fix(catalyst): restore literal image refs in Kustomize-path deployment YAMLs (#614)
The feat/global-imageRegistry (#580) PR converted the literal image refs
in api-deployment.yaml and ui-deployment.yaml to Helm template expressions
({{ .Values.global.imageRegistry }}...) without updating the CI deploy step
to also patch those files. Since the catalyst-platform Flux Kustomization
reads these files as raw manifests (not via helm-controller), the Helm
template syntax was never rendered, leaving a literal '{{ if ... }}'
string as the image reference → InvalidImageName on every Pod start.
Root cause: two consumers of the same file — Helm chart path (Sovereign
clusters) and Kustomize path (contabo-mkt) — but only the Helm path was
handled by the deploy job.
Fix:
- Restore literal `ghcr.io/openova-io/openova/catalyst-{api,ui}:b50a600`
image refs in the Kustomize-path deployment YAMLs (immediate unblock).
- Update CI deploy step to sed-patch those literal refs on every deploy
commit so future image rolls keep both paths in sync (durable fix).
Closes: the InvalidImageName regression introduced in #580.
Unblocks: issue #608 (Phase-8b Agent A magic-link auth) — catalyst-api
was stuck at InvalidImageName since commit 83ec889f, preventing the
CATALYST_KC_ADDR / session-cookie auth gate from loading.
Co-authored-by: alierenbaysal <alierenbaysal@openova.io>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
e3mrah
GitHub
parent
846f06e807
commit
10c8e997c4
40
.github/workflows/catalyst-build.yaml
vendored
40
.github/workflows/catalyst-build.yaml
vendored
@ -296,14 +296,23 @@ jobs:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Update SHA tags in values.yaml
|
||||
# The catalyst-ui and catalyst-api images are referenced via Helm
|
||||
# template expressions (e.g. `{{ .Values.images.catalystUi.tag }}`).
|
||||
# sed targeting the template YAML files silently no-ops because the
|
||||
# pattern `image: ghcr.io/.../catalyst-ui:.*` never matches. The
|
||||
# canonical update point is images.catalystUi.tag / images.catalystApi.tag
|
||||
# in products/catalyst/chart/values.yaml. We use awk to replace the
|
||||
# `tag:` line that immediately follows the catalystUi/catalystApi key.
|
||||
- name: Update SHA tags in values.yaml and deployment manifests
|
||||
# The catalyst-ui and catalyst-api images are referenced in two places:
|
||||
#
|
||||
# 1. products/catalyst/chart/values.yaml — used by the Helm chart path
|
||||
# (bp-catalyst-platform OCI chart on Sovereign clusters). Helm template
|
||||
# expressions ({{ .Values.images.catalystUi.tag }}) are rendered at
|
||||
# `helm install` time by Flux's helm-controller. We use awk to replace
|
||||
# the `tag:` line that immediately follows the catalystUi/catalystApi key.
|
||||
#
|
||||
# 2. products/catalyst/chart/templates/{api,ui}-deployment.yaml — used by
|
||||
# the Kustomize path (catalyst-platform Kustomization on contabo-mkt).
|
||||
# These files are applied as raw manifests by Flux kustomize-controller;
|
||||
# Helm template syntax is NOT rendered. A literal image ref is required.
|
||||
# Bug history: feat/global-imageRegistry (#580) converted the literal
|
||||
# image ref to a Helm template without updating this deploy step, causing
|
||||
# InvalidImageName on the contabo-mkt Kustomize path. Fixed here by also
|
||||
# sed-patching the literal image refs in those two deployment files.
|
||||
env:
|
||||
SHA_SHORT: ${{ needs.build-ui.outputs.sha_short }}
|
||||
run: |
|
||||
@ -318,13 +327,26 @@ jobs:
|
||||
echo "values.yaml after update:"
|
||||
grep -A2 "catalystUi\|catalystApi" "${VALUES}" | head -10
|
||||
|
||||
# Also patch the literal image refs in the Kustomize-path deployment
|
||||
# manifests so Flux kustomize-controller uses a valid image reference.
|
||||
API_DEP="products/catalyst/chart/templates/api-deployment.yaml"
|
||||
UI_DEP="products/catalyst/chart/templates/ui-deployment.yaml"
|
||||
sed -i "s|ghcr\.io/openova-io/openova/catalyst-api:[a-z0-9]*\"|ghcr.io/openova-io/openova/catalyst-api:${SHA_SHORT}\"|" "${API_DEP}"
|
||||
sed -i "s|ghcr\.io/openova-io/openova/catalyst-ui:[a-z0-9]*\"|ghcr.io/openova-io/openova/catalyst-ui:${SHA_SHORT}\"|" "${UI_DEP}"
|
||||
echo "api-deployment.yaml image after update:"
|
||||
grep "image:" "${API_DEP}"
|
||||
echo "ui-deployment.yaml image after update:"
|
||||
grep "image:" "${UI_DEP}"
|
||||
|
||||
- name: Commit and push manifest updates
|
||||
env:
|
||||
SHA_SHORT: ${{ needs.build-ui.outputs.sha_short }}
|
||||
run: |
|
||||
git config user.name "github-actions[bot]"
|
||||
git config user.email "github-actions[bot]@users.noreply.github.com"
|
||||
git add products/catalyst/chart/values.yaml
|
||||
git add products/catalyst/chart/values.yaml \
|
||||
products/catalyst/chart/templates/api-deployment.yaml \
|
||||
products/catalyst/chart/templates/ui-deployment.yaml
|
||||
git diff --staged --quiet && echo "No changes to commit" && exit 0
|
||||
git commit -m "deploy: update catalyst images to ${SHA_SHORT}"
|
||||
git push
|
||||
|
||||
@ -128,7 +128,7 @@ spec:
|
||||
fsGroupChangePolicy: OnRootMismatch
|
||||
containers:
|
||||
- name: catalyst-api
|
||||
image: "{{ if .Values.global.imageRegistry }}{{ .Values.global.imageRegistry }}{{ else }}{{ .Values.images.registry }}{{ end }}/{{ .Values.images.organization }}/catalyst-api:{{ .Values.images.catalystApi.tag }}"
|
||||
image: "ghcr.io/openova-io/openova/catalyst-api:b50a600"
|
||||
imagePullPolicy: IfNotPresent
|
||||
ports:
|
||||
- containerPort: 8080
|
||||
|
||||
@ -19,7 +19,7 @@ spec:
|
||||
- name: ghcr-pull
|
||||
containers:
|
||||
- name: catalyst-ui
|
||||
image: "{{ if .Values.global.imageRegistry }}{{ .Values.global.imageRegistry }}{{ else }}{{ .Values.images.registry }}{{ end }}/{{ .Values.images.organization }}/catalyst-ui:{{ .Values.images.catalystUi.tag }}"
|
||||
image: "ghcr.io/openova-io/openova/catalyst-ui:b50a600"
|
||||
imagePullPolicy: IfNotPresent
|
||||
ports:
|
||||
- containerPort: 8080
|
||||
|
||||
Loading…
Reference in New Issue
Block a user