201 lines
6.2 KiB
YAML
201 lines
6.2 KiB
YAML
name: CI/CD Web + Desktop
|
|
|
|
on:
|
|
push:
|
|
branches: [ main ]
|
|
tags:
|
|
- 'v*.*.*'
|
|
workflow_dispatch:
|
|
inputs:
|
|
force_web_deploy:
|
|
description: 'Forçar deploy do Web (ignorar filtro)?'
|
|
required: false
|
|
default: 'false'
|
|
force_convex_deploy:
|
|
description: 'Forçar deploy do Convex (ignorar filtro)?'
|
|
required: false
|
|
default: 'false'
|
|
|
|
env:
|
|
APP_DIR: /srv/apps/sistema
|
|
VPS_UPDATES_DIR: /var/www/updates
|
|
|
|
jobs:
|
|
changes:
|
|
name: Detect changes
|
|
runs-on: ubuntu-latest
|
|
outputs:
|
|
convex: ${{ steps.filter.outputs.convex }}
|
|
web: ${{ steps.filter.outputs.web }}
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
- name: Paths filter
|
|
id: filter
|
|
uses: dorny/paths-filter@v3
|
|
with:
|
|
filters: |
|
|
convex:
|
|
- 'convex/**'
|
|
web:
|
|
- 'src/**'
|
|
- 'public/**'
|
|
- 'prisma/**'
|
|
- 'next.config.ts'
|
|
- 'package.json'
|
|
- 'pnpm-lock.yaml'
|
|
- 'tsconfig.json'
|
|
- 'middleware.ts'
|
|
- 'stack.yml'
|
|
|
|
deploy:
|
|
name: Deploy (VPS Linux)
|
|
needs: changes
|
|
if: ${{ (github.event_name == 'workflow_dispatch' && github.event.inputs.force_web_deploy == 'true') || (startsWith(github.ref, 'refs/heads/') && needs.changes.outputs.web == 'true') }}
|
|
runs-on: [ self-hosted, linux, vps ]
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Setup pnpm
|
|
uses: pnpm/action-setup@v4
|
|
with:
|
|
version: 9
|
|
|
|
- name: Setup Node.js
|
|
uses: actions/setup-node@v4
|
|
with:
|
|
node-version: 20
|
|
cache: 'pnpm'
|
|
|
|
- name: Sync workspace to APP_DIR (preserving local env)
|
|
run: |
|
|
mkdir -p "$APP_DIR"
|
|
rsync -az --no-perms --no-owner --no-group --delete \
|
|
--filter='protect node_modules' \
|
|
--filter='protect node_modules/**' \
|
|
--filter='protect .pnpm-store' \
|
|
--filter='protect .pnpm-store/**' \
|
|
--filter='protect .env' \
|
|
--filter='protect .env*' \
|
|
--filter='protect apps/desktop/.env*' \
|
|
--filter='protect convex/.env*' \
|
|
--exclude '.git' \
|
|
--exclude '.next' \
|
|
--exclude 'node_modules' \
|
|
--exclude 'node_modules/**' \
|
|
--exclude '.pnpm-store' \
|
|
--exclude '.pnpm-store/**' \
|
|
--exclude '.env*' \
|
|
--exclude 'apps/desktop/.env*' \
|
|
--exclude 'convex/.env*' \
|
|
./ "$APP_DIR"/
|
|
|
|
- name: Install and build (Next.js)
|
|
run: |
|
|
cd "$APP_DIR"
|
|
corepack enable || true
|
|
pnpm install --no-frozen-lockfile
|
|
pnpm prisma:generate
|
|
pnpm build
|
|
|
|
- name: Swarm deploy (stack.yml)
|
|
run: |
|
|
cd "$APP_DIR"
|
|
RELEASE_SHA=${{ github.sha }} docker stack deploy --with-registry-auth -c stack.yml sistema
|
|
|
|
- name: Restart web service with new code
|
|
run: |
|
|
docker service update --force sistema_web || true
|
|
|
|
- name: Restart Convex backend service (optional)
|
|
run: |
|
|
docker service update --force sistema_convex_backend || true
|
|
|
|
convex_deploy:
|
|
name: Deploy Convex functions
|
|
needs: changes
|
|
if: ${{ (github.event_name == 'workflow_dispatch' && github.event.inputs.force_convex_deploy == 'true') || needs.changes.outputs.convex == 'true' }}
|
|
runs-on: [ self-hosted, linux, vps ]
|
|
env:
|
|
APP_DIR: /srv/apps/sistema
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Sync workspace to APP_DIR (preserving local env)
|
|
run: |
|
|
mkdir -p "$APP_DIR"
|
|
rsync -az --no-perms --no-owner --no-group --delete \
|
|
--filter='protect node_modules' \
|
|
--filter='protect node_modules/**' \
|
|
--filter='protect .pnpm-store' \
|
|
--filter='protect .pnpm-store/**' \
|
|
--filter='protect .env' \
|
|
--filter='protect .env*' \
|
|
--filter='protect apps/desktop/.env*' \
|
|
--filter='protect convex/.env*' \
|
|
--exclude '.git' \
|
|
--exclude '.next' \
|
|
--exclude 'node_modules' \
|
|
--exclude 'node_modules/**' \
|
|
--exclude '.pnpm-store' \
|
|
--exclude '.pnpm-store/**' \
|
|
--exclude '.env*' \
|
|
--exclude 'apps/desktop/.env*' \
|
|
--exclude 'convex/.env*' \
|
|
./ "$APP_DIR"/
|
|
- name: Deploy functions to Convex self-hosted
|
|
run: |
|
|
docker run --rm -i \
|
|
-v "$APP_DIR":/app \
|
|
-w /app \
|
|
-e CONVEX_SELF_HOSTED_URL="${{ secrets.CONVEX_SELF_HOSTED_URL }}" \
|
|
-e CONVEX_SELF_HOSTED_ADMIN_KEY="${{ secrets.CONVEX_SELF_HOSTED_ADMIN_KEY }}" \
|
|
node:20-bullseye bash -lc "corepack enable && corepack prepare pnpm@9 --activate && pnpm install --frozen-lockfile --prod=false && pnpm exec convex deploy"
|
|
|
|
desktop_release:
|
|
name: Desktop Release (Windows)
|
|
if: ${{ startsWith(github.ref, 'refs/tags/v') }}
|
|
runs-on: [ self-hosted, windows, desktop ]
|
|
defaults:
|
|
run:
|
|
working-directory: apps/desktop
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Setup pnpm
|
|
uses: pnpm/action-setup@v4
|
|
with:
|
|
version: 9
|
|
|
|
- name: Setup Node.js
|
|
uses: actions/setup-node@v4
|
|
with:
|
|
node-version: 20
|
|
cache: 'pnpm'
|
|
|
|
- name: Install deps (desktop)
|
|
run: pnpm install --frozen-lockfile
|
|
|
|
- name: Build with Tauri
|
|
uses: tauri-apps/tauri-action@v0
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
TAURI_PRIVATE_KEY: ${{ secrets.TAURI_PRIVATE_KEY }}
|
|
TAURI_KEY_PASSWORD: ${{ secrets.TAURI_KEY_PASSWORD }}
|
|
with:
|
|
projectPath: apps/desktop
|
|
|
|
- name: Upload latest.json + bundles to VPS
|
|
uses: appleboy/scp-action@v0.1.7
|
|
with:
|
|
host: ${{ secrets.VPS_HOST }}
|
|
username: ${{ secrets.VPS_USER }}
|
|
key: ${{ secrets.VPS_SSH_KEY }}
|
|
source: |
|
|
**/bundle/**/latest.json
|
|
**/bundle/**/*
|
|
target: ${{ env.VPS_UPDATES_DIR }}
|
|
overwrite: true
|