gohorsejobs/DEVOPS.md

# DevOps - GoHorseJobs

Documentação de infraestrutura, CI/CD e deploy do projeto GoHorseJobs.

---

## 📁 Estrutura

```
.
├── .drone.yml                 # Pipeline CI/CD (Drone)
├── k8s/
│   ├── dev/                   # Manifests Kubernetes - Desenvolvimento
│   │   ├── backend-deployment.yaml
│   │   └── backend-service.yaml
│   ├── hml/                   # Manifests Kubernetes - Homologação
│   │   ├── backend-deployment.yaml
│   │   └── backend-service.yaml
│   └── prd/                   # Manifests Kubernetes - Produção
│       ├── backend-deployment.yaml
│       └── backend-service.yaml
├── backend/
│   ├── Dockerfile             # Build da API Go
│   └── .env.example           # Variáveis de ambiente
└── seeder-api/                # Seeder Node.js para popular DB
```

---

## 🌍 Ambientes

| Ambiente | Branch | Namespace K8s | Registry Harbor | Réplicas |
|----------|--------|---------------|-----------------|----------|
| **DEV** | `dev` | `gohorsejobsdev` | `gohorsejobsdev/gohorsejobs-backend` | 1 |
| **HML** | `hml` | `gohorsejobshml` | `gohorsejobshml/gohorsejobs-backend` | 2 |
| **PRD** | `main` | `gohorsejobs` | `gohorsejobs/gohorsejobs-backend` | 3 |

---

## 🔄 Pipeline CI/CD (Drone)

### Fluxo de Deploy

```
dev branch → build → push (Harbor) → deploy (K8s gohorsejobsdev)
     ↓
hml branch → build → push (Harbor) → deploy (K8s gohorsejobshml)
     ↓
main branch → build → push (Harbor) → deploy (K8s gohorsejobs)
```

### Triggers

- Push na branch `dev` → executa pipeline `deploy-backend-dev`
- Push na branch `hml` → executa pipeline `deploy-backend-hml`
- Push na branch `main` → executa pipeline `deploy-backend-prd`

### Etapas do Pipeline

1. **build-and-push-backend** - Builda imagem Docker e envia para Harbor
2. **export-envs-to-k8s** - Cria secret `backend-secrets` no namespace
3. **deploy-backend** - Aplica manifests K8s e reinicia deployment

---

## 🔐 Secrets (Drone CI)

Secrets que precisam estar configurados no Drone:

### Registry
| Secret | Descrição |
|--------|-----------|
| `HARBOR_USERNAME` | Usuário do Harbor |
| `HARBOR_PASSWORD` | Senha do Harbor |

### Database
| Secret | Ambiente | Descrição |
|--------|----------|-----------|
| `DB_HOST` | Todos | Host do PostgreSQL |
| `DB_PORT` | Todos | Porta do PostgreSQL |
| `DB_USER` | Todos | Usuário do PostgreSQL |
| `DB_PASSWORD` | Todos | Senha do PostgreSQL |
| `DB_SSLMODE` | Todos | `require` ou `disable` |
| `DB_NAME_DEV` | DEV | Nome do banco dev |
| `DB_NAME_HML` | HML | Nome do banco hml |
| `DB_NAME` | PRD | Nome do banco produção |

### S3/Object Storage
| Secret | Descrição |
|--------|-----------|
| `AWS_ACCESS_KEY_ID` | Access Key |
| `AWS_SECRET_ACCESS_KEY` | Secret Key |
| `AWS_ENDPOINT` | Endpoint S3-compatible |
| `AWS_REGION` | Região |
| `S3_BUCKET` | Nome do bucket |

### Aplicação
| Secret | Descrição |
|--------|-----------|
| `JWT_SECRET` | Secret para tokens JWT (min. 32 chars) |
| `PORT` | Porta da API (8521) |
| `CORS_ORIGINS_DEV` | URLs permitidas CORS (dev) |
| `CORS_ORIGINS_HML` | URLs permitidas CORS (hml) |
| `CORS_ORIGINS` | URLs permitidas CORS (prd) |

---

## ☸️ Kubernetes

### Namespaces

```bash
# Criar namespaces
kubectl create namespace gohorsejobsdev
kubectl create namespace gohorsejobshml
kubectl create namespace gohorsejobs
```

### Registry Secret

Criar secret para pull de imagens do Harbor em cada namespace:

```bash
kubectl create secret docker-registry harbor-registry \
  --docker-server=in.gohorsejobs.com \
  --docker-username=<user> \
  --docker-password=<pass> \
  -n gohorsejobsdev

# Repetir para gohorsejobshml e gohorsejobs
```

### Deploy Manual

```bash
# DEV
kubectl apply -f k8s/dev/backend-deployment.yaml
kubectl apply -f k8s/dev/backend-service.yaml

# HML
kubectl apply -f k8s/hml/backend-deployment.yaml
kubectl apply -f k8s/hml/backend-service.yaml

# PRD
kubectl apply -f k8s/prd/backend-deployment.yaml
kubectl apply -f k8s/prd/backend-service.yaml
```

### Comandos Úteis

```bash
# Ver pods
kubectl get pods -n gohorsejobsdev

# Ver logs
kubectl logs -f deployment/gohorse-backend -n gohorsejobsdev

# Restart deployment
kubectl rollout restart deployment/gohorse-backend -n gohorsejobsdev

# Ver secrets
kubectl get secrets -n gohorsejobsdev

# Descrever deployment
kubectl describe deployment gohorse-backend -n gohorsejobsdev
```

---

## 🐳 Docker

### Build Local

```bash
cd backend
docker build -t gohorsejobs-backend:local .
```

### Variáveis de Ambiente

Ver `.env.example` para lista completa. Principais:

| Variável | Descrição | Exemplo |
|----------|-----------|---------|
| `PORT` | Porta da API | `8521` |
| `DB_HOST` | Host PostgreSQL | `db.example.com` |
| `DB_NAME` | Nome do banco | `gohorsejobs_dev` |
| `DB_SSLMODE` | Modo SSL | `require` |
| `JWT_SECRET` | Secret JWT | `sua-chave-secreta-32-chars` |

---

## 🗄️ Banco de Dados

### Conexão

```
Host: db-60059.dc-sp-1.absamcloud.com
Port: 26868
SSL: require
```

### Bancos por Ambiente

| Ambiente | Database |
|----------|----------|
| DEV | `gohorsejobs_dev` |
| HML | `gohorsejobs_hml` |
| PRD | `gohorsejobs` |

### Seeder

```bash
cd seeder-api
npm install
npm run seed        # Popular banco
npm run seed:reset  # Limpar banco
```

---

## 🧑‍💻 Usuários de Teste

### SuperAdmin
- **Login:** `superadmin`  
- **Senha:** `Admin@2025!`

### Company Admins
| Login | Senha | Empresa |
|-------|-------|---------|
| `takeshi_yamamoto` | `Takeshi@2025` | TechCorp |
| `maria_santos` | `User@2025` | DesignHub |

### Candidatos
| Login | Senha |
|-------|-------|
| `paulo_santos` | `User@2025` |
| `maria@email.com` | `User@2025` |

---

## 📋 Checklist Deploy Novo Ambiente

- [ ] Criar namespace no K8s
- [ ] Criar secret `harbor-registry` no namespace
- [ ] Adicionar secrets no Drone CI
- [ ] Criar banco de dados
- [ ] Executar seeder (opcional)
- [ ] Fazer push na branch correspondente
- [ ] Verificar logs do pipeline
- [ ] Testar endpoint `/health`