From 661ae754d4b68ea28f396babf9cbb8b7f7db6e66 Mon Sep 17 00:00:00 2001 From: Seth Nickell Date: Sun, 22 Mar 2026 21:02:23 -1000 Subject: [PATCH 1/3] Switch CodeAI GitOps to thin-lock Kustomize wrappers --- apps/codeai/README.md | 11 ++- apps/codeai/applicationset.yaml | 10 +- .../k8s-adhoc/deploy/kustomization.yaml | 11 +++ .../deployments/k8s-adhoc/deployment.yaml | 1 - .../levelbuilder/deploy/kustomization.yaml | 11 +++ .../deployments/levelbuilder/deployment.yaml | 2 + .../production/deploy/kustomization.yaml | 11 +++ .../deployments/production/deployment.yaml | 2 + .../staging/deploy/kustomization.yaml | 11 +++ .../deployments/staging/deployment.yaml | 1 - .../test/deploy/kustomization.yaml | 11 +++ apps/codeai/deployments/test/deployment.yaml | 3 - .../levelbuilder/deployment.patch.yaml | 1 - .../envTypes/levelbuilder/kustomization.yaml | 5 +- .../envTypes/production/kustomization.yaml | 5 +- .../envTypes/staging/deployment.patch.yaml | 1 - .../envTypes/staging/kustomization.yaml | 5 +- apps/codeai/envTypes/test/kustomization.yaml | 5 +- apps/kargo-project-codeai/project-config.yaml | 6 +- .../stages/levelbuilder.yaml | 63 ++++++++++-- .../stages/production.yaml | 65 ++++++++++-- .../stages/review-infra-changes.yaml | 98 +++++++++++++++++++ apps/kargo-project-codeai/stages/staging.yaml | 48 +++++++-- apps/kargo-project-codeai/stages/test.yaml | 63 ++++++++++-- apps/kargo-project-codeai/warehouse.yaml | 13 ++- 25 files changed, 400 insertions(+), 63 deletions(-) create mode 100644 apps/codeai/deployments/k8s-adhoc/deploy/kustomization.yaml create mode 100644 apps/codeai/deployments/levelbuilder/deploy/kustomization.yaml create mode 100644 apps/codeai/deployments/levelbuilder/deployment.yaml create mode 100644 apps/codeai/deployments/production/deploy/kustomization.yaml create mode 100644 apps/codeai/deployments/production/deployment.yaml create mode 100644 apps/codeai/deployments/staging/deploy/kustomization.yaml create mode 100644 apps/codeai/deployments/test/deploy/kustomization.yaml create mode 100644 apps/kargo-project-codeai/stages/review-infra-changes.yaml diff --git a/apps/codeai/README.md b/apps/codeai/README.md index 594080a..4fa0ff4 100644 --- a/apps/codeai/README.md +++ b/apps/codeai/README.md @@ -1,3 +1,12 @@ This app's deployment definitions live under `deployments/`. -Docker image tag writeback is done by the GitHub Actions workflow [`k8s-commit-image-ref-to-argocd.yml`](https://github.com/code-dot-org/code-dot-org/blob/staging/.github/workflows/k8s-commit-image-ref-to-argocd.yml). +Each deployment now has: + +- `deployment.yaml`: metadata only, currently `envType` and `namespace` +- `deploy/kustomization.yaml`: the machine-owned wrapper that pins the remote + `code-dot-org//k8s/kustomize/base` path to an exact commit and rewrites the + immutable image tag + +Release metadata writeback is done by the GitHub Actions workflow +[`k8s-commit-image-ref-to-argocd.yml`](https://github.com/code-dot-org/code-dot-org/blob/staging/.github/workflows/k8s-commit-image-ref-to-argocd.yml), +which writes thin build-lock records under `warehouses/codeai/`. diff --git a/apps/codeai/applicationset.yaml b/apps/codeai/applicationset.yaml index e367ef9..17af9d5 100644 --- a/apps/codeai/applicationset.yaml +++ b/apps/codeai/applicationset.yaml @@ -19,17 +19,9 @@ spec: spec: project: default sources: - - repoURL: https://github.com/code-dot-org/code-dot-org.git - targetRevision: '{{sourceRevision}}' - path: k8s/helm - helm: - releaseName: '{{path.basename}}' - valueFiles: - - $values/apps/codeai/envTypes/{{envType}}.values.yaml - - $values/apps/codeai/deployments/{{path.basename}}/values.yaml - repoURL: https://github.com/code-dot-org/k8s-gitops.git targetRevision: main - ref: values + path: apps/codeai/deployments/{{path.basename}}/deploy destination: server: https://kubernetes.default.svc namespace: '{{namespace}}' diff --git a/apps/codeai/deployments/k8s-adhoc/deploy/kustomization.yaml b/apps/codeai/deployments/k8s-adhoc/deploy/kustomization.yaml new file mode 100644 index 0000000..b46fe15 --- /dev/null +++ b/apps/codeai/deployments/k8s-adhoc/deploy/kustomization.yaml @@ -0,0 +1,11 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: adhoc-k8s-adhoc +resources: + - github.com/code-dot-org/code-dot-org//k8s/kustomize/base?ref=f33f9d20923c25a03e9e6da746f076c3ee4bb79d +components: + - ../../envTypes/staging +images: + - name: code-dot-org + newName: ghcr.io/code-dot-org/code-dot-org + newTag: git-f33f9d20923c25a03e9e6da746f076c3ee4bb79d diff --git a/apps/codeai/deployments/k8s-adhoc/deployment.yaml b/apps/codeai/deployments/k8s-adhoc/deployment.yaml index c1e65bc..210e9dc 100644 --- a/apps/codeai/deployments/k8s-adhoc/deployment.yaml +++ b/apps/codeai/deployments/k8s-adhoc/deployment.yaml @@ -1,3 +1,2 @@ envType: staging namespace: adhoc-k8s-adhoc -branch: k8s/adhoc diff --git a/apps/codeai/deployments/levelbuilder/deploy/kustomization.yaml b/apps/codeai/deployments/levelbuilder/deploy/kustomization.yaml new file mode 100644 index 0000000..a43decf --- /dev/null +++ b/apps/codeai/deployments/levelbuilder/deploy/kustomization.yaml @@ -0,0 +1,11 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: levelbuilder +resources: + - github.com/code-dot-org/code-dot-org//k8s/kustomize/base?ref=f33f9d20923c25a03e9e6da746f076c3ee4bb79d +components: + - ../../envTypes/levelbuilder +images: + - name: code-dot-org + newName: ghcr.io/code-dot-org/code-dot-org + newTag: git-f33f9d20923c25a03e9e6da746f076c3ee4bb79d diff --git a/apps/codeai/deployments/levelbuilder/deployment.yaml b/apps/codeai/deployments/levelbuilder/deployment.yaml new file mode 100644 index 0000000..2458871 --- /dev/null +++ b/apps/codeai/deployments/levelbuilder/deployment.yaml @@ -0,0 +1,2 @@ +envType: levelbuilder +namespace: levelbuilder diff --git a/apps/codeai/deployments/production/deploy/kustomization.yaml b/apps/codeai/deployments/production/deploy/kustomization.yaml new file mode 100644 index 0000000..0cf9347 --- /dev/null +++ b/apps/codeai/deployments/production/deploy/kustomization.yaml @@ -0,0 +1,11 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: production +resources: + - github.com/code-dot-org/code-dot-org//k8s/kustomize/base?ref=f33f9d20923c25a03e9e6da746f076c3ee4bb79d +components: + - ../../envTypes/production +images: + - name: code-dot-org + newName: ghcr.io/code-dot-org/code-dot-org + newTag: git-f33f9d20923c25a03e9e6da746f076c3ee4bb79d diff --git a/apps/codeai/deployments/production/deployment.yaml b/apps/codeai/deployments/production/deployment.yaml new file mode 100644 index 0000000..5009269 --- /dev/null +++ b/apps/codeai/deployments/production/deployment.yaml @@ -0,0 +1,2 @@ +envType: production +namespace: production diff --git a/apps/codeai/deployments/staging/deploy/kustomization.yaml b/apps/codeai/deployments/staging/deploy/kustomization.yaml new file mode 100644 index 0000000..3ffc1dd --- /dev/null +++ b/apps/codeai/deployments/staging/deploy/kustomization.yaml @@ -0,0 +1,11 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: staging +resources: + - github.com/code-dot-org/code-dot-org//k8s/kustomize/base?ref=f33f9d20923c25a03e9e6da746f076c3ee4bb79d +components: + - ../../envTypes/staging +images: + - name: code-dot-org + newName: ghcr.io/code-dot-org/code-dot-org + newTag: git-f33f9d20923c25a03e9e6da746f076c3ee4bb79d diff --git a/apps/codeai/deployments/staging/deployment.yaml b/apps/codeai/deployments/staging/deployment.yaml index 30b6df2..5ca0295 100644 --- a/apps/codeai/deployments/staging/deployment.yaml +++ b/apps/codeai/deployments/staging/deployment.yaml @@ -1,3 +1,2 @@ envType: staging namespace: staging -branch: staging diff --git a/apps/codeai/deployments/test/deploy/kustomization.yaml b/apps/codeai/deployments/test/deploy/kustomization.yaml new file mode 100644 index 0000000..9a05a3d --- /dev/null +++ b/apps/codeai/deployments/test/deploy/kustomization.yaml @@ -0,0 +1,11 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: test +resources: + - github.com/code-dot-org/code-dot-org//k8s/kustomize/base?ref=f33f9d20923c25a03e9e6da746f076c3ee4bb79d +components: + - ../../envTypes/test +images: + - name: code-dot-org + newName: ghcr.io/code-dot-org/code-dot-org + newTag: git-f33f9d20923c25a03e9e6da746f076c3ee4bb79d diff --git a/apps/codeai/deployments/test/deployment.yaml b/apps/codeai/deployments/test/deployment.yaml index 2539d0c..089b285 100644 --- a/apps/codeai/deployments/test/deployment.yaml +++ b/apps/codeai/deployments/test/deployment.yaml @@ -1,5 +1,2 @@ envType: test namespace: test -# FIXME: for quicker testing, avoid waiting on DTTs and DTPs, let alone DTLs. -# branch: test -branch: staging diff --git a/apps/codeai/envTypes/levelbuilder/deployment.patch.yaml b/apps/codeai/envTypes/levelbuilder/deployment.patch.yaml index f4ddeb8..4039121 100644 --- a/apps/codeai/envTypes/levelbuilder/deployment.patch.yaml +++ b/apps/codeai/envTypes/levelbuilder/deployment.patch.yaml @@ -7,7 +7,6 @@ spec: spec: containers: - name: dashboard - image: ghcr.io/code-dot-org/code-dot-org:replace-me env: - name: RAILS_ENV value: levelbuilder diff --git a/apps/codeai/envTypes/levelbuilder/kustomization.yaml b/apps/codeai/envTypes/levelbuilder/kustomization.yaml index 1aeb2d5..26e1b95 100644 --- a/apps/codeai/envTypes/levelbuilder/kustomization.yaml +++ b/apps/codeai/envTypes/levelbuilder/kustomization.yaml @@ -9,6 +9,5 @@ labels: includeTemplates: true patches: - path: deployment.patch.yaml - # TODO: enable these when gitops envType values start setting dashboard_workers again. - # - path: locals.yml.patch.yaml - # - path: deployment.resources.patch.yaml + - path: locals.yml.patch.yaml + - path: deployment.resources.patch.yaml diff --git a/apps/codeai/envTypes/production/kustomization.yaml b/apps/codeai/envTypes/production/kustomization.yaml index 9c0a60c..db2a906 100644 --- a/apps/codeai/envTypes/production/kustomization.yaml +++ b/apps/codeai/envTypes/production/kustomization.yaml @@ -11,6 +11,5 @@ labels: includeTemplates: true patches: - path: deployment.patch.yaml - # TODO: enable these when gitops envType values start setting dashboard_workers again. - # - path: locals.yml.patch.yaml - # - path: deployment.resources.patch.yaml + - path: locals.yml.patch.yaml + - path: deployment.resources.patch.yaml diff --git a/apps/codeai/envTypes/staging/deployment.patch.yaml b/apps/codeai/envTypes/staging/deployment.patch.yaml index 47a3a9b..84baadc 100644 --- a/apps/codeai/envTypes/staging/deployment.patch.yaml +++ b/apps/codeai/envTypes/staging/deployment.patch.yaml @@ -7,7 +7,6 @@ spec: spec: containers: - name: dashboard - image: ghcr.io/code-dot-org/code-dot-org:replace-me env: - name: RAILS_ENV value: staging diff --git a/apps/codeai/envTypes/staging/kustomization.yaml b/apps/codeai/envTypes/staging/kustomization.yaml index dd52134..5f1512c 100644 --- a/apps/codeai/envTypes/staging/kustomization.yaml +++ b/apps/codeai/envTypes/staging/kustomization.yaml @@ -9,6 +9,5 @@ labels: includeTemplates: true patches: - path: deployment.patch.yaml - # TODO: enable these when gitops envType values start setting dashboard_workers again. - # - path: locals.yml.patch.yaml - # - path: deployment.resources.patch.yaml + - path: locals.yml.patch.yaml + - path: deployment.resources.patch.yaml diff --git a/apps/codeai/envTypes/test/kustomization.yaml b/apps/codeai/envTypes/test/kustomization.yaml index 1f434ef..6ce2910 100644 --- a/apps/codeai/envTypes/test/kustomization.yaml +++ b/apps/codeai/envTypes/test/kustomization.yaml @@ -9,6 +9,5 @@ labels: includeTemplates: true patches: - path: deployment.patch.yaml - # TODO: enable these when gitops envType values start setting dashboard_workers again. - # - path: locals.yml.patch.yaml - # - path: deployment.resources.patch.yaml + - path: locals.yml.patch.yaml + - path: deployment.resources.patch.yaml diff --git a/apps/kargo-project-codeai/project-config.yaml b/apps/kargo-project-codeai/project-config.yaml index a303851..de77915 100644 --- a/apps/kargo-project-codeai/project-config.yaml +++ b/apps/kargo-project-codeai/project-config.yaml @@ -9,7 +9,9 @@ spec: autoPromotionEnabled: true - stage: test autoPromotionEnabled: false - - stage: production - autoPromotionEnabled: false - stage: levelbuilder autoPromotionEnabled: false + - stage: review-infra-changes + autoPromotionEnabled: false + - stage: production + autoPromotionEnabled: false diff --git a/apps/kargo-project-codeai/stages/levelbuilder.yaml b/apps/kargo-project-codeai/stages/levelbuilder.yaml index 305d668..8a75fb7 100644 --- a/apps/kargo-project-codeai/stages/levelbuilder.yaml +++ b/apps/kargo-project-codeai/stages/levelbuilder.yaml @@ -7,7 +7,7 @@ spec: requestedFreight: - origin: kind: Warehouse - name: kargo-project-codeai + name: codeai-builds sources: stages: - test @@ -16,24 +16,75 @@ spec: vars: - name: gitopsRepo value: https://github.com/code-dot-org/k8s-gitops.git + - name: legacyEnv + value: levelbuilder steps: - uses: git-clone config: repoURL: ${{ vars.gitopsRepo }} checkout: + - commit: ${{ commitFrom('https://github.com/code-dot-org/k8s-gitops.git', warehouse('codeai-builds').ID) }} + path: ./freight + - branch: main + path: ./gate - branch: main path: ./gitops + - uses: yaml-parse + as: build-lock + config: + path: ./freight/warehouses/codeai/builds/current.yaml + outputs: + - name: releaseId + fromExpression: releaseId + - name: gitCommit + fromExpression: gitCommit + - name: packagingKind + fromExpression: packaging.kind + - name: sourcePath + fromExpression: packaging.sourcePath + - uses: yaml-parse + as: legacy-merge + config: + path: ./gate/warehouses/codeai/legacy-gitflow/${{ vars.legacyEnv }}/merged/${{ outputs['build-lock'].releaseId }}.yaml + outputs: + - name: revision + fromExpression: revision + - name: tag + fromExpression: tag + - name: mergedAt + fromExpression: mergedAt + - uses: yaml-parse + as: deployment-meta + config: + path: ./gitops/apps/codeai/deployments/levelbuilder/deployment.yaml + outputs: + - name: envType + fromExpression: envType + - name: namespace + fromExpression: namespace - uses: yaml-update config: - path: ./gitops/apps/codeai/deployments/levelbuilder/values.yaml + path: ./gitops/apps/codeai/deployments/levelbuilder/deploy/kustomization.yaml updates: - - key: image - value: ghcr.io/code-dot-org/code-dot-org:${{ imageFrom("ghcr.io/code-dot-org/code-dot-org").Tag }} + - key: namespace + value: ${{ outputs['deployment-meta'].namespace }} + - key: resources + value: + - github.com/code-dot-org/code-dot-org//k8s/kustomize/base?ref=${{ outputs['build-lock'].gitCommit }} + - key: components + value: + - ../../envTypes/${{ outputs['deployment-meta'].envType }} + - uses: kustomize-set-image + config: + path: ./gitops/apps/codeai/deployments/levelbuilder/deploy + images: + - image: code-dot-org + newName: ghcr.io/code-dot-org/code-dot-org + tag: ${{ outputs['build-lock'].releaseId }} - uses: git-commit config: path: ./gitops - message: | - Promote levelbuilder to ${{ imageFrom("ghcr.io/code-dot-org/code-dot-org").Tag }} [skip ci] + message: Promote levelbuilder deploy to ${{ outputs['build-lock'].releaseId }} [skip ci] - uses: git-push config: path: ./gitops diff --git a/apps/kargo-project-codeai/stages/production.yaml b/apps/kargo-project-codeai/stages/production.yaml index eac25f5..a80eac6 100644 --- a/apps/kargo-project-codeai/stages/production.yaml +++ b/apps/kargo-project-codeai/stages/production.yaml @@ -7,33 +7,84 @@ spec: requestedFreight: - origin: kind: Warehouse - name: kargo-project-codeai + name: codeai-builds sources: stages: - - test + - review-infra-changes promotionTemplate: spec: vars: - name: gitopsRepo value: https://github.com/code-dot-org/k8s-gitops.git + - name: legacyEnv + value: production steps: - uses: git-clone config: repoURL: ${{ vars.gitopsRepo }} checkout: + - commit: ${{ commitFrom('https://github.com/code-dot-org/k8s-gitops.git', warehouse('codeai-builds').ID) }} + path: ./freight + - branch: main + path: ./gate - branch: main path: ./gitops + - uses: yaml-parse + as: build-lock + config: + path: ./freight/warehouses/codeai/builds/current.yaml + outputs: + - name: releaseId + fromExpression: releaseId + - name: gitCommit + fromExpression: gitCommit + - name: packagingKind + fromExpression: packaging.kind + - name: sourcePath + fromExpression: packaging.sourcePath + - uses: yaml-parse + as: legacy-merge + config: + path: ./gate/warehouses/codeai/legacy-gitflow/${{ vars.legacyEnv }}/merged/${{ outputs['build-lock'].releaseId }}.yaml + outputs: + - name: revision + fromExpression: revision + - name: tag + fromExpression: tag + - name: mergedAt + fromExpression: mergedAt + - uses: yaml-parse + as: deployment-meta + config: + path: ./gitops/apps/codeai/deployments/production/deployment.yaml + outputs: + - name: envType + fromExpression: envType + - name: namespace + fromExpression: namespace - uses: yaml-update config: - path: ./gitops/apps/codeai/deployments/production/values.yaml + path: ./gitops/apps/codeai/deployments/production/deploy/kustomization.yaml updates: - - key: image - value: ghcr.io/code-dot-org/code-dot-org:${{ imageFrom("ghcr.io/code-dot-org/code-dot-org").Tag }} + - key: namespace + value: ${{ outputs['deployment-meta'].namespace }} + - key: resources + value: + - github.com/code-dot-org/code-dot-org//k8s/kustomize/base?ref=${{ outputs['build-lock'].gitCommit }} + - key: components + value: + - ../../envTypes/${{ outputs['deployment-meta'].envType }} + - uses: kustomize-set-image + config: + path: ./gitops/apps/codeai/deployments/production/deploy + images: + - image: code-dot-org + newName: ghcr.io/code-dot-org/code-dot-org + tag: ${{ outputs['build-lock'].releaseId }} - uses: git-commit config: path: ./gitops - message: | - Promote production to ${{ imageFrom("ghcr.io/code-dot-org/code-dot-org").Tag }} [skip ci] + message: Promote production deploy to ${{ outputs['build-lock'].releaseId }} [skip ci] - uses: git-push config: path: ./gitops diff --git a/apps/kargo-project-codeai/stages/review-infra-changes.yaml b/apps/kargo-project-codeai/stages/review-infra-changes.yaml new file mode 100644 index 0000000..3d37593 --- /dev/null +++ b/apps/kargo-project-codeai/stages/review-infra-changes.yaml @@ -0,0 +1,98 @@ +apiVersion: kargo.akuity.io/v1alpha1 +kind: Stage +metadata: + name: review-infra-changes + namespace: kargo-project-codeai +spec: + requestedFreight: + - origin: + kind: Warehouse + name: codeai-builds + sources: + stages: + - test + promotionTemplate: + spec: + vars: + - name: gitopsRepo + value: https://github.com/code-dot-org/k8s-gitops.git + - name: legacyEnv + value: production + steps: + - uses: git-clone + config: + repoURL: ${{ vars.gitopsRepo }} + checkout: + - commit: ${{ commitFrom('https://github.com/code-dot-org/k8s-gitops.git', warehouse('codeai-builds').ID) }} + path: ./freight + - branch: main + path: ./gate + - branch: main + path: ./gitops + - uses: yaml-parse + as: build-lock + config: + path: ./freight/warehouses/codeai/builds/current.yaml + outputs: + - name: releaseId + fromExpression: releaseId + - name: gitCommit + fromExpression: gitCommit + - name: packagingKind + fromExpression: packaging.kind + - name: sourcePath + fromExpression: packaging.sourcePath + - uses: yaml-parse + as: legacy-merge + config: + path: ./gate/warehouses/codeai/legacy-gitflow/${{ vars.legacyEnv }}/merged/${{ outputs['build-lock'].releaseId }}.yaml + outputs: + - name: revision + fromExpression: revision + - name: tag + fromExpression: tag + - name: mergedAt + fromExpression: mergedAt + - uses: yaml-parse + as: deployment-meta + config: + path: ./gitops/apps/codeai/deployments/production/deployment.yaml + outputs: + - name: envType + fromExpression: envType + - name: namespace + fromExpression: namespace + - uses: yaml-update + config: + path: ./gitops/apps/codeai/deployments/production/deploy/kustomization.yaml + updates: + - key: namespace + value: ${{ outputs['deployment-meta'].namespace }} + - key: resources + value: + - github.com/code-dot-org/code-dot-org//k8s/kustomize/base?ref=${{ outputs['build-lock'].gitCommit }} + - key: components + value: + - ../../envTypes/${{ outputs['deployment-meta'].envType }} + - uses: kustomize-set-image + config: + path: ./gitops/apps/codeai/deployments/production/deploy + images: + - image: code-dot-org + newName: ghcr.io/code-dot-org/code-dot-org + tag: ${{ outputs['build-lock'].releaseId }} + - uses: git-commit + config: + path: ./gitops + message: Review production deploy update for ${{ outputs['build-lock'].releaseId }} [skip ci] + - uses: git-push + as: push + config: + path: ./gitops + generateTargetBranch: true + - uses: git-open-pr + config: + repoURL: https://github.com/code-dot-org/k8s-gitops.git + sourceBranch: ${{ outputs.push.branch }} + targetBranch: main + title: Review CodeAI production deploy for ${{ outputs['build-lock'].releaseId }} diff --git a/apps/kargo-project-codeai/stages/staging.yaml b/apps/kargo-project-codeai/stages/staging.yaml index c986f62..e853f96 100644 --- a/apps/kargo-project-codeai/stages/staging.yaml +++ b/apps/kargo-project-codeai/stages/staging.yaml @@ -7,7 +7,7 @@ spec: requestedFreight: - origin: kind: Warehouse - name: kargo-project-codeai + name: codeai-builds sources: direct: true promotionTemplate: @@ -20,19 +20,55 @@ spec: config: repoURL: ${{ vars.gitopsRepo }} checkout: + - commit: ${{ commitFrom('https://github.com/code-dot-org/k8s-gitops.git', warehouse('codeai-builds').ID) }} + path: ./freight - branch: main path: ./gitops + - uses: yaml-parse + as: build-lock + config: + path: ./freight/warehouses/codeai/builds/current.yaml + outputs: + - name: releaseId + fromExpression: releaseId + - name: gitCommit + fromExpression: gitCommit + - name: packagingKind + fromExpression: packaging.kind + - name: sourcePath + fromExpression: packaging.sourcePath + - uses: yaml-parse + as: deployment-meta + config: + path: ./gitops/apps/codeai/deployments/staging/deployment.yaml + outputs: + - name: envType + fromExpression: envType + - name: namespace + fromExpression: namespace - uses: yaml-update config: - path: ./gitops/apps/codeai/deployments/staging/values.yaml + path: ./gitops/apps/codeai/deployments/staging/deploy/kustomization.yaml updates: - - key: image - value: ghcr.io/code-dot-org/code-dot-org:${{ imageFrom("ghcr.io/code-dot-org/code-dot-org").Tag }} + - key: namespace + value: ${{ outputs['deployment-meta'].namespace }} + - key: resources + value: + - github.com/code-dot-org/code-dot-org//k8s/kustomize/base?ref=${{ outputs['build-lock'].gitCommit }} + - key: components + value: + - ../../envTypes/${{ outputs['deployment-meta'].envType }} + - uses: kustomize-set-image + config: + path: ./gitops/apps/codeai/deployments/staging/deploy + images: + - image: code-dot-org + newName: ghcr.io/code-dot-org/code-dot-org + tag: ${{ outputs['build-lock'].releaseId }} - uses: git-commit config: path: ./gitops - message: | - Promote staging to ${{ imageFrom("ghcr.io/code-dot-org/code-dot-org").Tag }} [skip ci] + message: Promote staging deploy to ${{ outputs['build-lock'].releaseId }} [skip ci] - uses: git-push config: path: ./gitops diff --git a/apps/kargo-project-codeai/stages/test.yaml b/apps/kargo-project-codeai/stages/test.yaml index c029450..6d09408 100644 --- a/apps/kargo-project-codeai/stages/test.yaml +++ b/apps/kargo-project-codeai/stages/test.yaml @@ -7,7 +7,7 @@ spec: requestedFreight: - origin: kind: Warehouse - name: kargo-project-codeai + name: codeai-builds sources: stages: - staging @@ -16,24 +16,75 @@ spec: vars: - name: gitopsRepo value: https://github.com/code-dot-org/k8s-gitops.git + - name: legacyEnv + value: test steps: - uses: git-clone config: repoURL: ${{ vars.gitopsRepo }} checkout: + - commit: ${{ commitFrom('https://github.com/code-dot-org/k8s-gitops.git', warehouse('codeai-builds').ID) }} + path: ./freight + - branch: main + path: ./gate - branch: main path: ./gitops + - uses: yaml-parse + as: build-lock + config: + path: ./freight/warehouses/codeai/builds/current.yaml + outputs: + - name: releaseId + fromExpression: releaseId + - name: gitCommit + fromExpression: gitCommit + - name: packagingKind + fromExpression: packaging.kind + - name: sourcePath + fromExpression: packaging.sourcePath + - uses: yaml-parse + as: legacy-merge + config: + path: ./gate/warehouses/codeai/legacy-gitflow/${{ vars.legacyEnv }}/merged/${{ outputs['build-lock'].releaseId }}.yaml + outputs: + - name: revision + fromExpression: revision + - name: tag + fromExpression: tag + - name: mergedAt + fromExpression: mergedAt + - uses: yaml-parse + as: deployment-meta + config: + path: ./gitops/apps/codeai/deployments/test/deployment.yaml + outputs: + - name: envType + fromExpression: envType + - name: namespace + fromExpression: namespace - uses: yaml-update config: - path: ./gitops/apps/codeai/deployments/test/values.yaml + path: ./gitops/apps/codeai/deployments/test/deploy/kustomization.yaml updates: - - key: image - value: ghcr.io/code-dot-org/code-dot-org:${{ imageFrom("ghcr.io/code-dot-org/code-dot-org").Tag }} + - key: namespace + value: ${{ outputs['deployment-meta'].namespace }} + - key: resources + value: + - github.com/code-dot-org/code-dot-org//k8s/kustomize/base?ref=${{ outputs['build-lock'].gitCommit }} + - key: components + value: + - ../../envTypes/${{ outputs['deployment-meta'].envType }} + - uses: kustomize-set-image + config: + path: ./gitops/apps/codeai/deployments/test/deploy + images: + - image: code-dot-org + newName: ghcr.io/code-dot-org/code-dot-org + tag: ${{ outputs['build-lock'].releaseId }} - uses: git-commit config: path: ./gitops - message: | - Promote test to ${{ imageFrom("ghcr.io/code-dot-org/code-dot-org").Tag }} [skip ci] + message: Promote test deploy to ${{ outputs['build-lock'].releaseId }} [skip ci] - uses: git-push config: path: ./gitops diff --git a/apps/kargo-project-codeai/warehouse.yaml b/apps/kargo-project-codeai/warehouse.yaml index ff9ebe0..c42e27d 100644 --- a/apps/kargo-project-codeai/warehouse.yaml +++ b/apps/kargo-project-codeai/warehouse.yaml @@ -1,13 +1,12 @@ apiVersion: kargo.akuity.io/v1alpha1 kind: Warehouse metadata: - name: kargo-project-codeai + name: codeai-builds namespace: kargo-project-codeai spec: subscriptions: - - image: - repoURL: ghcr.io/code-dot-org/code-dot-org - ignoreTagsRegexes: - # Ignore single-platform images when we have a multiplatform option - - '.*-amd64$' - - '.*-arm64$' + - git: + repoURL: https://github.com/code-dot-org/k8s-gitops.git + branch: main + includePaths: + - warehouses/codeai/builds From 30457ce7d66ce5e468b0169d6e5f11cc86ece743 Mon Sep 17 00:00:00 2001 From: Seth Nickell Date: Sun, 22 Mar 2026 21:07:06 -1000 Subject: [PATCH 2/3] Update CodeAI GitOps layout docs --- README.md | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index bf624ff..9db52b9 100644 --- a/README.md +++ b/README.md @@ -28,12 +28,14 @@ k8s-gitops/ deployments/ levelbuilder/ # codeai deployment levelbuilder - deployment.yaml # envType=levelbuilder, branch=levelbuilder - values.yaml # values.yaml for this deployment: dashboard_workers=27, RAILS_ENV=levelbuilder, etc + deployment.yaml # deployment metadata: envType=levelbuilder, namespace=levelbuilder + deploy/ + kustomization.yaml # machine-owned deploy wrapper pinned to a code-dot-org commit ... envTypes/ - levelbuilder.values.yaml # base values.yaml for all envType=levelbuilder + levelbuilder/ + kustomization.yaml # envType component consumed by deployment wrappers ... kargo/ @@ -44,7 +46,7 @@ k8s-gitops/ application.yaml # argocd app for kargo project codeai project.yaml # kargo project for codeai project-config.yaml # kargo projectconfig for codeai - warehouse.yaml # kargo warehouse for codeai + warehouse.yaml # kargo warehouse watching warehouses/codeai/builds stages/ levelbuilder.yaml # kargo stage for codeai deployment levelbuilder ... @@ -53,4 +55,3 @@ k8s-gitops/ ## Bootstrap Cluster kubectl apply -f apps/app-of-apps/applicationset.yaml - From cd9cd8bd1e4cd57b0b891cefaad257041eca7fa6 Mon Sep 17 00:00:00 2001 From: Seth Nickell Date: Sun, 22 Mar 2026 22:13:00 -1000 Subject: [PATCH 3/3] CODE REVIEWED & FIXED --- .../k8s-adhoc/deploy/kustomization.yaml | 6 +- .../levelbuilder/deploy/kustomization.yaml | 6 +- .../production/deploy/kustomization.yaml | 6 +- .../staging/deploy/kustomization.yaml | 6 +- .../test/deploy/kustomization.yaml | 6 +- .../codeai-test-verification.yaml | 56 +++++++++++++++++++ .../stages/levelbuilder.yaml | 4 +- .../stages/production.yaml | 40 ++----------- .../stages/review-infra-changes.yaml | 13 ++++- apps/kargo-project-codeai/stages/staging.yaml | 4 +- apps/kargo-project-codeai/stages/test.yaml | 22 +++++++- 11 files changed, 110 insertions(+), 59 deletions(-) create mode 100644 apps/kargo-project-codeai/codeai-test-verification.yaml diff --git a/apps/codeai/deployments/k8s-adhoc/deploy/kustomization.yaml b/apps/codeai/deployments/k8s-adhoc/deploy/kustomization.yaml index b46fe15..8f0833f 100644 --- a/apps/codeai/deployments/k8s-adhoc/deploy/kustomization.yaml +++ b/apps/codeai/deployments/k8s-adhoc/deploy/kustomization.yaml @@ -2,10 +2,10 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namespace: adhoc-k8s-adhoc resources: - - github.com/code-dot-org/code-dot-org//k8s/kustomize/base?ref=f33f9d20923c25a03e9e6da746f076c3ee4bb79d + - github.com/code-dot-org/code-dot-org//k8s/kustomize/base?ref=d072d04a9e345ffd5716cd5f1c86f92d8bc5ab47&timeout=120s components: - - ../../envTypes/staging + - ../../../envTypes/staging images: - name: code-dot-org newName: ghcr.io/code-dot-org/code-dot-org - newTag: git-f33f9d20923c25a03e9e6da746f076c3ee4bb79d + newTag: git-d072d04a9e345ffd5716cd5f1c86f92d8bc5ab47 diff --git a/apps/codeai/deployments/levelbuilder/deploy/kustomization.yaml b/apps/codeai/deployments/levelbuilder/deploy/kustomization.yaml index a43decf..524ea16 100644 --- a/apps/codeai/deployments/levelbuilder/deploy/kustomization.yaml +++ b/apps/codeai/deployments/levelbuilder/deploy/kustomization.yaml @@ -2,10 +2,10 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namespace: levelbuilder resources: - - github.com/code-dot-org/code-dot-org//k8s/kustomize/base?ref=f33f9d20923c25a03e9e6da746f076c3ee4bb79d + - github.com/code-dot-org/code-dot-org//k8s/kustomize/base?ref=8e63b725457dee9f56342b5c6bdd0c04789c08b7&timeout=120s components: - - ../../envTypes/levelbuilder + - ../../../envTypes/levelbuilder images: - name: code-dot-org newName: ghcr.io/code-dot-org/code-dot-org - newTag: git-f33f9d20923c25a03e9e6da746f076c3ee4bb79d + newTag: git-8e63b725457dee9f56342b5c6bdd0c04789c08b7 diff --git a/apps/codeai/deployments/production/deploy/kustomization.yaml b/apps/codeai/deployments/production/deploy/kustomization.yaml index 0cf9347..108e0d4 100644 --- a/apps/codeai/deployments/production/deploy/kustomization.yaml +++ b/apps/codeai/deployments/production/deploy/kustomization.yaml @@ -2,10 +2,10 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namespace: production resources: - - github.com/code-dot-org/code-dot-org//k8s/kustomize/base?ref=f33f9d20923c25a03e9e6da746f076c3ee4bb79d + - github.com/code-dot-org/code-dot-org//k8s/kustomize/base?ref=bcb0ae45b61e70b12b63c49f3e7b82c65d4edec0&timeout=120s components: - - ../../envTypes/production + - ../../../envTypes/production images: - name: code-dot-org newName: ghcr.io/code-dot-org/code-dot-org - newTag: git-f33f9d20923c25a03e9e6da746f076c3ee4bb79d + newTag: git-bcb0ae45b61e70b12b63c49f3e7b82c65d4edec0 diff --git a/apps/codeai/deployments/staging/deploy/kustomization.yaml b/apps/codeai/deployments/staging/deploy/kustomization.yaml index 3ffc1dd..594161b 100644 --- a/apps/codeai/deployments/staging/deploy/kustomization.yaml +++ b/apps/codeai/deployments/staging/deploy/kustomization.yaml @@ -2,10 +2,10 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namespace: staging resources: - - github.com/code-dot-org/code-dot-org//k8s/kustomize/base?ref=f33f9d20923c25a03e9e6da746f076c3ee4bb79d + - github.com/code-dot-org/code-dot-org//k8s/kustomize/base?ref=d072d04a9e345ffd5716cd5f1c86f92d8bc5ab47&timeout=120s components: - - ../../envTypes/staging + - ../../../envTypes/staging images: - name: code-dot-org newName: ghcr.io/code-dot-org/code-dot-org - newTag: git-f33f9d20923c25a03e9e6da746f076c3ee4bb79d + newTag: git-d072d04a9e345ffd5716cd5f1c86f92d8bc5ab47 diff --git a/apps/codeai/deployments/test/deploy/kustomization.yaml b/apps/codeai/deployments/test/deploy/kustomization.yaml index 9a05a3d..f23f206 100644 --- a/apps/codeai/deployments/test/deploy/kustomization.yaml +++ b/apps/codeai/deployments/test/deploy/kustomization.yaml @@ -2,10 +2,10 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namespace: test resources: - - github.com/code-dot-org/code-dot-org//k8s/kustomize/base?ref=f33f9d20923c25a03e9e6da746f076c3ee4bb79d + - github.com/code-dot-org/code-dot-org//k8s/kustomize/base?ref=0ecc81111eb1e349451f9ebed2e509e2b0af738e&timeout=120s components: - - ../../envTypes/test + - ../../../envTypes/test images: - name: code-dot-org newName: ghcr.io/code-dot-org/code-dot-org - newTag: git-f33f9d20923c25a03e9e6da746f076c3ee4bb79d + newTag: git-0ecc81111eb1e349451f9ebed2e509e2b0af738e diff --git a/apps/kargo-project-codeai/codeai-test-verification.yaml b/apps/kargo-project-codeai/codeai-test-verification.yaml new file mode 100644 index 0000000..7156a0e --- /dev/null +++ b/apps/kargo-project-codeai/codeai-test-verification.yaml @@ -0,0 +1,56 @@ +apiVersion: argoproj.io/v1alpha1 +kind: AnalysisTemplate +metadata: + name: codeai-test-verification + namespace: kargo-project-codeai +spec: + args: + - name: gitCommit + - name: namespace + - name: deploymentName + metrics: + - name: drone-and-rollout-gate + provider: + job: + spec: + backoffLimit: 0 + template: + spec: + restartPolicy: Never + containers: + - name: verify + image: alpine:3.20 + command: + - sh + - -ceu + args: + - | + apk add --no-cache curl kubectl >/dev/null + + attempts=30 + while [ "$attempts" -gt 0 ]; do + state="$( + curl -fsSL "https://api.github.com/repos/code-dot-org/code-dot-org/commits/{{ args.gitCommit }}/status" | + grep -m1 -o '"state":"[^"]*"' | + cut -d'"' -f4 + )" + case "$state" in + success) + break + ;; + failure|error) + echo "Commit status failed: $state" >&2 + exit 1 + ;; + esac + + attempts=$((attempts - 1)) + if [ "$attempts" -eq 0 ]; then + echo "Timed out waiting for commit status success" >&2 + exit 1 + fi + + sleep 60 + done + + kubectl -n "{{ args.namespace }}" rollout status "deployment/{{ args.deploymentName }}" --timeout=10m diff --git a/apps/kargo-project-codeai/stages/levelbuilder.yaml b/apps/kargo-project-codeai/stages/levelbuilder.yaml index 8a75fb7..4cd0780 100644 --- a/apps/kargo-project-codeai/stages/levelbuilder.yaml +++ b/apps/kargo-project-codeai/stages/levelbuilder.yaml @@ -70,10 +70,10 @@ spec: value: ${{ outputs['deployment-meta'].namespace }} - key: resources value: - - github.com/code-dot-org/code-dot-org//k8s/kustomize/base?ref=${{ outputs['build-lock'].gitCommit }} + - github.com/code-dot-org/code-dot-org//k8s/kustomize/base?ref=${{ outputs['build-lock'].gitCommit }}&timeout=120s - key: components value: - - ../../envTypes/${{ outputs['deployment-meta'].envType }} + - ../../../envTypes/${{ outputs['deployment-meta'].envType }} - uses: kustomize-set-image config: path: ./gitops/apps/codeai/deployments/levelbuilder/deploy diff --git a/apps/kargo-project-codeai/stages/production.yaml b/apps/kargo-project-codeai/stages/production.yaml index a80eac6..2f0f8f7 100644 --- a/apps/kargo-project-codeai/stages/production.yaml +++ b/apps/kargo-project-codeai/stages/production.yaml @@ -27,8 +27,6 @@ spec: path: ./freight - branch: main path: ./gate - - branch: main - path: ./gitops - uses: yaml-parse as: build-lock config: @@ -53,38 +51,8 @@ spec: fromExpression: tag - name: mergedAt fromExpression: mergedAt - - uses: yaml-parse - as: deployment-meta - config: - path: ./gitops/apps/codeai/deployments/production/deployment.yaml - outputs: - - name: envType - fromExpression: envType - - name: namespace - fromExpression: namespace - - uses: yaml-update - config: - path: ./gitops/apps/codeai/deployments/production/deploy/kustomization.yaml - updates: - - key: namespace - value: ${{ outputs['deployment-meta'].namespace }} - - key: resources - value: - - github.com/code-dot-org/code-dot-org//k8s/kustomize/base?ref=${{ outputs['build-lock'].gitCommit }} - - key: components - value: - - ../../envTypes/${{ outputs['deployment-meta'].envType }} - - uses: kustomize-set-image - config: - path: ./gitops/apps/codeai/deployments/production/deploy - images: - - image: code-dot-org - newName: ghcr.io/code-dot-org/code-dot-org - tag: ${{ outputs['build-lock'].releaseId }} - - uses: git-commit - config: - path: ./gitops - message: Promote production deploy to ${{ outputs['build-lock'].releaseId }} [skip ci] - - uses: git-push + - uses: git-merge-pr config: - path: ./gitops + repoURL: https://github.com/code-dot-org/k8s-gitops.git + prNumber: ${{ freightMetadata(ctx.targetFreight.name)['production-review-pr-id'] }} + wait: true diff --git a/apps/kargo-project-codeai/stages/review-infra-changes.yaml b/apps/kargo-project-codeai/stages/review-infra-changes.yaml index 3d37593..daa92c4 100644 --- a/apps/kargo-project-codeai/stages/review-infra-changes.yaml +++ b/apps/kargo-project-codeai/stages/review-infra-changes.yaml @@ -70,10 +70,10 @@ spec: value: ${{ outputs['deployment-meta'].namespace }} - key: resources value: - - github.com/code-dot-org/code-dot-org//k8s/kustomize/base?ref=${{ outputs['build-lock'].gitCommit }} + - github.com/code-dot-org/code-dot-org//k8s/kustomize/base?ref=${{ outputs['build-lock'].gitCommit }}&timeout=120s - key: components value: - - ../../envTypes/${{ outputs['deployment-meta'].envType }} + - ../../../envTypes/${{ outputs['deployment-meta'].envType }} - uses: kustomize-set-image config: path: ./gitops/apps/codeai/deployments/production/deploy @@ -91,8 +91,17 @@ spec: path: ./gitops generateTargetBranch: true - uses: git-open-pr + as: open-pr config: repoURL: https://github.com/code-dot-org/k8s-gitops.git sourceBranch: ${{ outputs.push.branch }} targetBranch: main title: Review CodeAI production deploy for ${{ outputs['build-lock'].releaseId }} + - uses: set-metadata + config: + updates: + - kind: Freight + name: ${{ ctx.targetFreight.name }} + values: + production-review-pr-id: ${{ outputs['open-pr'].pr.id }} + production-review-pr-url: ${{ outputs['open-pr'].pr.url }} diff --git a/apps/kargo-project-codeai/stages/staging.yaml b/apps/kargo-project-codeai/stages/staging.yaml index e853f96..965c058 100644 --- a/apps/kargo-project-codeai/stages/staging.yaml +++ b/apps/kargo-project-codeai/stages/staging.yaml @@ -54,10 +54,10 @@ spec: value: ${{ outputs['deployment-meta'].namespace }} - key: resources value: - - github.com/code-dot-org/code-dot-org//k8s/kustomize/base?ref=${{ outputs['build-lock'].gitCommit }} + - github.com/code-dot-org/code-dot-org//k8s/kustomize/base?ref=${{ outputs['build-lock'].gitCommit }}&timeout=120s - key: components value: - - ../../envTypes/${{ outputs['deployment-meta'].envType }} + - ../../../envTypes/${{ outputs['deployment-meta'].envType }} - uses: kustomize-set-image config: path: ./gitops/apps/codeai/deployments/staging/deploy diff --git a/apps/kargo-project-codeai/stages/test.yaml b/apps/kargo-project-codeai/stages/test.yaml index 6d09408..03eb470 100644 --- a/apps/kargo-project-codeai/stages/test.yaml +++ b/apps/kargo-project-codeai/stages/test.yaml @@ -11,6 +11,16 @@ spec: sources: stages: - staging + verification: + analysisTemplates: + - name: codeai-test-verification + args: + - name: gitCommit + value: ${{ freightMetadata(ctx.targetFreight.name)['code-dot-org-git-commit'] }} + - name: namespace + value: test + - name: deploymentName + value: test-cdo-dashboard promotionTemplate: spec: vars: @@ -70,10 +80,10 @@ spec: value: ${{ outputs['deployment-meta'].namespace }} - key: resources value: - - github.com/code-dot-org/code-dot-org//k8s/kustomize/base?ref=${{ outputs['build-lock'].gitCommit }} + - github.com/code-dot-org/code-dot-org//k8s/kustomize/base?ref=${{ outputs['build-lock'].gitCommit }}&timeout=120s - key: components value: - - ../../envTypes/${{ outputs['deployment-meta'].envType }} + - ../../../envTypes/${{ outputs['deployment-meta'].envType }} - uses: kustomize-set-image config: path: ./gitops/apps/codeai/deployments/test/deploy @@ -81,6 +91,14 @@ spec: - image: code-dot-org newName: ghcr.io/code-dot-org/code-dot-org tag: ${{ outputs['build-lock'].releaseId }} + - uses: set-metadata + config: + updates: + - kind: Freight + name: ${{ ctx.targetFreight.name }} + values: + code-dot-org-git-commit: ${{ outputs['build-lock'].gitCommit }} + code-dot-org-release-id: ${{ outputs['build-lock'].releaseId }} - uses: git-commit config: path: ./gitops