platform/tenant-registry
2
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Compare commits

merge into: platform/tenant-registry:main
Branches Tags
platform/tenant-registry:main platform/tenant-registry:ci/registry-meghsakha-orca-webhook
..
pull from: platform/tenant-registry:ci/registry-meghsakha-orca-webhook
Branches Tags
platform/tenant-registry:ci/registry-meghsakha-orca-webhook platform/tenant-registry:main

2 Commits

Author SHA1 Message Date
Sharang Parnerkar fedcea06c7 build: bump golang 1.24 → 1.25
ci / shared (pull_request) Successful in 10s
Details
ci / test (pull_request) Successful in 21m10s
Details
ci / image (pull_request) Has been skipped
Details 
go.mod requires >= 1.25.0; previous Dockerfile pinned 1.24 which failed
at `go mod download` with: "go: go.mod requires go >= 1.25.0".

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
 2026-06-10 14:10:57 +02:00
Sharang Parnerkar 8d8a5814d8 ci(tenant-registry): retarget image build to registry.meghsakha.com + orca webhook
ci / shared (pull_request) Successful in 11s
Details
ci / test (pull_request) Successful in 21m52s
Details
ci / image (pull_request) Has been skipped
Details 
Mirrors the portal CI pattern (platform/portal #14). Previous workflow
pushed to a future-prod registry that doesn't exist, then called an orca
CLI shape this version doesn't ship.

- Registry: registry.meghsakha.com
- Image path: breakpilot/tenant-registry
- Tags: :latest (webhook deploy) + :sha-<sha> (traceability)
- Webhook: HMAC-signed POST to the orca master

One-time setup before this can deploy:
1. Add Gitea Actions secrets to this repo: REGISTRY_USER, REGISTRY_PASS, ORCA_WEBHOOK_SECRET
2. On the orca master:
   orca webhooks add --repo platform/tenant-registry \
                     --service breakpilot-tenant-registry --branch main

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
 2026-06-10 14:08:41 +02:00
2 changed files with 19 additions and 14 deletions
Expand all files Collapse all files
.gitea/workflows/ci.yaml
+18 -13
View File
@@ -93,30 +93,35 @@ jobs:
run: go build ./...
image:
# Mirrors the portal CI pattern (platform/portal PR #14): push to
# registry.meghsakha.com, then POST a github-style payload signed
# with HMAC-SHA256 to the orca webhook on the master. Master matches
# on repo+branch and redeploys the breakpilot-tenant-registry service.
needs: [shared, test]
if: github.event_name == 'push' && github.ref == 'refs/heads/main' && hashFiles('Dockerfile') != ''
runs-on: docker
steps:
- uses: actions/checkout@v4
- uses: docker/login-action@v3
with:
registry: registry.breakpilot.com
registry: registry.meghsakha.com
username: ${{ secrets.REGISTRY_USER }}
password: ${{ secrets.REGISTRY_PASS }}
- uses: docker/build-push-action@v6
with:
push: true
tags: |
registry.breakpilot.com/${{ github.event.repository.name }}:sha-${{ github.sha }}
registry.breakpilot.com/${{ github.event.repository.name }}:env-stage
- uses: anchore/sbom-action@v0
with:
image: registry.breakpilot.com/${{ github.event.repository.name }}:sha-${{ github.sha }}
- name: orca deploy stage
run: orca apply --env=stage --image-tag=sha-${{ github.sha }}
registry.meghsakha.com/breakpilot/tenant-registry:latest
registry.meghsakha.com/breakpilot/tenant-registry:sha-${{ github.sha }}
- name: trigger orca redeploy
env:
ORCA_TOKEN: ${{ secrets.ORCA_STAGE_TOKEN }}
ORCA_WEBHOOK_SECRET: ${{ secrets.ORCA_WEBHOOK_SECRET }}
run: |
BODY='{"repository":{"full_name":"platform/tenant-registry"},"ref":"refs/heads/main"}'
SIG="sha256=$(printf '%s' "$BODY" | openssl dgst -sha256 -hmac "$ORCA_WEBHOOK_SECRET" -hex | awk '{print $NF}')"
curl -ksSf -X POST \
-H "Content-Type: application/json" \
-H "X-GitHub-Event: push" \
-H "X-Hub-Signature-256: $SIG" \
-d "$BODY" \
https://46.225.100.82:6880/api/v1/webhooks/github
Dockerfile
+1 -1
View File
@@ -3,7 +3,7 @@
# /tenant-registry — long-running API server
# /migrate — one-shot schema migrator (Orca init container in prod)
FROM golang:1.24-alpine AS build
FROM golang:1.25-alpine AS build
WORKDIR /src
COPY go.mod go.sum ./
RUN go mod download