diff --git a/.gitea/workflows/dev-build-deploy.yml b/.gitea/workflows/dev-build-deploy.yml new file mode 100644 index 0000000..aa2737b --- /dev/null +++ b/.gitea/workflows/dev-build-deploy.yml @@ -0,0 +1,86 @@ +name: Dev Build & Deploy Portal + +on: + push: + branches: + - developer + +# Variáveis necessárias no Gitea (Settings → Variables): +# DEV_NUXT_KEYCLOAK_URL ex: https://keycloakprod.modumfiscal.com.br +# DEV_NUXT_KEYCLOAK_REALM ex: modumfiscal-portal-dev +# DEV_NUXT_KEYCLOAK_CLIENT_ID ex: portal-modumfiscal-bff +# DEV_NUXT_CORE_API_URL ex: https://sistema.modumfiscal.com.br +# DEV_NUXT_REDIS_URL ex: redis://portal-redis:6379 +# +# Secrets necessários (Settings → Secrets): +# REGISTRY_USER +# REGISTRY_PASSWORD +# NUXT_KEYCLOAK_CLIENT_SECRET +# NUXT_COOKIE_SECRET gere com: node -e "console.log(require('crypto').randomBytes(32).toString('base64'))" + +jobs: + build-deploy: + runs-on: ubuntu-latest + + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Define version + id: version + run: | + VERSION=$(date +'%Y.%m.%d.%H%M') + echo "version=$VERSION" >> $GITHUB_OUTPUT + + - name: Login registry + env: + REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }} + REGISTRY_USER: ${{ secrets.REGISTRY_USER }} + run: | + echo "$REGISTRY_PASSWORD" | docker login git.modumsolucao.com.br \ + -u "$REGISTRY_USER" \ + --password-stdin + + - name: Build Docker image + run: | + docker build \ + --memory=3g \ + -t git.modumsolucao.com.br/modumsolucao/portal-modumfiscal-web:latest \ + -t git.modumsolucao.com.br/modumsolucao/portal-modumfiscal-web:${{ steps.version.outputs.version }} \ + . + + - name: Push image + run: | + docker push git.modumsolucao.com.br/modumsolucao/portal-modumfiscal-web:latest + docker push git.modumsolucao.com.br/modumsolucao/portal-modumfiscal-web:${{ steps.version.outputs.version }} + + - name: Deploy DEV + env: + NUXT_KEYCLOAK_URL: ${{ vars.DEV_NUXT_KEYCLOAK_URL }} + NUXT_KEYCLOAK_REALM: ${{ vars.DEV_NUXT_KEYCLOAK_REALM }} + NUXT_KEYCLOAK_CLIENT_ID: ${{ vars.DEV_NUXT_KEYCLOAK_CLIENT_ID }} + NUXT_KEYCLOAK_CLIENT_SECRET: ${{ secrets.NUXT_KEYCLOAK_CLIENT_SECRET }} + NUXT_CORE_API_URL: ${{ vars.DEV_NUXT_CORE_API_URL }} + NUXT_REDIS_URL: ${{ vars.DEV_NUXT_REDIS_URL }} + NUXT_COOKIE_SECRET: ${{ secrets.NUXT_COOKIE_SECRET }} + IMAGE_VERSION: ${{ steps.version.outputs.version }} + run: | + docker service update \ + --image git.modumsolucao.com.br/modumsolucao/portal-modumfiscal-web:$IMAGE_VERSION \ + --env-add NUXT_KEYCLOAK_URL="$NUXT_KEYCLOAK_URL" \ + --env-add NUXT_KEYCLOAK_REALM="$NUXT_KEYCLOAK_REALM" \ + --env-add NUXT_KEYCLOAK_CLIENT_ID="$NUXT_KEYCLOAK_CLIENT_ID" \ + --env-add NUXT_KEYCLOAK_CLIENT_SECRET="$NUXT_KEYCLOAK_CLIENT_SECRET" \ + --env-add NUXT_CORE_API_URL="$NUXT_CORE_API_URL" \ + --env-add NUXT_REDIS_URL="$NUXT_REDIS_URL" \ + --env-add NUXT_COOKIE_SECRET="$NUXT_COOKIE_SECRET" \ + --with-registry-auth \ + app_portal-modumfiscal-web + + - name: Cleanup old images + run: | + IMAGES_TO_DELETE=$(docker images "git.modumsolucao.com.br/modumsolucao/portal-modumfiscal-web" --format "{{.ID}}" | tail -n +3) + if [ -n "$IMAGES_TO_DELETE" ]; then + echo "$IMAGES_TO_DELETE" | xargs -I {} docker rmi -f {} || true + fi + docker image prune -f diff --git a/.gitea/workflows/prod-build-deploy.yml b/.gitea/workflows/prod-build-deploy.yml new file mode 100644 index 0000000..9dad0eb --- /dev/null +++ b/.gitea/workflows/prod-build-deploy.yml @@ -0,0 +1,102 @@ +name: Prod Build & Deploy Portal + +on: + push: + branches: + - main + +# Variáveis necessárias no Gitea (Settings → Variables): +# PROD_NUXT_KEYCLOAK_URL ex: https://keycloakprod.modumfiscal.com.br +# PROD_NUXT_KEYCLOAK_REALM ex: modumfiscal-portal-prod +# PROD_NUXT_KEYCLOAK_CLIENT_ID ex: portal-modumfiscal-bff +# PROD_NUXT_CORE_API_URL ex: https://sistema.modumfiscal.com.br +# PROD_NUXT_REDIS_URL ex: redis://portal-redis:6379 +# +# Secrets necessários (Settings → Secrets): +# REGISTRY_USER +# REGISTRY_PASSWORD +# PROD_NUXT_KEYCLOAK_CLIENT_SECRET +# PROD_NUXT_COOKIE_SECRET + +jobs: + build: + runs-on: ubuntu-latest + outputs: + version: ${{ steps.version.outputs.version }} + + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Define version + id: version + run: | + VERSION=$(date +'%Y.%m.%d.%H%M') + echo "version=$VERSION" >> $GITHUB_OUTPUT + + - name: Login registry + env: + REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }} + REGISTRY_USER: ${{ secrets.REGISTRY_USER }} + run: | + echo "$REGISTRY_PASSWORD" | docker login git.modumsolucao.com.br \ + -u "$REGISTRY_USER" \ + --password-stdin + + - name: Build Docker image + run: | + docker build \ + --memory=3g \ + -t git.modumsolucao.com.br/modumsolucao/portal-modumfiscal-web:prod-latest \ + -t git.modumsolucao.com.br/modumsolucao/portal-modumfiscal-web:prod-${{ steps.version.outputs.version }} \ + . + + - name: Push image + run: | + docker push git.modumsolucao.com.br/modumsolucao/portal-modumfiscal-web:prod-latest + docker push git.modumsolucao.com.br/modumsolucao/portal-modumfiscal-web:prod-${{ steps.version.outputs.version }} + + - name: Cleanup old images + run: | + IMAGES_TO_DELETE=$(docker images "git.modumsolucao.com.br/modumsolucao/portal-modumfiscal-web" --format "{{.ID}}" | tail -n +3) + if [ -n "$IMAGES_TO_DELETE" ]; then + echo "$IMAGES_TO_DELETE" | xargs -I {} docker rmi -f {} || true + fi + docker image prune -f + + deploy: + runs-on: prod + needs: build + + steps: + - name: Login registry + env: + REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }} + REGISTRY_USER: ${{ secrets.REGISTRY_USER }} + run: | + echo "$REGISTRY_PASSWORD" | docker login git.modumsolucao.com.br \ + -u "$REGISTRY_USER" \ + --password-stdin + + - name: Deploy PROD + env: + NUXT_KEYCLOAK_URL: ${{ vars.PROD_NUXT_KEYCLOAK_URL }} + NUXT_KEYCLOAK_REALM: ${{ vars.PROD_NUXT_KEYCLOAK_REALM }} + NUXT_KEYCLOAK_CLIENT_ID: ${{ vars.PROD_NUXT_KEYCLOAK_CLIENT_ID }} + NUXT_KEYCLOAK_CLIENT_SECRET: ${{ secrets.PROD_NUXT_KEYCLOAK_CLIENT_SECRET }} + NUXT_CORE_API_URL: ${{ vars.PROD_NUXT_CORE_API_URL }} + NUXT_REDIS_URL: ${{ vars.PROD_NUXT_REDIS_URL }} + NUXT_COOKIE_SECRET: ${{ secrets.PROD_NUXT_COOKIE_SECRET }} + IMAGE_VERSION: ${{ needs.build.outputs.version }} + run: | + docker service update \ + --image git.modumsolucao.com.br/modumsolucao/portal-modumfiscal-web:prod-$IMAGE_VERSION \ + --env-add NUXT_KEYCLOAK_URL="$NUXT_KEYCLOAK_URL" \ + --env-add NUXT_KEYCLOAK_REALM="$NUXT_KEYCLOAK_REALM" \ + --env-add NUXT_KEYCLOAK_CLIENT_ID="$NUXT_KEYCLOAK_CLIENT_ID" \ + --env-add NUXT_KEYCLOAK_CLIENT_SECRET="$NUXT_KEYCLOAK_CLIENT_SECRET" \ + --env-add NUXT_CORE_API_URL="$NUXT_CORE_API_URL" \ + --env-add NUXT_REDIS_URL="$NUXT_REDIS_URL" \ + --env-add NUXT_COOKIE_SECRET="$NUXT_COOKIE_SECRET" \ + --with-registry-auth \ + app_portal-modumfiscal-web diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..0524e9c --- /dev/null +++ b/Dockerfile @@ -0,0 +1,20 @@ +# Build stage +FROM node:20-alpine AS builder +WORKDIR /app +COPY package*.json ./ +RUN npm ci +COPY . . +RUN npm run build + +# Production stage — apenas o .output do Nuxt (SSR via Node.js) +FROM node:20-alpine AS runner +WORKDIR /app + +ENV NODE_ENV=production +ENV NUXT_HOST=0.0.0.0 +ENV NUXT_PORT=3000 + +COPY --from=builder /app/.output ./ + +EXPOSE 3000 +CMD ["node", "server/index.mjs"]