From d2afcd237c58d3eeb181c6a7b33455550672999a Mon Sep 17 00:00:00 2001
From: Maxim Rychkov <81160491+Yam1x@users.noreply.github.com>
Date: Fri, 23 Jan 2026 13:19:06 +0500
Subject: [PATCH 1/6] ci: use native installed helmfile at self-hosted runner

---
 .../workflows/deploy-to-prod-from-default.yml | 25 ++++++-------------
 1 file changed, 7 insertions(+), 18 deletions(-)

diff --git a/.github/workflows/deploy-to-prod-from-default.yml b/.github/workflows/deploy-to-prod-from-default.yml
index a2cf85c..f321e38 100644
--- a/.github/workflows/deploy-to-prod-from-default.yml
+++ b/.github/workflows/deploy-to-prod-from-default.yml
@@ -17,28 +17,17 @@ jobs:
   deploy-to-prod:
     name: Deploy service to k8s for prod environment  
     needs: [push-to-registry]
-    runs-on: ubuntu-24.04
+    runs-on: self-hosted
     steps:
       - name: Check out the repo
         uses: actions/checkout@v4
 
-      - name: Create default global .kube/config file
-        run: |
-          cd $HOME
-          mkdir .kube
-          echo "${{ secrets.INNER_CIRCLE_PROD_KUBECONFIG }}" > .kube/config
-
       - name: Deploy
-        uses: helmfile/helmfile-action@v1.9.0
-        with:
-          helmfile-version: 'v0.164.0'
-          helm-version: 'v3.18.0'
-          helmfile-args: >
-            apply --suppress-diff --namespace ${{ secrets.INNER_CIRCLE_PROD_NAMESPACE }} -f ci/helmfile.yaml 
-            --state-values-set image.tag=sha-${{ github.sha }} 
-            --state-values-set ingress.hostname=${{ secrets.INNER_CIRCLE_PROD_HOSTNAME }}
-            --state-values-set extraConfigMapEnvVars.API_ROOT_URL=${{ secrets.INNER_CIRCLE_PROD_AUTH_API_ROOT_URL }}
-          helmfile-auto-init: "false"
+        run: |
+            helmfile cache cleanup && helmfile apply --suppress-diff --namespace ${{ secrets.INNER_CIRCLE_PROD_NAMESPACE }} -f ci/helmfile.yaml 
+            --state-values-set image.tag=sha-${{ github.sha }} \
+            --state-values-set ingress.hostname=${{ secrets.INNER_CIRCLE_PROD_HOSTNAME }} \
+            --state-values-set extraConfigMapEnvVars.API_ROOT_URL=${{ secrets.INNER_CIRCLE_PROD_AUTH_API_ROOT_URL }} > /dev/null 2>&1
 
   e2e-test-prod:
     runs-on: ubuntu-24.04
@@ -64,4 +53,4 @@ jobs:
           CYPRESS_BASE_URL: ${{ secrets.INNER_CIRCLE_PROD_BASE_URL }}
           API_ROOT_URL: ${{ secrets.INNER_CIRCLE_PROD_AUTH_API_ROOT_URL }}
           USER_LOGIN: ${{ secrets.INNER_CIRCLE_PROD_AUTH_FIRST_TENANT_LOGIN_WITH_ALL_PERMISSIONS  }}
-          USER_PASSWORD: ${{ secrets.INNER_CIRCLE_PROD_AUTH_FIRST_TENANT_PASSWORD_WITH_ALL_PERMISSIONS  }}
\ No newline at end of file
+          USER_PASSWORD: ${{ secrets.INNER_CIRCLE_PROD_AUTH_FIRST_TENANT_PASSWORD_WITH_ALL_PERMISSIONS  }}

From 90b1cf39702c2af38ba20df3db02fe8822292de9 Mon Sep 17 00:00:00 2001
From: Maxim Rychkov <81160491+Yam1x@users.noreply.github.com>
Date: Fri, 23 Jan 2026 13:19:58 +0500
Subject: [PATCH 2/6] ci: use mirror for bitnami repo

---
 ci/helmfile.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ci/helmfile.yaml b/ci/helmfile.yaml
index 90e34cc..da7bb69 100644
--- a/ci/helmfile.yaml
+++ b/ci/helmfile.yaml
@@ -1,6 +1,6 @@
 repositories:
   - name: bitnami
-    url: https://charts.bitnami.com/bitnami
+    url: https://mirror.yandex.ru/helm/charts.bitnami.com
 
 releases:
   - name: auth-ui
@@ -17,4 +17,4 @@ releases:
       - ingress:
           hostname: "{{ .StateValues.ingress.hostname }}"
       - extraConfigMapEnvVars:
-          API_ROOT_URL: "{{ .StateValues.extraConfigMapEnvVars.API_ROOT_URL }}"
\ No newline at end of file
+          API_ROOT_URL: "{{ .StateValues.extraConfigMapEnvVars.API_ROOT_URL }}"

From edcf5bad25a26435d356e86b7a2d8593b14267c7 Mon Sep 17 00:00:00 2001
From: Maxim Rychkov <81160491+Yam1x@users.noreply.github.com>
Date: Fri, 23 Jan 2026 13:20:23 +0500
Subject: [PATCH 3/6] test: test deploy

---
 .github/workflows/deploy-to-prod-from-default.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/deploy-to-prod-from-default.yml b/.github/workflows/deploy-to-prod-from-default.yml
index f321e38..0b6e447 100644
--- a/.github/workflows/deploy-to-prod-from-default.yml
+++ b/.github/workflows/deploy-to-prod-from-default.yml
@@ -4,6 +4,7 @@ on:
   push:
     branches:
       - master
+      - feature/**
 
 jobs:
   # this is needed to wait for the new docker image to be build and published to the registry

From 503e14f2b8a4b49d4debc45ae5f329754e46f9db Mon Sep 17 00:00:00 2001
From: Maxim Rychkov <81160491+Yam1x@users.noreply.github.com>
Date: Fri, 23 Jan 2026 13:23:16 +0500
Subject: [PATCH 4/6] fix: fix deploy

---
 .github/workflows/deploy-to-prod-from-default.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/deploy-to-prod-from-default.yml b/.github/workflows/deploy-to-prod-from-default.yml
index 0b6e447..01c35c9 100644
--- a/.github/workflows/deploy-to-prod-from-default.yml
+++ b/.github/workflows/deploy-to-prod-from-default.yml
@@ -25,7 +25,7 @@ jobs:
 
       - name: Deploy
         run: |
-            helmfile cache cleanup && helmfile apply --suppress-diff --namespace ${{ secrets.INNER_CIRCLE_PROD_NAMESPACE }} -f ci/helmfile.yaml 
+            helmfile cache cleanup && helmfile apply --suppress-diff --namespace ${{ secrets.INNER_CIRCLE_PROD_NAMESPACE }} -f ci/helmfile.yaml \
             --state-values-set image.tag=sha-${{ github.sha }} \
             --state-values-set ingress.hostname=${{ secrets.INNER_CIRCLE_PROD_HOSTNAME }} \
             --state-values-set extraConfigMapEnvVars.API_ROOT_URL=${{ secrets.INNER_CIRCLE_PROD_AUTH_API_ROOT_URL }} > /dev/null 2>&1

From a16f109edcccbcd01d6807bd176c4c8fc0451505 Mon Sep 17 00:00:00 2001
From: Maxim Rychkov <81160491+Yam1x@users.noreply.github.com>
Date: Mon, 26 Jan 2026 10:55:18 +0500
Subject: [PATCH 5/6] ci: add quotes for all vars in deploy step

---
 .github/workflows/deploy-to-prod-from-default.yml | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/deploy-to-prod-from-default.yml b/.github/workflows/deploy-to-prod-from-default.yml
index 01c35c9..0cac9a8 100644
--- a/.github/workflows/deploy-to-prod-from-default.yml
+++ b/.github/workflows/deploy-to-prod-from-default.yml
@@ -24,11 +24,12 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Deploy
+        # We use quotes because in other services we got a problems with vars without quotes
         run: |
-            helmfile cache cleanup && helmfile apply --suppress-diff --namespace ${{ secrets.INNER_CIRCLE_PROD_NAMESPACE }} -f ci/helmfile.yaml \
-            --state-values-set image.tag=sha-${{ github.sha }} \
-            --state-values-set ingress.hostname=${{ secrets.INNER_CIRCLE_PROD_HOSTNAME }} \
-            --state-values-set extraConfigMapEnvVars.API_ROOT_URL=${{ secrets.INNER_CIRCLE_PROD_AUTH_API_ROOT_URL }} > /dev/null 2>&1
+            helmfile cache cleanup && helmfile apply --suppress-diff --namespace "${{ secrets.INNER_CIRCLE_PROD_NAMESPACE }}" -f ci/helmfile.yaml \
+            --state-values-set image.tag="sha-${{ github.sha }}" \
+            --state-values-set ingress.hostname="${{ secrets.INNER_CIRCLE_PROD_HOSTNAME }}" \
+            --state-values-set extraConfigMapEnvVars.API_ROOT_URL="${{ secrets.INNER_CIRCLE_PROD_AUTH_API_ROOT_URL }}" > /dev/null 2>&1
 
   e2e-test-prod:
     runs-on: ubuntu-24.04

From 313284fad57d45de0916d846e64202651a30012f Mon Sep 17 00:00:00 2001
From: Maxim Rychkov <81160491+Yam1x@users.noreply.github.com>
Date: Mon, 26 Jan 2026 10:59:37 +0500
Subject: [PATCH 6/6] ci: remove "feature/**" to deploy only from master branch

---
 .github/workflows/deploy-to-prod-from-default.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.github/workflows/deploy-to-prod-from-default.yml b/.github/workflows/deploy-to-prod-from-default.yml
index 0cac9a8..239b088 100644
--- a/.github/workflows/deploy-to-prod-from-default.yml
+++ b/.github/workflows/deploy-to-prod-from-default.yml
@@ -4,7 +4,6 @@ on:
   push:
     branches:
       - master
-      - feature/**
 
 jobs:
   # this is needed to wait for the new docker image to be build and published to the registry