From 2eab9bd80b78e3f775553795742cded6ef68cd2c Mon Sep 17 00:00:00 2001
From: "franz.germann" <franz.germann@telekom.de>
Date: Fri, 15 Aug 2025 15:10:55 +0200
Subject: [PATCH] feat(sso): configure sso for ArgoCD

---
 template/stacks/core/argocd/values.yaml | 13 +++++++++++--
 template/stacks/core/dex/values.yaml    |  2 +-
 2 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/template/stacks/core/argocd/values.yaml b/template/stacks/core/argocd/values.yaml
index dfb7f96..d197745 100644
--- a/template/stacks/core/argocd/values.yaml
+++ b/template/stacks/core/argocd/values.yaml
@@ -5,6 +5,16 @@ configs:
   params:
     server.insecure: true
   cm:
+    oidc.config: |
+      name: FORGEJO
+      issuer: https://{{{ .Env.DOMAIN_DEX }}}
+      clientID: controller-argocd-dex
+      clientSecret: $dex-argo-client:clientSecret
+      requestedScopes:
+      - openid
+      - profile
+      - email
+      - groups
     application.resourceTrackingMethod: annotation
     timeout.reconciliation: 60s
     resource.exclusions: |
@@ -18,10 +28,9 @@ configs:
         - CiliumIdentity
         clusters:
         - "*"
-    accounts.provider-argocd: apiKey
     url: https://{{{ .Env.DOMAIN_ARGOCD }}}
   rbac:
-    policy.csv: 'g, provider-argocd, role:admin'
+    policy.csv: 'g, DevFW, role:admin'
 
   tls:
     certificates:
diff --git a/template/stacks/core/dex/values.yaml b/template/stacks/core/dex/values.yaml
index 04106e3..c6f8b1c 100644
--- a/template/stacks/core/dex/values.yaml
+++ b/template/stacks/core/dex/values.yaml
@@ -67,7 +67,7 @@ config:
     - id: controller-argocd-dex
       name: ArgoCD Client
       redirectURIs:
-        - "http://{{{ .Env.DOMAIN_ARGOCD }}}/auth/callback"
+        - "https://{{{ .Env.DOMAIN_ARGOCD }}}/auth/callback"
       secretEnv: "OIDC_DEX_ARGO_CLIENT_SECRET"
     - id: grafana
       redirectURIs: