DevOps / GitOps Platform — Overview¶
Target Architecture — Final-State Design
This page describes the final-state target architecture for the DevOps / GitOps Platform. Sections marked Implemented reference assets that exist in the codebase today (for example the ConnectSoft.AzurePipelines pipeline definitions, the local NuGet feed, and the ConnectSoft.MicroserviceTemplate).
The DevOps / GitOps Platform is the bridge from validated artifacts to running systems. Every other platform in the ConnectSoft AI Software Factory produces intent and artifacts — blueprints, domain models, generated microservices, UIs, libraries, and policies. This platform is what commits that code, builds it, gates it, ships it, provisions its infrastructure, and keeps the running world continuously reconciled with the desired state declared in Git.
Purpose¶
To provide a fully autonomous, governed, and traceable software delivery plane that takes a generated and validated module from the Template & Library Platform and the Agent Mesh all the way to a healthy, observable deployment on the Runtime & Cloud Platform — with Git as the single source of truth for both application code and infrastructure.
Role in the AI Software Factory¶
The platform is the delivery spine of the factory. The DevOps & Release agent cluster (Code Committer, Pull Request Creator, DevOps Engineer, Cloud Provisioner, Deployment Orchestrator, Release Manager, Environment Manager, Configuration Manager) drives the services described here. Those agents do not perform delivery directly; they invoke the platform's APIs and react to its events. See the DevOps, Deployment & Delivery Agents Overview.
flowchart LR
AgentMesh["Agent Mesh<br/>DevOps and Release cluster"] -->|commands| DevOps["DevOps / GitOps Platform"]
Templates["Template and Library Platform"] -->|validated modules| DevOps
DevOps -->|deploys to| Runtime["Runtime and Cloud Platform"]
DevOps -->|events| Observability["Observability and Feedback"]
DevOps -->|policy checks| Governance["Governance, Security and Compliance"]Core Responsibilities¶
- Source control — provision repositories, manage branches, author commits, and run pull-request workflows on Azure DevOps Git (GitHub optional).
- Pipelines — generate YAML pipeline definitions (aligned to
ConnectSoft.AzurePipelines), execute them, and ingest build results. - Release & promotion — plan releases, gate them with approvals, render deployment manifests, and promote across environments.
- Packaging — publish NuGet packages to Azure Artifacts and build/push container images to Azure Container Registry (ACR).
- Infrastructure — provision cloud infrastructure as code using Pulumi (.NET / C# programs) as the canonical IaC engine.
- GitOps synchronization — continuously reconcile cluster and environment state with the desired state declared in Git.
Key Capabilities¶
| Capability | Description |
|---|---|
| Autonomous commit & PR | Agents author commits and open pull requests with full lineage to the originating artifact. |
| Pipeline generation | Pipeline YAML is generated from module metadata, not hand-written, so every module ships with a consistent CI/CD definition. |
| Governed releases | Releases require policy-evaluated approvals before promotion; nothing reaches production without an audit trail. |
| Pulumi IaC | Infrastructure plans are C# Pulumi programs, previewed and applied with drift detection. |
| GitOps reconciliation | Desired state lives in Git; the platform detects and corrects drift continuously. |
| Multi-tenant isolation | Every repository, pipeline, release, and deployment is scoped by tenantId and projectId. |
High-Level Component Diagram¶
flowchart TB
subgraph SourceControl["Source Control Context"]
Repository["RepositoryService"]
Branch["BranchService"]
Commit["CommitService"]
PullRequest["PullRequestService"]
end
subgraph Pipelines["Pipelines Context"]
PipelineGen["PipelineGeneratorService"]
PipelineExec["PipelineExecutionService"]
BuildResult["BuildResultService"]
end
subgraph Release["Release and Promotion Context"]
ReleaseSvc["ReleaseService"]
EnvPromotion["EnvironmentPromotionService"]
DeployManifest["DeploymentManifestService"]
end
subgraph Packaging["Packaging Context"]
PackagePub["PackagePublishingService"]
ContainerImg["ContainerImageService"]
end
subgraph Infra["Infrastructure Context"]
IaC["IaCProvisioningService"]
end
subgraph GitOps["GitOps Sync Context"]
GitOpsSync["GitOpsSyncService"]
end
SourceControl --> Pipelines
Pipelines --> Packaging
Pipelines --> Release
Release --> Infra
Release --> GitOps
Infra --> GitOpsIntegration with Other Platforms¶
flowchart LR
AgentMesh["Agent Mesh"] -->|"AssignAgentTask, commands"| DevOps["DevOps / GitOps Platform"]
TemplateLib["Template and Library Platform"] -->|"validated modules, NuGet"| DevOps
DevOps -->|"DeploymentPromoted"| Runtime["Runtime and Cloud Platform"]
DevOps -->|"all events"| Observability["Observability and Feedback"]
DevOps -->|"approval and policy gates"| Governance["Governance, Security and Compliance"]
DevOps -->|"lineage events"| Integration["Integration Platform"]
Integration -->|"external SCM, registries"| DevOps- Agent Mesh — issues commands and consumes events to orchestrate delivery.
- Template & Library Platform — supplies the modules and published packages this platform ships.
- Runtime & Cloud Platform — the target of deployments and GitOps reconciliation.
- Governance, Security & Compliance — evaluates approval and deployment policies.
- Integration Platform — connects to external SCM, registries, and cloud providers.
Final-State Summary¶
In its final state the DevOps / GitOps Platform is the fully automated, agent-driven delivery plane of the factory: 14 microservices across six bounded contexts, 11 event-driven workers, and a canonical event stream that ties every commit, build, release, and deployment back to a single traceId. It embodies the factory pillars — traceability (lineage from artifact to running system), reusability (generated pipelines and Pulumi programs), autonomy (agents drive delivery end to end), governance (policy-gated releases and audited approvals), observability (every step emits envelope-wrapped events), and multi-tenant scale (tenant- and project-scoped isolation across all stores).