name: Build (develop) / Promote (main) on: push: branches: [main, develop, homolog] jobs: build-and-push-deploy: runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@v4 with: fetch-depth: 0 - name: Free disk space run: | df -h sudo rm -rf /usr/share/dotnet /usr/local/lib/android /opt/ghc || true sudo apt-get clean || true docker system prune -af --volumes || true df -h - name: Build (develop) / Promote (main) env: REGISTRY: 172.35.0.216 DEV_PROJECT: vendaweb-dev PROD_PROJECT: vendaweb-prod IMAGE_REPO: vendaweb-api PROMOTE_LEGACY: 'false' HARBOR_USERNAME: ${{ secrets.HARBOR_USERNAME }} HARBOR_PASSWORD: ${{ secrets.HARBOR_PASSWORD }} HARBOR_DEV_USERNAME: ${{ secrets.HARBOR_DEV_USERNAME }} HARBOR_DEV_PASSWORD: ${{ secrets.HARBOR_DEV_PASSWORD }} HARBOR_PROD_USERNAME: ${{ secrets.HARBOR_PROD_USERNAME }} HARBOR_PROD_PASSWORD: ${{ secrets.HARBOR_PROD_PASSWORD }} HARBOR_LEGACY_USERNAME: ${{ secrets.HARBOR_LEGACY_USERNAME }} HARBOR_LEGACY_PASSWORD: ${{ secrets.HARBOR_LEGACY_PASSWORD }} run: | set -euo pipefail BRANCH="${GITHUB_REF_NAME:-${GITEA_REF_NAME:-}}" if [ -z "$BRANCH" ] && [ -n "${GITHUB_REF:-}" ]; then BRANCH="${GITHUB_REF#refs/heads/}" fi DEV_IMAGE="$REGISTRY/$DEV_PROJECT/$IMAGE_REPO" PROD_IMAGE="$REGISTRY/$PROD_PROJECT/$IMAGE_REPO" LEGACY_IMAGE="$REGISTRY/library/$IMAGE_REPO" DEV_USER="${HARBOR_DEV_USERNAME:-$HARBOR_USERNAME}" DEV_PASS="${HARBOR_DEV_PASSWORD:-$HARBOR_PASSWORD}" PROD_USER="${HARBOR_PROD_USERNAME:-$HARBOR_USERNAME}" PROD_PASS="${HARBOR_PROD_PASSWORD:-$HARBOR_PASSWORD}" LEGACY_USER="${HARBOR_LEGACY_USERNAME:-$PROD_USER}" LEGACY_PASS="${HARBOR_LEGACY_PASSWORD:-$PROD_PASS}" # --- Lógica para DEVELOP / HOMOLOG (Build) --- if [ "$BRANCH" = "develop" ] || [ "$BRANCH" = "homolog" ]; then TAG=$(echo ${{ gitea.sha }} | cut -c1-7) echo "$DEV_PASS" | docker login "$REGISTRY" -u "$DEV_USER" --password-stdin docker build -t "$DEV_IMAGE:$TAG" -f ./Dockerfile . docker push "$DEV_IMAGE:$TAG" docker tag "$DEV_IMAGE:$TAG" "$DEV_IMAGE:develop" docker push "$DEV_IMAGE:develop" exit 0 fi # --- Lógica para MAIN (Promoção via Skopeo) --- if [ "$BRANCH" = "main" ]; then sudo apt-get update -y sudo apt-get install -y skopeo if [ -z "${DEV_USER:-}" ] || [ -z "${DEV_PASS:-}" ]; then echo "Missing Harbor DEV credentials." >&2 exit 1 fi PARENTS="$(git rev-list --parents -n 1 HEAD)" set -- $PARENTS SOURCE_SHA="${3:-${1:-}}" TAG="$(echo "$SOURCE_SHA" | cut -c1-7)" # Inspecionar imagem na origem (DEV) ignorando TLS skopeo inspect --src-tls-verify=false --creds "$DEV_USER:$DEV_PASS" "docker://$DEV_IMAGE:$TAG" >/dev/null # Listar tags no destino (PROD) ignorando TLS skopeo list-tags --tls-verify=false --creds "$PROD_USER:$PROD_PASS" "docker://$PROD_IMAGE" >/dev/null # Copiar imagem de DEV para PROD (Promoção) ignorando TLS em ambos skopeo copy --all \ --src-tls-verify=false \ --dest-tls-verify=false \ --src-creds "$DEV_USER:$DEV_PASS" \ --dest-creds "$PROD_USER:$PROD_PASS" \ "docker://$DEV_IMAGE:$TAG" \ "docker://$PROD_IMAGE:$TAG" # Promoção para Legacy (se ativado) if [ "${PROMOTE_LEGACY:-false}" = "true" ]; then skopeo copy --all --src-tls-verify=false --dest-tls-verify=false \ --src-creds "$DEV_USER:$DEV_PASS" \ --dest-creds "$LEGACY_USER:$LEGACY_PASS" \ "docker://$DEV_IMAGE:$TAG" \ "docker://$LEGACY_IMAGE:$TAG" skopeo copy --all --src-tls-verify=false --dest-tls-verify=false \ --src-creds "$DEV_USER:$DEV_PASS" \ --dest-creds "$LEGACY_USER:$LEGACY_PASS" \ "docker://$DEV_IMAGE:$TAG" \ "docker://$LEGACY_IMAGE:latest" fi exit 0 fi echo "Unsupported branch: $BRANCH" >&2 exit 1