rede5/gohorsejobs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

Update .forgejo/workflows/deploy.yaml

Browse source
This commit is contained in:
bohessefm 2026-02-18 23:17:18 +00:00
parent 3ac65ce38b
commit 65b2d65b25
1 changed files with 7 additions and 19 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
.forgejo/workflows/deploy.yaml
View file

@ -23,7 +23,6 @@ jobs:
- name: Build & Push Backend
run: |
# Build usando SHA para imutabilidade e latest para conveniência
docker build -t ${{ env.REGISTRY }}/${{ env.IMAGE_NAMESPACE }}/gohorsejobs:${{ github.sha }} \
-t ${{ env.REGISTRY }}/${{ env.IMAGE_NAMESPACE }}/gohorsejobs:latest ./backend
docker push ${{ env.REGISTRY }}/${{ env.IMAGE_NAMESPACE }}/gohorsejobs:${{ github.sha }}
@ -60,31 +59,23 @@ jobs:
run: |
kubectl create namespace gohorsejobsdev --dry-run=client -o yaml | kubectl apply -f -
# Sincroniza Registry Secret
kubectl get secret forgejo-registry-secret --namespace=forgejo -o yaml | \
sed 's/namespace: forgejo/namespace: gohorsejobsdev/' | \
kubectl apply -f - --force
# Injeta variáveis (Lembre-se de mudar DATABASE_URL para sslmode=disable no Forgejo!)
kubectl delete secret backend-secrets -n gohorsejobsdev --ignore-not-found
# Prepare RSA key file if available (prefer secrets over vars)
# AJUSTE AQUI: Usando %s para evitar corrupção de caracteres e removendo decodificação dupla instável
if [ -n "${{ secrets.RSA_PRIVATE_KEY_BASE64 }}" ]; then
echo "Decoding RSA_PRIVATE_KEY_BASE64 from secrets"
printf '%b' "${{ secrets.RSA_PRIVATE_KEY_BASE64 }}" > /tmp/rsa_key.pem || true
# if it's base64-encoded PEM, decode it
if base64 -d /tmp/rsa_key.pem >/dev/null 2>&1; then
base64 -d /tmp/rsa_key.pem > /tmp/rsa_key_decoded.pem && mv /tmp/rsa_key_decoded.pem /tmp/rsa_key.pem || true
fi
echo "Processing RSA_PRIVATE_KEY_BASE64 from secrets"
printf '%s' "${{ secrets.RSA_PRIVATE_KEY_BASE64 }}" > /tmp/rsa_key.base64
base64 -d /tmp/rsa_key.base64 > /tmp/rsa_key.pem || cp /tmp/rsa_key.base64 /tmp/rsa_key.pem
elif [ -n "${{ vars.RSA_PRIVATE_KEY_BASE64 }}" ]; then
echo "Decoding RSA_PRIVATE_KEY_BASE64 from vars"
printf '%b' "${{ vars.RSA_PRIVATE_KEY_BASE64 }}" > /tmp/rsa_key.pem || true
if base64 -d /tmp/rsa_key.pem >/dev/null 2>&1; then
base64 -d /tmp/rsa_key.pem > /tmp/rsa_key_decoded.pem && mv /tmp/rsa_key_decoded.pem /tmp/rsa_key.pem || true
fi
echo "Processing RSA_PRIVATE_KEY_BASE64 from vars"
printf '%s' "${{ vars.RSA_PRIVATE_KEY_BASE64 }}" > /tmp/rsa_key.base64
base64 -d /tmp/rsa_key.base64 > /tmp/rsa_key.pem || cp /tmp/rsa_key.base64 /tmp/rsa_key.pem
fi
# Create secret: if rsa file exists, create secret from file (robust); otherwise fallback to from-literal
if [ -f /tmp/rsa_key.pem ]; then
kubectl create secret generic backend-secrets -n gohorsejobsdev \
--from-literal=MTU="${{ vars.MTU }}" \
@ -133,13 +124,10 @@ jobs:
run: |
kubectl apply -f k8s/dev/ -n gohorsejobsdev
# Vincula o deployment ao SHA específico para garantir que o Pull ocorra corretamente
kubectl -n gohorsejobsdev set image deployment/gohorse-backend-dev backend=${{ env.REGISTRY }}/${{ env.IMAGE_NAMESPACE }}/gohorsejobs:${{ github.sha }}
kubectl -n gohorsejobsdev set image deployment/gohorse-backoffice-dev backoffice=${{ env.REGISTRY }}/${{ env.IMAGE_NAMESPACE }}/backoffice:${{ github.sha }}
# Força o restart para carregar os novos valores do secret backend-secrets
kubectl -n gohorsejobsdev rollout restart deployment/gohorse-backend-dev
kubectl -n gohorsejobsdev rollout restart deployment/gohorse-backoffice-dev
# Aguarda estabilização
kubectl -n gohorsejobsdev rollout status deployment/gohorse-backend-dev --timeout=120s