From 8f21291b2a570749badb3ff15d7b8c287f67a63d Mon Sep 17 00:00:00 2001 From: Seth Nickell Date: Sun, 22 Mar 2026 20:51:56 -1000 Subject: [PATCH 1/4] Render staged deployments from frozen freight --- apps/codeai/README.md | 11 ++- apps/codeai/applicationset-adhoc.yaml | 41 ++++++++ apps/codeai/applicationset.yaml | 27 +++--- .../deployments/k8s-adhoc/deployment.yaml | 2 + .../deployments/levelbuilder/deployment.yaml | 5 + .../levelbuilder/deployment.yaml.disabled | 5 - .../deployments/production/deployment.yaml | 5 + .../production/deployment.yaml.disabled | 5 - .../deployments/staging/deployment.yaml | 4 +- apps/codeai/deployments/test/deployment.yaml | 6 +- apps/codeai/envTypes/levelbuilder.values.yaml | 2 + apps/codeai/envTypes/production.values.yaml | 2 + apps/codeai/envTypes/staging.values.yaml | 2 + apps/codeai/envTypes/test.values.yaml | 2 + apps/kargo-project-codeai/project-config.yaml | 6 +- .../stages/levelbuilder.yaml | 52 +++++++++-- .../stages/production.yaml | 28 +----- .../stages/review-infra-changes.yaml | 93 +++++++++++++++++++ apps/kargo-project-codeai/stages/staging.yaml | 52 +++++++++-- apps/kargo-project-codeai/stages/test.yaml | 52 +++++++++-- apps/kargo-project-codeai/warehouse.yaml | 11 +-- warehouses/codeai/README.md | 10 ++ 22 files changed, 334 insertions(+), 89 deletions(-) create mode 100644 apps/codeai/applicationset-adhoc.yaml create mode 100644 apps/codeai/deployments/levelbuilder/deployment.yaml delete mode 100644 apps/codeai/deployments/levelbuilder/deployment.yaml.disabled create mode 100644 apps/codeai/deployments/production/deployment.yaml delete mode 100644 apps/codeai/deployments/production/deployment.yaml.disabled create mode 100644 apps/kargo-project-codeai/stages/review-infra-changes.yaml create mode 100644 warehouses/codeai/README.md diff --git a/apps/codeai/README.md b/apps/codeai/README.md index 594080a..20eceb7 100644 --- a/apps/codeai/README.md +++ b/apps/codeai/README.md @@ -1,3 +1,12 @@ This app's deployment definitions live under `deployments/`. -Docker image tag writeback is done by the GitHub Actions workflow [`k8s-commit-image-ref-to-argocd.yml`](https://github.com/code-dot-org/code-dot-org/blob/staging/.github/workflows/k8s-commit-image-ref-to-argocd.yml). +Staging, test, levelbuilder, and production are rendered-branch deployments: + +- `main` holds the environment policy and Kargo configuration. +- `stage/` holds the fully rendered manifests Argo CD syncs. +- Kargo renders those branches from `warehouses/codeai/freight/current/helm/` plus the values files in this directory. + +`k8s-adhoc` remains a live-source Helm deployment so ad hoc work can keep following a source branch directly. + +Bootstrap note: +- The first successful promotion to each staged environment creates its `stage/` branch. Until that first render lands, the corresponding Argo CD `Application` will report a missing target revision. diff --git a/apps/codeai/applicationset-adhoc.yaml b/apps/codeai/applicationset-adhoc.yaml new file mode 100644 index 0000000..e94d071 --- /dev/null +++ b/apps/codeai/applicationset-adhoc.yaml @@ -0,0 +1,41 @@ +apiVersion: argoproj.io/v1alpha1 +kind: ApplicationSet +metadata: + name: codeai-adhoc + namespace: argocd +spec: + generators: + - git: + repoURL: https://github.com/code-dot-org/k8s-gitops.git + revision: main + files: + - path: apps/codeai/deployments/k8s-adhoc/deployment.yaml + template: + metadata: + name: codeai-{{name}} + labels: + app.kubernetes.io/managed-by: kargo + kargo.akuity.io/project: kargo-project-codeai + spec: + project: default + sources: + - repoURL: https://github.com/code-dot-org/code-dot-org.git + targetRevision: '{{branch}}' + path: k8s/helm + helm: + releaseName: '{{name}}' + valueFiles: + - $values/apps/codeai/envTypes/{{envType}}.values.yaml + - $values/apps/codeai/deployments/{{name}}/values.yaml + - repoURL: https://github.com/code-dot-org/k8s-gitops.git + targetRevision: main + ref: values + destination: + server: https://kubernetes.default.svc + namespace: '{{namespace}}' + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - ServerSideApply=true diff --git a/apps/codeai/applicationset.yaml b/apps/codeai/applicationset.yaml index e367ef9..75e4c63 100644 --- a/apps/codeai/applicationset.yaml +++ b/apps/codeai/applicationset.yaml @@ -1,7 +1,7 @@ apiVersion: argoproj.io/v1alpha1 kind: ApplicationSet metadata: - name: codeai + name: codeai-rendered-stages namespace: argocd spec: generators: @@ -9,27 +9,24 @@ spec: repoURL: https://github.com/code-dot-org/k8s-gitops.git revision: main files: - - path: apps/codeai/deployments/*/deployment.yaml + - path: apps/codeai/deployments/staging/deployment.yaml + - path: apps/codeai/deployments/test/deployment.yaml + - path: apps/codeai/deployments/levelbuilder/deployment.yaml + - path: apps/codeai/deployments/production/deployment.yaml template: metadata: - name: codeai-{{path.basename}} + name: codeai-{{name}} labels: app.kubernetes.io/managed-by: kargo kargo.akuity.io/project: kargo-project-codeai spec: project: default - sources: - - repoURL: https://github.com/code-dot-org/code-dot-org.git - targetRevision: '{{sourceRevision}}' - path: k8s/helm - helm: - releaseName: '{{path.basename}}' - valueFiles: - - $values/apps/codeai/envTypes/{{envType}}.values.yaml - - $values/apps/codeai/deployments/{{path.basename}}/values.yaml - - repoURL: https://github.com/code-dot-org/k8s-gitops.git - targetRevision: main - ref: values + source: + repoURL: https://github.com/code-dot-org/k8s-gitops.git + targetRevision: '{{renderedBranch}}' + path: . + directory: + recurse: true destination: server: https://kubernetes.default.svc namespace: '{{namespace}}' diff --git a/apps/codeai/deployments/k8s-adhoc/deployment.yaml b/apps/codeai/deployments/k8s-adhoc/deployment.yaml index c1e65bc..3d63e11 100644 --- a/apps/codeai/deployments/k8s-adhoc/deployment.yaml +++ b/apps/codeai/deployments/k8s-adhoc/deployment.yaml @@ -1,3 +1,5 @@ +name: k8s-adhoc +sourceMode: live-source envType: staging namespace: adhoc-k8s-adhoc branch: k8s/adhoc diff --git a/apps/codeai/deployments/levelbuilder/deployment.yaml b/apps/codeai/deployments/levelbuilder/deployment.yaml new file mode 100644 index 0000000..21f39e0 --- /dev/null +++ b/apps/codeai/deployments/levelbuilder/deployment.yaml @@ -0,0 +1,5 @@ +name: levelbuilder +sourceMode: rendered +envType: levelbuilder +namespace: levelbuilder +renderedBranch: stage/levelbuilder diff --git a/apps/codeai/deployments/levelbuilder/deployment.yaml.disabled b/apps/codeai/deployments/levelbuilder/deployment.yaml.disabled deleted file mode 100644 index 4d89839..0000000 --- a/apps/codeai/deployments/levelbuilder/deployment.yaml.disabled +++ /dev/null @@ -1,5 +0,0 @@ -envType: levelbuilder -namespace: levelbuilder -# FIXME: for quicker testing, avoid waiting on DTTs and DTPs, let alone DTLs. -# branch: levelbuilder -branch: staging diff --git a/apps/codeai/deployments/production/deployment.yaml b/apps/codeai/deployments/production/deployment.yaml new file mode 100644 index 0000000..813aa70 --- /dev/null +++ b/apps/codeai/deployments/production/deployment.yaml @@ -0,0 +1,5 @@ +name: production +sourceMode: rendered +envType: production +namespace: production +renderedBranch: stage/production diff --git a/apps/codeai/deployments/production/deployment.yaml.disabled b/apps/codeai/deployments/production/deployment.yaml.disabled deleted file mode 100644 index 37cafd5..0000000 --- a/apps/codeai/deployments/production/deployment.yaml.disabled +++ /dev/null @@ -1,5 +0,0 @@ -envType: production -namespace: production -# FIXME: for quicker testing, avoid waiting on DTTs and DTPs, let alone DTLs. -# branch: production -branch: staging diff --git a/apps/codeai/deployments/staging/deployment.yaml b/apps/codeai/deployments/staging/deployment.yaml index 30b6df2..e7d12db 100644 --- a/apps/codeai/deployments/staging/deployment.yaml +++ b/apps/codeai/deployments/staging/deployment.yaml @@ -1,3 +1,5 @@ +name: staging +sourceMode: rendered envType: staging namespace: staging -branch: staging +renderedBranch: stage/staging diff --git a/apps/codeai/deployments/test/deployment.yaml b/apps/codeai/deployments/test/deployment.yaml index 2539d0c..7fbe1b4 100644 --- a/apps/codeai/deployments/test/deployment.yaml +++ b/apps/codeai/deployments/test/deployment.yaml @@ -1,5 +1,5 @@ +name: test +sourceMode: rendered envType: test namespace: test -# FIXME: for quicker testing, avoid waiting on DTTs and DTPs, let alone DTLs. -# branch: test -branch: staging +renderedBranch: stage/test diff --git a/apps/codeai/envTypes/levelbuilder.values.yaml b/apps/codeai/envTypes/levelbuilder.values.yaml index c1ee1e7..68dc47c 100644 --- a/apps/codeai/envTypes/levelbuilder.values.yaml +++ b/apps/codeai/envTypes/levelbuilder.values.yaml @@ -3,3 +3,5 @@ RAILS_ENV: levelbuilder healthChecks: enabled: true require_external_secrets: true +renderedBranches: + deterministicLocalSecrets: true diff --git a/apps/codeai/envTypes/production.values.yaml b/apps/codeai/envTypes/production.values.yaml index 1b897d5..b757ef9 100644 --- a/apps/codeai/envTypes/production.values.yaml +++ b/apps/codeai/envTypes/production.values.yaml @@ -3,6 +3,8 @@ RAILS_ENV: production healthChecks: enabled: true require_external_secrets: true +renderedBranches: + deterministicLocalSecrets: true autoscaling: enabled: true minReplicas: 1 diff --git a/apps/codeai/envTypes/staging.values.yaml b/apps/codeai/envTypes/staging.values.yaml index 03390a6..dad6453 100644 --- a/apps/codeai/envTypes/staging.values.yaml +++ b/apps/codeai/envTypes/staging.values.yaml @@ -3,3 +3,5 @@ RAILS_ENV: staging healthChecks: enabled: true require_external_secrets: true +renderedBranches: + deterministicLocalSecrets: true diff --git a/apps/codeai/envTypes/test.values.yaml b/apps/codeai/envTypes/test.values.yaml index cb3dc99..85ff9ac 100644 --- a/apps/codeai/envTypes/test.values.yaml +++ b/apps/codeai/envTypes/test.values.yaml @@ -3,3 +3,5 @@ RAILS_ENV: test healthChecks: enabled: true require_external_secrets: true +renderedBranches: + deterministicLocalSecrets: true diff --git a/apps/kargo-project-codeai/project-config.yaml b/apps/kargo-project-codeai/project-config.yaml index a303851..de77915 100644 --- a/apps/kargo-project-codeai/project-config.yaml +++ b/apps/kargo-project-codeai/project-config.yaml @@ -9,7 +9,9 @@ spec: autoPromotionEnabled: true - stage: test autoPromotionEnabled: false - - stage: production - autoPromotionEnabled: false - stage: levelbuilder autoPromotionEnabled: false + - stage: review-infra-changes + autoPromotionEnabled: false + - stage: production + autoPromotionEnabled: false diff --git a/apps/kargo-project-codeai/stages/levelbuilder.yaml b/apps/kargo-project-codeai/stages/levelbuilder.yaml index 305d668..898e497 100644 --- a/apps/kargo-project-codeai/stages/levelbuilder.yaml +++ b/apps/kargo-project-codeai/stages/levelbuilder.yaml @@ -16,24 +16,60 @@ spec: vars: - name: gitopsRepo value: https://github.com/code-dot-org/k8s-gitops.git + - name: renderedBranch + value: stage/levelbuilder + - name: envType + value: levelbuilder + - name: deployment + value: levelbuilder steps: - uses: git-clone config: repoURL: ${{ vars.gitopsRepo }} checkout: + - commit: ${{ commitFrom(vars.gitopsRepo).ID }} + path: ./freight + sparse: + - warehouses/codeai/freight/current - branch: main - path: ./gitops - - uses: yaml-update + path: ./meta + sparse: + - apps/codeai + - branch: ${{ vars.renderedBranch }} + create: true + path: ./out + - uses: yaml-parse + as: freight config: - path: ./gitops/apps/codeai/deployments/levelbuilder/values.yaml - updates: + path: ./freight/warehouses/codeai/freight/current/freight.yaml + outputs: + - name: revision + fromExpression: revision + - name: releaseTag + fromExpression: tag + - name: packageType + fromExpression: packageType + - name: imageRef + fromExpression: image.ref + - uses: git-clear + config: + path: ./out + - uses: helm-template + config: + path: ./freight/warehouses/codeai/freight/current/helm + releaseName: ${{ vars.deployment }} + valuesFiles: + - ./meta/apps/codeai/envTypes/${{ vars.envType }}.values.yaml + - ./meta/apps/codeai/deployments/${{ vars.deployment }}/values.yaml + setValues: - key: image - value: ghcr.io/code-dot-org/code-dot-org:${{ imageFrom("ghcr.io/code-dot-org/code-dot-org").Tag }} + value: ${{ outputs['freight'].imageRef }} + outPath: ./out/manifests.yaml - uses: git-commit config: - path: ./gitops + path: ./out message: | - Promote levelbuilder to ${{ imageFrom("ghcr.io/code-dot-org/code-dot-org").Tag }} [skip ci] + Render levelbuilder from ${{ outputs['freight'].releaseTag }} [skip ci] - uses: git-push config: - path: ./gitops + path: ./out diff --git a/apps/kargo-project-codeai/stages/production.yaml b/apps/kargo-project-codeai/stages/production.yaml index eac25f5..d90f8a0 100644 --- a/apps/kargo-project-codeai/stages/production.yaml +++ b/apps/kargo-project-codeai/stages/production.yaml @@ -10,30 +10,4 @@ spec: name: kargo-project-codeai sources: stages: - - test - promotionTemplate: - spec: - vars: - - name: gitopsRepo - value: https://github.com/code-dot-org/k8s-gitops.git - steps: - - uses: git-clone - config: - repoURL: ${{ vars.gitopsRepo }} - checkout: - - branch: main - path: ./gitops - - uses: yaml-update - config: - path: ./gitops/apps/codeai/deployments/production/values.yaml - updates: - - key: image - value: ghcr.io/code-dot-org/code-dot-org:${{ imageFrom("ghcr.io/code-dot-org/code-dot-org").Tag }} - - uses: git-commit - config: - path: ./gitops - message: | - Promote production to ${{ imageFrom("ghcr.io/code-dot-org/code-dot-org").Tag }} [skip ci] - - uses: git-push - config: - path: ./gitops + - review-infra-changes diff --git a/apps/kargo-project-codeai/stages/review-infra-changes.yaml b/apps/kargo-project-codeai/stages/review-infra-changes.yaml new file mode 100644 index 0000000..346d978 --- /dev/null +++ b/apps/kargo-project-codeai/stages/review-infra-changes.yaml @@ -0,0 +1,93 @@ +apiVersion: kargo.akuity.io/v1alpha1 +kind: Stage +metadata: + name: review-infra-changes + namespace: kargo-project-codeai +spec: + requestedFreight: + - origin: + kind: Warehouse + name: kargo-project-codeai + sources: + stages: + - levelbuilder + promotionTemplate: + spec: + vars: + - name: gitopsRepo + value: https://github.com/code-dot-org/k8s-gitops.git + - name: renderedBranch + value: stage/production + - name: envType + value: production + - name: deployment + value: production + steps: + - uses: git-clone + config: + repoURL: ${{ vars.gitopsRepo }} + checkout: + - commit: ${{ commitFrom(vars.gitopsRepo).ID }} + path: ./freight + sparse: + - warehouses/codeai/freight/current + - branch: main + path: ./meta + sparse: + - apps/codeai + - branch: ${{ vars.renderedBranch }} + create: true + path: ./out + - uses: yaml-parse + as: freight + config: + path: ./freight/warehouses/codeai/freight/current/freight.yaml + outputs: + - name: revision + fromExpression: revision + - name: releaseTag + fromExpression: tag + - name: packageType + fromExpression: packageType + - name: imageRef + fromExpression: image.ref + - uses: git-clear + config: + path: ./out + - uses: helm-template + config: + path: ./freight/warehouses/codeai/freight/current/helm + releaseName: ${{ vars.deployment }} + valuesFiles: + - ./meta/apps/codeai/envTypes/${{ vars.envType }}.values.yaml + - ./meta/apps/codeai/deployments/${{ vars.deployment }}/values.yaml + setValues: + - key: image + value: ${{ outputs['freight'].imageRef }} + outPath: ./out/manifests.yaml + - uses: git-commit + config: + path: ./out + message: | + Render production review from ${{ outputs['freight'].releaseTag }} [skip ci] + - uses: git-push + as: rendered-review + config: + path: ./out + generateTargetBranch: true + - uses: git-open-pr + as: review-pr + config: + repoURL: ${{ vars.gitopsRepo }} + provider: github + createTargetBranch: true + sourceBranch: ${{ outputs['rendered-review'].branch }} + targetBranch: ${{ vars.renderedBranch }} + title: Render production for ${{ outputs['freight'].releaseTag }} + description: | + Rendered production manifests for `${{ outputs['freight'].releaseTag }}` from `${{ outputs['freight'].revision }}`. + - uses: git-wait-for-pr + config: + repoURL: ${{ vars.gitopsRepo }} + provider: github + prNumber: ${{ outputs['review-pr'].pr.id }} diff --git a/apps/kargo-project-codeai/stages/staging.yaml b/apps/kargo-project-codeai/stages/staging.yaml index c986f62..86053e1 100644 --- a/apps/kargo-project-codeai/stages/staging.yaml +++ b/apps/kargo-project-codeai/stages/staging.yaml @@ -15,24 +15,60 @@ spec: vars: - name: gitopsRepo value: https://github.com/code-dot-org/k8s-gitops.git + - name: renderedBranch + value: stage/staging + - name: envType + value: staging + - name: deployment + value: staging steps: - uses: git-clone config: repoURL: ${{ vars.gitopsRepo }} checkout: + - commit: ${{ commitFrom(vars.gitopsRepo).ID }} + path: ./freight + sparse: + - warehouses/codeai/freight/current - branch: main - path: ./gitops - - uses: yaml-update + path: ./meta + sparse: + - apps/codeai + - branch: ${{ vars.renderedBranch }} + create: true + path: ./out + - uses: yaml-parse + as: freight config: - path: ./gitops/apps/codeai/deployments/staging/values.yaml - updates: + path: ./freight/warehouses/codeai/freight/current/freight.yaml + outputs: + - name: revision + fromExpression: revision + - name: releaseTag + fromExpression: tag + - name: packageType + fromExpression: packageType + - name: imageRef + fromExpression: image.ref + - uses: git-clear + config: + path: ./out + - uses: helm-template + config: + path: ./freight/warehouses/codeai/freight/current/helm + releaseName: ${{ vars.deployment }} + valuesFiles: + - ./meta/apps/codeai/envTypes/${{ vars.envType }}.values.yaml + - ./meta/apps/codeai/deployments/${{ vars.deployment }}/values.yaml + setValues: - key: image - value: ghcr.io/code-dot-org/code-dot-org:${{ imageFrom("ghcr.io/code-dot-org/code-dot-org").Tag }} + value: ${{ outputs['freight'].imageRef }} + outPath: ./out/manifests.yaml - uses: git-commit config: - path: ./gitops + path: ./out message: | - Promote staging to ${{ imageFrom("ghcr.io/code-dot-org/code-dot-org").Tag }} [skip ci] + Render staging from ${{ outputs['freight'].releaseTag }} [skip ci] - uses: git-push config: - path: ./gitops + path: ./out diff --git a/apps/kargo-project-codeai/stages/test.yaml b/apps/kargo-project-codeai/stages/test.yaml index c029450..e36d440 100644 --- a/apps/kargo-project-codeai/stages/test.yaml +++ b/apps/kargo-project-codeai/stages/test.yaml @@ -16,24 +16,60 @@ spec: vars: - name: gitopsRepo value: https://github.com/code-dot-org/k8s-gitops.git + - name: renderedBranch + value: stage/test + - name: envType + value: test + - name: deployment + value: test steps: - uses: git-clone config: repoURL: ${{ vars.gitopsRepo }} checkout: + - commit: ${{ commitFrom(vars.gitopsRepo).ID }} + path: ./freight + sparse: + - warehouses/codeai/freight/current - branch: main - path: ./gitops - - uses: yaml-update + path: ./meta + sparse: + - apps/codeai + - branch: ${{ vars.renderedBranch }} + create: true + path: ./out + - uses: yaml-parse + as: freight config: - path: ./gitops/apps/codeai/deployments/test/values.yaml - updates: + path: ./freight/warehouses/codeai/freight/current/freight.yaml + outputs: + - name: revision + fromExpression: revision + - name: releaseTag + fromExpression: tag + - name: packageType + fromExpression: packageType + - name: imageRef + fromExpression: image.ref + - uses: git-clear + config: + path: ./out + - uses: helm-template + config: + path: ./freight/warehouses/codeai/freight/current/helm + releaseName: ${{ vars.deployment }} + valuesFiles: + - ./meta/apps/codeai/envTypes/${{ vars.envType }}.values.yaml + - ./meta/apps/codeai/deployments/${{ vars.deployment }}/values.yaml + setValues: - key: image - value: ghcr.io/code-dot-org/code-dot-org:${{ imageFrom("ghcr.io/code-dot-org/code-dot-org").Tag }} + value: ${{ outputs['freight'].imageRef }} + outPath: ./out/manifests.yaml - uses: git-commit config: - path: ./gitops + path: ./out message: | - Promote test to ${{ imageFrom("ghcr.io/code-dot-org/code-dot-org").Tag }} [skip ci] + Render test from ${{ outputs['freight'].releaseTag }} [skip ci] - uses: git-push config: - path: ./gitops + path: ./out diff --git a/apps/kargo-project-codeai/warehouse.yaml b/apps/kargo-project-codeai/warehouse.yaml index ff9ebe0..0e64e44 100644 --- a/apps/kargo-project-codeai/warehouse.yaml +++ b/apps/kargo-project-codeai/warehouse.yaml @@ -5,9 +5,8 @@ metadata: namespace: kargo-project-codeai spec: subscriptions: - - image: - repoURL: ghcr.io/code-dot-org/code-dot-org - ignoreTagsRegexes: - # Ignore single-platform images when we have a multiplatform option - - '.*-amd64$' - - '.*-arm64$' + - git: + repoURL: https://github.com/code-dot-org/k8s-gitops.git + branch: main + includePaths: + - warehouses/codeai/freight/current diff --git a/warehouses/codeai/README.md b/warehouses/codeai/README.md new file mode 100644 index 0000000..4b3997a --- /dev/null +++ b/warehouses/codeai/README.md @@ -0,0 +1,10 @@ +`warehouses/codeai/freight/` is the frozen release input consumed by Kargo. + +CI writes two directories in the same `main` branch commit for each release: + +- `warehouses/codeai/freight/current/` +- `warehouses/codeai/freight/git-/` + +`current/` must be an exact mirror of the matching historical `git-/` directory in the same commit. + +Promotion reads only `current/freight.yaml` plus the `current/helm/` chart snapshot. Environment-specific policy stays under `apps/codeai/`. From 5d7b4e15224a24f53227809779105519f4703d27 Mon Sep 17 00:00:00 2001 From: Seth Nickell Date: Sun, 22 Mar 2026 20:58:41 -1000 Subject: [PATCH 2/4] Remove stale staged image writeback comments --- apps/codeai/deployments/staging/values.yaml | 2 +- apps/codeai/deployments/test/values.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/apps/codeai/deployments/staging/values.yaml b/apps/codeai/deployments/staging/values.yaml index bc14481..389865a 100644 --- a/apps/codeai/deployments/staging/values.yaml +++ b/apps/codeai/deployments/staging/values.yaml @@ -1,4 +1,4 @@ -image: ghcr.io/code-dot-org/code-dot-org:staging # updated by k8s-commit-image-ref-to-argocd.yml +image: ghcr.io/code-dot-org/code-dot-org:staging autoscaling: maxReplicas: 1 locals.yml: diff --git a/apps/codeai/deployments/test/values.yaml b/apps/codeai/deployments/test/values.yaml index 4e3ce6c..42b9e34 100644 --- a/apps/codeai/deployments/test/values.yaml +++ b/apps/codeai/deployments/test/values.yaml @@ -1,4 +1,4 @@ -image: ghcr.io/code-dot-org/code-dot-org:test # updated by k8s-commit-image-ref-to-argocd.yml +image: ghcr.io/code-dot-org/code-dot-org:test autoscaling: maxReplicas: 1 locals.yml: From d975065a6a53c0c3953f189baa3894f6472ed743 Mon Sep 17 00:00:00 2001 From: Seth Nickell Date: Sun, 22 Mar 2026 21:59:29 -1000 Subject: [PATCH 3/4] CODE REVIEWED & FIXED --- apps/app-of-apps/applicationset.yaml | 4 ++-- apps/codeai/applicationset.yaml | 2 ++ apps/kargo-project-codeai/stages/levelbuilder.yaml | 9 +++++++++ apps/kargo-project-codeai/stages/staging.yaml | 9 +++++++++ apps/kargo-project-codeai/stages/test.yaml | 9 +++++++++ 5 files changed, 31 insertions(+), 2 deletions(-) diff --git a/apps/app-of-apps/applicationset.yaml b/apps/app-of-apps/applicationset.yaml index e0c801a..1fdc38a 100644 --- a/apps/app-of-apps/applicationset.yaml +++ b/apps/app-of-apps/applicationset.yaml @@ -21,7 +21,7 @@ spec: repoURL: https://github.com/code-dot-org/k8s-gitops.git revision: main files: - - path: apps/*/applicationset.yaml + - path: apps/*/applicationset*.yaml # This fixed template is applied to applicationset.yaml, they do not support # passthrough. template: @@ -36,7 +36,7 @@ spec: targetRevision: main path: 'apps/{{.path.basename}}' directory: - include: "applicationset.yaml" + include: "applicationset*.yaml" syncPolicy: automated: prune: true diff --git a/apps/codeai/applicationset.yaml b/apps/codeai/applicationset.yaml index 75e4c63..2cdb159 100644 --- a/apps/codeai/applicationset.yaml +++ b/apps/codeai/applicationset.yaml @@ -16,6 +16,8 @@ spec: template: metadata: name: codeai-{{name}} + annotations: + kargo.akuity.io/authorized-stage: 'kargo-project-codeai:{{name}}' labels: app.kubernetes.io/managed-by: kargo kargo.akuity.io/project: kargo-project-codeai diff --git a/apps/kargo-project-codeai/stages/levelbuilder.yaml b/apps/kargo-project-codeai/stages/levelbuilder.yaml index 898e497..65a99df 100644 --- a/apps/kargo-project-codeai/stages/levelbuilder.yaml +++ b/apps/kargo-project-codeai/stages/levelbuilder.yaml @@ -66,6 +66,7 @@ spec: value: ${{ outputs['freight'].imageRef }} outPath: ./out/manifests.yaml - uses: git-commit + as: rendered-commit config: path: ./out message: | @@ -73,3 +74,11 @@ spec: - uses: git-push config: path: ./out + - uses: argocd-update + config: + apps: + - name: codeai-${{ vars.deployment }} + namespace: argocd + sources: + - repoURL: ${{ vars.gitopsRepo }} + desiredRevision: ${{ outputs['rendered-commit'].commit }} diff --git a/apps/kargo-project-codeai/stages/staging.yaml b/apps/kargo-project-codeai/stages/staging.yaml index 86053e1..e6b0dc0 100644 --- a/apps/kargo-project-codeai/stages/staging.yaml +++ b/apps/kargo-project-codeai/stages/staging.yaml @@ -65,6 +65,7 @@ spec: value: ${{ outputs['freight'].imageRef }} outPath: ./out/manifests.yaml - uses: git-commit + as: rendered-commit config: path: ./out message: | @@ -72,3 +73,11 @@ spec: - uses: git-push config: path: ./out + - uses: argocd-update + config: + apps: + - name: codeai-${{ vars.deployment }} + namespace: argocd + sources: + - repoURL: ${{ vars.gitopsRepo }} + desiredRevision: ${{ outputs['rendered-commit'].commit }} diff --git a/apps/kargo-project-codeai/stages/test.yaml b/apps/kargo-project-codeai/stages/test.yaml index e36d440..2de0f34 100644 --- a/apps/kargo-project-codeai/stages/test.yaml +++ b/apps/kargo-project-codeai/stages/test.yaml @@ -66,6 +66,7 @@ spec: value: ${{ outputs['freight'].imageRef }} outPath: ./out/manifests.yaml - uses: git-commit + as: rendered-commit config: path: ./out message: | @@ -73,3 +74,11 @@ spec: - uses: git-push config: path: ./out + - uses: argocd-update + config: + apps: + - name: codeai-${{ vars.deployment }} + namespace: argocd + sources: + - repoURL: ${{ vars.gitopsRepo }} + desiredRevision: ${{ outputs['rendered-commit'].commit }} From b054517b166192d90ae631a23735513c10b20637 Mon Sep 17 00:00:00 2001 From: Seth Nickell Date: Mon, 23 Mar 2026 00:40:21 -1000 Subject: [PATCH 4/4] Skip empty production review PRs --- apps/kargo-project-codeai/stages/review-infra-changes.yaml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/apps/kargo-project-codeai/stages/review-infra-changes.yaml b/apps/kargo-project-codeai/stages/review-infra-changes.yaml index 346d978..ba88dde 100644 --- a/apps/kargo-project-codeai/stages/review-infra-changes.yaml +++ b/apps/kargo-project-codeai/stages/review-infra-changes.yaml @@ -24,6 +24,7 @@ spec: value: production steps: - uses: git-clone + as: gitops config: repoURL: ${{ vars.gitopsRepo }} checkout: @@ -37,6 +38,7 @@ spec: - apps/codeai - branch: ${{ vars.renderedBranch }} create: true + as: production path: ./out - uses: yaml-parse as: freight @@ -66,16 +68,19 @@ spec: value: ${{ outputs['freight'].imageRef }} outPath: ./out/manifests.yaml - uses: git-commit + as: rendered-commit config: path: ./out message: | Render production review from ${{ outputs['freight'].releaseTag }} [skip ci] - uses: git-push + if: ${{ outputs['rendered-commit'].commit != outputs['gitops'].commits['production'] }} as: rendered-review config: path: ./out generateTargetBranch: true - uses: git-open-pr + if: ${{ outputs['rendered-commit'].commit != outputs['gitops'].commits['production'] }} as: review-pr config: repoURL: ${{ vars.gitopsRepo }} @@ -87,6 +92,7 @@ spec: description: | Rendered production manifests for `${{ outputs['freight'].releaseTag }}` from `${{ outputs['freight'].revision }}`. - uses: git-wait-for-pr + if: ${{ outputs['rendered-commit'].commit != outputs['gitops'].commits['production'] }} config: repoURL: ${{ vars.gitopsRepo }} provider: github