Merge pull request #2 from kodustech/feat/update-cicd

Update CI/CD process

Author: Wellington01

Diff for: .dockerignore

@@ -4,3 +4,5 @@ npm-debug.log
 *.test.js
 *.md
 .DS_Store
+.git
+.gitignore

Diff for: .github/workflows/actions/setup-env/action.yml

@@ -0,0 +1,21 @@
+name: Setup Environment
+description: "Busca parâmetros do AWS Parameter Store e gera o arquivo .env"
+inputs:
+    parameters:
+        description: "Lista de parâmetros separados por espaço"
+        required: true
+runs:
+    using: "composite"
+    steps:
+        - name: Remover arquivo .env antigo (se existir)
+          shell: bash
+          run: |
+              [ -f .env ] && rm .env
+
+        - name: Gerar arquivo .env
+          shell: bash
+          run: |
+              for PARAM in ${{ inputs.parameters }}; do
+                VALUE=$(aws ssm get-parameter --name "/prod/kodus-web/$PARAM" --query 'Parameter.Value' --output text)
+                echo "$PARAM=$VALUE" >> .env
+              done

Diff for: .github/workflows/build-and-push-production.yml

@@ -0,0 +1,85 @@
+name: Build and Publish Docker Images for Cloud
+
+on:
+    release:
+        types: [published]
+
+jobs:
+    build-and-push:
+        name: Build and Push Docker Image for Production (Cloud)
+        runs-on: ubuntu-latest
+        permissions:
+            contents: read
+
+        steps:
+            - name: Checkout Repository
+              uses: actions/[email protected]
+
+            - name: Capture Release Version
+              run: echo "RELEASE_VERSION=${{ github.event.release.tag_name }}" >> $GITHUB_ENV
+
+            - name: Configure AWS Credentials
+              uses: aws-actions/[email protected]
+              with:
+                  aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+                  aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+                  aws-region: ${{ secrets.AWS_REGION }}
+
+            - name: Set up Environment File
+              uses: ./.github/actions/setup-env
+              with:
+                  parameters: "WEB_NODE_ENV WEB_HOSTNAME_API WEB_HOSTNAME_BILLING WEB_JWT_SECRET_KEY WEB_NEXTAUTH_SECRET NEXTAUTH_URL WEB_CONNECTION_SLACK GLOBAL_JIRA_CLIENT_ID GLOBAL_JIRA_REDIRECT_URL WEB_JIRA_SCOPES GLOBAL_GITHUB_CLIENT_ID GLOBAL_GITHUB_REDIRECT_URL WEB_GITHUB_INSTALL_URL GITHUB_CLIENT_SECRET GLOBAL_GITLAB_CLIENT_ID GLOBAL_GITLAB_REDIRECT_URL WEB_GITLAB_SCOPES WEB_GITLAB_OAUTH_URL GLOBAL_GITLAB_CLIENT_SECRET WEB_TERMS_AND_CONDITIONS GLOBAL_SLACK_HOSTNAME GLOBAL_DISCORD_HOSTNAME WEB_DISCORD_HOSTNAME AZURE_REPOS_HOSTNAME WEB_OAUTH_GITLAB_CLIENT_ID WEB_OAUTH_GITLAB_CLIENT_SECRET WEB_OAUTH_GITHUB_CLIENT_ID WEB_OAUTH_GITHUB_CLIENT_SECRET WEB_ANALYTICS_HOSTNAME WEB_ANALYTICS_SECRET WEB_SUPPORT_DOCS_URL WEB_SUPPORT_DISCORD_INVITE_URL WEB_SUPPORT_TALK_TO_FOUNDER_URL"
+
+            - name: Login to Amazon ECR
+              id: login-ecr
+              uses: aws-actions/[email protected]
+
+            - name: Set up Docker Buildx
+              uses: docker/[email protected]
+
+            - name: Build and Push Docker Image
+              env:
+                  ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
+                  ECR_REPOSITORY: kodus-web-prod
+                  IMAGE_TAG_SHA: ${{ github.sha }}
+                  IMAGE_TAG_VERSION: ${{ github.event.release.tag_name }}
+              run: |
+                  docker buildx build \
+                    --build-arg RELEASE_VERSION=$IMAGE_TAG_VERSION \
+                    --build-arg API_CLOUD_MODE=true \
+                    --cache-from=type=local,src=/tmp/.buildx-cache \
+                    --cache-to=type=local,dest=/tmp/.buildx-cache-new,mode=max \
+                    --platform linux/amd64,linux/arm64 \
+                    -f DockerFiles/Dockerfile.prod \
+                    -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG_SHA \
+                    -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG_VERSION \
+                    -t $ECR_REGISTRY/$ECR_REPOSITORY:latest \
+                    --push .
+
+            - name: Cleanup Docker Images
+              if: always()
+              run: |
+                  docker rmi $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG_SHA || true
+                  docker rmi $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG_VERSION || true
+                  docker rmi $ECR_REGISTRY/$ECR_REPOSITORY:latest || true
+                  docker image prune -f || true
+
+            - name: Notify Discord on Success
+              if: success()
+              uses: sarisia/[email protected]
+              with:
+                  webhook: ${{ secrets.DISCORD_WEBHOOK }}
+                  content: ":tada: A imagem Docker `${{ env.RELEASE_VERSION }}` foi construída e enviada com sucesso para o Amazon ECR."
+                  title: "Build e Push: kodus-web (Cloud)"
+                  username: "GitHub Actions"
+                  color: 0x00FF00
+
+            - name: Notify Discord on Failure
+              if: failure()
+              uses: sarisia/[email protected]
+              with:
+                  webhook: ${{ secrets.DISCORD_WEBHOOK }}
+                  content: ":x: Falha ao construir ou enviar a imagem Docker `${{ env.RELEASE_VERSION }}` para o Amazon ECR. Verifique os logs para mais detalhes."
+                  title: "Build e Push: kodus-web (Cloud)"
+                  username: "GitHub Actions"
+                  color: 0xFF0000

Diff for: .github/workflows/build-and-push-selfhosted.yml

@@ -0,0 +1,83 @@
+name: Build and Publish Docker Images for Self-Hosted
+
+on:
+    release:
+        types: [published]
+
+jobs:
+    build-and-push:
+        name: Build and Push Docker Images for Self-Hosted
+        runs-on: ubuntu-latest
+        permissions:
+            contents: read
+            packages: write
+
+        steps:
+            - name: Checkout Repository
+              uses: actions/[email protected]
+
+            - name: Capture Release Version
+              run: echo "RELEASE_VERSION=${{ github.event.release.tag_name }}" >> $GITHUB_ENV
+
+            - name: Configure AWS Credentials
+              uses: aws-actions/[email protected]
+              with:
+                  aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+                  aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+                  aws-region: ${{ secrets.AWS_REGION }}
+
+            - name: Set up Environment File
+              uses: ./.github/actions/setup-env
+              with:
+                  parameters: "WEB_NODE_ENV WEB_HOSTNAME_API WEB_HOSTNAME_BILLING WEB_JWT_SECRET_KEY WEB_NEXTAUTH_SECRET NEXTAUTH_URL WEB_CONNECTION_SLACK GLOBAL_JIRA_CLIENT_ID GLOBAL_JIRA_REDIRECT_URL WEB_JIRA_SCOPES GLOBAL_GITHUB_CLIENT_ID GLOBAL_GITHUB_REDIRECT_URL WEB_GITHUB_INSTALL_URL GITHUB_CLIENT_SECRET GLOBAL_GITLAB_CLIENT_ID GLOBAL_GITLAB_REDIRECT_URL WEB_GITLAB_SCOPES WEB_GITLAB_OAUTH_URL GLOBAL_GITLAB_CLIENT_SECRET WEB_TERMS_AND_CONDITIONS GLOBAL_SLACK_HOSTNAME GLOBAL_DISCORD_HOSTNAME WEB_DISCORD_HOSTNAME AZURE_REPOS_HOSTNAME WEB_OAUTH_GITLAB_CLIENT_ID WEB_OAUTH_GITLAB_CLIENT_SECRET WEB_OAUTH_GITHUB_CLIENT_ID WEB_OAUTH_GITHUB_CLIENT_SECRET WEB_ANALYTICS_HOSTNAME WEB_ANALYTICS_SECRET WEB_SUPPORT_DOCS_URL WEB_SUPPORT_DISCORD_INVITE_URL WEB_SUPPORT_TALK_TO_FOUNDER_URL"
+
+            - name: Set up Docker Buildx
+              uses: docker/[email protected]
+
+            - name: Login to GitHub Container Registry
+              uses: docker/[email protected]
+              with:
+                  registry: ghcr.io
+                  username: ${{ github.actor }}
+                  password: ${{ secrets.GITHUB_TOKEN }}
+
+            - name: Extract Docker Metadata
+              id: meta
+              uses: docker/[email protected]
+              with:
+                  images: ghcr.io/${{ github.repository_owner }}/kodus-web
+                  tags: |
+                      type=semver,pattern={{version}}
+                      type=raw,value=latest
+
+            - name: Build and Push Docker Images
+              uses: docker/[email protected]
+              with:
+                  context: .
+                  file: ./DockerFiles/Dockerfile.prod
+                  push: true
+                  tags: ${{ steps.meta.outputs.tags }}
+                  labels: ${{ steps.meta.outputs.labels }}
+                  platforms: linux/amd64,linux/arm64
+                  build-args: |
+                      API_CLOUD_MODE=false
+
+            - name: Notify Discord on Success
+              if: success()
+              uses: sarisia/[email protected]
+              with:
+                  webhook: ${{ secrets.DISCORD_WEBHOOK }}
+                  content: ":tada: A imagem Docker versão `${{ env.RELEASE_VERSION }}` foi construída e enviada com sucesso para o GitHub Container Registry (Self-Hosted)."
+                  title: "Build e Push: kodus-web (Self-Hosted)"
+                  username: "GitHub Actions"
+                  color: 0x00FF00
+
+            - name: Notify Discord on Failure
+              if: failure()
+              uses: sarisia/[email protected]
+              with:
+                  webhook: ${{ secrets.DISCORD_WEBHOOK }}
+                  content: ":x: Falha ao construir ou enviar a imagem Docker `${{ env.RELEASE_VERSION }}` para o GitHub Container Registry (Self-Hosted). Verifique os logs para mais detalhes."
+                  title: "Build e Push: kodus-web (Self-Hosted)"
+                  username: "GitHub Actions"
+                  color: 0xFF0000

Diff for: .github/workflows/deploy-to-prod.yml

@@ -0,0 +1,97 @@
+name: Deploy Manual to Production Server
+
+on:
+    workflow_dispatch:
+        inputs:
+            image_tag:
+                description: "Tag da imagem Docker para deploy. Se vazio, será usada a última publicada no ECR."
+                required: false
+
+jobs:
+    deploy:
+        name: Deploy to Server
+        runs-on: ubuntu-latest
+        steps:
+            - name: Determine Image Tag
+              id: define-image
+              env:
+                  AWS_REGION: ${{ secrets.AWS_REGION }}
+                  AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+                  AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+              run: |
+                  IMAGE_TAG_INPUT="${{ github.event.inputs.image_tag }}"
+                  if [ -n "$IMAGE_TAG_INPUT" ]; then
+                    echo "Verificando se a imagem com tag '$IMAGE_TAG_INPUT' existe no ECR..."
+                    IMAGE_EXISTS=$(aws ecr describe-images \
+                      --repository-name kodus-web-prod \
+                      --region $AWS_REGION \
+                      --query "imageDetails[?contains(imageTags, '$IMAGE_TAG_INPUT')]" \
+                      --output text)
+                    if [ -z "$IMAGE_EXISTS" ]; then
+                      echo "Imagem com a tag '$IMAGE_TAG_INPUT' não encontrada no ECR."
+                      exit 1
+                    fi
+                    echo "Usando tag: $IMAGE_TAG_INPUT"
+                    echo "IMAGE_TAG=$IMAGE_TAG_INPUT" >> $GITHUB_ENV
+                  else
+                    echo "Buscando a tag mais recente no ECR..."
+                    LAST_TAG=$(aws ecr describe-images \
+                      --repository-name kodus-web-prod \
+                      --region $AWS_REGION \
+                      --query "sort_by(imageDetails, &imagePushedAt)[-1].imageTags[0]" \
+                      --output text)
+                    if [ -z "$LAST_TAG" ]; then
+                      echo "Nenhuma imagem encontrada no ECR."
+                      exit 1
+                    fi
+                    echo "Última tag encontrada: $LAST_TAG"
+                    echo "IMAGE_TAG=$LAST_TAG" >> $GITHUB_ENV
+                  fi
+
+            - name: Get Runner IP
+              run: |
+                  ip=$(curl -s https://ipinfo.io/ip)
+                  echo "::add-mask::$ip"
+                  echo "runner_ip=$ip" >> $GITHUB_ENV
+
+            - name: Add Runner IP to Security Group
+              run: |
+                  aws ec2 authorize-security-group-ingress \
+                    --group-id ${{ secrets.AWS_SECURITY_GROUP }} \
+                    --protocol tcp --port 22 \
+                    --cidr ${{ env.runner_ip }}/32 > /dev/null 2>&1
+              env:
+                  AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+                  AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+                  AWS_DEFAULT_REGION: ${{ secrets.AWS_REGION }}
+
+            - name: Deploy Application on EC2
+              uses: appleboy/[email protected]
+              with:
+                  host: ${{ secrets.AWS_PROD_HOST }}
+                  username: ${{ secrets.AWS_PROD_USERNAME }}
+                  key: ${{ secrets.AWS_PROD_KEY_SSH }}
+                  script: |
+                      cd ~/kodus-web
+                      ./start-web-app.sh prod ${{ env.IMAGE_TAG }} ${{ github.ref }}
+
+            - name: Remove Runner IP from Security Group
+              if: always()
+              run: |
+                  aws ec2 revoke-security-group-ingress \
+                    --group-id ${{ secrets.AWS_SECURITY_GROUP }} \
+                    --protocol tcp --port 22 \
+                    --cidr ${{ env.runner_ip }}/32 > /dev/null 2>&1
+              env:
+                  AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+                  AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+                  AWS_DEFAULT_REGION: ${{ secrets.AWS_REGION }}
+
+            - name: Notify Discord on Success
+              if: success()
+              uses: sarisia/[email protected]
+              with:
+                  webhook: ${{ secrets.DISCORD_WEBHOOK }}
+                  status: ${{ job.status }}
+                  content: ":tada: Deploy realizado com sucesso com a imagem `${{ env.IMAGE_TAG }}`!"
+                  title: "Deploy Prod:"