From a44827781b17bfb8ffbf2d195404cddcfab98418 Mon Sep 17 00:00:00 2001 From: Seth Nickell Date: Sun, 22 Mar 2026 20:55:49 -1000 Subject: [PATCH 1/4] Use rendered stage branches for CodeAI promotions --- apps/codeai/README.md | 12 ++- apps/codeai/applicationset.yaml | 25 +++-- .../deployments/levelbuilder/deployment.yaml | 2 + .../levelbuilder/deployment.yaml.disabled | 5 - .../deployments/production/deployment.yaml | 2 + .../production/deployment.yaml.disabled | 5 - .../codeai/deployments/production/values.yaml | 2 +- .../deployments/staging/deployment.yaml | 1 - apps/codeai/deployments/staging/values.yaml | 3 +- apps/codeai/deployments/test/deployment.yaml | 3 - apps/codeai/deployments/test/values.yaml | 2 +- apps/kargo-project-codeai/project-config.yaml | 6 +- .../stages/levelbuilder.yaml | 62 ++++++++++-- .../stages/production.yaml | 31 +++--- .../stages/review-infra-changes.yaml | 98 +++++++++++++++++++ apps/kargo-project-codeai/stages/staging.yaml | 62 ++++++++++-- apps/kargo-project-codeai/stages/test.yaml | 72 ++++++++++++-- .../test-rollout-analysis-template.yaml | 32 ++++++ apps/kargo-project-codeai/warehouse.yaml | 15 ++- 19 files changed, 367 insertions(+), 73 deletions(-) create mode 100644 apps/codeai/deployments/levelbuilder/deployment.yaml delete mode 100644 apps/codeai/deployments/levelbuilder/deployment.yaml.disabled create mode 100644 apps/codeai/deployments/production/deployment.yaml delete mode 100644 apps/codeai/deployments/production/deployment.yaml.disabled create mode 100644 apps/kargo-project-codeai/stages/review-infra-changes.yaml create mode 100644 apps/kargo-project-codeai/test-rollout-analysis-template.yaml diff --git a/apps/codeai/README.md b/apps/codeai/README.md index 594080a..26a2391 100644 --- a/apps/codeai/README.md +++ b/apps/codeai/README.md @@ -1,3 +1,11 @@ -This app's deployment definitions live under `deployments/`. +CodeAI now uses rendered stage branches. -Docker image tag writeback is done by the GitHub Actions workflow [`k8s-commit-image-ref-to-argocd.yml`](https://github.com/code-dot-org/code-dot-org/blob/staging/.github/workflows/k8s-commit-image-ref-to-argocd.yml). +- `main` keeps deployment metadata and env policy under `apps/codeai/`. +- Kargo renders manifests from the promoted `code-dot-org` commit plus the + matching immutable image tag. +- Argo CD deploys those rendered manifests from `stage/staging`, + `stage/test`, `stage/levelbuilder`, and `stage/production`. +- No synthetic `warehouses/codeai/` release record is written back into + `k8s-gitops`. + +The `k8s-adhoc` deployment remains outside this rendered-branch flow. diff --git a/apps/codeai/applicationset.yaml b/apps/codeai/applicationset.yaml index e367ef9..4bb0bfa 100644 --- a/apps/codeai/applicationset.yaml +++ b/apps/codeai/applicationset.yaml @@ -9,27 +9,26 @@ spec: repoURL: https://github.com/code-dot-org/k8s-gitops.git revision: main files: - - path: apps/codeai/deployments/*/deployment.yaml + - path: apps/codeai/deployments/staging/deployment.yaml + - path: apps/codeai/deployments/test/deployment.yaml + - path: apps/codeai/deployments/levelbuilder/deployment.yaml + - path: apps/codeai/deployments/production/deployment.yaml template: metadata: name: codeai-{{path.basename}} + annotations: + kargo.akuity.io/authorized-stage: kargo-project-codeai:{{path.basename}} labels: app.kubernetes.io/managed-by: kargo kargo.akuity.io/project: kargo-project-codeai spec: project: default - sources: - - repoURL: https://github.com/code-dot-org/code-dot-org.git - targetRevision: '{{sourceRevision}}' - path: k8s/helm - helm: - releaseName: '{{path.basename}}' - valueFiles: - - $values/apps/codeai/envTypes/{{envType}}.values.yaml - - $values/apps/codeai/deployments/{{path.basename}}/values.yaml - - repoURL: https://github.com/code-dot-org/k8s-gitops.git - targetRevision: main - ref: values + source: + repoURL: https://github.com/code-dot-org/k8s-gitops.git + targetRevision: stage/{{path.basename}} + path: apps/codeai/deployments/{{path.basename}}/deploy + directory: + recurse: true destination: server: https://kubernetes.default.svc namespace: '{{namespace}}' diff --git a/apps/codeai/deployments/levelbuilder/deployment.yaml b/apps/codeai/deployments/levelbuilder/deployment.yaml new file mode 100644 index 0000000..2458871 --- /dev/null +++ b/apps/codeai/deployments/levelbuilder/deployment.yaml @@ -0,0 +1,2 @@ +envType: levelbuilder +namespace: levelbuilder diff --git a/apps/codeai/deployments/levelbuilder/deployment.yaml.disabled b/apps/codeai/deployments/levelbuilder/deployment.yaml.disabled deleted file mode 100644 index 4d89839..0000000 --- a/apps/codeai/deployments/levelbuilder/deployment.yaml.disabled +++ /dev/null @@ -1,5 +0,0 @@ -envType: levelbuilder -namespace: levelbuilder -# FIXME: for quicker testing, avoid waiting on DTTs and DTPs, let alone DTLs. -# branch: levelbuilder -branch: staging diff --git a/apps/codeai/deployments/production/deployment.yaml b/apps/codeai/deployments/production/deployment.yaml new file mode 100644 index 0000000..5009269 --- /dev/null +++ b/apps/codeai/deployments/production/deployment.yaml @@ -0,0 +1,2 @@ +envType: production +namespace: production diff --git a/apps/codeai/deployments/production/deployment.yaml.disabled b/apps/codeai/deployments/production/deployment.yaml.disabled deleted file mode 100644 index 37cafd5..0000000 --- a/apps/codeai/deployments/production/deployment.yaml.disabled +++ /dev/null @@ -1,5 +0,0 @@ -envType: production -namespace: production -# FIXME: for quicker testing, avoid waiting on DTTs and DTPs, let alone DTLs. -# branch: production -branch: staging diff --git a/apps/codeai/deployments/production/values.yaml b/apps/codeai/deployments/production/values.yaml index 990a7fd..64c472a 100644 --- a/apps/codeai/deployments/production/values.yaml +++ b/apps/codeai/deployments/production/values.yaml @@ -1,4 +1,4 @@ -image: ghcr.io/code-dot-org/code-dot-org:production +image: ghcr.io/code-dot-org/code-dot-org:replace-me autoscaling: minReplicas: 1 maxReplicas: 1 diff --git a/apps/codeai/deployments/staging/deployment.yaml b/apps/codeai/deployments/staging/deployment.yaml index 30b6df2..5ca0295 100644 --- a/apps/codeai/deployments/staging/deployment.yaml +++ b/apps/codeai/deployments/staging/deployment.yaml @@ -1,3 +1,2 @@ envType: staging namespace: staging -branch: staging diff --git a/apps/codeai/deployments/staging/values.yaml b/apps/codeai/deployments/staging/values.yaml index bc14481..be91640 100644 --- a/apps/codeai/deployments/staging/values.yaml +++ b/apps/codeai/deployments/staging/values.yaml @@ -1,6 +1,5 @@ -image: ghcr.io/code-dot-org/code-dot-org:staging # updated by k8s-commit-image-ref-to-argocd.yml +image: ghcr.io/code-dot-org/code-dot-org:replace-me autoscaling: maxReplicas: 1 locals.yml: stack_name: staging -# argocd-detect-probe: k8s-gitops run 10 at 2026-03-22T10:10:09Z diff --git a/apps/codeai/deployments/test/deployment.yaml b/apps/codeai/deployments/test/deployment.yaml index 2539d0c..089b285 100644 --- a/apps/codeai/deployments/test/deployment.yaml +++ b/apps/codeai/deployments/test/deployment.yaml @@ -1,5 +1,2 @@ envType: test namespace: test -# FIXME: for quicker testing, avoid waiting on DTTs and DTPs, let alone DTLs. -# branch: test -branch: staging diff --git a/apps/codeai/deployments/test/values.yaml b/apps/codeai/deployments/test/values.yaml index 4e3ce6c..6706c2f 100644 --- a/apps/codeai/deployments/test/values.yaml +++ b/apps/codeai/deployments/test/values.yaml @@ -1,4 +1,4 @@ -image: ghcr.io/code-dot-org/code-dot-org:test # updated by k8s-commit-image-ref-to-argocd.yml +image: ghcr.io/code-dot-org/code-dot-org:replace-me autoscaling: maxReplicas: 1 locals.yml: diff --git a/apps/kargo-project-codeai/project-config.yaml b/apps/kargo-project-codeai/project-config.yaml index a303851..de77915 100644 --- a/apps/kargo-project-codeai/project-config.yaml +++ b/apps/kargo-project-codeai/project-config.yaml @@ -9,7 +9,9 @@ spec: autoPromotionEnabled: true - stage: test autoPromotionEnabled: false - - stage: production - autoPromotionEnabled: false - stage: levelbuilder autoPromotionEnabled: false + - stage: review-infra-changes + autoPromotionEnabled: false + - stage: production + autoPromotionEnabled: false diff --git a/apps/kargo-project-codeai/stages/levelbuilder.yaml b/apps/kargo-project-codeai/stages/levelbuilder.yaml index 305d668..6d10eb0 100644 --- a/apps/kargo-project-codeai/stages/levelbuilder.yaml +++ b/apps/kargo-project-codeai/stages/levelbuilder.yaml @@ -16,24 +16,74 @@ spec: vars: - name: gitopsRepo value: https://github.com/code-dot-org/k8s-gitops.git + - name: sourceRepo + value: https://github.com/code-dot-org/code-dot-org.git + - name: imageRepo + value: ghcr.io/code-dot-org/code-dot-org + - name: deployment + value: levelbuilder + - name: envType + value: levelbuilder + - name: namespace + value: levelbuilder + - name: releaseName + value: levelbuilder + - name: targetBranch + value: stage/levelbuilder + - name: renderPath + value: ./out/apps/codeai/deployments/levelbuilder/deploy/manifests.yaml steps: - uses: git-clone config: repoURL: ${{ vars.gitopsRepo }} checkout: - branch: main - path: ./gitops + path: ./meta + sparse: + - apps/codeai + - branch: ${{ vars.targetBranch }} + create: true + path: ./out + - uses: git-clone + config: + repoURL: ${{ vars.sourceRepo }} + checkout: + - commit: ${{ commitFrom(vars.sourceRepo).ID }} + path: ./src + sparse: + - k8s/helm + - uses: git-clear + config: + path: ./out - uses: yaml-update config: - path: ./gitops/apps/codeai/deployments/levelbuilder/values.yaml + path: ./meta/apps/codeai/deployments/${{ vars.deployment }}/values.yaml updates: - key: image - value: ghcr.io/code-dot-org/code-dot-org:${{ imageFrom("ghcr.io/code-dot-org/code-dot-org").Tag }} + value: ${{ imageFrom(vars.imageRepo).RepoURL }}:${{ imageFrom(vars.imageRepo).Tag }} + - uses: helm-template + config: + path: ./src/k8s/helm + releaseName: ${{ vars.releaseName }} + namespace: ${{ vars.namespace }} + valuesFiles: + - ./meta/apps/codeai/envTypes/${{ vars.envType }}.values.yaml + - ./meta/apps/codeai/deployments/${{ vars.deployment }}/values.yaml + outPath: ${{ vars.renderPath }} - uses: git-commit + as: commit config: - path: ./gitops + path: ./out message: | - Promote levelbuilder to ${{ imageFrom("ghcr.io/code-dot-org/code-dot-org").Tag }} [skip ci] + Render levelbuilder for ${{ commitFrom(vars.sourceRepo).ID }} with ${{ imageFrom(vars.imageRepo).Tag }} - uses: git-push config: - path: ./gitops + path: ./out + targetBranch: ${{ vars.targetBranch }} + - uses: argocd-update + config: + apps: + - name: codeai-levelbuilder + sources: + - repoURL: ${{ vars.gitopsRepo }} + desiredRevision: ${{ outputs.commit.commit }} diff --git a/apps/kargo-project-codeai/stages/production.yaml b/apps/kargo-project-codeai/stages/production.yaml index eac25f5..fefb95f 100644 --- a/apps/kargo-project-codeai/stages/production.yaml +++ b/apps/kargo-project-codeai/stages/production.yaml @@ -10,30 +10,29 @@ spec: name: kargo-project-codeai sources: stages: - - test + - review-infra-changes promotionTemplate: spec: vars: - name: gitopsRepo value: https://github.com/code-dot-org/k8s-gitops.git + - name: targetBranch + value: stage/production steps: - uses: git-clone + as: gitops config: repoURL: ${{ vars.gitopsRepo }} checkout: - - branch: main - path: ./gitops - - uses: yaml-update + - as: production + branch: ${{ vars.targetBranch }} + path: ./out + sparse: + - apps/codeai/deployments/production/deploy + - uses: argocd-update config: - path: ./gitops/apps/codeai/deployments/production/values.yaml - updates: - - key: image - value: ghcr.io/code-dot-org/code-dot-org:${{ imageFrom("ghcr.io/code-dot-org/code-dot-org").Tag }} - - uses: git-commit - config: - path: ./gitops - message: | - Promote production to ${{ imageFrom("ghcr.io/code-dot-org/code-dot-org").Tag }} [skip ci] - - uses: git-push - config: - path: ./gitops + apps: + - name: codeai-production + sources: + - repoURL: ${{ vars.gitopsRepo }} + desiredRevision: ${{ outputs.gitops.commits.production }} diff --git a/apps/kargo-project-codeai/stages/review-infra-changes.yaml b/apps/kargo-project-codeai/stages/review-infra-changes.yaml new file mode 100644 index 0000000..f942775 --- /dev/null +++ b/apps/kargo-project-codeai/stages/review-infra-changes.yaml @@ -0,0 +1,98 @@ +apiVersion: kargo.akuity.io/v1alpha1 +kind: Stage +metadata: + name: review-infra-changes + namespace: kargo-project-codeai +spec: + requestedFreight: + - origin: + kind: Warehouse + name: kargo-project-codeai + sources: + stages: + - test + promotionTemplate: + spec: + vars: + - name: gitopsRepo + value: https://github.com/code-dot-org/k8s-gitops.git + - name: sourceRepo + value: https://github.com/code-dot-org/code-dot-org.git + - name: imageRepo + value: ghcr.io/code-dot-org/code-dot-org + - name: deployment + value: production + - name: envType + value: production + - name: namespace + value: production + - name: releaseName + value: production + - name: targetBranch + value: stage/production + - name: renderPath + value: ./out/apps/codeai/deployments/production/deploy/manifests.yaml + steps: + - uses: git-clone + config: + repoURL: ${{ vars.gitopsRepo }} + checkout: + - branch: main + path: ./meta + sparse: + - apps/codeai + - branch: ${{ vars.targetBranch }} + create: true + path: ./out + - uses: git-clone + config: + repoURL: ${{ vars.sourceRepo }} + checkout: + - commit: ${{ commitFrom(vars.sourceRepo).ID }} + path: ./src + sparse: + - k8s/helm + - uses: git-clear + config: + path: ./out + - uses: yaml-update + config: + path: ./meta/apps/codeai/deployments/${{ vars.deployment }}/values.yaml + updates: + - key: image + value: ${{ imageFrom(vars.imageRepo).RepoURL }}:${{ imageFrom(vars.imageRepo).Tag }} + - uses: helm-template + config: + path: ./src/k8s/helm + releaseName: ${{ vars.releaseName }} + namespace: ${{ vars.namespace }} + valuesFiles: + - ./meta/apps/codeai/envTypes/${{ vars.envType }}.values.yaml + - ./meta/apps/codeai/deployments/${{ vars.deployment }}/values.yaml + outPath: ${{ vars.renderPath }} + - uses: git-commit + as: commit + config: + path: ./out + message: | + Render production for ${{ commitFrom(vars.sourceRepo).ID }} with ${{ imageFrom(vars.imageRepo).Tag }} + - uses: git-push + as: push + config: + path: ./out + generateTargetBranch: true + - uses: git-open-pr + as: open-pr + config: + repoURL: ${{ vars.gitopsRepo }} + sourceBranch: ${{ outputs.push.branch }} + targetBranch: ${{ vars.targetBranch }} + createTargetBranch: true + title: Render production manifests for ${{ commitFrom(vars.sourceRepo).ID }} + description: | + Freight commit: ${{ commitFrom(vars.sourceRepo).ID }} + Image tag: ${{ imageFrom(vars.imageRepo).Tag }} + - uses: git-wait-for-pr + config: + repoURL: ${{ vars.gitopsRepo }} + prNumber: ${{ outputs.open-pr.pr.id }} diff --git a/apps/kargo-project-codeai/stages/staging.yaml b/apps/kargo-project-codeai/stages/staging.yaml index c986f62..2e998fb 100644 --- a/apps/kargo-project-codeai/stages/staging.yaml +++ b/apps/kargo-project-codeai/stages/staging.yaml @@ -15,24 +15,74 @@ spec: vars: - name: gitopsRepo value: https://github.com/code-dot-org/k8s-gitops.git + - name: sourceRepo + value: https://github.com/code-dot-org/code-dot-org.git + - name: imageRepo + value: ghcr.io/code-dot-org/code-dot-org + - name: deployment + value: staging + - name: envType + value: staging + - name: namespace + value: staging + - name: releaseName + value: staging + - name: targetBranch + value: stage/staging + - name: renderPath + value: ./out/apps/codeai/deployments/staging/deploy/manifests.yaml steps: - uses: git-clone config: repoURL: ${{ vars.gitopsRepo }} checkout: - branch: main - path: ./gitops + path: ./meta + sparse: + - apps/codeai + - branch: ${{ vars.targetBranch }} + create: true + path: ./out + - uses: git-clone + config: + repoURL: ${{ vars.sourceRepo }} + checkout: + - commit: ${{ commitFrom(vars.sourceRepo).ID }} + path: ./src + sparse: + - k8s/helm + - uses: git-clear + config: + path: ./out - uses: yaml-update config: - path: ./gitops/apps/codeai/deployments/staging/values.yaml + path: ./meta/apps/codeai/deployments/${{ vars.deployment }}/values.yaml updates: - key: image - value: ghcr.io/code-dot-org/code-dot-org:${{ imageFrom("ghcr.io/code-dot-org/code-dot-org").Tag }} + value: ${{ imageFrom(vars.imageRepo).RepoURL }}:${{ imageFrom(vars.imageRepo).Tag }} + - uses: helm-template + config: + path: ./src/k8s/helm + releaseName: ${{ vars.releaseName }} + namespace: ${{ vars.namespace }} + valuesFiles: + - ./meta/apps/codeai/envTypes/${{ vars.envType }}.values.yaml + - ./meta/apps/codeai/deployments/${{ vars.deployment }}/values.yaml + outPath: ${{ vars.renderPath }} - uses: git-commit + as: commit config: - path: ./gitops + path: ./out message: | - Promote staging to ${{ imageFrom("ghcr.io/code-dot-org/code-dot-org").Tag }} [skip ci] + Render staging for ${{ commitFrom(vars.sourceRepo).ID }} with ${{ imageFrom(vars.imageRepo).Tag }} - uses: git-push config: - path: ./gitops + path: ./out + targetBranch: ${{ vars.targetBranch }} + - uses: argocd-update + config: + apps: + - name: codeai-staging + sources: + - repoURL: ${{ vars.gitopsRepo }} + desiredRevision: ${{ outputs.commit.commit }} diff --git a/apps/kargo-project-codeai/stages/test.yaml b/apps/kargo-project-codeai/stages/test.yaml index c029450..6c81630 100644 --- a/apps/kargo-project-codeai/stages/test.yaml +++ b/apps/kargo-project-codeai/stages/test.yaml @@ -11,29 +11,89 @@ spec: sources: stages: - staging + verification: + analysisTemplates: + - name: codeai-test-rollout + args: + - name: namespace + value: test + - name: deployment + value: test-cdo-dashboard + - name: expected_image + value: ${{ imageFrom("ghcr.io/code-dot-org/code-dot-org").RepoURL }}:${{ imageFrom("ghcr.io/code-dot-org/code-dot-org").Tag }} promotionTemplate: spec: vars: - name: gitopsRepo value: https://github.com/code-dot-org/k8s-gitops.git + - name: sourceRepo + value: https://github.com/code-dot-org/code-dot-org.git + - name: imageRepo + value: ghcr.io/code-dot-org/code-dot-org + - name: deployment + value: test + - name: envType + value: test + - name: namespace + value: test + - name: releaseName + value: test + - name: targetBranch + value: stage/test + - name: renderPath + value: ./out/apps/codeai/deployments/test/deploy/manifests.yaml steps: - uses: git-clone config: repoURL: ${{ vars.gitopsRepo }} checkout: - branch: main - path: ./gitops + path: ./meta + sparse: + - apps/codeai + - branch: ${{ vars.targetBranch }} + create: true + path: ./out + - uses: git-clone + config: + repoURL: ${{ vars.sourceRepo }} + checkout: + - commit: ${{ commitFrom(vars.sourceRepo).ID }} + path: ./src + sparse: + - k8s/helm + - uses: git-clear + config: + path: ./out - uses: yaml-update config: - path: ./gitops/apps/codeai/deployments/test/values.yaml + path: ./meta/apps/codeai/deployments/${{ vars.deployment }}/values.yaml updates: - key: image - value: ghcr.io/code-dot-org/code-dot-org:${{ imageFrom("ghcr.io/code-dot-org/code-dot-org").Tag }} + value: ${{ imageFrom(vars.imageRepo).RepoURL }}:${{ imageFrom(vars.imageRepo).Tag }} + - uses: helm-template + config: + path: ./src/k8s/helm + releaseName: ${{ vars.releaseName }} + namespace: ${{ vars.namespace }} + valuesFiles: + - ./meta/apps/codeai/envTypes/${{ vars.envType }}.values.yaml + - ./meta/apps/codeai/deployments/${{ vars.deployment }}/values.yaml + outPath: ${{ vars.renderPath }} - uses: git-commit + as: commit config: - path: ./gitops + path: ./out message: | - Promote test to ${{ imageFrom("ghcr.io/code-dot-org/code-dot-org").Tag }} [skip ci] + Render test for ${{ commitFrom(vars.sourceRepo).ID }} with ${{ imageFrom(vars.imageRepo).Tag }} - uses: git-push config: - path: ./gitops + path: ./out + targetBranch: ${{ vars.targetBranch }} + - uses: argocd-update + config: + apps: + - name: codeai-test + sources: + - repoURL: ${{ vars.gitopsRepo }} + desiredRevision: ${{ outputs.commit.commit }} diff --git a/apps/kargo-project-codeai/test-rollout-analysis-template.yaml b/apps/kargo-project-codeai/test-rollout-analysis-template.yaml new file mode 100644 index 0000000..034753c --- /dev/null +++ b/apps/kargo-project-codeai/test-rollout-analysis-template.yaml @@ -0,0 +1,32 @@ +apiVersion: argoproj.io/v1alpha1 +kind: AnalysisTemplate +metadata: + name: codeai-test-rollout + namespace: kargo-project-codeai +spec: + args: + - name: namespace + - name: deployment + - name: expected_image + metrics: + - name: rollout-and-image-match + successCondition: result == "ok" + failureLimit: 1 + provider: + job: + spec: + backoffLimit: 0 + template: + spec: + restartPolicy: Never + containers: + - name: verify + image: bitnami/kubectl:1.33.1 + command: + - sh + - -ceu + - | + kubectl -n "{{args.namespace}}" rollout status deployment/"{{args.deployment}}" --timeout=10m + actual_image="$(kubectl -n "{{args.namespace}}" get deployment "{{args.deployment}}" -o jsonpath='{.spec.template.spec.containers[?(@.name=="dashboard")].image}')" + test "$actual_image" = "{{args.expected_image}}" + printf 'ok' diff --git a/apps/kargo-project-codeai/warehouse.yaml b/apps/kargo-project-codeai/warehouse.yaml index ff9ebe0..3318eca 100644 --- a/apps/kargo-project-codeai/warehouse.yaml +++ b/apps/kargo-project-codeai/warehouse.yaml @@ -4,10 +4,17 @@ metadata: name: kargo-project-codeai namespace: kargo-project-codeai spec: + freightCreationPolicy: Automatic subscriptions: - image: repoURL: ghcr.io/code-dot-org/code-dot-org - ignoreTagsRegexes: - # Ignore single-platform images when we have a multiplatform option - - '.*-amd64$' - - '.*-arm64$' + allowTagsRegexes: + - ^git-[0-9a-f]{40}$ + - git: + repoURL: https://github.com/code-dot-org/code-dot-org.git + branch: staging + commitSelectionStrategy: NewestFromBranch + freightCreationCriteria: + expression: | + imageFrom('ghcr.io/code-dot-org/code-dot-org').Tag == + 'git-' + commitFrom('https://github.com/code-dot-org/code-dot-org.git').ID From 6973359927da70887c91fb24ffe4d9fee4a9479d Mon Sep 17 00:00:00 2001 From: Seth Nickell Date: Sun, 22 Mar 2026 21:57:25 -1000 Subject: [PATCH 2/4] CODE REVIEWED & FIXED --- apps/codeai-production/application.yaml | 24 ++++++++++++++++++++++++ apps/codeai/README.md | 10 ++++++++-- apps/codeai/applicationset.yaml | 1 - 3 files changed, 32 insertions(+), 3 deletions(-) create mode 100644 apps/codeai-production/application.yaml diff --git a/apps/codeai-production/application.yaml b/apps/codeai-production/application.yaml new file mode 100644 index 0000000..9df2213 --- /dev/null +++ b/apps/codeai-production/application.yaml @@ -0,0 +1,24 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: codeai-production + namespace: argocd + annotations: + kargo.akuity.io/authorized-stage: kargo-project-codeai:production + labels: + app.kubernetes.io/managed-by: kargo + kargo.akuity.io/project: kargo-project-codeai +spec: + project: default + source: + repoURL: https://github.com/code-dot-org/k8s-gitops.git + targetRevision: stage/production + path: apps/codeai/deployments/production/deploy + directory: + recurse: true + destination: + server: https://kubernetes.default.svc + namespace: production + syncPolicy: + syncOptions: + - ServerSideApply=true diff --git a/apps/codeai/README.md b/apps/codeai/README.md index 26a2391..298bbab 100644 --- a/apps/codeai/README.md +++ b/apps/codeai/README.md @@ -3,9 +3,15 @@ CodeAI now uses rendered stage branches. - `main` keeps deployment metadata and env policy under `apps/codeai/`. - Kargo renders manifests from the promoted `code-dot-org` commit plus the matching immutable image tag. -- Argo CD deploys those rendered manifests from `stage/staging`, - `stage/test`, `stage/levelbuilder`, and `stage/production`. +- Argo CD deploys `staging`, `test`, and `levelbuilder` from the auto-syncing + `codeai` `ApplicationSet`. +- `codeai-production` is a separate Argo CD `Application` with no automated + sync so the Kargo `production` stage remains the deploy gate after review. - No synthetic `warehouses/codeai/` release record is written back into `k8s-gitops`. +- Before merging the Argo cutover to rendered branches, seed + `stage/staging`, `stage/test`, `stage/levelbuilder`, and `stage/production`. + Those refs are remote rollout state; the repo cannot declare them into + existence on its own. The `k8s-adhoc` deployment remains outside this rendered-branch flow. diff --git a/apps/codeai/applicationset.yaml b/apps/codeai/applicationset.yaml index 4bb0bfa..a79c4f0 100644 --- a/apps/codeai/applicationset.yaml +++ b/apps/codeai/applicationset.yaml @@ -12,7 +12,6 @@ spec: - path: apps/codeai/deployments/staging/deployment.yaml - path: apps/codeai/deployments/test/deployment.yaml - path: apps/codeai/deployments/levelbuilder/deployment.yaml - - path: apps/codeai/deployments/production/deployment.yaml template: metadata: name: codeai-{{path.basename}} From d1570753283ee8f6952702c411aca2a5ae2be7ec Mon Sep 17 00:00:00 2001 From: Seth Nickell Date: Mon, 23 Mar 2026 00:38:31 -1000 Subject: [PATCH 3/4] Skip empty production review PRs --- apps/kargo-project-codeai/stages/review-infra-changes.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/apps/kargo-project-codeai/stages/review-infra-changes.yaml b/apps/kargo-project-codeai/stages/review-infra-changes.yaml index f942775..94bfdc2 100644 --- a/apps/kargo-project-codeai/stages/review-infra-changes.yaml +++ b/apps/kargo-project-codeai/stages/review-infra-changes.yaml @@ -34,6 +34,7 @@ spec: value: ./out/apps/codeai/deployments/production/deploy/manifests.yaml steps: - uses: git-clone + as: gitops config: repoURL: ${{ vars.gitopsRepo }} checkout: @@ -42,6 +43,7 @@ spec: sparse: - apps/codeai - branch: ${{ vars.targetBranch }} + as: production create: true path: ./out - uses: git-clone @@ -77,11 +79,13 @@ spec: message: | Render production for ${{ commitFrom(vars.sourceRepo).ID }} with ${{ imageFrom(vars.imageRepo).Tag }} - uses: git-push + if: ${{ outputs.commit.commit != outputs.gitops.commits.production }} as: push config: path: ./out generateTargetBranch: true - uses: git-open-pr + if: ${{ outputs.commit.commit != outputs.gitops.commits.production }} as: open-pr config: repoURL: ${{ vars.gitopsRepo }} @@ -93,6 +97,7 @@ spec: Freight commit: ${{ commitFrom(vars.sourceRepo).ID }} Image tag: ${{ imageFrom(vars.imageRepo).Tag }} - uses: git-wait-for-pr + if: ${{ outputs.commit.commit != outputs.gitops.commits.production }} config: repoURL: ${{ vars.gitopsRepo }} prNumber: ${{ outputs.open-pr.pr.id }} From def1ebff6f0840dba00c2f05d470fbfec01f3d44 Mon Sep 17 00:00:00 2001 From: Seth Nickell Date: Mon, 23 Mar 2026 01:12:00 -1000 Subject: [PATCH 4/4] Add legacy gitflow promotion gate --- .../stages/levelbuilder.yaml | 17 +++++++++++++++++ .../stages/review-infra-changes.yaml | 17 +++++++++++++++++ apps/kargo-project-codeai/stages/test.yaml | 17 +++++++++++++++++ 3 files changed, 51 insertions(+) diff --git a/apps/kargo-project-codeai/stages/levelbuilder.yaml b/apps/kargo-project-codeai/stages/levelbuilder.yaml index 6d10eb0..8705151 100644 --- a/apps/kargo-project-codeai/stages/levelbuilder.yaml +++ b/apps/kargo-project-codeai/stages/levelbuilder.yaml @@ -20,6 +20,8 @@ spec: value: https://github.com/code-dot-org/code-dot-org.git - name: imageRepo value: ghcr.io/code-dot-org/code-dot-org + - name: legacyEnv + value: levelbuilder - name: deployment value: levelbuilder - name: envType @@ -41,9 +43,24 @@ spec: path: ./meta sparse: - apps/codeai + - branch: main + path: ./gate + sparse: + - warehouses/codeai/legacy-gitflow/levelbuilder/merged - branch: ${{ vars.targetBranch }} create: true path: ./out + - uses: yaml-parse + as: legacy-gate + config: + path: ./gate/warehouses/codeai/legacy-gitflow/${{ vars.legacyEnv }}/merged/${{ imageFrom(vars.imageRepo).Tag }}.yaml + outputs: + - name: revision + fromExpression: revision + - name: tag + fromExpression: tag + - name: mergedAt + fromExpression: mergedAt - uses: git-clone config: repoURL: ${{ vars.sourceRepo }} diff --git a/apps/kargo-project-codeai/stages/review-infra-changes.yaml b/apps/kargo-project-codeai/stages/review-infra-changes.yaml index 94bfdc2..0f4d23d 100644 --- a/apps/kargo-project-codeai/stages/review-infra-changes.yaml +++ b/apps/kargo-project-codeai/stages/review-infra-changes.yaml @@ -20,6 +20,8 @@ spec: value: https://github.com/code-dot-org/code-dot-org.git - name: imageRepo value: ghcr.io/code-dot-org/code-dot-org + - name: legacyEnv + value: production - name: deployment value: production - name: envType @@ -42,10 +44,25 @@ spec: path: ./meta sparse: - apps/codeai + - branch: main + path: ./gate + sparse: + - warehouses/codeai/legacy-gitflow/production/merged - branch: ${{ vars.targetBranch }} as: production create: true path: ./out + - uses: yaml-parse + as: legacy-gate + config: + path: ./gate/warehouses/codeai/legacy-gitflow/${{ vars.legacyEnv }}/merged/${{ imageFrom(vars.imageRepo).Tag }}.yaml + outputs: + - name: revision + fromExpression: revision + - name: tag + fromExpression: tag + - name: mergedAt + fromExpression: mergedAt - uses: git-clone config: repoURL: ${{ vars.sourceRepo }} diff --git a/apps/kargo-project-codeai/stages/test.yaml b/apps/kargo-project-codeai/stages/test.yaml index 6c81630..c2ba1ff 100644 --- a/apps/kargo-project-codeai/stages/test.yaml +++ b/apps/kargo-project-codeai/stages/test.yaml @@ -30,6 +30,8 @@ spec: value: https://github.com/code-dot-org/code-dot-org.git - name: imageRepo value: ghcr.io/code-dot-org/code-dot-org + - name: legacyEnv + value: test - name: deployment value: test - name: envType @@ -51,9 +53,24 @@ spec: path: ./meta sparse: - apps/codeai + - branch: main + path: ./gate + sparse: + - warehouses/codeai/legacy-gitflow/test/merged - branch: ${{ vars.targetBranch }} create: true path: ./out + - uses: yaml-parse + as: legacy-gate + config: + path: ./gate/warehouses/codeai/legacy-gitflow/${{ vars.legacyEnv }}/merged/${{ imageFrom(vars.imageRepo).Tag }}.yaml + outputs: + - name: revision + fromExpression: revision + - name: tag + fromExpression: tag + - name: mergedAt + fromExpression: mergedAt - uses: git-clone config: repoURL: ${{ vars.sourceRepo }}