dev1/.woodpecker.yml

# .woodpecker.yml  ── runs on the dev1 agent
kind: pipeline
type: docker
name: build-and-deploy

# ────────────────────────────────────────────────
# 1. Clone / workspace (defaults are fine)
# ────────────────────────────────────────────────
clone:
  depth: 50

workspace:
  base: /woodpecker   # host‑path inside the agent
  path: src           # repo will be /woodpecker/src

# ────────────────────────────────────────────────
# 2. Build & push Docker images to Artifact Registry
# ────────────────────────────────────────────────
steps:
- name: build-and-push
  image: gcr.io/google.com/cloudsdktool/cloud-sdk:slim
  privileged: true            # we need Docker‑in‑Docker
  volumes:
  - name: docker-sock
    path: /var/run/docker.sock

  commands:
  # authenticate to GAR using the VM’s metadata‑server token
  - gcloud auth configure-docker us-central1-docker.pkg.dev --quiet

  # buildx (with cross‑stage cache) → push to Artifact Registry
  - |
    REG=us-central1-docker.pkg.dev/aptivaai-dev/aptiva-repo
    TAG=${CI_COMMIT_SHA:-latest}

    docker buildx create --use --name woodpecker || true

    for svc in server1 server2 server3 nginx ; do
      docker buildx build \
        --file Dockerfile.${svc} \
        --tag ${REG}/${svc}:${TAG} \
        --cache-from type=registry,ref=${REG}/${svc}:cache \
        --cache-to   type=registry,ref=${REG}/${svc}:cache,mode=max \
        --push .
    done    

  when:
    event: [push, manual]
    branch: [master]

# ────────────────────────────────────────────────
# 3. Rolling update on the *staging* VM
# ────────────────────────────────────────────────
- name: deploy-staging
  image: appleboy/drone-ssh
  settings:
    host: 10.128.0.12               # **internal** IP of aptiva‑staging
    username: jcoakley
    key:
      from_secret: STAGING_SSH_KEY
    known_hosts:
      from_secret: STAGING_KNOWN_HOSTS
    port: 22
    script:
    - cd /opt/aptiva-staging-app
    - ./refresh_secrets.sh          # refreshes GCP Secret‑Manager env‑vars
    - IMG_TAG=${CI_COMMIT_SHA} docker compose pull
    - IMG_TAG=${CI_COMMIT_SHA} docker compose up -d --remove-orphans

  when:
    event: [push, manual]
    branch: [master]

# ────────────────────────────────────────────────
volumes:
- name: docker-sock
  host:
    path: /var/run/docker.sock