diff --git a/.forgejo/workflows/deploy.yaml b/.forgejo/workflows/deploy.yaml index f3614aa..7790a6e 100644 --- a/.forgejo/workflows/deploy.yaml +++ b/.forgejo/workflows/deploy.yaml @@ -61,42 +61,39 @@ jobs: # 1. Garante o namespace kubectl create namespace ${{ env.NAMESPACE }} --dry-run=client -o yaml | kubectl apply -f - - # 2. Sincroniza Registry Secret com limpeza de metadados + # 2. Sincroniza Registry Secret kubectl get secret forgejo-registry-secret --namespace=forgejo -o yaml | \ grep -vE "resourceVersion|uid|creationTimestamp|namespace" | \ kubectl apply --namespace=${{ env.NAMESPACE }} -f - - # 3. Limpeza Radical da Chave RSA (O maior culpado do erro UTF-8) + # 3. Limpeza da Chave RSA RSA_CONTENT="${{ secrets.RSA_PRIVATE_KEY_BASE64 || vars.RSA_PRIVATE_KEY_BASE64 }}" if [ -n "$RSA_CONTENT" ]; then - # Remove espaços, quebras de linha e garante decodificação limpa echo "$RSA_CONTENT" | tr -d '\r\n ' > /tmp/rsa_clean_base64.txt base64 -d /tmp/rsa_clean_base64.txt > /tmp/rsa_key.pem || cp /tmp/rsa_clean_base64.txt /tmp/rsa_key.pem fi - # 4. Criação da Secret via ENV-FILE (Evita corrupção de caracteres no shell) - # Usamos um 'cat' com delimitador único para não processar variáveis locais - cat <<'EOF' > .env.backend -MTU=${{ vars.MTU }} -DATABASE_URL=${{ vars.DATABASE_URL }} -AMQP_URL=${{ vars.AMQP_URL }} -JWT_SECRET=${{ vars.JWT_SECRET }} -JWT_EXPIRATION=${{ vars.JWT_EXPIRATION }} -PASSWORD_PEPPER=${{ vars.PASSWORD_PEPPER }} -COOKIE_SECRET=${{ vars.COOKIE_SECRET }} -COOKIE_DOMAIN=${{ vars.COOKIE_DOMAIN }} -BACKEND_PORT=${{ vars.BACKEND_PORT }} -BACKEND_HOST=${{ vars.BACKEND_HOST }} -ENV=${{ vars.ENV }} -CORS_ORIGINS=${{ vars.CORS_ORIGINS }} -S3_BUCKET=${{ vars.S3_BUCKET }} -AWS_REGION=${{ vars.AWS_REGION }} -AWS_ENDPOINT=${{ vars.AWS_ENDPOINT }} -AWS_ACCESS_KEY_ID=${{ vars.AWS_ACCESS_KEY_ID }} -AWS_SECRET_ACCESS_KEY=${{ vars.AWS_SECRET_ACCESS_KEY }} -EOF + # 4. Geração do arquivo de ambiente de forma compatível com YAML + # Usando printf para evitar problemas com o parser de Heredoc do GitHub + printf "MTU=%s\n" "${{ vars.MTU }}" > .env.backend + printf "DATABASE_URL=%s\n" "${{ vars.DATABASE_URL }}" >> .env.backend + printf "AMQP_URL=%s\n" "${{ vars.AMQP_URL }}" >> .env.backend + printf "JWT_SECRET=%s\n" "${{ vars.JWT_SECRET }}" >> .env.backend + printf "JWT_EXPIRATION=%s\n" "${{ vars.JWT_EXPIRATION }}" >> .env.backend + printf "PASSWORD_PEPPER=%s\n" "${{ vars.PASSWORD_PEPPER }}" >> .env.backend + printf "COOKIE_SECRET=%s\n" "${{ vars.COOKIE_SECRET }}" >> .env.backend + printf "COOKIE_DOMAIN=%s\n" "${{ vars.COOKIE_DOMAIN }}" >> .env.backend + printf "BACKEND_PORT=%s\n" "${{ vars.BACKEND_PORT }}" >> .env.backend + printf "BACKEND_HOST=%s\n" "${{ vars.BACKEND_HOST }}" >> .env.backend + printf "ENV=%s\n" "${{ vars.ENV }}" >> .env.backend + printf "CORS_ORIGINS=%s\n" "${{ vars.CORS_ORIGINS }}" >> .env.backend + printf "S3_BUCKET=%s\n" "${{ vars.S3_BUCKET }}" >> .env.backend + printf "AWS_REGION=%s\n" "${{ vars.AWS_REGION }}" >> .env.backend + printf "AWS_ENDPOINT=%s\n" "${{ vars.AWS_ENDPOINT }}" >> .env.backend + printf "AWS_ACCESS_KEY_ID=%s\n" "${{ vars.AWS_ACCESS_KEY_ID }}" >> .env.backend + printf "AWS_SECRET_ACCESS_KEY=%s\n" "${{ vars.AWS_SECRET_ACCESS_KEY }}" >> .env.backend - # Aplica a secret lendo o arquivo de ambiente e o arquivo RSA + # Aplica a secret lendo o arquivo kubectl create secret generic backend-secrets -n ${{ env.NAMESPACE }} \ --from-env-file=.env.backend \ $( [ -f /tmp/rsa_key.pem ] && echo "--from-file=private_key.pem=/tmp/rsa_key.pem" ) \