devspace.yaml

version: v2beta1

vars:
  K8S_RUNNER_NAMESPACE: platform

functions:
  disable_argocd_sync: |-
    if kubectl get application k8s-runner -n argocd >/dev/null 2>&1; then
      echo "Disabling ArgoCD auto-sync for k8s-runner..."
      kubectl patch application k8s-runner -n argocd \
        --type merge \
        -p '{"spec":{"syncPolicy":{"automated":null}}}'
      echo "ArgoCD auto-sync disabled."
    else
      echo "WARNING: ArgoCD Application 'k8s-runner' not found in argocd namespace."
    fi
  restore_argocd_sync: &restore_argocd_sync |-
    if kubectl get application k8s-runner -n argocd >/dev/null 2>&1; then
      echo "Re-enabling ArgoCD auto-sync for k8s-runner..."
      kubectl patch application k8s-runner -n argocd \
        --type merge \
        -p '{"spec":{"syncPolicy":{"automated":{"prune":true,"selfHeal":true}}}}'
      echo "ArgoCD auto-sync restored."
    else
      echo "WARNING: ArgoCD Application 'k8s-runner' not found in argocd namespace."
    fi
  patch_deployment: |-
    echo "Patching k8s-runner deployment for DevSpace..."
    kubectl patch deployment k8s-runner -n ${K8S_RUNNER_NAMESPACE} --type json --patch "$(cat <<'PATCH'
    [
      {"op": "add", "path": "/spec/template/spec/containers/0/image",
       "value": "ghcr.io/agynio/devcontainer-go:1"},

      {"op": "add", "path": "/spec/template/spec/containers/0/workingDir",
       "value": "/opt/app/data"},

      {"op": "add", "path": "/spec/template/spec/containers/0/command",
       "value": ["sh", "-c", "set -eu; elapsed=0; while [ ! -f /opt/app/data/go.mod ] || [ ! -f /opt/app/data/buf.gen.yaml ] || [ ! -f /opt/app/data/cmd/k8s-runner/main.go ]; do sleep 1; elapsed=$((elapsed + 1)); [ $elapsed -ge 120 ] && exit 1; done; echo Generating protobuf types...; buf generate --include-imports --template /opt/app/data/buf.gen.yaml -o /opt/app/data; cd /opt/app/data; echo Tidying Go modules...; go mod tidy; echo Starting k8s-runner...; go build -o /tmp/k8s-runner ./cmd/k8s-runner && exec /tmp/k8s-runner"]},

      {"op": "add", "path": "/spec/template/spec/containers/0/volumeMounts",
       "value": [{"name": "data", "mountPath": "/opt/app/data"}]},

      {"op": "add", "path": "/spec/template/spec/containers/0/resources",
       "value": {
         "requests": {"cpu": "500m", "memory": "1Gi"},
         "limits": {"cpu": "2", "memory": "4Gi"}
       }},

      {"op": "add", "path": "/spec/template/spec/containers/0/securityContext",
       "value": {
         "runAsNonRoot": true,
         "runAsUser": 1000,
         "runAsGroup": 1000,
         "readOnlyRootFilesystem": false,
         "allowPrivilegeEscalation": false,
         "capabilities": {"drop": ["ALL"]},
         "seccompProfile": {"type": "RuntimeDefault"}
       }},

      {"op": "remove", "path": "/spec/template/spec/containers/0/livenessProbe"},
      {"op": "remove", "path": "/spec/template/spec/containers/0/readinessProbe"},

      {"op": "add", "path": "/spec/template/spec/volumes",
       "value": [{"name": "data", "emptyDir": {}}]},

      {"op": "add", "path": "/spec/template/spec/securityContext",
       "value": {"runAsUser": 1000, "fsGroup": 1000}},

      {"op": "add", "path": "/spec/template/spec/initContainers",
       "value": []}
    ]
    PATCH
    )"
  wait_for_k8s_runner: |-
    echo "Waiting for k8s-runner deployment to roll out..."
    kubectl rollout status deployment/k8s-runner \
      -n ${K8S_RUNNER_NAMESPACE} --timeout=120s

    echo "Waiting for k8s-runner source sync and process start..."
    ELAPSED=0
    LABEL_SELECTOR="app.kubernetes.io/name=k8s-runner,app.kubernetes.io/instance=k8s-runner"
    until kubectl logs -n ${K8S_RUNNER_NAMESPACE} -l "${LABEL_SELECTOR}" --tail=200 2>/dev/null | \
      grep -q "gRPC server starting"; do
      sleep 5
      ELAPSED=$((ELAPSED + 5))
      if [ "$ELAPSED" -ge 600 ]; then
        echo "ERROR: k8s-runner ready log not found within 600s" >&2
        echo "Diagnostic pod list:" >&2
        kubectl get pods -n ${K8S_RUNNER_NAMESPACE} -l "${LABEL_SELECTOR}" -o wide >&2 || true
        echo "Diagnostic logs (tail 200):" >&2
        kubectl logs -n ${K8S_RUNNER_NAMESPACE} -l "${LABEL_SELECTOR}" --tail=200 >&2 || true
        echo "Diagnostic previous logs:" >&2
        kubectl logs -n ${K8S_RUNNER_NAMESPACE} -l "${LABEL_SELECTOR}" --tail=100 --previous >&2 || true
        exit 1
      fi
      echo "  still waiting... (${ELAPSED}s)"
    done
    echo "k8s-runner is running from source."

commands:
  deploy: |-
    devspace run-pipeline deploy -n ${DEVSPACE_NAMESPACE} $@
  restore-argocd: |-
    devspace run-pipeline restore-argocd -n ${DEVSPACE_NAMESPACE} $@

pipelines:
  dev:
    flags:
      - name: watch
        short: w
        description: "Keep DevSpace running and stream logs"
    run: |-
      disable_argocd_sync
      patch_deployment
      if [ "$(get_flag "watch")" == "true" ]; then
        start_dev --disable-pod-replace k8s-runner
      else
        start_dev --disable-pod-replace k8s-runner
        echo "Waiting for k8s-runner to be healthy on :50051..."
        healthy=false
        for i in $(seq 1 60); do
          if exec_container --label-selector=app.kubernetes.io/name=k8s-runner -n ${K8S_RUNNER_NAMESPACE} -- bash -c 'nc -z localhost 50051 >/dev/null 2>&1 || (echo > /dev/tcp/localhost/50051) >/dev/null 2>&1'; then
            healthy=true
            break
          fi
          sleep 2
        done
        if [ "$healthy" != "true" ]; then
          echo "ERROR: k8s-runner did not become healthy within 120s" >&2
          exit 1
        fi
        echo "Dev environment ready. Stopping dev session."
        stop_dev k8s-runner
      fi

  deploy:
    run: |-
      disable_argocd_sync
      patch_deployment
      kubectl rollout status deployment/k8s-runner -n ${K8S_RUNNER_NAMESPACE} --timeout=120s
      start_dev --disable-pod-replace k8s-runner-deploy
      wait_for_k8s_runner
      echo "Deploy complete. k8s-runner is running from source."

  restore-argocd:
    run: |-
      restore_argocd_sync

hooks:
  - name: restore-argocd-auto-sync
    events:
      - after:dev:k8s-runner
    command: bash
    args:
      - -c
      - *restore_argocd_sync

dev:
  k8s-runner:
    namespace: ${K8S_RUNNER_NAMESPACE}
    labelSelector:
      app.kubernetes.io/name: k8s-runner
      app.kubernetes.io/instance: k8s-runner
    containers:
      k8s-runner:
        container: k8s-runner
        sync:
          - path: ./:/opt/app/data
            excludePaths:
              - .git/
              - .devspace/
              - /internal/.gen/
              - /tmp/
            uploadExcludePaths:
              - .git/
              - .devspace/
              - /internal/.gen/
              - /tmp/
            downloadExcludePaths:
              - .git/
              - .devspace/
              - /internal/.gen/
              - /tmp/
        logs:
          enabled: true
          lastLines: 200
    ports:
      - port: "50051"

  # One-shot variant of k8s-runner for CI deploy pipeline. Keep sync excludePaths in sync.
  k8s-runner-deploy:
    namespace: ${K8S_RUNNER_NAMESPACE}
    labelSelector:
      app.kubernetes.io/name: k8s-runner
      app.kubernetes.io/instance: k8s-runner
    containers:
      k8s-runner:
        container: k8s-runner
        sync:
          - path: ./:/opt/app/data
            noWatch: true
            excludePaths:
              - .git/
              - .devspace/
              - /internal/.gen/
              - /tmp/
              - /bootstrap/
            uploadExcludePaths:
              - .git/
              - .devspace/
              - /internal/.gen/
              - /tmp/
              - /bootstrap/
            downloadExcludePaths:
              - .git/
              - .devspace/
              - /internal/.gen/
              - /tmp/