.gitea/workflows/dev-build-deploy.yml

@@ -0,0 +1,86 @@
+name: Dev Build & Deploy Portal
+
+on:
+  push:
+    branches:
+      - developer
+
+# Variáveis necessárias no Gitea (Settings → Variables):
+#   DEV_NUXT_KEYCLOAK_URL          ex: https://keycloakprod.modumfiscal.com.br
+#   DEV_NUXT_KEYCLOAK_REALM        ex: modumfiscal-portal-dev
+#   DEV_NUXT_KEYCLOAK_CLIENT_ID    ex: portal-modumfiscal-bff
+#   DEV_NUXT_CORE_API_URL          ex: https://sistema.modumfiscal.com.br
+#   DEV_NUXT_REDIS_URL             ex: redis://portal-redis:6379
+#
+# Secrets necessários (Settings → Secrets):
+#   REGISTRY_USER
+#   REGISTRY_PASSWORD
+#   NUXT_KEYCLOAK_CLIENT_SECRET
+#   NUXT_COOKIE_SECRET             gere com: node -e "console.log(require('crypto').randomBytes(32).toString('base64'))"
+
+jobs:
+  build-deploy:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Define version
+        id: version
+        run: |
+          VERSION=$(date +'%Y.%m.%d.%H%M')
+          echo "version=$VERSION" >> $GITHUB_OUTPUT
+
+      - name: Login registry
+        env:
+          REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }}
+          REGISTRY_USER: ${{ secrets.REGISTRY_USER }}
+        run: |
+          echo "$REGISTRY_PASSWORD" | docker login git.modumsolucao.com.br \
+            -u "$REGISTRY_USER" \
+            --password-stdin
+
+      - name: Build Docker image
+        run: |
+          docker build \
+            --memory=3g \
+            -t git.modumsolucao.com.br/modumsolucao/portal-modumfiscal-web:latest \
+            -t git.modumsolucao.com.br/modumsolucao/portal-modumfiscal-web:${{ steps.version.outputs.version }} \
+            .
+
+      - name: Push image
+        run: |
+          docker push git.modumsolucao.com.br/modumsolucao/portal-modumfiscal-web:latest
+          docker push git.modumsolucao.com.br/modumsolucao/portal-modumfiscal-web:${{ steps.version.outputs.version }}
+
+      - name: Deploy DEV
+        env:
+          NUXT_KEYCLOAK_URL: ${{ vars.DEV_NUXT_KEYCLOAK_URL }}
+          NUXT_KEYCLOAK_REALM: ${{ vars.DEV_NUXT_KEYCLOAK_REALM }}
+          NUXT_KEYCLOAK_CLIENT_ID: ${{ vars.DEV_NUXT_KEYCLOAK_CLIENT_ID }}
+          NUXT_KEYCLOAK_CLIENT_SECRET: ${{ secrets.NUXT_KEYCLOAK_CLIENT_SECRET }}
+          NUXT_CORE_API_URL: ${{ vars.DEV_NUXT_CORE_API_URL }}
+          NUXT_REDIS_URL: ${{ vars.DEV_NUXT_REDIS_URL }}
+          NUXT_COOKIE_SECRET: ${{ secrets.NUXT_COOKIE_SECRET }}
+          IMAGE_VERSION: ${{ steps.version.outputs.version }}
+        run: |
+          docker service update \
+            --image git.modumsolucao.com.br/modumsolucao/portal-modumfiscal-web:$IMAGE_VERSION \
+            --env-add NUXT_KEYCLOAK_URL="$NUXT_KEYCLOAK_URL" \
+            --env-add NUXT_KEYCLOAK_REALM="$NUXT_KEYCLOAK_REALM" \
+            --env-add NUXT_KEYCLOAK_CLIENT_ID="$NUXT_KEYCLOAK_CLIENT_ID" \
+            --env-add NUXT_KEYCLOAK_CLIENT_SECRET="$NUXT_KEYCLOAK_CLIENT_SECRET" \
+            --env-add NUXT_CORE_API_URL="$NUXT_CORE_API_URL" \
+            --env-add NUXT_REDIS_URL="$NUXT_REDIS_URL" \
+            --env-add NUXT_COOKIE_SECRET="$NUXT_COOKIE_SECRET" \
+            --with-registry-auth \
+            app_portal-modumfiscal-web
+
+      - name: Cleanup old images
+        run: |
+          IMAGES_TO_DELETE=$(docker images "git.modumsolucao.com.br/modumsolucao/portal-modumfiscal-web" --format "{{.ID}}" | tail -n +3)
+          if [ -n "$IMAGES_TO_DELETE" ]; then
+            echo "$IMAGES_TO_DELETE" | xargs -I {} docker rmi -f {} || true
+          fi
+          docker image prune -f

.gitea/workflows/prod-build-deploy.yml

@@ -0,0 +1,102 @@
+name: Prod Build & Deploy Portal
+
+on:
+  push:
+    branches:
+      - main
+
+# Variáveis necessárias no Gitea (Settings → Variables):
+#   PROD_NUXT_KEYCLOAK_URL         ex: https://keycloakprod.modumfiscal.com.br
+#   PROD_NUXT_KEYCLOAK_REALM       ex: modumfiscal-portal-prod
+#   PROD_NUXT_KEYCLOAK_CLIENT_ID   ex: portal-modumfiscal-bff
+#   PROD_NUXT_CORE_API_URL         ex: https://sistema.modumfiscal.com.br
+#   PROD_NUXT_REDIS_URL            ex: redis://portal-redis:6379
+#
+# Secrets necessários (Settings → Secrets):
+#   REGISTRY_USER
+#   REGISTRY_PASSWORD
+#   PROD_NUXT_KEYCLOAK_CLIENT_SECRET
+#   PROD_NUXT_COOKIE_SECRET
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    outputs:
+      version: ${{ steps.version.outputs.version }}
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Define version
+        id: version
+        run: |
+          VERSION=$(date +'%Y.%m.%d.%H%M')
+          echo "version=$VERSION" >> $GITHUB_OUTPUT
+
+      - name: Login registry
+        env:
+          REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }}
+          REGISTRY_USER: ${{ secrets.REGISTRY_USER }}
+        run: |
+          echo "$REGISTRY_PASSWORD" | docker login git.modumsolucao.com.br \
+            -u "$REGISTRY_USER" \
+            --password-stdin
+
+      - name: Build Docker image
+        run: |
+          docker build \
+            --memory=3g \
+            -t git.modumsolucao.com.br/modumsolucao/portal-modumfiscal-web:prod-latest \
+            -t git.modumsolucao.com.br/modumsolucao/portal-modumfiscal-web:prod-${{ steps.version.outputs.version }} \
+            .
+
+      - name: Push image
+        run: |
+          docker push git.modumsolucao.com.br/modumsolucao/portal-modumfiscal-web:prod-latest
+          docker push git.modumsolucao.com.br/modumsolucao/portal-modumfiscal-web:prod-${{ steps.version.outputs.version }}
+
+      - name: Cleanup old images
+        run: |
+          IMAGES_TO_DELETE=$(docker images "git.modumsolucao.com.br/modumsolucao/portal-modumfiscal-web" --format "{{.ID}}" | tail -n +3)
+          if [ -n "$IMAGES_TO_DELETE" ]; then
+            echo "$IMAGES_TO_DELETE" | xargs -I {} docker rmi -f {} || true
+          fi
+          docker image prune -f
+
+  deploy:
+    runs-on: prod
+    needs: build
+
+    steps:
+      - name: Login registry
+        env:
+          REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }}
+          REGISTRY_USER: ${{ secrets.REGISTRY_USER }}
+        run: |
+          echo "$REGISTRY_PASSWORD" | docker login git.modumsolucao.com.br \
+            -u "$REGISTRY_USER" \
+            --password-stdin
+
+      - name: Deploy PROD
+        env:
+          NUXT_KEYCLOAK_URL: ${{ vars.PROD_NUXT_KEYCLOAK_URL }}
+          NUXT_KEYCLOAK_REALM: ${{ vars.PROD_NUXT_KEYCLOAK_REALM }}
+          NUXT_KEYCLOAK_CLIENT_ID: ${{ vars.PROD_NUXT_KEYCLOAK_CLIENT_ID }}
+          NUXT_KEYCLOAK_CLIENT_SECRET: ${{ secrets.PROD_NUXT_KEYCLOAK_CLIENT_SECRET }}
+          NUXT_CORE_API_URL: ${{ vars.PROD_NUXT_CORE_API_URL }}
+          NUXT_REDIS_URL: ${{ vars.PROD_NUXT_REDIS_URL }}
+          NUXT_COOKIE_SECRET: ${{ secrets.PROD_NUXT_COOKIE_SECRET }}
+          IMAGE_VERSION: ${{ needs.build.outputs.version }}
+        run: |
+          docker service update \
+            --image git.modumsolucao.com.br/modumsolucao/portal-modumfiscal-web:prod-$IMAGE_VERSION \
+            --env-add NUXT_KEYCLOAK_URL="$NUXT_KEYCLOAK_URL" \
+            --env-add NUXT_KEYCLOAK_REALM="$NUXT_KEYCLOAK_REALM" \
+            --env-add NUXT_KEYCLOAK_CLIENT_ID="$NUXT_KEYCLOAK_CLIENT_ID" \
+            --env-add NUXT_KEYCLOAK_CLIENT_SECRET="$NUXT_KEYCLOAK_CLIENT_SECRET" \
+            --env-add NUXT_CORE_API_URL="$NUXT_CORE_API_URL" \
+            --env-add NUXT_REDIS_URL="$NUXT_REDIS_URL" \
+            --env-add NUXT_COOKIE_SECRET="$NUXT_COOKIE_SECRET" \
+            --with-registry-auth \
+            app_portal-modumfiscal-web

Dockerfile

@@ -0,0 +1,20 @@
+# Build stage
+FROM node:20-alpine AS builder
+WORKDIR /app
+COPY package*.json ./
+RUN npm ci
+COPY . .
+RUN npm run build
+
+# Production stage — apenas o .output do Nuxt (SSR via Node.js)
+FROM node:20-alpine AS runner
+WORKDIR /app
+
+ENV NODE_ENV=production
+ENV NUXT_HOST=0.0.0.0
+ENV NUXT_PORT=3000
+
+COPY --from=builder /app/.output ./
+
+EXPOSE 3000
+CMD ["node", "server/index.mjs"]