diff --git a/.woodpecker.yml b/.woodpecker.yml index 2b3deb2..52f1fe7 100644 --- a/.woodpecker.yml +++ b/.woodpecker.yml @@ -1,30 +1,37 @@ steps: - push-to-staging: + ssh-test: # name unchanged image: google/cloud-sdk:latest commands: - | - #!/bin/bash - set -eu + #!/usr/bin/env bash + set -euo pipefail + mkdir -p ~/.ssh - # Inject known hosts - gcloud secrets versions access latest --secret=STAGING_KNOWN_HOSTS --project=aptivaai-dev | base64 -d > ~/.ssh/known_hosts + # ── Fetch & install secrets from Secret Manager ───────────── + gcloud secrets versions access latest \ + --secret=STAGING_KNOWN_HOSTS --project=aptivaai-dev | base64 -d > ~/.ssh/known_hosts chmod 644 ~/.ssh/known_hosts - # Inject SSH key - gcloud secrets versions access latest --secret=STAGING_SSH_KEY --project=aptivaai-dev | base64 -d > ~/.ssh/id_ed25519 + gcloud secrets versions access latest \ + --secret=STAGING_SSH_KEY --project=aptivaai-dev | base64 -d > ~/.ssh/id_ed25519 chmod 600 ~/.ssh/id_ed25519 - # Confirm working tree location - SRC_DIR="$PWD/repo" # Assuming you cloned to ./repo - DEST_DIR="/home/jcoakley/dev1" # Confirm if this is correct on staging + echo "🔑 SSH material ready" - # Clone dev1 repo - git config --global user.name "Woodpecker CI" - git config --global user.email "ci@aptivaai.com" - git clone https://jcoakley:f4bf7ac91bdbd16bf47d241860198ba0bbe4b5c6@gitea.dev1.aptivaai.com/jcoakley/dev1.git repo + # ── Tag comes from the commit that triggered Woodpecker ───── + TAG=$(echo "$CI_COMMIT_SHA" | head -c 8) + echo "🚀 Deploying tag ${TAG} to staging" - # Rsync to staging VM - rsync -az --delete -e "ssh -i ~/.ssh/id_ed25519 -o StrictHostKeyChecking=yes" \ - --exclude '.git' \ - "$SRC_DIR/" jcoakley@10.128.0.12:"$DEST_DIR" + # ── SSH into the staging VM and re‑create the stack ───────── + ssh -o StrictHostKeyChecking=yes \ + -i ~/.ssh/id_ed25519 \ + jcoakley@10.128.0.12 <