From f0e286c008bed66c8eada5605d2703f1dfec482c Mon Sep 17 00:00:00 2001 From: Seth Nickell Date: Sun, 22 Mar 2026 20:57:13 -1000 Subject: [PATCH 1/3] Move CodeAI to rendered stage branches --- README.md | 9 +- apps/codeai-adhoc/application.yaml | 28 +++++ apps/codeai/README.md | 6 +- apps/codeai/applicationset.yaml | 21 ++-- .../deployments/levelbuilder/deploy/.gitkeep | 1 + .../deployments/levelbuilder/deployment.yaml | 3 + .../levelbuilder/deployment.yaml.disabled | 5 - .../deployments/production/deploy/.gitkeep | 1 + .../deployments/production/deployment.yaml | 3 + .../production/deployment.yaml.disabled | 5 - .../codeai/deployments/production/values.yaml | 2 +- .../deployments/staging/deploy/.gitkeep | 1 + apps/codeai/deployments/staging/values.yaml | 2 +- apps/codeai/deployments/test/deploy/.gitkeep | 1 + apps/codeai/deployments/test/deployment.yaml | 4 +- apps/codeai/deployments/test/values.yaml | 2 +- apps/kargo-project-codeai/project-config.yaml | 6 +- .../stages/levelbuilder.yaml | 99 ++++++++++++++-- .../stages/production.yaml | 52 +++++--- .../stages/review-infra-changes.yaml | 112 ++++++++++++++++++ apps/kargo-project-codeai/stages/staging.yaml | 86 ++++++++++++-- apps/kargo-project-codeai/stages/test.yaml | 99 ++++++++++++++-- apps/kargo-project-codeai/warehouse.yaml | 13 +- 23 files changed, 461 insertions(+), 100 deletions(-) create mode 100644 apps/codeai-adhoc/application.yaml create mode 100644 apps/codeai/deployments/levelbuilder/deploy/.gitkeep create mode 100644 apps/codeai/deployments/levelbuilder/deployment.yaml delete mode 100644 apps/codeai/deployments/levelbuilder/deployment.yaml.disabled create mode 100644 apps/codeai/deployments/production/deploy/.gitkeep create mode 100644 apps/codeai/deployments/production/deployment.yaml delete mode 100644 apps/codeai/deployments/production/deployment.yaml.disabled create mode 100644 apps/codeai/deployments/staging/deploy/.gitkeep create mode 100644 apps/codeai/deployments/test/deploy/.gitkeep create mode 100644 apps/kargo-project-codeai/stages/review-infra-changes.yaml diff --git a/README.md b/README.md index bf624ff..1ec54aa 100644 --- a/README.md +++ b/README.md @@ -24,18 +24,22 @@ k8s-gitops/ repos.yaml # configure application.yaml to load $app_name/* codeai/ - applicationset.yaml # define argocd apps for codeai deployments: deployments/*/deployment.yaml + applicationset.yaml # define argocd apps for rendered CodeAI stage branches deployments/ levelbuilder/ # codeai deployment levelbuilder deployment.yaml # envType=levelbuilder, branch=levelbuilder values.yaml # values.yaml for this deployment: dashboard_workers=27, RAILS_ENV=levelbuilder, etc + deploy/ # rendered manifests committed to stage/levelbuilder ... envTypes/ levelbuilder.values.yaml # base values.yaml for all envType=levelbuilder ... + codeai-adhoc/ + application.yaml # adhoc deployment that still renders directly from source + kargo/ application.yaml # argocd app for kargo itself values.yaml # helm values for kargo install @@ -44,7 +48,7 @@ k8s-gitops/ application.yaml # argocd app for kargo project codeai project.yaml # kargo project for codeai project-config.yaml # kargo projectconfig for codeai - warehouse.yaml # kargo warehouse for codeai + warehouse.yaml # kargo warehouse for CodeAI build locks stages/ levelbuilder.yaml # kargo stage for codeai deployment levelbuilder ... @@ -53,4 +57,3 @@ k8s-gitops/ ## Bootstrap Cluster kubectl apply -f apps/app-of-apps/applicationset.yaml - diff --git a/apps/codeai-adhoc/application.yaml b/apps/codeai-adhoc/application.yaml new file mode 100644 index 0000000..cd28d6d --- /dev/null +++ b/apps/codeai-adhoc/application.yaml @@ -0,0 +1,28 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: codeai-k8s-adhoc + namespace: argocd +spec: + project: default + sources: + - repoURL: https://github.com/code-dot-org/code-dot-org.git + targetRevision: k8s/adhoc + path: k8s/helm + helm: + releaseName: k8s-adhoc + valueFiles: + - $values/apps/codeai/envTypes/staging.values.yaml + - $values/apps/codeai/deployments/k8s-adhoc/values.yaml + - repoURL: https://github.com/code-dot-org/k8s-gitops.git + targetRevision: main + ref: values + destination: + server: https://kubernetes.default.svc + namespace: adhoc-k8s-adhoc + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - ServerSideApply=true diff --git a/apps/codeai/README.md b/apps/codeai/README.md index 594080a..eea99fb 100644 --- a/apps/codeai/README.md +++ b/apps/codeai/README.md @@ -1,3 +1,5 @@ -This app's deployment definitions live under `deployments/`. +This app's deployment metadata lives under `deployments/` on `main`. -Docker image tag writeback is done by the GitHub Actions workflow [`k8s-commit-image-ref-to-argocd.yml`](https://github.com/code-dot-org/code-dot-org/blob/staging/.github/workflows/k8s-commit-image-ref-to-argocd.yml). +Long-lived environments (`staging`, `test`, `levelbuilder`, and `production`) are rendered by Kargo into `apps/codeai/deployments//deploy/` on `stage/` branches, and Argo CD deploys those rendered manifests directly. + +The thin build-lock and legacy gitflow gate records are written by the GitHub Actions workflow [`k8s-commit-to-kargo-warehouse.yml`](https://github.com/code-dot-org/code-dot-org/blob/staging/.github/workflows/k8s-commit-to-kargo-warehouse.yml). diff --git a/apps/codeai/applicationset.yaml b/apps/codeai/applicationset.yaml index e367ef9..353ed95 100644 --- a/apps/codeai/applicationset.yaml +++ b/apps/codeai/applicationset.yaml @@ -9,7 +9,10 @@ spec: repoURL: https://github.com/code-dot-org/k8s-gitops.git revision: main files: - - path: apps/codeai/deployments/*/deployment.yaml + - path: apps/codeai/deployments/staging/deployment.yaml + - path: apps/codeai/deployments/test/deployment.yaml + - path: apps/codeai/deployments/levelbuilder/deployment.yaml + - path: apps/codeai/deployments/production/deployment.yaml template: metadata: name: codeai-{{path.basename}} @@ -18,18 +21,10 @@ spec: kargo.akuity.io/project: kargo-project-codeai spec: project: default - sources: - - repoURL: https://github.com/code-dot-org/code-dot-org.git - targetRevision: '{{sourceRevision}}' - path: k8s/helm - helm: - releaseName: '{{path.basename}}' - valueFiles: - - $values/apps/codeai/envTypes/{{envType}}.values.yaml - - $values/apps/codeai/deployments/{{path.basename}}/values.yaml - - repoURL: https://github.com/code-dot-org/k8s-gitops.git - targetRevision: main - ref: values + source: + repoURL: https://github.com/code-dot-org/k8s-gitops.git + targetRevision: stage/{{path.basename}} + path: apps/codeai/deployments/{{path.basename}}/deploy destination: server: https://kubernetes.default.svc namespace: '{{namespace}}' diff --git a/apps/codeai/deployments/levelbuilder/deploy/.gitkeep b/apps/codeai/deployments/levelbuilder/deploy/.gitkeep new file mode 100644 index 0000000..8b13789 --- /dev/null +++ b/apps/codeai/deployments/levelbuilder/deploy/.gitkeep @@ -0,0 +1 @@ + diff --git a/apps/codeai/deployments/levelbuilder/deployment.yaml b/apps/codeai/deployments/levelbuilder/deployment.yaml new file mode 100644 index 0000000..c776c6d --- /dev/null +++ b/apps/codeai/deployments/levelbuilder/deployment.yaml @@ -0,0 +1,3 @@ +envType: levelbuilder +namespace: levelbuilder +branch: levelbuilder diff --git a/apps/codeai/deployments/levelbuilder/deployment.yaml.disabled b/apps/codeai/deployments/levelbuilder/deployment.yaml.disabled deleted file mode 100644 index 4d89839..0000000 --- a/apps/codeai/deployments/levelbuilder/deployment.yaml.disabled +++ /dev/null @@ -1,5 +0,0 @@ -envType: levelbuilder -namespace: levelbuilder -# FIXME: for quicker testing, avoid waiting on DTTs and DTPs, let alone DTLs. -# branch: levelbuilder -branch: staging diff --git a/apps/codeai/deployments/production/deploy/.gitkeep b/apps/codeai/deployments/production/deploy/.gitkeep new file mode 100644 index 0000000..8b13789 --- /dev/null +++ b/apps/codeai/deployments/production/deploy/.gitkeep @@ -0,0 +1 @@ + diff --git a/apps/codeai/deployments/production/deployment.yaml b/apps/codeai/deployments/production/deployment.yaml new file mode 100644 index 0000000..17544b0 --- /dev/null +++ b/apps/codeai/deployments/production/deployment.yaml @@ -0,0 +1,3 @@ +envType: production +namespace: production +branch: production diff --git a/apps/codeai/deployments/production/deployment.yaml.disabled b/apps/codeai/deployments/production/deployment.yaml.disabled deleted file mode 100644 index 37cafd5..0000000 --- a/apps/codeai/deployments/production/deployment.yaml.disabled +++ /dev/null @@ -1,5 +0,0 @@ -envType: production -namespace: production -# FIXME: for quicker testing, avoid waiting on DTTs and DTPs, let alone DTLs. -# branch: production -branch: staging diff --git a/apps/codeai/deployments/production/values.yaml b/apps/codeai/deployments/production/values.yaml index 990a7fd..64c472a 100644 --- a/apps/codeai/deployments/production/values.yaml +++ b/apps/codeai/deployments/production/values.yaml @@ -1,4 +1,4 @@ -image: ghcr.io/code-dot-org/code-dot-org:production +image: ghcr.io/code-dot-org/code-dot-org:replace-me autoscaling: minReplicas: 1 maxReplicas: 1 diff --git a/apps/codeai/deployments/staging/deploy/.gitkeep b/apps/codeai/deployments/staging/deploy/.gitkeep new file mode 100644 index 0000000..8b13789 --- /dev/null +++ b/apps/codeai/deployments/staging/deploy/.gitkeep @@ -0,0 +1 @@ + diff --git a/apps/codeai/deployments/staging/values.yaml b/apps/codeai/deployments/staging/values.yaml index bc14481..28fde5c 100644 --- a/apps/codeai/deployments/staging/values.yaml +++ b/apps/codeai/deployments/staging/values.yaml @@ -1,4 +1,4 @@ -image: ghcr.io/code-dot-org/code-dot-org:staging # updated by k8s-commit-image-ref-to-argocd.yml +image: ghcr.io/code-dot-org/code-dot-org:replace-me autoscaling: maxReplicas: 1 locals.yml: diff --git a/apps/codeai/deployments/test/deploy/.gitkeep b/apps/codeai/deployments/test/deploy/.gitkeep new file mode 100644 index 0000000..8b13789 --- /dev/null +++ b/apps/codeai/deployments/test/deploy/.gitkeep @@ -0,0 +1 @@ + diff --git a/apps/codeai/deployments/test/deployment.yaml b/apps/codeai/deployments/test/deployment.yaml index 2539d0c..c80253d 100644 --- a/apps/codeai/deployments/test/deployment.yaml +++ b/apps/codeai/deployments/test/deployment.yaml @@ -1,5 +1,3 @@ envType: test namespace: test -# FIXME: for quicker testing, avoid waiting on DTTs and DTPs, let alone DTLs. -# branch: test -branch: staging +branch: test diff --git a/apps/codeai/deployments/test/values.yaml b/apps/codeai/deployments/test/values.yaml index 4e3ce6c..6706c2f 100644 --- a/apps/codeai/deployments/test/values.yaml +++ b/apps/codeai/deployments/test/values.yaml @@ -1,4 +1,4 @@ -image: ghcr.io/code-dot-org/code-dot-org:test # updated by k8s-commit-image-ref-to-argocd.yml +image: ghcr.io/code-dot-org/code-dot-org:replace-me autoscaling: maxReplicas: 1 locals.yml: diff --git a/apps/kargo-project-codeai/project-config.yaml b/apps/kargo-project-codeai/project-config.yaml index a303851..de77915 100644 --- a/apps/kargo-project-codeai/project-config.yaml +++ b/apps/kargo-project-codeai/project-config.yaml @@ -9,7 +9,9 @@ spec: autoPromotionEnabled: true - stage: test autoPromotionEnabled: false - - stage: production - autoPromotionEnabled: false - stage: levelbuilder autoPromotionEnabled: false + - stage: review-infra-changes + autoPromotionEnabled: false + - stage: production + autoPromotionEnabled: false diff --git a/apps/kargo-project-codeai/stages/levelbuilder.yaml b/apps/kargo-project-codeai/stages/levelbuilder.yaml index 305d668..17813f6 100644 --- a/apps/kargo-project-codeai/stages/levelbuilder.yaml +++ b/apps/kargo-project-codeai/stages/levelbuilder.yaml @@ -7,33 +7,106 @@ spec: requestedFreight: - origin: kind: Warehouse - name: kargo-project-codeai + name: codeai-builds sources: stages: - test + vars: + - name: gitopsRepo + value: https://github.com/code-dot-org/k8s-gitops.git + - name: legacyEnv + value: levelbuilder + - name: renderDeployment + value: levelbuilder + - name: renderPath + value: apps/codeai/deployments/levelbuilder/deploy + - name: targetBranch + value: stage/levelbuilder promotionTemplate: spec: - vars: - - name: gitopsRepo - value: https://github.com/code-dot-org/k8s-gitops.git steps: - uses: git-clone config: repoURL: ${{ vars.gitopsRepo }} checkout: + - commit: ${{ commitFrom(vars.gitopsRepo, warehouse('codeai-builds')).ID }} + path: ./freight + sparse: + - warehouses/codeai/builds/current.yaml - branch: main - path: ./gitops - - uses: yaml-update + path: ./meta + sparse: + - apps/codeai/deployments/levelbuilder + - apps/codeai/envTypes + - branch: main + path: ./gate + sparse: + - warehouses/codeai/legacy-gitflow/levelbuilder/merged + - branch: ${{ vars.targetBranch }} + create: true + path: ./out + sparse: + - ${{ vars.renderPath }} + - uses: yaml-parse + as: build-lock + config: + path: ./freight/warehouses/codeai/builds/current.yaml + outputs: + - name: releaseId + fromExpression: releaseId + - name: gitCommit + fromExpression: gitCommit + - name: imageRef + fromExpression: image.ref + - name: imageDigest + fromExpression: image.digest + - name: sourceRepo + fromExpression: packaging.sourceRepo + - name: sourcePath + fromExpression: packaging.sourcePath + - uses: yaml-parse + as: legacy-gate + config: + path: ./gate/warehouses/codeai/legacy-gitflow/${{ vars.legacyEnv }}/merged/${{ outputs['build-lock'].releaseId }}.yaml + outputs: + - name: mergedAt + fromExpression: mergedAt + - uses: yaml-parse + as: deployment-meta + config: + path: ./meta/apps/codeai/deployments/${{ vars.renderDeployment }}/deployment.yaml + outputs: + - name: envType + fromExpression: envType + - uses: git-clone + config: + repoURL: ${{ outputs['build-lock'].sourceRepo }} + checkout: + - commit: ${{ outputs['build-lock'].gitCommit }} + path: ./src + sparse: + - ${{ outputs['build-lock'].sourcePath }} + - uses: git-clear + config: + path: ./out/${{ vars.renderPath }} + - uses: helm-template config: - path: ./gitops/apps/codeai/deployments/levelbuilder/values.yaml - updates: + path: ./src/${{ outputs['build-lock'].sourcePath }} + outPath: ./out/${{ vars.renderPath }} + outLayout: flat + releaseName: ${{ vars.renderDeployment }} + valuesFiles: + - ./meta/apps/codeai/envTypes/${{ outputs['deployment-meta'].envType }}.values.yaml + - ./meta/apps/codeai/deployments/${{ vars.renderDeployment }}/values.yaml + setValues: - key: image - value: ghcr.io/code-dot-org/code-dot-org:${{ imageFrom("ghcr.io/code-dot-org/code-dot-org").Tag }} + value: ${{ outputs['build-lock'].imageRef }}@${{ outputs['build-lock'].imageDigest }} + literal: true - uses: git-commit config: - path: ./gitops - message: | - Promote levelbuilder to ${{ imageFrom("ghcr.io/code-dot-org/code-dot-org").Tag }} [skip ci] + path: ./out + message: Render ${{ vars.renderDeployment }} for ${{ outputs['build-lock'].releaseId }} - uses: git-push config: - path: ./gitops + path: ./out + targetBranch: ${{ vars.targetBranch }} diff --git a/apps/kargo-project-codeai/stages/production.yaml b/apps/kargo-project-codeai/stages/production.yaml index eac25f5..3780c60 100644 --- a/apps/kargo-project-codeai/stages/production.yaml +++ b/apps/kargo-project-codeai/stages/production.yaml @@ -7,33 +7,49 @@ spec: requestedFreight: - origin: kind: Warehouse - name: kargo-project-codeai + name: codeai-builds sources: stages: - - test + - review-infra-changes + vars: + - name: gitopsRepo + value: https://github.com/code-dot-org/k8s-gitops.git + - name: legacyEnv + value: production + - name: targetBranch + value: stage/production + - name: renderPath + value: apps/codeai/deployments/production/deploy promotionTemplate: spec: - vars: - - name: gitopsRepo - value: https://github.com/code-dot-org/k8s-gitops.git steps: - uses: git-clone config: repoURL: ${{ vars.gitopsRepo }} checkout: + - commit: ${{ commitFrom(vars.gitopsRepo, warehouse('codeai-builds')).ID }} + path: ./freight + sparse: + - warehouses/codeai/builds/current.yaml - branch: main - path: ./gitops - - uses: yaml-update + path: ./gate + sparse: + - warehouses/codeai/legacy-gitflow/production/merged + - branch: ${{ vars.targetBranch }} + path: ./out + sparse: + - ${{ vars.renderPath }} + - uses: yaml-parse + as: build-lock config: - path: ./gitops/apps/codeai/deployments/production/values.yaml - updates: - - key: image - value: ghcr.io/code-dot-org/code-dot-org:${{ imageFrom("ghcr.io/code-dot-org/code-dot-org").Tag }} - - uses: git-commit + path: ./freight/warehouses/codeai/builds/current.yaml + outputs: + - name: releaseId + fromExpression: releaseId + - uses: yaml-parse + as: legacy-gate config: - path: ./gitops - message: | - Promote production to ${{ imageFrom("ghcr.io/code-dot-org/code-dot-org").Tag }} [skip ci] - - uses: git-push - config: - path: ./gitops + path: ./gate/warehouses/codeai/legacy-gitflow/${{ vars.legacyEnv }}/merged/${{ outputs['build-lock'].releaseId }}.yaml + outputs: + - name: mergedAt + fromExpression: mergedAt diff --git a/apps/kargo-project-codeai/stages/review-infra-changes.yaml b/apps/kargo-project-codeai/stages/review-infra-changes.yaml new file mode 100644 index 0000000..e2da5d5 --- /dev/null +++ b/apps/kargo-project-codeai/stages/review-infra-changes.yaml @@ -0,0 +1,112 @@ +apiVersion: kargo.akuity.io/v1alpha1 +kind: Stage +metadata: + name: review-infra-changes + namespace: kargo-project-codeai +spec: + requestedFreight: + - origin: + kind: Warehouse + name: codeai-builds + sources: + stages: + - levelbuilder + vars: + - name: gitopsRepo + value: https://github.com/code-dot-org/k8s-gitops.git + - name: renderDeployment + value: production + - name: renderPath + value: apps/codeai/deployments/production/deploy + - name: targetBranch + value: stage/production + promotionTemplate: + spec: + steps: + - uses: git-clone + config: + repoURL: ${{ vars.gitopsRepo }} + checkout: + - commit: ${{ commitFrom(vars.gitopsRepo, warehouse('codeai-builds')).ID }} + path: ./freight + sparse: + - warehouses/codeai/builds/current.yaml + - branch: main + path: ./meta + sparse: + - apps/codeai/deployments/production + - apps/codeai/envTypes + - branch: ${{ vars.targetBranch }} + create: true + path: ./out + sparse: + - ${{ vars.renderPath }} + - uses: yaml-parse + as: build-lock + config: + path: ./freight/warehouses/codeai/builds/current.yaml + outputs: + - name: releaseId + fromExpression: releaseId + - name: gitCommit + fromExpression: gitCommit + - name: imageRef + fromExpression: image.ref + - name: imageDigest + fromExpression: image.digest + - name: sourceRepo + fromExpression: packaging.sourceRepo + - name: sourcePath + fromExpression: packaging.sourcePath + - uses: yaml-parse + as: deployment-meta + config: + path: ./meta/apps/codeai/deployments/${{ vars.renderDeployment }}/deployment.yaml + outputs: + - name: envType + fromExpression: envType + - uses: git-clone + config: + repoURL: ${{ outputs['build-lock'].sourceRepo }} + checkout: + - commit: ${{ outputs['build-lock'].gitCommit }} + path: ./src + sparse: + - ${{ outputs['build-lock'].sourcePath }} + - uses: git-clear + config: + path: ./out/${{ vars.renderPath }} + - uses: helm-template + config: + path: ./src/${{ outputs['build-lock'].sourcePath }} + outPath: ./out/${{ vars.renderPath }} + outLayout: flat + releaseName: ${{ vars.renderDeployment }} + valuesFiles: + - ./meta/apps/codeai/envTypes/${{ outputs['deployment-meta'].envType }}.values.yaml + - ./meta/apps/codeai/deployments/${{ vars.renderDeployment }}/values.yaml + setValues: + - key: image + value: ${{ outputs['build-lock'].imageRef }}@${{ outputs['build-lock'].imageDigest }} + literal: true + - uses: git-commit + config: + path: ./out + message: Review ${{ vars.renderDeployment }} render for ${{ outputs['build-lock'].releaseId }} + - uses: git-push + as: push + config: + path: ./out + generateTargetBranch: true + - uses: git-open-pr + as: open-pr + config: + repoURL: ${{ vars.gitopsRepo }} + createTargetBranch: true + sourceBranch: ${{ outputs.push.branch }} + targetBranch: ${{ vars.targetBranch }} + title: Review CodeAI ${{ vars.renderDeployment }} render for ${{ outputs['build-lock'].releaseId }} + - uses: git-wait-for-pr + config: + repoURL: ${{ vars.gitopsRepo }} + prNumber: ${{ outputs['open-pr'].pr.id }} diff --git a/apps/kargo-project-codeai/stages/staging.yaml b/apps/kargo-project-codeai/stages/staging.yaml index c986f62..c77d902 100644 --- a/apps/kargo-project-codeai/stages/staging.yaml +++ b/apps/kargo-project-codeai/stages/staging.yaml @@ -7,32 +7,92 @@ spec: requestedFreight: - origin: kind: Warehouse - name: kargo-project-codeai + name: codeai-builds sources: direct: true + vars: + - name: gitopsRepo + value: https://github.com/code-dot-org/k8s-gitops.git + - name: renderDeployment + value: staging + - name: renderPath + value: apps/codeai/deployments/staging/deploy + - name: targetBranch + value: stage/staging promotionTemplate: spec: - vars: - - name: gitopsRepo - value: https://github.com/code-dot-org/k8s-gitops.git steps: - uses: git-clone config: repoURL: ${{ vars.gitopsRepo }} checkout: + - commit: ${{ commitFrom(vars.gitopsRepo, warehouse('codeai-builds')).ID }} + path: ./freight + sparse: + - warehouses/codeai/builds/current.yaml - branch: main - path: ./gitops - - uses: yaml-update + path: ./meta + sparse: + - apps/codeai/deployments/staging + - apps/codeai/envTypes + - branch: ${{ vars.targetBranch }} + create: true + path: ./out + sparse: + - ${{ vars.renderPath }} + - uses: yaml-parse + as: build-lock config: - path: ./gitops/apps/codeai/deployments/staging/values.yaml - updates: + path: ./freight/warehouses/codeai/builds/current.yaml + outputs: + - name: releaseId + fromExpression: releaseId + - name: gitCommit + fromExpression: gitCommit + - name: imageRef + fromExpression: image.ref + - name: imageDigest + fromExpression: image.digest + - name: sourceRepo + fromExpression: packaging.sourceRepo + - name: sourcePath + fromExpression: packaging.sourcePath + - uses: yaml-parse + as: deployment-meta + config: + path: ./meta/apps/codeai/deployments/${{ vars.renderDeployment }}/deployment.yaml + outputs: + - name: envType + fromExpression: envType + - uses: git-clone + config: + repoURL: ${{ outputs['build-lock'].sourceRepo }} + checkout: + - commit: ${{ outputs['build-lock'].gitCommit }} + path: ./src + sparse: + - ${{ outputs['build-lock'].sourcePath }} + - uses: git-clear + config: + path: ./out/${{ vars.renderPath }} + - uses: helm-template + config: + path: ./src/${{ outputs['build-lock'].sourcePath }} + outPath: ./out/${{ vars.renderPath }} + outLayout: flat + releaseName: ${{ vars.renderDeployment }} + valuesFiles: + - ./meta/apps/codeai/envTypes/${{ outputs['deployment-meta'].envType }}.values.yaml + - ./meta/apps/codeai/deployments/${{ vars.renderDeployment }}/values.yaml + setValues: - key: image - value: ghcr.io/code-dot-org/code-dot-org:${{ imageFrom("ghcr.io/code-dot-org/code-dot-org").Tag }} + value: ${{ outputs['build-lock'].imageRef }}@${{ outputs['build-lock'].imageDigest }} + literal: true - uses: git-commit config: - path: ./gitops - message: | - Promote staging to ${{ imageFrom("ghcr.io/code-dot-org/code-dot-org").Tag }} [skip ci] + path: ./out + message: Render ${{ vars.renderDeployment }} for ${{ outputs['build-lock'].releaseId }} - uses: git-push config: - path: ./gitops + path: ./out + targetBranch: ${{ vars.targetBranch }} diff --git a/apps/kargo-project-codeai/stages/test.yaml b/apps/kargo-project-codeai/stages/test.yaml index c029450..166313b 100644 --- a/apps/kargo-project-codeai/stages/test.yaml +++ b/apps/kargo-project-codeai/stages/test.yaml @@ -7,33 +7,106 @@ spec: requestedFreight: - origin: kind: Warehouse - name: kargo-project-codeai + name: codeai-builds sources: stages: - staging + vars: + - name: gitopsRepo + value: https://github.com/code-dot-org/k8s-gitops.git + - name: legacyEnv + value: test + - name: renderDeployment + value: test + - name: renderPath + value: apps/codeai/deployments/test/deploy + - name: targetBranch + value: stage/test promotionTemplate: spec: - vars: - - name: gitopsRepo - value: https://github.com/code-dot-org/k8s-gitops.git steps: - uses: git-clone config: repoURL: ${{ vars.gitopsRepo }} checkout: + - commit: ${{ commitFrom(vars.gitopsRepo, warehouse('codeai-builds')).ID }} + path: ./freight + sparse: + - warehouses/codeai/builds/current.yaml - branch: main - path: ./gitops - - uses: yaml-update + path: ./meta + sparse: + - apps/codeai/deployments/test + - apps/codeai/envTypes + - branch: main + path: ./gate + sparse: + - warehouses/codeai/legacy-gitflow/test/merged + - branch: ${{ vars.targetBranch }} + create: true + path: ./out + sparse: + - ${{ vars.renderPath }} + - uses: yaml-parse + as: build-lock + config: + path: ./freight/warehouses/codeai/builds/current.yaml + outputs: + - name: releaseId + fromExpression: releaseId + - name: gitCommit + fromExpression: gitCommit + - name: imageRef + fromExpression: image.ref + - name: imageDigest + fromExpression: image.digest + - name: sourceRepo + fromExpression: packaging.sourceRepo + - name: sourcePath + fromExpression: packaging.sourcePath + - uses: yaml-parse + as: legacy-gate + config: + path: ./gate/warehouses/codeai/legacy-gitflow/${{ vars.legacyEnv }}/merged/${{ outputs['build-lock'].releaseId }}.yaml + outputs: + - name: mergedAt + fromExpression: mergedAt + - uses: yaml-parse + as: deployment-meta + config: + path: ./meta/apps/codeai/deployments/${{ vars.renderDeployment }}/deployment.yaml + outputs: + - name: envType + fromExpression: envType + - uses: git-clone + config: + repoURL: ${{ outputs['build-lock'].sourceRepo }} + checkout: + - commit: ${{ outputs['build-lock'].gitCommit }} + path: ./src + sparse: + - ${{ outputs['build-lock'].sourcePath }} + - uses: git-clear + config: + path: ./out/${{ vars.renderPath }} + - uses: helm-template config: - path: ./gitops/apps/codeai/deployments/test/values.yaml - updates: + path: ./src/${{ outputs['build-lock'].sourcePath }} + outPath: ./out/${{ vars.renderPath }} + outLayout: flat + releaseName: ${{ vars.renderDeployment }} + valuesFiles: + - ./meta/apps/codeai/envTypes/${{ outputs['deployment-meta'].envType }}.values.yaml + - ./meta/apps/codeai/deployments/${{ vars.renderDeployment }}/values.yaml + setValues: - key: image - value: ghcr.io/code-dot-org/code-dot-org:${{ imageFrom("ghcr.io/code-dot-org/code-dot-org").Tag }} + value: ${{ outputs['build-lock'].imageRef }}@${{ outputs['build-lock'].imageDigest }} + literal: true - uses: git-commit config: - path: ./gitops - message: | - Promote test to ${{ imageFrom("ghcr.io/code-dot-org/code-dot-org").Tag }} [skip ci] + path: ./out + message: Render ${{ vars.renderDeployment }} for ${{ outputs['build-lock'].releaseId }} - uses: git-push config: - path: ./gitops + path: ./out + targetBranch: ${{ vars.targetBranch }} diff --git a/apps/kargo-project-codeai/warehouse.yaml b/apps/kargo-project-codeai/warehouse.yaml index ff9ebe0..c42e27d 100644 --- a/apps/kargo-project-codeai/warehouse.yaml +++ b/apps/kargo-project-codeai/warehouse.yaml @@ -1,13 +1,12 @@ apiVersion: kargo.akuity.io/v1alpha1 kind: Warehouse metadata: - name: kargo-project-codeai + name: codeai-builds namespace: kargo-project-codeai spec: subscriptions: - - image: - repoURL: ghcr.io/code-dot-org/code-dot-org - ignoreTagsRegexes: - # Ignore single-platform images when we have a multiplatform option - - '.*-amd64$' - - '.*-arm64$' + - git: + repoURL: https://github.com/code-dot-org/k8s-gitops.git + branch: main + includePaths: + - warehouses/codeai/builds From ffa4fca6fc84e60eed032f2e8130f16bd7c99cdf Mon Sep 17 00:00:00 2001 From: Seth Nickell Date: Sun, 22 Mar 2026 21:55:54 -1000 Subject: [PATCH 2/3] CODE REVIEWED & FIXED --- .../kargo-project-codeai/stages/review-infra-changes.yaml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/apps/kargo-project-codeai/stages/review-infra-changes.yaml b/apps/kargo-project-codeai/stages/review-infra-changes.yaml index e2da5d5..0f7b5a9 100644 --- a/apps/kargo-project-codeai/stages/review-infra-changes.yaml +++ b/apps/kargo-project-codeai/stages/review-infra-changes.yaml @@ -107,6 +107,14 @@ spec: targetBranch: ${{ vars.targetBranch }} title: Review CodeAI ${{ vars.renderDeployment }} render for ${{ outputs['build-lock'].releaseId }} - uses: git-wait-for-pr + as: wait-for-pr config: repoURL: ${{ vars.gitopsRepo }} prNumber: ${{ outputs['open-pr'].pr.id }} + - uses: yaml-parse + if: ${{ !outputs['wait-for-pr'].pr.merged }} + config: + path: ./review-pr-must-be-merged.yaml + outputs: + - name: unreachable + fromExpression: required From 45993c29880574ed0c500c58d9d64b531fe0284b Mon Sep 17 00:00:00 2001 From: Seth Nickell Date: Mon, 23 Mar 2026 00:41:21 -1000 Subject: [PATCH 3/3] Skip empty rendered review PRs --- .../kargo-project-codeai/stages/review-infra-changes.yaml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/apps/kargo-project-codeai/stages/review-infra-changes.yaml b/apps/kargo-project-codeai/stages/review-infra-changes.yaml index 0f7b5a9..af38775 100644 --- a/apps/kargo-project-codeai/stages/review-infra-changes.yaml +++ b/apps/kargo-project-codeai/stages/review-infra-changes.yaml @@ -24,6 +24,7 @@ spec: spec: steps: - uses: git-clone + as: gitops config: repoURL: ${{ vars.gitopsRepo }} checkout: @@ -38,6 +39,7 @@ spec: - apps/codeai/envTypes - branch: ${{ vars.targetBranch }} create: true + as: production path: ./out sparse: - ${{ vars.renderPath }} @@ -90,15 +92,18 @@ spec: value: ${{ outputs['build-lock'].imageRef }}@${{ outputs['build-lock'].imageDigest }} literal: true - uses: git-commit + as: rendered-commit config: path: ./out message: Review ${{ vars.renderDeployment }} render for ${{ outputs['build-lock'].releaseId }} - uses: git-push + if: ${{ outputs['rendered-commit'].commit != outputs['gitops'].commits['production'] }} as: push config: path: ./out generateTargetBranch: true - uses: git-open-pr + if: ${{ outputs['rendered-commit'].commit != outputs['gitops'].commits['production'] }} as: open-pr config: repoURL: ${{ vars.gitopsRepo }} @@ -107,12 +112,13 @@ spec: targetBranch: ${{ vars.targetBranch }} title: Review CodeAI ${{ vars.renderDeployment }} render for ${{ outputs['build-lock'].releaseId }} - uses: git-wait-for-pr + if: ${{ outputs['rendered-commit'].commit != outputs['gitops'].commits['production'] }} as: wait-for-pr config: repoURL: ${{ vars.gitopsRepo }} prNumber: ${{ outputs['open-pr'].pr.id }} - uses: yaml-parse - if: ${{ !outputs['wait-for-pr'].pr.merged }} + if: ${{ outputs['rendered-commit'].commit != outputs['gitops'].commits['production'] && !outputs['wait-for-pr'].pr.merged }} config: path: ./review-pr-must-be-merged.yaml outputs: