From 0e40af75591608b7582a46cb0fbd76b30e224e03 Mon Sep 17 00:00:00 2001
From: Stephan D <sdeshevikh@yandex.ru>
Date: Fri, 7 Nov 2025 22:58:59 +0100
Subject: [PATCH] build fix

---
 .woodpecker/fx.yml        | 64 ++++-----------------------------------
 ci/pipelines/fx/build.sh  | 48 +++++++++++++++++++++++++++++
 ci/pipelines/fx/deploy.sh | 30 ++++++++++++++++++
 ci/prod/.env.runtime      |  2 --
 4 files changed, 84 insertions(+), 60 deletions(-)
 create mode 100755 ci/pipelines/fx/build.sh
 create mode 100755 ci/pipelines/fx/deploy.sh

diff --git a/.woodpecker/fx.yml b/.woodpecker/fx.yml
index 17ceea4..ead442d 100644
--- a/.woodpecker/fx.yml
+++ b/.woodpecker/fx.yml
@@ -53,44 +53,7 @@ steps:
     image: gcr.io/kaniko-project/executor:debug
     depends_on: [ secrets ]
     commands:
-      - |
-        set -euo pipefail 2>/dev/null || set -eu
-        sh ci/pipelines/fx/ensure_env_version.sh
-        sed -i 's/\r$//' ./ci/prod/.env.runtime
-        sed -i 's/\r$//' ./.env.version
-        set -a
-        . ./ci/prod/.env.runtime
-        . ./.env.version
-        set +a
-        FX_GO_VERSION="${FX_GO_VERSION:-1.22}"
-        : "${REGISTRY_URL:?missing REGISTRY_URL}"
-        : "${APP_V:?missing APP_V}"
-        REGISTRY_HOST="${REGISTRY_URL#http://}"
-        REGISTRY_HOST="${REGISTRY_HOST#https://}"
-        REGISTRY_USER="$(cat secrets/REGISTRY_USER)"
-        REGISTRY_PASSWORD="$(cat secrets/REGISTRY_PASSWORD)"
-        : "${REGISTRY_USER:?missing registry user}"
-        : "${REGISTRY_PASSWORD:?missing registry password}"
-        mkdir -p /kaniko/.docker
-        AUTH_B64="$(printf '%s:%s' "$REGISTRY_USER" "$REGISTRY_PASSWORD" | base64 | tr -d '\n')"
-        cat <<EOF >/kaniko/.docker/config.json
-        {
-          "auths": {
-            "https://${REGISTRY_HOST}": { "auth": "${AUTH_B64}" }
-          }
-        }
-        EOF
-        /kaniko/executor \
-          --context "${PWD}" \
-          --dockerfile "${FX_DOCKERFILE}" \
-          --destination "${REGISTRY_URL}/${FX_IMAGE_PATH}:${APP_V}" \
-          --build-arg APP_VERSION="${APP_V}" \
-          --build-arg GIT_REV="${GIT_REV}" \
-          --build-arg BUILD_BRANCH="${BUILD_BRANCH}" \
-          --build-arg BUILD_DATE="${BUILD_DATE}" \
-          --build-arg BUILD_USER="${BUILD_USER}" \
-          --build-arg GO_VERSION="${FX_GO_VERSION}" \
-          --single-snapshot
+      - sh ci/pipelines/fx/build.sh
 
   - name: deploy
     image: alpine:latest
@@ -100,23 +63,8 @@ steps:
       VAULT_ROLE_ID:   { from_secret: VAULT_APP_ROLE }
       VAULT_SECRET_ID: { from_secret: VAULT_SECRET_ID }
     commands:
-      - |
-        set -euo pipefail
-        apk add --no-cache bash openssh-client rsync coreutils curl sed python3
-        mkdir -p /root/.ssh
-        install -m 600 secrets/SSH_KEY /root/.ssh/id_rsa
-        sh ci/pipelines/fx/ensure_env_version.sh
-        sed -i 's/\r$//' ./ci/prod/.env.runtime
-        set -a
-        . ./ci/prod/.env.runtime
-        . ./.env.version
-        set +a
-        export FX_MONGO_USER="$(./ci/vlt kv_get kv ${FX_MONGO_SECRET_PATH} user)"
-        export FX_MONGO_PASSWORD="$(./ci/vlt kv_get kv ${FX_MONGO_SECRET_PATH} password)"
-        if [ "${FX_NEEDS_NATS}" = "true" ]; then
-          export NATS_USER="$(./ci/vlt kv_get kv sendico/nats user)"
-          export NATS_PASSWORD="$(./ci/vlt kv_get kv sendico/nats password)"
-          export FX_NATS_URL="nats://${NATS_USER}:${NATS_PASSWORD}@${NATS_HOST}:${NATS_PORT}"
-        fi
-        bash ci/prod/scripts/bootstrap/network.sh
-        bash ci/prod/scripts/deploy/fx.sh "${FX_DEPLOY_TARGET}"
+      - set -euo pipefail
+      - apk add --no-cache bash openssh-client rsync coreutils curl sed python3
+      - mkdir -p /root/.ssh
+      - install -m 600 secrets/SSH_KEY /root/.ssh/id_rsa
+      - sh ci/pipelines/fx/deploy.sh
diff --git a/ci/pipelines/fx/build.sh b/ci/pipelines/fx/build.sh
new file mode 100755
index 0000000..d961728
--- /dev/null
+++ b/ci/pipelines/fx/build.sh
@@ -0,0 +1,48 @@
+#!/bin/sh
+set -eu
+
+if ! set -o pipefail 2>/dev/null; then
+  :
+fi
+
+sh ci/pipelines/fx/ensure_env_version.sh
+sed -i 's/\r$//' ./ci/prod/.env.runtime
+sed -i 's/\r$//' ./.env.version
+
+set -a
+. ./ci/prod/.env.runtime
+. ./.env.version
+set +a
+
+REGISTRY_URL="${REGISTRY_URL:?missing REGISTRY_URL}"
+APP_V="${APP_V:?missing APP_V}"
+FX_DOCKERFILE="${FX_DOCKERFILE:?missing FX_DOCKERFILE}"
+FX_IMAGE_PATH="${FX_IMAGE_PATH:?missing FX_IMAGE_PATH}"
+
+REGISTRY_HOST="${REGISTRY_URL#http://}"
+REGISTRY_HOST="${REGISTRY_HOST#https://}"
+REGISTRY_USER="$(cat secrets/REGISTRY_USER)"
+REGISTRY_PASSWORD="$(cat secrets/REGISTRY_PASSWORD)"
+: "${REGISTRY_USER:?missing registry user}"
+: "${REGISTRY_PASSWORD:?missing registry password}"
+
+mkdir -p /kaniko/.docker
+AUTH_B64="$(printf '%s:%s' "$REGISTRY_USER" "$REGISTRY_PASSWORD" | base64 | tr -d '\n')"
+cat <<EOF >/kaniko/.docker/config.json
+{
+  "auths": {
+    "https://${REGISTRY_HOST}": { "auth": "${AUTH_B64}" }
+  }
+}
+EOF
+
+/kaniko/executor \
+  --context "${PWD}" \
+  --dockerfile "${FX_DOCKERFILE}" \
+  --destination "${REGISTRY_URL}/${FX_IMAGE_PATH}:${APP_V}" \
+  --build-arg APP_VERSION="${APP_V}" \
+  --build-arg GIT_REV="${GIT_REV}" \
+  --build-arg BUILD_BRANCH="${BUILD_BRANCH}" \
+  --build-arg BUILD_DATE="${BUILD_DATE}" \
+  --build-arg BUILD_USER="${BUILD_USER}" \
+  --single-snapshot
diff --git a/ci/pipelines/fx/deploy.sh b/ci/pipelines/fx/deploy.sh
new file mode 100755
index 0000000..fec4cbc
--- /dev/null
+++ b/ci/pipelines/fx/deploy.sh
@@ -0,0 +1,30 @@
+#!/bin/sh
+set -eu
+
+if ! set -o pipefail 2>/dev/null; then
+  :
+fi
+
+sh ci/pipelines/fx/ensure_env_version.sh
+sed -i 's/\r$//' ./ci/prod/.env.runtime
+
+set -a
+. ./ci/prod/.env.runtime
+. ./.env.version
+set +a
+
+FX_MONGO_SECRET_PATH="${FX_MONGO_SECRET_PATH:?missing FX_MONGO_SECRET_PATH}"
+FX_DEPLOY_TARGET="${FX_DEPLOY_TARGET:?missing FX_DEPLOY_TARGET}"
+FX_NEEDS_NATS="${FX_NEEDS_NATS:-false}"
+
+export FX_MONGO_USER="$(./ci/vlt kv_get kv "${FX_MONGO_SECRET_PATH}" user)"
+export FX_MONGO_PASSWORD="$(./ci/vlt kv_get kv "${FX_MONGO_SECRET_PATH}" password)"
+
+if [ "${FX_NEEDS_NATS}" = "true" ]; then
+  export NATS_USER="$(./ci/vlt kv_get kv sendico/nats user)"
+  export NATS_PASSWORD="$(./ci/vlt kv_get kv sendico/nats password)"
+  export FX_NATS_URL="nats://${NATS_USER}:${NATS_PASSWORD}@${NATS_HOST}:${NATS_PORT}"
+fi
+
+bash ci/prod/scripts/bootstrap/network.sh
+bash ci/prod/scripts/deploy/fx.sh "${FX_DEPLOY_TARGET}"
diff --git a/ci/prod/.env.runtime b/ci/prod/.env.runtime
index e62ea6a..b89ded0 100644
--- a/ci/prod/.env.runtime
+++ b/ci/prod/.env.runtime
@@ -25,8 +25,6 @@ NATS_MONITORING_PORT=8222
 NATS_PROMETHEUS_PORT=7777
 NATS_COMPOSE_PROJECT=sendico-nats
 
-# FX deployments
-FX_GO_VERSION=latest
 
 # Shared Mongo settings for FX services
 FX_MONGO_HOST=sendico_db1