# Cycle-1 trigger: push + manual on dev/stage/main, NO depends_on. # # Rationale (per _docs/04_deploy/ci_cd_pipeline.md → Decision Record): # 01-test.yml runs `event: [manual]` only in cycle-1, so a `depends_on: # [01-test]` clause here would skip every push (no preceding test run to # succeed against). The un-gated stance mirrors the `detections` deferral # pattern documented in `../_infra/ci/README.md` → "detections deferral". # # Re-gate (cycle-2 polish item #1 in _docs/04_deploy/ci_cd_pipeline.md): # Add `depends_on: [01-test]` below once .woodpecker/01-test.yml flips to # `event: [push, pull_request, manual]`. # # Images pushed in cycle-1: # - azaion/gps-denied-onboard-companion-tier1:${BRANCH}-${TAG_SUFFIX} # - azaion/gps-denied-onboard-operator-orchestrator:${BRANCH}-${TAG_SUFFIX} # # Image NOT pushed in cycle-1 (reserved for cycle-2 / companion-jetson): # - azaion/gps-denied-onboard:${BRANCH}-${TAG_SUFFIX} # (parent-suite Jetson compose at ../_infra/deploy/jetson/docker-compose.yml # expects this exact tag; cycle-1 must not write to it or Watchtower # on fielded Jetsons will pull a Tier-1 dev image.) # # OCI labels (suite-mandated, AZ-204 — see ../_infra/ci/README.md → "OCI # image labels and commit provenance"): # org.opencontainers.image.revision = $CI_COMMIT_SHA # org.opencontainers.image.created = # org.opencontainers.image.source = $CI_REPO_URL # Plus --build-arg CI_COMMIT_SHA so the Dockerfile can bake ENV AZAION_REVISION. when: event: [push, manual] branch: [dev, stage, main] matrix: include: - PLATFORM: arm64 TAG_SUFFIX: arm # - PLATFORM: amd64 # TAG_SUFFIX: amd labels: platform: ${PLATFORM} steps: - name: build-push-companion-tier1 image: docker environment: REGISTRY_HOST: { from_secret: registry_host } REGISTRY_USER: { from_secret: registry_user } REGISTRY_TOKEN: { from_secret: registry_token } commands: - echo "$REGISTRY_TOKEN" | docker login "$REGISTRY_HOST" -u "$REGISTRY_USER" --password-stdin - export TAG=${CI_COMMIT_BRANCH}-${TAG_SUFFIX} - export BUILD_DATE=$(date -u +%Y-%m-%dT%H:%M:%SZ) - | docker build -f docker/companion-tier1.Dockerfile \ --build-arg CI_COMMIT_SHA=$CI_COMMIT_SHA \ --label org.opencontainers.image.revision=$CI_COMMIT_SHA \ --label org.opencontainers.image.created=$BUILD_DATE \ --label org.opencontainers.image.source=$CI_REPO_URL \ -t $REGISTRY_HOST/azaion/gps-denied-onboard-companion-tier1:$TAG . - docker push $REGISTRY_HOST/azaion/gps-denied-onboard-companion-tier1:$TAG volumes: - /var/run/docker.sock:/var/run/docker.sock - name: build-push-operator-orchestrator image: docker environment: REGISTRY_HOST: { from_secret: registry_host } REGISTRY_USER: { from_secret: registry_user } REGISTRY_TOKEN: { from_secret: registry_token } commands: - echo "$REGISTRY_TOKEN" | docker login "$REGISTRY_HOST" -u "$REGISTRY_USER" --password-stdin - export TAG=${CI_COMMIT_BRANCH}-${TAG_SUFFIX} - export BUILD_DATE=$(date -u +%Y-%m-%dT%H:%M:%SZ) - | docker build -f docker/operator-orchestrator.Dockerfile \ --build-arg CI_COMMIT_SHA=$CI_COMMIT_SHA \ --label org.opencontainers.image.revision=$CI_COMMIT_SHA \ --label org.opencontainers.image.created=$BUILD_DATE \ --label org.opencontainers.image.source=$CI_REPO_URL \ -t $REGISTRY_HOST/azaion/gps-denied-onboard-operator-orchestrator:$TAG . - docker push $REGISTRY_HOST/azaion/gps-denied-onboard-operator-orchestrator:$TAG volumes: - /var/run/docker.sock:/var/run/docker.sock