name: Prod Build & Deploy Portal on: push: branches: - main # Variáveis necessárias no Gitea (Settings → Variables): # PROD_NUXT_KEYCLOAK_URL ex: https://keycloakprod.modumfiscal.com.br # PROD_NUXT_KEYCLOAK_REALM ex: modumfiscal-portal-prod # PROD_NUXT_KEYCLOAK_CLIENT_ID ex: portal-modumfiscal-bff # PROD_NUXT_CORE_API_URL ex: https://sistema.modumfiscal.com.br # PROD_NUXT_REDIS_URL ex: redis://portal-redis:6379 # # Secrets necessários (Settings → Secrets): # REGISTRY_USER # REGISTRY_PASSWORD # PROD_NUXT_KEYCLOAK_CLIENT_SECRET # PROD_NUXT_COOKIE_SECRET jobs: build: runs-on: ubuntu-latest outputs: version: ${{ steps.version.outputs.version }} steps: - name: Checkout uses: actions/checkout@v4 - name: Define version id: version run: | VERSION=$(date +'%Y.%m.%d.%H%M') echo "version=$VERSION" >> $GITHUB_OUTPUT - name: Login registry env: REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }} REGISTRY_USER: ${{ secrets.REGISTRY_USER }} run: | echo "$REGISTRY_PASSWORD" | docker login git.modumsolucao.com.br \ -u "$REGISTRY_USER" \ --password-stdin - name: Build Docker image run: | docker build \ --memory=3g \ -t git.modumsolucao.com.br/modumsolucao/portal-modumfiscal-web:prod-latest \ -t git.modumsolucao.com.br/modumsolucao/portal-modumfiscal-web:prod-${{ steps.version.outputs.version }} \ . - name: Push image run: | docker push git.modumsolucao.com.br/modumsolucao/portal-modumfiscal-web:prod-latest docker push git.modumsolucao.com.br/modumsolucao/portal-modumfiscal-web:prod-${{ steps.version.outputs.version }} - name: Cleanup old images run: | IMAGES_TO_DELETE=$(docker images "git.modumsolucao.com.br/modumsolucao/portal-modumfiscal-web" --format "{{.ID}}" | tail -n +3) if [ -n "$IMAGES_TO_DELETE" ]; then echo "$IMAGES_TO_DELETE" | xargs -I {} docker rmi -f {} || true fi docker image prune -f deploy: runs-on: prod needs: build steps: - name: Login registry env: REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }} REGISTRY_USER: ${{ secrets.REGISTRY_USER }} run: | echo "$REGISTRY_PASSWORD" | docker login git.modumsolucao.com.br \ -u "$REGISTRY_USER" \ --password-stdin - name: Deploy PROD env: NUXT_KEYCLOAK_URL: ${{ vars.PROD_NUXT_KEYCLOAK_URL }} NUXT_KEYCLOAK_REALM: ${{ vars.PROD_NUXT_KEYCLOAK_REALM }} NUXT_KEYCLOAK_CLIENT_ID: ${{ vars.PROD_NUXT_KEYCLOAK_CLIENT_ID }} NUXT_KEYCLOAK_CLIENT_SECRET: ${{ secrets.PROD_NUXT_KEYCLOAK_CLIENT_SECRET }} NUXT_CORE_API_URL: ${{ vars.PROD_NUXT_CORE_API_URL }} NUXT_REDIS_URL: ${{ vars.PROD_NUXT_REDIS_URL }} NUXT_COOKIE_SECRET: ${{ secrets.PROD_NUXT_COOKIE_SECRET }} IMAGE_VERSION: ${{ needs.build.outputs.version }} run: | docker service update \ --image git.modumsolucao.com.br/modumsolucao/portal-modumfiscal-web:prod-$IMAGE_VERSION \ --env-add NUXT_KEYCLOAK_URL="$NUXT_KEYCLOAK_URL" \ --env-add NUXT_KEYCLOAK_REALM="$NUXT_KEYCLOAK_REALM" \ --env-add NUXT_KEYCLOAK_CLIENT_ID="$NUXT_KEYCLOAK_CLIENT_ID" \ --env-add NUXT_KEYCLOAK_CLIENT_SECRET="$NUXT_KEYCLOAK_CLIENT_SECRET" \ --env-add NUXT_CORE_API_URL="$NUXT_CORE_API_URL" \ --env-add NUXT_REDIS_URL="$NUXT_REDIS_URL" \ --env-add NUXT_COOKIE_SECRET="$NUXT_COOKIE_SECRET" \ --with-registry-auth \ app_portal-modumfiscal-web