#gitops (2023-08)

I just published a blog on medium about KCL and GitOps https://medium.com/@xpf6677/implementing-gitops-using-github-argo-cd-and-kcl-to-simplify-devops-ad7940bef50 Welcome to read and provide feedback

My company has dozens of application repos in with GitHub action pipelines push changes to other GitOps repos. I.e. Repo A1 pushes to repo A2, B1 > B2, C1 > C3, etc. What are the best practices for allowing application repos write access? We are thinking of either a) Use deploy keys. Each GitOps repo gets a unique key and then we add it as a secret to a corresponding app repo. b) Create a GitHub application and install it into every GitOps repo. And then add its private key to all application repos as a secret. This creates a problem with the key being exposed to many repositories though. As a workaround, we can create a microservice to dynamically generate GitHub installation tokens and never expose the key itself.