From 12a809805ed4fa7678b6c887e712b6adef8f1302 Mon Sep 17 00:00:00 2001
From: esdrasrenan <esdras@renan.dev>
Date: Tue, 16 Dec 2025 22:49:42 -0300
Subject: [PATCH] fix(ci): correcao definitiva de permissoes Docker
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Adiciona step dedicado para corrigir permissoes apos build Docker:
- Usa container Alpine para fazer chown -R 1000:1000 no build
- Tambem corrige permissoes do destino antes do rsync

Isso resolve o erro "Permission denied" do rsync causado por
arquivos criados pelo Docker como root.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---
 .forgejo/workflows/ci-cd-web-desktop.yml | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/.forgejo/workflows/ci-cd-web-desktop.yml b/.forgejo/workflows/ci-cd-web-desktop.yml
index bbbd16d..783e8a3 100644
--- a/.forgejo/workflows/ci-cd-web-desktop.yml
+++ b/.forgejo/workflows/ci-cd-web-desktop.yml
@@ -182,18 +182,23 @@ jobs:
             sistema_web:node22-bun \
             bash -lc "set -euo pipefail; bun install --frozen-lockfile --filter '!appsdesktop'; bun run prisma:generate; bun run build:bun"
 
+      - name: Fix Docker-created file permissions
+        run: |
+          # Docker cria arquivos como root - corrigir para o usuario runner (UID 1000)
+          docker run --rm -v "$EFFECTIVE_APP_DIR":/target alpine:3 \
+            chown -R 1000:1000 /target
+          echo "Permissoes do build corrigidas"
+
       - name: Publish build to stable APP_DIR directory
         run: |
           set -e
           DEST="$HOME/apps/sistema"
           mkdir -p "$DEST"
           mkdir -p "$DEST/.next/static"
-          # Corrigir permissoes de arquivos criados por containers Docker (root)
-          # Isso permite que o rsync sobrescreva arquivos anteriores
-          if [ -d "$DEST/src/generated" ]; then
-            chmod -R u+rwX "$DEST/src/generated" 2>/dev/null || \
-              docker run --rm -v "$DEST/src/generated":/target alpine:3 \
-                chown -R 1000:1000 /target 2>/dev/null || true
+          # Corrigir permissoes do destino (arquivos de deploys anteriores)
+          if [ -d "$DEST" ]; then
+            docker run --rm -v "$DEST":/target alpine:3 \
+              chown -R 1000:1000 /target 2>/dev/null || true
           fi
           # rsync com --no-owner --no-group para nao preservar UID do container Docker
           if [ -d "$EFFECTIVE_APP_DIR/.next/static" ]; then