chore: sincroniza alterações locais

2025-10-09 20:38:53 -03:00 · 2025-10-09 20:38:53 -03:00 · c2050f311a
commit c2050f311a
parent c3249e523d
7 changed files with 362 additions and 26 deletions
--- a/.github/workflows/ci-cd-web-desktop.yml
+++ b/.github/workflows/ci-cd-web-desktop.yml
@ -206,6 +206,34 @@ jobs:
          echo "Forcing service restart..."
          docker service update --force sistema_convex_backend || true

+      - name: Smoke test — register + heartbeat
+        run: |
+          set -e
+          # Load MACHINE_PROVISIONING_SECRET from production .env on the host
+          if [ -f /srv/apps/sistema/.env ]; then
+            set -o allexport
+            . /srv/apps/sistema/.env
+            set +o allexport
+          fi
+          if [ -z "${MACHINE_PROVISIONING_SECRET:-}" ]; then
+            echo "MACHINE_PROVISIONING_SECRET ausente — pulando smoke test"; exit 0
+          fi
+          HOSTNAME_TEST="ci-smoke-$(date +%s)"
+          BODY='{"provisioningSecret":"'"$MACHINE_PROVISIONING_SECRET"'","tenantId":"tenant-atlas","hostname":"'"$HOSTNAME_TEST"'","os":{"name":"Linux","version":"6.1.0","architecture":"x86_64"},"macAddresses":["AA:BB:CC:DD:EE:FF"],"serialNumbers":[],"metadata":{"inventory":{"cpu":"i7","ramGb":16}},"registeredBy":"ci-smoke"}'
+          HTTP=$(curl -sS -o resp.json -w "%{http_code}" -H 'Content-Type: application/json' -d "$BODY" https://tickets.esdrasrenan.com.br/api/machines/register || true)
+          echo "Register HTTP=$HTTP"
+          if [ "$HTTP" != "201" ]; then
+            echo "Register failed:"; tail -c 600 resp.json || true; exit 1; fi
+          TOKEN=$(node -e 'try{const j=require("fs").readFileSync("resp.json","utf8");process.stdout.write(JSON.parse(j).machineToken||"");}catch(e){process.stdout.write("")}' )
+          if [ -z "$TOKEN" ]; then echo "Missing token in register response"; exit 1; fi
+          HB=$(curl -sS -o /dev/null -w "%{http_code}" -H 'Content-Type: application/json' -d '{"machineToken":"'"$TOKEN"'","status":"online","metrics":{"cpuPct":5,"memFreePct":70}}' https://tickets.esdrasrenan.com.br/api/machines/heartbeat || true)
+          echo "Heartbeat HTTP=$HB"
+          if [ "$HB" != "200" ]; then echo "Heartbeat failed"; exit 1; fi
+
+      - name: Cleanup old build workdirs (keep last 3)
+        run: |
+          ls -1dt $HOME/apps/sistema.build.* 2>/dev/null | tail -n +4 | xargs -r rm -rf || true
+
      - name: Restart web service with new code
        run: |
          docker service update --force sistema_web || true
@ -261,26 +289,24 @@ jobs:
        env:
          CONVEX_SELF_HOSTED_URL: ${{ secrets.CONVEX_SELF_HOSTED_URL }}
          CONVEX_SELF_HOSTED_ADMIN_KEY: ${{ secrets.CONVEX_SELF_HOSTED_ADMIN_KEY }}
+          MACHINE_PROVISIONING_SECRET: ${{ secrets.MACHINE_PROVISIONING_SECRET }}
+          MACHINE_TOKEN_TTL_MS: ${{ secrets.MACHINE_TOKEN_TTL_MS }}
+          FLEET_SYNC_SECRET: ${{ secrets.FLEET_SYNC_SECRET }}
        run: |
          set -e
-          # Load production values from /srv (do not copy .env to workspace)
-          if [ -f /srv/apps/sistema/.env ]; then
-            set -o allexport
-            . /srv/apps/sistema/.env
-            set +o allexport
-          fi
          docker run --rm -i \
            -v "$EFFECTIVE_APP_DIR":/app \
            -w /app \
            -e CONVEX_SELF_HOSTED_URL \
            -e CONVEX_SELF_HOSTED_ADMIN_KEY \
-            -e MACHINE_PROVISIONING_SECRET="${MACHINE_PROVISIONING_SECRET:-}" \
-            -e MACHINE_TOKEN_TTL_MS="${MACHINE_TOKEN_TTL_MS:-}" \
-            -e FLEET_SYNC_SECRET="${FLEET_SYNC_SECRET:-}" \
+            -e MACHINE_PROVISIONING_SECRET \
+            -e MACHINE_TOKEN_TTL_MS \
+            -e FLEET_SYNC_SECRET \
            node:20-bullseye bash -lc "set -euo pipefail; unset CONVEX_DEPLOYMENT; corepack enable; corepack prepare pnpm@9 --activate; pnpm install --frozen-lockfile --prod=false; \
-              if [ -n \"\${MACHINE_PROVISIONING_SECRET:-}\" ]; then pnpm exec convex env set MACHINE_PROVISIONING_SECRET \"\${MACHINE_PROVISIONING_SECRET}\" -y; fi; \
-              if [ -n \"\${MACHINE_TOKEN_TTL_MS:-}\" ]; then pnpm exec convex env set MACHINE_TOKEN_TTL_MS \"\${MACHINE_TOKEN_TTL_MS}\" -y; fi; \
-              if [ -n \"\${FLEET_SYNC_SECRET:-}\" ]; then pnpm exec convex env set FLEET_SYNC_SECRET \"\${FLEET_SYNC_SECRET}\" -y; fi;"
+              if [ -n \"$MACHINE_PROVISIONING_SECRET\" ]; then pnpm exec convex env set MACHINE_PROVISIONING_SECRET \"$MACHINE_PROVISIONING_SECRET\" -y; fi; \
+              if [ -n \"$MACHINE_TOKEN_TTL_MS\" ]; then pnpm exec convex env set MACHINE_TOKEN_TTL_MS \"$MACHINE_TOKEN_TTL_MS\" -y; fi; \
+              if [ -n \"$FLEET_SYNC_SECRET\" ]; then pnpm exec convex env set FLEET_SYNC_SECRET \"$FLEET_SYNC_SECRET\" -y; fi; \
+              pnpm exec convex env list"

      - name: Ensure .env is not present for Convex deploy
        run: |