rede5/gohorsejobs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

Update .forgejo/workflows/deploy.yaml

Browse source
This commit is contained in:
bohessefm 2026-02-18 23:31:40 +00:00
parent 4ec574d66a
commit a1091f0ee6
1 changed files with 29 additions and 66 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

95
.forgejo/workflows/deploy.yaml
View file

@ -23,7 +23,6 @@ jobs:
- name: Build & Push Backend - name: Build & Push Backend
run: | run: |
# Build usando SHA para imutabilidade e latest para conveniência
docker build -t ${{ env.REGISTRY }}/${{ env.IMAGE_NAMESPACE }}/gohorsejobs:${{ github.sha }} \ docker build -t ${{ env.REGISTRY }}/${{ env.IMAGE_NAMESPACE }}/gohorsejobs:${{ github.sha }} \
-t ${{ env.REGISTRY }}/${{ env.IMAGE_NAMESPACE }}/gohorsejobs:latest ./backend -t ${{ env.REGISTRY }}/${{ env.IMAGE_NAMESPACE }}/gohorsejobs:latest ./backend
docker push ${{ env.REGISTRY }}/${{ env.IMAGE_NAMESPACE }}/gohorsejobs:${{ github.sha }} docker push ${{ env.REGISTRY }}/${{ env.IMAGE_NAMESPACE }}/gohorsejobs:${{ github.sha }}
@ -60,90 +59,54 @@ jobs:
run: | run: |
kubectl create namespace gohorsejobsdev --dry-run=client -o yaml | kubectl apply -f - kubectl create namespace gohorsejobsdev --dry-run=client -o yaml | kubectl apply -f -
# Sincroniza Registry Secret
kubectl get secret forgejo-registry-secret --namespace=forgejo -o yaml | \ kubectl get secret forgejo-registry-secret --namespace=forgejo -o yaml | \
sed 's/namespace: forgejo/namespace: gohorsejobsdev/' | \ sed 's/namespace: forgejo/namespace: gohorsejobsdev/' | \
kubectl apply -f - --force kubectl apply -f - --force
# Injeta variáveis (Lembre-se de mudar DATABASE_URL para sslmode=disable no Forgejo!)
kubectl delete secret backend-secrets -n gohorsejobsdev --ignore-not-found kubectl delete secret backend-secrets -n gohorsejobsdev --ignore-not-found
# Prepare RSA key file if available (prefer secrets over vars) # LIMPEZA CRÍTICA DA CHAVE
# AJUSTE: Limpando espaços que causam erro de UTF-8
RAW_KEY="${{ secrets.RSA_PRIVATE_KEY_BASE64 || vars.RSA_PRIVATE_KEY_BASE64 }}" RAW_KEY="${{ secrets.RSA_PRIVATE_KEY_BASE64 || vars.RSA_PRIVATE_KEY_BASE64 }}"
CLEAN_KEY=$(echo "$RAW_KEY" | tr -d '[:space:]') CLEAN_KEY=$(echo "$RAW_KEY" | tr -d '[:space:]')
if [ -n "$CLEAN_KEY" ]; then # CONSTRUÇÃO DO SECRET (Misturando stringData para texto e data para a chave binária)
echo "Decoding RSA_PRIVATE_KEY_BASE64" cat <<EOF | kubectl apply -f -
echo "$CLEAN_KEY" > /tmp/rsa_key.base64 apiVersion: v1
base64 -d /tmp/rsa_key.base64 > /tmp/rsa_key.pem 2>/dev/null || cp /tmp/rsa_key.base64 /tmp/rsa_key.pem kind: Secret
fi metadata:
name: backend-secrets
# Create secret: if rsa file exists, create secret from file (robust); otherwise fallback to from-literal namespace: gohorsejobsdev
if [ -f /tmp/rsa_key.pem ]; then type: Opaque
# AJUSTE: Usando stringData para evitar erro gRPC de marshaling stringData:
cat <<EOF | kubectl apply -f - MTU: "${{ vars.MTU }}"
apiVersion: v1 DATABASE_URL: "${{ vars.DATABASE_URL }}"
kind: Secret AMQP_URL: "${{ vars.AMQP_URL }}"
metadata: JWT_SECRET: "${{ vars.JWT_SECRET }}"
name: backend-secrets JWT_EXPIRATION: "${{ vars.JWT_EXPIRATION }}"
namespace: gohorsejobsdev PASSWORD_PEPPER: "${{ vars.PASSWORD_PEPPER }}"
type: Opaque COOKIE_SECRET: "${{ vars.COOKIE_SECRET }}"
stringData: COOKIE_DOMAIN: "${{ vars.COOKIE_DOMAIN }}"
MTU: "${{ vars.MTU }}" BACKEND_PORT: "${{ vars.BACKEND_PORT }}"
DATABASE_URL: "${{ vars.DATABASE_URL }}" BACKEND_HOST: "${{ vars.BACKEND_HOST }}"
AMQP_URL: "${{ vars.AMQP_URL }}" ENV: "${{ vars.ENV }}"
JWT_SECRET: "${{ vars.JWT_SECRET }}" CORS_ORIGINS: "${{ vars.CORS_ORIGINS }}"
JWT_EXPIRATION: "${{ vars.JWT_EXPIRATION }}" S3_BUCKET: "${{ vars.S3_BUCKET }}"
PASSWORD_PEPPER: "${{ vars.PASSWORD_PEPPER }}" AWS_REGION: "${{ vars.AWS_REGION }}"
COOKIE_SECRET: "${{ vars.COOKIE_SECRET }}" AWS_ENDPOINT: "${{ vars.AWS_ENDPOINT }}"
COOKIE_DOMAIN: "${{ vars.COOKIE_DOMAIN }}" AWS_ACCESS_KEY_ID: "${{ vars.AWS_ACCESS_KEY_ID }}"
BACKEND_PORT: "${{ vars.BACKEND_PORT }}" AWS_SECRET_ACCESS_KEY: "${{ vars.AWS_SECRET_ACCESS_KEY }}"
BACKEND_HOST: "${{ vars.BACKEND_HOST }}" data:
ENV: "${{ vars.ENV }}" private_key.pem: "$CLEAN_KEY"
CORS_ORIGINS: "${{ vars.CORS_ORIGINS }}"
S3_BUCKET: "${{ vars.S3_BUCKET }}"
AWS_REGION: "${{ vars.AWS_REGION }}"
AWS_ENDPOINT: "${{ vars.AWS_ENDPOINT }}"
AWS_ACCESS_KEY_ID: "${{ vars.AWS_ACCESS_KEY_ID }}"
AWS_SECRET_ACCESS_KEY: "${{ vars.AWS_SECRET_ACCESS_KEY }}"
private_key.pem: |
$(cat /tmp/rsa_key.pem)
EOF EOF
else
kubectl create secret generic backend-secrets -n gohorsejobsdev \
--from-literal=MTU="${{ vars.MTU }}" \
--from-literal=DATABASE_URL="${{ vars.DATABASE_URL }}" \
--from-literal=AMQP_URL="${{ vars.AMQP_URL }}" \
--from-literal=JWT_SECRET="${{ vars.JWT_SECRET }}" \
--from-literal=JWT_EXPIRATION="${{ vars.JWT_EXPIRATION }}" \
--from-literal=PASSWORD_PEPPER="${{ vars.PASSWORD_PEPPER }}" \
--from-literal=COOKIE_SECRET="${{ vars.COOKIE_SECRET }}" \
--from-literal=COOKIE_DOMAIN="${{ vars.COOKIE_DOMAIN }}" \
--from-literal=BACKEND_PORT="${{ vars.BACKEND_PORT }}" \
--from-literal=BACKEND_HOST="${{ vars.BACKEND_HOST }}" \
--from-literal=ENV="${{ vars.ENV }}" \
--from-literal=CORS_ORIGINS="${{ vars.CORS_ORIGINS }}" \
--from-literal=S3_BUCKET="${{ vars.S3_BUCKET }}" \
--from-literal=AWS_REGION="${{ vars.AWS_REGION }}" \
--from-literal=AWS_ENDPOINT="${{ vars.AWS_ENDPOINT }}" \
--from-literal=AWS_ACCESS_KEY_ID="${{ vars.AWS_ACCESS_KEY_ID }}" \
--from-literal=AWS_SECRET_ACCESS_KEY="${{ vars.AWS_SECRET_ACCESS_KEY }}" \
--from-literal=RSA_PRIVATE_KEY_BASE64="$CLEAN_KEY" \
--dry-run=client -o yaml | kubectl apply -f -
fi
- name: Deploy to K3s - name: Deploy to K3s
run: | run: |
kubectl apply -f k8s/dev/ -n gohorsejobsdev kubectl apply -f k8s/dev/ -n gohorsejobsdev
# Vincula o deployment ao SHA específico para garantir que o Pull ocorra corretamente
kubectl -n gohorsejobsdev set image deployment/gohorse-backend-dev backend=${{ env.REGISTRY }}/${{ env.IMAGE_NAMESPACE }}/gohorsejobs:${{ github.sha }} kubectl -n gohorsejobsdev set image deployment/gohorse-backend-dev backend=${{ env.REGISTRY }}/${{ env.IMAGE_NAMESPACE }}/gohorsejobs:${{ github.sha }}
kubectl -n gohorsejobsdev set image deployment/gohorse-backoffice-dev backoffice=${{ env.REGISTRY }}/${{ env.IMAGE_NAMESPACE }}/backoffice:${{ github.sha }} kubectl -n gohorsejobsdev set image deployment/gohorse-backoffice-dev backoffice=${{ env.REGISTRY }}/${{ env.IMAGE_NAMESPACE }}/backoffice:${{ github.sha }}
# Força o restart para carregar os novos valores do secret backend-secrets
kubectl -n gohorsejobsdev rollout restart deployment/gohorse-backend-dev kubectl -n gohorsejobsdev rollout restart deployment/gohorse-backend-dev
kubectl -n gohorsejobsdev rollout restart deployment/gohorse-backoffice-dev kubectl -n gohorsejobsdev rollout restart deployment/gohorse-backoffice-dev
# Aguarda estabilização
kubectl -n gohorsejobsdev rollout status deployment/gohorse-backend-dev --timeout=120s kubectl -n gohorsejobsdev rollout status deployment/gohorse-backend-dev --timeout=120s