diff --git a/.forgejo/workflows/deploy.yaml b/.forgejo/workflows/deploy.yaml index d747af8..18cb942 100644 --- a/.forgejo/workflows/deploy.yaml +++ b/.forgejo/workflows/deploy.yaml @@ -14,10 +14,6 @@ env: jobs: build-and-push: runs-on: [self-hosted, linux-amd64] - defaults: - run: - shell: sh - steps: - name: Checkout code uses: actions/checkout@v4 @@ -31,16 +27,12 @@ jobs: run: | docker build -t ${{ env.REGISTRY }}/${{ env.IMAGE_NAMESPACE }}/gohorsejobs:${{ github.sha }} \ -t ${{ env.REGISTRY }}/${{ env.IMAGE_NAMESPACE }}/gohorsejobs:latest ./backend - - docker push --quiet ${{ env.REGISTRY }}/${{ env.IMAGE_NAMESPACE }}/gohorsejobs:${{ github.sha }} docker push --quiet ${{ env.REGISTRY }}/${{ env.IMAGE_NAMESPACE }}/gohorsejobs:latest - name: Build & Push Backoffice run: | docker build -t ${{ env.REGISTRY }}/${{ env.IMAGE_NAMESPACE }}/backoffice:${{ github.sha }} \ -t ${{ env.REGISTRY }}/${{ env.IMAGE_NAMESPACE }}/backoffice:latest ./backoffice - - docker push --quiet ${{ env.REGISTRY }}/${{ env.IMAGE_NAMESPACE }}/backoffice:${{ github.sha }} docker push --quiet ${{ env.REGISTRY }}/${{ env.IMAGE_NAMESPACE }}/backoffice:latest deploy: @@ -48,7 +40,6 @@ jobs: runs-on: [self-hosted, linux-amd64] steps: - name: Install Deploy Tools - # Baixa o kubectl oficial para evitar erro de pacote no Alpine run: | apk add --no-cache curl ca-certificates curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" @@ -59,32 +50,47 @@ jobs: uses: actions/checkout@v4 - name: Configure Kubeconfig - # Cria o arquivo de acesso usando o Secret que você configurou no Forgejo run: | mkdir -p ~/.kube echo "${{ secrets.KUBE_CONFIG }}" > ~/.kube/config chmod 600 ~/.kube/config - - name: Sync Registry Secret - # Garante que o segredo de pull da imagem exista no namespace de destino + - name: Sync Environment and Secrets run: | kubectl create namespace gohorsejobsdev --dry-run=client -o yaml | kubectl apply -f - + # 1. Sincroniza o Registry Secret kubectl get secret forgejo-registry-secret --namespace=forgejo -o yaml | \ sed 's/namespace: forgejo/namespace: gohorsejobsdev/' | \ - kubectl apply -f - || echo "Aviso: Falha ao sincronizar secret, prosseguindo..." + kubectl apply -f - || echo "Aviso: Falha ao sincronizar registry secret" + + # 2. Cria/Atualiza o Secret de Variáveis (backend-secrets) + # Aqui injetamos todas as variáveis que aparecem no seu print + kubectl create secret generic backend-secrets -n gohorsejobsdev \ + --from-literal=MTU="${{ vars.MTU }}" \ + --from-literal=DATABASE_URL="${{ vars.DATABASE_URL }}" \ + --from-literal=AMQP_URL="${{ vars.AMQP_URL }}" \ + --from-literal=JWT_SECRET="${{ vars.JWT_SECRET }}" \ + --from-literal=JWT_EXPIRATION="${{ vars.JWT_EXPIRATION }}" \ + --from-literal=COOKIE_SECRET="${{ vars.COOKIE_SECRET }}" \ + --from-literal=BACKEND_PORT="${{ vars.BACKEND_PORT }}" \ + --from-literal=BACKEND_HOST="${{ vars.BACKEND_HOST }}" \ + --from-literal=ENV="${{ vars.ENV }}" \ + --dry-run=client -o yaml | kubectl apply -f - - name: Deploy to K3s run: | - # Aplica os arquivos YAML da pasta k8s/dev kubectl apply -f k8s/dev/ -n gohorsejobsdev - # Atualiza os deployments para as imagens buildadas neste commit específico + # Atualiza as imagens para o novo commit kubectl -n gohorsejobsdev set image deployment/gohorse-backend-dev \ backend=${{ env.REGISTRY }}/${{ env.IMAGE_NAMESPACE }}/gohorsejobs:${{ github.sha }} kubectl -n gohorsejobsdev set image deployment/gohorse-backoffice-dev \ backoffice=${{ env.REGISTRY }}/${{ env.IMAGE_NAMESPACE }}/backoffice:${{ github.sha }} - # Aguarda a conclusão para garantir que o serviço subiu + # Força o restart para garantir que leiam as variáveis novas do Secret + kubectl -n gohorsejobsdev rollout restart deployment/gohorse-backend-dev + kubectl -n gohorsejobsdev rollout restart deployment/gohorse-backoffice-dev + kubectl -n gohorsejobsdev rollout status deployment/gohorse-backend-dev --timeout=120s \ No newline at end of file diff --git a/k8s/dev/backend-deployment-dev.yaml b/k8s/dev/backend-deployment-dev.yaml index 1ee0730..c6953bf 100644 --- a/k8s/dev/backend-deployment-dev.yaml +++ b/k8s/dev/backend-deployment-dev.yaml @@ -5,6 +5,9 @@ metadata: namespace: gohorsejobsdev spec: replicas: 1 + # ESTRATÉGIA: Mata o pod antigo antes de iniciar o novo (ideal para pouca RAM) + strategy: + type: Recreate selector: matchLabels: app: gohorse-backend-dev @@ -14,13 +17,14 @@ spec: app: gohorse-backend-dev env: development spec: + # Tempo para o pod antigo desligar (padrão é 30s, reduzimos para 10s) + terminationGracePeriodSeconds: 10 imagePullSecrets: - name: forgejo-registry-secret initContainers: - name: set-mtu - image: busybox - # CORREÇÃO: Usando a sintaxe $(VAR) para o K8s injetar a variável no comando - command: ['sh', '-c', 'ifconfig eth0 mtu $(MTU_VALUE) || true'] + image: busybox:latest + command: ['sh', '-c', 'ifconfig eth0 mtu ${MTU_VALUE} || true'] env: - name: MTU_VALUE valueFrom: @@ -40,7 +44,7 @@ spec: name: backend-secrets resources: requests: - memory: "256Mi" # Reduzi um pouco para evitar despejo (Eviction) + memory: "256Mi" cpu: "100m" limits: memory: "1024Mi" @@ -49,11 +53,11 @@ spec: httpGet: path: /health port: 8521 - initialDelaySeconds: 30 # Aumentado para dar tempo de conectar no banco + initialDelaySeconds: 45 # Aumentado para evitar restart loop inicial periodSeconds: 20 readinessProbe: httpGet: path: /health port: 8521 - initialDelaySeconds: 15 # Aumentado para o app estabilizar + initialDelaySeconds: 20 periodSeconds: 10 \ No newline at end of file diff --git a/k8s/dev/backoffice-deployment-dev.yaml b/k8s/dev/backoffice-deployment-dev.yaml index b9be3fb..4128e2a 100644 --- a/k8s/dev/backoffice-deployment-dev.yaml +++ b/k8s/dev/backoffice-deployment-dev.yaml @@ -5,6 +5,9 @@ metadata: namespace: gohorsejobsdev spec: replicas: 1 + # ESTRATÉGIA: Mata o pod antigo antes de subir o novo para liberar os 2Gi de RAM + strategy: + type: Recreate selector: matchLabels: app: gohorse-backoffice-dev @@ -14,13 +17,14 @@ spec: app: gohorse-backoffice-dev env: development spec: + # Reduz o tempo de espera para desligamento forçado + terminationGracePeriodSeconds: 10 imagePullSecrets: - name: forgejo-registry-secret initContainers: - name: set-mtu - image: busybox - # CORREÇÃO: Usando $(VAR) para o Kubernetes injetar o valor corretamente - command: ['sh', '-c', 'ifconfig eth0 mtu $(MTU_VALUE) || true'] + image: busybox:latest + command: ['sh', '-c', 'ifconfig eth0 mtu ${MTU_VALUE} || true'] env: - name: MTU_VALUE valueFrom: @@ -41,10 +45,24 @@ spec: env: - name: NODE_TLS_REJECT_UNAUTHORIZED value: "0" + - name: NODE_ENV + value: "development" resources: requests: - memory: "512Mi" # Reduzi um pouco o request para facilitar o agendamento no nó + memory: "512Mi" cpu: "300m" limits: memory: "2Gi" - cpu: "800m" \ No newline at end of file + cpu: "800m" + livenessProbe: + httpGet: + path: /health + port: 3001 + initialDelaySeconds: 70 # NestJS demora mais para subir que Go + periodSeconds: 30 + readinessProbe: + httpGet: + path: /health + port: 3001 + initialDelaySeconds: 40 + periodSeconds: 15 \ No newline at end of file