Skip to content
This repository was archived by the owner on Nov 23, 2025. It is now read-only.

Dev #29

Merged
RandithaK merged 3 commits into from
Nov 15, 2025
Merged

Dev #29

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
852a923
refactor: restructure CI/CD workflows for improved execution order an…
RandithaK Nov 15, 2025
2173de3
Merge pull request #28 from TechTorque-2025/feat/gitops-workflow
RandithaK Nov 15, 2025
5275d12
Merge branch 'main' into dev
RandithaK Nov 15, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
42 changes: 42 additions & 0 deletions .github/workflows/build-test.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
name: Build and Test

on:
pull_request:
branches:
- 'main'
- 'dev'

permissions:
contents: read

jobs:
build-test:
name: Build and Test
runs-on: ubuntu-latest

steps:
- name: Checkout code
uses: actions/checkout@v4

- name: Set up JDK 17
uses: actions/setup-java@v4
with:
java-version: '17'
distribution: 'temurin'
cache: maven

- name: Cache Maven packages
uses: actions/cache@v4
with:
path: ~/.m2/repository
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
restore-keys: |
${{ runner.os }}-maven-

- name: Build with Maven
run: mvn -B clean package -DskipTests --file auth-service/pom.xml

- name: Test Summary
run: |
echo "### ✅ Build Successful" >> $GITHUB_STEP_SUMMARY
echo "Ready for review and merge" >> $GITHUB_STEP_SUMMARY
64 changes: 4 additions & 60 deletions .github/workflows/build.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,33 +1,24 @@
# Updated build.yaml template for microservices
# This replaces the old build.yaml to add branch-aware image tagging

name: Build and Package Service
name: Build and Push Docker Image

on:
push:
branches:
- 'main'
- 'dev'
pull_request:
branches:
- 'main'
- 'dev'

permissions:
contents: read
packages: write

jobs:
# JOB 1: Build and test (runs on all pushes and PRs)
build-test:
name: Build and Test
build-and-push:
name: Build & Push Docker Image
runs-on: ubuntu-latest

steps:
- name: Checkout code
uses: actions/checkout@v4

# For Java/Spring Boot services:
- name: Set up JDK 17
uses: actions/setup-java@v4
with:
Expand All @@ -46,46 +37,6 @@ jobs:
- name: Build with Maven
run: mvn -B clean package -DskipTests --file auth-service/pom.xml

- name: Upload Build Artifact
uses: actions/upload-artifact@v4
with:
name: service-jar
path: auth-service/target/*.jar

# For Node.js/Next.js services (Frontend):
# - name: Use Node.js and cache npm
# uses: actions/setup-node@v4
# with:
# node-version: '22'
# cache: 'npm'
#
# - name: Install dependencies
# run: npm ci
#
# - name: Run linter
# run: npm run lint
#
# - name: Build
# run: npm run build

# JOB 2: Package as Docker image (only on pushes to main/dev, not PRs)
build-and-push-docker:
name: Build & Push Docker Image
needs: build-test
if: github.event_name == 'push' && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/dev')
runs-on: ubuntu-latest

steps:
- name: Checkout code
uses: actions/checkout@v4

# For Java services: download JAR from previous job
- name: Download JAR Artifact
uses: actions/download-artifact@v4
with:
name: service-jar
path: auth-service/target/

- name: Extract branch name
id: branch
run: |
Expand All @@ -99,9 +50,7 @@ jobs:
with:
images: ghcr.io/techtorque-2025/authentication
tags: |
# Branch + short SHA (e.g., dev-abc1234 or main-xyz5678)
type=raw,value=${{ steps.branch.outputs.name }}-{{sha}},enable=true
# Latest tag only for main branch
type=raw,value=latest,enable={{is_default_branch}}
flavor: |
latest=false
Expand All @@ -120,7 +69,7 @@ jobs:
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}

- name: Image Summary
run: |
echo "### 🐳 Docker Image Built" >> $GITHUB_STEP_SUMMARY
Expand All @@ -129,8 +78,3 @@ jobs:
echo '```' >> $GITHUB_STEP_SUMMARY
echo "${{ steps.meta.outputs.tags }}" >> $GITHUB_STEP_SUMMARY
echo '```' >> $GITHUB_STEP_SUMMARY

# REPLACEMENTS NEEDED:
# - auth-service: e.g., "auth-service", "time-logging-service" (for Java services)
# - authentication: e.g., "authentication", "timelogging_service", "frontend_web"
# - Uncomment Node.js steps for Frontend_Web
5 changes: 1 addition & 4 deletions .github/workflows/update-manifest.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,11 +1,8 @@
# GitHub Actions Workflow Template for GitOps with ArgoCD
# This workflow should replace the old deploy.yaml in each microservice repo

name: Update K8s Manifest

on:
workflow_run:
workflows: ["Build and Package Service"] # Or "Build, Test, and Package Frontend" for Frontend_Web
workflows: ["Build and Push Docker Image"]
types: [completed]
branches: ['main', 'dev']

Expand Down
183 changes: 183 additions & 0 deletions WORKFLOW_FIX_SUMMARY.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,183 @@
# CI/CD Workflow Fix Summary

## Problem Identified

The "Update K8s Manifest" workflow was executing **before** the Docker image was built, causing manifest updates with non-existent image tags.

### Root Cause

The original `build.yaml` had two jobs:
1. `build-test` - Always runs
2. `build-and-push-docker` - Only runs on push to main/dev (conditional)

GitHub Actions' `workflow_run` trigger fires when the workflow **completes**, which happened after `build-test` finished, even though `build-and-push-docker` was still running or skipped.

## Solution Implemented

### 1. Split Workflows by Purpose

**Before:** Single `build.yaml` tried to handle both PR validation and Docker builds

**After:** Three focused workflows:

#### [build-test.yaml](/.github/workflows/build-test.yaml)
- **Trigger:** Pull requests to main/dev
- **Purpose:** Validate builds before merge
- **Actions:** Maven build only
- **Duration:** ~30s

#### [build.yaml](/.github/workflows/build.yaml) (renamed to "Build and Push Docker Image")
- **Trigger:** Push to main/dev branches only
- **Purpose:** Build and publish Docker images
- **Actions:** Maven build + Docker build + Push to GHCR
- **Output:** Image tagged as `{branch}-{sha}` (e.g., `dev-0f42d3b`)

#### [update-manifest.yaml](/.github/workflows/update-manifest.yaml)
- **Trigger:** After "Build and Push Docker Image" completes successfully
- **Purpose:** Update k8s-config repo with new image tag
- **Actions:**
- Checkout k8s-config
- Update deployment YAML with new image tag
- Commit and push changes
- ArgoCD auto-syncs from there

### 2. Workflow Execution Flow

```
┌─────────────────────────────────────────────────────────────┐
│ PR to main/dev │
└──────────────────────┬──────────────────────────────────────┘
┌──────────────────────┐
│ build-test.yaml │
│ (PR validation) │
└──────────────────────┘
✅ Merge
┌──────────────────────────────────────────────────────────────┐
│ Push to main/dev │
└──────────────────────┬───────────────────────────────────────┘
┌──────────────────────────┐
│ build.yaml │
│ 1. Maven build │
│ 2. Docker build │
│ 3. Push to GHCR │
└──────────┬───────────────┘
│ (workflow_run trigger)
┌──────────────────────────┐
│ update-manifest.yaml │
│ 1. Checkout k8s-config │
│ 2. Update image tag │
│ 3. Git commit & push │
└──────────┬───────────────┘
┌──────────────────────────┐
│ ArgoCD Auto-Sync │
│ (deploys to cluster) │
└──────────────────────────┘
```

## Key Changes

### build-test.yaml (NEW)
```yaml
name: Build and Test
on:
pull_request:
branches: ['main', 'dev']
```
- Simple PR validation
- No Docker build
- Fast feedback

### build.yaml (UPDATED)
```yaml
name: Build and Push Docker Image
on:
push:
branches: ['main', 'dev']
```
- Single job: `build-and-push`
- No conditionals - always runs when triggered
- Predictable completion

### update-manifest.yaml (UPDATED)
```yaml
on:
workflow_run:
workflows: ["Build and Push Docker Image"] # Changed from "Build and Package Service"
types: [completed]
```
- Now triggers on correct workflow name
- Only runs after Docker image is successfully built and pushed

## Benefits

1. **Correct Execution Order:** Manifest only updates after image exists
2. **Faster PR Feedback:** Build-test is lightweight and fast
3. **Clear Separation of Concerns:** Each workflow has one job
4. **Easier Debugging:** Workflow names and purposes are clear
5. **No Race Conditions:** Sequential execution guaranteed

## Testing

To test the complete pipeline:

1. **Create a feature branch:**
```bash
git checkout -b test/cicd-pipeline
```

2. **Make a commit (or empty commit):**
```bash
git commit --allow-empty -m "test: verify CI/CD pipeline"
```

3. **Push and create PR:**
```bash
git push origin test/cicd-pipeline
gh pr create --base dev --title "Test CI/CD Pipeline"
```

4. **Expected behavior:**
- `build-test.yaml` runs immediately
- Shows build success in PR checks

5. **After merge to dev:**
- `build.yaml` runs (builds Docker image)
- `update-manifest.yaml` runs (updates k8s-config)
- ArgoCD syncs changes to cluster

## Files Modified

- ✅ Created: `.github/workflows/build-test.yaml`
- ✅ Updated: `.github/workflows/build.yaml`
- ✅ Updated: `.github/workflows/update-manifest.yaml`
- ℹ️ Kept: `.github/workflows/deploy.yaml.old` (for reference)

## Next Steps

To roll out this fix to other microservices:

1. Copy the three workflow files
2. Update service-specific values:
- Maven path (e.g., `time-logging-service/pom.xml`)
- Image name (e.g., `timelogging_service`)
- Deployment file (e.g., `timelogging-deployment.yaml`)
3. Test with a PR to dev branch
4. Monitor GitHub Actions for correct execution order

---

**Date:** 2025-11-15
**Status:** ✅ Complete
**Affected Service:** Authentication