From e0fbca8e1a0920b95b0018e208adc29dcbea0bef Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Vitor=20Hugo=20Belorio=20Sim=C3=A3o?=
 <vitorhugobsimao@gmail.com>
Date: Thu, 26 Feb 2026 18:26:10 -0300
Subject: [PATCH] chore: ajustando deploy para usar .env.prod e rede VPC

---
 .env.example |  33 +++++++----
 deploy.sh    | 152 ++++++++++++++++++++++++---------------------------
 2 files changed, 92 insertions(+), 93 deletions(-)

diff --git a/.env.example b/.env.example
index 8b60b5a..269ea0c 100644
--- a/.env.example
+++ b/.env.example
@@ -7,9 +7,9 @@ GOOGLE_LOCATION=loc_do_seu_projeto
 VERTEX_MODEL_NAME=gemini-2.5-flash
 
 # ============================================
-# CONFIGURACOES DO BANCO DE DADOS (LOCAL)
+# CONFIGURACOES DO BANCO DE DADOS (POSTGRESQL - TOOLS)
 # ============================================
-# Para desenvolvimento local: PostgreSQL direto
+# Banco principal (tools)
 
 DB_HOST=localhost
 DB_PORT=5432
@@ -23,21 +23,25 @@ DB_NAME=orquestrador_db
 # Comentado ate fazer deploy. Descomente em producao.
 # CLOUD_SQL_CONNECTION_NAME=optimum-tensor-343619:us-central1:orquestrador-db
 
+# ============================================
+# CONFIGURACOES DO BANCO DE DADOS MOCK (MYSQL - DADOS FICTICIOS)
+# ============================================
+MOCK_DB_HOST=127.0.0.1
+MOCK_DB_PORT=3306
+MOCK_DB_USER=root
+MOCK_DB_PASSWORD=SUA_SENHA
+MOCK_DB_NAME=orquestrador_mock
+# MOCK_DB_CLOUD_SQL_CONNECTION_NAME=projeto:regiao:instancia-mysql
+MOCK_SEED_ENABLED=true
+AUTO_SEED_TOOLS=true
+AUTO_SEED_MOCK=true
+
 # ============================================
 # CONFIGURACOES DE API - GOOGLE GENERATIVE AI (Gemini)
 # ============================================
 # Descomente e informe a chave apenas se usar Gemini
 # GOOGLE_API_KEY=sua-chave-api-aqui
 
-# ============================================
-# CONFIGURACOES DE API - FAKERAPI (Dados ficticios)
-# ============================================
-FAKERAPI_BASE_URL=https://fakerapi.it/api/v2
-FAKERAPI_LOCALE=pt_BR
-FAKERAPI_SEED=42
-FAKERAPI_PRODUCTS_QUANTITY=50
-FAKERAPI_PERSONS_QUANTITY=120
-
 # ============================================
 # AMBIENTE E DEBUG
 # ============================================
@@ -45,3 +49,10 @@ FAKERAPI_PERSONS_QUANTITY=120
 ENVIRONMENT=development
 # DEBUG deve ser false em producao
 DEBUG=true
+
+# ============================================
+# CLOUD RUN - REDE PARA MYSQL CORPORATIVO (PRODUCAO)
+# ============================================
+# Ex.: projects/<project>/locations/<region>/connectors/<connector-name>
+# RUN_VPC_CONNECTOR=
+# RUN_VPC_EGRESS=private-ranges-only
diff --git a/deploy.sh b/deploy.sh
index bcbc627..5bf17b1 100644
--- a/deploy.sh
+++ b/deploy.sh
@@ -1,44 +1,50 @@
 #!/bin/bash
 
-# Script de deploy para Google Cloud Run com Artifact Registry
-# Uso: ./deploy.sh
-# Pré-requisitos:
-#   - gcloud CLI autenticado e com projeto principal setado
-#   - Artifact Registry Repository já criado (orquestrador)
-#   - Service Account com roles: Cloud SQL Client, Cloud Run Developer, Artifact Registry Writer
+# Deploy script for Google Cloud Run + Artifact Registry
+# Usage: ./deploy.sh
 
-set -e
+set -euo pipefail
+
+ENV_FILE="${ENV_FILE:-.env.prod}"
+if [ ! -f "${ENV_FILE}" ] && [ -f ".env" ]; then
+  ENV_FILE=".env"
+fi
+if [ ! -f "${ENV_FILE}" ]; then
+  echo "ERROR: env file not found. Expected ${ENV_FILE} (or .env)."
+  exit 1
+fi
+
+get_env_value() {
+  local key="$1"
+  grep -E "^${key}=" "${ENV_FILE}" | tail -n 1 | cut -d'=' -f2- | tr -d '\r'
+}
 
-# Detectar configuração do gcloud
 PROJECT_ID=$(gcloud config get-value project)
 REGION="us-central1"
 SERVICE_NAME="orquestrador"
 REPO_NAME="orquestrador"
-IMAGE_NAME="$REGION-docker.pkg.dev/$PROJECT_ID/$REPO_NAME/$SERVICE_NAME"
+IMAGE_NAME="${REGION}-docker.pkg.dev/${PROJECT_ID}/${REPO_NAME}/${SERVICE_NAME}"
 
-if [ -z "$PROJECT_ID" ]; then
-  echo "❌ Projeto não configurado. Execute: gcloud config set project <seu-projeto>"
+if [ -z "${PROJECT_ID}" ]; then
+  echo "ERROR: gcloud project is not configured."
+  echo "Run: gcloud config set project <your-project-id>"
   exit 1
 fi
 
-echo "🚀 Iniciando deploy para Google Cloud Run"
-echo "📦 Projeto: $PROJECT_ID"
-echo "🌍 Região: $REGION"
-echo "🏗️  Repositório: $REPO_NAME"
+echo "Starting deploy to Cloud Run"
+echo "Project: ${PROJECT_ID}"
+echo "Region: ${REGION}"
+echo "Env file: ${ENV_FILE}"
 
-# Passo 1: Validar autenticação
-echo ""
-echo "1️⃣  Verificando autenticação GCP..."
+echo "1) Checking auth..."
 ACTIVE_ACCOUNT=$(gcloud auth list --filter=status:ACTIVE --format="value(account)")
-if [ -z "$ACTIVE_ACCOUNT" ]; then
-  echo "❌ Nenhuma conta autenticada. Execute: gcloud auth login"
+if [ -z "${ACTIVE_ACCOUNT}" ]; then
+  echo "ERROR: no active gcloud account. Run: gcloud auth login"
   exit 1
 fi
-echo "✅ Autenticado como: $ACTIVE_ACCOUNT"
+echo "Authenticated as: ${ACTIVE_ACCOUNT}"
 
-# Passo 2: Habilitar APIs
-echo ""
-echo "2️⃣  Habilitando APIs necessárias..."
+echo "2) Enabling required APIs..."
 gcloud services enable \
   run.googleapis.com \
   cloudbuild.googleapis.com \
@@ -46,78 +52,60 @@ gcloud services enable \
   aiplatform.googleapis.com \
   sqladmin.googleapis.com \
   --quiet
-echo "✅ APIs habilitadas"
 
-# Passo 3: Build com Cloud Build
-echo ""
-echo "3️⃣  Fazendo build da imagem Docker com Cloud Build..."
+echo "3) Building image with Cloud Build..."
 gcloud builds submit \
   --config=cloudbuild.yaml \
-  --substitutions=_REGION="$REGION",_REPO_NAME="$REPO_NAME",_IMAGE_NAME="$SERVICE_NAME"
-echo "✅ Build concluído"
+  --substitutions=_REGION="${REGION}",_REPO_NAME="${REPO_NAME}",_IMAGE_NAME="${SERVICE_NAME}"
 
-# Passo 4: Deploy para Cloud Run com variáveis de ambiente
-echo ""
-echo "4️⃣  Realizando deploy para Cloud Run com variáveis de ambiente..."
+echo "4) Deploying to Cloud Run..."
 
-# Ler variáveis do .env (excluindo comentários e linhas vazias, e tratando espaços/caracteres especiais)
 ENV_VARS=""
 while IFS= read -r line || [[ -n "$line" ]]; do
-  # Ignorar linhas vazias e comentários
   [[ "$line" =~ ^[[:space:]]*# ]] && continue
   [[ -z "${line// }" ]] && continue
-  
-  # Adicionar à string de variáveis (key=value) e remover \r (quebras de linha Windows)
   if [[ "$line" == *"="* ]]; then
-    # Limpar caracteres de retorno de carro (\r) para evitar erros no Linux
     clean_line=$(echo "$line" | tr -d '\r')
-    ENV_VARS="$ENV_VARS$clean_line,"
+    ENV_VARS="${ENV_VARS}${clean_line},"
   fi
-done < .env
-
-# Remover última vírgula
+done < "${ENV_FILE}"
 ENV_VARS="${ENV_VARS%,}"
 
-if [ -z "$ENV_VARS" ]; then
-  echo "⚠️  Nenhuma variável de ambiente encontrada em .env"
-  # Deploy sem variáveis (pode falhar se a app exigir)
-  gcloud run deploy "$SERVICE_NAME" \
-    --image="$IMAGE_NAME:latest" \
-    --region="$REGION" \
-    --platform=managed \
-    --allow-unauthenticated
+CLOUD_SQL_CONN=$(get_env_value "CLOUD_SQL_CONNECTION_NAME")
+RUN_VPC_CONN=$(get_env_value "RUN_VPC_CONNECTOR")
+RUN_VPC_EGRESS=$(get_env_value "RUN_VPC_EGRESS")
+
+DEPLOY_ARGS=(
+  --image="${IMAGE_NAME}:latest"
+  --region="${REGION}"
+  --platform=managed
+  --memory=512Mi
+  --cpu=1
+  --timeout=3600
+  --max-instances=10
+  --allow-unauthenticated
+)
+
+if [ -n "${ENV_VARS}" ]; then
+  DEPLOY_ARGS+=(--set-env-vars="${ENV_VARS}")
 else
-  # Deploy com as variáveis coletadas
-  gcloud run deploy "$SERVICE_NAME" \
-    --image="$IMAGE_NAME:latest" \
-    --region="$REGION" \
-    --platform=managed \
-    --set-env-vars="$ENV_VARS" \
-    --memory=512Mi \
-    --cpu=1 \
-    --timeout=3600 \
-    --max-instances=10 \
-    --allow-unauthenticated
+  echo "WARN: no env vars found in ${ENV_FILE}"
+fi
+
+if [ -n "${CLOUD_SQL_CONN}" ]; then
+  DEPLOY_ARGS+=(--add-cloudsql-instances="${CLOUD_SQL_CONN}")
+  echo "Cloud SQL socket enabled: ${CLOUD_SQL_CONN}"
 fi
-echo "✅ Deploy concluído com variáveis de ambiente"
-
-# Passo 5: Sucesso
-echo ""
-echo "================================"
-echo "✅ PROCESSO FINALIZADO!"
-echo "================================"
-echo ""
-echo "📋 Próximos passos:"
-echo ""
-echo "1. Verifique o status:"
-echo "   gcloud run services describe $SERVICE_NAME --region=$REGION"
-echo ""
-echo "2. Obtenha a URL da aplicação:"
-echo "   gcloud run services describe $SERVICE_NAME --region=$REGION --format='value(status.url)'"
-echo ""
-echo "3. Teste a API:"
-echo "   curl https://<url-do-seu-servico>/docs"
-echo ""
-echo "4. Visualize logs:"
-echo "   gcloud run services logs read $SERVICE_NAME --region=$REGION --limit=50"
+
+if [ -n "${RUN_VPC_CONN}" ]; then
+  DEPLOY_ARGS+=(--vpc-connector="${RUN_VPC_CONN}")
+  DEPLOY_ARGS+=(--vpc-egress="${RUN_VPC_EGRESS:-private-ranges-only}")
+  echo "VPC connector enabled: ${RUN_VPC_CONN}"
+fi
+
+gcloud run deploy "${SERVICE_NAME}" "${DEPLOY_ARGS[@]}"
+
+echo "Deploy finished."
+echo "Service URL:"
+gcloud run services describe "${SERVICE_NAME}" --region="${REGION}" --format='value(status.url)'