diff --git a/.gitea/workflows/ci.yaml b/.gitea/workflows/ci.yaml index ad675d6..7a65b0d 100644 --- a/.gitea/workflows/ci.yaml +++ b/.gitea/workflows/ci.yaml @@ -93,30 +93,35 @@ jobs: run: go build ./... image: + # Mirrors the portal CI pattern (platform/portal PR #14): push to + # registry.meghsakha.com, then POST a github-style payload signed + # with HMAC-SHA256 to the orca webhook on the master. Master matches + # on repo+branch and redeploys the breakpilot-tenant-registry service. needs: [shared, test] if: github.event_name == 'push' && github.ref == 'refs/heads/main' && hashFiles('Dockerfile') != '' runs-on: docker steps: - uses: actions/checkout@v4 - - uses: docker/login-action@v3 with: - registry: registry.breakpilot.com + registry: registry.meghsakha.com username: ${{ secrets.REGISTRY_USER }} password: ${{ secrets.REGISTRY_PASS }} - - uses: docker/build-push-action@v6 with: push: true tags: | - registry.breakpilot.com/${{ github.event.repository.name }}:sha-${{ github.sha }} - registry.breakpilot.com/${{ github.event.repository.name }}:env-stage - - - uses: anchore/sbom-action@v0 - with: - image: registry.breakpilot.com/${{ github.event.repository.name }}:sha-${{ github.sha }} - - - name: orca deploy stage - run: orca apply --env=stage --image-tag=sha-${{ github.sha }} + registry.meghsakha.com/breakpilot/tenant-registry:latest + registry.meghsakha.com/breakpilot/tenant-registry:sha-${{ github.sha }} + - name: trigger orca redeploy env: - ORCA_TOKEN: ${{ secrets.ORCA_STAGE_TOKEN }} + ORCA_WEBHOOK_SECRET: ${{ secrets.ORCA_WEBHOOK_SECRET }} + run: | + BODY='{"repository":{"full_name":"platform/tenant-registry"},"ref":"refs/heads/main"}' + SIG="sha256=$(printf '%s' "$BODY" | openssl dgst -sha256 -hmac "$ORCA_WEBHOOK_SECRET" -hex | awk '{print $NF}')" + curl -ksSf -X POST \ + -H "Content-Type: application/json" \ + -H "X-GitHub-Event: push" \ + -H "X-Hub-Signature-256: $SIG" \ + -d "$BODY" \ + https://46.225.100.82:6880/api/v1/webhooks/github