fix: healthcheck uses --resolve to bypass DNS, correct flask routes /health and /api/v1/properties

2026-04-21 01:44:21 -03:00 · 2026-04-21 01:44:21 -03:00 · 4593a97312
commit 4593a97312
parent 0b50fb3330
1 changed files with 8 additions and 8 deletions
--- a/.forgejo/workflows/deploy.yml
+++ b/.forgejo/workflows/deploy.yml
@ -148,27 +148,27 @@ jobs:
      - name: Frontend HTTPS
        run: |
-          S=$(curl -s -o /dev/null -w "%{http_code}" --max-time 15 "https://${{ vars.DOMAIN }}")
+          S=$(curl -s -o /dev/null -w "%{http_code}" --max-time 15 --resolve "${{ vars.DOMAIN }}:443:${{ vars.SSH_HOST }}" "https://${{ vars.DOMAIN }}")
          echo "Frontend: $S"
          [ "$S" = "200" ] || (echo "❌ Frontend falhou ($S)" && exit 1)
      - name: HTTP → HTTPS redirect
        run: |
-          L=$(curl -s -o /dev/null -w "%{redirect_url}" --max-time 10 "http://${{ vars.DOMAIN }}")
+          L=$(curl -s -o /dev/null -w "%{redirect_url}" --max-time 10 --resolve "${{ vars.DOMAIN }}:80:${{ vars.SSH_HOST }}" "http://${{ vars.DOMAIN }}")
          echo "Redirect: $L"
          echo "$L" | grep -q "https://" || (echo "❌ Redirect ausente" && exit 1)
      - name: Backend /api/health
        run: |
-          R=$(curl -s --max-time 15 "https://${{ vars.DOMAIN }}/api/health")
+          R=$(curl -s --max-time 15 --resolve "${{ vars.DOMAIN }}:443:${{ vars.SSH_HOST }}" "https://${{ vars.DOMAIN }}/health")
-          S=$(curl -s -o /dev/null -w "%{http_code}" --max-time 15 "https://${{ vars.DOMAIN }}/api/health")
+          S=$(curl -s -o /dev/null -w "%{http_code}" --max-time 15 --resolve "${{ vars.DOMAIN }}:443:${{ vars.SSH_HOST }}" "https://${{ vars.DOMAIN }}/health")
          echo "Health: $S → $R"
          [ "$S" = "200" ] || (echo "❌ Health falhou ($S)" && exit 1)
          echo "$R" | grep -q '"db": "ok"' || (echo "❌ DB não conectado" && exit 1)
      - name: TLS certificate validity
        run: |
-          EXPIRY=$(echo | openssl s_client -connect ${{ vars.DOMAIN }}:443 \
+          EXPIRY=$(echo | openssl s_client -connect ${{ vars.SSH_HOST }}:443 \
            -servername ${{ vars.DOMAIN }} 2>/dev/null \
            | openssl x509 -noout -enddate 2>/dev/null | cut -d= -f2)
          echo "Expira: $EXPIRY"
@ -176,15 +176,15 @@ jobs:
          echo "Dias restantes: $DAYS"
          [ "$DAYS" -gt 7 ] || (echo "❌ Cert expira em $DAYS dias" && exit 1)
-      - name: GET /api/properties
+      - name: GET /api/v1/properties
        run: |
-          S=$(curl -s -o /dev/null -w "%{http_code}" --max-time 15 "https://${{ vars.DOMAIN }}/api/properties?limit=1")
+          S=$(curl -s -o /dev/null -w "%{http_code}" --max-time 15 --resolve "${{ vars.DOMAIN }}:443:${{ vars.SSH_HOST }}" "https://${{ vars.DOMAIN }}/api/v1/properties?limit=1")
          echo "Properties: $S"
          [ "$S" = "200" ] || (echo "❌ Properties falhou ($S)" && exit 1)
      - name: Version tag matches
        run: |
-          R=$(curl -s --max-time 10 "https://${{ vars.DOMAIN }}/api/version")
+          R=$(curl -s --max-time 10 --resolve "${{ vars.DOMAIN }}:443:${{ vars.SSH_HOST }}" "https://${{ vars.DOMAIN }}/api/version")
          echo "Version: $R"
          echo "$R" | grep -q "${{ needs.build.outputs.image_tag }}" \
            || (echo "❌ Tag não confere — esperado ${{ needs.build.outputs.image_tag }}" && exit 1)