argoproj/argo-cd
Commit server
argocd-commit-server is a small gRPC service that receives hydrated manifests from the application controller and commits them to a destination Git repository. It is the writeback half of the manifest hydrator.
Purpose
- Accept rendered ("hydrated") manifests from the application controller.
- Authenticate against a Git repository using the same credential system as the repo server.
- Push the manifests to a hydrated branch (e.g.,
env/staging), opening or updating a commit so syncs can be replayed deterministically.
Where it lives
| Path | Purpose |
|---|---|
cmd/argocd-commit-server/commands/ |
Binary entry point. |
commitserver/server.go |
gRPC server type and listener. |
commitserver/commit/ |
Commit logic — clone, write files, sign, push. |
commitserver/apiclient/ |
gRPC client for the controller to use. |
commitserver/metrics/ |
Prometheus metrics. |
util/hydrator/hydrator.go |
Library used by the controller for hydration prep. |
How it works
sequenceDiagram
participant Ctrl as application controller
participant Hyd as util/hydrator
participant CommitSrv as argocd-commit-server
participant Git
Ctrl->>Hyd: Hydrate(source revision)
Hyd-->>Ctrl: Rendered manifests + metadata
Ctrl->>CommitSrv: CommitHydratedManifests(repo, branch, files)
CommitSrv->>Git: Clone/fetch
CommitSrv->>CommitSrv: Write files
CommitSrv->>Git: Commit + push (signed if configured)
CommitSrv-->>Ctrl: Hydrated revision
Ctrl->>Ctrl: Sync from hydrated branchWhy a separate server?
Hydration commits Git on the cluster operator's behalf. Isolating that responsibility:
- Lets ops teams give the commit server a different, narrower set of Git credentials than the repo server.
- Keeps the controller from doing blocking Git pushes inside the reconciler hot path.
- Keeps the repo server stateless and read-only.
Configuration
The commit server is started from cmd/argocd-commit-server/commands/. Flags include the listen port and metrics endpoint. Credentials are sourced from the same Repository/RepoCreds Secrets used by the repo server. Signing keys, when configured, come from a Secret mounted into the pod.
When the commit server runs
The hydrator is opt-in. The application controller's --hydrator-enabled flag and the per-Application spec.sourceHydrator block decide whether the controller talks to the commit server at all. Installs that disable the hydrator do not need this binary; the manifests/install.yaml (without -with-hydrator) does not include it.
Entry points for modification
- Change commit author/signing logic →
commitserver/commit/. - Add a new credential mode → mirror what
util/git/creds.gosupports. - Tweak push retry/backoff behavior →
commitserver/commit/.
See features/manifest-hydrator for the user-visible behavior.
Built by Factory AutoWiki from public repository content. It is a generated preview for codebase exploration, not source-maintained documentation.