Add a promotion workflow from staging to production

Signed-off-by: Soule BA <[email protected]>

.github/workflows/production-promotion.yaml

@@ -0,0 +1,56 @@
+name: production-promotion
+on:
+  repository_dispatch:
+    types:
+      - HelmRelease/redis.backend
+      - HelmRelease/memcached.backend
+      - HelmRelease/podinfo.frontend
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  promote:
+    runs-on: ubuntu-latest
+    # Start promotion when the staging cluster has successfully
+    # upgraded the Helm release to a new chart version.
+    if: |
+      github.event.client_payload.metadata.env == 'staging' &&
+      github.event.client_payload.severity == 'info'      
+    steps:
+      # Checkout main branch.
+      - uses: actions/checkout@v3
+        with:
+          ref: production
+      #Parse the event metadata to determine the chart version deployed on staging.
+      - name: Get chart version from staging
+        id: staging
+        run: |
+          VERSION=$(echo ${{ github.event.client_payload.metadata.revision }} | cut -d '@' -f1)
+          NAME=$(echo ${{ github.event.client_payload.involvedObject.name }} | cut -d '@' -f1)
+          NAMESPACE=$(echo ${{ github.event.client_payload.involvedObject.namespace }} | cut -d '@' -f1)
+          echo VERSION=${VERSION} >> $GITHUB_OUTPUT          
+          echo NAME=${NAME} >> $GITHUB_OUTPUT
+          echo NAMESPACE=${NAMESPACE} >> $GITHUB_OUTPUT
+      # Patch the chart version in the production Helm release manifest.
+      - name: Set chart version in production
+        id: production
+        env:
+          CHART_VERSION: ${{ steps.staging.outputs.version }}
+          NAME: ${{ steps.staging.outputs.name }}
+          NAMESPACE: ${{ steps.staging.outputs.namespace }}
+        run: |
+          echo "set chart version to ${CHART_VERSION}"
+          yq e '(select(.spec.chart.spec.version) | .spec.chart.spec.version) = env(CHART_VERSION)' -i ./components/${NAMESPACE}/base/${NAME}.yaml      
+      # Open a Pull Request if an upgraded is needed in production.
+      - name: Open promotion PR
+        uses: peter-evans/create-pull-request@v6
+        with:
+          branch: production-promotion-${{ steps.staging.outputs.name }}-${{ steps.staging.outputs.version }}
+          delete-branch: true
+          token: ${{ secrets.GITHUB_TOKEN }}
+          commit-message: Promote chart ${{ steps.staging.outputs.name }} to version ${{ steps.staging.outputs.version }}
+          title: Promote chart ${{ steps.staging.outputs.name }} to version ${{ steps.staging.outputs.version }}
+          body: |
+            Promote chart ${{ steps.staging.outputs.name }} to version ${{ steps.staging.outputs.version }}.

README.md

@@ -100,3 +100,24 @@ When a new chart version is pushed to the container registry, and if it matches
 Flux will update the HelmRelease YAML definitions and will push the changes to the `main` branch.
 Then it will upgrade the Helm releases to the new version to the staging cluster.
 
+### Promotion to Production
+
+After the HelmReleases are successfully installed or upgraded on the staging cluster, a promotion pipeline
+is triggered to promote the changes to the production clusters. It effectively opens pull requests
+on the `production` branch with the updated HelmChart versions.
+
+The promotion pipeline is defined in .github/workflows/production-promotion.yaml.
+The `provider` and `alerts` used to trigger the promotion pipeline are defined in the `staging` directory
+of each component:
+
+```shell
+./components/
+├── backend
+│   └── staging
+│       ├── kustomization.yaml
+│       └── production-promotion.yaml
+└── frontend
+    └── staging
+        ├── kustomization.yaml
+        └── production-promotion.yaml
+```

components/backend/staging/kustomization.yaml

@@ -2,7 +2,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
   - ../base
+  - production-promotion.yaml
 patches:
   - path: memcached-values.yaml
   - path: redis-values.yaml
-

components/backend/staging/production-promotion.yaml

@@ -0,0 +1,31 @@
+apiVersion: notification.toolkit.fluxcd.io/v1beta3
+kind: Provider
+metadata:
+  name: github
+  namespace: backend
+spec:
+  type: githubdispatch
+  address: https://github.com/controlplaneio-fluxcd/d1-apps
+  secretRef:
+    name: flux-apps
+---
+apiVersion: notification.toolkit.fluxcd.io/v1beta3
+kind: Alert
+metadata:
+  name: production-promotion
+  namespace: backend
+spec:
+  providerRef:
+    name: github
+  summary: "Trigger promotion"
+  eventMetadata:
+    env: staging
+    cluster: staging-1
+  eventSeverity: info
+  eventSources:
+    - kind: HelmRelease
+      name: redis
+    - kind: HelmRelease
+      name: memcached
+  inclusionList:
+    - ".*succeeded.*"

components/frontend/staging/kustomization.yaml

@@ -2,6 +2,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
   - ../base
+  - production-promotion.yaml
 patches:
   - path: podinfo-values.yaml
     target:

components/frontend/staging/production-promotion.yaml

@@ -0,0 +1,29 @@
+apiVersion: notification.toolkit.fluxcd.io/v1beta3
+kind: Provider
+metadata:
+  name: github
+  namespace: frontend
+spec:
+  type: githubdispatch
+  address: https://github.com/controlplaneio-fluxcd/d1-apps
+  secretRef:
+    name: flux-apps
+---
+apiVersion: notification.toolkit.fluxcd.io/v1beta3
+kind: Alert
+metadata:
+  name: production-promotion
+  namespace: frontend
+spec:
+  providerRef:
+    name: github
+  summary: "Trigger promotion"
+  eventMetadata:
+    env: staging
+    cluster: staging-1
+  eventSeverity: info
+  eventSources:
+    - kind: HelmRelease
+      name: podinfo
+  inclusionList:
+    - ".*succeeded.*"