From d63cb81c859b53486c9b85e4f21e649f43ab4d32 Mon Sep 17 00:00:00 2001
From: Josh <jcoakley@aptivaai.com>
Date: Thu, 31 Jul 2025 13:50:16 +0000
Subject: [PATCH] build pipeline v1

---
 .woodpecker.yml | 22 +++++++++++++---------
 1 file changed, 13 insertions(+), 9 deletions(-)

diff --git a/.woodpecker.yml b/.woodpecker.yml
index 8cace5d..59a03d4 100644
--- a/.woodpecker.yml
+++ b/.woodpecker.yml
@@ -6,14 +6,18 @@ steps:
       - |
         set -eu
         mkdir -p ~/.ssh
-        gcloud secrets versions access latest --secret="KNOWN_HOSTS_B64" --project="aptivaai-dev" | base64 -d > ~/.ssh/known_hosts
+
+        # 🔐 Pull and decode known_hosts (raw in Secret Manager)
+        gcloud secrets versions access latest \
+          --secret="STAGING_KNOWN_HOSTS" \
+          --project="aptivaai-dev" | base64 -d > ~/.ssh/known_hosts
         chmod 644 ~/.ssh/known_hosts
-        gcloud secrets versions access latest --secret="STAGING_SSH_KEY_B64" --project="aptivaai-dev" | base64 -d > ~/.ssh/id_ed25519
+
+        # 🔐 Pull and decode SSH key (also raw in Secret Manager)
+        gcloud secrets versions access latest \
+          --secret="STAGING_SSH_KEY" \
+          --project="aptivaai-dev" | base64 -d > ~/.ssh/id_ed25519
         chmod 600 ~/.ssh/id_ed25519
-        ssh -i ~/.ssh/id_ed25519 -o StrictHostKeyChecking=yes jcoakley@10.128.0.12 <<EOF
-          set -eu
-          cd /opt/aptiva-staging-app
-          IMG_TAG=$(echo "$CI_COMMIT_SHA" | head -c 8)
-          IMG_TAG=$IMG_TAG docker compose pull
-          IMG_TAG=$IMG_TAG docker compose up -d --force-recreate --remove-orphans
-        EOF
+
+        # ✅ Sanity check: SSH handshake only
+        ssh -i ~/.ssh/id_ed25519 -o StrictHostKeyChecking=yes jcoakley@10.128.0.12 hostname