ajustes
This commit is contained in:
Marcus
parent
1c68e1c7ec
commit
67874263a6
1 changed files with 30 additions and 20 deletions
|
|
@ -36,18 +36,19 @@ jobs:
|
|||
provenance: false
|
||||
tags: ${{ env.REGISTRY }}/bohessefm/gohorsejobs:${{ github.sha }}
|
||||
|
||||
# Push do Backend com Injeção Manual de Auth
|
||||
# Push do Backend (Auth renovada antes de cada comando)
|
||||
- name: Push Backend Tags
|
||||
run: |
|
||||
# Gera o Auth em Base64 (estilo Kubernetes)
|
||||
docker tag ${{ env.REGISTRY }}/bohessefm/gohorsejobs:${{ github.sha }} ${{ env.REGISTRY }}/bohessefm/gohorsejobs:latest
|
||||
|
||||
AUTH=$(echo -n "bohessefm:${{ secrets.FORGEJO_TOKEN }}" | base64 | tr -d '\n')
|
||||
mkdir -p $HOME/.docker
|
||||
# Escreve o config.json na força bruta
|
||||
echo "{\"auths\":{\"${{ env.REGISTRY }}\":{\"auth\":\"$AUTH\"}}}" > $HOME/.docker/config.json
|
||||
|
||||
docker tag ${{ env.REGISTRY }}/bohessefm/gohorsejobs:${{ github.sha }} ${{ env.REGISTRY }}/bohessefm/gohorsejobs:latest
|
||||
docker push ${{ env.REGISTRY }}/bohessefm/gohorsejobs:${{ github.sha }}
|
||||
|
||||
sleep 2
|
||||
|
||||
echo "{\"auths\":{\"${{ env.REGISTRY }}\":{\"auth\":\"$AUTH\"}}}" > $HOME/.docker/config.json
|
||||
docker push ${{ env.REGISTRY }}/bohessefm/gohorsejobs:latest
|
||||
|
||||
# Build do Backoffice
|
||||
|
|
@ -60,22 +61,26 @@ jobs:
|
|||
provenance: false
|
||||
tags: ${{ env.REGISTRY }}/bohessefm/backoffice:${{ github.sha }}
|
||||
|
||||
# Push do Backoffice com Injeção Manual de Auth (Blindado contra 401)
|
||||
# Push do Backoffice (Auth renovada antes de cada comando)
|
||||
- name: Push Backoffice Tags
|
||||
run: |
|
||||
# Garante que o diretório existe e o arquivo está atualizado
|
||||
docker tag ${{ env.REGISTRY }}/bohessefm/backoffice:${{ github.sha }} ${{ env.REGISTRY }}/bohessefm/backoffice:latest
|
||||
|
||||
AUTH=$(echo -n "bohessefm:${{ secrets.FORGEJO_TOKEN }}" | base64 | tr -d '\n')
|
||||
mkdir -p $HOME/.docker
|
||||
echo "{\"auths\":{\"${{ env.REGISTRY }}\":{\"auth\":\"$AUTH\"}}}" > $HOME/.docker/config.json
|
||||
|
||||
docker tag ${{ env.REGISTRY }}/bohessefm/backoffice:${{ github.sha }} ${{ env.REGISTRY }}/bohessefm/backoffice:latest
|
||||
docker push ${{ env.REGISTRY }}/bohessefm/backoffice:${{ github.sha }}
|
||||
|
||||
sleep 2
|
||||
|
||||
echo "{\"auths\":{\"${{ env.REGISTRY }}\":{\"auth\":\"$AUTH\"}}}" > $HOME/.docker/config.json
|
||||
docker push ${{ env.REGISTRY }}/bohessefm/backoffice:latest
|
||||
|
||||
deploy-to-k3s:
|
||||
needs: build-and-push
|
||||
runs-on: docker-ready
|
||||
env:
|
||||
REGISTRY: pipe.gohorsejobs.com
|
||||
defaults:
|
||||
run:
|
||||
shell: sh
|
||||
|
|
@ -98,28 +103,33 @@ jobs:
|
|||
chmod 600 $HOME/.kube/config
|
||||
export KUBECONFIG=$HOME/.kube/config
|
||||
|
||||
# Garante o Namespace
|
||||
kubectl create namespace gohorsejobsdev --dry-run=client -o yaml | kubectl apply -f -
|
||||
|
||||
# O segredo que o K3s usa é exatamente o que injetamos no Docker acima
|
||||
# Recria o Image Pull Secret de forma limpa (sem pipe)
|
||||
kubectl -n gohorsejobsdev delete secret forgejo-registry --ignore-not-found
|
||||
kubectl -n gohorsejobsdev create secret docker-registry forgejo-registry \
|
||||
--docker-server=${{ env.REGISTRY }} \
|
||||
--docker-username=bohessefm \
|
||||
--docker-password='${{ secrets.FORGEJO_TOKEN }}' \
|
||||
--dry-run=client -o yaml | kubectl apply -f -
|
||||
--docker-server="${{ env.REGISTRY }}" \
|
||||
--docker-username="bohessefm" \
|
||||
--docker-password="${{ secrets.FORGEJO_TOKEN }}"
|
||||
|
||||
# Recria os Secrets do Backend com aspas duplas para proteger os valores
|
||||
kubectl -n gohorsejobsdev delete secret backend-secrets --ignore-not-found
|
||||
kubectl -n gohorsejobsdev create secret generic backend-secrets \
|
||||
--from-literal=MTU='${{ vars.MTU }}' \
|
||||
--from-literal=JWT_SECRET='${{ vars.JWT_SECRET }}' \
|
||||
--from-literal=AMQP_URL='${{ vars.AMQP_URL }}' \
|
||||
--from-literal=DATABASE_URL='${{ vars.DATABASE_URL }}'
|
||||
--from-literal=MTU="${{ vars.MTU }}" \
|
||||
--from-literal=JWT_SECRET="${{ vars.JWT_SECRET }}" \
|
||||
--from-literal=AMQP_URL="${{ vars.AMQP_URL }}" \
|
||||
--from-literal=DATABASE_URL="${{ vars.DATABASE_URL }}"
|
||||
|
||||
# Aplica os manifestos
|
||||
kubectl apply -f k8s/dev/ -n gohorsejobsdev
|
||||
|
||||
# Atualiza as imagens nos deployments para o SHA específico
|
||||
kubectl -n gohorsejobsdev set image deployment/gohorse-backend-dev backend=${{ env.REGISTRY }}/bohessefm/gohorsejobs:${{ github.sha }}
|
||||
kubectl -n gohorsejobsdev set image deployment/gohorse-backoffice-dev backoffice=${{ env.REGISTRY }}/bohessefm/backoffice:${{ github.sha }}
|
||||
|
||||
kubectl delete pod -n gohorsejobsdev -l app=gohorse-backend-dev --force --grace-period=0
|
||||
kubectl delete pod -n gohorsejobsdev -l app=gohorse-backoffice-dev --force --grace-period=0
|
||||
# Força o reinício dos pods (Uso de || true para não falhar se não houver pods)
|
||||
kubectl delete pod -n gohorsejobsdev -l app=gohorse-backend-dev --force --grace-period=0 || true
|
||||
kubectl delete pod -n gohorsejobsdev -l app=gohorse-backoffice-dev --force --grace-period=0 || true
|
||||
|
||||
echo "Deploy finalizado com sucesso!"
|
||||
Loading…
Reference in a new issue