This repository contains the KDVManager platform (microservices + frontend) and Kubernetes deployment manifests.
Per-service build workflows (e.g. web.yml, crm-api.yml, scheduling-api.yml) build and push two tags for each image:
linux-main(branch tag – stable moving pointer)linux-<short-sha>(immutable content tag for GitOps)
The branch tag remains for local and ad-hoc reference; the short SHA tag is what Kubernetes deploys via kustomize manifests.
The workflow update-kustomize-images (.github/workflows/deploy-update-images.yml) executes on pushes to main that affect service code. Instead of pushing directly to main, it now opens an automated pull request that:
- Detects which services changed (path based).
- Computes the short SHA (
linux-<short-sha>). - Runs
kustomize edit set imagefor only impacted application kustomizations underdeploy/k8s/applications/*/. - Creates/updates a PR bumping
kustomization.yamlimage tags.
ArgoCD then syncs after the PR is merged, giving an approval gate and audit trail.
scripts/update-kustomize-images.sh encapsulates the image update logic. Environment variables:
CHANGED_ONLY(defaulttrue) – limit updates to impacted services.BASE_REF(defaultorigin/main) – comparison base ref when not supplying explicit list.CHANGED_FILE_LIST– optional newline-separated files list to override diff detection.
- Ensure the service is added to
docker-compose.ymlwith image pattern${REGISTRY}/<name>:${PLATFORM:-linux}-${TAG}. - Add its Kubernetes manifests under
deploy/k8s/applications/<service>/and list images inkustomization.yaml. - Append a mapping row in
scripts/update-kustomize-images.shMAPPINGSarray. - Create a GitHub Actions workflow (copy an existing one) to build & push the image on
main.
- Use ArgoCD Image Updater to eliminate PR churn (if desired).
- Generate SBOM + provenance (SLSA) during builds.
- Add staging/prod overlays and promote via tag promotion rather than manifest edits.
See src/web/README.md and service-specific docs.