platform/portal
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ci(portal): retarget image build to registry.meghsakha.com + orca webhook (#14)
ci / shared (push) Successful in 14s
Details
ci / test (push) Successful in 10m18s
Details
ci / e2e (push) Has been skipped
Details
ci / image (push) Has been skipped
Details

Browse Source
This commit was merged in pull request #14.
This commit is contained in:
Sharang Parnerkar
2026-06-10 12:05:37 +00:00
parent 00b968953e
commit 0862420e7c
1 changed files with 27 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.gitea/workflows/ci.yaml
+27 -8
View File
@@ -108,6 +108,15 @@ jobs:
PLAYWRIGHT_TEST_PASS: ${{ secrets.STAGE_TEST_PASS }} PLAYWRIGHT_TEST_PASS: ${{ secrets.STAGE_TEST_PASS }}
image: image:
# Builds the portal image and ships it through the same path every
# other service in orca-infra uses: push :latest + :sha-<sha> to
# registry.meghsakha.com, then POST a github-style payload to the
# orca webhook so the master pulls and redeploys breakpilot-portal.
#
# Webhook target (registered once on the master via
# orca webhooks add --repo platform/portal \
# --service breakpilot-portal --branch main
# ) accepts unsigned payloads — orca matches on repo + branch.
needs: [shared, test] needs: [shared, test]
if: github.event_name == 'push' && github.ref == 'refs/heads/main' && hashFiles('Dockerfile') != '' if: github.event_name == 'push' && github.ref == 'refs/heads/main' && hashFiles('Dockerfile') != ''
runs-on: docker runs-on: docker
@@ -115,18 +124,28 @@ jobs:
- uses: actions/checkout@v4 - uses: actions/checkout@v4
- uses: docker/login-action@v3 - uses: docker/login-action@v3
with: with:
registry: registry.breakpilot.com registry: registry.meghsakha.com
username: ${{ secrets.REGISTRY_USER }} username: ${{ secrets.REGISTRY_USER }}
password: ${{ secrets.REGISTRY_PASS }} password: ${{ secrets.REGISTRY_PASS }}
- uses: docker/build-push-action@v6 - uses: docker/build-push-action@v6
with: with:
push: true push: true
tags: | tags: |
registry.breakpilot.com/${{ github.event.repository.name }}:sha-${{ github.sha }} registry.meghsakha.com/breakpilot/portal:latest
registry.breakpilot.com/${{ github.event.repository.name }}:env-stage registry.meghsakha.com/breakpilot/portal:sha-${{ github.sha }}
- uses: anchore/sbom-action@v0 - name: trigger orca redeploy
with: # Signs the POST with HMAC-SHA256 over the JSON body using the
image: registry.breakpilot.com/${{ github.event.repository.name }}:sha-${{ github.sha }} # secret orca generated when the webhook was registered. Orca's
- run: orca apply --env=stage --image-tag=sha-${{ github.sha }} # endpoint is publicly reachable on the master, so the signature
# gates who can fire a deploy.
env: env:
ORCA_TOKEN: ${{ secrets.ORCA_STAGE_TOKEN }} ORCA_WEBHOOK_SECRET: ${{ secrets.ORCA_WEBHOOK_SECRET }}
run: |
BODY='{"repository":{"full_name":"platform/portal"},"ref":"refs/heads/main"}'
SIG="sha256=$(printf '%s' "$BODY" | openssl dgst -sha256 -hmac "$ORCA_WEBHOOK_SECRET" -hex | awk '{print $NF}')"
curl -ksSf -X POST \
-H "Content-Type: application/json" \
-H "X-GitHub-Event: push" \
-H "X-Hub-Signature-256: $SIG" \
-d "$BODY" \
https://46.225.100.82:6880/api/v1/webhooks/github