From cd7cf69b6a59c2ac25b287181481cbfaaf6c04bd Mon Sep 17 00:00:00 2001 From: RandithaK Date: Sat, 15 Nov 2025 03:27:36 +0530 Subject: [PATCH 1/3] chore: migrate to GitOps workflow with ArgoCD - Update build.yaml with branch-aware image tagging (branch-sha format) - Add update-manifest.yaml to update k8s-config manifests - Backup old deploy.yaml (no longer needed with GitOps) Refs: - k8s-config/argocd/GITOPS_CI_CD_WORKFLOW.md - k8s-config/argocd/SERVICE_MIGRATION_GUIDE.md --- .github/workflows/build.yaml | 138 +++++++++++++++---------- .github/workflows/deploy.yaml.old | 69 +++++++++++++ .github/workflows/update-manifest.yaml | 88 ++++++++++++++++ 3 files changed, 243 insertions(+), 52 deletions(-) create mode 100644 .github/workflows/deploy.yaml.old create mode 100644 .github/workflows/update-manifest.yaml diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index e72199c..8ecf251 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -1,102 +1,136 @@ -name: Build and Package Agent Bot Service +# Updated build.yaml template for microservices +# This replaces the old build.yaml to add branch-aware image tagging + +name: Build and Package Service on: push: branches: - 'main' - - 'devOps' - 'dev' pull_request: branches: - 'main' - - 'devOps' - 'dev' -# Permissions needed to push Docker images to your org's GitHub packages permissions: contents: read - packages: write + packages: write jobs: - # JOB 1: Test the Python application + # JOB 1: Build and test (runs on all pushes and PRs) build-test: - name: Install Dependencies and Test + name: Build and Test runs-on: ubuntu-latest steps: - name: Checkout code uses: actions/checkout@v4 - - name: Set up Python 3.11 - uses: actions/setup-python@v5 - with: - python-version: '3.11' - cache: 'pip' +# # For Java/Spring Boot services: +# - name: Set up JDK 17 +# uses: actions/setup-java@v4 +# with: +# java-version: '17' +# distribution: 'temurin' +# cache: maven - - name: Cache pip packages - uses: actions/cache@v4 - with: - path: ~/.cache/pip - key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements.txt') }} - restore-keys: | - ${{ runner.os }}-pip- +# - name: Cache Maven packages +# uses: actions/cache@v4 +# with: +# path: ~/.m2/repository +# key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} +# restore-keys: | +# ${{ runner.os }}-maven- - - name: Install dependencies - run: | - python -m pip install --upgrade pip - pip install -r requirements.txt +# - name: Build with Maven +# run: mvn -B clean package -DskipTests --file SERVICE_MODULE/pom.xml - - name: Lint with flake8 (optional) - run: | - pip install flake8 - # Stop the build if there are Python syntax errors or undefined names - flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics - # Exit-zero treats all errors as warnings - flake8 . --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics - continue-on-error: true - - # Removed: Test import of main module - # This step was causing failures because it tries to initialize the application - # without environment variables (GOOGLE_API_KEY, PINECONE_API_KEY). - # These variables are only available in the K3S cluster, not in GitHub Actions. - # The flake8 linting step above is sufficient to catch syntax errors. - - # JOB 2: Build and push Docker image +# - name: Upload Build Artifact +# uses: actions/upload-artifact@v4 +# with: +# name: service-jar +# path: SERVICE_MODULE/target/*.jar + +# # For Node.js/Next.js services (Frontend): + # - name: Use Node.js and cache npm + # uses: actions/setup-node@v4 + # with: + # node-version: '22' + # cache: 'npm' + # + # - name: Install dependencies + # run: npm ci + # + # - name: Run linter + # run: npm run lint + # + # - name: Build + # run: npm run build + + # JOB 2: Package as Docker image (only on pushes to main/dev, not PRs) build-and-push-docker: name: Build & Push Docker Image - # This job only runs on pushes to 'main', 'devOps', or 'dev', not on PRs - if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/devOps' || github.ref == 'refs/heads/dev' + needs: build-test + if: github.event_name == 'push' && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/dev') runs-on: ubuntu-latest - # This job runs *after* the build-test job succeeds - needs: build-test - + steps: - name: Checkout code uses: actions/checkout@v4 + + # For Java services: download JAR from previous job + - name: Download JAR Artifact + uses: actions/download-artifact@v4 + with: + name: service-jar + path: SERVICE_MODULE/target/ + + - name: Extract branch name + id: branch + run: | + BRANCH_NAME=${GITHUB_REF#refs/heads/} + echo "name=${BRANCH_NAME}" >> $GITHUB_OUTPUT + echo "📍 Building for branch: ${BRANCH_NAME}" - # This action generates smart tags for your Docker image - - name: Docker meta + - name: Docker meta (with branch-aware tags) id: meta uses: docker/metadata-action@v5 with: - images: ghcr.io/${{ github.repository }} # e.g., ghcr.io/TechTorque-2025/Agent_Bot + images: ghcr.io/techtorque-2025/agent_bot tags: | - type=sha,prefix= + # Branch + short SHA (e.g., dev-abc1234 or main-xyz5678) + type=raw,value=${{ steps.branch.outputs.name }}-{{sha}},enable=true + # Latest tag only for main branch type=raw,value=latest,enable={{is_default_branch}} + flavor: | + latest=false - # Logs you into the GitHub Container Registry (GHCR) - name: Log in to GHCR uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} # This token is auto-generated + password: ${{ secrets.GITHUB_TOKEN }} - # Builds the Docker image and pushes it to GHCR - name: Build and push Docker image uses: docker/build-push-action@v5 with: - context: . # Dockerfile is in the root of this repo + context: . push: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} + + - name: Image Summary + run: | + echo "### 🐳 Docker Image Built" >> $GITHUB_STEP_SUMMARY + echo "" >> $GITHUB_STEP_SUMMARY + echo "**Tags pushed:**" >> $GITHUB_STEP_SUMMARY + echo '```' >> $GITHUB_STEP_SUMMARY + echo "${{ steps.meta.outputs.tags }}" >> $GITHUB_STEP_SUMMARY + echo '```' >> $GITHUB_STEP_SUMMARY + +# REPLACEMENTS NEEDED: +# - SERVICE_MODULE: e.g., "auth-service", "time-logging-service" (for Java services) +# - agent_bot: e.g., "authentication", "timelogging_service", "frontend_web" +# - Uncomment Node.js steps for Frontend_Web diff --git a/.github/workflows/deploy.yaml.old b/.github/workflows/deploy.yaml.old new file mode 100644 index 0000000..4023ce3 --- /dev/null +++ b/.github/workflows/deploy.yaml.old @@ -0,0 +1,69 @@ +name: Deploy Agent Bot Service to Kubernetes + +on: + workflow_run: + # This MUST match the 'name:' of your build.yaml file + workflows: ["Build and Package Agent Bot Service"] + types: + - completed + branches: + - 'main' + - 'devOps' + +jobs: + deploy: + name: Deploy Agent Bot Service to Kubernetes + # We only deploy if the build job was successful + if: ${{ github.event.workflow_run.conclusion == 'success' }} + runs-on: ubuntu-latest + + steps: + # We only need the SHA of the new image + - name: Get Commit SHA + id: get_sha + run: | + echo "sha=$(echo ${{ github.event.workflow_run.head_sha }} | cut -c1-7)" >> $GITHUB_OUTPUT + + # 1. Checkout your 'k8s-config' repository + - name: Checkout K8s Config Repo + uses: actions/checkout@v4 + with: + # This points to your k8s config repo + repository: 'TechTorque-2025/k8s-config' + # This uses the org-level secret you created + token: ${{ secrets.REPO_ACCESS_TOKEN }} + # We'll put the code in a directory named 'config-repo' + path: 'config-repo' + # Explicitly checkout the 'main' branch + ref: 'main' + + - name: Install kubectl + uses: azure/setup-kubectl@v3 + + - name: Install yq + run: | + sudo wget https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 -O /usr/bin/yq + sudo chmod +x /usr/bin/yq + + - name: Set Kubernetes context + uses: azure/k8s-set-context@v4 + with: + kubeconfig: ${{ secrets.KUBE_CONFIG_DATA }} # This uses your Org-level secret + + # 2. Update the image tag for the agent-bot service + - name: Update image tag in YAML + run: | + yq -i '(select(.kind == "Deployment") | .spec.template.spec.containers[0].image) = "ghcr.io/techtorque-2025/agent_bot:${{ steps.get_sha.outputs.sha }}"' config-repo/k8s/services/agent-bot-deployment.yaml + + # Display file contents before apply for debugging + - name: Display file contents before apply + run: | + echo "--- Displaying k8s/services/agent-bot-deployment.yaml ---" + cat config-repo/k8s/services/agent-bot-deployment.yaml + echo "------------------------------------------------------" + + # 3. Deploy the updated file + - name: Deploy to Kubernetes + run: | + kubectl apply -f config-repo/k8s/services/agent-bot-deployment.yaml + kubectl rollout status deployment/agent-bot-deployment diff --git a/.github/workflows/update-manifest.yaml b/.github/workflows/update-manifest.yaml new file mode 100644 index 0000000..df43348 --- /dev/null +++ b/.github/workflows/update-manifest.yaml @@ -0,0 +1,88 @@ +# GitHub Actions Workflow Template for GitOps with ArgoCD +# This workflow should replace the old deploy.yaml in each microservice repo + +name: Update K8s Manifest + +on: + workflow_run: + workflows: ["Build and Package Service"] # Or "Build, Test, and Package Frontend" for Frontend_Web + types: [completed] + branches: ['main', 'dev'] + +jobs: + update-manifest: + name: Update Image Tag in k8s-config + if: ${{ github.event.workflow_run.conclusion == 'success' }} + runs-on: ubuntu-latest + + steps: + - name: Get branch and SHA info + id: info + run: | + BRANCH="${{ github.event.workflow_run.head_branch }}" + SHORT_SHA="$(echo ${{ github.event.workflow_run.head_sha }} | cut -c1-7)" + echo "branch=${BRANCH}" >> $GITHUB_OUTPUT + echo "sha=${SHORT_SHA}" >> $GITHUB_OUTPUT + echo "📍 Branch: ${BRANCH}, SHA: ${SHORT_SHA}" + + - name: Checkout k8s-config repo (matching branch) + uses: actions/checkout@v4 + with: + repository: 'TechTorque-2025/k8s-config' + token: ${{ secrets.REPO_ACCESS_TOKEN }} + ref: ${{ steps.info.outputs.branch }} # Checkout dev or main to match microservice branch + path: 'k8s-config' + + - name: Install yq (YAML processor) + run: | + sudo wget -qO /usr/bin/yq https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 + sudo chmod +x /usr/bin/yq + + - name: Update image tag in deployment manifest + env: + SERVICE_NAME: "agent_bot" # e.g., "timelogging_service", "frontend_web", "authentication" + DEPLOYMENT_FILE: "agent-bot-deployment.yaml" # e.g., "timelogging-deployment.yaml", "frontend-deployment.yaml" + run: | + cd k8s-config + NEW_IMAGE="ghcr.io/techtorque-2025/${SERVICE_NAME}:${{ steps.info.outputs.branch }}-${{ steps.info.outputs.sha }}" + + echo "🔄 Updating ${DEPLOYMENT_FILE} to use image: ${NEW_IMAGE}" + + yq eval -i \ + '(select(.kind == "Deployment") | .spec.template.spec.containers[0].image) = env(NEW_IMAGE)' \ + k8s/services/${DEPLOYMENT_FILE} + + echo "✅ Updated manifest:" + yq eval 'select(.kind == "Deployment") | .spec.template.spec.containers[0].image' k8s/services/${DEPLOYMENT_FILE} + + - name: Commit and push changes + env: + SERVICE_NAME: "agent_bot" + run: | + cd k8s-config + git config user.name "github-actions[bot]" + git config user.email "github-actions[bot]@users.noreply.github.com" + + git add k8s/services/ + + if git diff --cached --quiet; then + echo "⚠️ No changes detected, skipping commit" + exit 0 + fi + + git commit -m "chore(${SERVICE_NAME}): update image to ${{ steps.info.outputs.branch }}-${{ steps.info.outputs.sha }}" \ + -m "Triggered by: ${{ github.event.workflow_run.html_url }}" + + git push origin ${{ steps.info.outputs.branch }} + + echo "✅ Pushed manifest update to k8s-config/${{ steps.info.outputs.branch }}" + echo "🚀 ArgoCD will automatically deploy this change" + + - name: Summary + run: | + echo "### 🎉 Manifest Update Complete" >> $GITHUB_STEP_SUMMARY + echo "" >> $GITHUB_STEP_SUMMARY + echo "- **Branch**: ${{ steps.info.outputs.branch }}" >> $GITHUB_STEP_SUMMARY + echo "- **Image Tag**: ${{ steps.info.outputs.branch }}-${{ steps.info.outputs.sha }}" >> $GITHUB_STEP_SUMMARY + echo "- **Manifest Updated**: k8s/services/agent-bot-deployment.yaml" >> $GITHUB_STEP_SUMMARY + echo "- **Next Step**: ArgoCD will sync this change to the cluster" >> $GITHUB_STEP_SUMMARY From 8b7977f0e28192998fd4126a087d73ac9cd0b8f0 Mon Sep 17 00:00:00 2001 From: RandithaK Date: Sat, 15 Nov 2025 04:32:59 +0530 Subject: [PATCH 2/3] fix: use export for NEW_IMAGE variable in yq command (fixes --arg incompatibility) --- .github/workflows/update-manifest.yaml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/.github/workflows/update-manifest.yaml b/.github/workflows/update-manifest.yaml index df43348..329e8ef 100644 --- a/.github/workflows/update-manifest.yaml +++ b/.github/workflows/update-manifest.yaml @@ -45,13 +45,14 @@ jobs: run: | cd k8s-config NEW_IMAGE="ghcr.io/techtorque-2025/${SERVICE_NAME}:${{ steps.info.outputs.branch }}-${{ steps.info.outputs.sha }}" - + export NEW_IMAGE + echo "🔄 Updating ${DEPLOYMENT_FILE} to use image: ${NEW_IMAGE}" - + yq eval -i \ '(select(.kind == "Deployment") | .spec.template.spec.containers[0].image) = env(NEW_IMAGE)' \ k8s/services/${DEPLOYMENT_FILE} - + echo "✅ Updated manifest:" yq eval 'select(.kind == "Deployment") | .spec.template.spec.containers[0].image' k8s/services/${DEPLOYMENT_FILE} From 9c68cc05df3887c51cd9e8fbb379b3038909d4bf Mon Sep 17 00:00:00 2001 From: RandithaK Date: Sat, 15 Nov 2025 12:47:38 +0530 Subject: [PATCH 3/3] chore: commit workspace changes for gitops flow --- .github/workflows/build-test.yaml | 36 +++++++++++ .github/workflows/build.yaml | 82 ++------------------------ .github/workflows/deploy.yaml | 69 ---------------------- .github/workflows/update-manifest.yaml | 2 +- 4 files changed, 41 insertions(+), 148 deletions(-) create mode 100644 .github/workflows/build-test.yaml delete mode 100644 .github/workflows/deploy.yaml diff --git a/.github/workflows/build-test.yaml b/.github/workflows/build-test.yaml new file mode 100644 index 0000000..d73f7c8 --- /dev/null +++ b/.github/workflows/build-test.yaml @@ -0,0 +1,36 @@ +name: Build and Test + +on: + pull_request: + branches: + - 'main' + - 'dev' + +permissions: + contents: read + +jobs: + build-test: + name: Build and Test + runs-on: ubuntu-latest + + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Set up Python + uses: actions/setup-python@v4 + with: + python-version: '3.11' + cache: 'pip' + + - name: Install dependencies + run: | + python -m pip install --upgrade pip + pip install -r requirements.txt + + - name: Test Summary + run: | + echo "### ✅ Build Successful" >> $GITHUB_STEP_SUMMARY + echo "Python dependencies installed successfully" >> $GITHUB_STEP_SUMMARY + echo "Ready for review and merge" >> $GITHUB_STEP_SUMMARY diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 8ecf251..37cd731 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -1,90 +1,23 @@ -# Updated build.yaml template for microservices -# This replaces the old build.yaml to add branch-aware image tagging - -name: Build and Package Service +name: Build and Push Docker Image on: push: branches: - 'main' - 'dev' - pull_request: - branches: - - 'main' - - 'dev' permissions: contents: read packages: write jobs: - # JOB 1: Build and test (runs on all pushes and PRs) - build-test: - name: Build and Test - runs-on: ubuntu-latest - - steps: - - name: Checkout code - uses: actions/checkout@v4 - -# # For Java/Spring Boot services: -# - name: Set up JDK 17 -# uses: actions/setup-java@v4 -# with: -# java-version: '17' -# distribution: 'temurin' -# cache: maven - -# - name: Cache Maven packages -# uses: actions/cache@v4 -# with: -# path: ~/.m2/repository -# key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} -# restore-keys: | -# ${{ runner.os }}-maven- - -# - name: Build with Maven -# run: mvn -B clean package -DskipTests --file SERVICE_MODULE/pom.xml - -# - name: Upload Build Artifact -# uses: actions/upload-artifact@v4 -# with: -# name: service-jar -# path: SERVICE_MODULE/target/*.jar - -# # For Node.js/Next.js services (Frontend): - # - name: Use Node.js and cache npm - # uses: actions/setup-node@v4 - # with: - # node-version: '22' - # cache: 'npm' - # - # - name: Install dependencies - # run: npm ci - # - # - name: Run linter - # run: npm run lint - # - # - name: Build - # run: npm run build - - # JOB 2: Package as Docker image (only on pushes to main/dev, not PRs) - build-and-push-docker: + build-and-push: name: Build & Push Docker Image - needs: build-test - if: github.event_name == 'push' && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/dev') runs-on: ubuntu-latest - + steps: - name: Checkout code uses: actions/checkout@v4 - - # For Java services: download JAR from previous job - - name: Download JAR Artifact - uses: actions/download-artifact@v4 - with: - name: service-jar - path: SERVICE_MODULE/target/ - name: Extract branch name id: branch @@ -99,9 +32,7 @@ jobs: with: images: ghcr.io/techtorque-2025/agent_bot tags: | - # Branch + short SHA (e.g., dev-abc1234 or main-xyz5678) type=raw,value=${{ steps.branch.outputs.name }}-{{sha}},enable=true - # Latest tag only for main branch type=raw,value=latest,enable={{is_default_branch}} flavor: | latest=false @@ -120,7 +51,7 @@ jobs: push: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} - + - name: Image Summary run: | echo "### 🐳 Docker Image Built" >> $GITHUB_STEP_SUMMARY @@ -129,8 +60,3 @@ jobs: echo '```' >> $GITHUB_STEP_SUMMARY echo "${{ steps.meta.outputs.tags }}" >> $GITHUB_STEP_SUMMARY echo '```' >> $GITHUB_STEP_SUMMARY - -# REPLACEMENTS NEEDED: -# - SERVICE_MODULE: e.g., "auth-service", "time-logging-service" (for Java services) -# - agent_bot: e.g., "authentication", "timelogging_service", "frontend_web" -# - Uncomment Node.js steps for Frontend_Web diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml deleted file mode 100644 index 4023ce3..0000000 --- a/.github/workflows/deploy.yaml +++ /dev/null @@ -1,69 +0,0 @@ -name: Deploy Agent Bot Service to Kubernetes - -on: - workflow_run: - # This MUST match the 'name:' of your build.yaml file - workflows: ["Build and Package Agent Bot Service"] - types: - - completed - branches: - - 'main' - - 'devOps' - -jobs: - deploy: - name: Deploy Agent Bot Service to Kubernetes - # We only deploy if the build job was successful - if: ${{ github.event.workflow_run.conclusion == 'success' }} - runs-on: ubuntu-latest - - steps: - # We only need the SHA of the new image - - name: Get Commit SHA - id: get_sha - run: | - echo "sha=$(echo ${{ github.event.workflow_run.head_sha }} | cut -c1-7)" >> $GITHUB_OUTPUT - - # 1. Checkout your 'k8s-config' repository - - name: Checkout K8s Config Repo - uses: actions/checkout@v4 - with: - # This points to your k8s config repo - repository: 'TechTorque-2025/k8s-config' - # This uses the org-level secret you created - token: ${{ secrets.REPO_ACCESS_TOKEN }} - # We'll put the code in a directory named 'config-repo' - path: 'config-repo' - # Explicitly checkout the 'main' branch - ref: 'main' - - - name: Install kubectl - uses: azure/setup-kubectl@v3 - - - name: Install yq - run: | - sudo wget https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 -O /usr/bin/yq - sudo chmod +x /usr/bin/yq - - - name: Set Kubernetes context - uses: azure/k8s-set-context@v4 - with: - kubeconfig: ${{ secrets.KUBE_CONFIG_DATA }} # This uses your Org-level secret - - # 2. Update the image tag for the agent-bot service - - name: Update image tag in YAML - run: | - yq -i '(select(.kind == "Deployment") | .spec.template.spec.containers[0].image) = "ghcr.io/techtorque-2025/agent_bot:${{ steps.get_sha.outputs.sha }}"' config-repo/k8s/services/agent-bot-deployment.yaml - - # Display file contents before apply for debugging - - name: Display file contents before apply - run: | - echo "--- Displaying k8s/services/agent-bot-deployment.yaml ---" - cat config-repo/k8s/services/agent-bot-deployment.yaml - echo "------------------------------------------------------" - - # 3. Deploy the updated file - - name: Deploy to Kubernetes - run: | - kubectl apply -f config-repo/k8s/services/agent-bot-deployment.yaml - kubectl rollout status deployment/agent-bot-deployment diff --git a/.github/workflows/update-manifest.yaml b/.github/workflows/update-manifest.yaml index 329e8ef..3fbd32c 100644 --- a/.github/workflows/update-manifest.yaml +++ b/.github/workflows/update-manifest.yaml @@ -5,7 +5,7 @@ name: Update K8s Manifest on: workflow_run: - workflows: ["Build and Package Service"] # Or "Build, Test, and Package Frontend" for Frontend_Web + workflows: ["Build and Push Docker Image"] types: [completed] branches: ['main', 'dev']