ci(pipeline): trigger orca redeploy after image push, remove coolify
All checks were successful
CI / go-lint (push) Has been skipped
CI / python-lint (push) Has been skipped
CI / nodejs-lint (push) Has been skipped
CI / test-go-consent (push) Successful in 33s
CI / test-python-voice (push) Successful in 33s
CI / test-bqas (push) Successful in 32s
All checks were successful
CI / go-lint (push) Has been skipped
CI / python-lint (push) Has been skipped
CI / nodejs-lint (push) Has been skipped
CI / test-go-consent (push) Successful in 33s
CI / test-python-voice (push) Successful in 33s
CI / test-bqas (push) Successful in 32s
build-pitch-deck workflow now posts an HMAC-signed push event to orca's webhook endpoint after the image is built + pushed. This avoids the race where orca would otherwise redeploy with the old :latest image before CI finishes pushing the new one. Removed the obsolete deploy-coolify.yml (wrong branch, wrong system) and stripped the deploy-coolify job from ci.yaml. Requires Gitea Actions secret: ORCA_WEBHOOK_SECRET_PITCH_DECK
This commit is contained in:
Sharang Parnerkar
@@ -1,5 +1,8 @@
|
|||||||
# Build + push pitch-deck Docker image to registry.meghsakha.com
|
# Build + push pitch-deck Docker image to registry.meghsakha.com
|
||||||
# on every push to main that touches pitch-deck/ files.
|
# and trigger orca redeploy on every push to main that touches pitch-deck/.
|
||||||
|
#
|
||||||
|
# Requires Gitea Actions secret: ORCA_WEBHOOK_SECRET_PITCH_DECK
|
||||||
|
# (the secret printed by `orca webhooks add` on the server)
|
||||||
|
|
||||||
name: Build pitch-deck
|
name: Build pitch-deck
|
||||||
|
|
||||||
@@ -10,14 +13,14 @@ on:
|
|||||||
- 'pitch-deck/**'
|
- 'pitch-deck/**'
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
build-and-push:
|
build-push-deploy:
|
||||||
runs-on: docker
|
runs-on: docker
|
||||||
container:
|
container:
|
||||||
image: docker:27-cli
|
image: docker:27-cli
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout
|
- name: Checkout
|
||||||
run: |
|
run: |
|
||||||
apk add --no-cache git
|
apk add --no-cache git openssl curl
|
||||||
git clone --depth 1 --branch ${GITHUB_REF_NAME} ${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}.git .
|
git clone --depth 1 --branch ${GITHUB_REF_NAME} ${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}.git .
|
||||||
|
|
||||||
- name: Build image
|
- name: Build image
|
||||||
@@ -34,4 +37,23 @@ jobs:
|
|||||||
SHORT_SHA=$(git rev-parse --short HEAD)
|
SHORT_SHA=$(git rev-parse --short HEAD)
|
||||||
docker push registry.meghsakha.com/breakpilot/pitch-deck:latest
|
docker push registry.meghsakha.com/breakpilot/pitch-deck:latest
|
||||||
docker push registry.meghsakha.com/breakpilot/pitch-deck:${SHORT_SHA}
|
docker push registry.meghsakha.com/breakpilot/pitch-deck:${SHORT_SHA}
|
||||||
echo "Pushed registry.meghsakha.com/breakpilot/pitch-deck:latest + :${SHORT_SHA}"
|
echo "Pushed :latest + :${SHORT_SHA}"
|
||||||
|
|
||||||
|
- name: Trigger orca redeploy
|
||||||
|
env:
|
||||||
|
ORCA_WEBHOOK_SECRET: ${{ secrets.ORCA_WEBHOOK_SECRET_PITCH_DECK }}
|
||||||
|
ORCA_WEBHOOK_URL: https://46.225.100.82:6880/api/v1/webhooks/github
|
||||||
|
run: |
|
||||||
|
# Post a github-style push event to orca's webhook endpoint,
|
||||||
|
# signed with HMAC-SHA256 using the per-webhook secret.
|
||||||
|
PAYLOAD="{\"ref\":\"refs/heads/main\",\"repository\":{\"full_name\":\"${GITHUB_REPOSITORY}\"},\"after\":\"$(git rev-parse HEAD)\"}"
|
||||||
|
SIG=$(printf '%s' "$PAYLOAD" | openssl dgst -sha256 -hmac "$ORCA_WEBHOOK_SECRET" -r | awk '{print $1}')
|
||||||
|
curl -sSf -k \
|
||||||
|
-X POST \
|
||||||
|
-H "Content-Type: application/json" \
|
||||||
|
-H "X-GitHub-Event: push" \
|
||||||
|
-H "X-Hub-Signature-256: sha256=$SIG" \
|
||||||
|
-d "$PAYLOAD" \
|
||||||
|
"$ORCA_WEBHOOK_URL" \
|
||||||
|
|| { echo "Orca redeploy failed"; exit 1; }
|
||||||
|
echo "Orca redeploy triggered"
|
||||||
|
|||||||
@@ -140,20 +140,6 @@ jobs:
|
|||||||
python -m pytest tests/bqas/ -v --tb=short || true
|
python -m pytest tests/bqas/ -v --tb=short || true
|
||||||
|
|
||||||
# ========================================
|
# ========================================
|
||||||
# Deploy via Coolify (nur main, kein PR)
|
# Deploys now handled by per-service workflows (e.g. build-pitch-deck.yml)
|
||||||
|
# which trigger orca webhooks directly after building + pushing the image.
|
||||||
# ========================================
|
# ========================================
|
||||||
|
|
||||||
deploy-coolify:
|
|
||||||
name: Deploy
|
|
||||||
runs-on: docker
|
|
||||||
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
|
|
||||||
needs:
|
|
||||||
- test-go-consent
|
|
||||||
container:
|
|
||||||
image: alpine:latest
|
|
||||||
steps:
|
|
||||||
- name: Trigger Coolify deploy
|
|
||||||
run: |
|
|
||||||
apk add --no-cache curl
|
|
||||||
curl -sf "${{ secrets.COOLIFY_WEBHOOK }}" \
|
|
||||||
-H "Authorization: Bearer ${{ secrets.COOLIFY_TOKEN }}"
|
|
||||||
|
|||||||
@@ -1,27 +0,0 @@
|
|||||||
name: Deploy to Coolify
|
|
||||||
|
|
||||||
on:
|
|
||||||
push:
|
|
||||||
branches:
|
|
||||||
- coolify
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
deploy:
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
steps:
|
|
||||||
- name: Deploy via Coolify API
|
|
||||||
run: |
|
|
||||||
echo "Deploying breakpilot-core to Coolify..."
|
|
||||||
HTTP_STATUS=$(curl -s -o /dev/null -w "%{http_code}" \
|
|
||||||
-X POST \
|
|
||||||
-H "Authorization: Bearer ${{ secrets.COOLIFY_API_TOKEN }}" \
|
|
||||||
-H "Content-Type: application/json" \
|
|
||||||
-d '{"uuid": "${{ secrets.COOLIFY_RESOURCE_UUID }}", "force_rebuild": true}' \
|
|
||||||
"${{ secrets.COOLIFY_BASE_URL }}/api/v1/deploy")
|
|
||||||
|
|
||||||
echo "HTTP Status: $HTTP_STATUS"
|
|
||||||
if [ "$HTTP_STATUS" -ne 200 ] && [ "$HTTP_STATUS" -ne 201 ]; then
|
|
||||||
echo "Deployment failed with status $HTTP_STATUS"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
echo "Deployment triggered successfully!"
|
|
||||||
Reference in New Issue
Block a user