From adfc8386fee07b530112a7338dead51669f72199 Mon Sep 17 00:00:00 2001
From: bohessefm <bohessefm@gmail.com>
Date: Sat, 21 Feb 2026 13:25:41 +0000
Subject: [PATCH] Update .forgejo/workflows/deploy.yaml

---
 .forgejo/workflows/deploy.yaml | 25 ++++++++++++++-----------
 1 file changed, 14 insertions(+), 11 deletions(-)

diff --git a/.forgejo/workflows/deploy.yaml b/.forgejo/workflows/deploy.yaml
index 7790a6e..99283a0 100644
--- a/.forgejo/workflows/deploy.yaml
+++ b/.forgejo/workflows/deploy.yaml
@@ -66,15 +66,7 @@ jobs:
           grep -vE "resourceVersion|uid|creationTimestamp|namespace" | \
           kubectl apply --namespace=${{ env.NAMESPACE }} -f -
 
-          # 3. Limpeza da Chave RSA
-          RSA_CONTENT="${{ secrets.RSA_PRIVATE_KEY_BASE64 || vars.RSA_PRIVATE_KEY_BASE64 }}"
-          if [ -n "$RSA_CONTENT" ]; then
-            echo "$RSA_CONTENT" | tr -d '\r\n ' > /tmp/rsa_clean_base64.txt
-            base64 -d /tmp/rsa_clean_base64.txt > /tmp/rsa_key.pem || cp /tmp/rsa_clean_base64.txt /tmp/rsa_key.pem
-          fi
-
-          # 4. Geração do arquivo de ambiente de forma compatível com YAML
-          # Usando printf para evitar problemas com o parser de Heredoc do GitHub
+          # 3. Geração do arquivo de ambiente (Variáveis de texto)
           printf "MTU=%s\n" "${{ vars.MTU }}" > .env.backend
           printf "DATABASE_URL=%s\n" "${{ vars.DATABASE_URL }}" >> .env.backend
           printf "AMQP_URL=%s\n" "${{ vars.AMQP_URL }}" >> .env.backend
@@ -93,12 +85,23 @@ jobs:
           printf "AWS_ACCESS_KEY_ID=%s\n" "${{ vars.AWS_ACCESS_KEY_ID }}" >> .env.backend
           printf "AWS_SECRET_ACCESS_KEY=%s\n" "${{ vars.AWS_SECRET_ACCESS_KEY }}" >> .env.backend
 
-          # Aplica a secret lendo o arquivo
+          # 4. Cria a secret baseada nas variáveis primeiro
           kubectl create secret generic backend-secrets -n ${{ env.NAMESPACE }} \
             --from-env-file=.env.backend \
-            $( [ -f /tmp/rsa_key.pem ] && echo "--from-file=private_key.pem=/tmp/rsa_key.pem" ) \
             --dry-run=client -o yaml | kubectl apply -f -
 
+          # 5. Adiciona a chave RSA separadamente (se existir) para evitar o erro de combinação
+          RSA_CONTENT="${{ secrets.RSA_PRIVATE_KEY_BASE64 || vars.RSA_PRIVATE_KEY_BASE64 }}"
+          if [ -n "$RSA_CONTENT" ]; then
+            echo "$RSA_CONTENT" | tr -d '\r\n ' > /tmp/rsa_clean_base64.txt
+            if base64 -d /tmp/rsa_clean_base64.txt > /tmp/rsa_key.pem 2>/dev/null; then
+               # Adiciona o arquivo .pem na secret já existente usando set data
+               kubectl create secret generic backend-secrets -n ${{ env.NAMESPACE }} \
+                 --from-file=private_key.pem=/tmp/rsa_key.pem \
+                 --dry-run=client -o yaml | kubectl apply -f -
+            fi
+          fi
+
       - name: Deploy to K3s
         run: |
           kubectl apply -f k8s/dev/ -n ${{ env.NAMESPACE }}