revu des secrets et .env pour différencier

2025-12-17 15:10:27 +01:00
parent 98d0187df4
commit c34334376a
11 changed files with 134 additions and 87 deletions
--- a/.gitea/workflows/ci-develop.yml
+++ b/.gitea/workflows/ci-develop.yml
@@ -10,64 +10,69 @@ jobs:
    runs-on: self-hosted

    steps:
-      # 1) S'assurer que Node.js est installé (utile pour les actions JS comme actions/checkout)
+
+      # 1) Node.js
      - name: Ensure Node.js is installed
        shell: sh
        run: |
          if command -v node >/dev/null 2>&1; then
            echo "Node.js already installed: $(node -v)"
          else
-            echo "Node.js not found, installing..."
            apk update && apk add --no-cache nodejs
            echo "Node.js installed: $(node -v)"
          fi

-      # 2) S'assurer que Java + Maven sont installés
+      # 2) Java & Maven
      - name: Ensure Java & Maven are installed
        shell: sh
        run: |
-          if command -v java >/dev/null 2>&1; then
-            echo "Java already installed:"
-            java -version
-          else
-            echo "Java not found, installing OpenJDK 17..."
+          if ! command -v java >/dev/null 2>&1; then
            apk update && apk add --no-cache openjdk17-jdk
-            echo "Java installed:"
-            java -version
          fi
+          java -version

-          if command -v mvn >/dev/null 2>&1; then
-            echo "Maven already installed:"
-            mvn -version
-          else
-            echo "Maven not found, installing Maven..."
+          if ! command -v mvn >/dev/null 2>&1; then
            apk update && apk add --no-cache maven
-            echo "Maven installed:"
-            mvn -version
          fi
+          mvn -version

-      # 3) Détecter automatiquement JAVA_HOME et le propager au reste du job
+      # 3) JAVA_HOME
      - name: Detect JAVA_HOME dynamically
        shell: sh
        run: |
          JAVA_BIN=$(readlink -f "$(command -v java)")
          JAVA_HOME=$(dirname "$(dirname "$JAVA_BIN")")
-          echo "Detected JAVA_HOME=$JAVA_HOME"
          echo "JAVA_HOME=$JAVA_HOME" >> "$GITHUB_ENV"

-      # 4) Checkout du dépôt (Node est déjà garanti à ce stade)
+      # 4) Checkout
      - name: Checkout repository
        uses: actions/checkout@v4

-      # 5) Vérification des versions (pour les logs)
+      # 5) Secrets runtime (CI)
+      - name: Create runtime secrets
+        shell: sh
+        run: |
+          mkdir -p secrets
+          echo "${{ secrets.DEFAULT_USER_NAME }}" > secrets/defaultUserName.txt
+          echo "${{ secrets.DEFAULT_USER_PASSWORD }}" > secrets/defaultUserPassword.txt
+          echo "${{ secrets.POSTGRES_PASSWORD_FISCAD }}" > secrets/postgresPassword.txt
+          chmod 600 secrets/*
+
+      # 6) Vérification outils
      - name: Show Java & Maven versions
        shell: sh
        run: |
-          echo "JAVA_HOME is: $JAVA_HOME"
+          echo "JAVA_HOME=$JAVA_HOME"
          java -version
          mvn -version

-      # 6) Build Maven
+      # 7) Build & tests
      - name: Build with Maven
        shell: sh
-        run: mvn -B clean verify
+        run: mvn -B clean verify
+
+      # 8) Nettoyage
+      - name: Cleanup secrets
+        if: always()
+        shell: sh
+        run: rm -rf secrets