gohorsejobs/.forgejo/workflows/deploy.yaml

name: Deploy Backend and Backoffice Dev

on:
  workflow_dispatch:
  push:
    branches: [dev]

env:
  REGISTRY: pipe.gohorsejobs.com
  IMAGE_NAMESPACE: bohessefm
  NAMESPACE: gohorsejobsdev

jobs:
  build-and-push:
    runs-on: [self-hosted, linux-amd64]
    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Docker Login
        run: |
          echo "${{ secrets.FORGEJO_TOKEN }}" | docker login ${{ env.REGISTRY }} \
            -u ${{ env.IMAGE_NAMESPACE }} --password-stdin          

      - name: Build & Push Backend
        run: |
          docker build -t ${{ env.REGISTRY }}/${{ env.IMAGE_NAMESPACE }}/gohorsejobs:${{ github.sha }} \
            -t ${{ env.REGISTRY }}/${{ env.IMAGE_NAMESPACE }}/gohorsejobs:latest ./backend
          docker push ${{ env.REGISTRY }}/${{ env.IMAGE_NAMESPACE }}/gohorsejobs:${{ github.sha }}
          docker push ${{ env.REGISTRY }}/${{ env.IMAGE_NAMESPACE }}/gohorsejobs:latest          

      - name: Build & Push Backoffice
        run: |
          docker build -t ${{ env.REGISTRY }}/${{ env.IMAGE_NAMESPACE }}/backoffice:${{ github.sha }} \
            -t ${{ env.REGISTRY }}/${{ env.IMAGE_NAMESPACE }}/backoffice:latest ./backoffice
          docker push ${{ env.REGISTRY }}/${{ env.IMAGE_NAMESPACE }}/backoffice:${{ github.sha }}
          docker push ${{ env.REGISTRY }}/${{ env.IMAGE_NAMESPACE }}/backoffice:latest          

  deploy:
    needs: build-and-push
    runs-on: [self-hosted, linux-amd64]
    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Install kubectl
        run: |
          apk add --no-cache curl
          curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
          chmod +x kubectl
          mv kubectl /usr/local/bin/          

      - name: Configure Kubeconfig
        run: |
          mkdir -p ~/.kube
          echo "${{ secrets.KUBECONFIG }}" > ~/.kube/config
          chmod 600 ~/.kube/config          

      - name: Sync Secrets and Vars
        run: |
          # 1. Garante o namespace
          kubectl create namespace ${{ env.NAMESPACE }} --dry-run=client -o yaml | kubectl apply -f -

          # 2. Sincroniza Registry Secret
          kubectl get secret forgejo-registry-secret --namespace=forgejo -o yaml | \
          grep -vE "resourceVersion|uid|creationTimestamp|namespace" | \
          kubectl apply --namespace=${{ env.NAMESPACE }} -f -

          # 3. Limpeza da Chave RSA
          RSA_CONTENT="${{ secrets.RSA_PRIVATE_KEY_BASE64 || vars.RSA_PRIVATE_KEY_BASE64 }}"
          if [ -n "$RSA_CONTENT" ]; then
            echo "$RSA_CONTENT" | tr -d '\r\n ' > /tmp/rsa_clean_base64.txt
            base64 -d /tmp/rsa_clean_base64.txt > /tmp/rsa_key.pem || cp /tmp/rsa_clean_base64.txt /tmp/rsa_key.pem
          fi

          # 4. Geração do arquivo de ambiente de forma compatível com YAML
          # Usando printf para evitar problemas com o parser de Heredoc do GitHub
          printf "MTU=%s\n" "${{ vars.MTU }}" > .env.backend
          printf "DATABASE_URL=%s\n" "${{ vars.DATABASE_URL }}" >> .env.backend
          printf "AMQP_URL=%s\n" "${{ vars.AMQP_URL }}" >> .env.backend
          printf "JWT_SECRET=%s\n" "${{ vars.JWT_SECRET }}" >> .env.backend
          printf "JWT_EXPIRATION=%s\n" "${{ vars.JWT_EXPIRATION }}" >> .env.backend
          printf "PASSWORD_PEPPER=%s\n" "${{ vars.PASSWORD_PEPPER }}" >> .env.backend
          printf "COOKIE_SECRET=%s\n" "${{ vars.COOKIE_SECRET }}" >> .env.backend
          printf "COOKIE_DOMAIN=%s\n" "${{ vars.COOKIE_DOMAIN }}" >> .env.backend
          printf "BACKEND_PORT=%s\n" "${{ vars.BACKEND_PORT }}" >> .env.backend
          printf "BACKEND_HOST=%s\n" "${{ vars.BACKEND_HOST }}" >> .env.backend
          printf "ENV=%s\n" "${{ vars.ENV }}" >> .env.backend
          printf "CORS_ORIGINS=%s\n" "${{ vars.CORS_ORIGINS }}" >> .env.backend
          printf "S3_BUCKET=%s\n" "${{ vars.S3_BUCKET }}" >> .env.backend
          printf "AWS_REGION=%s\n" "${{ vars.AWS_REGION }}" >> .env.backend
          printf "AWS_ENDPOINT=%s\n" "${{ vars.AWS_ENDPOINT }}" >> .env.backend
          printf "AWS_ACCESS_KEY_ID=%s\n" "${{ vars.AWS_ACCESS_KEY_ID }}" >> .env.backend
          printf "AWS_SECRET_ACCESS_KEY=%s\n" "${{ vars.AWS_SECRET_ACCESS_KEY }}" >> .env.backend

          # Aplica a secret lendo o arquivo
          kubectl create secret generic backend-secrets -n ${{ env.NAMESPACE }} \
            --from-env-file=.env.backend \
            $( [ -f /tmp/rsa_key.pem ] && echo "--from-file=private_key.pem=/tmp/rsa_key.pem" ) \
            --dry-run=client -o yaml | kubectl apply -f -          

      - name: Deploy to K3s
        run: |
          kubectl apply -f k8s/dev/ -n ${{ env.NAMESPACE }}
          
          kubectl -n ${{ env.NAMESPACE }} set image deployment/gohorse-backend-dev backend=${{ env.REGISTRY }}/${{ env.IMAGE_NAMESPACE }}/gohorsejobs:${{ github.sha }}
          kubectl -n ${{ env.NAMESPACE }} set image deployment/gohorse-backoffice-dev backoffice=${{ env.REGISTRY }}/${{ env.IMAGE_NAMESPACE }}/backoffice:${{ github.sha }}
          
          kubectl -n ${{ env.NAMESPACE }} rollout restart deployment/gohorse-backend-dev
          kubectl -n ${{ env.NAMESPACE }} rollout restart deployment/gohorse-backoffice-dev
          
          kubectl -n ${{ env.NAMESPACE }} rollout status deployment/gohorse-backend-dev --timeout=120s