From 632cb6eba5c0da2fac63f71d2ac268800f2a93c8 Mon Sep 17 00:00:00 2001
From: Josh <jcoakley@aptivaai.com>
Date: Wed, 30 Jul 2025 19:53:20 +0000
Subject: [PATCH] rewrote woodpecker.yml again

---
 .woodpecker.yml | 63 ++++++++++++++++++++++++-------------------------
 1 file changed, 31 insertions(+), 32 deletions(-)

diff --git a/.woodpecker.yml b/.woodpecker.yml
index 984f060..55ae7ca 100644
--- a/.woodpecker.yml
+++ b/.woodpecker.yml
@@ -1,56 +1,49 @@
-# .woodpecker.yml  ── dev1 ➜ staging
+# .woodpecker.yml   dev1  ➜  aptiva‑staging
 kind: pipeline
 type: docker
 name: build-and-deploy
 
 workspace:
   base: /woodpecker
-  path: src
+  path: src               # repo will be /woodpecker/src
 
 clone:
   depth: 50
 
 ############################################################
-# 1. Build & push the images
+# 1. Build & push the four images to Artifact Registry
 ############################################################
 steps:
 - name: build-and-push
-  image: docker:24.0.9-dind
-  privileged: true
+  image: docker:24.0-cli          # uses host’s Docker socket
+  privileged: true                # required for buildx
   volumes:
-  - name: docker-sock
+  - name: docker-sock             # mount the host socket
     path: /var/run/docker.sock
-  settings:
-    registry: us-central1-docker.pkg.dev
-    username: _json_key
-    password:
-      from_secret: GCP_SA_JSON
-  commands:
-  - |
-    set -e
+  commands: |
+    set -euo pipefail
     REG=us-central1-docker.pkg.dev/aptivaai-dev/aptiva-repo
-    TAG=$${CI_COMMIT_SHA::8}
+    TAG=$(echo "$CI_COMMIT_SHA" | head -c 8)
+
     docker buildx create --use --name woodpecker || true
+
     for svc in server1 server2 server3 nginx ; do
       docker buildx build \
         --file Dockerfile.${svc} \
-        --tag ${REG}/${svc}:${TAG} \
+        --tag  ${REG}/${svc}:${TAG} \
         --push .
     done
   when:
-    event:
-      - push
-      - manual
-    branch:
-      - master
+    event:  [push, manual]
+    branch: [master]
 
 ############################################################
-# 2. Rolling update on staging
+# 2. Rolling update on the *staging* VM
 ############################################################
 - name: deploy-staging
   image: appleboy/drone-ssh
   settings:
-    host: 10.128.0.12            # internal IP of staging VM
+    host: 10.128.0.12              # internal IP of aptiva‑staging
     port: 22
     username: jcoakley
     key:
@@ -58,13 +51,19 @@ steps:
     known_hosts:
       from_secret: STAGING_KNOWN_HOSTS
     script:
-      - cd /opt/aptiva-staging-app
-      - ./refresh_secrets.sh
-      - IMG_TAG=${CI_COMMIT_SHA::8} docker compose pull
-      - IMG_TAG=${CI_COMMIT_SHA::8} docker compose up -d --remove-orphans
+    - cd /opt/aptiva-staging-app
+    - ./refresh_secrets.sh         # pulls latest Secret‑Manager values
+    - TAG=$(echo "$CI_COMMIT_SHA" | head -c 8)
+    - IMG_TAG=$TAG docker compose pull
+    - IMG_TAG=$TAG docker compose up -d --remove-orphans
   when:
-    event:
-      - push
-      - manual
-    branch:
-      - master
+    event:  [push, manual]
+    branch: [master]
+
+############################################################
+# 3. Volumes (declared once, referenced by name)
+############################################################
+volumes:
+- name: docker-sock
+  host:
+    path: /var/run/docker.sock