SwiftAkira
diff --git a/‎.argocd-ignore‎
Lines changed: 21 additions & 0 deletions b/‎.argocd-ignore‎
Lines changed: 21 additions & 0 deletions
diff --git a/‎.github/workflows/validate.yml‎
Lines changed: 99 additions & 0 deletions b/‎.github/workflows/validate.yml‎
Lines changed: 99 additions & 0 deletions
diff --git a/‎.yamllint.yaml‎
Lines changed: 15 additions & 0 deletions b/‎.yamllint.yaml‎
Lines changed: 15 additions & 0 deletions
diff --git a/‎cm.yaml‎
Lines changed: 35 additions & 0 deletions b/‎cm.yaml‎
Lines changed: 35 additions & 0 deletions
diff --git a/‎deployment.yaml‎
Lines changed: 215 additions & 0 deletions b/‎deployment.yaml‎
Lines changed: 215 additions & 0 deletions
@@ -0,0 +1,21 @@
+# ArgoCD ignore file
+# Place this file in your repository root to prevent ArgoCD from processing documentation files
+
+# Documentation files
+*.md
+LICENSE
+
+# Development/local files
+.git/
+.gitignore
+.DS_Store
+
+# Node.js dependencies
+node_modules/
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+package-lock.json
+
+# Optional: Ignore the upgrade directory if you don't want ArgoCD to process it
+# strapi-v5-upgrade/
@@ -0,0 +1,99 @@
+name: 🧪 Validate YAML Files
+
+on:
+  pull_request:
+    paths:
+      - '*.yaml'
+      - '*.yml'
+      - 'strapi-v5-upgrade/**/*.yaml'
+      - 'strapi-v5-upgrade/**/*.yml'
+  push:
+    branches: [main, master]
+    paths:
+      - '*.yaml'
+      - '*.yml'
+      - 'strapi-v5-upgrade/**/*.yaml'
+      - 'strapi-v5-upgrade/**/*.yml'
+
+jobs:
+  validate-yaml:
+    name: 🔍 Validate YAML Syntax
+    runs-on: ubuntu-latest
+    
+    steps:
+    - name: 📥 Checkout code
+      uses: actions/checkout@v4
+      
+    - name: 🔧 Setup yamllint
+      run: pip install yamllint
+      
+    - name: 🧪 Lint YAML files
+      run: |
+        echo "Validating YAML syntax..."
+        find . -name "*.yaml" -o -name "*.yml" | grep -v ".github" | xargs yamllint -c .yamllint.yaml
+        
+    - name: ✅ Validate Kubernetes manifests
+      run: |
+        echo "Validating Kubernetes manifests..."
+        # Install kubeval for Kubernetes manifest validation
+        wget https://github.com/instrumenta/kubeval/releases/latest/download/kubeval-linux-amd64.tar.gz
+        tar xf kubeval-linux-amd64.tar.gz
+        sudo mv kubeval /usr/local/bin
+        
+        # Validate main manifests (skip strapi-secrets.yaml as it has placeholder values)
+        for file in *.yaml; do
+          if [[ "$file" != "strapi-secrets.yaml" ]]; then
+            echo "Validating $file..."
+            kubeval "$file"
+          fi
+        done
+
+  validate-dockerfile:
+    name: 🐳 Validate Dockerfile
+    runs-on: ubuntu-latest
+    
+    steps:
+    - name: 📥 Checkout code
+      uses: actions/checkout@v4
+      
+    - name: 🔧 Setup Docker Buildx
+      uses: docker/setup-buildx-action@v3
+      
+    - name: 🧪 Build test image
+      run: |
+        cd strapi-v5-upgrade
+        docker buildx build --platform linux/amd64 --dry-run .
+
+  validate-scripts:
+    name: 📜 Validate Shell Scripts
+    runs-on: ubuntu-latest
+    
+    steps:
+    - name: 📥 Checkout code
+      uses: actions/checkout@v4
+      
+    - name: 🔧 Setup shellcheck
+      run: sudo apt-get update && sudo apt-get install -y shellcheck
+      
+    - name: 🧪 Lint shell scripts
+      run: |
+        find . -name "*.sh" -exec shellcheck {} \;
+
+  check-secrets:
+    name: 🔐 Check for Secrets
+    runs-on: ubuntu-latest
+    
+    steps:
+    - name: 📥 Checkout code
+      uses: actions/checkout@v4
+      
+    - name: 🔍 Scan for potential secrets
+      run: |
+        echo "Checking for potential secrets..."
+        # Check that strapi-secrets.yaml only contains placeholder values
+        if grep -q "742561979202\|dev-onair\|172\.16\.1\.152" *.yaml; then
+          echo "❌ Found non-generic values in YAML files!"
+          echo "Please ensure all configurations use placeholder values."
+          exit 1
+        fi
+        echo "✅ No hardcoded secrets found"
@@ -0,0 +1,15 @@
+extends: default
+
+rules:
+  line-length:
+    max: 120
+    level: warning
+  comments:
+    min-spaces-from-content: 1
+  document-start: disable
+  truthy:
+    allowed-values: ['true', 'false', 'on', 'off']
+
+ignore: |
+  .github/
+  strapi-v5-upgrade/node_modules/
@@ -0,0 +1,35 @@
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: strapi-config
+  namespace: strapi
+data:
+  DATABASE_CLIENT: postgres
+  DATABASE_HOST: strapi-postgres-postgresql.strapi.svc.cluster.local
+  DATABASE_PORT: "5432"
+  DATABASE_NAME: strapi
+  DATABASE_USERNAME: strapi
+  HOST: "0.0.0.0"
+  PORT: "1337"
+  NODE_ENV: production
+  # Public URL for proper admin panel access (production server)
+  PUBLIC_URL: "https://your-domain.com"
+  # Admin panel URL configuration (production server)
+  STRAPI_ADMIN_BACKEND_URL: "https://your-domain.com"
+  ADMIN_PATH: "/admin"
+  # Strapi v5 specific configurations
+  STRAPI_PLUGIN_I18N_INIT_LOCALE_CODE: en
+  # Additional v5 configurations
+  STRAPI_TELEMETRY_DISABLED: "true"
+  STRAPI_LOG_LEVEL: "info"
+  # Vite/Development server configurations
+  DANGEROUSLY_DISABLE_HOST_CHECK: "true"
+  VITE_ALLOWED_HOSTS: "all"
+  VITE_HMR_HOST: "0.0.0.0"
+  VITE_HMR_PORT: "1337"
+  # Production CORS and host configuration
+  TRUSTED_HOSTS: "your-domain.com,private.your-domain.com,localhost,127.0.0.1"
+  CORS_ORIGIN: "https://your-domain.com,https://private.your-domain.com"
+  ADMIN_CORS_ORIGIN: "https://your-domain.com,https://private.your-domain.com"
+
@@ -0,0 +1,215 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: strapi
+  namespace: strapi
+  labels:
+    app.kubernetes.io/name: strapi
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: strapi
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: strapi
+      annotations:
+        kubectl.kubernetes.io/restartedAt: "2025-07-18T18:30:00Z"
+    spec:
+      containers:
+      - name: strapi
+        image: your-registry/strapi:5-latest
+        imagePullPolicy: Always
+        ports:
+        - containerPort: 1337
+          name: http
+        env:
+        - name: DATABASE_CLIENT
+          valueFrom:
+            configMapKeyRef:
+              name: strapi-config
+              key: DATABASE_CLIENT
+        - name: DATABASE_HOST
+          valueFrom:
+            configMapKeyRef:
+              name: strapi-config
+              key: DATABASE_HOST
+        - name: DATABASE_PORT
+          valueFrom:
+            configMapKeyRef:
+              name: strapi-config
+              key: DATABASE_PORT
+        - name: DATABASE_NAME
+          valueFrom:
+            configMapKeyRef:
+              name: strapi-config
+              key: DATABASE_NAME
+        - name: DATABASE_USERNAME
+          valueFrom:
+            configMapKeyRef:
+              name: strapi-config
+              key: DATABASE_USERNAME
+        - name: DATABASE_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: strapi-postgres-postgresql
+              key: password  # Changed from postgresql-password
+        - name: HOST
+          valueFrom:
+            configMapKeyRef:
+              name: strapi-config
+              key: HOST
+        - name: PORT
+          valueFrom:
+            configMapKeyRef:
+              name: strapi-config
+              key: PORT
+        - name: PUBLIC_URL
+          valueFrom:
+            configMapKeyRef:
+              name: strapi-config
+              key: PUBLIC_URL
+        - name: NODE_ENV
+          valueFrom:
+            configMapKeyRef:
+              name: strapi-config
+              key: NODE_ENV
+        - name: APP_KEYS
+          valueFrom:
+            secretKeyRef:
+              name: strapi-secrets
+              key: APP_KEYS
+        - name: API_TOKEN_SALT
+          valueFrom:
+            secretKeyRef:
+              name: strapi-secrets
+              key: API_TOKEN_SALT
+        - name: ADMIN_JWT_SECRET
+          valueFrom:
+            secretKeyRef:
+              name: strapi-secrets
+              key: ADMIN_JWT_SECRET
+        - name: TRANSFER_TOKEN_SALT
+          valueFrom:
+            secretKeyRef:
+              name: strapi-secrets
+              key: TRANSFER_TOKEN_SALT
+        - name: JWT_SECRET
+          valueFrom:
+            secretKeyRef:
+              name: strapi-secrets
+              key: JWT_SECRET
+        - name: STRAPI_PLUGIN_I18N_INIT_LOCALE_CODE
+          valueFrom:
+            configMapKeyRef:
+              name: strapi-config
+              key: STRAPI_PLUGIN_I18N_INIT_LOCALE_CODE
+        - name: STRAPI_TELEMETRY_DISABLED
+          valueFrom:
+            configMapKeyRef:
+              name: strapi-config
+              key: STRAPI_TELEMETRY_DISABLED
+        - name: STRAPI_LOG_LEVEL
+          valueFrom:
+            configMapKeyRef:
+              name: strapi-config
+              key: STRAPI_LOG_LEVEL
+        - name: DANGEROUSLY_DISABLE_HOST_CHECK
+          valueFrom:
+            configMapKeyRef:
+              name: strapi-config
+              key: DANGEROUSLY_DISABLE_HOST_CHECK
+        - name: VITE_ALLOWED_HOSTS
+          valueFrom:
+            configMapKeyRef:
+              name: strapi-config
+              key: VITE_ALLOWED_HOSTS
+        - name: STRAPI_ADMIN_BACKEND_URL
+          valueFrom:
+            configMapKeyRef:
+              name: strapi-config
+              key: STRAPI_ADMIN_BACKEND_URL
+        - name: ADMIN_PATH
+          valueFrom:
+            configMapKeyRef:
+              name: strapi-config
+              key: ADMIN_PATH
+        - name: VITE_HMR_HOST
+          valueFrom:
+            configMapKeyRef:
+              name: strapi-config
+              key: VITE_HMR_HOST
+        - name: VITE_HMR_PORT
+          valueFrom:
+            configMapKeyRef:
+              name: strapi-config
+              key: VITE_HMR_PORT
+        - name: STRAPI_DISABLE_UPDATE_NOTIFICATION
+          value: "true"
+        - name: STRAPI_HIDE_STARTUP_MESSAGE
+          value: "true"
+        - name: NODE_OPTIONS
+          value: "--max-old-space-size=4096"
+        command: ["yarn", "start"]
+        args: []
+        resources:
+          requests:
+            cpu: "500m"
+            memory: "2Gi"
+          limits:
+            cpu: "2"
+            memory: "6Gi"
+        volumeMounts:
+        - name: strapi-data
+          mountPath: /opt/app/data
+        - name: strapi-uploads
+          mountPath: /opt/app/public/uploads
+        - name: strapi-data
+          mountPath: /opt/app/src/api
+          subPath: src-api
+        - name: strapi-data
+          mountPath: /opt/app/.strapi
+          subPath: strapi-metadata
+        - name: strapi-data
+          mountPath: /opt/app/src
+          subPath: src
+        - name: vite-config
+          mountPath: /opt/app/vite.config.admin.js
+          subPath: vite.config.admin.js
+        livenessProbe:
+          httpGet:
+            path: /_health
+            port: http
+          initialDelaySeconds: 60
+          periodSeconds: 10
+          timeoutSeconds: 5
+        readinessProbe:
+          httpGet:
+            path: /_health
+            port: http
+          initialDelaySeconds: 60
+          periodSeconds: 10
+          timeoutSeconds: 5
+      volumes:
+      - name: strapi-data
+        persistentVolumeClaim:
+          claimName: strapi-data
+      - name: strapi-uploads
+        persistentVolumeClaim:
+          claimName: strapi-uploads
+      - name: vite-config
+        configMap:
+          name: strapi-vite-config
+      securityContext:
+        runAsUser: 1001
+        fsGroup: 1001
+      affinity:
+        podAntiAffinity:
+          preferredDuringSchedulingIgnoredDuringExecution:
+          - weight: 1
+            podAffinityTerm:
+              labelSelector:
+                matchLabels:
+                  app.kubernetes.io/name: strapi
+              topologyKey: kubernetes.io/hostname