open-edge-platform · sunil-parida · Apr 13, 2026 · Apr 4, 2026 · Apr 6, 2026 · Apr 6, 2026
@@ -0,0 +1,58 @@
+# SPDX-FileCopyrightText: (C) 2026 Intel Corporation
+# SPDX-License-Identifier: Apache-2.0
+
+name: "Collect Diagnostics (Helmfile)"
+description: "Collects cluster diagnostics for helmfile-based deployments (no mage/ArgoCD dependency)"
+
+inputs:
+  k8s_diagnostics_args:
+    description: "Arguments to pass to orch_k8s_diagnostics.py (e.g., '--errors-only --output-html --output-json')"
+    required: false
+    default: "--errors-only --output-html --output-json"
+
+runs:
+  using: "composite"
+  steps:
+    - name: Run K8s diagnostics utility
+      id: run-k8s-diagnostics
+      if: always()
+      shell: bash
+      env:
+        K8S_DIAGNOSTICS_ARGS: ${{ inputs.k8s_diagnostics_args }}
+      run: |
+        /usr/bin/python3 ./ci/orch_k8s_diagnostics.py $K8S_DIAGNOSTICS_ARGS || true
+        echo "K8s diagnostics completed with args: $K8S_DIAGNOSTICS_ARGS"
+
+    - name: Collect cluster diagnostic information
+      id: collect-cluster-diagnostics
+      if: always()
+      shell: bash
+      run: |
+        mkdir -p cluster-diagnostics
+        kubectl get pods -o wide -A > cluster-diagnostics/pods-list.txt || true
+        kubectl get all -A > cluster-diagnostics/kubectl-get-all.txt || true
+        kubectl describe pods -A > cluster-diagnostics/pods-describe.txt || true
+        kubectl get events -o yaml -A > cluster-diagnostics/events.yaml || true
+        helm list -A > cluster-diagnostics/helm-releases.txt || true
+        kubectl get helmrelease -A -o yaml > cluster-diagnostics/helmreleases.yaml || true
+        kubectl get nodes -o wide > cluster-diagnostics/nodes.txt || true
+
+    - name: Collect pod logs
+      if: always()
+      shell: bash
+      run: ./ci/collect_pod_logs.sh || true
+
+    - name: Upload diagnostic artifacts
+      if: always()
+      uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02  # v4.6.2
+      with:
+        name: diagnostics-${{ github.job }}-${{ github.event_name }}-${{ github.event.pull_request.number || github.run_number }}-${{ github.run_attempt }}
+        path: |
+          cluster-diagnostics/
+          pod_logs/
+          diagnostics_full_*.md
+          diagnostics_full_*.html
+          diagnostics_full_*.json
+        retention-days: 15
+        compression-level: 6
+        if-no-files-found: warn
@@ -0,0 +1,150 @@
+# SPDX-FileCopyrightText: (C) 2026 Intel Corporation
+# SPDX-License-Identifier: Apache-2.0
+
+name: "Deploy On-Prem Orchestrator (Helmfile)"
+description: "Deploys the on-prem orchestrator using helmfile — runs pre-orch and post-orch deploy steps"
+inputs:
+  orch_version:
+    required: false
+    description: "Orchestrator version (git ref) to deploy"
+    default: '${{ github.sha }}'
+  orch_profile:
+    required: false
+    description: "Orchestrator profile to deploy"
+    default: "onprem-eim"
+  docker_username:
+    required: true
+    description: "Docker Hub username for pulling images"
+  docker_password:
+    required: true
+    description: "Docker Hub password for pulling images"
+
+runs:
+  using: "composite"
+  steps:
+    - name: Checkout Orchestrator repo
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd  # v6.0.2
+      with:
+        repository: open-edge-platform/edge-manageability-framework
+        ref: ${{ inputs.orch_version }}
+        persist-credentials: false
+
+    # ── Detect Host IP ────────────────────────────────────────────────────────
+
+    - name: Detect host IP
+      id: host-ip
+      shell: bash
+      run: |
+        # Get interface with 10.x.x.x IP (same approach as ci/ven/dnsmasq-setup.sh)
+        interface_name=$(ip -o -4 addr show | awk '$4 ~ /^10\./ {print $2}')
+        if [ -z "$interface_name" ]; then
+          echo "No interface found with 10.x IP, falling back to default route interface"
+          interface_name=$(ip route show default | awk '{print $5; exit}')
+        fi
+        ip_address=$(ip -4 addr show "$interface_name" | grep -oP '(?<=inet\s)\d+(\.\d+){3}')
+        if [ -z "$ip_address" ]; then
+          echo "❌ Could not detect host IP address"
+          exit 1
+        fi
+        echo "Detected host IP: $ip_address (interface: $interface_name)"
+        echo "host_ip=$ip_address" >> "$GITHUB_OUTPUT"
+
+    - name: Update env files with detected host IP
+      shell: bash
+      env:
+        HOST_IP: ${{ steps.host-ip.outputs.host_ip }}
+        ORCH_PROFILE: ${{ inputs.orch_profile }}
+      run: |
+        echo "Updating pre-orch.env and post-orch.env with EMF_ORCH_IP=$HOST_IP, EMF_HELMFILE_ENV=$ORCH_PROFILE"
+
+        # pre-orch.env: uncomment and set EMF_ORCH_IP, comment out individual IPs
+        sed -i "s|^#EMF_ORCH_IP=.*|EMF_ORCH_IP=$HOST_IP|" helmfile-deploy/pre-orch/pre-orch.env
+        sed -i "s|^EMF_TRAEFIK_IP=|#EMF_TRAEFIK_IP=|" helmfile-deploy/pre-orch/pre-orch.env
+        sed -i "s|^EMF_HAPROXY_IP=|#EMF_HAPROXY_IP=|" helmfile-deploy/pre-orch/pre-orch.env
+
+        # post-orch.env: uncomment and set EMF_ORCH_IP, comment out individual IPs, set profile
+        sed -i "s|^#EMF_ORCH_IP=.*|EMF_ORCH_IP=$HOST_IP|" helmfile-deploy/post-orch/post-orch.env
+        sed -i "s|^EMF_TRAEFIK_IP=|#EMF_TRAEFIK_IP=|" helmfile-deploy/post-orch/post-orch.env
+        sed -i "s|^EMF_HAPROXY_IP=|#EMF_HAPROXY_IP=|" helmfile-deploy/post-orch/post-orch.env
+        sed -i "s|^EMF_HELMFILE_ENV=.*|EMF_HELMFILE_ENV=$ORCH_PROFILE|" helmfile-deploy/post-orch/post-orch.env
+
+        echo "✅ Both env files updated"
+
+    # ── Pre-Orch Deploy ──────────────────────────────────────────────────────
+
+    - name: Run pre-orch deploy
+      shell: bash
+      working-directory: helmfile-deploy/pre-orch
+      env:
+        DOCKER_USERNAME: ${{ inputs.docker_username }}
+        DOCKER_PASSWORD: ${{ inputs.docker_password }}
+      run: |
+        echo "▶ Starting pre-orch deploy (provider: k3s) [timeout: 5m]"
+        chmod +x pre-orch.sh
+        timeout 300 ./pre-orch.sh k3s install \
+          --docker-username "$DOCKER_USERNAME" \
+          --docker-password "$DOCKER_PASSWORD"
+
+    - name: Verify pre-orch deployment
+      shell: bash
+      run: |
+        echo "Verifying pre-orch components are ready..."
+        kubectl get nodes -o wide
+        echo "Waiting for all pods to be ready..."
+        kubectl wait --for=condition=Ready pods --all -A --timeout=120s || true
+        kubectl get pods -A
+
+    # ── Post-Orch Deploy ─────────────────────────────────────────────────────
+
+    - name: Run post-orch deploy
+      shell: bash
+      working-directory: helmfile-deploy/post-orch
+      env:
+        EMF_HELMFILE_ENV: ${{ inputs.orch_profile }}
+      run: |
+        echo "▶ Starting post-orch deploy (profile: $EMF_HELMFILE_ENV) [timeout: 20m]"
+        chmod +x post-orch-deploy.sh
+        timeout 1200 ./post-orch-deploy.sh install
+
+    - name: Verify post-orch deployment
+      shell: bash
+      working-directory: helmfile-deploy/post-orch
+      run: |
+        echo "Verifying post-orch deployment..."
+        chmod +x watch-deploy.sh
+        ./watch-deploy.sh
+
+    # ── Install Orch CA Certificate ──────────────────────────────────────────
+
+    - name: Install orchestrator CA certificate
+      shell: bash
+      run: |
+        kubectl get secret -n orch-gateway tls-orch -o jsonpath="{.data.tls\.crt}" | base64 -d > orch-ca.crt
+        sudo cp -rf orch-ca.crt /usr/local/share/ca-certificates/
+        sudo update-ca-certificates -f
+
+    # ── Diagnostics ──────────────────────────────────────────────────────────
+
+    - name: Get diagnostic information
+      id: get-diagnostic-info
+      if: always()
+      shell: bash
+      env:
+        ORCH_PROFILE: ${{ inputs.orch_profile }}
+      run: |
+        mkdir -p "$ORCH_PROFILE-diagnostics"
+        kubectl get pods -o wide -A > "$ORCH_PROFILE-diagnostics/pods-list.txt"
+        kubectl describe pods -A > "$ORCH_PROFILE-diagnostics/pods-describe.txt"
+        kubectl get events -o yaml -A > "$ORCH_PROFILE-diagnostics/events.yaml"
+        helm list -A > "$ORCH_PROFILE-diagnostics/helm-releases.txt"
+
+    - name: Upload diagnostic information to CI artifact store
+      if: always() && steps.get-diagnostic-info.conclusion == 'success'
+      uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02  # v4.6.2
+      with:
+        name: ${{ inputs.orch_profile }}-helmfile-diagnostics
+        path: |
+          ${{ inputs.orch_profile }}-diagnostics/pods-list.txt
+          ${{ inputs.orch_profile }}-diagnostics/pods-describe.txt
+          ${{ inputs.orch_profile }}-diagnostics/events.yaml
+          ${{ inputs.orch_profile }}-diagnostics/helm-releases.txt