From b3c6e869a2e9cb01afaf63e101d14f653e5d5517 Mon Sep 17 00:00:00 2001
From: Soule BA <bah.soule@gmail.com>
Date: Fri, 1 Mar 2024 12:47:26 +0100
Subject: [PATCH] Add a promotion workflow from staging to production

Signed-off-by: Soule BA <bah.soule@gmail.com>
---
 .github/workflows/production-promotion.yaml   | 56 +++++++++++++++++++
 README.md                                     | 21 +++++++
 components/backend/staging/kustomization.yaml |  2 +-
 .../backend/staging/production-promotion.yaml | 31 ++++++++++
 .../frontend/staging/kustomization.yaml       |  1 +
 .../staging/production-promotion.yaml         | 29 ++++++++++
 6 files changed, 139 insertions(+), 1 deletion(-)
 create mode 100644 .github/workflows/production-promotion.yaml
 create mode 100644 components/backend/staging/production-promotion.yaml
 create mode 100644 components/frontend/staging/production-promotion.yaml

diff --git a/.github/workflows/production-promotion.yaml b/.github/workflows/production-promotion.yaml
new file mode 100644
index 0000000..05370f3
--- /dev/null
+++ b/.github/workflows/production-promotion.yaml
@@ -0,0 +1,56 @@
+name: production-promotion
+on:
+  repository_dispatch:
+    types:
+      - HelmRelease/redis.backend
+      - HelmRelease/memcached.backend
+      - HelmRelease/podinfo.frontend
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  promote:
+    runs-on: ubuntu-latest
+    # Start promotion when the staging cluster has successfully
+    # upgraded the Helm release to a new chart version.
+    if: |
+      github.event.client_payload.metadata.env == 'staging' &&
+      github.event.client_payload.severity == 'info'      
+    steps:
+      # Checkout main branch.
+      - uses: actions/checkout@v3
+        with:
+          ref: production
+      #Parse the event metadata to determine the chart version deployed on staging.
+      - name: Get chart version from staging
+        id: staging
+        run: |
+          VERSION=$(echo ${{ github.event.client_payload.metadata.revision }} | cut -d '@' -f1)
+          NAME=$(echo ${{ github.event.client_payload.involvedObject.name }} | cut -d '@' -f1)
+          NAMESPACE=$(echo ${{ github.event.client_payload.involvedObject.namespace }} | cut -d '@' -f1)
+          echo VERSION=${VERSION} >> $GITHUB_OUTPUT          
+          echo NAME=${NAME} >> $GITHUB_OUTPUT
+          echo NAMESPACE=${NAMESPACE} >> $GITHUB_OUTPUT
+      # Patch the chart version in the production Helm release manifest.
+      - name: Set chart version in production
+        id: production
+        env:
+          CHART_VERSION: ${{ steps.staging.outputs.version }}
+          NAME: ${{ steps.staging.outputs.name }}
+          NAMESPACE: ${{ steps.staging.outputs.namespace }}
+        run: |
+          echo "set chart version to ${CHART_VERSION}"
+          yq e '(select(.spec.chart.spec.version) | .spec.chart.spec.version) = env(CHART_VERSION)' -i ./components/${NAMESPACE}/base/${NAME}.yaml      
+      # Open a Pull Request if an upgraded is needed in production.
+      - name: Open promotion PR
+        uses: peter-evans/create-pull-request@v6
+        with:
+          branch: production-promotion-${{ steps.staging.outputs.name }}-${{ steps.staging.outputs.version }}
+          delete-branch: true
+          token: ${{ secrets.GITHUB_TOKEN }}
+          commit-message: Promote chart ${{ steps.staging.outputs.name }} to version ${{ steps.staging.outputs.version }}
+          title: Promote chart ${{ steps.staging.outputs.name }} to version ${{ steps.staging.outputs.version }}
+          body: |
+            Promote chart ${{ steps.staging.outputs.name }} to version ${{ steps.staging.outputs.version }}.
diff --git a/README.md b/README.md
index d02c8f2..2f1cf36 100644
--- a/README.md
+++ b/README.md
@@ -100,3 +100,24 @@ When a new chart version is pushed to the container registry, and if it matches
 Flux will update the HelmRelease YAML definitions and will push the changes to the `main` branch.
 Then it will upgrade the Helm releases to the new version to the staging cluster.
 
+### Promotion to Production
+
+After the HelmReleases are successfully installed or upgraded on the staging cluster, a promotion pipeline
+is triggered to promote the changes to the production clusters. It effectively opens pull requests
+on the `production` branch with the updated HelmChart versions.
+
+The promotion pipeline is defined in .github/workflows/production-promotion.yaml.
+The `provider` and `alerts` used to trigger the promotion pipeline are defined in the `staging` directory
+of each component:
+
+```shell
+./components/
+├── backend
+│   └── staging
+│       ├── kustomization.yaml
+│       └── production-promotion.yaml
+└── frontend
+    └── staging
+        ├── kustomization.yaml
+        └── production-promotion.yaml
+```
diff --git a/components/backend/staging/kustomization.yaml b/components/backend/staging/kustomization.yaml
index 91b8567..8dc333f 100644
--- a/components/backend/staging/kustomization.yaml
+++ b/components/backend/staging/kustomization.yaml
@@ -2,7 +2,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
   - ../base
+  - production-promotion.yaml
 patches:
   - path: memcached-values.yaml
   - path: redis-values.yaml
-
diff --git a/components/backend/staging/production-promotion.yaml b/components/backend/staging/production-promotion.yaml
new file mode 100644
index 0000000..5c67114
--- /dev/null
+++ b/components/backend/staging/production-promotion.yaml
@@ -0,0 +1,31 @@
+apiVersion: notification.toolkit.fluxcd.io/v1beta3
+kind: Provider
+metadata:
+  name: github
+  namespace: backend
+spec:
+  type: githubdispatch
+  address: https://github.com/controlplaneio-fluxcd/d1-apps
+  secretRef:
+    name: flux-apps
+---
+apiVersion: notification.toolkit.fluxcd.io/v1beta3
+kind: Alert
+metadata:
+  name: production-promotion
+  namespace: backend
+spec:
+  providerRef:
+    name: github
+  summary: "Trigger promotion"
+  eventMetadata:
+    env: staging
+    cluster: staging-1
+  eventSeverity: info
+  eventSources:
+    - kind: HelmRelease
+      name: redis
+    - kind: HelmRelease
+      name: memcached
+  inclusionList:
+    - ".*succeeded.*"
diff --git a/components/frontend/staging/kustomization.yaml b/components/frontend/staging/kustomization.yaml
index d34a054..d3c4a5d 100644
--- a/components/frontend/staging/kustomization.yaml
+++ b/components/frontend/staging/kustomization.yaml
@@ -2,6 +2,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
   - ../base
+  - production-promotion.yaml
 patches:
   - path: podinfo-values.yaml
     target:
diff --git a/components/frontend/staging/production-promotion.yaml b/components/frontend/staging/production-promotion.yaml
new file mode 100644
index 0000000..bf5e72a
--- /dev/null
+++ b/components/frontend/staging/production-promotion.yaml
@@ -0,0 +1,29 @@
+apiVersion: notification.toolkit.fluxcd.io/v1beta3
+kind: Provider
+metadata:
+  name: github
+  namespace: frontend
+spec:
+  type: githubdispatch
+  address: https://github.com/controlplaneio-fluxcd/d1-apps
+  secretRef:
+    name: flux-apps
+---
+apiVersion: notification.toolkit.fluxcd.io/v1beta3
+kind: Alert
+metadata:
+  name: production-promotion
+  namespace: frontend
+spec:
+  providerRef:
+    name: github
+  summary: "Trigger promotion"
+  eventMetadata:
+    env: staging
+    cluster: staging-1
+  eventSeverity: info
+  eventSources:
+    - kind: HelmRelease
+      name: podinfo
+  inclusionList:
+    - ".*succeeded.*"