diff --git a/.env.example b/.env.example index 1934a7d..5c9198d 100644 --- a/.env.example +++ b/.env.example @@ -14,7 +14,7 @@ DEV_DOMAIN=2048-dev.your-domain.com STAGING_DOMAIN=2048-staging.your-domain.com PROD_DOMAIN=2048.your-domain.com -# Canonical Knative Domains +# Canonical Knative Domains (auto-generated by Knative) DEV_CANONICAL_DOMAIN=game-2048-dev.game-2048-dev.dev.your-domain.com STAGING_CANONICAL_DOMAIN=game-2048-staging.game-2048-staging.staging.your-domain.com PROD_CANONICAL_DOMAIN=game-2048-prod.game-2048-prod.your-domain.com diff --git a/.github/workflows/auto-promote.yml b/.github/workflows/auto-promote.yml index cfea21a..dc66385 100644 --- a/.github/workflows/auto-promote.yml +++ b/.github/workflows/auto-promote.yml @@ -80,4 +80,7 @@ jobs: echo "### ๐Ÿ”— Next Steps" >> $GITHUB_STEP_SUMMARY echo "- Staging deployment will start automatically" >> $GITHUB_STEP_SUMMARY echo "- Staging tests will run automatically" >> $GITHUB_STEP_SUMMARY - echo "- Production promotion requires manual approval via staging โ†’ main merge" >> $GITHUB_STEP_SUMMARY + echo "- Production promotion will happen automatically after staging tests pass" >> $GITHUB_STEP_SUMMARY + echo "- Production deployment will happen automatically after promotion" >> $GITHUB_STEP_SUMMARY + echo "" >> $GITHUB_STEP_SUMMARY + echo "๐Ÿš€ **Fully Automatic Pipeline** - No manual intervention required!" >> $GITHUB_STEP_SUMMARY diff --git a/.github/workflows/build-image.yml b/.github/workflows/build-image.yml index 406b96c..93dbcb6 100644 --- a/.github/workflows/build-image.yml +++ b/.github/workflows/build-image.yml @@ -8,7 +8,7 @@ on: env: REGISTRY: ghcr.io - IMAGE_NAME: ghndrx/k8s-game-2048 + IMAGE_NAME: ${GITHUB_REPOSITORY} jobs: build: diff --git a/.github/workflows/deploy-prod.yml b/.github/workflows/deploy-prod.yml index 54a8bf9..095b366 100644 --- a/.github/workflows/deploy-prod.yml +++ b/.github/workflows/deploy-prod.yml @@ -1,6 +1,8 @@ name: Deploy to Production on: + push: + branches: [ main ] workflow_dispatch: inputs: image_tag: @@ -8,17 +10,12 @@ on: required: false default: 'latest' confirmation: - description: 'Type "DEPLOY" to confirm production deployment' + description: 'Type "DEPLOY" to confirm manual production deployment' required: true source_environment: description: 'Source environment (staging or manual)' required: false default: 'staging' - workflow_run: - workflows: ["Deploy to Staging"] - types: - - completed - branches: [ main, master ] env: REGISTRY: ghcr.io @@ -30,7 +27,7 @@ jobs: runs-on: ubuntu-latest if: | (github.event_name == 'workflow_dispatch' && github.event.inputs.confirmation == 'DEPLOY') || - (github.event_name == 'workflow_run' && github.event.workflow_run.conclusion == 'success') + (github.event_name == 'push' && github.ref == 'refs/heads/main') steps: - name: Checkout repository @@ -40,9 +37,11 @@ jobs: run: | if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then IMAGE_TAG="${{ github.event.inputs.image_tag || 'latest' }}" + echo "๐Ÿ”ง Manual production deployment with image: $IMAGE_TAG" else - # For production deployment, use the main branch commit tag + # For automatic production deployment, use the main branch commit tag IMAGE_TAG="main-$(echo "${{ github.sha }}" | cut -c1-7)" + echo "๐Ÿš€ Automatic production deployment with image: $IMAGE_TAG" fi echo "IMAGE_TAG=$IMAGE_TAG" >> $GITHUB_ENV echo "Deploying image: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:$IMAGE_TAG" diff --git a/.github/workflows/deployment-status.yml b/.github/workflows/deployment-status.yml index ca97092..49d1381 100644 --- a/.github/workflows/deployment-status.yml +++ b/.github/workflows/deployment-status.yml @@ -15,7 +15,7 @@ jobs: - name: Check Development Status run: | echo "๐Ÿงช Checking Development Environment..." - DEV_URL="https://game-2048-dev.game-2048-dev.dev.wa.darknex.us" + DEV_URL="https://${{ secrets.DEV_DOMAIN }}" DEV_STATUS=$(curl -s -o /dev/null -w "%{http_code}" -L --max-time 30 "$DEV_URL" || echo "000") DEV_VERSION=$(curl -s -L --max-time 30 "$DEV_URL" | grep -o '[^<]*' | sed 's/\(.*\)<\/title>/\1/' || echo "Unknown") @@ -28,7 +28,7 @@ jobs: - name: Check Staging Status run: | echo "๐ŸŽญ Checking Staging Environment..." - STAGING_URL="https://game-2048-staging.game-2048-staging.staging.wa.darknex.us" + STAGING_URL="https://${{ secrets.STAGING_DOMAIN }}" STAGING_STATUS=$(curl -s -o /dev/null -w "%{http_code}" -L --max-time 30 "$STAGING_URL" || echo "000") STAGING_VERSION=$(curl -s -L --max-time 30 "$STAGING_URL" | grep -o '<title>[^<]*' | sed 's/\(.*\)<\/title>/\1/' || echo "Unknown") @@ -41,7 +41,7 @@ jobs: - name: Check Production Status run: | echo "๐Ÿš€ Checking Production Environment..." - PROD_URL="https://game-2048-prod.game-2048-prod.wa.darknex.us" + PROD_URL="https://${{ secrets.PROD_DOMAIN }}" PROD_STATUS=$(curl -s -o /dev/null -w "%{http_code}" -L --max-time 30 "$PROD_URL" || echo "000") PROD_VERSION=$(curl -s -L --max-time 30 "$PROD_URL" | grep -o '<title>[^<]*' | sed 's/\(.*\)<\/title>/\1/' || echo "Unknown") @@ -64,7 +64,7 @@ jobs: else DEV_ICON="โŒ" fi - echo "| ๐Ÿงช Development | $DEV_ICON HTTP $DEV_STATUS | $DEV_VERSION | https://game-2048-dev.game-2048-dev.dev.wa.darknex.us |" >> $GITHUB_STEP_SUMMARY + echo "| ๐Ÿงช Development | $DEV_ICON HTTP $DEV_STATUS | $DEV_VERSION | https://${{ secrets.DEV_DOMAIN }} |" >> $GITHUB_STEP_SUMMARY # Staging status if [ "$STAGING_STATUS" = "200" ]; then @@ -72,7 +72,7 @@ jobs: else STAGING_ICON="โŒ" fi - echo "| ๐ŸŽญ Staging | $STAGING_ICON HTTP $STAGING_STATUS | $STAGING_VERSION | https://game-2048-staging.game-2048-staging.staging.wa.darknex.us |" >> $GITHUB_STEP_SUMMARY + echo "| ๐ŸŽญ Staging | $STAGING_ICON HTTP $STAGING_STATUS | $STAGING_VERSION | https://${{ secrets.STAGING_DOMAIN }} |" >> $GITHUB_STEP_SUMMARY # Production status if [ "$PROD_STATUS" = "200" ]; then @@ -80,12 +80,14 @@ jobs: else PROD_ICON="โŒ" fi - echo "| ๐Ÿš€ Production | $PROD_ICON HTTP $PROD_STATUS | $PROD_VERSION | https://game-2048-prod.game-2048-prod.wa.darknex.us |" >> $GITHUB_STEP_SUMMARY + echo "| ๐Ÿš€ Production | $PROD_ICON HTTP $PROD_STATUS | $PROD_VERSION | https://${{ secrets.PROD_DOMAIN }} |" >> $GITHUB_STEP_SUMMARY echo "" >> $GITHUB_STEP_SUMMARY - echo "### ๐Ÿ”ง Manual Actions Available" >> $GITHUB_STEP_SUMMARY - echo "- **Deploy to Production**: Run 'Deploy to Production' workflow (requires typing 'DEPLOY')" >> $GITHUB_STEP_SUMMARY - echo "- **Promote to Production**: Run 'Promote to Production' workflow (requires typing 'PROMOTE')" >> $GITHUB_STEP_SUMMARY - echo "- **Run Smoke Tests**: Run 'Smoke Tests' workflow on any environment" >> $GITHUB_STEP_SUMMARY + echo "### ๐Ÿ”ง Emergency Actions Available" >> $GITHUB_STEP_SUMMARY + echo "- **Emergency Deploy**: Run 'Deploy to Production' workflow (requires typing 'DEPLOY')" >> $GITHUB_STEP_SUMMARY + echo "- **Force Promotion**: Run 'Auto-Promote to Production' workflow" >> $GITHUB_STEP_SUMMARY + echo "- **Test Environment**: Run 'Smoke Tests' workflow on any environment" >> $GITHUB_STEP_SUMMARY + echo "" >> $GITHUB_STEP_SUMMARY + echo "**Note**: Pipeline is fully automatic - manual actions only for emergencies" >> $GITHUB_STEP_SUMMARY echo "" >> $GITHUB_STEP_SUMMARY echo "๐Ÿ“… **Generated**: $(date -u '+%Y-%m-%d %H:%M:%S UTC')" >> $GITHUB_STEP_SUMMARY diff --git a/.github/workflows/pr-validation.yml b/.github/workflows/pr-validation.yml index bd74f79..6831adc 100644 --- a/.github/workflows/pr-validation.yml +++ b/.github/workflows/pr-validation.yml @@ -6,7 +6,7 @@ on: env: REGISTRY: ghcr.io - IMAGE_NAME: ghndrx/k8s-game-2048 + IMAGE_NAME: ${GITHUB_REPOSITORY} jobs: validate: diff --git a/.github/workflows/promote-to-production.yml b/.github/workflows/promote-to-production.yml index 3f9744a..f9e1d4d 100644 --- a/.github/workflows/promote-to-production.yml +++ b/.github/workflows/promote-to-production.yml @@ -1,4 +1,4 @@ -name: Promote to Production +name: Auto-Promote to Production on: workflow_run: @@ -8,11 +8,8 @@ on: branches: [ staging ] workflow_dispatch: inputs: - confirmation: - description: 'Type "PROMOTE" to confirm staging โ†’ production promotion' - required: true skip_tests: - description: 'Skip staging tests (use only if staging is already validated)' + description: 'Emergency override: Skip staging tests (use only if staging is already validated)' required: false default: false type: boolean @@ -23,7 +20,7 @@ jobs: runs-on: ubuntu-latest environment: staging if: | - (github.event_name == 'workflow_dispatch' && github.event.inputs.confirmation == 'PROMOTE') || + (github.event_name == 'workflow_dispatch') || (github.event_name == 'workflow_run' && github.event.workflow_run.conclusion == 'success') steps: @@ -43,12 +40,18 @@ jobs: run: | echo "โœ… Staging smoke tests passed - proceeding with auto-promotion to production" + - name: Auto-promotion to production + if: github.event_name == 'workflow_run' + run: | + echo "๏ฟฝ Staging smoke tests passed - automatically promoting to production" + echo "๐Ÿ“‹ Trigger: Automatic after staging tests" + echo "โœ… No manual intervention required" + - name: Manual promotion confirmation if: github.event_name == 'workflow_dispatch' run: | - echo "๐Ÿ”’ Manual promotion to production confirmed" + echo "๐Ÿ”ง Manual promotion to production triggered" echo "๐Ÿ“‹ Trigger: ${{ github.event_name }}" - echo "๐ŸŽฏ Confirmation: ${{ github.event.inputs.confirmation }}" echo "โšก Skip tests: ${{ github.event.inputs.skip_tests }}" - name: Auto-promote staging to main branch @@ -56,7 +59,7 @@ jobs: with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | - console.log('๐ŸŽฏ All staging smoke tests passed! Auto-promoting staging to main branch...'); + console.log('๐Ÿš€ All staging smoke tests passed! Auto-promoting staging to main for production deployment...'); // Create a merge from staging to main try { @@ -99,9 +102,9 @@ jobs: echo "### ๐ŸŽฎ Deployment Status" >> $GITHUB_STEP_SUMMARY # Use canonical domain format (these are the Knative domains) - DEV_URL="https://game-2048-dev.game-2048-dev.dev.wa.darknex.us" - STAGING_URL="https://game-2048-staging.game-2048-staging.staging.wa.darknex.us" - PROD_URL="https://game-2048-prod.game-2048-prod.wa.darknex.us" + DEV_URL="https://${{ secrets.DEV_DOMAIN }}" + STAGING_URL="https://${{ secrets.STAGING_DOMAIN }}" + PROD_URL="https://${{ secrets.PROD_DOMAIN }}" echo "- **Development**: โœ… Live at $DEV_URL" >> $GITHUB_STEP_SUMMARY echo "- **Staging**: โœ… Live at $STAGING_URL" >> $GITHUB_STEP_SUMMARY diff --git a/.github/workflows/smoke-test.yml b/.github/workflows/smoke-test.yml index 5227ffa..f171fa1 100644 --- a/.github/workflows/smoke-test.yml +++ b/.github/workflows/smoke-test.yml @@ -44,15 +44,15 @@ jobs: run: | case "${{ matrix.environment }}" in dev) - echo "CANONICAL_DOMAIN=https://game-2048-dev.game-2048-dev.dev.wa.darknex.us" >> $GITHUB_ENV + echo "CANONICAL_DOMAIN=https://${{ secrets.DEV_DOMAIN }}" >> $GITHUB_ENV echo "ENV_NAME=development" >> $GITHUB_ENV ;; staging) - echo "CANONICAL_DOMAIN=https://game-2048-staging.game-2048-staging.staging.wa.darknex.us" >> $GITHUB_ENV + echo "CANONICAL_DOMAIN=https://${{ secrets.STAGING_DOMAIN }}" >> $GITHUB_ENV echo "ENV_NAME=staging" >> $GITHUB_ENV ;; prod) - echo "CANONICAL_DOMAIN=https://game-2048-prod.game-2048-prod.wa.darknex.us" >> $GITHUB_ENV + echo "CANONICAL_DOMAIN=https://${{ secrets.PROD_DOMAIN }}" >> $GITHUB_ENV echo "ENV_NAME=production" >> $GITHUB_ENV ;; esac @@ -157,9 +157,9 @@ jobs: # Canonical domains (Knative domains only) canonical_domains=( - "game-2048-dev.game-2048-dev.dev.wa.darknex.us" - "game-2048-staging.game-2048-staging.staging.wa.darknex.us" - "game-2048-prod.game-2048-prod.wa.darknex.us" + "${{ secrets.DEV_DOMAIN }}" + "${{ secrets.STAGING_DOMAIN }}" + "${{ secrets.PROD_DOMAIN }}" ) for domain in "${canonical_domains[@]}"; do @@ -179,9 +179,9 @@ jobs: # Canonical domains (Knative domains only) canonical_domains=( - "game-2048-dev.game-2048-dev.dev.wa.darknex.us" - "game-2048-staging.game-2048-staging.staging.wa.darknex.us" - "game-2048-prod.game-2048-prod.wa.darknex.us" + "${{ secrets.DEV_DOMAIN }}" + "${{ secrets.STAGING_DOMAIN }}" + "${{ secrets.PROD_DOMAIN }}" ) for domain in "${canonical_domains[@]}"; do @@ -231,9 +231,9 @@ jobs: echo "### Tested Canonical Domains" >> $GITHUB_STEP_SUMMARY # Use canonical domain format - DEV_URL="https://game-2048-dev.game-2048-dev.dev.wa.darknex.us" - STAGING_URL="https://game-2048-staging.game-2048-staging.staging.wa.darknex.us" - PROD_URL="https://game-2048-prod.game-2048-prod.wa.darknex.us" + DEV_URL="https://${{ secrets.DEV_DOMAIN }}" + STAGING_URL="https://${{ secrets.STAGING_DOMAIN }}" + PROD_URL="https://${{ secrets.PROD_DOMAIN }}" echo "- ๐Ÿงช Development: $DEV_URL" >> $GITHUB_STEP_SUMMARY echo "- ๐ŸŽญ Staging: $STAGING_URL" >> $GITHUB_STEP_SUMMARY diff --git a/.gitignore b/.gitignore index 8169fe6..4f33fac 100644 --- a/.gitignore +++ b/.gitignore @@ -55,10 +55,36 @@ pids *.pid *.seed *.pid.lock - +cleanup-* # Coverage directory used by tools like istanbul coverage/ # Build outputs dist/ build/ + +# Personal Information (PII) and sensitive files +# These files may contain personal domains, emails, or secrets +*.personal +*.private +personal-* +private-* + +# Any files with actual domain/email configurations +# (should use .env instead) +actual-domains.txt +domain-config.txt +email-config.txt + +# Generated files from environment substitution +*.env.resolved +*.resolved.yaml +*.resolved.yml + +# Temporary files from cleanup/setup scripts +*.tmp +*.temp +cleanup-*.log +setup-*.log + +verify-* \ No newline at end of file diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 5da0d1c..7c8af66 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -46,9 +46,9 @@ We use a GitFlow-inspired workflow: | Environment | Branch | Domain | Auto-Deploy | |-------------|--------|---------|------------| -| Development | `develop` | `2048-dev.wa.darknex.us` | โœ… | -| Staging | `staging` | `2048-staging.wa.darknex.us` | โœ… | -| Production | `master` | `2048.wa.darknex.us` | โœ… | +| Development | `develop` | `${DEV_DOMAIN}` | โœ… | +| Staging | `staging` | `${STAGING_DOMAIN}` | โœ… | +| Production | `master` | `${PROD_DOMAIN}` | โœ… | ## Making Changes @@ -113,7 +113,7 @@ kubectl apply -f manifests/dev/ kubectl get ksvc -n game-2048-dev # Test the deployed service -curl -f https://2048-dev.wa.darknex.us/ +curl -f https://${DEV_DOMAIN}/ ``` ## Code Style diff --git a/DEPLOYMENT_TEST.md b/DEPLOYMENT_TEST.md index 80b8848..212efd3 100644 --- a/DEPLOYMENT_TEST.md +++ b/DEPLOYMENT_TEST.md @@ -15,7 +15,7 @@ The following secrets must be configured in your GitHub repository: 2. **DEV_WEBHOOK_URL** - Development webhook endpoint 3. **STAGING_WEBHOOK_URL** - Staging webhook endpoint 4. **PROD_WEBHOOK_URL** - Production webhook endpoint -5. **KNATIVE_DOMAIN** - Your Knative domain (e.g., `dev.wa.darknex.us`) +5. **KNATIVE_DOMAIN** - Your Knative domain (e.g., `dev.${BASE_DOMAIN}`) ### Testing the Pipeline diff --git a/README.md b/README.md index ee889d0..23d1ecb 100644 --- a/README.md +++ b/README.md @@ -13,9 +13,30 @@ A Kubernetes deployment of the classic 2048 game using Knative Serving with Isti ## Environments -- **Development**: `https://2048-dev.wa.darknex.us` -- **Staging**: `https://2048-staging.wa.darknex.us` -- **Production**: `https://2048.wa.darknex.us` +- **Development**: `https://${DEV_CANONICAL_DOMAIN}` +- **Staging**: `https://${STAGING_CANONICAL_DOMAIN}` +- **Production**: `https://${PROD_CANONICAL_DOMAIN}` + +## ๐Ÿ”„ CI/CD Pipeline + +This project features a fully automated CI/CD pipeline with: + +- **Automated Deployments**: Push to `develop` โ†’ auto-deploy to dev โ†’ auto-promote to staging โ†’ auto-promote to production +- **Comprehensive Testing**: Smoke tests after each deployment +- **Manual Controls**: Override any step with manual workflows +- **Zero-downtime Deployments**: Blue-green strategy for production +- **Security**: Webhook signature validation and environment-specific secrets + +### Quick Actions + +| Action | Command | +|--------|---------| +| ๐Ÿ“Š Check Status | Actions โ†’ "Deployment Status Check" | +| ๐Ÿš€ Deploy to Prod | Actions โ†’ "Deploy to Production" (type "DEPLOY") | +| โฌ†๏ธ Promote to Prod | Actions โ†’ "Promote to Production" (type "PROMOTE") | +| ๐Ÿงช Run Tests | Actions โ†’ "Smoke Tests" | + +๐Ÿ“š **[Full Pipeline Documentation](docs/WORKFLOWS.md)** | ๐Ÿš€ **[Quick Reference](docs/WORKFLOW_QUICK_REFERENCE.md)** ## Architecture @@ -49,7 +70,7 @@ A Kubernetes deployment of the classic 2048 game using Knative Serving with Isti 1. Clone the repository: ```bash -git clone https://github.com/ghndrx/k8s-game-2048.git +git clone https://github.com/${GITHUB_REPOSITORY}.git cd k8s-game-2048 ``` @@ -75,36 +96,38 @@ kubectl apply -f manifests/staging/ kubectl apply -f manifests/prod/ ``` -## Project Structure +## ๐Ÿ“ Project Structure ``` k8s-game-2048/ โ”œโ”€โ”€ README.md โ”œโ”€โ”€ Dockerfile โ”œโ”€โ”€ .github/ -โ”‚ โ””โ”€โ”€ workflows/ -โ”‚ โ”œโ”€โ”€ deploy-dev.yml -โ”‚ โ”œโ”€โ”€ deploy-staging.yml -โ”‚ โ””โ”€โ”€ deploy-prod.yml +โ”‚ โ””โ”€โ”€ workflows/ # CI/CD Pipeline +โ”‚ โ”œโ”€โ”€ build-image.yml # Build & push Docker images +โ”‚ โ”œโ”€โ”€ deploy-dev.yml # Development deployment +โ”‚ โ”œโ”€โ”€ deploy-staging.yml # Staging deployment +โ”‚ โ”œโ”€โ”€ deploy-prod.yml # Production deployment +โ”‚ โ”œโ”€โ”€ smoke-test.yml # Post-deployment testing +โ”‚ โ”œโ”€โ”€ auto-promote.yml # Auto dev โ†’ staging promotion +โ”‚ โ”œโ”€โ”€ promote-to-production.yml # Auto/manual staging โ†’ prod +โ”‚ โ””โ”€โ”€ deployment-status.yml # Environment health checks +โ”œโ”€โ”€ docs/ +โ”‚ โ”œโ”€โ”€ WORKFLOWS.md # Complete pipeline documentation +โ”‚ โ”œโ”€โ”€ WORKFLOW_QUICK_REFERENCE.md # Quick action guide +โ”‚ โ”œโ”€โ”€ SETUP.md # Environment setup guide +โ”‚ โ”œโ”€โ”€ ENVIRONMENT.md # Environment configuration +โ”‚ โ””โ”€โ”€ WEBHOOK_DEPLOYMENT.md # Webhook handler setup โ”œโ”€โ”€ manifests/ -โ”‚ โ”œโ”€โ”€ dev/ -โ”‚ โ”‚ โ”œโ”€โ”€ namespace.yml -โ”‚ โ”‚ โ”œโ”€โ”€ service.yml -โ”‚ โ”‚ โ””โ”€โ”€ domain-mapping.yml -โ”‚ โ”œโ”€โ”€ staging/ -โ”‚ โ”‚ โ”œโ”€โ”€ namespace.yml -โ”‚ โ”‚ โ”œโ”€โ”€ service.yml -โ”‚ โ”‚ โ””โ”€โ”€ domain-mapping.yml -โ”‚ โ””โ”€โ”€ prod/ -โ”‚ โ”œโ”€โ”€ namespace.yml -โ”‚ โ”œโ”€โ”€ service.yml -โ”‚ โ””โ”€โ”€ domain-mapping.yml -โ”œโ”€โ”€ scripts/ -โ”‚ โ”œโ”€โ”€ setup-knative.sh -โ”‚ โ”œโ”€โ”€ setup-kourier.sh -โ”‚ โ””โ”€โ”€ deploy.sh -โ””โ”€โ”€ src/ - โ””โ”€โ”€ (2048 game files) +โ”‚ โ”œโ”€โ”€ dev/ # Development Kubernetes manifests +โ”‚ โ”œโ”€โ”€ staging/ # Staging Kubernetes manifests +โ”‚ โ”œโ”€โ”€ prod/ # Production Kubernetes manifests +โ”‚ โ””โ”€โ”€ webhook/ # Webhook handler manifests +โ”œโ”€โ”€ scripts/ # Setup and deployment scripts +โ””โ”€โ”€ src/ # 2048 game source code + โ”œโ”€โ”€ index.html + โ”œโ”€โ”€ style.css + โ””โ”€โ”€ script.js ``` ## Deployment @@ -124,6 +147,35 @@ Each environment includes: - Request metrics via Knative - Custom domain health checks +## ๐Ÿ”’ Security & Privacy + +This repository is **PII-free** and production-ready: + +- โœ… **No hardcoded emails, domains, or personal information** +- โœ… **All configuration via environment variables** +- โœ… **Secrets managed via `.env` files and GitHub secrets** +- โœ… **Generic templates that work for any domain/organization** + +### Quick Setup + +1. **Clone and configure:** + ```bash + git clone https://github.com/${GITHUB_REPOSITORY}.git + cd k8s-game-2048 + cp .env.example .env + # Edit .env with your actual values + ``` + +2. **Apply your configuration:** + ```bash + ./scripts/cleanup-pii.sh + ``` + +3. **Set GitHub secrets for CI/CD:** + - `DEV_DOMAIN`, `STAGING_DOMAIN`, `PROD_DOMAIN` + - `WEBHOOK_SECRET` + - Webhook URLs for each environment + ## Contributing 1. Fork the repository diff --git a/docs/BRANCHING.md b/docs/BRANCHING.md index 048a8cb..dfe8090 100644 --- a/docs/BRANCHING.md +++ b/docs/BRANCHING.md @@ -15,21 +15,21 @@ master (production) ### ๐ŸŸข Development Environment - **Branch**: `develop` -- **Domain**: `2048-dev.wa.darknex.us` +- **Domain**: `${DEV_DOMAIN}` - **Trigger**: Push to `develop` branch - **Auto-deploy**: โœ… Yes - **Purpose**: Latest development features, may be unstable ### ๐ŸŸก Staging Environment - **Branch**: `staging` -- **Domain**: `2048-staging.wa.darknex.us` +- **Domain**: `${STAGING_DOMAIN}` - **Trigger**: Push to `staging` branch - **Auto-deploy**: โœ… Yes - **Purpose**: Pre-production testing, stable features ### ๐Ÿ”ด Production Environment - **Branch**: `master` -- **Domain**: `2048.wa.darknex.us` +- **Domain**: `${PROD_DOMAIN}` - **Trigger**: Push to `master` branch OR GitHub Release - **Auto-deploy**: โœ… Yes - **Purpose**: Live production environment @@ -59,7 +59,7 @@ git push origin feature/awesome-new-feature ```bash # 1. Merge feature to develop (via PR) -# 2. Test in dev environment: 2048-dev.wa.darknex.us +# 2. Test in dev environment: ${DEV_DOMAIN} # 3. Promote to staging git checkout staging @@ -67,7 +67,7 @@ git pull origin staging git merge develop git push origin staging -# 4. Test in staging: 2048-staging.wa.darknex.us +# 4. Test in staging: ${STAGING_DOMAIN} ``` ### Deploying to Production @@ -83,7 +83,7 @@ git push origin master git tag -a v1.0.0 -m "Release version 1.0.0" git push origin v1.0.0 -# 3. Production deploys automatically: 2048.wa.darknex.us +# 3. Production deploys automatically: ${PROD_DOMAIN} ``` ### Hotfix Flow diff --git a/docs/PIPELINE_QUICK_REFERENCE.md b/docs/PIPELINE_QUICK_REFERENCE.md new file mode 100644 index 0000000..04b7465 --- /dev/null +++ b/docs/PIPELINE_QUICK_REFERENCE.md @@ -0,0 +1,61 @@ +# ๐Ÿš€ Fully Automatic CI/CD Pipeline + +## Pipeline Flow +``` +Push to develop โ†’ Build โ†’ Deploy Dev โ†’ Test Dev โ†’ +Promote to Staging โ†’ Build โ†’ Deploy Staging โ†’ Test Staging โ†’ +Promote to Production โ†’ Build โ†’ Deploy Production โ†’ Test Production +``` + +## Key Features +โœ… **Zero Manual Intervention** - Fully automatic from develop to production +โœ… **Smart Testing** - Tests run after deployments, not before +โœ… **Safe Rollouts** - Each environment tested before promotion +โœ… **Commit Tracking** - Each deployment uses exact commit-tagged images +โœ… **Emergency Override** - Manual actions available if needed + +## Environments + +| Environment | URL | Deployment Trigger | +|-------------|-----|-------------------| +| ๐Ÿงช Development | Your configured development domain | Push to `develop` | +| ๐ŸŽญ Staging | Your configured staging domain | After dev tests pass | +| ๐Ÿš€ Production | Your configured production domain | After staging tests pass | + +## How It Works + +1. **Developer pushes to `develop`** + - Automatically builds image: `develop-abc1234` + - Deploys to development environment + - Runs smoke tests on the new deployment + +2. **Dev tests pass** + - Automatically merges `develop` โ†’ `staging` + - Builds staging image: `staging-def5678` + - Deploys to staging environment + - Runs smoke tests on staging + +3. **Staging tests pass** + - Automatically merges `staging` โ†’ `main` + - Builds production image: `main-ghi9012` + - Deploys to production environment + - Runs smoke tests on production + +## Emergency Actions + +If the automatic pipeline breaks, these manual actions are available: + +- **Emergency Production Deploy**: Actions โ†’ "Deploy to Production" (type "DEPLOY") +- **Force Promotion**: Actions โ†’ "Auto-Promote to Production" +- **Check Status**: Actions โ†’ "Deployment Status Check" +- **Test Environments**: Actions โ†’ "Smoke Tests" + +## Monitoring + +- **Pipeline Status**: Check GitHub Actions tab +- **Environment Health**: Run "Deployment Status Check" workflow +- **Live Monitoring**: Each environment URL shows current version + +--- + +**๐ŸŽฏ Result**: Push code to `develop`, and it automatically flows through all environments to production with full testing at each stage! diff --git a/docs/SETUP.md b/docs/SETUP.md index 45b6609..8acd425 100644 --- a/docs/SETUP.md +++ b/docs/SETUP.md @@ -58,7 +58,7 @@ kubectl patch configmap/config-network \ kubectl patch configmap/config-domain \ --namespace knative-serving \ --type merge \ - --patch '{"data":{"wa.darknex.us":""}}' + --patch "{\"data\":{\"${KNATIVE_DOMAIN}\":\"\"}}" ``` ### 4. Set up TLS (Optional but Recommended) @@ -79,7 +79,7 @@ metadata: spec: acme: server: https://acme-v02.api.letsencrypt.org/directory - email: admin@darknex.us + email: ${CERT_EMAIL} privateKeySecretRef: name: letsencrypt-prod solvers: @@ -112,10 +112,10 @@ After installation, configure your DNS to point to the Kourier LoadBalancer: 2. **Create DNS records**: ``` - 2048-dev.wa.darknex.us -> LoadBalancer IP - 2048-staging.wa.darknex.us -> LoadBalancer IP - 2048.wa.darknex.us -> LoadBalancer IP - *.wa.darknex.us -> LoadBalancer IP (wildcard) + ${DEV_DOMAIN} -> LoadBalancer IP + ${STAGING_DOMAIN} -> LoadBalancer IP + ${PROD_DOMAIN} -> LoadBalancer IP + *.${BASE_DOMAIN} -> LoadBalancer IP (wildcard) ``` ## Verification @@ -153,7 +153,7 @@ kubectl get ksvc -n game-2048-dev 3. **TLS certificates not issued**: - Check cert-manager logs: `kubectl logs -n cert-manager -l app=cert-manager` - - Verify DNS propagation: `dig 2048-dev.wa.darknex.us` + - Verify DNS propagation: `dig ${DEV_DOMAIN}` 4. **Service not accessible**: - Check Kourier gateway logs: `kubectl logs -n kourier-system -l app=3scale-kourier-gateway` diff --git a/docs/WEBHOOK_DEPLOYMENT.md b/docs/WEBHOOK_DEPLOYMENT.md index 54eb3d5..ae5a085 100644 --- a/docs/WEBHOOK_DEPLOYMENT.md +++ b/docs/WEBHOOK_DEPLOYMENT.md @@ -32,7 +32,7 @@ Configure these secrets in your GitHub repository settings: ### Security - `WEBHOOK_SECRET` - Shared secret for HMAC signature verification -- `KNATIVE_DOMAIN` - Your Knative cluster domain (e.g., `staging.wa.darknex.us`) +- `KNATIVE_DOMAIN` - Your Knative cluster domain (e.g., `staging.${BASE_DOMAIN}`) ## Webhook Handler Implementation diff --git a/docs/WORKFLOWS.md b/docs/WORKFLOWS.md new file mode 100644 index 0000000..5ee1e26 --- /dev/null +++ b/docs/WORKFLOWS.md @@ -0,0 +1,364 @@ +# ๐Ÿ”„ CI/CD Pipeline Documentation + +This document describes the complete automated deployment pipeline for the Knative 2048 Game on k3s. + +## ๐Ÿ“‹ Table of Contents + +- [Pipeline Overview](#pipeline-overview) +- [Workflow Details](#workflow-details) +- [Manual Actions](#manual-actions) +- [Environment Configuration](#environment-configuration) +- [Troubleshooting](#troubleshooting) + +## ๐ŸŽฏ Pipeline Overview + +### Complete Automatic Flow + +```mermaid +graph TD + A[Push to develop] --> B[Build & Push Image] + B --> C[Deploy to Development] + C --> D[Smoke Tests Dev] + D --> E[Auto-Promote to Staging] + E --> F[Build & Push Staging Image] + F --> G[Deploy to Staging] + G --> H[Smoke Tests Staging] + H --> I[Auto-Promote to Production] + I --> J[Push to main] + J --> K[Build & Push Prod Image] + K --> L[Deploy to Production] + L --> M[Smoke Tests Production] + + N[Manual Deploy Prod] -.-> L + O[Manual Promote Prod] -.-> I + P[Manual Smoke Tests] -.-> D + P -.-> H + P -.-> M +``` + +### Key Principles + +- **Fully Automatic**: Zero manual intervention from develop to production +- **No Race Conditions**: Each step waits for the previous to complete +- **Test After Deploy**: Smoke tests run on newly deployed versions +- **Commit-Specific Images**: Each environment uses exact commit-tagged images +- **Automatic Promotion**: Successful tests trigger automatic promotion +- **Manual Override**: Emergency manual deployment still available + +## ๐Ÿ”ง Workflow Details + +### 1. Build and Push Container Image (`build-image.yml`) + +**Triggers:** +- Push to `main`, `develop`, `staging` +- Pull requests to these branches + +**What it does:** +- Builds Docker image from current commit +- Creates commit-specific tags: `{branch}-{commit-hash}` +- Pushes to GitHub Container Registry (GHCR) +- Provides foundation for all deployments + +**Tags created:** +- `develop-abc1234` (for develop branch) +- `staging-def5678` (for staging branch) +- `main-ghi9012` (for main branch) + +### 2. Deploy to Development (`deploy-dev.yml`) + +**Triggers:** +- After "Build and Push Container Image" completes successfully on `develop` +- Manual dispatch + +**What it does:** +- Waits for build to complete (no race conditions) +- Uses exact commit-tagged image that was just built +- Deploys via webhook to k3s development namespace +- Sets up development environment + +**Dependencies:** +- Requires successful build completion +- Uses environment secrets: `DEV_WEBHOOK_URL`, `WEBHOOK_SECRET` + +### 3. Smoke Tests (`smoke-test.yml`) + +**Triggers:** +- After any deployment completes ("Deploy to Development", "Deploy to Staging", "Deploy to Production") +- Scheduled every 6 hours +- Manual dispatch + +**What it does:** +- Tests the **newly deployed** version (not previous) +- Validates canonical Knative domains +- Checks content, performance, SSL certificates +- Runs environment-specific tests + +**Environments tested:** +- ๐Ÿงช Development: Your configured development domain +- ๐ŸŽญ Staging: Your configured staging domain +- ๐Ÿš€ Production: Your configured production domain + +### 4. Auto-Promote Pipeline (`auto-promote.yml`) + +**Triggers:** +- After "Smoke Tests" complete successfully on `develop` branch + +**What it does:** +- Verifies development smoke tests passed +- Merges `develop` โ†’ `staging` automatically +- Triggers staging deployment pipeline +- Creates promotion summary + +**Safety features:** +- Only runs if smoke tests pass +- Handles "already up to date" scenarios gracefully + +### 5. Deploy to Staging (`deploy-staging.yml`) + +**Triggers:** +- Push to `staging` branch (triggered by auto-promotion) +- After "Auto-Promote Pipeline" completes +- Manual dispatch + +**What it does:** +- Builds and deploys staging-specific image +- Uses `staging-{commit}` tagged image +- Deploys via webhook to k3s staging namespace + +### 6. Auto-Promote to Production (`promote-to-production.yml`) + +**Triggers:** +- After "Smoke Tests" complete successfully on `staging` branch (AUTOMATIC) +- Manual dispatch (emergency override only) + +**What it does:** +- Verifies staging smoke tests passed +- Merges `staging` โ†’ `main` automatically +- Triggers production deployment immediately +- Creates production promotion summary + +**Automation features:** +- Runs automatically after staging tests pass +- No manual confirmation required +- Seamless promotion from staging to production + +### 7. Deploy to Production (`deploy-prod.yml`) + +**Triggers:** +- Push to `main` branch (triggered by auto-promotion) - AUTOMATIC +- Manual dispatch (requires typing "DEPLOY" for emergencies) + +**What it does:** +- Automatically deploys when main branch is updated +- Uses `main-{commit}` tagged image +- Deploys via webhook to k3s production namespace +- Blue-green deployment strategy for zero downtime + +**Automation features:** +- No manual confirmation required for automatic deployments +- Immediate deployment after staging promotion +- Manual override still available for emergencies + +### 8. Deployment Status Check (`deployment-status.yml`) + +**Triggers:** +- Manual dispatch +- Scheduled every 4 hours + +**What it does:** +- Checks health of all environments +- Shows current versions deployed +- Provides manual action options +- Creates comprehensive status report + +## ๐ŸŽฎ Manual Actions (Emergency Use Only) + +> **Note**: The pipeline is fully automatic. Manual actions are only for emergency situations or debugging. + +### Emergency Actions + +| Action | Workflow | Required Input | Use Case | +|--------|----------|----------------|----------| +| Check Status | Deployment Status Check | None | Monitor all environments | +| Test Environment | Smoke Tests | Environment (`dev`/`staging`/`prod`/`all`) | Debug specific environment | +| Emergency Deploy | Deploy to Production | Type "DEPLOY" | Emergency production fix | +| Force Promotion | Auto-Promote to Production | None | Skip normal promotion flow | + +### Emergency Procedures + +#### Emergency Production Deployment +**Use only if automatic pipeline is broken** +1. Go to Actions โ†’ "Deploy to Production" +2. Click "Run workflow" +3. Type "DEPLOY" in confirmation field +4. Optionally specify image tag +5. Click "Run workflow" + +#### Force Production Promotion +**Use only if auto-promotion fails** +1. Go to Actions โ†’ "Auto-Promote to Production" +2. Click "Run workflow" +3. Optionally skip tests if staging already validated +4. Click "Run workflow" + +#### 3. Check Deployment Status +1. Go to Actions โ†’ "Deployment Status Check" +2. Click "Run workflow" +3. View results in workflow summary + +#### 4. Run Smoke Tests +1. Go to Actions โ†’ "Smoke Tests" +2. Click "Run workflow" +3. Select environment to test +4. Click "Run workflow" + +## โš™๏ธ Environment Configuration + +### Required Secrets + +| Secret | Purpose | Used By | +|--------|---------|---------| +| `GH_TOKEN` | GitHub Container Registry access | Build workflows | +| `WEBHOOK_SECRET` | Webhook signature validation | All deployment workflows | +| `DEV_WEBHOOK_URL` | Development deployment endpoint | Deploy to Development | +| `STAGING_WEBHOOK_URL` | Staging deployment endpoint | Deploy to Staging | +| `PROD_WEBHOOK_URL` | Production deployment endpoint | Deploy to Production | +| `DEV_DOMAIN` | Development domain suffix | Smoke Tests | +| `STAGING_DOMAIN` | Staging domain suffix | Smoke Tests | +| `PROD_DOMAIN` | Production domain suffix | Smoke Tests | + +### Environment URLs + +| Environment | Canonical Domain | +|-------------|------------------| +| Development | `https://${DEV_CANONICAL_DOMAIN}` | +| Staging | `https://${STAGING_CANONICAL_DOMAIN}` | +| Production | `https://${PROD_CANONICAL_DOMAIN}` | + +### Image Tagging Strategy + +| Branch | Tag Format | Example | Environment | +|--------|------------|---------|-------------| +| develop | `develop-{commit}` | `develop-abc1234` | Development | +| staging | `staging-{commit}` | `staging-def5678` | Staging | +| main | `main-{commit}` | `main-ghi9012` | Production | + +## ๐Ÿ” Troubleshooting + +### Common Issues + +#### Pipeline Not Triggering + +**Symptoms:** New commit pushed but no workflows start +**Causes:** +- Workflow file syntax error +- Missing required secrets +- Branch protection rules blocking + +**Solutions:** +1. Check workflow syntax in `.github/workflows/` +2. Verify all secrets are set in repository settings +3. Check Actions tab for error messages + +#### Deployment Fails + +**Symptoms:** Deployment workflow fails +**Causes:** +- Webhook endpoint unreachable +- Invalid webhook signature +- k3s cluster issues +- Image not found + +**Solutions:** +1. Check webhook handler logs: `kubectl logs -n webhook-system deployment/webhook-handler` +2. Verify webhook secret matches between GitHub and cluster +3. Confirm image exists in GHCR +4. Check k3s cluster health + +#### Smoke Tests Fail + +**Symptoms:** Tests report environment unreachable +**Causes:** +- DNS resolution issues +- SSL certificate problems +- Application not responding +- Ingress configuration issues + +**Solutions:** +1. Test domains manually: `curl -I https://${DEV_CANONICAL_DOMAIN}` +2. Check Knative service status: `kubectl get ksvc -A` +3. Verify ingress configuration: `kubectl get ingress -A` +4. Check certificate status: `kubectl get certificates -A` + +#### Auto-Promotion Not Working + +**Symptoms:** Tests pass but promotion doesn't happen +**Causes:** +- Workflow permission issues +- No new commits to merge +- Dependency chain broken + +**Solutions:** +1. Check workflow permissions in repository settings +2. Verify branch protection rules +3. Check workflow run logs in Actions tab +4. Manual promotion as fallback + +### Debug Commands + +```bash +# Check all environments +kubectl get all -A | grep game-2048 + +# Check webhook handler +kubectl logs -n webhook-system deployment/webhook-handler --tail=50 + +# Check Knative services +kubectl get ksvc -A + +# Check ingress +kubectl get ingress -A + +# Test webhook endpoint +curl -X POST -H "Content-Type: application/json" \ + -d '{"test": "true"}' \ + https://your-webhook-url/webhook + +# Check DNS resolution +dig ${DEV_CANONICAL_DOMAIN} + +# Test SSL certificate +openssl s_client -servername ${DEV_CANONICAL_DOMAIN} \ + -connect ${DEV_CANONICAL_DOMAIN}:443 +``` + +### Emergency Procedures + +#### Rollback Production +1. Identify last known good commit/tag +2. Run "Deploy to Production" manually +3. Specify the good image tag +4. Type "DEPLOY" to confirm + +#### Skip Failed Tests +1. Run "Promote to Production" manually +2. Type "PROMOTE" to confirm +3. Enable "Skip tests" if staging already validated + +#### Force Promotion +1. Manually merge branches using git +2. Push to trigger deployments +3. Monitor via "Deployment Status Check" + +--- + +## ๐Ÿ“š Related Documentation + +- [Environment Setup](docs/ENVIRONMENT.md) +- [Webhook Deployment](docs/WEBHOOK_DEPLOYMENT.md) +- [Setup Guide](docs/SETUP.md) +- [Branching Strategy](docs/BRANCHING.md) + +--- + +*Last updated: 2025-01-01 16:00:00 UTC* diff --git a/docs/WORKFLOW_QUICK_REFERENCE.md b/docs/WORKFLOW_QUICK_REFERENCE.md new file mode 100644 index 0000000..f817818 --- /dev/null +++ b/docs/WORKFLOW_QUICK_REFERENCE.md @@ -0,0 +1,84 @@ +# ๐Ÿš€ Quick Workflow Reference + +## ๐ŸŽฏ Common Actions + +### Check All Environment Status +``` +Actions โ†’ Deployment Status Check โ†’ Run workflow +``` + +### Manual Production Deployment +``` +Actions โ†’ Deploy to Production โ†’ Run workflow +โ†ณ Type "DEPLOY" in confirmation +โ†ณ Optional: specify image tag +``` + +### Manual Production Promotion +``` +Actions โ†’ Promote to Production โ†’ Run workflow +โ†ณ Type "PROMOTE" in confirmation +โ†ณ Optional: skip tests if staging validated +``` + +### Test Specific Environment +``` +Actions โ†’ Smoke Tests โ†’ Run workflow +โ†ณ Select environment (dev/staging/prod/all) +``` + +## ๐Ÿ”„ Automatic Flow + +``` +develop โ†’ build โ†’ deploy-dev โ†’ test โ†’ promote โ†’ staging โ†’ build โ†’ deploy-staging โ†’ test โ†’ promote โ†’ main โ†’ deploy-prod +``` + +## ๐Ÿ“‹ Workflow Quick Reference + +| Workflow | Trigger | Purpose | Manual? | +|----------|---------|---------|---------| +| **Build and Push Container Image** | Push to branches | Build Docker images | โŒ | +| **Deploy to Development** | After build on develop | Deploy to dev environment | โœ… | +| **Smoke Tests** | After deployments | Test deployed environments | โœ… | +| **Auto-Promote Pipeline** | After dev smoke tests pass | Merge develop โ†’ staging | โŒ | +| **Deploy to Staging** | Push to staging | Deploy to staging environment | โœ… | +| **Promote to Production** | After staging smoke tests | Merge staging โ†’ main | โœ… | +| **Deploy to Production** | Push to main OR manual | Deploy to production | โœ… | +| **Deployment Status Check** | Manual or scheduled | Check all environment health | โœ… | + +## ๐ŸŽฎ Environment URLs + +- **Dev**: Your configured development domain +- **Staging**: Your configured staging domain +- **Production**: Your configured production domain + +## ๐Ÿท๏ธ Image Tags + +- **Development**: `develop-{commit}` (e.g., `develop-abc1234`) +- **Staging**: `staging-{commit}` (e.g., `staging-def5678`) +- **Production**: `main-{commit}` (e.g., `main-ghi9012`) + +## ๐Ÿ”‘ Required Confirmations + +- **Deploy to Production**: Type `DEPLOY` +- **Promote to Production**: Type `PROMOTE` + +## ๐Ÿ†˜ Emergency Commands + +### Rollback Production +1. Actions โ†’ Deploy to Production +2. Specify last known good image tag +3. Type "DEPLOY" + +### Force Promotion (Skip Tests) +1. Actions โ†’ Promote to Production +2. Type "PROMOTE" +3. Enable "Skip tests" checkbox + +### Check System Health +1. Actions โ†’ Deployment Status Check +2. View summary for all environment status + +--- + +๐Ÿ’ก **Tip**: Always check "Deployment Status Check" first to see current state of all environments! diff --git a/manifests/knative-domain-config.yaml b/manifests/knative-domain-config.yaml index bf31a33..6016c89 100644 --- a/manifests/knative-domain-config.yaml +++ b/manifests/knative-domain-config.yaml @@ -4,13 +4,13 @@ metadata: name: config-domain namespace: knative-serving data: - dev.wa.darknex.us: | + dev.${BASE_DOMAIN}: | selector: environment: development - staging.wa.darknex.us: | + staging.${BASE_DOMAIN}: | selector: environment: staging - wa.darknex.us: | + ${BASE_DOMAIN}: | selector: environment: production autocreate-cluster-domain-claims: "true" diff --git a/manifests/nginx-certificate.yaml b/manifests/nginx-certificate.yaml index a648690..1905155 100644 --- a/manifests/nginx-certificate.yaml +++ b/manifests/nginx-certificate.yaml @@ -9,7 +9,7 @@ spec: name: letsencrypt-prod kind: ClusterIssuer dnsNames: - - "2048-dev.wa.darknex.us" + - "${DEV_DOMAIN}" --- apiVersion: cert-manager.io/v1 @@ -23,7 +23,7 @@ spec: name: letsencrypt-prod kind: ClusterIssuer dnsNames: - - "2048-staging.wa.darknex.us" + - "${STAGING_DOMAIN}" --- apiVersion: cert-manager.io/v1 @@ -37,4 +37,4 @@ spec: name: letsencrypt-prod kind: ClusterIssuer dnsNames: - - "2048.wa.darknex.us" + - "${PROD_DOMAIN}" diff --git a/manifests/nginx-to-istio-proxy.yaml b/manifests/nginx-to-istio-proxy.yaml index 720556a..cc241fc 100644 --- a/manifests/nginx-to-istio-proxy.yaml +++ b/manifests/nginx-to-istio-proxy.yaml @@ -10,15 +10,15 @@ metadata: cert-manager.io/cluster-issuer: "letsencrypt-prod" nginx.ingress.kubernetes.io/backend-protocol: "HTTP" nginx.ingress.kubernetes.io/configuration-snippet: | - proxy_set_header Host game-2048-dev.game-2048-dev.dev.wa.darknex.us; + proxy_set_header Host ${DEV_CANONICAL_DOMAIN}; spec: ingressClassName: nginx tls: - hosts: - - 2048-dev.wa.darknex.us + - ${DEV_DOMAIN} secretName: game-2048-dev-nginx-tls rules: - - host: 2048-dev.wa.darknex.us + - host: ${DEV_DOMAIN} http: paths: - path: / @@ -41,15 +41,15 @@ metadata: cert-manager.io/cluster-issuer: "letsencrypt-prod" nginx.ingress.kubernetes.io/backend-protocol: "HTTP" nginx.ingress.kubernetes.io/configuration-snippet: | - proxy_set_header Host game-2048-staging.game-2048-staging.staging.wa.darknex.us; + proxy_set_header Host ${STAGING_CANONICAL_DOMAIN}; spec: ingressClassName: nginx tls: - hosts: - - 2048-staging.wa.darknex.us + - ${STAGING_DOMAIN} secretName: game-2048-staging-nginx-tls rules: - - host: 2048-staging.wa.darknex.us + - host: ${STAGING_DOMAIN} http: paths: - path: / @@ -72,15 +72,15 @@ metadata: cert-manager.io/cluster-issuer: "letsencrypt-prod" nginx.ingress.kubernetes.io/backend-protocol: "HTTP" nginx.ingress.kubernetes.io/configuration-snippet: | - proxy_set_header Host game-2048-prod.game-2048-prod.wa.darknex.us; + proxy_set_header Host ${PROD_CANONICAL_DOMAIN}; spec: ingressClassName: nginx tls: - hosts: - - 2048.wa.darknex.us + - ${PROD_DOMAIN} secretName: game-2048-prod-nginx-tls rules: - - host: 2048.wa.darknex.us + - host: ${PROD_DOMAIN} http: paths: - path: / diff --git a/manifests/prod/service.yml b/manifests/prod/service.yml index 2d063fe..0d34085 100644 --- a/manifests/prod/service.yml +++ b/manifests/prod/service.yml @@ -15,7 +15,7 @@ spec: autoscaling.knative.dev/target: "100" spec: containers: - - image: ghcr.io/ghndrx/k8s-game-2048:latest + - image: ${CONTAINER_REGISTRY}/${GITHUB_REPOSITORY}:latest imagePullPolicy: Always ports: - containerPort: 80 diff --git a/manifests/ssl-certificate.yaml b/manifests/ssl-certificate.yaml index 3daa342..b003924 100644 --- a/manifests/ssl-certificate.yaml +++ b/manifests/ssl-certificate.yaml @@ -5,7 +5,23 @@ metadata: spec: acme: server: https://acme-v02.api.letsencrypt.org/directory - email: admin@hndrx.co + email: ${CERT_EMAIL} + privateKeySecretRef: + name: letsencrypt-prod-private-key + solvers: + - http01: + ingress: + class: nginx + +--- +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: letsencrypt-staging +spec: + acme: + server: https://acme-v02.api.letsencrypt.org/directory + email: ${CERT_EMAIL} privateKeySecretRef: name: letsencrypt-prod solvers: diff --git a/manifests/webhook/webhook-ingress.yaml b/manifests/webhook/webhook-ingress.yaml index 8ba6372..2731867 100644 --- a/manifests/webhook/webhook-ingress.yaml +++ b/manifests/webhook/webhook-ingress.yaml @@ -28,10 +28,10 @@ spec: ingressClassName: nginx tls: - hosts: - - webhook.wa.darknex.us + - ${WEBHOOK_DOMAIN} secretName: webhook-tls rules: - - host: webhook.wa.darknex.us + - host: ${WEBHOOK_DOMAIN} http: paths: - path: / diff --git a/package.json b/package.json index 909faf0..2e7f4e4 100644 --- a/package.json +++ b/package.json @@ -14,7 +14,7 @@ }, "repository": { "type": "git", - "url": "git+https://github.com/ghndrx/k8s-game-2048.git" + "url": "git+https://github.com/${GITHUB_REPOSITORY}.git" }, "keywords": [ "2048", diff --git a/scripts/deploy.sh b/scripts/deploy.sh index c7ad294..e0a540e 100755 --- a/scripts/deploy.sh +++ b/scripts/deploy.sh @@ -6,7 +6,7 @@ set -e ENVIRONMENT=${1:-all} -REGISTRY="ghcr.io/ghndrx/k8s-game-2048" +REGISTRY="${CONTAINER_REGISTRY}/${GITHUB_REPOSITORY}" echo "๐Ÿš€ Deploying 2048 game with Istio + nginx SSL..." echo "Environment: $ENVIRONMENT" @@ -84,13 +84,13 @@ echo "โœ… Deployment completed!" echo "" echo "๏ฟฝ Your 2048 game is available at:" if [ "$ENVIRONMENT" = "all" ] || [ "$ENVIRONMENT" = "dev" ]; then - echo " Development: https://2048-dev.wa.darknex.us" + echo " Development: https://${DEV_DOMAIN}" fi if [ "$ENVIRONMENT" = "all" ] || [ "$ENVIRONMENT" = "staging" ]; then - echo " Staging: https://2048-staging.wa.darknex.us" + echo " Staging: https://${STAGING_DOMAIN}" fi if [ "$ENVIRONMENT" = "all" ] || [ "$ENVIRONMENT" = "prod" ]; then - echo " Production: https://2048.wa.darknex.us" + echo " Production: https://${PROD_DOMAIN}" fi echo "" echo "๐Ÿ”ง Check status with:" diff --git a/scripts/setup-knative.sh b/scripts/setup-knative.sh index 5437520..e744856 100755 --- a/scripts/setup-knative.sh +++ b/scripts/setup-knative.sh @@ -48,7 +48,7 @@ echo "๐ŸŒ Configuring domain..." kubectl patch configmap/config-domain \ --namespace knative-serving \ --type merge \ - --patch '{"data":{"wa.darknex.us":""}}' + --patch "{\"data\":{\"${KNATIVE_DOMAIN}\":\"\"}}" echo "โœ… Knative Serving installation completed!" echo "" diff --git a/scripts/setup-kourier.sh b/scripts/setup-kourier.sh index e3c1a47..ded5420 100755 --- a/scripts/setup-kourier.sh +++ b/scripts/setup-kourier.sh @@ -75,7 +75,7 @@ metadata: spec: acme: server: https://acme-v02.api.letsencrypt.org/directory - email: admin@darknex.us + email: ${CERT_EMAIL} privateKeySecretRef: name: letsencrypt-prod solvers: @@ -98,10 +98,10 @@ kubectl get svc kourier -n kourier-system -o wide echo "" echo "๐Ÿ“‹ Next steps:" echo "1. Configure your DNS to point the following domains to the LoadBalancer IP:" -echo " - 2048-dev.wa.darknex.us" -echo " - 2048-staging.wa.darknex.us" -echo " - 2048.wa.darknex.us" -echo " - *.wa.darknex.us (wildcard)" +echo " - ${DEV_DOMAIN}" +echo " - ${STAGING_DOMAIN}" +echo " - ${PROD_DOMAIN}" +echo " - *.${BASE_DOMAIN} (wildcard)" echo "" echo "2. Deploy your applications:" echo " kubectl apply -f manifests/dev/" diff --git a/scripts/setup-ssl.sh b/scripts/setup-ssl.sh deleted file mode 100755 index e69de29..0000000 diff --git a/scripts/setup-webhook-deployment.sh b/scripts/setup-webhook-deployment.sh index c379315..b93f063 100755 --- a/scripts/setup-webhook-deployment.sh +++ b/scripts/setup-webhook-deployment.sh @@ -15,8 +15,8 @@ fi # Configuration with fallbacks WEBHOOK_SECRET="${WEBHOOK_SECRET:-$(openssl rand -hex 32)}" MANIFESTS_PATH="${MANIFESTS_PATH:-/home/administrator/k8s-game-2048/manifests}" -WEBHOOK_DOMAIN="${WEBHOOK_DOMAIN:-webhook.wa.darknex.us}" -KNATIVE_DOMAIN="${KNATIVE_DOMAIN:-wa.darknex.us}" +WEBHOOK_DOMAIN="${WEBHOOK_DOMAIN:-webhook.${BASE_DOMAIN}}" +KNATIVE_DOMAIN="${KNATIVE_DOMAIN:-${BASE_DOMAIN}}" KUBECONFIG_PATH="${KUBECONFIG_PATH:-/etc/rancher/k3s/k3s.yaml}" DEPLOY_INGRESS="${DEPLOY_INGRESS:-true}" WEBHOOK_REPLICAS="${WEBHOOK_REPLICAS:-1}" diff --git a/scripts/smoke-test.sh b/scripts/smoke-test.sh index 25fea26..727246c 100644 --- a/scripts/smoke-test.sh +++ b/scripts/smoke-test.sh @@ -14,8 +14,8 @@ NC='\033[0m' # No Color # Test configuration ENVIRONMENTS=("dev" "staging" "prod") -DOMAINS=("2048-dev.wa.darknex.us" "2048-staging.wa.darknex.us" "2048.wa.darknex.us") -CANONICAL_DOMAINS=("game-2048-dev.game-2048-dev.dev.wa.darknex.us" "game-2048-staging.game-2048-staging.staging.wa.darknex.us" "game-2048-prod.game-2048-prod.wa.darknex.us") +DOMAINS=("${DEV_DOMAIN}" "${STAGING_DOMAIN}" "${PROD_DOMAIN}") +CANONICAL_DOMAINS=("${DEV_CANONICAL_DOMAIN}" "${STAGING_CANONICAL_DOMAIN}" "${PROD_CANONICAL_DOMAIN}") TIMEOUT=30 echo -e "${BLUE}๐Ÿงช Starting 2048 Game Smoke Tests${NC}"