All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
We build this image, so the Woodpecker pipeline should also drive the rollout: atomic + deterministic, no wait for Keel's poll and no risk of Keel resolving :latest to a stale concrete tag. build-and-push now tags both latest and the 8-char SHA; a new deploy step runs `kubectl set image` (bitnami/kubectl, in-cluster cluster-admin SA — no kubeconfig) for the payslip-ingest container + the alembic-migrate init container (shared image, must move in lockstep), then waits on rollout status. Keel stays enrolled in parallel as a redundant net. Deploy already has the KEEL_IGNORE_IMAGE ignore_changes so CI set image won't fight terragrunt. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
49 lines
1.7 KiB
YAML
49 lines
1.7 KiB
YAML
when:
|
|
event: push
|
|
|
|
clone:
|
|
git:
|
|
image: woodpeckerci/plugin-git
|
|
settings:
|
|
attempts: 5
|
|
backoff: 10s
|
|
|
|
steps:
|
|
- name: build-and-push
|
|
image: woodpeckerci/plugin-docker-buildx
|
|
settings:
|
|
# Phase 4 of forgejo-registry-consolidation 2026-05-07 —
|
|
# registry.viktorbarzin.me decommissioned. Forgejo is the only target.
|
|
repo:
|
|
- forgejo.viktorbarzin.me/viktor/payslip-ingest
|
|
logins:
|
|
- registry: forgejo.viktorbarzin.me
|
|
username:
|
|
from_secret: forgejo_user
|
|
password:
|
|
from_secret: forgejo_push_token
|
|
dockerfile: Dockerfile
|
|
context: .
|
|
platforms:
|
|
- linux/amd64
|
|
tags:
|
|
- "latest"
|
|
- "${CI_COMMIT_SHA:0:8}"
|
|
|
|
# We build the image, so we drive the rollout too — atomic + deterministic,
|
|
# no wait for Keel's hourly poll and no risk of Keel resolving :latest to a
|
|
# stale concrete tag. Keel stays enrolled in parallel as a redundant net
|
|
# (it finds the SHA already running → no-op). set image on a NEW :SHA always
|
|
# changes the pod template → guaranteed rollout, and bootstraps off any
|
|
# legacy pinned tag with no manual step. Sets the alembic-migrate init
|
|
# container too — it shares the image so its tag must move in lockstep.
|
|
- name: deploy
|
|
image: bitnami/kubectl:latest
|
|
depends_on:
|
|
- build-and-push
|
|
when:
|
|
branch: master
|
|
event: [push, manual]
|
|
commands:
|
|
- "kubectl set image deployment/payslip-ingest payslip-ingest=forgejo.viktorbarzin.me/viktor/payslip-ingest:${CI_COMMIT_SHA:0:8} alembic-migrate=forgejo.viktorbarzin.me/viktor/payslip-ingest:${CI_COMMIT_SHA:0:8} -n payslip-ingest"
|
|
- "kubectl rollout status deployment/payslip-ingest -n payslip-ingest --timeout=300s"
|