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 59.91%. Comparing base (b39ca15) to head (1f702f3).
⚠️ Report is 434 commits behind head on master.

Additional details and impacted files

@@            Coverage Diff             @@
##           master   #22043      +/-   ##
==========================================
- Coverage   60.01%   59.91%   -0.11%     
==========================================
  Files         342      342              
  Lines       57845    58582     +737     
==========================================
+ Hits        34718    35100     +382     
- Misses      20352    20635     +283     
- Partials     2775     2847      +72     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[andrii-korotkov-verkada]

What if it's an actual invalid yaml which is a manifest?

[CefBoud]

It would simply log a warning, as mentioned in the PR description.
There's also an "Alternative" section where I suggest adding an annotation to mark non-manifest YAML files. This would maintain the existing behavior and also allow to fix the issue this PR is trying to address.

[ishitasequeira]

Let's keep the err on line 1749 and log it as part of the warning.

[CefBoud]

@ishitasequeira Thanks for review.
If the file read fails, I think it doesn't make much sense to run the following if bytes.Contains(out, []byte(...)).

I suggest returning an error instead:

out, rerr := utfutil.ReadFile(manifestPath, utfutil.UTF8)
if rerr != nil {
    return status.Errorf(codes.FailedPrecondition, "Failed to read %q: %v", filename, rerr)
    }

Let me know what you think.

[ishitasequeira]

Thanks @CefBoud, that would actually be better and I see that you have already addressed that in your latest commits.

[ishitasequeira]

Overall change looks good to me. @CefBoud can you resolve the conflicts?

[agaudreault]

I think I disagree with the idea of having this feature merged because the risk of ignoring malformed yaml error that could cause resources to be automatically pruned is just to big.

In my opinion, the only way we can safely ignore "kubernetes-like" file is with an explicit instruction to ignore the file, such as a comment anywhere in the file that would include +argocd:skip-rendering or something like that.

Let me know what you think, maybe i over evaluate the risks here.

[CefBoud]

Thanks for chiming in, @agaudreault. I mentioned this in the Alternatives section of the PR description, and now that you say it, I believe it's best to stay on the safe side. Adding support for skipping files containing +argocd:skip-rendering seems like the right approach.
I've made the changes. Let me know what you think.

CC @ishitasequeira @andrii-korotkov-verkada

[agaudreault]

This should also be documented somewhere in the documentation, probably in https://argo-cd.readthedocs.io/en/stable/user-guide/directory/

[agaudreault]

Suggested change

	// skip file if it contains "+argocd:skip-rendering"
	// skip file if it contains "+argocd:skip-rendering"

[agaudreault]

Extract as constant and document in go code.

I would also rename to "+argocd:skip-file-rendering" because it might be confusing if this is in a file containing (---) with multiple objects

[CefBoud]

Thanks for the review @agaudreault . I've made the changes and added this to the documentation.