pipeline secrets injection test v5

2025-07-31 13:16:25 +00:00 · 2025-07-31 13:16:25 +00:00 · 3bdcbf4bf4
commit 3bdcbf4bf4
parent 1e2dcd5f7c
1 changed files with 10 additions and 44 deletions
--- a/.woodpecker.yml
+++ b/.woodpecker.yml
@ -1,54 +1,20 @@
 steps:
-# ── 1. Build & push images ──────────────────────────────
- name: build-and-push
-  image: docker:24.0-cli
-  privileged: true
-  volumes:
-    - name: docker-sock
-      path: /var/run/docker.sock
-  environment:
-    REG: us-central1-docker.pkg.dev/aptivaai-dev/aptiva-repo
-  commands:
-    - |
-      set -eu
-      TAG=$(echo "$CI_COMMIT_SHA" | head -c 8)
-      docker buildx create --use --name woodpecker || true
-      for svc in server1 server2 server3 nginx; do
-        docker buildx build -f Dockerfile.${svc} \
-          -t ${REG}/${svc}:${TAG} --push .
-      done
-  when:
-    event: [push, manual]
-    branch: [master]
-
-# ── 2. Deploy to staging (GCP Secret Manager Injection) ──
- name: deploy-staging
+- name: test-injection
  image: gcr.io/google.com/cloudsdktool/cloud-sdk:latest
  commands:
    - |
      set -eu
      mkdir -p ~/.ssh

-      # ⛓️ Pull and decode known_hosts
-      gcloud secrets versions access latest --secret="KNOWN_HOSTS_B64" --project="aptivaai-dev" | base64 -d > ~/.ssh/known_hosts
-      chmod 644 ~/.ssh/known_hosts
-
-      # 🔑 Pull and decode SSH key
-      gcloud secrets versions access latest --secret="STAGING_SSH_KEY_B64" --project="aptivaai-dev" | base64 -d > ~/.ssh/id_ed25519
+      # 🔐 Pull and decode SSH key
+      gcloud secrets versions access latest --secret="STAGING_SSH_KEY_B64" --project="aptivaai-dev" \
+        | base64 -d > ~/.ssh/id_ed25519
      chmod 600 ~/.ssh/id_ed25519

-      # 🚀 Execute remote deploy
-      TAG=$(echo "$CI_COMMIT_SHA" | head -c 8)
-      ssh -i ~/.ssh/id_ed25519 -o StrictHostKeyChecking=yes jcoakley@10.128.0.12 <<EOF
-        cd /opt/aptiva-staging-app
-        IMG_TAG=$TAG docker compose pull
-        IMG_TAG=$TAG docker compose up -d --force-recreate --remove-orphans
-      EOF
-  when:
-    event: [push, manual]
-    branch: [master]
+      # 🔐 Pull and decode known_hosts
+      gcloud secrets versions access latest --secret="KNOWN_HOSTS_B64" --project="aptivaai-dev" \
+        | base64 -d > ~/.ssh/known_hosts
+      chmod 644 ~/.ssh/known_hosts

-volumes:
-  - name: docker-sock
-    host:
-      path: /var/run/docker.sock
+      # ✅ Confirm successful decode
+      echo "Secrets pulled and decoded successfully."