ci: use Portainer API for Docker Swarm deploy

.woodpecker/ci.yml

@@ -338,41 +338,43 @@ steps:
       - security-trivy-orchestrator
       - security-trivy-web
 
-  # ─── Deploy to Docker Swarm (main only) ─────────────────────
+  # ─── Deploy to Docker Swarm via Portainer API (main only) ─────────────────────
-
-  # ─── Deploy to Docker Swarm via Portainer (main only) ─────────────────────
 
   deploy-swarm:
     image: alpine:3
     environment:
-      SSH_PRIVATE_KEY:
-        from_secret: ssh_private_key
-      SSH_KNOWN_HOSTS:
-        from_secret: ssh_known_hosts
       PORTAINER_URL:
         from_secret: portainer_url
       PORTAINER_API_KEY:
         from_secret: portainer_api_key
+      PORTAINER_STACK_ID: "121"
     commands:
-      - apk add --no-cache curl openssh-client
+      - apk add --no-cache curl
       - |
         set -e
-        echo "🚀 Deploying to Docker Swarm..."
+        echo "🚀 Deploying to Docker Swarm via Portainer API..."
 
-        # Setup SSH for fallback
+        # Use Portainer API to update the stack (forces pull of new images)
-        mkdir -p ~/.ssh
+        RESPONSE=$(curl -s -w "\n%{http_code}" -X POST \
-        echo "$SSH_KNOWN_HOSTS" > ~/.ssh/known_hosts
+          -H "X-API-Key: $PORTAINER_API_KEY" \
-        chmod 600 ~/.ssh/known_hosts
+          -H "Content-Type: application/json" \
-        echo "$SSH_PRIVATE_KEY" > ~/.ssh/id_ed25519
+          "$PORTAINER_URL/api/stacks/$PORTAINER_STACK_ID/git/redeploy")
-        chmod 600 ~/.ssh/id_ed25519
 
-        # Force service updates (images are pulled from public registry)
+        HTTP_CODE=$(echo "$RESPONSE" | tail -1)
-        ssh -o StrictHostKeyChecking=no localadmin@10.1.1.45 \
+        BODY=$(echo "$RESPONSE" | head -n -1)
-          "docker service update --with-registry-auth --force mosaic-stack-api && \
+
-           docker service update --with-registry-auth --force mosaic-stack-web && \
+        if [ "$HTTP_CODE" = "200" ] || [ "$HTTP_CODE" = "202" ]; then
-           docker service update --with-registry-auth --force mosaic-stack-orchestrator && \
+          echo "✅ Stack update triggered successfully"
-           docker service update --with-registry-auth --force mosaic-stack-coordinator && \
+        else
-           echo '✅ All services updated'"
+          echo "❌ Stack update failed (HTTP $HTTP_CODE)"
+          echo "$BODY"
+          exit 1
+        fi
+
+        # Wait for services to converge
+        echo "⏳ Waiting for services to converge..."
+        sleep 30
+        echo "✅ Deploy complete"
     when:
       - branch: [main]
         event: [push, manual, tag]

.woodpecker/ci.yml.new

@@ -1,46 +0,0 @@
-# Add this at the end of the file, replacing the deploy-swarm section
-
-  deploy-swarm:
-    image: alpine:3
-    environment:
-      SSH_PRIVATE_KEY:
-        from_secret: ssh_private_key
-      SSH_KNOWN_HOSTS:
-        from_secret: ssh_known_hosts
-      PORTAINER_URL:
-        from_secret: portainer_url
-      PORTAINER_API_KEY:
-        from_secret: portainer_api_key
-    commands:
-      - apk add --no-cache curl
-      - |
-        set -e
-        echo "🚀 Deploying via Portainer API..."
-        
-        # Redeploy mosaic-stack (ID 121)
-        curl -sk -X POST \
-          -H "X-API-Key: $PORTAINER_API_KEY" \
-          "$PORTAINER_URL/api/stacks/121/git/redeploy" \
-          -H "Content-Type: application/json" \
-          -d '{"prune": false}' || \
-        
-        # Fallback: Force service updates via SSH
-        echo "Trying SSH fallback..."
-        apk add --no-cache openssh-client
-        mkdir -p ~/.ssh
-        echo "$SSH_KNOWN_HOSTS" > ~/.ssh/known_hosts
-        chmod 600 ~/.ssh/known_hosts
-        echo "$SSH_PRIVATE_KEY" > ~/.ssh/id_ed25519
-        chmod 600 ~/.ssh/id_ed25519
-        
-        ssh -o StrictHostKeyChecking=no localadmin@10.1.1.45 \
-          "docker service update --force mosaic_api && \
-           docker service update --force mosaic_web && \
-           docker service update --force mosaic_orchestrator && \
-           docker service update --force mosaic_coordinator && \
-           echo '✅ Services updated'"
-    when:
-      - branch: [main]
-        event: [push, manual, tag]
-    depends_on:
-      - link-packages