Update .forgejo/workflows/deploy.yaml

2026-02-21 13:16:38 +00:00 · 2026-02-21 13:16:38 +00:00 · 1b07447550
commit 1b07447550
parent b05456e21c
1 changed files with 9 additions and 10 deletions
--- a/.forgejo/workflows/deploy.yaml
+++ b/.forgejo/workflows/deploy.yaml
@ -58,15 +58,15 @@ jobs:

      - name: Sync Secrets and Vars
        run: |
-          # Garante que o namespace existe
+          # 1. Garante que o namespace existe
          kubectl create namespace ${{ env.NAMESPACE }} --dry-run=client -o yaml | kubectl apply -f -

-          # Sincroniza Registry Secret do namespace forgejo
+          # 2. Sincroniza Registry Secret limpando metadados que causam erro de Conflict
          kubectl get secret forgejo-registry-secret --namespace=forgejo -o yaml | \
-          sed "s/namespace: forgejo/namespace: ${{ env.NAMESPACE }}/" | \
-          kubectl apply -f -
+          grep -vE "resourceVersion|uid|creationTimestamp|namespace" | \
+          kubectl apply --namespace=${{ env.NAMESPACE }} -f -

-          # Prepara a chave RSA (Prioriza Secret, depois Var)
+          # 3. Prepara a chave RSA
          RSA_CONTENT="${{ secrets.RSA_PRIVATE_KEY_BASE64 || vars.RSA_PRIVATE_KEY_BASE64 }}"
          if [ -n "$RSA_CONTENT" ]; then
            echo "$RSA_CONTENT" > /tmp/rsa_raw.txt
@ -77,8 +77,7 @@ jobs:
            fi
          fi

-          # CRIAÇÃO DA SECRET USANDO DRY-RUN + APPLY (Evita deletar e falhar)
-          # O uso de quotes nas variáveis previne erros de shell
+          # 4. Cria ou atualiza a backend-secrets (sem deletar antes para evitar downtime)
          kubectl create secret generic backend-secrets -n ${{ env.NAMESPACE }} \
            --from-literal=MTU="${{ vars.MTU }}" \
            --from-literal=DATABASE_URL="${{ vars.DATABASE_URL }}" \
@ -104,13 +103,13 @@ jobs:
        run: |
          kubectl apply -f k8s/dev/ -n ${{ env.NAMESPACE }}
          
-          # Atualiza as imagens para o novo SHA
+          # Atualiza as imagens nos deployments
          kubectl -n ${{ env.NAMESPACE }} set image deployment/gohorse-backend-dev backend=${{ env.REGISTRY }}/${{ env.IMAGE_NAMESPACE }}/gohorsejobs:${{ github.sha }}
          kubectl -n ${{ env.NAMESPACE }} set image deployment/gohorse-backoffice-dev backoffice=${{ env.REGISTRY }}/${{ env.IMAGE_NAMESPACE }}/backoffice:${{ github.sha }}
          
-          # Reinicia para garantir leitura da nova Secret
+          # Restart para garantir que novos pods peguem a Secret atualizada
          kubectl -n ${{ env.NAMESPACE }} rollout restart deployment/gohorse-backend-dev
          kubectl -n ${{ env.NAMESPACE }} rollout restart deployment/gohorse-backoffice-dev
          
-          # Status
+          # Aguarda o backend ficar pronto
          kubectl -n ${{ env.NAMESPACE }} rollout status deployment/gohorse-backend-dev --timeout=120s