fix: swarm stack deploy, proxy network, correct traefik labels for this infra

2026-04-21 00:34:27 -03:00 · 2026-04-21 00:34:27 -03:00 · 2bd850ab45
commit 2bd850ab45
parent d46ed89a21
2 changed files with 65 additions and 65 deletions
--- a/.forgejo/workflows/deploy.yml
+++ b/.forgejo/workflows/deploy.yml
@ -91,47 +91,49 @@ jobs:
            docker-compose.prod.yml \
            ${{ vars.SSH_USER }}@${{ vars.SSH_HOST }}:/opt/saas-imobiliaria/docker-compose.prod.yml

-      - name: Deploy on server
+      - name: Deploy on server (Docker Swarm stack)
        run: |
          ssh -i ~/.ssh/deploy_key \
            -p ${{ vars.SSH_PORT || '22' }} \
            ${{ vars.SSH_USER }}@${{ vars.SSH_HOST }} \
-            bash -s << 'ENDSSH'
+            bash -s << ENDSSH

          set -e

          DEPLOY_DIR="/opt/saas-imobiliaria"
-          mkdir -p "$DEPLOY_DIR"
-          cd "$DEPLOY_DIR"
+          mkdir -p "\$DEPLOY_DIR"
+          cd "\$DEPLOY_DIR"

-          # Write .env for docker compose
-          cat > .env << EOF
-          IMAGE_TAG=${{ needs.build.outputs.image_tag }}
-          REGISTRY=${{ vars.REGISTRY }}
-          DOMAIN=${{ vars.DOMAIN }}
-          POSTGRES_DB=${{ secrets.POSTGRES_DB }}
-          POSTGRES_USER=${{ secrets.POSTGRES_USER }}
-          POSTGRES_PASSWORD=${{ secrets.POSTGRES_PASSWORD }}
-          SECRET_KEY=${{ secrets.SECRET_KEY }}
-          JWT_SECRET_KEY=${{ secrets.JWT_SECRET_KEY }}
-          EOF
-
-          # Log in to registry on the server
+          # Log in to registry
          echo "${{ secrets.REGISTRY_PASSWORD }}" | \
            docker login ${{ vars.REGISTRY }} \
              -u ${{ secrets.REGISTRY_USER }} \
              --password-stdin

-          # Pull new images
-          docker compose -f docker-compose.prod.yml pull
+          # Pull images explicitly so swarm has them cached
+          docker pull ${{ vars.REGISTRY }}/saas-imobiliaria-backend:${{ needs.build.outputs.image_tag }}
+          docker pull ${{ vars.REGISTRY }}/saas-imobiliaria-frontend:${{ needs.build.outputs.image_tag }}

-          # Rolling restart (zero-downtime: db stays up)
-          docker compose -f docker-compose.prod.yml up -d --remove-orphans
+          # Deploy stack with env vars inline
+          IMAGE_TAG=${{ needs.build.outputs.image_tag }} \
+          REGISTRY=${{ vars.REGISTRY }} \
+          DOMAIN=${{ vars.DOMAIN }} \
+          POSTGRES_DB=${{ secrets.POSTGRES_DB }} \
+          POSTGRES_USER=${{ secrets.POSTGRES_USER }} \
+          POSTGRES_PASSWORD=${{ secrets.POSTGRES_PASSWORD }} \
+          SECRET_KEY=${{ secrets.SECRET_KEY }} \
+          JWT_SECRET_KEY=${{ secrets.JWT_SECRET_KEY }} \
+          docker stack deploy \
+            --compose-file docker-compose.prod.yml \
+            --with-registry-auth \
+            --prune \
+            saas-imobiliaria

-          # Clean up old images
-          docker image prune -f
+          echo "Stack deployed: ${{ needs.build.outputs.image_tag }}"

-          echo "Deploy concluído: ${{ needs.build.outputs.image_tag }}"
+          # Wait for services to converge
+          sleep 10
+          docker stack services saas-imobiliaria

          ENDSSH