Add a promotion workflow from staging to production

.github/workflows/production-promotion.yaml

@@ -0,0 +1,40 @@
+name: production-promotion
+on:
+  repository_dispatch:
+    types:
+      - HelmRelease/* # Trigger on HelmRelease events
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  promote:
+    runs-on: ubuntu-latest
+    # Start promotion when the staging cluster has successfully
+    # upgraded the Helm release to a new chart version.
+    if: |
+      github.event.client_payload.metadata.env == 'staging' &&
+      github.event.client_payload.severity == 'info'      
+    steps:
+      # Checkout main branch.
+      - uses: actions/checkout@v4
+        with:
+          ref: production
+          fetch-depth: 0
+      # Commit changes from the main branch.
+      - name: Commit changes
+        id: commit
+        run: |
+          git pull origin main
+      # Open a Pull Request if an upgraded is needed in production.
+      - name: Open promotion PR
+        uses: peter-evans/create-pull-request@v6
+        with:
+          branch: production-promotion
+          delete-branch: true
+          token: ${{ secrets.GITHUB_TOKEN }}
+          commit-message: Promote chart
+          title: Promote new changes to production
+          body: |
+            Promote new changes to production

README.md

@@ -100,3 +100,25 @@ When a new chart version is pushed to the container registry, and if it matches
 Flux will update the HelmRelease YAML definitions and will push the changes to the `main` branch.
 Then it will upgrade the Helm releases to the new version to the staging cluster.
 
+### Promotion to Production
+
+After the HelmReleases are successfully installed or upgraded on the staging cluster, a promotion pipeline
+is triggered to promote the changes to the production clusters. It effectively opens a pull request
+on the `production` branch with the updated changes from the `main` branch. The pull request will 
+keep the changes in sync between the `main` and `production` branches as long as the pull request is open.
+
+The promotion pipeline is defined in .github/workflows/production-promotion.yaml.
+The `provider` and `alerts` used to trigger the promotion pipeline are defined in the `staging` directory
+of each component:
+
+```shell
+./components/
+├── backend
+│   └── staging
+│       ├── kustomization.yaml
+│       └── production-promotion.yaml
+└── frontend
+    └── staging
+        ├── kustomization.yaml
+        └── production-promotion.yaml
+```

components/backend/staging/kustomization.yaml

@@ -2,7 +2,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
   - ../base
+  - production-promotion.yaml
 patches:
   - path: memcached-values.yaml
   - path: redis-values.yaml
-

components/backend/staging/production-promotion.yaml

@@ -0,0 +1,29 @@
+apiVersion: notification.toolkit.fluxcd.io/v1beta3
+kind: Provider
+metadata:
+  name: github
+  namespace: backend
+spec:
+  type: githubdispatch
+  address: https://github.com/controlplaneio-fluxcd/d1-apps
+  secretRef:
+    name: flux-apps
+---
+apiVersion: notification.toolkit.fluxcd.io/v1beta3
+kind: Alert
+metadata:
+  name: production-promotion
+  namespace: backend
+spec:
+  providerRef:
+    name: github
+  summary: "Trigger promotion"
+  eventMetadata:
+    env: ${ENVIRONMENT}
+    cluster: ${CLUSTER_NAME}
+  eventSeverity: info
+  eventSources:
+    - kind: HelmRelease
+      name: '*'
+  inclusionList:
+    - ".*succeeded.*"

components/frontend/staging/kustomization.yaml

@@ -2,6 +2,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
   - ../base
+  - production-promotion.yaml
 patches:
   - path: podinfo-values.yaml
     target:

components/frontend/staging/production-promotion.yaml

@@ -0,0 +1,29 @@
+apiVersion: notification.toolkit.fluxcd.io/v1beta3
+kind: Provider
+metadata:
+  name: github
+  namespace: frontend
+spec:
+  type: githubdispatch
+  address: https://github.com/controlplaneio-fluxcd/d1-apps
+  secretRef:
+    name: flux-apps
+---
+apiVersion: notification.toolkit.fluxcd.io/v1beta3
+kind: Alert
+metadata:
+  name: production-promotion
+  namespace: frontend
+spec:
+  providerRef:
+    name: github
+  summary: "Trigger promotion"
+  eventMetadata:
+    env: ${ENVIRONMENT}
+    cluster: ${CLUSTER_NAME}
+  eventSeverity: info
+  eventSources:
+    - kind: HelmRelease
+      name: '*'
+  inclusionList:
+    - ".*succeeded.*"