From 3b7d64638ed2e3ab5aca3bcb541924f03634cf27 Mon Sep 17 00:00:00 2001
From: Josh <jcoakley@aptivaai.com>
Date: Fri, 12 Sep 2025 15:49:42 +0000
Subject: [PATCH] Just pushing instead of copying

---
 .woodpecker.yml | 41 +++++++++++++++++++++++++++--------------
 1 file changed, 27 insertions(+), 14 deletions(-)

diff --git a/.woodpecker.yml b/.woodpecker.yml
index 25c0304..42e899d 100644
--- a/.woodpecker.yml
+++ b/.woodpecker.yml
@@ -11,31 +11,44 @@ steps:
       - -lc
       - |
         set -euo pipefail
-        if [ "${PROMOTE:-}" != "prod" ]; then echo "⏭  Skipping (PROMOTE=$PROMOTE)"; exit 0; fi
+        if [ "${PROMOTE:-}" != "prod" ]; then echo "⏭ Skipping (PROMOTE=$PROMOTE)"; exit 0; fi
 
-        # Dev is the single source of truth for IMG_TAG
         IMG_TAG="$(gcloud secrets versions access latest --secret=IMG_TAG --project=aptivaai-dev)"
         SRC="us-central1-docker.pkg.dev/aptivaai-dev/aptiva-repo"
         DST="us-central1-docker.pkg.dev/aptivaai-prod/aptiva-repo"
+        [ -n "$IMG_TAG" ] || { echo "❌ IMG_TAG empty"; exit 2; }
 
-        [ -n "$IMG_TAG" ] || { echo "❌ IMG_TAG is empty"; exit 2; }
-
-        apt-get update -qq
-        apt-get install -y -qq skopeo
+        apt-get update -qq && apt-get install -y -qq skopeo
         TOKEN="$(gcloud auth print-access-token)"
 
+        # check which images are missing in PROD
+        missing=()
         for s in server1 server2 server3 nginx; do
-          SRC_REF="docker://$SRC/$s:$IMG_TAG"
-          DST_REF="docker://$DST/$s:$IMG_TAG"
-          echo "🔁 copy  $SRC_REF  →  $DST_REF"
-          skopeo copy --insecure-policy \
-            --src-creds  "oauth2accesstoken:$TOKEN" \
-            --dest-creds "oauth2accesstoken:$TOKEN" \
-            "$SRC_REF" "$DST_REF"
+          REF="docker://$DST/$s:$IMG_TAG"
+          if ! skopeo inspect --creds "oauth2accesstoken:$TOKEN" "$REF" >/dev/null 2>&1; then
+            missing+=("$s")
+          fi
         done
 
+        if [ ${#missing[@]} -eq 0 ]; then
+          echo "✅ All images already present in PROD for :$IMG_TAG — skipping mirror"
+        else
+          echo "🔁 Mirroring ${missing[*]} to PROD…"
+          for s in "${missing[@]}"; do
+            SRC_REF="docker://$SRC/$s:$IMG_TAG"
+            DST_REF="docker://$DST/$s:$IMG_TAG"
+            echo "copy  $SRC_REF → $DST_REF"
+            skopeo copy --insecure-policy \
+              --src-creds  "oauth2accesstoken:$TOKEN" \
+              --dest-creds "oauth2accesstoken:$TOKEN" \
+              "$SRC_REF" "$DST_REF"
+          done
+        fi
+
+        # publish tag to prod SM regardless
         printf '%s' "$IMG_TAG" | gcloud secrets versions add IMG_TAG --data-file=- --project=aptivaai-prod >/dev/null
-        echo "🏷  Promoted IMG_TAG=$IMG_TAG → aptivaai-prod"
+        echo "🏷 promoted IMG_TAG=$IMG_TAG"
+
 
   - name: verify-sync
     depends_on: [promote-tag-and-mirror]