From 7625d542ae5c69d3aad407bdf00e98c04c8211e4 Mon Sep 17 00:00:00 2001
From: Tracewebstudio Dev <dev@tracewebstudio.com>
Date: Tue, 14 Apr 2026 14:19:04 +0200
Subject: [PATCH] ci: add GitOps update step to Woodpecker pipeline

- After building, update nxtgauge-gitops with new SHA tag
- Requires secrets: GITOPS_REPO_URL, GITOPS_BRANCH, GITOPS_TOKEN
---
 .woodpecker.yml | 56 +++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 56 insertions(+)

diff --git a/.woodpecker.yml b/.woodpecker.yml
index 35f0c0a..833c15b 100644
--- a/.woodpecker.yml
+++ b/.woodpecker.yml
@@ -1,3 +1,9 @@
+# Woodpecker CI - Admin build + GitOps update
+#
+# Secrets required:
+# - REGISTRY_HOSTPORT, REGISTRY_USERNAME, REGISTRY_PASSWORD (existing)
+# - GITOPS_REPO_URL, GITOPS_BRANCH, GITOPS_TOKEN, GITOPS_USERNAME, GITOPS_EMAIL
+
 when:
   branch: [main, high-performance]
   event: push
@@ -23,3 +29,53 @@ steps:
       skip_tls_verify: true
       platforms: linux/amd64
       cache: false
+
+  - name: update-gitops
+    image: alpine:latest
+    environment:
+      GITOPS_REPO_URL:
+        from_secret: GITOPS_REPO_URL
+      GITOPS_BRANCH:
+        from_secret: GITOPS_BRANCH
+      GITOPS_TOKEN:
+        from_secret: GITOPS_TOKEN
+    commands:
+      - |
+        set -e
+        apk add --no-cache git bash sed
+
+        echo "Updating GitOps for nxtgauge-admin-solid"
+
+        # Clone gitops repo
+        GIT_REPO=$(echo "${GITOPS_REPO_URL}" | sed 's|https://||')
+        git clone "https://x-access-token:${GITOPS_TOKEN}@${GIT_REPO}" /tmp/gitops
+        cd /tmp/gitops
+        git checkout ${GITOPS_BRANCH:-main}
+
+        # Update admin overlay
+        ADMIN_OVERLAY="apps/nxtgauge-admin-solid/overlays/prod"
+        if [ -f "${ADMIN_OVERLAY}/kustomization.yaml" ]; then
+          sed -i "s|image: registry.nxtgauge.com:5000/nxtgauge-admin-solid:.*|image: registry.nxtgauge.com:5000/nxtgauge-admin-solid:${CI_COMMIT_SHA}|" \
+            ${ADMIN_OVERLAY}/kustomization.yaml
+          echo "Updated admin image to ${CI_COMMIT_SHA}"
+        fi
+
+        # Also update base if needed
+        ADMIN_BASE="apps/nxtgauge-admin-solid/base"
+        if [ -f "${ADMIN_BASE}/deployment.yaml" ]; then
+          sed -i "s|image: registry.nxtgauge.com:5000/nxtgauge-admin-solid.*|image: registry.nxtgauge.com:5000/nxtgauge-admin-solid:${CI_COMMIT_SHA}|" \
+            ${ADMIN_BASE}/deployment.yaml
+          echo "Updated admin base deployment"
+        fi
+
+        # Commit if changed
+        if ! git diff --quiet; then
+          git add -A
+          git commit -m "ci: update nxtgauge-admin-solid to ${CI_COMMIT_SHA:0:8}"
+          git push origin ${GITOPS_BRANCH:-main}
+          echo "Pushed GitOps update"
+        else
+          echo "No changes to push"
+        fi
+    when:
+      status: success