# Build + push pitch-deck Docker image to registry.meghsakha.com # and trigger orca redeploy on every push to main that touches pitch-deck/. # # Requires Gitea Actions secret: ORCA_WEBHOOK_SECRET_PITCH_DECK # (the secret printed by `orca webhooks add` on the server) name: Build pitch-deck on: push: branches: [main] paths: - 'pitch-deck/**' jobs: build-push-deploy: runs-on: docker container: image: docker:27-cli steps: - name: Checkout run: | apk add --no-cache git openssl curl git clone --depth 1 --branch ${GITHUB_REF_NAME} ${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}.git . - name: Build image run: | cd pitch-deck SHORT_SHA=$(git rev-parse --short HEAD) docker build \ -t registry.meghsakha.com/breakpilot/pitch-deck:latest \ -t registry.meghsakha.com/breakpilot/pitch-deck:${SHORT_SHA} \ . - name: Push to registry run: | SHORT_SHA=$(git rev-parse --short HEAD) docker push registry.meghsakha.com/breakpilot/pitch-deck:latest docker push registry.meghsakha.com/breakpilot/pitch-deck:${SHORT_SHA} echo "Pushed :latest + :${SHORT_SHA}" - name: Trigger orca redeploy env: ORCA_WEBHOOK_SECRET: ${{ secrets.ORCA_WEBHOOK_SECRET_PITCH_DECK }} ORCA_WEBHOOK_URL: https://46.225.100.82:6880/api/v1/webhooks/github run: | # Post a github-style push event to orca's webhook endpoint, # signed with HMAC-SHA256 using the per-webhook secret. PAYLOAD="{\"ref\":\"refs/heads/main\",\"repository\":{\"full_name\":\"${GITHUB_REPOSITORY}\"},\"after\":\"$(git rev-parse HEAD)\"}" SIG=$(printf '%s' "$PAYLOAD" | openssl dgst -sha256 -hmac "$ORCA_WEBHOOK_SECRET" -r | awk '{print $1}') curl -sSf -k \ -X POST \ -H "Content-Type: application/json" \ -H "X-GitHub-Event: push" \ -H "X-Hub-Signature-256: sha256=$SIG" \ -d "$PAYLOAD" \ "$ORCA_WEBHOOK_URL" \ || { echo "Orca redeploy failed"; exit 1; } echo "Orca redeploy triggered"