diff --git a/.forgejo/workflows/deploy.yaml b/.forgejo/workflows/deploy.yaml index 0206dd3..bbdf7d3 100644 --- a/.forgejo/workflows/deploy.yaml +++ b/.forgejo/workflows/deploy.yaml @@ -36,18 +36,19 @@ jobs: provenance: false tags: ${{ env.REGISTRY }}/bohessefm/gohorsejobs:${{ github.sha }} - # Push do Backend com Injeção Manual de Auth + # Push do Backend (Auth renovada antes de cada comando) - name: Push Backend Tags run: | - # Gera o Auth em Base64 (estilo Kubernetes) + docker tag ${{ env.REGISTRY }}/bohessefm/gohorsejobs:${{ github.sha }} ${{ env.REGISTRY }}/bohessefm/gohorsejobs:latest + AUTH=$(echo -n "bohessefm:${{ secrets.FORGEJO_TOKEN }}" | base64 | tr -d '\n') mkdir -p $HOME/.docker - # Escreve o config.json na força bruta echo "{\"auths\":{\"${{ env.REGISTRY }}\":{\"auth\":\"$AUTH\"}}}" > $HOME/.docker/config.json - - docker tag ${{ env.REGISTRY }}/bohessefm/gohorsejobs:${{ github.sha }} ${{ env.REGISTRY }}/bohessefm/gohorsejobs:latest docker push ${{ env.REGISTRY }}/bohessefm/gohorsejobs:${{ github.sha }} + sleep 2 + + echo "{\"auths\":{\"${{ env.REGISTRY }}\":{\"auth\":\"$AUTH\"}}}" > $HOME/.docker/config.json docker push ${{ env.REGISTRY }}/bohessefm/gohorsejobs:latest # Build do Backoffice @@ -60,22 +61,26 @@ jobs: provenance: false tags: ${{ env.REGISTRY }}/bohessefm/backoffice:${{ github.sha }} - # Push do Backoffice com Injeção Manual de Auth (Blindado contra 401) + # Push do Backoffice (Auth renovada antes de cada comando) - name: Push Backoffice Tags run: | - # Garante que o diretório existe e o arquivo está atualizado + docker tag ${{ env.REGISTRY }}/bohessefm/backoffice:${{ github.sha }} ${{ env.REGISTRY }}/bohessefm/backoffice:latest + AUTH=$(echo -n "bohessefm:${{ secrets.FORGEJO_TOKEN }}" | base64 | tr -d '\n') mkdir -p $HOME/.docker echo "{\"auths\":{\"${{ env.REGISTRY }}\":{\"auth\":\"$AUTH\"}}}" > $HOME/.docker/config.json - - docker tag ${{ env.REGISTRY }}/bohessefm/backoffice:${{ github.sha }} ${{ env.REGISTRY }}/bohessefm/backoffice:latest docker push ${{ env.REGISTRY }}/bohessefm/backoffice:${{ github.sha }} + sleep 2 + + echo "{\"auths\":{\"${{ env.REGISTRY }}\":{\"auth\":\"$AUTH\"}}}" > $HOME/.docker/config.json docker push ${{ env.REGISTRY }}/bohessefm/backoffice:latest deploy-to-k3s: needs: build-and-push runs-on: docker-ready + env: + REGISTRY: pipe.gohorsejobs.com defaults: run: shell: sh @@ -98,28 +103,33 @@ jobs: chmod 600 $HOME/.kube/config export KUBECONFIG=$HOME/.kube/config + # Garante o Namespace kubectl create namespace gohorsejobsdev --dry-run=client -o yaml | kubectl apply -f - - # O segredo que o K3s usa é exatamente o que injetamos no Docker acima + # Recria o Image Pull Secret de forma limpa (sem pipe) + kubectl -n gohorsejobsdev delete secret forgejo-registry --ignore-not-found kubectl -n gohorsejobsdev create secret docker-registry forgejo-registry \ - --docker-server=${{ env.REGISTRY }} \ - --docker-username=bohessefm \ - --docker-password='${{ secrets.FORGEJO_TOKEN }}' \ - --dry-run=client -o yaml | kubectl apply -f - + --docker-server="${{ env.REGISTRY }}" \ + --docker-username="bohessefm" \ + --docker-password="${{ secrets.FORGEJO_TOKEN }}" + # Recria os Secrets do Backend com aspas duplas para proteger os valores kubectl -n gohorsejobsdev delete secret backend-secrets --ignore-not-found kubectl -n gohorsejobsdev create secret generic backend-secrets \ - --from-literal=MTU='${{ vars.MTU }}' \ - --from-literal=JWT_SECRET='${{ vars.JWT_SECRET }}' \ - --from-literal=AMQP_URL='${{ vars.AMQP_URL }}' \ - --from-literal=DATABASE_URL='${{ vars.DATABASE_URL }}' + --from-literal=MTU="${{ vars.MTU }}" \ + --from-literal=JWT_SECRET="${{ vars.JWT_SECRET }}" \ + --from-literal=AMQP_URL="${{ vars.AMQP_URL }}" \ + --from-literal=DATABASE_URL="${{ vars.DATABASE_URL }}" + # Aplica os manifestos kubectl apply -f k8s/dev/ -n gohorsejobsdev + # Atualiza as imagens nos deployments para o SHA específico kubectl -n gohorsejobsdev set image deployment/gohorse-backend-dev backend=${{ env.REGISTRY }}/bohessefm/gohorsejobs:${{ github.sha }} kubectl -n gohorsejobsdev set image deployment/gohorse-backoffice-dev backoffice=${{ env.REGISTRY }}/bohessefm/backoffice:${{ github.sha }} - kubectl delete pod -n gohorsejobsdev -l app=gohorse-backend-dev --force --grace-period=0 - kubectl delete pod -n gohorsejobsdev -l app=gohorse-backoffice-dev --force --grace-period=0 + # Força o reinício dos pods (Uso de || true para não falhar se não houver pods) + kubectl delete pod -n gohorsejobsdev -l app=gohorse-backend-dev --force --grace-period=0 || true + kubectl delete pod -n gohorsejobsdev -l app=gohorse-backoffice-dev --force --grace-period=0 || true echo "Deploy finalizado com sucesso!" \ No newline at end of file