From 177edea37dd116d0cd519c8f78d937ab2a37cbb5 Mon Sep 17 00:00:00 2001
From: Josh <jcoakley@aptivaai.com>
Date: Thu, 31 Jul 2025 14:59:41 +0000
Subject: [PATCH] pipeline build v18 - GPT syntax

---
 .woodpecker.yml | 71 +++++++++++++++++++++++--------------------------
 1 file changed, 33 insertions(+), 38 deletions(-)

diff --git a/.woodpecker.yml b/.woodpecker.yml
index 927f66c..a2430fb 100644
--- a/.woodpecker.yml
+++ b/.woodpecker.yml
@@ -1,44 +1,39 @@
 steps:
-  ssh-test:
+  ssh-test:                     # keep the name, keep the image
     image: google/cloud-sdk:latest
-    commands: |
-      #!/usr/bin/env bash
-      set -euo pipefail
-
-      mkdir -p ~/.ssh
-
-      # ── Fetch & install secrets from Secret Manager ─────────────
-      gcloud secrets versions access latest \
-        --secret=STAGING_KNOWN_HOSTS --project=aptivaai-dev | base64 -d > ~/.ssh/known_hosts
-      chmod 644 ~/.ssh/known_hosts
-
-      gcloud secrets versions access latest \
-        --secret=STAGING_SSH_KEY --project=aptivaai-dev | base64 -d > ~/.ssh/id_ed25519
-      chmod 600 ~/.ssh/id_ed25519
-
-      echo "🔑  SSH material ready"
-
-      # ── Tag comes from the commit that triggered Woodpecker ─────
-      TAG=$(echo "$CI_COMMIT_SHA" | head -c 8)
-      echo "🚀  Deploying tag ${TAG} to staging"
-
-      # ── SSH into the staging VM and re‑create the stack ─────────
-      ssh -o StrictHostKeyChecking=yes \
-          -i ~/.ssh/id_ed25519 \
-          jcoakley@10.128.0.12 <<EOF
+    commands:
+      - |
         #!/usr/bin/env bash
         set -euo pipefail
-        cd /opt/aptiva-staging-app
-        echo "Pulling containers with IMG_TAG=${TAG}"
-        IMG_TAG=${TAG} docker compose pull
-        echo "Recreating services"
-        IMG_TAG=${TAG} docker compose up -d --force-recreate --remove-orphans
-        echo "✅  Staging stack refreshed"
-      EOF
 
-environment:
-  - CI_COMMIT_SHA
+        mkdir -p ~/.ssh
 
-when:
-  event:
-    - push
+        # ── Install known‑hosts from Secret Manager ─────────────────
+        gcloud secrets versions access latest \
+          --secret=STAGING_KNOWN_HOSTS --project=aptivaai-dev \
+          | base64 -d > ~/.ssh/known_hosts
+        chmod 644 ~/.ssh/known_hosts
+
+        # ── Install private key ────────────────────────────────────
+        gcloud secrets versions access latest \
+          --secret=STAGING_SSH_KEY --project=aptivaai-dev \
+          | base64 -d > ~/.ssh/id_ed25519
+        chmod 600 ~/.ssh/id_ed25519
+
+        echo "🔑  SSH prerequisites installed"
+
+        # ── Tag = first 8 chars of the commit SHA that triggered CI ─
+        TAG=$(echo "${CI_COMMIT_SHA:-$DRONE_COMMIT_SHA}" | head -c 8)
+        echo "🚀  Deploying tag ${TAG} to staging"
+
+        # ── SSH into the staging VM and refresh the stack ──────────
+        ssh -o StrictHostKeyChecking=yes \
+            -i ~/.ssh/id_ed25519 \
+            jcoakley@10.128.0.12 \
+            "set -euo pipefail; \
+             cd /opt/aptiva-staging-app; \
+             echo 'Pulling containers'; \
+             IMG_TAG=${TAG} docker compose pull; \
+             echo 'Re‑creating services'; \
+             IMG_TAG=${TAG} docker compose up -d --force-recreate --remove-orphans; \
+             echo '✅  Staging stack refreshed with tag ${TAG}'"