Compare commits
1 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
 Sharang Parnerkar
|
eb98391f80 |
@@ -108,15 +108,6 @@ jobs:
|
||||
PLAYWRIGHT_TEST_PASS: ${{ secrets.STAGE_TEST_PASS }}
|
||||
|
||||
image:
|
||||
# Builds the portal image and ships it through the same path every
|
||||
# other service in orca-infra uses: push :latest + :sha-<sha> to
|
||||
# registry.meghsakha.com, then POST a github-style payload to the
|
||||
# orca webhook so the master pulls and redeploys breakpilot-portal.
|
||||
#
|
||||
# Webhook target (registered once on the master via
|
||||
# orca webhooks add --repo platform/portal \
|
||||
# --service breakpilot-portal --branch main
|
||||
# ) accepts unsigned payloads — orca matches on repo + branch.
|
||||
needs: [shared, test]
|
||||
if: github.event_name == 'push' && github.ref == 'refs/heads/main' && hashFiles('Dockerfile') != ''
|
||||
runs-on: docker
|
||||
@@ -124,28 +115,18 @@ jobs:
|
||||
- uses: actions/checkout@v4
|
||||
- uses: docker/login-action@v3
|
||||
with:
|
||||
registry: registry.meghsakha.com
|
||||
registry: registry.breakpilot.com
|
||||
username: ${{ secrets.REGISTRY_USER }}
|
||||
password: ${{ secrets.REGISTRY_PASS }}
|
||||
- uses: docker/build-push-action@v6
|
||||
with:
|
||||
push: true
|
||||
tags: |
|
||||
registry.meghsakha.com/breakpilot/portal:latest
|
||||
registry.meghsakha.com/breakpilot/portal:sha-${{ github.sha }}
|
||||
- name: trigger orca redeploy
|
||||
# Signs the POST with HMAC-SHA256 over the JSON body using the
|
||||
# secret orca generated when the webhook was registered. Orca's
|
||||
# endpoint is publicly reachable on the master, so the signature
|
||||
# gates who can fire a deploy.
|
||||
registry.breakpilot.com/${{ github.event.repository.name }}:sha-${{ github.sha }}
|
||||
registry.breakpilot.com/${{ github.event.repository.name }}:env-stage
|
||||
- uses: anchore/sbom-action@v0
|
||||
with:
|
||||
image: registry.breakpilot.com/${{ github.event.repository.name }}:sha-${{ github.sha }}
|
||||
- run: orca apply --env=stage --image-tag=sha-${{ github.sha }}
|
||||
env:
|
||||
ORCA_WEBHOOK_SECRET: ${{ secrets.ORCA_WEBHOOK_SECRET }}
|
||||
run: |
|
||||
BODY='{"repository":{"full_name":"platform/portal"},"ref":"refs/heads/main"}'
|
||||
SIG="sha256=$(printf '%s' "$BODY" | openssl dgst -sha256 -hmac "$ORCA_WEBHOOK_SECRET" -hex | awk '{print $NF}')"
|
||||
curl -ksSf -X POST \
|
||||
-H "Content-Type: application/json" \
|
||||
-H "X-GitHub-Event: push" \
|
||||
-H "X-Hub-Signature-256: $SIG" \
|
||||
-d "$BODY" \
|
||||
https://46.225.100.82:6880/api/v1/webhooks/github
|
||||
ORCA_TOKEN: ${{ secrets.ORCA_STAGE_TOKEN }}
|
||||
|
||||
+14
-1
@@ -11,7 +11,20 @@ export type HostMatch =
|
||||
| { kind: "unknown" };
|
||||
|
||||
// Longest-first so `stage.breakpilot.com` is matched before `breakpilot.com`.
|
||||
const APEX_HOSTS = ["stage.breakpilot.com", "breakpilot.com", "localhost"];
|
||||
// Built-ins cover dev (localhost) + the canonical breakpilot.com targets.
|
||||
// PORTAL_APEX_HOSTS is a comma-separated env override for per-environment
|
||||
// hosts (e.g. portal-dev.meghsakha.com while breakpilot.com isn't registered).
|
||||
const APEX_HOSTS = (() => {
|
||||
const base = ["stage.breakpilot.com", "breakpilot.com", "localhost"];
|
||||
const extra = (process.env.PORTAL_APEX_HOSTS ?? "")
|
||||
.split(",")
|
||||
.map((h) => h.trim().toLowerCase())
|
||||
.filter(Boolean);
|
||||
// Longest-first to keep the suffix-strip loop correct.
|
||||
return Array.from(new Set([...extra, ...base])).sort(
|
||||
(a, b) => b.length - a.length,
|
||||
);
|
||||
})();
|
||||
const APEX_SET = new Set(APEX_HOSTS);
|
||||
|
||||
export function parseHost(host: string | null | undefined): HostMatch {
|
||||
|
||||
Reference in New Issue
Block a user