From fc9dbfe8334fc51f635c5f243f54074e462dd095 Mon Sep 17 00:00:00 2001 From: Uj5Ghare Date: Sun, 5 Apr 2026 01:03:14 +0530 Subject: [PATCH 1/2] feat: add update-manifest jobs and set ENV to prod in all workflows - Add update-manifest job to all 9 workflows for automated K8s manifest updates - Update ENV variable from staging to prod across all workflows - Each workflow now updates its respective helm values.yaml on env/prod pushes - Includes proper sed commands for dynamic image tag updates --- .github/workflows/catalogue.yaml | 40 ++++++++++++++++++++++++++++++-- .github/workflows/dispatch.yaml | 40 ++++++++++++++++++++++++++++++-- .github/workflows/mongo.yaml | 40 ++++++++++++++++++++++++++++++-- .github/workflows/mysql.yaml | 40 ++++++++++++++++++++++++++++++-- .github/workflows/payment.yaml | 40 ++++++++++++++++++++++++++++++-- .github/workflows/ratings.yaml | 40 ++++++++++++++++++++++++++++++-- .github/workflows/shipping.yaml | 40 ++++++++++++++++++++++++++++++-- .github/workflows/user.yaml | 40 ++++++++++++++++++++++++++++++-- .github/workflows/web.yaml | 40 ++++++++++++++++++++++++++++++-- 9 files changed, 342 insertions(+), 18 deletions(-) diff --git a/.github/workflows/catalogue.yaml b/.github/workflows/catalogue.yaml index 17e34e1..273104e 100644 --- a/.github/workflows/catalogue.yaml +++ b/.github/workflows/catalogue.yaml @@ -18,7 +18,7 @@ permissions: env: PROJECT: "shopstack" - ENV: "staging" + ENV: "prod" jobs: build: @@ -111,4 +111,40 @@ jobs: uses: hadolint/hadolint-action@v3.1.0 with: dockerfile: ${{ matrix.component }}/Dockerfile - failure-threshold: warning \ No newline at end of file + failure-threshold: warning + + update-manifest: + name: "🚀 Update K8s Manifest" + runs-on: ubuntu-latest + needs: [build, image-scan, dockerfile-lint] + if: github.event_name == 'push' && github.ref == 'refs/heads/env/prod' + permissions: + contents: write # Needed to push manifest changes + steps: + - name: Checkout code + uses: actions/checkout@v4 + with: + token: ${{ secrets.GITHUB_TOKEN }} + + - name: Get short SHA + id: sha + run: echo "short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT + + - name: Update K8s manifest with new image tags + run: | + git fetch origin + git checkout origin/k8s/prod + + IMAGE_TAG=${{ steps.sha.outputs.short }} + sed -i 's/tag: .*/tag: ${IMAGE_TAG}/' helm/catalogue/values.yaml + + echo "✅ Updated images to tag: ${IMAGE_TAG}" + grep "tag:" helm/catalogue/values.yaml + + - name: Commit and push manifest update + run: | + git config user.name "github-actions[bot]" + git config user.email "github-actions[bot]@users.noreply.github.com" + git add helm/catalogue/values.yaml + git diff --cached --quiet || git commit -m "ci(${{ env.ENV }}): update helm catalogue values to ${{ steps.sha.outputs.short }} [skip ci]" + git push \ No newline at end of file diff --git a/.github/workflows/dispatch.yaml b/.github/workflows/dispatch.yaml index aa45679..719bd69 100644 --- a/.github/workflows/dispatch.yaml +++ b/.github/workflows/dispatch.yaml @@ -18,7 +18,7 @@ permissions: env: PROJECT: "shopstack" - ENV: "staging" + ENV: "prod" jobs: build: @@ -111,4 +111,40 @@ jobs: uses: hadolint/hadolint-action@v3.1.0 with: dockerfile: ${{ matrix.component }}/Dockerfile - failure-threshold: warning \ No newline at end of file + failure-threshold: warning + + update-manifest: + name: "🚀 Update K8s Manifest" + runs-on: ubuntu-latest + needs: [build, image-scan, dockerfile-lint] + if: github.event_name == 'push' && github.ref == 'refs/heads/env/prod' + permissions: + contents: write # Needed to push manifest changes + steps: + - name: Checkout code + uses: actions/checkout@v4 + with: + token: ${{ secrets.GITHUB_TOKEN }} + + - name: Get short SHA + id: sha + run: echo "short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT + + - name: Update K8s manifest with new image tags + run: | + git fetch origin + git checkout origin/k8s/prod + + IMAGE_TAG=${{ steps.sha.outputs.short }} + sed -i 's/tag: .*/tag: ${IMAGE_TAG}/' helm/dispatch/values.yaml + + echo "✅ Updated images to tag: ${IMAGE_TAG}" + grep "tag:" helm/dispatch/values.yaml + + - name: Commit and push manifest update + run: | + git config user.name "github-actions[bot]" + git config user.email "github-actions[bot]@users.noreply.github.com" + git add helm/dispatch/values.yaml + git diff --cached --quiet || git commit -m "ci(${{ env.ENV }}): update helm dispatch values to ${{ steps.sha.outputs.short }} [skip ci]" + git push \ No newline at end of file diff --git a/.github/workflows/mongo.yaml b/.github/workflows/mongo.yaml index 05ddf30..b7433d0 100644 --- a/.github/workflows/mongo.yaml +++ b/.github/workflows/mongo.yaml @@ -18,7 +18,7 @@ permissions: env: PROJECT: "shopstack" - ENV: "staging" + ENV: "prod" jobs: build: @@ -111,4 +111,40 @@ jobs: uses: hadolint/hadolint-action@v3.1.0 with: dockerfile: ${{ matrix.component }}/Dockerfile - failure-threshold: warning \ No newline at end of file + failure-threshold: warning + + update-manifest: + name: "🚀 Update K8s Manifest" + runs-on: ubuntu-latest + needs: [build, image-scan, dockerfile-lint] + if: github.event_name == 'push' && github.ref == 'refs/heads/env/prod' + permissions: + contents: write # Needed to push manifest changes + steps: + - name: Checkout code + uses: actions/checkout@v4 + with: + token: ${{ secrets.GITHUB_TOKEN }} + + - name: Get short SHA + id: sha + run: echo "short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT + + - name: Update K8s manifest with new image tags + run: | + git fetch origin + git checkout origin/k8s/prod + + IMAGE_TAG=${{ steps.sha.outputs.short }} + sed -i 's/tag: .*/tag: ${IMAGE_TAG}/' helm/mongo/values.yaml + + echo "✅ Updated images to tag: ${IMAGE_TAG}" + grep "tag:" helm/mongo/values.yaml + + - name: Commit and push manifest update + run: | + git config user.name "github-actions[bot]" + git config user.email "github-actions[bot]@users.noreply.github.com" + git add helm/mongo/values.yaml + git diff --cached --quiet || git commit -m "ci(${{ env.ENV }}): update helm mongo values to ${{ steps.sha.outputs.short }} [skip ci]" + git push \ No newline at end of file diff --git a/.github/workflows/mysql.yaml b/.github/workflows/mysql.yaml index ed7a9b6..b03dffc 100644 --- a/.github/workflows/mysql.yaml +++ b/.github/workflows/mysql.yaml @@ -18,7 +18,7 @@ permissions: env: PROJECT: "shopstack" - ENV: "staging" + ENV: "prod" jobs: build: @@ -111,4 +111,40 @@ jobs: uses: hadolint/hadolint-action@v3.1.0 with: dockerfile: ${{ matrix.component }}/Dockerfile - failure-threshold: warning \ No newline at end of file + failure-threshold: warning + + update-manifest: + name: "🚀 Update K8s Manifest" + runs-on: ubuntu-latest + needs: [build, image-scan, dockerfile-lint] + if: github.event_name == 'push' && github.ref == 'refs/heads/env/prod' + permissions: + contents: write # Needed to push manifest changes + steps: + - name: Checkout code + uses: actions/checkout@v4 + with: + token: ${{ secrets.GITHUB_TOKEN }} + + - name: Get short SHA + id: sha + run: echo "short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT + + - name: Update K8s manifest with new image tags + run: | + git fetch origin + git checkout origin/k8s/prod + + IMAGE_TAG=${{ steps.sha.outputs.short }} + sed -i 's/tag: .*/tag: ${IMAGE_TAG}/' helm/mysql/values.yaml + + echo "✅ Updated images to tag: ${IMAGE_TAG}" + grep "tag:" helm/mysql/values.yaml + + - name: Commit and push manifest update + run: | + git config user.name "github-actions[bot]" + git config user.email "github-actions[bot]@users.noreply.github.com" + git add helm/mysql/values.yaml + git diff --cached --quiet || git commit -m "ci(${{ env.ENV }}): update helm mysql values to ${{ steps.sha.outputs.short }} [skip ci]" + git push \ No newline at end of file diff --git a/.github/workflows/payment.yaml b/.github/workflows/payment.yaml index 2f5da12..3f051dc 100644 --- a/.github/workflows/payment.yaml +++ b/.github/workflows/payment.yaml @@ -18,7 +18,7 @@ permissions: env: PROJECT: "shopstack" - ENV: "staging" + ENV: "prod" jobs: build: @@ -111,4 +111,40 @@ jobs: uses: hadolint/hadolint-action@v3.1.0 with: dockerfile: ${{ matrix.component }}/Dockerfile - failure-threshold: warning \ No newline at end of file + failure-threshold: warning + + update-manifest: + name: "🚀 Update K8s Manifest" + runs-on: ubuntu-latest + needs: [build, image-scan, dockerfile-lint] + if: github.event_name == 'push' && github.ref == 'refs/heads/env/prod' + permissions: + contents: write # Needed to push manifest changes + steps: + - name: Checkout code + uses: actions/checkout@v4 + with: + token: ${{ secrets.GITHUB_TOKEN }} + + - name: Get short SHA + id: sha + run: echo "short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT + + - name: Update K8s manifest with new image tags + run: | + git fetch origin + git checkout origin/k8s/prod + + IMAGE_TAG=${{ steps.sha.outputs.short }} + sed -i 's/tag: .*/tag: ${IMAGE_TAG}/' helm/payment/values.yaml + + echo "✅ Updated images to tag: ${IMAGE_TAG}" + grep "tag:" helm/payment/values.yaml + + - name: Commit and push manifest update + run: | + git config user.name "github-actions[bot]" + git config user.email "github-actions[bot]@users.noreply.github.com" + git add helm/payment/values.yaml + git diff --cached --quiet || git commit -m "ci(${{ env.ENV }}): update helm payment values to ${{ steps.sha.outputs.short }} [skip ci]" + git push \ No newline at end of file diff --git a/.github/workflows/ratings.yaml b/.github/workflows/ratings.yaml index d66427f..6131237 100644 --- a/.github/workflows/ratings.yaml +++ b/.github/workflows/ratings.yaml @@ -18,7 +18,7 @@ permissions: env: PROJECT: "shopstack" - ENV: "staging" + ENV: "prod" jobs: build: @@ -111,4 +111,40 @@ jobs: uses: hadolint/hadolint-action@v3.1.0 with: dockerfile: ${{ matrix.component }}/Dockerfile - failure-threshold: warning \ No newline at end of file + failure-threshold: warning + + update-manifest: + name: "🚀 Update K8s Manifest" + runs-on: ubuntu-latest + needs: [build, image-scan, dockerfile-lint] + if: github.event_name == 'push' && github.ref == 'refs/heads/env/prod' + permissions: + contents: write # Needed to push manifest changes + steps: + - name: Checkout code + uses: actions/checkout@v4 + with: + token: ${{ secrets.GITHUB_TOKEN }} + + - name: Get short SHA + id: sha + run: echo "short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT + + - name: Update K8s manifest with new image tags + run: | + git fetch origin + git checkout origin/k8s/prod + + IMAGE_TAG=${{ steps.sha.outputs.short }} + sed -i 's/tag: .*/tag: ${IMAGE_TAG}/' helm/ratings/values.yaml + + echo "✅ Updated images to tag: ${IMAGE_TAG}" + grep "tag:" helm/ratings/values.yaml + + - name: Commit and push manifest update + run: | + git config user.name "github-actions[bot]" + git config user.email "github-actions[bot]@users.noreply.github.com" + git add helm/ratings/values.yaml + git diff --cached --quiet || git commit -m "ci(${{ env.ENV }}): update helm ratings values to ${{ steps.sha.outputs.short }} [skip ci]" + git push \ No newline at end of file diff --git a/.github/workflows/shipping.yaml b/.github/workflows/shipping.yaml index ab05748..7bf567a 100644 --- a/.github/workflows/shipping.yaml +++ b/.github/workflows/shipping.yaml @@ -18,7 +18,7 @@ permissions: env: PROJECT: "shopstack" - ENV: "staging" + ENV: "prod" jobs: build: @@ -111,4 +111,40 @@ jobs: uses: hadolint/hadolint-action@v3.1.0 with: dockerfile: ${{ matrix.component }}/Dockerfile - failure-threshold: warning \ No newline at end of file + failure-threshold: warning + + update-manifest: + name: "🚀 Update K8s Manifest" + runs-on: ubuntu-latest + needs: [build, image-scan, dockerfile-lint] + if: github.event_name == 'push' && github.ref == 'refs/heads/env/prod' + permissions: + contents: write # Needed to push manifest changes + steps: + - name: Checkout code + uses: actions/checkout@v4 + with: + token: ${{ secrets.GITHUB_TOKEN }} + + - name: Get short SHA + id: sha + run: echo "short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT + + - name: Update K8s manifest with new image tags + run: | + git fetch origin + git checkout origin/k8s/prod + + IMAGE_TAG=${{ steps.sha.outputs.short }} + sed -i 's/tag: .*/tag: ${IMAGE_TAG}/' helm/shipping/values.yaml + + echo "✅ Updated images to tag: ${IMAGE_TAG}" + grep "tag:" helm/shipping/values.yaml + + - name: Commit and push manifest update + run: | + git config user.name "github-actions[bot]" + git config user.email "github-actions[bot]@users.noreply.github.com" + git add helm/shipping/values.yaml + git diff --cached --quiet || git commit -m "ci(${{ env.ENV }}): update helm shipping values to ${{ steps.sha.outputs.short }} [skip ci]" + git push \ No newline at end of file diff --git a/.github/workflows/user.yaml b/.github/workflows/user.yaml index 7546da6..3abe972 100644 --- a/.github/workflows/user.yaml +++ b/.github/workflows/user.yaml @@ -18,7 +18,7 @@ permissions: env: PROJECT: "shopstack" - ENV: "staging" + ENV: "prod" jobs: build: @@ -111,4 +111,40 @@ jobs: uses: hadolint/hadolint-action@v3.1.0 with: dockerfile: ${{ matrix.component }}/Dockerfile - failure-threshold: warning \ No newline at end of file + failure-threshold: warning + + update-manifest: + name: "🚀 Update K8s Manifest" + runs-on: ubuntu-latest + needs: [build, image-scan, dockerfile-lint] + if: github.event_name == 'push' && github.ref == 'refs/heads/env/prod' + permissions: + contents: write # Needed to push manifest changes + steps: + - name: Checkout code + uses: actions/checkout@v4 + with: + token: ${{ secrets.GITHUB_TOKEN }} + + - name: Get short SHA + id: sha + run: echo "short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT + + - name: Update K8s manifest with new image tags + run: | + git fetch origin + git checkout origin/k8s/prod + + IMAGE_TAG=${{ steps.sha.outputs.short }} + sed -i 's/tag: .*/tag: ${IMAGE_TAG}/' helm/user/values.yaml + + echo "✅ Updated images to tag: ${IMAGE_TAG}" + grep "tag:" helm/user/values.yaml + + - name: Commit and push manifest update + run: | + git config user.name "github-actions[bot]" + git config user.email "github-actions[bot]@users.noreply.github.com" + git add helm/user/values.yaml + git diff --cached --quiet || git commit -m "ci(${{ env.ENV }}): update helm user values to ${{ steps.sha.outputs.short }} [skip ci]" + git push \ No newline at end of file diff --git a/.github/workflows/web.yaml b/.github/workflows/web.yaml index 5fa472f..ad46850 100644 --- a/.github/workflows/web.yaml +++ b/.github/workflows/web.yaml @@ -18,7 +18,7 @@ permissions: env: PROJECT: "shopstack" - ENV: "staging" + ENV: "prod" jobs: build: @@ -111,4 +111,40 @@ jobs: uses: hadolint/hadolint-action@v3.1.0 with: dockerfile: ${{ matrix.component }}/Dockerfile - failure-threshold: warning \ No newline at end of file + failure-threshold: warning + + update-manifest: + name: "🚀 Update K8s Manifest" + runs-on: ubuntu-latest + needs: [build, image-scan, dockerfile-lint] + if: github.event_name == 'push' && github.ref == 'refs/heads/env/prod' + permissions: + contents: write # Needed to push manifest changes + steps: + - name: Checkout code + uses: actions/checkout@v4 + with: + token: ${{ secrets.GITHUB_TOKEN }} + + - name: Get short SHA + id: sha + run: echo "short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT + + - name: Update K8s manifest with new image tags + run: | + git fetch origin + git checkout origin/k8s/prod + + IMAGE_TAG=${{ steps.sha.outputs.short }} + sed -i 's/tag: .*/tag: ${IMAGE_TAG}/' helm/web/values.yaml + + echo "✅ Updated images to tag: ${IMAGE_TAG}" + grep "tag:" helm/web/values.yaml + + - name: Commit and push manifest update + run: | + git config user.name "github-actions[bot]" + git config user.email "github-actions[bot]@users.noreply.github.com" + git add helm/web/values.yaml + git diff --cached --quiet || git commit -m "ci(${{ env.ENV }}): update helm web values to ${{ steps.sha.outputs.short }} [skip ci]" + git push \ No newline at end of file From 50d64e1ef99ade25dc7dffe0afd568c4f875bf05 Mon Sep 17 00:00:00 2001 From: Uj5Ghare Date: Sun, 5 Apr 2026 01:16:04 +0530 Subject: [PATCH 2/2] feat: change workflow triggers from pull_request to push - Update all 9 workflows to trigger on push instead of pull_request - Workflows now run automatically on direct pushes to env/prod branch - Ensures consistent trigger behavior across all services --- .github/workflows/catalogue.yaml | 2 +- .github/workflows/dispatch.yaml | 2 +- .github/workflows/mongo.yaml | 2 +- .github/workflows/mysql.yaml | 2 +- .github/workflows/payment.yaml | 2 +- .github/workflows/ratings.yaml | 2 +- .github/workflows/shipping.yaml | 2 +- .github/workflows/user.yaml | 2 +- .github/workflows/web.yaml | 2 +- 9 files changed, 9 insertions(+), 9 deletions(-) diff --git a/.github/workflows/catalogue.yaml b/.github/workflows/catalogue.yaml index 273104e..08a6b0b 100644 --- a/.github/workflows/catalogue.yaml +++ b/.github/workflows/catalogue.yaml @@ -5,7 +5,7 @@ name: Shopstack DevSecOps Pipeline For Catalogue on: - pull_request: + push: branches: - env/prod paths: diff --git a/.github/workflows/dispatch.yaml b/.github/workflows/dispatch.yaml index 719bd69..d4bd5e9 100644 --- a/.github/workflows/dispatch.yaml +++ b/.github/workflows/dispatch.yaml @@ -5,7 +5,7 @@ name: Shopstack DevSecOps Pipeline For Dispatch on: - pull_request: + push: branches: - env/prod paths: diff --git a/.github/workflows/mongo.yaml b/.github/workflows/mongo.yaml index b7433d0..f73bd9c 100644 --- a/.github/workflows/mongo.yaml +++ b/.github/workflows/mongo.yaml @@ -5,7 +5,7 @@ name: Shopstack DevSecOps Pipeline For Mongo on: - pull_request: + push: branches: - env/prod paths: diff --git a/.github/workflows/mysql.yaml b/.github/workflows/mysql.yaml index b03dffc..dca548c 100644 --- a/.github/workflows/mysql.yaml +++ b/.github/workflows/mysql.yaml @@ -5,7 +5,7 @@ name: Shopstack DevSecOps Pipeline For Mysql on: - pull_request: + push: branches: - env/prod paths: diff --git a/.github/workflows/payment.yaml b/.github/workflows/payment.yaml index 3f051dc..29667d5 100644 --- a/.github/workflows/payment.yaml +++ b/.github/workflows/payment.yaml @@ -5,7 +5,7 @@ name: Shopstack DevSecOps Pipeline For Payment on: - pull_request: + push: branches: - env/prod paths: diff --git a/.github/workflows/ratings.yaml b/.github/workflows/ratings.yaml index 6131237..158a3fa 100644 --- a/.github/workflows/ratings.yaml +++ b/.github/workflows/ratings.yaml @@ -5,7 +5,7 @@ name: Shopstack DevSecOps Pipeline For Ratings on: - pull_request: + push: branches: - env/prod paths: diff --git a/.github/workflows/shipping.yaml b/.github/workflows/shipping.yaml index 7bf567a..ebb9be4 100644 --- a/.github/workflows/shipping.yaml +++ b/.github/workflows/shipping.yaml @@ -5,7 +5,7 @@ name: Shopstack DevSecOps Pipeline For Shipping on: - pull_request: + push: branches: - env/prod paths: diff --git a/.github/workflows/user.yaml b/.github/workflows/user.yaml index 3abe972..48e6cac 100644 --- a/.github/workflows/user.yaml +++ b/.github/workflows/user.yaml @@ -5,7 +5,7 @@ name: Shopstack DevSecOps Pipeline For User on: - pull_request: + push: branches: - env/prod paths: diff --git a/.github/workflows/web.yaml b/.github/workflows/web.yaml index ad46850..abed5c6 100644 --- a/.github/workflows/web.yaml +++ b/.github/workflows/web.yaml @@ -5,7 +5,7 @@ name: Shopstack DevSecOps Pipeline For Web on: - pull_request: + push: branches: - env/prod paths: