Update .forgejo/workflows/deploy.yaml

.forgejo/workflows/deploy.yaml

@@ -61,42 +61,39 @@ jobs:
           # 1. Garante o namespace
           kubectl create namespace ${{ env.NAMESPACE }} --dry-run=client -o yaml | kubectl apply -f -
 
-          # 2. Sincroniza Registry Secret com limpeza de metadados
+          # 2. Sincroniza Registry Secret
           kubectl get secret forgejo-registry-secret --namespace=forgejo -o yaml | \
           grep -vE "resourceVersion|uid|creationTimestamp|namespace" | \
           kubectl apply --namespace=${{ env.NAMESPACE }} -f -
 
-          # 3. Limpeza Radical da Chave RSA (O maior culpado do erro UTF-8)
+          # 3. Limpeza da Chave RSA
           RSA_CONTENT="${{ secrets.RSA_PRIVATE_KEY_BASE64 || vars.RSA_PRIVATE_KEY_BASE64 }}"
           if [ -n "$RSA_CONTENT" ]; then
-            # Remove espaços, quebras de linha e garante decodificação limpa
             echo "$RSA_CONTENT" | tr -d '\r\n ' > /tmp/rsa_clean_base64.txt
             base64 -d /tmp/rsa_clean_base64.txt > /tmp/rsa_key.pem || cp /tmp/rsa_clean_base64.txt /tmp/rsa_key.pem
           fi
 
-          # 4. Criação da Secret via ENV-FILE (Evita corrupção de caracteres no shell)
+          # 4. Geração do arquivo de ambiente de forma compatível com YAML
-          # Usamos um 'cat' com delimitador único para não processar variáveis locais
+          # Usando printf para evitar problemas com o parser de Heredoc do GitHub
-          cat <<'EOF' > .env.backend
+          printf "MTU=%s\n" "${{ vars.MTU }}" > .env.backend
-MTU=${{ vars.MTU }}
+          printf "DATABASE_URL=%s\n" "${{ vars.DATABASE_URL }}" >> .env.backend
-DATABASE_URL=${{ vars.DATABASE_URL }}
+          printf "AMQP_URL=%s\n" "${{ vars.AMQP_URL }}" >> .env.backend
-AMQP_URL=${{ vars.AMQP_URL }}
+          printf "JWT_SECRET=%s\n" "${{ vars.JWT_SECRET }}" >> .env.backend
-JWT_SECRET=${{ vars.JWT_SECRET }}
+          printf "JWT_EXPIRATION=%s\n" "${{ vars.JWT_EXPIRATION }}" >> .env.backend
-JWT_EXPIRATION=${{ vars.JWT_EXPIRATION }}
+          printf "PASSWORD_PEPPER=%s\n" "${{ vars.PASSWORD_PEPPER }}" >> .env.backend
-PASSWORD_PEPPER=${{ vars.PASSWORD_PEPPER }}
+          printf "COOKIE_SECRET=%s\n" "${{ vars.COOKIE_SECRET }}" >> .env.backend
-COOKIE_SECRET=${{ vars.COOKIE_SECRET }}
+          printf "COOKIE_DOMAIN=%s\n" "${{ vars.COOKIE_DOMAIN }}" >> .env.backend
-COOKIE_DOMAIN=${{ vars.COOKIE_DOMAIN }}
+          printf "BACKEND_PORT=%s\n" "${{ vars.BACKEND_PORT }}" >> .env.backend
-BACKEND_PORT=${{ vars.BACKEND_PORT }}
+          printf "BACKEND_HOST=%s\n" "${{ vars.BACKEND_HOST }}" >> .env.backend
-BACKEND_HOST=${{ vars.BACKEND_HOST }}
+          printf "ENV=%s\n" "${{ vars.ENV }}" >> .env.backend
-ENV=${{ vars.ENV }}
+          printf "CORS_ORIGINS=%s\n" "${{ vars.CORS_ORIGINS }}" >> .env.backend
-CORS_ORIGINS=${{ vars.CORS_ORIGINS }}
+          printf "S3_BUCKET=%s\n" "${{ vars.S3_BUCKET }}" >> .env.backend
-S3_BUCKET=${{ vars.S3_BUCKET }}
+          printf "AWS_REGION=%s\n" "${{ vars.AWS_REGION }}" >> .env.backend
-AWS_REGION=${{ vars.AWS_REGION }}
+          printf "AWS_ENDPOINT=%s\n" "${{ vars.AWS_ENDPOINT }}" >> .env.backend
-AWS_ENDPOINT=${{ vars.AWS_ENDPOINT }}
+          printf "AWS_ACCESS_KEY_ID=%s\n" "${{ vars.AWS_ACCESS_KEY_ID }}" >> .env.backend
-AWS_ACCESS_KEY_ID=${{ vars.AWS_ACCESS_KEY_ID }}
+          printf "AWS_SECRET_ACCESS_KEY=%s\n" "${{ vars.AWS_SECRET_ACCESS_KEY }}" >> .env.backend
-AWS_SECRET_ACCESS_KEY=${{ vars.AWS_SECRET_ACCESS_KEY }}
-EOF
 
-          # Aplica a secret lendo o arquivo de ambiente e o arquivo RSA
+          # Aplica a secret lendo o arquivo
           kubectl create secret generic backend-secrets -n ${{ env.NAMESPACE }} \
             --from-env-file=.env.backend \
             $( [ -f /tmp/rsa_key.pem ] && echo "--from-file=private_key.pem=/tmp/rsa_key.pem" ) \