feat: Preserve original tag when using digest strategy

[zc149]

Preserve original tag when using digest strategy

Summary

When using the digest strategy, Argo CD Image Updater replaces the image tag with the digest value (e.g. nginx:1.14.2 → nginx@sha256:xxxx).
This behavior ensures immutability but makes it difficult to know which tag was originally deployed.

This PR adds support for preserving the original tag by recording it as an annotation on the Application.

---

Motivation

• Digest strategy is useful for reproducibility, but it hides the original tag.
• Many users (myself included) found it inconvenient when debugging or reviewing Applications, since the human-friendly tag is lost.
• By storing the original tag as an annotation, users can:
  • Keep digest for immutability
  • See the original tag for readability and traceability

---

Implementation Details

• Added RecordOriginalTag helper in pkg/argocd/argocd.go

• Updated UpdateApplication in pkg/update/update.go to call RecordOriginalTag when strategy = digest

• Annotation key format:

• Example:

metadata:
  annotations:
    argocd-image-updater.argoproj.io/original-tag.nginx: "1.14.2"

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 82.70%. Comparing base (2c92bc8) to head (2a9b09d).

Additional details and impacted files

@@             Coverage Diff             @@
##           master    #1287       +/-   ##
===========================================
+ Coverage   70.85%   82.70%   +11.84%     
===========================================
  Files          45       22       -23     
  Lines        5178     1954     -3224     
===========================================
- Hits         3669     1616     -2053     
+ Misses       1344      282     -1062     
+ Partials      165       56      -109     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[chengfang]

How does this approach work with git write-back-method?

[zc149]

How does this approach work with git write-back-method?

Thank you for raising this question — that’s a great point.

@chengfang
To clarify: the main motivation for this change is specifically for the annotation write-back method (e.g. when using the ECR poll approach). In this mode, when the digest strategy is used, the original image tag gets replaced by the digest and the tag information is lost from the Application spec. Adding it back as an annotation helps preserve that information for better readability and troubleshooting.

For the git write-back method, I agree this isn’t really necessary. Since the tag remains in the Git repository manifests themselves, there is already a reliable source of truth and history for the tag. So in practice, this change is mostly relevant and useful only for the annotation-based flow.