ricardo/BCards
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: ricardo:5834afc6485493639aaac3a51d59fad1b6b6023e
Branches Tags
ricardo:main
ricardo:Release/ajuda-console
ricardo:Release/ajustes-headers
ricardo:Release/ArtigosPDF
ricardo:Release/support
ricardo:Release/versao1
ricardo:feat/plano-rodape
ricardo:feat/live-preview
ricardo:Release/V0.0.3
ricardo:feat/ajustes-layout
ricardo:feat/link-produto-login
..
compare: ricardo:4c7c31cd60334d4fb3103ebf8ae224daeeb8c0ee
Branches Tags
ricardo:Release/ajuda-console
ricardo:main
ricardo:Release/ajustes-headers
ricardo:Release/ArtigosPDF
ricardo:Release/support
ricardo:Release/versao1
ricardo:feat/plano-rodape
ricardo:feat/live-preview
ricardo:Release/V0.0.3
ricardo:feat/ajustes-layout
ricardo:feat/link-produto-login

No commits in common. "5834afc6485493639aaac3a51d59fad1b6b6023e" and "4c7c31cd60334d4fb3103ebf8ae224daeeb8c0ee" have entirely different histories.
5834afc648 ... 4c7c31cd60

5 changed files with 183 additions and 201 deletions
Show Stats Expand all files Collapse all files

104
.gitea/workflows/deploy-bcards.yml
View File

@ -101,7 +101,7 @@ jobs:
- name: Set up Docker Buildx - name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3 uses: docker/setup-buildx-action@v3
with: with:
platforms: linux/arm64 platforms: linux/amd64,linux/arm64
- name: Determine build settings - name: Determine build settings
id: settings id: settings
@ -109,23 +109,22 @@ jobs:
BRANCH_NAME="${{ github.ref_name }}" BRANCH_NAME="${{ github.ref_name }}"
if [ "$BRANCH_NAME" = "main" ]; then if [ "$BRANCH_NAME" = "main" ]; then
# Main = Produção (ARM64) - usando Dockerfile simples # Main = Produção (ARM64) - usando Dockerfile da raiz como QRRapido
echo "tag=latest" >> $GITHUB_OUTPUT echo "tag=latest" >> $GITHUB_OUTPUT
echo "platform=linux/arm64" >> $GITHUB_OUTPUT echo "platform=linux/arm64" >> $GITHUB_OUTPUT
echo "environment=Production" >> $GITHUB_OUTPUT echo "environment=Production" >> $GITHUB_OUTPUT
echo "dockerfile=Dockerfile" >> $GITHUB_OUTPUT echo "dockerfile=Dockerfile" >> $GITHUB_OUTPUT
echo "deploy_target=production" >> $GITHUB_OUTPUT echo "deploy_target=production" >> $GITHUB_OUTPUT
elif [[ "$BRANCH_NAME" == Release/* ]]; then elif [[ "$BRANCH_NAME" == Release/* ]]; then
# Release = Swarm tests (Orange Pi arm64) - usando Dockerfile simples também # Release = Staging (x86)
VERSION_RAW=${BRANCH_NAME#Release/} VERSION_RAW=${BRANCH_NAME#Release/}
# Only remove V/v if it's at the start and followed by a number (like v1.0.0) VERSION=$(echo "$VERSION_RAW" | sed 's/^[Vv]//')
VERSION=$(echo "$VERSION_RAW" | sed 's/^[Vv]\([0-9]\)/\1/')
[ -z "$VERSION" ] && VERSION="0.0.1" [ -z "$VERSION" ] && VERSION="0.0.1"
echo "tag=$VERSION" >> $GITHUB_OUTPUT echo "tag=$VERSION" >> $GITHUB_OUTPUT
echo "platform=linux/arm64" >> $GITHUB_OUTPUT echo "platform=linux/amd64" >> $GITHUB_OUTPUT
echo "environment=Testing" >> $GITHUB_OUTPUT echo "environment=Testing" >> $GITHUB_OUTPUT
echo "dockerfile=Dockerfile" >> $GITHUB_OUTPUT echo "dockerfile=Dockerfile.release" >> $GITHUB_OUTPUT
echo "deploy_target=testing" >> $GITHUB_OUTPUT echo "deploy_target=testing" >> $GITHUB_OUTPUT
echo "version=$VERSION" >> $GITHUB_OUTPUT echo "version=$VERSION" >> $GITHUB_OUTPUT
fi fi
@ -545,16 +544,12 @@ jobs:
if: startsWith(github.ref_name, 'Release/') if: startsWith(github.ref_name, 'Release/')
steps: steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Extract version - name: Extract version
id: version id: version
run: | run: |
BRANCH_NAME="${{ github.ref_name }}" BRANCH_NAME="${{ github.ref_name }}"
VERSION_RAW=${BRANCH_NAME#Release/} VERSION_RAW=${BRANCH_NAME#Release/}
# Only remove V/v if it's at the start and followed by a number (like v1.0.0) VERSION=$(echo "$VERSION_RAW" | sed 's/^[Vv]//')
VERSION=$(echo "$VERSION_RAW" | sed 's/^[Vv]\([0-9]\)/\1/')
[ -z "$VERSION" ] && VERSION="0.0.1" [ -z "$VERSION" ] && VERSION="0.0.1"
echo "version=$VERSION" >> $GITHUB_OUTPUT echo "version=$VERSION" >> $GITHUB_OUTPUT
echo "📦 Deploying version: $VERSION" echo "📦 Deploying version: $VERSION"
@ -562,42 +557,23 @@ jobs:
- name: Prepare release stack manifest - name: Prepare release stack manifest
run: | run: |
mkdir -p artifacts mkdir -p artifacts
BCARDS_IMAGE=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.version.outputs.version }} export BCARDS_IMAGE=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.version.outputs.version }}
envsubst '$BCARDS_IMAGE' < deploy/docker-stack.release.yml > artifacts/docker-stack.release.yml
# Replace ${BCARDS_IMAGE} with actual image name using sed
sed "s|\${BCARDS_IMAGE}|${BCARDS_IMAGE}|g" deploy/docker-stack.release.yml > artifacts/docker-stack.release.yml
echo "🔧 Generated manifest with image: ${BCARDS_IMAGE}"
echo "📄 Manifest content:"
head -10 artifacts/docker-stack.release.yml
- name: Deploy to release swarm - name: Deploy to release swarm
run: | run: |
echo "🚀 Deploying release stack to Orange Pi swarm..." echo "🚀 Deploying release stack to Orange Pi swarm..."
docker stack deploy -c artifacts/docker-stack.release.yml bcards-release
- name: Await release service readiness mkdir -p ~/.ssh
run: | echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_rsa
echo "⏳ Aguardando serviço bcards-release estabilizar..." chmod 600 ~/.ssh/id_rsa
ATTEMPTS=30 ssh-keyscan -H 141.148.162.114 >> ~/.ssh/known_hosts
while [ $ATTEMPTS -gt 0 ]; do ssh-keyscan -H 129.146.116.218 >> ~/.ssh/known_hosts
REPLICAS=$(docker service ls --filter name=bcards-release_bcards-release --format '{{.Replicas}}')
if [ "$REPLICAS" = "1/1" ]; then
echo "✅ Serviço com $REPLICAS réplica"
break
fi
echo "Atual: ${REPLICAS:-N/A}; aguardando..."
sleep 5
ATTEMPTS=$((ATTEMPTS-1))
done
if [ "$REPLICAS" != "1/1" ]; then scp -o StrictHostKeyChecking=no artifacts/docker-stack.release.yml ubuntu@141.148.162.114:/home/ubuntu/docker-stack.release.yml
echo "❌ Serviço não atingiu 1/1 réplica"
docker service ps bcards-release_bcards-release
exit 1
fi
docker service ps bcards-release_bcards-release ssh -o StrictHostKeyChecking=no ubuntu@141.148.162.114 \
'/home/ubuntu/scripts/swarm_deploy.sh bcards-release bcards-release /home/ubuntu/docker-stack.release.yml http://localhost:28080/health 2'
cleanup: cleanup:
name: Cleanup Old Resources name: Cleanup Old Resources
@ -610,26 +586,40 @@ jobs:
run: | run: |
echo "🧹 Limpando recursos antigos..." echo "🧹 Limpando recursos antigos..."
if [ "${{ github.ref_name }}" = "main" ]; then # Configura SSH (igual ao QRRapido)
mkdir -p ~/.ssh mkdir -p ~/.ssh
echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_rsa echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_rsa
chmod 600 ~/.ssh/id_rsa chmod 600 ~/.ssh/id_rsa
ssh-keyscan -H 141.148.162.114 >> ~/.ssh/known_hosts
ssh-keyscan -H 129.146.116.218 >> ~/.ssh/known_hosts
ssh-add ~/.ssh/id_rsa 2>/dev/null || echo "SSH key loaded"
for server in 141.148.162.114 129.146.116.218; do # Adiciona hosts conhecidos
echo "🧹 Limpando servidor $server..." ssh-keyscan -H 141.148.162.114 >> ~/.ssh/known_hosts
ssh -o StrictHostKeyChecking=no ubuntu@$server << 'EOF' ssh-keyscan -H 129.146.116.218 >> ~/.ssh/known_hosts
docker container prune -f
docker image prune -f # Testa a chave SSH
docker network prune -f ssh-add ~/.ssh/id_rsa 2>/dev/null || echo "SSH key loaded"
EOF
done # Lista de servidores baseada na branch
if [ "${{ github.ref_name }}" = "main" ]; then
SERVERS=("141.148.162.114" "129.146.116.218")
else else
echo " Release branch: limpeza remota ignorada (Swarm gerencia recursos)." SERVERS=("141.148.162.114" "129.146.116.218")
fi fi
# Limpeza em cada servidor
for server in "${SERVERS[@]}"; do
echo "🧹 Limpando servidor $server..."
ssh -o StrictHostKeyChecking=no ubuntu@$server << 'EOF'
# Remove containers parados
docker container prune -f
# Remove imagens não utilizadas
docker image prune -f
# Remove redes não utilizadas
docker network prune -f
EOF
done
echo "✅ Limpeza concluída!" echo "✅ Limpeza concluída!"
deployment-summary: deployment-summary:

0
archive/Dockerfile.release.backup → Dockerfile.release
View File

15
deploy/docker-stack.release.yml
View File

@ -6,7 +6,9 @@ services:
networks: networks:
- bcards-net - bcards-net
deploy: deploy:
replicas: 1 replicas: 2
placement:
max_replicas_per_node: 1
update_config: update_config:
parallelism: 1 parallelism: 1
delay: 10s delay: 10s
@ -20,20 +22,13 @@ services:
ASPNETCORE_ENVIRONMENT: Release ASPNETCORE_ENVIRONMENT: Release
ASPNETCORE_URLS: http://+:8080 ASPNETCORE_URLS: http://+:8080
ASPNETCORE_FORWARDEDHEADERS_ENABLED: "true" ASPNETCORE_FORWARDEDHEADERS_ENABLED: "true"
# MongoDB local (Core i5)
MongoDb__ConnectionString: mongodb://192.168.0.100:27017/BCardsDB MongoDb__ConnectionString: mongodb://192.168.0.100:27017/BCardsDB
MongoDb__DatabaseName: BCardsDB MongoDb__DatabaseName: BCardsDB
DataProtection__Mongo__ConnectionString: mongodb://192.168.0.100:27017/BCardsDB DataProtection__Mongo__ConnectionString: mongodb://192.168.0.100:27017/BCardsDB
DataProtection__Mongo__DatabaseName: BCardsDB DataProtection__Mongo__DatabaseName: BCardsDB
DataProtection__Mongo__CollectionName: DataProtectionKeys DataProtection__Mongo__CollectionName: DataProtectionKeys
# OpenSearch local (Core i5) Serilog__OpenSearchUrl: http://141.148.162.114:19201
Serilog__OpenSearchUrl: http://192.168.0.100:9200 Serilog__OpenSearchFallback: http://129.146.116.218:19202
Serilog__OpenSearchFallback: http://192.168.0.100:9200
# Stripe test keys (same as development)
Stripe__PublishableKey: pk_test_51RjUmIBMIadsOxJVP4bWc54pHEOSf5km1hpOkOBSoGVoKxI46N4KSWtevpXCSq68OjFazBuXmPJGBwZ1KDN5MNJy003lj1YmAS
Stripe__SecretKey: sk_test_51RjUmIBMIadsOxJVeqsMFxnZ8ePR7d8IbnaF4sAwBVJv9rrfODPEQ2C9fF3beoABpITdfzEk0ZDzGTTQfvKv63xI00PeZoABGO
Stripe__WebhookSecret: whsec_8d189c137ff170ab5e62498003512b9d073e2db50c50ed7d8712b7ef11a37543
Stripe__Environment: test
Logging__LogLevel__Default: Debug Logging__LogLevel__Default: Debug
healthcheck: healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:8080/health"] test: ["CMD", "curl", "-f", "http://localhost:8080/health"]

2
scripts/deploy-release.sh
View File

@ -196,7 +196,7 @@ deploy_new_version() {
cat > "$DEPLOY_DIR/.env" << EOF cat > "$DEPLOY_DIR/.env" << EOF
IMAGE_TAG=$image_tag IMAGE_TAG=$image_tag
REGISTRY=registry.redecarneir.us REGISTRY=registry.redecarneir.us
MONGODB_CONNECTION_STRING=mongodb://admin:c4rn31r0@129.146.116.218:27017,141.148.162.114:27017/BCardsDB?replicaSet=rs0&authSource=admin MONGODB_CONNECTION_STRING=mongodb://192.168.0.100:27017/BCardsDB
ASPNETCORE_ENVIRONMENT=Release ASPNETCORE_ENVIRONMENT=Release
CERT_PASSWORD= CERT_PASSWORD=
EOF EOF

9
src/BCards.Web/Middleware/AuthCacheMiddleware.cs
View File

@ -53,13 +53,10 @@ namespace BCards.Web.Middleware
// Só adicionar se não foi definido explicitamente pelo controller // Só adicionar se não foi definido explicitamente pelo controller
if (!context.Response.Headers.ContainsKey("Cache-Control")) if (!context.Response.Headers.ContainsKey("Cache-Control"))
{ {
// Headers mais fortes para garantir que CDNs como Cloudflare não façam cache context.Response.Headers["Cache-Control"] = "no-cache, must-revalidate";
context.Response.Headers["Cache-Control"] = "no-store, no-cache, must-revalidate, proxy-revalidate"; context.Response.Headers["Vary"] = "Cookie";
context.Response.Headers["Pragma"] = "no-cache";
context.Response.Headers["Expires"] = "0";
context.Response.Headers["Vary"] = "Cookie, Authorization";
_logger.LogDebug("AuthCache: Applied strong no-cache headers for authenticated user on {Path}", path); _logger.LogDebug("AuthCache: Applied no-cache for authenticated user on {Path}", path);
} }
} }
else else