From 3ac65ce38bd41a8070b0dbb4e12cc58f357536ef Mon Sep 17 00:00:00 2001
From: Tiago Yamamoto <japa@rede5.com.br>
Date: Wed, 18 Feb 2026 13:05:03 -0600
Subject: [PATCH] fix(ci): correct KUBECONFIG secret name in Forgejo deploy
 workflow
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Fix secrets.KUBE_CONFIG → secrets.KUBECONFIG (matching actual secret name)
- Update DEVOPS.md with dual pipeline architecture (GitHub→Coolify + Forgejo→K3s)
- Document Forgejo Actions secrets and variables

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 .forgejo/workflows/deploy.yaml |  2 +-
 docs/DEVOPS.md                 | 57 ++++++++++++++++++++++++++--------
 2 files changed, 45 insertions(+), 14 deletions(-)

diff --git a/.forgejo/workflows/deploy.yaml b/.forgejo/workflows/deploy.yaml
index 22b77ca..b9d7e32 100644
--- a/.forgejo/workflows/deploy.yaml
+++ b/.forgejo/workflows/deploy.yaml
@@ -53,7 +53,7 @@ jobs:
       - name: Configure Kubeconfig
         run: |
           mkdir -p ~/.kube
-          echo "${{ secrets.KUBE_CONFIG }}" > ~/.kube/config
+          echo "${{ secrets.KUBECONFIG }}" > ~/.kube/config
           chmod 600 ~/.kube/config
 
       - name: Sync Secrets and Vars
diff --git a/docs/DEVOPS.md b/docs/DEVOPS.md
index 80a74b6..e0280bf 100644
--- a/docs/DEVOPS.md
+++ b/docs/DEVOPS.md
@@ -366,24 +366,43 @@ graph TD
     style Traefik fill:#f5a623,stroke:#fff,color:#fff
 ```
 
-### CI/CD Flow
+### CI/CD Flow (Dual Pipeline)
+
+Existem **2 pipelines independentes** disparados simultaneamente a cada push:
 
 ```mermaid
-graph LR
-    Dev["Developer"] --> |"git push"| GH["GitHub\n(origin)"]
-    GH --> |"sync"| FJ["Forgejo\n(pipe)"]
+graph TD
+    Dev["Developer\ngit push dev"]
 
-    GH --> |"webhook"| Coolify["Coolify\n(redbull)"]
-    Coolify --> |"build & deploy"| Redbull["Redbull VPS"]
+    subgraph Pipeline1 ["Pipeline 1: GitHub → Coolify"]
+        GH["GitHub\n(origin)"]
+        Webhook["GitHub Webhook\n(push event)"]
+        Coolify["Coolify\n(redbull.rede5.com.br)"]
+        Redbull["Redbull VPS\nFrontend + Backend + Backoffice + Seeder"]
+    end
 
-    FJ --> |"Forgejo Actions"| Runner["Self-hosted Runner\n(K3s)"]
-    Runner --> |"build & push"| Registry["Forgejo Registry\npipe.gohorsejobs.com"]
-    Runner --> |"kubectl apply"| K3s["K3s Cluster"]
+    subgraph Pipeline2 ["Pipeline 2: Forgejo → K3s Cluster"]
+        FJ["Forgejo\n(pipe.gohorsejobs.com)"]
+        Runner["Forgejo Actions Runner\n(self-hosted, K3s)"]
+        Registry["Container Registry\npipe.gohorsejobs.com"]
+        K3s["K3s Cluster\nBackend + Backoffice"]
+    end
 
-    Dev --> |"podman build"| RegistryGRU["Forgejo Registry\nforgejo-gru.rede5.com.br"]
-    RegistryGRU --> |"podman pull"| Apolo["Apolo VPS"]
+    Dev --> GH
+    Dev --> FJ
+
+    GH --> Webhook --> Coolify --> |"Docker build"| Redbull
+
+    FJ --> |"push triggers"| Runner
+    Runner --> |"docker build & push"| Registry
+    Runner --> |"kubectl apply"| K3s
 ```
 
+| Pipeline | Trigger | Servicos | Destino |
+|----------|---------|----------|---------|
+| **GitHub → Coolify** | Webhook (push) | Frontend, Backend, Backoffice, Seeder | Redbull VPS (Docker) |
+| **Forgejo → K3s** | Forgejo Actions (push) | Backend, Backoffice | K3s Cluster (Kubernetes) |
+
 ---
 
 ## 🔄 Forgejo CI/CD Pipeline (pipe.gohorsejobs.com)
@@ -395,7 +414,7 @@ O pipeline roda automaticamente via Forgejo Actions a cada push na branch `dev`.
 | Job | Descricao | Status Atual |
 |-----|-----------|-------------|
 | **build-and-push** | Build Docker images (backend + backoffice), push to registry | OK |
-| **deploy** | Deploy ao K3s via kubectl (requer KUBE_CONFIG secret) | FAIL |
+| **deploy** | Deploy ao K3s via kubectl (requer KUBECONFIG secret) | OK (fix: KUBE_CONFIG → KUBECONFIG) |
 
 ### Pipeline Steps
 
@@ -413,7 +432,19 @@ O pipeline roda automaticamente via Forgejo Actions a cada push na branch `dev`.
    - Set image com SHA do commit
    - Rollout restart deployments
 
-> **Nota:** O job deploy falha porque o K3s/kubeconfig ainda nao esta configurado. O build das imagens funciona normalmente.
+> **Nota:** O job deploy usava `secrets.KUBE_CONFIG` mas o secret se chama `KUBECONFIG`. Corrigido no commit atual.
+
+### Forgejo Actions Secrets & Variables
+
+**Secrets** (configurados em Settings > Actions > Secrets):
+- `FORGEJO_TOKEN` — Login no container registry
+- `KUBECONFIG` — Kubeconfig para acesso ao K3s cluster
+
+**Variables** (configurados em Settings > Actions > Variables):
+- `DATABASE_URL`, `JWT_SECRET`, `PASSWORD_PEPPER`, `COOKIE_SECRET`, `COOKIE_DOMAIN`
+- `BACKEND_PORT`, `BACKEND_HOST`, `ENV`, `CORS_ORIGINS`, `MTU`
+- `AMQP_URL`, `S3_BUCKET`, `AWS_REGION`, `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, `AWS_ENDPOINT`
+- `RSA_PRIVATE_KEY_BASE64`, `JWT_EXPIRATION`
 
 ### Forgejo API