Add ArgoCD and Monitoring workflows, refactor CI and deployment scripts for improved structure and clarity

Author: karimzakzouk

.github/workflows/argocd.yml

@@ -0,0 +1,68 @@
+name: ArgoCD Deployment
+on:
+  workflow_dispatch:
+  workflow_call:
+    inputs:
+      image-tag:
+        description: 'Docker image tag to deploy'
+        required: false
+        default: ''
+        type: string
+
+jobs:
+  argocd:
+    name: ArgoCD & Monitoring Deployment
+    runs-on: ubuntu-latest
+    environment: production
+
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v5
+
+      - name: Login to AWS
+        uses: aws-actions/[email protected]
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: us-east-1
+
+      - name: Update kubeconfig
+        run: aws eks update-kubeconfig --name ${{ vars.CLUSTER_NAME }} --region us-east-1
+
+      - name: Install Helm
+        uses: azure/[email protected]
+        with:
+          version: v3.14.0
+
+      - name: Add ArgoCD Helm Repo
+        run: |
+          helm repo add argo https://argoproj.github.io/argo-helm
+          helm repo update
+
+      - name: Install/Upgrade ArgoCD
+        run: |
+          helm upgrade --install argocd argo/argo-cd \
+            --namespace ${{ vars.ARGOCD_NAMESPACE }} \
+            --create-namespace \
+            --set server.service.type=LoadBalancer \
+            --wait
+
+      - name: Create Application Namespace
+        run: |
+          kubectl create namespace ${{ vars.APP_NAMESPACE }} --dry-run=client -o yaml | kubectl apply -f -
+          
+      - name: Deploy Helm Chart
+        run: |
+          helm upgrade --install ${{ vars.APP_NAME }} ./helm \
+            --namespace ${{ vars.APP_NAMESPACE }} \
+            --set mongo.uri="${{ secrets.MONGO_URI }}" \
+            --set mongo.username="${{ secrets.MONGO_USERNAME }}" \
+            --set mongo.password="${{ secrets.MONGO_PASSWORD }}" \
+            --set image.tag="${{ inputs.image-tag || github.sha }}"
+            
+      - name: Deploy ArgoCD Applications
+        run: |
+          export APP_NAME=${{ vars.APP_NAME }}
+          export APP_NAMESPACE=${{ vars.APP_NAMESPACE }}
+          export ARGOCD_NAMESPACE=${{ vars.ARGOCD_NAMESPACE }}
+          envsubst < ./argocd/application.yml | kubectl apply -f -

.github/workflows/ci.yml

@@ -8,11 +8,6 @@ on:
         description: "Test execution result"
         value: ${{ jobs.code-coverage.outputs.result }}
 
-env:
-  MONGO_URI: ${{ secrets.MONGO_URI }}
-  MONGO_USERNAME: ${{ secrets.MONGO_USERNAME }}
-  MONGO_PASSWORD: ${{ secrets.MONGO_PASSWORD }}
-
 jobs:
   unit-testing:
     name: Unit Testing

.github/workflows/deploy.yml

@@ -6,14 +6,9 @@ on:
       image-tag:
         description: 'Docker image tag to deploy'
         required: false
-        default: 'latest'
+        default: ''
         type: string
 
-env:
-  MONGO_URI: ${{ secrets.MONGO_URI }}
-  MONGO_USERNAME: ${{ secrets.MONGO_USERNAME }}
-  MONGO_PASSWORD: ${{ secrets.MONGO_PASSWORD }}
-
 jobs:
   deploy:
     name: Deploy to Kubernetes
@@ -53,27 +48,4 @@ jobs:
           export APP_NAME=${{ vars.APP_NAME }}
           export APP_NAMESPACE=${{ vars.APP_NAMESPACE }}
           export ARGOCD_NAMESPACE=${{ vars.ARGOCD_NAMESPACE }}
-          envsubst < ./argocd/application.yml | kubectl apply -f -
-          
-      - name: Print Service Endpoints
-        run: |
-          echo "================= SERVICE ENDPOINTS ================="
-          
-          ARGOCD_HOST=$(kubectl get svc argocd-server -n ${{ vars.ARGOCD_NAMESPACE }} -o jsonpath='{.status.loadBalancer.ingress[0].hostname}' 2>/dev/null || echo 'Not found')
-          PROM_HOST=$(kubectl get svc kube-prometheus-stack-prometheus -n ${{ vars.MONITORING_NAMESPACE }} -o jsonpath='{.status.loadBalancer.ingress[0].hostname}' 2>/dev/null || echo 'Not found')
-          GRAFANA_HOST=$(kubectl get svc kube-prometheus-stack-grafana -n ${{ vars.MONITORING_NAMESPACE }} -o jsonpath='{.status.loadBalancer.ingress[0].hostname}' 2>/dev/null || echo 'Not found')
-          APP_HOST=$(kubectl get svc ${{ vars.APP_NAME }}-svc -n ${{ vars.APP_NAMESPACE }} -o jsonpath='{.status.loadBalancer.ingress[0].hostname}' 2>/dev/null || echo 'Not found')
-          
-          echo "ArgoCD: http://$ARGOCD_HOST"
-          echo "Prometheus: http://$PROM_HOST:9090"
-          echo "Grafana: http://$GRAFANA_HOST"
-          echo "App: http://$APP_HOST"
-          
-          echo "================= DEFAULT CREDENTIALS ================="
-          ARGOCD_PASS=$(kubectl -n ${{ vars.ARGOCD_NAMESPACE }} get secret argocd-initial-admin-secret -o jsonpath='{.data.password}' 2>/dev/null | base64 -d || echo 'Not found')
-          
-          echo "ArgoCD -> Username: admin"
-          echo "ArgoCD -> Password: $ARGOCD_PASS"
-          echo "Grafana -> Username: admin"
-          echo "Grafana -> Password: ${{ secrets.GRAFANA_PASSWORD }}"
-          echo "Prometheus -> No login needed (anonymous access by default)"
+          envsubst < ./argocd/application.yml | kubectl apply -f -

.github/workflows/docker.yml

@@ -3,21 +3,6 @@ name: Docker Build and Push
 on:
   workflow_dispatch:
   workflow_call:
-    inputs:
-      push-image:
-        description: 'Whether to push the Docker image'
-        required: false
-        default: true
-        type: boolean
-    outputs:
-      image-tag:
-        description: "Docker image tag"
-        value: ${{ jobs.docker-build.outputs.image-tag }}
-
-env:
-  MONGO_URI: ${{ secrets.MONGO_URI }}
-  MONGO_USERNAME: ${{ secrets.MONGO_USERNAME }}
-  MONGO_PASSWORD: ${{ secrets.MONGO_PASSWORD }}
 
 jobs:
   docker-build:
@@ -48,7 +33,7 @@ jobs:
         uses: docker/build-push-action@v6
         with:
           context: .
-          push: true
+          push: false
           tags: |
             docker.io/${{ secrets.DOCKER_USERNAME }}/${{ github.event.repository.name }}:${{ github.sha }}
             ghcr.io/${{ github.repository_owner }}/${{ github.event.repository.name }}:${{ github.sha }}
@@ -60,15 +45,15 @@ jobs:
           
           # Debug: Check if secrets are available
           echo "Checking environment variables:"
-          echo "MONGO_URI length: ${#MONGO_URI}"
+          echo "MONGO_URI length: ${#${{ secrets.MONGO_URI }}}"
           echo "MONGO_USERNAME: $MONGO_USERNAME"
           
           # Start the container
           docker run --name solar-system-app -d \
             -p 3000:3000 \
-            -e MONGO_URI="$MONGO_URI" \
-            -e MONGO_USERNAME="$MONGO_USERNAME" \
-            -e MONGO_PASSWORD="$MONGO_PASSWORD" \
+            -e MONGO_URI="${{ secrets.MONGO_URI }}" \
+            -e MONGO_USERNAME="${{ secrets.MONGO_USERNAME }}" \
+            -e MONGO_PASSWORD="${{ secrets.MONGO_PASSWORD }}" \
             ghcr.io/${{ github.repository_owner }}/${{ github.event.repository.name }}:${{ github.sha }}
 
           # Wait for container to start
@@ -98,7 +83,6 @@ jobs:
           fi
 
       - name: Push Docker Image
-        if: ${{ inputs.push-image != false }}
         uses: docker/build-push-action@v6
         with:
           context: .

.github/workflows/main-pipeline.yml

@@ -19,8 +19,18 @@ on:
         required: false
         default: false
         type: boolean
+      skip-argocd:
+        description: 'Skip ArgoCD deployment'
+        required: false
+        default: false
+        type: boolean
+      skip-monitoring:
+        description: 'Skip Monitoring deployment'
+        required: false
+        default: false
+        type: boolean
       skip-deployment:
-        description: 'Skip Kubernetes deployment'
+        description: 'Skip Application deployment'
         required: false
         default: false
         type: boolean
@@ -44,8 +54,10 @@ jobs:
     outputs:
       app-changed: ${{ steps.changes.outputs.app }}
       terraform-changed: ${{ steps.changes.outputs.terraform }}
-      k8s-changed: ${{ steps.changes.outputs.k8s }}
-      any-changed: ${{ steps.changes.outputs.app == 'true' || steps.changes.outputs.terraform == 'true' || steps.changes.outputs.k8s == 'true' }}
+      argocd-changed: ${{ steps.changes.outputs.argocd }}
+      deployment-changed: ${{ steps.changes.outputs.deployment }}
+      monitoring-changed: ${{ steps.changes.outputs.monitoring }}
+      any-changed: ${{ steps.changes.outputs.app == 'true' || steps.changes.outputs.terraform == 'true' || steps.changes.outputs.argocd == 'true' || steps.changes.outputs.deployment == 'true' || steps.changes.outputs.monitoring == 'true' }}
     steps:
       - name: Checkout
         uses: actions/checkout@v5
@@ -69,15 +81,23 @@ jobs:
               - '.github/workflows/docker.yml'
             terraform:
               - 'Terraform/**'
+              - 'terraform.tfvars'
               - '.github/workflows/terraform.yml'
-            k8s:
+            argocd:
               - 'argocd/**'
+              - '.github/workflows/argocd.yml'
+            deployment:
+              - 'argocd/application.yml'
               - '.github/workflows/deploy.yml'
+            monitoring:
+              - 'argocd/monitoring.yml'
+              - '.github/workflows/monitoring.yml'
 
+  # App changes: CI + Docker only
   ci:
     name: Run CI Tests
     needs: [detect-changes]
-    if: ${{ !inputs.skip-tests && (inputs.force-all || needs.detect-changes.outputs.app-changed == 'true' || github.event_name == 'workflow_dispatch') }}
+    if: ${{ !inputs.skip-tests && (inputs.force-all || needs.detect-changes.outputs.app-changed == 'true') }}
     uses: ./.github/workflows/ci.yml
     secrets: inherit
     permissions:
@@ -88,7 +108,7 @@ jobs:
 
   docker:
     name: Build Docker Image
-    if: ${{ !inputs.skip-docker && (success() || inputs.skip-tests) && (inputs.force-all || needs.detect-changes.outputs.app-changed == 'true' || github.event_name == 'workflow_dispatch') }}
+    if: ${{ !inputs.skip-docker && (success() || inputs.skip-tests) && (inputs.force-all || needs.detect-changes.outputs.app-changed == 'true') }}
     needs: [ci, detect-changes]
     permissions:
       contents: write
@@ -100,10 +120,11 @@ jobs:
     with:
       push-image: true
 
+  # Terraform changes: Terraform + ArgoCD + Deploy + Monitoring
   terraform:
     name: Deploy Infrastructure
-    if: ${{ !inputs.skip-terraform && (success() || (inputs.skip-tests && inputs.skip-docker)) && (inputs.force-all || needs.detect-changes.outputs.terraform-changed == 'true' || github.event_name == 'workflow_dispatch') }}
-    needs: [docker, detect-changes]
+    if: ${{ !inputs.skip-terraform && (inputs.force-all || needs.detect-changes.outputs.terraform-changed == 'true') }}
+    needs: [detect-changes]
     uses: ./.github/workflows/terraform.yml
     secrets: inherit
     permissions:
@@ -114,16 +135,52 @@ jobs:
     with:
       terraform-action: 'apply'
 
-  deploy:
+  # ArgoCD changes OR when terraform changes
+  argocd:
+    name: Deploy ArgoCD Applications
+    if: ${{ !inputs.skip-argocd && (inputs.force-all || needs.detect-changes.outputs.terraform-changed == 'true' || needs.detect-changes.outputs.argocd-changed == 'true') }} 
+    needs: [detect-changes, terraform]
+    uses: ./.github/workflows/argocd.yml
+    secrets: inherit
+    permissions:
+      contents: write
+      packages: write
+      id-token: write
+      actions: read
+
+  # Deploy when: terraform changes OR application.yml changes
+  deployment:
     name: Deploy Application
-    if: ${{ !inputs.skip-deployment && (success() || (inputs.skip-tests && inputs.skip-docker && inputs.skip-terraform)) && (inputs.force-all || needs.detect-changes.outputs.k8s-changed == 'true' || needs.detect-changes.outputs.app-changed == 'true' || github.event_name == 'workflow_dispatch') }}
-    needs: [terraform, docker, detect-changes]
+    if: ${{ !inputs.skip-deployment && (inputs.force-all || needs.detect-changes.outputs.terraform-changed == 'true' || needs.detect-changes.outputs.deployment-changed == 'true') }}
+    needs: [detect-changes, argocd]
     uses: ./.github/workflows/deploy.yml
     secrets: inherit
     permissions:
       contents: write
       packages: write
       id-token: write
       actions: read
-    with:
-      image-tag: ${{ github.sha }}
+
+  # Monitoring when: terraform changes OR monitoring.yml changes  
+  monitoring:
+    name: Deploy Monitoring Stack
+    if: ${{ !inputs.skip-monitoring && (inputs.force-all || needs.detect-changes.outputs.terraform-changed == 'true' || needs.detect-changes.outputs.monitoring-changed == 'true') }}
+    needs: [detect-changes, argocd]
+    uses: ./.github/workflows/monitoring.yml
+    secrets: inherit
+    permissions:
+      contents: write
+      packages: write
+      id-token: write
+      actions: read
+
+  # Print service endpoints when any deployment happens
+  show-endpoints:
+    name: Show Service Endpoints
+    if: always() && needs.detect-changes.outputs.any-changed == 'true' && (needs.argocd.result == 'success' || needs.deployment.result == 'success' || needs.monitoring.result == 'success')
+    needs: [detect-changes, argocd, deployment, monitoring]
+    uses: ./.github/workflows/endpoints.yml
+    secrets: inherit
+    permissions:
+      contents: read
+      id-token: write

.github/workflows/monitoring.yml

@@ -0,0 +1,38 @@
+name: Monitoring Deployment
+on:
+  workflow_dispatch:
+
+jobs:
+  monitoring:
+    name: Deploy Monitoring Stack
+    runs-on: ubuntu-latest
+    environment: production
+
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v5
+
+      - name: Login to AWS
+        uses: aws-actions/[email protected]
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: us-east-1
+
+      - name: Update kubeconfig
+        run: aws eks update-kubeconfig --name ${{ vars.CLUSTER_NAME }} --region us-east-1
+
+      - name: Create Grafana Secret
+        run: |
+          kubectl create namespace ${{ vars.MONITORING_NAMESPACE }} --dry-run=client -o yaml | kubectl apply -f -
+          kubectl create secret generic grafana-admin-secret \
+            --from-literal=admin-user=admin \
+            --from-literal=admin-password='${{ secrets.GRAFANA_ADMIN_PASSWORD }}' \
+            --namespace ${{ vars.MONITORING_NAMESPACE }} \
+            --dry-run=client -o yaml | kubectl apply -f -
+
+      - name: Deploy Monitoring
+        run: |
+          export MONITORING_NAMESPACE=${{ vars.MONITORING_NAMESPACE }}
+          export ARGOCD_NAMESPACE=${{ vars.ARGOCD_NAMESPACE }}
+          envsubst < ./argocd/monitoring.yml | kubectl apply -f -