Argo Refs code-dot-org Commit

README.md

@@ -28,14 +28,19 @@ k8s-gitops/
 
       deployments/
         levelbuilder/             # codeai deployment levelbuilder
-          deployment.yaml         # envType=levelbuilder, branch=levelbuilder
+          deployment.yaml         # envType=levelbuilder, targetRevision=<code-dot-org ref>
           values.yaml             # values.yaml for this deployment: dashboard_workers=27, RAILS_ENV=levelbuilder, etc
         ...
 
       envTypes/
         levelbuilder.values.yaml  # base values.yaml for all envType=levelbuilder
         ...
 
+    warehouses/
+      codeai/
+        builds/                   # thin build-lock Freight records for Kargo
+        legacy-gitflow/           # legacy branch merge metadata used as promotion gates
+
     kargo/
       application.yaml            # argocd app for kargo itself
       values.yaml                 # helm values for kargo install
@@ -53,4 +58,3 @@ k8s-gitops/
 ## Bootstrap Cluster
 
 kubectl apply -f apps/app-of-apps/applicationset.yaml
-

apps/codeai/README.md

@@ -1,3 +1,5 @@
 This app's deployment definitions live under `deployments/`.
 
-Docker image tag writeback is done by the GitHub Actions workflow [`k8s-commit-image-ref-to-argocd.yml`](https://github.com/code-dot-org/code-dot-org/blob/staging/.github/workflows/k8s-commit-image-ref-to-argocd.yml).
+Kargo promotes thin build-lock records from `warehouses/codeai/builds/` and
+updates each deployment's `targetRevision` plus deployment-specific `values.yaml`
+image.

apps/codeai/applicationset.yaml

@@ -20,7 +20,7 @@ spec:
       project: default
       sources:
         - repoURL: https://github.com/code-dot-org/code-dot-org.git
-          targetRevision: '{{sourceRevision}}'
+          targetRevision: '{{targetRevision}}'
           path: k8s/helm
           helm:
             releaseName: '{{path.basename}}'

apps/codeai/deployments/k8s-adhoc/deployment.yaml

@@ -1,3 +1,3 @@
 envType: staging
 namespace: adhoc-k8s-adhoc
-branch: k8s/adhoc
+targetRevision: k8s/adhoc

apps/codeai/deployments/levelbuilder/deployment.yaml

@@ -0,0 +1,3 @@
+envType: levelbuilder
+namespace: levelbuilder
+targetRevision: staging

apps/codeai/deployments/production/deployment.yaml

@@ -0,0 +1,3 @@
+envType: production
+namespace: production
+targetRevision: staging

apps/codeai/deployments/staging/deployment.yaml

@@ -1,3 +1,3 @@
 envType: staging
 namespace: staging
-branch: staging
+targetRevision: staging

apps/codeai/deployments/staging/values.yaml

@@ -1,6 +1,5 @@
-image: ghcr.io/code-dot-org/code-dot-org:staging # updated by k8s-commit-image-ref-to-argocd.yml
+image: ghcr.io/code-dot-org/code-dot-org:staging
 autoscaling:
   maxReplicas: 1
 locals.yml:
   stack_name: staging
-# argocd-detect-probe: k8s-gitops run 10 at 2026-03-22T10:10:09Z

apps/codeai/deployments/test/deployment.yaml

@@ -1,5 +1,3 @@
 envType: test
 namespace: test
-# FIXME: for quicker testing, avoid waiting on DTTs and DTPs, let alone DTLs.
-# branch: test
-branch: staging
+targetRevision: staging

apps/codeai/deployments/test/values.yaml

@@ -1,4 +1,4 @@
-image: ghcr.io/code-dot-org/code-dot-org:test # updated by k8s-commit-image-ref-to-argocd.yml
+image: ghcr.io/code-dot-org/code-dot-org:test
 autoscaling:
   maxReplicas: 1
 locals.yml:

apps/kargo-project-codeai/project-config.yaml

@@ -9,6 +9,8 @@ spec:
       autoPromotionEnabled: true
     - stage: test
       autoPromotionEnabled: false
+    - stage: review-infra-changes
+      autoPromotionEnabled: false
     - stage: production
       autoPromotionEnabled: false
     - stage: levelbuilder

apps/kargo-project-codeai/stages/levelbuilder.yaml

@@ -7,7 +7,7 @@ spec:
   requestedFreight:
     - origin:
         kind: Warehouse
-        name: kargo-project-codeai
+        name: codeai-builds
       sources:
         stages:
           - test
@@ -21,19 +21,55 @@ spec:
           config:
             repoURL: ${{ vars.gitopsRepo }}
             checkout:
+              - commit: ${{ commitFrom(vars.gitopsRepo, warehouse('codeai-builds')).ID }}
+                path: ./freight
               - branch: main
                 path: ./gitops
+              - branch: main
+                path: ./gate
+        - uses: yaml-parse
+          as: build-lock
+          config:
+            path: ./freight/warehouses/codeai/builds/current.yaml
+            outputs:
+              - name: releaseId
+                fromExpression: releaseId
+              - name: gitCommit
+                fromExpression: gitCommit
+              - name: imageRef
+                fromExpression: image.ref
+              - name: packagingKind
+                fromExpression: packaging.kind
+              - name: sourcePath
+                fromExpression: packaging.sourcePath
+        - uses: yaml-parse
+          as: legacy-merge
+          config:
+            path: ./gate/warehouses/codeai/legacy-gitflow/levelbuilder/merged/${{ outputs['build-lock'].releaseId }}.yaml
+            outputs:
+              - name: revision
+                fromExpression: revision
+              - name: tag
+                fromExpression: tag
+              - name: mergedAt
+                fromExpression: mergedAt
+        - uses: yaml-update
+          config:
+            path: ./gitops/apps/codeai/deployments/levelbuilder/deployment.yaml
+            updates:
+              - key: targetRevision
+                value: ${{ outputs['build-lock'].gitCommit }}
         - uses: yaml-update
           config:
             path: ./gitops/apps/codeai/deployments/levelbuilder/values.yaml
             updates:
               - key: image
-                value: ghcr.io/code-dot-org/code-dot-org:${{ imageFrom("ghcr.io/code-dot-org/code-dot-org").Tag }}
+                value: ${{ outputs['build-lock'].imageRef }}
         - uses: git-commit
           config:
             path: ./gitops
             message: |
-              Promote levelbuilder to ${{ imageFrom("ghcr.io/code-dot-org/code-dot-org").Tag }} [skip ci]
+              Promote levelbuilder to ${{ outputs['build-lock'].releaseId }} [skip ci]
         - uses: git-push
           config:
             path: ./gitops

apps/kargo-project-codeai/stages/production.yaml

@@ -7,10 +7,10 @@ spec:
   requestedFreight:
     - origin:
         kind: Warehouse
-        name: kargo-project-codeai
+        name: codeai-builds
       sources:
         stages:
-          - test
+          - review-infra-changes
   promotionTemplate:
     spec:
       vars:
@@ -21,19 +21,42 @@ spec:
           config:
             repoURL: ${{ vars.gitopsRepo }}
             checkout:
+              - commit: ${{ commitFrom(vars.gitopsRepo, warehouse('codeai-builds')).ID }}
+                path: ./freight
               - branch: main
                 path: ./gitops
+        - uses: yaml-parse
+          as: build-lock
+          config:
+            path: ./freight/warehouses/codeai/builds/current.yaml
+            outputs:
+              - name: releaseId
+                fromExpression: releaseId
+              - name: gitCommit
+                fromExpression: gitCommit
+              - name: imageRef
+                fromExpression: image.ref
+              - name: packagingKind
+                fromExpression: packaging.kind
+              - name: sourcePath
+                fromExpression: packaging.sourcePath
+        - uses: yaml-update
+          config:
+            path: ./gitops/apps/codeai/deployments/production/deployment.yaml
+            updates:
+              - key: targetRevision
+                value: ${{ outputs['build-lock'].gitCommit }}
         - uses: yaml-update
           config:
             path: ./gitops/apps/codeai/deployments/production/values.yaml
             updates:
               - key: image
-                value: ghcr.io/code-dot-org/code-dot-org:${{ imageFrom("ghcr.io/code-dot-org/code-dot-org").Tag }}
+                value: ${{ outputs['build-lock'].imageRef }}
         - uses: git-commit
           config:
             path: ./gitops
             message: |
-              Promote production to ${{ imageFrom("ghcr.io/code-dot-org/code-dot-org").Tag }} [skip ci]
+              Promote production to ${{ outputs['build-lock'].releaseId }} [skip ci]
         - uses: git-push
           config:
             path: ./gitops

apps/kargo-project-codeai/stages/review-infra-changes.yaml

@@ -0,0 +1,83 @@
+apiVersion: kargo.akuity.io/v1alpha1
+kind: Stage
+metadata:
+  name: review-infra-changes
+  namespace: kargo-project-codeai
+spec:
+  requestedFreight:
+    - origin:
+        kind: Warehouse
+        name: codeai-builds
+      sources:
+        stages:
+          - test
+  promotionTemplate:
+    spec:
+      vars:
+        - name: gitopsRepo
+          value: https://github.com/code-dot-org/k8s-gitops.git
+      steps:
+        - uses: git-clone
+          config:
+            repoURL: ${{ vars.gitopsRepo }}
+            checkout:
+              - commit: ${{ commitFrom(vars.gitopsRepo, warehouse('codeai-builds')).ID }}
+                path: ./freight
+              - branch: main
+                path: ./gitops
+              - branch: main
+                path: ./gate
+        - uses: yaml-parse
+          as: build-lock
+          config:
+            path: ./freight/warehouses/codeai/builds/current.yaml
+            outputs:
+              - name: releaseId
+                fromExpression: releaseId
+              - name: gitCommit
+                fromExpression: gitCommit
+              - name: imageRef
+                fromExpression: image.ref
+              - name: packagingKind
+                fromExpression: packaging.kind
+              - name: sourcePath
+                fromExpression: packaging.sourcePath
+        - uses: yaml-parse
+          as: legacy-merge
+          config:
+            path: ./gate/warehouses/codeai/legacy-gitflow/production/merged/${{ outputs['build-lock'].releaseId }}.yaml
+            outputs:
+              - name: revision
+                fromExpression: revision
+              - name: tag
+                fromExpression: tag
+              - name: mergedAt
+                fromExpression: mergedAt
+        - uses: yaml-update
+          config:
+            path: ./gitops/apps/codeai/deployments/production/deployment.yaml
+            updates:
+              - key: targetRevision
+                value: ${{ outputs['build-lock'].gitCommit }}
+        - uses: yaml-update
+          config:
+            path: ./gitops/apps/codeai/deployments/production/values.yaml
+            updates:
+              - key: image
+                value: ${{ outputs['build-lock'].imageRef }}
+        - uses: git-commit
+          config:
+            path: ./gitops
+            message: |
+              Review production update for ${{ outputs['build-lock'].releaseId }} [skip ci]
+        - uses: git-push
+          as: push
+          config:
+            path: ./gitops
+            generateTargetBranch: true
+        - uses: git-open-pr
+          config:
+            repoURL: https://github.com/code-dot-org/k8s-gitops.git
+            sourceBranch: ${{ outputs.push.branch }}
+            targetBranch: main
+            title: Review CodeAI production release ${{ outputs['build-lock'].releaseId }}

apps/kargo-project-codeai/stages/staging.yaml

@@ -7,7 +7,7 @@ spec:
   requestedFreight:
     - origin:
         kind: Warehouse
-        name: kargo-project-codeai
+        name: codeai-builds
       sources:
         direct: true
   promotionTemplate:
@@ -20,19 +20,42 @@ spec:
           config:
             repoURL: ${{ vars.gitopsRepo }}
             checkout:
+              - commit: ${{ commitFrom(vars.gitopsRepo, warehouse('codeai-builds')).ID }}
+                path: ./freight
               - branch: main
                 path: ./gitops
+        - uses: yaml-parse
+          as: build-lock
+          config:
+            path: ./freight/warehouses/codeai/builds/current.yaml
+            outputs:
+              - name: releaseId
+                fromExpression: releaseId
+              - name: gitCommit
+                fromExpression: gitCommit
+              - name: imageRef
+                fromExpression: image.ref
+              - name: packagingKind
+                fromExpression: packaging.kind
+              - name: sourcePath
+                fromExpression: packaging.sourcePath
+        - uses: yaml-update
+          config:
+            path: ./gitops/apps/codeai/deployments/staging/deployment.yaml
+            updates:
+              - key: targetRevision
+                value: ${{ outputs['build-lock'].gitCommit }}
         - uses: yaml-update
           config:
             path: ./gitops/apps/codeai/deployments/staging/values.yaml
             updates:
               - key: image
-                value: ghcr.io/code-dot-org/code-dot-org:${{ imageFrom("ghcr.io/code-dot-org/code-dot-org").Tag }}
+                value: ${{ outputs['build-lock'].imageRef }}
         - uses: git-commit
           config:
             path: ./gitops
             message: |
-              Promote staging to ${{ imageFrom("ghcr.io/code-dot-org/code-dot-org").Tag }} [skip ci]
+              Promote staging to ${{ outputs['build-lock'].releaseId }} [skip ci]
         - uses: git-push
           config:
             path: ./gitops