From 101c7e8355b8503552c15c9abc3d2fbe1b5b8466 Mon Sep 17 00:00:00 2001 From: Josh Date: Thu, 31 Jul 2025 16:52:39 +0000 Subject: [PATCH] pipeline build v39. revert with IMG_TAG reinstate --- .woodpecker.yml | 94 +++++++++++++++++++++++++++++++------------------ 1 file changed, 59 insertions(+), 35 deletions(-) diff --git a/.woodpecker.yml b/.woodpecker.yml index 63a2fd6..541eef8 100644 --- a/.woodpecker.yml +++ b/.woodpecker.yml @@ -1,45 +1,69 @@ +--- +kind: pipeline +type: docker +name: build-and-deploy + +workspace: + base: /woodpecker + path: src + +clone: + depth: 50 + +volumes: + - name: docker-sock + host: + path: /var/run/docker.sock + steps: - ssh-deploy: + - name: build-and-push + image: docker:24.0-cli + privileged: true + volumes: + - name: docker-sock + path: /var/run/docker.sock + commands: + - set -eu + - REG=us-central1-docker.pkg.dev/aptivaai-dev/aptiva-repo + - TAG=$(echo "$CI_COMMIT_SHA" | head -c 8) + - docker buildx create --use --name woodpecker || true + - for svc in server1 server2 server3 nginx; do docker buildx build -f Dockerfile.${svc} -t ${REG}/${svc}:${TAG} --push .; done + when: + event: [push, manual] + branch: [master] + + - name: ssh-deploy image: google/cloud-sdk:latest entrypoint: - bash - -c - - | - set -euo pipefail + - > + set -euo pipefail; - mkdir -p ~/.ssh + mkdir -p ~/.ssh; - # 1. Install SSH prerequisites ────────────────────────────── - gcloud secrets versions access latest \ - --secret=STAGING_KNOWN_HOSTS --project=aptivaai-dev \ - | base64 -d > ~/.ssh/known_hosts - chmod 644 ~/.ssh/known_hosts + gcloud secrets versions access latest --secret=STAGING_KNOWN_HOSTS --project=aptivaai-dev | base64 -d > ~/.ssh/known_hosts; + chmod 644 ~/.ssh/known_hosts; - gcloud secrets versions access latest \ - --secret=STAGING_SSH_KEY --project=aptivaai-dev \ - | base64 -d > ~/.ssh/id_ed25519 - chmod 600 ~/.ssh/id_ed25519 - echo "🔑 SSH prerequisites installed" + gcloud secrets versions access latest --secret=STAGING_SSH_KEY --project=aptivaai-dev | base64 -d > ~/.ssh/id_ed25519; + chmod 600 ~/.ssh/id_ed25519; + echo "🔑 SSH prerequisites installed"; - # 2. Fetch canonical IMG_TAG (trim newline) ───────────────── - IMG_TAG=$(gcloud secrets versions access latest \ - --secret=IMG_TAG --project=aptivaai-dev | tr -d '\n') - echo "📦 IMG_TAG=${IMG_TAG}" + IMG_TAG=$(gcloud secrets versions access latest --secret=IMG_TAG --project=aptivaai-dev | tr -d '\n'); + echo "📦 IMG_TAG=${IMG_TAG}"; - # 3. SSH to staging and redeploy ──────────────────────────── - ssh -o StrictHostKeyChecking=yes \ - -i ~/.ssh/id_ed25519 \ - jcoakley@10.128.0.12 \ - "set -euo pipefail; \ - export IMG_TAG=${IMG_TAG}; \ - cd /home/jcoakley/aptiva-staging-app; \ - echo 'Pulling containers for tag ${IMG_TAG}'; \ - docker compose pull; \ - echo 'Re‑creating services'; \ - docker compose up -d --force-recreate --remove-orphans; \ - echo '✅ Staging stack refreshed with tag ${IMG_TAG}'" - -secrets: [ STAGING_SSH_KEY, STAGING_KNOWN_HOSTS ] -when: - event: - - push + ssh -o StrictHostKeyChecking=yes -i ~/.ssh/id_ed25519 jcoakley@10.128.0.12 \ + "set -euo pipefail; \ + export IMG_TAG=${IMG_TAG}; \ + cd /home/jcoakley/aptiva-staging-app; \ + echo 'Pulling containers for tag ${IMG_TAG}'; \ + docker compose pull; \ + echo 'Re-creating services'; \ + docker compose up -d --force-recreate --remove-orphans; \ + echo '✅ Staging stack refreshed with tag ${IMG_TAG}'" + secrets: + - STAGING_SSH_KEY + - STAGING_KNOWN_HOSTS + when: + event: + - push