ci: add GitOps update step to Woodpecker pipeline

- After building, update nxtgauge-gitops with new SHA tag
- Requires secrets: GITOPS_REPO_URL, GITOPS_BRANCH, GITOPS_TOKEN

.woodpecker.yml

@@ -1,3 +1,9 @@
+# Woodpecker CI - Admin build + GitOps update
+#
+# Secrets required:
+# - REGISTRY_HOSTPORT, REGISTRY_USERNAME, REGISTRY_PASSWORD (existing)
+# - GITOPS_REPO_URL, GITOPS_BRANCH, GITOPS_TOKEN, GITOPS_USERNAME, GITOPS_EMAIL
+
 when:
   branch: [main, high-performance]
   event: push
@@ -23,3 +29,53 @@ steps:
       skip_tls_verify: true
       platforms: linux/amd64
       cache: false
+
+  - name: update-gitops
+    image: alpine:latest
+    environment:
+      GITOPS_REPO_URL:
+        from_secret: GITOPS_REPO_URL
+      GITOPS_BRANCH:
+        from_secret: GITOPS_BRANCH
+      GITOPS_TOKEN:
+        from_secret: GITOPS_TOKEN
+    commands:
+      - |
+        set -e
+        apk add --no-cache git bash sed
+
+        echo "Updating GitOps for nxtgauge-admin-solid"
+
+        # Clone gitops repo
+        GIT_REPO=$(echo "${GITOPS_REPO_URL}" | sed 's|https://||')
+        git clone "https://x-access-token:${GITOPS_TOKEN}@${GIT_REPO}" /tmp/gitops
+        cd /tmp/gitops
+        git checkout ${GITOPS_BRANCH:-main}
+
+        # Update admin overlay
+        ADMIN_OVERLAY="apps/nxtgauge-admin-solid/overlays/prod"
+        if [ -f "${ADMIN_OVERLAY}/kustomization.yaml" ]; then
+          sed -i "s|image: registry.nxtgauge.com:5000/nxtgauge-admin-solid:.*|image: registry.nxtgauge.com:5000/nxtgauge-admin-solid:${CI_COMMIT_SHA}|" \
+            ${ADMIN_OVERLAY}/kustomization.yaml
+          echo "Updated admin image to ${CI_COMMIT_SHA}"
+        fi
+
+        # Also update base if needed
+        ADMIN_BASE="apps/nxtgauge-admin-solid/base"
+        if [ -f "${ADMIN_BASE}/deployment.yaml" ]; then
+          sed -i "s|image: registry.nxtgauge.com:5000/nxtgauge-admin-solid.*|image: registry.nxtgauge.com:5000/nxtgauge-admin-solid:${CI_COMMIT_SHA}|" \
+            ${ADMIN_BASE}/deployment.yaml
+          echo "Updated admin base deployment"
+        fi
+
+        # Commit if changed
+        if ! git diff --quiet; then
+          git add -A
+          git commit -m "ci: update nxtgauge-admin-solid to ${CI_COMMIT_SHA:0:8}"
+          git push origin ${GITOPS_BRANCH:-main}
+          echo "Pushed GitOps update"
+        else
+          echo "No changes to push"
+        fi
+    when:
+      status: success