150 lines
5.3 KiB
YAML
150 lines
5.3 KiB
YAML
version: "3.8"
|
|
# ci: redeploy trigger (frontend)
|
|
|
|
services:
|
|
web:
|
|
image: oven/bun:1.3.2
|
|
# Rodamos como root para permitir apt-get (Node 22, toolchain) no boot
|
|
user: "root"
|
|
working_dir: /app
|
|
command: >
|
|
bash -lc "bash /app/scripts/start-web.sh"
|
|
volumes:
|
|
- ${APP_DIR:-/srv/apps/sistema}:/app
|
|
- sistema_db:/app/data
|
|
environment:
|
|
NODE_ENV: "production"
|
|
BUN_INSTALL_CACHE_DIR: "/tmp/bun-cache"
|
|
# Garante instalação de devDependencies para o build (prisma CLI)
|
|
NPM_CONFIG_PRODUCTION: "false"
|
|
SKIP_AUTH_SEED: "true"
|
|
# IMPORTANTE: "NEXT_PUBLIC_*" é consumida pelo navegador (cliente). Use a URL pública do Convex.
|
|
# Não use o hostname interno do Swarm aqui, pois o browser não consegue resolvê-lo.
|
|
NEXT_PUBLIC_CONVEX_URL: "${NEXT_PUBLIC_CONVEX_URL}"
|
|
# URLs consumidas apenas pelo backend/SSR podem usar o hostname interno
|
|
CONVEX_INTERNAL_URL: "http://convex_backend:3210"
|
|
# URLs públicas do app (evita fallback para localhost)
|
|
NEXT_PUBLIC_APP_URL: "${NEXT_PUBLIC_APP_URL}"
|
|
BETTER_AUTH_URL: "${BETTER_AUTH_URL}"
|
|
BETTER_AUTH_SECRET: "${BETTER_AUTH_SECRET}"
|
|
REPORTS_CRON_SECRET: "${REPORTS_CRON_SECRET}"
|
|
REPORTS_CRON_BASE_URL: "${REPORTS_CRON_BASE_URL}"
|
|
# Mantém o SQLite fora do repositório
|
|
DATABASE_URL: "file:/app/data/db.sqlite"
|
|
# Usado para forçar novo rollout a cada deploy (setado pelo CI)
|
|
RELEASE_SHA: "${RELEASE_SHA:-dev}"
|
|
deploy:
|
|
mode: replicated
|
|
replicas: 1
|
|
update_config:
|
|
parallelism: 1
|
|
# start-first evita downtime: sobe o novo task antes de parar o anterior
|
|
order: start-first
|
|
failure_action: rollback
|
|
rollback_config:
|
|
order: start-first
|
|
resources:
|
|
limits:
|
|
memory: "2G"
|
|
restart_policy:
|
|
condition: any
|
|
placement:
|
|
constraints:
|
|
- node.role == manager
|
|
labels:
|
|
- traefik.enable=true
|
|
- traefik.docker.network=traefik_public
|
|
- traefik.http.routers.sistema_web.rule=Host(`tickets.esdrasrenan.com.br`)
|
|
- traefik.http.routers.sistema_web.entrypoints=websecure
|
|
- traefik.http.routers.sistema_web.tls=true
|
|
- traefik.http.routers.sistema_web.tls.certresolver=le
|
|
- traefik.http.services.sistema_web.loadbalancer.server.port=3000
|
|
networks:
|
|
- traefik_public
|
|
healthcheck:
|
|
test: ["CMD", "node", "-e", "fetch('http://localhost:3000').then(r=>process.exit(r.ok?0:1)).catch(()=>process.exit(1))"]
|
|
interval: 10s
|
|
timeout: 3s
|
|
retries: 5
|
|
start_period: 30s
|
|
|
|
convex_backend:
|
|
image: sistema_convex_backend:1.29.2
|
|
stop_grace_period: 10s
|
|
stop_signal: SIGINT
|
|
volumes:
|
|
- convex_data:/convex/data
|
|
environment:
|
|
- RUST_LOG=info
|
|
- CONVEX_CLOUD_ORIGIN=https://convex.esdrasrenan.com.br
|
|
- CONVEX_SITE_ORIGIN=https://convex.esdrasrenan.com.br
|
|
# Provisionamento de máquinas (usado pelas functions do Convex)
|
|
- MACHINE_PROVISIONING_SECRET=${MACHINE_PROVISIONING_SECRET}
|
|
- MACHINE_TOKEN_TTL_MS=${MACHINE_TOKEN_TTL_MS:-2592000000}
|
|
- FLEET_SYNC_SECRET=${FLEET_SYNC_SECRET:-}
|
|
- REPORTS_CRON_SECRET=${REPORTS_CRON_SECRET}
|
|
- REPORTS_CRON_BASE_URL=${REPORTS_CRON_BASE_URL}
|
|
- REPORTS_CRON_ENABLED=${REPORTS_CRON_ENABLED:-false}
|
|
deploy:
|
|
mode: replicated
|
|
replicas: 1
|
|
update_config:
|
|
parallelism: 1
|
|
order: start-first
|
|
failure_action: rollback
|
|
resources:
|
|
limits:
|
|
# Limite de memória elevado para evitar reinícios por OOM (exit code 137) em cargas de relatórios / índices.
|
|
memory: "16G"
|
|
reservations:
|
|
memory: "4G"
|
|
restart_policy:
|
|
condition: any
|
|
placement:
|
|
constraints:
|
|
- node.role == manager
|
|
labels:
|
|
- traefik.enable=true
|
|
- traefik.docker.network=traefik_public
|
|
- traefik.http.routers.sistema_convex.rule=Host(`convex.esdrasrenan.com.br`)
|
|
- traefik.http.routers.sistema_convex.entrypoints=websecure
|
|
- traefik.http.routers.sistema_convex.tls=true
|
|
- traefik.http.routers.sistema_convex.tls.certresolver=le
|
|
- traefik.http.services.sistema_convex.loadbalancer.server.port=3210
|
|
networks:
|
|
- traefik_public
|
|
healthcheck:
|
|
test: ["CMD-SHELL", "curl -sf http://localhost:3210/version >/dev/null || exit 1"]
|
|
interval: 30s
|
|
timeout: 10s
|
|
retries: 10
|
|
start_period: 120s
|
|
|
|
convex_dashboard:
|
|
image: ghcr.io/get-convex/convex-dashboard:latest
|
|
environment:
|
|
- NEXT_PUBLIC_DEPLOYMENT_URL=https://convex.esdrasrenan.com.br
|
|
deploy:
|
|
mode: replicated
|
|
replicas: 0
|
|
placement:
|
|
constraints:
|
|
- node.role == manager
|
|
labels:
|
|
- traefik.enable=true
|
|
- traefik.docker.network=traefik_public
|
|
- traefik.http.routers.sistema_convex_admin.rule=Host(`convex-admin.esdrasrenan.com.br`)
|
|
- traefik.http.routers.sistema_convex_admin.entrypoints=websecure
|
|
- traefik.http.routers.sistema_convex_admin.tls=true
|
|
- traefik.http.routers.sistema_convex_admin.tls.certresolver=le
|
|
- traefik.http.services.sistema_convex_admin.loadbalancer.server.port=6791
|
|
networks:
|
|
- traefik_public
|
|
|
|
volumes:
|
|
sistema_db:
|
|
convex_data:
|
|
|
|
networks:
|
|
traefik_public:
|
|
external: true
|