{"id":23759630,"url":"https://github.com/argoproj-labs/gitops-promoter","last_synced_at":"2026-04-15T17:01:14.596Z","repository":{"id":241017211,"uuid":"784266290","full_name":"argoproj-labs/gitops-promoter","owner":"argoproj-labs","description":"GitOps Environment Promotion tool that lets you focus on the \"what,\" not the \"how\"","archived":false,"fork":false,"pushed_at":"2026-04-10T12:54:51.000Z","size":47140,"stargazers_count":435,"open_issues_count":87,"forks_count":45,"subscribers_count":11,"default_branch":"main","last_synced_at":"2026-04-10T14:30:59.765Z","etag":null,"topics":["cd","continuous-delivery","deployment","environment","gitops","hacktoberfest","kubernetes","progressive-delivery","promotions"],"latest_commit_sha":null,"homepage":"https://gitops-promoter.readthedocs.io","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/argoproj-labs.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":"MAINTAINERS.md","copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2024-04-09T14:10:53.000Z","updated_at":"2026-04-09T20:37:26.000Z","dependencies_parsed_at":"2025-12-07T05:07:45.255Z","dependency_job_id":null,"html_url":"https://github.com/argoproj-labs/gitops-promoter","commit_stats":null,"previous_names":["zachaller/promoter","argoproj-labs/gitops-promoter"],"tags_count":64,"template":false,"template_full_name":null,"purl":"pkg:github/argoproj-labs/gitops-promoter","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/argoproj-labs%2Fgitops-promoter","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/argoproj-labs%2Fgitops-promoter/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/argoproj-labs%2Fgitops-promoter/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/argoproj-labs%2Fgitops-promoter/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/argoproj-labs","download_url":"https://codeload.github.com/argoproj-labs/gitops-promoter/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/argoproj-labs%2Fgitops-promoter/sbom","scorecard":{"id":1243150,"data":{"date":"2026-02-09T23:17:16Z","repo":{"name":"github.com/argoproj-labs/gitops-promoter","commit":"ed432568a9a1bbb8d093ec3a36455883b1002ec9"},"scorecard":{"version":"v5.3.0","commit":"c22063e786c11f9dd714d777a687ff7c4599b600"},"score":5.8,"checks":[{"name":"Code-Review","score":10,"reason":"all changesets reviewed","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#code-review"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#binary-artifacts"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: jobLevel 'contents' permission set to 'write': .github/workflows/renovate.yaml:30","Warn: topLevel 'contents' permission set to 'write': .github/workflows/bump-docs-manifests.yml:12","Info: topLevel 'contents' permission set to 'read': .github/workflows/ci-e2e.yaml:9","Info: topLevel 'contents' permission set to 'read': .github/workflows/ci.yaml:9","Warn: topLevel 'contents' permission set to 'write': .github/workflows/release-latest.yaml:11","Warn: topLevel 'packages' permission set to 'write': .github/workflows/release-latest.yaml:12","Warn: topLevel 'contents' permission set to 'write': .github/workflows/release.yaml:14","Warn: topLevel 'packages' permission set to 'write': .github/workflows/release.yaml:15","Info: topLevel 'contents' permission set to 'read': .github/workflows/renovate.yaml:24","Info: topLevel permissions set to 'read-all': .github/workflows/scorecard.yml:14","Info: topLevel 'contents' permission set to 'read': .github/workflows/spelling.yaml:4"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#token-permissions"}},{"name":"Maintained","score":10,"reason":"30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#maintained"}},{"name":"Dangerous-Workflow","score":0,"reason":"dangerous workflow patterns detected","details":["Warn: script injection with untrusted input ' github.event.head_commit.message ': .github/workflows/release.yaml:40"],"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#dangerous-workflow"}},{"name":"Dependency-Update-Tool","score":10,"reason":"update tool detected","details":["Info: detected update tool: Dependabot: .github/dependabot.yaml:1","Info: detected update tool: RenovateBot: renovate.json5:1"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#dependency-update-tool"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#license"}},{"name":"CII-Best-Practices","score":2,"reason":"badge detected: InProgress","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#cii-best-practices"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#fuzzing"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/release-latest.yaml:24"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#packaging"}},{"name":"Pinned-Dependencies","score":7,"reason":"dependency not pinned by hash detected -- score normalized to 7","details":["Warn: containerImage not pinned by hash: Dockerfile:2: pin your Docker image by updating node:20-bullseye-slim to node:20-bullseye-slim@sha256:be08b7dfa11af5daa0757d12160117e02587f28a746f4cbffe20b46896e50608","Warn: containerImage not pinned by hash: Dockerfile:26: pin your Docker image by updating golang:1.25 to golang:1.25@sha256:cc737435e2742bd6da3b7d575623968683609a3d2e0695f9d85bee84071c08e6","Warn: containerImage not pinned by hash: Dockerfile:59: pin your Docker image by updating golang:1.25 to golang:1.25@sha256:cc737435e2742bd6da3b7d575623968683609a3d2e0695f9d85bee84071c08e6","Warn: containerImage not pinned by hash: Dockerfile.tilt:1: pin your Docker image by updating golang:1.25 to golang:1.25@sha256:cc737435e2742bd6da3b7d575623968683609a3d2e0695f9d85bee84071c08e6","Warn: containerImage not pinned by hash: release.Dockerfile:1: pin your Docker image by updating golang:1.25 to golang:1.25@sha256:cc737435e2742bd6da3b7d575623968683609a3d2e0695f9d85bee84071c08e6","Warn: npmCommand not pinned by hash: Dockerfile:14","Warn: pipCommand not pinned by hash: .github/workflows/ci.yaml:49","Info:  23 out of  23 GitHub-owned GitHubAction dependencies pinned","Info:  14 out of  14 third-party GitHubAction dependencies pinned","Info:   1 out of   2 npmCommand dependencies pinned","Info:   0 out of   1 pipCommand dependencies pinned","Info:   0 out of   5 containerImage dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#pinned-dependencies"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact v0.22.2 not signed: https://api.github.com/repos/argoproj-labs/gitops-promoter/releases/284554468","Warn: release artifact v0.22.1 not signed: https://api.github.com/repos/argoproj-labs/gitops-promoter/releases/283164014","Warn: release artifact v0.22.0 not signed: https://api.github.com/repos/argoproj-labs/gitops-promoter/releases/283002015","Warn: release artifact v0.21.1 not signed: https://api.github.com/repos/argoproj-labs/gitops-promoter/releases/281600814","Warn: release artifact v0.21.0 not signed: https://api.github.com/repos/argoproj-labs/gitops-promoter/releases/280789551","Warn: release artifact v0.22.2 does not have provenance: https://api.github.com/repos/argoproj-labs/gitops-promoter/releases/284554468","Warn: release artifact v0.22.1 does not have provenance: https://api.github.com/repos/argoproj-labs/gitops-promoter/releases/283164014","Warn: release artifact v0.22.0 does not have provenance: https://api.github.com/repos/argoproj-labs/gitops-promoter/releases/283002015","Warn: release artifact v0.21.1 does not have provenance: https://api.github.com/repos/argoproj-labs/gitops-promoter/releases/281600814","Warn: release artifact v0.21.0 does not have provenance: https://api.github.com/repos/argoproj-labs/gitops-promoter/releases/280789551"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#signed-releases"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#vulnerabilities"}},{"name":"SAST","score":7,"reason":"SAST tool is not run on all commits -- score normalized to 7","details":["Warn: 22 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#sast"}},{"name":"Branch-Protection","score":4,"reason":"branch protection is not maximal on development and all release branches","details":["Info: 'allow deletion' disabled on branch 'main'","Info: 'force pushes' disabled on branch 'main'","Warn: 'branch protection settings apply to administrators' is disabled on branch 'main'","Warn: 'stale review dismissal' is disabled on branch 'main'","Warn: required approving review count is 1 on branch 'main'","Warn: codeowners review is not required on branch 'main'","Warn: 'last push approval' is disabled on branch 'main'","Warn: 'up-to-date branches' is disabled on branch 'main'","Info: status check found to merge onto on branch 'main'","Info: PRs are required in order to make changes on branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#branch-protection"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#security-policy"}},{"name":"CI-Tests","score":10,"reason":"30 out of 30 merged PRs checked by a CI test -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#ci-tests"}},{"name":"Contributors","score":10,"reason":"project has 7 contributing companies or organizations","details":["Info: found contributions from: AeroSpaceNetwork, NixOS, argoproj, argoproj-labs, goto, intuit, intuit @argoproj"],"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#contributors"}}]},"last_synced_at":"2026-02-10T00:29:36.624Z","repository_id":241017211,"created_at":"2026-02-10T00:29:36.624Z","updated_at":"2026-02-10T00:29:36.624Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31851057,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-15T15:24:51.572Z","status":"ssl_error","status_checked_at":"2026-04-15T15:24:39.138Z","response_time":63,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cd","continuous-delivery","deployment","environment","gitops","hacktoberfest","kubernetes","progressive-delivery","promotions"],"created_at":"2024-12-31T20:01:57.375Z","updated_at":"2026-04-15T17:01:14.589Z","avatar_url":"https://github.com/argoproj-labs.png","language":"Go","funding_links":[],"categories":["Go","Configuration Management"],"sub_categories":[],"readme":"\n\n\u003cpicture\u003e\n  \u003csource media=\"(prefers-color-scheme: dark)\" srcset=\"docs/assets/logo/stacked/secondary.svg\"\u003e\n  \u003cimg src=\"docs/assets/logo/stacked/primary.svg\" alt=\"GitOps Promoter\" width=\"400\" height=\"111\"\u003e\n\u003c/picture\u003e\n\n---\n\nGitOps Promoter facilitates environment promotion for config managed via GitOps.\n\n[![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/gitops-promoter)](https://artifacthub.io/packages/helm/gitops-promoter/gitops-promoter)\n[![codecov](https://codecov.io/gh/argoproj-labs/gitops-promoter/graph/badge.svg?token=Nbye3NDioO)](https://codecov.io/gh/argoproj-labs/gitops-promoter)\n[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/argoproj-labs/gitops-promoter/badge)](https://scorecard.dev/viewer/?uri=github.com/argoproj-labs/gitops-promoter)\n[![OpenSSF Best Practices](https://www.bestpractices.dev/projects/11911/badge)](https://www.bestpractices.dev/projects/11911)\n\n![Video of the GitOps Promoter UI as a change is promoted through three environments](https://github.com/user-attachments/assets/5860cc7a-56e6-4003-b1fc-b33e4d69d411)\n\n## Key Features\n\n* Drift-free promotion process\n* Robust promotion gating system\n* Complete integration with git and SCM tooling\n* No fragile automated changes to user-facing files\n\nThe main ideas behind the project are explained in [\"Space Age GitOps: The Rise of the Humble Pull Request\"](https://www.youtube.com/watch?v=p5EPKY3vM-E).\n\nA live demo is presented in [\"Space Age GitOps: Lifting off with Argo Promotions\"](https://www.youtube.com/watch?v=2JmLCqM1nTM).\n\nThe promotion gating system is detailed in [\"No More Pipelines: Reconciling Environment Promotion Via Commit Statuses\"](https://www.youtube.com/watch?v=Usi38ly1pe0).\n\n## Example\n\n```yaml\napiVersion: promoter.argoproj.io/v1alpha1\nkind: PromotionStrategy\nmetadata:\n  name: example-promotion-strategy\nspec:\n  gitRepositoryRef:\n    name: example-git-repo\n  activeCommitStatuses:\n    - key: argocd-app-health\n  proposedCommitStatuses:\n    - key: security-scan\n  environments:\n    - branch: environment/dev\n    - branch: environment/test\n    - branch: environment/prod\n      autoMerge: false\n      activeCommitStatuses:\n      - key: performance-test\n      proposedCommitStatuses:\n      - key: deployment-freeze\n```\n\n## Getting Started\n\nThe project is currently experimental, please use with caution. See the \n[docs site](https://gitops-promoter.readthedocs.io/en/latest/getting-started/) for setup instructions.\n\n## Contributing\n\nSee the  **[Contributing](https://gitops-promoter.readthedocs.io/en/latest/contributing/)** page in the documentation.\n\n## Roadmap\n\nPlanned features include:\n\n* Support for additional SCMs (such as Bitbucket Server)\n* Advanced promotion strategies (such as full DAG support)\n* Deployment window commit status support\n* Multiple instances per cluster for horizontal scaling, reduced blast radius, etc.\n\n## Users\n\nIf you're using GitOps Promoter, please add yourself to [USERS.md](USERS.md)!\n\nIf you're evaluating GitOps Promoter, we'd love to hear from you — please [open a discussion](https://github.com/argoproj-labs/gitops-promoter/discussions) to share your feedback.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fargoproj-labs%2Fgitops-promoter","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fargoproj-labs%2Fgitops-promoter","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fargoproj-labs%2Fgitops-promoter/lists"}