diff --git a/.forgejo/workflows/deploy.yaml b/.forgejo/workflows/deploy.yaml index 9b5a612..0206dd3 100644 --- a/.forgejo/workflows/deploy.yaml +++ b/.forgejo/workflows/deploy.yaml @@ -39,8 +39,10 @@ jobs: # Push do Backend com Injeção Manual de Auth - name: Push Backend Tags run: | + # Gera o Auth em Base64 (estilo Kubernetes) AUTH=$(echo -n "bohessefm:${{ secrets.FORGEJO_TOKEN }}" | base64 | tr -d '\n') mkdir -p $HOME/.docker + # Escreve o config.json na força bruta echo "{\"auths\":{\"${{ env.REGISTRY }}\":{\"auth\":\"$AUTH\"}}}" > $HOME/.docker/config.json docker tag ${{ env.REGISTRY }}/bohessefm/gohorsejobs:${{ github.sha }} ${{ env.REGISTRY }}/bohessefm/gohorsejobs:latest @@ -58,9 +60,10 @@ jobs: provenance: false tags: ${{ env.REGISTRY }}/bohessefm/backoffice:${{ github.sha }} - # Push do Backoffice com Injeção Manual de Auth + # Push do Backoffice com Injeção Manual de Auth (Blindado contra 401) - name: Push Backoffice Tags run: | + # Garante que o diretório existe e o arquivo está atualizado AUTH=$(echo -n "bohessefm:${{ secrets.FORGEJO_TOKEN }}" | base64 | tr -d '\n') mkdir -p $HOME/.docker echo "{\"auths\":{\"${{ env.REGISTRY }}\":{\"auth\":\"$AUTH\"}}}" > $HOME/.docker/config.json @@ -73,8 +76,6 @@ jobs: deploy-to-k3s: needs: build-and-push runs-on: docker-ready - env: - REGISTRY: pipe.gohorsejobs.com defaults: run: shell: sh @@ -97,38 +98,28 @@ jobs: chmod 600 $HOME/.kube/config export KUBECONFIG=$HOME/.kube/config - # 1. Namespace (Garante a existência sem erro de anotação) kubectl create namespace gohorsejobsdev --dry-run=client -o yaml | kubectl apply -f - - # 2. IMAGE PULL SECRET (Recria para garantir que o Token está certo) - kubectl -n gohorsejobsdev delete secret forgejo-registry --ignore-not-found + # O segredo que o K3s usa é exatamente o que injetamos no Docker acima kubectl -n gohorsejobsdev create secret docker-registry forgejo-registry \ - --docker-server="${{ env.REGISTRY }}" \ - --docker-username="bohessefm" \ - --docker-password="${{ secrets.FORGEJO_TOKEN }}" + --docker-server=${{ env.REGISTRY }} \ + --docker-username=bohessefm \ + --docker-password='${{ secrets.FORGEJO_TOKEN }}' \ + --dry-run=client -o yaml | kubectl apply -f - - # 3. Secrets de Variáveis kubectl -n gohorsejobsdev delete secret backend-secrets --ignore-not-found kubectl -n gohorsejobsdev create secret generic backend-secrets \ - --from-literal=MTU="${{ vars.MTU }}" \ - --from-literal=JWT_SECRET="${{ vars.JWT_SECRET }}" \ - --from-literal=AMQP_URL="${{ vars.AMQP_URL }}" \ - --from-literal=DATABASE_URL="${{ vars.DATABASE_URL }}" + --from-literal=MTU='${{ vars.MTU }}' \ + --from-literal=JWT_SECRET='${{ vars.JWT_SECRET }}' \ + --from-literal=AMQP_URL='${{ vars.AMQP_URL }}' \ + --from-literal=DATABASE_URL='${{ vars.DATABASE_URL }}' - # 4. Aplica os Manifestos - if [ -d "k8s/dev" ]; then - kubectl apply -f k8s/dev/ -n gohorsejobsdev - else - echo "Erro: Diretorio k8s/dev nao encontrado!" - exit 1 - fi + kubectl apply -f k8s/dev/ -n gohorsejobsdev - # 5. Atualiza a imagem para a nova tag SHA kubectl -n gohorsejobsdev set image deployment/gohorse-backend-dev backend=${{ env.REGISTRY }}/bohessefm/gohorsejobs:${{ github.sha }} kubectl -n gohorsejobsdev set image deployment/gohorse-backoffice-dev backoffice=${{ env.REGISTRY }}/bohessefm/backoffice:${{ github.sha }} - # 6. Restart Forçado (Cleanup de pods antigos) - kubectl delete pod -n gohorsejobsdev -l app=gohorse-backend-dev --force --grace-period=0 || true - kubectl delete pod -n gohorsejobsdev -l app=gohorse-backoffice-dev --force --grace-period=0 || true + kubectl delete pod -n gohorsejobsdev -l app=gohorse-backend-dev --force --grace-period=0 + kubectl delete pod -n gohorsejobsdev -l app=gohorse-backoffice-dev --force --grace-period=0 echo "Deploy finalizado com sucesso!" \ No newline at end of file