diff --git a/.woodpecker.yml b/.woodpecker.yml index 34f4ba9..7dd3c4b 100644 --- a/.woodpecker.yml +++ b/.woodpecker.yml @@ -23,19 +23,11 @@ steps: - name: docker-sock path: /var/run/docker.sock commands: - - | - set -eu - REG=us-central1-docker.pkg.dev/aptivaai-dev/aptiva-repo - TAG=$(echo "$CI_COMMIT_SHA" | head -c 8) - - docker buildx create --use --name woodpecker || true - - for svc in server1 server2 server3 nginx; do - docker buildx build \ - -f Dockerfile.${svc} \ - -t ${REG}/${svc}:${TAG} \ - --push . - done + - set -eu + - REG=us-central1-docker.pkg.dev/aptivaai-dev/aptiva-repo + - TAG=$(echo "$CI_COMMIT_SHA" | head -c 8) + - docker buildx create --use --name woodpecker || true + - for svc in server1 server2 server3 nginx; do docker buildx build -f Dockerfile.${svc} -t ${REG}/${svc}:${TAG} --push .; done when: event: [push, manual] branch: [master] @@ -51,64 +43,23 @@ steps: known_hosts: from_secret: STAGING_KNOWN_HOSTS script: - - | - set -euo pipefail - - ENV=dev - PROJECT=aptivaai-dev - ROOT=/opt/aptiva-staging-app - REG=us-central1-docker.pkg.dev/${PROJECT}/aptiva-repo - TAG=$(echo "$CI_COMMIT_SHA" | head -c 8) - - cd "$ROOT" - export IMG_TAG="$TAG" - - SECRETS=( - JWT_SECRET - OPENAI_API_KEY - ONET_USERNAME - ONET_PASSWORD - STRIPE_SECRET_KEY - STRIPE_PUBLISHABLE_KEY - STRIPE_WH_SECRET - STRIPE_PRICE_PREMIUM_MONTH - STRIPE_PRICE_PREMIUM_YEAR - STRIPE_PRICE_PRO_MONTH - STRIPE_PRICE_PRO_YEAR - DB_HOST - DB_PORT - DB_USER - DB_PASSWORD - TWILIO_ACCOUNT_SID - TWILIO_AUTH_TOKEN - TWILIO_MESSAGING_SERVICE_SID - ) - - echo "🔐 Pulling secrets from Secret Manager" - for S in "${SECRETS[@]}"; do - export "$S"="$(gcloud secrets versions access latest --secret="${S}_${ENV}" --project="${PROJECT}")" - done - - - - export FROM_SECRETS_MANAGER=true - - preserve_vars=( - IMG_TAG - FROM_SECRETS_MANAGER - $(IFS=,; echo "${SECRETS[*]}") - ) - preserve=$(IFS=,; echo "${preserve_vars[*]}") - - echo "🚀 Deploying with preserved env: $preserve" - - sudo --preserve-env="$preserve" \ - docker compose pull - - sudo --preserve-env="$preserve" \ - docker compose up -d \ - --force-recreate \ - --remove-orphans + - set -euo pipefail + - ENV=dev + - PROJECT=aptivaai-dev + - ROOT=/opt/aptiva-staging-app + - REG=us-central1-docker.pkg.dev/${PROJECT}/aptiva-repo + - TAG=$(echo "$CI_COMMIT_SHA" | head -c 8) + - cd "$ROOT" + - export IMG_TAG="$TAG" + - SECRETS=(JWT_SECRET OPENAI_API_KEY ONET_USERNAME ONET_PASSWORD STRIPE_SECRET_KEY STRIPE_PUBLISHABLE_KEY STRIPE_WH_SECRET STRIPE_PRICE_PREMIUM_MONTH STRIPE_PRICE_PREMIUM_YEAR STRIPE_PRICE_PRO_MONTH STRIPE_PRICE_PRO_YEAR DB_HOST DB_PORT DB_USER DB_PASSWORD TWILIO_ACCOUNT_SID TWILIO_AUTH_TOKEN TWILIO_MESSAGING_SERVICE_SID) + - echo "🔐 Pulling secrets from Secret Manager" + - for S in "${SECRETS[@]}"; do export "$S"="$(gcloud secrets versions access latest --secret="${S}_${ENV}" --project="${PROJECT}")"; done + - export FROM_SECRETS_MANAGER=true + - preserve_vars=(IMG_TAG FROM_SECRETS_MANAGER $(IFS=,; echo "${SECRETS[*]}")) + - preserve=$(IFS=,; echo "${preserve_vars[*]}") + - echo "🚀 Deploying with preserved env: $preserve" + - sudo --preserve-env="$preserve" docker compose pull + - sudo --preserve-env="$preserve" docker compose up -d --force-recreate --remove-orphans when: event: [push, manual] branch: [master]