# Deploy: build qr-api and qr-web (multi-arch amd64 + arm64), push to registry, trigger Portainer stack redeploy. # Runs on push/tag/manual to main only, after CI workflow succeeds. when: - branch: main event: [push, tag, manual] - event: deployment evaluate: 'CI_PIPELINE_DEPLOY_TARGET == "production"' depends_on: - ci steps: - name: Docker image build (qr-api + qr-web) image: docker:latest environment: DOCKER_API_VERSION: '1.43' DOCKER_BUILDKIT: '1' BUILDKIT_PROGRESS: 'plain' REGISTRY_URL: git.mifi.dev REGISTRY_REPO_API: git.mifi.dev/mifi-holdings/shorty-qr-api REGISTRY_REPO_WEB: git.mifi.dev/mifi-holdings/shorty-qr-web REGISTRY_USERNAME: from_secret: gitea_registry_username REGISTRY_PASSWORD: from_secret: gitea_package_token volumes: - /var/run/docker.sock:/var/run/docker.sock commands: - set -e - echo "=== Docker build ===" - 'echo "Commit SHA: ${CI_COMMIT_SHA:0:8}"' - | apk add --no-cache git docker buildx version || true docker buildx create --name shorty-builder --use --driver docker-container 2>/dev/null || docker buildx use shorty-builder echo "$REGISTRY_PASSWORD" | docker login "$REGISTRY_URL" -u "$REGISTRY_USERNAME" --password-stdin - | build_push() { local ctx=$1 local repo=$2 docker buildx build \ --platform linux/amd64 \ --progress=plain \ --tag $repo:${CI_COMMIT_SHA} \ --tag $repo:latest \ --label "git.commit=${CI_COMMIT_SHA}" \ --label "git.branch=${CI_COMMIT_BRANCH}" \ --push \ "$ctx" } build_push ./qr-api $REGISTRY_REPO_API build_push ./qr-web $REGISTRY_REPO_WEB echo "✓ Images built and pushed (multi-arch)" - name: Send Build Status Notification (success) image: curlimages/curl environment: MATTERMOST_BOT_ACCESS_TOKEN: from_secret: mattermost_bot_access_token MATTERMOST_CHANNEL_ID: from_secret: mattermost_pushes_channel_id MATTERMOST_POST_API_URL: from_secret: mattermost_post_api_url commands: - | BODY=$(printf '{"channel_id":"%s","message":"[%s - Build #%s] Docker images build success 🎉"}' "$MATTERMOST_CHANNEL_ID" "$CI_REPO" "$CI_PIPELINE_NUMBER") curl -sS -X POST -H "Content-Type: application/json" -d "$BODY" -H "Authorization: Bearer $MATTERMOST_BOT_ACCESS_TOKEN" $MATTERMOST_POST_API_URL depends_on: - Docker image build (qr-api + qr-web) when: - status: [success] - name: Send Build Status Notification (failure) image: curlimages/curl environment: MATTERMOST_BOT_ACCESS_TOKEN: from_secret: mattermost_bot_access_token MATTERMOST_CHANNEL_ID: from_secret: mattermost_pushes_channel_id MATTERMOST_POST_API_URL: from_secret: mattermost_post_api_url commands: - | BODY=$(printf '{"channel_id":"%s","message":"[%s - Build #%s] Docker images build failure 💩"}' "$MATTERMOST_CHANNEL_ID" "$CI_REPO" "$CI_PIPELINE_NUMBER") curl -sS -X POST -H "Content-Type: application/json" -d "$BODY" -H "Authorization: Bearer $MATTERMOST_BOT_ACCESS_TOKEN" $MATTERMOST_POST_API_URL depends_on: - Docker image build (qr-api + qr-web) when: - status: [failure] - name: Trigger Portainer stack redeploy image: curlimages/curl:latest environment: PORTAINER_WEBHOOK_URL: from_secret: portainer_webhook_url commands: - set -e - echo "=== Triggering Portainer stack redeploy ===" - | resp=$(curl -s -w "\n%{http_code}" -X POST "$PORTAINER_WEBHOOK_URL") body=$(echo "$resp" | head -n -1) code=$(echo "$resp" | tail -n 1) if [ "$code" != "200" ] && [ "$code" != "204" ]; then echo "Webhook failed (HTTP $code): $body" exit 1 fi echo "✓ Portainer redeploy triggered (HTTP $code)" depends_on: - Docker image build (qr-api + qr-web) - name: Send Deploy Status Notification (success) image: curlimages/curl environment: MATTERMOST_BOT_ACCESS_TOKEN: from_secret: mattermost_bot_access_token MATTERMOST_CHANNEL_ID: from_secret: mattermost_pushes_channel_id MATTERMOST_POST_API_URL: from_secret: mattermost_post_api_url commands: - | BODY=$(printf '{"channel_id":"%s","message":"[%s - Build #%s] Production Deploy success 🎉"}' "$MATTERMOST_CHANNEL_ID" "$CI_REPO" "$CI_PIPELINE_NUMBER") curl -sS -X POST -H "Content-Type: application/json" -d "$BODY" -H "Authorization: Bearer $MATTERMOST_BOT_ACCESS_TOKEN" $MATTERMOST_POST_API_URL depends_on: - Trigger Portainer stack redeploy when: - status: [success] - name: Send Deploy Status Notification (failure) image: curlimages/curl environment: MATTERMOST_BOT_ACCESS_TOKEN: from_secret: mattermost_bot_access_token MATTERMOST_CHANNEL_ID: from_secret: mattermost_pushes_channel_id MATTERMOST_POST_API_URL: from_secret: mattermost_post_api_url commands: - | BODY=$(printf '{"channel_id":"%s","message":"[%s - Build #%s] Production Deploy failure 💩"}' "$MATTERMOST_CHANNEL_ID" "$CI_REPO" "$CI_PIPELINE_NUMBER") curl -sS -X POST -H "Content-Type: application/json" -d "$BODY" -H "Authorization: Bearer $MATTERMOST_BOT_ACCESS_TOKEN" $MATTERMOST_POST_API_URL depends_on: - Trigger Portainer stack redeploy when: - status: [failure]