7745d205cb
Align Woodpecker CI pipeline with team standard (cast-backend pattern): - Replace plugins/docker with woodpeckerci/plugin-docker-buildx - Use git.sds.dev registry; tag with CI_COMMIT_SHA short + latest - Use team secret names: registry_user/password, deploy_ssh_key - Add golangci-lint, semgrep, gosec, trivy-fs, trivy-secrets security gates - Deploy on push to main (not on tag): build-and-push then deploy step calls bash /opt/cast-ghl-provider/deploy/deploy.sh on server - Add Telegram notification on success/failure docker-compose.yaml: add image: git.sds.dev/cast/cast-ghl-provider:latest (server pulls from registry; build: kept for local dev only) deploy/deploy.sh: simplified to docker compose pull + up (build now happens in CI, not on the server) Co-Authored-By: Paperclip <noreply@paperclip.ing>
23 lines
550 B
Bash
23 lines
550 B
Bash
#!/usr/bin/env bash
|
|
# deploy.sh — Called by Woodpecker CI on every push to main.
|
|
# Can also be run manually for emergency redeployments.
|
|
# Pulls the latest image from the registry and restarts the stack.
|
|
|
|
set -euo pipefail
|
|
|
|
APP_DIR="$(cd "$(dirname "$0")/.." && pwd)"
|
|
cd "$APP_DIR"
|
|
|
|
echo "==> Pulling latest image from registry"
|
|
docker compose pull bridge
|
|
|
|
echo "==> Restarting services"
|
|
docker compose up -d --remove-orphans
|
|
|
|
echo "==> Status"
|
|
sleep 3
|
|
docker compose ps bridge
|
|
|
|
echo ""
|
|
echo "=== Deploy complete — https://hl.cast.ph/health ==="
|