diff --git a/.gitea/workflows/build-pitch-deck.yml b/.gitea/workflows/build-pitch-deck.yml index 36968c6..219c3e3 100644 --- a/.gitea/workflows/build-pitch-deck.yml +++ b/.gitea/workflows/build-pitch-deck.yml @@ -1,5 +1,8 @@ # Build + push pitch-deck Docker image to registry.meghsakha.com -# on every push to main that touches pitch-deck/ files. +# and trigger orca redeploy on every push to main that touches pitch-deck/. +# +# Requires Gitea Actions secret: ORCA_WEBHOOK_SECRET_PITCH_DECK +# (the secret printed by `orca webhooks add` on the server) name: Build pitch-deck @@ -10,14 +13,14 @@ on: - 'pitch-deck/**' jobs: - build-and-push: + build-push-deploy: runs-on: docker container: image: docker:27-cli steps: - name: Checkout run: | - apk add --no-cache git + apk add --no-cache git openssl curl git clone --depth 1 --branch ${GITHUB_REF_NAME} ${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}.git . - name: Build image @@ -34,4 +37,23 @@ jobs: SHORT_SHA=$(git rev-parse --short HEAD) docker push registry.meghsakha.com/breakpilot/pitch-deck:latest docker push registry.meghsakha.com/breakpilot/pitch-deck:${SHORT_SHA} - echo "Pushed registry.meghsakha.com/breakpilot/pitch-deck:latest + :${SHORT_SHA}" + echo "Pushed :latest + :${SHORT_SHA}" + + - name: Trigger orca redeploy + env: + ORCA_WEBHOOK_SECRET: ${{ secrets.ORCA_WEBHOOK_SECRET_PITCH_DECK }} + ORCA_WEBHOOK_URL: https://46.225.100.82:6880/api/v1/webhooks/github + run: | + # Post a github-style push event to orca's webhook endpoint, + # signed with HMAC-SHA256 using the per-webhook secret. + PAYLOAD="{\"ref\":\"refs/heads/main\",\"repository\":{\"full_name\":\"${GITHUB_REPOSITORY}\"},\"after\":\"$(git rev-parse HEAD)\"}" + SIG=$(printf '%s' "$PAYLOAD" | openssl dgst -sha256 -hmac "$ORCA_WEBHOOK_SECRET" -r | awk '{print $1}') + curl -sSf -k \ + -X POST \ + -H "Content-Type: application/json" \ + -H "X-GitHub-Event: push" \ + -H "X-Hub-Signature-256: sha256=$SIG" \ + -d "$PAYLOAD" \ + "$ORCA_WEBHOOK_URL" \ + || { echo "Orca redeploy failed"; exit 1; } + echo "Orca redeploy triggered" diff --git a/.gitea/workflows/ci.yaml b/.gitea/workflows/ci.yaml index f7c69e7..32c12aa 100644 --- a/.gitea/workflows/ci.yaml +++ b/.gitea/workflows/ci.yaml @@ -140,20 +140,6 @@ jobs: python -m pytest tests/bqas/ -v --tb=short || true # ======================================== - # Deploy via Coolify (nur main, kein PR) + # Deploys now handled by per-service workflows (e.g. build-pitch-deck.yml) + # which trigger orca webhooks directly after building + pushing the image. # ======================================== - - deploy-coolify: - name: Deploy - runs-on: docker - if: github.event_name == 'push' && github.ref == 'refs/heads/main' - needs: - - test-go-consent - container: - image: alpine:latest - steps: - - name: Trigger Coolify deploy - run: | - apk add --no-cache curl - curl -sf "${{ secrets.COOLIFY_WEBHOOK }}" \ - -H "Authorization: Bearer ${{ secrets.COOLIFY_TOKEN }}" diff --git a/.gitea/workflows/deploy-coolify.yml b/.gitea/workflows/deploy-coolify.yml deleted file mode 100644 index b65f762..0000000 --- a/.gitea/workflows/deploy-coolify.yml +++ /dev/null @@ -1,27 +0,0 @@ -name: Deploy to Coolify - -on: - push: - branches: - - coolify - -jobs: - deploy: - runs-on: ubuntu-latest - steps: - - name: Deploy via Coolify API - run: | - echo "Deploying breakpilot-core to Coolify..." - HTTP_STATUS=$(curl -s -o /dev/null -w "%{http_code}" \ - -X POST \ - -H "Authorization: Bearer ${{ secrets.COOLIFY_API_TOKEN }}" \ - -H "Content-Type: application/json" \ - -d '{"uuid": "${{ secrets.COOLIFY_RESOURCE_UUID }}", "force_rebuild": true}' \ - "${{ secrets.COOLIFY_BASE_URL }}/api/v1/deploy") - - echo "HTTP Status: $HTTP_STATUS" - if [ "$HTTP_STATUS" -ne 200 ] && [ "$HTTP_STATUS" -ne 201 ]; then - echo "Deployment failed with status $HTTP_STATUS" - exit 1 - fi - echo "Deployment triggered successfully!"