fix: swarm stack deploy, proxy network, correct traefik labels for this infra
This commit is contained in:
MatheusAlves96
parent
d46ed89a21
commit
2bd850ab45
2 changed files with 65 additions and 65 deletions
|
|
@ -91,47 +91,49 @@ jobs:
|
||||||
docker-compose.prod.yml \
|
docker-compose.prod.yml \
|
||||||
${{ vars.SSH_USER }}@${{ vars.SSH_HOST }}:/opt/saas-imobiliaria/docker-compose.prod.yml
|
${{ vars.SSH_USER }}@${{ vars.SSH_HOST }}:/opt/saas-imobiliaria/docker-compose.prod.yml
|
||||||
|
|
||||||
- name: Deploy on server
|
- name: Deploy on server (Docker Swarm stack)
|
||||||
run: |
|
run: |
|
||||||
ssh -i ~/.ssh/deploy_key \
|
ssh -i ~/.ssh/deploy_key \
|
||||||
-p ${{ vars.SSH_PORT || '22' }} \
|
-p ${{ vars.SSH_PORT || '22' }} \
|
||||||
${{ vars.SSH_USER }}@${{ vars.SSH_HOST }} \
|
${{ vars.SSH_USER }}@${{ vars.SSH_HOST }} \
|
||||||
bash -s << 'ENDSSH'
|
bash -s << ENDSSH
|
||||||
|
|
||||||
set -e
|
set -e
|
||||||
|
|
||||||
DEPLOY_DIR="/opt/saas-imobiliaria"
|
DEPLOY_DIR="/opt/saas-imobiliaria"
|
||||||
mkdir -p "$DEPLOY_DIR"
|
mkdir -p "\$DEPLOY_DIR"
|
||||||
cd "$DEPLOY_DIR"
|
cd "\$DEPLOY_DIR"
|
||||||
|
|
||||||
# Write .env for docker compose
|
# Log in to registry
|
||||||
cat > .env << EOF
|
|
||||||
IMAGE_TAG=${{ needs.build.outputs.image_tag }}
|
|
||||||
REGISTRY=${{ vars.REGISTRY }}
|
|
||||||
DOMAIN=${{ vars.DOMAIN }}
|
|
||||||
POSTGRES_DB=${{ secrets.POSTGRES_DB }}
|
|
||||||
POSTGRES_USER=${{ secrets.POSTGRES_USER }}
|
|
||||||
POSTGRES_PASSWORD=${{ secrets.POSTGRES_PASSWORD }}
|
|
||||||
SECRET_KEY=${{ secrets.SECRET_KEY }}
|
|
||||||
JWT_SECRET_KEY=${{ secrets.JWT_SECRET_KEY }}
|
|
||||||
EOF
|
|
||||||
|
|
||||||
# Log in to registry on the server
|
|
||||||
echo "${{ secrets.REGISTRY_PASSWORD }}" | \
|
echo "${{ secrets.REGISTRY_PASSWORD }}" | \
|
||||||
docker login ${{ vars.REGISTRY }} \
|
docker login ${{ vars.REGISTRY }} \
|
||||||
-u ${{ secrets.REGISTRY_USER }} \
|
-u ${{ secrets.REGISTRY_USER }} \
|
||||||
--password-stdin
|
--password-stdin
|
||||||
|
|
||||||
# Pull new images
|
# Pull images explicitly so swarm has them cached
|
||||||
docker compose -f docker-compose.prod.yml pull
|
docker pull ${{ vars.REGISTRY }}/saas-imobiliaria-backend:${{ needs.build.outputs.image_tag }}
|
||||||
|
docker pull ${{ vars.REGISTRY }}/saas-imobiliaria-frontend:${{ needs.build.outputs.image_tag }}
|
||||||
|
|
||||||
# Rolling restart (zero-downtime: db stays up)
|
# Deploy stack with env vars inline
|
||||||
docker compose -f docker-compose.prod.yml up -d --remove-orphans
|
IMAGE_TAG=${{ needs.build.outputs.image_tag }} \
|
||||||
|
REGISTRY=${{ vars.REGISTRY }} \
|
||||||
|
DOMAIN=${{ vars.DOMAIN }} \
|
||||||
|
POSTGRES_DB=${{ secrets.POSTGRES_DB }} \
|
||||||
|
POSTGRES_USER=${{ secrets.POSTGRES_USER }} \
|
||||||
|
POSTGRES_PASSWORD=${{ secrets.POSTGRES_PASSWORD }} \
|
||||||
|
SECRET_KEY=${{ secrets.SECRET_KEY }} \
|
||||||
|
JWT_SECRET_KEY=${{ secrets.JWT_SECRET_KEY }} \
|
||||||
|
docker stack deploy \
|
||||||
|
--compose-file docker-compose.prod.yml \
|
||||||
|
--with-registry-auth \
|
||||||
|
--prune \
|
||||||
|
saas-imobiliaria
|
||||||
|
|
||||||
# Clean up old images
|
echo "Stack deployed: ${{ needs.build.outputs.image_tag }}"
|
||||||
docker image prune -f
|
|
||||||
|
|
||||||
echo "Deploy concluído: ${{ needs.build.outputs.image_tag }}"
|
# Wait for services to converge
|
||||||
|
sleep 10
|
||||||
|
docker stack services saas-imobiliaria
|
||||||
|
|
||||||
ENDSSH
|
ENDSSH
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -15,10 +15,13 @@ services:
|
||||||
retries: 10
|
retries: 10
|
||||||
networks:
|
networks:
|
||||||
- internal
|
- internal
|
||||||
|
deploy:
|
||||||
|
replicas: 1
|
||||||
|
restart_policy:
|
||||||
|
condition: on-failure
|
||||||
|
|
||||||
backend:
|
backend:
|
||||||
image: ${REGISTRY}/saas-imobiliaria-backend:${IMAGE_TAG:-latest}
|
image: ${REGISTRY}/saas-imobiliaria-backend:${IMAGE_TAG:-latest}
|
||||||
restart: unless-stopped
|
|
||||||
environment:
|
environment:
|
||||||
DATABASE_URL: postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@db:5432/${POSTGRES_DB}
|
DATABASE_URL: postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@db:5432/${POSTGRES_DB}
|
||||||
SECRET_KEY: ${SECRET_KEY}
|
SECRET_KEY: ${SECRET_KEY}
|
||||||
|
|
@ -27,55 +30,50 @@ services:
|
||||||
FLASK_APP: app
|
FLASK_APP: app
|
||||||
CORS_ORIGINS: https://${DOMAIN}
|
CORS_ORIGINS: https://${DOMAIN}
|
||||||
IMAGE_TAG: ${IMAGE_TAG:-latest}
|
IMAGE_TAG: ${IMAGE_TAG:-latest}
|
||||||
depends_on:
|
|
||||||
db:
|
|
||||||
condition: service_healthy
|
|
||||||
networks:
|
networks:
|
||||||
- internal
|
- internal
|
||||||
- traefik-public
|
- proxy
|
||||||
labels:
|
deploy:
|
||||||
- "traefik.enable=true"
|
replicas: 1
|
||||||
- "traefik.docker.network=traefik-public"
|
restart_policy:
|
||||||
# Router
|
condition: on-failure
|
||||||
- "traefik.http.routers.imob-api.rule=Host(`${DOMAIN}`) && PathPrefix(`/api`)"
|
labels:
|
||||||
- "traefik.http.routers.imob-api.entrypoints=websecure"
|
- "traefik.enable=true"
|
||||||
- "traefik.http.routers.imob-api.tls=true"
|
- "traefik.docker.network=proxy"
|
||||||
- "traefik.http.routers.imob-api.tls.certresolver=letsencrypt"
|
# Router HTTPS
|
||||||
# Service
|
- "traefik.http.routers.imob-api.rule=Host(`${DOMAIN}`) && PathPrefix(`/api`)"
|
||||||
- "traefik.http.services.imob-api.loadbalancer.server.port=5000"
|
- "traefik.http.routers.imob-api.entrypoints=websecure"
|
||||||
# Strip /api prefix before forwarding to Flask
|
- "traefik.http.routers.imob-api.tls=true"
|
||||||
- "traefik.http.middlewares.imob-api-strip.stripprefix.prefixes=/api"
|
- "traefik.http.routers.imob-api.tls.certresolver=letsencrypt"
|
||||||
- "traefik.http.routers.imob-api.middlewares=imob-api-strip"
|
- "traefik.http.routers.imob-api.middlewares=imob-strip-api"
|
||||||
|
# Strip /api prefix antes de chegar no Flask
|
||||||
|
- "traefik.http.middlewares.imob-strip-api.stripprefix.prefixes=/api"
|
||||||
|
# Service
|
||||||
|
- "traefik.http.services.imob-api.loadbalancer.server.port=5000"
|
||||||
|
|
||||||
frontend:
|
frontend:
|
||||||
image: ${REGISTRY}/saas-imobiliaria-frontend:${IMAGE_TAG:-latest}
|
image: ${REGISTRY}/saas-imobiliaria-frontend:${IMAGE_TAG:-latest}
|
||||||
restart: unless-stopped
|
|
||||||
depends_on:
|
|
||||||
- backend
|
|
||||||
networks:
|
networks:
|
||||||
- internal
|
- proxy
|
||||||
- traefik-public
|
deploy:
|
||||||
labels:
|
replicas: 1
|
||||||
- "traefik.enable=true"
|
restart_policy:
|
||||||
- "traefik.docker.network=traefik-public"
|
condition: on-failure
|
||||||
# Router
|
labels:
|
||||||
- "traefik.http.routers.imob-frontend.rule=Host(`${DOMAIN}`)"
|
- "traefik.enable=true"
|
||||||
- "traefik.http.routers.imob-frontend.entrypoints=websecure"
|
- "traefik.docker.network=proxy"
|
||||||
- "traefik.http.routers.imob-frontend.tls=true"
|
# Router HTTPS
|
||||||
- "traefik.http.routers.imob-frontend.tls.certresolver=letsencrypt"
|
- "traefik.http.routers.imob-frontend.rule=Host(`${DOMAIN}`)"
|
||||||
# Redirect HTTP → HTTPS
|
- "traefik.http.routers.imob-frontend.entrypoints=websecure"
|
||||||
- "traefik.http.routers.imob-frontend-http.rule=Host(`${DOMAIN}`)"
|
- "traefik.http.routers.imob-frontend.tls=true"
|
||||||
- "traefik.http.routers.imob-frontend-http.entrypoints=web"
|
- "traefik.http.routers.imob-frontend.tls.certresolver=letsencrypt"
|
||||||
- "traefik.http.routers.imob-frontend-http.middlewares=redirect-to-https"
|
# Service
|
||||||
- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
|
- "traefik.http.services.imob-frontend.loadbalancer.server.port=80"
|
||||||
- "traefik.http.middlewares.redirect-to-https.redirectscheme.permanent=true"
|
|
||||||
# Service
|
|
||||||
- "traefik.http.services.imob-frontend.loadbalancer.server.port=80"
|
|
||||||
|
|
||||||
networks:
|
networks:
|
||||||
internal:
|
internal:
|
||||||
driver: bridge
|
driver: overlay
|
||||||
traefik-public:
|
proxy:
|
||||||
external: true
|
external: true
|
||||||
|
|
||||||
volumes:
|
volumes:
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue