name: Deploy Backend and Backoffice Dev on: workflow_dispatch: push: branches: - dev jobs: build-and-push: runs-on: docker-ready env: DOCKER_API_VERSION: "1.43" REGISTRY: pipe.gohorsejobs.com defaults: run: shell: sh steps: - name: Install Dependencies run: | sed -i 's/dl-cdn.alpinelinux.org/mirror.leaseweb.com/g' /etc/apk/repositories apk add --no-cache git docker-cli docker-cli-buildx nodejs - name: Checkout code uses: actions/checkout@v4 with: fetch-depth: 1 # Build do Backend - name: Build Backend uses: docker/build-push-action@v5 with: context: ./backend file: ./backend/Dockerfile load: true provenance: false tags: ${{ env.REGISTRY }}/bohessefm/gohorsejobs:${{ github.sha }} # Push do Backend com Injeção Manual de Auth - name: Push Backend Tags run: | # Gera o Auth em Base64 (estilo Kubernetes) AUTH=$(echo -n "bohessefm:${{ secrets.FORGEJO_TOKEN }}" | base64 | tr -d '\n') mkdir -p $HOME/.docker # Escreve o config.json na força bruta echo "{\"auths\":{\"${{ env.REGISTRY }}\":{\"auth\":\"$AUTH\"}}}" > $HOME/.docker/config.json docker tag ${{ env.REGISTRY }}/bohessefm/gohorsejobs:${{ github.sha }} ${{ env.REGISTRY }}/bohessefm/gohorsejobs:latest docker push ${{ env.REGISTRY }}/bohessefm/gohorsejobs:${{ github.sha }} sleep 2 docker push ${{ env.REGISTRY }}/bohessefm/gohorsejobs:latest # Build do Backoffice - name: Build Backoffice uses: docker/build-push-action@v5 with: context: ./backoffice file: ./backoffice/Dockerfile load: true provenance: false tags: ${{ env.REGISTRY }}/bohessefm/backoffice:${{ github.sha }} # Push do Backoffice com Injeção Manual de Auth (Blindado contra 401) - name: Push Backoffice Tags run: | # Garante que o diretório existe e o arquivo está atualizado AUTH=$(echo -n "bohessefm:${{ secrets.FORGEJO_TOKEN }}" | base64 | tr -d '\n') mkdir -p $HOME/.docker echo "{\"auths\":{\"${{ env.REGISTRY }}\":{\"auth\":\"$AUTH\"}}}" > $HOME/.docker/config.json docker tag ${{ env.REGISTRY }}/bohessefm/backoffice:${{ github.sha }} ${{ env.REGISTRY }}/bohessefm/backoffice:latest docker push ${{ env.REGISTRY }}/bohessefm/backoffice:${{ github.sha }} sleep 2 docker push ${{ env.REGISTRY }}/bohessefm/backoffice:latest deploy-to-k3s: needs: build-and-push runs-on: docker-ready defaults: run: shell: sh steps: - name: Install Tools (Git & Kubectl) run: | sed -i 's/dl-cdn.alpinelinux.org/mirror.leaseweb.com/g' /etc/apk/repositories apk add --no-cache git curl K8S_VERSION=$(curl -L -s https://dl.k8s.io/release/stable.txt) curl -L -o /usr/local/bin/kubectl "https://dl.k8s.io/release/${K8S_VERSION}/bin/linux/amd64/kubectl" chmod +x /usr/local/bin/kubectl - name: Checkout code uses: actions/checkout@v4 - name: Deploy to K3s run: | mkdir -p $HOME/.kube echo "${{ secrets.KUBECONFIG }}" > $HOME/.kube/config chmod 600 $HOME/.kube/config export KUBECONFIG=$HOME/.kube/config kubectl create namespace gohorsejobsdev --dry-run=client -o yaml | kubectl apply -f - # O segredo que o K3s usa é exatamente o que injetamos no Docker acima kubectl -n gohorsejobsdev create secret docker-registry forgejo-registry \ --docker-server=${{ env.REGISTRY }} \ --docker-username=bohessefm \ --docker-password='${{ secrets.FORGEJO_TOKEN }}' \ --dry-run=client -o yaml | kubectl apply -f - kubectl -n gohorsejobsdev delete secret backend-secrets --ignore-not-found kubectl -n gohorsejobsdev create secret generic backend-secrets \ --from-literal=MTU='${{ vars.MTU }}' \ --from-literal=JWT_SECRET='${{ vars.JWT_SECRET }}' \ --from-literal=AMQP_URL='${{ vars.AMQP_URL }}' \ --from-literal=DATABASE_URL='${{ vars.DATABASE_URL }}' kubectl apply -f k8s/dev/ -n gohorsejobsdev kubectl -n gohorsejobsdev set image deployment/gohorse-backend-dev backend=${{ env.REGISTRY }}/bohessefm/gohorsejobs:${{ github.sha }} kubectl -n gohorsejobsdev set image deployment/gohorse-backoffice-dev backoffice=${{ env.REGISTRY }}/bohessefm/backoffice:${{ github.sha }} kubectl delete pod -n gohorsejobsdev -l app=gohorse-backend-dev --force --grace-period=0 kubectl delete pod -n gohorsejobsdev -l app=gohorse-backoffice-dev --force --grace-period=0 echo "Deploy finalizado com sucesso!"