fix: yaml schema

.woodpecker.yml

@@ -1,78 +1,70 @@
-# .woodpecker.yml  ── runs on the dev1 agent
+# .woodpecker.yml  ── dev1 ➜ staging
 kind: pipeline
 type: docker
 name: build-and-deploy
 
-# ────────────────────────────────────────────────
-# 1. Clone / workspace (defaults are fine)
-# ────────────────────────────────────────────────
+workspace:
+  base: /woodpecker
+  path: src
+
 clone:
   depth: 50
 
-workspace:
-  base: /woodpecker   # host‑path inside the agent
-  path: src           # repo will be /woodpecker/src
-
-# ────────────────────────────────────────────────
-# 2. Build & push Docker images to Artifact Registry
-# ────────────────────────────────────────────────
+############################################################
+# 1. Build & push the images
+############################################################
 steps:
 - name: build-and-push
-  image: gcr.io/google.com/cloudsdktool/cloud-sdk:slim
-  privileged: true            # we need Docker‑in‑Docker
+  image: docker:24.0.9-dind
+  privileged: true
   volumes:
   - name: docker-sock
     path: /var/run/docker.sock
-
+  settings:
+    registry: us-central1-docker.pkg.dev
+    username: _json_key
+    password:
+      from_secret: GCP_SA_JSON
   commands:
-  # authenticate to GAR using the VM’s metadata‑server token
-  - gcloud auth configure-docker us-central1-docker.pkg.dev --quiet
-
-  # buildx (with cross‑stage cache) → push to Artifact Registry
   - |
+    set -e
     REG=us-central1-docker.pkg.dev/aptivaai-dev/aptiva-repo
-    TAG=${CI_COMMIT_SHA:-latest}
-
+    TAG=${CI_COMMIT_SHA::8}
     docker buildx create --use --name woodpecker || true
-
     for svc in server1 server2 server3 nginx ; do
       docker buildx build \
         --file Dockerfile.${svc} \
         --tag ${REG}/${svc}:${TAG} \
-        --cache-from type=registry,ref=${REG}/${svc}:cache \
-        --cache-to   type=registry,ref=${REG}/${svc}:cache,mode=max \
         --push .
     done
-
   when:
-    event: [push, manual]
-    branch: [master]
+    event:
+      - push
+      - manual
+    branch:
+      - master
 
-# ────────────────────────────────────────────────
-# 3. Rolling update on the *staging* VM
-# ────────────────────────────────────────────────
+############################################################
+# 2. Rolling update on staging
+############################################################
 - name: deploy-staging
   image: appleboy/drone-ssh
   settings:
-    host: 10.128.0.12               # **internal** IP of aptiva‑staging
+    host: 10.128.0.12            # internal IP of staging VM
+    port: 22
     username: jcoakley
     key:
       from_secret: STAGING_SSH_KEY
     known_hosts:
       from_secret: STAGING_KNOWN_HOSTS
-    port: 22
     script:
-    - cd /opt/aptiva-staging-app
-    - ./refresh_secrets.sh          # refreshes GCP Secret‑Manager env‑vars
-    - IMG_TAG=${CI_COMMIT_SHA} docker compose pull
-    - IMG_TAG=${CI_COMMIT_SHA} docker compose up -d --remove-orphans
-
+      - cd /opt/aptiva-staging-app
+      - ./refresh_secrets.sh
+      - IMG_TAG=${CI_COMMIT_SHA::8} docker compose pull
+      - IMG_TAG=${CI_COMMIT_SHA::8} docker compose up -d --remove-orphans
   when:
-    event: [push, manual]
-    branch: [master]
-
-# ────────────────────────────────────────────────
-volumes:
-- name: docker-sock
-  host:
-    path: /var/run/docker.sock
+    event:
+      - push
+      - manual
+    branch:
+      - master