chore: Merge remote-tracking branch 'origin/main' into 'origin/develop'

App.go

@@ -18,7 +18,6 @@ package main
 
 import (
 	"context"
-	"crypto/tls"
 	"errors"
 	"fmt"
 	"github.com/devtron-labs/common-lib/middlewares"
@@ -68,7 +67,6 @@ type App struct {
 	// eventProcessor.CentralEventProcessor is used to register event processors
 	centralEventProcessor *eventProcessor.CentralEventProcessor // do not remove this.
 	// used for local dev only
-	serveTls                   bool
 	sessionManager2            *authMiddleware.SessionManager
 	OtelTracingService         *otel.OtelTracingServiceImpl
 	loggingMiddleware          util.LoggingMiddleware
@@ -99,7 +97,6 @@ func NewApp(router *router.MuxRouter,
 		Enforcer:                   enforcer,
 		EnforcerV2:                 enforcerV2,
 		db:                         db,
-		serveTls:                   false,
 		sessionManager2:            sessionManager2,
 		posthogClient:              posthogClient,
 		OtelTracingService:         otel.NewOtelTracingServiceImpl(Logger),
@@ -132,22 +129,7 @@ func (app *App) Start() {
 		app.MuxRouter.Router.Use(otelmux.Middleware(otel.OTEL_ORCHESTRASTOR_SERVICE_NAME))
 	}
 	app.server = server
-	var err error
-	if app.serveTls {
-		cert, err := tls.LoadX509KeyPair(
-			"localhost.crt",
-			"localhost.key",
-		)
-		if err != nil {
-			log.Fatal(err)
-		}
-		server.TLSConfig = &tls.Config{
-			Certificates: []tls.Certificate{cert},
-		}
-		err = server.ListenAndServeTLS("", "")
-	} else {
-		err = server.ListenAndServe()
-	}
+	err := server.ListenAndServe()
 	//err := http.ListenAndServe(fmt.Sprintf(":%d", port), auth.Authorizer(app.Enforcer, app.sessionManager)(app.MuxRouter.Router))
 	if err != nil && !errors.Is(err, http.ErrServerClosed) {
 		app.Logger.Errorw("error in startup", "err", err)

README.md

@@ -7,12 +7,12 @@ Note: We have restructured the readme. If you are looking for Devtron's CI/CD ca
   <source media="(prefers-color-scheme: light)"  srcset="./assets/devtron-lightmode-logo.png">
   <img width="333.333" height="260" src="./assets/devtron-logo-dark-light.png">
 </picture>
-<h1 align= "center">Kubernetes Dashboard for a Centralized DevOps Hub</h1>
+<h1 align= "center">The Kubernetes Platform That Eliminates Operational Chaos</h1>
 </p>
 
 <p align="center">
 <br>
-<a href="https://docs.dashboard.devtron.ai/" rel="nofollow"><strong>«Explore Documentation»</strong></a> <strong>||</strong>
+<a href="https://docs.devtron.ai/" rel="nofollow"><strong>«Explore Documentation»</strong></a> <strong>||</strong>
 <a href="https://preview.devtron.ai/dashboard/" rel="nofollow"><strong>«Try Devtron Demo»</strong></a>
 <br>
 <a href="https://devtron.ai/">Website</a>
@@ -56,7 +56,9 @@ Out of the box, Devtron's Kubernetes Dashboard includes:
 - [Single Sign On (SSO)](https://docs.dashboard.devtron.ai/operator-guide/authorization/sso-login-services) to simplify onboarding and authenticating team members.
 - [Fine Grained RBAC](https://docs.dashboard.devtron.ai/operator-guide/authorization) to control the level of access users have to different Dashboard and Cluster resources.
 
-[Devtron](#install-devtron) helps you deploy, observe, manage & debug existing Helm apps in all your clusters.
+[Devtron](#devtron-platform) helps you deploy, observe, manage & debug existing Helm apps in all your clusters.
+
+---
 
 ## Devtron Dashboard 
 
@@ -113,6 +115,8 @@ kubectl -n devtroncd get secret devtron-secret -o jsonpath='{.data.ACD_PASSWORD}
 
 Please refer to the document for more information on how to [access the Devtron Dashboard](https://docs.dashboard.devtron.ai/getting-started/install-devtron-dashboard).
 
+---
+
 ## Devtron Platform
 
 The Devtron Platform provides a complete solution for all DevOps requirements, helping to create a single centralized DevOps Platform for managing all applications across Kubernetes clusters. <br>
@@ -157,11 +161,39 @@ helm install devtron devtron/devtron-operator --namespace devtroncd \
 --set security.enabled=true  --set notifier.enabled=true  \
 --set security.trivy.enabled=true --set monitoring.grafana.enabled=true
 ```
-## :blue_heart: Technology
+
+---
+
+## Core Tools and Technologies
 
-Devtron is built on some of the most trusted and loved technologies:
-<br>
-<p align="center"><img width="70%" height="70%" src="./assets/we-support.jpg"></p>
+Here are the components that Devtron uses internally as part of its own architecture:
+
+| Logo     | Tool     | Purpose    | GitHub Repository   | License |
+| -------- | -------- | ---------- | ------------------- | ------- |
+| <img src="./assets/readme-logos/kubernetes.jpg" width="64px"> | **Kubernetes** | Core orchestration platform managing deployments, scaling, and container lifecycle automation.                                                                         | [kubernetes/kubernetes](https://github.com/kubernetes/kubernetes) | [Apache License 2.0](https://github.com/kubernetes/kubernetes/blob/master/LICENSE) |
+| <img src="./assets/readme-logos/golang.jpg" width="64px">     | **Golang**     | Backend language powering high-performance, scalable Devtron core services.                                                                           | [golang/go](https://github.com/golang/go)                         | [BSD 3-Clause License](https://github.com/golang/go/blob/master/LICENSE)           |
+| <img src="./assets/readme-logos/helm.jpg" width="64px">       | **Helm**       | Manages Kubernetes application packaging, versioning, and consistent deployment workflows.                                                                                           | [helm/helm](https://github.com/helm/helm)                         | [Apache License 2.0](https://github.com/helm/helm/blob/main/LICENSE)               |
+| <img src="./assets/readme-logos/trivy.jpg" width="64px">      | **Trivy**      | Ensures security by scanning vulnerabilities, misconfigurations, secrets, and SBOMs. | [aquasecurity/trivy](https://github.com/aquasecurity/trivy)       | [Apache License 2.0](https://github.com/aquasecurity/trivy/blob/main/LICENSE)      |
+| <img src="./assets/readme-logos/nats.jpg" width="64px">       | **NATS**       | Enables reliable, high-speed messaging between Devtron microservices and workflows.                                                     | [nats-io/nats-server](https://github.com/nats-io/nats-server)     | [Apache License 2.0](https://github.com/nats-io/nats-server/blob/main/LICENSE)     |
+| <img src="./assets/readme-logos/dex.jpg" width="64px">        | **Dex**        | Provides secure SSO integration with enterprise identity providers.                                                                       | [dexidp/dex](https://github.com/dexidp/dex)                       | [Apache License 2.0](https://github.com/dexidp/dex/blob/master/LICENSE)              |
+| <img src="./assets/readme-logos/casbin.jpg" width="64px">     | **Casbin**     | Enforces fine-grained RBAC policies for secure user authorization.                                                                             | [casbin/casbin](https://github.com/casbin/casbin)                 | [Apache License 2.0](https://github.com/casbin/casbin/blob/master/LICENSE)         |
+
+
+---
+
+## Optional Components
+
+Here are some of the optional components that Devtron supports:
+
+| Logo     | Tool     | Purpose    | GitHub Repository   | License |
+| -------- | -------- | ---------- | ------------------- | ------- |
+| <img src="./assets/readme-logos/argo.jpg" width="64px">                 | **Argo CD / Argo Workflows**       | Enables GitOps-based deployments and workflow automation within Devtron          | [argoproj/argo-cd](https://github.com/argoproj/argo-cd)                   | [Apache License 2.0](https://github.com/argoproj/argo-cd/blob/master/LICENSE)       |
+| <img src="./assets/readme-logos/clair.jpg" width="64px">                | **Clair**                          | Scans container images for known security vulnerabilities                    | [quay/clair](https://github.com/quay/clair)                               | [Apache License 2.0](https://github.com/quay/clair/blob/main/LICENSE)                 |
+| <img src="./assets/readme-logos/keda.jpg" width="64px">                 | **KEDA**                           | Enables event-driven autoscaling for Kubernetes applications                       | [kedacore/keda](https://github.com/kedacore/keda)                         | [Apache License 2.0](https://github.com/kedacore/keda/blob/main/LICENSE)            |
+| <img src="./assets/readme-logos/k8s_external_secrets.jpg" width="64px"> | **Kubernetes External Secrets**    | Syncs external secrets securely into Kubernetes clusters                           | [external-secrets/external-secrets](https://github.com/external-secrets/external-secrets) | [Apache License 2.0](https://github.com/external-secrets/external-secrets/blob/main/LICENSE) |
+| <img src="./assets/readme-logos/prometheus.jpg" width="64px">           | **Prometheus**                     | Collects metrics for monitoring, alerting, and performance insights               | [prometheus/prometheus](https://github.com/prometheus/prometheus)         | [Apache License 2.0](https://github.com/prometheus/prometheus/blob/main/LICENSE)      |
+
+---
 
 ## :question: FAQs & Troubleshooting
 
@@ -185,6 +217,8 @@ Get updates on Devtron's development and chat with project maintainers, contribu
 </a>
 </p>
 
+---
+
 ## :handshake: Contribute
 
 Check out our [contributing guidelines](CONTRIBUTING.md). Included, are directions for opening issues, coding standards, and notes on our development processes. We deeply appreciate your contribution.
@@ -198,10 +232,14 @@ We are deeply grateful to all our amazing contributors!
 <a href="https://github.com/devtron-labs/devtron/graphs/contributors">
  <img src="https://contrib.rocks/image?repo=devtron-labs/devtron" />
 </a>
+
+---
 
 ## :bug: Vulnerability Reporting
 
 We at Devtron, take security and our users' trust very seriously. If you believe you have found a security issue, please report it to <b>[email protected]</b>.
+
+---
 
 ## :bookmark: License
 

api/cluster/EnvironmentRestHandler.go

@@ -25,6 +25,7 @@ import (
 	"github.com/devtron-labs/devtron/pkg/cluster/environment/read"
 	"github.com/devtron-labs/devtron/util/commonEnforcementFunctionsUtil"
 	"net/http"
+	"regexp"
 	"strconv"
 	"strings"
 	"sync"
@@ -48,6 +49,12 @@ import (
 
 const ENV_DELETE_SUCCESS_RESP = "Environment deleted successfully."
 
+var (
+	// Regex patterns for environment name validation
+	envNameAlphanumericRegex = regexp.MustCompile(`^[a-z0-9-]+$`)
+	envNameLengthRegex       = regexp.MustCompile(`^.{1,16}$`)
+)
+
 type EnvironmentRestHandler interface {
 	Create(w http.ResponseWriter, r *http.Request)
 	Get(w http.ResponseWriter, r *http.Request)
@@ -106,6 +113,27 @@ func NewEnvironmentRestHandlerImpl(svc request.EnvironmentService, environmentRe
 	}
 }
 
+// validateEnvironmentName validates the environment name against multiple regex patterns
+// Note: Required validation is already handled by struct validation tag
+func (impl EnvironmentRestHandlerImpl) validateEnvironmentName(envName string) error {
+	// Validation 1: Use only lowercase alphanumeric characters or '-'
+	if !envNameAlphanumericRegex.MatchString(envName) {
+		return errors.New("Use only lowercase alphanumeric characters or '-'")
+	}
+
+	// Validation 2: Cannot start/end with '-'
+	if strings.HasPrefix(envName, "-") || strings.HasSuffix(envName, "-") {
+		return errors.New("Cannot start/end with '-'")
+	}
+
+	// Validation 3: Minimum 1 and Maximum 16 characters required
+	if !envNameLengthRegex.MatchString(envName) {
+		return errors.New("Minimum 1 and Maximum 16 characters required")
+	}
+
+	return nil
+}
+
 func (impl EnvironmentRestHandlerImpl) Create(w http.ResponseWriter, r *http.Request) {
 	decoder := json.NewDecoder(r.Body)
 	userId, err := impl.userService.GetLoggedInUser(r)
@@ -128,6 +156,13 @@ func (impl EnvironmentRestHandlerImpl) Create(w http.ResponseWriter, r *http.Req
 		common.WriteJsonResp(w, err, nil, http.StatusBadRequest)
 		return
 	}
+	// Validate environment name
+	err = impl.validateEnvironmentName(bean.Environment)
+	if err != nil {
+		impl.logger.Errorw("environment name validation err, Create", "err", err, "envName", bean.Environment)
+		common.WriteJsonResp(w, err, nil, http.StatusBadRequest)
+		return
+	}
 
 	// RBAC enforcer applying
 	token := r.Header.Get("token")

api/restHandler/app/pipeline/configure/DeploymentPipelineRestHandler.go

@@ -21,19 +21,21 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
+
 	models2 "github.com/devtron-labs/devtron/internal/sql/models"
 	bean4 "github.com/devtron-labs/devtron/pkg/auth/user/bean"
 	util3 "github.com/devtron-labs/devtron/pkg/auth/user/util"
 	bean3 "github.com/devtron-labs/devtron/pkg/chart/bean"
 
-	devtronAppGitOpConfigBean "github.com/devtron-labs/devtron/pkg/chart/gitOpsConfig/bean"
-	"github.com/devtron-labs/devtron/pkg/policyGovernance/security/imageScanning/repository"
 	"io"
 	"net/http"
 	"strconv"
 	"strings"
 	"time"
 
+	devtronAppGitOpConfigBean "github.com/devtron-labs/devtron/pkg/chart/gitOpsConfig/bean"
+	"github.com/devtron-labs/devtron/pkg/policyGovernance/security/imageScanning/repository"
+
 	bean2 "github.com/devtron-labs/devtron/api/bean"
 	"github.com/devtron-labs/devtron/api/restHandler/common"
 	"github.com/devtron-labs/devtron/internal/sql/repository/helper"
@@ -107,6 +109,7 @@ type DevtronAppDeploymentConfigRestHandler interface {
 	GetDefaultDeploymentPipelineStrategy(w http.ResponseWriter, r *http.Request)
 
 	EnvConfigOverrideCreateNamespace(w http.ResponseWriter, r *http.Request)
+	UpdateEmptyNamespaceInChartEnvConfigOverride(w http.ResponseWriter, r *http.Request)
 
 	DevtronAppDeploymentConfigRestHandlerEnt
 }
@@ -2062,6 +2065,36 @@ func (handler *PipelineConfigRestHandlerImpl) EnvConfigOverrideCreateNamespace(w
 	common.WriteJsonResp(w, err, createResp, http.StatusOK)
 }
 
+func (handler *PipelineConfigRestHandlerImpl) UpdateEmptyNamespaceInChartEnvConfigOverride(w http.ResponseWriter, r *http.Request) {
+	userId, err := handler.userAuthService.GetLoggedInUser(r)
+	if userId == 0 || err != nil {
+		common.HandleUnauthorized(w, r)
+		return
+	}
+	token := r.Header.Get("token")
+
+	// Check if user is super admin - this is a global operation
+	if ok := handler.enforcer.Enforce(token, casbin.ResourceGlobal, casbin.ActionUpdate, "*"); !ok {
+		common.WriteJsonResp(w, fmt.Errorf("unauthorized user"), "Unauthorized User", http.StatusForbidden)
+		return
+	}
+
+	handler.Logger.Infow("request received, UpdateEmptyNamespaceInChartEnvConfigOverride", "userId", userId)
+
+	count, err := handler.propertiesConfigService.UpdateEmptyNamespaceInChartEnvConfigOverride(userId)
+	if err != nil {
+		handler.Logger.Errorw("service err, UpdateEmptyNamespaceInChartEnvConfigOverride", "err", err)
+		common.WriteJsonResp(w, err, nil, http.StatusInternalServerError)
+		return
+	}
+
+	response := map[string]interface{}{
+		"message":      "Namespace updated successfully from environment table",
+		"updatedCount": count,
+	}
+	common.WriteJsonResp(w, nil, response, http.StatusOK)
+}
+
 func (handler *PipelineConfigRestHandlerImpl) IsReadyToTrigger(w http.ResponseWriter, r *http.Request) {
 	token := r.Header.Get("token")
 	vars := mux.Vars(r)

api/router/app/pipeline/configure/PipelineConfigRouter.go

@@ -124,6 +124,9 @@ func (router PipelineConfigRouterImpl) InitPipelineConfigRouter(configRouter *mu
 	configRouter.Path("/env/reset/{appId}/{environmentId}/{id}").HandlerFunc(router.restHandler.EnvConfigOverrideReset).Methods("DELETE")
 	configRouter.Path("/env/namespace/{appId}/{environmentId}").HandlerFunc(router.restHandler.EnvConfigOverrideCreateNamespace).Methods("POST")
 
+	// this api was made for issue :- https://github.com/devtron-labs/sprint-tasks/issues/2692
+	configRouter.Path("/env/namespace/populate-empty").HandlerFunc(router.restHandler.UpdateEmptyNamespaceInChartEnvConfigOverride).Methods("GET")
+
 	configRouter.Path("/cd-pipeline/workflow/history/{appId}/{environmentId}/{pipelineId}").HandlerFunc(router.restHandler.ListDeploymentHistory).Methods("GET")
 	configRouter.Path("/cd-pipeline/workflow/logs/{appId}/{environmentId}/{pipelineId}/{workflowId}").HandlerFunc(router.restHandler.GetPrePostDeploymentLogs).Methods("GET")
 	configRouter.Path("/cd-pipeline/workflow/trigger-info/{appId}/{environmentId}/{pipelineId}/{workflowRunnerId}").HandlerFunc(router.restHandler.FetchCdWorkflowDetails).Methods("GET")

go.mod

@@ -7,7 +7,7 @@ toolchain go1.24.7
 require (
 	github.com/Masterminds/semver v1.5.0
 	github.com/Pallinder/go-randomdata v1.2.0
-	github.com/argoproj/argo-cd/v2 v2.14.17
+	github.com/argoproj/argo-cd/v2 v2.14.20
 	github.com/argoproj/argo-workflows/v3 v3.5.13
 	github.com/argoproj/gitops-engine v0.7.1-0.20250521000818-c08b0a72c1f1
 	github.com/aws/aws-sdk-go v1.55.7
@@ -74,9 +74,9 @@ require (
 	go.opentelemetry.io/otel/sdk v1.36.0
 	go.opentelemetry.io/otel/trace v1.36.0
 	go.uber.org/zap v1.27.0
-	golang.org/x/crypto v0.40.0
+	golang.org/x/crypto v0.45.0
 	golang.org/x/exp v0.0.0-20250506013437-ce4c2cf36ca6
-	golang.org/x/mod v0.25.0
+	golang.org/x/mod v0.29.0
 	golang.org/x/oauth2 v0.30.0
 	google.golang.org/genproto/googleapis/api v0.0.0-20250519155744-55703ea1f237
 	google.golang.org/grpc v1.72.2
@@ -90,7 +90,7 @@ require (
 	k8s.io/client-go v0.33.3
 	k8s.io/helm v2.12.3+incompatible
 	k8s.io/kubectl v0.33.3
-	k8s.io/kubernetes v1.33.1
+	k8s.io/kubernetes v1.33.4
 	k8s.io/metrics v0.33.3
 	k8s.io/utils v0.0.0-20250502105355-0f33e8f1c979
 	sigs.k8s.io/yaml v1.5.0
@@ -231,11 +231,11 @@ require (
 	go.opentelemetry.io/otel/metric v1.36.0 // indirect
 	go.opentelemetry.io/proto/otlp v1.6.0 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
-	golang.org/x/net v0.41.0 // indirect
-	golang.org/x/sync v0.16.0 // indirect
-	golang.org/x/sys v0.34.0 // indirect
-	golang.org/x/term v0.33.0 // indirect
-	golang.org/x/text v0.27.0 // indirect
+	golang.org/x/net v0.47.0 // indirect
+	golang.org/x/sync v0.18.0 // indirect
+	golang.org/x/sys v0.38.0 // indirect
+	golang.org/x/term v0.37.0 // indirect
+	golang.org/x/text v0.31.0 // indirect
 	golang.org/x/time v0.11.0 // indirect
 	google.golang.org/api v0.234.0 // indirect
 	google.golang.org/genproto v0.0.0-20250519155744-55703ea1f237 // indirect
@@ -329,7 +329,7 @@ require (
 	go.opentelemetry.io/otel/sdk/metric v1.36.0 // indirect
 	go.yaml.in/yaml/v2 v2.4.2 // indirect
 	go.yaml.in/yaml/v3 v3.0.3 // indirect
-	golang.org/x/tools v0.34.0 // indirect
+	golang.org/x/tools v0.38.0 // indirect
 	gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
 	k8s.io/controller-manager v0.33.0 // indirect
 	sigs.k8s.io/randfill v1.0.0 // indirect
@@ -338,7 +338,7 @@ require (
 replace (
 	github.com/argoproj/argo-workflows/v3 v3.5.13 => github.com/devtron-labs/argo-workflows/v3 v3.5.13
 	github.com/cyphar/filepath-securejoin v0.4.1 => github.com/cyphar/filepath-securejoin v0.3.6 // indirect
-	github.com/devtron-labs/authenticator => github.com/devtron-labs/devtron-services/authenticator v0.0.0-20251104083107-f40094ec69d7
-	github.com/devtron-labs/common-lib => github.com/devtron-labs/devtron-services/common-lib v0.0.0-20251104083107-f40094ec69d7
+	github.com/devtron-labs/authenticator => github.com/devtron-labs/devtron-services/authenticator v0.0.0-20251208113217-e733437afcfe
+	github.com/devtron-labs/common-lib => github.com/devtron-labs/devtron-services/common-lib v0.0.0-20251208113217-e733437afcfe
 	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.61.0 => go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.46.1
 )