gitadmin/sass-imobiliaria
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix: TLS check - use if/else instead of capturing openssl exit code
Some checks failed
CI/CD → Deploy via SSH / Build & Push Docker Images (push) Successful in 28s
Details
CI/CD → Deploy via SSH / Deploy via SSH (push) Successful in 3m1s
Details
CI/CD → Deploy via SSH / Validate HTTPS & Endpoints (push) Failing after 46s
Details

Browse source 
openssl x509 -checkend prints 'Certificate will not expire' to stdout,
so the DAYS variable became a multiline string, never equal to '0'.
Also downgraded cert-near-expiry to a warning (not deploy-blocking).
This commit is contained in:
MatheusAlves96 2026-04-22 22:53:15 -03:00
parent d3e4438a4f
commit e1c2a33686
1 changed files with 8 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

14
.forgejo/workflows/deploy.yml
View file

@ -182,12 +182,14 @@ jobs:
| openssl x509 -noout -enddate 2>/dev/null | cut -d= -f2)
echo "Expira: $EXPIRY"
# Alpine usa busybox date — converte via openssl diretamente
DAYS=$(echo | openssl s_client -connect ${{ vars.SSH_HOST }}:443 \
-servername ${{ vars.DOMAIN }} 2>/dev/null \
| openssl x509 -noout -checkend 604800 2>/dev/null; echo $?)
# checkend retorna 0 se válido por mais de N segundos (604800 = 7 dias)
[ "$DAYS" = "0" ] || (echo "❌ Cert expira em menos de 7 dias!" && exit 1)
echo "✅ Certificado válido por mais de 7 dias (expira: $EXPIRY)"
# checkend retorna 0 se o cert NÃO expira nos próximos N segundos (604800 = 7 dias)
if echo | openssl s_client -connect ${{ vars.SSH_HOST }}:443 \
-servername ${{ vars.DOMAIN }} 2>/dev/null \
| openssl x509 -noout -checkend 604800 > /dev/null 2>&1; then
echo "✅ Certificado válido por mais de 7 dias (expira: $EXPIRY)"
else
echo "⚠️ Cert expira em menos de 7 dias (expira: $EXPIRY) — renovar em breve"
fi
- name: GET /api/v1/properties
run: |