gitadmin/sass-imobiliaria
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

ci: replace portainer webhook with ssh deploy (portainer free)
Some checks are pending
CI/CD → Deploy via SSH / Build & Push Docker Images (push) Waiting to run
Details
CI/CD → Deploy via SSH / Deploy via SSH (push) Blocked by required conditions
Details
CI/CD → Deploy via SSH / Validate HTTPS & Endpoints (push) Blocked by required conditions
Details

Browse source
This commit is contained in:
MatheusAlves96 2026-04-21 00:09:30 -03:00
parent dcd18a07e6
commit b0eb12c17d
2 changed files with 113 additions and 68 deletions
Download patch file Download diff file Expand all files Collapse all files

49
.forgejo/workflows/README.md
View file

@ -3,50 +3,56 @@
## Fluxo
```
push main → Build images → Push registry → Deploy Portainer → Health checks HTTPS
push main → Build images → Push registry → SSH no servidor → docker compose up → Health checks HTTPS
```
## Configurar no Forgejo (Settings → Secrets & Variables)
### Secrets (valores sensíveis)
### Secrets
| Secret | Descrição |
|--------|-----------|
| `REGISTRY_USER` | Usuário do registry (ex: `gitadmin`) |
| `REGISTRY_PASSWORD` | Senha ou token do registry |
| `PORTAINER_WEBHOOK_URL` | URL do webhook do stack no Portainer |
| `SSH_PRIVATE_KEY` | Chave privada SSH para acessar o servidor |
| `POSTGRES_DB` | Nome do banco de dados |
| `POSTGRES_USER` | Usuário do PostgreSQL |
| `POSTGRES_PASSWORD` | Senha do PostgreSQL |
| `SECRET_KEY` | Flask SECRET_KEY |
| `JWT_SECRET_KEY` | Chave JWT (mín. 32 chars) |
### Variables (valores não-sensíveis)
### Variables
| Variable | Exemplo |
|----------|---------|
| `REGISTRY` | `git.matheussouza.com.br/gitadmin` |
| `DOMAIN` | `imobiliaria.matheussouza.com.br` |
| `SSH_HOST` | IP ou hostname do servidor |
| `SSH_USER` | Usuário SSH (ex: `root` ou `deploy`) |
| `SSH_PORT` | Porta SSH (padrão: `22`) |
## Configurar no Portainer
## Gerar chave SSH para o deploy
1. Crie um **Stack** com o arquivo `docker-compose.prod.yml`
2. Ative o **webhook** do stack (Stack → Webhooks → Enable)
3. Copie a URL do webhook → cole em `PORTAINER_WEBHOOK_URL`
4. Certifique-se que a rede `traefik-public` existe:
```
No seu computador:
```bash
ssh-keygen -t ed25519 -C "forgejo-deploy" -f ~/.ssh/forgejo_deploy -N ""
```
- Conteúdo de `~/.ssh/forgejo_deploy` → cole em `SSH_PRIVATE_KEY` (secret)
- Conteúdo de `~/.ssh/forgejo_deploy.pub` → adicione em `~/.ssh/authorized_keys` no servidor
## Pré-requisitos no servidor
1. Docker + Docker Compose instalados
2. Rede Traefik criada:
```bash
docker network create traefik-public
```
3. Traefik rodando com entrypoints `web` (80), `websecure` (443) e certresolver `letsencrypt`
4. Usuário SSH com permissão para rodar `docker`
## Traefik — pré-requisitos
## Traefik — configuração mínima
O Traefik deve estar rodando com:
- Entrypoint `web` (porta 80)
- Entrypoint `websecure` (porta 443)
- CertResolver `letsencrypt` configurado
- Conectado à rede `traefik-public`
Exemplo mínimo de configuração do Traefik:
```yaml
# traefik.yml
# /opt/traefik/traefik.yml
entryPoints:
web:
address: ":80"
@ -60,4 +66,9 @@ certificatesResolvers:
storage: /letsencrypt/acme.json
httpChallenge:
entryPoint: web
providers:
docker:
exposedByDefault: false
network: traefik-public
```