From 23828ee5efde7c823b38b745bcadd96c6e9d95e9 Mon Sep 17 00:00:00 2001
From: Dalton Alvarenga <dalton.alvarenga@familiapires.com.br>
Date: Thu, 7 May 2026 10:21:18 -0300
Subject: [PATCH] fix(ci): volta build pra Cloud Build + bump Node 20 no
 webcomponent
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Reverte cd.yml pra Cloud Build (gcloud builds submit). Kaniko da PR #5
  quebra porque a imagem kaniko:debug não tem /bin/sleep no PATH e o
  act-runner usa entrypoint=["/bin/sleep","10800"] no container do job.
- Bump node:18 -> node:20 no stage do webcomponent (Vite >= 5 exige Node 20+).

Pré-requisito pro Cloud Build funcionar: SA gitea-cd precisa de
roles/cloudbuild.builds.editor + roles/serviceusage.serviceUsageConsumer.
---
 .gitea/workflows/cd.yml | 60 +++++++++++------------------------------
 Dockerfile              |  2 +-
 2 files changed, 16 insertions(+), 46 deletions(-)

diff --git a/.gitea/workflows/cd.yml b/.gitea/workflows/cd.yml
index e5b0ece..e1307bb 100644
--- a/.gitea/workflows/cd.yml
+++ b/.gitea/workflows/cd.yml
@@ -6,53 +6,16 @@ on:
   pull_request:
 
 env:
-  IMG: ${{ secrets.AR_LOCATION }}-docker.pkg.dev/${{ secrets.GCP_PROJECT }}/${{ secrets.AR_REPO }}/${{ gitea.event.repository.name }}:lab-${{ gitea.run_number }}
+  IMAGE_BASE: ${{ secrets.AR_LOCATION }}-docker.pkg.dev/${{ secrets.GCP_PROJECT }}/${{ secrets.AR_REPO }}
 
 jobs:
-  # Build + push da imagem usando Kaniko (sem Docker daemon, sem Cloud Build).
-  # Roda dentro da imagem oficial do Kaniko que tem busybox + binary executor.
   build:
     runs-on: ubuntu-latest
-    container:
-      image: gcr.io/kaniko-project/executor:v1.23.2-debug
-    steps:
-      - uses: actions/checkout@v4
-
-      - name: Auth Artifact Registry + Build & Push (kaniko)
-        run: |
-          set -e
-          mkdir -p /kaniko/.docker
-          # Grava a chave da SA em arquivo via heredoc (preserva quebras/aspas)
-          cat > /tmp/sa.json <<'__SA_EOF__'
-          ${{ secrets.GCP_SA_KEY }}
-          __SA_EOF__
-          # Docker config: Basic Auth com user `_json_key` + JSON da SA
-          AUTH_B64=$(printf '_json_key:%s' "$(cat /tmp/sa.json)" | base64 -w0)
-          cat > /kaniko/.docker/config.json <<EOF
-          {
-            "auths": {
-              "${{ secrets.AR_LOCATION }}-docker.pkg.dev": { "auth": "${AUTH_B64}" }
-            }
-          }
-          EOF
-          /kaniko/executor \
-            --context dir://. \
-            --dockerfile Dockerfile \
-            --destination "${IMG}" \
-            --cache=true \
-            --cache-ttl=168h \
-            --snapshot-mode=redo \
-            --use-new-run
-
-  # Deploy só roda em push pra master/main, depois do build OK.
-  # Usa runner default (node:18-bullseye) — instala kubectl + gke-auth-plugin.
-  deploy:
-    runs-on: ubuntu-latest
-    needs: build
-    if: github.event_name == 'push'
     steps:
       - uses: actions/checkout@v4
 
+      # Instala kubectl + auth plugin (gcloud já vem via setup-gcloud).
+      # Build é feito remoto via Cloud Build (não precisa Docker no runner).
       - name: Install kubectl + gke-auth-plugin
         run: |
           apt-get update -qq
@@ -73,24 +36,31 @@ jobs:
         with:
           project_id: ${{ secrets.GCP_PROJECT }}
 
-      - name: Deploy hml2
+      - name: Build & push (Cloud Build, sem Docker local)
+        run: |
+          IMG="${IMAGE_BASE}/${{ gitea.event.repository.name }}:lab-${{ gitea.run_number }}"
+          gcloud builds submit --tag "$IMG" --project=${{ secrets.GCP_PROJECT }} --timeout=30m
+          echo "IMG=$IMG" >> $GITHUB_ENV
+
+      - name: Deploy hml2 (apenas em push pra master/main)
+        if: github.event_name == 'push'
         env:
           USE_GKE_GCLOUD_AUTH_PLUGIN: "True"
         run: |
           gcloud container clusters get-credentials ${{ secrets.GKE_CLUSTER }} --region ${{ secrets.GKE_REGION }} --project ${{ secrets.GCP_PROJECT }}
           NS=${{ secrets.K8S_NAMESPACE }}
 
-          # 1) Aplica manifests (idempotente)
+          # 1) Aplica manifests (idempotente — cria PVC/Service/Ingress/Deployment se faltarem)
           if [ -d k8s ]; then
             kubectl apply -n "$NS" -f k8s/
           fi
 
-          # 2) Atualiza imagem
+          # 2) Atualiza image
           DEPLOYMENT="${{ gitea.event.repository.name }}-deployment"
           if kubectl get deployment "$DEPLOYMENT" -n "$NS" >/dev/null 2>&1; then
             CONTAINER=$(kubectl get deployment "$DEPLOYMENT" -n "$NS" -o jsonpath='{.spec.template.spec.containers[0].name}')
-            kubectl set image deployment/"$DEPLOYMENT" -n "$NS" "$CONTAINER=${IMG}"
+            kubectl set image deployment/"$DEPLOYMENT" -n "$NS" "$CONTAINER=$IMG"
             kubectl rollout status deployment/"$DEPLOYMENT" -n "$NS" --timeout=600s
           else
-            echo "Deployment $DEPLOYMENT não existe — kubectl apply acabou de criar (1º deploy)"
+            echo "Deployment $DEPLOYMENT não existe no ns $NS — pulei set image (provavelmente é o 1º deploy e o kubectl apply acabou de criar)"
           fi
diff --git a/Dockerfile b/Dockerfile
index 473eae5..da01063 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -7,7 +7,7 @@ ARG VANNA_UPSTREAM_COMMIT=365d0617c1a4567ffee1b19b40c27feb4206bfcf
 # ============================================================================
 # Stage 1 — webcomponent (Node)
 # ============================================================================
-FROM node:18-bookworm-slim AS webcomponent
+FROM node:20-bookworm-slim AS webcomponent
 ARG VANNA_UPSTREAM_COMMIT
 RUN apt-get update && apt-get install -y --no-install-recommends git ca-certificates \
  && rm -rf /var/lib/apt/lists/*
-- 
2.45.2