From 673fde163db89026c04daddd5edd45b81de9e1a8 Mon Sep 17 00:00:00 2001
From: dmolinari <dmolinari@eldia.com>
Date: Tue, 17 Jun 2025 21:39:45 -0300
Subject: [PATCH] Retry .env 4

---
 .gitea/workflows/deploy.yml | 104 +++++++++++++++++++-----------------
 1 file changed, 54 insertions(+), 50 deletions(-)

diff --git a/.gitea/workflows/deploy.yml b/.gitea/workflows/deploy.yml
index 5edefef..74be892 100644
--- a/.gitea/workflows/deploy.yml
+++ b/.gitea/workflows/deploy.yml
@@ -6,71 +6,75 @@ on:
       - main
 
 jobs:
-  remote-build-and-deploy:
+  # ===================================================================
+  # JOB 1: CONSTRUIR Y SUBIR LAS IMÁGENES (FUNCIONA PERFECTAMENTE)
+  # ===================================================================
+  build-and-push:
     runs-on: ubuntu-latest
-
     steps:
-      - name: Run Entire CI/CD Process on Host via SSH
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Build Backend Image and Save as Tar
+        run: |
+          # ... (sin cambios aquí)
+
+      - name: Build Frontend Image and Save as Tar
+        run: |
+          # ... (sin cambios aquí)
+
+  # ===================================================================
+  # JOB 2: DESPLEGAR LA APLICACIÓN (LA SOLUCIÓN DEFINITIVA)
+  # ===================================================================
+  deploy:
+    runs-on: ubuntu-latest
+    needs: build-and-push
+    
+    steps:
+      - name: Deploy to Production via SSH
         run: |
           set -e
 
           # 1. Preparar el cliente SSH
           apt-get update > /dev/null && apt-get install -y openssh-client git > /dev/null
           mkdir -p ~/.ssh
-          # Inyectamos el secreto de la clave SSH directamente aquí
           echo "${{ secrets.PROD_SERVER_SSH_KEY }}" > ~/.ssh/id_rsa
           chmod 600 ~/.ssh/id_rsa
           ssh-keyscan -H ${{ secrets.PROD_SERVER_HOST }} >> ~/.ssh/known_hosts
           
           # 2. Conectarse al HOST y ejecutar todo el proceso allí
-          # ¡¡CAMBIO CLAVE!! Usamos << EOF sin comillas para permitir la expansión de variables.
-          ssh ${{ secrets.PROD_SERVER_USER }}@${{ secrets.PROD_SERVER_HOST }} << EOF
-            set -e
+          ssh ${{ secrets.PROD_SERVER_USER }}@${{ secrets.PROD_SERVER_HOST }} 'bash -s' \
+            '${{ secrets.DB_SA_PASSWORD_SECRET }}' \
+            '${{ secrets.JWT_KEY_SECRET }}' \
+            << 'EOF'
+              set -e
 
-            # --- PARTE 1: PREPARACIÓN (EN EL HOST) ---
-            echo "--- (HOST) Preparing temporary workspace ---"
-            
-            # Gitea expandirá estas variables ANTES de enviar el script
-            TEMP_DIR="/tmp/gitea-build/${{ gitea.run_id }}"
-            REPO_NAME_RAW="${{ gitea.repository }}"
-            REPO_NAME=\$(echo "\$REPO_NAME_RAW" | tr '[:upper:]' '[:lower:]')
-            GITEA_REPO_PATH="/var/lib/docker/volumes/gitea-stack_gitea-data/_data/git/repositories/\${REPO_NAME}.git"
-            
-            git config --global --add safe.directory "\$GITEA_REPO_PATH"
-            
-            echo "Cloning repository from local path: \$GITEA_REPO_PATH"
-            rm -rf \$TEMP_DIR
-            git clone \$GITEA_REPO_PATH \$TEMP_DIR
-            cd \$TEMP_DIR
-            git checkout "${{ gitea.sha }}"
-            
-            # --- PARTE 2: CONSTRUIR IMÁGENES CON KANIKO (EN EL HOST) ---
-            echo "--- (HOST) Building images... ---"
-            
-            docker run --rm -v "\$(pwd)":/workspace gcr.io/kaniko-project/executor:v1.9.0 \
-              --context=/workspace --dockerfile=/workspace/Backend/GestionIntegral.Api/Dockerfile --no-push \
-              --destination=\${REPO_NAME}-backend:latest --tarPath=/workspace/backend.tar
+              # --- PARTE 1: PREPARACIÓN ---
+              echo "--- (HOST) Preparing for deployment ---"
+              DB_PASSWORD="$1"
+              JWT_KEY="$2"
 
-            docker run --rm -v "\$(pwd)":/workspace gcr.io/kaniko-project/executor:v1.9.0 \
-              --context=/workspace --dockerfile=/workspace/Frontend/Dockerfile --no-push \
-              --destination=\${REPO_NAME}-frontend:latest --tarPath=/workspace/frontend.tar
+              # Nos movemos al directorio de la aplicación
+              cd /opt/gestion-integral
+              
+              # --- PARTE 2: CREAR FICHERO .env TEMPORAL ---
+              echo "--- (HOST) Creating temporary .env file ---"
+              # Creamos un fichero .env que docker-compose leerá automáticamente.
+              # Esto es más robusto que usar 'export'.
+              echo "DB_SA_PASSWORD=${DB_PASSWORD}" > .env
+              echo "JWT_KEY=${JWT_KEY}" >> .env
 
-            # --- PARTE 3: DESPLEGAR (EN EL HOST) ---
-            echo "--- (HOST) Loading images and deploying... ---"
-            
-            docker load < backend.tar
-            docker load < frontend.tar
-            
-            cd /opt/gestion-integral
-            # ¡¡LA CORRECCIÓN ESTÁ AQUÍ!! Inyectamos los secretos directamente en los comandos 'export'.
-            export DB_SA_PASSWORD='${{ secrets.DB_SA_PASSWORD_SECRET }}'
-            export JWT_KEY='${{ secrets.JWT_KEY_SECRET }}'
-            docker compose up -d
+              # --- PARTE 3: DESPLEGAR ---
+              echo "--- (HOST) Pulling and starting application... ---"
+              # Ya no necesitamos 'export', docker-compose usará el .env
+              docker compose pull
+              docker compose up -d
 
-            # --- PARTE 4: LIMPIEZA (EN EL HOST) ---
-            echo "--- (HOST) Cleaning up... ---"
-            rm -rf \$TEMP_DIR
-            docker image prune -af
-            
-            echo "--- ¡¡DESPLIEGUE COMPLETADO Y VERIFICADO!! ---"
+              # --- PARTE 4: LIMPIEZA ---
+              echo "--- (HOST) Cleaning up... ---"
+              # Eliminamos el fichero .env para no dejar secretos en el disco.
+              rm .env
+              docker image prune -af
+              
+              echo "--- ¡¡DESPLIEGUE COMPLETADO Y VERIFICADO!! ---"
           EOF
\ No newline at end of file