broker-sync/.github/workflows/ci.yml

name: CI

on:
  push:
    branches: [main, phase-0-scaffold]
  pull_request:

env:
  IMAGE_NAME: broker-sync

jobs:
  test:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-python@v5
        with:
          python-version: "3.12"
      - name: Install Poetry
        run: pipx install poetry==1.8.4
      - name: Install deps
        run: poetry install --no-interaction
      - run: poetry run ruff check .
      - run: poetry run mypy broker_sync tests
      - run: poetry run pytest -q

  build:
    runs-on: ubuntu-latest
    needs: test
    if: github.event_name == 'push' && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/phase-0-scaffold')
    outputs:
      image_tag: ${{ steps.meta.outputs.sha }}
    steps:
      - uses: actions/checkout@v4
      - uses: docker/setup-buildx-action@v3
      - uses: docker/login-action@v3
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      - id: meta
        run: echo "sha=$(echo ${{ github.sha }} | cut -c1-8)" >> $GITHUB_OUTPUT
      - uses: docker/build-push-action@v6
        with:
          context: .
          file: Dockerfile
          push: true
          platforms: linux/amd64
          tags: |
            viktorbarzin/${{ env.IMAGE_NAME }}:${{ steps.meta.outputs.sha }}
            viktorbarzin/${{ env.IMAGE_NAME }}:latest
          cache-from: type=gha
          cache-to: type=gha,mode=max

  deploy:
    needs: build
    if: github.event_name == 'push' && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/phase-0-scaffold')
    runs-on: ubuntu-latest
    steps:
      - name: Trigger Woodpecker deploy
        env:
          # TODO: replace WOODPECKER_REPO_ID with the numeric id assigned when the
          # broker-sync repo is registered with Woodpecker. See infra CLAUDE.md
          # "Woodpecker API uses numeric repo IDs".
          WOODPECKER_REPO_ID: "TBD"
        run: |
          if [ "$WOODPECKER_REPO_ID" = "TBD" ]; then
            echo "Woodpecker repo not yet registered — skipping deploy trigger."
            exit 0
          fi
          for attempt in 1 2 3; do
            STATUS=$(curl -s -o /dev/null -w "%{http_code}" -X POST \
              "https://ci.viktorbarzin.me/api/repos/${WOODPECKER_REPO_ID}/pipelines" \
              -H "Authorization: Bearer ${{ secrets.WOODPECKER_TOKEN }}" \
              -H "Content-Type: application/json" \
              -d '{"branch":"main","variables":{"IMAGE_TAG":"${{ needs.build.outputs.image_tag }}"}}')
            if [ "$STATUS" -ge 200 ] && [ "$STATUS" -lt 300 ]; then
              echo "Woodpecker deploy triggered (HTTP $STATUS)"
              exit 0
            fi
            echo "Attempt $attempt failed (HTTP $STATUS), retrying in 30s..."
            sleep 30
          done
          echo "Failed to trigger Woodpecker deploy after 3 attempts"
          exit 1