rede5/gohorsejobs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

Update .forgejo/workflows/deploy.yaml

Browse source
This commit is contained in:
bohessefm 2026-02-21 13:31:22 +00:00
parent adfc8386fe
commit 742aa7fe8b
1 changed files with 43 additions and 30 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

73
.forgejo/workflows/deploy.yaml
View file

@ -58,58 +58,71 @@ jobs:
- name: Sync Secrets and Vars
run: |
# 1. Garante o namespace
# 1. Namespace
kubectl create namespace ${{ env.NAMESPACE }} --dry-run=client -o yaml | kubectl apply -f -
# 2. Sincroniza Registry Secret
# 2. Sync Registry Secret com limpeza profunda de metadata
kubectl get secret forgejo-registry-secret --namespace=forgejo -o yaml | \
grep -vE "resourceVersion|uid|creationTimestamp|namespace" | \
kubectl apply --namespace=${{ env.NAMESPACE }} -f -
# 3. Geração do arquivo de ambiente (Variáveis de texto)
printf "MTU=%s\n" "${{ vars.MTU }}" > .env.backend
printf "DATABASE_URL=%s\n" "${{ vars.DATABASE_URL }}" >> .env.backend
printf "AMQP_URL=%s\n" "${{ vars.AMQP_URL }}" >> .env.backend
printf "JWT_SECRET=%s\n" "${{ vars.JWT_SECRET }}" >> .env.backend
printf "JWT_EXPIRATION=%s\n" "${{ vars.JWT_EXPIRATION }}" >> .env.backend
printf "PASSWORD_PEPPER=%s\n" "${{ vars.PASSWORD_PEPPER }}" >> .env.backend
printf "COOKIE_SECRET=%s\n" "${{ vars.COOKIE_SECRET }}" >> .env.backend
printf "COOKIE_DOMAIN=%s\n" "${{ vars.COOKIE_DOMAIN }}" >> .env.backend
printf "BACKEND_PORT=%s\n" "${{ vars.BACKEND_PORT }}" >> .env.backend
printf "BACKEND_HOST=%s\n" "${{ vars.BACKEND_HOST }}" >> .env.backend
printf "ENV=%s\n" "${{ vars.ENV }}" >> .env.backend
printf "CORS_ORIGINS=%s\n" "${{ vars.CORS_ORIGINS }}" >> .env.backend
printf "S3_BUCKET=%s\n" "${{ vars.S3_BUCKET }}" >> .env.backend
printf "AWS_REGION=%s\n" "${{ vars.AWS_REGION }}" >> .env.backend
printf "AWS_ENDPOINT=%s\n" "${{ vars.AWS_ENDPOINT }}" >> .env.backend
printf "AWS_ACCESS_KEY_ID=%s\n" "${{ vars.AWS_ACCESS_KEY_ID }}" >> .env.backend
printf "AWS_SECRET_ACCESS_KEY=%s\n" "${{ vars.AWS_SECRET_ACCESS_KEY }}" >> .env.backend
# 3. Geração do arquivo .env (SOMENTE VARIÁVEIS CURTAS)
# O uso de 'EOF' evita que o shell interprete caracteres especiais das vars
cat <<'EOF' > .env.backend
MTU=${{ vars.MTU }}
DATABASE_URL=${{ vars.DATABASE_URL }}
AMQP_URL=${{ vars.AMQP_URL }}
JWT_SECRET=${{ vars.JWT_SECRET }}
JWT_EXPIRATION=${{ vars.JWT_EXPIRATION }}
PASSWORD_PEPPER=${{ vars.PASSWORD_PEPPER }}
COOKIE_SECRET=${{ vars.COOKIE_SECRET }}
COOKIE_DOMAIN=${{ vars.COOKIE_DOMAIN }}
BACKEND_PORT=${{ vars.BACKEND_PORT }}
BACKEND_HOST=${{ vars.BACKEND_HOST }}
ENV=${{ vars.ENV }}
CORS_ORIGINS=${{ vars.CORS_ORIGINS }}
S3_BUCKET=${{ vars.S3_BUCKET }}
AWS_REGION=${{ vars.AWS_REGION }}
AWS_ENDPOINT=${{ vars.AWS_ENDPOINT }}
AWS_ACCESS_KEY_ID=${{ vars.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY=${{ vars.AWS_SECRET_ACCESS_KEY }}
EOF
# 4. Cria a secret baseada nas variáveis primeiro
# 4. Aplica as variáveis de ambiente
kubectl create secret generic backend-secrets -n ${{ env.NAMESPACE }} \
--from-env-file=.env.backend \
--dry-run=client -o yaml | kubectl apply -f -
# 5. Adiciona a chave RSA separadamente (se existir) para evitar o erro de combinação
RSA_CONTENT="${{ secrets.RSA_PRIVATE_KEY_BASE64 || vars.RSA_PRIVATE_KEY_BASE64 }}"
if [ -n "$RSA_CONTENT" ]; then
echo "$RSA_CONTENT" | tr -d '\r\n ' > /tmp/rsa_clean_base64.txt
if base64 -d /tmp/rsa_clean_base64.txt > /tmp/rsa_key.pem 2>/dev/null; then
# Adiciona o arquivo .pem na secret já existente usando set data
kubectl create secret generic backend-secrets -n ${{ env.NAMESPACE }} \
--from-file=private_key.pem=/tmp/rsa_key.pem \
--dry-run=client -o yaml | kubectl apply -f -
# 5. TRATAMENTO DA CHAVE RSA (O culpado do erro UTF-8)
# Extraímos a var, limpamos quebras de linha e injetamos como ARQUIVO
RSA_RAW="${{ vars.RSA_PRIVATE_KEY_BASE64 }}"
if [ -n "$RSA_RAW" ]; then
echo "$RSA_RAW" | tr -d '\r\n ' > /tmp/rsa.base64
# Tenta decodificar. Se falhar, usa o b64 puro (o app decide como ler)
if base64 -d /tmp/rsa.base64 > /tmp/key.pem 2>/dev/null; then
echo "RSA decodificada com sucesso."
else
cp /tmp/rsa.base64 /tmp/key.pem
echo "RSA mantida em formato string limpa."
fi
# Injeta o arquivo na secret existente (o apply faz o merge)
kubectl create secret generic backend-secrets -n ${{ env.NAMESPACE }} \
--from-file=private_key.pem=/tmp/key.pem \
--dry-run=client -o yaml | kubectl apply -f -
fi
- name: Deploy to K3s
run: |
kubectl apply -f k8s/dev/ -n ${{ env.NAMESPACE }}
# Garante que os deployments usem a imagem com o SHA atual
kubectl -n ${{ env.NAMESPACE }} set image deployment/gohorse-backend-dev backend=${{ env.REGISTRY }}/${{ env.IMAGE_NAMESPACE }}/gohorsejobs:${{ github.sha }}
kubectl -n ${{ env.NAMESPACE }} set image deployment/gohorse-backoffice-dev backoffice=${{ env.REGISTRY }}/${{ env.IMAGE_NAMESPACE }}/backoffice:${{ github.sha }}
# Força o restart para ler a Secret atualizada
kubectl -n ${{ env.NAMESPACE }} rollout restart deployment/gohorse-backend-dev
kubectl -n ${{ env.NAMESPACE }} rollout restart deployment/gohorse-backoffice-dev
# Aguarda estabilização
kubectl -n ${{ env.NAMESPACE }} rollout status deployment/gohorse-backend-dev --timeout=120s