gitops/.github/workflows/bootstrap-env.yaml

name: Bootstrap Environment Orchestrator

on:
  workflow_dispatch:
    inputs:
      env:
        description: "Environment lifecycle (dev / staging / prod)"
        required: true
        type: string

      workspace:
        description: "Workspace / region / cluster (e.g. cn-shanghai)"
        required: true
        type: string

      identity_playbook:
        description: "Identity service deployment playbook"
        required: false
        default: "deploy_zitadel_docker.yaml"
        type: choice
        options:
          - deploy_zitadel_docker.yaml
          - deploy_keycloak_docker.yaml
          - skip

env:
  DISPATCH_TOKEN: ${{ secrets.CROSS_REPO_DISPATCH_TOKEN }}

jobs:

  # =================================================
  # Step 1: Preflight - Infrastructure Readiness
  # =================================================
  preflight-infra:
    name: Preflight - Infrastructure Readiness
    runs-on: ubuntu-latest

    steps:
      - name: Dispatch infrastructure readiness check
        uses: peter-evans/repository-dispatch@v4
        with:
          token: ${{ env.DISPATCH_TOKEN }}
          repository: cloud-neutral-toolkit/Modern-Container-Application-Reference-Architecture
          event-type: bootstrap.preflight.infra
          client-payload: |
            {
              "env": "${{ inputs.env }}",
              "workspace": "${{ inputs.workspace }}"
            }            

  # =================================================
  # Step 2: Preflight - Artifact / Image Check
  # =================================================
  preflight-artifacts:
    name: Preflight - Artifact & Image Check
    needs: preflight-infra
    runs-on: ubuntu-latest

    steps:
      - name: Dispatch artifact validation
        uses: peter-evans/repository-dispatch@v4
        with:
          token: ${{ env.DISPATCH_TOKEN }}
          repository: cloud-neutral-toolkit/XControl
          event-type: bootstrap.preflight.artifacts
          client-payload: |
            {
              "env": "${{ inputs.env }}",
              "workspace": "${{ inputs.workspace }}"
            }            

  # =================================================
  # Step 3: Provision - Runtime & Core Services
  # =================================================
  provision-runtime:
    name: Provision - Runtime & Core Services
    needs: preflight-artifacts
    runs-on: ubuntu-latest

    env:
      ENV: ${{ inputs.env }}
      WORKSPACE: ${{ inputs.workspace }}
      IDENTITY_PLAYBOOK: ${{ inputs.identity_playbook }}

    steps:
      - name: Checkout deployment repository
        uses: actions/checkout@v4

      - name: Install Ansible
        run: |
          sudo apt-get update
          sudo apt-get install -y ansible          

      # -----------------------------
      # DNS
      # -----------------------------
      - name: Register DNS Records
        run: |
          ansible-playbook \
            -i inventory/${ENV}/${WORKSPACE}/hosts.ini \
            playbooks/alicloud_dns_record.yml \
            --extra-vars "env=${ENV} workspace=${WORKSPACE}" \
            -D -C          

      # -----------------------------
      # Runtime / Base Layer
      # -----------------------------
      - name: Provision Runtime (Docker / Base Services)
        run: |
          ansible-playbook \
            -i inventory/${ENV}/${WORKSPACE}/hosts.ini \
            playbooks/setup-docker.yml \
            --extra-vars "env=${ENV} workspace=${WORKSPACE}" \
            -D -C          

      # -----------------------------
      # Identity (pluggable)
      # -----------------------------
      - name: Deploy or Update Identity Service
        if: ${{ env.IDENTITY_PLAYBOOK != 'skip' }}
        run: |
          ansible-playbook \
            -i inventory/${ENV}/${WORKSPACE}/hosts.ini \
            playbooks/${IDENTITY_PLAYBOOK} \
            --extra-vars "env=${ENV} workspace=${WORKSPACE}" \
            -D -C          

      # -----------------------------
      # Post-check
      # -----------------------------
      - name: Post-Provision Status Check
        run: |
          ansible-playbook \
            -i inventory/${ENV}/${WORKSPACE}/hosts.ini \
            playbooks/check-runtime-status.yml \
            --extra-vars "env=${ENV} workspace=${WORKSPACE}"