[fournos] add fournos gitops

fournos/gitops/README.md

@@ -0,0 +1,97 @@
+# Forge GitOps Configuration
+
+This directory contains the ArgoCD GitOps configuration for deploying FORGE components including images and pipelines.
+
+## Structure
+
+```
+gitops/
+├── applications/           # ArgoCD Application manifests
+│   ├── forge-development.yaml
+│   ├── forge-production.yaml
+│   └── kustomization.yaml
+├── base/                  # Base Kubernetes manifests
+│   ├── images/            # Image build configurations
+│   │   ├── imagestream.yaml
+│   │   ├── build.yaml
+│   │   ├── buildrun.yaml
+│   │   └── kustomization.yaml
+│   ├── workflows/         # Tekton pipelines and tasks
+│   │   ├── task-forge-step.yaml
+│   │   ├── pipeline-full.yaml
+│   │   ├── pipeline-test-only.yaml
+│   │   ├── pipeline-replot.yaml
+│   │   └── kustomization.yaml
+│   └── kustomization.yaml
+└── overlays/             # Environment-specific configurations
+    ├── development/
+    │   └── kustomization.yaml
+    └── production/
+        └── kustomization.yaml
+```
+
+## Components
+
+### Images
+- **ImageStream**: Manages forge-core image tags and references
+- **Build**: Shipwright build configuration for building forge image from source
+- **BuildRun**: Triggers the build process
+
+### Workflows  
+- **Task**: `forge-step` - Reusable Tekton task for executing forge commands
+- **Pipelines**: Multiple pipeline variants:
+  - `forge-full`: Complete pipeline with pre-cleanup, prepare, test, export-artifacts, and post-cleanup
+  - `pipeline-test-only`: Test execution only
+  - `pipeline-replot`: Replotting functionality
+
+## Environments
+
+### Development (`fournos-dev` namespace)
+- Auto-sync enabled with prune and self-heal
+- Deploys from main branch
+- More aggressive sync policies for faster iteration
+
+### Production (`fournos-prod` namespace)  
+- Conservative sync policies (no auto-prune)
+- Manual approval recommended for critical changes
+- Extended revision history
+
+## Deployment
+
+### Option 1: Deploy Applications Directly
+```bash
+oc apply -k gitops/applications/
+```
+
+### Option 2: Deploy to Specific Environment
+```bash
+# Development
+oc apply -k gitops/overlays/development/
+
+# Production  
+oc apply -k gitops/overlays/production/
+```
+
+### Option 3: Manual Application Creation
+```bash
+oc apply -f gitops/applications/forge-development.yaml
+oc apply -f gitops/applications/forge-production.yaml
+```
+
+## Integration with Fournos
+
+This GitOps configuration replaces the forge-specific manifests previously stored in the `fournos/config/forge/` directory. The manifests have been adapted to:
+
+1. Use dynamic namespace placeholders that get resolved by kustomize overlays
+2. Follow GitOps best practices with environment-specific configurations
+3. Include proper labeling and annotations for resource management
+4. Support both automated and manual deployment workflows
+
+## Migration Notes
+
+The following changes were made from the original fournos configuration:
+- Moved from `fournos/config/forge/` to `forge/gitops/`
+- Added kustomization files for proper resource management
+- Created environment-specific overlays for dev/prod deployments
+- Updated image references to use dynamic namespace resolution
+- Added ArgoCD Application manifests for automated GitOps deployment

fournos/gitops/applications/forge-production.yaml

@@ -0,0 +1,36 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: forge-production
+  namespace: openshift-gitops
+  labels:
+    app.kubernetes.io/name: forge-on-fournos
+    app.kubernetes.io/part-of: fournos
+    environment: production
+  annotations:
+    description: "FORGE production environment deployment via GitOps"
+spec:
+  project: forge-on-fournos
+  source:
+    repoURL: https://github.com/openshift-psap/forge
+    targetRevision: main
+    path: fournos/gitops/overlays/production
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: psap-automation
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+      allowEmpty: false
+    syncOptions:
+      - CreateNamespace=false
+      - PrunePropagationPolicy=foreground
+      - PruneLast=true
+    retry:
+      limit: 3
+      backoff:
+        duration: 10s
+        factor: 2
+        maxDuration: 5m
+  revisionHistoryLimit: 10

fournos/gitops/applications/forge-staging.yaml

@@ -0,0 +1,36 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: forge-development
+  namespace: openshift-gitops
+  labels:
+    app.kubernetes.io/name: forge-on-fournos
+    app.kubernetes.io/part-of: fournos
+    environment: staging
+  annotations:
+    description: "FORGE staging environment deployment via GitOps"
+spec:
+  project: forge-on-fournos
+  source:
+    repoURL: https://github.com/openshift-psap/forge
+    targetRevision: main
+    path: fournos/gitops/overlays/staging
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: psap-automation-staging
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+      allowEmpty: false
+    syncOptions:
+      - CreateNamespace=false
+      - PrunePropagationPolicy=foreground
+      - PruneLast=true
+    retry:
+      limit: 5
+      backoff:
+        duration: 5s
+        factor: 2
+        maxDuration: 3m
+  revisionHistoryLimit: 5

fournos/gitops/applications/kustomization.yaml

@@ -0,0 +1,10 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - forge-development.yaml
+  - forge-production.yaml
+
+commonLabels:
+  app.kubernetes.io/name: forge-on-fournos
+  app.kubernetes.io/part-of: fournos

fournos/gitops/base/images/imagestream.yaml

@@ -0,0 +1,21 @@
+apiVersion: image.openshift.io/v1
+kind: ImageStream
+metadata:
+  name: forge-core
+  labels:
+    app: forge
+    component: image-build
+  annotations:
+    description: "FORGE core image for remote job execution"
+spec:
+  lookupPolicy:
+    local: true
+  tags:
+    - name: latest
+      from:
+        kind: DockerImage
+        name: quay.io/rh_perfscale/forge:latest
+      importPolicy:
+        scheduled: true
+      referencePolicy:
+        type: Local

fournos/gitops/base/images/kustomization.yaml

@@ -0,0 +1,10 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - imagestream.yaml
+
+commonLabels:
+  app.kubernetes.io/name: forge-on-fournos
+  app.kubernetes.io/component: images
+  app.kubernetes.io/part-of: fournos

fournos/gitops/base/kustomization.yaml

@@ -0,0 +1,13 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+metadata:
+  name: forge-base
+
+resources:
+  - images
+  - workflows
+
+commonLabels:
+  app.kubernetes.io/name: forge-on-fournos
+  app.kubernetes.io/part-of: fournos

fournos/gitops/base/workflows/kustomization.yaml

@@ -0,0 +1,14 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - resolve-job.yaml
+  - task-forge-step.yaml
+  - pipeline-full.yaml
+  - pipeline-test-only.yaml
+  - pipeline-replot.yaml
+
+commonLabels:
+  app.kubernetes.io/name: forge-on-fournos
+  app.kubernetes.io/component: workflows
+  app.kubernetes.io/part-of: fournos

fournos/gitops/base/workflows/pipeline-full.yaml

@@ -0,0 +1,115 @@
+# Full pipeline: pre_cleanup -> prepare → test → export-artifacts + post-cleanup.
+apiVersion: tekton.dev/v1
+kind: Pipeline
+metadata:
+  name: forge-full
+  annotations:
+    fournos.dev/resolve-image: image-registry.openshift-image-registry.svc:5000/${NAMESPACE}/forge-core:latest
+spec:
+  workspaces:
+    - name: artifacts
+  params:
+    - name: fjob-name
+      type: string
+    - name: fournos-workload-namespace
+      type: string
+    - name: kubeconfig-secret
+      type: string
+
+  tasks:
+    - name: pre-cleanup
+      taskRef:
+        name: forge-step
+        kind: Task
+      workspaces:
+        - name: artifacts
+          workspace: artifacts
+      params:
+        - name: fjob-name
+          value: "$(params.fjob-name)"
+        - name: fournos-workload-namespace
+          value: "$(params.fournos-workload-namespace)"
+        - name: kubeconfig-secret
+          value: "$(params.kubeconfig-secret)"
+        - name: job-step
+          value: pre-cleanup
+        - name: job-step-name
+          value: 000__pre-cleanup
+
+    - name: prepare
+      taskRef:
+        name: forge-step
+        kind: Task
+      workspaces:
+        - name: artifacts
+          workspace: artifacts
+      params:
+        - name: fjob-name
+          value: "$(params.fjob-name)"
+        - name: fournos-workload-namespace
+          value: "$(params.fournos-workload-namespace)"
+        - name: kubeconfig-secret
+          value: "$(params.kubeconfig-secret)"
+        - name: job-step
+          value: prepare
+        - name: job-step-name
+          value: 001__prepare
+
+    - name: test
+      runAfter: [prepare]
+      taskRef:
+        name: forge-step
+        kind: Task
+      workspaces:
+        - name: artifacts
+          workspace: artifacts
+      params:
+        - name: fjob-name
+          value: "$(params.fjob-name)"
+        - name: fournos-workload-namespace
+          value: "$(params.fournos-workload-namespace)"
+        - name: kubeconfig-secret
+          value: "$(params.kubeconfig-secret)"
+        - name: job-step
+          value: test
+        - name: job-step-name
+          value: 002__test
+
+  finally:
+    - name: export-artifacts
+      taskRef:
+        name: forge-step
+        kind: Task
+      workspaces:
+        - name: artifacts
+          workspace: artifacts
+      params:
+        - name: fjob-name
+          value: "$(params.fjob-name)"
+        - name: fournos-workload-namespace
+          value: "$(params.fournos-workload-namespace)"
+        - name: kubeconfig-secret
+          value: "$(params.kubeconfig-secret)"
+        - name: job-step
+          value: export-artifacts
+        - name: job-step-name
+          value: 003__export-artifacts
+
+    - name: post-cleanup
+      taskRef:
+        name: forge-step
+        kind: Task
+      workspaces:
+        - name: artifacts
+          workspace: artifacts
+      params:
+        - name: fjob-name
+          value: "$(params.fjob-name)"
+        - name: fournos-workload-namespace
+          value: "$(params.fournos-workload-namespace)"
+        - name: kubeconfig-secret
+          value: "$(params.kubeconfig-secret)"
+        - name: job-step
+          value: pre-cleanup
+        - name: job-step-name
+          value: 004__post-cleanup