fixed promote-tag-mirror v5

.woodpecker.yml

@@ -11,7 +11,7 @@ steps:
       - -lc
       - |
         set -euo pipefail
-        if [ "${PROMOTE:-}" != "prod" ]; then echo "⏭ Skipping (PROMOTE=$PROMOTE)"; exit 0; fi
+        if [ "${PROMOTE:-}" != "prod" ]; then echo "⏭  Skipping (PROMOTE=$PROMOTE)"; exit 0; fi
 
         IMG_TAG="$(gcloud secrets versions access latest --secret=IMG_TAG --project=aptivaai-dev)"
         SRC="us-central1-docker.pkg.dev/aptivaai-dev/aptiva-repo"
@@ -21,20 +21,20 @@ steps:
         apt-get update -qq && apt-get install -y -qq skopeo
         TOKEN="$(gcloud auth print-access-token)"
 
-        # check which images are missing in PROD
+        # Check which images are already in PROD; no arrays to avoid bad-substitution
-        missing=()
+        MISSING=""
         for s in server1 server2 server3 nginx; do
           REF="docker://$DST/$s:$IMG_TAG"
           if ! skopeo inspect --creds "oauth2accesstoken:$TOKEN" "$REF" >/dev/null 2>&1; then
-            missing+=("$s")
+            MISSING="$MISSING $s"
           fi
         done
 
-        if [ ${#missing[@]} -eq 0 ]; then
+        if [ -z "$MISSING" ]; then
-          echo "✅ All images already present in PROD for :$IMG_TAG — skipping mirror"
+          echo "✅ All images present in PROD for :$IMG_TAG — skipping mirror"
         else
-          echo "🔁 Mirroring ${missing[*]} to PROD…"
+          echo "🔁 Mirroring to PROD: $MISSING"
-          for s in "${missing[@]}"; do
+          for s in $MISSING; do
             SRC_REF="docker://$SRC/$s:$IMG_TAG"
             DST_REF="docker://$DST/$s:$IMG_TAG"
             echo "copy  $SRC_REF → $DST_REF"
@@ -45,11 +45,9 @@ steps:
           done
         fi
 
-        # publish tag to prod SM regardless
         printf '%s' "$IMG_TAG" | gcloud secrets versions add IMG_TAG --data-file=- --project=aptivaai-prod >/dev/null
         echo "🏷 promoted IMG_TAG=$IMG_TAG"
 
-
   - name: verify-sync
     depends_on: [promote-tag-and-mirror]
     image: google/cloud-sdk:latest