From 116104507a148a999853f6977ab501c3d043f05c Mon Sep 17 00:00:00 2001
From: chemavx <chemavx@chemavx.xyz>
Date: Sat, 25 Apr 2026 09:56:25 +0000
Subject: [PATCH] ci: add image verification, YAML validation, and Telegram
 notifications

- Verify all 3 images exist in Gitea registry via Docker API before updating manifests
- Validate YAML of modified manifests after sed (python3 yaml.safe_load)
- Notify Telegram on success/failure with job status (if: always())

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 .gitea/workflows/ci.yml | 56 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 56 insertions(+)

diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml
index fbdd82f..2be25f0 100644
--- a/.gitea/workflows/ci.yml
+++ b/.gitea/workflows/ci.yml
@@ -9,6 +9,7 @@ env:
   REGISTRY: gitea.gitea.svc.cluster.local:3000
   K8S_MANIFESTS_REPO: http://chemavx:${{ secrets.CI_TOKEN }}@gitea.gitea.svc.cluster.local:3000/chemavx/k8s-manifests.git
   GIT_SSL_NO_VERIFY: "true"
+  TELEGRAM_CHAT_ID: "5138407666"
 
 jobs:
   build-and-push:
@@ -82,6 +83,25 @@ jobs:
             -f dashboard/Dockerfile \
             dashboard
 
+      - name: Verify images in registry
+        run: |
+          TAG=${{ steps.tag.outputs.TAG }}
+          check_image() {
+            local image=$1
+            HTTP_CODE=$(curl -s -o /dev/null -w "%{http_code}" \
+              -u "chemavx:${{ secrets.CI_TOKEN }}" \
+              -H "Accept: application/vnd.docker.distribution.manifest.v2+json" \
+              "http://gitea.gitea.svc.cluster.local:3000/v2/chemavx/${image}/manifests/${TAG}")
+            if [ "$HTTP_CODE" != "200" ]; then
+              echo "ERROR: chemavx/${image}:${TAG} not found in registry (HTTP $HTTP_CODE)"
+              exit 1
+            fi
+            echo "OK: chemavx/${image}:${TAG} verified in registry"
+          }
+          check_image polymarket-bot
+          check_image polymarket-bot-api
+          check_image polymarket-bot-dashboard
+
       - name: Update k8s manifests
         run: |
           TAG=${{ steps.tag.outputs.TAG }}
@@ -103,6 +123,42 @@ jobs:
             polymarket-bot/deployment-api.yaml \
             polymarket-bot/deployment-dashboard.yaml
 
+          python3 -c "
+          import yaml, sys
+          files = [
+              'polymarket-bot/deployment-bot.yaml',
+              'polymarket-bot/deployment-api.yaml',
+              'polymarket-bot/deployment-dashboard.yaml',
+          ]
+          errors = []
+          for f in files:
+              try:
+                  yaml.safe_load(open(f))
+                  print('OK: ' + f)
+              except yaml.YAMLError as e:
+                  errors.append('FAIL: ' + f + ': ' + str(e))
+          if errors:
+              for e in errors: print(e, file=sys.stderr)
+              sys.exit(1)
+          "
+
           git add polymarket-bot/deployment-bot.yaml polymarket-bot/deployment-api.yaml polymarket-bot/deployment-dashboard.yaml
           git diff --cached --quiet || git commit -m "ci: update polymarket-bot images to ${TAG} [skip ci]"
           git push
+
+      - name: Notify Telegram
+        if: always()
+        env:
+          TAG: ${{ steps.tag.outputs.TAG }}
+          JOB_STATUS: ${{ job.status }}
+          TELEGRAM_TOKEN: ${{ secrets.TELEGRAM_BOT_TOKEN }}
+        run: |
+          TAG="${TAG:-${GITHUB_SHA:0:8}}"
+          if [ "$JOB_STATUS" = "success" ]; then
+            MSG="✅ Deploy polymarket-bot:${TAG} completado"
+          else
+            MSG="❌ Deploy polymarket-bot:${TAG} fallido (status: ${JOB_STATUS})"
+          fi
+          curl -s -X POST "https://api.telegram.org/bot${TELEGRAM_TOKEN}/sendMessage" \
+            -d "chat_id=${{ env.TELEGRAM_CHAT_ID }}" \
+            --data-urlencode "text=${MSG}"