🚀 Complete automation pipeline with SSL, testing, and deployment

✨ Features:
- Full SSL setup with Let's Encrypt for all environments
- Automated CI/CD pipeline with GitHub Actions
- Comprehensive smoke testing workflow
- Auto-deploy to dev on main branch push
- Manual staging/production deployments with confirmation
- Istio + nginx SSL termination architecture

🔧 Infrastructure:
- Migrated from Kourier to Istio for Knative ingress
- nginx handles SSL termination and public traffic
- Istio manages internal Knative service routing
- Scale-to-zero configuration for all environments

🧪 Testing:
- SSL certificate validation and expiry checks
- Domain accessibility and content validation
- Performance testing and redirect behavior validation
- Automated smoke tests on every deployment

🌐 Domains:
- Dev: https://2048-dev.wa.darknex.us
- Staging: https://2048-staging.wa.darknex.us
- Production: https://2048.wa.darknex.us

📦 Deployment:
- Uses latest GHCR images with imagePullPolicy: Always
- Automated secret management across namespaces
- Environment-specific Knative service configurations
- Clean manifest structure with proper labeling

.github/workflows/deploy-dev.yml

@@ -1,53 +1,102 @@
 name: Deploy to Development
 
 on:
-  push:
-    branches: [ develop ]
-  pull_request:
-    branches: [ develop ]
+  workflow_run:
+    workflows: ["Build and Push Container Image"]
+    types:
+      - completed
+    branches: [ main ]
+  workflow_dispatch:
+    inputs:
+      image_tag:
+        description: 'Image tag to deploy (default: latest)'
+        required: false
+        default: 'latest'
 
 env:
   REGISTRY: ghcr.io
   IMAGE_NAME: ghndrx/k8s-game-2048
 
 jobs:
-  build-and-deploy:
+  deploy-dev:
+    name: Deploy to Development
     runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      packages: write
-
+    if: ${{ github.event.workflow_run.conclusion == 'success' || github.event_name == 'workflow_dispatch' }}
+    environment: development
+    
     steps:
     - name: Checkout repository
       uses: actions/checkout@v4
 
-    - name: Log in to Container Registry
-      uses: docker/login-action@v3
-      with:
-        registry: ${{ env.REGISTRY }}
-        username: ${{ github.actor }}
-        password: ${{ secrets.GITHUB_TOKEN }}
-
-    - name: Extract metadata
-      id: meta
-      uses: docker/metadata-action@v5
-      with:
-        images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
-        tags: |
-          type=ref,event=branch
-          type=ref,event=pr
-          type=sha,prefix={{branch}}-
-
-    - name: Build and push Docker image
-      uses: docker/build-push-action@v5
-      with:
-        context: .
-        push: true
-        tags: ${{ steps.meta.outputs.tags }}
-        labels: ${{ steps.meta.outputs.labels }}
-
     - name: Set up kubectl
       uses: azure/setup-kubectl@v3
+      with:
+        version: 'latest'
+
+    - name: Configure kubectl
+      run: |
+        mkdir -p ~/.kube
+        echo "${{ secrets.KUBECONFIG }}" | base64 -d > ~/.kube/config
+        chmod 600 ~/.kube/config
+
+    - name: Set image tag
+      run: |
+        IMAGE_TAG="${{ github.event.inputs.image_tag || 'latest' }}"
+        echo "IMAGE_TAG=$IMAGE_TAG" >> $GITHUB_ENV
+        echo "Deploying image: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:$IMAGE_TAG"
+
+    - name: Deploy to development
+      run: |
+        echo "🚀 Deploying to development environment..."
+        
+        # Apply namespace
+        kubectl apply -f manifests/dev/namespace.yml
+        
+        # Ensure GHCR secret exists
+        if kubectl get secret ghcr-secret -n default &>/dev/null; then
+          echo "🔐 Copying GHCR secret to dev namespace..."
+          kubectl get secret ghcr-secret -o yaml | \
+          sed 's/namespace: default/namespace: game-2048-dev/' | \
+          sed '/resourceVersion:/d' | \
+          sed '/uid:/d' | \
+          sed '/creationTimestamp:/d' | \
+          kubectl apply -f -
+        fi
+        
+        # Update image in service and deploy
+        kubectl patch ksvc game-2048-dev -n game-2048-dev --type merge -p '{"spec":{"template":{"spec":{"containers":[{"image":"${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }}","imagePullPolicy":"Always"}]}}}}'
+        
+        echo "⏳ Waiting for deployment to be ready..."
+        kubectl wait --for=condition=Ready ksvc/game-2048-dev -n game-2048-dev --timeout=300s || echo "⚠️ Service may still be starting"
+
+    - name: Verify deployment
+      run: |
+        echo "📊 Deployment status:"
+        kubectl get ksvc -n game-2048-dev
+        
+        echo ""
+        echo "✅ Development deployment completed!"
+        echo "🌐 Available at: https://2048-dev.wa.darknex.us"
+
+    - name: Run smoke test
+      run: |
+        echo "🧪 Running smoke test..."
+        sleep 30
+        
+        for i in {1..5}; do
+          echo "Attempt $i/5..."
+          if curl -s --max-time 30 https://2048-dev.wa.darknex.us/ | grep -q "2048"; then
+            echo "✅ Smoke test passed!"
+            break
+          elif [ $i -eq 5 ]; then
+            echo "⚠️ Smoke test failed after 5 attempts"
+            exit 1
+          else
+            echo "Retrying in 30 seconds..."
+            sleep 30
+          fi
+        done
+      uses: azure/setup-kubectl@v3
       with:
         version: 'v1.28.0'