Aurince AKAKPO
b3a68e87d0
Some checks failed
CI - Build & Test (develop) / build-and-test (pull_request) Failing after 1s
139 lines
4.1 KiB
YAML
139 lines
4.1 KiB
YAML
name: CD - Deploy on main
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- main
|
|
|
|
jobs:
|
|
deploy:
|
|
runs-on: [self-hosted, prod]
|
|
|
|
steps:
|
|
|
|
# 1) Vérifier Node.js (pas d'installation dynamique)
|
|
- name: Verify Node.js
|
|
shell: sh
|
|
run: |
|
|
if command -v node >/dev/null 2>&1; then
|
|
echo "Node.js version:"
|
|
node -v
|
|
else
|
|
echo "❌ Node.js is not installed on the runner"
|
|
exit 1
|
|
fi
|
|
|
|
# 2) Vérifier Java 17 & Maven (préinstallés sur le VPS)
|
|
- name: Verify Java & Maven
|
|
shell: sh
|
|
run: |
|
|
if ! command -v java >/dev/null 2>&1; then
|
|
echo "❌ Java is not installed on the runner"
|
|
exit 1
|
|
fi
|
|
|
|
if ! command -v mvn >/dev/null 2>&1; then
|
|
echo "❌ Maven is not installed on the runner"
|
|
exit 1
|
|
fi
|
|
|
|
echo "Java version:"
|
|
java -version
|
|
echo "Maven version:"
|
|
mvn -version
|
|
|
|
# 3) Détecter JAVA_HOME dynamiquement
|
|
- name: Detect JAVA_HOME dynamically
|
|
shell: sh
|
|
run: |
|
|
JAVA_BIN=$(readlink -f "$(command -v java)")
|
|
JAVA_HOME=$(dirname "$(dirname "$JAVA_BIN")")
|
|
echo "Detected JAVA_HOME=$JAVA_HOME"
|
|
echo "JAVA_HOME=$JAVA_HOME" >> "$GITHUB_ENV"
|
|
|
|
# 4) Checkout du dépôt
|
|
- name: Checkout repository
|
|
uses: actions/checkout@v4
|
|
|
|
# 5) Informations de contexte (sans secrets)
|
|
- name: Show context information
|
|
shell: sh
|
|
run: |
|
|
echo "Commit:"
|
|
git rev-parse HEAD
|
|
echo "JAVA_HOME=$JAVA_HOME"
|
|
java -version
|
|
mvn -version
|
|
docker --version
|
|
docker-compose --version || docker compose version
|
|
|
|
# 6) Export de la configuration NON sensible
|
|
- name: Export database configuration
|
|
shell: sh
|
|
run: |
|
|
echo "POSTGRES_DB_FISCAD=fiscad_db" >> "$GITHUB_ENV"
|
|
echo "POSTGRES_USER_FISCAD=fiscad_user" >> "$GITHUB_ENV"
|
|
|
|
# 7) Création des secrets runtime (PRODUCTION)
|
|
- name: Create runtime secrets
|
|
shell: sh
|
|
run: |
|
|
mkdir -p secrets
|
|
echo "${{ secrets.DEFAULT_USER_NAME }}" > secrets/defaultUserName.txt
|
|
echo "${{ secrets.DEFAULT_USER_PASSWORD }}" > secrets/defaultUserPassword.txt
|
|
echo "${{ secrets.POSTGRES_PASSWORD_FISCAD }}" > secrets/postgresPassword.txt
|
|
chmod 600 secrets/*
|
|
|
|
# 8) Build Maven (jar final)
|
|
- name: Build backend with Maven
|
|
shell: sh
|
|
run: |
|
|
mvn -B clean package -DskipTests
|
|
|
|
# 9) Déploiement avec docker-compose (prod)
|
|
- name: Deploy using docker-compose (prod)
|
|
shell: sh
|
|
run: |
|
|
export COMPOSE_PROJECT_NAME=fiscad
|
|
|
|
cd "$GITHUB_WORKSPACE"
|
|
echo "Workspace: $(pwd)"
|
|
ls -l secrets/
|
|
|
|
docker-compose -f docker-compose-prod.yml pull || true
|
|
docker-compose -f docker-compose-prod.yml down --remove-orphans
|
|
docker-compose -f docker-compose-prod.yml up -d --build
|
|
|
|
# 10) Test bloquant : connexion PostgreSQL
|
|
- name: Test database connection
|
|
shell: sh
|
|
run: |
|
|
echo "⏳ Waiting for PostgreSQL to be ready..."
|
|
for i in $(seq 1 12); do
|
|
if docker exec fiscad-db pg_isready -U ${POSTGRES_USER_FISCAD} >/dev/null 2>&1; then
|
|
break
|
|
fi
|
|
sleep 5
|
|
done
|
|
|
|
echo "🔍 Testing database connection..."
|
|
docker exec fiscad-db sh -c "
|
|
export PGPASSWORD=\$(cat /run/secrets/postgresPassword) &&
|
|
psql -h localhost \
|
|
-U ${POSTGRES_USER_FISCAD} \
|
|
-d ${POSTGRES_DB_FISCAD} \
|
|
-c 'SELECT 1;'
|
|
"
|
|
|
|
# 11) Nettoyage des secrets (sécurité OBLIGATOIRE)
|
|
- name: Cleanup secrets
|
|
if: always()
|
|
shell: sh
|
|
run: |
|
|
rm -rf secrets
|
|
|
|
# 12) Nettoyage des images Docker inutilisées
|
|
- name: Cleanup unused Docker images
|
|
shell: sh
|
|
run: |
|
|
docker image prune -f || true |