New way provision of provision has been introduced.

.github/workflows/deploy-deps-on-kubernetes.yml

@@ -5,34 +5,28 @@ on:
         environment:
           description: "Target environment"
           required: true
-          default: "demo"
+          default: "dev"
           type: choice
           options:
             - dev
-            - demo
+
 jobs:
   deploy:
     env:
-      ENV: ${{ github.event.inputs.environment }}
-    # TODO: Add option to choose between self-hosted and default runners
+      ENV: ${{ inputs.environment }}
     runs-on: [self-hosted]
-    # TEMPORARY COMMENTED
-    # environment: ${{ github.event.inputs.environment }}
-
     steps:
-      # FYI: Repository is needed only due to single file: infrastructure/dev/dependenciess/values.yaml
-      - name: Checkout repo
-        uses: actions/checkout@v4
-
-      - name: Print deployment parameters
+      - name: 
         run: |
-          echo "Environment: $ENV"
-
-      - name: Deploy with Helm
+          helm upgrade --install traefik oci://ghcr.io/traefik/helm/traefik \
+            --namespace traefik \
+            --create-namespace \
+            -f https://raw.githubusercontent.com/opencrvs/infrastructure/refs/heads/k8s-provision/examples/${ENV}/traefik/values.yaml
+      - name: Install OpenCRVS dependencies
         run: |
           helm upgrade --install opencrvs-deps oci://ghcr.io/opencrvs/opencrvs-dependencies-chart \
             --namespace "opencrvs-deps-${ENV}" \
-            -f examples/${ENV}/dependencies/values.yaml \
+            -f https://raw.githubusercontent.com/opencrvs/infrastructure/refs/heads/k8s-provision/examples/${ENV}/dependencies/values.yaml \
             --create-namespace \
-            --atomic \
-            --set environment="$ENV"
+            --set storage_type=host_path \
+            --atomic

.github/workflows/deploy-on-kubernetes.yml

@@ -1,6 +1,16 @@
-name: Deploy Application on k8s
-run-name: "Deploy OpenCRVS on k8s (core: ${{ inputs.core-image-tag }}, country: ${{ inputs.countryconfig-image-tag }})"
+name: Deploy OpenCRVS
+run-name: "Deploy OpenCRVS (core: ${{ inputs.core-image-tag }}, country: ${{ inputs.countryconfig-image-tag }})"
 on:
+    workflow_call:
+      inputs:
+        core-image-tag:
+          type: string
+        countryconfig-image-tag:
+          type: string
+        environment:
+          type: string
+        reset:
+          type: boolean
     workflow_dispatch:
       inputs:
         core-image-tag:
@@ -14,64 +24,85 @@ on:
         environment:
           description: "Target environment"
           required: true
-          default: "demo"
-          type: string
-    workflow_call:
-      inputs:
-        core-image-tag:
-          type: string
-        countryconfig-image-tag:
-          type: string
-        environment:
-          type: string
-
+          default: "dev"
+          type: choice
+          options:
+            - dev
+        reset:
+          description: "Reset environment after deploy"
+          required: false
+          default: false
+          type: boolean
 jobs:
   deploy:
+    environment: ${{ inputs.environment }}
     env:
       ENV: ${{ inputs.environment }}
+      BRANCH: ${{ github.ref_name }}
       CORE_IMAGE_TAG: ${{ inputs.core-image-tag }}
       COUNTRYCONFIG_IMAGE_TAG: ${{ inputs.countryconfig-image-tag }}
     runs-on: [self-hosted]
-    # runs-on: ubuntu-latest
-
     steps:
-      # FYI: Repository is needed only due to single file: examples/dev/opencrvs-services/values.yaml
-      - name: Checkout repo
-        uses: actions/checkout@v4
-
+      - name: Generate summary
+        run: |
+          echo "Deploying environment to https://${{ vars.DOMAIN }}" >> $GITHUB_STEP_SUMMARY
+          echo "Core image tag: ${{ inputs.core-image-tag }}" >> $GITHUB_STEP_SUMMARY
+          echo "Country config image tag: ${{ inputs.countryconfig-image-tag }}" >> $GITHUB_STEP_SUMMARY
+          echo "Reset environment: ${{ inputs.reset }}" >> $GITHUB_STEP_SUMMARY
       - name: Print deployment parameters
         run: |
           echo "Environment: $ENV"
           echo "Core Image: $CORE_IMAGE_TAG"
           echo "Country Config Image: $COUNTRYCONFIG_IMAGE_TAG"
-      - name: Create namespace
+          echo "base_ref: ${{ github.base_ref }}"
+          echo "branch: ${BRANCH}"
+      - name: Deploy OpenCRVS MOSIP API
         run: |
-          kubectl create namespace opencrvs-${ENV} || echo "Namespace already exists"
+          helm upgrade --install mosip-api oci://ghcr.io/opencrvs/opencrvs-mosip \
+          --namespace "opencrvs-${ENV}" \
+          -f https://raw.githubusercontent.com/opencrvs/infrastructure/refs/heads/k8s-provision/examples/${ENV}/mosip-api/values.yaml \
+          --set hostname=$ENV.k8s-e2e.opencrvs.dev \
+          --create-namespace \
+          --atomic
       - name: Copy secrets from dependencies into application namespace
         run: |
           secrets=(
             "elasticsearch-admin-user"
             "redis-opencrvs-users"
             "minio-opencrvs-users"
             "mongodb-admin-user"
+            "postgres-admin-user"
           )
           for secret in "${secrets[@]}"; do
-            kubectl get secret $secret -n opencrvs-deps-e2e -o yaml \
-            | sed "s#namespace: opencrvs-deps-e2e#namespace: opencrvs-${ENV}#" \
+            kubectl get secret $secret -n opencrvs-deps-${ENV} -o yaml \
+            | sed "s#namespace: opencrvs-deps-${ENV}#namespace: opencrvs-${ENV}#" \
             | grep -vE 'resourceVersion|uid|creationTimestamp' \
             | kubectl apply -n opencrvs-${ENV} -f - \
-            || echo "Secret $secret doesn't exist in opencrvs-deps-e2e namespace"
+            || echo "Secret $secret doesn't exist in opencrvs-deps-${ENV} namespace"
           done
-      # FIXME:
-      # In generic workflow we should use environment variables or ...
-      # but not examples/e2e/opencrvs-services/values.yaml
       - name: Deploy with Helm
         run: |
           helm upgrade --install opencrvs oci://ghcr.io/opencrvs/opencrvs-services \
+            --timeout 15m \
             --namespace "opencrvs-${ENV}" \
-            -f examples/e2e/opencrvs-services/values.yaml \
+            -f https://raw.githubusercontent.com/opencrvs/infrastructure/refs/heads/k8s-provision/examples/${ENV}/opencrvs-services/values.yaml \
             --create-namespace \
+            --atomic \
             --set image.tag="$CORE_IMAGE_TAG" \
             --set countryconfig.image.tag="$COUNTRYCONFIG_IMAGE_TAG" \
-            --set hostname=$ENV.k8s-e2e.opencrvs.dev \
-            --set environment="$ENV"
+            --set hostname=${{ vars.DOMAIN }}
+      - name: Cleanup Helm Locks
+        if: failure() || cancelled()
+        run: |
+          kubectl -n "opencrvs-${ENV}" get secrets -l owner=helm -o json | \
+          jq -r '.items[] | select(.metadata.labels.status=="pending-install" or .metadata.labels.status=="pending-upgrade") | .metadata.name' | \
+          xargs -r kubectl -n "opencrvs-${ENV}" delete secret || \
+          echo "No helm locks found, all is good"
+
+  reset-data:
+    if: ${{ inputs.reset }}
+    needs: deploy
+    uses: ./.github/workflows/k8s-reset-data.yml
+    with:
+      namespace: "opencrvs-${{ inputs.environment }}"
+    secrets: inherit

.github/workflows/k8s-reset-data.yml

@@ -0,0 +1,80 @@
+name: Reset environment (k8s)
+run-name: "Reset environment (namespace: ${{ inputs.namespace }})"
+# FIXME:
+# - replace sleep 30 with kubectl wait for job completion
+on:
+    workflow_dispatch:
+      inputs:
+        namespace:
+          description: "Target namespace"
+          required: true
+          type: string
+    workflow_call:
+      inputs:
+        namespace:
+          type: string
+jobs:
+  reset:
+    env:
+      namespace: ${{ inputs.namespace }}
+    runs-on: [self-hosted]
+    steps:
+        - name: Get helm release values
+          run: helm get values opencrvs -n ${namespace} > ${namespace}.yaml
+        - name: Cleanup environment
+          run: |
+            kubectl delete job -n ${namespace} --ignore-not-found=true data-cleanup
+            helm template -f ${namespace}.yaml \
+                --set data_cleanup.enabled=true \
+                --namespace ${namespace} \
+                -s templates/data-cleanup-job.yaml \
+                oci://ghcr.io/opencrvs/opencrvs-services | kubectl apply -n ${namespace} --wait=true -f -
+            sleep 30;
+            kubectl logs job/data-cleanup -f --all-containers=true -n ${namespace} || true
+            kubectl wait --for=condition=complete job/data-cleanup -n ${namespace} --timeout=600s;
+            kubectl delete pod -n ${namespace} -lapp=events;
+            kubectl wait --for=condition=ready pod -n ${namespace} -lapp=events;
+        - name: Re-run postgres on-deploy
+          run: |
+            kubectl delete job -n ${namespace} --ignore-not-found=true postgres-on-deploy;
+            helm template -f ${namespace}.yaml \
+                -s templates/postgres-on-update.yaml \
+                --namespace ${namespace} \
+                oci://ghcr.io/opencrvs/opencrvs-services | kubectl apply -n ${namespace} --wait=true -f -;
+            sleep 30;
+            kubectl logs job/postgres-on-deploy -f --all-containers=true -n ${namespace};
+            kubectl wait --for=condition=complete job/postgres-on-deploy -n ${namespace} --timeout=600s;
+        - name: Migration
+          run: |
+            kubectl delete job -n ${namespace} --ignore-not-found=true data-migration
+            helm template -f ${namespace}.yaml \
+                -s templates/data-migration-job.yaml \
+                --namespace ${namespace} \
+                oci://ghcr.io/opencrvs/opencrvs-services | kubectl apply -n ${namespace} --wait=true -f -
+            sleep 30;
+            kubectl logs job/data-migration -f -n ${namespace} || true
+            kubectl wait --for=condition=complete job/data-migration -n ${namespace} --timeout=600s;
+        - name: Re-run postgres on-deploy
+          run: |
+            kubectl delete job -n ${namespace} --ignore-not-found=true postgres-on-deploy;
+            helm template -f ${namespace}.yaml \
+                -s templates/postgres-on-update.yaml \
+                --namespace ${namespace} \
+                oci://ghcr.io/opencrvs/opencrvs-services | kubectl apply -n ${namespace} --wait=true -f -;
+            sleep 30;
+            kubectl logs job/postgres-on-deploy -f --all-containers=true -n ${namespace};
+            kubectl wait --for=condition=complete job/postgres-on-deploy -n ${namespace} --timeout=600s;
+        - name: Seeding data
+          run: |
+            kubectl delete job -n ${namespace} --ignore-not-found=true data-seed
+            kubectl delete pod -n ${namespace} -lapp=events;
+            kubectl wait --for=condition=ready pod -n ${namespace} -lapp=events;
+            helm template  -f ${namespace}.yaml \
+                --set data_seed.enabled=true \
+                --namespace ${namespace} \
+                -s templates/data-seed-job.yaml \
+                oci://ghcr.io/opencrvs/opencrvs-services | kubectl apply -n ${namespace} --wait -f -
+            sleep 30;
+            kubectl logs job/data-seed -f -n ${namespace} || true
+            kubectl wait --for=condition=complete job/data-seed -n ${namespace} --timeout=600s;
+            kubectl delete pod -n ${namespace} -lapp=events;

.github/workflows/k8s-seed-data.yml

@@ -0,0 +1,50 @@
+name: Seed data (k8s)
+run-name: Seed data to ${{ inputs.environment }} core=${{ inputs.core-image-tag }}
+on:
+    workflow_dispatch:
+      inputs:
+        core-image-tag:
+          description: "Core image tag"
+          required: true
+          default: "develop"
+          type: string        
+        environment:
+          description: "Target environment"
+          required: true
+          default: "demo"
+          type: string
+    workflow_call:
+      inputs:
+        environment:
+          required: true
+          type: string
+        core-image-tag:
+          required: true
+          type: string
+jobs:
+  seed:
+    env:
+      ENV: ${{ inputs.environment }}
+      CORE_IMAGE_TAG: ${{ inputs.core-image-tag }}
+    runs-on: [self-hosted]
+    steps:
+        # FYI: Checkout is needed only due to single file: k8s-env/opencrvs/values.yaml
+        - name: Checkout repo
+          uses: actions/checkout@v4
+        - name: Get values from deployed release
+          run: helm get values opencrvs --namespace opencrvs-${ENV} > values-${ENV}.yaml
+        - name: Seeding data
+          run: |
+            kubectl delete job -n opencrvs-${ENV} data-seed || true
+            kubectl delete pod -n opencrvs-${ENV} -lapp=events;
+            sleep 30;
+            kubectl wait --for=condition=ready pod -n opencrvs-${ENV} -lapp=events;
+            helm template -f values-${ENV}.yaml \
+                --set data_seed.enabled=true \
+                --namespace opencrvs-${ENV} \
+                -s templates/data-seed-job.yaml \
+                oci://ghcr.io/opencrvs/opencrvs-services | kubectl apply -n opencrvs-${ENV} -f -
+            sleep 30;
+            kubectl logs job/data-seed -f -n opencrvs-${ENV} || true
+            kubectl wait --for=condition=complete job/data-seed -n opencrvs-${ENV} --timeout=600s;
+            kubectl delete pod -n opencrvs-${ENV} -lapp=events;