From f114d7e6f0f4b6d189563a117548159a358a5e77 Mon Sep 17 00:00:00 2001
From: Gabriel Radureau <arcodange@gmail.com>
Date: Wed, 6 May 2026 12:55:49 +0200
Subject: [PATCH] feat(argocd): allow per-app syncPolicy override in
 values.yaml

The apps template hardcoded automated{prune,selfHeal} for every app. Some
apps (e.g. tools, where Vault unseal is manual) need a custom syncPolicy
without selfHeal. Read $app_attr.syncPolicy when set, fall back to the
existing automated default otherwise. Use the override on `tools` to keep
the existing behavior explicit.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 argocd/templates/apps.yaml | 4 ++++
 argocd/values.yaml         | 4 ++++
 2 files changed, 8 insertions(+)

diff --git a/argocd/templates/apps.yaml b/argocd/templates/apps.yaml
index 381a57e..ee2b29b 100644
--- a/argocd/templates/apps.yaml
+++ b/argocd/templates/apps.yaml
@@ -21,9 +21,13 @@ spec:
     server: https://kubernetes.default.svc
     namespace: {{ $app_name }}
   syncPolicy:
+    {{- if $app_attr.syncPolicy }}
+    {{- toYaml $app_attr.syncPolicy | nindent 4 }}
+    {{- else }}
     automated:
       prune: true
       selfHeal: true
+    {{- end }}
     syncOptions:
       - CreateNamespace=true
 {{ end }}
\ No newline at end of file
diff --git a/argocd/values.yaml b/argocd/values.yaml
index 23e0085..0d8b539 100644
--- a/argocd/values.yaml
+++ b/argocd/values.yaml
@@ -6,6 +6,10 @@ gitea_applications:
     annotations: {}
   tools:
     annotations: {}
+    syncPolicy:
+      automated:
+        prune: true
+        selfHeal: true
   webapp:
     annotations:
       argocd-image-updater.argoproj.io/image-list: webapp=gitea.arcodange.lab/arcodange-org/webapp:latest