diff --git a/.woodpecker.yml b/.woodpecker.yml index 42e899d..29c3d4a 100644 --- a/.woodpecker.yml +++ b/.woodpecker.yml @@ -11,7 +11,7 @@ steps: - -lc - | set -euo pipefail - if [ "${PROMOTE:-}" != "prod" ]; then echo "⏭ Skipping (PROMOTE=$PROMOTE)"; exit 0; fi + if [ "${PROMOTE:-}" != "prod" ]; then echo "⏭ Skipping (PROMOTE=$PROMOTE)"; exit 0; fi IMG_TAG="$(gcloud secrets versions access latest --secret=IMG_TAG --project=aptivaai-dev)" SRC="us-central1-docker.pkg.dev/aptivaai-dev/aptiva-repo" @@ -21,20 +21,20 @@ steps: apt-get update -qq && apt-get install -y -qq skopeo TOKEN="$(gcloud auth print-access-token)" - # check which images are missing in PROD - missing=() + # Check which images are already in PROD; no arrays to avoid bad-substitution + MISSING="" for s in server1 server2 server3 nginx; do REF="docker://$DST/$s:$IMG_TAG" if ! skopeo inspect --creds "oauth2accesstoken:$TOKEN" "$REF" >/dev/null 2>&1; then - missing+=("$s") + MISSING="$MISSING $s" fi done - if [ ${#missing[@]} -eq 0 ]; then - echo "✅ All images already present in PROD for :$IMG_TAG — skipping mirror" + if [ -z "$MISSING" ]; then + echo "✅ All images present in PROD for :$IMG_TAG — skipping mirror" else - echo "🔁 Mirroring ${missing[*]} to PROD…" - for s in "${missing[@]}"; do + echo "🔁 Mirroring to PROD: $MISSING" + for s in $MISSING; do SRC_REF="docker://$SRC/$s:$IMG_TAG" DST_REF="docker://$DST/$s:$IMG_TAG" echo "copy $SRC_REF → $DST_REF" @@ -45,11 +45,9 @@ steps: done fi - # publish tag to prod SM regardless printf '%s' "$IMG_TAG" | gcloud secrets versions add IMG_TAG --data-file=- --project=aptivaai-prod >/dev/null echo "🏷 promoted IMG_TAG=$IMG_TAG" - - name: verify-sync depends_on: [promote-tag-and-mirror] image: google/cloud-sdk:latest