From 871f29484757b5950a229ebffb201f75ee2663e8 Mon Sep 17 00:00:00 2001 From: Gerffeson Date: Wed, 10 Sep 2025 18:13:24 -0300 Subject: [PATCH 01/30] Update Argo manifests workflow to use Bitbucket repository and create pull requests via Bitbucket API --- .github/workflows/maven-ci-cd-hml.yaml | 2 +- kustomize-argo-manifests/entrypoint.sh | 51 ++++++++++++++++---------- 2 files changed, 33 insertions(+), 20 deletions(-) diff --git a/.github/workflows/maven-ci-cd-hml.yaml b/.github/workflows/maven-ci-cd-hml.yaml index 93f0817..c68caf3 100644 --- a/.github/workflows/maven-ci-cd-hml.yaml +++ b/.github/workflows/maven-ci-cd-hml.yaml @@ -240,7 +240,7 @@ jobs: steps: - name: Kustomize Argo Manifests - uses: platformbuilders/github-actions-bdsp-templates/kustomize-argo-manifests-hml@main + uses: platformbuilders/github-actions-bdsp-templates/kustomize-argo-manifests@migration-bitbucket-pnb with: image-tag: ${{ needs.CI.outputs.IMAGE_TAG }} image-digest: ${{ needs.CI.outputs.IMAGE_DIGEST }} diff --git a/kustomize-argo-manifests/entrypoint.sh b/kustomize-argo-manifests/entrypoint.sh index bd9073f..5d65aa7 100644 --- a/kustomize-argo-manifests/entrypoint.sh +++ b/kustomize-argo-manifests/entrypoint.sh @@ -6,7 +6,7 @@ IMAGE_DIGEST="$2" GITHUB_TOKEN="$3" REPOSITORY_NAME=$(basename "$4") -ARGO_MANIFESTS_REPO_SLUG="github.com/platformbuilders/pnb-pefisa-gitops-manifets" +ARGO_MANIFESTS_REPO_SLUG="bitbucket.org/pernamlabs/pnb-pefisa-gitops-manifests" ARGO_MANIFESTS_REPO_DIR="argo-manifests" TARGET_OVERLAY_DIR="" @@ -52,7 +52,8 @@ elif [[ $DEPLOY_PROVIDER == "AWS" && "$IS_PROD_FLOW" != "true" ]]; then fi # Clone manifests repo -git clone "https://${GITHUB_TOKEN}@${ARGO_MANIFESTS_REPO_SLUG}.git" "${ARGO_MANIFESTS_REPO_DIR}" +echo "Cloning Bitbucket repo..." +git clone "https://x-bitbucket-api-token-auth:${GITHUB_TOKEN}@${ARGO_MANIFESTS_REPO_SLUG}.git" "${ARGO_MANIFESTS_REPO_DIR}" cd "${ARGO_MANIFESTS_REPO_DIR}" if [[ "$IS_PROD_FLOW" == true ]]; then @@ -119,21 +120,33 @@ echo "Pushing to origin/${TARGET_PUSH_BRANCH}..." git push origin "$TARGET_PUSH_BRANCH" if [[ "$IS_PROD_FLOW" == true ]]; then - echo "Production flow detected. Creating Pull Request from ${PR_HEAD_BRANCH} to ${PR_BASE_BRANCH}..." - - EXISTING_PR=$(gh pr list --repo "$ARGO_MANIFESTS_REPO_SLUG" --base "$PR_BASE_BRANCH" --head "$PR_HEAD_BRANCH" --json number --jq '.[].number' 2>/dev/null) - - if [[ -n "$EXISTING_PR" ]]; then - echo "A PR already exists from branch ${PR_HEAD_BRANCH} to ${PR_BASE_BRANCH} (PR #${EXISTING_PR}) in the manifests repo." - else - echo "Creating Pull Request from ${PR_HEAD_BRANCH} to ${PR_BASE_BRANCH}..." - PR_TITLE="Deploy ${REPOSITORY_NAME} to Production" - PR_BODY="Automated PR for ${REPOSITORY_NAME} from source branch ${GITHUB_REF_NAME}. Update production overlay with image digest ${IMAGE_DIGEST} (tag ${IMAGE_TAG}). Ready for review and merge to deploy to production." - - gh pr create --repo "$ARGO_MANIFESTS_REPO_SLUG" \ - --title "$PR_TITLE" \ - --body "$PR_BODY" \ - --base "$PR_BASE_BRANCH" \ - --head "$PR_HEAD_BRANCH" - fi + echo "Production flow detected. Creating Bitbucket Pull Request from ${PR_HEAD_BRANCH} to ${PR_BASE_BRANCH}..." + + BITBUCKET_REPO_API_SLUG=$(echo "$ARGO_MANIFESTS_REPO_SLUG" | cut -d'/' -f2-) + BITBUCKET_API_URL="https://api.bitbucket.org/2.0/repositories/${BITBUCKET_REPO_API_SLUG}/pullrequests" + + PR_TITLE="Deploy ${REPOSITORY_NAME} to Production" + PR_BODY="Automated PR for ${REPOSITORY_NAME} from source branch ${GITHUB_REF_NAME}. Update production overlay with image digest ${IMAGE_DIGEST} (tag ${IMAGE_TAG}). Ready for review and merge to deploy to production." + + curl -X POST "$BITBUCKET_API_URL" \ + -H "Content-Type: application/json" \ + -H "Authorization: Bearer ${GITHUB_TOKEN}" \ + -d @- << EOF +{ + "title": "${PR_TITLE}", + "description": "${PR_BODY}", + "source": { + "branch": { + "name": "${PR_HEAD_BRANCH}" + } + }, + "destination": { + "branch": { + "name": "${PR_BASE_BRANCH}" + } + }, + "close_source_branch": true +} +EOF + fi From 044b32c42619f34a5e40fbe2df087809d037d2a3 Mon Sep 17 00:00:00 2001 From: Gerffeson Date: Wed, 10 Sep 2025 18:23:29 -0300 Subject: [PATCH 02/30] Add Bitbucket token support for automation in CI/CD workflows --- .github/workflows/maven-ci-cd-hml.yaml | 4 ++++ kustomize-argo-manifests/action.yaml | 6 +++++- kustomize-argo-manifests/entrypoint.sh | 6 +++--- 3 files changed, 12 insertions(+), 4 deletions(-) diff --git a/.github/workflows/maven-ci-cd-hml.yaml b/.github/workflows/maven-ci-cd-hml.yaml index c68caf3..aac8913 100644 --- a/.github/workflows/maven-ci-cd-hml.yaml +++ b/.github/workflows/maven-ci-cd-hml.yaml @@ -35,6 +35,9 @@ on: TOKEN_GITHUB: description: 'Token do GitHub para automação' required: true + BITBUCKET_TOKEN: + description: 'Token do Bitbucket para automação' + required: true outputs: IMAGE_TAG: @@ -246,6 +249,7 @@ jobs: image-digest: ${{ needs.CI.outputs.IMAGE_DIGEST }} github-token: ${{ secrets.TOKEN_GITHUB }} repository-name: ${{ github.repository }} + bitbucket-token: ${{ secrets.BITBUCKET_TOKEN }} env: GH_TOKEN: ${{ secrets.TOKEN_GITHUB }} diff --git a/kustomize-argo-manifests/action.yaml b/kustomize-argo-manifests/action.yaml index 252e0ac..021c958 100644 --- a/kustomize-argo-manifests/action.yaml +++ b/kustomize-argo-manifests/action.yaml @@ -13,6 +13,9 @@ inputs: github-token: description: 'GitHub token' required: true + bitbucket-token: + description: 'Bitbucket token' + required: true runs: using: 'docker' @@ -21,4 +24,5 @@ runs: - ${{ inputs.image-tag }} - ${{ inputs.image-digest }} - ${{ inputs.github-token }} - - ${{ inputs.repository-name }} \ No newline at end of file + - ${{ inputs.repository-name }} + - ${{ inputs.bitbucket-token }} \ No newline at end of file diff --git a/kustomize-argo-manifests/entrypoint.sh b/kustomize-argo-manifests/entrypoint.sh index 5d65aa7..cc79cda 100644 --- a/kustomize-argo-manifests/entrypoint.sh +++ b/kustomize-argo-manifests/entrypoint.sh @@ -3,7 +3,7 @@ set -euo pipefail IMAGE_TAG="$1" IMAGE_DIGEST="$2" -GITHUB_TOKEN="$3" +BITBUCKET_TOKEN="$3" REPOSITORY_NAME=$(basename "$4") ARGO_MANIFESTS_REPO_SLUG="bitbucket.org/pernamlabs/pnb-pefisa-gitops-manifests" @@ -53,7 +53,7 @@ fi # Clone manifests repo echo "Cloning Bitbucket repo..." -git clone "https://x-bitbucket-api-token-auth:${GITHUB_TOKEN}@${ARGO_MANIFESTS_REPO_SLUG}.git" "${ARGO_MANIFESTS_REPO_DIR}" +git clone "https://x-bitbucket-api-token-auth:${BITBUCKET_TOKEN}@${ARGO_MANIFESTS_REPO_SLUG}.git" "${ARGO_MANIFESTS_REPO_DIR}" cd "${ARGO_MANIFESTS_REPO_DIR}" if [[ "$IS_PROD_FLOW" == true ]]; then @@ -130,7 +130,7 @@ if [[ "$IS_PROD_FLOW" == true ]]; then curl -X POST "$BITBUCKET_API_URL" \ -H "Content-Type: application/json" \ - -H "Authorization: Bearer ${GITHUB_TOKEN}" \ + -H "Authorization: Bearer ${BITBUCKET_TOKEN}" \ -d @- << EOF { "title": "${PR_TITLE}", From 70a4e22cc0c597ac499d1a5f930da8ab0db19e77 Mon Sep 17 00:00:00 2001 From: Gerffeson Date: Wed, 10 Sep 2025 18:32:21 -0300 Subject: [PATCH 03/30] Refactor Docker image configuration to use local Dockerfile instead of remote image --- build-push-image-hml/action.yaml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/build-push-image-hml/action.yaml b/build-push-image-hml/action.yaml index 73ed7f8..6fc5c6d 100644 --- a/build-push-image-hml/action.yaml +++ b/build-push-image-hml/action.yaml @@ -2,10 +2,7 @@ name: 'Build and Push Docker Image to GCR' description: 'Builds and pushes a Docker image to Google Container Registry (GCR) based on the branch.' runs: using: 'docker' - image: 'docker://ghcr.io/platformbuilders/github-actions-bdsp-templates/build-push-image:latest' - credentials: - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} + image: 'Dockerfile' outputs: IMAGE_TAG: description: 'Tag da imagem Docker.' From 2867ca286771e53fb2390643f95741ecb4776619 Mon Sep 17 00:00:00 2001 From: Gerffeson Date: Wed, 10 Sep 2025 18:33:51 -0300 Subject: [PATCH 04/30] Update Docker image action to use migration-bitbucket-pnb branch --- .github/workflows/maven-ci-cd-hml.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/maven-ci-cd-hml.yaml b/.github/workflows/maven-ci-cd-hml.yaml index aac8913..fdec4c5 100644 --- a/.github/workflows/maven-ci-cd-hml.yaml +++ b/.github/workflows/maven-ci-cd-hml.yaml @@ -204,7 +204,7 @@ jobs: - name: Build and Push Docker image to GCR id: build_push - uses: platformbuilders/github-actions-bdsp-templates/build-push-image-hml@main + uses: platformbuilders/github-actions-bdsp-templates/build-push-image-hml@migration-bitbucket-pnb with: GCP_CREDENTIALS: ${{ secrets.GCP_SERVICE_ACCOUNT_KEY }} From bf138bcce82b45d1fa03742b4e2fe02d8140a996 Mon Sep 17 00:00:00 2001 From: Gerffeson Date: Wed, 10 Sep 2025 18:42:52 -0300 Subject: [PATCH 05/30] Comment out secret scanner and vulnerability scanner steps in maven-ci-cd-hml workflow --- .github/workflows/maven-ci-cd-hml.yaml | 42 +++++++++++++------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/.github/workflows/maven-ci-cd-hml.yaml b/.github/workflows/maven-ci-cd-hml.yaml index fdec4c5..8dcb3bb 100644 --- a/.github/workflows/maven-ci-cd-hml.yaml +++ b/.github/workflows/maven-ci-cd-hml.yaml @@ -91,11 +91,11 @@ jobs: ref: ${{ inputs.git_ref }} fetch-depth: 0 - - name: Run Secret Scanner - uses: trufflesecurity/trufflehog@main - with: - extra_args: > - --log-level=2 + # - name: Run Secret Scanner + # uses: trufflesecurity/trufflehog@main + # with: + # extra_args: > + # --log-level=2 - name: Set up JDK ${{ env.JAVA_VERSION }} uses: actions/setup-java@v3 @@ -206,23 +206,23 @@ jobs: id: build_push uses: platformbuilders/github-actions-bdsp-templates/build-push-image-hml@migration-bitbucket-pnb with: - GCP_CREDENTIALS: ${{ secrets.GCP_SERVICE_ACCOUNT_KEY }} + GCP_SERVICE_ACCOUNT_KEY: ${{ secrets.GCP_SERVICE_ACCOUNT_KEY }} - - name: Run Image Vulnerability Scanner - uses: aquasecurity/trivy-action@master - with: - image-ref: "${{ steps.build_push.outputs.IMAGE_URI }}" - format: 'table' - output: "${{ github.event.repository.name }}-${{ steps.build_push.outputs.IMAGE_TAG }}-image-scanner-report.txt" - exit-code: '0' - severity: "CRITICAL,HIGH" - - - name: Upload Image Vulnerability Scanner Report - uses: actions/upload-artifact@v4 - with: - name: ${{ github.event.repository.name }}-${{ steps.build_push.outputs.IMAGE_TAG }}-image-scanner-report - path: ${{ github.event.repository.name }}-${{ steps.build_push.outputs.IMAGE_TAG }}-image-scanner-report.txt - retention-days: 3 + # - name: Run Image Vulnerability Scanner + # uses: aquasecurity/trivy-action@master + # with: + # image-ref: "${{ steps.build_push.outputs.IMAGE_URI }}" + # format: 'table' + # output: "${{ github.event.repository.name }}-${{ steps.build_push.outputs.IMAGE_TAG }}-image-scanner-report.txt" + # exit-code: '0' + # severity: "CRITICAL,HIGH" + + # - name: Upload Image Vulnerability Scanner Report + # uses: actions/upload-artifact@v4 + # with: + # name: ${{ github.event.repository.name }}-${{ steps.build_push.outputs.IMAGE_TAG }}-image-scanner-report + # path: ${{ github.event.repository.name }}-${{ steps.build_push.outputs.IMAGE_TAG }}-image-scanner-report.txt + # retention-days: 3 # - name: "Notify Slack: Failure (CI)" From 93088373226a26f5bee8e53d86546debfbadab69 Mon Sep 17 00:00:00 2001 From: Gerffeson Date: Wed, 10 Sep 2025 19:10:12 -0300 Subject: [PATCH 06/30] Simplify secret handling by directly saving GCP service account key to file --- build-push-image-hml/entrypoint.sh | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/build-push-image-hml/entrypoint.sh b/build-push-image-hml/entrypoint.sh index 0c67642..3147276 100644 --- a/build-push-image-hml/entrypoint.sh +++ b/build-push-image-hml/entrypoint.sh @@ -34,14 +34,8 @@ REPOSITORY_URI_PRD="us-central1-docker.pkg.dev/bdsp-devtools/$REPOSITORY_NAME/ma echo "REPOSITORY_URI_BRANCH: $REPOSITORY_URI_BRANCH" echo "REPOSITORY_URI_PRD: $REPOSITORY_URI_PRD" -# Validar se a secret está em Base64 -if echo "$GCP_SERVICE_ACCOUNT_KEY" | base64 -d &>/dev/null; then - echo "Decodificando secret em Base64..." - echo "$GCP_SERVICE_ACCOUNT_KEY" | base64 -d > gcp-sa.json -else - echo "Secret já está no formato correto, salvando diretamente..." - echo "$GCP_SERVICE_ACCOUNT_KEY" > gcp-sa.json -fi +echo "$GCP_SERVICE_ACCOUNT_KEY" > gcp-sa.json + # Autenticar o gcloud gcloud auth activate-service-account --key-file=gcp-sa.json From d9e8647e87a1baf0539a01b402d08c8dda53748c Mon Sep 17 00:00:00 2001 From: Marcos Aurelio Date: Wed, 10 Sep 2025 19:22:49 -0300 Subject: [PATCH 07/30] Update maven-ci-cd-hml.yaml --- .github/workflows/maven-ci-cd-hml.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/maven-ci-cd-hml.yaml b/.github/workflows/maven-ci-cd-hml.yaml index 8dcb3bb..3bfa7ba 100644 --- a/.github/workflows/maven-ci-cd-hml.yaml +++ b/.github/workflows/maven-ci-cd-hml.yaml @@ -205,7 +205,7 @@ jobs: - name: Build and Push Docker image to GCR id: build_push uses: platformbuilders/github-actions-bdsp-templates/build-push-image-hml@migration-bitbucket-pnb - with: + env: GCP_SERVICE_ACCOUNT_KEY: ${{ secrets.GCP_SERVICE_ACCOUNT_KEY }} # - name: Run Image Vulnerability Scanner From 729de5077c94bdf4d9808c41ad0ecd6dd0b4a56b Mon Sep 17 00:00:00 2001 From: Gerffeson Date: Wed, 10 Sep 2025 19:29:14 -0300 Subject: [PATCH 08/30] Add deploy provider input to maven-ci-cd-hml workflow --- .github/workflows/maven-ci-cd-hml.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/maven-ci-cd-hml.yaml b/.github/workflows/maven-ci-cd-hml.yaml index 3bfa7ba..c5638eb 100644 --- a/.github/workflows/maven-ci-cd-hml.yaml +++ b/.github/workflows/maven-ci-cd-hml.yaml @@ -5,6 +5,11 @@ on: # Pipeline de CI/CD padrão para aplicações Maven de homologacao, incluindo build, testes, SonarQube e scan de imagem. inputs: + DEPLOY_PROVIDER: + description: 'Ambiente de deploy (GCP, AWS, etc.)' + required: false + default: 'GCP' + type: string java_version: description: 'Versão do Java a ser usada' required: true From a0c58d45748af20f1e24d8185f71c15f5792ac50 Mon Sep 17 00:00:00 2001 From: Marcos Aurelio Date: Wed, 10 Sep 2025 19:33:04 -0300 Subject: [PATCH 09/30] Update maven-ci-cd-hml.yaml --- .github/workflows/maven-ci-cd-hml.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/maven-ci-cd-hml.yaml b/.github/workflows/maven-ci-cd-hml.yaml index c5638eb..ff60a29 100644 --- a/.github/workflows/maven-ci-cd-hml.yaml +++ b/.github/workflows/maven-ci-cd-hml.yaml @@ -57,6 +57,7 @@ on: env: + DEPLOY_PROVIDER: ${{inputs.DEPLOY_PROVIDER }} JAVA_VERSION: ${{ inputs.java_version }} SONAR_LANGUAGE: "java" SONAR_MAIN_BRANCH: "master" @@ -257,6 +258,7 @@ jobs: bitbucket-token: ${{ secrets.BITBUCKET_TOKEN }} env: GH_TOKEN: ${{ secrets.TOKEN_GITHUB }} + DEPLOY_PROVIDER: ${{ env.DEPLOY_PROVIDER }} # - name: "Notify Slack: Success (CI/CD Non-Prod)" From 0b16f0fcb1e886cbb1ecb11a694db81c56958c89 Mon Sep 17 00:00:00 2001 From: Gerffeson Date: Wed, 10 Sep 2025 19:50:52 -0300 Subject: [PATCH 10/30] =?UTF-8?q?Altera=C3=A7=C3=B5es?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- kustomize-argo-manifests/entrypoint.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/kustomize-argo-manifests/entrypoint.sh b/kustomize-argo-manifests/entrypoint.sh index cc79cda..b1a8a25 100644 --- a/kustomize-argo-manifests/entrypoint.sh +++ b/kustomize-argo-manifests/entrypoint.sh @@ -3,8 +3,9 @@ set -euo pipefail IMAGE_TAG="$1" IMAGE_DIGEST="$2" -BITBUCKET_TOKEN="$3" +GITHUB_TOKEN="$3" REPOSITORY_NAME=$(basename "$4") +BITBUCKET_TOKEN="$5" ARGO_MANIFESTS_REPO_SLUG="bitbucket.org/pernamlabs/pnb-pefisa-gitops-manifests" ARGO_MANIFESTS_REPO_DIR="argo-manifests" From d22331091b0fbc2836e4264f53519239b1ad9644 Mon Sep 17 00:00:00 2001 From: Marcos Aurelio Date: Wed, 10 Sep 2025 20:04:15 -0300 Subject: [PATCH 11/30] Update entrypoint.sh --- kustomize-argo-manifests/entrypoint.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/kustomize-argo-manifests/entrypoint.sh b/kustomize-argo-manifests/entrypoint.sh index b1a8a25..ef73f4b 100644 --- a/kustomize-argo-manifests/entrypoint.sh +++ b/kustomize-argo-manifests/entrypoint.sh @@ -120,7 +120,7 @@ git commit -m "$COMMIT_MESSAGE" echo "Pushing to origin/${TARGET_PUSH_BRANCH}..." git push origin "$TARGET_PUSH_BRANCH" -if [[ "$IS_PROD_FLOW" == true ]]; then +#if [[ "$IS_PROD_FLOW" == true ]]; then echo "Production flow detected. Creating Bitbucket Pull Request from ${PR_HEAD_BRANCH} to ${PR_BASE_BRANCH}..." BITBUCKET_REPO_API_SLUG=$(echo "$ARGO_MANIFESTS_REPO_SLUG" | cut -d'/' -f2-) @@ -150,4 +150,4 @@ if [[ "$IS_PROD_FLOW" == true ]]; then } EOF -fi +#fi From f137ae549bc2ea1c48207a6b19ca8c51fa351013 Mon Sep 17 00:00:00 2001 From: Marcos Aurelio Date: Wed, 10 Sep 2025 20:07:57 -0300 Subject: [PATCH 12/30] Update entrypoint.sh --- kustomize-argo-manifests/entrypoint.sh | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/kustomize-argo-manifests/entrypoint.sh b/kustomize-argo-manifests/entrypoint.sh index ef73f4b..12bd126 100644 --- a/kustomize-argo-manifests/entrypoint.sh +++ b/kustomize-argo-manifests/entrypoint.sh @@ -13,7 +13,7 @@ ARGO_MANIFESTS_REPO_DIR="argo-manifests" TARGET_OVERLAY_DIR="" TARGET_MANIFEST_BRANCH="main" PR_BASE_BRANCH="" -IS_PROD_FLOW=false +IS_PROD_FLOW=true case "$GITHUB_REF_NAME" in "main"|"master") @@ -23,11 +23,11 @@ case "$GITHUB_REF_NAME" in ;; "staging"|"homolog"|release/*) TARGET_OVERLAY_DIR="homolog" - IS_PROD_FLOW=false + IS_PROD_FLOW=true ;; "develop") TARGET_OVERLAY_DIR="develop" - IS_PROD_FLOW=false + IS_PROD_FLOW=true ;; *) echo "No action needed for source branch '$GITHUB_REF_NAME'." @@ -120,7 +120,7 @@ git commit -m "$COMMIT_MESSAGE" echo "Pushing to origin/${TARGET_PUSH_BRANCH}..." git push origin "$TARGET_PUSH_BRANCH" -#if [[ "$IS_PROD_FLOW" == true ]]; then +if [[ "$IS_PROD_FLOW" == true ]]; then echo "Production flow detected. Creating Bitbucket Pull Request from ${PR_HEAD_BRANCH} to ${PR_BASE_BRANCH}..." BITBUCKET_REPO_API_SLUG=$(echo "$ARGO_MANIFESTS_REPO_SLUG" | cut -d'/' -f2-) @@ -150,4 +150,4 @@ git push origin "$TARGET_PUSH_BRANCH" } EOF -#fi +fi From 2b0b66c0613670a32cc1227da8c2f5361fa98907 Mon Sep 17 00:00:00 2001 From: Marcos Aurelio Date: Wed, 10 Sep 2025 20:17:07 -0300 Subject: [PATCH 13/30] Update entrypoint.sh --- kustomize-argo-manifests/entrypoint.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kustomize-argo-manifests/entrypoint.sh b/kustomize-argo-manifests/entrypoint.sh index 12bd126..e351c81 100644 --- a/kustomize-argo-manifests/entrypoint.sh +++ b/kustomize-argo-manifests/entrypoint.sh @@ -12,7 +12,7 @@ ARGO_MANIFESTS_REPO_DIR="argo-manifests" TARGET_OVERLAY_DIR="" TARGET_MANIFEST_BRANCH="main" -PR_BASE_BRANCH="" +PR_BASE_BRANCH="main" IS_PROD_FLOW=true case "$GITHUB_REF_NAME" in From edfebfaaef9a6b72591f478acf40b6fb2d1210ef Mon Sep 17 00:00:00 2001 From: Gerffeson Mota Date: Wed, 10 Sep 2025 21:40:50 -0300 Subject: [PATCH 14/30] Update entrypoint.sh --- kustomize-argo-manifests/entrypoint.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kustomize-argo-manifests/entrypoint.sh b/kustomize-argo-manifests/entrypoint.sh index e351c81..b4a39ca 100644 --- a/kustomize-argo-manifests/entrypoint.sh +++ b/kustomize-argo-manifests/entrypoint.sh @@ -130,8 +130,8 @@ if [[ "$IS_PROD_FLOW" == true ]]; then PR_BODY="Automated PR for ${REPOSITORY_NAME} from source branch ${GITHUB_REF_NAME}. Update production overlay with image digest ${IMAGE_DIGEST} (tag ${IMAGE_TAG}). Ready for review and merge to deploy to production." curl -X POST "$BITBUCKET_API_URL" \ + -u "${BITBUCKET_USERNAME}:${BITBUCKET_TOKEN}" \ -H "Content-Type: application/json" \ - -H "Authorization: Bearer ${BITBUCKET_TOKEN}" \ -d @- << EOF { "title": "${PR_TITLE}", From 71e301d363ac6613224db23c6715e730fb8f57d6 Mon Sep 17 00:00:00 2001 From: Gerffeson Date: Thu, 11 Sep 2025 10:24:20 -0300 Subject: [PATCH 15/30] Add bitbucket username --- .github/workflows/maven-ci-cd-hml.yaml | 5 +++++ kustomize-argo-manifests/action.yaml | 6 +++++- kustomize-argo-manifests/entrypoint.sh | 1 + 3 files changed, 11 insertions(+), 1 deletion(-) diff --git a/.github/workflows/maven-ci-cd-hml.yaml b/.github/workflows/maven-ci-cd-hml.yaml index ff60a29..e99fe98 100644 --- a/.github/workflows/maven-ci-cd-hml.yaml +++ b/.github/workflows/maven-ci-cd-hml.yaml @@ -26,6 +26,10 @@ on: description: 'URL do host do SonarQube' required: false type: string + BITBUCKET_USERNAME: + description: 'Username do Bitbucket' + required: true + type: string secrets: SLACK_WEBHOOK_URL: @@ -256,6 +260,7 @@ jobs: github-token: ${{ secrets.TOKEN_GITHUB }} repository-name: ${{ github.repository }} bitbucket-token: ${{ secrets.BITBUCKET_TOKEN }} + bitbucket-username: ${{ vars.BITBUCKET_USERNAME }} env: GH_TOKEN: ${{ secrets.TOKEN_GITHUB }} DEPLOY_PROVIDER: ${{ env.DEPLOY_PROVIDER }} diff --git a/kustomize-argo-manifests/action.yaml b/kustomize-argo-manifests/action.yaml index 021c958..e27dfca 100644 --- a/kustomize-argo-manifests/action.yaml +++ b/kustomize-argo-manifests/action.yaml @@ -16,6 +16,9 @@ inputs: bitbucket-token: description: 'Bitbucket token' required: true + bitbucket-username: + description: 'Bitbucket username' + required: true runs: using: 'docker' @@ -25,4 +28,5 @@ runs: - ${{ inputs.image-digest }} - ${{ inputs.github-token }} - ${{ inputs.repository-name }} - - ${{ inputs.bitbucket-token }} \ No newline at end of file + - ${{ inputs.bitbucket-token }} + - ${{ inputs.bitbucket_username }} \ No newline at end of file diff --git a/kustomize-argo-manifests/entrypoint.sh b/kustomize-argo-manifests/entrypoint.sh index b4a39ca..81ab5f6 100644 --- a/kustomize-argo-manifests/entrypoint.sh +++ b/kustomize-argo-manifests/entrypoint.sh @@ -6,6 +6,7 @@ IMAGE_DIGEST="$2" GITHUB_TOKEN="$3" REPOSITORY_NAME=$(basename "$4") BITBUCKET_TOKEN="$5" +BITBUCKET_USERNAME="$6" ARGO_MANIFESTS_REPO_SLUG="bitbucket.org/pernamlabs/pnb-pefisa-gitops-manifests" ARGO_MANIFESTS_REPO_DIR="argo-manifests" From f5159e5dca9e2fa990bb5b1f532496139d4d834f Mon Sep 17 00:00:00 2001 From: Gerffeson Date: Thu, 11 Sep 2025 10:35:11 -0300 Subject: [PATCH 16/30] Add verbosidade no curl --- kustomize-argo-manifests/entrypoint.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kustomize-argo-manifests/entrypoint.sh b/kustomize-argo-manifests/entrypoint.sh index 81ab5f6..58cb33c 100644 --- a/kustomize-argo-manifests/entrypoint.sh +++ b/kustomize-argo-manifests/entrypoint.sh @@ -130,7 +130,7 @@ if [[ "$IS_PROD_FLOW" == true ]]; then PR_TITLE="Deploy ${REPOSITORY_NAME} to Production" PR_BODY="Automated PR for ${REPOSITORY_NAME} from source branch ${GITHUB_REF_NAME}. Update production overlay with image digest ${IMAGE_DIGEST} (tag ${IMAGE_TAG}). Ready for review and merge to deploy to production." - curl -X POST "$BITBUCKET_API_URL" \ + curl -v -X POST "$BITBUCKET_API_URL" \ -u "${BITBUCKET_USERNAME}:${BITBUCKET_TOKEN}" \ -H "Content-Type: application/json" \ -d @- << EOF From ef0a2a18620b285616260735dc647a90d38f570f Mon Sep 17 00:00:00 2001 From: Gerffeson Date: Thu, 11 Sep 2025 10:43:26 -0300 Subject: [PATCH 17/30] =?UTF-8?q?Ajustei=20nome=20vari=C3=A1vel?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- kustomize-argo-manifests/action.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kustomize-argo-manifests/action.yaml b/kustomize-argo-manifests/action.yaml index e27dfca..83091ed 100644 --- a/kustomize-argo-manifests/action.yaml +++ b/kustomize-argo-manifests/action.yaml @@ -29,4 +29,4 @@ runs: - ${{ inputs.github-token }} - ${{ inputs.repository-name }} - ${{ inputs.bitbucket-token }} - - ${{ inputs.bitbucket_username }} \ No newline at end of file + - ${{ inputs.bitbucket-username }} \ No newline at end of file From 6a595528f1b28088c472818cd7a5042e0e6ea5e6 Mon Sep 17 00:00:00 2001 From: Gerffeson Date: Thu, 11 Sep 2025 10:50:02 -0300 Subject: [PATCH 18/30] Retirando verbosidade do curl --- kustomize-argo-manifests/entrypoint.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kustomize-argo-manifests/entrypoint.sh b/kustomize-argo-manifests/entrypoint.sh index 58cb33c..81ab5f6 100644 --- a/kustomize-argo-manifests/entrypoint.sh +++ b/kustomize-argo-manifests/entrypoint.sh @@ -130,7 +130,7 @@ if [[ "$IS_PROD_FLOW" == true ]]; then PR_TITLE="Deploy ${REPOSITORY_NAME} to Production" PR_BODY="Automated PR for ${REPOSITORY_NAME} from source branch ${GITHUB_REF_NAME}. Update production overlay with image digest ${IMAGE_DIGEST} (tag ${IMAGE_TAG}). Ready for review and merge to deploy to production." - curl -v -X POST "$BITBUCKET_API_URL" \ + curl -X POST "$BITBUCKET_API_URL" \ -u "${BITBUCKET_USERNAME}:${BITBUCKET_TOKEN}" \ -H "Content-Type: application/json" \ -d @- << EOF From 0c7fc2412b5a756449b62fb38d5338f3cbb9d359 Mon Sep 17 00:00:00 2001 From: marcos-platform-builders Date: Fri, 12 Sep 2025 15:25:38 -0300 Subject: [PATCH 19/30] Add Bitbucket integration to deployment scripts --- .../maven-ci-cd-package-non-kustomize.yaml | 2 + update-argo-manifests/action.yaml | 4 +- update-argo-manifests/entrypoint.sh | 41 ++++++++++++++++--- 3 files changed, 40 insertions(+), 7 deletions(-) diff --git a/.github/workflows/maven-ci-cd-package-non-kustomize.yaml b/.github/workflows/maven-ci-cd-package-non-kustomize.yaml index 1955fe4..7455703 100644 --- a/.github/workflows/maven-ci-cd-package-non-kustomize.yaml +++ b/.github/workflows/maven-ci-cd-package-non-kustomize.yaml @@ -263,6 +263,8 @@ jobs: env: GH_TOKEN: ${{ secrets.TOKEN_GITHUB }} DEPLOY_PROVIDER: ${{ env.DEPLOY_PROVIDER }} + bitbucket-token: ${{ secrets.BITBUCKET_TOKEN }} + bitbucket-username: ${{ vars.BITBUCKET_USERNAME }} - name: "Notify Slack: Success" if: ${{ success() }} diff --git a/update-argo-manifests/action.yaml b/update-argo-manifests/action.yaml index 252e0ac..fd16f77 100644 --- a/update-argo-manifests/action.yaml +++ b/update-argo-manifests/action.yaml @@ -21,4 +21,6 @@ runs: - ${{ inputs.image-tag }} - ${{ inputs.image-digest }} - ${{ inputs.github-token }} - - ${{ inputs.repository-name }} \ No newline at end of file + - ${{ inputs.repository-name }} + - ${{ inputs.bitbucket-token }} + - ${{ inputs.bitbucket-username }} \ No newline at end of file diff --git a/update-argo-manifests/entrypoint.sh b/update-argo-manifests/entrypoint.sh index 1726596..656101b 100644 --- a/update-argo-manifests/entrypoint.sh +++ b/update-argo-manifests/entrypoint.sh @@ -6,6 +6,8 @@ IMAGE_TAG="$1" IMAGE_DIGEST="$2" GITHUB_TOKEN="$3" REPOSITORY_NAME="$4" +BITBUCKET_TOKEN="$5" +BITBUCKET_USERNAME="$6" echo "IMAGE_TAG: $IMAGE_TAG" echo "IMAGE_DIGEST: $IMAGE_DIGEST" @@ -27,10 +29,11 @@ else exit 1 fi +ARGO_MANIFESTS_REPO_SLUG="bitbucket.org/pernamlabs/${TARGET_REPO}" echo "TARGET_REPO: $TARGET_REPO" # Clonar o repositório de destino -GIT_CLONE_COMMAND="git clone https://${GITHUB_TOKEN}@github.com/platformbuilders/${TARGET_REPO}.git argo-manifests" +GIT_CLONE_COMMAND="git clone https://${GITHUB_TOKEN}@bitbucket.org/pernamlabs/${TARGET_REPO}.git argo-manifests" echo "Executing: $GIT_CLONE_COMMAND" $GIT_CLONE_COMMAND @@ -69,17 +72,43 @@ if [[ "$GITHUB_REF_NAME" == "master" || "$GITHUB_REF_NAME" == "main" ]]; then fi # Verificar se já existe um PR aberto ESPECÍFICO para dev -> master - EXISTING_PR=$(gh pr list --base master --head dev --json number --jq '.[].number' 2>/dev/null) + EXISTING_PR=$(curl -s -G -u "${BITBUCKET_USERNAME}:${BITBUCKET_TOKEN}" \ + --data-urlencode 'q=state="OPEN" AND source.branch.name="'dev'" AND destination.branch.name="'"${$GITHUB_REF_NAME}"'"' \ + "https://api.bitbucket.org/2.0/repositories/${BITBUCKET_REPO_API_SLUG}/pullrequests" \ + | jq -r 'if .size>0 then .values[0].links.html.href else "NENHUM PR ABERTO" end') + if [[ -n "$EXISTING_PR" ]]; then echo "Já existe um PR aberto (PR #$EXISTING_PR)" else # Criar PR da dev -> master echo "Alterações detectadas! Criando Pull Request..." - gh pr create --title "Update deployment with image: $IMAGE_TAG" \ - --body "Update deployment with image: $IMAGE_TAG" \ - --base master \ - --head dev + BITBUCKET_REPO_API_SLUG=$(echo "$ARGO_MANIFESTS_REPO_SLUG" | cut -d'/' -f2-) + BITBUCKET_API_URL="https://api.bitbucket.org/2.0/repositories/${BITBUCKET_REPO_API_SLUG}/pullrequests" + + PR_TITLE="Deploy ${REPOSITORY_NAME} to Production" + PR_BODY="Automated PR for ${REPOSITORY_NAME} from source branch ${GITHUB_REF_NAME}. Update production overlay with image digest ${IMAGE_DIGEST} (tag ${IMAGE_TAG}). Ready for review and merge to deploy to production." + + curl -X POST "$BITBUCKET_API_URL" \ + -u "${BITBUCKET_USERNAME}:${BITBUCKET_TOKEN}" \ + -H "Content-Type: application/json" \ + -d @- << EOF +{ + "title": "${PR_TITLE}", + "description": "${PR_BODY}", + "source": { + "branch": { + "name": "${PR_HEAD_BRANCH}" + } + }, + "destination": { + "branch": { + "name": "${PR_BASE_BRANCH}" + } + }, + "close_source_branch": true +} +EOF fi From db79ab9d563452b99bd04786a933daa270e831fa Mon Sep 17 00:00:00 2001 From: marcos-platform-builders Date: Fri, 12 Sep 2025 17:11:51 -0300 Subject: [PATCH 20/30] Update Argo manifests step in CI workflow --- .github/workflows/maven-ci-cd-hml.yaml | 36 +++++++++++++++++++++----- 1 file changed, 29 insertions(+), 7 deletions(-) diff --git a/.github/workflows/maven-ci-cd-hml.yaml b/.github/workflows/maven-ci-cd-hml.yaml index e99fe98..2881946 100644 --- a/.github/workflows/maven-ci-cd-hml.yaml +++ b/.github/workflows/maven-ci-cd-hml.yaml @@ -246,26 +246,48 @@ jobs: needs: CI if: ${{success() }} runs-on: ubuntu-latest - permissions: contents: read packages: read - + steps: - - name: Kustomize Argo Manifests - uses: platformbuilders/github-actions-bdsp-templates/kustomize-argo-manifests@migration-bitbucket-pnb + - name: Update Argo Manifests + uses: platformbuilders/github-actions-bdsp-templates/update-argo-manifests@main with: image-tag: ${{ needs.CI.outputs.IMAGE_TAG }} image-digest: ${{ needs.CI.outputs.IMAGE_DIGEST }} github-token: ${{ secrets.TOKEN_GITHUB }} repository-name: ${{ github.repository }} - bitbucket-token: ${{ secrets.BITBUCKET_TOKEN }} - bitbucket-username: ${{ vars.BITBUCKET_USERNAME }} env: GH_TOKEN: ${{ secrets.TOKEN_GITHUB }} DEPLOY_PROVIDER: ${{ env.DEPLOY_PROVIDER }} + bitbucket-token: ${{ secrets.BITBUCKET_TOKEN }} + bitbucket-username: ${{ vars.BITBUCKET_USERNAME }} - +# CD: +# needs: CI +# if: ${{success() }} +# runs-on: ubuntu-latest +# +# permissions: +# contents: read +# packages: read +# +# steps: +# - name: Kustomize Argo Manifests +# uses: platformbuilders/github-actions-bdsp-templates/kustomize-argo-manifests@migration-bitbucket-pnb +# with: +# image-tag: ${{ needs.CI.outputs.IMAGE_TAG }} +# image-digest: ${{ needs.CI.outputs.IMAGE_DIGEST }} +# github-token: ${{ secrets.TOKEN_GITHUB }} +# repository-name: ${{ github.repository }} +# bitbucket-token: ${{ secrets.BITBUCKET_TOKEN }} +# bitbucket-username: ${{ vars.BITBUCKET_USERNAME }} +# env: +# GH_TOKEN: ${{ secrets.TOKEN_GITHUB }} +# DEPLOY_PROVIDER: ${{ env.DEPLOY_PROVIDER }} +# +# # - name: "Notify Slack: Success (CI/CD Non-Prod)" # if: ${{ success() }} # uses: platformbuilders/github-actions-bdsp-templates/slack-notify@main From 73740931290cf3abdc053151db224a3fc106112e Mon Sep 17 00:00:00 2001 From: marcos-platform-builders Date: Fri, 12 Sep 2025 17:52:50 -0300 Subject: [PATCH 21/30] adjuste parameters sequence --- .github/workflows/maven-ci-cd-hml.yaml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/maven-ci-cd-hml.yaml b/.github/workflows/maven-ci-cd-hml.yaml index 2881946..c9acefb 100644 --- a/.github/workflows/maven-ci-cd-hml.yaml +++ b/.github/workflows/maven-ci-cd-hml.yaml @@ -258,11 +258,12 @@ jobs: image-digest: ${{ needs.CI.outputs.IMAGE_DIGEST }} github-token: ${{ secrets.TOKEN_GITHUB }} repository-name: ${{ github.repository }} + bitbucket-token: ${{ secrets.BITBUCKET_TOKEN }} + bitbucket-username: ${{ vars.BITBUCKET_USERNAME }} env: GH_TOKEN: ${{ secrets.TOKEN_GITHUB }} DEPLOY_PROVIDER: ${{ env.DEPLOY_PROVIDER }} - bitbucket-token: ${{ secrets.BITBUCKET_TOKEN }} - bitbucket-username: ${{ vars.BITBUCKET_USERNAME }} + # CD: # needs: CI From f4d367335ff9df89e8567a3237399c27f6265b5b Mon Sep 17 00:00:00 2001 From: marcos-platform-builders Date: Fri, 12 Sep 2025 18:19:34 -0300 Subject: [PATCH 22/30] add jq in apt --- update-argo-manifests/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/update-argo-manifests/Dockerfile b/update-argo-manifests/Dockerfile index ef49c16..ce51d9d 100644 --- a/update-argo-manifests/Dockerfile +++ b/update-argo-manifests/Dockerfile @@ -1,7 +1,7 @@ FROM ubuntu:latest RUN apt-get update && \ - apt-get install -y git gh curl && \ + apt-get install -y git gh curl && jq && \ apt-get clean && rm -rf /var/lib/apt/lists/* RUN curl -sSL https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 -o /usr/local/bin/yq && \ From 206967aeba7f2405d62254ed37d38a3866781232 Mon Sep 17 00:00:00 2001 From: marcos-platform-builders Date: Fri, 12 Sep 2025 18:23:10 -0300 Subject: [PATCH 23/30] add jq --- update-argo-manifests/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/update-argo-manifests/Dockerfile b/update-argo-manifests/Dockerfile index ce51d9d..56147b7 100644 --- a/update-argo-manifests/Dockerfile +++ b/update-argo-manifests/Dockerfile @@ -1,7 +1,7 @@ FROM ubuntu:latest RUN apt-get update && \ - apt-get install -y git gh curl && jq && \ + apt-get install -y git gh curl jq && \ apt-get clean && rm -rf /var/lib/apt/lists/* RUN curl -sSL https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 -o /usr/local/bin/yq && \ From cdab73030120fb69fe66ea382076744ea71888ae Mon Sep 17 00:00:00 2001 From: marcos-platform-builders Date: Fri, 12 Sep 2025 18:26:48 -0300 Subject: [PATCH 24/30] adjuste branch --- .github/workflows/maven-ci-cd-hml.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/maven-ci-cd-hml.yaml b/.github/workflows/maven-ci-cd-hml.yaml index c9acefb..60837a2 100644 --- a/.github/workflows/maven-ci-cd-hml.yaml +++ b/.github/workflows/maven-ci-cd-hml.yaml @@ -252,7 +252,7 @@ jobs: steps: - name: Update Argo Manifests - uses: platformbuilders/github-actions-bdsp-templates/update-argo-manifests@main + uses: platformbuilders/github-actions-bdsp-templates/update-argo-manifests@migration-bitbucket-pnb with: image-tag: ${{ needs.CI.outputs.IMAGE_TAG }} image-digest: ${{ needs.CI.outputs.IMAGE_DIGEST }} From 9dc74482eed9581e2bfd4c37e1cf7fef323eed0f Mon Sep 17 00:00:00 2001 From: marcos-platform-builders Date: Fri, 12 Sep 2025 18:31:09 -0300 Subject: [PATCH 25/30] add token --- update-argo-manifests/entrypoint.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/update-argo-manifests/entrypoint.sh b/update-argo-manifests/entrypoint.sh index 656101b..e1f5d74 100644 --- a/update-argo-manifests/entrypoint.sh +++ b/update-argo-manifests/entrypoint.sh @@ -33,7 +33,7 @@ ARGO_MANIFESTS_REPO_SLUG="bitbucket.org/pernamlabs/${TARGET_REPO}" echo "TARGET_REPO: $TARGET_REPO" # Clonar o repositório de destino -GIT_CLONE_COMMAND="git clone https://${GITHUB_TOKEN}@bitbucket.org/pernamlabs/${TARGET_REPO}.git argo-manifests" +GIT_CLONE_COMMAND="git clone https://${BITBUCKET_TOKEN}@bitbucket.org/pernamlabs/${TARGET_REPO}.git argo-manifests" echo "Executing: $GIT_CLONE_COMMAND" $GIT_CLONE_COMMAND From 3a04c25c9b4957886ef7734bf50ab8e5ba94911f Mon Sep 17 00:00:00 2001 From: marcos-platform-builders Date: Fri, 12 Sep 2025 18:35:48 -0300 Subject: [PATCH 26/30] fix: update git clone command and add pull request confirmation message --- update-argo-manifests/entrypoint.sh | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/update-argo-manifests/entrypoint.sh b/update-argo-manifests/entrypoint.sh index e1f5d74..7d8ff3c 100644 --- a/update-argo-manifests/entrypoint.sh +++ b/update-argo-manifests/entrypoint.sh @@ -29,11 +29,10 @@ else exit 1 fi -ARGO_MANIFESTS_REPO_SLUG="bitbucket.org/pernamlabs/${TARGET_REPO}" echo "TARGET_REPO: $TARGET_REPO" # Clonar o repositório de destino -GIT_CLONE_COMMAND="git clone https://${BITBUCKET_TOKEN}@bitbucket.org/pernamlabs/${TARGET_REPO}.git argo-manifests" +GIT_CLONE_COMMAND="git clone https://x-bitbucket-api-token-auth:${BITBUCKET_TOKEN}@bitbucket.org/pernamlabs/${TARGET_REPO}.git argo-manifests" echo "Executing: $GIT_CLONE_COMMAND" $GIT_CLONE_COMMAND @@ -81,7 +80,6 @@ if [[ "$GITHUB_REF_NAME" == "master" || "$GITHUB_REF_NAME" == "main" ]]; then if [[ -n "$EXISTING_PR" ]]; then echo "Já existe um PR aberto (PR #$EXISTING_PR)" else - # Criar PR da dev -> master echo "Alterações detectadas! Criando Pull Request..." BITBUCKET_REPO_API_SLUG=$(echo "$ARGO_MANIFESTS_REPO_SLUG" | cut -d'/' -f2-) BITBUCKET_API_URL="https://api.bitbucket.org/2.0/repositories/${BITBUCKET_REPO_API_SLUG}/pullrequests" @@ -109,6 +107,7 @@ if [[ "$GITHUB_REF_NAME" == "master" || "$GITHUB_REF_NAME" == "main" ]]; then "close_source_branch": true } EOF + echo "Pull Request criado!" fi From 3e010574ef1cf6991f344a06a55f7bc48289f09d Mon Sep 17 00:00:00 2001 From: marcos-platform-builders Date: Fri, 12 Sep 2025 18:39:21 -0300 Subject: [PATCH 27/30] add verbose --- update-argo-manifests/entrypoint.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/update-argo-manifests/entrypoint.sh b/update-argo-manifests/entrypoint.sh index 7d8ff3c..c70de89 100644 --- a/update-argo-manifests/entrypoint.sh +++ b/update-argo-manifests/entrypoint.sh @@ -87,7 +87,7 @@ if [[ "$GITHUB_REF_NAME" == "master" || "$GITHUB_REF_NAME" == "main" ]]; then PR_TITLE="Deploy ${REPOSITORY_NAME} to Production" PR_BODY="Automated PR for ${REPOSITORY_NAME} from source branch ${GITHUB_REF_NAME}. Update production overlay with image digest ${IMAGE_DIGEST} (tag ${IMAGE_TAG}). Ready for review and merge to deploy to production." - curl -X POST "$BITBUCKET_API_URL" \ + curl -v -X POST "$BITBUCKET_API_URL" \ -u "${BITBUCKET_USERNAME}:${BITBUCKET_TOKEN}" \ -H "Content-Type: application/json" \ -d @- << EOF From ba19432794222a53996f01c29d3dae165558d1cc Mon Sep 17 00:00:00 2001 From: marcos-platform-builders Date: Fri, 12 Sep 2025 18:42:43 -0300 Subject: [PATCH 28/30] add src dest --- update-argo-manifests/entrypoint.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/update-argo-manifests/entrypoint.sh b/update-argo-manifests/entrypoint.sh index c70de89..74b4425 100644 --- a/update-argo-manifests/entrypoint.sh +++ b/update-argo-manifests/entrypoint.sh @@ -85,7 +85,7 @@ if [[ "$GITHUB_REF_NAME" == "master" || "$GITHUB_REF_NAME" == "main" ]]; then BITBUCKET_API_URL="https://api.bitbucket.org/2.0/repositories/${BITBUCKET_REPO_API_SLUG}/pullrequests" PR_TITLE="Deploy ${REPOSITORY_NAME} to Production" - PR_BODY="Automated PR for ${REPOSITORY_NAME} from source branch ${GITHUB_REF_NAME}. Update production overlay with image digest ${IMAGE_DIGEST} (tag ${IMAGE_TAG}). Ready for review and merge to deploy to production." + PR_BODY="Automated PR for ${REPOSITORY_NAME} from source branch dev . Update production overlay with image digest ${IMAGE_DIGEST} (tag ${IMAGE_TAG}). Ready for review and merge to deploy to production." curl -v -X POST "$BITBUCKET_API_URL" \ -u "${BITBUCKET_USERNAME}:${BITBUCKET_TOKEN}" \ @@ -96,12 +96,12 @@ if [[ "$GITHUB_REF_NAME" == "master" || "$GITHUB_REF_NAME" == "main" ]]; then "description": "${PR_BODY}", "source": { "branch": { - "name": "${PR_HEAD_BRANCH}" + "name": "dev" } }, "destination": { "branch": { - "name": "${PR_BASE_BRANCH}" + "name": "master" } }, "close_source_branch": true From b96c84787448a4174ec2e7164cb2ad6165d5c6b9 Mon Sep 17 00:00:00 2001 From: marcos-platform-builders Date: Fri, 12 Sep 2025 18:52:27 -0300 Subject: [PATCH 29/30] remove unecessary variable and add repository --- update-argo-manifests/entrypoint.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/update-argo-manifests/entrypoint.sh b/update-argo-manifests/entrypoint.sh index 74b4425..e6d0632 100644 --- a/update-argo-manifests/entrypoint.sh +++ b/update-argo-manifests/entrypoint.sh @@ -28,6 +28,7 @@ else echo "Branch não suportada: $GITHUB_REF_NAME" exit 1 fi +ARGO_MANIFESTS_REPO_SLUG="bitbucket.org/pernamlabs/${TARGET_REPO}" echo "TARGET_REPO: $TARGET_REPO" @@ -72,7 +73,7 @@ if [[ "$GITHUB_REF_NAME" == "master" || "$GITHUB_REF_NAME" == "main" ]]; then # Verificar se já existe um PR aberto ESPECÍFICO para dev -> master EXISTING_PR=$(curl -s -G -u "${BITBUCKET_USERNAME}:${BITBUCKET_TOKEN}" \ - --data-urlencode 'q=state="OPEN" AND source.branch.name="'dev'" AND destination.branch.name="'"${$GITHUB_REF_NAME}"'"' \ + --data-urlencode 'q=state="OPEN" AND source.branch.name="'dev'" AND destination.branch.name="'main'"' \ "https://api.bitbucket.org/2.0/repositories/${BITBUCKET_REPO_API_SLUG}/pullrequests" \ | jq -r 'if .size>0 then .values[0].links.html.href else "NENHUM PR ABERTO" end') From a705569ee1dff634452d30f998cc43a79c842c5b Mon Sep 17 00:00:00 2001 From: marcos-platform-builders Date: Fri, 12 Sep 2025 18:58:31 -0300 Subject: [PATCH 30/30] remove env --- update-argo-manifests/entrypoint.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/update-argo-manifests/entrypoint.sh b/update-argo-manifests/entrypoint.sh index e6d0632..7604dd9 100644 --- a/update-argo-manifests/entrypoint.sh +++ b/update-argo-manifests/entrypoint.sh @@ -73,9 +73,9 @@ if [[ "$GITHUB_REF_NAME" == "master" || "$GITHUB_REF_NAME" == "main" ]]; then # Verificar se já existe um PR aberto ESPECÍFICO para dev -> master EXISTING_PR=$(curl -s -G -u "${BITBUCKET_USERNAME}:${BITBUCKET_TOKEN}" \ - --data-urlencode 'q=state="OPEN" AND source.branch.name="'dev'" AND destination.branch.name="'main'"' \ + --data-urlencode 'q=state="OPEN" AND source.branch.name="'dev'" AND destination.branch.name="'master'"' \ "https://api.bitbucket.org/2.0/repositories/${BITBUCKET_REPO_API_SLUG}/pullrequests" \ - | jq -r 'if .size>0 then .values[0].links.html.href else "NENHUM PR ABERTO" end') + | jq -r 'if .size>0 then .values[0].links.html.href else "" end') if [[ -n "$EXISTING_PR" ]]; then