Add new infra architecture

infrastructure/cicd/tekton/pipelines/prod-deploy-pipeline.yaml

@@ -0,0 +1,118 @@
+# Production Deployment Pipeline for Bakery-IA
+# This pipeline handles production deployments with manual approval gate
+# It should be triggered after the CI pipeline succeeds
+
+apiVersion: tekton.dev/v1beta1
+kind: Pipeline
+metadata:
+  name: bakery-ia-prod-deploy
+  namespace: tekton-pipelines
+  labels:
+    app.kubernetes.io/name: bakery-ia-cicd
+    app.kubernetes.io/component: pipeline
+    app.kubernetes.io/environment: production
+spec:
+  workspaces:
+    - name: shared-workspace
+      description: Shared workspace for source code
+    - name: git-credentials
+      description: Git credentials for pushing GitOps updates
+      optional: true
+  params:
+    - name: git-url
+      type: string
+      description: Repository URL
+    - name: git-revision
+      type: string
+      description: Git revision/commit hash to deploy
+    - name: services
+      type: string
+      description: Comma-separated list of services to deploy
+    - name: registry
+      type: string
+      description: Container registry URL
+    - name: approver
+      type: string
+      description: Name of the person who approved this deployment
+      default: "automated"
+    - name: approval-ticket
+      type: string
+      description: Ticket/issue number for deployment approval
+      default: "N/A"
+
+  tasks:
+    # Stage 1: Fetch source code
+    - name: fetch-source
+      taskRef:
+        name: git-clone
+      workspaces:
+        - name: output
+          workspace: shared-workspace
+      params:
+        - name: url
+          value: $(params.git-url)
+        - name: revision
+          value: $(params.git-revision)
+
+    # Stage 2: Verify images exist in registry
+    - name: verify-images
+      runAfter: [fetch-source]
+      taskRef:
+        name: verify-images
+      params:
+        - name: services
+          value: $(params.services)
+        - name: registry
+          value: $(params.registry)
+        - name: git-revision
+          value: $(params.git-revision)
+
+    # Stage 3: Pre-deployment validation
+    - name: pre-deploy-validation
+      runAfter: [verify-images]
+      taskRef:
+        name: pre-deploy-validation
+      workspaces:
+        - name: source
+          workspace: shared-workspace
+      params:
+        - name: services
+          value: $(params.services)
+        - name: environment
+          value: "production"
+
+    # Stage 4: Update production manifests
+    - name: update-prod-manifests
+      runAfter: [pre-deploy-validation]
+      taskRef:
+        name: update-gitops
+      workspaces:
+        - name: source
+          workspace: shared-workspace
+        - name: git-credentials
+          workspace: git-credentials
+      params:
+        - name: services
+          value: $(params.services)
+        - name: registry
+          value: $(params.registry)
+        - name: git-revision
+          value: $(params.git-revision)
+        - name: git-branch
+          value: "main"
+        - name: dry-run
+          value: "false"
+
+  finally:
+    - name: deployment-summary
+      taskRef:
+        name: prod-deployment-summary
+      params:
+        - name: services
+          value: $(params.services)
+        - name: git-revision
+          value: $(params.git-revision)
+        - name: approver
+          value: $(params.approver)
+        - name: approval-ticket
+          value: $(params.approval-ticket)