version: "3.8" # ci: redeploy trigger (frontend) services: web: image: node:20-bullseye working_dir: /app command: > bash -lc "corepack enable \ && corepack prepare pnpm@9 --activate \ && pnpm exec prisma migrate deploy \ && pnpm auth:seed \ && pnpm start -p 3000" volumes: - ${APP_DIR:-/srv/apps/sistema}:/app - sistema_db:/app/data environment: NODE_ENV: "production" # Garante instalação de devDependencies para o build (prisma CLI) NPM_CONFIG_PRODUCTION: "false" # Use service-to-service no overlay para o Convex NEXT_PUBLIC_CONVEX_URL: "http://sistema_convex_backend:3210" # URLs públicas do app (evita fallback para localhost) NEXT_PUBLIC_APP_URL: "${NEXT_PUBLIC_APP_URL}" BETTER_AUTH_URL: "${BETTER_AUTH_URL}" # Mantém o SQLite fora do repositório DATABASE_URL: "file:/app/data/db.sqlite" # Usado para forçar novo rollout a cada deploy (setado pelo CI) RELEASE_SHA: "${RELEASE_SHA:-dev}" deploy: mode: replicated replicas: 1 update_config: parallelism: 1 order: start-first failure_action: rollback restart_policy: condition: any placement: constraints: - node.role == manager labels: - traefik.enable=true - traefik.docker.network=traefik_public - traefik.http.routers.sistema_web.rule=Host(`tickets.esdrasrenan.com.br`) - traefik.http.routers.sistema_web.entrypoints=websecure - traefik.http.routers.sistema_web.tls=true - traefik.http.routers.sistema_web.tls.certresolver=le - traefik.http.services.sistema_web.loadbalancer.server.port=3000 networks: - traefik_public healthcheck: test: ["CMD", "node", "-e", "fetch('http://localhost:3000').then(r=>process.exit(r.ok?0:1)).catch(()=>process.exit(1))"] interval: 10s timeout: 3s retries: 5 start_period: 30s convex_backend: image: ghcr.io/get-convex/convex-backend:latest stop_grace_period: 10s stop_signal: SIGINT volumes: - convex_data:/convex/data environment: - RUST_LOG=info - CONVEX_CLOUD_ORIGIN=https://convex.esdrasrenan.com.br - CONVEX_SITE_ORIGIN=https://convex.esdrasrenan.com.br # Provisionamento de máquinas (usado pelas functions do Convex) - MACHINE_PROVISIONING_SECRET=${MACHINE_PROVISIONING_SECRET} - MACHINE_TOKEN_TTL_MS=${MACHINE_TOKEN_TTL_MS:-2592000000} - FLEET_SYNC_SECRET=${FLEET_SYNC_SECRET:-} deploy: mode: replicated replicas: 1 update_config: parallelism: 1 order: start-first failure_action: rollback restart_policy: condition: any placement: constraints: - node.role == manager labels: - traefik.enable=true - traefik.docker.network=traefik_public - traefik.http.routers.sistema_convex.rule=Host(`convex.esdrasrenan.com.br`) - traefik.http.routers.sistema_convex.entrypoints=websecure - traefik.http.routers.sistema_convex.tls=true - traefik.http.routers.sistema_convex.tls.certresolver=le - traefik.http.services.sistema_convex.loadbalancer.server.port=3210 networks: - traefik_public healthcheck: test: ["CMD-SHELL", "curl -sf http://localhost:3210/version >/dev/null || exit 1"] interval: 10s timeout: 3s retries: 5 start_period: 20s convex_dashboard: image: ghcr.io/get-convex/convex-dashboard:latest environment: - NEXT_PUBLIC_DEPLOYMENT_URL=https://convex.esdrasrenan.com.br deploy: mode: replicated replicas: 1 placement: constraints: - node.role == manager labels: - traefik.enable=true - traefik.docker.network=traefik_public - traefik.http.routers.sistema_convex_admin.rule=Host(`convex-admin.esdrasrenan.com.br`) - traefik.http.routers.sistema_convex_admin.entrypoints=websecure - traefik.http.routers.sistema_convex_admin.tls=true - traefik.http.routers.sistema_convex_admin.tls.certresolver=le - traefik.http.services.sistema_convex_admin.loadbalancer.server.port=6791 networks: - traefik_public volumes: sistema_db: convex_data: networks: traefik_public: external: true