From 5d29c144ff8ec0e49bf881a71e5bd2517006dba9 Mon Sep 17 00:00:00 2001 From: Seth Nickell Date: Sun, 22 Mar 2026 20:56:01 -1000 Subject: [PATCH] Render codeai from OCI release capsules --- apps/codeai/README.md | 7 +- apps/codeai/applicationset.yaml | 17 +-- .../deployments/levelbuilder/deployment.yaml | 3 + .../levelbuilder/deployment.yaml.disabled | 5 - .../deployments/levelbuilder/values.yaml | 1 - .../deployments/production/deployment.yaml | 3 + .../production/deployment.yaml.disabled | 5 - .../codeai/deployments/production/values.yaml | 1 - apps/codeai/deployments/staging/values.yaml | 2 - apps/codeai/deployments/test/deployment.yaml | 4 +- apps/codeai/deployments/test/values.yaml | 1 - .../stages/levelbuilder.yaml | 102 ++++++++++++++-- .../stages/production.yaml | 115 ++++++++++++++++-- apps/kargo-project-codeai/stages/staging.yaml | 89 ++++++++++++-- apps/kargo-project-codeai/stages/test.yaml | 102 ++++++++++++++-- apps/kargo-project-codeai/warehouse.yaml | 14 +++ .../legacy-gitflow/levelbuilder/current.yaml | 3 + .../levelbuilder/merged/.gitkeep | 1 + .../legacy-gitflow/production/current.yaml | 3 + .../legacy-gitflow/production/merged/.gitkeep | 1 + .../legacy-gitflow/staging/current.yaml | 3 + .../legacy-gitflow/staging/merged/.gitkeep | 1 + .../codeai/legacy-gitflow/test/current.yaml | 3 + .../legacy-gitflow/test/merged/.gitkeep | 1 + 24 files changed, 424 insertions(+), 63 deletions(-) create mode 100644 apps/codeai/deployments/levelbuilder/deployment.yaml delete mode 100644 apps/codeai/deployments/levelbuilder/deployment.yaml.disabled create mode 100644 apps/codeai/deployments/production/deployment.yaml delete mode 100644 apps/codeai/deployments/production/deployment.yaml.disabled create mode 100644 warehouses/codeai/legacy-gitflow/levelbuilder/current.yaml create mode 100644 warehouses/codeai/legacy-gitflow/levelbuilder/merged/.gitkeep create mode 100644 warehouses/codeai/legacy-gitflow/production/current.yaml create mode 100644 warehouses/codeai/legacy-gitflow/production/merged/.gitkeep create mode 100644 warehouses/codeai/legacy-gitflow/staging/current.yaml create mode 100644 warehouses/codeai/legacy-gitflow/staging/merged/.gitkeep create mode 100644 warehouses/codeai/legacy-gitflow/test/current.yaml create mode 100644 warehouses/codeai/legacy-gitflow/test/merged/.gitkeep diff --git a/apps/codeai/README.md b/apps/codeai/README.md index 594080a..2a5f039 100644 --- a/apps/codeai/README.md +++ b/apps/codeai/README.md @@ -1,3 +1,8 @@ This app's deployment definitions live under `deployments/`. -Docker image tag writeback is done by the GitHub Actions workflow [`k8s-commit-image-ref-to-argocd.yml`](https://github.com/code-dot-org/code-dot-org/blob/staging/.github/workflows/k8s-commit-image-ref-to-argocd.yml). +`main` holds deployment metadata and Helm values inputs. Argo CD deploys rendered +output from the `stage/` branches at +`apps/codeai/deployments//deploy/`. + +Kargo now renders from the matching OCI release capsule instead of mutating +`values.yaml` on `main`. diff --git a/apps/codeai/applicationset.yaml b/apps/codeai/applicationset.yaml index e367ef9..93a18d4 100644 --- a/apps/codeai/applicationset.yaml +++ b/apps/codeai/applicationset.yaml @@ -18,18 +18,10 @@ spec: kargo.akuity.io/project: kargo-project-codeai spec: project: default - sources: - - repoURL: https://github.com/code-dot-org/code-dot-org.git - targetRevision: '{{sourceRevision}}' - path: k8s/helm - helm: - releaseName: '{{path.basename}}' - valueFiles: - - $values/apps/codeai/envTypes/{{envType}}.values.yaml - - $values/apps/codeai/deployments/{{path.basename}}/values.yaml - - repoURL: https://github.com/code-dot-org/k8s-gitops.git - targetRevision: main - ref: values + source: + repoURL: https://github.com/code-dot-org/k8s-gitops.git + targetRevision: stage/{{path.basename}} + path: apps/codeai/deployments/{{path.basename}}/deploy destination: server: https://kubernetes.default.svc namespace: '{{namespace}}' @@ -38,4 +30,5 @@ spec: prune: true selfHeal: true syncOptions: + - CreateNamespace=true - ServerSideApply=true diff --git a/apps/codeai/deployments/levelbuilder/deployment.yaml b/apps/codeai/deployments/levelbuilder/deployment.yaml new file mode 100644 index 0000000..c776c6d --- /dev/null +++ b/apps/codeai/deployments/levelbuilder/deployment.yaml @@ -0,0 +1,3 @@ +envType: levelbuilder +namespace: levelbuilder +branch: levelbuilder diff --git a/apps/codeai/deployments/levelbuilder/deployment.yaml.disabled b/apps/codeai/deployments/levelbuilder/deployment.yaml.disabled deleted file mode 100644 index 4d89839..0000000 --- a/apps/codeai/deployments/levelbuilder/deployment.yaml.disabled +++ /dev/null @@ -1,5 +0,0 @@ -envType: levelbuilder -namespace: levelbuilder -# FIXME: for quicker testing, avoid waiting on DTTs and DTPs, let alone DTLs. -# branch: levelbuilder -branch: staging diff --git a/apps/codeai/deployments/levelbuilder/values.yaml b/apps/codeai/deployments/levelbuilder/values.yaml index 160d078..8a52661 100644 --- a/apps/codeai/deployments/levelbuilder/values.yaml +++ b/apps/codeai/deployments/levelbuilder/values.yaml @@ -1,4 +1,3 @@ -image: ghcr.io/code-dot-org/code-dot-org:replace-me autoscaling: maxReplicas: 1 locals.yml: diff --git a/apps/codeai/deployments/production/deployment.yaml b/apps/codeai/deployments/production/deployment.yaml new file mode 100644 index 0000000..17544b0 --- /dev/null +++ b/apps/codeai/deployments/production/deployment.yaml @@ -0,0 +1,3 @@ +envType: production +namespace: production +branch: production diff --git a/apps/codeai/deployments/production/deployment.yaml.disabled b/apps/codeai/deployments/production/deployment.yaml.disabled deleted file mode 100644 index 37cafd5..0000000 --- a/apps/codeai/deployments/production/deployment.yaml.disabled +++ /dev/null @@ -1,5 +0,0 @@ -envType: production -namespace: production -# FIXME: for quicker testing, avoid waiting on DTTs and DTPs, let alone DTLs. -# branch: production -branch: staging diff --git a/apps/codeai/deployments/production/values.yaml b/apps/codeai/deployments/production/values.yaml index 990a7fd..74168d2 100644 --- a/apps/codeai/deployments/production/values.yaml +++ b/apps/codeai/deployments/production/values.yaml @@ -1,4 +1,3 @@ -image: ghcr.io/code-dot-org/code-dot-org:production autoscaling: minReplicas: 1 maxReplicas: 1 diff --git a/apps/codeai/deployments/staging/values.yaml b/apps/codeai/deployments/staging/values.yaml index bc14481..dde3ae6 100644 --- a/apps/codeai/deployments/staging/values.yaml +++ b/apps/codeai/deployments/staging/values.yaml @@ -1,6 +1,4 @@ -image: ghcr.io/code-dot-org/code-dot-org:staging # updated by k8s-commit-image-ref-to-argocd.yml autoscaling: maxReplicas: 1 locals.yml: stack_name: staging -# argocd-detect-probe: k8s-gitops run 10 at 2026-03-22T10:10:09Z diff --git a/apps/codeai/deployments/test/deployment.yaml b/apps/codeai/deployments/test/deployment.yaml index 2539d0c..c80253d 100644 --- a/apps/codeai/deployments/test/deployment.yaml +++ b/apps/codeai/deployments/test/deployment.yaml @@ -1,5 +1,3 @@ envType: test namespace: test -# FIXME: for quicker testing, avoid waiting on DTTs and DTPs, let alone DTLs. -# branch: test -branch: staging +branch: test diff --git a/apps/codeai/deployments/test/values.yaml b/apps/codeai/deployments/test/values.yaml index 4e3ce6c..458a21f 100644 --- a/apps/codeai/deployments/test/values.yaml +++ b/apps/codeai/deployments/test/values.yaml @@ -1,4 +1,3 @@ -image: ghcr.io/code-dot-org/code-dot-org:test # updated by k8s-commit-image-ref-to-argocd.yml autoscaling: maxReplicas: 1 locals.yml: diff --git a/apps/kargo-project-codeai/stages/levelbuilder.yaml b/apps/kargo-project-codeai/stages/levelbuilder.yaml index 305d668..9725c35 100644 --- a/apps/kargo-project-codeai/stages/levelbuilder.yaml +++ b/apps/kargo-project-codeai/stages/levelbuilder.yaml @@ -16,24 +16,110 @@ spec: vars: - name: gitopsRepo value: https://github.com/code-dot-org/k8s-gitops.git + - name: imageRepo + value: ghcr.io/code-dot-org/code-dot-org + - name: capsuleRepo + value: ghcr.io/code-dot-org/codeai-release-capsule + - name: renderDeployment + value: levelbuilder + - name: envType + value: levelbuilder + - name: renderPath + value: apps/codeai/deployments/levelbuilder/deploy + - name: targetBranch + value: stage/levelbuilder + - name: legacyEnv + value: levelbuilder steps: - uses: git-clone config: repoURL: ${{ vars.gitopsRepo }} checkout: - branch: main - path: ./gitops - - uses: yaml-update + path: ./src + - branch: ${{ vars.targetBranch }} + create: true + path: ./out + - uses: yaml-parse + as: legacy-gate config: - path: ./gitops/apps/codeai/deployments/levelbuilder/values.yaml - updates: + path: ${{ './src/warehouses/codeai/legacy-gitflow/' + vars.legacyEnv + '/merged/' + imageFrom(vars.imageRepo).Tag + '.yaml' }} + outputs: + - name: revision + fromExpression: revision + - name: tag + fromExpression: tag + - name: mergedAt + fromExpression: mergedAt + - uses: oci-download + config: + imageRef: ${{ vars.capsuleRepo + '@' + imageFrom(vars.capsuleRepo).Digest }} + outPath: ./release-capsule.tar.gz + - uses: untar + config: + inPath: ./release-capsule.tar.gz + outPath: ./capsule + - uses: yaml-parse + as: release + config: + path: ./capsule/release.yaml + outputs: + - name: gitCommit + fromExpression: gitCommit + - name: imageRepoURL + fromExpression: image.repoURL + - name: imageTag + fromExpression: image.tag + - name: imageDigest + fromExpression: image.digest + - name: packageKind + fromExpression: package.kind + - name: packagePath + fromExpression: package.path + - name: sbomPath + fromExpression: metadata.sbomPath + - name: provenancePath + fromExpression: metadata.provenancePath + - uses: copy + config: + inPath: "${{ outputs.release.imageRepoURL == vars.imageRepo && outputs.release.imageTag == imageFrom(vars.imageRepo).Tag && outputs.release.imageDigest == imageFrom(vars.imageRepo).Digest && outputs.release.gitCommit == outputs['legacy-gate'].revision && outputs['legacy-gate'].tag == imageFrom(vars.imageRepo).Tag && outputs.release.packageKind == 'helm' && outputs.release.packagePath == 'package/helm' && imageFrom(vars.capsuleRepo).Tag == imageFrom(vars.imageRepo).Tag && imageFrom(vars.imageRepo).Tag == 'git-' + outputs.release.gitCommit ? './capsule/release.yaml' : './capsule/__validation_failed__' }}" + outPath: ./validated-release.yaml + - uses: copy + config: + inPath: ${{ './capsule/' + outputs.release.provenancePath }} + outPath: ./validated-provenance.json + - uses: copy + config: + inPath: ${{ './capsule/' + outputs.release.sbomPath }} + outPath: ./validated-sbom.json + - uses: yaml-merge + config: + inFiles: + - ${{ './src/apps/codeai/envTypes/' + vars.envType + '.values.yaml' }} + - ${{ './src/apps/codeai/deployments/' + vars.renderDeployment + '/values.yaml' }} + outFile: ./values.yaml + - uses: git-clear + config: + path: ${{ './out/' + vars.renderPath }} + - uses: helm-template + config: + path: ${{ './capsule/' + outputs.release.packagePath }} + outPath: ${{ './out/' + vars.renderPath }} + outLayout: flat + releaseName: ${{ vars.renderDeployment }} + valuesFiles: + - ./values.yaml + setValues: - key: image - value: ghcr.io/code-dot-org/code-dot-org:${{ imageFrom("ghcr.io/code-dot-org/code-dot-org").Tag }} + value: ${{ outputs.release.imageRepoURL + '@' + outputs.release.imageDigest }} + literal: true - uses: git-commit + as: commit config: - path: ./gitops + path: ./out message: | - Promote levelbuilder to ${{ imageFrom("ghcr.io/code-dot-org/code-dot-org").Tag }} [skip ci] + Render ${{ vars.renderDeployment }} from capsule ${{ imageFrom(vars.capsuleRepo).Tag }} [skip ci] - uses: git-push config: - path: ./gitops + path: ./out + targetBranch: ${{ vars.targetBranch }} diff --git a/apps/kargo-project-codeai/stages/production.yaml b/apps/kargo-project-codeai/stages/production.yaml index eac25f5..8512a05 100644 --- a/apps/kargo-project-codeai/stages/production.yaml +++ b/apps/kargo-project-codeai/stages/production.yaml @@ -16,24 +16,123 @@ spec: vars: - name: gitopsRepo value: https://github.com/code-dot-org/k8s-gitops.git + - name: imageRepo + value: ghcr.io/code-dot-org/code-dot-org + - name: capsuleRepo + value: ghcr.io/code-dot-org/codeai-release-capsule + - name: renderDeployment + value: production + - name: envType + value: production + - name: renderPath + value: apps/codeai/deployments/production/deploy + - name: targetBranch + value: stage/production + - name: legacyEnv + value: production steps: - uses: git-clone config: repoURL: ${{ vars.gitopsRepo }} checkout: - branch: main - path: ./gitops - - uses: yaml-update + path: ./src + - branch: ${{ vars.targetBranch }} + create: true + path: ./out + - uses: yaml-parse + as: legacy-gate config: - path: ./gitops/apps/codeai/deployments/production/values.yaml - updates: + path: ${{ './src/warehouses/codeai/legacy-gitflow/' + vars.legacyEnv + '/merged/' + imageFrom(vars.imageRepo).Tag + '.yaml' }} + outputs: + - name: revision + fromExpression: revision + - name: tag + fromExpression: tag + - name: mergedAt + fromExpression: mergedAt + - uses: oci-download + config: + imageRef: ${{ vars.capsuleRepo + '@' + imageFrom(vars.capsuleRepo).Digest }} + outPath: ./release-capsule.tar.gz + - uses: untar + config: + inPath: ./release-capsule.tar.gz + outPath: ./capsule + - uses: yaml-parse + as: release + config: + path: ./capsule/release.yaml + outputs: + - name: gitCommit + fromExpression: gitCommit + - name: imageRepoURL + fromExpression: image.repoURL + - name: imageTag + fromExpression: image.tag + - name: imageDigest + fromExpression: image.digest + - name: packageKind + fromExpression: package.kind + - name: packagePath + fromExpression: package.path + - name: sbomPath + fromExpression: metadata.sbomPath + - name: provenancePath + fromExpression: metadata.provenancePath + - uses: copy + config: + inPath: "${{ outputs.release.imageRepoURL == vars.imageRepo && outputs.release.imageTag == imageFrom(vars.imageRepo).Tag && outputs.release.imageDigest == imageFrom(vars.imageRepo).Digest && outputs.release.gitCommit == outputs['legacy-gate'].revision && outputs['legacy-gate'].tag == imageFrom(vars.imageRepo).Tag && outputs.release.packageKind == 'helm' && outputs.release.packagePath == 'package/helm' && imageFrom(vars.capsuleRepo).Tag == imageFrom(vars.imageRepo).Tag && imageFrom(vars.imageRepo).Tag == 'git-' + outputs.release.gitCommit ? './capsule/release.yaml' : './capsule/__validation_failed__' }}" + outPath: ./validated-release.yaml + - uses: copy + config: + inPath: ${{ './capsule/' + outputs.release.provenancePath }} + outPath: ./validated-provenance.json + - uses: copy + config: + inPath: ${{ './capsule/' + outputs.release.sbomPath }} + outPath: ./validated-sbom.json + - uses: yaml-merge + config: + inFiles: + - ${{ './src/apps/codeai/envTypes/' + vars.envType + '.values.yaml' }} + - ${{ './src/apps/codeai/deployments/' + vars.renderDeployment + '/values.yaml' }} + outFile: ./values.yaml + - uses: git-clear + config: + path: ${{ './out/' + vars.renderPath }} + - uses: helm-template + config: + path: ${{ './capsule/' + outputs.release.packagePath }} + outPath: ${{ './out/' + vars.renderPath }} + outLayout: flat + releaseName: ${{ vars.renderDeployment }} + valuesFiles: + - ./values.yaml + setValues: - key: image - value: ghcr.io/code-dot-org/code-dot-org:${{ imageFrom("ghcr.io/code-dot-org/code-dot-org").Tag }} + value: ${{ outputs.release.imageRepoURL + '@' + outputs.release.imageDigest }} + literal: true - uses: git-commit + as: commit config: - path: ./gitops + path: ./out message: | - Promote production to ${{ imageFrom("ghcr.io/code-dot-org/code-dot-org").Tag }} [skip ci] + Review ${{ vars.renderDeployment }} render from capsule ${{ imageFrom(vars.capsuleRepo).Tag }} [skip ci] - uses: git-push + as: push + config: + path: ./out + generateTargetBranch: true + - uses: git-open-pr + as: open-pr config: - path: ./gitops + repoURL: ${{ vars.gitopsRepo }} + createTargetBranch: true + sourceBranch: ${{ outputs['push'].branch }} + targetBranch: ${{ vars.targetBranch }} + title: Review ${{ vars.renderDeployment }} render for ${{ imageFrom(vars.capsuleRepo).Tag }} + - uses: git-wait-for-pr + config: + repoURL: ${{ vars.gitopsRepo }} + prNumber: ${{ outputs['open-pr'].pr.id }} diff --git a/apps/kargo-project-codeai/stages/staging.yaml b/apps/kargo-project-codeai/stages/staging.yaml index c986f62..4f42e18 100644 --- a/apps/kargo-project-codeai/stages/staging.yaml +++ b/apps/kargo-project-codeai/stages/staging.yaml @@ -15,24 +15,97 @@ spec: vars: - name: gitopsRepo value: https://github.com/code-dot-org/k8s-gitops.git + - name: imageRepo + value: ghcr.io/code-dot-org/code-dot-org + - name: capsuleRepo + value: ghcr.io/code-dot-org/codeai-release-capsule + - name: renderDeployment + value: staging + - name: envType + value: staging + - name: renderPath + value: apps/codeai/deployments/staging/deploy + - name: targetBranch + value: stage/staging steps: - uses: git-clone config: repoURL: ${{ vars.gitopsRepo }} checkout: - branch: main - path: ./gitops - - uses: yaml-update + path: ./src + - branch: ${{ vars.targetBranch }} + create: true + path: ./out + - uses: oci-download config: - path: ./gitops/apps/codeai/deployments/staging/values.yaml - updates: + imageRef: ${{ vars.capsuleRepo + '@' + imageFrom(vars.capsuleRepo).Digest }} + outPath: ./release-capsule.tar.gz + - uses: untar + config: + inPath: ./release-capsule.tar.gz + outPath: ./capsule + - uses: yaml-parse + as: release + config: + path: ./capsule/release.yaml + outputs: + - name: gitCommit + fromExpression: gitCommit + - name: imageRepoURL + fromExpression: image.repoURL + - name: imageTag + fromExpression: image.tag + - name: imageDigest + fromExpression: image.digest + - name: packageKind + fromExpression: package.kind + - name: packagePath + fromExpression: package.path + - name: sbomPath + fromExpression: metadata.sbomPath + - name: provenancePath + fromExpression: metadata.provenancePath + - uses: copy + config: + inPath: "${{ outputs.release.imageRepoURL == vars.imageRepo && outputs.release.imageTag == imageFrom(vars.imageRepo).Tag && outputs.release.imageDigest == imageFrom(vars.imageRepo).Digest && outputs.release.packageKind == 'helm' && outputs.release.packagePath == 'package/helm' && imageFrom(vars.capsuleRepo).Tag == imageFrom(vars.imageRepo).Tag && imageFrom(vars.imageRepo).Tag == 'git-' + outputs.release.gitCommit ? './capsule/release.yaml' : './capsule/__validation_failed__' }}" + outPath: ./validated-release.yaml + - uses: copy + config: + inPath: ${{ './capsule/' + outputs.release.provenancePath }} + outPath: ./validated-provenance.json + - uses: copy + config: + inPath: ${{ './capsule/' + outputs.release.sbomPath }} + outPath: ./validated-sbom.json + - uses: yaml-merge + config: + inFiles: + - ${{ './src/apps/codeai/envTypes/' + vars.envType + '.values.yaml' }} + - ${{ './src/apps/codeai/deployments/' + vars.renderDeployment + '/values.yaml' }} + outFile: ./values.yaml + - uses: git-clear + config: + path: ${{ './out/' + vars.renderPath }} + - uses: helm-template + config: + path: ${{ './capsule/' + outputs.release.packagePath }} + outPath: ${{ './out/' + vars.renderPath }} + outLayout: flat + releaseName: ${{ vars.renderDeployment }} + valuesFiles: + - ./values.yaml + setValues: - key: image - value: ghcr.io/code-dot-org/code-dot-org:${{ imageFrom("ghcr.io/code-dot-org/code-dot-org").Tag }} + value: ${{ outputs.release.imageRepoURL + '@' + outputs.release.imageDigest }} + literal: true - uses: git-commit + as: commit config: - path: ./gitops + path: ./out message: | - Promote staging to ${{ imageFrom("ghcr.io/code-dot-org/code-dot-org").Tag }} [skip ci] + Render ${{ vars.renderDeployment }} from capsule ${{ imageFrom(vars.capsuleRepo).Tag }} [skip ci] - uses: git-push config: - path: ./gitops + path: ./out + targetBranch: ${{ vars.targetBranch }} diff --git a/apps/kargo-project-codeai/stages/test.yaml b/apps/kargo-project-codeai/stages/test.yaml index c029450..ddd6173 100644 --- a/apps/kargo-project-codeai/stages/test.yaml +++ b/apps/kargo-project-codeai/stages/test.yaml @@ -16,24 +16,110 @@ spec: vars: - name: gitopsRepo value: https://github.com/code-dot-org/k8s-gitops.git + - name: imageRepo + value: ghcr.io/code-dot-org/code-dot-org + - name: capsuleRepo + value: ghcr.io/code-dot-org/codeai-release-capsule + - name: renderDeployment + value: test + - name: envType + value: test + - name: renderPath + value: apps/codeai/deployments/test/deploy + - name: targetBranch + value: stage/test + - name: legacyEnv + value: test steps: - uses: git-clone config: repoURL: ${{ vars.gitopsRepo }} checkout: - branch: main - path: ./gitops - - uses: yaml-update + path: ./src + - branch: ${{ vars.targetBranch }} + create: true + path: ./out + - uses: yaml-parse + as: legacy-gate config: - path: ./gitops/apps/codeai/deployments/test/values.yaml - updates: + path: ${{ './src/warehouses/codeai/legacy-gitflow/' + vars.legacyEnv + '/merged/' + imageFrom(vars.imageRepo).Tag + '.yaml' }} + outputs: + - name: revision + fromExpression: revision + - name: tag + fromExpression: tag + - name: mergedAt + fromExpression: mergedAt + - uses: oci-download + config: + imageRef: ${{ vars.capsuleRepo + '@' + imageFrom(vars.capsuleRepo).Digest }} + outPath: ./release-capsule.tar.gz + - uses: untar + config: + inPath: ./release-capsule.tar.gz + outPath: ./capsule + - uses: yaml-parse + as: release + config: + path: ./capsule/release.yaml + outputs: + - name: gitCommit + fromExpression: gitCommit + - name: imageRepoURL + fromExpression: image.repoURL + - name: imageTag + fromExpression: image.tag + - name: imageDigest + fromExpression: image.digest + - name: packageKind + fromExpression: package.kind + - name: packagePath + fromExpression: package.path + - name: sbomPath + fromExpression: metadata.sbomPath + - name: provenancePath + fromExpression: metadata.provenancePath + - uses: copy + config: + inPath: "${{ outputs.release.imageRepoURL == vars.imageRepo && outputs.release.imageTag == imageFrom(vars.imageRepo).Tag && outputs.release.imageDigest == imageFrom(vars.imageRepo).Digest && outputs.release.gitCommit == outputs['legacy-gate'].revision && outputs['legacy-gate'].tag == imageFrom(vars.imageRepo).Tag && outputs.release.packageKind == 'helm' && outputs.release.packagePath == 'package/helm' && imageFrom(vars.capsuleRepo).Tag == imageFrom(vars.imageRepo).Tag && imageFrom(vars.imageRepo).Tag == 'git-' + outputs.release.gitCommit ? './capsule/release.yaml' : './capsule/__validation_failed__' }}" + outPath: ./validated-release.yaml + - uses: copy + config: + inPath: ${{ './capsule/' + outputs.release.provenancePath }} + outPath: ./validated-provenance.json + - uses: copy + config: + inPath: ${{ './capsule/' + outputs.release.sbomPath }} + outPath: ./validated-sbom.json + - uses: yaml-merge + config: + inFiles: + - ${{ './src/apps/codeai/envTypes/' + vars.envType + '.values.yaml' }} + - ${{ './src/apps/codeai/deployments/' + vars.renderDeployment + '/values.yaml' }} + outFile: ./values.yaml + - uses: git-clear + config: + path: ${{ './out/' + vars.renderPath }} + - uses: helm-template + config: + path: ${{ './capsule/' + outputs.release.packagePath }} + outPath: ${{ './out/' + vars.renderPath }} + outLayout: flat + releaseName: ${{ vars.renderDeployment }} + valuesFiles: + - ./values.yaml + setValues: - key: image - value: ghcr.io/code-dot-org/code-dot-org:${{ imageFrom("ghcr.io/code-dot-org/code-dot-org").Tag }} + value: ${{ outputs.release.imageRepoURL + '@' + outputs.release.imageDigest }} + literal: true - uses: git-commit + as: commit config: - path: ./gitops + path: ./out message: | - Promote test to ${{ imageFrom("ghcr.io/code-dot-org/code-dot-org").Tag }} [skip ci] + Render ${{ vars.renderDeployment }} from capsule ${{ imageFrom(vars.capsuleRepo).Tag }} [skip ci] - uses: git-push config: - path: ./gitops + path: ./out + targetBranch: ${{ vars.targetBranch }} diff --git a/apps/kargo-project-codeai/warehouse.yaml b/apps/kargo-project-codeai/warehouse.yaml index ff9ebe0..08490ec 100644 --- a/apps/kargo-project-codeai/warehouse.yaml +++ b/apps/kargo-project-codeai/warehouse.yaml @@ -4,10 +4,24 @@ metadata: name: kargo-project-codeai namespace: kargo-project-codeai spec: + freightCreationPolicy: Automatic subscriptions: - image: repoURL: ghcr.io/code-dot-org/code-dot-org + imageSelectionStrategy: NewestBuild + allowTagsRegexes: + - '^git-[0-9a-f]{40}$' + cacheByTag: true ignoreTagsRegexes: # Ignore single-platform images when we have a multiplatform option - '.*-amd64$' - '.*-arm64$' + - image: + repoURL: ghcr.io/code-dot-org/codeai-release-capsule + imageSelectionStrategy: NewestBuild + allowTagsRegexes: + - '^git-[0-9a-f]{40}$' + cacheByTag: true + freightCreationCriteria: + expression: | + imageFrom('ghcr.io/code-dot-org/code-dot-org').Tag == imageFrom('ghcr.io/code-dot-org/codeai-release-capsule').Tag diff --git a/warehouses/codeai/legacy-gitflow/levelbuilder/current.yaml b/warehouses/codeai/legacy-gitflow/levelbuilder/current.yaml new file mode 100644 index 0000000..016e666 --- /dev/null +++ b/warehouses/codeai/legacy-gitflow/levelbuilder/current.yaml @@ -0,0 +1,3 @@ +revision: "" +tag: "" +mergedAt: "" diff --git a/warehouses/codeai/legacy-gitflow/levelbuilder/merged/.gitkeep b/warehouses/codeai/legacy-gitflow/levelbuilder/merged/.gitkeep new file mode 100644 index 0000000..8b13789 --- /dev/null +++ b/warehouses/codeai/legacy-gitflow/levelbuilder/merged/.gitkeep @@ -0,0 +1 @@ + diff --git a/warehouses/codeai/legacy-gitflow/production/current.yaml b/warehouses/codeai/legacy-gitflow/production/current.yaml new file mode 100644 index 0000000..016e666 --- /dev/null +++ b/warehouses/codeai/legacy-gitflow/production/current.yaml @@ -0,0 +1,3 @@ +revision: "" +tag: "" +mergedAt: "" diff --git a/warehouses/codeai/legacy-gitflow/production/merged/.gitkeep b/warehouses/codeai/legacy-gitflow/production/merged/.gitkeep new file mode 100644 index 0000000..8b13789 --- /dev/null +++ b/warehouses/codeai/legacy-gitflow/production/merged/.gitkeep @@ -0,0 +1 @@ + diff --git a/warehouses/codeai/legacy-gitflow/staging/current.yaml b/warehouses/codeai/legacy-gitflow/staging/current.yaml new file mode 100644 index 0000000..016e666 --- /dev/null +++ b/warehouses/codeai/legacy-gitflow/staging/current.yaml @@ -0,0 +1,3 @@ +revision: "" +tag: "" +mergedAt: "" diff --git a/warehouses/codeai/legacy-gitflow/staging/merged/.gitkeep b/warehouses/codeai/legacy-gitflow/staging/merged/.gitkeep new file mode 100644 index 0000000..8b13789 --- /dev/null +++ b/warehouses/codeai/legacy-gitflow/staging/merged/.gitkeep @@ -0,0 +1 @@ + diff --git a/warehouses/codeai/legacy-gitflow/test/current.yaml b/warehouses/codeai/legacy-gitflow/test/current.yaml new file mode 100644 index 0000000..016e666 --- /dev/null +++ b/warehouses/codeai/legacy-gitflow/test/current.yaml @@ -0,0 +1,3 @@ +revision: "" +tag: "" +mergedAt: "" diff --git a/warehouses/codeai/legacy-gitflow/test/merged/.gitkeep b/warehouses/codeai/legacy-gitflow/test/merged/.gitkeep new file mode 100644 index 0000000..8b13789 --- /dev/null +++ b/warehouses/codeai/legacy-gitflow/test/merged/.gitkeep @@ -0,0 +1 @@ +