mta-sts/.woodpecker/deploy.yaml

# Deploy: build image, push to registry, trigger Portainer stack redeploy.
# Runs on push/tag/manual to main only, after ci workflow succeeds.
when:
    - branch: main
      event: [push, tag, manual]
    - event: deployment
      evaluate: 'CI_PIPELINE_DEPLOY_TARGET == "production"'

depends_on:
    - build

steps:
    - name: Trigger Portainer stack redeploy
      image: curlimages/curl:latest
      environment:
          PORTAINER_WEBHOOK_URL:
              from_secret: portainer_webhook_url
      commands:
          - set -e
          - echo "=== Triggering Portainer stack redeploy ==="
          - |
              resp=$(curl -s -w "\n%{http_code}" -X POST "$PORTAINER_WEBHOOK_URL")
              body=$(echo "$resp" | head -n -1)
              code=$(echo "$resp" | tail -n 1)
              if [ "$code" != "200" ] && [ "$code" != "204" ]; then
                echo "Webhook failed (HTTP $code): $body"
                exit 1
              fi
              echo "✓ Portainer redeploy triggered (HTTP $code)"
      depends_on:
          - Push to registry

    - name: Send Deploy Status Notification (success)
      image: curlimages/curl
      environment:
          MATTERMOST_BOT_ACCESS_TOKEN:
              from_secret: mattermost_bot_access_token
          MATTERMOST_CHANNEL_ID:
              from_secret: mattermost_pushes_channel_id
          MATTERMOST_POST_API_URL:
              from_secret: mattermost_post_api_url
      commands:
          - |
              BODY=$(printf '{"channel_id":"%s","message":"[%s - Build #%s] Production Deploy success 🎉"}' "$MATTERMOST_CHANNEL_ID" "$CI_REPO" "$CI_PIPELINE_NUMBER")
              curl -sS -X POST -H "Content-Type: application/json" -d "$BODY" -H "Authorization: Bearer $MATTERMOST_BOT_ACCESS_TOKEN" $MATTERMOST_POST_API_URL
      depends_on:
          - Trigger Portainer stack redeploy
      when:
          - status: [success]

    - name: Send Deploy Status Notification (failure)
      image: curlimages/curl
      environment:
          MATTERMOST_BOT_ACCESS_TOKEN:
              from_secret: mattermost_bot_access_token
          MATTERMOST_CHANNEL_ID:
              from_secret: mattermost_pushes_channel_id
          MATTERMOST_POST_API_URL:
              from_secret: mattermost_post_api_url
      commands:
          - |
              BODY=$(printf '{"channel_id":"%s","message":"[%s - Build #%s] Production Deploy failure 💩"}' "$MATTERMOST_CHANNEL_ID" "$CI_REPO" "$CI_PIPELINE_NUMBER")
              curl -sS -X POST -H "Content-Type: application/json" -d "$BODY" -H "Authorization: Bearer $MATTERMOST_BOT_ACCESS_TOKEN" $MATTERMOST_POST_API_URL
      depends_on:
          - Trigger Portainer stack redeploy
      when:
          - status: [failure]