# CI/CD — Woodpecker

This repo uses [Woodpecker CI](https://woodpecker-ci.org/) for build and deploy. Pipelines were migrated from Drone.

## Workflows

| Workflow    | Trigger              | Description |
|------------|----------------------|-------------|
| **build**  | Push to `main`       | Build and push Docker image to `git.mifi.dev/mifi-holdings/mail-autoconfig` (with `auto_tag`), then send status to lab webhook. |
| **production** | Deployment to `production` | No clone; POST to Portainer stack webhook, then send status to lab webhook. |

Workflows are defined in [.woodpecker/build.yaml](../.woodpecker/build.yaml) and [.woodpecker/production.yaml](../.woodpecker/production.yaml).

## Woodpecker setup

1. **Add the repo** in Woodpecker and point it at your forge (Gitea/GitHub/etc.).

2. **Secrets** (repository secrets):
   - **Build workflow:** `gitea_registry_username`, `gitea_package_token` — Registry credentials for `git.mifi.dev`.
   - **Production workflow:** `portainer_webhook_url` — Portainer stack webhook URL (do not commit; anyone with this URL can trigger a redeploy). `discord_webhook_url` — Discord incoming webhook for deploy notifications.

3. **Trusted project**: In the repo’s Woodpecker project settings, enable **Trusted** so the Docker build step can run with `privileged: true`.

4. **Production deploy**: To deploy to production, trigger a **deployment** in Woodpecker with target **production** (e.g. from the pipeline UI after a successful build).

## Migration from Drone

| Drone                         | Woodpecker |
|------------------------------|------------|
| `.drone.yml` (two pipelines) | `.woodpecker/build.yaml` + `.woodpecker/production.yaml` |
| `plugins/docker`             | `woodpeckerci/plugin-docker-buildx` |
| `plugins/webhook`            | `curlimages/curl` with inline commands |
| `promote` → target `production` | Deployment event with `CI_PIPELINE_DEPLOY_TARGET == "production"` |
| `from_secret: gitea_package_token` | Same secret name in Woodpecker; add `gitea_registry_username` for registry login |

- **Build pipeline**: Runs on push to `main`; builds and pushes the image with `auto_tag` (e.g. `latest`, branch, semver on tags).
- **Production pipeline**: No clone; runs when you trigger a deployment to **production**; calls Portainer webhook and lab webhook.

You can remove [.drone.yml](../.drone.yml) after switching to Woodpecker, or keep it for reference.