From fdd330ce297b0d82bbb2a3cf4d82db35bf2d7a9b Mon Sep 17 00:00:00 2001 From: Seth Nickell Date: Sun, 22 Mar 2026 21:11:35 -1000 Subject: [PATCH 1/2] Implement rendered-branch kustomize promotions --- README.md | 19 ++- apps/codeai/README.md | 9 +- apps/codeai/applicationset.yaml | 12 +- .../deployments/levelbuilder/deployment.yaml | 3 + .../levelbuilder/deployment.yaml.disabled | 5 - .../deployments/production/deployment.yaml | 3 + .../production/deployment.yaml.disabled | 5 - apps/codeai/deployments/test/deployment.yaml | 4 +- .../levelbuilder/deployment.patch.yaml | 2 +- .../envTypes/staging/deployment.patch.yaml | 2 +- .../kargo/templates/deploy/kustomization.yaml | 9 ++ apps/kargo-project-codeai/project-config.yaml | 6 +- .../stages/levelbuilder.yaml | 112 ++++++++++++-- .../stages/production.yaml | 31 +--- .../stages/review-infra-changes.yaml | 143 ++++++++++++++++++ apps/kargo-project-codeai/stages/staging.yaml | 99 ++++++++++-- apps/kargo-project-codeai/stages/test.yaml | 112 ++++++++++++-- apps/kargo-project-codeai/warehouse.yaml | 13 +- warehouses/codeai/README.md | 6 + warehouses/codeai/builds/.gitkeep | 1 + .../levelbuilder/merged/.gitkeep | 1 + .../legacy-gitflow/production/merged/.gitkeep | 1 + .../legacy-gitflow/staging/merged/.gitkeep | 1 + .../legacy-gitflow/test/merged/.gitkeep | 1 + 24 files changed, 498 insertions(+), 102 deletions(-) create mode 100644 apps/codeai/deployments/levelbuilder/deployment.yaml delete mode 100644 apps/codeai/deployments/levelbuilder/deployment.yaml.disabled create mode 100644 apps/codeai/deployments/production/deployment.yaml delete mode 100644 apps/codeai/deployments/production/deployment.yaml.disabled create mode 100644 apps/codeai/kargo/templates/deploy/kustomization.yaml create mode 100644 apps/kargo-project-codeai/stages/review-infra-changes.yaml create mode 100644 warehouses/codeai/README.md create mode 100644 warehouses/codeai/builds/.gitkeep create mode 100644 warehouses/codeai/legacy-gitflow/levelbuilder/merged/.gitkeep create mode 100644 warehouses/codeai/legacy-gitflow/production/merged/.gitkeep create mode 100644 warehouses/codeai/legacy-gitflow/staging/merged/.gitkeep create mode 100644 warehouses/codeai/legacy-gitflow/test/merged/.gitkeep diff --git a/README.md b/README.md index bf624ff..fd35264 100644 --- a/README.md +++ b/README.md @@ -24,18 +24,24 @@ k8s-gitops/ repos.yaml # configure application.yaml to load $app_name/* codeai/ - applicationset.yaml # define argocd apps for codeai deployments: deployments/*/deployment.yaml + applicationset.yaml # generate Argo apps from deployments/*/deployment.yaml on main deployments/ levelbuilder/ # codeai deployment levelbuilder deployment.yaml # envType=levelbuilder, branch=levelbuilder - values.yaml # values.yaml for this deployment: dashboard_workers=27, RAILS_ENV=levelbuilder, etc + deploy/ # rendered output on stage/levelbuilder branch + values.yaml # legacy Helm-era values kept for compatibility during migration ... envTypes/ levelbuilder.values.yaml # base values.yaml for all envType=levelbuilder ... + kargo/ + templates/ + deploy/ + kustomization.yaml # copied into temp render workdirs before kustomize-build + kargo/ application.yaml # argocd app for kargo itself values.yaml # helm values for kargo install @@ -44,13 +50,18 @@ k8s-gitops/ application.yaml # argocd app for kargo project codeai project.yaml # kargo project for codeai project-config.yaml # kargo projectconfig for codeai - warehouse.yaml # kargo warehouse for codeai + warehouse.yaml # git build-lock warehouse for codeai stages/ levelbuilder.yaml # kargo stage for codeai deployment levelbuilder + review-infra-changes.yaml # opens a PR with rendered production manifests ... + + warehouses/ + codeai/ + builds/ # thin build-lock Freight records + legacy-gitflow/ # merge facts used for downstream promotion gates ``` ## Bootstrap Cluster kubectl apply -f apps/app-of-apps/applicationset.yaml - diff --git a/apps/codeai/README.md b/apps/codeai/README.md index 594080a..94b1ff7 100644 --- a/apps/codeai/README.md +++ b/apps/codeai/README.md @@ -1,3 +1,8 @@ -This app's deployment definitions live under `deployments/`. +This app's authored deployment metadata lives under `deployments/`. -Docker image tag writeback is done by the GitHub Actions workflow [`k8s-commit-image-ref-to-argocd.yml`](https://github.com/code-dot-org/code-dot-org/blob/staging/.github/workflows/k8s-commit-image-ref-to-argocd.yml). +Rendered deploy output is written by Kargo into `stage/` branches at +`apps/codeai/deployments//deploy/`, and Argo CD deploys directly from +those rendered branches. + +Build publication now writes thin build-lock Freight records under +`warehouses/codeai/builds/` instead of editing deployment `values.yaml` files. diff --git a/apps/codeai/applicationset.yaml b/apps/codeai/applicationset.yaml index e367ef9..c3dcf42 100644 --- a/apps/codeai/applicationset.yaml +++ b/apps/codeai/applicationset.yaml @@ -19,17 +19,9 @@ spec: spec: project: default sources: - - repoURL: https://github.com/code-dot-org/code-dot-org.git - targetRevision: '{{sourceRevision}}' - path: k8s/helm - helm: - releaseName: '{{path.basename}}' - valueFiles: - - $values/apps/codeai/envTypes/{{envType}}.values.yaml - - $values/apps/codeai/deployments/{{path.basename}}/values.yaml - repoURL: https://github.com/code-dot-org/k8s-gitops.git - targetRevision: main - ref: values + targetRevision: stage/{{path.basename}} + path: apps/codeai/deployments/{{path.basename}}/deploy destination: server: https://kubernetes.default.svc namespace: '{{namespace}}' diff --git a/apps/codeai/deployments/levelbuilder/deployment.yaml b/apps/codeai/deployments/levelbuilder/deployment.yaml new file mode 100644 index 0000000..c776c6d --- /dev/null +++ b/apps/codeai/deployments/levelbuilder/deployment.yaml @@ -0,0 +1,3 @@ +envType: levelbuilder +namespace: levelbuilder +branch: levelbuilder diff --git a/apps/codeai/deployments/levelbuilder/deployment.yaml.disabled b/apps/codeai/deployments/levelbuilder/deployment.yaml.disabled deleted file mode 100644 index 4d89839..0000000 --- a/apps/codeai/deployments/levelbuilder/deployment.yaml.disabled +++ /dev/null @@ -1,5 +0,0 @@ -envType: levelbuilder -namespace: levelbuilder -# FIXME: for quicker testing, avoid waiting on DTTs and DTPs, let alone DTLs. -# branch: levelbuilder -branch: staging diff --git a/apps/codeai/deployments/production/deployment.yaml b/apps/codeai/deployments/production/deployment.yaml new file mode 100644 index 0000000..17544b0 --- /dev/null +++ b/apps/codeai/deployments/production/deployment.yaml @@ -0,0 +1,3 @@ +envType: production +namespace: production +branch: production diff --git a/apps/codeai/deployments/production/deployment.yaml.disabled b/apps/codeai/deployments/production/deployment.yaml.disabled deleted file mode 100644 index 37cafd5..0000000 --- a/apps/codeai/deployments/production/deployment.yaml.disabled +++ /dev/null @@ -1,5 +0,0 @@ -envType: production -namespace: production -# FIXME: for quicker testing, avoid waiting on DTTs and DTPs, let alone DTLs. -# branch: production -branch: staging diff --git a/apps/codeai/deployments/test/deployment.yaml b/apps/codeai/deployments/test/deployment.yaml index 2539d0c..c80253d 100644 --- a/apps/codeai/deployments/test/deployment.yaml +++ b/apps/codeai/deployments/test/deployment.yaml @@ -1,5 +1,3 @@ envType: test namespace: test -# FIXME: for quicker testing, avoid waiting on DTTs and DTPs, let alone DTLs. -# branch: test -branch: staging +branch: test diff --git a/apps/codeai/envTypes/levelbuilder/deployment.patch.yaml b/apps/codeai/envTypes/levelbuilder/deployment.patch.yaml index f4ddeb8..a4fdddb 100644 --- a/apps/codeai/envTypes/levelbuilder/deployment.patch.yaml +++ b/apps/codeai/envTypes/levelbuilder/deployment.patch.yaml @@ -7,7 +7,7 @@ spec: spec: containers: - name: dashboard - image: ghcr.io/code-dot-org/code-dot-org:replace-me + image: code-dot-org:replace-me env: - name: RAILS_ENV value: levelbuilder diff --git a/apps/codeai/envTypes/staging/deployment.patch.yaml b/apps/codeai/envTypes/staging/deployment.patch.yaml index 47a3a9b..0f2bee1 100644 --- a/apps/codeai/envTypes/staging/deployment.patch.yaml +++ b/apps/codeai/envTypes/staging/deployment.patch.yaml @@ -7,7 +7,7 @@ spec: spec: containers: - name: dashboard - image: ghcr.io/code-dot-org/code-dot-org:replace-me + image: code-dot-org:replace-me env: - name: RAILS_ENV value: staging diff --git a/apps/codeai/kargo/templates/deploy/kustomization.yaml b/apps/codeai/kargo/templates/deploy/kustomization.yaml new file mode 100644 index 0000000..2d1349a --- /dev/null +++ b/apps/codeai/kargo/templates/deploy/kustomization.yaml @@ -0,0 +1,9 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: default +resources: [] +components: [] +images: + - name: code-dot-org + newName: ghcr.io/code-dot-org/code-dot-org + newTag: replace-me diff --git a/apps/kargo-project-codeai/project-config.yaml b/apps/kargo-project-codeai/project-config.yaml index a303851..de77915 100644 --- a/apps/kargo-project-codeai/project-config.yaml +++ b/apps/kargo-project-codeai/project-config.yaml @@ -9,7 +9,9 @@ spec: autoPromotionEnabled: true - stage: test autoPromotionEnabled: false - - stage: production - autoPromotionEnabled: false - stage: levelbuilder autoPromotionEnabled: false + - stage: review-infra-changes + autoPromotionEnabled: false + - stage: production + autoPromotionEnabled: false diff --git a/apps/kargo-project-codeai/stages/levelbuilder.yaml b/apps/kargo-project-codeai/stages/levelbuilder.yaml index 305d668..3695b04 100644 --- a/apps/kargo-project-codeai/stages/levelbuilder.yaml +++ b/apps/kargo-project-codeai/stages/levelbuilder.yaml @@ -7,33 +7,121 @@ spec: requestedFreight: - origin: kind: Warehouse - name: kargo-project-codeai + name: codeai-builds sources: stages: - test + vars: + - name: gitopsRepo + value: https://github.com/code-dot-org/k8s-gitops.git + - name: imageRepo + value: ghcr.io/code-dot-org/code-dot-org + - name: targetBranch + value: stage/${{ ctx.stage }} + - name: legacyEnv + value: levelbuilder promotionTemplate: spec: - vars: - - name: gitopsRepo - value: https://github.com/code-dot-org/k8s-gitops.git steps: - uses: git-clone config: repoURL: ${{ vars.gitopsRepo }} checkout: + - commit: ${{ commitFrom(vars.gitopsRepo, warehouse('codeai-builds')).ID }} + path: ./freight - branch: main - path: ./gitops + path: ./meta + - branch: ${{ vars.targetBranch }} + create: true + path: ./out + - uses: yaml-parse + as: build-lock + config: + path: ./freight/warehouses/codeai/builds/current.yaml + outputs: + - name: releaseId + fromExpression: releaseId + - name: gitCommit + fromExpression: gitCommit + - name: sourceRepo + fromExpression: packaging.sourceRepo + - name: sourcePath + fromExpression: packaging.sourcePath + - uses: yaml-parse + as: legacy-merge + config: + path: ./meta/warehouses/codeai/legacy-gitflow/${{ vars.legacyEnv }}/merged/${{ outputs['build-lock'].releaseId }}.yaml + outputs: + - name: revision + fromExpression: revision + - name: tag + fromExpression: tag + - name: mergedAt + fromExpression: mergedAt + - uses: yaml-parse + as: deployment-meta + config: + path: ./meta/apps/codeai/deployments/${{ ctx.stage }}/deployment.yaml + outputs: + - name: envType + fromExpression: envType + - name: namespace + fromExpression: namespace + - uses: git-clone + config: + repoURL: ${{ outputs['build-lock'].sourceRepo }} + checkout: + - commit: ${{ outputs['build-lock'].gitCommit }} + path: ./src + sparse: + - ${{ outputs['build-lock'].sourcePath }} + - uses: git-clear + config: + path: ./out/apps/codeai/deployments/${{ ctx.stage }}/deploy + - uses: copy + config: + inPath: ./src/${{ outputs['build-lock'].sourcePath }} + outPath: ./work/deployments/source + - uses: copy + config: + inPath: ./meta/apps/codeai/envTypes/${{ outputs['deployment-meta'].envType }} + outPath: ./work/deployments/envTypes/${{ outputs['deployment-meta'].envType }} + - uses: copy + config: + inPath: ./meta/apps/codeai/envTypes/components + outPath: ./work/deployments/envTypes/components + - uses: copy + config: + inPath: ./meta/apps/codeai/kargo/templates/deploy + outPath: ./work/deployments/${{ ctx.stage }}/deploy - uses: yaml-update config: - path: ./gitops/apps/codeai/deployments/levelbuilder/values.yaml + path: ./work/deployments/${{ ctx.stage }}/deploy/kustomization.yaml updates: - - key: image - value: ghcr.io/code-dot-org/code-dot-org:${{ imageFrom("ghcr.io/code-dot-org/code-dot-org").Tag }} + - key: namespace + value: ${{ outputs['deployment-meta'].namespace }} + - key: resources + value: + - ../../source/base + - key: components + value: + - ../../envTypes/${{ outputs['deployment-meta'].envType }} + - uses: kustomize-set-image + config: + path: ./work/deployments/${{ ctx.stage }}/deploy + images: + - image: code-dot-org + newName: ${{ vars.imageRepo }} + tag: ${{ outputs['build-lock'].releaseId }} + - uses: kustomize-build + config: + path: ./work/deployments/${{ ctx.stage }}/deploy + outPath: ./out/apps/codeai/deployments/${{ ctx.stage }}/deploy - uses: git-commit config: - path: ./gitops - message: | - Promote levelbuilder to ${{ imageFrom("ghcr.io/code-dot-org/code-dot-org").Tag }} [skip ci] + path: ./out + message: Render ${{ ctx.stage }} for ${{ outputs['build-lock'].releaseId }} - uses: git-push config: - path: ./gitops + path: ./out + branch: ${{ vars.targetBranch }} diff --git a/apps/kargo-project-codeai/stages/production.yaml b/apps/kargo-project-codeai/stages/production.yaml index eac25f5..6274530 100644 --- a/apps/kargo-project-codeai/stages/production.yaml +++ b/apps/kargo-project-codeai/stages/production.yaml @@ -7,33 +7,12 @@ spec: requestedFreight: - origin: kind: Warehouse - name: kargo-project-codeai + name: codeai-builds sources: stages: - - test + - review-infra-changes + # Production deploy truth is the reviewed render merged into stage/production. + # This stage models the final approved hop after the PR merge updates that branch. promotionTemplate: spec: - vars: - - name: gitopsRepo - value: https://github.com/code-dot-org/k8s-gitops.git - steps: - - uses: git-clone - config: - repoURL: ${{ vars.gitopsRepo }} - checkout: - - branch: main - path: ./gitops - - uses: yaml-update - config: - path: ./gitops/apps/codeai/deployments/production/values.yaml - updates: - - key: image - value: ghcr.io/code-dot-org/code-dot-org:${{ imageFrom("ghcr.io/code-dot-org/code-dot-org").Tag }} - - uses: git-commit - config: - path: ./gitops - message: | - Promote production to ${{ imageFrom("ghcr.io/code-dot-org/code-dot-org").Tag }} [skip ci] - - uses: git-push - config: - path: ./gitops + steps: [] diff --git a/apps/kargo-project-codeai/stages/review-infra-changes.yaml b/apps/kargo-project-codeai/stages/review-infra-changes.yaml new file mode 100644 index 0000000..c9c2e0a --- /dev/null +++ b/apps/kargo-project-codeai/stages/review-infra-changes.yaml @@ -0,0 +1,143 @@ +apiVersion: kargo.akuity.io/v1alpha1 +kind: Stage +metadata: + name: review-infra-changes + namespace: kargo-project-codeai +spec: + requestedFreight: + - origin: + kind: Warehouse + name: codeai-builds + sources: + stages: + - levelbuilder + vars: + - name: gitopsRepo + value: https://github.com/code-dot-org/k8s-gitops.git + - name: imageRepo + value: ghcr.io/code-dot-org/code-dot-org + - name: targetBranch + value: stage/production + - name: renderDeployment + value: production + - name: renderPath + value: apps/codeai/deployments/production/deploy + - name: legacyEnv + value: production + promotionTemplate: + spec: + steps: + - uses: git-clone + config: + repoURL: ${{ vars.gitopsRepo }} + checkout: + - commit: ${{ commitFrom(vars.gitopsRepo, warehouse('codeai-builds')).ID }} + path: ./freight + - branch: main + path: ./meta + - branch: ${{ vars.targetBranch }} + create: true + path: ./out + - uses: yaml-parse + as: build-lock + config: + path: ./freight/warehouses/codeai/builds/current.yaml + outputs: + - name: releaseId + fromExpression: releaseId + - name: gitCommit + fromExpression: gitCommit + - name: sourceRepo + fromExpression: packaging.sourceRepo + - name: sourcePath + fromExpression: packaging.sourcePath + - uses: yaml-parse + as: legacy-merge + config: + path: ./meta/warehouses/codeai/legacy-gitflow/${{ vars.legacyEnv }}/merged/${{ outputs['build-lock'].releaseId }}.yaml + outputs: + - name: revision + fromExpression: revision + - name: tag + fromExpression: tag + - name: mergedAt + fromExpression: mergedAt + - uses: yaml-parse + as: deployment-meta + config: + path: ./meta/apps/codeai/deployments/${{ vars.renderDeployment }}/deployment.yaml + outputs: + - name: envType + fromExpression: envType + - name: namespace + fromExpression: namespace + - uses: git-clone + config: + repoURL: ${{ outputs['build-lock'].sourceRepo }} + checkout: + - commit: ${{ outputs['build-lock'].gitCommit }} + path: ./src + sparse: + - ${{ outputs['build-lock'].sourcePath }} + - uses: git-clear + config: + path: ./out/${{ vars.renderPath }} + - uses: copy + config: + inPath: ./src/${{ outputs['build-lock'].sourcePath }} + outPath: ./work/deployments/source + - uses: copy + config: + inPath: ./meta/apps/codeai/envTypes/${{ outputs['deployment-meta'].envType }} + outPath: ./work/deployments/envTypes/${{ outputs['deployment-meta'].envType }} + - uses: copy + config: + inPath: ./meta/apps/codeai/envTypes/components + outPath: ./work/deployments/envTypes/components + - uses: copy + config: + inPath: ./meta/apps/codeai/kargo/templates/deploy + outPath: ./work/deployments/${{ vars.renderDeployment }}/deploy + - uses: yaml-update + config: + path: ./work/deployments/${{ vars.renderDeployment }}/deploy/kustomization.yaml + updates: + - key: namespace + value: ${{ outputs['deployment-meta'].namespace }} + - key: resources + value: + - ../../source/base + - key: components + value: + - ../../envTypes/${{ outputs['deployment-meta'].envType }} + - uses: kustomize-set-image + config: + path: ./work/deployments/${{ vars.renderDeployment }}/deploy + images: + - image: code-dot-org + newName: ${{ vars.imageRepo }} + tag: ${{ outputs['build-lock'].releaseId }} + - uses: kustomize-build + config: + path: ./work/deployments/${{ vars.renderDeployment }}/deploy + outPath: ./out/${{ vars.renderPath }} + - uses: git-commit + config: + path: ./out + message: Review production render for ${{ outputs['build-lock'].releaseId }} + - uses: git-push + as: push + config: + path: ./out + generateTargetBranch: true + - uses: git-open-pr + as: open-pr + config: + repoURL: ${{ vars.gitopsRepo }} + sourceBranch: ${{ outputs['push'].branch }} + targetBranch: ${{ vars.targetBranch }} + title: Review CodeAI production render for ${{ outputs['build-lock'].releaseId }} + - uses: git-wait-for-pr + config: + repoURL: ${{ vars.gitopsRepo }} + prNumber: ${{ outputs['open-pr'].pr.id }} diff --git a/apps/kargo-project-codeai/stages/staging.yaml b/apps/kargo-project-codeai/stages/staging.yaml index c986f62..70411cb 100644 --- a/apps/kargo-project-codeai/stages/staging.yaml +++ b/apps/kargo-project-codeai/stages/staging.yaml @@ -7,32 +7,107 @@ spec: requestedFreight: - origin: kind: Warehouse - name: kargo-project-codeai + name: codeai-builds sources: direct: true + vars: + - name: gitopsRepo + value: https://github.com/code-dot-org/k8s-gitops.git + - name: imageRepo + value: ghcr.io/code-dot-org/code-dot-org + - name: targetBranch + value: stage/${{ ctx.stage }} promotionTemplate: spec: - vars: - - name: gitopsRepo - value: https://github.com/code-dot-org/k8s-gitops.git steps: - uses: git-clone config: repoURL: ${{ vars.gitopsRepo }} checkout: + - commit: ${{ commitFrom(vars.gitopsRepo, warehouse('codeai-builds')).ID }} + path: ./freight - branch: main - path: ./gitops + path: ./meta + - branch: ${{ vars.targetBranch }} + create: true + path: ./out + - uses: yaml-parse + as: build-lock + config: + path: ./freight/warehouses/codeai/builds/current.yaml + outputs: + - name: releaseId + fromExpression: releaseId + - name: gitCommit + fromExpression: gitCommit + - name: sourceRepo + fromExpression: packaging.sourceRepo + - name: sourcePath + fromExpression: packaging.sourcePath + - uses: yaml-parse + as: deployment-meta + config: + path: ./meta/apps/codeai/deployments/${{ ctx.stage }}/deployment.yaml + outputs: + - name: envType + fromExpression: envType + - name: namespace + fromExpression: namespace + - uses: git-clone + config: + repoURL: ${{ outputs['build-lock'].sourceRepo }} + checkout: + - commit: ${{ outputs['build-lock'].gitCommit }} + path: ./src + sparse: + - ${{ outputs['build-lock'].sourcePath }} + - uses: git-clear + config: + path: ./out/apps/codeai/deployments/${{ ctx.stage }}/deploy + - uses: copy + config: + inPath: ./src/${{ outputs['build-lock'].sourcePath }} + outPath: ./work/deployments/source + - uses: copy + config: + inPath: ./meta/apps/codeai/envTypes/${{ outputs['deployment-meta'].envType }} + outPath: ./work/deployments/envTypes/${{ outputs['deployment-meta'].envType }} + - uses: copy + config: + inPath: ./meta/apps/codeai/envTypes/components + outPath: ./work/deployments/envTypes/components + - uses: copy + config: + inPath: ./meta/apps/codeai/kargo/templates/deploy + outPath: ./work/deployments/${{ ctx.stage }}/deploy - uses: yaml-update config: - path: ./gitops/apps/codeai/deployments/staging/values.yaml + path: ./work/deployments/${{ ctx.stage }}/deploy/kustomization.yaml updates: - - key: image - value: ghcr.io/code-dot-org/code-dot-org:${{ imageFrom("ghcr.io/code-dot-org/code-dot-org").Tag }} + - key: namespace + value: ${{ outputs['deployment-meta'].namespace }} + - key: resources + value: + - ../../source/base + - key: components + value: + - ../../envTypes/${{ outputs['deployment-meta'].envType }} + - uses: kustomize-set-image + config: + path: ./work/deployments/${{ ctx.stage }}/deploy + images: + - image: code-dot-org + newName: ${{ vars.imageRepo }} + tag: ${{ outputs['build-lock'].releaseId }} + - uses: kustomize-build + config: + path: ./work/deployments/${{ ctx.stage }}/deploy + outPath: ./out/apps/codeai/deployments/${{ ctx.stage }}/deploy - uses: git-commit config: - path: ./gitops - message: | - Promote staging to ${{ imageFrom("ghcr.io/code-dot-org/code-dot-org").Tag }} [skip ci] + path: ./out + message: Render ${{ ctx.stage }} for ${{ outputs['build-lock'].releaseId }} - uses: git-push config: - path: ./gitops + path: ./out + branch: ${{ vars.targetBranch }} diff --git a/apps/kargo-project-codeai/stages/test.yaml b/apps/kargo-project-codeai/stages/test.yaml index c029450..199e942 100644 --- a/apps/kargo-project-codeai/stages/test.yaml +++ b/apps/kargo-project-codeai/stages/test.yaml @@ -7,33 +7,121 @@ spec: requestedFreight: - origin: kind: Warehouse - name: kargo-project-codeai + name: codeai-builds sources: stages: - staging + vars: + - name: gitopsRepo + value: https://github.com/code-dot-org/k8s-gitops.git + - name: imageRepo + value: ghcr.io/code-dot-org/code-dot-org + - name: targetBranch + value: stage/${{ ctx.stage }} + - name: legacyEnv + value: test promotionTemplate: spec: - vars: - - name: gitopsRepo - value: https://github.com/code-dot-org/k8s-gitops.git steps: - uses: git-clone config: repoURL: ${{ vars.gitopsRepo }} checkout: + - commit: ${{ commitFrom(vars.gitopsRepo, warehouse('codeai-builds')).ID }} + path: ./freight - branch: main - path: ./gitops + path: ./meta + - branch: ${{ vars.targetBranch }} + create: true + path: ./out + - uses: yaml-parse + as: build-lock + config: + path: ./freight/warehouses/codeai/builds/current.yaml + outputs: + - name: releaseId + fromExpression: releaseId + - name: gitCommit + fromExpression: gitCommit + - name: sourceRepo + fromExpression: packaging.sourceRepo + - name: sourcePath + fromExpression: packaging.sourcePath + - uses: yaml-parse + as: legacy-merge + config: + path: ./meta/warehouses/codeai/legacy-gitflow/${{ vars.legacyEnv }}/merged/${{ outputs['build-lock'].releaseId }}.yaml + outputs: + - name: revision + fromExpression: revision + - name: tag + fromExpression: tag + - name: mergedAt + fromExpression: mergedAt + - uses: yaml-parse + as: deployment-meta + config: + path: ./meta/apps/codeai/deployments/${{ ctx.stage }}/deployment.yaml + outputs: + - name: envType + fromExpression: envType + - name: namespace + fromExpression: namespace + - uses: git-clone + config: + repoURL: ${{ outputs['build-lock'].sourceRepo }} + checkout: + - commit: ${{ outputs['build-lock'].gitCommit }} + path: ./src + sparse: + - ${{ outputs['build-lock'].sourcePath }} + - uses: git-clear + config: + path: ./out/apps/codeai/deployments/${{ ctx.stage }}/deploy + - uses: copy + config: + inPath: ./src/${{ outputs['build-lock'].sourcePath }} + outPath: ./work/deployments/source + - uses: copy + config: + inPath: ./meta/apps/codeai/envTypes/${{ outputs['deployment-meta'].envType }} + outPath: ./work/deployments/envTypes/${{ outputs['deployment-meta'].envType }} + - uses: copy + config: + inPath: ./meta/apps/codeai/envTypes/components + outPath: ./work/deployments/envTypes/components + - uses: copy + config: + inPath: ./meta/apps/codeai/kargo/templates/deploy + outPath: ./work/deployments/${{ ctx.stage }}/deploy - uses: yaml-update config: - path: ./gitops/apps/codeai/deployments/test/values.yaml + path: ./work/deployments/${{ ctx.stage }}/deploy/kustomization.yaml updates: - - key: image - value: ghcr.io/code-dot-org/code-dot-org:${{ imageFrom("ghcr.io/code-dot-org/code-dot-org").Tag }} + - key: namespace + value: ${{ outputs['deployment-meta'].namespace }} + - key: resources + value: + - ../../source/base + - key: components + value: + - ../../envTypes/${{ outputs['deployment-meta'].envType }} + - uses: kustomize-set-image + config: + path: ./work/deployments/${{ ctx.stage }}/deploy + images: + - image: code-dot-org + newName: ${{ vars.imageRepo }} + tag: ${{ outputs['build-lock'].releaseId }} + - uses: kustomize-build + config: + path: ./work/deployments/${{ ctx.stage }}/deploy + outPath: ./out/apps/codeai/deployments/${{ ctx.stage }}/deploy - uses: git-commit config: - path: ./gitops - message: | - Promote test to ${{ imageFrom("ghcr.io/code-dot-org/code-dot-org").Tag }} [skip ci] + path: ./out + message: Render ${{ ctx.stage }} for ${{ outputs['build-lock'].releaseId }} - uses: git-push config: - path: ./gitops + path: ./out + branch: ${{ vars.targetBranch }} diff --git a/apps/kargo-project-codeai/warehouse.yaml b/apps/kargo-project-codeai/warehouse.yaml index ff9ebe0..c42e27d 100644 --- a/apps/kargo-project-codeai/warehouse.yaml +++ b/apps/kargo-project-codeai/warehouse.yaml @@ -1,13 +1,12 @@ apiVersion: kargo.akuity.io/v1alpha1 kind: Warehouse metadata: - name: kargo-project-codeai + name: codeai-builds namespace: kargo-project-codeai spec: subscriptions: - - image: - repoURL: ghcr.io/code-dot-org/code-dot-org - ignoreTagsRegexes: - # Ignore single-platform images when we have a multiplatform option - - '.*-amd64$' - - '.*-arm64$' + - git: + repoURL: https://github.com/code-dot-org/k8s-gitops.git + branch: main + includePaths: + - warehouses/codeai/builds diff --git a/warehouses/codeai/README.md b/warehouses/codeai/README.md new file mode 100644 index 0000000..8e58ddc --- /dev/null +++ b/warehouses/codeai/README.md @@ -0,0 +1,6 @@ +This directory holds CodeAI release metadata consumed by Kargo. + +- `builds/` contains the thin build-lock Freight records. +- `legacy-gitflow/` contains merge metadata used only for downstream promotion gates. + +Rendered manifests are not stored here. They are written to `stage/*` branches under `apps/codeai/deployments/*/deploy/`. diff --git a/warehouses/codeai/builds/.gitkeep b/warehouses/codeai/builds/.gitkeep new file mode 100644 index 0000000..8b13789 --- /dev/null +++ b/warehouses/codeai/builds/.gitkeep @@ -0,0 +1 @@ + diff --git a/warehouses/codeai/legacy-gitflow/levelbuilder/merged/.gitkeep b/warehouses/codeai/legacy-gitflow/levelbuilder/merged/.gitkeep new file mode 100644 index 0000000..8b13789 --- /dev/null +++ b/warehouses/codeai/legacy-gitflow/levelbuilder/merged/.gitkeep @@ -0,0 +1 @@ + diff --git a/warehouses/codeai/legacy-gitflow/production/merged/.gitkeep b/warehouses/codeai/legacy-gitflow/production/merged/.gitkeep new file mode 100644 index 0000000..8b13789 --- /dev/null +++ b/warehouses/codeai/legacy-gitflow/production/merged/.gitkeep @@ -0,0 +1 @@ + diff --git a/warehouses/codeai/legacy-gitflow/staging/merged/.gitkeep b/warehouses/codeai/legacy-gitflow/staging/merged/.gitkeep new file mode 100644 index 0000000..8b13789 --- /dev/null +++ b/warehouses/codeai/legacy-gitflow/staging/merged/.gitkeep @@ -0,0 +1 @@ + diff --git a/warehouses/codeai/legacy-gitflow/test/merged/.gitkeep b/warehouses/codeai/legacy-gitflow/test/merged/.gitkeep new file mode 100644 index 0000000..8b13789 --- /dev/null +++ b/warehouses/codeai/legacy-gitflow/test/merged/.gitkeep @@ -0,0 +1 @@ + From eb7d143d9f5f3c2221c7953a38eedf250dbb37c0 Mon Sep 17 00:00:00 2001 From: Seth Nickell Date: Mon, 23 Mar 2026 00:38:58 -1000 Subject: [PATCH 2/2] Skip empty rendered review PRs --- .../kargo-project-codeai/stages/review-infra-changes.yaml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/apps/kargo-project-codeai/stages/review-infra-changes.yaml b/apps/kargo-project-codeai/stages/review-infra-changes.yaml index c9c2e0a..72f9a8a 100644 --- a/apps/kargo-project-codeai/stages/review-infra-changes.yaml +++ b/apps/kargo-project-codeai/stages/review-infra-changes.yaml @@ -28,6 +28,7 @@ spec: spec: steps: - uses: git-clone + as: gitops config: repoURL: ${{ vars.gitopsRepo }} checkout: @@ -35,7 +36,8 @@ spec: path: ./freight - branch: main path: ./meta - - branch: ${{ vars.targetBranch }} + - as: production + branch: ${{ vars.targetBranch }} create: true path: ./out - uses: yaml-parse @@ -122,15 +124,18 @@ spec: path: ./work/deployments/${{ vars.renderDeployment }}/deploy outPath: ./out/${{ vars.renderPath }} - uses: git-commit + as: commit config: path: ./out message: Review production render for ${{ outputs['build-lock'].releaseId }} - uses: git-push + if: ${{ outputs.commit.commit != outputs.gitops.commits.production }} as: push config: path: ./out generateTargetBranch: true - uses: git-open-pr + if: ${{ outputs.commit.commit != outputs.gitops.commits.production }} as: open-pr config: repoURL: ${{ vars.gitopsRepo }} @@ -138,6 +143,7 @@ spec: targetBranch: ${{ vars.targetBranch }} title: Review CodeAI production render for ${{ outputs['build-lock'].releaseId }} - uses: git-wait-for-pr + if: ${{ outputs.commit.commit != outputs.gitops.commits.production }} config: repoURL: ${{ vars.gitopsRepo }} prNumber: ${{ outputs['open-pr'].pr.id }}