jcoakley/dev1
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

pipline build v26 - TAG GCP added, deploy_all.sh updated

Browse Source
This commit is contained in:
Josh 2025-07-31 15:42:36 +00:00
parent 0d6b3c2e5b
commit 5a1817e4f5
2 changed files with 44 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

78
.woodpecker.yml
View File

@ -1,53 +1,45 @@
steps:
ssh-test:
image: google/cloud-sdk:latest
entrypoint:
- bash
- -c
- |
set -euo pipefail
- name: ssh-test
image: google/cloud-sdk:latest
entrypoint:
- bash
- -c
- |
set -euo pipefail
mkdir -p ~/.ssh
mkdir -p ~/.ssh
# ── Inject known-hosts and SSH key ──────────────────────────────
gcloud secrets versions access latest \
--secret=STAGING_KNOWN_HOSTS --project=aptivaai-dev \
| base64 -d > ~/.ssh/known_hosts
chmod 644 ~/.ssh/known_hosts
# ── Inject known-hosts and SSH key ──────────────────────────────
gcloud secrets versions access latest \
--secret=STAGING_KNOWN_HOSTS --project=aptivaai-dev \
| base64 -d > ~/.ssh/known_hosts
chmod 644 ~/.ssh/known_hosts
gcloud secrets versions access latest \
--secret=STAGING_SSH_KEY --project=aptivaai-dev \
| base64 -d > ~/.ssh/id_ed25519
chmod 600 ~/.ssh/id_ed25519
gcloud secrets versions access latest \
--secret=STAGING_SSH_KEY --project=aptivaai-dev \
| base64 -d > ~/.ssh/id_ed25519
chmod 600 ~/.ssh/id_ed25519
echo "🔑 SSH prerequisites installed"
echo "🔑 SSH prerequisites installed"
# ── Grab full commit SHA and slice tag ──────────────────────────
echo "📦 CI_COMMIT_SHA: ${CI_COMMIT_SHA:-unset}"
TAG="${CI_COMMIT_SHA:-}"
if [ -z "$TAG" ]; then
echo "❌ CI_COMMIT_SHA is blank. Aborting."
exit 1
fi
TAG=$(echo "$TAG" | head -c 8)
echo "🚀 Deploying tag ${TAG} to staging"
# ── Fetch IMG_TAG from canonical source ───────────────────────────
IMG_TAG=$(gcloud secrets versions access latest \
--secret=IMG_TAG --project=aptivaai-dev)
echo "📦 IMG_TAG=${IMG_TAG}"
# ── SSH into staging and refresh the stack ──────────────────────
ssh -o StrictHostKeyChecking=yes \
-i ~/.ssh/id_ed25519 \
jcoakley@10.128.0.12 \
"export IMG_TAG=${TAG}; \
cd /home/jcoakley/aptiva-staging-app; \
echo 'IMG_TAG = ${IMG_TAG}'; \
echo '→ Pulling containers'; \
docker compose pull; \
echo '→ Recreating services'; \
docker compose up -d --force-recreate --remove-orphans; \
echo '✅ Staging stack refreshed with tag ${IMG_TAG}'"
environment:
CI_COMMIT_SHA: ${CI_COMMIT_SHA}
# ── SSH into staging and refresh the stack ───────────────────────
ssh -o StrictHostKeyChecking=yes \
-i ~/.ssh/id_ed25519 \
jcoakley@10.128.0.12 \
"export IMG_TAG=${IMG_TAG}; \
cd /home/jcoakley/aptiva-staging-app; \
echo 'IMG_TAG = ${IMG_TAG}'; \
echo '→ Pulling containers'; \
docker compose pull; \
echo '→ Recreating services'; \
docker compose up -d --force-recreate --remove-orphans; \
echo '✅ Staging stack refreshed with tag ${IMG_TAG}'"
secrets: [ gcp-creds ]
when:
event:
- push

10
deploy_all.sh
View File

@ -41,6 +41,15 @@ else
fi
echo "✅ .env updated with IMG_TAG=${TAG}"
# ─────────────────────────────────────────────────────────────
# 1a. Publish IMG_TAG to GCP Secret Manager (canonical source)
# ─────────────────────────────────────────────────────────────
echo "${TAG}" | gcloud secrets versions add IMG_TAG_DEV1 \
--data-file=- \
--project="$PROJECT"
echo "📦 IMG_TAG pushed to Secret Manager as IMG_TAG_DEV1"
# ─────────────────────────────────────────────────────────────
# 2. Export secrets straight from Secret Manager
# (they live only in this shell, never on disk)
@ -61,7 +70,6 @@ export FROM_SECRETS_MANAGER=true
# Preserve only the variables dockercompose needs for expansion
preserve=IMG_TAG,FROM_SECRETS_MANAGER,REACT_APP_API_URL,$(IFS=,; echo "${SECRETS[*]}")
echo "🚀 docker compose up -d (with preserved env: $preserve)"
sudo --preserve-env="$preserve" docker compose up -d --force-recreate 2> >(grep -v 'WARN