diff --git a/.gitea/workflows/cd-main.yml b/.gitea/workflows/cd-main.yml index 57296a7..328f647 100644 --- a/.gitea/workflows/cd-main.yml +++ b/.gitea/workflows/cd-main.yml @@ -9,34 +9,37 @@ jobs: deploy: runs-on: [self-hosted, prod] - # 🔒 PROTECTION : empĂȘche toute exĂ©cution via `act` - #if: ${{ !env.ACT }} - steps: - # 1) S'assurer que Node.js est installĂ© - - name: Ensure Node.js is installed + # 1) VĂ©rifier Node.js (pas d'installation dynamique) + - name: Verify Node.js shell: sh run: | if command -v node >/dev/null 2>&1; then - echo "Node.js already installed: $(node -v)" + echo "Node.js version:" + node -v else - apk update && apk add --no-cache nodejs - echo "Node.js installed: $(node -v)" + echo "❌ Node.js is not installed on the runner" + exit 1 fi - # 2) S'assurer que Java 17 & Maven sont installĂ©s - - name: Ensure Java & Maven are installed + # 2) VĂ©rifier Java 17 & Maven (prĂ©installĂ©s sur le VPS) + - name: Verify Java & Maven shell: sh run: | if ! command -v java >/dev/null 2>&1; then - apk update && apk add --no-cache openjdk17-jdk + echo "❌ Java is not installed on the runner" + exit 1 fi - java -version if ! command -v mvn >/dev/null 2>&1; then - apk update && apk add --no-cache maven + echo "❌ Maven is not installed on the runner" + exit 1 fi + + echo "Java version:" + java -version + echo "Maven version:" mvn -version # 3) DĂ©tecter JAVA_HOME dynamiquement @@ -45,6 +48,7 @@ jobs: run: | JAVA_BIN=$(readlink -f "$(command -v java)") JAVA_HOME=$(dirname "$(dirname "$JAVA_BIN")") + echo "Detected JAVA_HOME=$JAVA_HOME" echo "JAVA_HOME=$JAVA_HOME" >> "$GITHUB_ENV" # 4) Checkout du dĂ©pĂŽt @@ -60,26 +64,17 @@ jobs: echo "JAVA_HOME=$JAVA_HOME" java -version mvn -version + docker --version + docker-compose --version || docker compose version - # 6) S'assurer que Docker CLI & docker-compose sont installĂ©s - - name: Ensure Docker & docker-compose are installed - shell: sh - run: | - if command -v docker >/dev/null 2>&1; then - docker version || true - else - apk update && apk add --no-cache docker docker-compose - docker version || true - fi - - # 7) Fournir la configuration NON sensible + # 6) Export de la configuration NON sensible - name: Export database configuration shell: sh run: | echo "POSTGRES_DB_FISCAD=fiscad_db" >> "$GITHUB_ENV" echo "POSTGRES_USER_FISCAD=fiscad_user" >> "$GITHUB_ENV" - # 8) CrĂ©ation des secrets runtime (PRODUCTION) + # 7) CrĂ©ation des secrets runtime (PRODUCTION) - name: Create runtime secrets shell: sh run: | @@ -89,31 +84,37 @@ jobs: echo "${{ secrets.POSTGRES_PASSWORD_FISCAD }}" > secrets/postgresPassword.txt chmod 600 secrets/* - # 9) Build Maven (jar final) + # 8) Build Maven (jar final) - name: Build backend with Maven shell: sh - run: mvn -B clean package -DskipTests + run: | + mvn -B clean package -DskipTests - # 10) DĂ©ploiement avec docker-compose (prod) + # 9) DĂ©ploiement avec docker-compose (prod) - name: Deploy using docker-compose (prod) shell: sh run: | export COMPOSE_PROJECT_NAME=fiscad cd "$GITHUB_WORKSPACE" - pwd + echo "Workspace: $(pwd)" ls -l secrets/ docker-compose -f docker-compose-prod.yml pull || true docker-compose -f docker-compose-prod.yml down --remove-orphans docker-compose -f docker-compose-prod.yml up -d --build - # 11) ✅ TEST BLOQUANT : connexion PostgreSQL + # 10) Test bloquant : connexion PostgreSQL - name: Test database connection shell: sh run: | echo "⏳ Waiting for PostgreSQL to be ready..." - sleep 10 + for i in $(seq 1 12); do + if docker exec fiscad-db pg_isready -U ${POSTGRES_USER_FISCAD} >/dev/null 2>&1; then + break + fi + sleep 5 + done echo "🔍 Testing database connection..." docker exec fiscad-db sh -c " @@ -124,13 +125,15 @@ jobs: -c 'SELECT 1;' " - # 12) Nettoyage des secrets (OBLIGATOIRE) + # 11) Nettoyage des secrets (sĂ©curitĂ© OBLIGATOIRE) - name: Cleanup secrets if: always() shell: sh - run: rm -rf secrets + run: | + rm -rf secrets - # 13) Nettoyage des images Docker inutilisĂ©es + # 12) Nettoyage des images Docker inutilisĂ©es - name: Cleanup unused Docker images shell: sh - run: docker image prune -f || true \ No newline at end of file + run: | + docker image prune -f || true \ No newline at end of file diff --git a/.gitea/workflows/ci-develop.yml b/.gitea/workflows/ci-develop.yml index b2ee6f5..f78586f 100644 --- a/.gitea/workflows/ci-develop.yml +++ b/.gitea/workflows/ci-develop.yml @@ -11,44 +11,51 @@ jobs: steps: - # 1) Node.js - - name: Ensure Node.js is installed + # 1) VĂ©rifier Node.js (aucune installation automatique en CI natif) + - name: Verify Node.js shell: sh run: | if command -v node >/dev/null 2>&1; then - echo "Node.js already installed: $(node -v)" + echo "Node.js version:" + node -v else - apk update && apk add --no-cache nodejs - echo "Node.js installed: $(node -v)" + echo "❌ Node.js is not installed on the runner" + exit 1 fi - # 2) Java & Maven - - name: Ensure Java & Maven are installed + # 2) VĂ©rifier Java & Maven (prĂ©installĂ©s sur le VPS) + - name: Verify Java & Maven shell: sh run: | if ! command -v java >/dev/null 2>&1; then - apk update && apk add --no-cache openjdk17-jdk + echo "❌ Java is not installed on the runner" + exit 1 fi - java -version if ! command -v mvn >/dev/null 2>&1; then - apk update && apk add --no-cache maven + echo "❌ Maven is not installed on the runner" + exit 1 fi + + echo "Java version:" + java -version + echo "Maven version:" mvn -version - # 3) JAVA_HOME + # 3) DĂ©tecter JAVA_HOME dynamiquement - name: Detect JAVA_HOME dynamically shell: sh run: | JAVA_BIN=$(readlink -f "$(command -v java)") JAVA_HOME=$(dirname "$(dirname "$JAVA_BIN")") + echo "Detected JAVA_HOME=$JAVA_HOME" echo "JAVA_HOME=$JAVA_HOME" >> "$GITHUB_ENV" - # 4) Checkout + # 4) Checkout du dĂ©pĂŽt - name: Checkout repository uses: actions/checkout@v4 - # 5) Secrets runtime (CI) + # 5) CrĂ©ation des secrets runtime (CI uniquement) - name: Create runtime secrets shell: sh run: | @@ -58,21 +65,15 @@ jobs: echo "${{ secrets.POSTGRES_PASSWORD_FISCAD }}" > secrets/postgresPassword.txt chmod 600 secrets/* - # 6) VĂ©rification outils - - name: Show Java & Maven versions + # 6) Build & tests Maven + - name: Build & Test with Maven shell: sh run: | - echo "JAVA_HOME=$JAVA_HOME" - java -version - mvn -version + mvn -B clean verify - # 7) Build & tests - - name: Build with Maven - shell: sh - run: mvn -B clean verify - - # 8) Nettoyage + # 7) Nettoyage des secrets (sĂ©curitĂ©) - name: Cleanup secrets if: always() shell: sh - run: rm -rf secrets \ No newline at end of file + run: | + rm -rf secrets \ No newline at end of file