# .woodpecker.yml  ── dev1 ➜ staging
kind: pipeline
type: docker
name: build-and-deploy

workspace:
  base: /woodpecker
  path: src

clone:
  depth: 50

############################################################
# 1. Build & push the images
############################################################
steps:
- name: build-and-push
  image: docker:24.0.9-dind
  privileged: true
  volumes:
  - name: docker-sock
    path: /var/run/docker.sock
  settings:
    registry: us-central1-docker.pkg.dev
    username: _json_key
    password:
      from_secret: GCP_SA_JSON
  commands:
  - |
    set -e
    REG=us-central1-docker.pkg.dev/aptivaai-dev/aptiva-repo
    TAG=${CI_COMMIT_SHA::8}
    docker buildx create --use --name woodpecker || true
    for svc in server1 server2 server3 nginx ; do
      docker buildx build \
        --file Dockerfile.${svc} \
        --tag ${REG}/${svc}:${TAG} \
        --push .
    done
  when:
    event:
      - push
      - manual
    branch:
      - master

############################################################
# 2. Rolling update on staging
############################################################
- name: deploy-staging
  image: appleboy/drone-ssh
  settings:
    host: 10.128.0.12            # internal IP of staging VM
    port: 22
    username: jcoakley
    key:
      from_secret: STAGING_SSH_KEY
    known_hosts:
      from_secret: STAGING_KNOWN_HOSTS
    script:
      - cd /opt/aptiva-staging-app
      - ./refresh_secrets.sh
      - IMG_TAG=${CI_COMMIT_SHA::8} docker compose pull
      - IMG_TAG=${CI_COMMIT_SHA::8} docker compose up -d --remove-orphans
  when:
    event:
      - push
      - manual
    branch:
      - master