From d13cef94cb0482f600530123578342d38eb9e127 Mon Sep 17 00:00:00 2001 From: Sharang Parnerkar Date: Sun, 8 Mar 2026 19:22:56 +0100 Subject: [PATCH] Add Coolify deploy jobs with path-based change detection Deploys agent, dashboard, and docs independently based on which files changed. Only triggers on main after tests pass. Co-Authored-By: Claude Opus 4.6 --- .gitea/workflows/ci.yml | 94 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 94 insertions(+) diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml index 63f51b8..d36811f 100644 --- a/.gitea/workflows/ci.yml +++ b/.gitea/workflows/ci.yml @@ -124,3 +124,97 @@ jobs: - name: Show sccache stats run: sccache --show-stats if: always() + + # --------------------------------------------------------------------------- + # Stage 3: Deploy (only on main, after tests pass) + # Each service only deploys when its relevant files changed. + # --------------------------------------------------------------------------- + detect-changes: + name: Detect Changes + runs-on: docker + if: github.ref == 'refs/heads/main' + needs: [test] + container: + image: alpine:latest + outputs: + agent: ${{ steps.changes.outputs.agent }} + dashboard: ${{ steps.changes.outputs.dashboard }} + docs: ${{ steps.changes.outputs.docs }} + steps: + - name: Install git + run: apk add --no-cache git + - name: Checkout + run: | + git init + git remote add origin "${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}.git" + git fetch --depth=2 origin "${GITHUB_SHA}" + git checkout FETCH_HEAD + - name: Detect changed paths + id: changes + run: | + CHANGED=$(git diff --name-only HEAD~1 HEAD 2>/dev/null || echo "") + echo "Changed files:" + echo "$CHANGED" + + # Agent: core libs, agent code, agent Dockerfile + if echo "$CHANGED" | grep -qE '^(compliance-core/|compliance-agent/|compliance-graph/|compliance-dast/|Dockerfile\.agent|Cargo\.(toml|lock))'; then + echo "agent=true" >> "$GITHUB_OUTPUT" + else + echo "agent=false" >> "$GITHUB_OUTPUT" + fi + + # Dashboard: core libs, dashboard code, dashboard Dockerfile, assets + if echo "$CHANGED" | grep -qE '^(compliance-core/|compliance-dashboard/|Dockerfile\.dashboard|Dioxus\.toml|assets/|bin/|Cargo\.(toml|lock))'; then + echo "dashboard=true" >> "$GITHUB_OUTPUT" + else + echo "dashboard=false" >> "$GITHUB_OUTPUT" + fi + + # Docs: docs folder, docs Dockerfile + if echo "$CHANGED" | grep -qE '^(docs/|Dockerfile\.docs)'; then + echo "docs=true" >> "$GITHUB_OUTPUT" + else + echo "docs=false" >> "$GITHUB_OUTPUT" + fi + + deploy-agent: + name: Deploy Agent + runs-on: docker + needs: [detect-changes] + if: needs.detect-changes.outputs.agent == 'true' + container: + image: alpine:latest + steps: + - name: Trigger Coolify deploy + run: | + apk add --no-cache curl + curl -sf "${{ secrets.COOLIFY_WEBHOOK_AGENT }}" \ + -H "Authorization: Bearer ${{ secrets.COOLIFY_TOKEN }}" + + deploy-dashboard: + name: Deploy Dashboard + runs-on: docker + needs: [detect-changes] + if: needs.detect-changes.outputs.dashboard == 'true' + container: + image: alpine:latest + steps: + - name: Trigger Coolify deploy + run: | + apk add --no-cache curl + curl -sf "${{ secrets.COOLIFY_WEBHOOK_DASHBOARD }}" \ + -H "Authorization: Bearer ${{ secrets.COOLIFY_TOKEN }}" + + deploy-docs: + name: Deploy Docs + runs-on: docker + needs: [detect-changes] + if: needs.detect-changes.outputs.docs == 'true' + container: + image: alpine:latest + steps: + - name: Trigger Coolify deploy + run: | + apk add --no-cache curl + curl -sf "${{ secrets.COOLIFY_WEBHOOK_DOCS }}" \ + -H "Authorization: Bearer ${{ secrets.COOLIFY_TOKEN }}"