chore: migrate to GitOps workflow with ArgoCD

.github/workflows/build.yaml

@@ -1,33 +1,33 @@
-# .github/workflows/build.yml
-# This workflow builds the JAR, then packages it as a Docker image.
+# Updated build.yaml template for microservices
+# This replaces the old build.yaml to add branch-aware image tagging
+
 name: Build and Package Service
+
 on:
   push:
     branches:
       - 'main'
-      - 'devOps'
       - 'dev'
   pull_request:
     branches:
       - 'main'
-      - 'devOps'
       - 'dev'
 
-# Permissions needed to push Docker images to your org's GitHub packages
 permissions:
   contents: read
-  packages: write 
+  packages: write
 
 jobs:
-  # JOB 1: Your original job, unchanged
+  # JOB 1: Build and test (runs on all pushes and PRs)
   build-test:
-    name: Install and Build (Tests Skipped)
+    name: Build and Test
     runs-on: ubuntu-latest
 
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
 
+      # For Java/Spring Boot services:
       - name: Set up JDK 17
         uses: actions/setup-java@v4
         with:
@@ -43,65 +43,94 @@ jobs:
           restore-keys: |
             ${{ runner.os }}-maven-
 
-      - name: Build with Maven (Skip Tests)
-        # As requested, we are keeping -DskipTests for now
+      - name: Build with Maven
         run: mvn -B clean package -DskipTests --file auth-service/pom.xml
 
-      - name: Upload Build Artifact (JAR)
-        # We upload the JAR so the next job can use it
+      - name: Upload Build Artifact
         uses: actions/upload-artifact@v4
         with:
-          name: auth-service-jar
+          name: service-jar
           path: auth-service/target/*.jar
 
-  # JOB 2: New job to package the service as a Docker image
+      # For Node.js/Next.js services (Frontend):
+      # - name: Use Node.js and cache npm
+      #   uses: actions/setup-node@v4
+      #   with:
+      #     node-version: '22'
+      #     cache: 'npm'
+      #
+      # - name: Install dependencies
+      #   run: npm ci
+      #
+      # - name: Run linter
+      #   run: npm run lint
+      #
+      # - name: Build
+      #   run: npm run build
+
+  # JOB 2: Package as Docker image (only on pushes to main/dev, not PRs)
   build-and-push-docker:
     name: Build & Push Docker Image
-    # This job only runs on pushes to 'main', not on PRs
-    # Ensures you only publish final images for merged code
-    if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/devOps' || github.ref == 'refs/heads/dev'
+    needs: build-test
+    if: github.event_name == 'push' && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/dev')
     runs-on: ubuntu-latest
-    # This job runs *after* the build-test job succeeds
-    needs: build-test 
-
+
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
 
-      # We need the JAR file that the 'build-test' job created
+      # For Java services: download JAR from previous job
       - name: Download JAR Artifact
         uses: actions/download-artifact@v4
         with:
-          name: auth-service-jar
+          name: service-jar
           path: auth-service/target/
 
-      # This action generates smart tags for your Docker image
-      # e.g., 'ghcr.io/your-org/auth-service:latest'
-      # e.g., 'ghcr.io/your-org/auth-service:a1b2c3d' (from the commit SHA)
-      - name: Docker meta
+      - name: Extract branch name
+        id: branch
+        run: |
+          BRANCH_NAME=${GITHUB_REF#refs/heads/}
+          echo "name=${BRANCH_NAME}" >> $GITHUB_OUTPUT
+          echo "📍 Building for branch: ${BRANCH_NAME}"
+
+      - name: Docker meta (with branch-aware tags)
         id: meta
         uses: docker/metadata-action@v5
         with:
-          images: ghcr.io/${{ github.repository }} # e.g., ghcr.io/randitha/Authentication
+          images: ghcr.io/techtorque-2025/authentication
           tags: |
-            type=sha,prefix=
+            # Branch + short SHA (e.g., dev-abc1234 or main-xyz5678)
+            type=raw,value=${{ steps.branch.outputs.name }}-{{sha}},enable=true
+            # Latest tag only for main branch
             type=raw,value=latest,enable={{is_default_branch}}
+          flavor: |
+            latest=false
 
-      # Logs you into the GitHub Container Registry (GHCR)
       - name: Log in to GHCR
         uses: docker/login-action@v3
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }} # This token is auto-generated
+          password: ${{ secrets.GITHUB_TOKEN }}
 
-      # Builds the Docker image and pushes it to GHCR
-      # This assumes you have a 'Dockerfile' in the root of 'Authentication'
       - name: Build and push Docker image
         uses: docker/build-push-action@v5
         with:
-          context: . # Assumes Dockerfile is in the root of this repo
-          # The Dockerfile build will copy the JAR from auth-service/target/
+          context: .
           push: true
           tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
+          labels: ${{ steps.meta.outputs.labels }}
+
+      - name: Image Summary
+        run: |
+          echo "### 🐳 Docker Image Built" >> $GITHUB_STEP_SUMMARY
+          echo "" >> $GITHUB_STEP_SUMMARY
+          echo "**Tags pushed:**" >> $GITHUB_STEP_SUMMARY
+          echo '```' >> $GITHUB_STEP_SUMMARY
+          echo "${{ steps.meta.outputs.tags }}" >> $GITHUB_STEP_SUMMARY
+          echo '```' >> $GITHUB_STEP_SUMMARY
+
+# REPLACEMENTS NEEDED:
+# - auth-service: e.g., "auth-service", "time-logging-service" (for Java services)
+# - authentication: e.g., "authentication", "timelogging_service", "frontend_web"
+# - Uncomment Node.js steps for Frontend_Web

.github/workflows/deploy.yaml.old

@@ -0,0 +1,72 @@
+# Authentication/.github/workflows/deploy.yml
+
+name: Deploy Auth Service to Kubernetes
+
+on:
+  workflow_run:
+    # This MUST match the 'name:' of your build.yml file
+    workflows: ["Build and Package Service"]
+    types:
+      - completed
+    branches:
+      - 'main'
+      - 'devOps'
+
+jobs:
+  deploy:
+    name: Deploy Auth Service to Kubernetes
+    # We only deploy if the build job was successful
+    if: ${{ github.event.workflow_run.conclusion == 'success' }}
+    runs-on: ubuntu-latest
+
+    steps:
+      # We only need the SHA of the new image
+      - name: Get Commit SHA
+        id: get_sha
+        run: |
+          echo "sha=$(echo ${{ github.event.workflow_run.head_sha }} | cut -c1-7)" >> $GITHUB_OUTPUT
+
+      # 1. Checkout your new 'k8s-config' repository
+      - name: Checkout K8s Config Repo
+        uses: actions/checkout@v4
+        with:
+          # This points to your new repo
+          repository: 'TechTorque-2025/k8s-config' 
+          # This uses the org-level secret you created
+          token: ${{ secrets.REPO_ACCESS_TOKEN }} 
+          # We'll put the code in a directory named 'config-repo'
+          path: 'config-repo'
+          # --- NEW LINE ---
+          # Explicitly checkout the 'main' branch
+          ref: 'main' 
+
+      - name: Install kubectl
+        uses: azure/setup-kubectl@v3
+
+      - name: Install yq
+        run: |
+          sudo wget https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 -O /usr/bin/yq
+          sudo chmod +x /usr/bin/yq
+
+      - name: Set Kubernetes context
+        uses: azure/k8s-set-context@v4
+        with:
+          kubeconfig: ${{ secrets.KUBE_CONFIG_DATA }} # This uses your Org-level secret
+
+      # 2. Update the image tag for the *authentication* service
+      - name: Update image tag in YAML
+        run: |
+          yq -i '(select(.kind == "Deployment") | .spec.template.spec.containers[0].image) = "ghcr.io/techtorque-2025/authentication:${{ steps.get_sha.outputs.sha }}"' config-repo/k8s/services/auth-deployment.yaml
+
+      # --- NEW DEBUGGING STEP ---
+      - name: Display file contents before apply
+        run: |
+          echo "--- Displaying k8s/services/auth-deployment.yaml ---"
+          cat config-repo/k8s/services/auth-deployment.yaml
+          echo "------------------------------------------------------"
+
+      # 3. Deploy the updated file
+      - name: Deploy to Kubernetes
+        run: |
+          kubectl apply -f config-repo/k8s/services/auth-deployment.yaml
+          kubectl rollout status deployment/auth-deployment

.github/workflows/update-manifest.yaml

@@ -0,0 +1,88 @@
+# GitHub Actions Workflow Template for GitOps with ArgoCD
+# This workflow should replace the old deploy.yaml in each microservice repo
+
+name: Update K8s Manifest
+
+on:
+  workflow_run:
+    workflows: ["Build and Package Service"]  # Or "Build, Test, and Package Frontend" for Frontend_Web
+    types: [completed]
+    branches: ['main', 'dev']
+
+jobs:
+  update-manifest:
+    name: Update Image Tag in k8s-config
+    if: ${{ github.event.workflow_run.conclusion == 'success' }}
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Get branch and SHA info
+        id: info
+        run: |
+          BRANCH="${{ github.event.workflow_run.head_branch }}"
+          SHORT_SHA="$(echo ${{ github.event.workflow_run.head_sha }} | cut -c1-7)"
+          echo "branch=${BRANCH}" >> $GITHUB_OUTPUT
+          echo "sha=${SHORT_SHA}" >> $GITHUB_OUTPUT
+          echo "📍 Branch: ${BRANCH}, SHA: ${SHORT_SHA}"
+
+      - name: Checkout k8s-config repo (matching branch)
+        uses: actions/checkout@v4
+        with:
+          repository: 'TechTorque-2025/k8s-config'
+          token: ${{ secrets.REPO_ACCESS_TOKEN }}
+          ref: ${{ steps.info.outputs.branch }}  # Checkout dev or main to match microservice branch
+          path: 'k8s-config'
+
+      - name: Install yq (YAML processor)
+        run: |
+          sudo wget -qO /usr/bin/yq https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64
+          sudo chmod +x /usr/bin/yq
+
+      - name: Update image tag in deployment manifest
+        env:
+          SERVICE_NAME: "authentication"  # e.g., "timelogging_service", "frontend_web", "authentication"
+          DEPLOYMENT_FILE: "auth-deployment.yaml"  # e.g., "timelogging-deployment.yaml", "frontend-deployment.yaml"
+        run: |
+          cd k8s-config
+          NEW_IMAGE="ghcr.io/techtorque-2025/${SERVICE_NAME}:${{ steps.info.outputs.branch }}-${{ steps.info.outputs.sha }}"
+
+          echo "🔄 Updating ${DEPLOYMENT_FILE} to use image: ${NEW_IMAGE}"
+
+          yq eval -i \
+            '(select(.kind == "Deployment") | .spec.template.spec.containers[0].image) = env(NEW_IMAGE)' \
+            k8s/services/${DEPLOYMENT_FILE}
+
+          echo "✅ Updated manifest:"
+          yq eval 'select(.kind == "Deployment") | .spec.template.spec.containers[0].image' k8s/services/${DEPLOYMENT_FILE}
+
+      - name: Commit and push changes
+        env:
+          SERVICE_NAME: "authentication"
+        run: |
+          cd k8s-config
+          git config user.name "github-actions[bot]"
+          git config user.email "github-actions[bot]@users.noreply.github.com"
+
+          git add k8s/services/
+
+          if git diff --cached --quiet; then
+            echo "⚠️  No changes detected, skipping commit"
+            exit 0
+          fi
+
+          git commit -m "chore(${SERVICE_NAME}): update image to ${{ steps.info.outputs.branch }}-${{ steps.info.outputs.sha }}" \
+                     -m "Triggered by: ${{ github.event.workflow_run.html_url }}"
+
+          git push origin ${{ steps.info.outputs.branch }}
+
+          echo "✅ Pushed manifest update to k8s-config/${{ steps.info.outputs.branch }}"
+          echo "🚀 ArgoCD will automatically deploy this change"
+
+      - name: Summary
+        run: |
+          echo "### 🎉 Manifest Update Complete" >> $GITHUB_STEP_SUMMARY
+          echo "" >> $GITHUB_STEP_SUMMARY
+          echo "- **Branch**: ${{ steps.info.outputs.branch }}" >> $GITHUB_STEP_SUMMARY
+          echo "- **Image Tag**: ${{ steps.info.outputs.branch }}-${{ steps.info.outputs.sha }}" >> $GITHUB_STEP_SUMMARY
+          echo "- **Manifest Updated**: k8s/services/auth-deployment.yaml" >> $GITHUB_STEP_SUMMARY
+          echo "- **Next Step**: ArgoCD will sync this change to the cluster" >> $GITHUB_STEP_SUMMARY