From 90498e4f5513469a82c1bffdec08ec3b10b76d6c Mon Sep 17 00:00:00 2001
From: Gabriel Radureau <arcodange@gmail.com>
Date: Sun, 28 Jun 2026 18:35:48 +0200
Subject: [PATCH] =?UTF-8?q?feat(multi-env):=20Phase=20D4=20=E2=80=94=20reg?=
 =?UTF-8?q?ister=20erp-sandbox=20ArgoCD=20Application?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

ADR-0002 Phase D, final step. Adds `envs: { sandbox: {} }` to the erp entry
in argocd/values.yaml, so the Phase B per-env loop in templates/apps.yaml
renders an extra Application "erp-sandbox":
  - source: same erp repo + chart, overlaid with values.yaml + values-sandbox.yaml
  - destination namespace: erp-sandbox (CreateNamespace=true)
  - syncPolicy: automated prune + selfHeal (default)

GitOps activation: on merge to main, the factory app-of-apps re-renders and
ArgoCD creates the erp-sandbox Application, which deploys the Dolibarr chart
into the erp-sandbox namespace. The pod's VSO reads the Vault paths created in
D2/D3 (auth/kubernetes/role/erp-sandbox, postgres/creds/erp-sandbox,
kvv2/erp-sandbox/config) and connects to the erp-sandbox DB created in D1.

Render verified: the only diff vs main is the added erp-sandbox Application;
prod erp + all other apps render byte-identical.

No DNS/TLS change needed (Phase E): *.arcodange.lab is a wildcard in Pi-hole
(CoreDNS forwards to it) and cert-manager holds a *.arcodange.lab wildcard set
as Traefik's default TLS — so erp-sandbox.arcodange.lab resolves + gets HTTPS
automatically once the ingress is up.

Completes Phase D. D1=factory#17, D2=tools#3, D3=erp#12 (all merged).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 argocd/values.yaml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/argocd/values.yaml b/argocd/values.yaml
index da1ad13..b6ad09f 100644
--- a/argocd/values.yaml
+++ b/argocd/values.yaml
@@ -21,6 +21,11 @@ gitea_applications:
       argocd-image-updater.argoproj.io/telegram-gateway.update-strategy: digest
   erp:
     annotations: {}
+    # Non-prod environments (ADR-0002). Each key renders an extra Application
+    # "<app>-<env>" overlaid with chart/values-<env>.yaml into namespace
+    # "<app>-<env>". Prod erp is unaffected.
+    envs:
+      sandbox: {}
   cms:
     annotations:
       argocd-image-updater.argoproj.io/image-list: cms=gitea.arcodange.lab/arcodange-org/cms:latest