fix: Set namespace for AppProjects and repositories

[jannfis]

What does this PR do / why we need it:

The AppProject and Repository Credentials management of both agent and principal do not set the namespace properly. Thus, syncing those resources works only when principal and agent are running in the same namespace (i.e. "argocd" or similar).

This PR sets the namespace explicitly to the principal's or agent's namespace before trying to create/update/delete said resources.

Which issue(s) this PR fixes:

Fixes #570

How to test changes / Special notes to the reviewer:

Checklist

• Documentation update is required by this PR (and has been updated) OR no documentation update is required.

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 44.62%. Comparing base (a2a7a63) to head (0805ec9).

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #571      +/-   ##
==========================================
+ Coverage   44.52%   44.62%   +0.10%     
==========================================
  Files          90       90              
  Lines       11909    11926      +17     
==========================================
+ Hits         5302     5322      +20     
+ Misses       6174     6170       -4     
- Partials      433      434       +1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[chetan-rns]

Thanks! Should we also update the namespace before comparing the source UID? Otherwise it may try to fetch the resource from the agent's namespace.

argocd-agent/agent/inbound.go

Line 199 in a2a7a63

exists, sourceUIDMatch, err := a.projectManager.CompareSourceUID(a.context, incomingAppProject)

argocd-agent/agent/inbound.go

Line 284 in a2a7a63

exists, sourceUIDMatch, err = a.repoManager.CompareSourceUID(a.context, incomingRepo)

[gnunn1]

I'm testing this PR out and I wonder if I'm hitting this issue, I have the principal in openshift-gitops-principal and the agent in openshift-gitops on the same cluster. The AppProject doesn't get copied over to the Agents namespace and I see this message in the agent log:

time="2025-10-01T22:10:24Z" level=error msg="Unable to process incoming event" clientAddr="172.31.75.84:443" direction=Recv error="failed to validate source UID of appProject: appprojects.argoproj.io \"local-cluster\" is forbidden: User \"system:serviceaccount:openshift-gitops:argocd-agent-agent\" cannot get resource \"appprojects\" in API group \"argoproj.io\" in the namespace \"openshift-gitops-principal\"" event_id=local-cluster_7a8ac8fd-5fe9-4dc6-823d-f37c783b77ea_143200 module=StreamEvent resource_id=local-cluster_7a8ac8fd-5fe9-4dc6-823d-f37c783b77ea type=io.argoproj.argocd-agent.event.spec-update

I did build and deployed the agent from the branch with the fix.

[chetan-rns]

system:serviceaccount:openshift-gitops:argocd-agent-agent" cannot get resource "appprojects" in API group "argoproj.io" in the namespace "openshift-gitops-principal\

I think it's the same issue. The agent is trying to fetch the AppProject from the principal namespace instead of it's own agent namespace.

[chetan-rns]

Thanks! Added a small question. Everything else looks good to me.