diff --git a/.forgejo/workflows/deploy.yaml b/.forgejo/workflows/deploy.yaml index ae73297..24295ad 100644 --- a/.forgejo/workflows/deploy.yaml +++ b/.forgejo/workflows/deploy.yaml @@ -3,6 +3,17 @@ on: push: branches: - dev + - hml + workflow_dispatch: + inputs: + environment: + description: 'Ambiente para deploy' + required: true + default: 'hml' + type: choice + options: + - hml + - prd jobs: build-and-deploy: @@ -24,16 +35,32 @@ jobs: docker build -t git.saveinmed.com.br/${{ github.repository }}:latest ./backend docker push git.saveinmed.com.br/${{ github.repository }}:latest - - name: Deploy + - name: Deploy (dev) + if: github.ref_name == 'dev' run: | - # 1. Instala curl e certificados para conseguir baixar o kubectl apk add --no-cache curl ca-certificates - - # 2. Baixa e instala o kubectl oficial curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" chmod +x kubectl mv kubectl /usr/local/bin/kubectl - - # 3. Aplica as mudanças no cluster kubectl apply -f k8s/ - kubectl rollout restart deployment/photum-backend -n photum + kubectl rollout restart deployment/photum-backend -n photum-dev + + - name: Deploy (hml) + if: github.ref_name == 'hml' || (github.event_name == 'workflow_dispatch' && github.event.inputs.environment == 'hml') + run: | + apk add --no-cache curl ca-certificates + curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" + chmod +x kubectl + mv kubectl /usr/local/bin/kubectl + kubectl apply -f k8s/hml/ + kubectl rollout restart deployment/photum-backend -n photum-hml + + - name: Deploy (prd) + if: github.event_name == 'workflow_dispatch' && github.event.inputs.environment == 'prd' + run: | + apk add --no-cache curl ca-certificates + curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" + chmod +x kubectl + mv kubectl /usr/local/bin/kubectl + kubectl apply -f k8s/prd/ + kubectl rollout restart deployment/photum-backend -n photum-prd diff --git a/k8s/deployment.yaml b/k8s/dev/deployment.yaml similarity index 94% rename from k8s/deployment.yaml rename to k8s/dev/deployment.yaml index 2323a24..ea581f4 100644 --- a/k8s/deployment.yaml +++ b/k8s/dev/deployment.yaml @@ -17,7 +17,7 @@ spec: - name: forgejo-registry-secret containers: - name: photum-app - image: git.saveinmed.com.br/yamamoto/photum:latest + image: git.saveinmed.com.br/yamamoto/photum:dev ports: - containerPort: 8080 env: diff --git a/k8s/ingress.yaml b/k8s/dev/ingress.yaml similarity index 100% rename from k8s/ingress.yaml rename to k8s/dev/ingress.yaml diff --git a/k8s/service.yaml b/k8s/dev/service.yaml similarity index 100% rename from k8s/service.yaml rename to k8s/dev/service.yaml diff --git a/k8s/hml/deployment.yaml b/k8s/hml/deployment.yaml new file mode 100644 index 0000000..daf161c --- /dev/null +++ b/k8s/hml/deployment.yaml @@ -0,0 +1,37 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: photum-backend + namespace: photum +spec: + replicas: 1 + selector: + matchLabels: + app: photum + template: + metadata: + labels: + app: photum + spec: + imagePullSecrets: + - name: forgejo-registry-secret + containers: + - name: photum-app + image: git.saveinmed.com.br/yamamoto/photum:hml + ports: + - containerPort: 8080 + env: + - name: APP_ENV + value: "hml" + - name: APP_PORT + value: "8080" + - name: DB_DSN + value: "postgres://yuki:1I66Kcomp68L@db537.rede5.com.br:27537/photum-hml?sslmode=disable" + - name: JWT_ACCESS_SECRET + value: "Qw8!z2@pLk#7vXrTn$5eJb^1sGm*9YcD" + - name: JWT_REFRESH_SECRET + value: "Zx3$uV!6nB#2qWm^8jK@1rTg*5pLhS0d" + - name: JWT_ACCESS_TTL_MINUTES + value: "15" + - name: JWT_REFRESH_TTL_DAYS + value: "30" diff --git a/k8s/hml/ingress.yaml b/k8s/hml/ingress.yaml new file mode 100644 index 0000000..b546554 --- /dev/null +++ b/k8s/hml/ingress.yaml @@ -0,0 +1,29 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: photum-ingress + namespace: photum + annotations: + # Emite o certificado SSL automaticamente + cert-manager.io/cluster-issuer: letsencrypt-prod + # Define o Traefik como controlador + kubernetes.io/ingress.class: traefik + # Comando para o External-DNS criar o registro no Cloudflare + external-dns.alpha.kubernetes.io/hostname: api-dev.photum.app.br +spec: + tls: + - hosts: + - api-dev.photum.app.br + # O certificado será armazenado neste secret + secretName: photum-tls-cert + rules: + - host: api-dev.photum.app.br + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: photum-service + port: + number: 80 diff --git a/k8s/hml/service.yaml b/k8s/hml/service.yaml new file mode 100644 index 0000000..62efa68 --- /dev/null +++ b/k8s/hml/service.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + name: photum-service + namespace: photum +spec: + selector: + app: photum + ports: + - protocol: TCP + port: 80 + targetPort: 8080 # A porta que você definiu na variável APP_PORT diff --git a/k8s/prd/deployment.yaml b/k8s/prd/deployment.yaml new file mode 100644 index 0000000..ffbbcec --- /dev/null +++ b/k8s/prd/deployment.yaml @@ -0,0 +1,37 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: photum-backend + namespace: photum +spec: + replicas: 1 + selector: + matchLabels: + app: photum + template: + metadata: + labels: + app: photum + spec: + imagePullSecrets: + - name: forgejo-registry-secret + containers: + - name: photum-app + image: git.saveinmed.com.br/yamamoto/photum:prd + ports: + - containerPort: 8080 + env: + - name: APP_ENV + value: "prd" + - name: APP_PORT + value: "8080" + - name: DB_DSN + value: "postgres://yuki:1I66Kcomp68L@db537.rede5.com.br:27537/photum-prd?sslmode=disable" + - name: JWT_ACCESS_SECRET + value: "Qw8!z2@pLk#7vXrTn$5eJb^1sGm*9YcD" + - name: JWT_REFRESH_SECRET + value: "Zx3$uV!6nB#2qWm^8jK@1rTg*5pLhS0d" + - name: JWT_ACCESS_TTL_MINUTES + value: "15" + - name: JWT_REFRESH_TTL_DAYS + value: "30" diff --git a/k8s/prd/ingress.yaml b/k8s/prd/ingress.yaml new file mode 100644 index 0000000..b546554 --- /dev/null +++ b/k8s/prd/ingress.yaml @@ -0,0 +1,29 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: photum-ingress + namespace: photum + annotations: + # Emite o certificado SSL automaticamente + cert-manager.io/cluster-issuer: letsencrypt-prod + # Define o Traefik como controlador + kubernetes.io/ingress.class: traefik + # Comando para o External-DNS criar o registro no Cloudflare + external-dns.alpha.kubernetes.io/hostname: api-dev.photum.app.br +spec: + tls: + - hosts: + - api-dev.photum.app.br + # O certificado será armazenado neste secret + secretName: photum-tls-cert + rules: + - host: api-dev.photum.app.br + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: photum-service + port: + number: 80 diff --git a/k8s/prd/service.yaml b/k8s/prd/service.yaml new file mode 100644 index 0000000..62efa68 --- /dev/null +++ b/k8s/prd/service.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + name: photum-service + namespace: photum +spec: + selector: + app: photum + ports: + - protocol: TCP + port: 80 + targetPort: 8080 # A porta que você definiu na variável APP_PORT