More hardening and migration from Drone to Woodpecker

2026-02-01 19:11:32 -03:00
parent a0f148c3ef
commit 5035ed118d
12 changed files with 558 additions and 112 deletions
--- a/.woodpecker/build.yaml
+++ b/.woodpecker/build.yaml
@@ -0,0 +1,33 @@
+# Build and Publish Docker image (runs on push to main)
+# Secrets required in Woodpecker: gitea_registry_username, gitea_package_token, discord_webhook_url
+# Project must be set to "Trusted" in Woodpecker for the Docker build step (privileged).
+when:
+  branch: main
+  event: push
+
+steps:
+  - name: Build and Publish Docker Image
+    image: woodpeckerci/plugin-docker-buildx:2
+    privileged: true
+    settings:
+      repo: git.mifi.dev/mifi-holdings/mail-autoconfig
+      registry: git.mifi.dev
+      auto_tag: true
+      username:
+        from_secret: gitea_registry_username
+      password:
+        from_secret: gitea_package_token
+
+  - name: Send Deploy Status Notification
+    image: curlimages/curl
+    environment:
+      DISCORD_WEBHOOK_URL:
+        from_secret: discord_webhook_url
+    commands:
+      - |
+        EMOJI="💩"
+        [ "$CI_PIPELINE_STATUS" = "success" ] && EMOJI="🎉"
+        BODY=$(printf '{"username":"WoodpeckerBot","content":"[%s - Build #%s] Publish %s %s"}' "$CI_REPO" "$CI_PIPELINE_NUMBER" "$CI_PIPELINE_STATUS" "$EMOJI")
+        curl -sS -X POST -H "Content-Type: application/json" -d "$BODY" "$DISCORD_WEBHOOK_URL"
+    when:
+      - status: [ success, failure ]
--- a/.woodpecker/production.yaml
+++ b/.woodpecker/production.yaml
@@ -0,0 +1,31 @@
+# Production Deploy (run via Woodpecker UI: trigger deployment to "production")
+# No clone: runs without repo checkout; triggers Portainer stack webhook.
+# Secrets required: portainer_webhook_url (Portainer stack webhook URL), discord_webhook_url (Discord incoming webhook).
+skip_clone: true
+
+when:
+  event: deployment
+  evaluate: 'CI_PIPELINE_DEPLOY_TARGET == "production"'
+
+steps:
+  - name: Deploy to Production
+    image: curlimages/curl
+    environment:
+      PORTAINER_WEBHOOK_URL:
+        from_secret: portainer_webhook_url
+    commands:
+      - curl -sS -X POST "$PORTAINER_WEBHOOK_URL"
+
+  - name: Send Production Deploy Status
+    image: curlimages/curl
+    environment:
+      DISCORD_WEBHOOK_URL:
+        from_secret: discord_webhook_url
+    commands:
+      - |
+        EMOJI="💩"
+        [ "$CI_PIPELINE_STATUS" = "success" ] && EMOJI="🎉"
+        BODY=$(printf '{"username":"WoodpeckerBot","content":"[%s - Build #%s] Production Deploy %s %s"}' "$CI_REPO" "$CI_PIPELINE_NUMBER" "$CI_PIPELINE_STATUS" "$EMOJI")
+        curl -sS -X POST -H "Content-Type: application/json" -d "$BODY" "$DISCORD_WEBHOOK_URL"
+    when:
+      - status: [ success, failure ]