Digest Update Strategy Incorrectly Adding "Latest" Tag

[patajones]

Describe the bug I'm experiencing an issue with the ArgoCD Image Updater when using the digest update strategy. The problem occurs when the image tag is set incorrectly to "latest@sha256:" instead of the expected "@sha256:" or "develop@sha256:". There is no "latest" image with the given hash.

To Reproduce Steps to reproduce the behavior:

1. Configure the ArgoCD Image Updater with the following annotations:

   annotations:
   argocd-image-updater.argoproj.io/write-back-method: git
   argocd-image-updater.argoproj.io/image-list: my-service=my.registry.com/project/my-service:develop
   argocd-image-updater.argoproj.io/my-service.helm.image-name: my-service.image.name
   argocd-image-updater.argoproj.io/my-service.helm.image-tag: my-service.image.tag
   argocd-image-updater.argoproj.io/my-service.update-strategy: digest

2. Push a new image to the registry with the tag "develop".
3. Observe the updated image parameters in the .argocd-source-<appName>.yaml file

Expected behavior

The expected image tag in the parameter file should be:

- name: my-service.image.tag
  value: @sha256:603a0a9768b20bc4e3494361788cb0aec4ca7239dfec93db44f2593a50ad029a
  forcestring: true

or at most:

- name: my-service.image.tag
  value: develop@sha256:603a0a9768b20bc4e3494361788cb0aec4ca7239dfec93db44f2593a50ad029a
  forcestring: true

but the image tag in the parameter foi a

- name: my-service.image.tag
  value: latest@sha256:603a0a9768b20bc4e3494361788cb0aec4ca7239dfec93db44f2593a50ad029a
  forcestring: true

Additional context I also tried using the annotation argocd-image-updater.argoproj.io/my-service.image.allow-tags: regexp:^develop$, but the same error occurred.

Version argocd 6.7.18 argocd-image-updater 8.9.7

Logs

[jannfis]

Does this bug actually have impact, or is it just cosmetics?

IIRC, when using a digest, the container engine will ignore whatever is specified in the tag.