chore: bump OAuth Codex submodules + harden grupomirandas swarm

.env.example

@@ -252,3 +252,13 @@ VITE_TINYMCE_API_KEY=no-api-key
 
 # # OpenAI (for AI-powered features)
 # OPENAI_API_KEY=
+
+# =============================================================================
+# OPTIONAL — OAuth Codex (ChatGPT Subscription Authentication)
+# =============================================================================
+# Enable OAuth Codex to allow users to authenticate with their ChatGPT
+# Plus/Pro subscription instead of using a traditional API key.
+# This provides access to GPT-5.x models via chatgpt.com/backend-api/codex.
+#
+# CODEX_ENABLED=true
+# CODEX_CLIENT_ID=app_EMoamEEZ73f0CkXaXp7hrann

.env.grupomirandas.example

@@ -0,0 +1,44 @@
+# =============================================================================
+# Evo CRM — Grupo Mirandas stack (docker-compose.grupomirandas.yml)
+# =============================================================================
+# Copy this file to .env and fill in every value before running
+#     docker stack deploy -c docker-compose.grupomirandas.yml evocrm
+# or deploying from Portainer with an env-file.
+#
+# Every variable listed here is substituted at deploy time by Docker Swarm
+# (Portainer injects them as stack environment variables). Never commit the
+# real .env — it is already gitignored.
+# =============================================================================
+
+# -----------------------------------------------------------------------------
+# Shared application secrets (rotate on any suspected leak)
+# -----------------------------------------------------------------------------
+# Rails cookie / session secret — 128 hex chars recommended
+SECRET_KEY_BASE=
+
+# JWT signing key shared between auth / crm / core — 64 hex chars
+JWT_SECRET_KEY=
+
+# Doorkeeper (Rails OAuth2 provider) signing key — 64 hex chars
+DOORKEEPER_JWT_SECRET_KEY=
+
+# Fernet key used by core + processor to encrypt API keys and OAuth data.
+# Must be a 32-byte url-safe base64 value. Generate with:
+#   python -c "from cryptography.fernet import Fernet; print(Fernet.generate_key().decode())"
+ENCRYPTION_KEY=
+
+# Service-to-service bearer used by processor <-> crm and bot-runtime <-> crm
+EVOAI_CRM_API_TOKEN=
+
+# Bot runtime HMAC/bearer secret
+BOT_RUNTIME_SECRET=
+
+# -----------------------------------------------------------------------------
+# PostgreSQL (pgvector container)
+# -----------------------------------------------------------------------------
+POSTGRES_PASSWORD=
+
+# -----------------------------------------------------------------------------
+# SMTP (outgoing mail from auth / crm)
+# -----------------------------------------------------------------------------
+SMTP_PASSWORD=

.github/workflows/build-test.yml

@@ -0,0 +1,79 @@
+name: Build Test Images
+
+on:
+  push:
+    branches: [test/all-fixes]
+  workflow_dispatch:
+
+env:
+  REGISTRY: ghcr.io
+
+jobs:
+  build-images:
+    name: Build ${{ matrix.service }}
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - service: evo-auth-service-community
+            context: ./evo-auth-service-community
+            dockerfile: ./evo-auth-service-community/Dockerfile
+            image: evo-auth
+          - service: evo-ai-crm-community
+            context: ./evo-ai-crm-community
+            dockerfile: ./evo-ai-crm-community/docker/Dockerfile
+            image: evo-crm
+          - service: evo-ai-frontend-community
+            context: ./evo-ai-frontend-community
+            dockerfile: ./evo-ai-frontend-community/Dockerfile
+            image: evo-frontend
+          - service: evo-ai-processor-community
+            context: ./evo-ai-processor-community
+            dockerfile: ./evo-ai-processor-community/Dockerfile
+            image: evo-processor
+          - service: evo-crm-gateway
+            context: ./nginx
+            dockerfile: ./nginx/Dockerfile
+            image: evo-gateway
+          - service: evo-ai-core-service-community
+            context: ./evo-ai-core-service-community
+            dockerfile: ./evo-ai-core-service-community/Dockerfile
+            image: evo-core
+
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          submodules: recursive
+
+      - name: Set lowercase owner
+        id: owner
+        run: echo "owner=$(echo '${{ github.repository_owner }}' | tr '[:upper:]' '[:lower:]')" >> "$GITHUB_OUTPUT"
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to GHCR
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build and push
+        uses: docker/build-push-action@v6
+        with:
+          context: ${{ matrix.context }}
+          file: ${{ matrix.dockerfile }}
+          push: true
+          tags: |
+            ${{ env.REGISTRY }}/${{ steps.owner.outputs.owner }}/${{ matrix.image }}:test
+            ${{ env.REGISTRY }}/${{ steps.owner.outputs.owner }}/${{ matrix.image }}:${{ github.sha }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+          build-args: |
+            RAILS_ENV=production
+            RAILS_SERVE_STATIC_FILES=true

.gitmodules

@@ -1,24 +1,24 @@
 [submodule "evo-auth-service-community"]
 	path = evo-auth-service-community
-	url = git@github.com:EvolutionAPI/evo-auth-service-community.git
+	url = https://github.com/EvolutionAPI/evo-auth-service-community.git
 [submodule "evo-ai-crm-community"]
 	path = evo-ai-crm-community
-	url = git@github.com:EvolutionAPI/evo-ai-crm-community.git
+	url = https://github.com/NeritonDias/evo-ai-crm-community.git
 [submodule "evo-ai-frontend-community"]
 	path = evo-ai-frontend-community
-	url = git@github.com:EvolutionAPI/evo-ai-frontend-community.git
+	url = https://github.com/NeritonDias/evo-ai-frontend-community.git
 [submodule "evo-ai-processor-community"]
 	path = evo-ai-processor-community
-	url = git@github.com:EvolutionAPI/evo-ai-processor-community.git
+	url = https://github.com/NeritonDias/evo-ai-processor-community.git
 [submodule "evo-ai-core-service-community"]
 	path = evo-ai-core-service-community
-	url = git@github.com:EvolutionAPI/evo-ai-core-service-community.git
+	url = https://github.com/EvolutionAPI/evo-ai-core-service-community.git
 [submodule "evolution-api"]
 	path = evolution-api
-	url = git@github.com:EvolutionAPI/evolution-api.git
+	url = https://github.com/EvolutionAPI/evolution-api.git
 [submodule "evolution-go"]
 	path = evolution-go
-	url = git@github.com:EvolutionAPI/evolution-go.git
+	url = https://github.com/EvolutionAPI/evolution-go.git
 [submodule "evo-bot-runtime"]
 	path = evo-bot-runtime
-	url = git@github.com:EvolutionAPI/evo-bot-runtime.git
+	url = https://github.com/EvolutionAPI/evo-bot-runtime.git

Makefile

@@ -100,12 +100,12 @@ seed: seed-auth seed-crm ## Run all seeds (auth first, then CRM)
 
 seed-auth: ## Seed the Auth service (creates default user)
 	@echo "$(CYAN)Seeding Auth service...$(RESET)"
-	docker compose run --rm evo-auth bash -c "bundle exec rails db:prepare && bundle exec rails db:seed"
+	docker compose run --rm evo-auth sh -c "bundle exec rails db:prepare && bundle exec rails db:seed"
 	@echo "$(GREEN)Auth service seeded.$(RESET)"
 
 seed-crm: ## Seed the CRM service (creates default inbox)
 	@echo "$(CYAN)Seeding CRM service...$(RESET)"
-	docker compose run --rm evo-crm bash -c "bundle exec rails db:prepare && bundle exec rails db:seed"
+	docker compose run --rm evo-crm sh -c "bundle exec rails db:prepare && bundle exec rails db:seed"
 	@echo "$(GREEN)CRM service seeded.$(RESET)"
 
 ## —— Shell Access —————————————————————————————————————————————————————————————