judaur2005/fiscad
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request 'nouvelle verson ci-cd avec gitea runner natif intallé sur hote' (#33) from features/crud_entites into develop

Browse Source 
Reviewed-on: #33
This commit was merged in pull request #33.
This commit is contained in:
AKAKPO Aurince
2025-12-19 10:50:02 +00:00
parent 8dc8c974d3 b3a68e87d0
commit b6062ba4d1
2 changed files with 65 additions and 61 deletions
Download Patch File Download Diff File Expand all files Collapse all files

75
.gitea/workflows/cd-main.yml
View File

@@ -9,34 +9,37 @@ jobs:
deploy:
runs-on: [self-hosted, prod]
# 🔒 PROTECTION : empêche toute exécution via `act`
#if: ${{ !env.ACT }}
steps:
# 1) S'assurer que Node.js est installé
- name: Ensure Node.js is installed
# 1) Vérifier Node.js (pas d'installation dynamique)
- name: Verify Node.js
shell: sh
run: |
if command -v node >/dev/null 2>&1; then
echo "Node.js already installed: $(node -v)"
echo "Node.js version:"
node -v
else
apk update && apk add --no-cache nodejs
echo "Node.js installed: $(node -v)"
echo "❌ Node.js is not installed on the runner"
exit 1
fi
# 2) S'assurer que Java 17 & Maven sont installés
- name: Ensure Java & Maven are installed
# 2) Vérifier Java 17 & Maven (préinstallés sur le VPS)
- name: Verify Java & Maven
shell: sh
run: |
if ! command -v java >/dev/null 2>&1; then
apk update && apk add --no-cache openjdk17-jdk
echo "❌ Java is not installed on the runner"
exit 1
fi
java -version
if ! command -v mvn >/dev/null 2>&1; then
apk update && apk add --no-cache maven
echo "❌ Maven is not installed on the runner"
exit 1
fi
echo "Java version:"
java -version
echo "Maven version:"
mvn -version
# 3) Détecter JAVA_HOME dynamiquement
@@ -45,6 +48,7 @@ jobs:
run: |
JAVA_BIN=$(readlink -f "$(command -v java)")
JAVA_HOME=$(dirname "$(dirname "$JAVA_BIN")")
echo "Detected JAVA_HOME=$JAVA_HOME"
echo "JAVA_HOME=$JAVA_HOME" >> "$GITHUB_ENV"
# 4) Checkout du dépôt
@@ -60,26 +64,17 @@ jobs:
echo "JAVA_HOME=$JAVA_HOME"
java -version
mvn -version
docker --version
docker-compose --version || docker compose version
# 6) S'assurer que Docker CLI & docker-compose sont installés
- name: Ensure Docker & docker-compose are installed
shell: sh
run: |
if command -v docker >/dev/null 2>&1; then
docker version || true
else
apk update && apk add --no-cache docker docker-compose
docker version || true
fi
# 7) Fournir la configuration NON sensible
# 6) Export de la configuration NON sensible
- name: Export database configuration
shell: sh
run: |
echo "POSTGRES_DB_FISCAD=fiscad_db" >> "$GITHUB_ENV"
echo "POSTGRES_USER_FISCAD=fiscad_user" >> "$GITHUB_ENV"
# 8) Création des secrets runtime (PRODUCTION)
# 7) Création des secrets runtime (PRODUCTION)
- name: Create runtime secrets
shell: sh
run: |
@@ -89,31 +84,37 @@ jobs:
echo "${{ secrets.POSTGRES_PASSWORD_FISCAD }}" > secrets/postgresPassword.txt
chmod 600 secrets/*
# 9) Build Maven (jar final)
# 8) Build Maven (jar final)
- name: Build backend with Maven
shell: sh
run: mvn -B clean package -DskipTests
run: |
mvn -B clean package -DskipTests
# 10) Déploiement avec docker-compose (prod)
# 9) Déploiement avec docker-compose (prod)
- name: Deploy using docker-compose (prod)
shell: sh
run: |
export COMPOSE_PROJECT_NAME=fiscad
cd "$GITHUB_WORKSPACE"
pwd
echo "Workspace: $(pwd)"
ls -l secrets/
docker-compose -f docker-compose-prod.yml pull || true
docker-compose -f docker-compose-prod.yml down --remove-orphans
docker-compose -f docker-compose-prod.yml up -d --build
# 11) ✅ TEST BLOQUANT : connexion PostgreSQL
# 10) Test bloquant : connexion PostgreSQL
- name: Test database connection
shell: sh
run: |
echo "⏳ Waiting for PostgreSQL to be ready..."
sleep 10
for i in $(seq 1 12); do
if docker exec fiscad-db pg_isready -U ${POSTGRES_USER_FISCAD} >/dev/null 2>&1; then
break
fi
sleep 5
done
echo "🔍 Testing database connection..."
docker exec fiscad-db sh -c "
@@ -124,13 +125,15 @@ jobs:
-c 'SELECT 1;'
"
# 12) Nettoyage des secrets (OBLIGATOIRE)
# 11) Nettoyage des secrets (sécurité OBLIGATOIRE)
- name: Cleanup secrets
if: always()
shell: sh
run: rm -rf secrets
run: |
rm -rf secrets
# 13) Nettoyage des images Docker inutilisées
# 12) Nettoyage des images Docker inutilisées
- name: Cleanup unused Docker images
shell: sh
run: docker image prune -f || true
run: |
docker image prune -f || true

51
.gitea/workflows/ci-develop.yml
View File

@@ -11,44 +11,51 @@ jobs:
steps:
# 1) Node.js
- name: Ensure Node.js is installed
# 1) Vérifier Node.js (aucune installation automatique en CI natif)
- name: Verify Node.js
shell: sh
run: |
if command -v node >/dev/null 2>&1; then
echo "Node.js already installed: $(node -v)"
echo "Node.js version:"
node -v
else
apk update && apk add --no-cache nodejs
echo "Node.js installed: $(node -v)"
echo "❌ Node.js is not installed on the runner"
exit 1
fi
# 2) Java & Maven
- name: Ensure Java & Maven are installed
# 2) Vérifier Java & Maven (préinstallés sur le VPS)
- name: Verify Java & Maven
shell: sh
run: |
if ! command -v java >/dev/null 2>&1; then
apk update && apk add --no-cache openjdk17-jdk
echo "❌ Java is not installed on the runner"
exit 1
fi
java -version
if ! command -v mvn >/dev/null 2>&1; then
apk update && apk add --no-cache maven
echo "❌ Maven is not installed on the runner"
exit 1
fi
echo "Java version:"
java -version
echo "Maven version:"
mvn -version
# 3) JAVA_HOME
# 3) Détecter JAVA_HOME dynamiquement
- name: Detect JAVA_HOME dynamically
shell: sh
run: |
JAVA_BIN=$(readlink -f "$(command -v java)")
JAVA_HOME=$(dirname "$(dirname "$JAVA_BIN")")
echo "Detected JAVA_HOME=$JAVA_HOME"
echo "JAVA_HOME=$JAVA_HOME" >> "$GITHUB_ENV"
# 4) Checkout
# 4) Checkout du dépôt
- name: Checkout repository
uses: actions/checkout@v4
# 5) Secrets runtime (CI)
# 5) Création des secrets runtime (CI uniquement)
- name: Create runtime secrets
shell: sh
run: |
@@ -58,21 +65,15 @@ jobs:
echo "${{ secrets.POSTGRES_PASSWORD_FISCAD }}" > secrets/postgresPassword.txt
chmod 600 secrets/*
# 6) Vérification outils
- name: Show Java & Maven versions
# 6) Build & tests Maven
- name: Build & Test with Maven
shell: sh
run: |
echo "JAVA_HOME=$JAVA_HOME"
java -version
mvn -version
mvn -B clean verify
# 7) Build & tests
- name: Build with Maven
shell: sh
run: mvn -B clean verify
# 8) Nettoyage
# 7) Nettoyage des secrets (sécurité)
- name: Cleanup secrets
if: always()
shell: sh
run: rm -rf secrets
run: |
rm -rf secrets