payslip-ingest/.woodpecker.yml
Viktor Barzin 3a38dd3e34
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
ci: build-triggers-deploy — set image after build-and-push
We build this image, so the Woodpecker pipeline should also drive the
rollout: atomic + deterministic, no wait for Keel's poll and no risk of
Keel resolving :latest to a stale concrete tag. build-and-push now tags
both latest and the 8-char SHA; a new deploy step runs `kubectl set
image` (bitnami/kubectl, in-cluster cluster-admin SA — no kubeconfig) for
the payslip-ingest container + the alembic-migrate init container (shared
image, must move in lockstep), then waits on rollout status. Keel stays
enrolled in parallel as a redundant net. Deploy already has the
KEEL_IGNORE_IMAGE ignore_changes so CI set image won't fight terragrunt.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-02 20:25:48 +00:00

49 lines
1.7 KiB
YAML

when:
event: push
clone:
git:
image: woodpeckerci/plugin-git
settings:
attempts: 5
backoff: 10s
steps:
- name: build-and-push
image: woodpeckerci/plugin-docker-buildx
settings:
# Phase 4 of forgejo-registry-consolidation 2026-05-07 —
# registry.viktorbarzin.me decommissioned. Forgejo is the only target.
repo:
- forgejo.viktorbarzin.me/viktor/payslip-ingest
logins:
- registry: forgejo.viktorbarzin.me
username:
from_secret: forgejo_user
password:
from_secret: forgejo_push_token
dockerfile: Dockerfile
context: .
platforms:
- linux/amd64
tags:
- "latest"
- "${CI_COMMIT_SHA:0:8}"
# We build the image, so we drive the rollout too — atomic + deterministic,
# no wait for Keel's hourly poll and no risk of Keel resolving :latest to a
# stale concrete tag. Keel stays enrolled in parallel as a redundant net
# (it finds the SHA already running → no-op). set image on a NEW :SHA always
# changes the pod template → guaranteed rollout, and bootstraps off any
# legacy pinned tag with no manual step. Sets the alembic-migrate init
# container too — it shares the image so its tag must move in lockstep.
- name: deploy
image: bitnami/kubectl:latest
depends_on:
- build-and-push
when:
branch: master
event: [push, manual]
commands:
- "kubectl set image deployment/payslip-ingest payslip-ingest=forgejo.viktorbarzin.me/viktor/payslip-ingest:${CI_COMMIT_SHA:0:8} alembic-migrate=forgejo.viktorbarzin.me/viktor/payslip-ingest:${CI_COMMIT_SHA:0:8} -n payslip-ingest"
- "kubectl rollout status deployment/payslip-ingest -n payslip-ingest --timeout=300s"