Refactor GitHub Actions workflows and Terraform configurations for improved deployment and management

- Update Kubernetes deployment workflow to streamline steps and enhance error handling
- Modify destroy workflow to include variable verification and cleanup of GitHub variables
- Enhance Docker build workflow to push images to the correct repositories
- Revise main pipeline to clarify comments and improve readability
- Update Terraform configurations to introduce new variables for namespaces and application name
- Add outputs for application and monitoring namespaces in Terraform
- Create terraform.tfvars for infrastructure configuration
- Adjust ArgoCD application manifests to use dynamic namespace and application name variables
- Update Helm templates to utilize dynamic namespace values

Author: karimzakzouk

.github/workflows/deploy.yml

@@ -1,13 +1,6 @@
 name: Kubernetes Deployment
-
 on:
   workflow_dispatch:
-    inputs:
-      image-tag:
-        description: 'Docker image tag to deploy'
-        required: false
-        default: 'latest'
-        type: string
   workflow_call:
     inputs:
       image-tag:
@@ -26,62 +19,53 @@ jobs:
     name: Deploy to Kubernetes
     runs-on: ubuntu-latest
     environment: production
+    
     steps:
       - name: Checkout Repository
         uses: actions/checkout@v5
-
+        
       - name: Login to AWS
         uses: aws-actions/[email protected]
         with:
           aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
           aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
           aws-region: us-east-1
-
+          
       - name: Update kubeconfig
         run: |
-          aws eks update-kubeconfig --name otel-cluster --region us-east-1 
-
-      - name: Configure kubectl
-        uses: statsig-io/kubectl-via-eksctl@main
-        env:
-          aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-          region: us-east-1
-          cluster: otel-cluster
-
-      # ✅ Deploy Helm Chart with secrets & image tag
-      - name: Deploy Helm Chart via ArgoCD
+          aws eks update-kubeconfig --name ${{ vars.CLUSTER_NAME }} --region us-east-1
+          
+      - name: Create Application Namespace
+        run: |
+          kubectl create namespace ${{ vars.APP_NAMESPACE }} --dry-run=client -o yaml | kubectl apply -f -
+          
+      - name: Deploy Helm Chart
         run: |
-          IMAGE_TAG=${{ inputs.image-tag || github.sha }}
-          helm upgrade --install my-app ./helm \
-            --namespace my-app-namespace \
-            --create-namespace \
+          helm upgrade --install ${{ vars.APP_NAME }} ./helm \
+            --namespace ${{ vars.APP_NAMESPACE }} \
+            --set namespace=${{ vars.APP_NAMESPACE }} \
             --set mongo.uri="${{ secrets.MONGO_URI }}" \
             --set mongo.username="${{ secrets.MONGO_USERNAME }}" \
             --set mongo.password="${{ secrets.MONGO_PASSWORD }}" \
-            --set image.tag="$IMAGE_TAG"
-      - name: Create Application Namespace
-        run: |
-          kubectl create namespace my-app-namespace --dry-run=client -o yaml | kubectl apply -f -
-
-      # ✅ Deploy ArgoCD Application (optional if you want ArgoCD to track)
+            --set image.tag="${{ inputs.image-tag || github.sha }}"
+            
       - name: Deploy ArgoCD Applications
         run: |
-          kubectl apply -f ./argocd/application.yml
+          export APP_NAME=${{ vars.APP_NAME }}
+          export APP_NAMESPACE=${{ vars.APP_NAMESPACE }}
+          export ARGOCD_NAMESPACE=${{ vars.ARGOCD_NAMESPACE }}
+          envsubst < ./argocd/application.yml | kubectl apply -f -
           
       - name: Print Service Endpoints
         run: |
-
-          GRAFANA_PASSWORD=${{secrets.GRAFANA_PASSWORD}}
           echo "================= SERVICE ENDPOINTS ================="
-          echo "ArgoCD:     http://$(kubectl get svc argocd-server -n argocd -o jsonpath='{.status.loadBalancer.ingress[0].hostname}')"
-          echo "Prometheus: http://$(kubectl get svc kube-prometheus-stack-prometheus -n monitoring -o jsonpath='{.status.loadBalancer.ingress[0].hostname}'):9090"
-          echo "Grafana:    http://$(kubectl get svc kube-prometheus-stack-grafana -n monitoring -o jsonpath='{.status.loadBalancer.ingress[0].hostname}')"
-          echo "App:        http://$(kubectl get svc my-app-svc -n my-app-namespace -o jsonpath='{.status.loadBalancer.ingress[0].hostname}')"
-
+          echo "ArgoCD: http://$(kubectl get svc argocd-server -n argocd -o jsonpath='{.status.loadBalancer.ingress[0].hostname}' 2>/dev/null || echo 'Not found')"
+          echo "Prometheus: http://$(kubectl get svc kube-prometheus-stack-prometheus -n monitoring -o jsonpath='{.status.loadBalancer.ingress[0].hostname}' 2>/dev/null || echo 'Not found'):9090"
+          echo "Grafana: http://$(kubectl get svc kube-prometheus-stack-grafana -n monitoring -o jsonpath='{.status.loadBalancer.ingress[0].hostname}' 2>/dev/null || echo 'Not found')"
+          echo "App: http://$(kubectl get svc my-app-svc -n ${{ vars.APP_NAMESPACE }} -o jsonpath='{.status.loadBalancer.ingress[0].hostname}' 2>/dev/null || echo 'Not found')"
           echo "================= DEFAULT CREDENTIALS ================="
           echo "ArgoCD -> Username: admin"
-          echo "ArgoCD -> Password: $(kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath='{.data.password}' | base64 -d)"
+          echo "ArgoCD -> Password: $(kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath='{.data.password}' 2>/dev/null | base64 -d || echo 'Not found')"
           echo "Grafana -> Username: admin"
-          echo "Grafana -> Password: $GRAFANA_PASSWORD"
-          echo "Prometheus -> No login needed (anonymous access by default)"
+          echo "Grafana -> Password: ${{ secrets.GRAFANA_PASSWORD }}"
+          echo "Prometheus -> No login needed (anonymous access by default)"s

.github/workflows/destroy.yml

@@ -1,31 +1,53 @@
 name: Terraform Destroy Workflow
-
 on:
   workflow_dispatch:
 
 jobs:
   terraform-destroy:
     name: Terraform Destroy
     runs-on: ubuntu-latest
-
+    environment: production
+    
     steps:
       - name: Checkout Repository
         uses: actions/checkout@v5
-
+        
+      - name: Verify Variables Available
+        run: |
+          echo "CLUSTER_NAME: ${{ vars.CLUSTER_NAME }}"
+          echo "NAMESPACE: ${{ vars.APP_NAMESPACE }}"
+          echo "MONITORING_NAMESPACE: ${{ vars.MONITORING_NAMESPACE }}"
+          echo "ARGOCD_NAMESPACE: ${{ vars.ARGOCD_NAMESPACE }}"
+          if [[ -z "${{ vars.CLUSTER_NAME }}" ]]; then
+            echo "ERROR: CLUSTER_NAME variable not found. Infrastructure may not be deployed."
+            exit 1
+          fi
+          if [[ -z "${{ vars.APP_NAMESPACE }}" ]]; then
+            echo "ERROR: APP_NAMESPACE variable not found. Infrastructure may not be deployed."
+            exit 1
+          fi
+        
       - name: Login to AWS
         uses: aws-actions/[email protected]
         with:
           aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
           aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
           aws-region: us-east-1
-
+          
       - name: Setup Terraform
         uses: hashicorp/[email protected]
         with:
           terraform_version: 1.5.7
-
+          
       - name: Update kubeconfig
-        run: aws eks update-kubeconfig --name otel-cluster --region us-east-1
+        run: aws eks update-kubeconfig --name ${{ vars.CLUSTER_NAME }} --region us-east-1
+        continue-on-error: true
+        
+      - name: Install Helm
+        uses: azure/[email protected]
+        with:
+          version: v3.14.0
+        continue-on-error: true
 
       # ---------------------------
       # Delete ArgoCD Applications
@@ -34,31 +56,35 @@ jobs:
         run: |
           kubectl delete application my-app -n argocd --ignore-not-found
           kubectl delete application kube-prometheus-stack -n argocd --ignore-not-found
+        continue-on-error: true
 
       # ---------------------------
       # Uninstall Helm Releases
       # ---------------------------
       - name: Uninstall Helm Releases
         run: |
-          helm uninstall my-app -n my-app-namespace || true
-          helm uninstall kube-prometheus-stack -n monitoring || true
-          helm uninstall argocd -n argocd || true
+          helm uninstall my-app -n ${{ vars.APP_NAMESPACE }} || true
+          helm uninstall kube-prometheus-stack -n ${{ vars.MONITORING_NAMESPACE }} || true
+          helm uninstall argocd -n ${{ vars.ARGOCD_NAMESPACE }} || true
+        continue-on-error: true
 
       # ---------------------------
       # Delete Namespaces
       # ---------------------------
       - name: Delete Namespaces
         run: |
-          kubectl delete namespace my-app-namespace --ignore-not-found
-          kubectl delete namespace monitoring --ignore-not-found
-          kubectl delete namespace argocd --ignore-not-found
+          kubectl delete namespace ${{ vars.APP_NAMESPACE }} --ignore-not-found
+          kubectl delete namespace ${{ vars.MONITORING_NAMESPACE }} --ignore-not-found
+          kubectl delete namespace ${{ vars.ARGOCD_NAMESPACE }} --ignore-not-found
+        continue-on-error: true
 
       # ---------------------------
       # Delete CRDs (Prometheus & Grafana)
       # ---------------------------
       - name: Delete CRDs
         run: |
           kubectl get crd -o name | grep -E 'prometheus|grafana|alertmanager|servicemonitor|prometheusrule' | xargs -r kubectl delete || true
+        continue-on-error: true
 
       # ---------------------------
       # Cleanup PVCs & PVs
@@ -67,14 +93,38 @@ jobs:
         run: |
           kubectl delete pvc --all -A || true
           kubectl delete pv --all || true
+        continue-on-error: true
+
+      # ---------------------------
+      # Wait for cleanup to complete
+      # ---------------------------
+      - name: Wait for cleanup
+        run: sleep 30
 
       # ---------------------------
       # Terraform Destroy
       # ---------------------------
       - name: Terraform Init
         run: terraform init
         working-directory: ./Terraform
-
+        
+      - name: Terraform Destroy Plan
+        run: terraform plan -destroy
+        working-directory: ./Terraform
+        
       - name: Terraform Destroy
         run: terraform destroy -auto-approve
         working-directory: ./Terraform
+
+      # ---------------------------
+      # Clean up GitHub Variables
+      # ---------------------------
+      - name: Remove GitHub repository variables
+        run: |
+          gh variable delete CLUSTER_NAME --repo $GITHUB_REPOSITORY || true
+          gh variable delete APP_NAMESPACE --repo $GITHUB_REPOSITORY || true
+          gh variable delete MONITORING_NAMESPACE --repo $GITHUB_REPOSITORY || true
+          gh variable delete ARGOCD_NAMESPACE --repo $GITHUB_REPOSITORY || true
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        continue-on-error: true

.github/workflows/docker.yml

@@ -44,13 +44,15 @@ jobs:
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Build Docker Image
+      - name: Build and push Docker image
         uses: docker/build-push-action@v6
         with:
-          push: false
+          context: .
+          push: true
           tags: |
-            docker.io/${{ secrets.DOCKER_USERNAME }}/graduation-project-devops:${{ github.sha }}
-            ghcr.io/${{ secrets.DOCKER_USERNAME }}/graduation-project-devops:${{ github.sha }}
+            docker.io/${{ secrets.DOCKER_USERNAME }}/${{ github.event.repository.name }}:${{ github.sha }}
+            ghcr.io/${{ github.repository_owner }}/${{ github.event.repository.name }}:${{ github.sha }}
+
 
       - name: Test Docker Image
         run: |
@@ -67,7 +69,7 @@ jobs:
             -e MONGO_URI="$MONGO_URI" \
             -e MONGO_USERNAME="$MONGO_USERNAME" \
             -e MONGO_PASSWORD="$MONGO_PASSWORD" \
-            ghcr.io/${{ secrets.DOCKER_USERNAME }}/graduation-project-devops:${{ github.sha }}
+            ghcr.io/${{ github.repository_owner }}/${{ github.event.repository.name }}:${{ github.sha }}
 
           # Wait for container to start
           sleep 15
@@ -99,14 +101,16 @@ jobs:
         if: ${{ inputs.push-image != false }}
         uses: docker/build-push-action@v6
         with:
+          context: .
           push: true
           tags: |
-            docker.io/${{ secrets.DOCKER_USERNAME }}/graduation-project-devops:${{ github.sha }}
-            ghcr.io/${{ secrets.DOCKER_USERNAME }}/graduation-project-devops:${{ github.sha }}
+            docker.io/${{ secrets.DOCKER_USERNAME }}/${{ github.event.repository.name }}:${{ github.sha }}
+            ghcr.io/${{ github.repository_owner }}/${{ github.event.repository.name }}:${{ github.sha }}
+
       - name: Update Helm values with new image tag
         run: |
-          sed -i "s|tag: \".*\"|tag: \"${{ github.sha }}\"|g" ./helm/values.yaml
-          
+          sed -i "s|repository: .*|repository: docker.io/${{ secrets.DOCKER_USERNAME }}/${{ github.event.repository.name }}|g" ./helm/values.yaml
+
       - name: Commit updated image tag
         run: |
           git config --local user.email "[email protected]"

.github/workflows/main-pipeline.yml

@@ -1,6 +1,6 @@
 name: Solar System - Main Pipeline
 on:
-  push:                     # ← ADDED: Auto-trigger on push
+  push:                     # Auto-trigger on push
     branches: [main]
   workflow_dispatch:
     inputs:
@@ -24,7 +24,7 @@ on:
         required: false
         default: false
         type: boolean
-      force-all:              # ← ADDED: Force all workflows
+      force-all:              # Force all workflows
         description: 'Force run all workflows (ignore path detection)'
         required: false
         default: false
@@ -37,7 +37,7 @@ permissions:
   actions: read
 
 jobs:
-  # ← NEW: Detect what changed
+  # Detect what changed
   detect-changes:
     name: Detect Changes
     runs-on: ubuntu-latest