diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml index 673e175..f86807e 100644 --- a/.gitea/workflows/ci.yml +++ b/.gitea/workflows/ci.yml @@ -145,13 +145,20 @@ jobs: needs: [detect-changes] if: needs.detect-changes.outputs.agent == 'true' container: - image: alpine:latest + image: docker:27-cli steps: - - name: Trigger Coolify deploy + - name: Build, push and trigger orca redeploy run: | - apk add --no-cache curl - curl -sf "${{ secrets.COOLIFY_WEBHOOK_AGENT }}" \ - -H "Authorization: Bearer ${{ secrets.COOLIFY_TOKEN }}" + apk add --no-cache git curl openssl + git init && git remote add origin "${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}.git" + git fetch --depth=1 origin "${GITHUB_SHA}" && git checkout FETCH_HEAD + IMAGE=registry.meghsakha.com/compliance-agent + echo "${{ secrets.REGISTRY_PASSWORD }}" | docker login registry.meghsakha.com -u "${{ secrets.REGISTRY_USERNAME }}" --password-stdin + docker build -f Dockerfile.agent -t "$IMAGE:latest" -t "$IMAGE:${GITHUB_SHA}" . + docker push "$IMAGE:latest" && docker push "$IMAGE:${GITHUB_SHA}" + PAYLOAD=$(printf '{"ref":"refs/heads/main","repository":{"full_name":"sharang/compliance-scanner-agent"},"head_commit":{"id":"%s","message":"deploy agent"}}' "${GITHUB_SHA}") + SIG=$(printf '%s' "$PAYLOAD" | openssl dgst -sha256 -hmac "${{ secrets.ORCA_WEBHOOK_SECRET }}" | awk '{print $2}') + curl -fsS -X POST "http://46.225.100.82:6880/api/v1/webhooks/github" -H "Content-Type: application/json" -H "X-Hub-Signature-256: sha256=$SIG" -d "$PAYLOAD" deploy-dashboard: name: Deploy Dashboard @@ -159,13 +166,20 @@ jobs: needs: [detect-changes] if: needs.detect-changes.outputs.dashboard == 'true' container: - image: alpine:latest + image: docker:27-cli steps: - - name: Trigger Coolify deploy + - name: Build, push and trigger orca redeploy run: | - apk add --no-cache curl - curl -sf "${{ secrets.COOLIFY_WEBHOOK_DASHBOARD }}" \ - -H "Authorization: Bearer ${{ secrets.COOLIFY_TOKEN }}" + apk add --no-cache git curl openssl + git init && git remote add origin "${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}.git" + git fetch --depth=1 origin "${GITHUB_SHA}" && git checkout FETCH_HEAD + IMAGE=registry.meghsakha.com/compliance-dashboard + echo "${{ secrets.REGISTRY_PASSWORD }}" | docker login registry.meghsakha.com -u "${{ secrets.REGISTRY_USERNAME }}" --password-stdin + docker build -f Dockerfile.dashboard -t "$IMAGE:latest" -t "$IMAGE:${GITHUB_SHA}" . + docker push "$IMAGE:latest" && docker push "$IMAGE:${GITHUB_SHA}" + PAYLOAD=$(printf '{"ref":"refs/heads/main","repository":{"full_name":"sharang/compliance-scanner-agent"},"head_commit":{"id":"%s","message":"deploy dashboard"}}' "${GITHUB_SHA}") + SIG=$(printf '%s' "$PAYLOAD" | openssl dgst -sha256 -hmac "${{ secrets.ORCA_WEBHOOK_SECRET }}" | awk '{print $2}') + curl -fsS -X POST "http://46.225.100.82:6880/api/v1/webhooks/github" -H "Content-Type: application/json" -H "X-Hub-Signature-256: sha256=$SIG" -d "$PAYLOAD" deploy-docs: name: Deploy Docs @@ -173,13 +187,20 @@ jobs: needs: [detect-changes] if: needs.detect-changes.outputs.docs == 'true' container: - image: alpine:latest + image: docker:27-cli steps: - - name: Trigger Coolify deploy + - name: Build, push and trigger orca redeploy run: | - apk add --no-cache curl - curl -sf "${{ secrets.COOLIFY_WEBHOOK_DOCS }}" \ - -H "Authorization: Bearer ${{ secrets.COOLIFY_TOKEN }}" + apk add --no-cache git curl openssl + git init && git remote add origin "${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}.git" + git fetch --depth=1 origin "${GITHUB_SHA}" && git checkout FETCH_HEAD + IMAGE=registry.meghsakha.com/compliance-docs + echo "${{ secrets.REGISTRY_PASSWORD }}" | docker login registry.meghsakha.com -u "${{ secrets.REGISTRY_USERNAME }}" --password-stdin + docker build -f Dockerfile.docs -t "$IMAGE:latest" -t "$IMAGE:${GITHUB_SHA}" . + docker push "$IMAGE:latest" && docker push "$IMAGE:${GITHUB_SHA}" + PAYLOAD=$(printf '{"ref":"refs/heads/main","repository":{"full_name":"sharang/compliance-scanner-agent"},"head_commit":{"id":"%s","message":"deploy docs"}}' "${GITHUB_SHA}") + SIG=$(printf '%s' "$PAYLOAD" | openssl dgst -sha256 -hmac "${{ secrets.ORCA_WEBHOOK_SECRET }}" | awk '{print $2}') + curl -fsS -X POST "http://46.225.100.82:6880/api/v1/webhooks/github" -H "Content-Type: application/json" -H "X-Hub-Signature-256: sha256=$SIG" -d "$PAYLOAD" deploy-mcp: name: Deploy MCP @@ -187,10 +208,17 @@ jobs: needs: [detect-changes] if: needs.detect-changes.outputs.mcp == 'true' container: - image: alpine:latest + image: docker:27-cli steps: - - name: Trigger Coolify deploy + - name: Build, push and trigger orca redeploy run: | - apk add --no-cache curl - curl -sf "${{ secrets.COOLIFY_WEBHOOK_MCP }}" \ - -H "Authorization: Bearer ${{ secrets.COOLIFY_TOKEN }}" + apk add --no-cache git curl openssl + git init && git remote add origin "${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}.git" + git fetch --depth=1 origin "${GITHUB_SHA}" && git checkout FETCH_HEAD + IMAGE=registry.meghsakha.com/compliance-mcp + echo "${{ secrets.REGISTRY_PASSWORD }}" | docker login registry.meghsakha.com -u "${{ secrets.REGISTRY_USERNAME }}" --password-stdin + docker build -f Dockerfile.mcp -t "$IMAGE:latest" -t "$IMAGE:${GITHUB_SHA}" . + docker push "$IMAGE:latest" && docker push "$IMAGE:${GITHUB_SHA}" + PAYLOAD=$(printf '{"ref":"refs/heads/main","repository":{"full_name":"sharang/compliance-scanner-agent"},"head_commit":{"id":"%s","message":"deploy mcp"}}' "${GITHUB_SHA}") + SIG=$(printf '%s' "$PAYLOAD" | openssl dgst -sha256 -hmac "${{ secrets.ORCA_WEBHOOK_SECRET }}" | awk '{print $2}') + curl -fsS -X POST "http://46.225.100.82:6880/api/v1/webhooks/github" -H "Content-Type: application/json" -H "X-Hub-Signature-256: sha256=$SIG" -d "$PAYLOAD"