Update deploy-api.yaml workflow

2026-01-29 02:17:39 -03:00
parent ca892daffa
commit 1270c04a2c
1 changed files with 111 additions and 18 deletions
--- a/.gitea/workflows/deploy-api.yaml
+++ b/.gitea/workflows/deploy-api.yaml
@@ -1,27 +1,120 @@
-name: Deploy NestJS API
+name: Build (develop) / Promote (main)
-on: [push]
+on:
  push:
    branches: [main, develop]
 jobs:
  build-and-push-deploy:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
        with:
          fetch-depth: 0
-      - name: Login no Harbor
+      - name: Free disk space
        run: |
-          echo "${{ secrets.HARBOR_PASSWORD }}" | docker login 172.35.0.216 -u ${{ secrets.HARBOR_USERNAME }} --password-stdin
+          df -h
-
+          sudo rm -rf /usr/share/dotnet /usr/local/lib/android /opt/ghc || true
-      - name: Build e Push
+          sudo apt-get clean || true
          docker system prune -af --volumes || true
          df -h          
      - name: Build (develop) / Promote (main)
        env:
          REGISTRY: harbor.jurunense.com
          DEV_PROJECT: vendaweb-dev
          PROD_PROJECT: vendaweb-prod
          IMAGE_REPO: vendaweb-api
          PROMOTE_LEGACY: 'false'
          HARBOR_USERNAME: ${{ secrets.HARBOR_USERNAME }}
          HARBOR_PASSWORD: ${{ secrets.HARBOR_PASSWORD }}
          HARBOR_DEV_USERNAME: ${{ secrets.HARBOR_DEV_USERNAME }}
          HARBOR_DEV_PASSWORD: ${{ secrets.HARBOR_DEV_PASSWORD }}
          HARBOR_PROD_USERNAME: ${{ secrets.HARBOR_PROD_USERNAME }}
          HARBOR_PROD_PASSWORD: ${{ secrets.HARBOR_PROD_PASSWORD }}
          HARBOR_LEGACY_USERNAME: ${{ secrets.HARBOR_LEGACY_USERNAME }}
          HARBOR_LEGACY_PASSWORD: ${{ secrets.HARBOR_LEGACY_PASSWORD }}
        run: |
-          TAG=${{ gitea.sha }}
+          set -euo pipefail
          docker build -t 172.35.0.216/library/vendaweb-api:$TAG .
          docker tag 172.35.0.216/library/vendaweb-api:$TAG 172.35.0.216/library/vendaweb-api:latest
-          docker push 172.35.0.216/library/vendaweb-api:$TAG
+          BRANCH="${GITHUB_REF_NAME:-${GITEA_REF_NAME:-}}"
-          docker push 172.35.0.216/library/vendaweb-api:latest
+          if [ -z "$BRANCH" ] && [ -n "${GITHUB_REF:-}" ]; then
            BRANCH="${GITHUB_REF#refs/heads/}"
          fi
-      - name: Notificar Portainer via Webhook
+          DEV_IMAGE="$REGISTRY/$DEV_PROJECT/$IMAGE_REPO"
-        run: |
+          PROD_IMAGE="$REGISTRY/$PROD_PROJECT/$IMAGE_REPO"
-          # O Webhook avisa o Portainer para puxar a nova imagem imediatamente
+          LEGACY_IMAGE="$REGISTRY/library/$IMAGE_REPO"
-          curl -X POST "${{ secrets.PORTAINER_WEBHOOK_VENDAWEBAPI }}"
+
          DEV_USER="${HARBOR_DEV_USERNAME:-$HARBOR_USERNAME}"
          DEV_PASS="${HARBOR_DEV_PASSWORD:-$HARBOR_PASSWORD}"
          PROD_USER="${HARBOR_PROD_USERNAME:-$HARBOR_USERNAME}"
          PROD_PASS="${HARBOR_PROD_PASSWORD:-$HARBOR_PASSWORD}"
          LEGACY_USER="${HARBOR_LEGACY_USERNAME:-$PROD_USER}"
          LEGACY_PASS="${HARBOR_LEGACY_PASSWORD:-$PROD_PASS}"
          if [ "$BRANCH" = "develop" ]; then
            TAG=$(echo ${{ gitea.sha }} | cut -c1-7)
            echo "$DEV_PASS" | docker login "$REGISTRY" -u "$DEV_USER" --password-stdin
            docker build -t "$DEV_IMAGE:$TAG" -f ./Dockerfile .
            docker push "$DEV_IMAGE:$TAG"
            docker tag "$DEV_IMAGE:$TAG" "$DEV_IMAGE:develop"
            docker push "$DEV_IMAGE:develop"
            exit 0
          fi
          if [ "$BRANCH" = "main" ]; then
            sudo apt-get update -y
            sudo apt-get install -y skopeo
            if [ -z "${DEV_USER:-}" ] || [ -z "${DEV_PASS:-}" ]; then
              echo "Missing Harbor DEV credentials (HARBOR_DEV_USERNAME/HARBOR_DEV_PASSWORD or HARBOR_USERNAME/HARBOR_PASSWORD)." >&2
              exit 1
            fi
            if [ -z "${PROD_USER:-}" ] || [ -z "${PROD_PASS:-}" ]; then
              echo "Missing Harbor PROD credentials (HARBOR_PROD_USERNAME/HARBOR_PROD_PASSWORD or HARBOR_USERNAME/HARBOR_PASSWORD)." >&2
              exit 1
            fi
            # Merge commit: HEAD has 2 parents; HEAD^2 is the merged branch tip.
            PARENTS="$(git rev-list --parents -n 1 HEAD)"
            set -- $PARENTS
            SOURCE_SHA="${3:-${1:-}}"
            if [ -z "$SOURCE_SHA" ]; then
              SOURCE_SHA="${{ gitea.sha }}"
            fi
            TAG="$(echo "$SOURCE_SHA" | cut -c1-7)"
            # Promote the exact artifact built on develop into prod (no rebuild).
            skopeo inspect --creds "$DEV_USER:$DEV_PASS" "docker://$DEV_IMAGE:$TAG" >/dev/null
            # Validate destination repository exists and auth works.
            # Using list-tags avoids assuming a specific tag exists.
            skopeo list-tags --creds "$PROD_USER:$PROD_PASS" "docker://$PROD_IMAGE" >/dev/null
            skopeo copy --all \
              --src-creds "$DEV_USER:$DEV_PASS" \
              --dest-creds "$PROD_USER:$PROD_PASS" \
              "docker://$DEV_IMAGE:$TAG" \
              "docker://$PROD_IMAGE:$TAG"
            # Optional: keep legacy tags working during migration.
            if [ "${PROMOTE_LEGACY:-false}" = "true" ]; then
              skopeo copy --all \
                --src-creds "$DEV_USER:$DEV_PASS" \
                --dest-creds "$LEGACY_USER:$LEGACY_PASS" \
                "docker://$DEV_IMAGE:$TAG" \
                "docker://$LEGACY_IMAGE:$TAG"
              skopeo copy --all \
                --src-creds "$DEV_USER:$DEV_PASS" \
                --dest-creds "$LEGACY_USER:$LEGACY_PASS" \
                "docker://$DEV_IMAGE:$TAG" \
                "docker://$LEGACY_IMAGE:latest"
            fi
            exit 0
          fi
          echo "Unsupported branch: $BRANCH" >&2
          exit 1