argo ocmpatiblity

.github/workflows/changelog.yml

@@ -1,11 +1,6 @@
-name: Update Changelog
+name: Update Changelog (disabled)
 
 on:
-  push:
-    branches: [main]
-    paths-ignore:
-      - 'CHANGELOG.md'
-      - '.github/**'
   workflow_dispatch:
     inputs:
       since_tag:

.github/workflows/publish-oci.yml

@@ -30,6 +30,15 @@ jobs:
         with:
           version: v3.17.0
 
+      - name: Build chart dependencies
+        run: |
+          for chart in charts/*/; do
+            if grep -q '^dependencies:' "${chart}Chart.yaml" 2>/dev/null; then
+              echo "Building dependencies for $(basename "${chart}")..."
+              helm dependency build "${chart}"
+            fi
+          done
+
       - name: Lint all charts
         run: |
           for chart in charts/*/; do
@@ -68,6 +77,15 @@ jobs:
           echo "${GITHUB_TOKEN}" | helm registry login ${REGISTRY} -u "${GH_ACTOR}" --password-stdin
           echo "${GITHUB_TOKEN}" | cosign login ${REGISTRY} -u "${GH_ACTOR}" --password-stdin
 
+      - name: Build chart dependencies
+        run: |
+          for chart in charts/*/; do
+            if grep -q '^dependencies:' "${chart}Chart.yaml" 2>/dev/null; then
+              echo "Building dependencies for $(basename "${chart}")..."
+              helm dependency build "${chart}"
+            fi
+          done
+
       - name: Package, push, sign, and attach SBOM
         env:
           RELEASE_TAG: ${{ github.event.release.tag_name }}

.github/workflows/validate-charts.yml

@@ -33,6 +33,15 @@ jobs:
         with:
           version: v3.17.0
 
+      - name: Build chart dependencies
+        run: |
+          for chart in charts/*/; do
+            if grep -q '^dependencies:' "${chart}Chart.yaml" 2>/dev/null; then
+              echo "Building dependencies for $(basename "${chart}")..."
+              helm dependency build "${chart}"
+            fi
+          done
+
       - name: Lint all charts
         run: |
           exit_code=0
@@ -57,6 +66,15 @@ jobs:
         with:
           version: v3.17.0
 
+      - name: Build chart dependencies
+        run: |
+          for chart in charts/*/; do
+            if grep -q '^dependencies:' "${chart}Chart.yaml" 2>/dev/null; then
+              echo "Building dependencies for $(basename "${chart}")..."
+              helm dependency build "${chart}"
+            fi
+          done
+
       - name: Template render all charts
         run: |
           exit_code=0
@@ -90,6 +108,12 @@ jobs:
                   --set users.metrics.password=test \
                   > /dev/null || exit_code=1
                 ;;
+              countly-migration)
+                helm template test-release "${chart}" \
+                  --set backingServices.mongodb.password=test \
+                  --set backingServices.clickhouse.password=test \
+                  > /dev/null || exit_code=1
+                ;;
               *)
                 helm template test-release "${chart}" > /dev/null || exit_code=1
                 ;;

README.md

@@ -4,7 +4,7 @@ Helm charts for deploying Countly analytics on Kubernetes.
 
 ## Architecture
 
-Five charts, each in its own namespace:
+Seven charts, each in its own namespace:
 
 | Chart | Namespace | Purpose |
 |-------|-----------|---------|
@@ -13,6 +13,8 @@ Five charts, each in its own namespace:
 | `countly-clickhouse` | clickhouse | ClickHouse via ClickHouse Operator |
 | `countly-kafka` | kafka | Kafka via Strimzi Operator |
 | `countly-observability` | observability | Prometheus, Grafana, Loki, Tempo, Pyroscope |
+| `countly-migration` | countly-migration | MongoDB to ClickHouse batch migration (with bundled Redis) |
+| `countly-argocd` | argocd | ArgoCD app-of-apps (AppProject + Applications) |
 
 ### Architecture Overview
 
@@ -46,6 +48,11 @@ flowchart TB
         mongo["MongoDB\n:27017"]
     end
 
+    subgraph mig-ns["countly-migration"]
+        migsvc["Migration Service\n:8080"]
+        redis["Redis\n:6379"]
+    end
+
     subgraph obs-ns["observability"]
         prom["Prometheus"]
         grafana["Grafana"]
@@ -66,6 +73,10 @@ flowchart TB
     brokers --> connect --> chserver
     keeper -.-> chserver
 
+    migsvc -->|read batches| mongo
+    migsvc -->|insert rows| chserver
+    migsvc <-.->|hot state| redis
+
     alloy -.-> prom & loki & tempo & pyroscope
     prom & loki & tempo & pyroscope --> grafana
 ```
@@ -164,43 +175,69 @@ Install required operators before deploying Countly. See [docs/PREREQUISITES.md]
 
 ### Manual Installation (without Helmfile)
 
+Substitute your profile choices from `global.yaml` into the commands below.
+The value file order must match the layering: global → sizing → dimension profiles → security → environment → secrets.
+
 ```bash
+# Shorthand — substitute these from your environments/<env>/global.yaml
+ENV=my-deployment
+SIZING=local          # local | small | production
+SECURITY=open         # open | hardened
+TLS=selfSigned        # none | selfSigned | letsencrypt | provided
+OBS=full              # disabled | full | external-grafana | external
+KC=balanced           # throughput | balanced | low-latency
+
 helm install countly-mongodb ./charts/countly-mongodb -n mongodb --create-namespace \
   --wait --timeout 10m \
-  -f environments/my-deployment/global.yaml \
-  -f profiles/sizing/production/mongodb.yaml \
-  -f environments/my-deployment/mongodb.yaml \
-  -f environments/my-deployment/secrets-mongodb.yaml
+  -f environments/$ENV/global.yaml \
+  -f profiles/sizing/$SIZING/mongodb.yaml \
+  -f profiles/security/$SECURITY/mongodb.yaml \
+  -f environments/$ENV/mongodb.yaml \
+  -f environments/$ENV/secrets-mongodb.yaml
 
 helm install countly-clickhouse ./charts/countly-clickhouse -n clickhouse --create-namespace \
   --wait --timeout 10m \
-  -f environments/my-deployment/global.yaml \
-  -f profiles/sizing/production/clickhouse.yaml \
-  -f environments/my-deployment/clickhouse.yaml \
-  -f environments/my-deployment/secrets-clickhouse.yaml
+  -f environments/$ENV/global.yaml \
+  -f profiles/sizing/$SIZING/clickhouse.yaml \
+  -f profiles/security/$SECURITY/clickhouse.yaml \
+  -f environments/$ENV/clickhouse.yaml \
+  -f environments/$ENV/secrets-clickhouse.yaml
 
 helm install countly-kafka ./charts/countly-kafka -n kafka --create-namespace \
   --wait --timeout 10m \
-  -f environments/my-deployment/global.yaml \
-  -f profiles/sizing/production/kafka.yaml \
-  -f profiles/kafka-connect/balanced/kafka.yaml \
-  -f environments/my-deployment/kafka.yaml \
-  -f environments/my-deployment/secrets-kafka.yaml
+  -f environments/$ENV/global.yaml \
+  -f profiles/sizing/$SIZING/kafka.yaml \
+  -f profiles/kafka-connect/$KC/kafka.yaml \
+  -f profiles/observability/$OBS/kafka.yaml \
+  -f profiles/security/$SECURITY/kafka.yaml \
+  -f environments/$ENV/kafka.yaml \
+  -f environments/$ENV/secrets-kafka.yaml
 
 helm install countly ./charts/countly -n countly --create-namespace \
   --wait --timeout 10m \
-  -f environments/my-deployment/global.yaml \
-  -f profiles/sizing/production/countly.yaml \
-  -f profiles/tls/letsencrypt/countly.yaml \
-  -f environments/my-deployment/countly.yaml \
-  -f environments/my-deployment/secrets-countly.yaml
+  -f environments/$ENV/global.yaml \
+  -f profiles/sizing/$SIZING/countly.yaml \
+  -f profiles/tls/$TLS/countly.yaml \
+  -f profiles/observability/$OBS/countly.yaml \
+  -f profiles/security/$SECURITY/countly.yaml \
+  -f environments/$ENV/countly.yaml \
+  -f environments/$ENV/secrets-countly.yaml
 
 helm install countly-observability ./charts/countly-observability -n observability --create-namespace \
   --wait --timeout 10m \
-  -f environments/my-deployment/global.yaml \
-  -f profiles/sizing/production/observability.yaml \
-  -f profiles/observability/full/observability.yaml \
-  -f environments/my-deployment/observability.yaml
+  -f environments/$ENV/global.yaml \
+  -f profiles/sizing/$SIZING/observability.yaml \
+  -f profiles/observability/$OBS/observability.yaml \
+  -f profiles/security/$SECURITY/observability.yaml \
+  -f environments/$ENV/observability.yaml \
+  -f environments/$ENV/secrets-observability.yaml
+
+# Optional: MongoDB to ClickHouse batch migration (includes bundled Redis)
+helm install countly-migration ./charts/countly-migration -n countly-migration --create-namespace \
+  --wait --timeout 5m \
+  -f environments/$ENV/global.yaml \
+  -f environments/$ENV/migration.yaml \
+  -f environments/$ENV/secrets-migration.yaml
 ```
 
 ## Configuration Model
@@ -247,6 +284,7 @@ Environments contain deployment-specific choices:
 - [VERIFICATION.md](docs/VERIFICATION.md) — Chart signature verification, SBOM, provenance
 - [TROUBLESHOOTING.md](docs/TROUBLESHOOTING.md) — Common issues and fixes
 - [VERSION-MATRIX.md](docs/VERSION-MATRIX.md) — Pinned operator and image versions
+- [ARGOCD.md](docs/ARGOCD.md) — ArgoCD deployment, sync waves, custom health checks
 
 ## Repository Structure
 
@@ -258,6 +296,8 @@ helm/
     countly-clickhouse/
     countly-kafka/
     countly-observability/
+    countly-migration/
+    countly-argocd/
   profiles/                         # Composable profile dimensions
     sizing/                         # local | small | production
     observability/                  # disabled | full | external-grafana | external

charts/countly-argocd/Chart.yaml

@@ -0,0 +1,20 @@
+apiVersion: v2
+name: countly-argocd
+description: ArgoCD app-of-apps for deploying Countly to one or more clusters
+type: application
+version: 0.1.0
+appVersion: "1.0.0"
+home: https://countly.com
+icon: https://count.ly/images/logos/countly-logo.svg
+sources:
+  - https://github.com/Countly/countly-server
+keywords:
+  - argocd
+  - gitops
+  - countly
+  - multi-cluster
+maintainers:
+  - name: Countly
+    url: https://countly.com
+annotations:
+  artifacthub.io/license: AGPL-3.0