Skip to main content

docs/gitops.md

Metadata

  • Purpose: Project documentation source file.
  • Domain: documentation
  • Language: md
  • Bytes: 3438
  • Lines: 86
  • Content hash (short): 575e74d2
  • Source (start): docs/gitops.md:1
  • Source (end): docs/gitops.md:86

Indexed Symbols

No indexed functions/methods detected in this file.

Markdown Headings (if applicable)

  • H1: GitOps and Promotion (line 1)
  • H2: Repo split (line 3)
  • H2: Environment overlays (ops repo) (line 8)
  • H2: Promotion model (line 22)
  • H2: Required GitHub settings (line 30)
  • H2: Runtime profile (4GB cost target) (line 46)
  • H2: Rollback (line 53)
  • H2: Production No-Mock Cutover (line 59)
  • H2: Required secret keys (staging/prod) (line 71)

Source Preview

# GitOps and Promotion

## Repo split

- App repo (`anchor-msp`) builds and signs images, then opens a dev bump PR in ops repo.
- Ops repo (`anchor-msp-ops`) is the GitOps source for Argo CD.

## Environment overlays (ops repo)

- `infra/helm/platform/environments/dev/values.yaml`
- `infra/helm/platform/environments/staging/values.yaml`
- `infra/helm/platform/environments/prod/values.yaml`

Notable defaults:

- `dev` can run with `AUTH_MODE=disabled` for rapid iteration.
- `staging`/`prod` require JWT auth and production signing/encryption secrets.
- `status-mock` is disabled for staging/prod overlays.
- Worker deployments (`anchor-outbox-worker`, `anchor-job-worker`) run from the gateway image.
- Staging/prod Argo applications must run with `automated.prune=true` and `automated.selfHeal=true` to remove stale resources.

## Promotion model

1. Merge to app repo `main` builds and publishes images.
2. App workflow opens ops PR updating `environments/dev/release.yaml`.