pipline build v22 - fixed TAG injection for SSH

2025-07-31 15:13:00 +00:00 · 2025-07-31 15:13:00 +00:00 · fc1610de05
commit fc1610de05
parent 24320472b1
1 changed files with 25 additions and 8 deletions
--- a/.woodpecker.yml
+++ b/.woodpecker.yml
@ -9,11 +9,13 @@ steps:

        mkdir -p ~/.ssh

+        # ── Install known-hosts from Secret Manager ────────────────
        gcloud secrets versions access latest \
          --secret=STAGING_KNOWN_HOSTS --project=aptivaai-dev \
          | base64 -d > ~/.ssh/known_hosts
        chmod 644 ~/.ssh/known_hosts

+        # ── Install private key ───────────────────────────────────
        gcloud secrets versions access latest \
          --secret=STAGING_SSH_KEY --project=aptivaai-dev \
          | base64 -d > ~/.ssh/id_ed25519
@ -21,16 +23,31 @@ steps:

        echo "🔑 SSH prerequisites installed"

-        TAG=$(echo "${CI_COMMIT_SHA:-$DRONE_COMMIT_SHA}" | head -c 8)
+        # ── Resolve tag from commit SHA ───────────────────────────
+        TAG=$(echo "${CI_COMMIT_SHA:-$CI_COMMIT:-$DRONE_COMMIT_SHA}" | head -c 8)
+        if [ -z "$TAG" ]; then
+          echo "❌ No valid commit SHA found. Aborting."
+          exit 1
+        fi
        echo "🚀 Deploying tag ${TAG} to staging"

+        # ── SSH into staging and refresh stack ─────────────────────
        ssh -o StrictHostKeyChecking=yes \
            -i ~/.ssh/id_ed25519 \
            jcoakley@10.128.0.12 \
-            "set -euo pipefail; \
-             cd /home/jcoakley/aptiva-staging-app
-             echo 'Pulling containers'; \
-             IMG_TAG=${TAG} docker compose pull; \
-             echo 'Re‑creating services'; \
-             IMG_TAG=${TAG} docker compose up -d --force-recreate --remove-orphans; \
-             echo '✅ Staging stack refreshed with tag ${TAG}'"
+            "export IMG_TAG=${TAG}; \
+             cd /home/jcoakley/aptiva-staging-app; \
+             echo 'Pulling containers with IMG_TAG=${IMG_TAG}'; \
+             docker compose pull; \
+             echo 'Recreating services'; \
+             docker compose up -d --force-recreate --remove-orphans; \
+             echo '✅ Staging stack refreshed with tag ${IMG_TAG}'"
+
+environment:
+  - CI_COMMIT_SHA
+  - CI_COMMIT
+  - DRONE_COMMIT_SHA
+
+when:
+  event:
+    - push