From ed5c038a5060a994e4481f277fb985f703e0243b Mon Sep 17 00:00:00 2001
From: chemavx <ci@git.chemavx.xyz>
Date: Sat, 25 Apr 2026 09:56:29 +0000
Subject: [PATCH] ci: add image verification, YAML validation, and Telegram
 notifications

- Verify n8n image exists in Gitea registry via Docker API before updating manifest
- Validate YAML of modified manifest after sed (python3 yaml.safe_load)
- Notify Telegram on success/failure with job status (if: always())

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 .gitea/workflows/ci.yml | 41 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 41 insertions(+)

diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml
index 6c80d6a..c9db024 100644
--- a/.gitea/workflows/ci.yml
+++ b/.gitea/workflows/ci.yml
@@ -9,6 +9,7 @@ env:
   REGISTRY: gitea.gitea.svc.cluster.local:3000
   K8S_MANIFESTS_REPO: http://chemavx:${{ secrets.CI_TOKEN }}@gitea.gitea.svc.cluster.local:3000/chemavx/k8s-manifests.git
   GIT_SSL_NO_VERIFY: "true"
+  TELEGRAM_CHAT_ID: "5138407666"
 
 jobs:
   build-and-push:
@@ -59,6 +60,19 @@ jobs:
             --push \
             -f Dockerfile .
 
+      - name: Verify image in registry
+        run: |
+          TAG=${{ steps.tag.outputs.TAG }}
+          HTTP_CODE=$(curl -s -o /dev/null -w "%{http_code}" \
+            -u "chemavx:${{ secrets.CI_TOKEN }}" \
+            -H "Accept: application/vnd.docker.distribution.manifest.v2+json" \
+            "http://gitea.gitea.svc.cluster.local:3000/v2/chemavx/n8n/manifests/${TAG}")
+          if [ "$HTTP_CODE" != "200" ]; then
+            echo "ERROR: chemavx/n8n:${TAG} not found in registry (HTTP $HTTP_CODE)"
+            exit 1
+          fi
+          echo "OK: chemavx/n8n:${TAG} verified in registry"
+
       - name: Update k8s manifests
         run: |
           TAG=${{ steps.tag.outputs.TAG }}
@@ -74,6 +88,33 @@ jobs:
           sed -i "s|imagePullPolicy: Always|imagePullPolicy: IfNotPresent|g" \
             n8n/deployment-n8n.yaml
 
+          python3 -c "
+          import yaml, sys
+          try:
+              yaml.safe_load(open('n8n/deployment-n8n.yaml'))
+              print('OK: n8n/deployment-n8n.yaml')
+          except yaml.YAMLError as e:
+              print('FAIL: n8n/deployment-n8n.yaml: ' + str(e), file=sys.stderr)
+              sys.exit(1)
+          "
+
           git add n8n/deployment-n8n.yaml
           git diff --cached --quiet || git commit -m "ci: update n8n image to ${TAG} [skip ci]"
           git push
+
+      - name: Notify Telegram
+        if: always()
+        env:
+          TAG: ${{ steps.tag.outputs.TAG }}
+          JOB_STATUS: ${{ job.status }}
+          TELEGRAM_TOKEN: ${{ secrets.TELEGRAM_BOT_TOKEN }}
+        run: |
+          TAG="${TAG:-${GITHUB_SHA:0:8}}"
+          if [ "$JOB_STATUS" = "success" ]; then
+            MSG="✅ Deploy n8n:${TAG} completado"
+          else
+            MSG="❌ Deploy n8n:${TAG} fallido (status: ${JOB_STATUS})"
+          fi
+          curl -s -X POST "https://api.telegram.org/bot${TELEGRAM_TOKEN}/sendMessage" \
+            -d "chat_id=${{ env.TELEGRAM_CHAT_ID }}" \
+            --data-urlencode "text=${MSG}"