steps: # =========================================== # PR VALIDATION: Parallel type checks (PRs only) # =========================================== typecheck-backend: image: mirror.gcr.io/library/node:22 commands: - cd backend - npm ci --prefer-offline - npx tsc --noEmit depends_on: [] when: event: pull_request typecheck-cannaiq: image: mirror.gcr.io/library/node:22 commands: - cd cannaiq - npm ci --prefer-offline - npx tsc --noEmit depends_on: [] when: event: pull_request typecheck-findadispo: image: mirror.gcr.io/library/node:22 commands: - cd findadispo/frontend - npm ci --prefer-offline - npx tsc --noEmit 2>/dev/null || true depends_on: [] when: event: pull_request typecheck-findagram: image: mirror.gcr.io/library/node:22 commands: - cd findagram/frontend - npm ci --prefer-offline - npx tsc --noEmit 2>/dev/null || true depends_on: [] when: event: pull_request # =========================================== # AUTO-MERGE: Merge PR after all checks pass # =========================================== auto-merge: image: mirror.gcr.io/library/alpine:latest environment: GITEA_TOKEN: from_secret: gitea_token commands: - apk add --no-cache curl - | echo "Merging PR #${CI_COMMIT_PULL_REQUEST}..." curl -s -X POST \ -H "Authorization: token $GITEA_TOKEN" \ -H "Content-Type: application/json" \ -d '{"Do":"merge"}' \ "https://git.spdy.io/api/v1/repos/Creationshop/cannaiq/pulls/${CI_COMMIT_PULL_REQUEST}/merge" depends_on: - typecheck-backend - typecheck-cannaiq - typecheck-findadispo - typecheck-findagram when: event: pull_request # =========================================== # MASTER DEPLOY: Parallel Docker builds (Kaniko - no Docker daemon) # =========================================== docker-backend: image: gcr.io/kaniko-project/executor:debug environment: REGISTRY_USER: from_secret: registry_username REGISTRY_PASS: from_secret: registry_password commands: - echo "{\"auths\":{\"git.spdy.io\":{\"username\":\"$REGISTRY_USER\",\"password\":\"$REGISTRY_PASS\"}}}" > /kaniko/.docker/config.json - /kaniko/executor --context=backend --dockerfile=backend/Dockerfile --destination=git.spdy.io/creationshop/cannaiq:latest --destination=git.spdy.io/creationshop/cannaiq:sha-${CI_COMMIT_SHA:0:8} --build-arg=APP_BUILD_VERSION=sha-${CI_COMMIT_SHA:0:8} --build-arg=APP_GIT_SHA=${CI_COMMIT_SHA} --build-arg=APP_BUILD_TIME=${CI_PIPELINE_CREATED} --build-arg=CONTAINER_IMAGE_TAG=sha-${CI_COMMIT_SHA:0:8} --cache=true depends_on: [] when: branch: [master, develop] event: push docker-cannaiq: image: gcr.io/kaniko-project/executor:debug environment: REGISTRY_USER: from_secret: registry_username REGISTRY_PASS: from_secret: registry_password commands: - echo "{\"auths\":{\"git.spdy.io\":{\"username\":\"$REGISTRY_USER\",\"password\":\"$REGISTRY_PASS\"}}}" > /kaniko/.docker/config.json - /kaniko/executor --context=cannaiq --dockerfile=cannaiq/Dockerfile --destination=git.spdy.io/creationshop/cannaiq-frontend:latest --destination=git.spdy.io/creationshop/cannaiq-frontend:sha-${CI_COMMIT_SHA:0:8} --cache=true depends_on: [] when: branch: [master, develop] event: push docker-findadispo: image: gcr.io/kaniko-project/executor:debug environment: REGISTRY_USER: from_secret: registry_username REGISTRY_PASS: from_secret: registry_password commands: - echo "{\"auths\":{\"git.spdy.io\":{\"username\":\"$REGISTRY_USER\",\"password\":\"$REGISTRY_PASS\"}}}" > /kaniko/.docker/config.json - /kaniko/executor --context=findadispo/frontend --dockerfile=findadispo/frontend/Dockerfile --destination=git.spdy.io/creationshop/findadispo-frontend:latest --destination=git.spdy.io/creationshop/findadispo-frontend:sha-${CI_COMMIT_SHA:0:8} --cache=true depends_on: [] when: branch: [master, develop] event: push docker-findagram: image: gcr.io/kaniko-project/executor:debug environment: REGISTRY_USER: from_secret: registry_username REGISTRY_PASS: from_secret: registry_password commands: - echo "{\"auths\":{\"git.spdy.io\":{\"username\":\"$REGISTRY_USER\",\"password\":\"$REGISTRY_PASS\"}}}" > /kaniko/.docker/config.json - /kaniko/executor --context=findagram/frontend --dockerfile=findagram/frontend/Dockerfile --destination=git.spdy.io/creationshop/findagram-frontend:latest --destination=git.spdy.io/creationshop/findagram-frontend:sha-${CI_COMMIT_SHA:0:8} --cache=true depends_on: [] when: branch: [master, develop] event: push # =========================================== # STAGE 3: Deploy and Run Migrations # =========================================== deploy: image: mirror.gcr.io/bitnami/kubectl:latest environment: KUBECONFIG_CONTENT: from_secret: kubeconfig_data commands: - mkdir -p ~/.kube - echo "$KUBECONFIG_CONTENT" | tr -d '[:space:]' | base64 -d > ~/.kube/config - chmod 600 ~/.kube/config # Deploy backend first - kubectl set image deployment/scraper scraper=git.spdy.io/creationshop/cannaiq:sha-${CI_COMMIT_SHA:0:8} -n cannaiq - kubectl rollout status deployment/scraper -n cannaiq --timeout=300s # Note: Migrations run automatically at startup via auto-migrate # Deploy remaining services # Resilience: ensure workers are scaled up if at 0 - REPLICAS=$(kubectl get deployment scraper-worker -n cannaiq -o jsonpath='{.spec.replicas}'); if [ "$REPLICAS" = "0" ]; then echo "Scaling workers from 0 to 5"; kubectl scale deployment/scraper-worker --replicas=5 -n cannaiq; fi - kubectl set image deployment/scraper-worker worker=git.spdy.io/creationshop/cannaiq:sha-${CI_COMMIT_SHA:0:8} -n cannaiq - kubectl set image deployment/cannaiq-frontend cannaiq-frontend=git.spdy.io/creationshop/cannaiq-frontend:sha-${CI_COMMIT_SHA:0:8} -n cannaiq - kubectl set image deployment/findadispo-frontend findadispo-frontend=git.spdy.io/creationshop/findadispo-frontend:sha-${CI_COMMIT_SHA:0:8} -n cannaiq - kubectl set image deployment/findagram-frontend findagram-frontend=git.spdy.io/creationshop/findagram-frontend:sha-${CI_COMMIT_SHA:0:8} -n cannaiq - kubectl rollout status deployment/cannaiq-frontend -n cannaiq --timeout=120s depends_on: - docker-backend - docker-cannaiq - docker-findadispo - docker-findagram when: branch: [master, develop] event: push