diff --git a/.woodpecker.yml b/.woodpecker.yml index 9cf52e2..0dee6f0 100644 --- a/.woodpecker.yml +++ b/.woodpecker.yml @@ -9,11 +9,13 @@ steps: mkdir -p ~/.ssh + # ── Install known-hosts from Secret Manager ──────────────── gcloud secrets versions access latest \ --secret=STAGING_KNOWN_HOSTS --project=aptivaai-dev \ | base64 -d > ~/.ssh/known_hosts chmod 644 ~/.ssh/known_hosts + # ── Install private key ─────────────────────────────────── gcloud secrets versions access latest \ --secret=STAGING_SSH_KEY --project=aptivaai-dev \ | base64 -d > ~/.ssh/id_ed25519 @@ -21,16 +23,31 @@ steps: echo "🔑 SSH prerequisites installed" - TAG=$(echo "${CI_COMMIT_SHA:-$DRONE_COMMIT_SHA}" | head -c 8) + # ── Resolve tag from commit SHA ─────────────────────────── + TAG=$(echo "${CI_COMMIT_SHA:-$CI_COMMIT:-$DRONE_COMMIT_SHA}" | head -c 8) + if [ -z "$TAG" ]; then + echo "❌ No valid commit SHA found. Aborting." + exit 1 + fi echo "🚀 Deploying tag ${TAG} to staging" + # ── SSH into staging and refresh stack ───────────────────── ssh -o StrictHostKeyChecking=yes \ -i ~/.ssh/id_ed25519 \ jcoakley@10.128.0.12 \ - "set -euo pipefail; \ - cd /home/jcoakley/aptiva-staging-app - echo 'Pulling containers'; \ - IMG_TAG=${TAG} docker compose pull; \ - echo 'Re‑creating services'; \ - IMG_TAG=${TAG} docker compose up -d --force-recreate --remove-orphans; \ - echo '✅ Staging stack refreshed with tag ${TAG}'" + "export IMG_TAG=${TAG}; \ + cd /home/jcoakley/aptiva-staging-app; \ + echo 'Pulling containers with IMG_TAG=${IMG_TAG}'; \ + docker compose pull; \ + echo 'Recreating services'; \ + docker compose up -d --force-recreate --remove-orphans; \ + echo '✅ Staging stack refreshed with tag ${IMG_TAG}'" + +environment: + - CI_COMMIT_SHA + - CI_COMMIT + - DRONE_COMMIT_SHA + +when: + event: + - push