jcoakley/dev1
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

pipeline secrets injection test v4

Browse Source
This commit is contained in:
Josh 2025-07-31 13:15:41 +00:00
parent b702242302
commit 1e2dcd5f7c
1 changed files with 10 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
.woodpecker.yml
View File

@ -21,22 +21,23 @@ steps:
event: [push, manual] event: [push, manual]
branch: [master] branch: [master]
# ── 2. Deploy to staging ──────────────────────────────── # ── 2. Deploy to staging (GCP Secret Manager Injection) ──
- name: deploy-staging - name: deploy-staging
image: alpine:latest image: gcr.io/google.com/cloudsdktool/cloud-sdk:latest
environment:
STAGING_SSH_KEY_B64: <base64-encoded-key>
STAGING_KNOWN_HOSTS_B64: <base64-encoded-known-hosts>
commands: commands:
- | - |
set -eu set -eu
apk add --no-cache openssh bash
mkdir -p ~/.ssh mkdir -p ~/.ssh
echo "$STAGING_KNOWN_HOSTS_B64" | base64 -d > ~/.ssh/known_hosts
echo "$STAGING_SSH_KEY_B64" | base64 -d > ~/.ssh/id_ed25519 # ⛓️ Pull and decode known_hosts
gcloud secrets versions access latest --secret="KNOWN_HOSTS_B64" --project="aptivaai-dev" | base64 -d > ~/.ssh/known_hosts
chmod 644 ~/.ssh/known_hosts
# 🔑 Pull and decode SSH key
gcloud secrets versions access latest --secret="STAGING_SSH_KEY_B64" --project="aptivaai-dev" | base64 -d > ~/.ssh/id_ed25519
chmod 600 ~/.ssh/id_ed25519 chmod 600 ~/.ssh/id_ed25519
# 🚀 Execute remote deploy
TAG=$(echo "$CI_COMMIT_SHA" | head -c 8) TAG=$(echo "$CI_COMMIT_SHA" | head -c 8)
ssh -i ~/.ssh/id_ed25519 -o StrictHostKeyChecking=yes jcoakley@10.128.0.12 <<EOF ssh -i ~/.ssh/id_ed25519 -o StrictHostKeyChecking=yes jcoakley@10.128.0.12 <<EOF
cd /opt/aptiva-staging-app cd /opt/aptiva-staging-app