Custom Script Support for Promotion Steps

[hadi2f244]

Checklist

• I've searched the issue queue to verify this is not a duplicate feature request.
• I've pasted the output of kargo version, if applicable.
• I've pasted logs, if applicable.

Proposed Feature

I would like to propose a new feature that allows the use of custom bash or script steps in the promotion process. This would enable users to integrate complex scripts that are not currently supported by the existing promotion steps, such as those involving intricate loops and conditional statements.

Motivation

The current promotion steps outlined in the documentation (https://docs.kargo.io/references/promotion-steps/) do not support more complex scripting needs that some users might have, including myself. For example, I have some Python and Bash scripts in my CI that perform tasks more complicated than simply copying a file or updating a YAML file. Allowing custom script steps would provide the flexibility needed to handle these advanced use cases seamlessly within Kargo.

Suggested Implementation

I suggest implementing a new feature that allows users to run custom scripts (e.g., Bash or Python) as part of the promotion process. This could involve adding a new promotion step type where users can specify their script, and Kargo would execute it in the appropriate context. This approach would enable users to leverage existing scripts in their CI/CD pipelines without needing to re-write or significantly modify them to fit into the current promotion step framework.

[krancour]

This is something that's out of the question on security grounds until we have done the prerequisite work of isolating steps to their own pods (or something along those lines). And that is a high priority item for us.

Until that time, allowing execution of arbitrary, user-defined scripts is an extremely dangerous proposition.

[hadi2f244]

Thanks. I understand what you say.
Another option is integration with CI tools or runners(e.g gitlab-runner، k8s job, podmam or argo workflow) that have already solved the isolation part.
Instead of implementing all possible Gitops continues promotion ways on Kargo, it is better to use already created tools.

[krancour]

I'm afraid what you're suggesting doesn't exactly align with our vision. Kargo was created with the belief that cobbling together CD pipelines using CI tools wasn't serving us well. CI platforms are very good at what they were intended for -- testing code and building artifacts. It does these synchronously and aims to complete them as quickly as possible.

CD workflows, on the other hand, are often far more asynchronous, complex, and long-running. CI platforms do not serve such use cases well. If you cobble something together using CI tools, your "pipeline" is spaghetti where parts of it are here, parts of it are there, and there's no single pane of glass you can look at to understand what's going on comprehensively at all stages of your application's lifecycle. Kargo aims to overcome those challenges rather than exacerbate them.

We would much prefer to solve the isolation problem ourselves, and as I mentioned, it is a high priority thing for us.