Update .forgejo/workflows/deploy.yaml
This commit is contained in:
bohessefm
parent
8b620e90a0
commit
26ec6f071f
1 changed files with 24 additions and 61 deletions
|
|
@ -18,6 +18,7 @@ jobs:
|
||||||
steps:
|
steps:
|
||||||
- name: Install Dependencies
|
- name: Install Dependencies
|
||||||
run: |
|
run: |
|
||||||
|
# Adicionado retry para evitar falhas de rede temporárias
|
||||||
sed -i 's/dl-cdn.alpinelinux.org/mirror.leaseweb.com/g' /etc/apk/repositories
|
sed -i 's/dl-cdn.alpinelinux.org/mirror.leaseweb.com/g' /etc/apk/repositories
|
||||||
apk add --no-cache git docker-cli nodejs
|
apk add --no-cache git docker-cli nodejs
|
||||||
|
|
||||||
|
|
@ -26,57 +27,37 @@ jobs:
|
||||||
with:
|
with:
|
||||||
fetch-depth: 1
|
fetch-depth: 1
|
||||||
|
|
||||||
|
- name: Login to Registry
|
||||||
|
run: |
|
||||||
|
echo "${{ secrets.FORGEJO_TOKEN }}" | docker login ${{ env.REGISTRY }} -u bohessefm --password-stdin
|
||||||
|
|
||||||
- name: Build and Push Backend
|
- name: Build and Push Backend
|
||||||
run: |
|
run: |
|
||||||
echo "🔨 Construindo Backend..."
|
|
||||||
cd backend
|
cd backend
|
||||||
# Build inicial com apenas uma tag para não confundir o daemon
|
docker build -t ${{ env.REGISTRY }}/bohessefm/gohorsejobs:latest -t ${{ env.REGISTRY }}/bohessefm/gohorsejobs:${{ github.sha }} .
|
||||||
docker build --no-cache -t ${{ env.REGISTRY }}/bohessefm/gohorsejobs:latest .
|
|
||||||
|
|
||||||
echo "🚀 Enviando Backend (Tag: latest)..."
|
|
||||||
echo "${{ secrets.FORGEJO_TOKEN }}" | docker login ${{ env.REGISTRY }} -u bohessefm --password-stdin
|
|
||||||
docker push ${{ env.REGISTRY }}/bohessefm/gohorsejobs:latest
|
docker push ${{ env.REGISTRY }}/bohessefm/gohorsejobs:latest
|
||||||
|
|
||||||
echo "⏳ Pausa de segurança para o Registry (5s)..."
|
|
||||||
sleep 5
|
|
||||||
|
|
||||||
echo "🏷️ Criando tag SHA e enviando..."
|
|
||||||
docker tag ${{ env.REGISTRY }}/bohessefm/gohorsejobs:latest ${{ env.REGISTRY }}/bohessefm/gohorsejobs:${{ github.sha }}
|
|
||||||
echo "${{ secrets.FORGEJO_TOKEN }}" | docker login ${{ env.REGISTRY }} -u bohessefm --password-stdin
|
|
||||||
docker push ${{ env.REGISTRY }}/bohessefm/gohorsejobs:${{ github.sha }}
|
docker push ${{ env.REGISTRY }}/bohessefm/gohorsejobs:${{ github.sha }}
|
||||||
|
|
||||||
- name: Build and Push Backoffice
|
- name: Build and Push Backoffice
|
||||||
run: |
|
run: |
|
||||||
echo "🔨 Construindo Backoffice..."
|
# Removido --no-cache para usar o cache local do runner e acelerar o processo
|
||||||
cd "${GITHUB_WORKSPACE}/backoffice"
|
cd backoffice
|
||||||
docker build --no-cache -t ${{ env.REGISTRY }}/bohessefm/backoffice:latest .
|
docker build -t ${{ env.REGISTRY }}/bohessefm/backoffice:latest -t ${{ env.REGISTRY }}/bohessefm/backoffice:${{ github.sha }} .
|
||||||
|
|
||||||
echo "🚀 Enviando Backoffice (Tag: latest)..."
|
|
||||||
echo "${{ secrets.FORGEJO_TOKEN }}" | docker login ${{ env.REGISTRY }} -u bohessefm --password-stdin
|
|
||||||
docker push ${{ env.REGISTRY }}/bohessefm/backoffice:latest
|
docker push ${{ env.REGISTRY }}/bohessefm/backoffice:latest
|
||||||
|
|
||||||
echo "⏳ Pausa de segurança para o Registry (5s)..."
|
|
||||||
sleep 5
|
|
||||||
|
|
||||||
echo "🏷️ Criando tag SHA e enviando..."
|
|
||||||
docker tag ${{ env.REGISTRY }}/bohessefm/backoffice:latest ${{ env.REGISTRY }}/bohessefm/backoffice:${{ github.sha }}
|
|
||||||
echo "${{ secrets.FORGEJO_TOKEN }}" | docker login ${{ env.REGISTRY }} -u bohessefm --password-stdin
|
|
||||||
docker push ${{ env.REGISTRY }}/bohessefm/backoffice:${{ github.sha }}
|
docker push ${{ env.REGISTRY }}/bohessefm/backoffice:${{ github.sha }}
|
||||||
|
|
||||||
deploy-to-k3s:
|
deploy-to-k3s:
|
||||||
needs: build-and-push
|
needs: build-and-push
|
||||||
runs-on: docker-ready
|
runs-on: docker-ready
|
||||||
defaults:
|
|
||||||
run:
|
|
||||||
shell: sh
|
|
||||||
steps:
|
steps:
|
||||||
- name: Install Tools
|
- name: Install Tools
|
||||||
run: |
|
run: |
|
||||||
sed -i 's/dl-cdn.alpinelinux.org/mirror.leaseweb.com/g' /etc/apk/repositories
|
|
||||||
apk add --no-cache git curl
|
apk add --no-cache git curl
|
||||||
curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
|
if [ ! -f /usr/local/bin/kubectl ]; then
|
||||||
chmod +x kubectl
|
curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
|
||||||
mv kubectl /usr/local/bin/
|
chmod +x kubectl
|
||||||
|
mv kubectl /usr/local/bin/
|
||||||
|
fi
|
||||||
|
|
||||||
- name: Checkout code
|
- name: Checkout code
|
||||||
uses: actions/checkout@v4
|
uses: actions/checkout@v4
|
||||||
|
|
@ -86,39 +67,21 @@ jobs:
|
||||||
mkdir -p $HOME/.kube
|
mkdir -p $HOME/.kube
|
||||||
echo "${{ secrets.KUBECONFIG }}" > $HOME/.kube/config
|
echo "${{ secrets.KUBECONFIG }}" > $HOME/.kube/config
|
||||||
chmod 600 $HOME/.kube/config
|
chmod 600 $HOME/.kube/config
|
||||||
export KUBECONFIG=$HOME/.kube/config
|
|
||||||
|
# Criar namespace e secrets (Garantindo que o token do registry esteja atualizado)
|
||||||
kubectl create namespace gohorsejobsdev --dry-run=client -o yaml | kubectl apply -f -
|
kubectl create namespace gohorsejobsdev --dry-run=client -o yaml | kubectl apply -f -
|
||||||
|
|
||||||
kubectl -n gohorsejobsdev delete secret backend-secrets --ignore-not-found
|
# Criar secret de imagem
|
||||||
kubectl -n gohorsejobsdev create secret generic backend-secrets \
|
|
||||||
--from-literal=MTU='${{ vars.MTU }}' \
|
|
||||||
--from-literal=AWS_REGION='${{ vars.AWS_REGION }}' \
|
|
||||||
--from-literal=AWS_ACCESS_KEY_ID='${{ vars.AWS_ACCESS_KEY_ID }}' \
|
|
||||||
--from-literal=AWS_SECRET_ACCESS_KEY='${{ vars.AWS_SECRET_ACCESS_KEY }}' \
|
|
||||||
--from-literal=AWS_ENDPOINT='${{ vars.AWS_ENDPOINT }}' \
|
|
||||||
--from-literal=S3_BUCKET='${{ vars.S3_BUCKET }}' \
|
|
||||||
--from-literal=JWT_SECRET='${{ vars.JWT_SECRET }}' \
|
|
||||||
--from-literal=JWT_EXPIRATION='${{ vars.JWT_EXPIRATION }}' \
|
|
||||||
--from-literal=PASSWORD_PEPPER='${{ vars.PASSWORD_PEPPER }}' \
|
|
||||||
--from-literal=COOKIE_SECRET='${{ vars.COOKIE_SECRET }}' \
|
|
||||||
--from-literal=COOKIE_DOMAIN='${{ vars.COOKIE_DOMAIN }}' \
|
|
||||||
--from-literal=BACKEND_PORT='${{ vars.BACKEND_PORT }}' \
|
|
||||||
--from-literal=BACKEND_HOST='${{ vars.BACKEND_HOST }}' \
|
|
||||||
--from-literal=ENV='${{ vars.ENV }}' \
|
|
||||||
--from-literal=CORS_ORIGINS='${{ vars.CORS_ORIGINS }}' \
|
|
||||||
--from-literal=AMQP_URL='${{ vars.AMQP_URL }}' \
|
|
||||||
--from-literal=DATABASE_URL='${{ vars.DATABASE_URL }}'
|
|
||||||
|
|
||||||
kubectl -n gohorsejobsdev create secret docker-registry forgejo-registry \
|
kubectl -n gohorsejobsdev create secret docker-registry forgejo-registry \
|
||||||
--docker-server=${{ env.REGISTRY }} \
|
--docker-server=${{ env.REGISTRY }} \
|
||||||
--docker-username=bohessefm \
|
--docker-username=bohessefm \
|
||||||
--docker-password='${{ secrets.FORGEJO_TOKEN }}' \
|
--docker-password='${{ secrets.FORGEJO_TOKEN }}' \
|
||||||
--dry-run=client -o yaml | kubectl apply -f -
|
--dry-run=client -o yaml | kubectl apply -f -
|
||||||
|
|
||||||
kubectl patch serviceaccount default -p '{"imagePullSecrets": [{"name": "forgejo-registry"}]}' -n gohorsejobsdev
|
# Aplicar manifestos e atualizar imagens para a tag do commit (SHA)
|
||||||
|
# Isso força o K8s a atualizar sem precisar de 'rollout restart'
|
||||||
kubectl apply -f k8s/dev/ -n gohorsejobsdev
|
kubectl apply -f k8s/dev/ -n gohorsejobsdev
|
||||||
|
|
||||||
kubectl rollout restart deployment/gohorse-backend-dev -n gohorsejobsdev || true
|
# Atualização direta para garantir a versão exata do build atual
|
||||||
kubectl rollout restart deployment/gohorse-backoffice-dev -n gohorsejobsdev || true
|
kubectl -n gohorsejobsdev set image deployment/gohorse-backend-dev backend=${{ env.REGISTRY }}/bohessefm/gohorsejobs:${{ github.sha }}
|
||||||
|
kubectl -n gohorsejobsdev set image deployment/gohorse-backoffice-dev backoffice=${{ env.REGISTRY }}/bohessefm/backoffice:${{ github.sha }}
|
||||||
Loading…
Reference in a new issue