Update .forgejo/workflows/deploy.yaml
This commit is contained in:
bohessefm
parent
742aa7fe8b
commit
c9f5cec84c
1 changed files with 34 additions and 60 deletions
|
|
@ -8,7 +8,6 @@ on:
|
||||||
env:
|
env:
|
||||||
REGISTRY: pipe.gohorsejobs.com
|
REGISTRY: pipe.gohorsejobs.com
|
||||||
IMAGE_NAMESPACE: bohessefm
|
IMAGE_NAMESPACE: bohessefm
|
||||||
NAMESPACE: gohorsejobsdev
|
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
build-and-push:
|
build-and-push:
|
||||||
|
|
@ -24,6 +23,7 @@ jobs:
|
||||||
|
|
||||||
- name: Build & Push Backend
|
- name: Build & Push Backend
|
||||||
run: |
|
run: |
|
||||||
|
# Build usando SHA para imutabilidade e latest para conveniência
|
||||||
docker build -t ${{ env.REGISTRY }}/${{ env.IMAGE_NAMESPACE }}/gohorsejobs:${{ github.sha }} \
|
docker build -t ${{ env.REGISTRY }}/${{ env.IMAGE_NAMESPACE }}/gohorsejobs:${{ github.sha }} \
|
||||||
-t ${{ env.REGISTRY }}/${{ env.IMAGE_NAMESPACE }}/gohorsejobs:latest ./backend
|
-t ${{ env.REGISTRY }}/${{ env.IMAGE_NAMESPACE }}/gohorsejobs:latest ./backend
|
||||||
docker push ${{ env.REGISTRY }}/${{ env.IMAGE_NAMESPACE }}/gohorsejobs:${{ github.sha }}
|
docker push ${{ env.REGISTRY }}/${{ env.IMAGE_NAMESPACE }}/gohorsejobs:${{ github.sha }}
|
||||||
|
|
@ -53,76 +53,50 @@ jobs:
|
||||||
- name: Configure Kubeconfig
|
- name: Configure Kubeconfig
|
||||||
run: |
|
run: |
|
||||||
mkdir -p ~/.kube
|
mkdir -p ~/.kube
|
||||||
echo "${{ secrets.KUBECONFIG }}" > ~/.kube/config
|
echo "${{ secrets.KUBE_CONFIG }}" > ~/.kube/config
|
||||||
chmod 600 ~/.kube/config
|
chmod 600 ~/.kube/config
|
||||||
|
|
||||||
- name: Sync Secrets and Vars
|
- name: Sync Secrets and Vars
|
||||||
run: |
|
run: |
|
||||||
# 1. Namespace
|
kubectl create namespace gohorsejobsdev --dry-run=client -o yaml | kubectl apply -f -
|
||||||
kubectl create namespace ${{ env.NAMESPACE }} --dry-run=client -o yaml | kubectl apply -f -
|
|
||||||
|
|
||||||
# 2. Sync Registry Secret com limpeza profunda de metadata
|
# Sincroniza Registry Secret
|
||||||
kubectl get secret forgejo-registry-secret --namespace=forgejo -o yaml | \
|
kubectl get secret forgejo-registry-secret --namespace=forgejo -o yaml | \
|
||||||
grep -vE "resourceVersion|uid|creationTimestamp|namespace" | \
|
sed 's/namespace: forgejo/namespace: gohorsejobsdev/' | \
|
||||||
kubectl apply --namespace=${{ env.NAMESPACE }} -f -
|
kubectl apply -f - --force
|
||||||
|
|
||||||
# 3. Geração do arquivo .env (SOMENTE VARIÁVEIS CURTAS)
|
# Injeta variáveis (Lembre-se de mudar DATABASE_URL para sslmode=disable no Forgejo!)
|
||||||
# O uso de 'EOF' evita que o shell interprete caracteres especiais das vars
|
kubectl delete secret backend-secrets -n gohorsejobsdev --ignore-not-found
|
||||||
cat <<'EOF' > .env.backend
|
kubectl create secret generic backend-secrets -n gohorsejobsdev \
|
||||||
MTU=${{ vars.MTU }}
|
--from-literal=MTU="${{ vars.MTU }}" \
|
||||||
DATABASE_URL=${{ vars.DATABASE_URL }}
|
--from-literal=DATABASE_URL="${{ vars.DATABASE_URL }}" \
|
||||||
AMQP_URL=${{ vars.AMQP_URL }}
|
--from-literal=AMQP_URL="${{ vars.AMQP_URL }}" \
|
||||||
JWT_SECRET=${{ vars.JWT_SECRET }}
|
--from-literal=JWT_SECRET="${{ vars.JWT_SECRET }}" \
|
||||||
JWT_EXPIRATION=${{ vars.JWT_EXPIRATION }}
|
--from-literal=JWT_EXPIRATION="${{ vars.JWT_EXPIRATION }}" \
|
||||||
PASSWORD_PEPPER=${{ vars.PASSWORD_PEPPER }}
|
--from-literal=PASSWORD_PEPPER="${{ vars.PASSWORD_PEPPER }}" \
|
||||||
COOKIE_SECRET=${{ vars.COOKIE_SECRET }}
|
--from-literal=COOKIE_SECRET="${{ vars.COOKIE_SECRET }}" \
|
||||||
COOKIE_DOMAIN=${{ vars.COOKIE_DOMAIN }}
|
--from-literal=COOKIE_DOMAIN="${{ vars.COOKIE_DOMAIN }}" \
|
||||||
BACKEND_PORT=${{ vars.BACKEND_PORT }}
|
--from-literal=BACKEND_PORT="${{ vars.BACKEND_PORT }}" \
|
||||||
BACKEND_HOST=${{ vars.BACKEND_HOST }}
|
--from-literal=BACKEND_HOST="${{ vars.BACKEND_HOST }}" \
|
||||||
ENV=${{ vars.ENV }}
|
--from-literal=ENV="${{ vars.ENV }}" \
|
||||||
CORS_ORIGINS=${{ vars.CORS_ORIGINS }}
|
--from-literal=CORS_ORIGINS="${{ vars.CORS_ORIGINS }}" \
|
||||||
S3_BUCKET=${{ vars.S3_BUCKET }}
|
--from-literal=S3_BUCKET="${{ vars.S3_BUCKET }}" \
|
||||||
AWS_REGION=${{ vars.AWS_REGION }}
|
--from-literal=AWS_REGION="${{ vars.AWS_REGION }}" \
|
||||||
AWS_ENDPOINT=${{ vars.AWS_ENDPOINT }}
|
--from-literal=AWS_ENDPOINT="${{ vars.AWS_ENDPOINT }}" \
|
||||||
AWS_ACCESS_KEY_ID=${{ vars.AWS_ACCESS_KEY_ID }}
|
--from-literal=AWS_ACCESS_KEY_ID="${{ vars.AWS_ACCESS_KEY_ID }}" \
|
||||||
AWS_SECRET_ACCESS_KEY=${{ vars.AWS_SECRET_ACCESS_KEY }}
|
--from-literal=AWS_SECRET_ACCESS_KEY="${{ vars.AWS_SECRET_ACCESS_KEY }}"
|
||||||
EOF
|
|
||||||
|
|
||||||
# 4. Aplica as variáveis de ambiente
|
|
||||||
kubectl create secret generic backend-secrets -n ${{ env.NAMESPACE }} \
|
|
||||||
--from-env-file=.env.backend \
|
|
||||||
--dry-run=client -o yaml | kubectl apply -f -
|
|
||||||
|
|
||||||
# 5. TRATAMENTO DA CHAVE RSA (O culpado do erro UTF-8)
|
|
||||||
# Extraímos a var, limpamos quebras de linha e injetamos como ARQUIVO
|
|
||||||
RSA_RAW="${{ vars.RSA_PRIVATE_KEY_BASE64 }}"
|
|
||||||
if [ -n "$RSA_RAW" ]; then
|
|
||||||
echo "$RSA_RAW" | tr -d '\r\n ' > /tmp/rsa.base64
|
|
||||||
# Tenta decodificar. Se falhar, usa o b64 puro (o app decide como ler)
|
|
||||||
if base64 -d /tmp/rsa.base64 > /tmp/key.pem 2>/dev/null; then
|
|
||||||
echo "RSA decodificada com sucesso."
|
|
||||||
else
|
|
||||||
cp /tmp/rsa.base64 /tmp/key.pem
|
|
||||||
echo "RSA mantida em formato string limpa."
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Injeta o arquivo na secret existente (o apply faz o merge)
|
|
||||||
kubectl create secret generic backend-secrets -n ${{ env.NAMESPACE }} \
|
|
||||||
--from-file=private_key.pem=/tmp/key.pem \
|
|
||||||
--dry-run=client -o yaml | kubectl apply -f -
|
|
||||||
fi
|
|
||||||
|
|
||||||
- name: Deploy to K3s
|
- name: Deploy to K3s
|
||||||
run: |
|
run: |
|
||||||
kubectl apply -f k8s/dev/ -n ${{ env.NAMESPACE }}
|
kubectl apply -f k8s/dev/ -n gohorsejobsdev
|
||||||
|
|
||||||
# Garante que os deployments usem a imagem com o SHA atual
|
# Vincula o deployment ao SHA específico para garantir que o Pull ocorra corretamente
|
||||||
kubectl -n ${{ env.NAMESPACE }} set image deployment/gohorse-backend-dev backend=${{ env.REGISTRY }}/${{ env.IMAGE_NAMESPACE }}/gohorsejobs:${{ github.sha }}
|
kubectl -n gohorsejobsdev set image deployment/gohorse-backend-dev backend=${{ env.REGISTRY }}/${{ env.IMAGE_NAMESPACE }}/gohorsejobs:${{ github.sha }}
|
||||||
kubectl -n ${{ env.NAMESPACE }} set image deployment/gohorse-backoffice-dev backoffice=${{ env.REGISTRY }}/${{ env.IMAGE_NAMESPACE }}/backoffice:${{ github.sha }}
|
kubectl -n gohorsejobsdev set image deployment/gohorse-backoffice-dev backoffice=${{ env.REGISTRY }}/${{ env.IMAGE_NAMESPACE }}/backoffice:${{ github.sha }}
|
||||||
|
|
||||||
# Força o restart para ler a Secret atualizada
|
# Força o restart para carregar os novos valores do secret backend-secrets
|
||||||
kubectl -n ${{ env.NAMESPACE }} rollout restart deployment/gohorse-backend-dev
|
kubectl -n gohorsejobsdev rollout restart deployment/gohorse-backend-dev
|
||||||
kubectl -n ${{ env.NAMESPACE }} rollout restart deployment/gohorse-backoffice-dev
|
kubectl -n gohorsejobsdev rollout restart deployment/gohorse-backoffice-dev
|
||||||
|
|
||||||
# Aguarda estabilização
|
# Aguarda estabilização
|
||||||
kubectl -n ${{ env.NAMESPACE }} rollout status deployment/gohorse-backend-dev --timeout=120s
|
kubectl -n gohorsejobsdev rollout status deployment/gohorse-backend-dev --timeout=120s
|
||||||
Loading…
Reference in a new issue