feat: add Convex dashboard service and CI job to deploy functions to self-hosted backend

.github/workflows/ci-cd-web-desktop.yml

@@ -49,6 +49,22 @@ jobs:
           cd "$APP_DIR"
           docker stack deploy --with-registry-auth -c stack.yml sistema
 
+  convex_deploy:
+    name: Deploy Convex functions
+    needs: deploy
+    runs-on: [ self-hosted, linux, vps ]
+    env:
+      APP_DIR: /srv/apps/sistema
+    steps:
+      - name: Deploy functions to Convex self-hosted
+        run: |
+          docker run --rm -i \
+            -v "$APP_DIR":/app \
+            -w /app \
+            -e CONVEX_SELF_HOSTED_URL="${{ secrets.CONVEX_SELF_HOSTED_URL }}" \
+            -e CONVEX_SELF_HOSTED_ADMIN_KEY="${{ secrets.CONVEX_SELF_HOSTED_ADMIN_KEY }}" \
+            node:20-bullseye bash -lc "corepack enable && corepack prepare pnpm@9 --activate && pnpm install --frozen-lockfile --prod=false && pnpm exec convex deploy"
+
   desktop_release:
     name: Desktop Release (Windows)
     if: ${{ startsWith(github.ref, 'refs/tags/v') }}
@@ -94,4 +110,3 @@ jobs:
             **/bundle/**/*
           target: ${{ env.VPS_UPDATES_DIR }}
           overwrite: true
-

docs/OPERACAO-PRODUCAO.md

@@ -97,6 +97,17 @@ Acesso
 - App: `https://tickets.esdrasrenan.com.br`
 - Convex: `https://convex.esdrasrenan.com.br` (o importante é o WebSocket do cliente conectar; o path `/version` responde para sanity‑check)
 
+### Dashboard (opcional)
+Você pode expor o painel do Convex para inspeção em produção.
+
+DNS
+- Criar `convex-admin.esdrasrenan.com.br` apontando para a VPS.
+
+Stack
+- O serviço `convex_dashboard` já está definido em `stack.yml` com Traefik. Após atualizar a stack:
+  - Acesse `https://convex-admin.esdrasrenan.com.br`.
+  - Use a Admin Key gerada por `./generate_admin_key.sh` para autenticar.
+
 ## Convex self‑hosted — configuração inicial
 1. Gerar Admin Key (uma vez, dentro do container do Convex):
 ```
@@ -157,6 +168,11 @@ docker stack deploy --with-registry-auth -c stack.yml sistema
    - Executar container `node:20-bullseye` com envs `CONVEX_SELF_HOSTED_URL` e `CONVEX_SELF_HOSTED_ADMIN_KEY` (secrets do GitHub)
    - Rodar `pnpm exec convex deploy`
 
+Secrets necessários no GitHub (Repo → Settings → Secrets and variables → Actions)
+- `CONVEX_SELF_HOSTED_URL` = `https://convex.esdrasrenan.com.br`
+- `CONVEX_SELF_HOSTED_ADMIN_KEY` = chave retornada por `./generate_admin_key.sh`
+- (Desktop) `VPS_HOST`, `VPS_USER`, `VPS_SSH_KEY`, `TAURI_PRIVATE_KEY`, `TAURI_KEY_PASSWORD` — se usar o job de release desktop
+
 Benefícios
 - Push na `main` → pipeline atualiza app e (opcionalmente) publica mudanças no Convex.
 
@@ -199,4 +215,3 @@ Benefícios
 - CI/CD (web + desktop): `.github/workflows/ci-cd-web-desktop.yml`
 - Guia CI/CD Desktop: `apps/desktop/docs/guia-ci-cd-web-desktop.md`
 - Docs Convex self‑hosted: imagem oficial `ghcr.io/get-convex/convex-backend`
-

stack.yml

@@ -65,6 +65,27 @@ services:
     networks:
       - traefik_public
 
+  convex_dashboard:
+    image: ghcr.io/get-convex/convex-dashboard:latest
+    environment:
+      - NEXT_PUBLIC_DEPLOYMENT_URL=https://convex.esdrasrenan.com.br
+    deploy:
+      mode: replicated
+      replicas: 1
+      placement:
+        constraints:
+          - node.role == manager
+      labels:
+        - traefik.enable=true
+        - traefik.docker.network=traefik_public
+        - traefik.http.routers.sistema_convex_admin.rule=Host(`convex-admin.esdrasrenan.com.br`)
+        - traefik.http.routers.sistema_convex_admin.entrypoints=websecure
+        - traefik.http.routers.sistema_convex_admin.tls=true
+        - traefik.http.routers.sistema_convex_admin.tls.certresolver=le
+        - traefik.http.services.sistema_convex_admin.loadbalancer.server.port=6791
+    networks:
+      - traefik_public
+
 volumes:
   sistema_db:
   convex_data: