Add Coolify deploy jobs with path-based change detection

Deploys agent, dashboard, and docs independently based on which files changed. Only triggers on main after tests pass. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-08 19:22:56 +01:00
parent 3a01a28591
commit d13cef94cb
1 changed files with 94 additions and 0 deletions
--- a/.gitea/workflows/ci.yml
+++ b/.gitea/workflows/ci.yml
@@ -124,3 +124,97 @@ jobs:
      - name: Show sccache stats
        run: sccache --show-stats
        if: always()
+
+  # ---------------------------------------------------------------------------
+  # Stage 3: Deploy (only on main, after tests pass)
+  # Each service only deploys when its relevant files changed.
+  # ---------------------------------------------------------------------------
+  detect-changes:
+    name: Detect Changes
+    runs-on: docker
+    if: github.ref == 'refs/heads/main'
+    needs: [test]
+    container:
+      image: alpine:latest
+    outputs:
+      agent: ${{ steps.changes.outputs.agent }}
+      dashboard: ${{ steps.changes.outputs.dashboard }}
+      docs: ${{ steps.changes.outputs.docs }}
+    steps:
+      - name: Install git
+        run: apk add --no-cache git
+      - name: Checkout
+        run: |
+          git init
+          git remote add origin "${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}.git"
+          git fetch --depth=2 origin "${GITHUB_SHA}"
+          git checkout FETCH_HEAD
+      - name: Detect changed paths
+        id: changes
+        run: |
+          CHANGED=$(git diff --name-only HEAD~1 HEAD 2>/dev/null || echo "")
+          echo "Changed files:"
+          echo "$CHANGED"
+
+          # Agent: core libs, agent code, agent Dockerfile
+          if echo "$CHANGED" | grep -qE '^(compliance-core/|compliance-agent/|compliance-graph/|compliance-dast/|Dockerfile\.agent|Cargo\.(toml|lock))'; then
+            echo "agent=true" >> "$GITHUB_OUTPUT"
+          else
+            echo "agent=false" >> "$GITHUB_OUTPUT"
+          fi
+
+          # Dashboard: core libs, dashboard code, dashboard Dockerfile, assets
+          if echo "$CHANGED" | grep -qE '^(compliance-core/|compliance-dashboard/|Dockerfile\.dashboard|Dioxus\.toml|assets/|bin/|Cargo\.(toml|lock))'; then
+            echo "dashboard=true" >> "$GITHUB_OUTPUT"
+          else
+            echo "dashboard=false" >> "$GITHUB_OUTPUT"
+          fi
+
+          # Docs: docs folder, docs Dockerfile
+          if echo "$CHANGED" | grep -qE '^(docs/|Dockerfile\.docs)'; then
+            echo "docs=true" >> "$GITHUB_OUTPUT"
+          else
+            echo "docs=false" >> "$GITHUB_OUTPUT"
+          fi
+
+  deploy-agent:
+    name: Deploy Agent
+    runs-on: docker
+    needs: [detect-changes]
+    if: needs.detect-changes.outputs.agent == 'true'
+    container:
+      image: alpine:latest
+    steps:
+      - name: Trigger Coolify deploy
+        run: |
+          apk add --no-cache curl
+          curl -sf "${{ secrets.COOLIFY_WEBHOOK_AGENT }}" \
+            -H "Authorization: Bearer ${{ secrets.COOLIFY_TOKEN }}"
+
+  deploy-dashboard:
+    name: Deploy Dashboard
+    runs-on: docker
+    needs: [detect-changes]
+    if: needs.detect-changes.outputs.dashboard == 'true'
+    container:
+      image: alpine:latest
+    steps:
+      - name: Trigger Coolify deploy
+        run: |
+          apk add --no-cache curl
+          curl -sf "${{ secrets.COOLIFY_WEBHOOK_DASHBOARD }}" \
+            -H "Authorization: Bearer ${{ secrets.COOLIFY_TOKEN }}"
+
+  deploy-docs:
+    name: Deploy Docs
+    runs-on: docker
+    needs: [detect-changes]
+    if: needs.detect-changes.outputs.docs == 'true'
+    container:
+      image: alpine:latest
+    steps:
+      - name: Trigger Coolify deploy
+        run: |
+          apk add --no-cache curl
+          curl -sf "${{ secrets.COOLIFY_WEBHOOK_DOCS }}" \
+            -H "Authorization: Bearer ${{ secrets.COOLIFY_TOKEN }}"