ajuste dos ambientes dev hml pro

.forgejo/workflows/deploy.yaml

@@ -3,6 +3,17 @@ on:
   push:
     branches:
       - dev
+      - hml
+  workflow_dispatch:
+    inputs:
+      environment:
+        description: 'Ambiente para deploy'
+        required: true
+        default: 'hml'
+        type: choice
+        options:
+          - hml
+          - prd
 
 jobs:
   build-and-deploy:
@@ -24,16 +35,32 @@ jobs:
           docker build -t git.saveinmed.com.br/${{ github.repository }}:latest ./backend
           docker push git.saveinmed.com.br/${{ github.repository }}:latest
 
-      - name: Deploy
+      - name: Deploy (dev)
+        if: github.ref_name == 'dev'
         run: |
-          # 1. Instala curl e certificados para conseguir baixar o kubectl
           apk add --no-cache curl ca-certificates
-
-          # 2. Baixa e instala o kubectl oficial
           curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
           chmod +x kubectl
           mv kubectl /usr/local/bin/kubectl
-
-          # 3. Aplica as mudanças no cluster
           kubectl apply -f k8s/
-          kubectl rollout restart deployment/photum-backend -n photum
+          kubectl rollout restart deployment/photum-backend -n photum-dev
+
+      - name: Deploy (hml)
+        if: github.ref_name == 'hml' || (github.event_name == 'workflow_dispatch' && github.event.inputs.environment == 'hml')
+        run: |
+          apk add --no-cache curl ca-certificates
+          curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
+          chmod +x kubectl
+          mv kubectl /usr/local/bin/kubectl
+          kubectl apply -f k8s/hml/
+          kubectl rollout restart deployment/photum-backend -n photum-hml
+
+      - name: Deploy (prd)
+        if: github.event_name == 'workflow_dispatch' && github.event.inputs.environment == 'prd'
+        run: |
+          apk add --no-cache curl ca-certificates
+          curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
+          chmod +x kubectl
+          mv kubectl /usr/local/bin/kubectl
+          kubectl apply -f k8s/prd/
+          kubectl rollout restart deployment/photum-backend -n photum-prd

k8s/dev/deployment.yaml

@@ -17,7 +17,7 @@ spec:
         - name: forgejo-registry-secret
       containers:
         - name: photum-app
-          image: git.saveinmed.com.br/yamamoto/photum:latest
+          image: git.saveinmed.com.br/yamamoto/photum:dev
           ports:
             - containerPort: 8080
           env:

k8s/hml/deployment.yaml

@@ -0,0 +1,37 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: photum-backend
+  namespace: photum
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: photum
+  template:
+    metadata:
+      labels:
+        app: photum
+    spec:
+      imagePullSecrets:
+        - name: forgejo-registry-secret
+      containers:
+        - name: photum-app
+          image: git.saveinmed.com.br/yamamoto/photum:hml
+          ports:
+            - containerPort: 8080
+          env:
+            - name: APP_ENV
+              value: "hml"
+            - name: APP_PORT
+              value: "8080"
+            - name: DB_DSN
+              value: "postgres://yuki:1I66Kcomp68L@db537.rede5.com.br:27537/photum-hml?sslmode=disable"
+            - name: JWT_ACCESS_SECRET
+              value: "Qw8!z2@pLk#7vXrTn$5eJb^1sGm*9YcD"
+            - name: JWT_REFRESH_SECRET
+              value: "Zx3$uV!6nB#2qWm^8jK@1rTg*5pLhS0d"
+            - name: JWT_ACCESS_TTL_MINUTES
+              value: "15"
+            - name: JWT_REFRESH_TTL_DAYS
+              value: "30"

k8s/hml/ingress.yaml

@@ -0,0 +1,29 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: photum-ingress
+  namespace: photum
+  annotations:
+    # Emite o certificado SSL automaticamente
+    cert-manager.io/cluster-issuer: letsencrypt-prod
+    # Define o Traefik como controlador
+    kubernetes.io/ingress.class: traefik
+    # Comando para o External-DNS criar o registro no Cloudflare
+    external-dns.alpha.kubernetes.io/hostname: api-dev.photum.app.br
+spec:
+  tls:
+    - hosts:
+        - api-dev.photum.app.br
+        # O certificado será armazenado neste secret
+      secretName: photum-tls-cert
+  rules:
+    - host: api-dev.photum.app.br
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: photum-service
+                port:
+                  number: 80

k8s/hml/service.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: photum-service
+  namespace: photum
+spec:
+  selector:
+    app: photum
+  ports:
+    - protocol: TCP
+      port: 80
+      targetPort: 8080 # A porta que você definiu na variável APP_PORT

k8s/prd/deployment.yaml

@@ -0,0 +1,37 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: photum-backend
+  namespace: photum
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: photum
+  template:
+    metadata:
+      labels:
+        app: photum
+    spec:
+      imagePullSecrets:
+        - name: forgejo-registry-secret
+      containers:
+        - name: photum-app
+          image: git.saveinmed.com.br/yamamoto/photum:prd
+          ports:
+            - containerPort: 8080
+          env:
+            - name: APP_ENV
+              value: "prd"
+            - name: APP_PORT
+              value: "8080"
+            - name: DB_DSN
+              value: "postgres://yuki:1I66Kcomp68L@db537.rede5.com.br:27537/photum-prd?sslmode=disable"
+            - name: JWT_ACCESS_SECRET
+              value: "Qw8!z2@pLk#7vXrTn$5eJb^1sGm*9YcD"
+            - name: JWT_REFRESH_SECRET
+              value: "Zx3$uV!6nB#2qWm^8jK@1rTg*5pLhS0d"
+            - name: JWT_ACCESS_TTL_MINUTES
+              value: "15"
+            - name: JWT_REFRESH_TTL_DAYS
+              value: "30"

k8s/prd/ingress.yaml

@@ -0,0 +1,29 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: photum-ingress
+  namespace: photum
+  annotations:
+    # Emite o certificado SSL automaticamente
+    cert-manager.io/cluster-issuer: letsencrypt-prod
+    # Define o Traefik como controlador
+    kubernetes.io/ingress.class: traefik
+    # Comando para o External-DNS criar o registro no Cloudflare
+    external-dns.alpha.kubernetes.io/hostname: api-dev.photum.app.br
+spec:
+  tls:
+    - hosts:
+        - api-dev.photum.app.br
+        # O certificado será armazenado neste secret
+      secretName: photum-tls-cert
+  rules:
+    - host: api-dev.photum.app.br
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: photum-service
+                port:
+                  number: 80

k8s/prd/service.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: photum-service
+  namespace: photum
+spec:
+  selector:
+    app: photum
+  ports:
+    - protocol: TCP
+      port: 80
+      targetPort: 8080 # A porta que você definiu na variável APP_PORT