ricardo/BCards
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: ricardo:5834afc6485493639aaac3a51d59fad1b6b6023e
Branches Tags
ricardo:main
ricardo:Release/ajuda-console
ricardo:Release/ajustes-headers
ricardo:Release/ArtigosPDF
ricardo:Release/support
ricardo:Release/versao1
ricardo:feat/plano-rodape
ricardo:feat/live-preview
ricardo:Release/V0.0.3
ricardo:feat/ajustes-layout
ricardo:feat/link-produto-login
..
compare: ricardo:4c7c31cd60334d4fb3103ebf8ae224daeeb8c0ee
Branches Tags
ricardo:Release/ajuda-console
ricardo:main
ricardo:Release/ajustes-headers
ricardo:Release/ArtigosPDF
ricardo:Release/support
ricardo:Release/versao1
ricardo:feat/plano-rodape
ricardo:feat/live-preview
ricardo:Release/V0.0.3
ricardo:feat/ajustes-layout
ricardo:feat/link-produto-login

No commits in common. "5834afc6485493639aaac3a51d59fad1b6b6023e" and "4c7c31cd60334d4fb3103ebf8ae224daeeb8c0ee" have entirely different histories.
5834afc648 ... 4c7c31cd60

5 changed files with 183 additions and 201 deletions
Show Stats Expand all files Collapse all files

106
.gitea/workflows/deploy-bcards.yml
View File

@ -101,7 +101,7 @@ jobs:
- name: Set up Docker Buildx - name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3 uses: docker/setup-buildx-action@v3
with: with:
platforms: linux/arm64 platforms: linux/amd64,linux/arm64
- name: Determine build settings - name: Determine build settings
id: settings id: settings
@ -109,23 +109,22 @@ jobs:
BRANCH_NAME="${{ github.ref_name }}" BRANCH_NAME="${{ github.ref_name }}"
if [ "$BRANCH_NAME" = "main" ]; then if [ "$BRANCH_NAME" = "main" ]; then
# Main = Produção (ARM64) - usando Dockerfile simples # Main = Produção (ARM64) - usando Dockerfile da raiz como QRRapido
echo "tag=latest" >> $GITHUB_OUTPUT echo "tag=latest" >> $GITHUB_OUTPUT
echo "platform=linux/arm64" >> $GITHUB_OUTPUT echo "platform=linux/arm64" >> $GITHUB_OUTPUT
echo "environment=Production" >> $GITHUB_OUTPUT echo "environment=Production" >> $GITHUB_OUTPUT
echo "dockerfile=Dockerfile" >> $GITHUB_OUTPUT echo "dockerfile=Dockerfile" >> $GITHUB_OUTPUT
echo "deploy_target=production" >> $GITHUB_OUTPUT echo "deploy_target=production" >> $GITHUB_OUTPUT
elif [[ "$BRANCH_NAME" == Release/* ]]; then elif [[ "$BRANCH_NAME" == Release/* ]]; then
# Release = Swarm tests (Orange Pi arm64) - usando Dockerfile simples também # Release = Staging (x86)
VERSION_RAW=${BRANCH_NAME#Release/} VERSION_RAW=${BRANCH_NAME#Release/}
# Only remove V/v if it's at the start and followed by a number (like v1.0.0) VERSION=$(echo "$VERSION_RAW" | sed 's/^[Vv]//')
VERSION=$(echo "$VERSION_RAW" | sed 's/^[Vv]\([0-9]\)/\1/')
[ -z "$VERSION" ] && VERSION="0.0.1" [ -z "$VERSION" ] && VERSION="0.0.1"
echo "tag=$VERSION" >> $GITHUB_OUTPUT echo "tag=$VERSION" >> $GITHUB_OUTPUT
echo "platform=linux/arm64" >> $GITHUB_OUTPUT echo "platform=linux/amd64" >> $GITHUB_OUTPUT
echo "environment=Testing" >> $GITHUB_OUTPUT echo "environment=Testing" >> $GITHUB_OUTPUT
echo "dockerfile=Dockerfile" >> $GITHUB_OUTPUT echo "dockerfile=Dockerfile.release" >> $GITHUB_OUTPUT
echo "deploy_target=testing" >> $GITHUB_OUTPUT echo "deploy_target=testing" >> $GITHUB_OUTPUT
echo "version=$VERSION" >> $GITHUB_OUTPUT echo "version=$VERSION" >> $GITHUB_OUTPUT
fi fi
@ -545,16 +544,12 @@ jobs:
if: startsWith(github.ref_name, 'Release/') if: startsWith(github.ref_name, 'Release/')
steps: steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Extract version - name: Extract version
id: version id: version
run: | run: |
BRANCH_NAME="${{ github.ref_name }}" BRANCH_NAME="${{ github.ref_name }}"
VERSION_RAW=${BRANCH_NAME#Release/} VERSION_RAW=${BRANCH_NAME#Release/}
# Only remove V/v if it's at the start and followed by a number (like v1.0.0) VERSION=$(echo "$VERSION_RAW" | sed 's/^[Vv]//')
VERSION=$(echo "$VERSION_RAW" | sed 's/^[Vv]\([0-9]\)/\1/')
[ -z "$VERSION" ] && VERSION="0.0.1" [ -z "$VERSION" ] && VERSION="0.0.1"
echo "version=$VERSION" >> $GITHUB_OUTPUT echo "version=$VERSION" >> $GITHUB_OUTPUT
echo "📦 Deploying version: $VERSION" echo "📦 Deploying version: $VERSION"
@ -562,42 +557,23 @@ jobs:
- name: Prepare release stack manifest - name: Prepare release stack manifest
run: | run: |
mkdir -p artifacts mkdir -p artifacts
BCARDS_IMAGE=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.version.outputs.version }} export BCARDS_IMAGE=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.version.outputs.version }}
envsubst '$BCARDS_IMAGE' < deploy/docker-stack.release.yml > artifacts/docker-stack.release.yml
# Replace ${BCARDS_IMAGE} with actual image name using sed
sed "s|\${BCARDS_IMAGE}|${BCARDS_IMAGE}|g" deploy/docker-stack.release.yml > artifacts/docker-stack.release.yml
echo "🔧 Generated manifest with image: ${BCARDS_IMAGE}"
echo "📄 Manifest content:"
head -10 artifacts/docker-stack.release.yml
- name: Deploy to release swarm - name: Deploy to release swarm
run: | run: |
echo "🚀 Deploying release stack to Orange Pi swarm..." echo "🚀 Deploying release stack to Orange Pi swarm..."
docker stack deploy -c artifacts/docker-stack.release.yml bcards-release
- name: Await release service readiness mkdir -p ~/.ssh
run: | echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_rsa
echo "⏳ Aguardando serviço bcards-release estabilizar..." chmod 600 ~/.ssh/id_rsa
ATTEMPTS=30 ssh-keyscan -H 141.148.162.114 >> ~/.ssh/known_hosts
while [ $ATTEMPTS -gt 0 ]; do ssh-keyscan -H 129.146.116.218 >> ~/.ssh/known_hosts
REPLICAS=$(docker service ls --filter name=bcards-release_bcards-release --format '{{.Replicas}}')
if [ "$REPLICAS" = "1/1" ]; then
echo "✅ Serviço com $REPLICAS réplica"
break
fi
echo "Atual: ${REPLICAS:-N/A}; aguardando..."
sleep 5
ATTEMPTS=$((ATTEMPTS-1))
done
if [ "$REPLICAS" != "1/1" ]; then scp -o StrictHostKeyChecking=no artifacts/docker-stack.release.yml ubuntu@141.148.162.114:/home/ubuntu/docker-stack.release.yml
echo "❌ Serviço não atingiu 1/1 réplica"
docker service ps bcards-release_bcards-release
exit 1
fi
docker service ps bcards-release_bcards-release ssh -o StrictHostKeyChecking=no ubuntu@141.148.162.114 \
'/home/ubuntu/scripts/swarm_deploy.sh bcards-release bcards-release /home/ubuntu/docker-stack.release.yml http://localhost:28080/health 2'
cleanup: cleanup:
name: Cleanup Old Resources name: Cleanup Old Resources
@ -610,26 +586,40 @@ jobs:
run: | run: |
echo "🧹 Limpando recursos antigos..." echo "🧹 Limpando recursos antigos..."
# Configura SSH (igual ao QRRapido)
mkdir -p ~/.ssh
echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_rsa
chmod 600 ~/.ssh/id_rsa
# Adiciona hosts conhecidos
ssh-keyscan -H 141.148.162.114 >> ~/.ssh/known_hosts
ssh-keyscan -H 129.146.116.218 >> ~/.ssh/known_hosts
# Testa a chave SSH
ssh-add ~/.ssh/id_rsa 2>/dev/null || echo "SSH key loaded"
# Lista de servidores baseada na branch
if [ "${{ github.ref_name }}" = "main" ]; then if [ "${{ github.ref_name }}" = "main" ]; then
mkdir -p ~/.ssh SERVERS=("141.148.162.114" "129.146.116.218")
echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_rsa
chmod 600 ~/.ssh/id_rsa
ssh-keyscan -H 141.148.162.114 >> ~/.ssh/known_hosts
ssh-keyscan -H 129.146.116.218 >> ~/.ssh/known_hosts
ssh-add ~/.ssh/id_rsa 2>/dev/null || echo "SSH key loaded"
for server in 141.148.162.114 129.146.116.218; do
echo "🧹 Limpando servidor $server..."
ssh -o StrictHostKeyChecking=no ubuntu@$server << 'EOF'
docker container prune -f
docker image prune -f
docker network prune -f
EOF
done
else else
echo " Release branch: limpeza remota ignorada (Swarm gerencia recursos)." SERVERS=("141.148.162.114" "129.146.116.218")
fi fi
# Limpeza em cada servidor
for server in "${SERVERS[@]}"; do
echo "🧹 Limpando servidor $server..."
ssh -o StrictHostKeyChecking=no ubuntu@$server << 'EOF'
# Remove containers parados
docker container prune -f
# Remove imagens não utilizadas
docker image prune -f
# Remove redes não utilizadas
docker network prune -f
EOF
done
echo "✅ Limpeza concluída!" echo "✅ Limpeza concluída!"
deployment-summary: deployment-summary:

240
archive/Dockerfile.release.backup → Dockerfile.release
View File

@ -1,120 +1,120 @@
# Dockerfile.release - Multi-architecture build for Release environment # Dockerfile.release - Multi-architecture build for Release environment
# Supports: linux/amd64, linux/arm64 # Supports: linux/amd64, linux/arm64
ARG BUILDPLATFORM=linux/amd64 ARG BUILDPLATFORM=linux/amd64
ARG TARGETPLATFORM ARG TARGETPLATFORM
ARG VERSION=0.0.1 ARG VERSION=0.0.1
ARG COMMIT=unknown ARG COMMIT=unknown
# Base runtime image with multi-arch support # Base runtime image with multi-arch support
FROM --platform=$TARGETPLATFORM mcr.microsoft.com/dotnet/aspnet:8.0 AS base FROM --platform=$TARGETPLATFORM mcr.microsoft.com/dotnet/aspnet:8.0 AS base
WORKDIR /app WORKDIR /app
EXPOSE 8080 EXPOSE 8080
EXPOSE 8443 EXPOSE 8443
# Install dependencies based on target platform # Install dependencies based on target platform
RUN apt-get update && \ RUN apt-get update && \
apt-get install -y --no-install-recommends \ apt-get install -y --no-install-recommends \
libgdiplus \ libgdiplus \
curl \ curl \
ca-certificates \ ca-certificates \
&& rm -rf /var/lib/apt/lists/* \ && rm -rf /var/lib/apt/lists/* \
&& apt-get clean && apt-get clean
# Create application directories # Create application directories
RUN mkdir -p /app/uploads /app/logs \ RUN mkdir -p /app/uploads /app/logs \
&& chmod 755 /app/uploads /app/logs && chmod 755 /app/uploads /app/logs
# Build stage - restore and publish # Build stage - restore and publish
FROM --platform=$BUILDPLATFORM mcr.microsoft.com/dotnet/sdk:8.0 AS build FROM --platform=$BUILDPLATFORM mcr.microsoft.com/dotnet/sdk:8.0 AS build
ARG TARGETPLATFORM ARG TARGETPLATFORM
ARG VERSION ARG VERSION
ARG COMMIT ARG COMMIT
WORKDIR /src WORKDIR /src
# Copy project file and restore dependencies # Copy project file and restore dependencies
COPY ["src/BCards.Web/BCards.Web.csproj", "src/BCards.Web/"] COPY ["src/BCards.Web/BCards.Web.csproj", "src/BCards.Web/"]
# Map platform to .NET runtime identifier and restore # Map platform to .NET runtime identifier and restore
RUN case "$TARGETPLATFORM" in \ RUN case "$TARGETPLATFORM" in \
"linux/amd64") RID="linux-x64" ;; \ "linux/amd64") RID="linux-x64" ;; \
"linux/arm64") RID="linux-arm64" ;; \ "linux/arm64") RID="linux-arm64" ;; \
*) echo "Unsupported platform: $TARGETPLATFORM" && exit 1 ;; \ *) echo "Unsupported platform: $TARGETPLATFORM" && exit 1 ;; \
esac && \ esac && \
echo "🔧 Restoring for RID: $RID" && \ echo "🔧 Restoring for RID: $RID" && \
dotnet restore "src/BCards.Web/BCards.Web.csproj" --runtime $RID dotnet restore "src/BCards.Web/BCards.Web.csproj" --runtime $RID
# Copy source code # Copy source code
COPY . . COPY . .
WORKDIR "/src/src/BCards.Web" WORKDIR "/src/src/BCards.Web"
# Publish diretamente (build + publish em um comando) # Publish diretamente (build + publish em um comando)
RUN case "$TARGETPLATFORM" in \ RUN case "$TARGETPLATFORM" in \
"linux/amd64") RID="linux-x64" ;; \ "linux/amd64") RID="linux-x64" ;; \
"linux/arm64") RID="linux-arm64" ;; \ "linux/arm64") RID="linux-arm64" ;; \
*) echo "Unsupported platform: $TARGETPLATFORM" && exit 1 ;; \ *) echo "Unsupported platform: $TARGETPLATFORM" && exit 1 ;; \
esac && \ esac && \
echo "📦 Publishing for RID: $RID" && \ echo "📦 Publishing for RID: $RID" && \
dotnet publish "BCards.Web.csproj" \ dotnet publish "BCards.Web.csproj" \
-c Release \ -c Release \
-o /app/publish \ -o /app/publish \
--no-restore \ --no-restore \
--runtime $RID \ --runtime $RID \
--self-contained false \ --self-contained false \
-p:PublishReadyToRun=false \ -p:PublishReadyToRun=false \
-p:PublishSingleFile=false \ -p:PublishSingleFile=false \
-p:UseAppHost=false \ -p:UseAppHost=false \
-p:Version=$VERSION \ -p:Version=$VERSION \
-p:InformationalVersion=$COMMIT -p:InformationalVersion=$COMMIT
# Final stage - runtime optimized for Release environment # Final stage - runtime optimized for Release environment
FROM base AS final FROM base AS final
ARG VERSION=0.0.1 ARG VERSION=0.0.1
ARG COMMIT=unknown ARG COMMIT=unknown
ARG TARGETPLATFORM ARG TARGETPLATFORM
# Metadata labels # Metadata labels
LABEL maintainer="BCards Team" LABEL maintainer="BCards Team"
LABEL version=$VERSION LABEL version=$VERSION
LABEL commit=$COMMIT LABEL commit=$COMMIT
LABEL platform=$TARGETPLATFORM LABEL platform=$TARGETPLATFORM
LABEL environment="release" LABEL environment="release"
WORKDIR /app WORKDIR /app
# Copy published application # Copy published application
COPY --from=build /app/publish . COPY --from=build /app/publish .
# Create non-root user for security # Create non-root user for security
RUN groupadd -r bcards && useradd -r -g bcards bcards \ RUN groupadd -r bcards && useradd -r -g bcards bcards \
&& chown -R bcards:bcards /app && chown -R bcards:bcards /app
# Environment variables for Release # Environment variables for Release
ENV ASPNETCORE_ENVIRONMENT=Release ENV ASPNETCORE_ENVIRONMENT=Release
ENV ASPNETCORE_URLS=http://+:8080 ENV ASPNETCORE_URLS=http://+:8080
ENV DOTNET_RUNNING_IN_CONTAINER=true ENV DOTNET_RUNNING_IN_CONTAINER=true
ENV DOTNET_EnableDiagnostics=0 ENV DOTNET_EnableDiagnostics=0
ENV DOTNET_USE_POLLING_FILE_WATCHER=true ENV DOTNET_USE_POLLING_FILE_WATCHER=true
ENV DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=false ENV DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=false
# Platform-specific optimizations # Platform-specific optimizations
RUN if [ "$TARGETPLATFORM" = "linux/arm64" ]; then \ RUN if [ "$TARGETPLATFORM" = "linux/arm64" ]; then \
echo "🔧 Applying ARM64 optimizations..." && \ echo "🔧 Applying ARM64 optimizations..." && \
echo 'export DOTNET_TieredPGO=1' >> /etc/environment && \ echo 'export DOTNET_TieredPGO=1' >> /etc/environment && \
echo 'export DOTNET_TC_QuickJitForLoops=1' >> /etc/environment && \ echo 'export DOTNET_TC_QuickJitForLoops=1' >> /etc/environment && \
echo 'export DOTNET_ReadyToRun=0' >> /etc/environment; \ echo 'export DOTNET_ReadyToRun=0' >> /etc/environment; \
else \ else \
echo "🔧 Applying AMD64 optimizations..." && \ echo "🔧 Applying AMD64 optimizations..." && \
echo 'export DOTNET_TieredPGO=1' >> /etc/environment && \ echo 'export DOTNET_TieredPGO=1' >> /etc/environment && \
echo 'export DOTNET_ReadyToRun=1' >> /etc/environment; \ echo 'export DOTNET_ReadyToRun=1' >> /etc/environment; \
fi fi
# Health check endpoint # Health check endpoint
HEALTHCHECK --interval=30s --timeout=10s --start-period=60s --retries=3 \ HEALTHCHECK --interval=30s --timeout=10s --start-period=60s --retries=3 \
CMD curl -f http://localhost:8080/health || exit 1 CMD curl -f http://localhost:8080/health || exit 1
# Switch to non-root user # Switch to non-root user
USER bcards USER bcards
# Entry point with optimized runtime settings # Entry point with optimized runtime settings
ENTRYPOINT ["dotnet", "BCards.Web.dll"] ENTRYPOINT ["dotnet", "BCards.Web.dll"]

15
deploy/docker-stack.release.yml
View File

@ -6,7 +6,9 @@ services:
networks: networks:
- bcards-net - bcards-net
deploy: deploy:
replicas: 1 replicas: 2
placement:
max_replicas_per_node: 1
update_config: update_config:
parallelism: 1 parallelism: 1
delay: 10s delay: 10s
@ -20,20 +22,13 @@ services:
ASPNETCORE_ENVIRONMENT: Release ASPNETCORE_ENVIRONMENT: Release
ASPNETCORE_URLS: http://+:8080 ASPNETCORE_URLS: http://+:8080
ASPNETCORE_FORWARDEDHEADERS_ENABLED: "true" ASPNETCORE_FORWARDEDHEADERS_ENABLED: "true"
# MongoDB local (Core i5)
MongoDb__ConnectionString: mongodb://192.168.0.100:27017/BCardsDB MongoDb__ConnectionString: mongodb://192.168.0.100:27017/BCardsDB
MongoDb__DatabaseName: BCardsDB MongoDb__DatabaseName: BCardsDB
DataProtection__Mongo__ConnectionString: mongodb://192.168.0.100:27017/BCardsDB DataProtection__Mongo__ConnectionString: mongodb://192.168.0.100:27017/BCardsDB
DataProtection__Mongo__DatabaseName: BCardsDB DataProtection__Mongo__DatabaseName: BCardsDB
DataProtection__Mongo__CollectionName: DataProtectionKeys DataProtection__Mongo__CollectionName: DataProtectionKeys
# OpenSearch local (Core i5) Serilog__OpenSearchUrl: http://141.148.162.114:19201
Serilog__OpenSearchUrl: http://192.168.0.100:9200 Serilog__OpenSearchFallback: http://129.146.116.218:19202
Serilog__OpenSearchFallback: http://192.168.0.100:9200
# Stripe test keys (same as development)
Stripe__PublishableKey: pk_test_51RjUmIBMIadsOxJVP4bWc54pHEOSf5km1hpOkOBSoGVoKxI46N4KSWtevpXCSq68OjFazBuXmPJGBwZ1KDN5MNJy003lj1YmAS
Stripe__SecretKey: sk_test_51RjUmIBMIadsOxJVeqsMFxnZ8ePR7d8IbnaF4sAwBVJv9rrfODPEQ2C9fF3beoABpITdfzEk0ZDzGTTQfvKv63xI00PeZoABGO
Stripe__WebhookSecret: whsec_8d189c137ff170ab5e62498003512b9d073e2db50c50ed7d8712b7ef11a37543
Stripe__Environment: test
Logging__LogLevel__Default: Debug Logging__LogLevel__Default: Debug
healthcheck: healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:8080/health"] test: ["CMD", "curl", "-f", "http://localhost:8080/health"]

12
scripts/deploy-release.sh
View File

@ -193,11 +193,11 @@ deploy_new_version() {
cp "$PROJECT_ROOT/$DOCKER_COMPOSE_FILE" "$DEPLOY_DIR/" cp "$PROJECT_ROOT/$DOCKER_COMPOSE_FILE" "$DEPLOY_DIR/"
# Create/update environment file # Create/update environment file
cat > "$DEPLOY_DIR/.env" << EOF cat > "$DEPLOY_DIR/.env" << EOF
IMAGE_TAG=$image_tag IMAGE_TAG=$image_tag
REGISTRY=registry.redecarneir.us REGISTRY=registry.redecarneir.us
MONGODB_CONNECTION_STRING=mongodb://admin:c4rn31r0@129.146.116.218:27017,141.148.162.114:27017/BCardsDB?replicaSet=rs0&authSource=admin MONGODB_CONNECTION_STRING=mongodb://192.168.0.100:27017/BCardsDB
ASPNETCORE_ENVIRONMENT=Release ASPNETCORE_ENVIRONMENT=Release
CERT_PASSWORD= CERT_PASSWORD=
EOF EOF
@ -366,4 +366,4 @@ main() {
} }
# Run main function with all arguments # Run main function with all arguments
main "$@" main "$@"

11
src/BCards.Web/Middleware/AuthCacheMiddleware.cs
View File

@ -53,13 +53,10 @@ namespace BCards.Web.Middleware
// Só adicionar se não foi definido explicitamente pelo controller // Só adicionar se não foi definido explicitamente pelo controller
if (!context.Response.Headers.ContainsKey("Cache-Control")) if (!context.Response.Headers.ContainsKey("Cache-Control"))
{ {
// Headers mais fortes para garantir que CDNs como Cloudflare não façam cache context.Response.Headers["Cache-Control"] = "no-cache, must-revalidate";
context.Response.Headers["Cache-Control"] = "no-store, no-cache, must-revalidate, proxy-revalidate"; context.Response.Headers["Vary"] = "Cookie";
context.Response.Headers["Pragma"] = "no-cache";
context.Response.Headers["Expires"] = "0"; _logger.LogDebug("AuthCache: Applied no-cache for authenticated user on {Path}", path);
context.Response.Headers["Vary"] = "Cookie, Authorization";
_logger.LogDebug("AuthCache: Applied strong no-cache headers for authenticated user on {Path}", path);
} }
} }
else else