feat: migrate to GraalVM native image as default deployment (#104)

Agent-Logs-Url: https://github.com/EspacoGeek-Teams/SpringAPI_EspacoGeek/sessions/a5b35835-6769-4a24-a315-612c044cde88

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: vitorhugo-java <65777252+vitorhugo-java@users.noreply.github.com>

Author: Copilot

.github/workflows/cicd.yml

@@ -60,8 +60,8 @@ jobs:
   build_and_publish:
     name: Build, Docker and Push
     runs-on: ubuntu-latest
-    needs: tests # Only runs if tests pass
-    if: ${{ needs.tests.result == 'success' }}
+    needs: tests
+    if: false
     env:
       # Base image name (adjust as needed)
       APP_NAME: espacogeek-api
@@ -592,22 +592,224 @@ jobs:
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
-      # Tag and push the validated native image to GHCR.
-      # Only runs after a successful health check and only on pushes to master.
       - name: Tag and push native Docker image
         if: steps.vars.outputs.should_push == 'true' && github.event_name == 'push'
         shell: bash
         run: |
           set -euo pipefail
-          IFS=',' read -ra TAGS <<< "${{ steps.vars.outputs.tags_csv }}"
-          for tag in "${TAGS[@]}"; do
-            FULL_TAG="ghcr.io/${{ env.GHCR_OWNER_LC }}/${{ env.APP_NAME }}-native:${tag}"
-            docker tag native-validation:ci "${FULL_TAG}"
-            docker push "${FULL_TAG}"
-            echo "Pushed: ${FULL_TAG}"
-          done
+          FULL_TAG="ghcr.io/${{ env.GHCR_OWNER_LC }}/${{ env.APP_NAME }}:native"
+          docker tag native-validation:ci "${FULL_TAG}"
+          docker push "${FULL_TAG}"
+          echo "Pushed: ${FULL_TAG}"
+
+      - name: Deploy to Hostinger via SSH
+        uses: appleboy/ssh-action@v0.1.9
+        if: ${{ needs.tests.result == 'success' && steps.vars.outputs.should_push == 'true' && (github.event_name == 'push' || github.event_name == 'workflow_dispatch') }}
+        with:
+          host: ${{ secrets.HOSTINGER_HOST }}
+          username: ${{ secrets.HOSTINGER_USER }}
+          key: ${{ secrets.HOSTINGER }}
+          port: ${{ secrets.HOSTINGER_PORT }}
+          envs: GHCR_OWNER_LC,APP_NAME
+          script_stop: false
+          script: |
+            cleanup_on_exit() {
+              echo "Running SSH-level cleanup..."
+              rm -f .env.espacogeek 2>/dev/null || true
+              docker logout ghcr.io 2>/dev/null || true
+            }
+            trap cleanup_on_exit EXIT INT TERM
+
+            DEPLOY_SCRIPT="/opt/espacogeek/deploy.sh"
+
+            mkdir -p "$(dirname "$DEPLOY_SCRIPT")"
+
+            cat > "$DEPLOY_SCRIPT" << 'DEPLOY_SCRIPT_EOF'
+            #!/bin/bash
+            set -euo pipefail
+
+            RED='\033[0;31m'
+            GREEN='\033[0;32m'
+            YELLOW='\033[1;33m'
+            BLUE='\033[0;34m'
+            NC='\033[0m'
+
+            log_info() { echo -e "${BLUE}[INFO]${NC} $*"; }
+            log_success() { echo -e "${GREEN}[✓]${NC} $*"; }
+            log_warn() { echo -e "${YELLOW}[WARN]${NC} $*"; }
+            log_error() { echo -e "${RED}[✗]${NC} $*"; }
+
+            GHCR_OWNER_LC="${1:-}"
+            APP_NAME="${2:-}"
+            IMAGE_TAG="${3:-native}"
+            ENV_FILE="${4:-.env.espacogeek}"
+            CONTAINER_NAME="espacogeek-api"
+            BACKUP_DIR="${HOME}/espacogeek-api-backups"
+            OLD_CONTAINER_BACKUP="${CONTAINER_NAME}-old"
+            TIMESTAMP=$(date +%Y%m%d_%H%M%S)
+
+            cleanup_env_file() {
+              if [ -f "$ENV_FILE" ]; then
+                log_info "Cleaning up environment file..."
+                rm -f "$ENV_FILE"
+              fi
+            }
+            trap cleanup_env_file EXIT
+
+            if [ -z "$GHCR_OWNER_LC" ] || [ -z "$APP_NAME" ]; then
+              log_error "Usage: $0 <GHCR_OWNER_LC> <APP_NAME> [IMAGE_TAG] [ENV_FILE]"
+              exit 1
+            fi
+
+            IMAGE="ghcr.io/${GHCR_OWNER_LC}/${APP_NAME}:${IMAGE_TAG}"
+
+            container_exists() { docker ps -a --format '{{.Names}}' | grep -q "^${1}$"; }
+
+            if container_exists "$CONTAINER_NAME"; then
+              log_info "Creating backup of old container..."
+              mkdir -p "$BACKUP_DIR"
+              BACKUP_FILE="${BACKUP_DIR}/${CONTAINER_NAME}_backup_${TIMESTAMP}.tar"
+              if docker export "$CONTAINER_NAME" > "$BACKUP_FILE"; then
+                log_success "Container backup created"
+                ls -t "${BACKUP_DIR}/${CONTAINER_NAME}_backup_"*.tar 2>/dev/null | tail -n +6 | xargs rm -f 2>/dev/null || true
+              else
+                log_error "Failed to backup container"
+                exit 1
+              fi
+            fi
+
+            if container_exists "$CONTAINER_NAME"; then
+              log_info "Stopping old container..."
+              docker stop "$CONTAINER_NAME" 2>/dev/null || true
+              docker rename "$CONTAINER_NAME" "${OLD_CONTAINER_BACKUP}" 2>/dev/null || true
+              log_success "Old container renamed to ${OLD_CONTAINER_BACKUP}"
+            fi
+
+            log_info "Pulling new image..."
+            if ! docker pull "$IMAGE"; then
+              log_error "Failed to pull image"
+              if container_exists "${OLD_CONTAINER_BACKUP}"; then
+                log_warn "Restoring old container..."
+                docker rename "${OLD_CONTAINER_BACKUP}" "$CONTAINER_NAME" 2>/dev/null || true
+                docker start "$CONTAINER_NAME" 2>/dev/null || true
+              fi
+              exit 1
+            fi
+            log_success "Image pulled successfully"
+
+            log_info "Starting new container..."
+            if ! docker run -d --name "$CONTAINER_NAME" --network infra_network -p 8080:8080 --restart unless-stopped --env-file "$ENV_FILE" "$IMAGE"; then
+              log_error "Failed to start container"
+              if container_exists "${OLD_CONTAINER_BACKUP}"; then
+                log_warn "Restoring old container..."
+                docker rename "${OLD_CONTAINER_BACKUP}" "$CONTAINER_NAME" 2>/dev/null || true
+                docker start "$CONTAINER_NAME" 2>/dev/null || true
+              fi
+              exit 1
+            fi
+            log_success "Container started successfully"
+
+            log_info "Waiting for application to initialize (up to 30s)..."
+            MAX_RETRIES=6
+            SLEEP_SECONDS=5
+            retries=0
+            HEALTHY=0
+            while [ "$retries" -lt "$MAX_RETRIES" ]; do
+              if ! container_exists "$CONTAINER_NAME"; then
+                log_error "Health check: container '$CONTAINER_NAME' is not running"
+                break
+              fi
+
+              STATUS="$(docker inspect -f '{{.State.Status}}' "$CONTAINER_NAME" 2>/dev/null || echo "unknown")"
+              RESTARTING="$(docker inspect -f '{{.State.Restarting}}' "$CONTAINER_NAME" 2>/dev/null || echo "false")"
+
+              if [ "$STATUS" = "running" ] && [ "$RESTARTING" = "false" ]; then
+                log_success "Health check passed: container is running (status=$STATUS, restarting=$RESTARTING)"
+                HEALTHY=1
+                break
+              fi
+
+              log_info "Health check: status=$STATUS, restarting=$RESTARTING. Retrying in ${SLEEP_SECONDS}s..."
+              sleep "$SLEEP_SECONDS"
+              retries=$((retries + 1))
+            done
+
+            if [ "$HEALTHY" -ne 1 ]; then
+              log_error "Container failed health check after $((MAX_RETRIES * SLEEP_SECONDS))s"
+              if container_exists "$CONTAINER_NAME"; then
+                log_warn "Stopping and removing failed new container..."
+                docker rm -f "$CONTAINER_NAME" 2>/dev/null || true
+              fi
+              if container_exists "${OLD_CONTAINER_BACKUP}"; then
+                log_warn "Restoring old container..."
+                docker rename "${OLD_CONTAINER_BACKUP}" "$CONTAINER_NAME" 2>/dev/null || true
+                docker start "$CONTAINER_NAME" 2>/dev/null || true
+              fi
+              exit 1
+            fi
+            if container_exists "${OLD_CONTAINER_BACKUP}"; then
+              log_info "Removing old container backup..."
+              docker rm -f "${OLD_CONTAINER_BACKUP}" 2>/dev/null || true
+              log_success "Old container removed"
+            fi
+
+            log_success ""
+            log_success "=== DEPLOYMENT SUCCESSFUL ==="
+            docker ps -a --filter name="$CONTAINER_NAME"
+            log_info ""
+            log_info "Recent logs:"
+            docker logs --tail 10 "$CONTAINER_NAME" || true
+            log_success "============================="
+            DEPLOY_SCRIPT_EOF
+
+            chmod +x "$DEPLOY_SCRIPT"
+
+            cat > .env.espacogeek << ENVEOF
+            SPRING_DATASOURCE_URL=${{ secrets.SPRING_DATASOURCE_URL }}
+            SPRING_DATASOURCE_USERNAME=${{ secrets.SPRING_DATASOURCE_USERNAME }}
+            SPRING_DATASOURCE_PASSWORD=${{ secrets.SPRING_DATASOURCE_PASSWORD }}
+            SPRING_MVC_CORS_ALLOWED_ORIGINS=${{ secrets.SPRING_MVC_CORS_ALLOWED_ORIGINS }}
+            SECURITY_JWT_ISSUER=${{ secrets.SECURITY_JWT_ISSUER }}
+            SECURITY_JWT_EXPIRATION_MS=${{ secrets.SECURITY_JWT_EXPIRATION_MS }}
+            SECURITY_JWT_SECRET=${{ secrets.SECURITY_JWT_SECRET }}
+            SAMESITE_WHEN_SAME_SITE=${{ secrets.SAMESITE_WHEN_SAME_SITE }}
+            SECURITY_CSRF_COOKIE_DOMAIN=${{ secrets.SECURITY_CSRF_COOKIE_DOMAIN }}
+            SECURITY_CSRF_COOKIE_SAME_SITE=${{ secrets.SECURITY_CSRF_COOKIE_SAME_SITE }}
+            MAIL_HOST=${{ secrets.MAIL_HOST }}
+            MAIL_PORT=${{ secrets.MAIL_PORT }}
+            MAIL_USERNAME=${{ secrets.MAIL_USERNAME }}
+            MAIL_PASSWORD=${{ secrets.MAIL_PASSWORD }}
+            FRONTEND_URL=${{ secrets.FRONTEND_URL }}
+            ENVEOF
+
+            echo "Validating environment file..."
+            if ! grep -q "^SPRING_DATASOURCE_URL=" .env.espacogeek; then
+              echo "ERROR: SPRING_DATASOURCE_URL not found in .env.espacogeek"
+              cat .env.espacogeek
+              rm -f .env.espacogeek
+              exit 1
+            fi
+            DATASOURCE_URL=$(grep "^SPRING_DATASOURCE_URL=" .env.espacogeek | cut -d'=' -f2)
+            if [ -z "$DATASOURCE_URL" ]; then
+              echo "ERROR: SPRING_DATASOURCE_URL is empty"
+              rm -f .env.espacogeek
+              exit 1
+            fi
+            if [[ ! "$DATASOURCE_URL" =~ ^jdbc: ]]; then
+              echo "ERROR: SPRING_DATASOURCE_URL must start with 'jdbc:' but got: $DATASOURCE_URL"
+              rm -f .env.espacogeek
+              exit 1
+            fi
+            echo "✓ SPRING_DATASOURCE_URL is valid: $DATASOURCE_URL"
+
+            echo "${{ secrets.GHCR_TOKEN }}" | docker login ghcr.io -u "${{ secrets.GHCR_USER }}" --password-stdin
+
+            "$DEPLOY_SCRIPT" "${GHCR_OWNER_LC}" "${APP_NAME}" "native" ".env.espacogeek"
+
+            rm -f .env.espacogeek
+
+            docker logout ghcr.io
 
-      # Always clean up the validation container
       - name: Cleanup validation container
         if: always()
         run: docker rm -f native-validation 2>/dev/null || true

docker/deploy.sh

@@ -54,7 +54,7 @@ on_error() {
 # Arguments
 GHCR_OWNER_LC="${1:-}"
 APP_NAME="${2:-}"
-IMAGE_TAG="${3:-latest}"
+IMAGE_TAG="${3:-native}"
 ENV_FILE="${4:-.env.espacogeek}"
 CONTAINER_NAME="espacogeek-api"
 BACKUP_DIR="${HOME}/espacogeek-api-backups"

docker/docker-compose.yml

@@ -1,22 +1,19 @@
 services:
-  app-jvm:
-    build:
-      context: ..
-      dockerfile: docker/Dockerfile.jvm
-    image: espacogeek-jvm:latest
-    container_name: espacogeek-jvm
+  springapi:
+    #image: espacogeek-jvm:latest
+    image: espacogeek-api:native
+    container_name: espacogeek-api
     environment:
       SPRING_DATASOURCE_URL: ${SPRING_DATASOURCE_URL}
       SPRING_DATASOURCE_USERNAME: ${SPRING_DATASOURCE_USERNAME}
       SPRING_DATASOURCE_PASSWORD: ${SPRING_DATASOURCE_PASSWORD}
-      JAVA_OPTS: "-XX:InitialRAMPercentage=75.0 -XX:MaxRAMPercentage=75.0 -XX:+UseSerialGC"
+      #JAVA_OPTS: "-XX:InitialRAMPercentage=75.0 -XX:MaxRAMPercentage=75.0 -XX:+UseSerialGC"
       SPRING_MVC_CORS_ALLOWED_ORIGINS: ${SPRING_MVC_CORS_ALLOWED_ORIGINS:http://localhost:3000}
       SECURITY_JWT_EXPIRATION_MS: ${SECURITY_JWT_EXPIRATION_MS:604800000}
     networks:
       - infra_network
     ports:
       - "8080:8080"
-      - "5005:5005"
     healthcheck:
       test: ["CMD", "curl", "-f", "http://localhost:8081/actuator/health"]
       interval: 10s
@@ -27,12 +24,13 @@ services:
       resources:
         limits:
           cpus: '0.8'
-          memory: '3500M'
+          memory: '512M'
         reservations:
-          memory: 2000M
+          memory: 256M
     volumes:
       - /etc/localtime:/etc/localtime:ro
       - /etc/timezone:/etc/timezone:ro
 
-infra_network:
+networks:
+  infra_network:
     external: true