Add Coolify deploy jobs with path-based change detection

Deploys agent, dashboard, and docs independently based on which files changed. Only triggers on main after tests pass. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-08 19:22:56 +01:00
parent 3a01a28591
commit d13cef94cb
1 changed files with 94 additions and 0 deletions
--- a/.gitea/workflows/ci.yml
+++ b/.gitea/workflows/ci.yml
@@ -124,3 +124,97 @@ jobs:
      - name: Show sccache stats
        run: sccache --show-stats
        if: always()
  # ---------------------------------------------------------------------------
  # Stage 3: Deploy (only on main, after tests pass)
  # Each service only deploys when its relevant files changed.
  # ---------------------------------------------------------------------------
  detect-changes:
    name: Detect Changes
    runs-on: docker
    if: github.ref == 'refs/heads/main'
    needs: [test]
    container:
      image: alpine:latest
    outputs:
      agent: ${{ steps.changes.outputs.agent }}
      dashboard: ${{ steps.changes.outputs.dashboard }}
      docs: ${{ steps.changes.outputs.docs }}
    steps:
      - name: Install git
        run: apk add --no-cache git
      - name: Checkout
        run: |
          git init
          git remote add origin "${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}.git"
          git fetch --depth=2 origin "${GITHUB_SHA}"
          git checkout FETCH_HEAD
      - name: Detect changed paths
        id: changes
        run: |
          CHANGED=$(git diff --name-only HEAD~1 HEAD 2>/dev/null || echo "")
          echo "Changed files:"
          echo "$CHANGED"
          # Agent: core libs, agent code, agent Dockerfile
          if echo "$CHANGED" | grep -qE '^(compliance-core/|compliance-agent/|compliance-graph/|compliance-dast/|Dockerfile\.agent|Cargo\.(toml|lock))'; then
            echo "agent=true" >> "$GITHUB_OUTPUT"
          else
            echo "agent=false" >> "$GITHUB_OUTPUT"
          fi
          # Dashboard: core libs, dashboard code, dashboard Dockerfile, assets
          if echo "$CHANGED" | grep -qE '^(compliance-core/|compliance-dashboard/|Dockerfile\.dashboard|Dioxus\.toml|assets/|bin/|Cargo\.(toml|lock))'; then
            echo "dashboard=true" >> "$GITHUB_OUTPUT"
          else
            echo "dashboard=false" >> "$GITHUB_OUTPUT"
          fi
          # Docs: docs folder, docs Dockerfile
          if echo "$CHANGED" | grep -qE '^(docs/|Dockerfile\.docs)'; then
            echo "docs=true" >> "$GITHUB_OUTPUT"
          else
            echo "docs=false" >> "$GITHUB_OUTPUT"
          fi
  deploy-agent:
    name: Deploy Agent
    runs-on: docker
    needs: [detect-changes]
    if: needs.detect-changes.outputs.agent == 'true'
    container:
      image: alpine:latest
    steps:
      - name: Trigger Coolify deploy
        run: |
          apk add --no-cache curl
          curl -sf "${{ secrets.COOLIFY_WEBHOOK_AGENT }}" \
            -H "Authorization: Bearer ${{ secrets.COOLIFY_TOKEN }}"
  deploy-dashboard:
    name: Deploy Dashboard
    runs-on: docker
    needs: [detect-changes]
    if: needs.detect-changes.outputs.dashboard == 'true'
    container:
      image: alpine:latest
    steps:
      - name: Trigger Coolify deploy
        run: |
          apk add --no-cache curl
          curl -sf "${{ secrets.COOLIFY_WEBHOOK_DASHBOARD }}" \
            -H "Authorization: Bearer ${{ secrets.COOLIFY_TOKEN }}"
  deploy-docs:
    name: Deploy Docs
    runs-on: docker
    needs: [detect-changes]
    if: needs.detect-changes.outputs.docs == 'true'
    container:
      image: alpine:latest
    steps:
      - name: Trigger Coolify deploy
        run: |
          apk add --no-cache curl
          curl -sf "${{ secrets.COOLIFY_WEBHOOK_DOCS }}" \
            -H "Authorization: Bearer ${{ secrets.COOLIFY_TOKEN }}"