build(wp): add pipeline files

Author: evilmooncake

.woodpecker/build-latest-image.yaml

@@ -0,0 +1,98 @@
+when:
+  - event: [push, manual]
+    branch:
+      exclude: [main]
+  - event: [pull_request]
+    # Only run when PR targets development or other branches (not main)
+    evaluate: 'CI_COMMIT_TARGET_BRANCH != "main"'
+
+variables:
+  - &registry_url "https://registry.cloud.josa.ngo"
+  - &docker_repo "registry.cloud.josa.ngo/library/kutt"
+  - &slack_channel "builds"
+  # Success message template
+  - &success_message >
+    ✅ *SUCCESS* - Latest Build #{{ build.number }}
+
+    📁 *Repository:* {{ repo.name }}
+    🌿 *Branch:* {{ build.branch }}
+    📝 *Commit:* {{ truncate build.commit 8 }}
+    👤 *Author:* {{ build.author }}
+
+    🔗 *Links:*
+    • <{{ build.link }}|View Build>
+  # Failure message template
+  - &failure_message >
+    ❌ *FAILED* - Latest Build #{{ build.number }}
+
+    📁 *Repository:* {{ repo.name }}
+    🌿 *Branch:* {{ build.branch }}
+    📝 *Commit:* {{ truncate build.commit 8 }}
+    👤 *Author:* {{ build.author }}
+
+    🔗 *Links:*
+    • <{{ build.link }}|View Build>
+
+steps:
+  # Security check - scan for secrets/credentials
+  - name: run-pre-commit-hooks
+    image: registry.cloud.josa.ngo/library/pre-commit-runner
+    settings:
+      args: "--all-files"
+      skip: "end-of-file-fixer, yamllint, trailing-whitespace"
+
+  # Build latest image (development and other branches)
+  - name: build-latest-image
+    image: woodpeckerci/plugin-docker-buildx
+    settings:
+      repo: *docker_repo
+      registry: *registry_url
+      dockerfile: ./Dockerfile
+      tags:
+        - ${CI_COMMIT_SHA:-latest}
+        - latest
+      username:
+        from_secret: REGISTRY_USERNAME
+      password:
+        from_secret: REGISTRY_SECRET
+      build_args:
+        CI_REPO: "${CI_REPO}"
+        CI_REPO_NAME: "${CI_REPO_NAME}"
+        CI_REPO_URL: "${CI_REPO_URL}"
+        CI_COMMIT_SHA: "${CI_COMMIT_SHA}"
+        CI_COMMIT_REF: "${CI_COMMIT_REF}"
+        CI_PIPELINE_URL: "${CI_PIPELINE_URL}"
+        CI_PIPELINE_CREATED: "${CI_PIPELINE_CREATED}"
+        CI_PREV_PIPELINE_URL: "${CI_PREV_PIPELINE_URL}"
+        CI_PIPELINE_NUMBER: "${CI_PIPELINE_NUMBER}"
+
+    depends_on:
+      - run-pre-commit-hooks
+
+  # Slack notification for latest build success
+  - name: notify-slack-latest-success
+    image: plugins/slack
+    settings:
+      webhook:
+        from_secret: SLACK_WEBHOOK
+      channel: *slack_channel
+      template: *success_message
+    when:
+      - status: success
+    depends_on:
+      - run-pre-commit-hooks
+      - build-latest-image
+
+  # Slack notification for latest build failure
+  - name: notify-slack-latest-failure
+    image: plugins/slack
+    settings:
+      webhook:
+        from_secret: SLACK_WEBHOOK
+      channel: *slack_channel
+      template: *failure_message
+    when:
+      - status: failure
+    depends_on:
+      - run-pre-commit-hooks
+      - build-latest-image

.woodpecker/build-stable-image.yaml

@@ -0,0 +1,99 @@
+when:
+  - event: [push, manual]
+    branch: [main]
+  - event: [pull_request]
+    # Only run when PR targets main branch
+    evaluate: 'CI_COMMIT_TARGET_BRANCH == "main"'
+    # Build the source branch (not main)
+    branch:
+      exclude: [main]
+
+variables:
+  - &registry_url "https://registry.cloud.josa.ngo"
+  - &docker_repo "registry.cloud.josa.ngo/library/kutt"
+  - &slack_channel "builds"
+  # Success message template
+  - &success_message >
+    ✅ *SUCCESS* - Stable Build #{{ build.number }}
+
+    📁 *Repository:* {{ repo.name }}
+    🌿 *Branch:* {{ build.branch }}
+    📝 *Commit:* {{ truncate build.commit 8 }}
+    👤 *Author:* {{ build.author }}
+
+    🔗 *Links:*
+    • <{{ build.link }}|View Build>
+  # Failure message template
+  - &failure_message >
+    ❌ *FAILED* - Stable Build #{{ build.number }}
+
+    📁 *Repository:* {{ repo.name }}
+    🌿 *Branch:* {{ build.branch }}
+    📝 *Commit:* {{ truncate build.commit 8 }}
+    👤 *Author:* {{ build.author }}
+
+    🔗 *Links:*
+    • <{{ build.link }}|View Build>
+
+steps:
+  - name: run-pre-commit-hooks
+    image: registry.cloud.josa.ngo/library/pre-commit-runner
+    settings:
+      args: "--all-files"
+      skip: "end-of-file-fixer, yamllint, trailing-whitespace"
+
+  # Build stable image (main branch only)
+  - name: build-stable-image
+    image: woodpeckerci/plugin-docker-buildx
+    settings:
+      repo: *docker_repo
+      registry: *registry_url
+      dockerfile: ./Dockerfile
+      tags:
+        - ${CI_COMMIT_SHA:-latest}
+        - stable
+      username:
+        from_secret: REGISTRY_USERNAME
+      password:
+        from_secret: REGISTRY_SECRET
+      build_args:
+        CI_REPO: "${CI_REPO}"
+        CI_REPO_NAME: "${CI_REPO_NAME}"
+        CI_REPO_URL: "${CI_REPO_URL}"
+        CI_COMMIT_SHA: "${CI_COMMIT_SHA}"
+        CI_COMMIT_REF: "${CI_COMMIT_REF}"
+        CI_PIPELINE_URL: "${CI_PIPELINE_URL}"
+        CI_PIPELINE_CREATED: "${CI_PIPELINE_CREATED}"
+        CI_PREV_PIPELINE_URL: "${CI_PREV_PIPELINE_URL}"
+        CI_PIPELINE_NUMBER: "${CI_PIPELINE_NUMBER}"
+
+    depends_on:
+      - run-pre-commit-hooks
+
+  # Slack notification for stable build success
+  - name: notify-slack-stable-success
+    image: plugins/slack
+    settings:
+      webhook:
+        from_secret: SLACK_WEBHOOK
+      channel: *slack_channel
+      template: *success_message
+    when:
+      - status: success
+    depends_on:
+      - run-pre-commit-hooks
+      - build-stable-image
+
+  # Slack notification for stable build failure
+  - name: notify-slack-stable-failure
+    image: plugins/slack
+    settings:
+      webhook:
+        from_secret: SLACK_WEBHOOK
+      channel: *slack_channel
+      template: *failure_message
+    when:
+      - status: failure
+    depends_on:
+      - run-pre-commit-hooks
+      - build-stable-image