gohorsejobs/docs/DEVOPS.md

DevOps - GoHorseJobs

Infraestrutura, CI/CD e deploy do projeto GoHorseJobs.

Last Updated: 2024-12-26

---

📁 Estrutura

.
├── .drone.yml                 # Pipeline CI/CD (Drone)
├── k8s/
│   ├── dev/                   # Kubernetes - Desenvolvimento
│   ├── hml/                   # Kubernetes - Homologação
│   └── prd/                   # Kubernetes - Produção
│
├── backend/
│   ├── Dockerfile             # Go API (multi-stage, ~73MB)
│   └── .env.example
│
├── backoffice/
│   ├── Dockerfile             # NestJS (Fastify)
│   └── .env.example
│
├── frontend/
│   ├── Dockerfile             # Next.js
│   └── .env.example
│
├── seeder-api/                # Node.js seeder
└── docs/                      # Documentation

---

🌍 Ambientes

Ambiente	Branch	Namespace	Réplicas	URL
DEV	dev	gohorsejobsdev	1	gohorsejobs-dev.appwrite.network
HML	hml	gohorsejobshml	2	-
PRD	main	gohorsejobs	3	gohorsejobs.com

---

🔄 Pipeline CI/CD (Drone)

Fluxo

dev branch → build → push (Harbor) → deploy (K8s dev)
     ↓
hml branch → build → push (Harbor) → deploy (K8s hml)
     ↓
main branch → build → push (Harbor) → deploy (K8s prd)

Stages

1. build-and-push - Docker build + push to Harbor
2. export-envs-to-k8s - Create/update secrets
3. deploy - Apply manifests + rollout restart

---

🔐 Secrets (Drone CI)

Registry

Secret	Description
HARBOR_USERNAME	Harbor username
HARBOR_PASSWORD	Harbor password

Database

Secret	Description
DATABASE_URL	PostgreSQL connection string
DB_SSLMODE	require or disable

Application

Secret	Description
JWT_SECRET	JWT secret (min 32 chars)
PASSWORD_PEPPER	Password pepper
CORS_ORIGINS	Allowed origins

External Services

Secret	Description
RSA_PRIVATE_KEY_BASE64	RSA key for credentials
STRIPE_SECRET_KEY	Stripe API key
STRIPE_WEBHOOK_SECRET	Stripe webhook secret
FIREBASE_SERVICE_ACCOUNT	Firebase Admin SDK JSON

Storage (S3/R2)

Secret	Description
AWS_ACCESS_KEY_ID	Access Key
AWS_SECRET_ACCESS_KEY	Secret Key
AWS_ENDPOINT	S3-compatible endpoint
S3_BUCKET	Bucket name

LavinMQ

Secret	Description
AMQP_URL	LavinMQ connection URL

---

☸️ Kubernetes

Create Namespaces

kubectl create namespace gohorsejobsdev
kubectl create namespace gohorsejobshml
kubectl create namespace gohorsejobs

Registry Secret

kubectl create secret docker-registry harbor-registry \
  --docker-server=in.gohorsejobs.com \
  --docker-username=<user> \
  --docker-password=<pass> \
  -n gohorsejobsdev

Deploy Manual

# DEV
kubectl apply -f k8s/dev/ -n gohorsejobsdev

# Check pods
kubectl get pods -n gohorsejobsdev

# Check logs
kubectl logs -f deployment/gohorse-backend -n gohorsejobsdev

# Rollout restart
kubectl rollout restart deployment/gohorse-backend -n gohorsejobsdev

---

🐳 Docker

Build Local

# Backend
cd backend && docker build -t gohorse-backend .

# Backoffice
cd backoffice && docker build -t gohorse-backoffice .

# Frontend
cd frontend && docker build -t gohorse-frontend .

Docker Compose (Dev)

version: '3.8'
services:
  backend:
    build: ./backend
    ports:
      - "8521:8521"
    env_file:
      - ./backend/.env
      
  backoffice:
    build: ./backoffice
    ports:
      - "3001:3001"
    env_file:
      - ./backoffice/.env
      
  frontend:
    build: ./frontend
    ports:
      - "3000:3000"
    env_file:
      - ./frontend/.env

---

🗄️ Database

Connection

# PostgreSQL hosted
Host: db-60059.dc-sp-1.absamcloud.com
Port: 26868
SSL: require

Databases

Environment	Database
DEV	gohorsejobs_dev
HML	gohorsejobs_hml
PRD	gohorsejobs

Migrations

cd backend
go run ./cmd/manual_migrate

Seeder

cd seeder-api
npm install
npm run seed

---

👤 Test Users

SuperAdmin

• Login: superadmin
• Password: Admin@2025!

Company Admin

Login	Password
takeshi_yamamoto	Takeshi@2025

Candidate

Login	Password
paulo_santos	User@2025

---

📋 Deploy Checklist

• Create K8s namespace
• Create harbor-registry secret
• Add Drone CI secrets
• Create database
• Run migrations
• Run seeder (optional)
• Push to branch
• Verify pipeline logs
• Test /health endpoint
• Test /docs endpoint