diff --git a/README.md b/README.md index bf624ff..cdf1360 100644 --- a/README.md +++ b/README.md @@ -28,7 +28,7 @@ k8s-gitops/ deployments/ levelbuilder/ # codeai deployment levelbuilder - deployment.yaml # envType=levelbuilder, branch=levelbuilder + deployment.yaml # envType=levelbuilder, targetRevision= values.yaml # values.yaml for this deployment: dashboard_workers=27, RAILS_ENV=levelbuilder, etc ... @@ -36,6 +36,11 @@ k8s-gitops/ levelbuilder.values.yaml # base values.yaml for all envType=levelbuilder ... + warehouses/ + codeai/ + builds/ # thin build-lock Freight records for Kargo + legacy-gitflow/ # legacy branch merge metadata used as promotion gates + kargo/ application.yaml # argocd app for kargo itself values.yaml # helm values for kargo install @@ -53,4 +58,3 @@ k8s-gitops/ ## Bootstrap Cluster kubectl apply -f apps/app-of-apps/applicationset.yaml - diff --git a/apps/codeai/README.md b/apps/codeai/README.md index 594080a..aeac8ed 100644 --- a/apps/codeai/README.md +++ b/apps/codeai/README.md @@ -1,3 +1,5 @@ This app's deployment definitions live under `deployments/`. -Docker image tag writeback is done by the GitHub Actions workflow [`k8s-commit-image-ref-to-argocd.yml`](https://github.com/code-dot-org/code-dot-org/blob/staging/.github/workflows/k8s-commit-image-ref-to-argocd.yml). +Kargo promotes thin build-lock records from `warehouses/codeai/builds/` and +updates each deployment's `targetRevision` plus deployment-specific `values.yaml` +image. diff --git a/apps/codeai/applicationset.yaml b/apps/codeai/applicationset.yaml index e367ef9..0f30283 100644 --- a/apps/codeai/applicationset.yaml +++ b/apps/codeai/applicationset.yaml @@ -20,7 +20,7 @@ spec: project: default sources: - repoURL: https://github.com/code-dot-org/code-dot-org.git - targetRevision: '{{sourceRevision}}' + targetRevision: '{{targetRevision}}' path: k8s/helm helm: releaseName: '{{path.basename}}' diff --git a/apps/codeai/deployments/k8s-adhoc/deployment.yaml b/apps/codeai/deployments/k8s-adhoc/deployment.yaml index c1e65bc..0bd7831 100644 --- a/apps/codeai/deployments/k8s-adhoc/deployment.yaml +++ b/apps/codeai/deployments/k8s-adhoc/deployment.yaml @@ -1,3 +1,3 @@ envType: staging namespace: adhoc-k8s-adhoc -branch: k8s/adhoc +targetRevision: k8s/adhoc diff --git a/apps/codeai/deployments/levelbuilder/deployment.yaml b/apps/codeai/deployments/levelbuilder/deployment.yaml new file mode 100644 index 0000000..cdd53fe --- /dev/null +++ b/apps/codeai/deployments/levelbuilder/deployment.yaml @@ -0,0 +1,3 @@ +envType: levelbuilder +namespace: levelbuilder +targetRevision: staging diff --git a/apps/codeai/deployments/levelbuilder/deployment.yaml.disabled b/apps/codeai/deployments/levelbuilder/deployment.yaml.disabled deleted file mode 100644 index 4d89839..0000000 --- a/apps/codeai/deployments/levelbuilder/deployment.yaml.disabled +++ /dev/null @@ -1,5 +0,0 @@ -envType: levelbuilder -namespace: levelbuilder -# FIXME: for quicker testing, avoid waiting on DTTs and DTPs, let alone DTLs. -# branch: levelbuilder -branch: staging diff --git a/apps/codeai/deployments/production/deployment.yaml b/apps/codeai/deployments/production/deployment.yaml new file mode 100644 index 0000000..bf72b18 --- /dev/null +++ b/apps/codeai/deployments/production/deployment.yaml @@ -0,0 +1,3 @@ +envType: production +namespace: production +targetRevision: staging diff --git a/apps/codeai/deployments/production/deployment.yaml.disabled b/apps/codeai/deployments/production/deployment.yaml.disabled deleted file mode 100644 index 37cafd5..0000000 --- a/apps/codeai/deployments/production/deployment.yaml.disabled +++ /dev/null @@ -1,5 +0,0 @@ -envType: production -namespace: production -# FIXME: for quicker testing, avoid waiting on DTTs and DTPs, let alone DTLs. -# branch: production -branch: staging diff --git a/apps/codeai/deployments/staging/deployment.yaml b/apps/codeai/deployments/staging/deployment.yaml index 30b6df2..c608d1a 100644 --- a/apps/codeai/deployments/staging/deployment.yaml +++ b/apps/codeai/deployments/staging/deployment.yaml @@ -1,3 +1,3 @@ envType: staging namespace: staging -branch: staging +targetRevision: staging diff --git a/apps/codeai/deployments/staging/values.yaml b/apps/codeai/deployments/staging/values.yaml index bc14481..c67e835 100644 --- a/apps/codeai/deployments/staging/values.yaml +++ b/apps/codeai/deployments/staging/values.yaml @@ -1,6 +1,5 @@ -image: ghcr.io/code-dot-org/code-dot-org:staging # updated by k8s-commit-image-ref-to-argocd.yml +image: ghcr.io/code-dot-org/code-dot-org:staging autoscaling: maxReplicas: 1 locals.yml: stack_name: staging -# argocd-detect-probe: k8s-gitops run 10 at 2026-03-22T10:10:09Z diff --git a/apps/codeai/deployments/test/deployment.yaml b/apps/codeai/deployments/test/deployment.yaml index 2539d0c..3ebe7a3 100644 --- a/apps/codeai/deployments/test/deployment.yaml +++ b/apps/codeai/deployments/test/deployment.yaml @@ -1,5 +1,3 @@ envType: test namespace: test -# FIXME: for quicker testing, avoid waiting on DTTs and DTPs, let alone DTLs. -# branch: test -branch: staging +targetRevision: staging diff --git a/apps/codeai/deployments/test/values.yaml b/apps/codeai/deployments/test/values.yaml index 4e3ce6c..42b9e34 100644 --- a/apps/codeai/deployments/test/values.yaml +++ b/apps/codeai/deployments/test/values.yaml @@ -1,4 +1,4 @@ -image: ghcr.io/code-dot-org/code-dot-org:test # updated by k8s-commit-image-ref-to-argocd.yml +image: ghcr.io/code-dot-org/code-dot-org:test autoscaling: maxReplicas: 1 locals.yml: diff --git a/apps/kargo-project-codeai/project-config.yaml b/apps/kargo-project-codeai/project-config.yaml index a303851..953b43c 100644 --- a/apps/kargo-project-codeai/project-config.yaml +++ b/apps/kargo-project-codeai/project-config.yaml @@ -9,6 +9,8 @@ spec: autoPromotionEnabled: true - stage: test autoPromotionEnabled: false + - stage: review-infra-changes + autoPromotionEnabled: false - stage: production autoPromotionEnabled: false - stage: levelbuilder diff --git a/apps/kargo-project-codeai/stages/levelbuilder.yaml b/apps/kargo-project-codeai/stages/levelbuilder.yaml index 305d668..a8163ed 100644 --- a/apps/kargo-project-codeai/stages/levelbuilder.yaml +++ b/apps/kargo-project-codeai/stages/levelbuilder.yaml @@ -7,7 +7,7 @@ spec: requestedFreight: - origin: kind: Warehouse - name: kargo-project-codeai + name: codeai-builds sources: stages: - test @@ -21,19 +21,55 @@ spec: config: repoURL: ${{ vars.gitopsRepo }} checkout: + - commit: ${{ commitFrom(vars.gitopsRepo, warehouse('codeai-builds')).ID }} + path: ./freight - branch: main path: ./gitops + - branch: main + path: ./gate + - uses: yaml-parse + as: build-lock + config: + path: ./freight/warehouses/codeai/builds/current.yaml + outputs: + - name: releaseId + fromExpression: releaseId + - name: gitCommit + fromExpression: gitCommit + - name: imageRef + fromExpression: image.ref + - name: packagingKind + fromExpression: packaging.kind + - name: sourcePath + fromExpression: packaging.sourcePath + - uses: yaml-parse + as: legacy-merge + config: + path: ./gate/warehouses/codeai/legacy-gitflow/levelbuilder/merged/${{ outputs['build-lock'].releaseId }}.yaml + outputs: + - name: revision + fromExpression: revision + - name: tag + fromExpression: tag + - name: mergedAt + fromExpression: mergedAt + - uses: yaml-update + config: + path: ./gitops/apps/codeai/deployments/levelbuilder/deployment.yaml + updates: + - key: targetRevision + value: ${{ outputs['build-lock'].gitCommit }} - uses: yaml-update config: path: ./gitops/apps/codeai/deployments/levelbuilder/values.yaml updates: - key: image - value: ghcr.io/code-dot-org/code-dot-org:${{ imageFrom("ghcr.io/code-dot-org/code-dot-org").Tag }} + value: ${{ outputs['build-lock'].imageRef }} - uses: git-commit config: path: ./gitops message: | - Promote levelbuilder to ${{ imageFrom("ghcr.io/code-dot-org/code-dot-org").Tag }} [skip ci] + Promote levelbuilder to ${{ outputs['build-lock'].releaseId }} [skip ci] - uses: git-push config: path: ./gitops diff --git a/apps/kargo-project-codeai/stages/production.yaml b/apps/kargo-project-codeai/stages/production.yaml index eac25f5..4e6b694 100644 --- a/apps/kargo-project-codeai/stages/production.yaml +++ b/apps/kargo-project-codeai/stages/production.yaml @@ -7,10 +7,10 @@ spec: requestedFreight: - origin: kind: Warehouse - name: kargo-project-codeai + name: codeai-builds sources: stages: - - test + - review-infra-changes promotionTemplate: spec: vars: @@ -21,19 +21,42 @@ spec: config: repoURL: ${{ vars.gitopsRepo }} checkout: + - commit: ${{ commitFrom(vars.gitopsRepo, warehouse('codeai-builds')).ID }} + path: ./freight - branch: main path: ./gitops + - uses: yaml-parse + as: build-lock + config: + path: ./freight/warehouses/codeai/builds/current.yaml + outputs: + - name: releaseId + fromExpression: releaseId + - name: gitCommit + fromExpression: gitCommit + - name: imageRef + fromExpression: image.ref + - name: packagingKind + fromExpression: packaging.kind + - name: sourcePath + fromExpression: packaging.sourcePath + - uses: yaml-update + config: + path: ./gitops/apps/codeai/deployments/production/deployment.yaml + updates: + - key: targetRevision + value: ${{ outputs['build-lock'].gitCommit }} - uses: yaml-update config: path: ./gitops/apps/codeai/deployments/production/values.yaml updates: - key: image - value: ghcr.io/code-dot-org/code-dot-org:${{ imageFrom("ghcr.io/code-dot-org/code-dot-org").Tag }} + value: ${{ outputs['build-lock'].imageRef }} - uses: git-commit config: path: ./gitops message: | - Promote production to ${{ imageFrom("ghcr.io/code-dot-org/code-dot-org").Tag }} [skip ci] + Promote production to ${{ outputs['build-lock'].releaseId }} [skip ci] - uses: git-push config: path: ./gitops diff --git a/apps/kargo-project-codeai/stages/review-infra-changes.yaml b/apps/kargo-project-codeai/stages/review-infra-changes.yaml new file mode 100644 index 0000000..8a6551a --- /dev/null +++ b/apps/kargo-project-codeai/stages/review-infra-changes.yaml @@ -0,0 +1,83 @@ +apiVersion: kargo.akuity.io/v1alpha1 +kind: Stage +metadata: + name: review-infra-changes + namespace: kargo-project-codeai +spec: + requestedFreight: + - origin: + kind: Warehouse + name: codeai-builds + sources: + stages: + - test + promotionTemplate: + spec: + vars: + - name: gitopsRepo + value: https://github.com/code-dot-org/k8s-gitops.git + steps: + - uses: git-clone + config: + repoURL: ${{ vars.gitopsRepo }} + checkout: + - commit: ${{ commitFrom(vars.gitopsRepo, warehouse('codeai-builds')).ID }} + path: ./freight + - branch: main + path: ./gitops + - branch: main + path: ./gate + - uses: yaml-parse + as: build-lock + config: + path: ./freight/warehouses/codeai/builds/current.yaml + outputs: + - name: releaseId + fromExpression: releaseId + - name: gitCommit + fromExpression: gitCommit + - name: imageRef + fromExpression: image.ref + - name: packagingKind + fromExpression: packaging.kind + - name: sourcePath + fromExpression: packaging.sourcePath + - uses: yaml-parse + as: legacy-merge + config: + path: ./gate/warehouses/codeai/legacy-gitflow/production/merged/${{ outputs['build-lock'].releaseId }}.yaml + outputs: + - name: revision + fromExpression: revision + - name: tag + fromExpression: tag + - name: mergedAt + fromExpression: mergedAt + - uses: yaml-update + config: + path: ./gitops/apps/codeai/deployments/production/deployment.yaml + updates: + - key: targetRevision + value: ${{ outputs['build-lock'].gitCommit }} + - uses: yaml-update + config: + path: ./gitops/apps/codeai/deployments/production/values.yaml + updates: + - key: image + value: ${{ outputs['build-lock'].imageRef }} + - uses: git-commit + config: + path: ./gitops + message: | + Review production update for ${{ outputs['build-lock'].releaseId }} [skip ci] + - uses: git-push + as: push + config: + path: ./gitops + generateTargetBranch: true + - uses: git-open-pr + config: + repoURL: https://github.com/code-dot-org/k8s-gitops.git + sourceBranch: ${{ outputs.push.branch }} + targetBranch: main + title: Review CodeAI production release ${{ outputs['build-lock'].releaseId }} diff --git a/apps/kargo-project-codeai/stages/staging.yaml b/apps/kargo-project-codeai/stages/staging.yaml index c986f62..6d679cc 100644 --- a/apps/kargo-project-codeai/stages/staging.yaml +++ b/apps/kargo-project-codeai/stages/staging.yaml @@ -7,7 +7,7 @@ spec: requestedFreight: - origin: kind: Warehouse - name: kargo-project-codeai + name: codeai-builds sources: direct: true promotionTemplate: @@ -20,19 +20,42 @@ spec: config: repoURL: ${{ vars.gitopsRepo }} checkout: + - commit: ${{ commitFrom(vars.gitopsRepo, warehouse('codeai-builds')).ID }} + path: ./freight - branch: main path: ./gitops + - uses: yaml-parse + as: build-lock + config: + path: ./freight/warehouses/codeai/builds/current.yaml + outputs: + - name: releaseId + fromExpression: releaseId + - name: gitCommit + fromExpression: gitCommit + - name: imageRef + fromExpression: image.ref + - name: packagingKind + fromExpression: packaging.kind + - name: sourcePath + fromExpression: packaging.sourcePath + - uses: yaml-update + config: + path: ./gitops/apps/codeai/deployments/staging/deployment.yaml + updates: + - key: targetRevision + value: ${{ outputs['build-lock'].gitCommit }} - uses: yaml-update config: path: ./gitops/apps/codeai/deployments/staging/values.yaml updates: - key: image - value: ghcr.io/code-dot-org/code-dot-org:${{ imageFrom("ghcr.io/code-dot-org/code-dot-org").Tag }} + value: ${{ outputs['build-lock'].imageRef }} - uses: git-commit config: path: ./gitops message: | - Promote staging to ${{ imageFrom("ghcr.io/code-dot-org/code-dot-org").Tag }} [skip ci] + Promote staging to ${{ outputs['build-lock'].releaseId }} [skip ci] - uses: git-push config: path: ./gitops diff --git a/apps/kargo-project-codeai/stages/test.yaml b/apps/kargo-project-codeai/stages/test.yaml index c029450..282cfca 100644 --- a/apps/kargo-project-codeai/stages/test.yaml +++ b/apps/kargo-project-codeai/stages/test.yaml @@ -7,7 +7,7 @@ spec: requestedFreight: - origin: kind: Warehouse - name: kargo-project-codeai + name: codeai-builds sources: stages: - staging @@ -21,19 +21,55 @@ spec: config: repoURL: ${{ vars.gitopsRepo }} checkout: + - commit: ${{ commitFrom(vars.gitopsRepo, warehouse('codeai-builds')).ID }} + path: ./freight - branch: main path: ./gitops + - branch: main + path: ./gate + - uses: yaml-parse + as: build-lock + config: + path: ./freight/warehouses/codeai/builds/current.yaml + outputs: + - name: releaseId + fromExpression: releaseId + - name: gitCommit + fromExpression: gitCommit + - name: imageRef + fromExpression: image.ref + - name: packagingKind + fromExpression: packaging.kind + - name: sourcePath + fromExpression: packaging.sourcePath + - uses: yaml-parse + as: legacy-merge + config: + path: ./gate/warehouses/codeai/legacy-gitflow/test/merged/${{ outputs['build-lock'].releaseId }}.yaml + outputs: + - name: revision + fromExpression: revision + - name: tag + fromExpression: tag + - name: mergedAt + fromExpression: mergedAt + - uses: yaml-update + config: + path: ./gitops/apps/codeai/deployments/test/deployment.yaml + updates: + - key: targetRevision + value: ${{ outputs['build-lock'].gitCommit }} - uses: yaml-update config: path: ./gitops/apps/codeai/deployments/test/values.yaml updates: - key: image - value: ghcr.io/code-dot-org/code-dot-org:${{ imageFrom("ghcr.io/code-dot-org/code-dot-org").Tag }} + value: ${{ outputs['build-lock'].imageRef }} - uses: git-commit config: path: ./gitops message: | - Promote test to ${{ imageFrom("ghcr.io/code-dot-org/code-dot-org").Tag }} [skip ci] + Promote test to ${{ outputs['build-lock'].releaseId }} [skip ci] - uses: git-push config: path: ./gitops diff --git a/apps/kargo-project-codeai/warehouse.yaml b/apps/kargo-project-codeai/warehouse.yaml index ff9ebe0..c42e27d 100644 --- a/apps/kargo-project-codeai/warehouse.yaml +++ b/apps/kargo-project-codeai/warehouse.yaml @@ -1,13 +1,12 @@ apiVersion: kargo.akuity.io/v1alpha1 kind: Warehouse metadata: - name: kargo-project-codeai + name: codeai-builds namespace: kargo-project-codeai spec: subscriptions: - - image: - repoURL: ghcr.io/code-dot-org/code-dot-org - ignoreTagsRegexes: - # Ignore single-platform images when we have a multiplatform option - - '.*-amd64$' - - '.*-arm64$' + - git: + repoURL: https://github.com/code-dot-org/k8s-gitops.git + branch: main + includePaths: + - warehouses/codeai/builds