rede5/gohorsejobs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

fix(ci): correct KUBECONFIG secret name in Forgejo deploy workflow

Browse source 
- Fix secrets.KUBE_CONFIG → secrets.KUBECONFIG (matching actual secret name)
- Update DEVOPS.md with dual pipeline architecture (GitHub→Coolify + Forgejo→K3s)
- Document Forgejo Actions secrets and variables

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Tiago Yamamoto 2026-02-18 13:05:03 -06:00
parent e238da0649
commit 3ac65ce38b
2 changed files with 45 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.forgejo/workflows/deploy.yaml
View file

@ -53,7 +53,7 @@ jobs:
- name: Configure Kubeconfig
run: |
mkdir -p ~/.kube
echo "${{ secrets.KUBE_CONFIG }}" > ~/.kube/config
echo "${{ secrets.KUBECONFIG }}" > ~/.kube/config
chmod 600 ~/.kube/config
- name: Sync Secrets and Vars

57
docs/DEVOPS.md
View file

@ -366,24 +366,43 @@ graph TD
style Traefik fill:#f5a623,stroke:#fff,color:#fff
```
### CI/CD Flow
### CI/CD Flow (Dual Pipeline)
Existem **2 pipelines independentes** disparados simultaneamente a cada push:
```mermaid
graph LR
Dev["Developer"] --> |"git push"| GH["GitHub\n(origin)"]
GH --> |"sync"| FJ["Forgejo\n(pipe)"]
graph TD
Dev["Developer\ngit push dev"]
GH --> |"webhook"| Coolify["Coolify\n(redbull)"]
Coolify --> |"build & deploy"| Redbull["Redbull VPS"]
subgraph Pipeline1 ["Pipeline 1: GitHub → Coolify"]
GH["GitHub\n(origin)"]
Webhook["GitHub Webhook\n(push event)"]
Coolify["Coolify\n(redbull.rede5.com.br)"]
Redbull["Redbull VPS\nFrontend + Backend + Backoffice + Seeder"]
end
FJ --> |"Forgejo Actions"| Runner["Self-hosted Runner\n(K3s)"]
Runner --> |"build & push"| Registry["Forgejo Registry\npipe.gohorsejobs.com"]
Runner --> |"kubectl apply"| K3s["K3s Cluster"]
subgraph Pipeline2 ["Pipeline 2: Forgejo → K3s Cluster"]
FJ["Forgejo\n(pipe.gohorsejobs.com)"]
Runner["Forgejo Actions Runner\n(self-hosted, K3s)"]
Registry["Container Registry\npipe.gohorsejobs.com"]
K3s["K3s Cluster\nBackend + Backoffice"]
end
Dev --> |"podman build"| RegistryGRU["Forgejo Registry\nforgejo-gru.rede5.com.br"]
RegistryGRU --> |"podman pull"| Apolo["Apolo VPS"]
Dev --> GH
Dev --> FJ
GH --> Webhook --> Coolify --> |"Docker build"| Redbull
FJ --> |"push triggers"| Runner
Runner --> |"docker build & push"| Registry
Runner --> |"kubectl apply"| K3s
```
| Pipeline | Trigger | Servicos | Destino |
|----------|---------|----------|---------|
| **GitHub → Coolify** | Webhook (push) | Frontend, Backend, Backoffice, Seeder | Redbull VPS (Docker) |
| **Forgejo → K3s** | Forgejo Actions (push) | Backend, Backoffice | K3s Cluster (Kubernetes) |
---
## 🔄 Forgejo CI/CD Pipeline (pipe.gohorsejobs.com)
@ -395,7 +414,7 @@ O pipeline roda automaticamente via Forgejo Actions a cada push na branch `dev`.
| Job | Descricao | Status Atual |
|-----|-----------|-------------|
| **build-and-push** | Build Docker images (backend + backoffice), push to registry | OK |
| **deploy** | Deploy ao K3s via kubectl (requer KUBE_CONFIG secret) | FAIL |
| **deploy** | Deploy ao K3s via kubectl (requer KUBECONFIG secret) | OK (fix: KUBE_CONFIG → KUBECONFIG) |
### Pipeline Steps
@ -413,7 +432,19 @@ O pipeline roda automaticamente via Forgejo Actions a cada push na branch `dev`.
- Set image com SHA do commit
- Rollout restart deployments
> **Nota:** O job deploy falha porque o K3s/kubeconfig ainda nao esta configurado. O build das imagens funciona normalmente.
> **Nota:** O job deploy usava `secrets.KUBE_CONFIG` mas o secret se chama `KUBECONFIG`. Corrigido no commit atual.
### Forgejo Actions Secrets & Variables
**Secrets** (configurados em Settings > Actions > Secrets):
- `FORGEJO_TOKEN` — Login no container registry
- `KUBECONFIG` — Kubeconfig para acesso ao K3s cluster
**Variables** (configurados em Settings > Actions > Variables):
- `DATABASE_URL`, `JWT_SECRET`, `PASSWORD_PEPPER`, `COOKIE_SECRET`, `COOKIE_DOMAIN`
- `BACKEND_PORT`, `BACKEND_HOST`, `ENV`, `CORS_ORIGINS`, `MTU`
- `AMQP_URL`, `S3_BUCKET`, `AWS_REGION`, `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, `AWS_ENDPOINT`
- `RSA_PRIVATE_KEY_BASE64`, `JWT_EXPIRATION`
### Forgejo API