From 1270c04a2c6dd16b74c5da3ddb1bf515b74139ea Mon Sep 17 00:00:00 2001 From: Joelbrit0 Date: Thu, 29 Jan 2026 02:17:39 -0300 Subject: [PATCH] Update deploy-api.yaml workflow --- .gitea/workflows/deploy-api.yaml | 129 ++++++++++++++++++++++++++----- 1 file changed, 111 insertions(+), 18 deletions(-) diff --git a/.gitea/workflows/deploy-api.yaml b/.gitea/workflows/deploy-api.yaml index 04c29a7..f088b0b 100644 --- a/.gitea/workflows/deploy-api.yaml +++ b/.gitea/workflows/deploy-api.yaml @@ -1,27 +1,120 @@ -name: Deploy NestJS API -on: [push] +name: Build (develop) / Promote (main) +on: + push: + branches: [main, develop] jobs: build-and-push-deploy: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 + with: + fetch-depth: 0 - - name: Login no Harbor + - name: Free disk space run: | - echo "${{ secrets.HARBOR_PASSWORD }}" | docker login 172.35.0.216 -u ${{ secrets.HARBOR_USERNAME }} --password-stdin + df -h + sudo rm -rf /usr/share/dotnet /usr/local/lib/android /opt/ghc || true + sudo apt-get clean || true + docker system prune -af --volumes || true + df -h + - name: Build (develop) / Promote (main) + env: + REGISTRY: harbor.jurunense.com + DEV_PROJECT: vendaweb-dev + PROD_PROJECT: vendaweb-prod + IMAGE_REPO: vendaweb-api + PROMOTE_LEGACY: 'false' + HARBOR_USERNAME: ${{ secrets.HARBOR_USERNAME }} + HARBOR_PASSWORD: ${{ secrets.HARBOR_PASSWORD }} + HARBOR_DEV_USERNAME: ${{ secrets.HARBOR_DEV_USERNAME }} + HARBOR_DEV_PASSWORD: ${{ secrets.HARBOR_DEV_PASSWORD }} + HARBOR_PROD_USERNAME: ${{ secrets.HARBOR_PROD_USERNAME }} + HARBOR_PROD_PASSWORD: ${{ secrets.HARBOR_PROD_PASSWORD }} + HARBOR_LEGACY_USERNAME: ${{ secrets.HARBOR_LEGACY_USERNAME }} + HARBOR_LEGACY_PASSWORD: ${{ secrets.HARBOR_LEGACY_PASSWORD }} + run: | + set -euo pipefail - - name: Build e Push - run: | - TAG=${{ gitea.sha }} - docker build -t 172.35.0.216/library/vendaweb-api:$TAG . - docker tag 172.35.0.216/library/vendaweb-api:$TAG 172.35.0.216/library/vendaweb-api:latest - - docker push 172.35.0.216/library/vendaweb-api:$TAG - docker push 172.35.0.216/library/vendaweb-api:latest - - - name: Notificar Portainer via Webhook - run: | - # O Webhook avisa o Portainer para puxar a nova imagem imediatamente - curl -X POST "${{ secrets.PORTAINER_WEBHOOK_VENDAWEBAPI }}" \ No newline at end of file + BRANCH="${GITHUB_REF_NAME:-${GITEA_REF_NAME:-}}" + if [ -z "$BRANCH" ] && [ -n "${GITHUB_REF:-}" ]; then + BRANCH="${GITHUB_REF#refs/heads/}" + fi + + DEV_IMAGE="$REGISTRY/$DEV_PROJECT/$IMAGE_REPO" + PROD_IMAGE="$REGISTRY/$PROD_PROJECT/$IMAGE_REPO" + LEGACY_IMAGE="$REGISTRY/library/$IMAGE_REPO" + + DEV_USER="${HARBOR_DEV_USERNAME:-$HARBOR_USERNAME}" + DEV_PASS="${HARBOR_DEV_PASSWORD:-$HARBOR_PASSWORD}" + PROD_USER="${HARBOR_PROD_USERNAME:-$HARBOR_USERNAME}" + PROD_PASS="${HARBOR_PROD_PASSWORD:-$HARBOR_PASSWORD}" + LEGACY_USER="${HARBOR_LEGACY_USERNAME:-$PROD_USER}" + LEGACY_PASS="${HARBOR_LEGACY_PASSWORD:-$PROD_PASS}" + + if [ "$BRANCH" = "develop" ]; then + TAG=$(echo ${{ gitea.sha }} | cut -c1-7) + + echo "$DEV_PASS" | docker login "$REGISTRY" -u "$DEV_USER" --password-stdin + docker build -t "$DEV_IMAGE:$TAG" -f ./Dockerfile . + docker push "$DEV_IMAGE:$TAG" + docker tag "$DEV_IMAGE:$TAG" "$DEV_IMAGE:develop" + docker push "$DEV_IMAGE:develop" + exit 0 + fi + + if [ "$BRANCH" = "main" ]; then + sudo apt-get update -y + sudo apt-get install -y skopeo + + if [ -z "${DEV_USER:-}" ] || [ -z "${DEV_PASS:-}" ]; then + echo "Missing Harbor DEV credentials (HARBOR_DEV_USERNAME/HARBOR_DEV_PASSWORD or HARBOR_USERNAME/HARBOR_PASSWORD)." >&2 + exit 1 + fi + if [ -z "${PROD_USER:-}" ] || [ -z "${PROD_PASS:-}" ]; then + echo "Missing Harbor PROD credentials (HARBOR_PROD_USERNAME/HARBOR_PROD_PASSWORD or HARBOR_USERNAME/HARBOR_PASSWORD)." >&2 + exit 1 + fi + + # Merge commit: HEAD has 2 parents; HEAD^2 is the merged branch tip. + PARENTS="$(git rev-list --parents -n 1 HEAD)" + set -- $PARENTS + SOURCE_SHA="${3:-${1:-}}" + if [ -z "$SOURCE_SHA" ]; then + SOURCE_SHA="${{ gitea.sha }}" + fi + TAG="$(echo "$SOURCE_SHA" | cut -c1-7)" + + # Promote the exact artifact built on develop into prod (no rebuild). + skopeo inspect --creds "$DEV_USER:$DEV_PASS" "docker://$DEV_IMAGE:$TAG" >/dev/null + + # Validate destination repository exists and auth works. + # Using list-tags avoids assuming a specific tag exists. + skopeo list-tags --creds "$PROD_USER:$PROD_PASS" "docker://$PROD_IMAGE" >/dev/null + + skopeo copy --all \ + --src-creds "$DEV_USER:$DEV_PASS" \ + --dest-creds "$PROD_USER:$PROD_PASS" \ + "docker://$DEV_IMAGE:$TAG" \ + "docker://$PROD_IMAGE:$TAG" + + # Optional: keep legacy tags working during migration. + if [ "${PROMOTE_LEGACY:-false}" = "true" ]; then + skopeo copy --all \ + --src-creds "$DEV_USER:$DEV_PASS" \ + --dest-creds "$LEGACY_USER:$LEGACY_PASS" \ + "docker://$DEV_IMAGE:$TAG" \ + "docker://$LEGACY_IMAGE:$TAG" + skopeo copy --all \ + --src-creds "$DEV_USER:$DEV_PASS" \ + --dest-creds "$LEGACY_USER:$LEGACY_PASS" \ + "docker://$DEV_IMAGE:$TAG" \ + "docker://$LEGACY_IMAGE:latest" + fi + + exit 0 + fi + + echo "Unsupported branch: $BRANCH" >&2 + exit 1