kind: pipeline
type: docker
name: build-and-deploy

workspace:
  base: /woodpecker
  path: src

clone:
  depth: 50

steps:
# ─── build & push ──────────────────────────────────────────
- name: build-and-push
  image: docker:24.0-cli          # only the CLI, we re‑use host docker
  privileged: true
  volumes:
  - name: docker-sock             # mount declared at bottom
    path: /var/run/docker.sock
  commands:
  - |
    set -e
    REG=us-central1-docker.pkg.dev/aptivaai-dev/aptiva-repo
    TAG=$(echo "$CI_COMMIT_SHA" | head -c 8)
    docker buildx create --use --name woodpecker || true
    for svc in server1 server2 server3 nginx ; do
      docker buildx build -f Dockerfile.${svc} \
        -t ${REG}/${svc}:${TAG} --push .
    done
  when:
    event:  [push, manual]
    branch: [master]

# ─── deploy staging ────────────────────────────────────────
- name: deploy-staging
  image: appleboy/drone-ssh
  settings:
    host: 10.128.0.12
    port: 22
    username: jcoakley
    key:
      from_secret: STAGING_SSH_KEY
    known_hosts:
      from_secret: STAGING_KNOWN_HOSTS
    script:
    - cd /opt/aptiva-staging-app
    - ./refresh_secrets.sh
    - TAG=$(echo "$CI_COMMIT_SHA" | head -c 8)
    - IMG_TAG=$TAG docker compose pull
    - IMG_TAG=$TAG docker compose up -d --remove-orphans
  when:
    event:  [push, manual]
    branch: [master]

# ─── global volume declaration (list **not** indented) ─────
volumes:
- name: docker-sock
  host:
    path: /var/run/docker.sock