esdras/sistema-de-chamados
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

chore: sincroniza alterações locais

Browse source
This commit is contained in:
Esdras Renan 2025-10-09 20:38:53 -03:00
parent c3249e523d
commit c2050f311a
7 changed files with 362 additions and 26 deletions
Download patch file Download diff file Expand all files Collapse all files

35
docs/OPERACAO-PRODUCAO.md
View file

@ -165,6 +165,41 @@ docker run --rm -it \
Observação
- Sempre que alterar código em `convex/`, repita o comando acima para publicar as mudanças.
### Variáveis do Convex (importante)
As functions do Convex leem variáveis via `convex env`, não do `.env` do container.
No CI, defina os seguintes Secrets (Repo → Settings → Secrets and variables → Actions):
- `CONVEX_SELF_HOSTED_URL` — ex.: `https://convex.esdrasrenan.com.br`
- `CONVEX_SELF_HOSTED_ADMIN_KEY` — gerada por `./generate_admin_key.sh`
- `MACHINE_PROVISIONING_SECRET` — hex forte
- (opcional) `MACHINE_TOKEN_TTL_MS` — ex.: `2592000000`
- (opcional) `FLEET_SYNC_SECRET`
O job `convex_deploy` sempre roda `convex env set` com os Secrets acima antes do `convex deploy`.
Se preferir setar manualmente:
- `MACHINE_PROVISIONING_SECRET` — obrigatório para `/api/machines/register`
- (opcional) `MACHINE_TOKEN_TTL_MS`, `FLEET_SYNC_SECRET`
CLI manual (exemplo):
```
docker run --rm -it \
-v /srv/apps/sistema:/app -w /app \
-e CONVEX_SELF_HOSTED_URL=https://convex.esdrasrenan.com.br \
-e CONVEX_SELF_HOSTED_ADMIN_KEY='COLE_A_CHAVE' \
node:20-bullseye bash -lc "set -euo pipefail; corepack enable && corepack prepare pnpm@9 --activate && pnpm i --frozen-lockfile --prod=false; \
unset CONVEX_DEPLOYMENT; \
pnpm exec convex env set MACHINE_PROVISIONING_SECRET 'seu-hex' -y; \
pnpm exec convex env list"
```
### Smoke test pósdeploy (CI)
O pipeline executa um teste rápido após o deploy do Web:
- Registra uma máquina fake usando `MACHINE_PROVISIONING_SECRET` do `/srv/apps/sistema/.env`
- Espera `HTTP 201` e extrai `machineToken`
- Envia `heartbeat` e espera `HTTP 200`
- Se falhar, o job é marcado como erro (evita regressões silenciosas)
## Seeds
- Dados de demonstração Convex: acesse uma vez `https://tickets.esdrasrenan.com.br/dev/seed`.
- Usuários (Better Auth):

55
docs/convex-self-hosted-env.md Normal file
View file

@ -0,0 +1,55 @@
Convex SelfHosted — Configurar env e testar provisionamento
Prérequisitos
- Rodar na VPS com Docker.
- Projeto em `/srv/apps/sistema`.
- Admin Key do Convex (já obtida):
`convex-self-hosted|011c148069bd37e4a3f1c10b41b19459427a20e6d7ba81f53b659861f7658cd4985c8936e9`
1) Exportar variáveis da sessão (URL + Admin Key)
export CONVEX_SELF_HOSTED_URL="https://convex.esdrasrenan.com.br"
export CONVEX_SELF_HOSTED_ADMIN_KEY='convex-self-hosted|011c148069bd37e4a3f1c10b41b19459427a20e6d7ba81f53b659861f7658cd4985c8936e9'
2) Definir MACHINE_PROVISIONING_SECRET no Convex (obrigatório)
docker run --rm -it \
-v /srv/apps/sistema:/app -w /app \
-e CONVEX_SELF_HOSTED_URL -e CONVEX_SELF_HOSTED_ADMIN_KEY \
node:20-bullseye bash -lc "set -euo pipefail; \
corepack enable && corepack prepare pnpm@9 --activate && pnpm i --frozen-lockfile --prod=false; \
unset CONVEX_DEPLOYMENT; \
pnpm exec convex env set MACHINE_PROVISIONING_SECRET '71daa9ef54cb224547e378f8121ca898b614446c142a132f73c2221b4d53d7d6' -y; \
pnpm exec convex env list"
3) (Opcional) Definir MACHINE_TOKEN_TTL_MS (padrão 30 dias)
docker run --rm -it \
-v /srv/apps/sistema:/app -w /app \
-e CONVEX_SELF_HOSTED_URL -e CONVEX_SELF_HOSTED_ADMIN_KEY \
node:20-bullseye bash -lc "set -euo pipefail; \
corepack enable && corepack prepare pnpm@9 --activate && pnpm i --frozen-lockfile --prod=false; \
unset CONVEX_DEPLOYMENT; \
pnpm exec convex env set MACHINE_TOKEN_TTL_MS '2592000000' -y; \
pnpm exec convex env list"
4) (Opcional) Definir FLEET_SYNC_SECRET
docker run --rm -it \
-v /srv/apps/sistema:/app -w /app \
-e CONVEX_SELF_HOSTED_URL -e CONVEX_SELF_HOSTED_ADMIN_KEY \
node:20-bullseye bash -lc "set -euo pipefail; \
corepack enable && corepack prepare pnpm@9 --activate && pnpm i --frozen-lockfile --prod=false; \
unset CONVEX_DEPLOYMENT; \
pnpm exec convex env set FLEET_SYNC_SECRET '' -y; \
pnpm exec convex env list"
5) Testar registro (gera machineToken) — substitua o hostname se quiser
HOST="vm-teste-$(date +%s)"; \
curl -sS -o resp.json -w "%{http_code}\n" -X POST 'https://tickets.esdrasrenan.com.br/api/machines/register' \
-H 'Content-Type: application/json' \
-d '{"provisioningSecret":"71daa9ef54cb224547e378f8121ca898b614446c142a132f73c2221b4d53d7d6","tenantId":"tenant-atlas","hostname":"'"$HOST"'","os":{"name":"Linux","version":"6.1.0","architecture":"x86_64"},"macAddresses":["AA:BB:CC:DD:EE:FF"],"serialNumbers":[],"metadata":{"inventario":{"cpu":"i7","ramGb":16}},"registeredBy":"manual-test"}'; \
echo; tail -c 400 resp.json || true
6) (Opcional) Enviar heartbeat com o token retornado
TOKEN=$(node -e 'try{const j=require("fs").readFileSync("resp.json","utf8");process.stdout.write(JSON.parse(j).machineToken||"");}catch(e){process.stdout.write("")}' ); \
[ -n "$TOKEN" ] && curl -sS -o /dev/null -w "%{http_code}\n" -X POST 'https://tickets.esdrasrenan.com.br/api/machines/heartbeat' \
-H 'Content-Type: application/json' \
-d '{"machineToken":"'"$TOKEN"'","status":"online","metrics":{"cpuPct":12,"memFreePct":61}}'