.gitea/workflows/deploy-bcards.yml

@@ -101,7 +101,7 @@ jobs:
     - name: Set up Docker Buildx
       uses: docker/setup-buildx-action@v3
       with:
-        platforms: linux/amd64,linux/arm64
+        platforms: linux/arm64
     
     - name: Determine build settings
       id: settings
@@ -109,22 +109,23 @@ jobs:
         BRANCH_NAME="${{ github.ref_name }}"
         
         if [ "$BRANCH_NAME" = "main" ]; then
-          # Main = Produção (ARM64) - usando Dockerfile da raiz como QRRapido
+          # Main = Produção (ARM64) - usando Dockerfile simples
           echo "tag=latest" >> $GITHUB_OUTPUT
           echo "platform=linux/arm64" >> $GITHUB_OUTPUT
           echo "environment=Production" >> $GITHUB_OUTPUT
           echo "dockerfile=Dockerfile" >> $GITHUB_OUTPUT
           echo "deploy_target=production" >> $GITHUB_OUTPUT
         elif [[ "$BRANCH_NAME" == Release/* ]]; then
-          # Release = Staging (x86)
+          # Release = Swarm tests (Orange Pi arm64) - usando Dockerfile simples também
           VERSION_RAW=${BRANCH_NAME#Release/}
-          VERSION=$(echo "$VERSION_RAW" | sed 's/^[Vv]//')
+          # Only remove V/v if it's at the start and followed by a number (like v1.0.0)
+          VERSION=$(echo "$VERSION_RAW" | sed 's/^[Vv]\([0-9]\)/\1/')
           [ -z "$VERSION" ] && VERSION="0.0.1"
 
           echo "tag=$VERSION" >> $GITHUB_OUTPUT
-          echo "platform=linux/amd64" >> $GITHUB_OUTPUT
+          echo "platform=linux/arm64" >> $GITHUB_OUTPUT
           echo "environment=Testing" >> $GITHUB_OUTPUT
-          echo "dockerfile=Dockerfile.release" >> $GITHUB_OUTPUT
+          echo "dockerfile=Dockerfile" >> $GITHUB_OUTPUT
           echo "deploy_target=testing" >> $GITHUB_OUTPUT
           echo "version=$VERSION" >> $GITHUB_OUTPUT
         fi
@@ -544,12 +545,16 @@ jobs:
     if: startsWith(github.ref_name, 'Release/')
 
     steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+
     - name: Extract version
       id: version
       run: |
         BRANCH_NAME="${{ github.ref_name }}"
         VERSION_RAW=${BRANCH_NAME#Release/}
-        VERSION=$(echo "$VERSION_RAW" | sed 's/^[Vv]//')
+        # Only remove V/v if it's at the start and followed by a number (like v1.0.0)
+        VERSION=$(echo "$VERSION_RAW" | sed 's/^[Vv]\([0-9]\)/\1/')
         [ -z "$VERSION" ] && VERSION="0.0.1"
         echo "version=$VERSION" >> $GITHUB_OUTPUT
         echo "📦 Deploying version: $VERSION"
@@ -557,23 +562,42 @@ jobs:
     - name: Prepare release stack manifest
       run: |
         mkdir -p artifacts
-        export BCARDS_IMAGE=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.version.outputs.version }}
+        BCARDS_IMAGE=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.version.outputs.version }}
-        envsubst '$BCARDS_IMAGE' < deploy/docker-stack.release.yml > artifacts/docker-stack.release.yml
+
+        # Replace ${BCARDS_IMAGE} with actual image name using sed
+        sed "s|\${BCARDS_IMAGE}|${BCARDS_IMAGE}|g" deploy/docker-stack.release.yml > artifacts/docker-stack.release.yml
+
+        echo "🔧 Generated manifest with image: ${BCARDS_IMAGE}"
+        echo "📄 Manifest content:"
+        head -10 artifacts/docker-stack.release.yml
 
     - name: Deploy to release swarm
       run: |
         echo "🚀 Deploying release stack to Orange Pi swarm..."
+        docker stack deploy -c artifacts/docker-stack.release.yml bcards-release
 
-        mkdir -p ~/.ssh
+    - name: Await release service readiness
-        echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_rsa
+      run: |
-        chmod 600 ~/.ssh/id_rsa
+        echo "⏳ Aguardando serviço bcards-release estabilizar..."
-        ssh-keyscan -H 141.148.162.114 >> ~/.ssh/known_hosts
+        ATTEMPTS=30
-        ssh-keyscan -H 129.146.116.218 >> ~/.ssh/known_hosts
+        while [ $ATTEMPTS -gt 0 ]; do
+          REPLICAS=$(docker service ls --filter name=bcards-release_bcards-release --format '{{.Replicas}}')
+          if [ "$REPLICAS" = "1/1" ]; then
+            echo "✅ Serviço com $REPLICAS réplica"
+            break
+          fi
+          echo "Atual: ${REPLICAS:-N/A}; aguardando..."
+          sleep 5
+          ATTEMPTS=$((ATTEMPTS-1))
+        done
 
-        scp -o StrictHostKeyChecking=no artifacts/docker-stack.release.yml ubuntu@141.148.162.114:/home/ubuntu/docker-stack.release.yml
+        if [ "$REPLICAS" != "1/1" ]; then
+          echo "❌ Serviço não atingiu 1/1 réplica"
+          docker service ps bcards-release_bcards-release
+          exit 1
+        fi
 
-        ssh -o StrictHostKeyChecking=no ubuntu@141.148.162.114 \
+        docker service ps bcards-release_bcards-release
-          '/home/ubuntu/scripts/swarm_deploy.sh bcards-release bcards-release /home/ubuntu/docker-stack.release.yml http://localhost:28080/health 2'
 
   cleanup:
     name: Cleanup Old Resources
@@ -586,40 +610,26 @@ jobs:
       run: |
         echo "🧹 Limpando recursos antigos..."
         
-        # Configura SSH (igual ao QRRapido)
-        mkdir -p ~/.ssh
-        echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_rsa
-        chmod 600 ~/.ssh/id_rsa
-        
-        # Adiciona hosts conhecidos
-        ssh-keyscan -H 141.148.162.114 >> ~/.ssh/known_hosts
-        ssh-keyscan -H 129.146.116.218 >> ~/.ssh/known_hosts
-        
-        # Testa a chave SSH
-        ssh-add ~/.ssh/id_rsa 2>/dev/null || echo "SSH key loaded"
-        
-        # Lista de servidores baseada na branch
         if [ "${{ github.ref_name }}" = "main" ]; then
-          SERVERS=("141.148.162.114" "129.146.116.218")
+          mkdir -p ~/.ssh
+          echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_rsa
+          chmod 600 ~/.ssh/id_rsa
+          ssh-keyscan -H 141.148.162.114 >> ~/.ssh/known_hosts
+          ssh-keyscan -H 129.146.116.218 >> ~/.ssh/known_hosts
+          ssh-add ~/.ssh/id_rsa 2>/dev/null || echo "SSH key loaded"
+
+          for server in 141.148.162.114 129.146.116.218; do
+            echo "🧹 Limpando servidor $server..."
+            ssh -o StrictHostKeyChecking=no ubuntu@$server << 'EOF'
+              docker container prune -f
+              docker image prune -f
+              docker network prune -f
+            EOF
+          done
         else
-          SERVERS=("141.148.162.114" "129.146.116.218")
+          echo "ℹ️  Release branch: limpeza remota ignorada (Swarm gerencia recursos)."
         fi
         
-        # Limpeza em cada servidor
-        for server in "${SERVERS[@]}"; do
-          echo "🧹 Limpando servidor $server..."
-          ssh -o StrictHostKeyChecking=no ubuntu@$server << 'EOF'
-            # Remove containers parados
-            docker container prune -f
-            
-            # Remove imagens não utilizadas
-            docker image prune -f
-            
-            # Remove redes não utilizadas
-            docker network prune -f
-          EOF
-        done
-        
         echo "✅ Limpeza concluída!"
 
   deployment-summary:

deploy/docker-stack.release.yml

@@ -6,9 +6,7 @@ services:
     networks:
       - bcards-net
     deploy:
-      replicas: 2
+      replicas: 1
-      placement:
-        max_replicas_per_node: 1
       update_config:
         parallelism: 1
         delay: 10s
@@ -22,13 +20,20 @@ services:
       ASPNETCORE_ENVIRONMENT: Release
       ASPNETCORE_URLS: http://+:8080
       ASPNETCORE_FORWARDEDHEADERS_ENABLED: "true"
+      # MongoDB local (Core i5)
       MongoDb__ConnectionString: mongodb://192.168.0.100:27017/BCardsDB
       MongoDb__DatabaseName: BCardsDB
       DataProtection__Mongo__ConnectionString: mongodb://192.168.0.100:27017/BCardsDB
       DataProtection__Mongo__DatabaseName: BCardsDB
       DataProtection__Mongo__CollectionName: DataProtectionKeys
-      Serilog__OpenSearchUrl: http://141.148.162.114:19201
+      # OpenSearch local (Core i5)
-      Serilog__OpenSearchFallback: http://129.146.116.218:19202
+      Serilog__OpenSearchUrl: http://192.168.0.100:9200
+      Serilog__OpenSearchFallback: http://192.168.0.100:9200
+      # Stripe test keys (same as development)
+      Stripe__PublishableKey: pk_test_51RjUmIBMIadsOxJVP4bWc54pHEOSf5km1hpOkOBSoGVoKxI46N4KSWtevpXCSq68OjFazBuXmPJGBwZ1KDN5MNJy003lj1YmAS
+      Stripe__SecretKey: sk_test_51RjUmIBMIadsOxJVeqsMFxnZ8ePR7d8IbnaF4sAwBVJv9rrfODPEQ2C9fF3beoABpITdfzEk0ZDzGTTQfvKv63xI00PeZoABGO
+      Stripe__WebhookSecret: whsec_8d189c137ff170ab5e62498003512b9d073e2db50c50ed7d8712b7ef11a37543
+      Stripe__Environment: test
       Logging__LogLevel__Default: Debug
     healthcheck:
       test: ["CMD", "curl", "-f", "http://localhost:8080/health"]

scripts/deploy-release.sh

@@ -196,7 +196,7 @@ deploy_new_version() {
     cat > "$DEPLOY_DIR/.env" << EOF
 IMAGE_TAG=$image_tag
 REGISTRY=registry.redecarneir.us
-MONGODB_CONNECTION_STRING=mongodb://192.168.0.100:27017/BCardsDB
+MONGODB_CONNECTION_STRING=mongodb://admin:c4rn31r0@129.146.116.218:27017,141.148.162.114:27017/BCardsDB?replicaSet=rs0&authSource=admin
 ASPNETCORE_ENVIRONMENT=Release
 CERT_PASSWORD=
 EOF

src/BCards.Web/Middleware/AuthCacheMiddleware.cs

@@ -53,10 +53,13 @@ namespace BCards.Web.Middleware
                         // Só adicionar se não foi definido explicitamente pelo controller
                         if (!context.Response.Headers.ContainsKey("Cache-Control"))
                         {
-                            context.Response.Headers["Cache-Control"] = "no-cache, must-revalidate";
+                            // Headers mais fortes para garantir que CDNs como Cloudflare não façam cache
-                            context.Response.Headers["Vary"] = "Cookie";
+                            context.Response.Headers["Cache-Control"] = "no-store, no-cache, must-revalidate, proxy-revalidate";
+                            context.Response.Headers["Pragma"] = "no-cache";
+                            context.Response.Headers["Expires"] = "0";
+                            context.Response.Headers["Vary"] = "Cookie, Authorization";
 
-                            _logger.LogDebug("AuthCache: Applied no-cache for authenticated user on {Path}", path);
+                            _logger.LogDebug("AuthCache: Applied strong no-cache headers for authenticated user on {Path}", path);
                         }
                     }
                     else