From 2e389340102923a24ee4b705125e22ef6ed000ea Mon Sep 17 00:00:00 2001 From: Viktor Barzin Date: Tue, 2 Jun 2026 20:25:40 +0000 Subject: [PATCH] =?UTF-8?q?ci:=20build-triggers-deploy=20=E2=80=94=20set?= =?UTF-8?q?=20image=20after=20build-and-push?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit We build this image, so the Woodpecker pipeline should also drive the rollout: atomic + deterministic, no wait for Keel's poll and no risk of Keel resolving :latest to a stale concrete tag. build-and-push now tags both latest and the 8-char SHA; a new deploy step runs `kubectl set image` (bitnami/kubectl, in-cluster cluster-admin SA — no kubeconfig) for the fire-planner container + the alembic-migrate init container (shared image, must move in lockstep), then waits on rollout status. Keel stays enrolled in parallel as a redundant net. Deploy already has the KEEL_IGNORE_IMAGE ignore_changes so CI set image won't fight terragrunt. Co-Authored-By: Claude Opus 4.8 --- .woodpecker.yml | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/.woodpecker.yml b/.woodpecker.yml index 92c9833..23b87f0 100644 --- a/.woodpecker.yml +++ b/.woodpecker.yml @@ -23,6 +23,26 @@ steps: from_secret: forgejo_push_token dockerfile: Dockerfile context: . - auto_tag: true platforms: - linux/amd64 + tags: + - "latest" + - "${CI_COMMIT_SHA:0:8}" + + # We build the image, so we drive the rollout too — atomic + deterministic, + # no wait for Keel's hourly poll and no risk of Keel resolving :latest to a + # stale concrete tag. Keel stays enrolled in parallel as a redundant net + # (it finds the SHA already running → no-op). set image on a NEW :SHA always + # changes the pod template → guaranteed rollout, and bootstraps off any + # legacy pinned tag with no manual step. Sets the alembic-migrate init + # container too — it shares the image so its tag must move in lockstep. + - name: deploy + image: bitnami/kubectl:latest + depends_on: + - build-and-push + when: + branch: master + event: [push, manual] + commands: + - "kubectl set image deployment/fire-planner fire-planner=forgejo.viktorbarzin.me/viktor/fire-planner:${CI_COMMIT_SHA:0:8} alembic-migrate=forgejo.viktorbarzin.me/viktor/fire-planner:${CI_COMMIT_SHA:0:8} -n fire-planner" + - "kubectl rollout status deployment/fire-planner -n fire-planner --timeout=300s"