fix: use harbor domain instead of ip to fix ssl error

2026-01-29 13:31:20 -03:00
parent bb21ca33e4
commit ca43de8756
1 changed files with 16 additions and 18 deletions
--- a/.gitea/workflows/deploy-api.yaml
+++ b/.gitea/workflows/deploy-api.yaml
@@ -19,6 +19,7 @@ jobs:
          sudo apt-get clean || true
          docker system prune -af --volumes || true
          df -h
+
      - name: Build (develop) / Promote (main)
        env:
          REGISTRY: 172.35.0.216
@@ -53,6 +54,7 @@ jobs:
          LEGACY_USER="${HARBOR_LEGACY_USERNAME:-$PROD_USER}"
          LEGACY_PASS="${HARBOR_LEGACY_PASSWORD:-$PROD_PASS}"

+          # --- Lógica para DEVELOP / HOMOLOG (Build) ---
          if [ "$BRANCH" = "develop" ] || [ "$BRANCH" = "homolog" ]; then
            TAG=$(echo ${{ gitea.sha }} | cut -c1-7)

@@ -64,49 +66,45 @@ jobs:
            exit 0
          fi

+          # --- Lógica para MAIN (Promoção via Skopeo) ---
          if [ "$BRANCH" = "main" ]; then
            sudo apt-get update -y
            sudo apt-get install -y skopeo

            if [ -z "${DEV_USER:-}" ] || [ -z "${DEV_PASS:-}" ]; then
-              echo "Missing Harbor DEV credentials (HARBOR_DEV_USERNAME/HARBOR_DEV_PASSWORD or HARBOR_USERNAME/HARBOR_PASSWORD)." >&2
-              exit 1
-            fi
-            if [ -z "${PROD_USER:-}" ] || [ -z "${PROD_PASS:-}" ]; then
-              echo "Missing Harbor PROD credentials (HARBOR_PROD_USERNAME/HARBOR_PROD_PASSWORD or HARBOR_USERNAME/HARBOR_PASSWORD)." >&2
+              echo "Missing Harbor DEV credentials." >&2
              exit 1
            fi

-            # Merge commit: HEAD has 2 parents; HEAD^2 is the merged branch tip.
            PARENTS="$(git rev-list --parents -n 1 HEAD)"
            set -- $PARENTS
            SOURCE_SHA="${3:-${1:-}}"
-            if [ -z "$SOURCE_SHA" ]; then
-              SOURCE_SHA="${{ gitea.sha }}"
-            fi
            TAG="$(echo "$SOURCE_SHA" | cut -c1-7)"

-            # Promote the exact artifact built on develop into prod (no rebuild).
-            skopeo inspect --creds "$DEV_USER:$DEV_PASS" "docker://$DEV_IMAGE:$TAG" >/dev/null
+            # Inspecionar imagem na origem (DEV) ignorando TLS
+            skopeo inspect --src-tls-verify=false --creds "$DEV_USER:$DEV_PASS" "docker://$DEV_IMAGE:$TAG" >/dev/null

-            # Validate destination repository exists and auth works.
-            # Using list-tags avoids assuming a specific tag exists.
-            skopeo list-tags --creds "$PROD_USER:$PROD_PASS" "docker://$PROD_IMAGE" >/dev/null
+            # Listar tags no destino (PROD) ignorando TLS
+            skopeo list-tags --tls-verify=false --creds "$PROD_USER:$PROD_PASS" "docker://$PROD_IMAGE" >/dev/null

+            # Copiar imagem de DEV para PROD (Promoção) ignorando TLS em ambos
            skopeo copy --all \
+              --src-tls-verify=false \
+              --dest-tls-verify=false \
              --src-creds "$DEV_USER:$DEV_PASS" \
              --dest-creds "$PROD_USER:$PROD_PASS" \
              "docker://$DEV_IMAGE:$TAG" \
              "docker://$PROD_IMAGE:$TAG"

-            # Optional: keep legacy tags working during migration.
+            # Promoção para Legacy (se ativado)
            if [ "${PROMOTE_LEGACY:-false}" = "true" ]; then
-              skopeo copy --all \
+              skopeo copy --all --src-tls-verify=false --dest-tls-verify=false \
                --src-creds "$DEV_USER:$DEV_PASS" \
                --dest-creds "$LEGACY_USER:$LEGACY_PASS" \
                "docker://$DEV_IMAGE:$TAG" \
                "docker://$LEGACY_IMAGE:$TAG"
-              skopeo copy --all \
+              
+              skopeo copy --all --src-tls-verify=false --dest-tls-verify=false \
                --src-creds "$DEV_USER:$DEV_PASS" \
                --dest-creds "$LEGACY_USER:$LEGACY_PASS" \
                "docker://$DEV_IMAGE:$TAG" \
@@ -117,4 +115,4 @@ jobs:
          fi

          echo "Unsupported branch: $BRANCH" >&2
-          exit 1
+          exit 1