From da55cda5e81ffe87e5414e2fabf96b12a6b9878f Mon Sep 17 00:00:00 2001 From: RandithaK Date: Sat, 15 Nov 2025 03:27:42 +0530 Subject: [PATCH] chore: migrate to GitOps workflow with ArgoCD - Update build.yaml with branch-aware image tagging (branch-sha format) - Add update-manifest.yaml to update k8s-config manifests - Backup old deploy.yaml (no longer needed with GitOps) Refs: - k8s-config/argocd/GITOPS_CI_CD_WORKFLOW.md - k8s-config/argocd/SERVICE_MIGRATION_GUIDE.md --- .github/workflows/build.yaml | 99 +++++++++++++++++--------- .github/workflows/deploy.yaml.old | 72 +++++++++++++++++++ .github/workflows/update-manifest.yaml | 88 +++++++++++++++++++++++ 3 files changed, 224 insertions(+), 35 deletions(-) create mode 100644 .github/workflows/deploy.yaml.old create mode 100644 .github/workflows/update-manifest.yaml diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 6432664..389b7c6 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -1,33 +1,33 @@ -# .github/workflows/build.yml -# This workflow builds the JAR, then packages it as a Docker image. +# Updated build.yaml template for microservices +# This replaces the old build.yaml to add branch-aware image tagging + name: Build and Package Service + on: push: branches: - 'main' - - 'devOps' - 'dev' pull_request: branches: - 'main' - - 'devOps' - 'dev' -# Permissions needed to push Docker images to your org's GitHub packages permissions: contents: read - packages: write + packages: write jobs: - # JOB 1: Your original job, unchanged + # JOB 1: Build and test (runs on all pushes and PRs) build-test: - name: Install and Build (Tests Skipped) + name: Build and Test runs-on: ubuntu-latest steps: - name: Checkout code uses: actions/checkout@v4 + # For Java/Spring Boot services: - name: Set up JDK 17 uses: actions/setup-java@v4 with: @@ -43,65 +43,94 @@ jobs: restore-keys: | ${{ runner.os }}-maven- - - name: Build with Maven (Skip Tests) - # As requested, we are keeping -DskipTests for now + - name: Build with Maven run: mvn -B clean package -DskipTests --file auth-service/pom.xml - - name: Upload Build Artifact (JAR) - # We upload the JAR so the next job can use it + - name: Upload Build Artifact uses: actions/upload-artifact@v4 with: - name: auth-service-jar + name: service-jar path: auth-service/target/*.jar - # JOB 2: New job to package the service as a Docker image + # For Node.js/Next.js services (Frontend): + # - name: Use Node.js and cache npm + # uses: actions/setup-node@v4 + # with: + # node-version: '22' + # cache: 'npm' + # + # - name: Install dependencies + # run: npm ci + # + # - name: Run linter + # run: npm run lint + # + # - name: Build + # run: npm run build + + # JOB 2: Package as Docker image (only on pushes to main/dev, not PRs) build-and-push-docker: name: Build & Push Docker Image - # This job only runs on pushes to 'main', not on PRs - # Ensures you only publish final images for merged code - if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/devOps' || github.ref == 'refs/heads/dev' + needs: build-test + if: github.event_name == 'push' && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/dev') runs-on: ubuntu-latest - # This job runs *after* the build-test job succeeds - needs: build-test - + steps: - name: Checkout code uses: actions/checkout@v4 - # We need the JAR file that the 'build-test' job created + # For Java services: download JAR from previous job - name: Download JAR Artifact uses: actions/download-artifact@v4 with: - name: auth-service-jar + name: service-jar path: auth-service/target/ - # This action generates smart tags for your Docker image - # e.g., 'ghcr.io/your-org/auth-service:latest' - # e.g., 'ghcr.io/your-org/auth-service:a1b2c3d' (from the commit SHA) - - name: Docker meta + - name: Extract branch name + id: branch + run: | + BRANCH_NAME=${GITHUB_REF#refs/heads/} + echo "name=${BRANCH_NAME}" >> $GITHUB_OUTPUT + echo "📍 Building for branch: ${BRANCH_NAME}" + + - name: Docker meta (with branch-aware tags) id: meta uses: docker/metadata-action@v5 with: - images: ghcr.io/${{ github.repository }} # e.g., ghcr.io/randitha/Authentication + images: ghcr.io/techtorque-2025/authentication tags: | - type=sha,prefix= + # Branch + short SHA (e.g., dev-abc1234 or main-xyz5678) + type=raw,value=${{ steps.branch.outputs.name }}-{{sha}},enable=true + # Latest tag only for main branch type=raw,value=latest,enable={{is_default_branch}} + flavor: | + latest=false - # Logs you into the GitHub Container Registry (GHCR) - name: Log in to GHCR uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} # This token is auto-generated + password: ${{ secrets.GITHUB_TOKEN }} - # Builds the Docker image and pushes it to GHCR - # This assumes you have a 'Dockerfile' in the root of 'Authentication' - name: Build and push Docker image uses: docker/build-push-action@v5 with: - context: . # Assumes Dockerfile is in the root of this repo - # The Dockerfile build will copy the JAR from auth-service/target/ + context: . push: true tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} \ No newline at end of file + labels: ${{ steps.meta.outputs.labels }} + + - name: Image Summary + run: | + echo "### 🐳 Docker Image Built" >> $GITHUB_STEP_SUMMARY + echo "" >> $GITHUB_STEP_SUMMARY + echo "**Tags pushed:**" >> $GITHUB_STEP_SUMMARY + echo '```' >> $GITHUB_STEP_SUMMARY + echo "${{ steps.meta.outputs.tags }}" >> $GITHUB_STEP_SUMMARY + echo '```' >> $GITHUB_STEP_SUMMARY + +# REPLACEMENTS NEEDED: +# - auth-service: e.g., "auth-service", "time-logging-service" (for Java services) +# - authentication: e.g., "authentication", "timelogging_service", "frontend_web" +# - Uncomment Node.js steps for Frontend_Web diff --git a/.github/workflows/deploy.yaml.old b/.github/workflows/deploy.yaml.old new file mode 100644 index 0000000..920c24b --- /dev/null +++ b/.github/workflows/deploy.yaml.old @@ -0,0 +1,72 @@ +# Authentication/.github/workflows/deploy.yml + +name: Deploy Auth Service to Kubernetes + +on: + workflow_run: + # This MUST match the 'name:' of your build.yml file + workflows: ["Build and Package Service"] + types: + - completed + branches: + - 'main' + - 'devOps' + +jobs: + deploy: + name: Deploy Auth Service to Kubernetes + # We only deploy if the build job was successful + if: ${{ github.event.workflow_run.conclusion == 'success' }} + runs-on: ubuntu-latest + + steps: + # We only need the SHA of the new image + - name: Get Commit SHA + id: get_sha + run: | + echo "sha=$(echo ${{ github.event.workflow_run.head_sha }} | cut -c1-7)" >> $GITHUB_OUTPUT + + # 1. Checkout your new 'k8s-config' repository + - name: Checkout K8s Config Repo + uses: actions/checkout@v4 + with: + # This points to your new repo + repository: 'TechTorque-2025/k8s-config' + # This uses the org-level secret you created + token: ${{ secrets.REPO_ACCESS_TOKEN }} + # We'll put the code in a directory named 'config-repo' + path: 'config-repo' + # --- NEW LINE --- + # Explicitly checkout the 'main' branch + ref: 'main' + + - name: Install kubectl + uses: azure/setup-kubectl@v3 + + - name: Install yq + run: | + sudo wget https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 -O /usr/bin/yq + sudo chmod +x /usr/bin/yq + + - name: Set Kubernetes context + uses: azure/k8s-set-context@v4 + with: + kubeconfig: ${{ secrets.KUBE_CONFIG_DATA }} # This uses your Org-level secret + + # 2. Update the image tag for the *authentication* service + - name: Update image tag in YAML + run: | + yq -i '(select(.kind == "Deployment") | .spec.template.spec.containers[0].image) = "ghcr.io/techtorque-2025/authentication:${{ steps.get_sha.outputs.sha }}"' config-repo/k8s/services/auth-deployment.yaml + + # --- NEW DEBUGGING STEP --- + - name: Display file contents before apply + run: | + echo "--- Displaying k8s/services/auth-deployment.yaml ---" + cat config-repo/k8s/services/auth-deployment.yaml + echo "------------------------------------------------------" + + # 3. Deploy the updated file + - name: Deploy to Kubernetes + run: | + kubectl apply -f config-repo/k8s/services/auth-deployment.yaml + kubectl rollout status deployment/auth-deployment \ No newline at end of file diff --git a/.github/workflows/update-manifest.yaml b/.github/workflows/update-manifest.yaml new file mode 100644 index 0000000..677d643 --- /dev/null +++ b/.github/workflows/update-manifest.yaml @@ -0,0 +1,88 @@ +# GitHub Actions Workflow Template for GitOps with ArgoCD +# This workflow should replace the old deploy.yaml in each microservice repo + +name: Update K8s Manifest + +on: + workflow_run: + workflows: ["Build and Package Service"] # Or "Build, Test, and Package Frontend" for Frontend_Web + types: [completed] + branches: ['main', 'dev'] + +jobs: + update-manifest: + name: Update Image Tag in k8s-config + if: ${{ github.event.workflow_run.conclusion == 'success' }} + runs-on: ubuntu-latest + + steps: + - name: Get branch and SHA info + id: info + run: | + BRANCH="${{ github.event.workflow_run.head_branch }}" + SHORT_SHA="$(echo ${{ github.event.workflow_run.head_sha }} | cut -c1-7)" + echo "branch=${BRANCH}" >> $GITHUB_OUTPUT + echo "sha=${SHORT_SHA}" >> $GITHUB_OUTPUT + echo "📍 Branch: ${BRANCH}, SHA: ${SHORT_SHA}" + + - name: Checkout k8s-config repo (matching branch) + uses: actions/checkout@v4 + with: + repository: 'TechTorque-2025/k8s-config' + token: ${{ secrets.REPO_ACCESS_TOKEN }} + ref: ${{ steps.info.outputs.branch }} # Checkout dev or main to match microservice branch + path: 'k8s-config' + + - name: Install yq (YAML processor) + run: | + sudo wget -qO /usr/bin/yq https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 + sudo chmod +x /usr/bin/yq + + - name: Update image tag in deployment manifest + env: + SERVICE_NAME: "authentication" # e.g., "timelogging_service", "frontend_web", "authentication" + DEPLOYMENT_FILE: "auth-deployment.yaml" # e.g., "timelogging-deployment.yaml", "frontend-deployment.yaml" + run: | + cd k8s-config + NEW_IMAGE="ghcr.io/techtorque-2025/${SERVICE_NAME}:${{ steps.info.outputs.branch }}-${{ steps.info.outputs.sha }}" + + echo "🔄 Updating ${DEPLOYMENT_FILE} to use image: ${NEW_IMAGE}" + + yq eval -i \ + '(select(.kind == "Deployment") | .spec.template.spec.containers[0].image) = env(NEW_IMAGE)' \ + k8s/services/${DEPLOYMENT_FILE} + + echo "✅ Updated manifest:" + yq eval 'select(.kind == "Deployment") | .spec.template.spec.containers[0].image' k8s/services/${DEPLOYMENT_FILE} + + - name: Commit and push changes + env: + SERVICE_NAME: "authentication" + run: | + cd k8s-config + git config user.name "github-actions[bot]" + git config user.email "github-actions[bot]@users.noreply.github.com" + + git add k8s/services/ + + if git diff --cached --quiet; then + echo "⚠️ No changes detected, skipping commit" + exit 0 + fi + + git commit -m "chore(${SERVICE_NAME}): update image to ${{ steps.info.outputs.branch }}-${{ steps.info.outputs.sha }}" \ + -m "Triggered by: ${{ github.event.workflow_run.html_url }}" + + git push origin ${{ steps.info.outputs.branch }} + + echo "✅ Pushed manifest update to k8s-config/${{ steps.info.outputs.branch }}" + echo "🚀 ArgoCD will automatically deploy this change" + + - name: Summary + run: | + echo "### 🎉 Manifest Update Complete" >> $GITHUB_STEP_SUMMARY + echo "" >> $GITHUB_STEP_SUMMARY + echo "- **Branch**: ${{ steps.info.outputs.branch }}" >> $GITHUB_STEP_SUMMARY + echo "- **Image Tag**: ${{ steps.info.outputs.branch }}-${{ steps.info.outputs.sha }}" >> $GITHUB_STEP_SUMMARY + echo "- **Manifest Updated**: k8s/services/auth-deployment.yaml" >> $GITHUB_STEP_SUMMARY + echo "- **Next Step**: ArgoCD will sync this change to the cluster" >> $GITHUB_STEP_SUMMARY