Compare commits
16 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
ecd298442b | ||
| 589fa2913c | |||
| 587d097d9b | |||
| a694af97c6 | |||
| 6523c5f520 | |||
| 0c09ee795e | |||
| 09396e334d | |||
| 605d68b4b0 | |||
| c707d4a065 | |||
| 0b28379145 | |||
| ca43de8756 | |||
| bb21ca33e4 | |||
| 48d6e64ada | |||
| e0731db836 | |||
| d2265390bd | |||
| a34c7c415c |
@@ -1,7 +1,7 @@
|
|||||||
name: Build (develop) / Promote (main)
|
name: Build (develop) / Promote (main)
|
||||||
on:
|
on:
|
||||||
push:
|
push:
|
||||||
branches: [main, develop, homolog]
|
branches: [main]
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
build-and-push-deploy:
|
build-and-push-deploy:
|
||||||
@@ -12,109 +12,28 @@ jobs:
|
|||||||
with:
|
with:
|
||||||
fetch-depth: 0
|
fetch-depth: 0
|
||||||
|
|
||||||
- name: Free disk space
|
- name: Build and Push
|
||||||
run: |
|
run: |
|
||||||
df -h
|
REGISTRY="git.simplifiquehc.com.br"
|
||||||
sudo rm -rf /usr/share/dotnet /usr/local/lib/android /opt/ghc || true
|
IMAGE_NAME="$REGISTRY/simplifique/vendaweb-api"
|
||||||
sudo apt-get clean || true
|
SHA_TAG=$(echo ${{ gitea.sha }} | cut -c1-7)
|
||||||
docker system prune -af --volumes || true
|
|
||||||
df -h
|
echo "${{ secrets.K8S }}" | docker login "$REGISTRY" -u "${{ gitea.actor }}" --password-stdin
|
||||||
- name: Build (develop) / Promote (main)
|
|
||||||
env:
|
docker build -t "$IMAGE_NAME:$SHA_TAG" -t "$IMAGE_NAME:latest" .
|
||||||
REGISTRY: harbor.jurunense.com
|
docker push "$IMAGE_NAME:$SHA_TAG"
|
||||||
DEV_PROJECT: vendaweb-dev
|
docker push "$IMAGE_NAME:latest"
|
||||||
PROD_PROJECT: vendaweb-prod
|
|
||||||
IMAGE_REPO: vendaweb-api
|
- name: Update Kubernetes Manifest
|
||||||
PROMOTE_LEGACY: 'false'
|
|
||||||
HARBOR_USERNAME: ${{ secrets.HARBOR_USERNAME }}
|
|
||||||
HARBOR_PASSWORD: ${{ secrets.HARBOR_PASSWORD }}
|
|
||||||
HARBOR_DEV_USERNAME: ${{ secrets.HARBOR_DEV_USERNAME }}
|
|
||||||
HARBOR_DEV_PASSWORD: ${{ secrets.HARBOR_DEV_PASSWORD }}
|
|
||||||
HARBOR_PROD_USERNAME: ${{ secrets.HARBOR_PROD_USERNAME }}
|
|
||||||
HARBOR_PROD_PASSWORD: ${{ secrets.HARBOR_PROD_PASSWORD }}
|
|
||||||
HARBOR_LEGACY_USERNAME: ${{ secrets.HARBOR_LEGACY_USERNAME }}
|
|
||||||
HARBOR_LEGACY_PASSWORD: ${{ secrets.HARBOR_LEGACY_PASSWORD }}
|
|
||||||
run: |
|
run: |
|
||||||
set -euo pipefail
|
SHA_TAG=$(echo ${{ gitea.sha }} | cut -c1-7)
|
||||||
|
IMAGE_NAME="git.simplifiquehc.com.br/simplifique/vendaweb-api"
|
||||||
|
|
||||||
BRANCH="${GITHUB_REF_NAME:-${GITEA_REF_NAME:-}}"
|
sed -i "s|image: $IMAGE_NAME:.*|image: $IMAGE_NAME:$SHA_TAG|g" k8s/base/deployment.yaml
|
||||||
if [ -z "$BRANCH" ] && [ -n "${GITHUB_REF:-}" ]; then
|
|
||||||
BRANCH="${GITHUB_REF#refs/heads/}"
|
|
||||||
fi
|
|
||||||
|
|
||||||
DEV_IMAGE="$REGISTRY/$DEV_PROJECT/$IMAGE_REPO"
|
git config --global user.name "Gitea Action"
|
||||||
PROD_IMAGE="$REGISTRY/$PROD_PROJECT/$IMAGE_REPO"
|
git config --global user.email "actions@simplifiquehc.com.br"
|
||||||
LEGACY_IMAGE="$REGISTRY/library/$IMAGE_REPO"
|
|
||||||
|
|
||||||
DEV_USER="${HARBOR_DEV_USERNAME:-$HARBOR_USERNAME}"
|
git add k8s/base/deployment.yaml
|
||||||
DEV_PASS="${HARBOR_DEV_PASSWORD:-$HARBOR_PASSWORD}"
|
git commit -m "chore: update image tag to $SHA_TAG [skip ci]"
|
||||||
PROD_USER="${HARBOR_PROD_USERNAME:-$HARBOR_USERNAME}"
|
git push origin main
|
||||||
PROD_PASS="${HARBOR_PROD_PASSWORD:-$HARBOR_PASSWORD}"
|
|
||||||
LEGACY_USER="${HARBOR_LEGACY_USERNAME:-$PROD_USER}"
|
|
||||||
LEGACY_PASS="${HARBOR_LEGACY_PASSWORD:-$PROD_PASS}"
|
|
||||||
|
|
||||||
if [ "$BRANCH" = "develop" ]; then
|
|
||||||
TAG=$(echo ${{ gitea.sha }} | cut -c1-7)
|
|
||||||
|
|
||||||
echo "$DEV_PASS" | docker login "$REGISTRY" -u "$DEV_USER" --password-stdin
|
|
||||||
docker build -t "$DEV_IMAGE:$TAG" -f ./Dockerfile .
|
|
||||||
docker push "$DEV_IMAGE:$TAG"
|
|
||||||
docker tag "$DEV_IMAGE:$TAG" "$DEV_IMAGE:develop"
|
|
||||||
docker push "$DEV_IMAGE:develop"
|
|
||||||
exit 0
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ "$BRANCH" = "main" ]; then
|
|
||||||
sudo apt-get update -y
|
|
||||||
sudo apt-get install -y skopeo
|
|
||||||
|
|
||||||
if [ -z "${DEV_USER:-}" ] || [ -z "${DEV_PASS:-}" ]; then
|
|
||||||
echo "Missing Harbor DEV credentials (HARBOR_DEV_USERNAME/HARBOR_DEV_PASSWORD or HARBOR_USERNAME/HARBOR_PASSWORD)." >&2
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
if [ -z "${PROD_USER:-}" ] || [ -z "${PROD_PASS:-}" ]; then
|
|
||||||
echo "Missing Harbor PROD credentials (HARBOR_PROD_USERNAME/HARBOR_PROD_PASSWORD or HARBOR_USERNAME/HARBOR_PASSWORD)." >&2
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Merge commit: HEAD has 2 parents; HEAD^2 is the merged branch tip.
|
|
||||||
PARENTS="$(git rev-list --parents -n 1 HEAD)"
|
|
||||||
set -- $PARENTS
|
|
||||||
SOURCE_SHA="${3:-${1:-}}"
|
|
||||||
if [ -z "$SOURCE_SHA" ]; then
|
|
||||||
SOURCE_SHA="${{ gitea.sha }}"
|
|
||||||
fi
|
|
||||||
TAG="$(echo "$SOURCE_SHA" | cut -c1-7)"
|
|
||||||
|
|
||||||
# Promote the exact artifact built on develop into prod (no rebuild).
|
|
||||||
skopeo inspect --creds "$DEV_USER:$DEV_PASS" "docker://$DEV_IMAGE:$TAG" >/dev/null
|
|
||||||
|
|
||||||
# Validate destination repository exists and auth works.
|
|
||||||
# Using list-tags avoids assuming a specific tag exists.
|
|
||||||
skopeo list-tags --creds "$PROD_USER:$PROD_PASS" "docker://$PROD_IMAGE" >/dev/null
|
|
||||||
|
|
||||||
skopeo copy --all \
|
|
||||||
--src-creds "$DEV_USER:$DEV_PASS" \
|
|
||||||
--dest-creds "$PROD_USER:$PROD_PASS" \
|
|
||||||
"docker://$DEV_IMAGE:$TAG" \
|
|
||||||
"docker://$PROD_IMAGE:$TAG"
|
|
||||||
|
|
||||||
# Optional: keep legacy tags working during migration.
|
|
||||||
if [ "${PROMOTE_LEGACY:-false}" = "true" ]; then
|
|
||||||
skopeo copy --all \
|
|
||||||
--src-creds "$DEV_USER:$DEV_PASS" \
|
|
||||||
--dest-creds "$LEGACY_USER:$LEGACY_PASS" \
|
|
||||||
"docker://$DEV_IMAGE:$TAG" \
|
|
||||||
"docker://$LEGACY_IMAGE:$TAG"
|
|
||||||
skopeo copy --all \
|
|
||||||
--src-creds "$DEV_USER:$DEV_PASS" \
|
|
||||||
--dest-creds "$LEGACY_USER:$LEGACY_PASS" \
|
|
||||||
"docker://$DEV_IMAGE:$TAG" \
|
|
||||||
"docker://$LEGACY_IMAGE:latest"
|
|
||||||
fi
|
|
||||||
|
|
||||||
exit 0
|
|
||||||
fi
|
|
||||||
|
|
||||||
echo "Unsupported branch: $BRANCH" >&2
|
|
||||||
exit 1
|
|
||||||
|
|||||||
70
Dockerfile
70
Dockerfile
@@ -1,39 +1,55 @@
|
|||||||
# Estágio 1: Build
|
ARG NODE_VERSION=16.20
|
||||||
FROM node:16-bullseye-slim AS builder
|
ARG DEBIAN_VARIANT=bullseye
|
||||||
|
|
||||||
|
FROM node:${NODE_VERSION}-${DEBIAN_VARIANT} AS builder
|
||||||
|
|
||||||
WORKDIR /app
|
WORKDIR /app
|
||||||
COPY package*.json ./
|
|
||||||
RUN npm install --legacy-peer-deps
|
|
||||||
COPY . .
|
|
||||||
RUN npm run build
|
|
||||||
|
|
||||||
FROM node:16-bullseye-slim
|
ARG INSTANTCLIENT_ZIP_URL=https://download.oracle.com/otn_software/linux/instantclient/instantclient-basiclite-linuxx64.zip
|
||||||
# Instalar dependências do Oracle
|
RUN apt-get update \
|
||||||
RUN apt-get update && apt-get install -y \
|
&& apt-get install -y --no-install-recommends ca-certificates wget unzip libaio1 libnsl2 \
|
||||||
libaio1 \
|
&& rm -rf /var/lib/apt/lists/* \
|
||||||
unzip \
|
&& mkdir -p /opt/oracle \
|
||||||
wget \
|
&& wget -q "${INSTANTCLIENT_ZIP_URL}" -O /opt/oracle/instantclient.zip \
|
||||||
&& mkdir -p /opt/oracle
|
&& unzip -q /opt/oracle/instantclient.zip -d /opt/oracle \
|
||||||
|
&& rm /opt/oracle/instantclient.zip \
|
||||||
|
&& rm -f /opt/oracle/instantclient_*/ojdbc*.jar \
|
||||||
|
/opt/oracle/instantclient_*/ucp*.jar \
|
||||||
|
/opt/oracle/instantclient_*/xstreams.jar \
|
||||||
|
/opt/oracle/instantclient_*/adrci \
|
||||||
|
/opt/oracle/instantclient_*/genezi \
|
||||||
|
/opt/oracle/instantclient_*/uidrvci \
|
||||||
|
&& ln -s "$(ls -d /opt/oracle/instantclient_* | head -n 1)" /opt/oracle/instantclient
|
||||||
|
|
||||||
# Instalar Oracle Instant Client
|
|
||||||
RUN wget https://download.oracle.com/otn_software/linux/instantclient/instantclient-basic-linuxx64.zip -O /opt/oracle/client.zip && \
|
|
||||||
unzip /opt/oracle/client.zip -d /opt/oracle && \
|
|
||||||
rm /opt/oracle/client.zip && \
|
|
||||||
ln -s /opt/oracle/instantclient_* /opt/oracle/instantclient
|
|
||||||
|
|
||||||
# Configurar o sistema para encontrar as bibliotecas do Oracle
|
|
||||||
ENV LD_LIBRARY_PATH=/opt/oracle/instantclient
|
ENV LD_LIBRARY_PATH=/opt/oracle/instantclient
|
||||||
RUN echo "/opt/oracle/instantclient" > /etc/ld.so.conf.d/oracle-instantclient.conf && ldconfig
|
ENV PATH=/opt/oracle/instantclient:$PATH
|
||||||
|
|
||||||
|
COPY package*.json ./
|
||||||
|
ENV NPM_CONFIG_LEGACY_PEER_DEPS=true
|
||||||
|
RUN npm ci
|
||||||
|
|
||||||
|
COPY . .
|
||||||
|
RUN npm run build \
|
||||||
|
&& npm prune --omit=dev --legacy-peer-deps \
|
||||||
|
&& npm cache clean --force
|
||||||
|
|
||||||
|
FROM node:${NODE_VERSION}-${DEBIAN_VARIANT}-slim AS runtime
|
||||||
|
|
||||||
WORKDIR /app
|
WORKDIR /app
|
||||||
|
|
||||||
# Copiar apenas o necessário do estágio anterior
|
ENV NODE_ENV=production
|
||||||
COPY --from=builder /app/dist ./dist
|
ENV LD_LIBRARY_PATH=/opt/oracle/instantclient
|
||||||
|
ENV PATH=/opt/oracle/instantclient:$PATH
|
||||||
|
|
||||||
|
RUN apt-get update \
|
||||||
|
&& apt-get install -y --no-install-recommends libaio1 libnsl2 \
|
||||||
|
&& rm -rf /var/lib/apt/lists/*
|
||||||
|
|
||||||
|
COPY --from=builder /opt/oracle /opt/oracle
|
||||||
COPY --from=builder /app/package*.json ./
|
COPY --from=builder /app/package*.json ./
|
||||||
COPY --from=builder /app/node_modules ./node_modules
|
COPY --from=builder /app/node_modules ./node_modules
|
||||||
|
COPY --from=builder /app/dist ./dist
|
||||||
|
|
||||||
# Variáveis de ambiente padrão para o driver oracledb
|
EXPOSE 8065
|
||||||
ENV OCI_LIB_DIR=/opt/oracle/instantclient
|
|
||||||
ENV OCI_INC_DIR=/opt/oracle/instantclient/sdk/include
|
|
||||||
|
|
||||||
CMD ["npm", "run", "start:prod"]
|
CMD ["node", "dist/main"]
|
||||||
|
|||||||
@@ -15,10 +15,10 @@ spec:
|
|||||||
app: vendaweb-api
|
app: vendaweb-api
|
||||||
spec:
|
spec:
|
||||||
imagePullSecrets:
|
imagePullSecrets:
|
||||||
- name: harbor-secret
|
- name: gitea-auth
|
||||||
containers:
|
containers:
|
||||||
- name: api
|
- name: api
|
||||||
image: 172.35.0.216/library/vendaweb-api:latest
|
image: git.simplifiquehc.com.br/simplifique/vendaweb-api:589fa29
|
||||||
imagePullPolicy: IfNotPresent
|
imagePullPolicy: IfNotPresent
|
||||||
ports:
|
ports:
|
||||||
- name: http
|
- name: http
|
||||||
|
|||||||
@@ -7,4 +7,4 @@ spec:
|
|||||||
spec:
|
spec:
|
||||||
containers:
|
containers:
|
||||||
- name: api
|
- name: api
|
||||||
image: 172.35.0.216/library/vendaweb-api@sha256:aac490fcb4ef7baa95f1df01fa50d2d44bdb4ed12b235e5dd89e1d7dc3cd0a3a
|
image: git.simplifiquehc.com.br/simplifique/vendaweb-api:latest
|
||||||
|
|||||||
@@ -7,5 +7,4 @@ resources:
|
|||||||
- ../../base
|
- ../../base
|
||||||
|
|
||||||
patches:
|
patches:
|
||||||
- path: deployment-image-digest-patch.yaml
|
|
||||||
- path: service-patch.yaml
|
- path: service-patch.yaml
|
||||||
|
|||||||
@@ -14,7 +14,7 @@ export class AppController {
|
|||||||
@Get('health')
|
@Get('health')
|
||||||
@ApiOperation({ summary: 'Health check' })
|
@ApiOperation({ summary: 'Health check' })
|
||||||
healthCheck() {
|
healthCheck() {
|
||||||
return { status: 'SIMPLIFIQUE HOME CENTER 2026' };
|
return { status: 'SIMPLIFIQUE HOME CENTER 202' };
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -20,6 +20,6 @@ async function bootstrap() {
|
|||||||
.build();
|
.build();
|
||||||
const document = SwaggerModule.createDocument(app, options);
|
const document = SwaggerModule.createDocument(app, options);
|
||||||
SwaggerModule.setup("docs", app, document);
|
SwaggerModule.setup("docs", app, document);
|
||||||
await app.listen(8066);
|
await app.listen(8067);
|
||||||
}
|
}
|
||||||
bootstrap();
|
bootstrap();
|
||||||
|
|||||||
Reference in New Issue
Block a user