feat: Complete GitOps migration with multi-env support

.github/workflows/release.yaml

@@ -0,0 +1,38 @@
+name: Release
+
+on:
+  push:
+    branches:
+      - main
+    paths-ignore:
+      - '**.md'
+      - '.github/workflows/validate.yaml'
+
+permissions:
+  contents: write
+  issues: write
+  pull-requests: write
+
+jobs:
+  release:
+    name: Semantic Release
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          persist-credentials: false
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: 'lts/*'
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Release
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: npx semantic-release

.github/workflows/validate.yaml

@@ -13,7 +13,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        env: [dev]
+        env: [dev, tst, stg, prd]
     steps:
       - uses: actions/checkout@v4
 
@@ -29,7 +29,10 @@ jobs:
           kubectl kustomize clusters/${{ matrix.env }}/ > rendered.yaml
 
       - name: Kubeconform validation
-        run: kubeconform -summary -strict rendered.yaml
+        run: |
+          kubeconform -summary -strict \
+            -skip Application,ApplicationSet,Certificate,ClusterIssuer,SealedSecret \
+            rendered.yaml
 
       - name: OPA policy check
         run: |

.releaserc.json

@@ -0,0 +1,80 @@
+{
+  "branches": ["main"],
+  "plugins": [
+    [
+      "@semantic-release/commit-analyzer",
+      {
+        "preset": "conventionalcommits",
+        "releaseRules": [
+          {"type": "feat", "release": "minor"},
+          {"type": "fix", "release": "patch"},
+          {"type": "perf", "release": "patch"},
+          {"type": "revert", "release": "patch"},
+          {"type": "docs", "release": "patch"},
+          {"type": "style", "release": "patch"},
+          {"type": "refactor", "release": "patch"},
+          {"type": "test", "release": "patch"},
+          {"type": "ci", "release": "patch"},
+          {"type": "chore", "release": "patch"},
+          {"type": "build", "release": "patch"},
+          {"breaking": true, "release": "major"},
+          {"scope": "no-release", "release": false}
+        ],
+        "parserOpts": {
+          "noteKeywords": ["BREAKING CHANGE", "BREAKING CHANGES", "BREAKING"]
+        }
+      }
+    ],
+    [
+      "@semantic-release/release-notes-generator",
+      {
+        "preset": "conventionalcommits",
+        "presetConfig": {
+          "types": [
+            {"type": "feat", "section": "🚀 Features"},
+            {"type": "fix", "section": "🐛 Bug Fixes"},
+            {"type": "perf", "section": "⚡ Performance Improvements"},
+            {"type": "revert", "section": "⏪ Reverts"},
+            {"type": "docs", "section": "📚 Documentation"},
+            {"type": "style", "section": "💄 Styles"},
+            {"type": "refactor", "section": "♻️ Code Refactoring"},
+            {"type": "test", "section": "✅ Tests"},
+            {"type": "ci", "section": "🔧 CI/CD"},
+            {"type": "chore", "section": "🏗️ Chores"},
+            {"type": "build", "section": "📦 Build System"}
+          ]
+        },
+        "writerOpts": {
+          "commitsSort": ["subject", "scope"]
+        }
+      }
+    ],
+    [
+      "@semantic-release/changelog",
+      {
+        "changelogFile": "CHANGELOG.md"
+      }
+    ],
+    [
+      "@semantic-release/github",
+      {
+        "assets": [
+          {
+            "path": "CHANGELOG.md",
+            "label": "Changelog"
+          }
+        ],
+        "successComment": false,
+        "failComment": false,
+        "releasedLabels": false
+      }
+    ],
+    [
+      "@semantic-release/git",
+      {
+        "assets": ["CHANGELOG.md"],
+        "message": "chore(release): ${nextRelease.version} [skip ci]\n\n${nextRelease.notes}"
+      }
+    ]
+  ]
+}

clusters/dev/bootstrap.yaml

@@ -1,14 +1,27 @@
-# clusters/dev/bootstrap.yaml
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
   name: root-app-dev
   namespace: argocd
+  labels:
+    tier: argocd
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
 spec:
+  destination:
+    namespace: argocd
+    name: in-cluster
+  project: default
   source:
-    repoURL: https://github.com/justgithubaccount/app-release.git
-    path: platform/core/cluster-bootstrap
+    repoURL: https://github.com/justgithubaccount/app-poly-gitops-k8s.git
+    path: clusters/dev
     targetRevision: main
-  destination:
-    server: https://kubernetes.default.svc
-    namespace: argocd
+  syncPolicy:
+    automated:
+      allowEmpty: true
+      selfHeal: true
+      prune: true
+    syncOptions:
+      - Validate=true
+      - CreateNamespace=true
+      - PruneLast=true

clusters/prd/bootstrap.yaml

@@ -1,16 +1,27 @@
-# clusters/prd/bootstrap.yaml
-# Uncomment when prd cluster is ready
-
-# apiVersion: argoproj.io/v1alpha1
-# kind: Application
-# metadata:
-#   name: root-app-prd
-#   namespace: argocd
-# spec:
-#   source:
-#     repoURL: https://github.com/justgithubaccount/app-poly-gitops-k8s.git
-#     path: platform/core/cluster-bootstrap
-#     targetRevision: main
-#   destination:
-#     name: prd
-#     namespace: argocd
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: root-app-prd
+  namespace: argocd
+  labels:
+    tier: argocd
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  destination:
+    namespace: argocd
+    name: prd-cluster
+  project: default
+  source:
+    repoURL: https://github.com/justgithubaccount/app-poly-gitops-k8s.git
+    path: clusters/prd
+    targetRevision: main
+  syncPolicy:
+    automated:
+      allowEmpty: true
+      selfHeal: true
+      prune: true
+    syncOptions:
+      - Validate=true
+      - CreateNamespace=true
+      - PruneLast=true

clusters/prd/destination.yaml

@@ -1,8 +1,9 @@
-# apiVersion: argoproj.io/v1alpha1
-# kind: Application
-# metadata:
-#   name: all                    # имя здесь неважно – патч применится по kind
-# spec:
-#   destination:
-#     name: prd                  # ТОЧНОЕ имя prod-кластера из `argocd cluster list`
-#     namespace: argocd          # можно опустить, если в base уже указано
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: all
+  namespace: argocd
+spec:
+  project: default
+  destination:
+    name: prd-cluster

clusters/prd/kustomization.yaml

@@ -1,36 +1,29 @@
-# apiVersion: kustomize.config.k8s.io/v1beta1
-# kind: Kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
 
-# namePrefix: prd-
+resources:
+  # Security
+  - ../../platform/infrastructure/security/sealed-secrets/base
+  - ../../platform/infrastructure/security/reflector/base
+  - ../../platform/infrastructure/security/external-secrets/base
+  # Networking
+  - ../../platform/infrastructure/networking/nginx/base
+  - ../../platform/infrastructure/networking/cert-manager/base
+  - ../../platform/infrastructure/networking/external-dns/base
+  # Storage
+  - ../../platform/infrastructure/storage/longhorn/base
+  # AI Platform
+  - ../../platform/infrastructure/ai-platform/open-webui/base
+  # Observability
+  - ../../platform/observability/monitoring/loki
+  - ../../platform/observability/monitoring/grafana
+  - ../../platform/observability/opentelemetry/collector/otel-collector
+  # GitOps
+  - ../../platform/gitops/argocd-image-updater
+  # Tenants (uncomment when ready for production)
+  # - ../../tenants/product-team/apps/chat/base
 
-# resources:
-#   - ../../../base/addons/ingress-nginx
-#   - ../../../base/addons/cert-manager
-#   - ../../../base/addons/external-dns
-#   - ../../../base/addons/observability/loki
-#   - ../../../base/addons/observability/grafana
-#   - ../../../base/addons/longhorn
-#   - ../../../base/services/agent/chat
-#   - ../../../base/services/llm/gateway
-
-# # patches:
-# #   # Исправляем CLUSTER placeholder для всех Applications
-# #   - target:
-# #       kind: Application
-# #     patch: |-
-# #       - op: replace
-# #         path: /spec/destination/name
-# #         value: prd
-# #       - op: replace  
-# #         path: /spec/destination/server
-# #         value: https://kubernetes.default.svc
-
-# patches:
-#   - target:
-#       kind: Application
-#     patch: |-
-#       - op: remove
-#         path: /spec/destination/name
-#       - op: replace
-#         path: /spec/destination/server
-#         value: https://kubernetes.default.svc
+patches:
+  - path: destination.yaml
+    target:
+      kind: Application

clusters/stg/bootstrap.yaml

@@ -0,0 +1,27 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: root-app-stg
+  namespace: argocd
+  labels:
+    tier: argocd
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  destination:
+    namespace: argocd
+    name: stg-cluster
+  project: default
+  source:
+    repoURL: https://github.com/justgithubaccount/app-poly-gitops-k8s.git
+    path: clusters/stg
+    targetRevision: main
+  syncPolicy:
+    automated:
+      allowEmpty: true
+      selfHeal: true
+      prune: true
+    syncOptions:
+      - Validate=true
+      - CreateNamespace=true
+      - PruneLast=true

clusters/stg/destination.yaml

@@ -0,0 +1,9 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: all
+  namespace: argocd
+spec:
+  project: default
+  destination:
+    name: stg-cluster

clusters/stg/kustomization.yaml

@@ -0,0 +1,29 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  # Security
+  - ../../platform/infrastructure/security/sealed-secrets/base
+  - ../../platform/infrastructure/security/reflector/base
+  - ../../platform/infrastructure/security/external-secrets/base
+  # Networking
+  - ../../platform/infrastructure/networking/nginx/base
+  - ../../platform/infrastructure/networking/cert-manager/base
+  - ../../platform/infrastructure/networking/external-dns/base
+  # Storage
+  - ../../platform/infrastructure/storage/longhorn/base
+  # AI Platform
+  - ../../platform/infrastructure/ai-platform/open-webui/base
+  # Observability
+  - ../../platform/observability/monitoring/loki
+  - ../../platform/observability/monitoring/grafana
+  - ../../platform/observability/opentelemetry/collector/otel-collector
+  # GitOps
+  - ../../platform/gitops/argocd-image-updater
+  # Tenants
+  - ../../tenants/product-team/apps/chat/base
+
+patches:
+  - path: destination.yaml
+    target:
+      kind: Application