ModumSolucao/portal-modumfiscal-web
5
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

chore: Dockerfile + pipelines Gitea CI/CD para deploy em Docker Swarm

Browse Source 
Adiciona Dockerfile multi-stage (Node 20 Alpine, SSR Nuxt .output),
pipelines dev (branch developer) e prod (branch main) com docker service
update injetando todas as variáveis NUXT_* em runtime via --env-add.
Vars não-sensíveis via project variables; segredos via project secrets.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
Gabriel Bezerra 2026-05-18 20:47:01 -03:00
parent 8905e7f27c
commit 875b6b41c3
3 changed files with 208 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

86
.gitea/workflows/dev-build-deploy.yml Normal file
View File

@ -0,0 +1,86 @@
name: Dev Build & Deploy Portal
on:
push:
branches:
- developer
# Variáveis necessárias no Gitea (Settings → Variables):
# DEV_NUXT_KEYCLOAK_URL ex: https://keycloakprod.modumfiscal.com.br
# DEV_NUXT_KEYCLOAK_REALM ex: modumfiscal-portal-dev
# DEV_NUXT_KEYCLOAK_CLIENT_ID ex: portal-modumfiscal-bff
# DEV_NUXT_CORE_API_URL ex: https://sistema.modumfiscal.com.br
# DEV_NUXT_REDIS_URL ex: redis://portal-redis:6379
#
# Secrets necessários (Settings → Secrets):
# REGISTRY_USER
# REGISTRY_PASSWORD
# NUXT_KEYCLOAK_CLIENT_SECRET
# NUXT_COOKIE_SECRET gere com: node -e "console.log(require('crypto').randomBytes(32).toString('base64'))"
jobs:
build-deploy:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Define version
id: version
run: |
VERSION=$(date +'%Y.%m.%d.%H%M')
echo "version=$VERSION" >> $GITHUB_OUTPUT
- name: Login registry
env:
REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }}
REGISTRY_USER: ${{ secrets.REGISTRY_USER }}
run: |
echo "$REGISTRY_PASSWORD" | docker login git.modumsolucao.com.br \
-u "$REGISTRY_USER" \
--password-stdin
- name: Build Docker image
run: |
docker build \
--memory=3g \
-t git.modumsolucao.com.br/modumsolucao/portal-modumfiscal-web:latest \
-t git.modumsolucao.com.br/modumsolucao/portal-modumfiscal-web:${{ steps.version.outputs.version }} \
.
- name: Push image
run: |
docker push git.modumsolucao.com.br/modumsolucao/portal-modumfiscal-web:latest
docker push git.modumsolucao.com.br/modumsolucao/portal-modumfiscal-web:${{ steps.version.outputs.version }}
- name: Deploy DEV
env:
NUXT_KEYCLOAK_URL: ${{ vars.DEV_NUXT_KEYCLOAK_URL }}
NUXT_KEYCLOAK_REALM: ${{ vars.DEV_NUXT_KEYCLOAK_REALM }}
NUXT_KEYCLOAK_CLIENT_ID: ${{ vars.DEV_NUXT_KEYCLOAK_CLIENT_ID }}
NUXT_KEYCLOAK_CLIENT_SECRET: ${{ secrets.NUXT_KEYCLOAK_CLIENT_SECRET }}
NUXT_CORE_API_URL: ${{ vars.DEV_NUXT_CORE_API_URL }}
NUXT_REDIS_URL: ${{ vars.DEV_NUXT_REDIS_URL }}
NUXT_COOKIE_SECRET: ${{ secrets.NUXT_COOKIE_SECRET }}
IMAGE_VERSION: ${{ steps.version.outputs.version }}
run: |
docker service update \
--image git.modumsolucao.com.br/modumsolucao/portal-modumfiscal-web:$IMAGE_VERSION \
--env-add NUXT_KEYCLOAK_URL="$NUXT_KEYCLOAK_URL" \
--env-add NUXT_KEYCLOAK_REALM="$NUXT_KEYCLOAK_REALM" \
--env-add NUXT_KEYCLOAK_CLIENT_ID="$NUXT_KEYCLOAK_CLIENT_ID" \
--env-add NUXT_KEYCLOAK_CLIENT_SECRET="$NUXT_KEYCLOAK_CLIENT_SECRET" \
--env-add NUXT_CORE_API_URL="$NUXT_CORE_API_URL" \
--env-add NUXT_REDIS_URL="$NUXT_REDIS_URL" \
--env-add NUXT_COOKIE_SECRET="$NUXT_COOKIE_SECRET" \
--with-registry-auth \
app_portal-modumfiscal-web
- name: Cleanup old images
run: |
IMAGES_TO_DELETE=$(docker images "git.modumsolucao.com.br/modumsolucao/portal-modumfiscal-web" --format "{{.ID}}" | tail -n +3)
if [ -n "$IMAGES_TO_DELETE" ]; then
echo "$IMAGES_TO_DELETE" | xargs -I {} docker rmi -f {} || true
fi
docker image prune -f

102
.gitea/workflows/prod-build-deploy.yml Normal file
View File

@ -0,0 +1,102 @@
name: Prod Build & Deploy Portal
on:
push:
branches:
- main
# Variáveis necessárias no Gitea (Settings → Variables):
# PROD_NUXT_KEYCLOAK_URL ex: https://keycloakprod.modumfiscal.com.br
# PROD_NUXT_KEYCLOAK_REALM ex: modumfiscal-portal-prod
# PROD_NUXT_KEYCLOAK_CLIENT_ID ex: portal-modumfiscal-bff
# PROD_NUXT_CORE_API_URL ex: https://sistema.modumfiscal.com.br
# PROD_NUXT_REDIS_URL ex: redis://portal-redis:6379
#
# Secrets necessários (Settings → Secrets):
# REGISTRY_USER
# REGISTRY_PASSWORD
# PROD_NUXT_KEYCLOAK_CLIENT_SECRET
# PROD_NUXT_COOKIE_SECRET
jobs:
build:
runs-on: ubuntu-latest
outputs:
version: ${{ steps.version.outputs.version }}
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Define version
id: version
run: |
VERSION=$(date +'%Y.%m.%d.%H%M')
echo "version=$VERSION" >> $GITHUB_OUTPUT
- name: Login registry
env:
REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }}
REGISTRY_USER: ${{ secrets.REGISTRY_USER }}
run: |
echo "$REGISTRY_PASSWORD" | docker login git.modumsolucao.com.br \
-u "$REGISTRY_USER" \
--password-stdin
- name: Build Docker image
run: |
docker build \
--memory=3g \
-t git.modumsolucao.com.br/modumsolucao/portal-modumfiscal-web:prod-latest \
-t git.modumsolucao.com.br/modumsolucao/portal-modumfiscal-web:prod-${{ steps.version.outputs.version }} \
.
- name: Push image
run: |
docker push git.modumsolucao.com.br/modumsolucao/portal-modumfiscal-web:prod-latest
docker push git.modumsolucao.com.br/modumsolucao/portal-modumfiscal-web:prod-${{ steps.version.outputs.version }}
- name: Cleanup old images
run: |
IMAGES_TO_DELETE=$(docker images "git.modumsolucao.com.br/modumsolucao/portal-modumfiscal-web" --format "{{.ID}}" | tail -n +3)
if [ -n "$IMAGES_TO_DELETE" ]; then
echo "$IMAGES_TO_DELETE" | xargs -I {} docker rmi -f {} || true
fi
docker image prune -f
deploy:
runs-on: prod
needs: build
steps:
- name: Login registry
env:
REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }}
REGISTRY_USER: ${{ secrets.REGISTRY_USER }}
run: |
echo "$REGISTRY_PASSWORD" | docker login git.modumsolucao.com.br \
-u "$REGISTRY_USER" \
--password-stdin
- name: Deploy PROD
env:
NUXT_KEYCLOAK_URL: ${{ vars.PROD_NUXT_KEYCLOAK_URL }}
NUXT_KEYCLOAK_REALM: ${{ vars.PROD_NUXT_KEYCLOAK_REALM }}
NUXT_KEYCLOAK_CLIENT_ID: ${{ vars.PROD_NUXT_KEYCLOAK_CLIENT_ID }}
NUXT_KEYCLOAK_CLIENT_SECRET: ${{ secrets.PROD_NUXT_KEYCLOAK_CLIENT_SECRET }}
NUXT_CORE_API_URL: ${{ vars.PROD_NUXT_CORE_API_URL }}
NUXT_REDIS_URL: ${{ vars.PROD_NUXT_REDIS_URL }}
NUXT_COOKIE_SECRET: ${{ secrets.PROD_NUXT_COOKIE_SECRET }}
IMAGE_VERSION: ${{ needs.build.outputs.version }}
run: |
docker service update \
--image git.modumsolucao.com.br/modumsolucao/portal-modumfiscal-web:prod-$IMAGE_VERSION \
--env-add NUXT_KEYCLOAK_URL="$NUXT_KEYCLOAK_URL" \
--env-add NUXT_KEYCLOAK_REALM="$NUXT_KEYCLOAK_REALM" \
--env-add NUXT_KEYCLOAK_CLIENT_ID="$NUXT_KEYCLOAK_CLIENT_ID" \
--env-add NUXT_KEYCLOAK_CLIENT_SECRET="$NUXT_KEYCLOAK_CLIENT_SECRET" \
--env-add NUXT_CORE_API_URL="$NUXT_CORE_API_URL" \
--env-add NUXT_REDIS_URL="$NUXT_REDIS_URL" \
--env-add NUXT_COOKIE_SECRET="$NUXT_COOKIE_SECRET" \
--with-registry-auth \
app_portal-modumfiscal-web

20
Dockerfile Normal file
View File

@ -0,0 +1,20 @@
# Build stage
FROM node:20-alpine AS builder
WORKDIR /app
COPY package*.json ./
RUN npm ci
COPY . .
RUN npm run build
# Production stage — apenas o .output do Nuxt (SSR via Node.js)
FROM node:20-alpine AS runner
WORKDIR /app
ENV NODE_ENV=production
ENV NUXT_HOST=0.0.0.0
ENV NUXT_PORT=3000
COPY --from=builder /app/.output ./
EXPOSE 3000
CMD ["node", "server/index.mjs"]