Added GitOps commit after build and push Docker image

This reverts commit 8396169b19.

argo-workflows/build.yaml

@@ -13,6 +13,13 @@ spec:
       resources:
         requests:
           storage: 128Mi
+  volumes:
+    - name: secrets-store
+      csi:
+        driver: secrets-store.csi.k8s.io
+        readOnly: true
+        volumeAttributes:
+          secretProviderClass: azure-keyvault          
   templates:
 
   # Main steps sequence
@@ -28,6 +35,12 @@ spec:
             parameters:
               - name: git-sha
                 value: "{{steps.checkout.outputs.parameters.git-sha}}"
+      - - name: gitops-commit
+          template: gitops-commit
+          arguments:
+            parameters:
+              - name: git-sha
+                value: "{{steps.checkout.outputs.parameters.git-sha}}"
 
   # GIT CHECKOUT
   - name: checkout
@@ -101,3 +114,53 @@ spec:
       volumeMounts:
         - name: workspace
           mountPath: /workspace
+
+  - name: gitops-commit
+    inputs:
+      parameters:
+        - name: git-sha
+    container:
+      image: alpine/git
+      command: [sh, -c]
+      env:
+        - name: DEPLOY_REPO_URL
+          value: ssh://git@srv22.mikr.us:20343/pikram/user-microservice-deploy.git
+        - name: DEPLOY_REPO_BRANCH
+          value: argo-deploy
+        - name: CI_COMMIT_SHA
+          value: "{{inputs.parameters.git-sha}}"
+      args:
+        - |
+          mkdir -p ~/.ssh
+
+          cp /mnt/secrets/gitea-known-host ~/.ssh/known_hosts
+          chmod 644 ~/.ssh/known_hosts
+
+          cp /mnt/secrets/gitea-deploy-key ~/.ssh/id_rsa
+          chmod 600 ~/.ssh/id_rsa
+
+          git config --global user.name "argo[bot]"
+          git config --global user.email "argo@marcin00.pl"
+
+          git clone --depth 1 --branch $DEPLOY_REPO_BRANCH --single-branch $DEPLOY_REPO_URL repo
+          cd repo
+        
+          |
+          awk -v commit="$CI_COMMIT_SHA" '
+          $0 ~ /name:[[:space:]]*api/ { in_api_container = 1; print; next }
+          in_api_container && $0 ~ /^[[:space:]]*image:[[:space:]]*/ {
+              sub(/:[^:[:space:]]+$/, ":" commit)
+              in_api_container = 0
+              print
+              next
+          }
+          { print }
+          ' deploy.yaml > deploy.tmp && mv deploy.tmp deploy.yaml
+        
+          git add deploy.yaml
+          'git diff-index --quiet HEAD || git commit -m "Argo: Changed deployed version to $CI_COMMIT_SHA"'
+          git push origin $DEPLOY_REPO_BRANCH
+      volumeMounts:
+        - name: secrets-store
+          mountPath: "/mnt/secrets"
+          readOnly: true

argo-workflows/secret-store.yaml

@@ -0,0 +1,28 @@
+apiVersion: secrets-store.csi.x-k8s.io/v1
+kind: SecretProviderClass
+metadata:
+  name: azure-keyvault
+  namespace: argo
+spec:
+  provider: azure
+  secretObjects:
+    - secretName: acr-creds
+      type: Opaque
+      data:
+        - objectName: acr-password
+        - key: password
+  parameters:
+    usePodIdentity: "false"
+    useVMManagedIdentity: "true"
+    userAssignedIdentityID: "f91aef65-7d2a-4df8-a884-e33b05d54a31" # client_id of the user-assigned managed identity
+    clientID: "f91aef65-7d2a-4df8-a884-e33b05d54a31"               # client_id of the user-assigned managed identity
+    keyvaultName: "dev-aks"
+    objects:  |
+      array:
+        - |
+          objectName: gitea-known-host
+          objectType: secret
+        - |
+          objectName: gitea-deploy-key
+          objectType: secret
+    tenantID: "f4e3e6f7-d21c-460e-b201-2192174e7f41"