ajuste no drone.yml

2025-12-12 00:27:19 -03:00 · 2025-12-12 00:27:19 -03:00 · 832798b9e8
commit 832798b9e8
parent c32e5a0d96
2 changed files with 28 additions and 8 deletions
--- a/.drone.yml
+++ b/.drone.yml
@ -3,9 +3,6 @@ type: kubernetes
 name: deploy-backend

 steps:
-  # ---------------------------------------------------------------
-  # ETAPA 1 - BUILD + PUSH USANDO PLUGIN DOCKER (SEM KANIKO)
-  # ---------------------------------------------------------------
  - name: build-and-push-backend
    image: plugins/docker:latest
    settings:
@ -23,9 +20,31 @@ steps:
      password:
        from_secret: HARBOR_PASSWORD

-  # ---------------------------------------------------------------
-  # ETAPA 2 - DEPLOY BACKEND NO K3S
-  # ---------------------------------------------------------------
+  - name: export-infisical-to-k8s
+    image: infisical/infisical:latest
+    environment:
+      INFISICAL_TOKEN:
+        from_secret: INFISICAL_TOKEN
+      KUBERNETES_SERVER:
+        from_secret: K3S_SERVER
+      KUBERNETES_CA:
+        from_secret: K3S_CA_CERT
+      KUBERNETES_CLIENT_CERT:
+        from_secret: K3S_CLIENT_CERT
+      KUBERNETES_CLIENT_KEY:
+        from_secret: K3S_CLIENT_KEY
+    commands:
+      - infisical export --env=production --format=dotenv > .env.k8s
+      - echo "$KUBERNETES_CA" | base64 -d > /tmp/ca.crt
+      - echo "$KUBERNETES_CLIENT_CERT" | base64 -d > /tmp/client.crt
+      - echo "$KUBERNETES_CLIENT_KEY" | base64 -d > /tmp/client.key
+      - kubectl config set-cluster k3s --server="${KUBERNETES_SERVER}" --certificate-authority=/tmp/ca.crt
+      - kubectl config set-credentials drone --client-certificate=/tmp/client.crt --client-key=/tmp/client.key
+      - kubectl config set-context drone-context --cluster=k3s --namespace=gohorsejobs --user=drone
+      - kubectl config use-context drone-context
+      - kubectl -n gohorsejobs delete secret backend-secrets --ignore-not-found
+      - kubectl -n gohorsejobs create secret generic backend-secrets --from-env-file=.env.k8s
+
  - name: deploy-backend
    image: bitnami/kubectl:latest
    environment:
--- a/k8s/backend-deployment.yaml
+++ b/k8s/backend-deployment.yaml
@ -8,12 +8,10 @@ spec:
  selector:
    matchLabels:
      app: gohorse-backend
-
  template:
    metadata:
      labels:
        app: gohorse-backend
-
    spec:
      containers:
        - name: backend
@ -24,5 +22,8 @@ spec:
          env:
            - name: NODE_ENV
              value: "production"
+          envFrom:
+            - secretRef:
+                name: backend-secrets # O nome do Secret criado no seu pipeline com as variáveis do Infisical
      imagePullSecrets:
        - name: harbor-registry