Refactor deployment workflow to streamline Helm chart deployment and remove redundant environment variable definitions for MongoDB secrets

Author: karimzakzouk

.github/workflows/deploy.yml

@@ -27,7 +27,7 @@ jobs:
     runs-on: ubuntu-latest
     environment: production
     permissions:
-      contents: write  # Allow writing to repository
+      contents: write
       actions: read
 
     steps:
@@ -53,25 +53,22 @@ jobs:
           region: us-east-1
           cluster: otel-cluster
 
-
-      - name: Create Base64-encoded K8s Secret
+      # ✅ Deploy Helm Chart with secrets & image tag
+      - name: Deploy Helm Chart via ArgoCD
         run: |
-          kubectl apply -f - <<EOF
-          apiVersion: v1
-          kind: Secret
-          metadata:
-            name: mongo-secrets
-          type: Opaque
-          data:
-            MONGO_URI: $(echo -n "${{ secrets.MONGO_URI }}" | base64)
-            MONGO_USERNAME: $(echo -n "${{ secrets.MONGO_USERNAME }}" | base64)
-            MONGO_PASSWORD: $(echo -n "${{ secrets.MONGO_PASSWORD }}" | base64)
-          EOF
+          IMAGE_TAG=${{ inputs.image-tag || github.sha }}
+          helm upgrade --install my-app ./helm \
+            --namespace my-app-namespace \
+            --create-namespace \
+            --set mongo.uri="${{ secrets.MONGO_URI }}" \
+            --set mongo.username="${{ secrets.MONGO_USERNAME }}" \
+            --set mongo.password="${{ secrets.MONGO_PASSWORD }}" \
+            --set image.tag="$IMAGE_TAG"
 
+      # ✅ Update values.yaml for ArgoCD tracking
       - name: Update Helm values with new image tag
         run: |
           IMAGE_TAG=${{ inputs.image-tag || github.sha }}
-          # Update the image tag in values.yaml for ArgoCD to pick up
           sed -i "s|tag: \".*\"|tag: \"$IMAGE_TAG\"|g" ./helm/values.yaml
           
       - name: Commit updated image tag
@@ -83,17 +80,18 @@ jobs:
           git push https://${{ github.actor }}:${{ secrets.GITHUB_TOKEN }}@github.com/${{ github.repository }}.git
       
       - name: Create Application Namespace
-        if: ${{ inputs.terraform-action == 'apply' || inputs.terraform-action == '' }}
         run: |
           kubectl create namespace my-app-namespace --dry-run=client -o yaml | kubectl apply -f -
 
+      # ✅ Deploy ArgoCD Application (optional if you want ArgoCD to track)
       - name: Deploy ArgoCD Applications
-        if: ${{ inputs.terraform-action == 'apply' || inputs.terraform-action == '' }}
         run: |
           kubectl apply -f ./argocd/application.yml
           
       - name: Print Service Endpoints
         run: |
+
+          GRAFANA_PASSWORD=${{secrets.GRAFANA_PASSWORD}}
           echo "================= SERVICE ENDPOINTS ================="
           echo "ArgoCD:     http://$(kubectl get svc argocd-server -n argocd -o jsonpath='{.status.loadBalancer.ingress[0].hostname}')"
           echo "Prometheus: http://$(kubectl get svc kube-prometheus-stack-prometheus -n monitoring -o jsonpath='{.status.loadBalancer.ingress[0].hostname}'):9090"
@@ -104,5 +102,5 @@ jobs:
           echo "ArgoCD -> Username: admin"
           echo "ArgoCD -> Password: $(kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath='{.data.password}' | base64 -d)"
           echo "Grafana -> Username: admin"
-          echo "Grafana -> Password: $(kubectl get secret kube-prometheus-stack-grafana -n monitoring -o jsonpath='{.data.admin-password}' | base64 -d)"
+          echo "Grafana -> Password: $GRAFANA_PASSWORD"
           echo "Prometheus -> No login needed (anonymous access by default)"

helm/templates/secrets.yaml

@@ -8,19 +8,3 @@ stringData:
   MONGO_URI: {{ .Values.mongo.uri }}
   MONGO_USERNAME: {{ .Values.mongo.username }}
   MONGO_PASSWORD: {{ .Values.mongo.password }}
-env:
-  - name: MONGO_URI
-    valueFrom:
-      secretKeyRef:
-        name: mongo-secrets
-        key: MONGO_URI
-  - name: MONGO_USERNAME
-    valueFrom:
-      secretKeyRef:
-        name: mongo-secrets
-        key: MONGO_USERNAME
-  - name: MONGO_PASSWORD
-    valueFrom:
-      secretKeyRef:
-        name: mongo-secrets
-        key: MONGO_PASSWORD

helm/values.yaml

@@ -12,6 +12,6 @@ service:
   targetPort: 3000
 
 mongo:
-  uri: "YOUR_URI"
-  username: "YOUR_USERNAME"
-  password: "YOUR_PASSWORD"
+  uri: ""       
+  username: ""   
+  password: ""