ci: replace Coolify webhook with orca build+push+deploy pipeline

Mirror the pitch-deck pattern: each service builds its Docker image, pushes to registry.meghsakha.com/breakpilot/compliance-*, then triggers orca redeploy via HMAC-signed webhook. Requires secrets: REGISTRY_USERNAME, REGISTRY_PASSWORD, ORCA_WEBHOOK_SECRET Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-17 09:11:08 +02:00
parent 90d14eb546
commit c34f8528a7
2 changed files with 223 additions and 22 deletions
--- a/.gitea/workflows/ci.yaml
+++ b/.gitea/workflows/ci.yaml
@@ -185,25 +185,5 @@ jobs:
        run: |
          python scripts/validate-controls.py

-  # ========================================
-  # Deploy via Coolify (nur main, kein PR)
-  # ========================================
-
-  deploy-coolify:
-    name: Deploy
-    runs-on: docker
-    if: github.event_name == 'push' && github.ref == 'refs/heads/main'
-    needs:
-      - test-go-ai-compliance
-      - test-python-backend-compliance
-      - test-python-document-crawler
-      - test-python-dsms-gateway
-      - validate-canonical-controls
-    container:
-      image: alpine:latest
-    steps:
-      - name: Trigger Coolify deploy
-        run: |
-          apk add --no-cache curl
-          curl -sf "${{ secrets.COOLIFY_WEBHOOK }}" \
-            -H "Authorization: Bearer ${{ secrets.COOLIFY_TOKEN }}"
+  # Deploy is handled by .gitea/workflows/build-push-deploy.yml
+  # which builds images, pushes to registry.meghsakha.com, and triggers orca.