# Build + push compliance service images to registry.meghsakha.com # and trigger orca redeploy on every push to main that touches a service. # # Requires Gitea Actions secrets: # REGISTRY_USERNAME / REGISTRY_PASSWORD — registry.meghsakha.com credentials # ORCA_WEBHOOK_SECRET — must match webhooks.json on orca master name: Build + Deploy on: push: branches: [main] paths: - 'admin-compliance/**' - 'backend-compliance/**' - 'ai-compliance-sdk/**' - 'developer-portal/**' - 'compliance-tts-service/**' - 'document-crawler/**' - 'dsms-gateway/**' - 'dsms-node/**' jobs: # ── per-service builds run in parallel ──────────────────────────────────── build-admin-compliance: runs-on: docker container: docker:27-cli steps: - name: Checkout run: | apk add --no-cache git git clone --depth 1 --branch ${GITHUB_REF_NAME} ${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}.git . - name: Login env: REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }} REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }} run: echo "$REGISTRY_PASSWORD" | docker login registry.meghsakha.com -u "$REGISTRY_USERNAME" --password-stdin - name: Build + push run: | SHORT_SHA=$(git rev-parse --short HEAD) docker build \ -t registry.meghsakha.com/breakpilot/compliance-admin:latest \ -t registry.meghsakha.com/breakpilot/compliance-admin:${SHORT_SHA} \ admin-compliance/ docker push registry.meghsakha.com/breakpilot/compliance-admin:latest docker push registry.meghsakha.com/breakpilot/compliance-admin:${SHORT_SHA} build-backend-compliance: runs-on: docker container: docker:27-cli steps: - name: Checkout run: | apk add --no-cache git git clone --depth 1 --branch ${GITHUB_REF_NAME} ${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}.git . - name: Login env: REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }} REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }} run: echo "$REGISTRY_PASSWORD" | docker login registry.meghsakha.com -u "$REGISTRY_USERNAME" --password-stdin - name: Build + push run: | SHORT_SHA=$(git rev-parse --short HEAD) docker build \ -t registry.meghsakha.com/breakpilot/compliance-backend:latest \ -t registry.meghsakha.com/breakpilot/compliance-backend:${SHORT_SHA} \ backend-compliance/ docker push registry.meghsakha.com/breakpilot/compliance-backend:latest docker push registry.meghsakha.com/breakpilot/compliance-backend:${SHORT_SHA} build-ai-sdk: runs-on: docker container: docker:27-cli steps: - name: Checkout run: | apk add --no-cache git git clone --depth 1 --branch ${GITHUB_REF_NAME} ${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}.git . - name: Login env: REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }} REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }} run: echo "$REGISTRY_PASSWORD" | docker login registry.meghsakha.com -u "$REGISTRY_USERNAME" --password-stdin - name: Build + push run: | SHORT_SHA=$(git rev-parse --short HEAD) docker build \ -t registry.meghsakha.com/breakpilot/compliance-sdk:latest \ -t registry.meghsakha.com/breakpilot/compliance-sdk:${SHORT_SHA} \ ai-compliance-sdk/ docker push registry.meghsakha.com/breakpilot/compliance-sdk:latest docker push registry.meghsakha.com/breakpilot/compliance-sdk:${SHORT_SHA} build-developer-portal: runs-on: docker container: docker:27-cli steps: - name: Checkout run: | apk add --no-cache git git clone --depth 1 --branch ${GITHUB_REF_NAME} ${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}.git . - name: Login env: REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }} REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }} run: echo "$REGISTRY_PASSWORD" | docker login registry.meghsakha.com -u "$REGISTRY_USERNAME" --password-stdin - name: Build + push run: | SHORT_SHA=$(git rev-parse --short HEAD) docker build \ -t registry.meghsakha.com/breakpilot/compliance-portal:latest \ -t registry.meghsakha.com/breakpilot/compliance-portal:${SHORT_SHA} \ developer-portal/ docker push registry.meghsakha.com/breakpilot/compliance-portal:latest docker push registry.meghsakha.com/breakpilot/compliance-portal:${SHORT_SHA} build-tts: runs-on: docker container: docker:27-cli steps: - name: Checkout run: | apk add --no-cache git git clone --depth 1 --branch ${GITHUB_REF_NAME} ${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}.git . - name: Login env: REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }} REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }} run: echo "$REGISTRY_PASSWORD" | docker login registry.meghsakha.com -u "$REGISTRY_USERNAME" --password-stdin - name: Build + push run: | SHORT_SHA=$(git rev-parse --short HEAD) docker build \ -t registry.meghsakha.com/breakpilot/compliance-tts:latest \ -t registry.meghsakha.com/breakpilot/compliance-tts:${SHORT_SHA} \ compliance-tts-service/ docker push registry.meghsakha.com/breakpilot/compliance-tts:latest docker push registry.meghsakha.com/breakpilot/compliance-tts:${SHORT_SHA} build-document-crawler: runs-on: docker container: docker:27-cli steps: - name: Checkout run: | apk add --no-cache git git clone --depth 1 --branch ${GITHUB_REF_NAME} ${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}.git . - name: Login env: REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }} REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }} run: echo "$REGISTRY_PASSWORD" | docker login registry.meghsakha.com -u "$REGISTRY_USERNAME" --password-stdin - name: Build + push run: | SHORT_SHA=$(git rev-parse --short HEAD) docker build \ -t registry.meghsakha.com/breakpilot/compliance-crawler:latest \ -t registry.meghsakha.com/breakpilot/compliance-crawler:${SHORT_SHA} \ document-crawler/ docker push registry.meghsakha.com/breakpilot/compliance-crawler:latest docker push registry.meghsakha.com/breakpilot/compliance-crawler:${SHORT_SHA} build-dsms-gateway: runs-on: docker container: docker:27-cli steps: - name: Checkout run: | apk add --no-cache git git clone --depth 1 --branch ${GITHUB_REF_NAME} ${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}.git . - name: Login env: REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }} REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }} run: echo "$REGISTRY_PASSWORD" | docker login registry.meghsakha.com -u "$REGISTRY_USERNAME" --password-stdin - name: Build + push run: | SHORT_SHA=$(git rev-parse --short HEAD) docker build \ -t registry.meghsakha.com/breakpilot/compliance-dsms-gateway:latest \ -t registry.meghsakha.com/breakpilot/compliance-dsms-gateway:${SHORT_SHA} \ dsms-gateway/ docker push registry.meghsakha.com/breakpilot/compliance-dsms-gateway:latest docker push registry.meghsakha.com/breakpilot/compliance-dsms-gateway:${SHORT_SHA} # ── orca redeploy (only after all builds succeed) ───────────────────────── trigger-orca: runs-on: docker container: docker:27-cli needs: - build-admin-compliance - build-backend-compliance - build-ai-sdk - build-developer-portal - build-tts - build-document-crawler - build-dsms-gateway steps: - name: Checkout (for SHA) run: | apk add --no-cache git curl openssl git clone --depth 1 --branch ${GITHUB_REF_NAME} ${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}.git . - name: Trigger orca redeploy env: ORCA_WEBHOOK_SECRET: ${{ secrets.ORCA_WEBHOOK_SECRET }} ORCA_WEBHOOK_URL: http://46.225.100.82:6880/api/v1/webhooks/github run: | SHA=$(git rev-parse HEAD) PAYLOAD="{\"ref\":\"refs/heads/main\",\"repository\":{\"full_name\":\"${GITHUB_REPOSITORY}\"},\"head_commit\":{\"id\":\"$SHA\",\"message\":\"ci: compliance images built\"}}" SIG=$(printf '%s' "$PAYLOAD" | openssl dgst -sha256 -hmac "$ORCA_WEBHOOK_SECRET" -r | awk '{print $1}') curl -sSf -k \ -X POST \ -H "Content-Type: application/json" \ -H "X-GitHub-Event: push" \ -H "X-Hub-Signature-256: sha256=$SIG" \ -d "$PAYLOAD" \ "$ORCA_WEBHOOK_URL" \ || { echo "Orca redeploy failed"; exit 1; } echo "Orca redeploy triggered for compliance services"