gabrielb
875b6b41c3
Adiciona Dockerfile multi-stage (Node 20 Alpine, SSR Nuxt .output), pipelines dev (branch developer) e prod (branch main) com docker service update injetando todas as variáveis NUXT_* em runtime via --env-add. Vars não-sensíveis via project variables; segredos via project secrets. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
103 lines
3.8 KiB
YAML
103 lines
3.8 KiB
YAML
name: Prod Build & Deploy Portal
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- main
|
|
|
|
# Variáveis necessárias no Gitea (Settings → Variables):
|
|
# PROD_NUXT_KEYCLOAK_URL ex: https://keycloakprod.modumfiscal.com.br
|
|
# PROD_NUXT_KEYCLOAK_REALM ex: modumfiscal-portal-prod
|
|
# PROD_NUXT_KEYCLOAK_CLIENT_ID ex: portal-modumfiscal-bff
|
|
# PROD_NUXT_CORE_API_URL ex: https://sistema.modumfiscal.com.br
|
|
# PROD_NUXT_REDIS_URL ex: redis://portal-redis:6379
|
|
#
|
|
# Secrets necessários (Settings → Secrets):
|
|
# REGISTRY_USER
|
|
# REGISTRY_PASSWORD
|
|
# PROD_NUXT_KEYCLOAK_CLIENT_SECRET
|
|
# PROD_NUXT_COOKIE_SECRET
|
|
|
|
jobs:
|
|
build:
|
|
runs-on: ubuntu-latest
|
|
outputs:
|
|
version: ${{ steps.version.outputs.version }}
|
|
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Define version
|
|
id: version
|
|
run: |
|
|
VERSION=$(date +'%Y.%m.%d.%H%M')
|
|
echo "version=$VERSION" >> $GITHUB_OUTPUT
|
|
|
|
- name: Login registry
|
|
env:
|
|
REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }}
|
|
REGISTRY_USER: ${{ secrets.REGISTRY_USER }}
|
|
run: |
|
|
echo "$REGISTRY_PASSWORD" | docker login git.modumsolucao.com.br \
|
|
-u "$REGISTRY_USER" \
|
|
--password-stdin
|
|
|
|
- name: Build Docker image
|
|
run: |
|
|
docker build \
|
|
--memory=3g \
|
|
-t git.modumsolucao.com.br/modumsolucao/portal-modumfiscal-web:prod-latest \
|
|
-t git.modumsolucao.com.br/modumsolucao/portal-modumfiscal-web:prod-${{ steps.version.outputs.version }} \
|
|
.
|
|
|
|
- name: Push image
|
|
run: |
|
|
docker push git.modumsolucao.com.br/modumsolucao/portal-modumfiscal-web:prod-latest
|
|
docker push git.modumsolucao.com.br/modumsolucao/portal-modumfiscal-web:prod-${{ steps.version.outputs.version }}
|
|
|
|
- name: Cleanup old images
|
|
run: |
|
|
IMAGES_TO_DELETE=$(docker images "git.modumsolucao.com.br/modumsolucao/portal-modumfiscal-web" --format "{{.ID}}" | tail -n +3)
|
|
if [ -n "$IMAGES_TO_DELETE" ]; then
|
|
echo "$IMAGES_TO_DELETE" | xargs -I {} docker rmi -f {} || true
|
|
fi
|
|
docker image prune -f
|
|
|
|
deploy:
|
|
runs-on: prod
|
|
needs: build
|
|
|
|
steps:
|
|
- name: Login registry
|
|
env:
|
|
REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }}
|
|
REGISTRY_USER: ${{ secrets.REGISTRY_USER }}
|
|
run: |
|
|
echo "$REGISTRY_PASSWORD" | docker login git.modumsolucao.com.br \
|
|
-u "$REGISTRY_USER" \
|
|
--password-stdin
|
|
|
|
- name: Deploy PROD
|
|
env:
|
|
NUXT_KEYCLOAK_URL: ${{ vars.PROD_NUXT_KEYCLOAK_URL }}
|
|
NUXT_KEYCLOAK_REALM: ${{ vars.PROD_NUXT_KEYCLOAK_REALM }}
|
|
NUXT_KEYCLOAK_CLIENT_ID: ${{ vars.PROD_NUXT_KEYCLOAK_CLIENT_ID }}
|
|
NUXT_KEYCLOAK_CLIENT_SECRET: ${{ secrets.PROD_NUXT_KEYCLOAK_CLIENT_SECRET }}
|
|
NUXT_CORE_API_URL: ${{ vars.PROD_NUXT_CORE_API_URL }}
|
|
NUXT_REDIS_URL: ${{ vars.PROD_NUXT_REDIS_URL }}
|
|
NUXT_COOKIE_SECRET: ${{ secrets.PROD_NUXT_COOKIE_SECRET }}
|
|
IMAGE_VERSION: ${{ needs.build.outputs.version }}
|
|
run: |
|
|
docker service update \
|
|
--image git.modumsolucao.com.br/modumsolucao/portal-modumfiscal-web:prod-$IMAGE_VERSION \
|
|
--env-add NUXT_KEYCLOAK_URL="$NUXT_KEYCLOAK_URL" \
|
|
--env-add NUXT_KEYCLOAK_REALM="$NUXT_KEYCLOAK_REALM" \
|
|
--env-add NUXT_KEYCLOAK_CLIENT_ID="$NUXT_KEYCLOAK_CLIENT_ID" \
|
|
--env-add NUXT_KEYCLOAK_CLIENT_SECRET="$NUXT_KEYCLOAK_CLIENT_SECRET" \
|
|
--env-add NUXT_CORE_API_URL="$NUXT_CORE_API_URL" \
|
|
--env-add NUXT_REDIS_URL="$NUXT_REDIS_URL" \
|
|
--env-add NUXT_COOKIE_SECRET="$NUXT_COOKIE_SECRET" \
|
|
--with-registry-auth \
|
|
app_portal-modumfiscal-web
|